Ogeek--Mobile--mblockchain - ZhouYetao

Ogeek--Mobile--mblockchain

mblockchain

APK的界面分析

37b55e148323a9c94d986df571de9e7.png

通过界面可以看到这个apk很简洁,只需要输入key还有flag就可以比较我们的flag是否为正确的flag。

JEB逆向分析

首先利用JEB打开这个apk文件,发现文件的内容很少,很容易就找到了关键函数

package com.oppo.blockchain;

import android.os.Bundle;
import android.support.v7.app.AppCompatActivity;
import android.text.Editable;
import android.text.TextWatcher;
import android.util.Log;
import android.view.View$OnClickListener;
import android.view.View;
import android.widget.Button;
import android.widget.EditText;
import android.widget.TextView;

public class MainActivity extends AppCompatActivity {
    TextView mResultWidget;

    public MainActivity() {
        super();
        this.mResultWidget = null;
    }

    protected void onCreate(Bundle arg6) {
        super.onCreate(arg6);
        this.setContentView(0x7F09001C);
        View v0 = this.findViewById(0x7F070044);
        View v1 = this.findViewById(0x7F070039);
        View v2 = this.findViewById(0x7F070025);
        View v3 = this.findViewById(0x7F070057);
        this.mResultWidget = ((TextView)v3);
        ((EditText)v0).addTextChangedListener(new TextWatcher() {
            public void afterTextChanged(Editable arg1) {
            }

            public void beforeTextChanged(CharSequence arg1, int arg2, int arg3, int arg4) {
            }

            public void onTextChanged(CharSequence arg3, int arg4, int arg5, int arg6) {
                MainActivity.this.mResultWidget.setText("");
            }
        });
        ((EditText)v1).addTextChangedListener(new TextWatcher() {
            public void afterTextChanged(Editable arg1) {
            }

            public void beforeTextChanged(CharSequence arg1, int arg2, int arg3, int arg4) {
            }

            public void onTextChanged(CharSequence arg3, int arg4, int arg5, int arg6) {
                MainActivity.this.mResultWidget.setText("");
            }
        });
        ((Button)v2).setOnClickListener(new View$OnClickListener(((EditText)v0), ((EditText)v1), ((TextView)v3)) {
            public void onClick(View arg8) {
                String v0 = this.val$keyWidget.getText().toString();
                String v1 = this.val$flagWidget.getText().toString();
                this.val$resultWidget.setText("Checking PIN....");
                this.val$resultWidget.setTextColor(0xFF000000);
                try {
                    boolean v2 = FlagChecker.checkFlag(v0, v1);
                }
                catch(Exception v3) {
                    Log.e("MOBISEC", "Exception while checking flags:" + Log.getStackTraceString(((Throwable)v3)));
                }

                if(v2) {
                    this.val$resultWidget.setText("Flag is valid!");
                    this.val$resultWidget.setTextColor(0xFF009B00);
                }
                else {
                    this.val$resultWidget.setText("Flag is not valid");
                    this.val$resultWidget.setTextColor(0xFFFF0000);
                }
            }
        });
    }
}

Leave a Comment

@author:ZhouYetao
© 2020 Copyright.  | Power by Mijiu                                                                                               
本站已安全运行 902 天