1. apk 安装到手机,提示输入flag
2. jadx 打开apk看看
private static char a(String str, b bVar, a aVar) {
return aVar.a(bVar.a(str));
}
/* JADX INFO: Access modifiers changed from: private */
public static Boolean b(String str) {
if (str.startsWith("flag{") && str.endsWith("}")) {
String substring = str.substring(5, str.length() - 1);
b bVar = new b(2);
a aVar = new a(3);
StringBuilder sb = new StringBuilder();
int i = 0;
for (int i2 = 0; i2 < substring.length(); i2++) {
sb.append(a(substring.charAt(i2) + "", bVar, aVar));
Integer valueOf = Integer.valueOf(bVar.b().intValue() / 25);
if (valueOf.intValue() > i && valueOf.intValue() >= 1) {
i++;
}
}
return Boolean.valueOf(sb.toString().equals("wigwrkaugala"));
}
return false;
}
/* JADX INFO: Access modifiers changed from: protected */
@Override // android.support.v7.app.c, android.support.v4.a.i, android.support.v4.a.aa, android.app.Activity
public void onCreate(Bundle bundle) {
super.onCreate(bundle);
setContentView(R.layout.activity_main);
findViewById(R.id.button).setOnClickListener(new View.OnClickListener() { // from class: com.a.easyjava.MainActivity.1
@Override // android.view.View.OnClickListener
public void onClick(View view) {
if (MainActivity.b(((EditText) ((MainActivity) this).findViewById(R.id.edit)).getText().toString()).booleanValue()) {
Toast.makeText(this, "You are right!", 1).show();
return;
}
Toast.makeText(this, "You are wrong! Bye~", 1).show();
new Timer().schedule(new TimerTask() { // from class: com.a.easyjava.MainActivity.1.1
@Override // java.util.TimerTask, java.lang.Runnable
public void run() {
System.exit(1);
}
}, 2000L);
}
});
}
这个b 是核心算法,就是靠它检查,整理一下它
public static Boolean b(String str) {
if (str.startsWith("flag{") && str.endsWith("}")) {
String substring = str.substring(5, str.length() - 1);
b bVar = new b(2);
a aVar = new a(3);
StringBuilder sb = new StringBuilder();
int i = 0;
for (int i2 = 0; i2 < substring.length(); i2++) {
tmp = substring.charAt(i2) + "";
tmp = bVar.a(tmp)
tmp = aVar.a(tmp)
sb.append(tmp);
Integer valueOf = Integer.valueOf(bVar.b().intValue() / 25); // d >= 25
if (valueOf.intValue() > i && valueOf.intValue() >= 1) {
i++;
}
}
return Boolean.valueOf(sb.toString().equals("wigwrkaugala"));
}
return false;
}
大概逻辑是: 每个输入的字符先经过b类的a方法处理,再经过a类的a方法处理,最后拼出来的字符串和wigwrkaugala进行比较
那么把结果字符串的每个字符倒过来操作一下应该可以得到结果
3. 看看b 类a方法
public static void a() {
int intValue = a.get(0).intValue();
a.remove(0);
a.add(Integer.valueOf(intValue));
b += "" + b.charAt(0);
b = b.substring(1, 27);
Integer num = d;
d = Integer.valueOf(d.intValue() + 1);
}
public Integer a(String str) {
int i = 0;
if (b.contains(str.toLowerCase())) {
Integer valueOf = Integer.valueOf(b.indexOf(str));
for (int i2 = 0; i2 < a.size() - 1; i2++) {
if (a.get(i2) == valueOf) {
i = Integer.valueOf(i2);
}
}
} else {
i = str.contains(" ") ? -10 : -1;
}
a();
return i;
}
大概意思是字符传进来,找到对应b字典中的索引位置,然后去a里面找和该值相等的元素所在再索引处
最后把字符串表和数字表移动一下,即把第一个元素放到末尾处
a类和b类几乎一个套路,除了移动元素逻辑,它是执行26次才移动一次
4. 这样还原算法就可以搞出来了
# 注意这里的值再构造方法中又处理,这里就直接拿出来了
a_num_list = [ 21, 4, 24, 25, 20, 5, 15, 9, 17, 6, 13, 3, 18, 12, 10, 19, 0, 22, 2, 11, 23, 1, 8, 7, 14, 16 ]
a_alpha_list = list('abcdefghijklmnopqrstuvwxyz')
b_num_list = [17, 23, 7, 22, 1, 16, 6, 9, 21, 0, 15, 5, 10, 18, 2, 24, 4, 11, 3, 14, 19, 12, 20, 13, 8, 25]
b_alpga_list = list('abcdefghijklmnopqrstuvwxyz')
key = 'wigwrkaugala'
key_list = list(key)
ret = ''
for char_str in key_list:
a_index = a_alpha_list.index(char_str)
t_num = a_num_list[a_index]
# 没有25位那么长 a就不loop
b_index = b_num_list[t_num]
key_char = b_alpga_list[b_index]
ret += key_char
# b loop
t_num = b_num_list[0]
b_num_list.pop(0)
b_num_list.append(t_num)
t_char = b_alpga_list[0]
b_alpga_list.pop(0)
b_alpga_list.append(t_char)
print(ret)
#日志
└─# python easyjava.py
venividivkcr
得到flag: flag{venividivkcr}
标签:攻防,i2,valueOf,list,easyjava,num,str,Integer,Android From: https://www.cnblogs.com/gradyblog/p/17232915.html