For the Todo challenge, players where provided with an android apk named todo.apk. This app was supposed to store todo lists and contained the flag.

Since apk files are just zip archives, I unzipped todo.apk and quickly found the todos.db in the /assets/databases directory.

Running file todos.db revealed that it was a SQLite 3 database. So I could query it after opening it with sqlite3 todos.db. The query .tables revealed the todo table and the SELECT * FROM todo; presented two base64 encoded entries.

After decoding them, I found the flag.

flag{526eab04ff9aab9ea138903786a9878b}

Use actual encryption not just base64