1.app1
拖进模拟器效果:
上dex2jar,得到代码如下:
package com.example.yaphetshan.tencentgreat;
import android.content.Context;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.os.Bundle;
import android.support.v7.app.AppCompatActivity;
import android.view.View;
import android.widget.Button;
import android.widget.EditText;
import android.widget.Toast;
public class MainActivity extends AppCompatActivity {
Button btn;
public final String pName = "com.example.yaphetshan.tencentgreat";
EditText text;
protected void onCreate(Bundle paramBundle) {
super.onCreate(paramBundle);
setContentView(2130968603);
this.btn = (Button)findViewById(2131427416);
this.text = (EditText)findViewById(2131427415);
this.btn.setOnClickListener(new View.OnClickListener() {
public void onClick(View param1View) {
try {
String str1 = MainActivity.this.text.getText().toString();
PackageInfo packageInfo = MainActivity.this.getPackageManager().getPackageInfo("com.example.yaphetshan.tencentgreat", 16384);
String str2 = packageInfo.versionName;
int j = packageInfo.versionCode;
for (int i = 0;; i++) {
if (i < str1.length() && i < str2.length()) {
if (str1.charAt(i) != (str2.charAt(i) ^ j)) {
Toast.makeText((Context)MainActivity.this, ", 1).show();
return;
}
} else {
if (str1.length() == str2.length()) {
Toast.makeText((Context)MainActivity.this, ", 1).show();
return;
}
Toast.makeText((Context)MainActivity.this, ", 1).show();
}
}
} catch (android.content.pm.PackageManager.NameNotFoundException nameNotFoundException) {}
Toast.makeText((Context)MainActivity.this, ", 1).show();
}
});
}
}
从代码可得到逻辑:对于输入,逐位与版本名按位与版本号异或之后比较。
然后我们查看BuildConfig得到版本号:
public static final int VERSION_CODE = 15; public static final String VERSION_NAME = "X<cP[?PHNB<P?aj";
然后将这两个变量拿来放进代码:
String str2 = "X<cP[?PHNB<P?aj";
String result = "";
for(int i=0;i<str2.length();i++) {
result+=(char)(str2.charAt(i)^15);
}
System.out.println(result);拿到输出result就是flag:W3l_T0_GAM3_0ne
