app_login(apk逆向)

首先，使用jadx分析
在res文件找到AndroadMainfast.xml，这个是主要窗口

package com.example.activitytest;

import android.os.Bundle;
import android.view.View;
import android.widget.Button;
import android.widget.EditText;
import android.widget.Toast;
import androidx.appcompat.app.AppCompatActivity;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;

/* loaded from: classes.dex */
public class FirstActivity extends AppCompatActivity implements View.OnClickListener {
    Button button;
    EditText password;
    EditText username;

    @Override // androidx.fragment.app.FragmentActivity, androidx.activity.ComponentActivity, androidx.core.app.ComponentActivity, android.app.Activity
    protected void onCreate(Bundle bundle) {
        super.onCreate(bundle);
        setContentView(R.layout.first_layout);
        this.button = (Button) findViewById(R.id.login_button);
        this.username = (EditText) findViewById(R.id.username);
        this.password = (EditText) findViewById(R.id.password);
        this.button.setOnClickListener(this);
    }

    @Override // android.view.View.OnClickListener
    public void onClick(View view) {
        String obj = this.username.getText().toString();
        String obj2 = this.password.getText().toString();
        if (checkUsername(obj) && checkPass(obj2)) {
            Toast.makeText(this, "登录成功", 0).show();
            Toast.makeText(this, "flag{" + obj + obj2 + "}", 0).show();
            return;
        }
        Toast.makeText(this, "登录失败", 0).show();
    }

    public boolean checkUsername(String str) {
        if (str != null) {
            try {
                if (str.length() != 0 && str != null) {
                    MessageDigest messageDigest = MessageDigest.getInstance("MD5");
                    messageDigest.reset();
                    messageDigest.update("zhishixuebao".getBytes());
                    String hexString = toHexString(messageDigest.digest(), "");
                    StringBuilder sb = new StringBuilder();
                    for (int i = 0; i < hexString.length(); i += 2) {
                        sb.append(hexString.charAt(i));
                    }
                    return (sb.toString()).equals(str);
                }
                return false;
            } catch (NoSuchAlgorithmException e) {
                e.printStackTrace();
            }
        }
        return false;
    }

    public boolean checkPass(String str) {
        if (str == null) {
            return false;
        }
        char[] charArray = str.toCharArray();
        if (charArray.length != 15) {
            return false;
        }
        for (int i = 0; i < charArray.length; i++) {
            charArray[i] = (char) ((((255 - i) + 2) - 98) - charArray[i]);
            if (charArray[i] != '0' || i >= 15) {
                return false;
            }
        }
        return true;
    }

    private static String toHexString(byte[] bArr, String str) {
        StringBuilder sb = new StringBuilder();
        for (byte b : bArr) {
            String hexString = Integer.toHexString(b & 255);
            if (hexString.length() == 1) {
                sb.append('0');
            }
            sb.append(hexString);
            sb.append(str);
        }
        return sb.toString();
    }
}

思路：
对checkUsername，zhishixuebao的MD5隔一位取出，为obj1
对checkPass函数，字符操作
script:

import hashlib

s = "zhishixuebao"
ss = hashlib.md5(s.encode()).hexdigest()
print(ss)
sss = ""
for i in range(0, len(ss), 2):
    sss += ss[i]
print(sss)
ssss = ""
for i in range(15):
    ssss += chr((255 - i) + 2 - 98 - 48)
print(ssss)
#flag{7afc4fcefc616ebdonmlkjihgfedcba}