安卓逆向 -- 自吐算法(3DES和AES)
Posted web安全工具库
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了安卓逆向 -- 自吐算法(3DES和AES)相关的知识,希望对你有一定的参考价值。
一、3DES源码
String bs= "逆向有你a";
DESedeKeySpec des3key = new DESedeKeySpec(("123456781234567812345678".getBytes(StandardCharsets.UTF_8)));//密钥必须是24个字节
SecretKeyFactory keydes3 = SecretKeyFactory.getInstance("DESede");
SecretKey secretKey3 = keydes3.generateSecret(des3key);
Cipher cipher3des = Cipher.getInstance("DESede/ECB/PKCS5Padding");
cipher3des.init(1,secretKey3);
byte[] des3res = cipher3des.doFinal(bs.getBytes(StandardCharsets.UTF_8));
System.out.println("3DES加密(字节):"+Arrays.toString(des3res));
System.out.println("3DES加密(Hex):"+bytes2HexString(des3res));
System.out.println("3DES加密(Base64):"+Base64.getEncoder().encodeToString(des3res));
cipher3des.init(2,secretKey3);//初始化解密
byte[] jm3desres = cipher3des.doFinal(Base64.getDecoder().decode("vN3o+PDQ0Yo8y5+InEzpwA==".getBytes(StandardCharsets.UTF_8)));
System.out.println("3DES解密(Base64):"+new String(jm3desres));
byte[] des3hexbyte =hexString2Bytes("BCDDE8F8F0D0D18A3CCB9F889C4CE9C0");
jm3desres=cipher3des.doFinal(des3hexbyte);
System.out.println("3DES解密(Hex):"+new String(jm3desres));
二、分析源码,需hook的内容
3DES除了key和DES有区别外,其他的iv向量和dofinal都一样,所以只要hook类javax.crypto.spec.DESedeKeySpec就可以了
三、hook源码
XposedBridge.hookAllConstructors(XposedHelpers.findClass(
"javax.crypto.spec.DESedeKeySpec",
loadPackageParam.classLoader),
new XC_MethodHook() {
/* access modifiers changed from: protected */
public void beforeHookedMethod(XC_MethodHook.MethodHookParam param) throws Throwable {
Log.e("逆向有你", "Stack:", new Throwable("stack dump"));
byte[] keybyte = new byte[24];
int offset = 0;
if (param.args.length != 1) {
offset = ((Integer) param.args[1]).intValue();
}
System.arraycopy((byte[]) param.args[0], offset, keybyte, 0, 24);
String keyHex = b2s(keybyte);
String keyB64 = Base64.encodeToString(keybyte, 0);
Log.d("逆向有你", "3DESKey:" + new String(keybyte));
Log.d("逆向有你", "3DESKeyHex:" + keyHex);
Log.d("逆向有你", "3DESKeyB64:" + keyB64);
Log.d("逆向有你", "=====================3DESKey=========================");
}
});
四、AES算法源码
String bs= "逆向有你a";
SecretKeySpec aeskey = new SecretKeySpec("1234567812345678".getBytes(StandardCharsets.UTF_8),"AES");//获取密钥的实例
IvParameterSpec aesiv = new IvParameterSpec("1234567812345678".getBytes(StandardCharsets.UTF_8));//获取IV向量的实例
Cipher aescp = Cipher.getInstance("AES/CBC/PKCS5Padding");//告诉系统加密模式还有填充方式
aescp.init(1,aeskey,aesiv);//初始化加密方法
byte[] aesres = aescp.doFinal(bs.getBytes(StandardCharsets.UTF_8));//使用dofinal加密
System.out.println("aes加密(字节):"+Arrays.toString(aesres));
System.out.println("aes加密(Hex):"+bytes2HexString(aesres));
System.out.println("aes加密(Base64):"+Base64.getEncoder().encodeToString(aesres));
aescp.init(2,aeskey,aesiv);//初始化解密
byte[] jmaesres = aescp.doFinal(Base64.getDecoder().decode("MEpgbtD9muLvf6krtX86Og==".getBytes(StandardCharsets.UTF_8)));
System.out.println("aes解密(Base64):"+new String(jmaesres));
byte[] jmhexbyte =hexString2Bytes("304A606ED0FD9AE2EF7FA92BB57F3A3A");
jmhexbyte=aescp.doFinal(jmhexbyte);
System.out.println("aes解密(Hex):"+new String(jmhexbyte));
禁止非法,后果自负
欢迎关注公众号:逆向有你
欢迎关注视频号:之乎者也吧
以上是关于安卓逆向 -- 自吐算法(3DES和AES)的主要内容,如果未能解决你的问题,请参考以下文章