Bigdroidos 201 Patched -

Some patched builds overlay additional analytics libraries that send your IP address, installed apps list, and even GPS coordinates (if available) to third-party servers in countries with lax data protection laws.

After bypassing the login check (via Frida or Smali patching), the app opened a new activity displaying a TextView.

Flag: CTFp4tch3d_but_n0t_s3cur3

The original BigDroidOS 201 reportedly contained several unpatched Android security holes from the AOSP (Android Open Source Project) codebase. These included:

The patched version claims to backport security fixes from Android 10 or 11 into the older Android 9 (Pie) or 10 base. bigdroidos 201 patched

Navigating to the LoginActivity class, I found the login validation logic. The code looked something like this:

public void onLoginClick(View view) 
    String username = ((EditText) findViewById(R.id.username_field)).getText().toString();
    String password = ((EditText) findViewById(R.id.password_field)).getText().toString();
// Patched Logic: No longer checks hardcoded strings
    if (this.authManager.verifyCredentials(username, password)) 
        Intent intent = new Intent(this, FlagActivity.class);
        startActivity(intent);
        finish();
     else 
        Toast.makeText(this, "Access Denied", 0).show();

In the original (unpatched) version, the code likely compared inputs directly to hardcoded strings (e.g., if (username.equals("admin"))). In the patched version, the validation was offloaded to a separate class, AuthManager. The patched version claims to backport security fixes

After booting:

If you still wish to proceed, here is the general installation process used by enthusiasts. Note: steps vary based on your source file, so this is a conceptual guide. In the original (unpatched) version, the code likely

I began by decompiling the APK using jadx-gui to inspect the Java source code and apktool to look into the AndroidManifest.xml and resources.