Recently I am learning CTF, and occasionally I will do some CTF exercises. I plan to record the steps and ideas of doing the exercises. Xiaobai who plans to learn CTF can learn with his hands. Android.
The title adworld.xctf.org.cn/media/task/ apk download address…
After downloading it, rename it easy-apk.apk.
Jeb decompilation is used. This time, JEB 3.19 is used. The cracked version can be downloaded on the Internet and can also be obtained by replying to JEB on the official account
Drag the APK file to a JEB window for decompilation
After decomcompiling, click MainActivity to see the code logic on the main screen.
Look for the website that decodes base64 on line directly on the net, it is garbled after discovery decoder
www.base64decode.org/
To see how base64 is encoded in the code again, double-click the Base64Encode method to see the corresponding code.
Here is a brief description of the principle of Base64 encoding. In the process of parameter transmission, we often encounter a situation: there is no problem in using English, but there will be garbled codes once Chinese is involved. Similarly, not all characters transferred over the network are printable characters, such as binary files, pictures, and so on. Base64 is a way to represent binary data based on 64 printable characters to solve this problem. Base64 encoded data will be only 64 characters in the index table below.
The first step is to divide the string to be converted into groups of three bytes, each of which is 8 bits, so there are 24 binary bits. The second step is to divide the 24 bits into four groups of six. The third step is to add two zeros to the front of each group. Each group changes from six to eight bits, for a total of 32 bits, or four bytes. In the fourth step, the values of these four bytes are obtained according to the Base64 encoding comparison table (above). If the number of bytes is less than three, the = sign will be added
For example the binary value of 1, 2, 3, 3 data, converted into base64 encoding process below 00000001000001, 0000001, 1 / / / / binary values of the above 24 bits per 6 a set, which is divided into four groups. 000000010 000001 000000 011 / / in front of each group to add two 0, each group from six to eight bits, a total of 32 bits, namely four bytes. Four bytes, 00000000000000, 0000100, 0000001 1 / / this value according to the Base64 encoding table (above) to obtain the corresponding / / the corresponding decimal number respectively 0,16,8,3 / / look-up table 0 – > A 16 – > Q 8 – > I 3 -> D // base64 encoding results in AQID in the title, the base64 encoding uses A custom index table, such as v instead of A, w instead of B. So we need to switch back and do normal Base64 decoding. After the custom code value is as follows, 5 rff7e2k6rqn7hpiyush7e6s5fjg6rsi5nbf6ngt5rs = characters, for example, such as r r character for custom index table 4 characters, contrast the original index table is D, r so want to convert into D. For other characters, you can convert them using the following Python code: And the flag # coding = utf-8 import base64 import stringstr1 = “5 rff7e2k6rqn7hpiyush7e6s5fjg6rsi5nbf6ngt5rs =” string1 = “vwxrstuopq34567ABCDEFGHIJyz012PQRSTKLMNOZabcdUVWXYefghijklmn89+/” string2 = “ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/” str2 = str1.translate(str.maketrans(string1,string2)) Print (” base64.b64decode(str2) “) print(“flag:”)
Flag value is: 05397 c42f9b6da593a3644162d36eb01 finally: I hope you thumb up with attention, can add WeChat: gogquick