re学习笔记（77）攻防世界 - mobile区 - app1

推荐肉丝r0ysue课程（包含安卓逆向与js逆向）：
Jeb载入
读取versionName（版本号）和versionCode（内部版本号）然后相异或得到flag

直接查看BuildConfig类

或者
Jeb动调，ctrl+b下断点
adb shell am start -D -n [package name]/[Activity name]
然后jeb 调试，开始，附加相应apk

写脚本得到flag为

ens ="X
xn = 15
flag = ""
for i in ens:
    flag += chr(xn^ord(i))
print(flag)
# W3l_T0_GAM3_0ne

凑字数的

public abstract class BackendFactory {

    private final boolean fallbackUnicorn;

    protected BackendFactory(boolean fallbackUnicorn) {
        this.fallbackUnicorn = fallbackUnicorn;
    }

    private Backend newBackend(Emulator<?> emulator, boolean is64Bit) {
        try {
            return newBackendInternal(emulator, is64Bit);
        } catch (Throwable e) {
            if (fallbackUnicorn) {
                return null;
            } else {
                throw e;
            }
        }
    }

    protected abstract Backend newBackendInternal(Emulator<?> emulator, boolean is64Bit);

    public static Backend createBackend(Emulator<?> emulator, boolean is64Bit, Collection<BackendFactory> backendFactories) {
        if (backendFactories != null) {
            for (BackendFactory factory : backendFactories) {
                Backend backend = factory.newBackend(emulator, is64Bit);
                if (backend != null) {
                    return backend;
                }
            }
        }
        return new UnicornBackend(emulator, is64Bit);
    }

}