APK-逆向2 Hack-you-2014

(看名以为是安卓逆向呢0.0,搞错了吧)

程序是.net写的,直接祭出神器dnSpy

 1 using System;

 2 using System.Diagnostics;

 3 using System.IO;

 4 using System.Net.Sockets;

 5 using System.Text;

 6

 7 namespace Rev_100

 8 {

 9     // Token: 0x02000002 RID: 2

10     internal class Program

11     {

12         // Token: 0x06000001 RID: 1 RVA: 0x00002050 File Offset: 0x00000250

13         private static void Main(string[] args)

14         {

15             string hostname = "127.0.0.1";

16             int port = 31337;

17             TcpClient tcpClient = new TcpClient();

18             try

19             {

20                 Console.WriteLine("Connecting...");

21                 tcpClient.Connect(hostname, port);

22             }

23             catch (Exception)

24             {

25                 Console.WriteLine("Cannot connect!\nFail!");

26                 return;

27             }

28             Socket client = tcpClient.Client;

29             string text = "Super Secret Key";

30             string text2 = Program.read();

31             client.Send(Encoding.ASCII.GetBytes("CTF{"));

32             foreach (char x in text)

33             {

34                 client.Send(Encoding.ASCII.GetBytes(Program.search(x, text2)));

35             }

36             client.Send(Encoding.ASCII.GetBytes("}"));

37             client.Close();

38             tcpClient.Close();

39             Console.WriteLine("Success!");

40         }

41

42         // Token: 0x06000002 RID: 2 RVA: 0x0000213C File Offset: 0x0000033C

43         private static string read()

44         {

45             string fileName = Process.GetCurrentProcess().MainModule.FileName;

46             string[] array = fileName.Split(new char[]

47             {

48                 '\\'

49             });

50             string path = array[array.Length - 1];

51             string result = "";

52             using (StreamReader streamReader = new StreamReader(path))

53             {

54                 result = streamReader.ReadToEnd();

55             }

56             return result;

57         }

58

59         // Token: 0x06000003 RID: 3 RVA: 0x000021B0 File Offset: 0x000003B0

60         private static string search(char x, string text)

61         {

62             int length = text.Length;

63             for (int i = 0; i < length; i++)

64             {

65                 if (x == text[i])

66                 {

67                     int value = i * 1337 % 256;

68                     return Convert.ToString(value, 16).PadLeft(2, '0');

69                 }

70             }

71             return "??";

72         }

73     }

74 }

直接相当于源码

最简单的方案就是用python开个服务:

1 import http.server

2

3 server_address = ('127.0.0.1', 31337)

4 handler_class = http.server.BaseHTTPRequestHandler

5 httpd = http.server.HTTPServer(server_address, handler_class)

6 httpd.serve_forever()

运行程序,直接得到flag

用python重写算法:

 1 text='Super Secret Key'

 2 f=open(r'D:\Users\Desktop\攻防世界\re进阶\e669ad3bcd324237b73382a2bdc6e330.exe','r',encoding='unicode-escape')

 3 text2=f.read()

 4 f.close()

 5 def serch(x,text):

 6     length=len(text)

 7     for i in range(length):

 8         if x==text[i]:

 9             v=i*1337%256

10             return '%02x' % (v)

11 y=''

12 for t in text:

13     y+=serch(t,text2)

14 print('CTF{'+y+'}')

CTF{7eb67b0bb4427e0b43b40b6042670b55}

攻防世界 reverse 进阶 APK-逆向2的更多相关文章

  1. 攻防世界 reverse 进阶 10 Reverse Box

    攻防世界中此题信息未给全,题目来源为[TWCTF-2016:Reverse] Reverse Box 网上有很多wp是使用gdb脚本,这里找到一个本地还原关键算法,然后再爆破的 https://www ...

  2. 攻防世界 reverse 进阶 9-re1-100

    9.re1-100 1 if ( numRead ) 2 { 3 if ( childCheckDebugResult() ) 4 { 5 responseFalse(); 6 } 7 else if ...

  3. 攻防世界 reverse 进阶 8-The_Maya_Society Hack.lu-2017

    8.The_Maya_Society Hack.lu-2017 在linux下将时间调整为2012-12-21,运行即可得到flag. 下面进行分析 1 signed __int64 __fastca ...

  4. 攻防世界 reverse 进阶 notsequence

    notsequence  RCTF-2015 关键就是两个check函数 1 signed int __cdecl check1_80486CD(int a1[]) 2 { 3 signed int ...

  5. 攻防世界 reverse 进阶 easyre-153

    easyre-153 查壳: upx壳 脱壳: 1 int __cdecl main(int argc, const char **argv, const char **envp) 2 { 3 int ...

  6. 攻防世界 reverse 进阶 -gametime

    19.gametime csaw-ctf-2016-quals 这是一个小游戏,挺有意思的 's'-->' '    'x'-->'x'   'm'-->'m' 观察流程,发现检验函 ...

  7. 攻防世界 reverse 进阶 16-zorropub

    16.zorropub  nullcon-hackim-2016 (linux平台以后整理) https://github.com/ctfs/write-ups-2016/tree/master/nu ...

  8. 攻防世界 reverse 进阶 15-Reversing-x64Elf-100

    15.Reversing-x64Elf-100 这题非常简单, 1 signed __int64 __fastcall sub_4006FD(__int64 a1) 2 { 3 signed int ...

  9. 攻防世界 reverse 进阶 12 ReverseMe-120

    程序流程很清晰 1 int __cdecl main(int argc, const char **argv, const char **envp) 2 { 3 unsigned int v3; // ...

随机推荐

  1. JavaScript getter and setter All In One

    JavaScript getter and setter All In One getter & setter JavaScript Object Accessors JavaScript A ...

  2. funny 生成器

    funny 生成器 https://www.zhihu.com/question/380741546/answer/1190570384 举牌小人生成器 https://small-upup.upup ...

  3. js 大数计算

    js 大数计算 原理 JavaScript 安全整数 是 -253-1 ~ 253-1 ,即: -9007199254740991 ~ 9007199254740991; 换句话说,整数超过这个范围就 ...

  4. webpack 4 & dev server

    webpack 4 & dev server proxy https://webpack.js.org/configuration/dev-server/#devserverproxy htt ...

  5. how to change svg polygon size by update it's points in js

    how to change svg polygon size by update it's points in js matrixTransform https://stackoverflow.com ...

  6. 200万枚SPC空投来袭,这样的薅羊毛活动你确定不参加吗?

    在过去的2020年,币圈真的是很火爆,很多人在参与数字货币交易或DeFi挖矿中赚到了大钱.但是转眼到了2021年,DeFi进入了下半场,区块链市场也进入了新的阶段,那么区块链的下一个爆点是什么呢?很多 ...

  7. Baccarat凭什么能成为DeFi后时代火爆新趋势?

    在各币种经历涨涨跌跌以后,DeFi后时代已然来临.那么,当前DeFi市场中哪个项目更被市场生态建设者看好呢?毫无疑问,Baccarat会成为最被看好的DeFi项目. Baccarat采用了独特的共识算 ...

  8. 02.描述统计 (descriptive statistics)

    1.数据的可靠性和有效性 2.利用图表对数据进行可视化 2.1分类变量的可视化 2.11无序分类变量 2.12有序分类变量的可视化 2.1数值变量的可视化 数据的分布

  9. 1060 Are They Equal——PAT甲级真题

    1060 Are They Equal If a machine can save only 3 significant digits, the float numbers 12300 and 123 ...

  10. Hive安装与配置——2.3.5版本

    Hive安装配置 Hive是一个数据仓库基础工具在Hadoop中用来处理结构化数据.它架构在Hadoop之上,提供简单的sql查询功能,可以将sql语句转换为MapReduce任务进行运行,使查询和分 ...