庖丁解牛

11/22/2021

The Ultimate Guide to Android Testing (Unit Tests, UI Tests, End-to-End ...

11/21/2021

Solution - UnCrackable App for Android Level 2

See challenge here

Use dex2jar tool to extract source code.

$~/Downloads/dex-tools-2.1-SNAPSHOT/d2j-dex2jar.sh UnCrackable-Level1.apk

Use JD-GUI to review the source code

$java -jar ~/Downloads/jd-gui-1.6.6.jar

Now we know the check is to send string into static library libfoo.so.

Unzip apk to see lib/ folder

$tree lib

lib

├── arm64-v8a

│ └── libfoo.so

├── armeabi-v7a

│ └── libfoo.so

├── x86

│ └── libfoo.so

└── x86_64

├── libfoo.so

If you're a lazy person like me, I use strings first to see if anything comes up.

$strings lib/x86_64/libfoo.so

"Thanks for all t" maybe our flag to capture, but didn't pass entering to the App. Looks like the ending part is missing. So, use Ghidra or IDA free or Hopper Diassembler to see the bar function

Java_sg_vantagepoint_uncrackable2_CodeCheck_bar

some ascii code strings were found at the strncpy.

The second parameter is our flag to capture

"Thanks for all the fish"

Solution - UnCrackable App for Android Level 1

See challenge here

Use dex2jar tool to extract source code.

$~/Downloads/dex-tools-2.1-SNAPSHOT/d2j-dex2jar.sh UnCrackable-Level1.apk

Use JD-GUI to review the source code

$java -jar ~/Downloads/jd-gui-1.6.6.jar

Now we know the check is to check your input String is equal to the hardcoded ciphertext (encrypted by AES).

Write a similar java program copy & paste the function to decrypt the ciphertext without input anything

import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESKeySpec;
import javax.crypto.spec.SecretKeySpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.SecretKey;
import javax.crypto.Cipher;
import java.util.Base64;

public class UnCrackableLevel1 {

  public static void main(String[] args) throws Exception {

    System.out.println(a("any"));

  }

  public static String a(String paramString) {
    byte[] arrayOfByte = Base64.getDecoder().decode("5UJiFctbmgbDoLXmpL12mkno8HT4Lv8dlat8FxR2GOc=");
    try {
      arrayOfByte = decrypt(b("8d127684cbc37c17616d806cf50473cc"), arrayOfByte);
    } catch (Exception exception) {
      StringBuilder stringBuilder = new StringBuilder();
      stringBuilder.append("AES error:");
      stringBuilder.append(exception.getMessage());
      System.out.println("CodeCheck" + stringBuilder.toString());
      arrayOfByte = new byte[0];
    }
    return new String(arrayOfByte);
  }

  public static byte[] decrypt(byte[] paramArrayOfbyte1, byte[] paramArrayOfbyte2) throws Exception {
    // SecretKeySpec secretKeySpec = new SecretKeySpec(paramArrayOfbyte1,
    // "AES/ECB/PKCS7Padding");
    SecretKeySpec secretKeySpec = new SecretKeySpec(paramArrayOfbyte1, "AES");
    Cipher cipher = Cipher.getInstance("AES");
    cipher.init(2, secretKeySpec);
    return cipher.doFinal(paramArrayOfbyte2);
  }

  public static byte[] b(String paramString) {
    int i = paramString.length();
    byte[] arrayOfByte = new byte[i / 2];
    for (byte b = 0; b < i; b += 2)
      arrayOfByte[b / 2] = (byte) (byte) ((Character.digit(paramString.charAt(b), 16) << 4)
          + Character.digit(paramString.charAt(b + 1), 16));
    return arrayOfByte;
  }

}

$javac UnCrackableLevel1

$java UnCrackableLevel1

The secret is "I want to believe"

*** Note the source code use AES/ECB/PKCS7Padding

but actually using AES

2/23/2020

到底應該買房還是用租的?

如果你也是正在成家，這個問題應該也困擾你許久？
當中考慮因素有很多，並不是A或B這種兩分法，例如：

物價通膨

調薪幅度

定存年利率

保費年增率

投資年化收益率

有閒錢再投資多少

有閒錢再定存多少

生活品質方面：手邊現金不夠用的時候，全家暴露在風險之下，不能生病、也不能出國玩是你要的嗎？。
安全感方面：房東往往不會租你這麼久卻不漲租金，至少我們法規保障還不像歐洲對租客那樣友善。被迫搬家除了一筆費用，對小孩換環境的影響也不小。

我這邊整理了一份試算表，你可以依照自己情況填入黃色區域，就能看到逐年的資產增長。
因為不確定你會買在「蛋黃區」還是「泡沫區」房價的漲幅和折舊1.17%沒有估計在內。

(點此)下載試算表