BUUCTF Re部分wp (java/apk特别篇)

先推荐一下GDAhttps://bbs.pediy.com/thread-220111.htm

 

Java逆向解密

class,找了个在线网站:http://javare.cn

import java.util.ArrayList;
import java.util.Scanner;

public class Reverse {

   public static void main(String[] args) {
      Scanner s = new Scanner(System.in);
      System.out.println("Please input the flag 锛�");
      String str = s.next();
      System.out.println("Your input is 锛�");
      System.out.println(str);
      char[] stringArr = str.toCharArray();
      Encrypt(stringArr);
   }

   public static void Encrypt(char[] arr) {
      ArrayList Resultlist = new ArrayList();

      for(int KEY = 0; KEY < arr.length; ++KEY) {
         int KEYList = arr[KEY] + 64 ^ 32;
         Resultlist.add(Integer.valueOf(KEYList));
      }

      int[] var5 = new int[]{180, 136, 137, 147, 191, 137, 147, 191, 148, 136, 133, 191, 134, 140, 129, 135, 191, 65};
      ArrayList var6 = new ArrayList();

      for(int j = 0; j < var5.length; ++j) {
         var6.add(Integer.valueOf(var5[j]));
      }

      System.out.println("Result:");
      if(Resultlist.equals(var6)) {
         System.out.println("Congratulations锛�");
      } else {
         System.err.println("Error锛�");
      }

   }
}
a=[180, 136, 137, 147, 191, 137, 147, 191, 148, 136, 133, 191, 134, 140, 129, 135, 191, 65]
b=[]
for i in range(len(a)):
    b.append(a[i]-64^32)
for i in b:
    print(chr(i),end="")

findit

apk,使用GDA打开,找到mainactivity

BUUCTF Re部分wp (java/apk特别篇)_第1张图片

有两个数组,找到

 

 变形的凯撒密码

a=[0x0054,0x0068,0x0069,0x0073,0x0049,0x0073,0x0054,0x0068,0x0065,0x0046,0x006c,0x0061,0x0067,0x0048,0x006f,0x006d,0x0065]
x=""
b=[0x0070,0x0076,0x006b,0x0071,0x007b,0x006d,0x0031,0x0036,0x0034,0x0036,0x0037,0x0035,0x0032,0x0036,0x0032,0x0030,0x0033,0x0033,0x006c,0x0034,0x006d,0x0034,0x0039,0x006c,0x006e,0x0070,0x0037,0x0070,0x0039,0x006d,0x006e,0x006b,0x0032,0x0038,0x006b,0x0037,0x0035,0x007d]
for i in range(len(a)):
    x+=chr(a[i])
print(x)
x=""
for i in range(len(b)):
    if(chr(b[i]).isalpha()):
        x+=chr(b[i]-10)
    else:
        x+=chr(b[i])
print(x)

简单注册器

GDA打开

BUUCTF Re部分wp (java/apk特别篇)_第2张图片

a="dd2940c04462b4dd7c450528835cca15"
x=[]
for i in a:
    x.append(i)
x[2]=chr(ord(x[2])+ord(x[3])-50);
x[4]=chr(ord(x[2])+ord(x[5])-48);
x[30]=chr(ord(x[31])+ord(x[9])-48);
x[14]=chr(ord(x[27])+ord(x[28])-97);
print(x)
for i in range(31,-1,-1):
    print(x[i],end="")

相册

apk病毒,要求找到邮箱,拖进GDA

Malscan看看

BUUCTF Re部分wp (java/apk特别篇)_第3张图片

 没找到邮箱相关,但从类里找到一个Mail类

BUUCTF Re部分wp (java/apk特别篇)_第4张图片

 按x查看交叉引用找到

BUUCTF Re部分wp (java/apk特别篇)_第5张图片

 去c2看看

BUUCTF Re部分wp (java/apk特别篇)_第6张图片

NativeMethod,要去so里找找base64密文

[SCTF2019]Strange apk

拖进GDA

BUUCTF Re部分wp (java/apk特别篇)_第7张图片

 这里对一个名为data的文件进行了操作

public byte[] c.__(String fileName)    //method@3ebd
{
   InputStream in = in.open(fileName);
   int lenght = in.available();
   byte[] buffer = new byte[lenght];
   in.read(buffer);
   return buffer;
}

private void c._(byte[] apkdata)    //method@3ebb
{
   apkdata = this._0_(apkdata);
   File file = new File(this.apkFileName);
   FileOutputStream localFileOutputStream = new FileOutputStream(file);
   localFileOutputStream.write(apkdata);
   localFileOutputStream.close();
   return;
}

private byte[] c._0_(byte[] srcdata)    //method@3ebc
{
   String src = "syclover";
   for (int i = 0;i < srcdata.length();i++) {    
      srcdata[i]=(byte)(src.charAt((i%src.length()))^srcdata[i]);
   }    
   return srcdata;
}

在assets里找到data文件

x=b"syclover"
with open(r"data","rb") as f:
    f=f.read()
with open(r"data_","wb") as F:
    for i in range(len(f)):
        F.write((f[i]^x[i%len(x)]).to_bytes(length=1, byteorder='big'))

得到文件为zip,后缀改为apk拖进GDA

有两处加密

BUUCTF Re部分wp (java/apk特别篇)_第8张图片

 

 找到调用的位置

BUUCTF Re部分wp (java/apk特别篇)_第9张图片

BUUCTF Re部分wp (java/apk特别篇)_第10张图片

出题者大概是写错了%,只要把“8”去除就行了

 

你可能感兴趣的:(BUUCTF Re部分wp (java/apk特别篇))