每天一题，只能多不能少（已过0点，就算我今天完成指标了？????）

bmw

题目分析

简单的android逆向，当时竟然没做出来，这次比赛脑袋进的水真的是太平洋啊。

开始

1.题目

解压得到一个apk

2.用jadx打开

找到关键代码段

package com.deepnoite.bmw2;

public class TheFlagIsNotHere {
    public static final int LEN = SOURCE.length();
    public static final String SOURCE = "!0123456789abcdefghijklmnopqrstuvwxyz{}";
    public static String key = "iodj078atis6mng5yodbe!lch1";

    public static void getKey() {
        StringBuilder flag = new StringBuilder();
        int length = key.length();
        for (int i = 0; i < key.length(); i++) {
            int a = SOURCE.indexOf(key.charAt(i));
            if (a == 2) {
                a = LEN + 2;
            }
            if (a == 1) {
                a = LEN + 1;
            }
            if (a == 0) {
                a = LEN;
            }
            flag.append(SOURCE.charAt(a - 3));
        }
    }
}

分析代码

明显就是个变种的凯撒！！！！凯撒！！！！真的想对自己爆粗口。。SOURCE是码表，把key在码表范围内，循环移位，3位。

上脚本

#!python3
# -*- coding: utf-8 -*-
# @Time : 2020/10/21 16:52
# @Author : A.James
# @FileName: tt.py
source = "!0123456789abcdefghijklmnopqrstuvwxyz{}"
key = "iodj078atis6mng5yodbe!lch1"
LEN = len(source)
flag = ''
for i in range(len(key)):
    for j in range(len(source)):
        if source[j] == key[i]:
            k = j
            if k == 2:
                k = LEN + 2
            if k == 1:
                k = LEN + 1
            if k == 0:
                k = LEN
            print(j)
            print(source[k-3])
            flag += source[k-3]
print (flag)

get flag

flag{457qfp3jkd2vla8bzi9e}

结语

比赛的时候脑袋进的水就是平时自己懈怠的时光。