A collection of reverse engineering challenges for learning about the Android operating system and mobile security.
Clone or download
reoky Merge pull request #9 from reoky/issue-8
Fixed GPS Coord Issue
Latest commit 18e4ba8 Jan 30, 2018



What is This?

This project is a collection of Android CrackMe challenges that students can use to learn about the art of reverse engineering mobile software. I do not claim to be an expert at this, but I've learned enough to build some exciting challenges for the community. Your goal is simple, build and run each APK/challenge, complete all the challenges for knowledge and profit. If you get stuck, read the hint, if you get really stuck, read the source. Each challenge will have some way to verify that you've completed it.

Getting the Challenges

Below you can find download links for each app! Have fun!

CrackMe One CrackMe Two CrackMe Three CrackMe Four CrackMe Five

sha1sum(apk) =

  • eb0a1916c742af44b3da7a6b82768e6548cf0d88 crackme-five.apk
  • d7ea8959af715083531d7e4729cf264fffce66b4 crackme-four.apk
  • dae637b287d4256a614b941249cfb26111d49005 crackme-one.apk
  • 01236c76c078083d3d27eb3e46825f19c2af5ffa crackme-three.apk
  • e917d98be93278363fd2f57207b4f03adf14a910 crackme-two.apk

Mobile Android Challenges

  • Challenge One : A file will be created within the application's sandbox boundaries. You must extract its contents.
  • Challenge Two : Builds on challenge one, data gets dumped to Logcat, and may need search engine foo.
  • Challenge Three : This app searches a webpage for a string. Go on your own network and insert the string with a man-in-the-middle attack. :]
  • Chellenge Four : The app unlocks only when you're in Minnesota. Either travel to Minnesota or learn about mock locations to complete the challenge.
  • Challenge Five : The password is stored in the app's string resources. Decompile the app and go get it. This should be fairly easy.
  • Challenge Six : PENDING

Setting Up Your Dev Machine

Other tools you can use to break these apps:

Who do I talk to?

If you want to contribute back, that would be awesome, just fork my repo, make a pull request and I'll do a code review. ^_^