因为本人是菜鸟,所以由简单但难的做了
[61dctf]androideasy
没什么可说的,直接反汇编打求一下密码
#_*_coding:utf-8_*_
a=[113, 123, 118, 112, 108, 94, 99, 72, 38, 68, 72, 87, 89, 72, 36, 118, 100, 78, 72, 87, 121, 83, 101, 39, 62, 94, 62, 38, 107, 115, 106]
flag=''
for i in a:
flag+=chr(i^0x17)
print flag
[61dctf]stheasy
反汇编直接了当
直接上程序了
#_*_coding:utf-8_*_
s='lk2j9Gh}AgfY4ds-a6QW1#k5ER_T[cvLbV7nOm3ZeX{CMt8SZo]U'
a=[0x48,0x5D,0x8D,0x24,0x84,0x27,0x99,0x9F,0x54,0x18,0x1E,0x69,0x7E,0x33,0x15,0x72,0x8D,0x33,0x24,0x63,0x21,0x54,0x0C,0x78,0x78,0x78,0x78,0x78,0x1b]
flag=''
for i in a:
flag+=s[i/3-2]
print flag
DD - Android Easy
打开以后也是很简单的匹配,直接上脚本了
#_*_coding:utf-8_*_
q=[-57, -90, 53, -71, -117, 98, 62, 98, 101, -96, 36, 110, 77, -83,
-121, 2, -48, 94, -106, -56, -49, -80, -1, 83, 75, 66, -44, 74, 2, -36, -42, -103, 6,
-115, -40, 69, -107, 85, -78, -49, 54, 78, -26, 15, 98, -70, 8, -90, 94, -61, -84, 64,
112, 51, -29, -34, 126, -21, -126, -71, -31, -24, -60, -2, -81, 66, -84, 85, -91, 10,
84, 70, -8, -63, 26, 126, -76, -104, -123, -71, -126, -62, -23, 11, -39, 70, 14, 59,
-101, -39, -124, 91, -109, 102, -49, 21, 105, 0, 37, -128, -57, 117, 110, -115, -86,
56, 25, -46, -55, 7, -125, 109, 76, 104, -15, 82, -53, 18, -28, -24]
p=[-40, -62, 107, 66, -126, 103, -56, 77, 122, -107, -24, -127, 72,
-63, -98, 64, -24, -5, -49, -26, 79, -70, -26, -81, 120, 25, 111, -100, -23, -9, 122,
-35, 66, -50, -116, 3, -72, 102, -45, -85, 0, 126, -34, 62, 83, -34, 48, -111, 61, -9,
-51, 114, 20, 81, -126, -18, 27, -115, -76, -116, -48, -118, -10, -102, -106, 113, -104,
98, -109, 74, 48, 47, -100, -88, 121, 22, -63, -32, -20, -41, -27, -20, -118, 100, -76,
70, -49, -39, -27, -106, -13, -108, 115, -87, -1, -22, -53, 21, -100, 124, -95, -40,
62, -69, 29, 56, -53, 85, -48, 25, 37, -78, 11, -110, -24, -120, -82, 6, -94, -101]
tmp=[]
flag=''
for i in range(len(q)):
tmp.append(p[i]^q[i])
pos=tmp[0]
temp=0
while True:
if tmp[pos+temp]==0:
break
temp+=1
for i in range(temp):
flag+=chr(tmp[pos+i])
print flag
DD - Hello
这个题目还是坑到了我了…主要还是我太菜了…
看到源代码貌似什么都没有,实际上隐藏了一个进程来着,关键代码如下
但是那个第七行我死活看懂,因为是他的内容来着,64位相减不是0嘛..知道后眼泪留下来啊!居然是取地址…对啊!没有星号啊…然后被坑的就是,原来我们的移位运算符运算顺序在减法之后…嗯…然后就知道怎么做了…坑…上代码
#_*_coding:utf-8_*_
a=[0x41,0x10,0x11,0x11,0x1B,0x0A,0x64,0x67,0x6A,0x68,0x62,0x68,0x6E,0x67,0x68,0x6B,0x62,0x3D,0x65,0x6A,0x6A,0x3D,0x68,0x4,0x5,0x8,0x3,0x2,0x2,0x55,0x8,0x5D,0x61,0x55,0x0A,0x5F,0x0D,0x5D,0x61,0x32,0x17,0x1D,0x19,0x1F,0x18,0x20,0x4,0x2,0x12,0x16,0x1E,0x54,0x20,0x13,0x14]
num=(0x0000000100000CB0-0x0000000100000C90>>2)^a[0]
flag=''
temp=0
for i in range(55):
flag+=chr((a[i]-2)^num)
num+=1
print flag[1:]
爬楼梯
这个题目着实是小小的惊艳了我一把,之前没怎么接触过安卓,没什么经验,现在了解到了可以修改安卓的apk数据,大呼神奇。做安卓题的时候一定不要偷懒不看软件到底实在干什么的(这次我就犯了这个错误),这个题目就是一个爬楼梯的简单软件
首先用jeb反汇编一下看到代码如下
看一下发现当我们的已爬楼梯数小于要爬楼梯数时候是可以点击的,但是在小于的情况下想要打开看FLAG是会被组织的。
具体我们看他的smail(就相当于看c语言的汇编指令)