I'm very good player of this game. Play better than me and break my record to capture the flag.

Attention:

- There are two levels in this Android Game. You must hit my high score in each level for capturing the flag, so your flag consists of two parts (easy and hard). Flag = Easy Part (1)+ Hard Part (2);

- The BAZAAR app must be installed in your Device.

Good Luck!

Tale_Rang.apk
4.37MB

디컴파일 후 sources/kfb/freed/FourthActivity.java 에 

        if (MyApplication.isWrongortimedout()) {
            if (MyApplication.isEnglish()) {
                ttvv2.setText("Timed Out !");
            } else if (MyApplication.isHard()) {
                if (MyApplication.getScore() < MyApplication.getBestHardScore()) {
                    ttvv2.setText("اتمام وقت !");
                } else {
                    ttvv2.setText("TExPIFVVVENURikgfQ==");
                }
            } else if (MyApplication.getScore() < MyApplication.getBestScore()) {
                ttvv2.setText("اتمام وقت !");kf
            } else {
                ttvv2.setText("VVVUQ1RGIHsgbWQ1KEhF");
            }

TExPIFVVVENURikgfQ==, VVVUQ1RGIHsgbWQ1KEhF

두 개를 한번 base64로 decode(원래 형태)로 되돌렸다.

TExPIFVVVENURikgfQ== LLO UUTCTF) }
VVVUQ1RGIHsgbWQ1KEhF UUTCTF { md5(HE

UUTCTF { md5(HELLO UUTCTF) }

위와 같은 형식이 된다.

그렇다고 저대로 flag를 인증을 하려고 하면,
당연히 안되는 것이 정상이다.

HELLO UUTCTF를 md5로 encrpytion을 해주자.

The MD5 hash for HELLO UUTCTF is : 7c34446d10bbb60d0cae15059fffc98d

그렇게해서 flag는 UUTCTF{7c34446d10bbb60d0cae15059fffc98d}가 된다.

 

'Study > Reversing' 카테고리의 다른 글

Break My Record  (0) 2019.04.28

+ Recent posts