APK-逆向2
打开是.exe文件,随意输入后闪退
拖进ida
发现是.NET文件,用dnSpy打开,main函数:
// Rev_100.Program
// Token: 0x06000001 RID: 1 RVA: 0x00002050 File Offset: 0x00000250
private static void Main(string[] args)
{
string hostname = "127.0.0.1";//ip地址
int port = 31337;//端口
TcpClient tcpClient = new TcpClient();
try
{
Console.WriteLine("Connecting...");//连接ip和端口
tcpClient.Connect(hostname, port);
}
catch (Exception)
{
Console.WriteLine("Cannot connect!\nFail!");
return;
}
Socket client = tcpClient.Client;
string text = "Super Secret Key";
string text2 = Program.read();
client.Send(Encoding.ASCII.GetBytes("CTF{"));
foreach (char x in text)
{
client.Send(Encoding.ASCII.GetBytes(Program.search(x, text2)));
}
client.Send(Encoding.ASCII.GetBytes("}"));
client.Close();
tcpClient.Close();
Console.WriteLine("Success!");
}
ip=127.0.0.1
port=31337
"Super Secret Key"要经过read函数读取,再经过search函数变换
// Rev_100.Program
// Token: 0x06000003 RID: 3 RVA: 0x000021B0 File Offset: 0x000003B0
private static string search(char x, string text)
{
int length = text.Length;
for (int i = 0; i < length; i++)
{
if (x == text[i])
{
int value = i * 1337 % 256;
return Convert.ToString(value, 16).PadLeft(2, '0');
}
}
return "??";
}
def search(x,text):
for i in range(len(text)):
if x==text[i]:
value=i*1337%256
return'%02x' % (value)
f=open(r'D:/安卓逆向/4122e391e1574335907f8e2c4f438d0e.exe','r',encoding = 'unicode-escape')
text2=f.read()
f.close()
text='Super Secret Key'
flag=''
for i in text:
flag+=search(i,text2)
print(flag)
打开文件时,记得用“/”,直接复制文件地址是“\”,运行得
7eb67b0bb4427e0b43b40b6042670b55
最终提交CTF{7eb67b0bb4427e0b43b40b6042670b55}
第二种,借用python的开通模块服务
import http.server
server_address = ('127.0.0.1', 31337)
handler_class = http.server.BaseHTTPRequestHandler
httpd = http.server.HTTPServer(server_address, handler_class)
httpd.serve_forever()
运行代码,再运行程序
127.0.0.1 - - [18/Aug/2021 23:31:40] code 400, message Bad request syntax ('CTF{7eb67b0bb4427e0b43b40b6042670b55}')
127.0.0.1 - - [18/Aug/2021 23:31:40] "CTF{7eb67b0bb4427e0b43b40b6042670b55}" 400 -