在xx软件中使用Fiddler抓包到一条post命令,发现请求的Content-Type竟然使用的是:“application/octet-stream”,而且body都是乱码(后来才知道是二进制),但是肯定不是什么敏感信息,为什么要用这种二进制的数据呢?
不过后来就找到答案了,二进制传输一方面减少了体积、提高了传输效率(二进制本身特性),还有一方面就是二进制可以用于加密,所以从Fiddler自动base64解密后看到的就是一堆乱码。
最后我找到了这段传输过程中base64后的数据,使用php的base64解密后乱码, 再使用unpack进行二进制包拆解成数组,发现应该是需要一个转二进制时的格式语句(类似于X钥吧),才能成功。
我的问题是,这种二进制是否还有其他逆向思路?还是找到X钥就是唯一的出路了?下面是二进制加密后,base64我自己组了一段原文,可以供大家尝试~看看有没有其他思路。
[Asm] 纯文本查看 复制代码 GfEEAKEAAACdAQTxAQCo0o3IAhexfpQWs18jC300ZnfId/jaPpJAo0PpOcOLwWtiNZGvAAAAbwEAAABqAA8BAAAAYwEACTqAAAAAAABIAAzGEUwW8YJfh7gILbwASIgO0jR5tu4HXbupwVoSf34ajlzwB7bEtvqgDp/lyNXfKDygb8yuREH1JUgg3lgYNnZXgTG/IJSlevo4WyYRgSRZ8GBsH8R58hnxBAAkCfQOZXpuLMFO/+a3Hr70ope0H2fCpTqV5PGMpR/tVw0LH0asF/EEB9N8s+Cx7AeqYGLCApZ4lYtkHprluzzdw9gZLOmrJqoA5JS5n3ZhN/Br5jzC1LnY6krlOa743tGMmP5LymbBxFpABwGRVslKhq1LpDE33P46Kysx7ibZ9IVKKzAmONvSPC/fZcqQJgjAuuFe4fDuKR0umM6SzVNBU5Z/BgdOjcnP66ZAEO1mnMwUMRX9FGU6KhIHE8MkPIiTWmnctHEVLifiZ0hebROseh/gBI4xUghW3CfpP3xLqHLvTtKeHlDJEkIIVkdcnraRbGOjDJtcIvgW4tOgprnVRX1FtW3fL0jakd/OGMaN+POqyEU7L3zUoxL/gxDZioA1jS2jtirajRnrqWu69iQdvuG21H9hNEz2e5nLT5iYIxmtxU9+4jT4666FavT90S3KRHA0NWT84OaYVSF5vfK7hckKhoo0Bn23C1TWpLab9O+Po5Mv+SDJSSXJ7bcyWUzbaUVlxId2B8LS2d9Xq5cN8wTWl3rIb6cxnKIv0SbBYxugNK/avjmcw/ui96NLXUuZyompPgiJbBupBrl3KbkgOXhL9nefYO+KPk6ALsW/RcpdCvGBnnCxwvKOypFZSM3fbjpTpbydinfrHda5zuj7Y2S8veyvp0cb33LpnfXLM4KuNl0MuiZq/QjnzHu63LlYjLfYrvNv6jBhnauWs2J/xIBS5tvAAO5Z/KjZu1WCnRc0HEmbX6O2Vb5TOxuLI/KEzXYFM8udODXjvi7qeZ4IOYkshjtIa8ojhLBnv4WXdQoPlniYsXD2oXi63bjHYxkuNl3PkmixrbeLxX4H+ahGghBrK8I7iw9fY9tbylDmQQuNYtxUT3mV7E8P1RRC5oSB2uwKd+hDFXC763edUFUriVfEawd66LqRxaTk9w95NbwuzYw4G7olAzlii8Yr8K447Uznr/+QsfbDq9Y7foO+m75/fyXWhHp5iJjSedRrpQ/ECDxdiJwf91fzt17JpMJNCsAqNb9dNE3Is814mVow70BRSTxag6S0p7aXdUhmY2o1dwddwdZS66NEjuiIl5yEV+JQmQNOvN+YjgEpvFniFz9mM20oOi4z3GbWXClFHPmekYPbZ4yn2E42ncSqmzx9YD5rEDoOwm2hMozM+42cNTlDjFfFfyEZPggahTzg3AX3nW7QRsBKF/7h9zjQRt2u+rTdEZHgNjCfd0o1ALsKrmkC4Q1SZFcQGpWySbGWGc5AFy0K2J2Z5LEpXCIdXhtGhG1OhhPaaOuJuHXmVeOkLumDI8ZXQUyJ7PEtQkdOO5IFIFvz98i0MKZOqidLnSO2CVRKa3mAIY3KFPUtE8GDh95thuPCV/knW+RGasF51tIV+YHWUFLmchypyH/buwJcb6uQEYyyEAzvpe0MidlDT9NZB/uwbn5G52DX8gqXEtmWMHb35Yhk4+otjWkWcje7d1IgE5Lg5lWSk677GmQ9VL81JcvmMni9FpdZbQBEeunST01Mi/RtTB4G225UWcuOIlbD7YJXBYemDxOlsz9vJPMzftHLjBWXspKoDqDqingCHWhO9zBfK9sJBI8OXnB0mK0hzpmuPgcgaPkhuQmbu8iNihKvqP6w4DyK1I4iScu+65WgYh8b9J4CN71az7tcCPy10XNknlNrHXSbOYHQ1UroOkoYmfNVBX/jCbj0DuVGk83oc84g4dgX2yyi7kQpgpCvv+VHF6xUhXFlp2PowkeI+OTebbpFiCvBkzgCQ0HQ1qglmlNNwuJmQbdV+B+R1pBDSj5fGCZB6BBO2w99barNAxMj48yrSScsqLbipb2ZhMUGIYbEIrJQ+ulXse9ujgLE1HgorYSLP6RQMMtxQQFyytYoxNyOoY5G2VZQ7ReLLjz1PSDyKf8zyTFFb2hLI9sojyuzJidGuyraGALsgMmgE7rWSKwgGPgrx0+fhKuxrggyXK1HpQjufw7VARkzwsdyKF4LdJ8oD2CAE3r50aPfdHupvOBi8vhRDBT3t7gGpDPkoNLT842PyM7tt9B+nzGDsQ5oz8R6qrG8fpM9ta0KNDFb7ZMUaztf0abX89rVtUs464HYWmED4iS5QODOeFnrg1e+lffT4F26MAhsy87l9MJ98r0LK5FSCrrRb8LAkHDZlDyEf0g9EkYnzn1qbRi+QxPR6aS+eUz6k14y6Lv5xeiTZW/4lS0irMsyxoqXBBbPk0seF0mt7i/qOA4EMss3d7e9FrWbGhn53Z2qu1c4RLX2K55U+8t7erKuVQfdbl888OF5Wdv8WR1V1Otdk2UxSevTIyPiB3RHqPb6iMCboBtYJIW1DZRU4ROzj+qL16Mh7XVKmIXyn3PbMAlKS/90cnLQVjLZaYwJzWk+68/KthRnmaoag1X6xTiuT8mKNXgiHPT7IEe+/pgo2tFZ6ZiAq7ygnjI+MphVVI2Fnq+Ypq6efmu6RDaCbtu3hNYmYF2ouUPXYhymJvDLFBGEKwsezDH8HFh935DLrwxe/Et10f1rkJrLYWTNCMQBdBXZ7negHICIH9yB0CmWjtvEHA3tq1C3I3RDv3zfcw5KBQXFCtvH0vVni9lat1Pla85yTXxsTNyWMcwl7WtVFajFuxR/T+lDUs2H7Bvh0mBStk9DrC2cehJArlYq0LQ8lsR0juB85pC2W7TBamFXmAiRMUWD4RLYKYSWZsjDRtD93Ac1MRf7iZM9ygB4fxXxBAAXQkFO+RKHRJCjuuYsR02gtn2hOBAcFCs= |