competition-crypto-mobile
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseCompetition Crypto Mobile
竞赛类密码学与移动安全
Use this skill only as a downstream specialization after is already active and has established sandbox assumptions, node ownership, and evidence priorities. If that has not happened yet, return to first.
$ctf-sandbox-orchestrator$ctf-sandbox-orchestratorUse this skill when the active challenge depends on recovering a transform chain, hidden media payload, mobile signing path, or local trust boundary.
Reply in Simplified Chinese unless the user explicitly requests English.
本技能仅可作为下游专项技能,在已激活、且已完成沙箱假设配置、节点归属确认和证据优先级划分后使用。如果还未完成上述前置步骤,请先返回执行。
$ctf-sandbox-orchestrator$ctf-sandbox-orchestrator当当前挑战需要还原转换链、隐藏媒体载荷、移动签名路径或本地信任边界时使用本技能。
除非用户明确要求使用英文回复,否则请使用简体中文回复。
Quick Start
快速开始
- Decide whether the dominant path is crypto, stego, or mobile.
- Recover transforms in order; do not jump straight to the fanciest algorithm.
- Record exact parameters and boundaries that affect the result.
- Hook the narrowest mobile boundary that proves the behavior.
- Reproduce the plaintext, payload, signed request, or accepted branch.
- 确定核心路径属于密码学、隐写术还是移动安全类别
- 按顺序还原转换流程,不要直接使用最复杂的算法尝试
- 记录所有会影响结果的精确参数和边界条件
- Hook能够证明对应行为的最小范围移动边界
- 复现明文、载荷、签名请求或可接受分支
Workflow
工作流
1. Crypto And Encoding
1. 密码学与编码
- Reconstruct the chain step by step: container, compression, encoding, xor or substitution, crypto, integrity, final parse.
- Keep exact keys, IVs, nonces, salts, tags, offsets, and byte order.
- 逐步重建转换链:容器、压缩、编码、异或或替换、密码运算、完整性校验、最终解析
- 留存所有精确的密钥、IV、nonce、盐值、标签、偏移量和字节序信息
2. Stego
2. 隐写术(Stego)
- Inspect metadata, chunk layout, palettes, alpha planes, LSBs, thumbnails, trailers, and transcoding artifacts.
- Rank decode attempts by evidence, not by brute-force curiosity.
- 检查元数据、块布局、调色板、alpha通道、LSB(最低有效位)、缩略图、尾部数据和转码 artifacts
- 根据证据优先级排序解码尝试,不要出于蛮力尝试的好奇心乱序操作
3. Mobile
3. 移动安全
- Start with manifest or plist, exported components, deeplinks, native libs, shared prefs, local DBs, and configs.
- Trace signer logic, token storage, SSL pinning, protobuf or RPC boundaries, and native bridge calls.
- 从manifest或plist、导出组件、deeplink、原生库、shared prefs、本地数据库和配置文件入手
- 追踪签名器逻辑、token存储、SSL pinning、protobuf或RPC边界、以及原生桥调用
Read This Reference
参考文档说明
- Load for the transform checklist, hook targets, and evidence packaging.
references/crypto-mobile.md - If the task is specifically about Android dynamic tracing, signer hooks, JNI boundaries, or pinning checks, prefer .
$competition-android-hooking - If the task is specifically about iOS runtime tracing, Keychain access, Objective-C or Swift hooks, or pinning checks inside an IPA, prefer .
$competition-ios-runtime - If the task is specifically about media carriers, hidden channels, thumbnails, or appended trailers, prefer .
$competition-stego-media
- 加载查看转换检查清单、Hook目标和证据打包规范
references/crypto-mobile.md - 如果任务明确是关于Android动态追踪、签名器Hook、JNI边界或pinning校验,请优先使用
$competition-android-hooking - 如果任务明确是关于iOS runtime追踪、Keychain访问、Objective-C或Swift Hook、或是IPA内部的pinning校验,请优先使用
$competition-ios-runtime - 如果任务明确是关于媒体载体、隐藏通道、缩略图或追加的尾部数据,请优先使用
$competition-stego-media
What To Preserve
需要留存的内容
- Decisive bytes proving each decode stage
- Hook points, signed strings, headers, and local storage paths
- Component names, protobuf fields, channel-specific outputs, or trailer offsets
- 证明每个解码阶段的关键字节
- Hook点、签名字符串、请求头和本地存储路径
- 组件名称、protobuf字段、特定通道输出或尾部数据偏移量