Camarin

S C E N A R I O
A mobile application built using Xamarin is deployed as a “secure offline token checker.” The app is distributed as an Android APK and contains multiple .NET assemblies inside its package. Users are required to input a token, which is validated locally within the application.

The validation logic is heavily obfuscated but ultimately relies on multiple cryptographic checks, string transformations, and MD5 comparisons. The core security logic is implemented inside a Xamarin DLL, making it a strong candidate for reverse engineering.

However, the token validation process contains weaknesses in its design, including predictable transformations, MD5 hash checks, and reversible AES encryption, allowing the full token to be reconstructed through static analysis.

O B J E C T I V E
Reverse engineer the Xamarin Android application, analyze the embedded .NET assemblies, and reconstruct a valid token by bypassing or reversing all validation functions. Extract the final token that satisfies all MD5, AES, and structural constraints to retrieve the flag.

Provided Files camarin.tar.gz

Infrastructure Downloadable archive

Flag Format Flag{...}