【愚公系列】2021年12月 攻防世界-简单题-MOBILE-006(easyjava)
【摘要】 一、easyjava题目链接:https://adworld.xctf.org.cn/task/task_list?type=mobile&number=6&grade=0&page=1 二、答题步骤 1.运行app发现字符串:You are wrong!Bye~ 2.jadx反编译apk文件搜索字符串发现代码package com.a.easyjava;import android.os...
一、easyjava
题目链接:https://adworld.xctf.org.cn/task/task_list?type=mobile&number=6&grade=0&page=1
二、答题步骤
1.运行app
发现字符串:You are wrong!Bye~
2.jadx反编译apk文件
搜索字符串
发现代码
package com.a.easyjava;
import android.os.Bundle;
import android.support.v7.app.c;
import android.view.View;
import android.widget.EditText;
import android.widget.Toast;
import java.util.Timer;
import java.util.TimerTask;
/* loaded from: classes.dex */
public class MainActivity extends c {
private static char a(String str, b bVar, a aVar) {
return aVar.a(bVar.a(str));
}
/* JADX INFO: Access modifiers changed from: private */
public static Boolean b(String str) {
if (str.startsWith("flag{") && str.endsWith("}")) {
String substring = str.substring(5, str.length() - 1);
b bVar = new b(2);
a aVar = new a(3);
StringBuilder sb = new StringBuilder();
int i = 0;
for (int i2 = 0; i2 < substring.length(); i2++) {
sb.append(a(substring.charAt(i2) + "", bVar, aVar));
Integer valueOf = Integer.valueOf(bVar.b().intValue() / 25);
if (valueOf.intValue() > i && valueOf.intValue() >= 1) {
i++;
}
}
return Boolean.valueOf(sb.toString().equals("wigwrkaugala"));
}
return false;
}
/* JADX INFO: Access modifiers changed from: protected */
@Override // android.support.v7.app.c, android.support.v4.a.i, android.support.v4.a.aa, android.app.Activity
public void onCreate(Bundle bundle) {
super.onCreate(bundle);
setContentView(R.layout.activity_main);
findViewById(R.id.button).setOnClickListener(new View.OnClickListener() { // from class: com.a.easyjava.MainActivity.1
@Override // android.view.View.OnClickListener
public void onClick(View view) {
if (MainActivity.b(((EditText) ((MainActivity) this).findViewById(R.id.edit)).getText().toString()).booleanValue()) {
Toast.makeText(this, "You are right!", 1).show();
return;
}
Toast.makeText(this, "You are wrong! Bye~", 1).show();
new Timer().schedule(new TimerTask() { // from class: com.a.easyjava.MainActivity.1.1
@Override // java.util.TimerTask, java.lang.Runnable
public void run() {
System.exit(1);
}
}, 2000);
}
});
}
}
进入b函数
python逆向解密脚本
cipherText = 'wigwrkaugala'
aArray = [21,4,24,25,20,5,15,9,17,6,13,3,18,12,10,19,0,22,2,11,23,1,8,7,14,16]
aString = 'abcdefghijklmnopqrstuvwxyz'
bArray = [17,23,7,22,1,16,6,9,21,0,15,5,10,18,2,24,4,11,3,14,19,12,20,13,8,25]
bString = 'abcdefghijklmnopqrstuvwxyz'
def changeBArrayandString():
global bString
global bArray
chArray = bArray[0]
chString = bString[0:1]
for i in range(len(bArray) - 1):
bArray[i] = bArray[i + 1]
bArray[len(bArray) - 1] = chArray
bString = bString[1:]
bString += chString
def getBchar(ch):
v2 = bArray[ch]
arg = bString[v2]
changeBArrayandString()
return arg
def getAint(ch):
global aString
global aArray
v1 = aString.index(ch)
arg5 = aArray[v1]
return arg5
print('flag{',end='')
for k in cipherText:
v0 = getAint(k)
print(getBchar(v0),end='')
print('}')
flag为:flag{venividivkcr}
总结
找到关键字,逆向分析流程,写出对应的脚本就可以拿到答案
【版权声明】本文为华为云社区用户原创内容,转载时必须标注文章的来源(华为云社区)、文章链接、文章作者等基本信息, 否则作者和本社区有权追究责任。如果您发现本社区中有涉嫌抄袭的内容,欢迎发送邮件进行举报,并提供相关证据,一经查实,本社区将立刻删除涉嫌侵权内容,举报邮箱:
cloudbbs@huaweicloud.com
- 点赞
- 收藏
- 关注作者
评论(0)