【Android 逆向】【攻防世界】app2

1. 手机安装apk，随便点击，进入到第二个页面就停了

2. jadx打开apk，发现一共有三个activity，其中第三个activity： FileDataActivity 里面有东西

public class FileDataActivity extends a {
    private TextView c;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.tencent.testvuln.a, android.app.Activity
    public void onCreate(Bundle bundle) {
        super.onCreate(bundle);
        setContentView(R.layout.activity_main3);
        this.c = (TextView) findViewById(R.id.textView1);
        this.c.setText(Encryto.decode(this, "9YuQ2dk8CSaCe7DTAmaqAA=="));
    }
}

但看了下代码，常规流程想进到这里不容易，直接上objection

─# objection -g com.tencent.testvuln explore                                                             

                                                                                                          
A newer version of objection is available!                                                                
You have v1.9.6 and v1.11.0 is ready for download.
                                                                                                          
Upgrade with: pip3 install objection --upgrade
For more information, please see: https://github.com/sensepost/objection/wiki/Updating

Using USB device `MI 5X`
Agent injected and responds ok!

     _   _         _   _
 ___| |_|_|___ ___| |_|_|___ ___
| . | . | | -_|  _|  _| | . |   |
|___|___| |___|___|_| |_|___|_|_|
      |___|(object)inject(ion) v1.9.6

     Runtime Mobile Exploration
        by: @leonjza from @sensepost

[tab] for command suggestions
com.tencent.testvuln on (xiaomi: 8.1.0) [usb] # android intent launch_activity com.tencent.testvuln.FileDa
taActivity
(agent) Starting activity com.tencent.testvuln.FileDataActivity...
(agent) Activity successfully asked to start.
com.tencent.testvuln on (xiaomi: 8.1.0) [usb] # 

直接打开了页面，页面给出了一串字符串，输入到题目flag提交，果然就是flag