题目来自bugku的First_Mobile(xman)
JADX 反编译apk。
gcc 用来编写还原算法。
拿到题目,看后缀是安卓APP,直接甩到夜神里看看啥样子。
将APK拖入JADX工具,获取到MainActivity代码。
双击enocode的check函数,直接跳转到encode类的实现页面。
可以看到算法如下
逻辑整理得:
((input[i] + b[i]) % 61) * 2 -i = input[i]
设:input[i] = x
运行代码获取str
测试如下
根据题目得到flag
XMAN{LOHILMNMLKHILKHI}
public
class
MainActivity
extends
AppCompatActivity {
private
Button button;
private
EditText editText;
@Override
public
void
onCreate(Bundle savedInstanceState) {
super
.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
final
EditText editText = (EditText) findViewById(R.id.editText);
Button button = (Button) findViewById(R.id.button);
button.setOnClickListener(
new
View.OnClickListener() {
@Override
public
void
onClick(View view) {
new
encode();
if
(encode.check(editText.getText().toString())) {
Toast.makeText(MainActivity.
this
.getApplicationContext(),
"correct"
,
1
).show();
}
else
{
Toast.makeText(MainActivity.
this
.getApplicationContext(),
"failed"
,
1
).show();
}
}
});
}
}
public
class
MainActivity
extends
AppCompatActivity {
private
Button button;
private
EditText editText;
@Override
public
void
onCreate(Bundle savedInstanceState) {
super
.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
final
EditText editText = (EditText) findViewById(R.id.editText);
Button button = (Button) findViewById(R.id.button);
button.setOnClickListener(
new
View.OnClickListener() {
@Override
public
void
onClick(View view) {
new
encode();
if
(encode.check(editText.getText().toString())) {
Toast.makeText(MainActivity.
this
.getApplicationContext(),
"correct"
,
1
).show();
}
else
{
Toast.makeText(MainActivity.
this
.getApplicationContext(),
"failed"
,
1
).show();
}
}
});
}
}
public
class
encode {
private
static
byte
[] b = {
23
,
22
,
26
,
26
,
25
,
25
,
25
,
26
,
27
,
28
,
30
,
30
,
29
,
30
,
32
,
32
};
public
static
boolean
check(String str) {
byte
[] input = str.getBytes();
byte
[] temp =
new
byte
[
16
];
for
(
int
i =
0
; i <
16
; i++) {
temp[i] = (
byte
) ((input[i] + b[i]) %
61
);
}
for
(
int
i2 =
0
; i2 <
16
; i2++) {
temp[i2] = (
byte
) ((temp[i2] *
2
) - i2);
}
String key =
new
String(temp);
return
key.equals(str);
}
}
public
class
encode {
private
static
byte
[] b = {
23
,
22
,
26
,
26
,
25
,
25
,
25
,
26
,
27
,
28
,
30
,
30
,
29
,
30
,
32
,
32
};
public
static
boolean
check(String str) {
byte
[] input = str.getBytes();
byte
[] temp =
new
byte
[
16
];
for
(
int
i =
0
; i <
16
; i++) {
temp[i] = (
byte
) ((input[i] + b[i]) %
61
);
}
for
(
int
i2 =
0
; i2 <
16
; i2++) {
temp[i2] = (
byte
) ((temp[i2] *
2
) - i2);
}
String key =
new
String(temp);
return
key.equals(str);
}
}
((
input
[i]
+
b[i])
%
61
)
*
2
-
i
=
input
[i]
=
> (x
%
61
)
*
2
+
(b[i]
%
61
)
*
2
=
x
=
> (b[i]
%
61
)
*
2
-
i
=
x
-
(x
%
61
)
*
2
((
input
[i]
+
b[i])
%
61
)
*
2
-
i
=
input
[i]
=
> (x
%
61
)
*
2
+
(b[i]
%
61
)
*
2
=
x
=
> (b[i]
%
61
)
*
2
-
i
=
x
-
(x
%
61
)
*
2
#include <stdio.h>
#include <stdlib.h>
void
main()
{
unsigned
char
b[] = {23, 22, 26, 26, 25, 25, 25, 26, 27, 28, 30, 30, 29, 30, 32, 32};
char
input[20] = {0};
char
c;
for
(
int
i = 0; i < 16; i++)
{
c = (b[i] % 61) * 2 - i;
printf
(
" b[i] %% 61 * 2 - i = x - x %% 61 * 2 => x - x %% 61 * 2 = %d\n"
, c);
for
(
int
j = c; j < 255; j++)
{
if
( (j - (j % 61) * 2) == c)
{
input[i] = j;
printf
(
"input[%d]=%c(%d)\n"
,i,j,j);
break
;
}
}
}
printf
(input);
}
#include <stdio.h>
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)