前兩道wp來自于一位強(qiáng)大的師傅，她特意叮囑不署名，在此表示感謝！十分感謝

尋夢

a.打開題目后

b.看到此提示后，需要把顯示出來的base64編碼解碼

C.再次填入xunmeng，就看到了flag

JUST{re_is_so_interesting}

尋夢S

a.隨便輸入后，給了無關(guān)的提示，需要?jiǎng)佑梅淳幾g工具jeb

b.反編譯查了一下，找到主要加密代碼

public void onClick(View arg11) {int v0 = 18;int[] v1 = new int[]{74, 6, 81, 0x2F, 0x7F, 22, 105, 42, 87, 19, 120, 58, 83, 8, 97, 11, 0x74, 0x7D};int[] v2 = new int[]{42, 42, 42, 42, 42, 42, 42, 42, 42, 42, 42, 42, 42, 42, 42, 42, 42, 42};String v3 = MainActivity.this.text.getText().toString().trim();String v5 = "不要調(diào)皮，應(yīng)該好好輸入";if(TextUtils.isEmpty(((CharSequence)v3))) {Toast.makeText(MainActivity.this, ((CharSequence)v5), 0).show();}else if(v3.length() == v0) {char[] v0_1 = v3.toCharArray();int v4;for(v4 = 0; true; ++v4) {int v7 = 17;if(v4 >= v7) {break;}v2[v4] = v4 % 2 == 0 ? v0_1[v4] ^ v4 : v0_1[v4] ^ v0_1[v4 + 1];}for(v4 = 0; v4 < v7; ++v4) {if(v2[v4] != v1[v4]) {Toast.makeText(MainActivity.this, ((CharSequence)v5), 0).show();}else if(v4 < 16) {}else {Toast.makeText(MainActivity.this, "恭喜你，拿到flag", 0).show();}}}else {Toast.makeText(MainActivity.this, "好好加油，再接再厲", 0).show();}}}

分析了一下主要代碼： v2[v4] = v4 % 2 == 0 ? v0_1[v4] ^ v4 : v0_1[v4] ^ v0_1[v4 + 1];
也就是把flag的偶數(shù)位異或 自己的位數(shù)，奇數(shù)位異或 下一位，然后異或后得出一個(gè)數(shù)組，按照思路利用已知數(shù)組反推回去即可。
接下來上代碼：

public class wp {public static void main(String[] args) {int[]e= {74,6,81,47,127,22,105,42,87,19,120,58,83,8,97,11,116,125};for (int i = 0; i < 17; i++) {int n = i % 2;if (n == 0) {e[i] = e[i] ^ i;}}for (int i = 0; i < 17; i++) {int n = i % 2;if (n != 0) {e[i] = e[i] ^e[i+1] ;}}for (int i = 0; i < 18; i++) {System.out.print(((char)e[i]));}}}

運(yùn)行結(jié)果如下：

得到flag：JUST{you_are_good}

尋夢SS

a.

直接上工具吧，沒啥好說的

b.分析代碼可知用flag做了base64編碼后，然后把密文進(jìn)行位置互換，所以我們只需要把密文位置換回去，然后進(jìn)行解密即可。

c.換位代碼

int[] c = {'v','t','v','h','J','b','1','C','r','O','1','S','B','A','x','T','j','B','3','C','v','O','2','S','v','5','z','x','n','5','3','g','Z','L','x','T','n','F','1','x','b','I','0','t','Z','Z','s','B'};for (int i = 47; i>=2; i--) {int temp = c[i - 2];c[i - 2] = c[i];c[i] = temp;}

換位后為sBvtvhJb1CrO1SBAxTjB3CvO2Sv5zxn53gZLxTnF1xbI0tZZ

d.base64表被換位了，所以直接上網(wǎng)搜索自定義base64，隨便找個(gè)自定義base64 的decode函數(shù)然后把表換了即可

首先把base64表寫出

public final static char[] base64_alphabet = new char[]{'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', '0', 'z', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '/', '+', '='}; public static String decode(String enContent) {byte[] data = enContent.getBytes();int i = 0, j = 0, enCode = 0;int mLength = data.length;byte[] char_array_4 = new byte[4];byte[] char_array_3 = new byte[3];String retContent = "";// filter out the padding '=' charswhile (mLength > 0 && (((char) data[enCode]) != '=') && isBase64((char) data[enCode])) {mLength--;char_array_4[i++] = data[enCode++];if (i == 4) {for (i = 0; i < 4; i++)char_array_4[i] = findChar((char) char_array_4[i]);char_array_3[0] = (byte) ((char_array_4[0] << 2) + ((char_array_4[1] & 0x30) >> 4));char_array_3[1] = (byte) (((char_array_4[1] & 0xf) << 4) + ((char_array_4[2] & 0x3c) >> 2));char_array_3[2] = (byte) (((char_array_4[2] & 0x3) << 6) + char_array_4[3]);for (i = 0; (i < 3); i++)retContent += (char) char_array_3[i];i = 0;}}// last content handlingif (i > 0) {for (j = i; j < 4; j++)char_array_4[j] = 0;for (j = 0; j < 4; j++)char_array_4[j] = findChar((char) char_array_4[j]);char_array_3[0] = (byte) ((char_array_4[0] << 2) + ((char_array_4[1] & 0x30) >> 4));char_array_3[1] = (byte) (((char_array_4[1] & 0xf) << 4) + ((char_array_4[2] & 0x3c) >> 2));char_array_3[2] = (byte) (((char_array_4[2] & 0x3) << 6) + char_array_4[3]);for (j = 0; (j < i - 1); j++)retContent += (char) char_array_3[j];}return retContent;}

主函數(shù)里寫出

String d="sBvtvhJb1CrO1SBAxTjB3CvO2Sv5zxn53gZLxTnF1xbI0tZZ";String e=base64.decode(d);System.out.println(e);

得出flag

JUST{Android_reverse_is_too_simple?}

在這里呢，貼一下一個(gè)完整的自定義base64代碼，需要的自取

public class base64 {public final static char[] base64_alphabet = new char[]{'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's','t', 'u', 'v', 'w', 'x', 'y', '0','z', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B','C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U','V', 'W', 'X', 'Y', 'Z', '/','+', '='};public static String encode(String content) {byte[] data = content.getBytes();int length = data.length;byte[] char_array_3 = new byte[]{0, 0, 0};byte[] char_array_4 = new byte[]{'=', '=', '=', '='};String retContent = "";int i = 0;int j = 0;int reversePos = 0;while (length > 0) {length--;char_array_3[i++] = data[reversePos++];if (i == 3) {char_array_4[0] = (byte) ((char_array_3[0] & 0xfc) >> 2); // convert the charchar_array_4[1] = (byte) (((char_array_3[0] & 0x03) << 4) + ((char_array_3[1] & 0xf0) >> 4));char_array_4[2] = (byte) (((char_array_3[1] & 0x0f) << 2) + ((char_array_3[2] & 0xc0) >> 6));char_array_4[3] = (byte) (char_array_3[2] & 0x3f);for (i = 0; (i < 4); i++)retContent += base64_alphabet[char_array_4[i]];i = 0;}}// handling the last input contentif (i > 0) {for (j = i; j < 3; j++)char_array_3[j] = 0; // padding of zerochar_array_4[0] = (byte) ((char_array_3[0] & 0xfc) >> 2); // right shiftchar_array_4[1] = (byte) (((char_array_3[0] & 0x03) << 4) + ((char_array_3[1] & 0xf0) >> 4));char_array_4[2] = (byte) (((char_array_3[1] & 0x0f) << 2) + ((char_array_3[2] & 0xc0) >> 6));char_array_4[3] = (byte) (char_array_3[2] & 0x3f);for (j = 0; (j < i + 1); j++)retContent += base64_alphabet[char_array_4[j]];while ((i++ < 3)) // padding of '=' of output stringretContent += '=';}return retContent;}public static String decode(String enContent) {byte[] data = enContent.getBytes();int i = 0, j = 0, enCode = 0;int mLength = data.length;byte[] char_array_4 = new byte[4];byte[] char_array_3 = new byte[3];String retContent = "";// filter out the padding '=' charswhile (mLength > 0 && (((char) data[enCode]) != '=') && isBase64((char) data[enCode])) {mLength--;char_array_4[i++] = data[enCode++];if (i == 4) {for (i = 0; i < 4; i++)char_array_4[i] = findChar((char) char_array_4[i]);char_array_3[0] = (byte) ((char_array_4[0] << 2) + ((char_array_4[1] & 0x30) >> 4));char_array_3[1] = (byte) (((char_array_4[1] & 0xf) << 4) + ((char_array_4[2] & 0x3c) >> 2));char_array_3[2] = (byte) (((char_array_4[2] & 0x3) << 6) + char_array_4[3]);for (i = 0; (i < 3); i++)retContent += (char) char_array_3[i];i = 0;}}// last content handlingif (i > 0) {for (j = i; j < 4; j++)char_array_4[j] = 0;for (j = 0; j < 4; j++)char_array_4[j] = findChar((char) char_array_4[j]);char_array_3[0] = (byte) ((char_array_4[0] << 2) + ((char_array_4[1] & 0x30) >> 4));char_array_3[1] = (byte) (((char_array_4[1] & 0xf) << 4) + ((char_array_4[2] & 0x3c) >> 2));char_array_3[2] = (byte) (((char_array_4[2] & 0x3) << 6) + char_array_4[3]);for (j = 0; (j < i - 1); j++)retContent += (char) char_array_3[j];}return retContent;}public static boolean isBase64(char c) {boolean base64 = false;for (int i = 0; i < 64; i++) {if (c == base64_alphabet[i]) {base64 = true;break;}}return base64;}public static byte findChar(char x) {byte index = 64; // 65th char '='for (int i = 0; i < 64; i++) {if (x == base64_alphabet[i]) {index = (byte) i;break;}}return index;}

總結(jié)

以上是生活随笔為你收集整理的JUSTCTF校赛安卓wp的全部內(nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。