简单的安卓cm

collinchen1218 · 发表于 2024-5-9 21:49

本帖最后由 collinchen1218 于 2024-5-9 21:52 编辑

已获得正己老师许可，修改部分源码完成安卓cm，再次感谢老师的付出

ps：顺便打破一下寂寞，这个板块好冷清

本板块是cm区，遵从cm区版规，无关回复会被加违规

Arcticlyc · 发表于 2024-5-9 22:01

是这个吗？

cattie · 发表于 2024-5-9 22:48

本帖最后由 cattie 于 2024-5-9 22:53 编辑

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Crackme（20240510_New!）</title>
        <style>
    body {
        font-family: Arial, sans-serif;
        text-align: center;
        background-color: #ffffff;
        padding: 20px;
    }
    input {
        padding: 8px;
        margin: 10px;
        border-radius: 5px;
        border: 1px solid #ccc;
        background-color: #ffffcc;
    }
    button {
        padding: 10px 20px;
        background-color:#FF9100;
        color: #fff;
        border: none;
        border-radius: 5px;
        cursor: pointer;
    }button:hover {
        background-color:#FFD100;
    }
        div {
                color: #FF0000
        }
</style>
<script>
function verifyPassword() {
    var input = document.getElementById("inputPassword").value;
    var correctPassword = "flag{52pojie_Ha5py_M8y_cr6ck6e_5wer56uiop_6t01_N9w@2024}"; 
 var Password = "flag{2p0ji5_Ha59y_M8y_c56c1me_qwer56ul6p_ht01_49w@2024}"; 
if (input === "flag{asdedfgh_cm_8888}") { } 
[b]    if (input === "flag{magic_cm_5050}") {
        document.getElementById('editable-div').innerHTML = "密码正确";
            } else {
        document.getElementById('editable-div').innerHTML = "密码错误";
    }
}
</script>
</head>
<body>
<form>
    <h1>Crackme (2024_05_10_New!)</h1>
        <label for="inputPassword">请输入密码:</label>
    <br>
    <input type="password" id="inputPassword" name="inputPassword">        
    <br>
    <button type="button">验证</button>
        <br>
        <br>
        <div id="editable-div" contenteditable="true">Welcome to the Crackme!</div>
        <h5>By 52pojie.cn   collinchen1218</h5>
</form>
</body>
</html>

if (input === "flag{magic_cm_5050}") {
document.getElementById('editable-div').innerHTML = "密码正确";
}

怜渠客 · 发表于 2024-5-10 10:33

没有混淆一下啊，甚至是明文

collinchen1218 · 发表于 2024-5-10 21:09

怜渠客发表于 2024-5-10 10:33
没有混淆一下啊，甚至是明文

不是js加密了吗，难道放错了

collinchen1218 · 发表于 2024-5-10 21:23

怜渠客发表于 2024-5-10 10:33
没有混淆一下啊，甚至是明文

oh，no。搞错了，手机编辑的，本来加密了js部分，结果没有保存……算了，这个cm就算看的出来是html吧，当做一个小判断吧

lingxing2320 · 发表于 2024-5-11 22:59

是不是没加密啊
if (input === "flag{magic_cm_5050}") {
      document.getElementById('editable-div').innerHTML = "密码正确";
         } else {
      document.getElementById('editable-div').innerHTML = "密码错误";

collinchen1218 · 发表于 2024-5-12 09:04

lingxing2320 发表于 2024-5-11 22:59
是不是没加密啊
if (input === "flag{magic_cm_5050}") {
document.getElementById('editable-di ...

你这个是什么编辑器，我做这种cm都只能手机，np管理器的html编辑差评

lingxing2320 · 发表于 2024-5-12 14:04

collinchen1218 发表于 2024-5-12 09:04
你这个是什么编辑器，我做这种cm都只能手机，np管理器的html编辑差评

mt管理器

风子09 · 发表于 2025-1-13 15:21

本帖最后由风子09 于 2025-1-13 15:25 编辑

[Python] 纯文本查看 复制代码

001

002

003

004

005

006

007

008

009

010

011

012

013

014

015

016

017

018

019

020

021

022

023

024

025

026

027

028

029

030

031

032

033

034

035

036

037

038

039

040

041

042

043

044

045

046

047

048

049

050

051

052

053

054

055

056

057

058

059

060

061

062

063

064

065

066

067

068

069

070

071

072

073

074

075

076

077

078

079

080

081

082

083

084

085

086

087

088

089

090

091

092

093

094

095

096

097

098

099

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

//
// Decompiled by Jadx - 841ms
//
package com.zj.wuaipojie2024_1;
 
import android.os.Bundle;
import android.util.Log;
import android.webkit.WebView;
import android.webkit.WebViewClient;
import androidx.appcompat.app.AppCompatActivity;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
 
public class MainActivity extends AppCompatActivity {
    private WebView webView;
 
    private static String aaM(String str) {
        StringBuilder sb = new StringBuilder();
        char[] charArray = str.toCharArray();
        for (int i = 0; i < charArray.length; i++) {
            switch (i % 4) {
                case 0:
                    sb.append((char) (charArray[i] ^ 7919));
                    break;
                case 1:
                    sb.append((char) (charArray[i] ^ 59522));
                    break;
                case 2:
                    sb.append((char) (charArray[i] ^ 38612));
                    break;
                default:
                    sb.append((char) (charArray[i] ^ 65535));
                    break;
            }
        }
        return sb.toString();
    }
 
    /* JADX WARN: Multi-variable type inference failed */
    protected void onCreate(Bundle bundle) {
        super.onCreate(bundle);
        setContentView(R.layout.activity_main);
        copyAssets();
        WebView webView = (WebView) findViewById(R.id.webView);
        this.webView = webView;
        webView.setInitialScale(100);
        this.webView.getSettings().setJavaScriptEnabled(true);
        this.webView.setWebViewClient(new WebViewClient());
        this.webView.loadUrl(aaM("&#7817;\ue8eb隸&#65434;&#7893;\ue8ad電\uffd0&#7822;\ue8ec隰&#65421;&#7808;\ue8eb隰&#65440;&#7822;\ue8f1隧&#65434;&#7835;\ue8ad隽&#65425;&#7819;\ue8e7隬\uffd1&#7815;\ue8f6隹&#65427;").intern());
        this.webView.addJavascriptInterface(new MyJavaScriptInterface(this), aaM("&#7854;\ue8ec隰&#65421;&#7808;\ue8eb隰&#65462;&#7809;\ue8f6隱&#65421;&#7817;\ue8e3隷&#65434;").intern());
    }
 
    private void yjsl() {
        this.webView.setWebViewClient(new MainActivity$1(this));
    }
 
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0, types: [android.content.res.AssetManager] */
    /* JADX WARN: Type inference failed for: r0v2 */
    /* JADX WARN: Type inference failed for: r0v4 */
    /* JADX WARN: Type inference failed for: r0v5 */
    /* JADX WARN: Type inference failed for: r0v6, types: [java.io.InputStream] */
    /* JADX WARN: Type inference failed for: r0v7, types: [java.io.InputStream] */
    /* JADX WARN: Type inference failed for: r0v8 */
    /* JADX WARN: Type inference failed for: r0v9, types: [java.io.InputStream] */
    /* JADX WARN: Type inference failed for: r1v11 */
    /* JADX WARN: Type inference failed for: r1v13 */
    /* JADX WARN: Type inference failed for: r1v14, types: [java.io.OutputStream, java.io.FileOutputStream] */
    /* JADX WARN: Type inference failed for: r1v2, types: [java.lang.String] */
    /* JADX WARN: Type inference failed for: r1v3 */
    /* JADX WARN: Type inference failed for: r1v4 */
    /* JADX WARN: Type inference failed for: r1v5 */
    /* JADX WARN: Type inference failed for: r1v6, types: [java.io.OutputStream] */
    /* JADX WARN: Type inference failed for: r1v7 */
    /* JADX WARN: Type inference failed for: r1v8 */
    /* JADX WARN: Type inference failed for: r1v9, types: [java.io.OutputStream] */
    /* JADX WARN: Type inference failed for: r6v0, types: [com.zj.wuaipojie2024_1.MainActivity] */
    public void copyAssets() {
        Throwable th;
        IOException e;
        ?? assets = getAssets();
        ?? intern = aaM("&#7830;\ue8f1雺&#65426;&#7839;\ue8b6").intern();
        try {
            try {
                assets = assets.open(intern);
            } catch (Throwable th2) {
                th = th2;
            }
            try {
                intern = new FileOutputStream(new File(getFilesDir(), (String) intern));
                try {
                    copyFile(assets, intern);
                    if (assets != 0) {
                        try {
                            assets.close();
                        } catch (IOException unused) {
                        }
                    }
                } catch (IOException e2) {
                    e = e2;
                    Log.e(aaM("&#7835;\ue8e3隳").intern(), aaM("&#7849;\ue8e3隽&#65427;&#7818;\ue8e6雴&#65419;&#7808;\ue8a2隷&#65424;&#7839;\ue8fb雴&#65438;&#7836;\ue8f1隱&#65419;&#7887;\ue8e4隽&#65427;&#7818;\ue8b8雴&#65414;&#7836;\ue8ac隹&#65423;&#7899;").intern(), e);
                    if (assets != 0) {
                        try {
                            assets.close();
                        } catch (IOException unused2) {
                        }
                    }
                    if (intern == 0) {
                        return;
                    }
                    intern.close();
                }
            } catch (IOException e3) {
                e = e3;
                intern = 0;
            } catch (Throwable th3) {
                th = th3;
                intern = 0;
                if (assets != 0) {
                    try {
                        assets.close();
                    } catch (IOException unused3) {
                    }
                }
                if (intern != 0) {
                    try {
                        intern.close();
                        throw th;
                    } catch (IOException unused4) {
                        throw th;
                    }
                }
                throw th;
            }
        } catch (IOException e4) {
            intern = 0;
            e = e4;
            assets = 0;
        } catch (Throwable th4) {
            intern = 0;
            th = th4;
            assets = 0;
        }
        try {
            intern.close();
        } catch (IOException unused5) {
        }
    }
 
    public void copyFile(InputStream inputStream, OutputStream outputStream) throws IOException {
        byte[] bArr = new byte[1024];
        while (true) {
            int read = inputStream.read(bArr);
            if (read == -1) {
                return;
            } else {
                outputStream.write(bArr, 0, read);
            }
        }
    }
}

[Java] 纯文本查看 复制代码

001

002

003

004

005

006

007

008

009

010

011

012

013

014

015

016

017

018

019

020

021

022

023

024

025

026

027

028

029

030

031

032

033

034

035

036

037

038

039

040

041

042

043

044

045

046

047

048

049

050

051

052

053

054

055

056

057

058

059

060

061

062

063

064

065

066

067

068

069

070

071

072

073

074

075

076

077

078

079

080

081

082

083

084

085

086

087

088

089

090

091

092

093

094

095

096

097

098

099

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

//
// Decompiled by Jadx - 955ms
//
package com.zj.wuaipojie2024_1;
 
import android.os.Bundle;
import android.util.Log;
import android.webkit.WebView;
import android.webkit.WebViewClient;
import androidx.appcompat.app.AppCompatActivity;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
 
public class MainActivity extends AppCompatActivity {
    private WebView webView;
 
    private static String aaM(String str) {
        StringBuilder sb = new StringBuilder();
        char[] charArray = str.toCharArray();
        for (int i = 0; i < charArray.length; i++) {
            switch (i % 4) {
                case 0:
                    sb.append((char) (charArray[i] ^ 7919));
                    break;
                case 1:
                    sb.append((char) (charArray[i] ^ 59522));
                    break;
                case 2:
                    sb.append((char) (charArray[i] ^ 38612));
                    break;
                default:
                    sb.append((char) (charArray[i] ^ 65535));
                    break;
            }
        }
        return sb.toString();
    }
 
    /* JADX WARN: Multi-variable type inference failed */
    protected void onCreate(Bundle bundle) {
        super.onCreate(bundle);
        setContentView(R.layout.activity_main);
        copyAssets();
        WebView webView = (WebView) findViewById(R.id.webView);
        this.webView = webView;
        webView.setInitialScale(100);
        this.webView.getSettings().setJavaScriptEnabled(true);
        this.webView.setWebViewClient(new WebViewClient());
        this.webView.loadUrl("file:///android_asset/index.html");
        this.webView.addJavascriptInterface(new MyJavaScriptInterface(this), "AndroidInterface");
    }
 
    private void yjsl() {
        this.webView.setWebViewClient(new MainActivity$1(this));
    }
 
    /* JADX WARN: Removed duplicated region for block: B:34:0x0052 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:40:? A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:41:0x004d A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
    */
    public void copyAssets() {
        FileOutputStream fileOutputStream;
        Throwable th;
        InputStream inputStream;
        IOException e;
        try {
            inputStream = getAssets().open("ys.mp4");
        } catch (IOException e2) {
            fileOutputStream = null;
            e = e2;
            inputStream = null;
        } catch (Throwable th2) {
            fileOutputStream = null;
            th = th2;
            inputStream = null;
        }
        try {
            fileOutputStream = new FileOutputStream(new File(getFilesDir(), "ys.mp4"));
            try {
                try {
                    copyFile(inputStream, fileOutputStream);
                    if (inputStream != null) {
                        try {
                            inputStream.close();
                        } catch (IOException unused) {
                        }
                    }
                } catch (IOException e3) {
                    e = e3;
                    Log.e("tag", "Failed to copy asset file: ys.mp4", e);
                    if (inputStream != null) {
                        try {
                            inputStream.close();
                        } catch (IOException unused2) {
                        }
                    }
                    if (fileOutputStream == null) {
                        return;
                    }
                    fileOutputStream.close();
                }
            } catch (Throwable th3) {
                th = th3;
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (IOException unused3) {
                    }
                }
                if (fileOutputStream == null) {
                    try {
                        fileOutputStream.close();
                        throw th;
                    } catch (IOException unused4) {
                        throw th;
                    }
                }
                throw th;
            }
        } catch (IOException e4) {
            e = e4;
            fileOutputStream = null;
        } catch (Throwable th4) {
            th = th4;
            fileOutputStream = null;
            if (inputStream != null) {
            }
            if (fileOutputStream == null) {
            }
        }
        try {
            fileOutputStream.close();
        } catch (IOException unused5) {
        }
    }
 
    public void copyFile(InputStream inputStream, OutputStream outputStream) throws IOException {
        byte[] bArr = new byte[1024];
        while (true) {
            int read = inputStream.read(bArr);
            if (read == -1) {
                return;
            } else {
                outputStream.write(bArr, 0, read);
            }
        }
    }
}

第一个是加密的，第二个解密后，看到file:///android_asset/index.html，后面就是明文了！

帐号		自动登录	找回密码
密码			注册[Register]

[Android CrackMe] 简单的安卓cm

本帖子中包含更多资源

免费评分

本帖子中包含更多资源

浏览过的版块