【攻防世界】 Android 2.0 Writeup

XCTF-OJ 中的CTF题库是学习CTF入门和提高技能的好去处。

这是Mobile部分的入门级别的题目，网址 进入 。

它的主要算法放在so，将它拖进IDA，可以得到如下代码：

bool __fastcall Java_com_example_test_ctf03_JNI_getResult(int a1, int a2, int a3)
{
  _BOOL4 v3; // r4
  const char *v4; // r8
  char *v5; // r6
  char *v6; // r4
  char *v7; // r5
  int i; // r0
  int j; // r0

  v3 = 0;
  v4 = (const char *)(*(int (__fastcall **)(int, int, _DWORD))(*(_DWORD *)a1 + 676))(a1, a3, 0);
  if ( strlen(v4) == 15 )
  {
    v5 = (char *)malloc(1u);
    v6 = (char *)malloc(1u);
    v7 = (char *)malloc(1u);
    Init(v5, v6, v7, v4, 15);
    if ( !First(v5) )
      goto LABEL_6;
    for ( i = 0; i != 4; ++i )
      v6[i] ^= v5[i];
    if ( !strcmp(v6, a5) )
    {
      for ( j = 0; j != 4; ++j )
        v7[j] ^= v6[j];
      v3 = strcmp(v7, "AFBo}") == 0;
    }
    else
    {
LABEL_6:
      v3 = 0;
    }
  }
  return v3;
}

用下面的代码即可获得答案：

label = "LN^dl"
res= []
for i in range(4):
     res.append(chr((ord(label[i]) ^ 0x80)//2))
res.append(label[4])
print(res)


label2=[0x20, 0x35, 0x2d,0x16, 0x61]
res2 = [] 

for i in range(4):
     res2.append(chr(label2[i] ^ ord(label[i])))
res2.append(chr(label2[4]))
print(res2)



a6= "AFBo}"
res3 = []
for i in range(4):
     res3.append(chr(ord(a6[i]) ^ label2[i]))
res3.append(a6[4])
print(res3)

result = ''
for i in range(5):
     result= result+res[i]+res2[i]+res3[i]

print(result)