安卓逆向 -- 算法基础(数字签名)

Posted web安全工具库

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了安卓逆向 -- 算法基础(数字签名)相关的知识,希望对你有一定的参考价值。

一、数字签名

数字签名的基础是公钥和私钥的非对称加密,发送者使用私钥加密消息摘要(签名),接收者使用公钥解密消息摘要以验证签名是否是某个人的。常见的有MD5withRSA,SHA256withRSA

二、Java版

public  static String  pubkey="MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkluCxbqyIIVEG6wq3xwOncwtO" +"Ew45xvjOdEuxBG5MCGIGfik7s2XB3Znz2ih7RWkQdOTWTLRfNKqGLCDXZrVfM6i6" +"jJlxrPlHt8JlDPKmu5QGLsap5DGwdShnL29bLEpmql4UbxPo0NsCq91rt90m60H6" +"4br6yURdv/Pr6jyOEQIDAQAB";public  static String prikey="MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAOSW4LFurIghUQbr" +"CrfHA6dzC04TDjnG+M50S7EEbkwIYgZ+KTuzZcHdmfPaKHtFaRB05NZMtF80qoYs" +"INdmtV8zqLqMmXGs+Ue3wmUM8qa7lAYuxqnkMbB1KGcvb1ssSmaqXhRvE+jQ2wKr" +"3Wu33SbrQfrhuvrJRF2/8+vqPI4RAgMBAAECgYEAoSn3FWIQZpIGzLfegJ/h5ado" +"6wzoVLgCJ5062H1lPloSsr00WREsxzh0GMdRD0hqwN2JkcXWzeEV8S8foH6blEQ3" +"Utycz1LzN8cOJRWlXz/+aPCjGMQKbAARXQOpY6LYj2Y9cB5OayoIh2/afsZbS6gv" +"yJYZQNVDBGwmfJibEAECQQD7yE7gxwCHtjd8l/yhm87TROVaLUlq1jZXWsYNx8ts" +"qq/gXUueIssn4b3VTof4Htog1ZE1kGcSNg4ccKIiH6KRAkEA6Gsc9uskNnqB/DdL" +"SfvD5iZ03I4REAnpMueV9NHAA+cbOJtqSYUxEjW6jvzRo2MdqrlxOvRdUQZNKUZ+" +"pzzzgQJBAM2B7X/ibjhXLmrv0zBFcEdZEKrOFAKz3Z7nZIiS7yM/HlbPT40/cPqY" +"cs3MT4biB8CNEPzbZIWkwVfNR0j68UECQE3QfvQUqh0rSxXclXKBvobx3TJyxjeu" +"ecs3SjebekRUPgLn1eAjndhQ8NMqxi2D48zjJYvtgMi96VumZIUtnQECQQCh46wV" +"zSQ+iQcqBRipaNNa6ipAg1h60wh3omoBZQubQQYtDsmIbhT2AUZy6usBi65nd1I3" +"UefrOu9gIHGeU3br";public static PublicKey getPublickKey(String key)throws Exception{byte[] keyBytes= new BASE64Decoder().decodeBuffer(key);    X509EncodedKeySpec keys = new X509EncodedKeySpec(keyBytes);//实例化key    KeyFactory keyFactory = KeyFactory.getInstance("RSA");    PublicKey publicKey = keyFactory.generatePublic(keys);return publicKey;}public static PrivateKey getPrivatekey(String key)throws Exception{byte[] bytes = new BASE64Decoder().decodeBuffer(key);    PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(bytes);    KeyFactory keyFactory = KeyFactory.getInstance("RSA");    PrivateKey privateKey = keyFactory.generatePrivate(keySpec);return privateKey;}public static byte[] encrypt(byte[] enstr)throws Exception{    PublicKey publickKey = getPublickKey(pubkey);    Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");    cipher.init(Cipher.ENCRYPT_MODE,publickKey);byte[] bytes = cipher.doFinal(enstr);return bytes;}public static byte[] decrypt(byte[] destr)throws Exception{    PrivateKey privatekey = getPrivatekey(prikey);    Cipher cipht = Cipher.getInstance("RSA/ECB/PKCS1Padding");    cipht.init(Cipher.DECRYPT_MODE,privatekey);byte[] bytes= cipht.doFinal(destr);return bytes;}public static byte[] sign(byte[] bytes)throws Exception{    PrivateKey privatekey = getPrivatekey(prikey);    Signature sig = Signature.getInstance("SHA256withRSA");    sig.initSign(privatekey);    sig.update(bytes);return sig.sign();}public static boolean verify(byte[] bytes,byte[] sign)throws Exception{    PublicKey publickKey = getPublickKey(pubkey);    Signature sig = Signature.getInstance("SHA256withRSA");    sig.initVerify(publickKey);    sig.update(bytes);return sig.verify(sign);}public static void main(String[] args) throws Exception{    System.out.println("逆向有你");    String bs= "逆向有你a";byte[] signs = sign(bs.getBytes(StandardCharsets.UTF_8));    System.out.println("数字签名(字节):"+Arrays.toString(signs));    System.out.println("数字签名(Hex):"+bytes2HexString(signs));    System.out.println("数字签名(Base64):"+Base64.getEncoder().encodeToString(signs));boolean bl=verify(bs.getBytes(StandardCharsets.UTF_8),signs);    System.out.println("验证结果:"+bl);}运行结果:数字签名(字节):[26, -47, -18, 125, -106, -61, -56, -89, -97, 17, -16, -119, -86, 126, -81, -101, -91, -6, 5, -91, 93, 26, -11, -65, -84, 85, -112, -82, -123, -35, -115, 55, -113, -37, 80, -127, -128, -37, -78, 17, -45, -116, -4, 59, -103, -115, 27, 85, 69, -100, 23, 25, -33, 67, 88, -34, -59, 78, 18, 6, 57, -39, 54, -73, 100, -59, 77, 91, 75, -119, 118, 89, 95, 94, -82, -101, -74, -55, -15, -34, -9, -3, -93, -42, 22, 44, -7, -58, -116, -125, 78, 37, -25, 120, -58, -93, 86, 3, -30, -7, 55, 30, 45, 36, -112, -42, -104, 106, 1, -103, -24, 35, 60, 18, -71, -114, 83, 46, 107, 48, 16, -88, 113, -77, 46, 124, -92, -50]数字签名(Hex):1AD1EE7D96C3C8A79F11F089AA7EAF9BA5FA05A55D1AF5BFAC5590AE85DD8D378FDB508180DBB211D38CFC3B998D1B55459C1719DF4358DEC54E120639D936B764C54D5B4B8976595F5EAE9BB6C9F1DEF7FDA3D6162CF9C68C834E25E778C6A35603E2F9371E2D2490D6986A0199E8233C12B98E532E6B3010A871B32E7CA4CE数字签名(Base64):GtHufZbDyKefEfCJqn6vm6X6BaVdGvW/rFWQroXdjTeP21CBgNuyEdOM/DuZjRtVRZwXGd9DWN7FThIGOdk2t2TFTVtLiXZZX16um7bJ8d73/aPWFiz5xoyDTiXneMajVgPi+TceLSSQ1phqAZnoIzwSuY5TLmswEKhxsy58pM4=验证结果:true

三、JS版

1、用到的加密库下载地址

https://gitee.com/mirrors/jsrsasign

2、调用源码

var signData="逆向有你a";var pubkey1="-----BEGIN PUBLIC KEY-----\\n" +"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD3XSdz1MnzazBEN5KOfTx0IyVJ\\n" +"Z5wb57isrCuHDhnYXwtmdhQalgII0fozeeFpMpAvlnmHC1kpW7XVGvZnLx3bWbCE\\n" +"bf+pMSW4kmQuI+5cxRUJbCl7sdaODBrINgERHPICVC18AJLThEVMHyjuR6Jn4zQm\\n" +"yYNbReSktY/BrFTvMQIDAQAB\\n" +"-----END PUBLIC KEY-----";var privatekey="-----BEGIN PRIVATE KEY-----\\n" +"MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAPddJ3PUyfNrMEQ3\\n" +"ko59PHQjJUlnnBvnuKysK4cOGdhfC2Z2FBqWAgjR+jN54WkykC+WeYcLWSlbtdUa\\n" +"9mcvHdtZsIRt/6kxJbiSZC4j7lzFFQlsKXux1o4MGsg2AREc8gJULXwAktOERUwf\\n" +"KO5HomfjNCbJg1tF5KS1j8GsVO8xAgMBAAECgYEA6eG1JMrj63jEmStmMb1txG1a\\n" +"mu4Q5z2QGgtr2HVXsIIlGEq6tWxyHf7TL4qkuz9onuYKn8n2Eqm44fZtVaBx+5ES\\n" +"zRpIvlTvaxmVu0HZ1hYAzUw1XyRnXNMKpL5tT4GCjm8+QGPzlGxgXI1sNg8r9Jaw\\n" +"9zRUYeA6LQR9RIMkHWUCQQD8QojjVoGjtiunoh/N8iplhUszZIavAEvmDIE+kVy+\\n" +"pA7hvlukLw6JMc7cfTcnHyxDo9iHVIzrWlTuKRq9KWVLAkEA+wgJS2sgtldnCVn6\\n" +"tJKFVwsHrWhMIU29msPPbNuWUD23BcKE/vehIyFu1ahNA/TiM40PEnzprQ5JfPxU\\n" +"16S78wJANTfMLTnYy7Lo7sqTLx2BuD0wqjzw9QZ4/KVytsJv8IAn65P/PVn4FRV+\\n" +"8KEx+3zmF7b/PT2nJRe/hycAzxtmlQJBAMrFwQxEqpXfoAEzx4lY2ZBn/nmaR/SW\\n" +"4VNEXCbocVC7qT1j1R5HVMgV13uKiTtq8dUGWmhqsi7x3XayNK5ECPUCQQDZaAN6\\n" +"tvIHApz9OLsXSw0jZirQ6KEYdharXbIVDy1W1sVE3lzLbqLdFp1bxAHQIvsYS5PM\\n" +"A9veSJh372RLJKkj\\n" +"-----END PRIVATE KEY-----";function signa(src){let signature=new KJUR.crypto.Signature({alg:"SHA256withRSA",prvkeypem:privatekey});       signature.updateString(src);let a = signature.sign();let sign = hextob64(a);console.log(sign);}function signa1(src){var key = KEYUTIL.getKey(privatekey);var signature=new KJUR.crypto.Signature({alg:"SHA256withRSA"});    signature.init(key);    signature.updateString(src);var a = signature.sign();var sign = hextob64(a);console.log(sign);return sign;}function yanzheng(){var a=signa1(signData);var signatureVf = new KJUR.crypto.Signature({alg:"SHA256withRSA",prvkeypem:pubkey1});    signatureVf.updateString(signData);var b = signatureVf.verify(b64tohex(a));console.log("jsrsasign verify: "+b);}signa1(signData)yanzheng()

禁止非法,后果自负

欢迎关注公众号:逆向有你

欢迎关注视频号:之乎者也吧

以上是关于安卓逆向 -- 算法基础(数字签名)的主要内容,如果未能解决你的问题,请参考以下文章

安卓逆向 -- 算法基础(SHA)

安卓逆向 -- 算法基础(MAC)

安卓逆向 -- 算法基础(RSA)

安卓逆向 -- 算法基础(DES与3DES)

安卓逆向 -- 绕过SO层签名验证

安卓逆向 -- 算法基础(Base64与HEX)