【Android 逆向】【攻防世界】boomshakalaka-3

android,逆向,攻防,世界,boomshakalaka · 浏览次数 : 35

小编点评

The content is about generating a string by adding characters to a shared preference named "DATA" in a Cocos2dx game. Here's a summary: 1. The game saves the current score in a shared preference named "DATA". 2. It uses the `sub_D08CEDDC` function to write data to the shared preference. 3. The function takes the following arguments: - `v20`: The current score. - `v19`: The previous score. - `v21`: The character to be added. - `v22`: The starting position in the string. - `v23`: The ending position in the string. - `v24`: The starting position in the string for the ending character. - `v25`: The ending position in the string for the last character. 4. Depending on the value of `a2`, it adds a corresponding character to the string. 5. The function sets the string in the shared preference using `setStringForKey`. 6. The content of the shared preference is updated with the latest score. This process allows the game to keep track of the player's score and display it on the screen.

正文

1. apk 安装到手机,是一个cocos2dx 写的打飞机的游戏

题目描述跟得分有关(题目描述: play the game, get the highest score)

2. jadx 打开apk

public class FirstTest extends Cocos2dxActivity {
    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.cocos2dx.lib.Cocos2dxActivity, android.app.Activity
    public void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        a haha = new a(this, "flag");
        haha.d("YmF6aW5nYWFhYQ==");
        a hehe = new a(this, "Cocos2dxPrefsFile");
        hehe.d("N0");
    }

    @Override // org.cocos2dx.lib.Cocos2dxActivity
    public Cocos2dxGLSurfaceView onCreateView() {
        Cocos2dxGLSurfaceView glSurfaceView = new Cocos2dxGLSurfaceView(this);
        a hehe = new a(this, "Cocos2dxPrefsFile");
        hehe.d("MG");
        glSurfaceView.setEGLConfigChooser(5, 6, 5, 0, 16, 8);
        return glSurfaceView;
    }

    static {
        System.loadLibrary("cocos2dcpp");
    }
}

public class a {
    private SharedPreferences editor;

    public a(Context arg1, String arg2) {
        this.editor = null;
        this.editor = arg1.getSharedPreferences(arg2, 0);
    }

    public void b() {
        this.editor.edit().putString("DATA", "").commit();
    }

    public String c() {
        return this.editor.getString("DATA", "");
    }

    public void d(String arg1) {
        this.editor.edit().putString("DATA", String.valueOf(String.valueOf(c())) + arg1).commit();
    }
}

可以看到在java层信息不多,在操作两个sharefpreference,玩一下游戏看看变化,结果发现打飞机随着分数的变化会持续的往sharefpreference里面写数据

3. IDA 打开so,搜索update 或者score看看,发现updateScore函数

cocos2d::CCUserDefault *__fastcall ControlLayer::updateScore(cocos2d::CCUserDefault *this, int a2)
{
......
  while ( v2 != 4 );
  if ( a2 <= &MEMORY[0x3B9ACA00] )
  {
    v4 = cocos2d::CCUserDefault::sharedUserDefault(this);
    sub_D08D04D8(v21, &byte_D09262A0, v19);
    cocos2d::CCUserDefault::getStringForKey(v20, v4, &v33, v21);
    v5 = sub_D08CEDDC(v21);
    switch ( a2 )
    {
      case 100:
        v6 = cocos2d::CCUserDefault::sharedUserDefault(v5);
        std::operator+<char>(v22, v20, "MW");
        cocos2d::CCUserDefault::setStringForKey(v6, &v33, v22);
        v7 = v22;
        break;
      case 600:
        v8 = cocos2d::CCUserDefault::sharedUserDefault(v5);
        std::operator+<char>(v23, v20, "Rf");
        cocos2d::CCUserDefault::setStringForKey(v8, &v33, v23);
        v7 = v23;
        break;
      case 700:
        v9 = cocos2d::CCUserDefault::sharedUserDefault(v5);
        std::operator+<char>(v24, v20, "Rz");
        cocos2d::CCUserDefault::setStringForKey(v9, &v33, v24);
        v7 = v24;
        break;
      case 3000:
        v10 = cocos2d::CCUserDefault::sharedUserDefault(v5);
        std::operator+<char>(v25, v20, "Bt");
        cocos2d::CCUserDefault::setStringForKey(v10, &v33, v25);
        v7 = v25;
        break;
      case 5600:
        v11 = cocos2d::CCUserDefault::sharedUserDefault(v5);
        std::operator+<char>(v26, v20, "RV");
        cocos2d::CCUserDefault::setStringForKey(v11, &v33, v26);
        v7 = v26;
        break;
      case 9900:
        v12 = cocos2d::CCUserDefault::sharedUserDefault(v5);
        std::operator+<char>(v27, v20, "9Z");
        cocos2d::CCUserDefault::setStringForKey(v12, &v33, v27);
        v7 = v27;
        break;
      case 18000:
        v13 = cocos2d::CCUserDefault::sharedUserDefault(v5);
        std::operator+<char>(v28, v20, "b1");
        cocos2d::CCUserDefault::setStringForKey(v13, &v33, v28);
        v7 = v28;
        break;
      case 88800:
        v14 = cocos2d::CCUserDefault::sharedUserDefault(v5);
        std::operator+<char>(v29, v20, "Vf");
        cocos2d::CCUserDefault::setStringForKey(v14, &v33, v29);
        v7 = v29;
        break;
      case 100000:
        v15 = cocos2d::CCUserDefault::sharedUserDefault(v5);
        std::operator+<char>(v30, v20, "S2");
        cocos2d::CCUserDefault::setStringForKey(v15, &v33, v30);
        v7 = v30;
        break;
      default:
        if ( a2 != &MEMORY[0x3B9ACA00] )
        {
LABEL_25:
          v17 = cocos2d::CCString::createWithFormat("%d", a2);
          (*(**(v18 + 66) + 428))(*(v18 + 66), *(v17 + 20));
          return sub_D08CEDDC(v20);
        }
        v16 = cocos2d::CCUserDefault::sharedUserDefault(v5);
        std::operator+<char>(v31, v20, "4w");
        cocos2d::CCUserDefault::setStringForKey(v16, &v33, v31);
        v7 = v31;
        break;
    }
    sub_D08CEDDC(v7);
    goto LABEL_25;
  }
  return this;
}

可以看到是顺着得分的增加,会追加字符到sharedpreference,加上一启动就会写入的前缀和游戏结束就会写入的后缀可以得到 MGN0ZntDMGNvUzJkX0FuRHJvMWRfRzBtRV9Zb1VfS24wdz99
base64解得0ctf{C0coS2d_AnDro1d_G0mE_YoU_Kn0w?}

android 逆向 攻防 世界 boomshakalaka

与【Android 逆向】【攻防世界】boomshakalaka-3相似的内容:

【Android 逆向】【攻防世界】boomshakalaka-3

1. apk 安装到手机,是一个cocos2dx 写的打飞机的游戏 题目描述跟得分有关(题目描述: play the game, get the highest score) 2. jadx 打开apk public class FirstTest extends Cocos2dxActivity

android 逆向 攻防 世界
35
【Android 逆向】【攻防世界】基础android

1. 下载并安装apk,提示要输入密码 2. apk拖入到jadx中看一下 this.login.setOnClickListener(new View.OnClickListener() { // from class: com.example.test.ctf02.MainActivity.1

android 逆向 攻防 世界
55
【Android 逆向】【攻防世界】android2.0

这是一道纯算法还原题 1. apk安装到手机,提示输入flag,看来输入就是flag 2. jadx 打开apk查看 this.button.setOnClickListener(new View.OnClickListener() { // from class: com.example.test

android 逆向 攻防 世界
113
【Android 逆向】【攻防世界】APK逆向

1. apk安装到手机,提示输入flag 2. jadx打开apk 定位到checkSN方法 public boolean checkSN(String userName, String sn) { if (userName != null) { try { if (userName.length(

android 逆向 攻防 世界
42
【Android 逆向】【攻防世界】人民的名义-抓捕赵德汉1-200

1. 这一题下载下来是个jar文件,感觉很android关系不大,但还是放在了mobile这个分类下了 2. 直接java jar运行,提示需要输入密码 # java -jar 169e139f152e45d5ae634223fe53e6be.jar Enter password: 1234 Inc

android 逆向 攻防 世界
35
【Android 逆向】【攻防世界】ill-intentions

1. apk 安装到手机, 啥输入框都没有 2. apk拖入到jadx中看看 public class MainActivity extends Activity { @Override // android.app.Activity public void onCreate(Bundle save

android 逆向 攻防 世界
85
【Android 逆向】【攻防世界】easy-apk

apk 安装到手机,随便输入点内容,提示错误 2. apk 拖入到jadx中看看 public class MainActivity extends AppCompatActivity { /* JADX INFO: Access modifiers changed from: protected

android 逆向 攻防 世界
29
【Android 逆向】【攻防世界】app1

1. apk安装到手机, 老套路了 2. jadx打开 this.btn.setOnClickListener(new View.OnClickListener() { // from class: com.example.yaphetshan.tencentgreat.MainActivity.1

android 逆向 攻防 世界
18
【Android 逆向】【攻防世界】app2

1. 手机安装apk,随便点击,进入到第二个页面就停了 2. jadx打开apk,发现一共有三个activity,其中第三个activity: FileDataActivity 里面有东西 public class FileDataActivity extends a { private TextV

android 逆向 攻防 世界
52
【Android 逆向】【攻防世界】easy-so

1. apk安装到手机,随便输入点内容,提示错误 2. jadx打开apk btn.setOnClickListener(new View.OnClickListener() { // from class: com.testjava.jack.pingan2.MainActivity.1 @Ove

android 逆向 攻防 世界
23
# 热门排行
微软 New Bing AI 申请与使用保姆级教程(免魔法) ChatGPT API使用介绍 ChatGPT开发实战 一篇带你了解如何使用纯前端类Excel表格构建现金流量表 手把手教你玩转 Excel 数据透视表 为什么 C# 可能是最好的第一编程语言 .NET 入门到高级路线 提高工作效率的神器:基于前端表格实现Chrome Excel扩展插件 React + Springboot + Quartz,从0实现Excel报表自动化 用Echarts实现前端表格引用从属关系可视化
© PmDaddy. 2023 PmDaddy教程网 All rights reserved.