首先拿到了一個apk,用7ZIP解壓后 將classes.dex檔案用dex2jar反匯編得到一個jar包,導進我的idea以后
打開MainActivity分析邏輯,關鍵是這個onClick函式
public void onClick(View param1View) {
try {
String str1 = MainActivity.this.text.getText().toString();
PackageInfo packageInfo = MainActivity.this.getPackageManager().getPackageInfo("com.example.yaphetshan.tencentgreat", 16384);
String str2 = packageInfo.versionName;
int j = packageInfo.versionCode;
for (int i = 0;; i++) {
if (i < str1.length() && i < str2.length()) {
if (str1.charAt(i) != (str2.charAt(i) ^ j)) {
Toast.makeText((Context)MainActivity.this, ", 1).show();
return;
}
} else {
if (str1.length() == str2.length()) {
Toast.makeText((Context)MainActivity.this, ", 1).show();
return;
}
Toast.makeText((Context)MainActivity.this, ", 1).show();
}
}
} catch (android.content.pm.PackageManager.NameNotFoundException nameNotFoundException) {}
Toast.makeText((Context)MainActivity.this, ", 1).show();
}
根據分析有幾個前提條件:
- str1與str2長度相等
- str1每一位的字母的ascii碼值等于str2與j異或的值
- str2為versionName號,j為versioncode
因此根據邏輯我們可以寫出
public static void main(String[] args) {
String str2 = "X<cP[?PHNB<P?aj";
int j = 15;
String res = "";
for (int i =0;i < str2.length(); i++){
res += (char)(str2.charAt(i) ^ j);
}
System.out.println(res);
}
最終輸出了W3l_T0_GAM3_0ne即為flag
轉載請註明出處,本文鏈接:https://www.uj5u.com/yidong/255243.html
標籤:其他
上一篇:CSS知識回顧(10)