Skip to content
An Android CTF practice challenge
Branch: master
Clone or download
Type Name Latest commit message Commit time
Failed to load latest commit information.
app reformat code Jul 5, 2019
gradle/wrapper init commit Apr 6, 2018
.gitignore add APK download & video walkthrough links to README Jul 5, 2019
build.gradle init commit Apr 6, 2018
gradlew init commit Apr 6, 2018

KGB Messenger

APK Download | Video Lecture | Video Walkthrough | MasonCC


KGB Messenger is a open source CTF practice challenge that aims to help people learn how to reverse engineer Android applications. If you're completely new to Android application reverse engineering, I'd suggest you start by watching the video lecture from George Mason University's MasonCC club. If you're stuck on any of the challenges, feel free to peek at the video walkthrough for some help. Timestamps have been provided in the walkthrough video's description to prevent unwanted spoilers. To get started, download the APK and read the challenge descriptions below.


You are working for the International Secret Intelligence Service as a reverse engineer. This morning your team lead assigned you to inspect an Android application found on the phone of a misbehaving agent. It’s rumored that the misbehaving agent, Sterling Archer, has been in contact with some KGB spies. Your job is to reverse engineer the application to verify the rumor.

The challenges should be solved sequentially. The flag format is FLAG{insert_flag_here}. Good luck!

Alerts (Medium)

The app keeps giving us these pesky alerts when we start the app. We should investigate.

Login (Easy)

This is a recon challenge. All characters in the password are lowercase.

Social Engineering (Hard)

It looks like someone is bad at keeping secrets. They're probably susceptible to social engineering... what should I say?

You can’t perform that action at this time.