移动互联网（APP）安全积分争夺赛初赛Writeup解析<\/h1>

1. babyapk题目解析<\/h2>

题目考点<\/h3>

安卓逆向<\/li>

XOR异或加密<\/li> <\/ul>

解题思路<\/h3>

分析Android代码和native库（反编译so文件）<\/li>

逆向推导出正确的flag<\/li> <\/ol>

解题脚本<\/h3>

c =<\/span> [119<\/span>, 9<\/span>, 40<\/span>, 44<\/span>, 106<\/span>, 84<\/span>, 113<\/span>, 124<\/span>, 34<\/span>, 93<\/span>, 122<\/span>, 121<\/span>, 119<\/span>, 4<\/span>, 120<\/span>, 124<\/span>, 36<\/span>, 7<\/span>, 127<\/span>, 42<\/span>, 117<\/span>, 6<\/span>, 112<\/span>, 41<\/span>, 32<\/span>, 4<\/span>, 112<\/span>, 47<\/span>, 119<\/span>, 81<\/span>, 123<\/span>, 47<\/span>, 33<\/span>, 81<\/span>, 40<\/span>, 120<\/span>, 114<\/span>, 24<\/span>]
<\/span><\/span>key =<\/span> [0x11<\/span>, 0x65<\/span>, 0x49<\/span>, 0x4B<\/span>]
<\/span><\/span>flag =<\/span> []
<\/span><\/span>for<\/span> i in<\/span> range(len(c)):
<\/span><\/span>    flag.<\/span>append(c[i] ^<\/span> key[i %<\/span> 4<\/span>])
<\/span><\/span>print(''<\/span>.<\/span>join([chr(x) for<\/span> x in<\/span> flag]))
<\/span><\/span><\/code><\/pre>FLAG<\/h3>
flag{1873832fa175b6adc9b1a9df42d04a3c}<\/code><\/p>
2. Privacy Master（1）题目解析<\/h2>
题目考点<\/h3>

隐私合规<\/li>
<\/ul>
解题思路<\/h3>
根据Android 13\/API 33的隐私合规要求，分析APP存在的非合规权限申请：<\/p>


READ_PHONE_STATE<\/strong>：<\/p>

在MainActivity<\/code>的checkAndRequestPermissions()<\/code>方法中直接请求<\/li>
未明确说明使用目的<\/li>
未提供替代方案（Android 10+限制该权限的访问）<\/li>
<\/ul>
<\/li>

ACCESS_FINE_LOCATION<\/strong>：<\/p>

在TwilightManager<\/code>中通过getLastKnownLocation()<\/code>方法动态请求<\/li>
当定位权限未授予时会回退到硬编码时间（hardcoded sunrise\/sunset values<\/code>）<\/li>
说明定位功能非核心功能但仍请求精确定位权限（Android 12+要求前台服务精确位置权限需单独声明）<\/li>
<\/ul>
<\/li>

POST_NOTIFICATIONS<\/strong>：<\/p>

在checkSelfPermission()<\/code>方法中检测到该权限的特殊处理（Build.VERSION.SDK_INT < 33<\/code>的兼容性判断）<\/li>
未遵循Android 13的通知权限运行时请求规范<\/li>
<\/ul>
<\/li>
<\/ol>
FLAG<\/h3>
READ_PHONE_STATE, ACCESS_FINE_LOCATION<\/code><\/p>
3. Goodluck题目解析<\/h2>
题目考点<\/h3>

MD5哈希破解<\/li>
<\/ul>
解题思路<\/h3>

识别出给定的字符串是MD5哈希值<\/li>
直接使用MD5解密工具或在线服务进行破解<\/li>
<\/ol>
FLAG<\/h3>
Flag{r9d3jv1}<\/code><\/p>
4. Ezenc题目解析<\/h2>
题目考点<\/h3>

傅里叶变换<\/li>
<\/ul>
解题思路<\/h3>

分析题目主要使用了傅里叶变换<\/li>
注意最终答案可能有误差，需要进行筛选<\/li>
<\/ol>
FLAG<\/h3>
flag{th3_df7_S0_3asy!}<\/code><\/p>
5. 偷天换日题目解析<\/h2>
题目考点<\/h3>

动态解密<\/li>
RC4加密<\/li>
<\/ul>
解题思路<\/h3>

发现是动态解密cc.data为dex然后加载<\/li>
使用了RC4加密<\/li>
将cc.data解密后用jadx分析<\/li>
进行Base58解密<\/li>
<\/ol>
FLAG<\/h3>
flag{j#n$j@m^,*1}<\/code><\/p>
6. Harmony题目解析<\/h2>
题目考点<\/h3>

Abc反编译<\/li>
MD5哈希<\/li>
<\/ul>
解题思路<\/h3>

使用abc decompile工具进行逆向分析<\/li>
从资源中获取hash值<\/li>
与用户输入进行对比<\/li>
通过cmd5反查得到"goodgood"<\/li>
输入后获取flag<\/li>
<\/ol>
FLAG<\/h3>
Flag{ee51e080d1db85f9927fe87aa92267bb}<\/code><\/p>
7. 这个木马在干啥题目解析<\/h2>
题目考点<\/h3>

Native层分析<\/li>
AES加密<\/li>
<\/ul>
解题思路<\/h3>

编写脚本解密native层中的字符串<\/li>
分析发现主要采用了AES加密和Base编码<\/li>
进行解密操作<\/li>
<\/ol>
8. IOSAPP题目解析<\/h2>
题目考点<\/h3>

iOS应用分析<\/li>
<\/ul>
解题思路<\/h3>

简单分析后只需进行-1操作即可获取flag<\/li>
<\/ol>
FLAG<\/h3>
flag{you_looking_for_me}<\/code><\/p>
总结<\/h2>
本比赛涵盖了移动应用安全的多个方面，包括：<\/p>

安卓逆向分析<\/li>
加密算法破解（XOR、RC4、AES、MD5）<\/li>
隐私合规检测<\/li>
动态解密技术<\/li>
iOS应用分析<\/li>
<\/ol>
每个题目都针对不同的安全技术点，参赛者需要掌握多种安全分析技能才能全面解决这些问题。<\/p>

移动互联网（APP）安全积分争夺赛初赛Writeup解析<\/h1>

1. babyapk题目解析<\/h2>

FLAG<\/h3>
`flag{1873832fa175b6adc9b1a9df42d04a3c}<\/code><\/p>`

FLAG<\/h3>
`READ_PHONE_STATE, ACCESS_FINE_LOCATION<\/code><\/p>`

FLAG<\/h3>
`Flag{r9d3jv1}<\/code><\/p>`

FLAG<\/h3>
`flag{th3_df7_S0_3asy!}<\/code><\/p>`

FLAG<\/h3>
`flag{j#n$j@m^,*1}<\/code><\/p>`

FLAG<\/h3>
`Flag{ee51e080d1db85f9927fe87aa92267bb}<\/code><\/p>`

8. IOSAPP题目解析<\/h2>

FLAG<\/h3>
`flag{you_looking_for_me}<\/code><\/p>`

移动互联网（APP）安全积分争夺赛初赛Writeup解析<\/h1>

1. babyapk题目解析<\/h2>

FLAG<\/h3> flag{1873832fa175b6adc9b1a9df42d04a3c}<\/code><\/p>

FLAG<\/h3> READ_PHONE_STATE, ACCESS_FINE_LOCATION<\/code><\/p>

FLAG<\/h3> Flag{r9d3jv1}<\/code><\/p>

FLAG<\/h3> flag{th3_df7_S0_3asy!}<\/code><\/p>

FLAG<\/h3> flag{j#n$j@m^,*1}<\/code><\/p>

FLAG<\/h3> Flag{ee51e080d1db85f9927fe87aa92267bb}<\/code><\/p>

8. IOSAPP题目解析<\/h2>

FLAG<\/h3> flag{you_looking_for_me}<\/code><\/p>

FLAG<\/h3>
`flag{1873832fa175b6adc9b1a9df42d04a3c}<\/code><\/p>`

FLAG<\/h3>
`READ_PHONE_STATE, ACCESS_FINE_LOCATION<\/code><\/p>`

FLAG<\/h3>
`Flag{r9d3jv1}<\/code><\/p>`

FLAG<\/h3>
`flag{th3_df7_S0_3asy!}<\/code><\/p>`

FLAG<\/h3>
`flag{j#n$j@m^,*1}<\/code><\/p>`

FLAG<\/h3>
`Flag{ee51e080d1db85f9927fe87aa92267bb}<\/code><\/p>`

FLAG<\/h3>
`flag{you_looking_for_me}<\/code><\/p>`