[Day 14] Reverse 小入门

时间飞逝,已到第14天了
明天就一半ㄌ,好感动眼睛流汗
今天我们要干大事!!!
要来解 REVERSE
先来介绍一下 REVERSE
需要具备组合语言,恶意程序,动态静态 Debugger
目前我打的这些我都不会
我跟读者一样是逆向新手
还再学习,小菜鸡是我,请大家多包容(飞吻
介绍一下台湾逆向界大神 aka 喊水会结冻
ADR (马圣豪) . Inndy (木棍) . TerryNiNi (尼尼) . ss8651twtw (林思辰)
我在赶死线,就没放他们的blog
大家有兴趣自己找喔

YT 学习资源:
SCIST YT Channel
https://www.youtube.com/c/OfficialSCIST

台科资安社
https://www.youtube.com/channel/UC4-PD2BdlYWd807BhJZkjIg/videos

PS.这周四 9/30 有线上社课,飞飞社长讲资安概论
欢迎大家来参加,填写表单
https://docs.google.com/forms/d/e/1FAIpQLSdHZURzU0jMHhKiOL4QyRbxzGjsvq0iZRFmysL666a72hNG_w/viewform

台科资安社脸书粉专
请多多按赞追踪,社课活动资讯不错过
https://www.facebook.com/ntust.hacking

好啦,开始今天的题目

vault-door-training (50 points)

Your mission is to enter Dr. Evil's laboratory and retrieve the blueprints for his Doomsday Project. The laboratory is protected by a series of locked vault doors. Each door is controlled by a computer and requires a password to open. Unfortunately, our undercover agents have not been able to obtain the secret passwords for the vault doors, but one of our junior agents obtained the source code for each vault's computer! You will need to read the source code for each level to figure out what the password is for that vault door. As a warmup, we have created a replica vault in our training facility. The source code for the training

vault is here: VaultDoorTraining.java

Hints
The password is revealed in the program's source code.

这题不需要任何逆向技巧,只要你勇敢看完好长的题目
重点在Hints password 在 program source 中
你敢看完ㄇ?
我们一起,不要怕

这是下载的 program source

import java.util.*;

class VaultDoorTraining {
    public static void main(String args[]) {
        VaultDoorTraining vaultDoor = new VaultDoorTraining();
        Scanner scanner = new Scanner(System.in); 
        System.out.print("Enter vault password: ");
        String userInput = scanner.next();
	String input = userInput.substring("picoCTF{".length(),userInput.length()-1);
	if (vaultDoor.checkPassword(input)) {
	    System.out.println("Access granted.");
	} else {
	    System.out.println("Access denied!");
	}
   }

    // The password is below. Is it safe to put the password in the source code?
    // What if somebody stole our source code? Then they would know what our
    // password is. Hmm... I will think of some ways to improve the security
    // on the other doors.
    //
    // -Minion #9567
    public boolean checkPassword(String password) {
        return password.equals("w4rm1ng_Up_w1tH_jAv4_eec0716b713");
    }
}

嘿嘿 有看到最後一行ㄇ
flag 在和你打招呼了

picoCTF{w4rm1ng_Up_w1tH_jAv4_eec0716b713}

Reverse 小入门舒服ㄇ

我们明天继续

晚安