APK-逆向2 Hack-you-2014

(看名以为是安卓逆向呢0.0,搞错了吧)

程序是.net写的,直接祭出神器dnSpy

 1 using System;

 2 using System.Diagnostics;

 3 using System.IO;

 4 using System.Net.Sockets;

 5 using System.Text;

 6

 7 namespace Rev_100

 8 {

 9     // Token: 0x02000002 RID: 2

10     internal class Program

11     {

12         // Token: 0x06000001 RID: 1 RVA: 0x00002050 File Offset: 0x00000250

13         private static void Main(string[] args)

14         {

15             string hostname = "127.0.0.1";

16             int port = 31337;

17             TcpClient tcpClient = new TcpClient();

18             try

19             {

20                 Console.WriteLine("Connecting...");

21                 tcpClient.Connect(hostname, port);

22             }

23             catch (Exception)

24             {

25                 Console.WriteLine("Cannot connect!\nFail!");

26                 return;

27             }

28             Socket client = tcpClient.Client;

29             string text = "Super Secret Key";

30             string text2 = Program.read();

31             client.Send(Encoding.ASCII.GetBytes("CTF{"));

32             foreach (char x in text)

33             {

34                 client.Send(Encoding.ASCII.GetBytes(Program.search(x, text2)));

35             }

36             client.Send(Encoding.ASCII.GetBytes("}"));

37             client.Close();

38             tcpClient.Close();

39             Console.WriteLine("Success!");

40         }

41

42         // Token: 0x06000002 RID: 2 RVA: 0x0000213C File Offset: 0x0000033C

43         private static string read()

44         {

45             string fileName = Process.GetCurrentProcess().MainModule.FileName;

46             string[] array = fileName.Split(new char[]

47             {

48                 '\\'

49             });

50             string path = array[array.Length - 1];

51             string result = "";

52             using (StreamReader streamReader = new StreamReader(path))

53             {

54                 result = streamReader.ReadToEnd();

55             }

56             return result;

57         }

58

59         // Token: 0x06000003 RID: 3 RVA: 0x000021B0 File Offset: 0x000003B0

60         private static string search(char x, string text)

61         {

62             int length = text.Length;

63             for (int i = 0; i < length; i++)

64             {

65                 if (x == text[i])

66                 {

67                     int value = i * 1337 % 256;

68                     return Convert.ToString(value, 16).PadLeft(2, '0');

69                 }

70             }

71             return "??";

72         }

73     }

74 }

直接相当于源码

最简单的方案就是用python开个服务:

1 import http.server

2

3 server_address = ('127.0.0.1', 31337)

4 handler_class = http.server.BaseHTTPRequestHandler

5 httpd = http.server.HTTPServer(server_address, handler_class)

6 httpd.serve_forever()

运行程序,直接得到flag

用python重写算法:

 1 text='Super Secret Key'

 2 f=open(r'D:\Users\Desktop\攻防世界\re进阶\e669ad3bcd324237b73382a2bdc6e330.exe','r',encoding='unicode-escape')

 3 text2=f.read()

 4 f.close()

 5 def serch(x,text):

 6     length=len(text)

 7     for i in range(length):

 8         if x==text[i]:

 9             v=i*1337%256

10             return '%02x' % (v)

11 y=''

12 for t in text:

13     y+=serch(t,text2)

14 print('CTF{'+y+'}')

CTF{7eb67b0bb4427e0b43b40b6042670b55}

攻防世界 reverse 进阶 APK-逆向2的更多相关文章

  1. 攻防世界 reverse 进阶 10 Reverse Box

    攻防世界中此题信息未给全,题目来源为[TWCTF-2016:Reverse] Reverse Box 网上有很多wp是使用gdb脚本,这里找到一个本地还原关键算法,然后再爆破的 https://www ...

  2. 攻防世界 reverse 进阶 9-re1-100

    9.re1-100 1 if ( numRead ) 2 { 3 if ( childCheckDebugResult() ) 4 { 5 responseFalse(); 6 } 7 else if ...

  3. 攻防世界 reverse 进阶 8-The_Maya_Society Hack.lu-2017

    8.The_Maya_Society Hack.lu-2017 在linux下将时间调整为2012-12-21,运行即可得到flag. 下面进行分析 1 signed __int64 __fastca ...

  4. 攻防世界 reverse 进阶 notsequence

    notsequence  RCTF-2015 关键就是两个check函数 1 signed int __cdecl check1_80486CD(int a1[]) 2 { 3 signed int ...

  5. 攻防世界 reverse 进阶 easyre-153

    easyre-153 查壳: upx壳 脱壳: 1 int __cdecl main(int argc, const char **argv, const char **envp) 2 { 3 int ...

  6. 攻防世界 reverse 进阶 -gametime

    19.gametime csaw-ctf-2016-quals 这是一个小游戏,挺有意思的 's'-->' '    'x'-->'x'   'm'-->'m' 观察流程,发现检验函 ...

  7. 攻防世界 reverse 进阶 16-zorropub

    16.zorropub  nullcon-hackim-2016 (linux平台以后整理) https://github.com/ctfs/write-ups-2016/tree/master/nu ...

  8. 攻防世界 reverse 进阶 15-Reversing-x64Elf-100

    15.Reversing-x64Elf-100 这题非常简单, 1 signed __int64 __fastcall sub_4006FD(__int64 a1) 2 { 3 signed int ...

  9. 攻防世界 reverse 进阶 12 ReverseMe-120

    程序流程很清晰 1 int __cdecl main(int argc, const char **argv, const char **envp) 2 { 3 unsigned int v3; // ...

随机推荐

  1. fibonacci number & fibonacci sequence

    fibonacci number & fibonacci sequence https://www.mathsisfun.com/numbers/fibonacci-sequence.html ...

  2. React Native Apps

    React Native Apps https://github.com/ReactNativeNews/React-Native-Apps github app https://github.com ...

  3. Apple & HTML5 app

    Apple & HTML5 app https://developer.apple.com/cn/news/?id=09062019b https://developer.apple.com/ ...

  4. Nestjs 验证对象数组

    route @Patch(':id') patch(@Param('id') id: string, @Body() removeEssayDto: RemoveEssayDto) { return ...

  5. 如何快速搞定websocket

    5 个步骤快速掌握websocket消息发送和接收 1. 获取您的 appkey 先注册一个账号,登录后,创建一个应用,就能得到您的 appkey. 详情见 获取开发者账号和 appkey 2. 客户 ...

  6. Linux 内核和 Windows 内核有什么区别?

    Windows 和 Linux 可以说是我们比较常见的两款操作系统的. Windows 基本占领了电脑时代的市场,商业上取得了很大成就,但是它并不开源,所以要想接触源码得加入 Windows 的开发团 ...

  7. 17_MySQL分组查询的应用

    本节涉及SQL语句: -- 分组查询 SELECT deptno,AVG(sal) FROM t_emp GROUP BY deptno; -- 四舍五入 SELECT deptno,ROUND(AV ...

  8. vue_webpack

    1.生成项目工程描述文件 npm init 2.安装webpack开发依赖 (本地安装):npm install -D 3.(webpack4.0版本以上安装webpack cli) npm inst ...

  9. vue-eahars生产编译报错

    { test: /\.js$/, loader: 'babel-loader', include: [resolve('src'), resolve('test'), resolve('node_mo ...

  10. TERSUS无代码开发(笔记04)-CSS样式设置

    CSS样式设置 1.常用显示样式 大小尺寸 说明  间距边距 说明  各类颜色 说明  width 宽 margin 外边距         color  颜色        height 高 pad ...