OMTG-DATAST-001-BadEncryption

 

 

omtg 첫번째 문제 badencryption이다.

제목처럼, 문제가 쉽다.

package sg.vp.owasp_mobile.OMTG_Android;

import android.os.Bundle;
import android.support.v7.app.AppCompatActivity;
import android.support.v7.widget.Toolbar;
import android.util.Base64;
import android.view.View;
import android.widget.Button;
import android.widget.EditText;
import android.widget.Toast;
import com.google.common.base.Ascii;
import sg.vp.owasp_mobile.omtg_android.C0000R;

public class OMTG_DATAST_001_BadEncryption extends AppCompatActivity {
    Button btnVerify;
    EditText passwordEditText;

    /* access modifiers changed from: protected */
    public void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        setContentView((int) C0000R.layout.activity_omtg__datast_001__bad_encryption);
        setSupportActionBar((Toolbar) findViewById(C0000R.id.toolbar));
        getSupportActionBar().setDisplayHomeAsUpEnabled(true);
        this.passwordEditText = (EditText) findViewById(C0000R.id.BadEnryptionPassword);
        this.btnVerify = (Button) findViewById(C0000R.id.BadEnryptionButton);
        this.btnVerify.setOnClickListener(new View.OnClickListener() {
            public void onClick(View v) {
                boolean unused = OMTG_DATAST_001_BadEncryption.verify(OMTG_DATAST_001_BadEncryption.this.passwordEditText.getText().toString());
                OMTG_DATAST_001_BadEncryption.this.result(Boolean.valueOf(OMTG_DATAST_001_BadEncryption.verify(OMTG_DATAST_001_BadEncryption.this.passwordEditText.getText().toString())));
            }
        });
    }

    /* access modifiers changed from: private */
    public void result(Boolean result) {
        if (result.booleanValue()) {
            Toast.makeText(this, "Congratulations, this is the correct password", 1).show();
        } else {
            Toast.makeText(this, "Try again!", 1).show();
        }
    }

    /* access modifiers changed from: private */
    public static boolean verify(String str) {
        byte[] encryptedDecoded = Base64.decode("vJqfip28ioydips=", 0);
        byte[] userPass = encrypt(str);
        if (userPass.length != encryptedDecoded.length) {
            return false;
        }
        for (int i = 0; i < userPass.length; i++) {
            if (userPass[i] != encryptedDecoded[i]) {
                return false;
            }
        }
        return true;
    }

    private static byte[] encrypt(String str) {
        byte[] bytes = str.getBytes();
        for (int i = 0; i < bytes.length; i++) {
            bytes[i] = (byte) (bytes[i] ^ Ascii.DLE);
            bytes[i] = (byte) ((bytes[i] ^ -1) & 255);
        }
        return bytes;
    }
}

 

 

주어진 문자열 [vJqfip28ioydips=]을 해독하면 된다.

암호화 방식을 보면, 간단한 xor연산으로 이루어져 있다.

xor은 두번하면 역연산이 이루어지므로, 간단한 파이썬 코드를 작성해본다.

import base64

word = 'vJqfip28ioydips='
text = bytearray(base64.b64decode(word))
for i in range(len(text)):
	text[i] = (text[i] ^ -1) & 255
	text[i] = text[i] ^ 16

print(text.decode())
    

    

(첫번째 for 구문은 1바이트 확인용 연산이고, 없어도 상관없긴 하지만 넣어주자.)

 

 

간단하게 풀렸다.