[WP]2020网鼎杯玄武组vulcrack
本帖最后由 nisodaisuki 于 2020-5-26 15:05 编辑#2020网鼎杯玄武组vulcrack
![](https://gitee.com/nisodaisuki/pictures/raw/master/img/20200526143235.png)
附件解压出来为一个apk文件。
## 查壳
![](https://gitee.com/nisodaisuki/pictures/raw/master/img/20200526143903.png)
所以第一步要进行脱壳。
这里利用`frida`框架脱壳。具体的frida使用方法可以自行百度。
脱出来为2个dex文件。
![](https://gitee.com/nisodaisuki/pictures/raw/master/img/20200526144625.png)
## 转成jar进行分析
![](https://gitee.com/nisodaisuki/pictures/raw/master/img/20200526145005.png)
分析这两个类。
![](https://gitee.com/nisodaisuki/pictures/raw/master/img/20200526145116.png)
![](https://gitee.com/nisodaisuki/pictures/raw/master/img/20200526150345.png)
## 写出逆方法得到flag
```java
package org.nisodaisuki.vulcrack;
import androidx.appcompat.app.AppCompatActivity;
import android.os.Bundle;
import java.io.UnsupportedEncodingException;
public class MainActivity extends AppCompatActivity {
public static String keyFirst = "Zm1jan85NztBN0c0NjJIOzJGLzc8STk0OTZFSDE=";
public static String keySecond = "QTpISTlFNEkxRTY8fQ==";
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
System.out.println(calcFlagFirstStep());
System.out.println(calcFlagSecondStep());
}
public static String calcFlagFirstStep() {
return comm(Base64.decodeToString(keyFirst), 8);
}
public static String calcFlagSecondStep() {
return comm(Base64.decodeToString(keySecond), 4);
}
public static String comm(String str, int i) {
byte[] bytes = str.getBytes();
for (byte b = 0; b < bytes.length; b = (byte) (b + 1)) {
bytes = (byte) ((byte) (bytes - (b % i)));
}
try {
return new String(bytes, "UTF-8");
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
return "";
}
}
}
```
![](https://gitee.com/nisodaisuki/pictures/raw/master/img/20200526145358.png) 悬赏完了写WP 真就自产自销呗{:1_924:} 有空把悬赏结了吧 输在脱壳 这也可以??? 感谢分享,论坛有你更精彩!!! 自产自销可还行 感谢分享,有时间看看:victory: 师傅,有题目嘛 下页s 发表于 2021-3-5 13:15
师傅,有题目嘛
题目链接:https://www.jianguoyun.com/p/DYkw2wsQ8Y_kCBj31eoD (访问密码 : 2fywf2)
页:
[1]