APK-逆向2 Hack-you-2014

(看名以为是安卓逆向呢0.0,搞错了吧)

程序是.net写的,直接祭出神器dnSpy

 1 using System;

 2 using System.Diagnostics;

 3 using System.IO;

 4 using System.Net.Sockets;

 5 using System.Text;

 6

 7 namespace Rev_100

 8 {

 9     // Token: 0x02000002 RID: 2

10     internal class Program

11     {

12         // Token: 0x06000001 RID: 1 RVA: 0x00002050 File Offset: 0x00000250

13         private static void Main(string[] args)

14         {

15             string hostname = "127.0.0.1";

16             int port = 31337;

17             TcpClient tcpClient = new TcpClient();

18             try

19             {

20                 Console.WriteLine("Connecting...");

21                 tcpClient.Connect(hostname, port);

22             }

23             catch (Exception)

24             {

25                 Console.WriteLine("Cannot connect!\nFail!");

26                 return;

27             }

28             Socket client = tcpClient.Client;

29             string text = "Super Secret Key";

30             string text2 = Program.read();

31             client.Send(Encoding.ASCII.GetBytes("CTF{"));

32             foreach (char x in text)

33             {

34                 client.Send(Encoding.ASCII.GetBytes(Program.search(x, text2)));

35             }

36             client.Send(Encoding.ASCII.GetBytes("}"));

37             client.Close();

38             tcpClient.Close();

39             Console.WriteLine("Success!");

40         }

41

42         // Token: 0x06000002 RID: 2 RVA: 0x0000213C File Offset: 0x0000033C

43         private static string read()

44         {

45             string fileName = Process.GetCurrentProcess().MainModule.FileName;

46             string[] array = fileName.Split(new char[]

47             {

48                 '\\'

49             });

50             string path = array[array.Length - 1];

51             string result = "";

52             using (StreamReader streamReader = new StreamReader(path))

53             {

54                 result = streamReader.ReadToEnd();

55             }

56             return result;

57         }

58

59         // Token: 0x06000003 RID: 3 RVA: 0x000021B0 File Offset: 0x000003B0

60         private static string search(char x, string text)

61         {

62             int length = text.Length;

63             for (int i = 0; i < length; i++)

64             {

65                 if (x == text[i])

66                 {

67                     int value = i * 1337 % 256;

68                     return Convert.ToString(value, 16).PadLeft(2, '0');

69                 }

70             }

71             return "??";

72         }

73     }

74 }

直接相当于源码

最简单的方案就是用python开个服务:

1 import http.server

2

3 server_address = ('127.0.0.1', 31337)

4 handler_class = http.server.BaseHTTPRequestHandler

5 httpd = http.server.HTTPServer(server_address, handler_class)

6 httpd.serve_forever()

运行程序,直接得到flag

用python重写算法:

 1 text='Super Secret Key'

 2 f=open(r'D:\Users\Desktop\攻防世界\re进阶\e669ad3bcd324237b73382a2bdc6e330.exe','r',encoding='unicode-escape')

 3 text2=f.read()

 4 f.close()

 5 def serch(x,text):

 6     length=len(text)

 7     for i in range(length):

 8         if x==text[i]:

 9             v=i*1337%256

10             return '%02x' % (v)

11 y=''

12 for t in text:

13     y+=serch(t,text2)

14 print('CTF{'+y+'}')

CTF{7eb67b0bb4427e0b43b40b6042670b55}

攻防世界 reverse 进阶 APK-逆向2的更多相关文章

  1. 攻防世界 reverse 进阶 10 Reverse Box

    攻防世界中此题信息未给全,题目来源为[TWCTF-2016:Reverse] Reverse Box 网上有很多wp是使用gdb脚本,这里找到一个本地还原关键算法,然后再爆破的 https://www ...

  2. 攻防世界 reverse 进阶 9-re1-100

    9.re1-100 1 if ( numRead ) 2 { 3 if ( childCheckDebugResult() ) 4 { 5 responseFalse(); 6 } 7 else if ...

  3. 攻防世界 reverse 进阶 8-The_Maya_Society Hack.lu-2017

    8.The_Maya_Society Hack.lu-2017 在linux下将时间调整为2012-12-21,运行即可得到flag. 下面进行分析 1 signed __int64 __fastca ...

  4. 攻防世界 reverse 进阶 notsequence

    notsequence  RCTF-2015 关键就是两个check函数 1 signed int __cdecl check1_80486CD(int a1[]) 2 { 3 signed int ...

  5. 攻防世界 reverse 进阶 easyre-153

    easyre-153 查壳: upx壳 脱壳: 1 int __cdecl main(int argc, const char **argv, const char **envp) 2 { 3 int ...

  6. 攻防世界 reverse 进阶 -gametime

    19.gametime csaw-ctf-2016-quals 这是一个小游戏,挺有意思的 's'-->' '    'x'-->'x'   'm'-->'m' 观察流程,发现检验函 ...

  7. 攻防世界 reverse 进阶 16-zorropub

    16.zorropub  nullcon-hackim-2016 (linux平台以后整理) https://github.com/ctfs/write-ups-2016/tree/master/nu ...

  8. 攻防世界 reverse 进阶 15-Reversing-x64Elf-100

    15.Reversing-x64Elf-100 这题非常简单, 1 signed __int64 __fastcall sub_4006FD(__int64 a1) 2 { 3 signed int ...

  9. 攻防世界 reverse 进阶 12 ReverseMe-120

    程序流程很清晰 1 int __cdecl main(int argc, const char **argv, const char **envp) 2 { 3 unsigned int v3; // ...

随机推荐

  1. 可迭代对象&迭代器&生成器

    在python中,可迭代对象&迭代器&生成器的关系如下图: 即:生成器是一种特殊的迭代器,迭代器是一种特殊的可迭代对象. 可迭代对象 如上图,这里x是一个列表(可迭代对象),其实正如第 ...

  2. Web 页面生命周期 All In One

    Web 页面生命周期 All In One Web Page LifeCycle All In One refs xgqfrms 2012-2020 www.cnblogs.com 发布文章使用:只允 ...

  3. js script all in one

    js script all in one 你不知道的 js secret https://html.spec.whatwg.org/multipage/scripting.html https://h ...

  4. queueMicrotask & microtask

    queueMicrotask & microtask microtask microtask queue Promise Mutation Observer API MutationObser ...

  5. js to svg flowchart

    js to svg flowchart flowchart https://flowchart.js.org/ https://github.com/adrai/flowchart.js https: ...

  6. full stack & front end

    full stack & front end https://github.com/frank-lam/fullstack-tutorial https://github.com/haizli ...

  7. SVG & Sprite & symbol & use

    SVG & Sprite & symbol & use https://www.zhangxinxu.com/sp/svgo/ https://www.zhangxinxu.c ...

  8. JavaScript中判断对象是否属于Array类型的4种方法及其背后的原理与局限性

    前言 毫无疑问,Array.isArray是现如今JavaScript中判断对象是否属于Array类型的首选,但是我认为了解本文其余的方法及其背后的原理与局限性也是很有必要的,因为在JavaScrip ...

  9. 一层逻辑的网页scrapy爬虫

    1 import scrapy 2 import re 3 from fake_useragent import UserAgent 4 5 6 class DoubanSpider(scrapy.S ...

  10. 移动端时间回显iphone出现的问题

    new Date(item.startTime.replace(/-/g, '/') dateFormat('hh:mm', new Date(item.startTime.replace(/-/g, ...