【WhaleCTF逆向題】第一期安卓加密writeup
阿新 • • 發佈:2018-12-10
題目資訊如下:
安裝到模擬器可以明顯看出用的XOR運算
JEB載入 發現關鍵在check2 check1這個方法一點用也沒有。。。
那我們就看看check2是怎樣運算的
public void check2(String s) { String v5; int v4 = 0; int[] v7 = new int[16]; int v3 = 16; int v1 = 5; v7[2] = 3; v7[7] = 4; v7[3] = 8; v7[1] = 10; v7[10] = 11; v7[0] = 15; v7[11] = 20; v7[6] = 20; v7[8] = 21; v7[15] = 24; v7[12] = 30; v7[13] = v3; v7[4] = 3; v7[14] = v3; v7[9] = 3; v7[5] = 89; if(s.length() != 16) {//我們的input長度必須等於16 throw new RuntimeException(); } try { v5 = this.getKey();//這裡會呼叫getKey()這個方法 給v5賦值 } catch(Exception v0) { v5 = this.getKey(); System.arraycopy(v5, 0, s, v1, v1); } while(v4 < s.length()) {//v4相當於迴圈變數i charAt()是獲取對應位置字元 下面就是異或 if((v7[v4] & 255) != ((s.charAt(v4) ^ v5.charAt(v4 % v5.length())) & 255)) { throw new RuntimeException(); } ++v4; } }
那我們來看看v5的值
public String getKey() {
return "goodluck";//v5的值
}python程式碼如下:
直接把v7這個陣列從jeb摳出來比較省事
#coding=utf-8 v4 = 0 v7 = [0] * 16 v3 = 16 v1 = 5 v7[2]=3 v7[7]=4 v7[3]=8 v7[1]=10 v7[10]=11 v7[0]=15 v7[11]=20 v7[6]=20 v7[8]=21 v7[15]=24 v7[12]=30 v7[13]=v3 v7[4]=3 v7[14]=v3 v7[9]=3 v7[5]=89 v5 = 'goodluck' flag = '' #b= [] #a[i] & 255 == (s[i] ^ v5[i % len(v5)]) & 255 for i in range(0,len(v7)): flag += chr(v7[i] ^ ord(v5[i % len(v5)])) #b.append(chr(v7[i] ^ ord(s[i % len(s)]))) print flag #print b
