前兩道wp來自于一位強大的師傅,她特意叮囑不署名,在此表示感謝!十分感謝
尋夢
a.打開題目后
b.看到此提示后,需要把顯示出來的base64編碼解碼
C.再次填入xunmeng,就看到了flag
JUST{re_is_so_interesting}
尋夢S
a.隨便輸入后,給了無關的提示,需要動用反編譯工具jeb
b.反編譯查了一下,找到主要加密代碼
public void onClick(View arg11) {
int v0 = 18;
int[] v1 = new int[]{74, 6, 81, 0x2F, 0x7F, 22, 105, 42, 87, 19, 120, 58, 83, 8, 97, 11, 0x74, 0x7D};
int[] v2 = new int[]{42, 42, 42, 42, 42, 42, 42, 42, 42, 42, 42, 42, 42, 42, 42, 42, 42, 42};
String v3 = MainActivity.this.text.getText().toString().trim();
String v5 = "不要調皮,應該好好輸入";
if(TextUtils.isEmpty(((CharSequence)v3))) {
Toast.makeText(MainActivity.this, ((CharSequence)v5), 0).show();
}
else if(v3.length() == v0) {
char[] v0_1 = v3.toCharArray();
int v4;
for(v4 = 0; true; ++v4) {
int v7 = 17;
if(v4 >= v7) {
break;
}
v2[v4] = v4 % 2 == 0 ? v0_1[v4] ^ v4 : v0_1[v4] ^ v0_1[v4 + 1];
}
for(v4 = 0; v4 < v7; ++v4) {
if(v2[v4] != v1[v4]) {
Toast.makeText(MainActivity.this, ((CharSequence)v5), 0).show();
}
else if(v4 < 16) {
}
else {
Toast.makeText(MainActivity.this, "恭喜你,拿到flag", 0).show();
}
}
}
else {
Toast.makeText(MainActivity.this, "好好加油,再接再厲", 0).show();
}
}
}
分析了一下主要代碼: v2[v4] = v4 % 2 == 0 ? v0_1[v4] ^ v4 : v0_1[v4] ^ v0_1[v4 + 1];
也就是把flag的偶數位異或 自己的位數,奇數位異或 下一位,然后異或后得出一個陣列,按照思路利用已知陣列反推回去即可,
接下來上代碼:
public class wp {
public static void main(String[] args) {
int[]e= {74,6,81,47,127,22,105,42,87,19,120,58,83,8,97,11,116,125};
for (int i = 0; i < 17; i++) {
int n = i % 2;
if (n == 0) {
e[i] = e[i] ^ i;
}
}
for (int i = 0; i < 17; i++) {
int n = i % 2;
if (n != 0) {
e[i] = e[i] ^e[i+1] ;
}
}
for (int i = 0; i < 18; i++) {
System.out.print(((char)e[i]));
}
}
}
運行結果如下:
得到flag:JUST{you_are_good}
尋夢SS
a.
直接上工具吧,沒啥好說的
b.分析代碼可知用flag做了base64編碼后,然后把密文進行位置互換,所以我們只需要把密文位置換回去,然后進行解密即可,
c.換位代碼
int[] c = {'v','t','v','h','J','b','1','C','r','O','1','S','B','A','x','T','j','B','3','C','v','O','2','S','v','5','z','x','n','5','3','g','Z','L','x','T','n','F','1','x','b','I','0','t','Z','Z','s','B'};
for (int i = 47; i>=2; i--) {
int temp = c[i - 2];
c[i - 2] = c[i];
c[i] = temp;
}
換位后為sBvtvhJb1CrO1SBAxTjB3CvO2Sv5zxn53gZLxTnF1xbI0tZZ
d.base64表被換位了,所以直接上網搜索自定義base64,隨便找個自定義base64 的decode函式然后把表換了即可
首先把base64表寫出
public final static char[] base64_alphabet = new char[]{'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', '0', 'z', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '/', '+', '='};
public static String decode(String enContent) {
byte[] data = enContent.getBytes();
int i = 0, j = 0, enCode = 0;
int mLength = data.length;
byte[] char_array_4 = new byte[4];
byte[] char_array_3 = new byte[3];
String retContent = "";
// filter out the padding '=' chars
while (mLength > 0 && (((char) data[enCode]) != '=') && isBase64((char) data[enCode])) {
mLength--;
char_array_4[i++] = data[enCode++];
if (i == 4) {
for (i = 0; i < 4; i++)
char_array_4[i] = findChar((char) char_array_4[i]);
char_array_3[0] = (byte) ((char_array_4[0] << 2) + ((char_array_4[1] & 0x30) >> 4));
char_array_3[1] = (byte) (((char_array_4[1] & 0xf) << 4) + ((char_array_4[2] & 0x3c) >> 2));
char_array_3[2] = (byte) (((char_array_4[2] & 0x3) << 6) + char_array_4[3]);
for (i = 0; (i < 3); i++)
retContent += (char) char_array_3[i];
i = 0;
}
}
// last content handling
if (i > 0) {
for (j = i; j < 4; j++)
char_array_4[j] = 0;
for (j = 0; j < 4; j++)
char_array_4[j] = findChar((char) char_array_4[j]);
char_array_3[0] = (byte) ((char_array_4[0] << 2) + ((char_array_4[1] & 0x30) >> 4));
char_array_3[1] = (byte) (((char_array_4[1] & 0xf) << 4) + ((char_array_4[2] & 0x3c) >> 2));
char_array_3[2] = (byte) (((char_array_4[2] & 0x3) << 6) + char_array_4[3]);
for (j = 0; (j < i - 1); j++)
retContent += (char) char_array_3[j];
}
return retContent;
}
主函式里寫出
String d="sBvtvhJb1CrO1SBAxTjB3CvO2Sv5zxn53gZLxTnF1xbI0tZZ";
String e=base64.decode(d);
System.out.println(e);
得出flag
JUST{Android_reverse_is_too_simple?}
在這里呢,貼一下一個完整的自定義base64代碼,需要的自取
public class base64 {
public final static char[] base64_alphabet = new char[]{
'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's',
't', 'u', 'v', 'w', 'x', 'y', '0','z', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B',
'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U',
'V', 'W', 'X', 'Y', 'Z', '/','+', '='};
public static String encode(String content) {
byte[] data = content.getBytes();
int length = data.length;
byte[] char_array_3 = new byte[]{0, 0, 0};
byte[] char_array_4 = new byte[]{'=', '=', '=', '='};
String retContent = "";
int i = 0;
int j = 0;
int reversePos = 0;
while (length > 0) {
length--;
char_array_3[i++] = data[reversePos++];
if (i == 3) {
char_array_4[0] = (byte) ((char_array_3[0] & 0xfc) >> 2); // convert the char
char_array_4[1] = (byte) (((char_array_3[0] & 0x03) << 4) + ((char_array_3[1] & 0xf0) >> 4));
char_array_4[2] = (byte) (((char_array_3[1] & 0x0f) << 2) + ((char_array_3[2] & 0xc0) >> 6));
char_array_4[3] = (byte) (char_array_3[2] & 0x3f);
for (i = 0; (i < 4); i++)
retContent += base64_alphabet[char_array_4[i]];
i = 0;
}
}
// handling the last input content
if (i > 0) {
for (j = i; j < 3; j++)
char_array_3[j] = 0; // padding of zero
char_array_4[0] = (byte) ((char_array_3[0] & 0xfc) >> 2); // right shift
char_array_4[1] = (byte) (((char_array_3[0] & 0x03) << 4) + ((char_array_3[1] & 0xf0) >> 4));
char_array_4[2] = (byte) (((char_array_3[1] & 0x0f) << 2) + ((char_array_3[2] & 0xc0) >> 6));
char_array_4[3] = (byte) (char_array_3[2] & 0x3f);
for (j = 0; (j < i + 1); j++)
retContent += base64_alphabet[char_array_4[j]];
while ((i++ < 3)) // padding of '=' of output string
retContent += '=';
}
return retContent;
}
public static String decode(String enContent) {
byte[] data = enContent.getBytes();
int i = 0, j = 0, enCode = 0;
int mLength = data.length;
byte[] char_array_4 = new byte[4];
byte[] char_array_3 = new byte[3];
String retContent = "";
// filter out the padding '=' chars
while (mLength > 0 && (((char) data[enCode]) != '=') && isBase64((char) data[enCode])) {
mLength--;
char_array_4[i++] = data[enCode++];
if (i == 4) {
for (i = 0; i < 4; i++)
char_array_4[i] = findChar((char) char_array_4[i]);
char_array_3[0] = (byte) ((char_array_4[0] << 2) + ((char_array_4[1] & 0x30) >> 4));
char_array_3[1] = (byte) (((char_array_4[1] & 0xf) << 4) + ((char_array_4[2] & 0x3c) >> 2));
char_array_3[2] = (byte) (((char_array_4[2] & 0x3) << 6) + char_array_4[3]);
for (i = 0; (i < 3); i++)
retContent += (char) char_array_3[i];
i = 0;
}
}
// last content handling
if (i > 0) {
for (j = i; j < 4; j++)
char_array_4[j] = 0;
for (j = 0; j < 4; j++)
char_array_4[j] = findChar((char) char_array_4[j]);
char_array_3[0] = (byte) ((char_array_4[0] << 2) + ((char_array_4[1] & 0x30) >> 4));
char_array_3[1] = (byte) (((char_array_4[1] & 0xf) << 4) + ((char_array_4[2] & 0x3c) >> 2));
char_array_3[2] = (byte) (((char_array_4[2] & 0x3) << 6) + char_array_4[3]);
for (j = 0; (j < i - 1); j++)
retContent += (char) char_array_3[j];
}
return retContent;
}
public static boolean isBase64(char c) {
boolean base64 = false;
for (int i = 0; i < 64; i++) {
if (c == base64_alphabet[i]) {
base64 = true;
break;
}
}
return base64;
}
public static byte findChar(char x) {
byte index = 64; // 65th char '='
for (int i = 0; i < 64; i++) {
if (x == base64_alphabet[i]) {
index = (byte) i;
break;
}
}
return index;
}
轉載請註明出處,本文鏈接:https://www.uj5u.com/qita/233603.html
標籤:其他