Weird Android Calculator 是来自 CTFLearn 的一道题。题目描述如下:
I've found this very weird android application.
Seems to be some kind of calculator, but there is something strange with it. Can you find out what it is?
https://mega.nz/#!qXIAgSKZ!u2QBlLV-3G8kmsr6yR0wqpQOFyv89e0WvBt45alBIRY
Flag is in Format: FLAG{...}
Note: You don't really need an android device to solve this. But it might be helpful :)
题中 link 给出的文件是 WeirdCalculator.apk。显然我们想看到它的 Java 源码。于是先用 d2j-dex2jar 将 apk 中的 dex 文件转为 jar 包:
d2j-dex2jar WeirdCalculator.apk
# dex2jar WeirdCalculator.apk -> ./WeirdCalculator-dex2jar.jar
然后使用 jd-gui 自动反编译 jar 包中的 class 文件,即可看到 Java 源码。
对源码稍作分析后,可发现 de.vidar.weirdcalculator.Parser.parseExpression() 中明显存在与 calculator 功能无关的代码:
Weird Code
将这段 weird code 单独拿出来,并对输出部分稍作如下修改:
// Test.java
int[] arrayOfInt = new int[41];
... ...
arrayOfInt[40] = 1348;
for (byte b = 0; b < i; b++) {
// Log.d("OUTPUT", Integer.toString(arrayOfInt[b] ^ 0x539));
System.out.print((char)(arrayOfInt[b] ^ 0x539));
}
最后运行上面的代码即可得到 flag:
javac Test.java
java Test
# FLAG{APK_4nalys1s_1s_r4th3r_3asy_1snt_1t}
