安卓逆向 -- 自吐算法(MAC)
2023-03-14 22:51:46 时间
一、MAC算法源码
import javax.crypto.Mac import javax.crypto.spec.SecretKeySpec String bs= "逆向有你a"; SecretKeySpec key = new SecretKeySpec("12345".getBytes(StandardCharsets.UTF_8), "HmacSHA256");//申请一个密钥,长度内容随便写 Mac mac = Mac.getInstance("HmacSHA256");//告诉系统我用的加密码方式是HmacSHA256 mac.init(key); byte[] macres = mac.doFinal(bs.getBytes(StandardCharsets.UTF_8));//开始加密 System.out.println("HmacSHA1加密(字节):"+Arrays.toString(macres)); System.out.println("HmacSHA1加密(字符串):"+bytes2HexString(macres)); SecretKeySpec key1 = new SecretKeySpec("12345".getBytes(StandardCharsets.UTF_8), "HmacSHA256");//申请一个密钥,长度内容随便写 Mac mac1 = Mac.getInstance("HmacSHA256");//告诉系统我用的加密码方式是HmacSHA256 mac1.init(key1); mac1.update("逆向".getBytes(StandardCharsets.UTF_8)); mac1.update("有你".getBytes(StandardCharsets.UTF_8)); byte[] macres1 = mac1.doFinal("a".getBytes(StandardCharsets.UTF_8)); System.out.println(bytes2HexString(macres1));
二、分析源码,需hook的内容
1、hook类是javax.crypto.Mac,javax.crypto.spec.SecretKeySpec
2、hook的方法:SecretKeySpec,doFinal
三、hook源码
XposedBridge.hookAllMethods(XposedHelpers.findClass("javax.crypto.Mac", loadPackageParam.classLoader) , "doFinal", new XC_MethodHook() { @Override protected void afterHookedMethod(MethodHookParam param) throws Throwable { super.afterHookedMethod(param); Log.e("逆向有你", "Stack:", new Throwable("stack dump")); if(param.args.length==2) return; Mac mc = (Mac) param.thisObject;//实例化 String algorithm = mc.getAlgorithm();//获取加密算法的名称 if (param.args.length == 2) { byte[] params = (byte[]) param.args[0]; String data = new String(params); String datahex = b2s(params); String datab64 = Base64.encodeToString(params, 0); Log.d("逆向有你",algorithm+"data:"+data); Log.d("逆向有你",algorithm+"datahex:"+datahex); Log.d("逆向有你",algorithm+"datab64:"+datab64); } byte[] res=(byte[])param.getResult(); String reshex = b2s(res); String resb64 = Base64.encodeToString(res, 0); Log.d("逆向有你",algorithm+"resulthex:"+reshex); Log.d("逆向有你",algorithm+"resultb64:"+resb64); Log.d("逆向有你","========================================================================"); } }); XposedBridge.hookAllConstructors(XposedHelpers.findClass("javax.crypto.spec.SecretKeySpec", loadPackageParam.classLoader) , new XC_MethodHook() { @Override protected void afterHookedMethod(MethodHookParam param) throws Throwable { super.afterHookedMethod(param); Log.e("逆向有你", "Stack:", new Throwable("stack dump")); byte[] secretKey = (byte[]) param.args[0]; int offset=0; int size=0; String algorithm=null; if (param.args.length != 2) { offset = ((Integer) param.args[1]).intValue(); size = ((Integer) param.args[2]).intValue(); algorithm = (String) param.args[3]; }else { size=secretKey.length; algorithm= (String) param.args[1]; } byte[] keyres=new byte[size]; System.arraycopy(secretKey,offset,keyres,0,size); String keyreshex = b2s(keyres); String keyresb64 = Base64.encodeToString(keyres, 0); Log.d("逆向有你",algorithm+"secretkey:"+new String(keyres)); Log.d("逆向有你",algorithm+"secretkeyhex:"+keyreshex); Log.d("逆向有你",algorithm+"secretkeyb64:"+keyresb64); Log.d("逆向有你","========================================================================"); } });
四、运行结果
禁止非法,后果自负
相关文章
- 《 Ceph分布式存储学习指南》导读
- Sysstat性能监控工具包中20个实用命令
- 分布式消息中间件Metaq发布1.4.2
- Linux有问必答:如何在PDF中嵌入LaTex中的所有字体
- Anti-Entropy Protocols
- 在Ubuntu Trusty 14.04 (LTS) (64-bit)安装Docker
- HBase HFile与Prefix Compression内部实现全解--KeyValue格式
- 巧用linux云服务器下的的/dev/shm/,避开磁盘IO不给力!
- Strong Consistency, 强一致性技术概述
- 关于hashcode 里面 使用31 系数的问题
- O2O的奇幻旅程:3000家O2O项目的经营状态深度解析
- Linux有问必答:如何在CentOS7上改变网络接口名
- 一个状态模式的小改进
- 阿里双11大型项目管理怎么玩?
- Git Rebase教程: 用Git Rebase让时光倒流
- Linux有问必答:如何检测并修复bash中的破壳漏洞
- stat -- 获取比 ls 更多的信息
- 全序, 分布式一致性的本质
- 通过visualvm远程监控jetty
- 《DevOps:软件架构师行动指南.》导读