ƽ - LCG - LSG |׿ƽ||ƽܛ|ŷƱ  www.ykwek.com

 һܴa
 ע[Register]

QQ

ֻһ_ʼ

: ctf Ó ̳
б l
鿴: 11473|؏: 83
һ} һ}

欧联杯赛程 : [Android ԭ] ճƽ--XCTFapp3}Ŀ˽ⰲ׿ļԼsqliteCipherܔ

  [朽]
Dָnj
windy_ll l 2019-12-30 12:43

һ}ĿԴ

ŷƱ www.ykwek.com     }ĿԴXCTF app3}Ŀ  


}^

    1d}ĿdlF.abYļˆDʾ  

16.jpg  

    2ʲô.abļ.abYļAndroidϵyĂļʽ֞ܺδ܃ɷN.abļǰ24ֹļ^Ė|Ǽܵǰ24ֹЕAES-256Ę־δtǰ24ֹЕnoneĘ־ˆDʾ  

12.jpg  

    3ô@ȡ.abļеĔgithubЂ_ԴĿAndroid backup extractorԌ.abļDQ.tarļȻý≺ܛ_??Ŀַhttps://github.com/nelenkov/android-backup-extractor  

13.PNG  

    4ʹade.jar1.abļDtarļ≺lFһapkļ̓ɂsqliteļapkbҹlF]ʲôõĖ|ȥ鿴ֱʹsqlitebrowser_ʾҪܴa픵뱻ˆDʾ  

14.PNG  

15.PNG  

8.PNG  

9.PNG  

16.PNG  

    5ֱʹAndroidkillerJEBԓAPKglF˴assetĿ䛺libsĿ@ɂĿ´˺sqlitecipherPļƔ챻sqlitecipherһҹcꑺ󏗳ϢWait ....lFԓϢAnotherActivity.javaļDjavalF]ʲôõϢ  

4.jpg  

10.PNG  

    6Ǵ_MainActivity.javaļȻlFһa()a£  

private void a() {
    SQLiteDatabase.loadLibs(((Context)this));
    this.b = new a(((Context)this), "Demo.db", null, 1);
    ContentValues v0 = new ContentValues();
    v0.put("name", "Stranger");
    v0.put("password", Integer.valueOf(123456));
    com.example.yaphetshan.tencentwelcome.a.a v1 = new com.example.yaphetshan.tencentwelcome.a.a();
    String v2 = v1.a(v0.getAsString("name"), v0.getAsString("password"));
    this.a = this.b.getWritableDatabase(v1.a(v2 + v1.b(v2, v0.getAsString("password"))).substring(0, 7));
    this.a.insert("TencentMicrMsg", null, v0);
}
  • һSQLiteDatabase.loadLibs(((Context)this));ҪsqlitecipherļdM
  • ڶЌһsqlitehelper
  • ЌһContentValuesIֵname:Strangerpassword:123456
  • Ќһcom.example.yaphetshan.tencentwelcome.a.a
  • Ы@ȡv2׃ֵ
  • ڰ{getWritableDatabaseMȥַǔܵ

    7FĿѽ_ǫ@ȡ耣һflagͲڼܵsqliteУԓcom.example.yaphetshan.tencentwelcome.a.aķ@{b.javaķDʾ  

11.PNG  

2.PNG  

3.PNG  

    8ab耵㷨漰sha-1md5㷨]ҪȥŒһ߉݋ȻbăɂƳ{üηһ߉݋ȵõ׃v2,v2{aеa(String,String)@ȡ,ԓصһǰĂַӵڶǰĂַ{ԓMȥą(Stranger,123456)v2 = Stra1234耞v1.a(String).sunstring(){v1.a()Ȼ󌢷ֵȡǰ7λ耣PIڂMȥ@ַԿ@ַv2 + v1.b(v2,'123456')v1.b(String,String)@{ba(String)Mȥą׃v2@ȡֵ҂ͿԵõ@ַȻ{v1.a(String)õ@Mȥַyaphetshanַ酢{bb䷵ֵȡǰ7λһjava@ȡ耵Ĵa\нY£ps:aճNĩУ  

7.jpg  

5.PNG  

    9@ȡ耺ʹsqlitebrowser_ܔlFһBase64ַaõflag  

1.jpg  


Y

    d}ĿlFһYͻ؁]Ҋ^ļٶnKŪandroidļssqlitecipher@ɂ|
    oҷһP@ɂ|֪RcXÌı^õIJ??




    }ĿԼõĹߣٶȾWP朽https://pan.baidu.com/s/1Wam_Hjg8rNlpqywVqqASpQܴa0y89  

    @ȡjavaa£  

import java.security.MessageDigest;
import java.util.*;

public class b {
    public b() {
        super();
    }

    public static void main(String[] args)
    {
        String varV2 = "Stra1234";
        String varV1B = a(varV2);
        String varKey = varV2 + varV1B + "yaphetshan";
        System.out.print("KEY = ");
        System.out.print(b(varKey).substring(0,7));
    }

    public static final String a(String arg9) {
        String v0_2;
        int v0 = 0;
        char[] v2 = new char[]{'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
        try {
            byte[] v1 = arg9.getBytes();
            MessageDigest v3 = MessageDigest.getInstance("MD5");
            v3.update(v1);
            byte[] v3_1 = v3.digest();
            int v4 = v3_1.length;
            char[] v5 = new char[v4 * 2];
            int v1_1 = 0;
            while(v0 < v4) {
                int v6 = v3_1[v0];
                int v7 = v1_1 + 1;
                v5[v1_1] = v2[v6 >>> 4 & 15];
                v1_1 = v7 + 1;
                v5[v7] = v2[v6 & 15];
                ++v0;
            }

            v0_2 = new String(v5);
        }
        catch(Exception v0_1) {
            v0_2 = null;
        }

        return v0_2;
    }

    public static final String b(String arg9) {
        String v0_2;
        int v0 = 0;
        char[] v2 = new char[]{'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
        try {
            byte[] v1 = arg9.getBytes();
            MessageDigest v3 = MessageDigest.getInstance("SHA-1");
            v3.update(v1);
            byte[] v3_1 = v3.digest();
            int v4 = v3_1.length;
            char[] v5 = new char[v4 * 2];
            int v1_1 = 0;
            while(v0 < v4) {
                int v6 = v3_1[v0];
                int v7 = v1_1 + 1;
                v5[v1_1] = v2[v6 >>> 4 & 15];
                v1_1 = v7 + 1;
                v5[v7] = v2[v6 & 15];
                ++v0;
            }

            v0_2 = new String(v5);
        }
        catch(Exception v0_1) {
            v0_2 = null;
        }

        return v0_2;
    }
}

Mu

40ێ +36 ֵ +31
holyeyes + 1 + 1 x[email protected]
Сx + 1 + 1 Ļ؏
Oµ} + 1 + 1 ӑՓ@
Qiao + 1 ӑՓ@
pycon + 1 + 1 ӑՓ@
HEHE139 + 1 + 1 Ļ؏
ghostlg + 1 x[email protected]
ӵʯ + 1 + 1 Һٝͬ
yanggo + 1 x[email protected]
zlsڑħ + 1 + 1 xlԭƷƽՓ
PoⰡ + 1 + 1 ӑՓ@
ƃ + 1 Ļ؏
qwe135879 + 1 + 1 Ļ؏
yuren_lee + 1 + 1 Һٝͬ
Ĺ^ + 1 + 1 Һٝͬ
yaoyao7 + 1 + 1 ӑՓ@
Mc.Zhang + 1 + 1 Һٝͬ
+ 1 + 1 ӑՓ@
c + 1 + 1 x[email protected]
yxrshi + 1 ӑՓ@
L15263458908 + 1 Һٝͬ
wwwio + 1 + 1 ӑՓ@
+ 1 Һٝͬ
nmgcflxd721526 + 1 Һٝͬ
hebiao0307 + 1 + 1 Һٝͬ
samofan + 1 + 1 x[email protected]
Nachtmusik + 1 ӑՓ@
gaosld + 1 + 1 ӑՓ@
L + 1 + 1 xlԭƷƽՓ
lemon__star + 1 + 1 Һٝͬ
yixi + 1 + 1 x[email protected]
smile5 + 1 Ļ؏
+ 1 + 1 Һٝͬ
r + 1 + 1 Ļ؏
fakegreenhand + 1 Һٝͬ
dkrt + 1 Һٝͬ
hu1314 + 1 + 1 x[email protected]
nevinhappy + 1 ӑՓ@
xiangxiong + 1 + 1 Ļ؏
+ 1 + 1 xlԭƷƽՓ

鿴ȫu

lǰҪՓܕҪҵĴ𰸻ѽ˰l^ͬՈ؏Ͱl

؏

e

]
 | windy_ll l 2019-12-31 17:04 <

ŬWĻAһcc_ʼW_ʼܿeۉȻͺ
]
zxc112 l 2020-1-11 19:13
windy_ll l 2020-1-4 15:50
Fsqlitebrowser°ֲ֧鿴ܵĔ죨Ҫ耣


ôŪ
@]^֪ô
Windy֪
4#
cptw l 2019-12-30 13:10
5#
xiangxiong l 2019-12-30 13:21
Ļ؏
~
6#
~ l 2019-12-30 13:50
ԌWo԰
7#
daymissed l 2019-12-30 14:05
JWԼˮƽ
8#
hu1314 l 2019-12-30 14:19
Ļ؏
9#
StevenK l 2019-12-30 16:23
Ԕķ
10#
guo8122881 l 2019-12-30 16:30
Ԕ˼·ҲܺĤݴ
11#
aahljy l 2019-12-30 19:04
xx,JW!
12#
̎Ů-؈ l 2019-12-31 16:50
Xĺy,ôܿ?
б l

eҎt 棺Kֹˮ؏c}oP`P

ٻ؏ ղ б

RSSӆ|С|“ϵ҂|ŷƱ ( ICP16042023̖ | W 11010502030087̖ )

GMT+8, 2020-4-7 01:32

Powered by Discuz!

Copyright © 2001-2020, Tencent Cloud.

ٻ؏ ŷƱ б