The ASIS 2018 Finals had some awesome challenges. One of them is the Android reversing and web challenge Gunshop. It was a lot of fun to use ARTist, an Android instrumentation framework, to leak the AES key, intercept https traffic and bypass custom certificate pinning.

[Here](https://saarsec.rocks/2018/11/27/Gunshop.html), you can find the complete writeup for Gunshop 1 and 2 .