ƽ - LCG - LSG |׿ƽ||ƽܛ|ŷƱ  www.ykwek.com

 һܴa
 ע[Register]

QQ

ֻһ_ʼ

: ctf Ó ̳
б l
鿴: 1107|؏: 6
һ} һ}

篮球欧冠联赛 : [Android CTF] Xctf Ƅ easyjni}

[朽]
Dָnj
buzhifou01 l 2020-3-3 12:13

ʹù


  • 1.apktool
  • 2.dex2jar
  • 3.jadx-gui
  • 4.APK隤

}^


1._隤oapkģM\cchecke


2.ôʹdex2jarMзRǰapkļĺYĞrarMн≺sʹd2j-dex2jar.batclasses-dexMзgclasses-dex2jar.jar


3.ʹapktoolgapkļԿsoļ

4.classes-dex2jar.jarjadx-guiĴaԿcMainActivityĸoBdNativeonClickпˌݔϢMCifZ

5.ʹncheck(JavaЛ]кֻз),ôȻҪsoanew a()aČôaPϵSa(str.getBytes()),ôЌַM̎ķ

6.MaһaһoB˽еַMГQsmailʹ̖plFLȞ64@Ȼbase64a



7.ʹIDA_soļMainActivityMݔַLȞ32ַǰ16ַ16ַQλ¿ǰַQλõ㷨


8.ԿһPIַʹidapython_ȡԓַݔflag

9._aփ̎һ̎@ȡidaеPIַPIַMDQbase64_flaga£
[Python] ı鿴 ƴa
#ҵPIַidaеλ
def findstr(s):
	findstr='4D 62 54 33'
	#ݔַڵλ
	BinaryAddr=FindBinary(s,SEARCH_DOWN,findstr)
	#ДǷʧ
	if hex(BinaryAddr)=='0xffffffffL':
		print 'not found'
	else:
		print 'BinaryAddr ',hex(BinaryAddr)
	#صַ
	return BinaryAddr
def GetStr(s):
	str_addr=findstr(s)
	tstr=''
	while(1):
		#ДѭhǷY
		if hex(Byte(str_addr))=='0x0' and hex(Byte(str_addr+1))=='0x0':
			break
		#Bַַַ
		tstr+=chr(Byte(str_addr))
		str_addr+=1
	return tstr
def Getbase64(s):
	str=GetStr(s)
	#{Qǰһַλ
	str1=str[16:]+str[0:16]
	i=0
	t=''
	while i<len(str1):
		#{Qǰַλ
		t+=str1[i+1]+str1[i]
		i+=2
	print 'base64_flag ',t
for seg in Segments():  
	#at{Getbase64
	if SegName(seg) == '.text':
		Getbase64(seg)

\нY

10.base64_flagMнaflag
[Python] ı鿴 ƴa
import base64
import string
def GetAns(base64_flag):
	a = ['i', '5', 'j', 'L', 'W', '7', 'S', '0', 'G', 'X', '6', 'u', 'f', '1', 'c', 'v', '3', 'n', 'y', '4', 'q', '8', 'e', 's', '2', 'Q', '+', 'b', 'd', 'k', 'Y', 'g', 'K', 'O', 'I', 'T', '/', 't', 'A', 'x', 'U', 'r', 'F', 'l', 'V', 'P', 'z', 'h', 'm', 'o', 'w', '9', 'B', 'H', 'C', 'M', 'D', 'p', 'E', 'a', 'J', 'R', 'Z', 'N']
	#aַ
	Tbase64= ''.join(a)
	#ĬJľa
	base64_rel="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
	#ĬJľa׃ɳԶxľa
	string_rel = string.maketrans(Tbase64,base64_rel)
	#aݔbase64_flagDQa팦ַ
	Encode_flag = base64_flag.translate(string_rel)
	#a
	flag = base64.b64decode(Encode_flag)
	print 'flag ',flag

\нY

easyjni.rar

567.41 KB, dΔ: 6, de: ێ -1 CB

Mu

3 +1 ێ +11 ֵ +3
qtfreet00 + 1 + 9 + 1 xlԭƷƽՓ
Ů}r + 1 + 1 Һٝͬ
mcwindy + 1 + 1 Һٝͬ

鿴ȫu

lǰҪՓܕҪҵĴ𰸻ѽ˰l^ͬՈ؏Ͱl

؏

e

^
ɳl
 L l 2020-3-3 12:28
ʾ: ֹ߱h Ԅ
3#
 | buzhifou01 l 2020-3-3 13:30 <
4#
lynxtang l 2020-3-3 13:30
W혱㹤ߎһPKID
5#
gouyaozhenping l 2020-3-3 22:34
̫ţ̫ţƽ_ܺ
6#
yinsugege l 2020-3-4 00:04
Wxx놖о^JSCJS@^
7#
С l 2020-3-7 11:23
С׌W
б l

eҎt 棺Kֹˮ؏c}oP`P

ٻ؏ ղ б

RSSӆ|С|“ϵ҂|ŷƱ ( ICP16042023̖ | W 11010502030087̖ )

GMT+8, 2020-4-3 05:05

Powered by Discuz!

Copyright © 2001-2020, Tencent Cloud.

ٻ؏ ŷƱ б