这是个Android逆向题,没有涉及到.so
应该算简单的吧,但是我对那些加密的API还不熟。
参考:
https://github.com/Sinkmanu/CTF/blob/master/BSidesSF-2017-pinlock-150.java
https://advancedpersistentjest.com/2017/02/14/writeup-pinlock-bsides-san-francisco/
原来对于这种.db
的数据库文件可以用sqlite3 xxx.db
来查看。当然文本应该也可以查看但是不方便。
root@kali:~/repos/CTF/BSides-CTF-2017# wget https://github.com/youben11/BSides-San-Francisco-CTF-2017/raw/master/pinstore.apk
root@kali:~/repos/CTF/BSides-CTF-2017# ls
pinstore.apk
root@kali:~/repos/CTF/BSides-CTF-2017# file pinstore.apk
pinstore.apk: Java archive data (JAR)
root@kali:~/repos/CTF/BSides-CTF-2017# unzip pinstore.apk
root@kali:~/repos/CTF/BSides-CTF-2017# ls
AndroidManifest.xml assets classes.dex META-INF pinstore.apk res resources.arsc
root@kali:~/repos/CTF/BSides-CTF-2017# mkdir pinstore
root@kali:~/repos/CTF/BSides-CTF-2017# mv AndroidManifest.xml assets classes.dex META-INF res resources.arsc pinstore/
root@kali:~/repos/CTF/BSides-CTF-2017# ls
pinstore pinstore.apk
root@kali:~/repos/CTF/BSides-CTF-2017# cd pinstore/
root@kali:~/repos/CTF/BSides-CTF-2017/pinstore# ls
AndroidManifest.xml assets classes.dex META-INF res resources.arsc
root@kali:~/repos/CTF/BSides-CTF-2017/pinstore# cd assets/
root@kali:~/repos/CTF/BSides-CTF-2017/pinstore/assets# ls
pinlock.db README
root@kali:~/repos/CTF/BSides-CTF-2017/pinstore/assets# cat README
v1.0:
- Pin database with hashed pins
v1.1:
- Added AES support for secret
v1.2:
- Derive key from pin
[To-do: switch to the new database]root@kali:~/repos/CTF/BSides-CTF-2017/pinstore/assets#
root@kali:~/repos/CTF/BSides-CTF-2017/pinstore/assets# which sqlite3
/usr/bin/sqlite3
root@kali:~/repos/CTF/BSides-CTF-2017/pinstore/assets# file pinlock.db
pinlock.db: SQLite 3.x database, last written using SQLite version 3011000
root@kali:~/repos/CTF/BSides-CTF-2017/pinstore/assets# sqlite3 pinlock.db
SQLite version 3.16.2 2017-01-06 16:32:41
Enter ".help" for usage hints.
sqlite> SELECT pin FROM pinDB;
d8531a519b3d4dfebece0259f90b466a23efc57b
sqlite> SELECT entry FROM secretsDBv1;
hcsvUnln5jMdw3GeI4o/txB5vaEf1PFAnKQ3kPsRW2o5rR0a1JE54d0BLkzXPtqB
sqlite> SELECT entry FROM secretsDBv2;
Bi528nDlNBcX9BcCC+ZqGQo1Oz01+GOWSmvxRj7jg1g=
sqlite> SELECT * FROM secretsDBv2;
1|Bi528nDlNBcX9BcCC+ZqGQo1Oz01+GOWSmvxRj7jg1g=
sqlite> SELECT * FROM secretsDBv1;
1|hcsvUnln5jMdw3GeI4o/txB5vaEf1PFAnKQ3kPsRW2o5rR0a1JE54d0BLkzXPtqB
然后是writeup
root@kali:~/repos/CTF/BSides-CTF-2017# wget https://raw.githubusercontent.com/Sinkmanu/CTF/master/BSidesSF-2017-pinlock-150.java
root@kali:~/repos/CTF/BSides-CTF-2017# mv BSidesSF-2017-pinlock-150.java Bsides.java
root@kali:~/repos/CTF/BSides-CTF-2017# javac Bsides.java
root@kali:~/repos/CTF/BSides-CTF-2017# ls
Bsides.class Bsides.java pinstore pinstore.apk
root@kali:~/repos/CTF/BSides-CTF-2017# java Bsides.class
Error: Could not find or load main class Bsides.class
root@kali:~/repos/CTF/BSides-CTF-2017# java Bsides
[*] SecretsDBv1 (encrypted): hcsvUnln5jMdw3GeI4o/txB5vaEf1PFAnKQ3kPsRW2o5rR0a1JE54d0BLkzXPtqB
[*] SecretsDBv1 (decrypted): Here is what the data will look like
[*] SecretsDB2 (encrypted): Bi528nDlNBcX9BcCC+ZqGQo1Oz01+GOWSmvxRj7jg1g=
[+] Flag: Flag:OnlyAsStrongAsWeakestLink
用到的在线工具:
https://www.onlinehashcrack.com/hash-identification.php
http://hashtoolkit.com/reverse-hash/?hash=d8531a519b3d4dfebece0259f90b466a23efc57b