0x01 题目描述
都说学好Smali是学习Android逆向的基础,现在刚好有一个smali文件,大家一起分析一下吧~~
0x02 题解
这道题下载下来是一个smali文件,先用smali2java工具将其转换为java文件,具体工具可以谷歌一个自己用的比较顺手的
转换之后的代码如下:
/**
* Generated by smali2java 1.0.0.558
* Copyright (C) 2013 Hensence.com
*/
package net.bluelotus.tomorrow.easyandroid;
import android.util.Base64;
import java.io.PrintStream;
import java.security.NoSuchAlgorithmException;
import javax.crypto.NoSuchPaddingException;
import java.security.InvalidKeyException;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.BadPaddingException;
import javax.crypto.spec.SecretKeySpec;
import javax.crypto.Cipher;
import java.security.Key;
import java.security.GeneralSecurityException;
public class Crackme {
private String str2 = "cGhyYWNrICBjdGYgMjAxNg==";
public Crackme() {
GetFlag("sSNnx1UKbYrA1+MOrdtDTA==");
}
private String GetFlag(String p1) {
byte[] "content" = Base64.decode(p1.getBytes(), 0x0);
String "kk" = new String(Base64.decode(str2.getBytes(), 0x0));
System.out.println(decrypt("content", "kk"));
return null;
}
private String decrypt(byte[] p1, String p2) {
String "m" = 0x0;
try {
byte[] "keyStr" = p2.getBytes();
SecretKeySpec "key" = new SecretKeySpec("keyStr", "AES");
Cipher "cipher" = Cipher.getInstance("AES/ECB/NoPadding");
"cipher".init(0x2, "key");
byte[] "result" = "cipher".doFinal(p1);
return "m";
} catch(NoSuchPaddingException "e") {
"e".printStackTrace();
}
return "m";
}
}
分析代码,不难发现这是一个AES ECB模式NoPadding填充模式的解密代码,传入GetFlag函数的base64字符串应该就是flag加密后的base64,str2是密钥,因此直接解密即可得到flag
网友评论