Open roaris opened 3 months ago
roaris
commented
3 months ago Safe Opener(#11)とは違い、classファイルが与えられるだけでソースコードは見れない
$ java SafeOpener
Enter password for the safe: a
YQ==
Password is incorrect
You have 2 attempt(s) left
Enter password for the safe: b
Yg==
Password is incorrect
You have 1 attempt(s) left
Enter password for the safe: c
Yw==
Password is incorrect
You have 0 attempt(s) leftstringsコマンドでフラグが得られた
$ strings SafeOpener.class
<init>
Code
LineNumberTable
LocalVariableTable
this
LSafeOpener;
main
([Ljava/lang/String;)V
isOpen
args
[Ljava/lang/String;
keyboard
Ljava/io/BufferedReader;
encoder
Encoder
InnerClasses
Ljava/util/Base64$Encoder;
encodedkey
Ljava/lang/String;
StackMapTable
Exceptions
openSafe
(Ljava/lang/String;)Z
password
SourceFile
SafeOpener.java
java/io/BufferedReader
java/io/InputStreamReader
Enter password for the safe:
java/lang/StringBuilder
You have
attempt(s) left
,picoCTF{SAf3_0p3n3rr_y0u_solv3d_it_3dae8463}
Sesame open
Password is incorrect
SafeOpener
java/lang/Object
java/util/Base64$Encoder
java/lang/String
java/io/IOException
java/lang/System
Ljava/io/InputStream;
(Ljava/io/InputStream;)V
(Ljava/io/Reader;)V
java/util/Base64
getEncoder
()Ljava/util/Base64$Encoder;
Ljava/io/PrintStream;
java/io/PrintStream
print
(Ljava/lang/String;)V
readLine
()Ljava/lang/String;
getBytes
()[B
encodeToString
([B)Ljava/lang/String;
println
append
-(Ljava/lang/String;)Ljava/lang/StringBuilder;
(I)Ljava/lang/StringBuilder;
toString
equals
(Ljava/lang/Object;)Zせっかくなのでclassファイルのデコンパイルも試す jd-guiを使う
ここからdebファイルをダウンロードして、dpkg -iでインストール
$ sudo dpkg -i jd-gui-1.6.6.deb起動すると謎のエラーが発生する
javaのパスは通ってるんだが...
ターミナルでjava -jar /opt/jd-gui/jd-gui.jarを打つと起動出来た
roaris
commented
3 months ago SafeOpener.classのデコンパイル結果
https://play.picoctf.org/practice/challenge/375