这是个Android逆向题,没有涉及到.so应该算简单的吧,但是我对那些加密的API还不熟。
参考:
https://github.com/Sinkmanu/CTF/blob/master/BSidesSF-2017-pinlock-150.java
https://advancedpersistentjest.com/2017/02/14/writeup-pinlock-bsides-san-francisco/
原来对于这种.db的数据库文件可以用sqlite3 xxx.db来查看。当然文本应该也可以查看但是不方便。

root@kali:~/repos/CTF/BSides-CTF-2017# wget https://github.com/youben11/BSides-San-Francisco-CTF-2017/raw/master/pinstore.apk
root@kali:~/repos/CTF/BSides-CTF-2017# ls
pinstore.apk
root@kali:~/repos/CTF/BSides-CTF-2017# file pinstore.apk
pinstore.apk: Java archive data (JAR)
root@kali:~/repos/CTF/BSides-CTF-2017# unzip pinstore.apk
root@kali:~/repos/CTF/BSides-CTF-2017# ls
AndroidManifest.xml  assets  classes.dex  META-INF  pinstore.apk  res  resources.arsc
root@kali:~/repos/CTF/BSides-CTF-2017# mkdir pinstore
root@kali:~/repos/CTF/BSides-CTF-2017# mv AndroidManifest.xml assets classes.dex META-INF res resources.arsc pinstore/
root@kali:~/repos/CTF/BSides-CTF-2017# ls
pinstore  pinstore.apk
root@kali:~/repos/CTF/BSides-CTF-2017# cd pinstore/
root@kali:~/repos/CTF/BSides-CTF-2017/pinstore# ls
AndroidManifest.xml  assets  classes.dex  META-INF  res  resources.arsc
root@kali:~/repos/CTF/BSides-CTF-2017/pinstore# cd assets/
root@kali:~/repos/CTF/BSides-CTF-2017/pinstore/assets# ls
pinlock.db  README
root@kali:~/repos/CTF/BSides-CTF-2017/pinstore/assets# cat README
v1.0:
- Pin database with hashed pins

v1.1:
- Added AES support for secret

v1.2:
- Derive key from pin
[To-do: switch to the new database]root@kali:~/repos/CTF/BSides-CTF-2017/pinstore/assets#
root@kali:~/repos/CTF/BSides-CTF-2017/pinstore/assets# which sqlite3
/usr/bin/sqlite3
root@kali:~/repos/CTF/BSides-CTF-2017/pinstore/assets# file pinlock.db
pinlock.db: SQLite 3.x database, last written using SQLite version 3011000
root@kali:~/repos/CTF/BSides-CTF-2017/pinstore/assets# sqlite3 pinlock.db
SQLite version 3.16.2 2017-01-06 16:32:41
Enter ".help" for usage hints.
sqlite> SELECT pin FROM pinDB;
d8531a519b3d4dfebece0259f90b466a23efc57b
sqlite> SELECT entry FROM secretsDBv1;
hcsvUnln5jMdw3GeI4o/txB5vaEf1PFAnKQ3kPsRW2o5rR0a1JE54d0BLkzXPtqB
sqlite> SELECT entry FROM secretsDBv2;
Bi528nDlNBcX9BcCC+ZqGQo1Oz01+GOWSmvxRj7jg1g=
sqlite> SELECT * FROM secretsDBv2;
1|Bi528nDlNBcX9BcCC+ZqGQo1Oz01+GOWSmvxRj7jg1g=
sqlite> SELECT * FROM secretsDBv1;
1|hcsvUnln5jMdw3GeI4o/txB5vaEf1PFAnKQ3kPsRW2o5rR0a1JE54d0BLkzXPtqB

然后是writeup

root@kali:~/repos/CTF/BSides-CTF-2017# wget https://raw.githubusercontent.com/Sinkmanu/CTF/master/BSidesSF-2017-pinlock-150.java
root@kali:~/repos/CTF/BSides-CTF-2017# mv BSidesSF-2017-pinlock-150.java Bsides.java
root@kali:~/repos/CTF/BSides-CTF-2017# javac Bsides.java
root@kali:~/repos/CTF/BSides-CTF-2017# ls
Bsides.class  Bsides.java  pinstore  pinstore.apk
root@kali:~/repos/CTF/BSides-CTF-2017# java Bsides.class
Error: Could not find or load main class Bsides.class
root@kali:~/repos/CTF/BSides-CTF-2017# java Bsides
[*] SecretsDBv1 (encrypted): hcsvUnln5jMdw3GeI4o/txB5vaEf1PFAnKQ3kPsRW2o5rR0a1JE54d0BLkzXPtqB
[*] SecretsDBv1 (decrypted): Here is what the data will look like
[*] SecretsDB2 (encrypted): Bi528nDlNBcX9BcCC+ZqGQo1Oz01+GOWSmvxRj7jg1g=
[+] Flag: ********

用到的在线工具:
https://www.onlinehashcrack.com/hash-identification.php
http://hashtoolkit.com/reverse-hash/?hash=d8531a519b3d4dfebece0259f90b466a23efc57b

Flag:

温馨提示: 此处内容需要评论本文后刷新才能查看,支付2元即可直接查看所有Flag。

小广告:关于获取西普实验吧所有Writeup请点击这里查看索引

查看所有Flag需要付费,需要获取所有Flag的童鞋请访问这里成为付费用户,可以自助把自己的注册邮箱加入网站白名单,即可免回复看到本站所有Flag

Flag大全地址:所有Flag

PS:本站不是实验吧的官方站点,纯粹是个人博客,收取Flag费用仅是维持服务器费用,做站不易,且行窃珍惜,如果喜欢我的博客,愿意捐赠的,可以扫描下面的二维码

微信二维码:
支付宝二维码: