zoukankan      html  css  js  c++  java

  • 攻防世界APK-逆向2

    虚假的APK,权当我学习python了:

    net程序一个:

    dnspy分析源码: 主逻辑就三,先读取自己,然后search关键字符串得到最后输出

    using System;
using System.Diagnostics;
using System.IO;
using System.Net.Sockets;
using System.Text;

namespace Rev_100
{
    // Token: 0x02000002 RID: 2
    internal class Program
    {
        // Token: 0x06000001 RID: 1 RVA: 0x00002050 File Offset: 0x00000250
        private static void Main(string[] args)
        {
            string hostname = "127.0.0.1";
            int port = 31337;
            TcpClient tcpClient = new TcpClient();
            try
            {
                Console.WriteLine("Connecting...");
                tcpClient.Connect(hostname, port);
            }
            catch (Exception)
            {
                Console.WriteLine("Cannot connect!
Fail!");
                return;
            }
            Socket client = tcpClient.Client;
            string text = "Super Secret Key";   //硬编码字符
            string text2 = Program.read();       //调用read函数得到text2
            client.Send(Encoding.ASCII.GetBytes("CTF{"));
            foreach (char x in text)  //
            {
                client.Send(Encoding.ASCII.GetBytes(Program.search(x, text2)));  //text2里面搜索text1里面的字符串
            }
            client.Send(Encoding.ASCII.GetBytes("}"));
            client.Close();
            tcpClient.Close();
            Console.WriteLine("Success!");
        }

        // Token: 0x06000002 RID: 2 RVA: 0x0000213C File Offset: 0x0000033C
        private static string read()
        {
            string fileName = Process.GetCurrentProcess().MainModule.FileName;   //获取当前进程
            string[] array = fileName.Split(new char[]
            {
                '\'
            });
            string path = array[array.Length - 1];
            string result = "";
            using (StreamReader streamReader = new StreamReader(path))  
            {
                result = streamReader.ReadToEnd();   //读取整个文件
            }
            return result;
        }

        // Token: 0x06000003 RID: 3 RVA: 0x000021B0 File Offset: 0x000003B0
        private static string search(char x, string text)
        {
            int length = text.Length;
            for (int i = 0; i < length; i++)
            {
                if (x == text[i])
                {
                    int value = i * 1337 % 256;   //如果字符存在就下标变换一下得到返回
                    return Convert.ToString(value, 16).PadLeft(2, '0'); //uincode输出
                }
            }
            return "??";
        }
    }
}

    keygen:

    # coding=gbk  
text='Super Secret Key'
text2 = open('D:\4122e391e1574335907f8e2c4f438d0e.exe','r',encoding = 'unicode-escape').read()
flag = ""
num = len(text2)
def search(i,text2,num):
    for j in range(0,num):
        if i == text2[j]:
            x = j * 1337 % 256
            return '%02x' % x
for i in text:
    flag += search(i,text2,num)

print("CTF{"+ flag + '}')

    CTF{7eb67b0bb4427e0b43b40b6042670b55}
  • 相关阅读:
    Android SHA1与Package获取方式
    《C++语言基础》实践參考——数组作数据成员
    Linux进程间通信——使用共享内存
    Java中ArrayList和LinkedList差别
    hdu1695(莫比乌斯)或欧拉函数+容斥
    Android学习路线(二十四)ActionBar Fragment运用最佳实践
    HTML——使用表格对表单进行布局
    Nginx 訪问日志增长暴增出现尖刀的具体分析
    基于特定值来推断隐藏显示元素的jQuery插件
    怎样配置PHP环境和安装Zendstdio编辑器
  • 原文地址:https://www.cnblogs.com/jentleTao/p/12665406.html
Copyright © 2011-2022 走看看