picoCTF Solutions
picoCTF 2023Reverse EngineeringMedium

timer

Published: April 26, 2023Updated: December 9, 2025

Description

The TIMER Android APK hides its flag within the Java source. Reverse the application to recover the hard-coded string before the countdown completes.

Setup

Download timer.apk

Install jadx (or another APK decompiler) along with Java if it is not already present.

Decompile timer.apk and search the decompiled sources for picoCTF or timer-related strings.

wget https://artifacts.picoctf.net/c/449/timer.apk
sudo apt install default-jre default-jdk
wget https://github.com/skylot/jadx/releases/download/v1.2.0/jadx-1.2.0.zip && unzip -q jadx-1.2.0.zip
./jadx-1.2.0/bin/jadx-gui timer.apk

Solution

  1. Step 1Inspect MainActivity
    Within the decompiled sources, MainActivity (or the timer helper class) builds the flag string character by character. The string literal appears plainly.
  2. Step 2Copy the assembled flag
    Concatenate the displayed pieces (often inside onCreate or verifyFlag) to recreate the picoCTF flag without running the APK.

Flag

picoCTF{t1m3r_r3...496}

No dynamic analysis required-jadx reveals the flag literal when you search for “picoCTF”.