仿照一个Android勒索软件,屏蔽了加密文件的逻辑,保留了加密算法。一般恶意软件都会做一些反逆向的工作,所以加入了反jadx、jeb等反编译工具(原本是Q2 6月准备的题目,可能工具更新后,现在效果不行了),加入了混淆、简单的花指令、反调试等,更进一步把加密算法抽取出来使用自定义的解释器执行。
Button绑定的事件,解密字符串得到"The key is correct and the decryption begins!"和"Key error!",所以第二个if分支成立的话就是输入正确。
分析发现把输入的字符串经过一个native函数返回一个字节数组,对字节数组转为hex,和"820e52333de3bcb42467f0a20564c145af5edbf2e923df33be21f0af159710c92cbc43f79f94ec930a7ae86021af5b3ae263369299de5436b85f297be08a032a28dc357391961ecc26931bfc97d67a5e74d8781fb4105b9afbe613a2041dd8c3"比较。所以关键是这个native函数
//解密后
byte[] srcDtat = {-82,41,99,-40,43,-53,114,101,43,-53,114,101,-82,-23,125,68,43,-23,28,126,43,-23,28,126,-82,-23,125,68,-82,41,99,-40,41,47,54,114,43,78,3,43,38,77,3,42,126,99,28,68,99,99,-94,94,78,-41,-94,94,78,-41,28,68,99,99,-104,126,-24,38,-104,99,99,-24,28,70,-52,99,28,29,-37,54,116,116,};
//加密后数据
byte[] enDtat = {-126,14,82,51,61,-29,-68,-76,36,103,-16,-94,5,100,-63,69,-81,94,-37,-14,-23,35,-33,51,-66,33,-16,-81,21,-105,16,-55,44,-68,67,-9,-97,-108,-20,-109,10,122,-24,96,33,-81,91,58,-30,99,54,-110,-103,-34,84,54,-72,95,41,123,-32,-118,3,42,40,-36,53,115,-111,-106,30,-52,38,-109,27,-4,-105,-42,122,94,116,-40,120,31,-76,16,91,-102,-5,-26,19,-94,4,29,-40,-61,};<br>
之后参照java层的转换,得到flag{gyyfadclfcdg8822g}或gyyfadclfcdg8822g,根据题目描述的格式提交,(看雪的格式应该是去掉flag{}的格式),所以为gyyfadclfcdg8822g