【逆向分析】BUUCTF 逆向题目 findit

【逆向分析】BUUCTF 逆向题目 findit
BUUCTF 逆向题目 findit题目地址：https://buuoj.cn/challenges#findithttps://files.buuoj.cn/files/41f7c51e14897f 2023-12-10 03:14:18 Author: 利刃信安攻防实验室(查看原文) 阅读量:22 收藏

BUUCTF 逆向题目 findit

题目地址：

https://buuoj.cn/challenges#findit

https://files.buuoj.cn/files/41f7c51e14897f707e3855352e386da1/6a428ff2-25d7-403c-b28e-3f980a10a5a2.apk.zip

差生文具多，比拼工具的时候到了

综合对比下，选用jadx-gui

package com.example.findit;
import android.os.Bundle;import android.support.v7.app.ActionBarActivity;import android.view.MenuItem;import android.view.View;import android.widget.Button;import android.widget.EditText;import android.widget.TextView;
/* loaded from: classes.dex */public class MainActivity extends ActionBarActivity {    /* JADX INFO: Access modifiers changed from: protected */    @Override // android.support.v7.app.ActionBarActivity, android.support.v4.app.FragmentActivity, android.app.Activity    public void onCreate(Bundle savedInstanceState) {        super.onCreate(savedInstanceState);        setContentView(R.layout.activity_main);        Button btn = (Button) findViewById(R.id.widget3);        final EditText edit = (EditText) findViewById(R.id.widget2);        final TextView text = (TextView) findViewById(R.id.widget1);        final char[] a = {'T', 'h', 'i', 's', 'I', 's', 'T', 'h', 'e', 'F', 'l', 'a', 'g', 'H', 'o', 'm', 'e'};        final char[] b = {'p', 'v', 'k', 'q', '{', 'm', '1', '6', '4', '6', '7', '5', '2', '6', '2', '0', '3', '3', 'l', '4', 'm', '4', '9', 'l', 'n', 'p', '7', 'p', '9', 'm', 'n', 'k', '2', '8', 'k', '7', '5', '}'};        btn.setOnClickListener(new View.OnClickListener() { // from class: com.example.findit.MainActivity.1            @Override // android.view.View.OnClickListener            public void onClick(View v) {                char[] x = new char[17];                char[] y = new char[38];                for (int i = 0; i < 17; i++) {                    if ((a[i] < 'I' && a[i] >= 'A') || (a[i] < 'i' && a[i] >= 'a')) {                        x[i] = (char) (a[i] + 18);                    } else if ((a[i] >= 'A' && a[i] <= 'Z') || (a[i] >= 'a' && a[i] <= 'z')) {                        x[i] = (char) (a[i] - '\b');                    } else {                        x[i] = a[i];                    }                }                String m = String.valueOf(x);                if (m.equals(edit.getText().toString())) {                    for (int i2 = 0; i2 < 38; i2++) {                        if ((b[i2] >= 'A' && b[i2] <= 'Z') || (b[i2] >= 'a' && b[i2] <= 'z')) {                            y[i2] = (char) (b[i2] + 16);                            if ((y[i2] > 'Z' && y[i2] < 'a') || y[i2] >= 'z') {                                y[i2] = (char) (y[i2] - 26);                            }                        } else {                            y[i2] = b[i2];                        }                    }                    String n = String.valueOf(y);                    text.setText(n);                    return;                }                text.setText("答案错了肿么办。。。不给你又不好意思。。。哎呀好纠结啊~~~");            }        });    }
    @Override // android.app.Activity    public boolean onOptionsItemSelected(MenuItem item) {        int id = item.getItemId();        if (id == R.id.action_settings) {            return true;        }        return super.onOptionsItemSelected(item);    }}

分析上述代码，

直接比对上面代码依葫芦画瓢编写C++代码

#include<iostream>
using namespace std;
int main() {    char a[] = {'T', 'h', 'i', 's', 'I', 's', 'T', 'h', 'e', 'F', 'l', 'a', 'g', 'H', 'o', 'm', 'e'};    char b[] = {'p', 'v', 'k', 'q', '{', 'm', '1', '6', '4', '6', '7', '5', '2', '6', '2', '0', '3', '3', 'l', '4', 'm',                '4', '9', 'l', 'n', 'p', '7', 'p', '9', 'm', 'n', 'k', '2', '8', 'k', '7', '5', '}'};
    int x[17] = {0};    int y[38] = {0};

    for (int i = 0; i < 17; i++) {        if ((a[i] < 'I' && a[i] >= 'A') || (a[i] < 'i' && a[i] >= 'a')) {            x[i] = (char) (a[i] + 18);        } else if ((a[i] >= 'A' && a[i] <= 'Z') || (a[i] >= 'a' && a[i] <= 'z')) {            x[i] = (char) (a[i] - '\b');        } else {            x[i] = a[i];        }    }

    for (int i = 0; i < 17; i++)        cout << (char) x[i];
    putchar('\n');    for (int i2 = 0; i2 < 38; i2++) {        if ((b[i2] >= 'A' && b[i2] <= 'Z') || (b[i2] >= 'a' && b[i2] <= 'z')) {            y[i2] = (b[i2] + 16);  //特别注意：此处使用(char)容易超出有效的字符范围，导致字符溢出或乱码            if ((y[i2] > 'Z' && y[i2] < 'a') || y[i2] >= 'z') {                y[i2] = (char) (y[i2] - 26);            }        } else {            y[i2] = b[i2];        }    }

    for (int i = 0; i < 38; i++)        cout << (char) y[i];
    return 0;}

避坑指南

int x[17] = {0};int y[38] = {0};

这里的 x y 数组要用整型 int ，如果用 char 数据会越界，出现乱码。

在某些情况下，(char) (b[i2] + 16) 的结果可能会超出有效的字符范围，导致字符溢出或乱码。这是因为加法运算可能使字符的 ASCII 值超出表示字符的范围。

在这种情况下，你可以考虑使用无符号字符（unsigned char）类型，以确保不会发生符号溢出问题。这是因为char的默认是有符号类型，如果发生溢出，可能导致负数的结果。

y[i2] = static_cast<unsigned char>(b[i2] + 16);

在这里，使用static_cast<unsigned char>将 b[i2] + 16 的结果转换为无符号字符，以避免符号溢出问题。

flag{c164675262033b4c49bdf7f9cda28a75}

文章来源: http://mp.weixin.qq.com/s?__biz=MzU1Mjk3MDY1OA==&mid=2247508624&idx=1&sn=0a206eff3a6c1c270ed63c302cd65a80&chksm=fbfb125dcc8c9b4b4d7526296226ebf1e06e444b3afb3ee87abfd6a87c3a408ffb7f22b97479&scene=0&xtrack=1#rd
如有侵权请联系:admin#unsafe.sh