本文共 9736 字，大约阅读时间需要 32 分钟。

前两道wp来自于一位强大的师傅，她特意叮嘱不署名，在此表示感谢！十分感谢

寻梦

a.打开题目后

b.看到此提示后，需要把显示出来的base64编码解码

C.再次填入xunmeng，就看到了flag

JUST{re_is_so_interesting}

寻梦S

a.随便输入后，给了无关的提示，需要动用反编译工具jeb

b.反编译查了一下，找到主要加密代码

public void onClick(View arg11) {               int v0 = 18;            int[] v1 = new int[]{   74, 6, 81, 0x2F, 0x7F, 22, 105, 42, 87, 19, 120, 58, 83, 8, 97, 11, 0x74, 0x7D};            int[] v2 = new int[]{   42, 42, 42, 42, 42, 42, 42, 42, 42, 42, 42, 42, 42, 42, 42, 42, 42, 42};            String v3 = MainActivity.this.text.getText().toString().trim();            String v5 = "不要调皮，应该好好输入";            if(TextUtils.isEmpty(((CharSequence)v3))) {                   Toast.makeText(MainActivity.this, ((CharSequence)v5), 0).show();            }            else if(v3.length() == v0) {                   char[] v0_1 = v3.toCharArray();                int v4;                for(v4 = 0; true; ++v4) {                       int v7 = 17;                    if(v4 >= v7) {                           break;                    }                    v2[v4] = v4 % 2 == 0 ? v0_1[v4] ^ v4 : v0_1[v4] ^ v0_1[v4 + 1];                }                for(v4 = 0; v4 < v7; ++v4) {                       if(v2[v4] != v1[v4]) {                           Toast.makeText(MainActivity.this, ((CharSequence)v5), 0).show();                    }                    else if(v4 < 16) {                       }                    else {                           Toast.makeText(MainActivity.this, "恭喜你，拿到flag", 0).show();                    }                }            }            else {                   Toast.makeText(MainActivity.this, "好好加油，再接再厉", 0).show();            }        }    }

分析了一下主要代码： v2[v4] = v4 % 2 == 0 ? v0_1[v4] ^ v4 : v0_1[v4] ^ v0_1[v4 + 1];
也就是把flag的偶数位异或 自己的位数，奇数位异或 下一位，然后异或后得出一个数组，按照思路利用已知数组反推回去即可。
接下来上代码：

public class wp {       public static void main(String[] args) {           int[]e= {   74,6,81,47,127,22,105,42,87,19,120,58,83,8,97,11,116,125};        for (int i = 0; i < 17; i++) {               int n = i % 2;            if (n == 0) {                   e[i] = e[i] ^ i;            }        }        for (int i = 0; i < 17; i++) {               int n = i % 2;            if (n != 0) {                   e[i] = e[i] ^e[i+1] ;            }        }            for (int i = 0; i < 18; i++) {                   System.out.print(((char)e[i]));            }    }}

运行结果如下：

得到flag：JUST{you_are_good}

寻梦SS

a.

直接上工具吧，没啥好说的

b.分析代码可知用flag做了base64编码后，然后把密文进行位置互换，所以我们只需要把密文位置换回去，然后进行解密即可。

c.换位代码

  int[] c = {   'v','t','v','h','J','b','1','C','r','O','1','S','B','A','x','T','j','B','3','C','v','O','2','S','v','5','z','x','n','5','3','g','Z','L','x','T','n','F','1','x','b','I','0','t','Z','Z','s','B'};        for (int i = 47; i>=2; i--) {               int temp = c[i - 2];            c[i - 2] = c[i];            c[i] = temp;        }

换位后为sBvtvhJb1CrO1SBAxTjB3CvO2Sv5zxn53gZLxTnF1xbI0tZZ

d.base64表被换位了，所以直接上网搜索自定义base64，随便找个自定义base64 的decode函数然后把表换了即可

首先把base64表写出

public final static char[] base64_alphabet = new char[]{   'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', '0', 'z', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '/', '+', '='};

 public static String decode(String enContent) {           byte[] data = enContent.getBytes();        int i = 0, j = 0, enCode = 0;        int mLength = data.length;        byte[] char_array_4 = new byte[4];        byte[] char_array_3 = new byte[3];        String retContent = "";        // filter out the padding '=' chars        while (mLength > 0 && (((char) data[enCode]) != '=') && isBase64((char) data[enCode])) {               mLength--;            char_array_4[i++] = data[enCode++];            if (i == 4) {                   for (i = 0; i < 4; i++)                    char_array_4[i] = findChar((char) char_array_4[i]);                char_array_3[0] = (byte) ((char_array_4[0] << 2) + ((char_array_4[1] & 0x30) >> 4));                char_array_3[1] = (byte) (((char_array_4[1] & 0xf) << 4) + ((char_array_4[2] & 0x3c) >> 2));                char_array_3[2] = (byte) (((char_array_4[2] & 0x3) << 6) + char_array_4[3]);                for (i = 0; (i < 3); i++)                    retContent += (char) char_array_3[i];                i = 0;            }        }        // last content handling        if (i > 0) {               for (j = i; j < 4; j++)                char_array_4[j] = 0;            for (j = 0; j < 4; j++)                char_array_4[j] = findChar((char) char_array_4[j]);            char_array_3[0] = (byte) ((char_array_4[0] << 2) + ((char_array_4[1] & 0x30) >> 4));            char_array_3[1] = (byte) (((char_array_4[1] & 0xf) << 4) + ((char_array_4[2] & 0x3c) >> 2));            char_array_3[2] = (byte) (((char_array_4[2] & 0x3) << 6) + char_array_4[3]);            for (j = 0; (j < i - 1); j++)                retContent += (char) char_array_3[j];        }        return retContent;    }

主函数里写出

 String d="sBvtvhJb1CrO1SBAxTjB3CvO2Sv5zxn53gZLxTnF1xbI0tZZ";        String e=base64.decode(d);        System.out.println(e);

得出flag

JUST{Android_reverse_is_too_simple?}

在这里呢，贴一下一个完整的自定义base64代码，需要的自取

public class base64 {       public final static char[] base64_alphabet = new char[]{               'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's',            't', 'u', 'v', 'w', 'x', 'y', '0','z', '1', '2', '3', '4', '5', '6', '7', '8', '9',  'A', 'B',            'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U',            'V', 'W', 'X', 'Y', 'Z', '/','+', '='};    public static String encode(String content) {           byte[] data = content.getBytes();        int length = data.length;        byte[] char_array_3 = new byte[]{   0, 0, 0};        byte[] char_array_4 = new byte[]{   '=', '=', '=', '='};        String retContent = "";        int i = 0;        int j = 0;        int reversePos = 0;        while (length > 0) {               length--;            char_array_3[i++] = data[reversePos++];            if (i == 3) {                   char_array_4[0] = (byte) ((char_array_3[0] & 0xfc) >> 2); // convert the char                char_array_4[1] = (byte) (((char_array_3[0] & 0x03) << 4) + ((char_array_3[1] & 0xf0) >> 4));                char_array_4[2] = (byte) (((char_array_3[1] & 0x0f) << 2) + ((char_array_3[2] & 0xc0) >> 6));                char_array_4[3] = (byte) (char_array_3[2] & 0x3f);                for (i = 0; (i < 4); i++)                    retContent += base64_alphabet[char_array_4[i]];                i = 0;            }        }        // handling the last input content        if (i > 0) {               for (j = i; j < 3; j++)                char_array_3[j] = 0; // padding of zero            char_array_4[0] = (byte) ((char_array_3[0] & 0xfc) >> 2); // right shift            char_array_4[1] = (byte) (((char_array_3[0] & 0x03) << 4) + ((char_array_3[1] & 0xf0) >> 4));            char_array_4[2] = (byte) (((char_array_3[1] & 0x0f) << 2) + ((char_array_3[2] & 0xc0) >> 6));            char_array_4[3] = (byte) (char_array_3[2] & 0x3f);            for (j = 0; (j < i + 1); j++)                retContent += base64_alphabet[char_array_4[j]];            while ((i++ < 3)) // padding of '=' of output string                retContent += '=';        }        return retContent;    }    public static String decode(String enContent) {           byte[] data = enContent.getBytes();        int i = 0, j = 0, enCode = 0;        int mLength = data.length;        byte[] char_array_4 = new byte[4];        byte[] char_array_3 = new byte[3];        String retContent = "";        // filter out the padding '=' chars        while (mLength > 0 && (((char) data[enCode]) != '=') && isBase64((char) data[enCode])) {               mLength--;            char_array_4[i++] = data[enCode++];            if (i == 4) {                   for (i = 0; i < 4; i++)                    char_array_4[i] = findChar((char) char_array_4[i]);                char_array_3[0] = (byte) ((char_array_4[0] << 2) + ((char_array_4[1] & 0x30) >> 4));                char_array_3[1] = (byte) (((char_array_4[1] & 0xf) << 4) + ((char_array_4[2] & 0x3c) >> 2));                char_array_3[2] = (byte) (((char_array_4[2] & 0x3) << 6) + char_array_4[3]);                for (i = 0; (i < 3); i++)                    retContent += (char) char_array_3[i];                i = 0;            }        }        // last content handling        if (i > 0) {               for (j = i; j < 4; j++)                char_array_4[j] = 0;            for (j = 0; j < 4; j++)                char_array_4[j] = findChar((char) char_array_4[j]);            char_array_3[0] = (byte) ((char_array_4[0] << 2) + ((char_array_4[1] & 0x30) >> 4));            char_array_3[1] = (byte) (((char_array_4[1] & 0xf) << 4) + ((char_array_4[2] & 0x3c) >> 2));            char_array_3[2] = (byte) (((char_array_4[2] & 0x3) << 6) + char_array_4[3]);            for (j = 0; (j < i - 1); j++)                retContent += (char) char_array_3[j];        }        return retContent;    }    public static boolean isBase64(char c) {           boolean base64 = false;        for (int i = 0; i < 64; i++) {               if (c == base64_alphabet[i]) {                   base64 = true;                break;            }        }        return base64;    }    public static byte findChar(char x) {           byte index = 64; // 65th char '='        for (int i = 0; i < 64; i++) {               if (x == base64_alphabet[i]) {                   index = (byte) i;                break;            }        }        return index;    }