0x01 题目描述
无
0x02 题解
这道题也是个apk,很尴尬的是我安装不上,不知道究竟是为什么。。那直接拖进jeb看看能否反汇编
成功反汇编成java代码
package com.a.sample.androidtest;
import android.os.Bundle;
import android.support.v7.app.AppCompatActivity;
import android.view.View$OnClickListener;
import android.view.View;
import android.widget.EditText;
import android.widget.Toast;
public class MainActivity extends AppCompatActivity {
private EditText editText;
private byte[] s;
public MainActivity() {
super();
this.s = new byte[]{113, 123, 118, 112, 108, 94, 99, 72, 38, 68, 72, 87, 89, 72, 36, 118, 100, 78, 72, 87, 121, 83, 101, 39, 62, 94, 62, 38, 107, 115, 106};
}
public boolean check() {
boolean v2 = false;
byte[] v0 = this.editText.getText().toString().getBytes();
if(v0.length == this.s.length) {
int v1 = 0;
while(v1 < this.s.length) {
if(v1 >= v0.length) {
break;
}
if(this.s[v1] == (v0[v1] ^ 23)) {
++v1;
continue;
}
else {
return v2;
}
}
v2 = true;
}
return v2;
}
protected void onCreate(Bundle arg4) {
super.onCreate(arg4);
this.setContentView(2130968603);
this.editText = this.findViewById(2131427415);
this.findViewById(2131427416).setOnClickListener(new View$OnClickListener(this) {
public void onClick(View arg4) {
if(MainActivity.this.check()) {
Toast.makeText(this.val$context, "You got the flag!", 1).show();
}
else {
Toast.makeText(this.val$context, "Sorry your flag is wrong", 1).show();
}
}
});
}
}
可以看到当check返回true的话就会得到flag了。
那就看check函数,如果我们输入的字符串的每一位都与23异或后的结果等于s数组中对应的值,那么在全部完成31次后check函数就会返回true
那么很容易逆过来,脚本如下
s = [113, 123, 118, 112, 108, 94, 99, 72, 38, 68, 72, 87, 89, 72, 36, 118, 100, 78, 72, 87, 121, 83, 101, 39, 62, 94, 62, 38, 107, 115, 106]
result = ''
for i in range(len(s)):
result += chr(int(s[i]) ^ 23)
print result
