Learning to Practice – XCTF Hacker Spirit_WuYu_AS’ Blog

class=”markdown_views prism-atom-one-dark”> One environment   Mobile phone: Pixel 1   System: Android 8.1   Software: IDA 7.5, JADX   Difficulty: Easy   apk resources Link: https://pan.baidu.com/ s/1iEBK__qeWKQAg9KFVraskA Extraction code: jn3p Second analysis process      1. Open and click Freedom and Justice Share, then click Register, you will enter the registration interface         2. Enter 1122334455667, then click Register, click OK to exit the APP (click anywhere outside the dialog box, it will not exit APP)         3. Open JADX, search for “your registration code has been saved”, and then see the key saveSN         4. Viewed three native methods         5. First check that the initSN method is only initialized in onCreate of this class, and search for the place where the MyApp class is initialized in JADX         6. Find the key judgment value MyApp.m (Figure 1), search for references and find no value assignment (Figure 2), then it may be in SO, plus APP initialization to judge, indicating the initSN method of MyApp.m assignment    figure 1 figure 2      7. Open IDA, import SO, open the export table and search for initSN, but find nothing, indicating that it is dynamically registered in JNI_OnLoad         8. View…