DD-Android Easy

链接:https://github.com/ThunderJie/CTF-Practice/tree/master/CTF-Andorid%20Reverse/DD%20-%20Android%20Easy

解题思路:

下载完成后发现是.zip格式,将后缀改为.apk格式,安装到模拟器中,发现是输入注册码的题目

用jeb打开分析

可以看出只要得到字符串i的值便可以得到flag

解密脚本:

p = [-40, -62, 107, 66, -126, 103, -56, 77, 122, -107, -24, -127, 72, -63, -98, 64, -24, -5, -49, -26, 79, -70, -26, -81, 120, 25, 111, -100, -23, -9, 122, -35, 66, -50, -116, 3, -72, 102, -45, -85, 0, 126, -34, 62, 83, -34, 48, -111, 61, -9, -51, 114, 20, 81, -126, -18, 27, -115, -76, -116, -48, -118, -10, -102, -106, 113, -104, 98, -109, 74, 48, 47, -100, -88, 121, 22, -63, -32, -20, -41, -27, -20, -118, 100, -76, 70, -49, -39, -27, -106, -13, -108, 115, -87, -1, -22, -53, 21, -100, 124, -95, -40, 62, -69, 29, 56, -53, 85, -48, 25, 37, -78, 11, -110, -24, -120, -82, 6, -94, -101]
q = [-57, -90, 53, -71, -117, 98, 62, 98, 101, -96, 36, 110, 77, -83, -121, 2, -48, 94, -106, -56, -49, -80, -1, 83, 75, 66, -44, 74, 2, -36, -42, -103, 6, -115, -40, 69, -107, 85, -78, -49, 54, 78, -26, 15, 98, -70, 8, -90, 94, -61, -84, 64, 112, 51, -29, -34, 126, -21, -126, -71, -31, -24, -60, -2, -81, 66, -84, 85, -91, 10, 84, 70, -8, -63, 26, 126, -76, -104, -123, -71, -126, -62, -23, 11, -39, 70, 14, 59, -101, -39, -124, 91, -109, 102, -49, 21, 105, 0, 37, -128, -57, 117, 110, -115, -86, 56, 25, -46, -55, 7, -125, 109, 76, 104, -15, 82, -53, 18, -28, -24]
bArr = []
i2=0
flag=""
i3=0
for i in range(len(p)):
    bArr.append(p[i]^q[i])
b=bArr[0]
while bArr[b+i2]!=0:
    i2+=1
while i3<i2:
    flag+=chr(bArr[b+i3])
    i3+=1
print(flag)

运行得到 flagDDCTF-3ad60811d87c4a2dba0ef651b2d93476@didichuxing.com

smali

链接:

https://github.com/ThunderJie/CTF-Practice/tree/master/CTF-Andorid%20Reverse/smali

直接用jeb打开分析

分析看出是2次base64,一次AES,直接使用python编写脚本

解密脚本:

import base64
from Crypto.Cipher import AES
cipher = "sSNnx1UKbYrA1+MOrdtDTA=="
cipher = base64.b64decode(cipher)
key = "cGhyYWNrICBjdGYgMjAxNg=="
key = base64.b64decode(key)
cryptor = AES.new(key,AES.MODE_ECB)
flag = cryptor.decrypt(cipher)
print(flag)

运行得到flag:b’PCTF{Sm4liRiver}’