直奔入口MainActivity.java,看一下onClick后干了啥
if(Base64Encode(inputVal.getBytes()).equals("5rFf7E2K6rqN7Hpiyush7E6S5fJg6rsi5NBf6NGT5rs=")){
pass...
}else{
wrong...
}
要通过自定义Base64编码之后的字符 = 5rFf7E2K6rqN7Hpiyush7E6S5fJg6rsi5NBf6NGT5rs=
看一眼Base64New.Base64Encode()
public class Base64New {
private static final int RANGE = 255;
private static final char[] Base64ByteToStr = {'v', 'w', 'x', 'r', 's', 't', 'u', 'o', 'p', 'q', '3', '4', '5', '6', '7', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'y', 'z', '0', '1', '2', 'P', 'Q', 'R', 'S', 'T', 'K', 'L', 'M', 'N', 'O', 'Z', 'a', 'b', 'c', 'd', 'U', 'V', 'W', 'X', 'Y', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', '8', '9', '+', '/'};
private static byte[] StrToBase64Byte = new byte[128];
public String Base64Encode(byte[] bytes) {
StringBuilder res = new StringBuilder();
for (int i = 0; i <= bytes.length - 1; i += 3) {
byte[] enBytes = new byte[4];
byte tmp = 0;
for (int k = 0; k <= 2; k++) {
if (i + k <= bytes.length - 1) {
enBytes[k] = (byte) (((bytes[i + k] & 255) >>> ((k * 2) + 2)) | tmp);
tmp = (byte) ((((bytes[i + k] & 255) << (((2 - k) * 2) + 2)) & 255) >>> 2);
} else {
enBytes[k] = tmp;
tmp = 64;
}
}
enBytes[3] = tmp;
for (int k2 = 0; k2 <= 3; k2++) {
if (enBytes[k2] <= 63) {
res.append(Base64ByteToStr[enBytes[k2]]);
} else {
res.append('=');
}
}
}
return res.toString();
}
}
通过XCTF Easy-JNI这题,我们已经很清楚了,这就是更换了码表的base64,那么按照之前那道题的方法,更换码表再解码回去就好了
python脚本
chars = ('v', 'w', 'x', 'r', 's', 't', 'u', 'o', 'p', 'q', '3', '4', '5', '6', '7', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'y', 'z', '0', '1', '2', 'P', 'Q', 'R', 'S', 'T', 'K', 'L', 'M', 'N', 'O', 'Z', 'a', 'b', 'c', 'd', 'U', 'V', 'W', 'X', 'Y', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', '8', '9', '+', '/')
def base64_decode(cipher_input):
# 定义64个字母字符串
letters = ''.join(chars)
# 接收base64密文输入
cipher = cipher_input
# 计算密文中=号数量
number_cut = cipher.count('=')
# 逐个输出密文在letters字符串中序号二进制码
ascii_64 = ['{:0>6}'.format(bin(letters.index(i)).replace('0b', '')) for i in cipher if i != '=']
# 补充=号对应的二进制字节
ascii_string = ''.join(ascii_64) + '0' * 6 * number_cut
# 按照8字节一组计算十进制后求出对应的ascii码字符
ascii_8 = [chr(int(ascii_string[x:x + 8], 2)) for x in range(0, len(ascii_string), 8)]
# 返回明文字符串
plain_text = ''.join(ascii_8[0:len(ascii_8) - number_cut])
return plain_text
print(base64_decode("5rFf7E2K6rqN7Hpiyush7E6S5fJg6rsi5NBf6NGT5rs="))
"""
05397c42f9b6da593a3644162d36eb01
"""
答案:flag{05397c42f9b6da593a3644162d36eb01}