Bugku-REVERSE-First_Mobile(xman)

 

 

使用jeb3打开反编译代码

package com.example.xman.easymobile;

import android.os.Bundle;
import android.support.v7.app.AppCompatActivity;
import android.view.View$OnClickListener;
import android.view.View;
import android.widget.Button;
import android.widget.EditText;
import android.widget.Toast;

public class MainActivity extends AppCompatActivity {
    private Button button;
    private EditText editText;

    public MainActivity() {
        super();
    }

    protected void onCreate(Bundle arg4) {
        super.onCreate(arg4);
        this.setContentView(0x7F04001A);
        this.findViewById(0x7F0B0056).setOnClickListener(new View$OnClickListener(this.findViewById(0x7F0B0055)) {
            public void onClick(View arg4) {
                new encode();
                if(encode.check(this.val$editText.getText().toString())) {
                    Toast.makeText(MainActivity.this.getApplicationContext(), "correct", 1).show();
                }
                else {
                    Toast.makeText(MainActivity.this.getApplicationContext(), "failed", 1).show();
                }
            }
        });
    }
}

分析,程序将editText中的内容进行一次encode.check检查,通过就显示correct

那核心代码应该在encode函数中,

package com.example.xman.easymobile;

public class encode {
    private static byte[] b;

    static {
        encode.b = new byte[]{23, 22, 26, 26, 25, 25, 25, 26, 27, 28, 30, 30, 29, 30, 0x20, 0x20};
    }

    public encode() {
        super();
    }

    public static boolean check(String arg7) {
        int v6 = 16;
        byte[] v1 = arg7.getBytes();
        byte[] v3 = new byte[v6];
        int v0;
        for(v0 = 0; v0 < v6; ++v0) {
            v3[v0] = ((byte)((v1[v0] + encode.b[v0]) % 61));
        }

        for(v0 = 0; v0 < v6; ++v0) {
            v3[v0] = ((byte)(v3[v0] * 2 - v0));
        }

        return new String(v3).equals(arg7);
    }
}

这个函数逻辑很简单,就是对输入的长度为16的字符串的每个字符进行运算,若运算结果字符没有变,就通过。

解方程太复杂了,编写一个简单的python脚本进行爆破

byte = [23, 22, 26, 26, 25, 25, 25, 26, 27, 28, 30, 30, 29, 30, 0x20, 0x20]
for i in range(16):
    for v1 in range(200):
        if ((v1+byte[i])%61)*2-i == v1 :
            print chr(v1),

得到结果如下

 

得到flag XMAN{LOHILMNMLKHILKHI}

 

posted @ 2021-01-21 18:31  fallingskies  阅读(351)  评论(0编辑  收藏  举报