【Android 逆向】【攻防世界】easyjava

android,逆向,攻防,世界,easyjava · 浏览次数 : 48

小编点评

The code you provided is a Java program that performs the following steps: 1. It reads a string from the user. 2. It checks if the string starts with "flag{" and ends with "}" and is in the format "flag{abc}". 3. If it is in the correct format, it extracts the substring between the "flag{" and "}" symbols and checks if it is equal to "wigwrkaugala". 4. If it is equal to "wigwrkaugala", it prints a message to the user. 5. If it is not equal to "wigwrkaugala", it prints a message to the user. 6. It then creates two lists, `a_alpha_list` and `b_alpha_list`, with the characters from the string in order. 7. It creates two lists, `a_num_list` and `b_num_list`, with the numbers from the string in order. 8. It combines the two lists `a_alpha_list` and `b_alpha_list` into a string `key` and the two lists `a_num_list` and `b_num_list` into a string `ret`. 9. It iterates over the `key_list` and adds the corresponding character from the `a_alpha_list` to the `ret` string. 10. It iterates over the `b_list` and adds the corresponding character from the `b_alpha_list` to the `ret` string. 11. Finally, it prints the `ret` string, which contains the flag in the correct format. This code is a simple algorithm for checking if a given string is a valid flag. It first extracts the flag from the string, then checks if it matches the correct format and contains the string "wigwrkaugala". If it is valid, it prints a message to the user. Otherwise, it prints a message to the user.

正文

1. apk 安装到手机,提示输入flag

2. jadx 打开apk看看

    private static char a(String str, b bVar, a aVar) {
        return aVar.a(bVar.a(str));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Boolean b(String str) {
        if (str.startsWith("flag{") && str.endsWith("}")) {
            String substring = str.substring(5, str.length() - 1);
            b bVar = new b(2);
            a aVar = new a(3);
            StringBuilder sb = new StringBuilder();
            int i = 0;
            for (int i2 = 0; i2 < substring.length(); i2++) {
                sb.append(a(substring.charAt(i2) + "", bVar, aVar));
                Integer valueOf = Integer.valueOf(bVar.b().intValue() / 25);
                if (valueOf.intValue() > i && valueOf.intValue() >= 1) {
                    i++;
                }
            }
            return Boolean.valueOf(sb.toString().equals("wigwrkaugala"));
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // android.support.v7.app.c, android.support.v4.a.i, android.support.v4.a.aa, android.app.Activity
    public void onCreate(Bundle bundle) {
        super.onCreate(bundle);
        setContentView(R.layout.activity_main);
        findViewById(R.id.button).setOnClickListener(new View.OnClickListener() { // from class: com.a.easyjava.MainActivity.1
            @Override // android.view.View.OnClickListener
            public void onClick(View view) {
                if (MainActivity.b(((EditText) ((MainActivity) this).findViewById(R.id.edit)).getText().toString()).booleanValue()) {
                    Toast.makeText(this, "You are right!", 1).show();
                    return;
                }
                Toast.makeText(this, "You are wrong! Bye~", 1).show();
                new Timer().schedule(new TimerTask() { // from class: com.a.easyjava.MainActivity.1.1
                    @Override // java.util.TimerTask, java.lang.Runnable
                    public void run() {
                        System.exit(1);
                    }
                }, 2000L);
            }
        });
    }

这个b 是核心算法,就是靠它检查,整理一下它

    public static Boolean b(String str) {
        if (str.startsWith("flag{") && str.endsWith("}")) {
            String substring = str.substring(5, str.length() - 1);
            b bVar = new b(2);
            a aVar = new a(3);
            StringBuilder sb = new StringBuilder();
            int i = 0;
            
            for (int i2 = 0; i2 < substring.length(); i2++) {
                
                tmp = substring.charAt(i2) + "";
                tmp = bVar.a(tmp)
                tmp = aVar.a(tmp)
                sb.append(tmp);
                
                Integer valueOf = Integer.valueOf(bVar.b().intValue() / 25); // d >= 25
                if (valueOf.intValue() > i && valueOf.intValue() >= 1) {
                    i++;
                }
            }
            return Boolean.valueOf(sb.toString().equals("wigwrkaugala"));
        }
        return false;
    }

大概逻辑是: 每个输入的字符先经过b类的a方法处理,再经过a类的a方法处理,最后拼出来的字符串和wigwrkaugala进行比较
那么把结果字符串的每个字符倒过来操作一下应该可以得到结果

3. 看看b 类a方法

    public static void a() {
        int intValue = a.get(0).intValue();
        a.remove(0);
        a.add(Integer.valueOf(intValue));
        b += "" + b.charAt(0);
        b = b.substring(1, 27);
        Integer num = d;
        d = Integer.valueOf(d.intValue() + 1);
    }

    public Integer a(String str) {
        int i = 0;
        if (b.contains(str.toLowerCase())) {
            Integer valueOf = Integer.valueOf(b.indexOf(str));
            for (int i2 = 0; i2 < a.size() - 1; i2++) {
                if (a.get(i2) == valueOf) {
                    i = Integer.valueOf(i2);
                }
            }
        } else {
            i = str.contains(" ") ? -10 : -1;
        }
        a();
        return i;
    }

大概意思是字符传进来,找到对应b字典中的索引位置,然后去a里面找和该值相等的元素所在再索引处
最后把字符串表和数字表移动一下,即把第一个元素放到末尾处

a类和b类几乎一个套路,除了移动元素逻辑,它是执行26次才移动一次

4. 这样还原算法就可以搞出来了

# 注意这里的值再构造方法中又处理,这里就直接拿出来了
a_num_list = [ 21, 4, 24, 25, 20, 5, 15, 9, 17, 6, 13, 3, 18, 12, 10, 19, 0, 22, 2, 11, 23, 1, 8, 7, 14, 16 ]
a_alpha_list = list('abcdefghijklmnopqrstuvwxyz')

b_num_list = [17, 23, 7, 22, 1, 16, 6, 9, 21, 0, 15, 5, 10, 18, 2, 24, 4, 11, 3, 14, 19, 12, 20, 13, 8, 25]
b_alpga_list = list('abcdefghijklmnopqrstuvwxyz')

key = 'wigwrkaugala'
key_list = list(key)

ret = ''
for char_str in key_list:
    a_index = a_alpha_list.index(char_str)
    t_num = a_num_list[a_index]
    # 没有25位那么长 a就不loop
    b_index = b_num_list[t_num]
    key_char = b_alpga_list[b_index]
    ret += key_char
    # b loop
    t_num = b_num_list[0]
    b_num_list.pop(0)
    b_num_list.append(t_num)

    t_char = b_alpga_list[0]
    b_alpga_list.pop(0)
    b_alpga_list.append(t_char)

print(ret)

#日志
└─# python easyjava.py 
venividivkcr

得到flag: flag{venividivkcr}

与【Android 逆向】【攻防世界】easyjava相似的内容:

【Android 逆向】【攻防世界】easyjava

1. apk 安装到手机,提示输入flag 2. jadx 打开apk看看 private static char a(String str, b bVar, a aVar) { return aVar.a(bVar.a(str)); } /* JADX INFO: Access modifiers

【Android 逆向】【攻防世界】基础android

1. 下载并安装apk,提示要输入密码 2. apk拖入到jadx中看一下 this.login.setOnClickListener(new View.OnClickListener() { // from class: com.example.test.ctf02.MainActivity.1

【Android 逆向】【攻防世界】android2.0

这是一道纯算法还原题 1. apk安装到手机,提示输入flag,看来输入就是flag 2. jadx 打开apk查看 this.button.setOnClickListener(new View.OnClickListener() { // from class: com.example.test

【Android 逆向】【攻防世界】APK逆向

1. apk安装到手机,提示输入flag 2. jadx打开apk 定位到checkSN方法 public boolean checkSN(String userName, String sn) { if (userName != null) { try { if (userName.length(

【Android 逆向】【攻防世界】人民的名义-抓捕赵德汉1-200

1. 这一题下载下来是个jar文件,感觉很android关系不大,但还是放在了mobile这个分类下了 2. 直接java jar运行,提示需要输入密码 # java -jar 169e139f152e45d5ae634223fe53e6be.jar Enter password: 1234 Inc

【Android 逆向】【攻防世界】ill-intentions

1. apk 安装到手机, 啥输入框都没有 2. apk拖入到jadx中看看 public class MainActivity extends Activity { @Override // android.app.Activity public void onCreate(Bundle save

【Android 逆向】【攻防世界】boomshakalaka-3

1. apk 安装到手机,是一个cocos2dx 写的打飞机的游戏 题目描述跟得分有关(题目描述: play the game, get the highest score) 2. jadx 打开apk public class FirstTest extends Cocos2dxActivity

【Android 逆向】【攻防世界】easy-apk

apk 安装到手机,随便输入点内容,提示错误 2. apk 拖入到jadx中看看 public class MainActivity extends AppCompatActivity { /* JADX INFO: Access modifiers changed from: protected

【Android 逆向】【攻防世界】app1

1. apk安装到手机, 老套路了 2. jadx打开 this.btn.setOnClickListener(new View.OnClickListener() { // from class: com.example.yaphetshan.tencentgreat.MainActivity.1

【Android 逆向】【攻防世界】app2

1. 手机安装apk,随便点击,进入到第二个页面就停了 2. jadx打开apk,发现一共有三个activity,其中第三个activity: FileDataActivity 里面有东西 public class FileDataActivity extends a { private TextV