RememberOther
下载是个压缩包,里面有个APK和word文档
word文档:(先放着)
APK拖进模拟器,输入错误显示无效用户名或注册码
JEB分析MainActivity,其中onCreate
方法中将edit_userName
和edit_sn
调用checkSN
函数
public void onCreate(Bundle arg3) {
super.onCreate(arg3);
this.setContentView(0x7F030000);
this.setTitle(0x7F05000A);
this.edit_userName = this.findViewById(0x7F080001);
this.edit_sn = this.findViewById(0x7F080002);
this.btn_register = this.findViewById(0x7F080003);
this.btn_register.setOnClickListener(new View$OnClickListener() {
public void onClick(View arg5) {
if(!MainActivity.this.`checkSN`(MainActivity.this.edit_userName.getText().toString().trim(), MainActivity.this.edit_sn.getText().toString().trim())) {
Toast.makeText(MainActivity.this, 0x7F05000B, 0).show();
}
else {
Toast.makeText(MainActivity.this, 0x7F050008, 0).show();
MainActivity.this.btn_register.setEnabled(false);
MainActivity.this.setTitle(0x7F050006);
}
}
});
}
查看checkSN
函数:如果注册码和用户名都显示空,则返回false,接着调用MD5算法,返回16进制字符串,将奇数位上的字符组成字符串与注册码进行比较。。
private boolean checkSN(String arg12, String arg13) {
boolean v7 = true;
try {
if(arg12.length() == 0 && arg13.length() == 0) {
return v7;
}
if(arg12 == null || arg12.length() == 0) {
return false;
}
if(arg13 == null || arg13.length() != 16) {
return false;
}
MessageDigest v1 = MessageDigest.getInstance("MD5");
v1.reset();
v1.update(arg12.getBytes());
String v3 = MainActivity.toHexString(v1.digest(), "");
StringBuilder v5 = new StringBuilder();
int v4;
for(v4 = 0; v4 < v3.length(); v4 += 2) {
v5.append(v3.charAt(v4));
}
if(v5.toString().equalsIgnoreCase(arg13)) {
return v7;
}
}
catch(NoSuchAlgorithmException v2) {
goto label_41;
}
return false;
label_41:
v2.printStackTrace();
return false;
}
不知道是哪个调用了MD5算法,就将用户名和注册码都为空尝试一下
结果跳出了md5:b3241668ecbeb19921fdac5ac1aafa69
也可以直接在AndroidKiller中搜索MD5查找到字符串
MD5解密链接
输入flag不对,要结合word文档里的不懂安卓,所以最终flag{YOU_KNOW_ANDROID}