Android CTF Reverse-Engineering Android APK 1[binary][100]

最新推荐文章于 2024-06-29 17:45:23 发布

八六上山啦

最新推荐文章于 2024-06-29 17:45:23 发布

阅读量1.5k

点赞数

分类专栏： ctf思路文章标签： ctf

ctf思路专栏收录该内容

3 篇文章

订阅专栏

本文介绍了SECCON2015 CTF中一个逆向工程挑战题目的解决过程，涉及Android APK文件的分析与破解。通过对APK文件的反编译、源代码阅读及本地库的逆向分析，最终揭示了获胜条件并找到了通关密钥。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

[SECCON2015]Reverse-Engineering Android APK 1[binary][100]

6 DECEMBER 2015 ASCOPECTFLEAVE A COMMENT
SECCON 2015 – CTF [Jeopardy]

Reverse-Engineering Android APK 1 [binary] – 100 pts

DESCRIPTION OF THE CHALLENGE

Please win 1000 times in rock-paper-scissors
rps.apk
How do we solve it?

We download the apk and extract it :

~/Bureau/resapk » ls
AndroidManifest.xml META-INF classes.dex lib res resources.arsc
Then we open the jar file with JD-GUI and open the MainActivity source code :

private final Runnable showMessageTask = new Runnable()
{
public void run()
{
TextView localTextView = (TextView)MainActivity.this.findViewById(2131492946);
MainActivity localMainActivity;
if (MainActivity.this.n – MainActivity.this.m == 1)
{
localMainActivity = MainActivity.this;
localMainActivity.cnt += 1;
localTextView.setText(“WIN! +” + String.valueOf(MainActivity.this.cnt));
}
while (true)
{
if (1000 == MainActivity.this.cnt)
localTextView.setText(“SECCON{” + String.valueOf((MainActivity.this.cnt + MainActivity.this.calc()) * 107) + “}”);
MainActivity.this.flag = 0;
return;
if (MainActivity.this.m – MainActivity.this.n == 1)
{
MainActivity.this.cnt = 0;
localTextView.setText(“LOSE +0”);
}
else if (MainActivity.this.m == MainActivity.this.n)
{
localTextView.setText(“DRAW +” + String.valueOf(MainActivity.this.cnt));
}
else if (MainActivity.this.m < MainActivity.this.n)
{
MainActivity.this.cnt = 0;
localTextView.setText(“LOSE +0”);
}
else
{
localMainActivity = MainActivity.this;
localMainActivity.cnt += 1;
localTextView.setText(“WIN! +” + String.valueOf(MainActivity.this.cnt));
}
}
}
};

static
{
System.loadLibrary(“calc”);
}

The interesting part is when the player won 1000 times :

  if (1000 == MainActivity.this.cnt)
localTextView.setText(“SECCON{” + String.valueOf((MainActivity.this.cnt + MainActivity.this.calc()) * 107) + “}”);

The flag is “SECCON{ “+ (cnt(=1000)+(calc())*107 + “}”

We just have to find the result of the calc() function.

In the source code we can see :

  static
{
System.loadLibrary(“calc”);
}

so the calc is in a external library lets open “libcalc.so” in the “lib” folder with IDA … We’ve found the “Java_com_example_seccon2015_rock_1paper_1scissors_MainActivity_calc” function :