南京CTF2017 easycrack Writeup

Category: Mobile
Points: 100
Solves:43
Description: None

Write-up

ARM二进制分析题, Java里边基本没有内容, 只有一个native需要的固定值msg是从Java中计算然后传进去的, 写个脚本跑一下就能得到这个值.

程序运行流程是经典的字符串加密, 用户输入经过与msg的异或处理后被与一个I_am_the_key字符串经过复杂但是固定的运算流程得到的值进行加密, 我们称这个值为buffer, 加密过程 buffer 与处理过的用户输入进行加密, 但是加密算法实质是异或可逆, 因此在得知结果的时候即可算出用户输入. 叙述不是特别明确, 简单画图解释:

user_input(?) ------> xor ----> 处理过的输入------------------------------------>crypt-------------->结果

msg--------------------> I_am_the_key------>process------>buffer--->

通过逆向发现结果作为明文字符串存储在二进制文件中, 因为上述每一步都可逆, 因此可以编写脚本反过来执行, 从结果获得最初的用户输入. 分析过程比较简单, 不具体说明, 详见idb

debug = False

#seems like a char shift
def init(s="I_am_the_key"):
    buffer1 = []
    buffer2 = ""
    for i in range(256):
        buffer1 += chr(i)
        buffer2 += s[i % len(s)]
    if debug :
        print buffer1
        print buffer2

    v7 = 0
    for j in range(256):
        v9 = buffer1[j]
        v7 = (v7 + ord(v9) + ord(buffer2[j])) % 256
        buffer1[j] = buffer1[v7]
        buffer1[v7] = v9
    return map(ord, buffer1)

def getcompare():
    cmpstr = "C8E4EF0E4DCCA683088134F8635E970EEAD9E277F314869F7EF5198A2AA4"
    compare = []
    for i in range(len(cmpstr)/2):
        compare += cmpstr[2 * i:2 * i+2].decode('hex')
    return map(ord, compare)

def decrypt(buffer, compare):
    v3=0
    v4=0
    for i in range(30):
        v3 = (v3 + 1) % 256;
        v5 = buffer[v3];
        v4 = (v5 + v4) % 256;
        buffer[v3] = buffer[v4];
        buffer[v4] = v5;
        compare[i] ^= buffer[(buffer[v3] + v5) % 256];
    return compare

def getuserinput(beforecrypt):
    msg = map(ord, "V7D=^,M.E")
    for i in range(30):
        beforecrypt[i] ^= msg[i % 9]
    return "".join(map(chr, beforecrypt))


buffer = init()
compare = getcompare()
beforecrypt = decrypt(buffer, compare)
print getuserinput(beforecrypt)