Android APK reverse engineering on InsecureBankv2 and KGB Messenger CTF: Java extraction, smali modification and access control bypass.
d2j-dex2jar.bat classes.dex # Extract Java source
# Fix: android:exported="false" in Manifest
# Recompile & reinstall to verify# Bypass locale check in MainActivity.smali
# Change if-nez jumps: cond_0 → cond_1, cond_2 → cond_3
# Find credentials in strings.xml (Base64 encoded)
# User: Stearling Archer | Pass: Guest (social engineering)