【愚公系列】2021年12月 攻防世界-简单题-MOBILE-002(app1)
【摘要】 一、app1题目链接:https://adworld.xctf.org.cn/task/task_list?type=mobile&number=6&grade=0 二、答题步骤 1.运行app 2.jadx反编译apk文件搜索再接字符串找到源码package com.example.yaphetshan.tencentgreat;import android.content.pm.Pac...
一、app1
题目链接:https://adworld.xctf.org.cn/task/task_list?type=mobile&number=6&grade=0
二、答题步骤
1.运行app
2.jadx反编译apk文件
搜索再接字符串
找到源码
package com.example.yaphetshan.tencentgreat;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.os.Bundle;
import android.support.v7.app.AppCompatActivity;
import android.view.View;
import android.widget.Button;
import android.widget.EditText;
import android.widget.Toast;
/* loaded from: classes.dex */
public class MainActivity extends AppCompatActivity {
Button btn;
public final String pName = BuildConfig.APPLICATION_ID;
EditText text;
/* JADX INFO: Access modifiers changed from: protected */
@Override // android.support.v7.app.AppCompatActivity, android.support.v4.app.FragmentActivity, android.support.v4.app.BaseFragmentActivityGingerbread, android.app.Activity
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
this.btn = (Button) findViewById(R.id.checBtn);
this.text = (EditText) findViewById(R.id.input);
this.btn.setOnClickListener(new View.OnClickListener() { // from class: com.example.yaphetshan.tencentgreat.MainActivity.1
@Override // android.view.View.OnClickListener
public void onClick(View v) {
try {
String inputString = MainActivity.this.text.getText().toString();
PackageInfo pinfo = MainActivity.this.getPackageManager().getPackageInfo(BuildConfig.APPLICATION_ID, 16384);
String versionCode = pinfo.versionName;
int versionName = pinfo.versionCode;
int i = 0;
while (i < inputString.length() && i < versionCode.length()) {
if (inputString.charAt(i) != (versionCode.charAt(i) ^ versionName)) {
Toast.makeText(MainActivity.this, "再接再厉,加油~", 1).show();
return;
}
i++;
}
if (inputString.length() == versionCode.length()) {
Toast.makeText(MainActivity.this, "恭喜开启闯关之门!", 1).show();
return;
}
} catch (PackageManager.NameNotFoundException e) {
}
Toast.makeText(MainActivity.this, "年轻人不要耍小聪明噢", 1).show();
}
});
}
}
点击BuildConfig文件,得到这两个参数的值,如下图所示:
package com.example.yaphetshan.tencentgreat;
/* loaded from: classes.dex */
public final class BuildConfig {
public static final String APPLICATION_ID = "com.example.yaphetshan.tencentgreat";
public static final String BUILD_TYPE = "debug";
public static final boolean DEBUG = Boolean.parseBoolean("true");
public static final String FLAVOR = "";
public static final int VERSION_CODE = 15;
public static final String VERSION_NAME = "X<cP[?PHNB<P?aj";
}
看源码得知事进行异或运算上脚本
str = "X<cP[?PHNB<P?aj" #传入版本名
for i in str: #对版本名进行循环
sum = ord(i)^15 #sum接收i的每个字符串转ASCII数值并与版本号进行异或的值
print(chr(sum),end='') #把sum的值转字符串并拼接
得到flag:W3l_T0_GAM3_0ne
总结
反编译技巧 + 读代码 + 异或代码运算
【版权声明】本文为华为云社区用户原创内容,转载时必须标注文章的来源(华为云社区)、文章链接、文章作者等基本信息, 否则作者和本社区有权追究责任。如果您发现本社区中有涉嫌抄袭的内容,欢迎发送邮件进行举报,并提供相关证据,一经查实,本社区将立刻删除涉嫌侵权内容,举报邮箱:
cloudbbs@huaweicloud.com
- 点赞
- 收藏
- 关注作者
评论(0)