正常 JADX 反编译,后丢到 IDEA 中审计一下
直接看 MainActivity
java
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
setTitle(R.string.unregister);
this.edit_userName = "Tenshine";
this.edit_sn = (EditText) findViewById(R.id.edit_sn);
this.btn_register = (Button) findViewById(R.id.button_register);
this.btn_register.setOnClickListener(new View.OnClickListener() { // from class: com.example.crackme.MainActivity.1
@Override // android.view.View.OnClickListener
public void onClick(View v) {
if (!MainActivity.this.checkSN(MainActivity.this.edit_userName.trim(), MainActivity.this.edit_sn.getText().toString().trim())) {
Toast.makeText(MainActivity.this, (int) R.string.unsuccessed, 0).show();
return;
}
Toast.makeText(MainActivity.this, (int) R.string.successed, 0).show();
MainActivity.this.btn_register.setEnabled(false);
MainActivity.this.setTitle(R.string.registered);
}
});
}看一下 onCreate 方法,其实关键的也就一句
java
if (!MainActivity.this.checkSN(MainActivity.this.edit_userName.trim(), MainActivity.this.edit_sn.getText().toString().trim())) {调用 checkSN 方法,去判断一下 edit_userName 和 edit_sn 关系。
java
public static boolean checkSN(String userName, String sn) {
if (userName != null) {
try {
if (userName.length() == 0 || sn == null || sn.length() != 22) {
return false;
}
MessageDigest digest = MessageDigest.getInstance("MD5");
digest.reset();
digest.update(userName.getBytes());
byte[] bytes = digest.digest();
String hexstr = toHexString(bytes, "");
StringBuilder sb = new StringBuilder();
for (int i = 0; i < hexstr.length(); i += 2) {
sb.append(hexstr.charAt(i));
}
String userSN = sb.toString();
String tmp = new StringBuilder().append("flag{").append(userSN).append("}").toString();
return tmp.equalsIgnoreCase(sn);
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
return false;
}
}
return false;
}其实很简单,就是把 userName 给 md5 一下而已,简单调试一下就行了
顺便吐槽一下 java 是真的难用,复制过来一段代码,想要运行还要改改改,不像 python ....