首先拿到了一个apk,用7ZIP解压后 将classes.dex文件用dex2jar反汇编得到一个jar包,导进我的idea以后
打开MainActivity分析逻辑,关键是这个onClick函数
public void onClick(View param1View) {
try {
String str1 = MainActivity.this.text.getText().toString();
PackageInfo packageInfo = MainActivity.this.getPackageManager().getPackageInfo("com.example.yaphetshan.tencentgreat", 16384);
String str2 = packageInfo.versionName;
int j = packageInfo.versionCode;
for (int i = 0;; i++) {
if (i < str1.length() && i < str2.length()) {
if (str1.charAt(i) != (str2.charAt(i) ^ j)) {
Toast.makeText((Context)MainActivity.this, ", 1).show();
return;
}
} else {
if (str1.length() == str2.length()) {
Toast.makeText((Context)MainActivity.this, ", 1).show();
return;
}
Toast.makeText((Context)MainActivity.this, ", 1).show();
}
}
} catch (android.content.pm.PackageManager.NameNotFoundException nameNotFoundException) {
}
Toast.makeText((Context)MainActivity.this, ", 1).show();
}
根据分析有几个前提条件:
- str1与str2长度相等
- str1每一位的字母的ascii码值等于str2与j异或的值
- str2为versionName号,j为versioncode
因此根据逻辑我们可以写出
public static void main(String[] args) {
String str2 = "X<cP[?PHNB<P?aj";
int j = 15;
String res = "";
for (int i =0;i < str2.length(); i++){
res += (char)(str2.charAt(i) ^ j);
}
System.out.println(res);
}
最终输出了W3l_T0_GAM3_0ne即为flag