Java静态分析
题目地址: https://github.com/ctf-wiki/c...
public void confirm(View v) { String first = String.valueOf(getSig(getPackageName())); if (("0CTF{" + first + getCrc() + "}").equals(this.et.getText().toString())) { Toast.makeText(this, "Yes!", 0).show(); } else { Toast.makeText(this, "0ops!", 0).show(); } }
flag: "0CTF{" + first + getCrc() + "}"
String first = String.valueOf(getSig(getPackageName()));
private int getSig(String packageName) { int sig = 0; try { return getPackageManager().getPackageInfo(packageName, 64).signatures[0].toCharsString().hashCode(); } catch (Exception e) { e.printStackTrace(); return sig; } }
通过编写一个app可以获得该app签名
MainActivity.java
package com.iromise.getsignature; import android.content.pm.PackageInfo; import android.content.pm.PackageManager; import android.content.pm.Signature; import android.support.v7.app.AppCompatActivity; import android.os.Bundle; import android.text.TextUtils; import android.util.Log; import android.widget.Toast; public class MainActivity extends AppCompatActivity { private StringBuilder builder; public void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); setContentView(R.layout.activity_main); PackageManager manager = getPackageManager(); builder = new StringBuilder(); String pkgname = "com.ctf.vezel"; boolean isEmpty = TextUtils.isEmpty(pkgname); if (isEmpty) { Toast.makeText(this, "应用程序的包名不能为空!", Toast.LENGTH_SHORT); } else { try { PackageInfo packageInfo = manager.getPackageInfo(pkgname, PackageManager.GET_SIGNATURES); Signature[] signatures = packageInfo.signatures; Log.i("hashcode", String.valueOf(signatures[0].toCharsString().hashCode())); } catch (PackageManager.NameNotFoundException e) { e.printStackTrace(); } } } }
从log中过滤出
07-18 11:05:11.895 16124-16124/? I/hashcode: -183971537
获得 class.dex 的CRC
编写代码
import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.IOException; import java.util.zip.CRC32; import java.util.zip.CheckedInputStream; public class crc { public static void main(String[] args) { if (args.length < 1) { System.out.println("Usage: java crc <file>"); System.exit(-1); } System.out.println(args[0]); String path = args[0]; String crc = loadCRC32(path); System.out.println("HEX:" + crc); System.out.println("DEC:"+ Integer.parseInt(crc,16)); } public static String loadCRC32(String filePath) { CRC32 crc32 = new CRC32(); FileInputStream inputStream = null; CheckedInputStream checkedinputstream = null; String crcStr = null; try { inputStream = new FileInputStream(new File(filePath)); checkedinputstream = new CheckedInputStream(inputStream, crc32); while (checkedinputstream.read() != -1) { } crcStr = Long.toHexString(crc32.getValue()).toUpperCase(); } catch (FileNotFoundException e) { e.printStackTrace(); } catch (IOException e) { e.printStackTrace(); } finally { if (inputStream != null) { try { inputStream.close(); } catch (IOException e2) { e2.printStackTrace(); } } if (checkedinputstream != null) { try { checkedinputstream.close(); } catch (IOException e) { e.printStackTrace(); } } } return crcStr; } }
java crc vezel/classes.dex vezel/classes.dex HEX:46E26557 DEC:1189242199
0CTF{-1839715371189242199}