安卓逆向 -- 自吐算法(DES)
Posted web安全工具库
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了安卓逆向 -- 自吐算法(DES)相关的知识,希望对你有一定的参考价值。
一、DES算法源码
DESKeySpec deskey = new DESKeySpec("123456789".getBytes(StandardCharsets.UTF_8));//将密钥实例化
SecretKeyFactory key = SecretKeyFactory.getInstance("DES");//加密算法
SecretKey secretKey = key.generateSecret(deskey);//处理成系统可识别的密钥
Cipher cipher = Cipher.getInstance("DES/ECB/PKCS5Padding");//加密方式
cipher.init(1,secretKey);//1是加密,2是解密,初始化加密
byte[] desres = cipher.doFinal(bs.getBytes());
System.out.println("DES加密(字节):"+Arrays.toString(desres));
System.out.println("DES加密(Hex):"+bytes2HexString(desres));
System.out.println("DES加密(Base64):"+Base64.getEncoder().encodeToString(desres));
cipher.init(2,secretKey);//初始化解密
byte[] jmdesres = cipher.doFinal(Base64.getDecoder().decode("R7R5cToMh5QxnyoH/32OQw==".getBytes(StandardCharsets.UTF_8)));
System.out.println("DES解密(Base64):"+new String(jmdesres));
byte[] deshexbyte =hexString2Bytes("47B479713A0C8794319F2A07FF7D8E43");
jmdesres=cipher.doFinal(deshexbyte);
System.out.println("DES解密(Hex):"+new String(jmdesres));
二、分析源码,需hook的内容
1、hook的类:javax.crypto.spec.DESKeySpec,javax.crypto.spec.IvParameterSpec,javax.crypto.Cipher
2、hook的方法:key,IV,doFinal
三、hook源码
XposedBridge.hookAllConstructors(XposedHelpers.findClass(
"javax.crypto.spec.DESKeySpec",
loadPackageParam.classLoader),
new XC_MethodHook() {
@Override
protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
Log.e("逆向有你", "Stack:", new Throwable("stack dump"));
byte[] keybyte = new byte[8];
int offset = 0;
if (param.args.length != 1) {
offset = ((Integer) param.args[1]).intValue();
}
System.arraycopy((byte[])param.args[0], offset, keybyte, 0, 8);
String keyHex = b2s(keybyte);
String keyB64 = Base64.encodeToString(keybyte, 0);
Log.d("逆向有你", "DESKey:" + new String(keybyte));
Log.d("逆向有你", "DESKeyHex:" + keyHex);
Log.d("逆向有你", "DESKeyB64:" + keyB64);
Log.d("逆向有你", "=============DES密钥================");
}
});
XposedBridge.hookAllConstructors(XposedHelpers.findClass(
"javax.crypto.spec.IvParameterSpec",
loadPackageParam.classLoader),
new XC_MethodHook() {
/* access modifiers changed from: protected */
public void beforeHookedMethod(XC_MethodHook.MethodHookParam param) throws Throwable {
Log.e("逆向有你", "Stack:", new Throwable("stack dump"));
byte[] ivParameter = (byte[]) param.args[0];
int offset = 0;
int size = 0;
if (param.args.length != 1) {
offset = ((Integer) param.args[1]).intValue();
size = ((Integer) param.args[2]).intValue();
} else {
size = ivParameter.length;
}
byte[] ivbyte = new byte[size];
System.arraycopy(ivParameter, offset, ivbyte, 0, size);
String ivHex = b2s(ivbyte);
String ivB64 = Base64.encodeToString(ivbyte, 0);
Log.d("逆向有你", "ivParameter:" + new String(ivbyte));
Log.d("逆向有你", "ivParameterHex:" + ivHex);
Log.d("逆向有你", "ivParameterB64:" + ivB64);
Log.d("逆向有你", "======================IV向量===============================");
}
});
XposedBridge.hookAllMethods(XposedHelpers.findClass(
"javax.crypto.Cipher",
loadPackageParam.classLoader),
"doFinal",
new XC_MethodHook() {
public void afterHookedMethod(XC_MethodHook.MethodHookParam param) throws Throwable {
Log.e("逆向有你", "Stack:", new Throwable("stack dump"));
if (param.args.length == 0 || param.args.length == 1 || param.args.length == 3) {
Cipher cip = (Cipher) param.thisObject;
String Algorithm = cip.getAlgorithm();
byte[] dataAll = (byte[]) param.args[0];
if (param.args.length == 3) {
int offset = ((Integer) param.args[1]).intValue();
int size = ((Integer) param.args[2]).intValue();
byte[] databyte = new byte[size];
System.arraycopy(dataAll, offset, databyte, 0, size);
Log.d("逆向有你", Algorithm + "Data" + new String(databyte));
String data = new String(databyte);
String dataHex = b2s(databyte);
String dataB64 = Base64.encodeToString(databyte, 0);
Log.d("逆向有你", String.valueOf(Algorithm) + " Data:\\n" + data);
Log.d("逆向有你", String.valueOf(Algorithm) + " DataHex:\\n" + dataHex);
Log.d("逆向有你", String.valueOf(Algorithm) + " DataB64:\\n" + dataB64);
} else if (param.args.length == 1) {
String data2 = new String(dataAll);
String dataHex2 = b2s(dataAll);
String dataB642 = Base64.encodeToString(dataAll, 0);
Log.d("逆向有你", String.valueOf(Algorithm) + " Data:\\n" + data2);
Log.d("逆向有你", String.valueOf(Algorithm) + " DataHex:\\n" + dataHex2);
Log.d("逆向有你", String.valueOf(Algorithm) + " DataB64:\\n" + dataB642);
}
byte[] res = (byte[]) param.getResult();
String resHex = b2s(res);
String resB64 = Base64.encodeToString(res, 0);
Log.d("逆向有你", String.valueOf(Algorithm) + " resultHex: " + resHex);
Log.d("逆向有你", String.valueOf(Algorithm) + " resultB64: " + resB64);
Log.d("逆向有你", "================Cipher=============================");
}
}
});
四、运行结果
禁止非法,后果自负
欢迎关注公众号:逆向有你
欢迎关注视频号:之乎者也吧
以上是关于安卓逆向 -- 自吐算法(DES)的主要内容,如果未能解决你的问题,请参考以下文章