⚠⚠⚠一点都不EASY⚠⚠⚠
本人水平有限,Enigma加解密比较复杂,暂得出的结论是双转子的Enigma算法
免责声明:在互联网查询后没有找到比较官方的正确答案,此结论不一定正确⚠
题目
查壳
先查壳(PKiD等),有壳脱壳,没壳用AndroidKiller等反编译工具打开查看JAVA代码
无壳APK
Java Decompiler - MainActivity-onCreate
答案
Writeup
解题
运行
解题思路
搜索字符串
使用反编译工具的字符串搜索功能,搜索运行后失败的提示字符串“You are wrong”:
在Java Decompiler中,找到该文件查看代码:
MainActivity
搜不出来或者没有思路时,应该先看Android程序的入口——也就是MainActivity函数。
代码逻辑
MainActivity
主要代码为+if判断:
protected void onCreate(Bundle paramBundle){/*——————————省略——————————*/if (MainActivity.a(((EditText)((MainActivity)jdField_this).findViewById(2131427445)).getText().toString()).booleanValue()){Toast.makeText(jdField_this, "You are right!", 1).show();}for (;;){return;Toast.makeText(jdField_this, "You are wrong! Bye~", 1).show();/*——————————省略——————————*/}
a函数
将字符串传给a类的a方法后返回的值作为b类的方法a的参数——简化为(方法a(方法b(字符串)))
private static char a(String paramString, b paramb, a parama){return parama.a(paramb.a(paramString));}
b类的方法a
public Integer a(String paramString){int i = 0;Object localObject = Integer.valueOf(0);if (b.contains(paramString.toLowerCase())){int j = b.indexOf(paramString);paramString = (String)localObject;for (;;){localObject = paramString;if (i >= a.size() - 1){break;}if (a.get(i) == Integer.valueOf(j)){paramString = Integer.valueOf(i);}i++;}}if (paramString.contains(" ")) {}for (localObject = Integer.valueOf(-10);; localObject = Integer.valueOf(-1)){a();return (Integer)localObject;}}
a类的方法a
public char a(Integer paramInteger){int i = 0;Integer localInteger = Integer.valueOf(0);if (paramInteger.intValue() == -10){a();i = " ".charAt(0);}for (int j = i;; j = i){return j;while (i < a.size() - 1){if (a.get(i) == paramInteger){localInteger = Integer.valueOf(i);}i++;}a();i = b.charAt(localInteger.intValue());}}
结论
代码跳来跳去看,介绍的意义不大,内容应该更偏向于说明代码对应的算法和逻辑。
但是由于比较复杂,本人表达能力优先,自己也没理解的特别清楚,也担心表达错误误导他人,建议自行搜索Enigma加密器。
暂认为是Enigma加解密,但是从三转子改成了双转子(存疑)
Enigma加解密
特征
比较核心和特征性的代码:
package com.a.easyjava;import java.util.ArrayList;public class a{public static ArrayList<Integer> a = new ArrayList();static String b = "abcdefghijklmnopqrstuvwxyz";static Integer d = Integer.valueOf(0);Integer[] c = { Integer.valueOf(7), Integer.valueOf(14), Integer.valueOf(16), Integer.valueOf(21), Integer.valueOf(4), Integer.valueOf(24), Integer.valueOf(25), Integer.valueOf(20), Integer.valueOf(5), Integer.valueOf(15), Integer.valueOf(9), Integer.valueOf(17), Integer.valueOf(6), Integer.valueOf(13), Integer.valueOf(3), Integer.valueOf(18), Integer.valueOf(12), Integer.valueOf(10), Integer.valueOf(19), Integer.valueOf(0), Integer.valueOf(22), Integer.valueOf(2), Integer.valueOf(11), Integer.valueOf(23), Integer.valueOf(1), Integer.valueOf(8) };public a(Integer paramInteger){for (int i = paramInteger.intValue(); i < this.c.length; i++){a.add(this.c[i]);}for (i = 0; i < paramInteger.intValue(); i++){a.add(this.c[i]);}}public static void a(){Integer localInteger = d;d = Integer.valueOf(d.intValue() + 1);if (d.intValue() == 25){int i = ((Integer)a.get(0)).intValue();a.remove(0);a.add(Integer.valueOf(i));d = Integer.valueOf(0);}}public char a(Integer paramInteger){int i = 0;Integer localInteger = Integer.valueOf(0);if (paramInteger.intValue() == -10){a();i = " ".charAt(0);}for (int j = i;; j = i){return j;while (i < a.size() - 1){if (a.get(i) == paramInteger){localInteger = Integer.valueOf(i);}i++;}a();i = b.charAt(localInteger.intValue());}}}
| 特征 | 对应代码 |
|---|---|
| 字母表 | static String b = “abcdefghijklmnopqrstuvwxyz”; |
| 转子 取值为0-25的数组 |
Integer[] c = { Integer.valueOf(7), Integer.valueOf(14), Integer.valueOf(16), Integer.valueOf(21), Integer.valueOf(4), Integer.valueOf(24), Integer.valueOf(25), Integer.valueOf(20), Integer.valueOf(5), Integer.valueOf(15), Integer.valueOf(9), Integer.valueOf(17), Integer.valueOf(6), Integer.valueOf(13), Integer.valueOf(3), Integer.valueOf(18), Integer.valueOf(12), Integer.valueOf(10), Integer.valueOf(19), Integer.valueOf(0), Integer.valueOf(22), Integer.valueOf(2), Integer.valueOf(11), Integer.valueOf(23), Integer.valueOf(1), Integer.valueOf(8) }; |
| 数字25 | if (d.intValue() == 25) |
🐍Python脚本🐍
Python实现Enigma算法
#转子的类型是双端队列from collections import deque#字母表tableAlphabet = deque("abcdefghijklmnopqrstuvwxyz")#转子1EnigmaRotor1 = deque([8, 25, 17, 23, 7, 22, 1, 16, 6, 9, 21, 0, 15, 5, 10, 18, 2, 24, 4, 11, 3, 14, 19, 12, 20, 13])#转子2EnigmaRotor2 = deque([7, 14, 16, 21, 4, 24, 25, 20, 5, 15, 9, 17, 6, 13, 3, 18, 12, 10, 19, 0, 22, 2, 11, 23, 1, 8])textCipher = 'wigwrkaugala'flag = ""#转动#左移2位for _ in range(2):EnigmaRotor1.append(EnigmaRotor1.popleft())#左移3位for _ in range(3):EnigmaRotor2.append(EnigmaRotor2.popleft())#Enigma加密def decipherEnigma(textCipher):global flag#得到在字母表中的索引值i = EnigmaRotor2[(ord(textCipher) - ord('a'))]i = EnigmaRotor1[(i)]flag += tableAlphabet[i]EnigmaRotor1.append(EnigmaRotor1.popleft())tableAlphabet.append(tableAlphabet.popleft())for s in textCipher:decipherEnigma(s)print("flag{" + flag + "}")
py-enigma
from enigma.machine import EnigmaMachine
研究中
在线
研究中
若有收获,就点个赞吧
0 人点赞
