BUUCTF 逆向题目 findit
题目地址:
https://buuoj.cn/challenges#findithttps://files.buuoj.cn/files/41f7c51e14897f707e3855352e386da1/6a428ff2-25d7-403c-b28e-3f980a10a5a2.apk.zip差生文具多,比拼工具的时候到了
综合对比下,选用jadx-gui
package com.example.findit;import android.os.Bundle;import android.support.v7.app.ActionBarActivity;import android.view.MenuItem;import android.view.View;import android.widget.Button;import android.widget.EditText;import android.widget.TextView;/* loaded from: classes.dex */public class MainActivity extends ActionBarActivity {/* JADX INFO: Access modifiers changed from: protected */@Override // android.support.v7.app.ActionBarActivity, android.support.v4.app.FragmentActivity, android.app.Activitypublic void onCreate(Bundle savedInstanceState) {super.onCreate(savedInstanceState);setContentView(R.layout.activity_main);Button btn = (Button) findViewById(R.id.widget3);final EditText edit = (EditText) findViewById(R.id.widget2);final TextView text = (TextView) findViewById(R.id.widget1);final char[] a = {'T', 'h', 'i', 's', 'I', 's', 'T', 'h', 'e', 'F', 'l', 'a', 'g', 'H', 'o', 'm', 'e'};final char[] b = {'p', 'v', 'k', 'q', '{', 'm', '1', '6', '4', '6', '7', '5', '2', '6', '2', '0', '3', '3', 'l', '4', 'm', '4', '9', 'l', 'n', 'p', '7', 'p', '9', 'm', 'n', 'k', '2', '8', 'k', '7', '5', '}'};btn.setOnClickListener(new View.OnClickListener() { // from class: com.example.findit.MainActivity.1@Override // android.view.View.OnClickListenerpublic void onClick(View v) {char[] x = new char[17];char[] y = new char[38];for (int i = 0; i < 17; i++) {if ((a[i] < 'I' && a[i] >= 'A') || (a[i] < 'i' && a[i] >= 'a')) {x[i] = (char) (a[i] + 18);} else if ((a[i] >= 'A' && a[i] <= 'Z') || (a[i] >= 'a' && a[i] <= 'z')) {x[i] = (char) (a[i] - '\b');} else {x[i] = a[i];}}String m = String.valueOf(x);if (m.equals(edit.getText().toString())) {for (int i2 = 0; i2 < 38; i2++) {if ((b[i2] >= 'A' && b[i2] <= 'Z') || (b[i2] >= 'a' && b[i2] <= 'z')) {y[i2] = (char) (b[i2] + 16);if ((y[i2] > 'Z' && y[i2] < 'a') || y[i2] >= 'z') {y[i2] = (char) (y[i2] - 26);}} else {y[i2] = b[i2];}}String n = String.valueOf(y);text.setText(n);return;}text.setText("答案错了肿么办。。。不给你又不好意思。。。哎呀好纠结啊~~~");}});}@Override // android.app.Activitypublic boolean onOptionsItemSelected(MenuItem item) {int id = item.getItemId();if (id == R.id.action_settings) {return true;}return super.onOptionsItemSelected(item);}}
分析上述代码,
直接比对上面代码依葫芦画瓢编写C++代码
#include<iostream>using namespace std;int main() {char a[] = {'T', 'h', 'i', 's', 'I', 's', 'T', 'h', 'e', 'F', 'l', 'a', 'g', 'H', 'o', 'm', 'e'};char b[] = {'p', 'v', 'k', 'q', '{', 'm', '1', '6', '4', '6', '7', '5', '2', '6', '2', '0', '3', '3', 'l', '4', 'm','4', '9', 'l', 'n', 'p', '7', 'p', '9', 'm', 'n', 'k', '2', '8', 'k', '7', '5', '}'};int x[17] = {0};int y[38] = {0};for (int i = 0; i < 17; i++) {if ((a[i] < 'I' && a[i] >= 'A') || (a[i] < 'i' && a[i] >= 'a')) {x[i] = (char) (a[i] + 18);} else if ((a[i] >= 'A' && a[i] <= 'Z') || (a[i] >= 'a' && a[i] <= 'z')) {x[i] = (char) (a[i] - '\b');} else {x[i] = a[i];}}for (int i = 0; i < 17; i++)cout << (char) x[i];putchar('\n');for (int i2 = 0; i2 < 38; i2++) {if ((b[i2] >= 'A' && b[i2] <= 'Z') || (b[i2] >= 'a' && b[i2] <= 'z')) {y[i2] = (b[i2] + 16); //特别注意:此处使用(char)容易超出有效的字符范围,导致字符溢出或乱码if ((y[i2] > 'Z' && y[i2] < 'a') || y[i2] >= 'z') {y[i2] = (char) (y[i2] - 26);}} else {y[i2] = b[i2];}}for (int i = 0; i < 38; i++)cout << (char) y[i];return 0;}
避坑指南
1.
int x[17] = {0};int y[38] = {0};
这里的 x y 数组要用整型 int ,如果用 char 数据会越界,出现乱码。
2.
在某些情况下,(char) (b[i2] + 16) 的结果可能会超出有效的字符范围,导致字符溢出或乱码。这是因为加法运算可能使字符的 ASCII 值超出表示字符的范围。
在这种情况下,你可以考虑使用无符号字符(unsigned char)类型,以确保不会发生符号溢出问题。这是因为char的默认是有符号类型,如果发生溢出,可能导致负数的结果。
y[i2] = static_cast<unsigned char>(b[i2] + 16);在这里,使用static_cast<unsigned char>将 b[i2] + 16 的结果转换为无符号字符,以避免符号溢出问题。
flag{c164675262033b4c49bdf7f9cda28a75}
文章来源: http://mp.weixin.qq.com/s?__biz=MzU1Mjk3MDY1OA==&mid=2247508624&idx=1&sn=0a206eff3a6c1c270ed63c302cd65a80&chksm=fbfb125dcc8c9b4b4d7526296226ebf1e06e444b3afb3ee87abfd6a87c3a408ffb7f22b97479&scene=0&xtrack=1#rd
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh