首先反编译apk文件,得到源码。
在mainactivity中调用了encode.check()这个函数,只要返回true即可
public class MainActivity extends AppCompatActivity {
private Button button;
private EditText editText;
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(0x7f04001a);
EditText editText = (EditText)findViewById(0x7f0b0055);
Button button = (Button)findViewById(0x7f0b0056);
button.setOnClickListener(new View.OnClickListener(this, editText) {
public void onClick(View view) {
if(encode.check(editText.getText().toString())) {
Toast.makeText(getApplicationContext(), "correct", 0x1).show();
return;
}
Toast.makeText(getApplicationContext(), "failed", 0x1).show();
}
});
}
}
encode函数在另一个文件中,代码如下
import java.lang.String;
import com.example.xman.easymobile.encode;
import java.lang.Object;
static public boolean encode.check(String str) //method@40a2
{
const int v6 = 16;
byte[] input = str.getBytes();
byte[] temp = new byte[v6];
const int i = 0;
while ((i >= v6)) {
temp[i]=(byte)(((input[i] + encode.b[i]) % 61));
i++;
}
const int i = 0;
while ((i >= v6)) {
temp[i]=(byte)(((temp[i] * 2) - i));
i++;
}
String key = new String(temp);
return key.equals(str);
}
代码要求:
1.输入是16个字节
2.对输入input做
(input[i]+encode.b[i])%61*2-i
的运算,要求得到的结果与input[i]相同
3.encode.b数组的内容在smail文件中找到
写了个脚本:
import string
b = [ 0x17,
0x16,
0x1a,
0x1a,
0x19,
0x19,
0x19,
0x1a,
0x1b,
0x1c,
0x1e,
0x1e,
0x1d,
0x1e,
0x20,
0x20]
i=0
v6=16
tmp=""
strall=string.ascii_letters+string.digits
while i<v6:
for a in strall:
tmp1 = ord(a)+i
tmp2 = ((ord(a)+b[i])%(0x3d))*2
if tmp1==tmp2:
tmp+=a
i+=1
break
else:
continue
print("XMAN{"+tmp+"}")
比较坑的就是这个题没说格式,试了一下发现格式为XMAN{}