安卓逆向 -- 自吐算法(DES)
2023-03-14 22:52:47 时间
一、DES算法源码
DESKeySpec deskey = new DESKeySpec("123456789".getBytes(StandardCharsets.UTF_8));//将密钥实例化 SecretKeyFactory key = SecretKeyFactory.getInstance("DES");//加密算法 SecretKey secretKey = key.generateSecret(deskey);//处理成系统可识别的密钥 Cipher cipher = Cipher.getInstance("DES/ECB/PKCS5Padding");//加密方式 cipher.init(1,secretKey);//1是加密,2是解密,初始化加密 byte[] desres = cipher.doFinal(bs.getBytes()); System.out.println("DES加密(字节):"+Arrays.toString(desres)); System.out.println("DES加密(Hex):"+bytes2HexString(desres)); System.out.println("DES加密(Base64):"+Base64.getEncoder().encodeToString(desres)); cipher.init(2,secretKey);//初始化解密 byte[] jmdesres = cipher.doFinal(Base64.getDecoder().decode("R7R5cToMh5QxnyoH/32OQw==".getBytes(StandardCharsets.UTF_8))); System.out.println("DES解密(Base64):"+new String(jmdesres)); byte[] deshexbyte =hexString2Bytes("47B479713A0C8794319F2A07FF7D8E43"); jmdesres=cipher.doFinal(deshexbyte); System.out.println("DES解密(Hex):"+new String(jmdesres));
二、分析源码,需hook的内容
1、hook的类:javax.crypto.spec.DESKeySpec,javax.crypto.spec.IvParameterSpec,javax.crypto.Cipher
2、hook的方法:key,IV,doFinal
三、hook源码
XposedBridge.hookAllConstructors(XposedHelpers.findClass( "javax.crypto.spec.DESKeySpec", loadPackageParam.classLoader), new XC_MethodHook() { @Override protected void beforeHookedMethod(MethodHookParam param) throws Throwable { Log.e("逆向有你", "Stack:", new Throwable("stack dump")); byte[] keybyte = new byte[8]; int offset = 0; if (param.args.length != 1) { offset = ((Integer) param.args[1]).intValue(); } System.arraycopy((byte[])param.args[0], offset, keybyte, 0, 8); String keyHex = b2s(keybyte); String keyB64 = Base64.encodeToString(keybyte, 0); Log.d("逆向有你", "DESKey:" + new String(keybyte)); Log.d("逆向有你", "DESKeyHex:" + keyHex); Log.d("逆向有你", "DESKeyB64:" + keyB64); Log.d("逆向有你", "=============DES密钥================"); } }); XposedBridge.hookAllConstructors(XposedHelpers.findClass( "javax.crypto.spec.IvParameterSpec", loadPackageParam.classLoader), new XC_MethodHook() { /* access modifiers changed from: protected */ public void beforeHookedMethod(XC_MethodHook.MethodHookParam param) throws Throwable { Log.e("逆向有你", "Stack:", new Throwable("stack dump")); byte[] ivParameter = (byte[]) param.args[0]; int offset = 0; int size = 0; if (param.args.length != 1) { offset = ((Integer) param.args[1]).intValue(); size = ((Integer) param.args[2]).intValue(); } else { size = ivParameter.length; } byte[] ivbyte = new byte[size]; System.arraycopy(ivParameter, offset, ivbyte, 0, size); String ivHex = b2s(ivbyte); String ivB64 = Base64.encodeToString(ivbyte, 0); Log.d("逆向有你", "ivParameter:" + new String(ivbyte)); Log.d("逆向有你", "ivParameterHex:" + ivHex); Log.d("逆向有你", "ivParameterB64:" + ivB64); Log.d("逆向有你", "======================IV向量==============================="); } }); XposedBridge.hookAllMethods(XposedHelpers.findClass( "javax.crypto.Cipher", loadPackageParam.classLoader), "doFinal", new XC_MethodHook() { public void afterHookedMethod(XC_MethodHook.MethodHookParam param) throws Throwable { Log.e("逆向有你", "Stack:", new Throwable("stack dump")); if (param.args.length == 0 || param.args.length == 1 || param.args.length == 3) { Cipher cip = (Cipher) param.thisObject; String Algorithm = cip.getAlgorithm(); byte[] dataAll = (byte[]) param.args[0]; if (param.args.length == 3) { int offset = ((Integer) param.args[1]).intValue(); int size = ((Integer) param.args[2]).intValue(); byte[] databyte = new byte[size]; System.arraycopy(dataAll, offset, databyte, 0, size); Log.d("逆向有你", Algorithm + "Data" + new String(databyte)); String data = new String(databyte); String dataHex = b2s(databyte); String dataB64 = Base64.encodeToString(databyte, 0); Log.d("逆向有你", String.valueOf(Algorithm) + " Data: " + data); Log.d("逆向有你", String.valueOf(Algorithm) + " DataHex: " + dataHex); Log.d("逆向有你", String.valueOf(Algorithm) + " DataB64: " + dataB64); } else if (param.args.length == 1) { String data2 = new String(dataAll); String dataHex2 = b2s(dataAll); String dataB642 = Base64.encodeToString(dataAll, 0); Log.d("逆向有你", String.valueOf(Algorithm) + " Data: " + data2); Log.d("逆向有你", String.valueOf(Algorithm) + " DataHex: " + dataHex2); Log.d("逆向有你", String.valueOf(Algorithm) + " DataB64: " + dataB642); } byte[] res = (byte[]) param.getResult(); String resHex = b2s(res); String resB64 = Base64.encodeToString(res, 0); Log.d("逆向有你", String.valueOf(Algorithm) + " resultHex: " + resHex); Log.d("逆向有你", String.valueOf(Algorithm) + " resultB64: " + resB64); Log.d("逆向有你", "================Cipher============================="); } } });
四、运行结果
禁止非法,后果自负
相关文章
- 跨地域场景下,如何解决分布式系统的一致性?
- 将自由风格项目转换为管道项目 CI/CD
- 手把手教你用Go语言开发一款简易目录生成器
- 断言(assert)有多重要,你不会不知道吧
- 3分钟快速搭建Web服务器,这一篇你值得收藏
- 设计模式系列之建造者模式
- 十大经典排序算法详解之一:冒泡排序,选择排序,插入排序
- TypeScript 中提升幸福感的 10 个高级技巧
- 技术增强: 如何更优雅地开发中间件?
- 开发进阶:Dotnet Core多路径异步终止
- Nacos或者Config是怎么实现配置热刷新的?
- 一篇文章带你了解CSS3 滤镜(Filters)之二
- 引入『客户端缓存』,Redis6算是把缓存玩明白了…
- 最新研究发现超级人工智能,从理论上就无法控制
- GPT“高仿”系列开源了!最大可达GPT-3大小,能自主训练
- 程序员进阶书单:算法篇
- Zookeeper面试常见的11个连环炮
- 简单了解 TiDB 架构
- 浅析经典排序算法之堆排序
- 快来看!简单的代码提交能玩出这么多花样