题目链接:https://buuoj.cn/challenges#findit
题目是个.apk文件,拖进gzl,看看java源码
flag长度要大于等于38位,所以flag应该在"paramAnonymousView"数组里,这个数组里的内容是通过"this.val$b"进行加密得到的。在gzl可以用看到有两个数组。
上面那个数组是"ThisIsTheFlagHome",就是java源码中的this.val$a
下面那个数组是"pvkq{m164675262033l4m49lnp7p9mnk28k75}",就是java源码中的this.val$b,是我们需要的
写个脚本跑一下,出flag
str= [0x70,0x76,0x6b,0x71,0x7b,0x6d,0x31,0x36,0x34,0x36,0x37,0x35,0x32,0x36,0x32,0x30,0x33,0x33,0x6c,
0x34,0x6d,0x34,0x39,0x6c,0x6e,0x70,0x37,0x70,0x39,0x6d,0x6e,0x6b,0x32,0x38,0x6b,0x37,0x35,0x7d,]
flag =""
for i in str:
if (i >= ord("a") and i <= ord("z")):
i += 0o20
if (i >= ord("z")):
flag += chr(i-0o32)
else:
flag += chr(i)
print(flag)
flag:flag{c164675262033b4c49bdf7f9cda28a75}