Apk4f 2021 -
We can calculate the flag ourselves using Java or Python since we have the logic.
Calculating the Java hashCode:
In Java, the hashCode() of a String is calculated as:
$$s[0] \times 31^n-1 + s[1] \times 31^n-2 + ... + s[n-1]$$
We can quickly calculate this using a Python snippet: apk4f 2021
s = "SuperSecretKey2021" # Java's String hashCode algorithm h = 0 for c in s: h = (31 * h + ord(c)) & 0xFFFFFFFF # Handle 32-bit signed integer overflow if h >= 0x80000000: h -= 0x100000000
print(f"CTFh_android_reversing")
Alternatively, running String.valueOf("SuperSecretKey2021".hashCode()) in any Java REPL yields the hash.
Let's assume the hash calculated is -123456789 (example). We can calculate the flag ourselves using Java
The Flag:
CTF-123456789_android_reversing
(Note: The actual hash value for "SuperSecretKey2021" would be calculated during the CTF execution. In many CTFs, the flag is simply hardcoded in a string resource or a native .so library. If the flag was in a native library, the approach would shift to using Ghidra or IDA Pro to analyze the C/C++ code.) Alternatively, running String
We can simply install the APK on an emulator or physical device, type SuperSecretKey2021 into the password field, and hit Unlock to get the toast message with the flag.
Based on archived snapshots and user reviews from the period, APK4F offered the following during its peak:
