【Android 逆向】【攻防世界】APK逆向

1. apk安装到手机,提示输入flag

2. jadx打开apk

定位到checkSN方法

public boolean checkSN(String userName, String sn) {
    if (userName != null) {
        try {
            if (userName.length() == 0 || sn == null || sn.length() != 22) {
                return false;
            }
            MessageDigest digest = MessageDigest.getInstance("MD5");
            digest.reset();
            digest.update(userName.getBytes());
            byte[] bytes = digest.digest();
            String hexstr = toHexString(bytes, "");
            StringBuilder sb = new StringBuilder();
            for (int i = 0; i < hexstr.length(); i += 2) {
                sb.append(hexstr.charAt(i));
            }
            String userSN = sb.toString();
            return new StringBuilder().append("flag{").append(userSN).append("}").toString().equalsIgnoreCase(sn);
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
            return false;
        }
    }
    return false;
}

这里做了一个md5计算,然后每进两步取一个字符来进行比较,这里直接把算法扣出来放到IDEA里取跑一下即可拿到结果
Main.java

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;

public class Main {
    public static void main(String[] args) {
        System.out.println("Hello world!");
        checkSN("Tenshine", "hello");
    }

    public static boolean checkSN(String userName, String sn) {
        if (userName != null) {
            try {
                if (userName.length() == 0 || sn == null) {
                    return false;
                }
                MessageDigest digest = MessageDigest.getInstance("MD5");
                digest.reset();
                digest.update(userName.getBytes());
                byte[] bytes = digest.digest();
                String hexstr = toHexString(bytes, "");
                StringBuilder sb = new StringBuilder();
                for (int i = 0; i < hexstr.length(); i += 2) {
                    sb.append(hexstr.charAt(i));
                }
                String userSN = sb.toString();
                System.out.println(userSN);
                return new StringBuilder().append("flag{").append(userSN).append("}").toString().equalsIgnoreCase(sn);
            } catch (NoSuchAlgorithmException e) {
                e.printStackTrace();
                return false;
            }
        }
        return false;
    }

    private static String toHexString(byte[] bytes, String separator) {
        StringBuilder hexString = new StringBuilder();
        for (byte b : bytes) {
            String hex = Integer.toHexString(b & 255);
            if (hex.length() == 1) {
                hexString.append('0');
            }
            hexString.append(hex).append(separator);
        }
        return hexString.toString();
    }
}

得到flag : bc72f242a6af3857

posted @ 2023-03-17 12:34  明月照江江  阅读(155)  评论(0编辑  收藏  举报