【逆向分析】BUUCTF 逆向题目 findit
2023-12-10 03:14:18 Author: 利刃信安攻防实验室(查看原文) 阅读量:12 收藏

BUUCTF 逆向题目 findit

题目地址:

https://buuoj.cn/challenges#findit

https://files.buuoj.cn/files/41f7c51e14897f707e3855352e386da1/6a428ff2-25d7-403c-b28e-3f980a10a5a2.apk.zip

差生文具多,比拼工具的时候到了

综合对比下,选用jadx-gui

package com.example.findit;
import android.os.Bundle;import android.support.v7.app.ActionBarActivity;import android.view.MenuItem;import android.view.View;import android.widget.Button;import android.widget.EditText;import android.widget.TextView;
/* loaded from: classes.dex */public class MainActivity extends ActionBarActivity { /* JADX INFO: Access modifiers changed from: protected */ @Override // android.support.v7.app.ActionBarActivity, android.support.v4.app.FragmentActivity, android.app.Activity public void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); setContentView(R.layout.activity_main); Button btn = (Button) findViewById(R.id.widget3); final EditText edit = (EditText) findViewById(R.id.widget2); final TextView text = (TextView) findViewById(R.id.widget1); final char[] a = {'T', 'h', 'i', 's', 'I', 's', 'T', 'h', 'e', 'F', 'l', 'a', 'g', 'H', 'o', 'm', 'e'}; final char[] b = {'p', 'v', 'k', 'q', '{', 'm', '1', '6', '4', '6', '7', '5', '2', '6', '2', '0', '3', '3', 'l', '4', 'm', '4', '9', 'l', 'n', 'p', '7', 'p', '9', 'm', 'n', 'k', '2', '8', 'k', '7', '5', '}'}; btn.setOnClickListener(new View.OnClickListener() { // from class: com.example.findit.MainActivity.1 @Override // android.view.View.OnClickListener public void onClick(View v) { char[] x = new char[17]; char[] y = new char[38]; for (int i = 0; i < 17; i++) { if ((a[i] < 'I' && a[i] >= 'A') || (a[i] < 'i' && a[i] >= 'a')) { x[i] = (char) (a[i] + 18); } else if ((a[i] >= 'A' && a[i] <= 'Z') || (a[i] >= 'a' && a[i] <= 'z')) { x[i] = (char) (a[i] - '\b'); } else { x[i] = a[i]; } } String m = String.valueOf(x); if (m.equals(edit.getText().toString())) { for (int i2 = 0; i2 < 38; i2++) { if ((b[i2] >= 'A' && b[i2] <= 'Z') || (b[i2] >= 'a' && b[i2] <= 'z')) { y[i2] = (char) (b[i2] + 16); if ((y[i2] > 'Z' && y[i2] < 'a') || y[i2] >= 'z') { y[i2] = (char) (y[i2] - 26); } } else { y[i2] = b[i2]; } } String n = String.valueOf(y); text.setText(n); return; } text.setText("答案错了肿么办。。。不给你又不好意思。。。哎呀好纠结啊~~~"); } }); }
@Override // android.app.Activity public boolean onOptionsItemSelected(MenuItem item) { int id = item.getItemId(); if (id == R.id.action_settings) { return true; } return super.onOptionsItemSelected(item); }}

分析上述代码,

直接比对上面代码依葫芦画瓢编写C++代码

#include<iostream>
using namespace std;
int main() { char a[] = {'T', 'h', 'i', 's', 'I', 's', 'T', 'h', 'e', 'F', 'l', 'a', 'g', 'H', 'o', 'm', 'e'}; char b[] = {'p', 'v', 'k', 'q', '{', 'm', '1', '6', '4', '6', '7', '5', '2', '6', '2', '0', '3', '3', 'l', '4', 'm', '4', '9', 'l', 'n', 'p', '7', 'p', '9', 'm', 'n', 'k', '2', '8', 'k', '7', '5', '}'};
int x[17] = {0}; int y[38] = {0};

for (int i = 0; i < 17; i++) { if ((a[i] < 'I' && a[i] >= 'A') || (a[i] < 'i' && a[i] >= 'a')) { x[i] = (char) (a[i] + 18); } else if ((a[i] >= 'A' && a[i] <= 'Z') || (a[i] >= 'a' && a[i] <= 'z')) { x[i] = (char) (a[i] - '\b'); } else { x[i] = a[i]; } }

for (int i = 0; i < 17; i++) cout << (char) x[i];
putchar('\n'); for (int i2 = 0; i2 < 38; i2++) { if ((b[i2] >= 'A' && b[i2] <= 'Z') || (b[i2] >= 'a' && b[i2] <= 'z')) {            y[i2] = (b[i2] + 16);  //特别注意:此处使用(char)容易超出有效的字符范围,导致字符溢出或乱码 if ((y[i2] > 'Z' && y[i2] < 'a') || y[i2] >= 'z') { y[i2] = (char) (y[i2] - 26); } } else { y[i2] = b[i2]; } }

for (int i = 0; i < 38; i++) cout << (char) y[i];
return 0;}

避坑指南

1.

int x[17] = {0};int y[38] = {0};

这里的 x y 数组要用整型 int ,如果用 char 数据会越界,出现乱码。

2.

在某些情况下,(char) (b[i2] + 16) 的结果可能会超出有效的字符范围,导致字符溢出或乱码。这是因为加法运算可能使字符的 ASCII 值超出表示字符的范围。

在这种情况下,你可以考虑使用无符号字符(unsigned char)类型,以确保不会发生符号溢出问题。这是因为char的默认是有符号类型,如果发生溢出,可能导致负数的结果。

y[i2] = static_cast<unsigned char>(b[i2] + 16);

在这里,使用static_cast<unsigned char>将 b[i2] + 16 的结果转换为无符号字符,以避免符号溢出问题。

flag{c164675262033b4c49bdf7f9cda28a75}

文章来源: http://mp.weixin.qq.com/s?__biz=MzU1Mjk3MDY1OA==&mid=2247508624&idx=1&sn=0a206eff3a6c1c270ed63c302cd65a80&chksm=fbfb125dcc8c9b4b4d7526296226ebf1e06e444b3afb3ee87abfd6a87c3a408ffb7f22b97479&scene=0&xtrack=1#rd
如有侵权请联系:admin#unsafe.sh