小程序逆向加密解密问题(AES+混淆)
本帖最后由 Galaxyou 于 2023-9-17 00:22 编辑说明:加密JS文件已经脱敏,JS加密文件较大,只能放网盘了(https://www.123pan.com/s/31T3jv-vfBjh.html)
小程序抓包看到请求参数做了加密,想研究下加密解密方法,但是好像有点复杂,看不太懂,主要是AES的ECB模式加密,padding为Pkcs7,关键词为 encAES,decAES,encDataSign,encRdm,下面是加密参数样本:
{
"data": "4217634592AE47D95C974E3DC1A01C372D2812BF57B1FBE84F8833EB72361544F49440E9463DDCD141BA2AA3362F36A6C45ABFA658D5C0C3573FCD9B67E5B0A779B870C3600D6DA1FB78FA5CF3DAAB0949D66267731D67E92613E55683D5FCC6C2B9D58D2A5416C2015352A818DF3AEB38D3C10F1608BDA9F49F73A88521BFC8F79835921A65DE2D10AB790635ED72792FEB29E3CC0F625E9F4E67C1EEF08C0DDCC1520E2766DBD430FEB24E5F8E49821C65412418CBC6873C7CB71C3C92F8977D05327C34002EC1DDB331E811C2103049C72BBAE62C9BAAF49C6121508E4B081656BA1CCB01CF4D7E1BB780388DC8E0F1985708EF831E1BA3471EF8323C0645D4B24FED8C6F0CB4941A312CE0919AA1CF8B69CD98173EE3B9B66B1445C22823E797CD61BCE32163702B88ADFB23FE44"
}
Galaxyou 发表于 2023-9-17 12:50
大哥这个解出来是对的,可以给个加解密过程嘛🤣自己楞是没懂
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;
public class AESExample {
public static void main(String[] args) throws Exception {
// 原始数据
String data = "Hello, World!";
// 密钥,这里假设密钥是16字节的字符串
String key = "ThisIsASecretKey";
// 加密
String encryptedData = encrypt(data, key);
System.out.println("加密后的数据:" + encryptedData);
// 解密
String decryptedData = decrypt(encryptedData, key);
System.out.println("解密后的数据:" + decryptedData);
}
public static String encrypt(String data, String key) throws Exception {
byte[] keyBytes = key.getBytes("UTF-8");
SecretKey secretKey = new SecretKeySpec(keyBytes, "AES");
Cipher cipher = Cipher.getInstance("AES/ECB/PKCS7Padding");
cipher.init(Cipher.ENCRYPT_MODE, secretKey);
byte[] encryptedBytes = cipher.doFinal(data.getBytes("UTF-8"));
return Base64.encodeBase64String(encryptedBytes);
}
public static String decrypt(String encryptedData, String key) throws Exception {
byte[] keyBytes = key.getBytes("UTF-8");
SecretKey secretKey = new SecretKeySpec(keyBytes, "AES");
Cipher cipher = Cipher.getInstance("AES/ECB/PKCS7Padding");
cipher.init(Cipher.DECRYPT_MODE, secretKey);
byte[] encryptedBytes = Base64.decodeBase64(encryptedData);
byte[] decryptedBytes = cipher.doFinal(encryptedBytes);
return new String(decryptedBytes, "UTF-8");
}
}
本帖最后由 Arcticlyc 于 2023-9-17 12:11 编辑
{
"isNewReport": 1,
"userId": null,
"openId": "ofjjT5ChoxL*******ijjjI6HkI",
"carNo": "粤-***L72",
"privacyOption": 1,
"longitude": 114.06031,
"latitude": 22.72174,
"distance": 3000,
"verifyToken": "",
"signType": "MD5",
"timestamp": 1694******3600,
"nonce": "272526******790213600",
"sign": "6EF76537086C19200E2FD1FF1DE88C7A"
} Arcticlyc 发表于 2023-9-17 12:10
{
"isNewReport": 1,
"userId": null,
大哥这个解出来是对的,可以给个加解密过程嘛🤣自己楞是没懂 Galaxyou 发表于 2023-9-17 12:50
大哥这个解出来是对的,可以给个加解密过程嘛🤣自己楞是没懂
你是要密钥还是? Arcticlyc 发表于 2023-9-17 15:29
你是要密钥还是?
老哥我能都要嘛,主要是怎么实现的加解密过程 Galaxyou 发表于 2023-9-17 15:31
老哥我能都要嘛,主要是怎么实现的加解密过程
你用的那个小程序有公众号,公众号提供的服务里面是网页版,直接断点调试就能得到密钥了 刚好我也做了这个小程序,需要密钥和算法可以联系我,免费
页:
[1]