2015-0CTF-vezel
Java静态分析
题目地址: https://github.com/ctf-wiki/c...
1.运行
2.定位关键代码
public void confirm(View v) {
String first = String.valueOf(getSig(getPackageName()));
if (("0CTF{" + first + getCrc() + "}").equals(this.et.getText().toString())) {
Toast.makeText(this, "Yes!", 0).show();
} else {
Toast.makeText(this, "0ops!", 0).show();
}
}
flag: "0CTF{" + first + getCrc() + "}"
3.详细分析
3.1 first
String first = String.valueOf(getSig(getPackageName()));
private int getSig(String packageName) {
int sig = 0;
try {
return getPackageManager().getPackageInfo(packageName, 64).signatures[0].toCharsString().hashCode();
} catch (Exception e) {
e.printStackTrace();
return sig;
}
}
通过编写一个app可以获得该app签名
MainActivity.java
package com.iromise.getsignature;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.content.pm.Signature;
import android.support.v7.app.AppCompatActivity;
import android.os.Bundle;
import android.text.TextUtils;
import android.util.Log;
import android.widget.Toast;
public class MainActivity extends AppCompatActivity {
private StringBuilder builder;
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
PackageManager manager = getPackageManager();
builder = new StringBuilder();
String pkgname = "com.ctf.vezel";
boolean isEmpty = TextUtils.isEmpty(pkgname);
if (isEmpty) {
Toast.makeText(this, "应用程序的包名不能为空!", Toast.LENGTH_SHORT);
} else {
try {
PackageInfo packageInfo = manager.getPackageInfo(pkgname, PackageManager.GET_SIGNATURES);
Signature[] signatures = packageInfo.signatures;
Log.i("hashcode", String.valueOf(signatures[0].toCharsString().hashCode()));
} catch (PackageManager.NameNotFoundException e) {
e.printStackTrace();
}
}
}
}
从log中过滤出
07-18 11:05:11.895 16124-16124/? I/hashcode: -183971537
3.2 crc
获得 class.dex 的CRC
编写代码
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.util.zip.CRC32;
import java.util.zip.CheckedInputStream;
public class crc {
public static void main(String[] args) {
if (args.length < 1) {
System.out.println("Usage: java crc <file>");
System.exit(-1);
}
System.out.println(args[0]);
String path = args[0];
String crc = loadCRC32(path);
System.out.println("HEX:" + crc);
System.out.println("DEC:"+ Integer.parseInt(crc,16));
}
public static String loadCRC32(String filePath) {
CRC32 crc32 = new CRC32();
FileInputStream inputStream = null;
CheckedInputStream checkedinputstream = null;
String crcStr = null;
try {
inputStream = new FileInputStream(new File(filePath));
checkedinputstream = new CheckedInputStream(inputStream, crc32);
while (checkedinputstream.read() != -1) {
}
crcStr = Long.toHexString(crc32.getValue()).toUpperCase();
} catch (FileNotFoundException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
} finally {
if (inputStream != null) {
try {
inputStream.close();
} catch (IOException e2) {
e2.printStackTrace();
}
}
if (checkedinputstream != null) {
try {
checkedinputstream.close();
} catch (IOException e) {
e.printStackTrace();
}
}
}
return crcStr;
}
}
java crc vezel/classes.dex vezel/classes.dex HEX:46E26557 DEC:1189242199
Flag
0CTF{-1839715371189242199}
5.参考文章
- 2015-0CTF-vezel wp
- 如何防止 Android 应用被二次打包? - 轩辕的回答 - 知乎
正文到此结束
热门推荐
相关文章
Loading...
![[HBLOG]公众号](http://www.liuhaihua.cn/img/qrcode_gzh.jpg)
