zoukankan      html  css  js  c++  java
  • 逆向番茄社区app的rsa加密方式

    Parse RSA public and private key pair from string in Java

    逆向某APP,发现其大部分配置文件都是加密的 。所以逆向算法并解密

    image.png

    image.png

    image.png

    image.png

    image.png

    RSA和AES密钥 可以分析WTDefine发现,WTDefine是一个单例模式的加密。所以我们找到初始化的那个地方就行

    image.png

    image.png

    写个java

    import java.util.Base64;
    import java.util.Scanner;
    import javax.crypto.spec.IvParameterSpec;
    import javax.crypto.spec.SecretKeySpec;
    import java.security.InvalidKeyException;
    import java.security.KeyFactory;
    import java.security.NoSuchAlgorithmException;
    import javax.crypto.Cipher;
    import java.security.PrivateKey;
    import java.security.interfaces.RSAPublicKey;
    import java.security.spec.InvalidKeySpecException;
    import java.security.spec.PKCS8EncodedKeySpec;
    import java.security.spec.X509EncodedKeySpec;
    import javax.crypto.BadPaddingException;
    import javax.crypto.Cipher;
    import javax.crypto.IllegalBlockSizeException;
    import javax.crypto.NoSuchPaddingException;
    import java.security.InvalidAlgorithmParameterException;
    
    public class decodeRSA{
    
        public static void main(String[] args) throws InvalidKeySpecException, InvalidAlgorithmParameterException, BadPaddingException, NoSuchAlgorithmException, InvalidKeyException, NoSuchPaddingException, IllegalBlockSizeException {
            
            Scanner myObj = new Scanner(System.in);  
            System.out.println("Enter cipher text");
        
            String Data = myObj.nextLine();  
            SecretKeySpec localSecretKeySpec = new SecretKeySpec("WTSecret81234512".getBytes(), "AES");
            IvParameterSpec localIvParameterSpec = new IvParameterSpec("16-Bytes--String".getBytes());
            Cipher aes  = Cipher.getInstance("AES/CBC/PKCS5Padding");
            aes.init(2, localSecretKeySpec, localIvParameterSpec);
            byte[] encrypted = aes.doFinal(Base64.getDecoder().decode(Data));
    
            String PrivateKey = "MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAOBsk4ECF5AEDYJiglWl1gYS0a3q8Fv6ayfqS5v/bUdL8KKk365FRmRNV17H9qYWZgtipBBMrcDOIFUGdazPTmOXKKbMqs29mmtWwXI06bpQsfXH+XNH/dOP/lRys3WBMTx441a1hD2euLLX71GsyR6bhqmzitY6G7LeZerw+l87AgMBAAECgYA4HY4IbQB9RzYliwIx7kSEwkHhreQp64TNtzzupcCqWieyU22GwtWmENyu22sl/mXHpQOG+9VaZ3AYMoRMEI31yvUEFgQhqKVmQiYzhLP0eZFPZIrVf5SPmPcbU3+vNCQTEB6eO1XvORLWUGoEgdtVPmBSTX6/KiHuKWGvCS4FmQJBAPzaYqGUfmWOmRgAfBE7w1qRIDyq2evlDLzdqguGTpo0NkR6nxEYihGNb5zYypd6JpERvtf+Qycb++ZygzAY2McCQQDjN50OysQvdX2shfo73u/0XcbYlhHYyrHGAnanLhwMMirl6awxJHCoRcBwNrXjne/v/+WghySwp/Hn8MY0/9ntAkEA89QsVKB7mrd+DlU5Tu0Qn19fdOFUsFP6io4/Ekn7tlwvEK4mgjflvLNlNB0ikBws4Kv6GxOH8kjcCwfWViU/tQJBAJyFgQHhmEgBLbOdD4YSy0WRHBuzNVQcPV5j8Ay2bMfR/08mK2Im8hxZAHnMlnvYHqM7qplsv0+aQcA/UqrL3PkCQFqjDjFS9v9EBEkrD3MZxhQABeF2bxChmdGVsxrfRMWzQuIIxv95F9GforezYJ0jC/8EJNicNl3xKmAJAkfCmDU=";
            KeyFactory kf = KeyFactory.getInstance("RSA");
            PKCS8EncodedKeySpec keySpecPKCS8 = new PKCS8EncodedKeySpec(Base64.getDecoder().decode(PrivateKey));
            PrivateKey privKey = kf.generatePrivate(keySpecPKCS8);
            String tmpstr = new String(encrypted);
            tmpstr = tmpstr.replaceAll("
    ", "").replaceAll("
    ", "");
    
            String[] ciphertexts = tmpstr.split(",");
            for(String ciphertext : ciphertexts){
                byte[] decoded = Base64.getDecoder().decode(ciphertext);
                Cipher localCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
                localCipher.init(2, privKey);
                byte[] dectyptedText = localCipher.doFinal(decoded);
    
                System.out.println(new String(dectyptedText));
            }
            
        }
    }
    
  • 相关阅读:
    [文摘20080731]小破孩的婚姻
    Response.Redirect和Server.Transfer(Execute)的区别小论集锦
    学习FotoVision 进行C# colorMatrix 对图片的处理 : 亮度调整 抓屏 翻转 随鼠标画矩形
    [转]通过分区(Partition)提升MySQL性能
    [书目20080829]软件测试技术经典教程
    [转]c# + mysql + 事务处理(转载于 《C#数据库事务原理及实践》)
    遭遇 VS 的 无法调试引用的类库项目(DLL)问题(生成下面的模块时,启用了优化或没有调试信息)
    [转]C#动态生成文字图片
    命令行 SC命令 及通过sc config 更该windows服务的启动类型等
    [转]flash 与 js 通讯方法
  • 原文地址:https://www.cnblogs.com/potatsoSec/p/12155901.html
Copyright © 2011-2022 走看看