[转]一个有意思的Crackme
转的看雪F8的cm{:1_918:},大家玩玩那吧记得解压一下
作者源码地址:https://github.com/F8LEFT/AndroidAntiDebugger
.class Lf8left/cm2/MainActivity$1;
.super Ljava/lang/Object;
.source "MainActivity.java"
# interfaces
.implements Landroid/view/View$OnClickListener;
# annotations
.annotation system Ldalvik/annotation/EnclosingMethod;
value = Lf8left/cm2/MainActivity;->onCreate(Landroid/os/Bundle;)V
.end annotation
.annotation system Ldalvik/annotation/InnerClass;
accessFlags = 0x0
name = null
.end annotation
# instance fields
.field final synthetic this$0:Lf8left/cm2/MainActivity;
# direct methods
.method constructor <init>(Lf8left/cm2/MainActivity;)V
.locals 0
.param p1, "this$0" # Lf8left/cm2/MainActivity;
.prologue
.line 24
iput-object p1, p0, Lf8left/cm2/MainActivity$1;->this$0:Lf8left/cm2/MainActivity;
invoke-direct {p0}, Ljava/lang/Object;-><init>()V
return-void
.end method
# virtual methods
.method public onClick(Landroid/view/View;)V
.locals 5
.param p1, "v" # Landroid/view/View;
.prologue
const/4 v4, 0x0
.line 27
iget-object v1, p0, Lf8left/cm2/MainActivity$1;->this$0:Lf8left/cm2/MainActivity;
iget-object v1, v1, Lf8left/cm2/MainActivity;->mEdit:Landroid/widget/EditText;
invoke-virtual {v1}, Landroid/widget/EditText;->getText()Landroid/text/Editable;
move-result-object v1
invoke-virtual {v1}, Ljava/lang/Object;->toString()Ljava/lang/String;
move-result-object v0
.line 28
.local v0, "flag":Ljava/lang/String;
iget-object v1, p0, Lf8left/cm2/MainActivity$1;->this$0:Lf8left/cm2/MainActivity;
invoke-static {v1, v0}, Lf8left/cm2/MainActivity;->access$000(Lf8left/cm2/MainActivity;Ljava/lang/String;)Z
move-result v1
.line 29
iget-object v1, p0, Lf8left/cm2/MainActivity$1;->this$0:Lf8left/cm2/MainActivity;
new-instance v2, Ljava/lang/StringBuilder;
invoke-direct {v2}, Ljava/lang/StringBuilder;-><init>()V
const-string v3, "great:flag{"
invoke-virtual {v2, v3}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v2
invoke-virtual {v2, v0}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v2
const-string v3, "}"
invoke-virtual {v2, v3}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
move-result-object v2
invoke-virtual {v2}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
move-result-object v2
invoke-static {v1, v2, v4}, Landroid/widget/Toast;->makeText(Landroid/content/Context;Ljava/lang/CharSequence;I)Landroid/widget/Toast;
move-result-object v1
.line 30
invoke-virtual {v1}, Landroid/widget/Toast;->show()V
.line 35
:goto_0
return-void
.line 32
:cond_0
iget-object v1, p0, Lf8left/cm2/MainActivity$1;->this$0:Lf8left/cm2/MainActivity;
const-string v2, "Error, try again"
invoke-static {v1, v2, v4}, Landroid/widget/Toast;->makeText(Landroid/content/Context;Ljava/lang/CharSequence;I)Landroid/widget/Toast;
move-result-object v1
.line 33
invoke-virtual {v1}, Landroid/widget/Toast;->show()V
goto :goto_0
.end method
算法很简单。关键是sflag的值是动态修改的,用IDA静态看到的值解不了码。
char keys = {30, 29, 18, 0, 1, 18, 51, 11, 37, 120, 38, 17, 64, 79, 74, 82, 0};
for (int i = 0; i < 16; i++)
{
keys ^= sflag;
} 我下了,简单看了下,模拟器安装失败,然后AK反编译出问题。就一直忙,没时间去看 这是干嘛用的啊 这个Crackme确实像作者说的一样,难度不高。如果不会动态调试,其实纯IDA Pro静态分析也可以找到最后的Flag。 后四位中16, 25 ,6 对应的是什么呢 bxypkbpv77y 发表于 2016-11-28 08:23
算法很简单。关键是sflag的值是动态修改的,用IDA静态看到的值解不了码。
char keys = {30, 29, 1 ...
那应该怎么做呢,我分析到异或那一步,但是异或之后的结果不知道,不知道该怎么还原回去啊 反编译之后,没看到想要的,感觉无从下手,果然学习的还是太少太少啊,希望后期大神赐教,谢谢楼主分享 看了源码,这个crackme使用了双进程守护技术。对于我这个小白,有难度。
页:
[1]
2