-
-
[原创]看雪CTF 2018 团队赛 第五题 交响曲WP(多解)
-
2018-12-10 13:08
-
1.在手机上安装app运行并测试下,然后将apk拖入jeb中
private void a() {
int v0 = 2131427370;
try {
this.c();
if(this.j != 0 && this.i != 0 && this.h != 0) {
this.d();
this.a(this.e() + this.f() + this.g() + this.h());
return;
}
this.n.setText(this.getString(v0));
}
catch(Exception ) {
this.n.setText(this.getString(v0));
}
}这个方法为主逻辑,其中c()方法会进行值的校验,并对j,i,h进行赋值,如果不合法赋值为0,程序退出,合法则调用d()方法,d方法也是进行值的判断,然后给g,f,e赋值,最后调a(int)方法,进行结果校验,参数为e(),f(),g,(),h()方法的返回值的和
2.接下来分析a(int)方法
private void a(int arg8) {
int v0 = 2131427370;
int v1 = 34;
if(arg8 <= v1) {
if(arg8 < v1) {
}
else {
try {
this.n.setText(String.format("%s%s", this.getString(2131427369), this.l[arg8]));
this.findViewById(2131165273).setEnabled(false);
return;
label_23:
this.n.setText(this.getString(v0));
}
catch(Exception ) {
this.n.setText(this.getString(v0));
}
return;
}
}
goto label_23;
}其中arg8只有等于34时就会执行成功逻辑,因此根据以上分析,便可以开始编写计算的代码了
3.计算代码如下
public static void kanxueTest_c(int jj, int ii, int hh) {
String userInput;
try {
if (ii < 10)
{
userInput = String.valueOf(jj) + "0" + String.valueOf(ii) + String.valueOf(hh) + "9";
}
else {
userInput = String.valueOf(jj) + "0" + String.valueOf(ii) + String.valueOf(hh) + "9";
}
int j = 0;
int i = 0;
int h = 0;
int v3 = 4;
String v2 = userInput.length() > v3 ? userInput.substring(0, v3) : userInput;
//System.out.println("v2 = " + v2);
j = Integer.parseInt(v2);
//System.out.println("j = " + j);
if(j > 0 && j < 189) {// j <= 0 || j >= 189
j = 0;
}
if(j <= 1983 || j >= 2007) {// 1983 < j < 2007
j = 0;
}
//j = 4 位 值在1983-2007范围内,不包括 1982和2007
int v4 = 6;
v2 = userInput.length() > v4 ? userInput.substring(v3, v4) : userInput;
//System.out.println("v2 = " + v2);
i = Integer.parseInt(v2);
//System.out.println("i = " + i);
if(i < 1 || i > 12) {
i = 0;
}
//i = 2 位 值在1-12之间,包括1和12
int v5 = 8;
if(userInput.length() > v5) {
userInput = userInput.substring(v4, v5);
//System.out.println("userInput = " + userInput);
}
h = Integer.parseInt(userInput);
//System.out.println("h = " + h);
if(h >= 1 && h <= 31) {
//System.out.println("i = " + i + "j = " + j + "h = " + h);
// return;
}
//h = 2 位 值在1-31之间,包括1和31
//h = 0;
//System.out.println("i = " + i + "j = " + j + "h = " + h);
//用户输入 1984-2006 1-12 1-31 xxx 组合
//d()
if(j == 1989 || j == 2004) { // h = 31 越界 j不等于 1989 和 2004
h = 31;
}
//用户输入
//0-4位 1984-2006 不包含 1989 2004
//5-6位 1-12
//7-8位 1-31
//大于8位的数 xxx
if(i == 1 || i == 4 || i == 5 || i == 7 || i == 10 || i == 11 || i == 12) { //i 等于这些值 j 等于 1999
j = 1999;
}
if(j <= 1994 && (i == 2 || i == 6 || i == 8)) {
i = 3;
}
if(j >= 1996 && (i == 2 || i == 6 || i == 8)) {
i = 9;
}
if(j == 1995 && (h > i + 2 || i == h)) {
i = 6;
}
g = j;//1999
f = i;//1
e = h;//22
int resE = getE();
int resG = getG();
int resF = getF();
int resH =0;// getH(userInput);
int result = (resE + resF + resG + resH);
if (result == 34)
{
System.out.println("find : j = " + j + ", i = " + i + ", h = " + h + ", resH = " + resH);
}
}
catch(Exception e) {
//n.setText(this.getString(2131427370));
}
}
public static int g;
public static int f;
public static int e;
public static int getE()
{
int []d = new int[]{
7, 7, 9, 12, 8, 7, 13, 5, 14, 5,
9, 17, 5, 7, 12, 8, 8, 6, 19, 6,
8, 16, 10, 6, 12, 9, 6, 7, 12, 5,
9, 8, 7, 8, 15, 9, 16, 8, 8, 19,
12, 6, 8, 7, 5, 15, 6, 16, 15, 7,
9, 12, 10, 7, 15, 6, 5, 14, 14, 9
};
return d[(g - 1900) % 60];//19
}
public static int getG()
{
int []b = new int[]{5, 10, 8, 15, 16, 15, 8, 16, 8, 16, 9, 17, 8, 17, 10, 8, 9, 18, 5, 15, 10, 9, 8, 9, 15, 18, 7, 8, 16, 6};
return b[e - 1];//7
}
public static int getF()
{
int [] c = new int[]{6, 7, 18, 9, 5, 16, 9, 15, 18, 8, 9, 5};
return c[f - 1];//18
}
public static void main (String[]args){
//用户输入
//0-4位 1984-2006 不包含 1989 2004
//5-6位 1-12
//7-8位 1-31
//任意数 xxx,这里我填的9
///测试看雪ctf第5题
for (int jj = 1984; jj <=2006; jj++)
{
if (jj == 1989 || jj == 2004)
{
continue;
}
for (int ii = 1; ii <= 12; ii++)
{
for (int hh = 1; hh <= 31; hh++)
{
kanxueTest_c(jj, ii, hh);
}
}
}
}4.log输出(部分)其中log中存在重复组合
==============j 表示 0-4位数, i表示5-6位数(小于10则加0),h表示7-8位数,resH为0,输入的组合最后一位加一个数字9即可,可能的组合如下:=========================
find : j = 1999, i = 1, h = 11, resH = 0 例如:1999 01 11 9 find : j = 1999, i = 1, h = 17, resH = 0 例如:1999 01 17 9 find : j = 1999, i = 1, h = 22, resH = 0 find : j = 1999, i = 1, h = 24, resH = 0 find : j = 1999, i = 4, h = 30, resH = 0 find : j = 1999, i = 5, h = 15, resH = 0 find : j = 1999, i = 5, h = 21, resH = 0 find : j = 1999, i = 7, h = 30, resH = 0 find : j = 1999, i = 1, h = 11, resH = 0 find : j = 1999, i = 1, h = 17, resH = 0 find : j = 1999, i = 1, h = 11, resH = 0 find : j = 1999, i = 1, h = 11, resH = 0 find : j = 1999, i = 1, h = 11, resH = 0 find : j = 1999, i = 1, h = 11, resH = 0 find : j = 1999, i = 1, h = 11, resH = 0 find : j = 1999, i = 1, h = 11, resH = 0 find : j = 1999, i = 1, h = 11, resH = 0 find : j = 1999, i = 1, h = 11, resH = 0 find : j = 1999, i = 1, h = 11, resH = 0 find : j = 1999, i = 1, h = 11, resH = 0 find : j = 1999, i = 1, h = 22, resH = 0 find : j = 1999, i = 1, h = 24, resH = 0 find : j = 1999, i = 1, h = 22, resH = 0
5.根据log输出进行组合key,验证结果如下:
6.小结
最后验证了log中的几组key,均成功,不知道计算出来的组合里面有没有标准答案,因为网页提交的次数限制,没有挨个去试,运行出来的log中还有很多,感兴趣的同学可以自己试一试,以下是我测试的几组key
199901229
199901119
198703229
200609159
200609219
200603159
200603219
[CTF入门培训]顶尖高校博士及硕士团队亲授《30小时教你玩转CTF》,视频+靶场+题目!助力进入CTF世界
最后于 2018-12-10 13:15
被fzyspark编辑
,原因:
|
|
|---|---|
