【愚公系列】2021年12月 攻防世界-简单题-MOBILE-006(easyjava)
【愚公系列】2021年12月 攻防世界-简单题-MOBILE-006(easyjava)
愚公搬代码
发布于 2021-12-14 12:56:27
发布于 2021-12-14 12:56:27
文章被收录于专栏:历史专栏
文章目录
一、easyjava
题目链接:https://adworld.xctf.org.cn/task/task_list?type=mobile&number=6&grade=0&page=1
二、答题步骤
1.运行app
发现字符串:You are wrong!Bye~
2.jadx反编译apk文件
搜索字符串
发现代码
package com.a.easyjava;
import android.os.Bundle;
import android.support.v7.app.c;
import android.view.View;
import android.widget.EditText;
import android.widget.Toast;
import java.util.Timer;
import java.util.TimerTask;
/* loaded from: classes.dex */
public class MainActivity extends c {
private static char a(String str, b bVar, a aVar) {
return aVar.a(bVar.a(str));
}
/* JADX INFO: Access modifiers changed from: private */
public static Boolean b(String str) {
if (str.startsWith("flag{") && str.endsWith("}")) {
String substring = str.substring(5, str.length() - 1);
b bVar = new b(2);
a aVar = new a(3);
StringBuilder sb = new StringBuilder();
int i = 0;
for (int i2 = 0; i2 < substring.length(); i2++) {
sb.append(a(substring.charAt(i2) + "", bVar, aVar));
Integer valueOf = Integer.valueOf(bVar.b().intValue() / 25);
if (valueOf.intValue() > i && valueOf.intValue() >= 1) {
i++;
}
}
return Boolean.valueOf(sb.toString().equals("wigwrkaugala"));
}
return false;
}
/* JADX INFO: Access modifiers changed from: protected */
@Override // android.support.v7.app.c, android.support.v4.a.i, android.support.v4.a.aa, android.app.Activity
public void onCreate(Bundle bundle) {
super.onCreate(bundle);
setContentView(R.layout.activity_main);
findViewById(R.id.button).setOnClickListener(new View.OnClickListener() { // from class: com.a.easyjava.MainActivity.1
@Override // android.view.View.OnClickListener
public void onClick(View view) {
if (MainActivity.b(((EditText) ((MainActivity) this).findViewById(R.id.edit)).getText().toString()).booleanValue()) {
Toast.makeText(this, "You are right!", 1).show();
return;
}
Toast.makeText(this, "You are wrong! Bye~", 1).show();
new Timer().schedule(new TimerTask() { // from class: com.a.easyjava.MainActivity.1.1
@Override // java.util.TimerTask, java.lang.Runnable
public void run() {
System.exit(1);
}
}, 2000);
}
});
}
}进入b函数
python逆向解密脚本
cipherText = 'wigwrkaugala'
aArray = [21,4,24,25,20,5,15,9,17,6,13,3,18,12,10,19,0,22,2,11,23,1,8,7,14,16]
aString = 'abcdefghijklmnopqrstuvwxyz'
bArray = [17,23,7,22,1,16,6,9,21,0,15,5,10,18,2,24,4,11,3,14,19,12,20,13,8,25]
bString = 'abcdefghijklmnopqrstuvwxyz'
def changeBArrayandString():
global bString
global bArray
chArray = bArray[0]
chString = bString[0:1]
for i in range(len(bArray) - 1):
bArray[i] = bArray[i + 1]
bArray[len(bArray) - 1] = chArray
bString = bString[1:]
bString += chString
def getBchar(ch):
v2 = bArray[ch]
arg = bString[v2]
changeBArrayandString()
return arg
def getAint(ch):
global aString
global aArray
v1 = aString.index(ch)
arg5 = aArray[v1]
return arg5
print('flag{',end='')
for k in cipherText:
v0 = getAint(k)
print(getBchar(v0),end='')
print('}')flag为:flag{venividivkcr}
总结
找到关键字,逆向分析流程,写出对应的脚本就可以拿到答案
本文参与 腾讯云自媒体同步曝光计划,分享自作者个人站点/博客。
原始发表:2021/12/13 ,如有侵权请联系 cloudcommunity@tencent.com 删除
评论
登录后参与评论
推荐阅读
目录
腾讯云开发者
