2024软件安全大赛部分wp
全国软件安全大赛赛后复盘dontyousee基本题,记录一个小技巧 改下跳转ida就识别出来了 但是调试过程中,得看着别改变文件本来的运行规律 happylock复盘 看一眼mainactivity,没啥,去看Utils 有个enc, 123456789101112131415public class PatternLockUtils { private static final String MD5; private static final String SHA1; private static final String UTF8; private PatternLockUtils() { throw new AssertionError(StringObf.decode("WW91IGNhbiBub3QgaW5zdGFudGlhdGUgdGhpcyBjbGFzcy4gVXNlIGl0cyBzdGF0aWMgdXRpbGl0eSBtZXRob2RzIGluc3RlYWQ=")); ...
国成杯&polar碎碎念
国成杯赛后复盘额,总结就是在做 apk 的时候,那半自动化脚本给我搓破防了,而且有点神志不清了,看下文吧….. Crush’s_secret遇到这种smc我一般都是动调过去,然后按个p重新反编译就行,不多讲了,贴个原生态xxtea脚本吧 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105#include <stdio.h>#include <stdint.h>#define DELTA -0x61C88647 //改#define MX (((z>>5^y<<2) + (y>>3^z<<4)) ^ ((sum^y) +...
frida小总结(1)
终于要更新博客了,有点幽默了…… 最近碰到了一个神奇的题目,记录一下感想 首先,我本来都是习惯用jeb分析apk的,但是后来听不记得哪位师傅说,其实jadx反编译更贴近源代码,而且我发现,原来jadx也是可以完成apk java层动态调试工作的,所以成功转手 我们可以看一下大致的代码逻辑 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071//Mainactivitypackage com.example.WarmUp;import android.os.Bundle;import android.util.Base64;import android.view.View;import android.widget.Button;import android.widget.EditText;import android.widget.TextView;import...
Hello World
Welcome to Hexo! This is your very first post. Check documentation for more info. If you get any problems when using Hexo, you can find the answer in troubleshooting or you can ask me on GitHub. Quick StartCreate a new post1$ hexo new "My New Post" More info: Writing Run server1$ hexo server More info: Server Generate static files1$ hexo generate More info: Generating Deploy to remote sites1$ hexo deploy More info: Deployment 我服了,老是不记得那些指令,放这下次用1234hexo cleanhexo ghexo shexo...