【Android 逆向】【攻防世界】app2

1. 手机安装apk,随便点击,进入到第二个页面就停了

2. jadx打开apk,发现一共有三个activity,其中第三个activity: FileDataActivity 里面有东西

public class FileDataActivity extends a {
    private TextView c;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.tencent.testvuln.a, android.app.Activity
    public void onCreate(Bundle bundle) {
        super.onCreate(bundle);
        setContentView(R.layout.activity_main3);
        this.c = (TextView) findViewById(R.id.textView1);
        this.c.setText(Encryto.decode(this, "9YuQ2dk8CSaCe7DTAmaqAA=="));
    }
}

但看了下代码,常规流程想进到这里不容易,直接上objection

─# objection -g com.tencent.testvuln explore                                                             

                                                                                                          
A newer version of objection is available!                                                                
You have v1.9.6 and v1.11.0 is ready for download.
                                                                                                          
Upgrade with: pip3 install objection --upgrade
For more information, please see: https://github.com/sensepost/objection/wiki/Updating

Using USB device `MI 5X`
Agent injected and responds ok!

     _   _         _   _
 ___| |_|_|___ ___| |_|_|___ ___
| . | . | | -_|  _|  _| | . |   |
|___|___| |___|___|_| |_|___|_|_|
      |___|(object)inject(ion) v1.9.6

     Runtime Mobile Exploration
        by: @leonjza from @sensepost

[tab] for command suggestions
com.tencent.testvuln on (xiaomi: 8.1.0) [usb] # android intent launch_activity com.tencent.testvuln.FileDa
taActivity
(agent) Starting activity com.tencent.testvuln.FileDataActivity...
(agent) Activity successfully asked to start.
com.tencent.testvuln on (xiaomi: 8.1.0) [usb] # 

直接打开了页面,页面给出了一串字符串,输入到题目flag提交,果然就是flag

posted @ 2023-03-18 12:44  明月照江江  阅读(155)  评论(0编辑  收藏  举报