安卓逆向 reoky android-crackme-challenge2 log日志竟然打印md5

https://github.com/reoky/android-crackme-challenge

补环境

因为安卓代码老了 让ai帮忙把gradle环境补起来

frida脚本打印调试信息

发现log日志 竟然打印出了密码经过md5加密的值 b2c4782f0afc0d9ccf21af70ac6c5c7e 所以问ai让我去https://www.cmd5.com/ 解密出来这个字符串意味着密码是zipdrive

(frida_venv) (base) PS D:\projects\PythonProjects\frida> frida-ps -Uai
 PID  Name         Identifier
----  -----------  ------------------------------
4195  CrackMe Two  com.reoky.crackme.challengetwo


(frida_venv) (base) PS D:\projects\PythonProjects\frida>  frida -U -f "com.reoky.crackme.challengetwo" -l challenge2.js
     ____
    / _  |   Frida 17.5.2 - A world-class dynamic instrumentation toolkit
   | (_| |
    > _  |   Commands:
   /_/ |_|       help      -> Displays the help system
   . . . .       object?   -> Display information about 'object'
   . . . .       exit/quit -> Exit
   . . . .
   . . . .   More info at https://frida.re/docs/home/
   . . . .
   . . . .   Connected to Android Emulator 5554 (id=emulator-5554)
Spawned `com.reoky.crackme.challengetwo`. Resuming main thread!
[Android Emulator 5554::com.reoky.crackme.challengetwo ]-> [*] 脚本已加载，正在监控系统日志...
[*] 正在等待日志输出... 请在 APP 界面点击按钮触发逻辑。
[ERROR] [Util/Digest]: b2c4782f0afc0d9ccf21af70ac6c5c7e
[ERROR] [Util/Digest]: 61b3167fe76e8e2d9f1a50d0d1ed2c3e
[DEBUG] [ChallengeTwoFragment]: [WARN] Secret didn't match b2c4782f0afc0d9ccf21af70ac6c5c7e
[ERROR] [Util/Digest]: b2c4782f0afc0d9ccf21af70ac6c5c7e
[ERROR] [Util/Digest]: b2c4782f0afc0d9ccf21af70ac6c5c7e
[ERROR] [Util/Digest]: b2c4782f0afc0d9ccf21af70ac6c5c7e

challenge2.js脚本

问ai的

Java.perform(function () {
    console.log("[*] 脚本已加载，正在监控系统日志...");

    var Log = Java.use("android.util.Log");
    var tag_target = "ChallengeTwo"; // 很多这种题目会用 Challenge 名称作为 Tag

    // Hook Log.d (Debug)
    Log.d.overload('java.lang.String', 'java.lang.String').implementation = function (tag, msg) {
        console.log("[DEBUG] [" + tag + "]: " + msg);
        return this.d(tag, msg);
    };

    // Hook Log.i (Info)
    Log.i.overload('java.lang.String', 'java.lang.String').implementation = function (tag, msg) {
        console.log("[INFO] [" + tag + "]: " + msg);
        return this.i(tag, msg);
    };

    // Hook Log.v (Verbose)
    Log.v.overload('java.lang.String', 'java.lang.String').implementation = function (tag, msg) {
        console.log("[VERBOSE] [" + tag + "]: " + msg);
        return this.v(tag, msg);
    };

    Log.e.overload('java.lang.String', 'java.lang.String').implementation = function (tag, msg) {
        console.log("[ERROR] [" + tag + "]: " + msg);
        return this.e(tag, msg);
    };

    console.log("[*] 正在等待日志输出... 请在 APP 界面点击按钮触发逻辑。");
});