I learned some Android reverse engineering and see if I can solve a certain CTF problem.
I don’t know which competition’s ctf question it was, but it actually exists and is still sitting in my simulator and I haven’t finished it yet.
There will be a prompt message after clicking submit. Search keywords in dex in np.
Positioning successful
I switched to Java to take a look at the program logic. I was surprised to find that the flag was automatically generated and was not judged based on the input.
Then look at the Smali statement and look for the key jump\
Did you see this?
The corresponding thing is to determine whether the flag is equal to 1
Change directly to eq
Overlay installation
Lose casually, the flag will be sent directly
If there are any errors, please correct me