大神们帮忙看下AES解密问题

优品食代

[C#] 纯文本查看 复制代码

// Launcher.GX.Source_files.AES_EnorDecrypt
using System;
using System.IO;
using System.Security.Cryptography;
using System.Text;

public class AES_EnorDecrypt
{
	private static byte[] _aesKeyByte = new byte[16]
	{
		18, 52, 86, 120, 144, 171, 205, 239, 18, 52,
		86, 120, 144, 171, 205, 239
	};

	private static string _aesKeyStr = Encoding.UTF8.GetString(_aesKeyByte);

	private static string Vector = "q2T_=R/*33vc";

	public static string GetIv(int n)
	{
		string s = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
		char[] arrChar = new char[s.Length];
		for (int j = 0; j < s.Length; j++)
		{
			arrChar[j] = Convert.ToChar(s.Substring(j, 1));
		}
		StringBuilder num = new StringBuilder();
		Random rnd = new Random(DateTime.Now.Millisecond);
		for (int i = 0; i < n; i++)
		{
			num.Append(arrChar[rnd.Next(0, arrChar.Length)].ToString());
		}
		_aesKeyByte = Encoding.UTF8.GetBytes(num.ToString());
		return _aesKeyStr = Encoding.UTF8.GetString(_aesKeyByte);
	}

	public static string AESEncrypt(string Data, string Key)
	{
		byte[] plainBytes = Encoding.UTF8.GetBytes(Data);
		byte[] bKey = new byte[32];
		Array.Copy(Encoding.UTF8.GetBytes(Key.PadRight(bKey.Length)), bKey, bKey.Length);
		byte[] bVector = new byte[16];
		Array.Copy(Encoding.UTF8.GetBytes(Vector.PadRight(bVector.Length)), bVector, bVector.Length);
		byte[] Cryptograph = null;
		Rijndael Aes = Rijndael.Create();
		try
		{
			using MemoryStream Memory = new MemoryStream();
			using CryptoStream Encryptor = new CryptoStream(Memory, Aes.CreateEncryptor(bKey, bVector), CryptoStreamMode.Write);
			Encryptor.Write(plainBytes, 0, plainBytes.Length);
			Encryptor.FlushFinalBlock();
			Cryptograph = Memory.ToArray();
		}
		catch
		{
			Cryptograph = null;
		}
		return Convert.ToBase64String(Cryptograph);
	}

	public static byte[] AESEncrypt(byte[] Data, string Key)
	{
		byte[] bKey = new byte[32];
		Array.Copy(Encoding.UTF8.GetBytes(Key.PadRight(bKey.Length)), bKey, bKey.Length);
		byte[] bVector = new byte[16];
		Array.Copy(Encoding.UTF8.GetBytes(Vector.PadRight(bVector.Length)), bVector, bVector.Length);
		byte[] Cryptograph = null;
		Rijndael Aes = Rijndael.Create();
		try
		{
			using MemoryStream Memory = new MemoryStream();
			using CryptoStream Encryptor = new CryptoStream(Memory, Aes.CreateEncryptor(bKey, bVector), CryptoStreamMode.Write);
			Encryptor.Write(Data, 0, Data.Length);
			Encryptor.FlushFinalBlock();
			Cryptograph = Memory.ToArray();
		}
		catch
		{
			Cryptograph = null;
		}
		return Cryptograph;
	}

	public static string AESDecrypt(string Data, string Key)
	{
		byte[] encryptedBytes = Convert.FromBase64String(Data);
		byte[] bKey = new byte[32];
		Array.Copy(Encoding.UTF8.GetBytes(Key.PadRight(bKey.Length)), bKey, bKey.Length);
		byte[] bVector = new byte[16];
		Array.Copy(Encoding.UTF8.GetBytes(Vector.PadRight(bVector.Length)), bVector, bVector.Length);
		byte[] original = null;
		Rijndael Aes = Rijndael.Create();
		try
		{
			using MemoryStream Memory = new MemoryStream(encryptedBytes);
			using CryptoStream Decryptor = new CryptoStream(Memory, Aes.CreateDecryptor(bKey, bVector), CryptoStreamMode.Read);
			using MemoryStream originalMemory = new MemoryStream();
			byte[] Buffer = new byte[1024];
			int readBytes = 0;
			while ((readBytes = Decryptor.Read(Buffer, 0, Buffer.Length)) > 0)
			{
				originalMemory.Write(Buffer, 0, readBytes);
			}
			original = originalMemory.ToArray();
		}
		catch
		{
			original = null;
		}
		return Encoding.UTF8.GetString(original);
	}

	public static byte[] AESDecrypt(byte[] Data, string Key)
	{
		byte[] bKey = new byte[32];
		Array.Copy(Encoding.UTF8.GetBytes(Key.PadRight(bKey.Length)), bKey, bKey.Length);
		byte[] bVector = new byte[16];
		Array.Copy(Encoding.UTF8.GetBytes(Vector.PadRight(bVector.Length)), bVector, bVector.Length);
		byte[] original = null;
		Rijndael Aes = Rijndael.Create();
		try
		{
			using MemoryStream Memory = new MemoryStream(Data);
			using CryptoStream Decryptor = new CryptoStream(Memory, Aes.CreateDecryptor(bKey, bVector), CryptoStreamMode.Read);
			using MemoryStream originalMemory = new MemoryStream();
			byte[] Buffer = new byte[1024];
			int readBytes = 0;
			while ((readBytes = Decryptor.Read(Buffer, 0, Buffer.Length)) > 0)
			{
				originalMemory.Write(Buffer, 0, readBytes);
			}
			original = originalMemory.ToArray();
		}
		catch
		{
			original = null;
		}
		return original;
	}
}

优品食代

[C#] 纯文本查看 复制代码

// Launcher.GX.SqlHelper
using System;
using System.Collections.Generic;
using System.Data;
using System.Data.SqlClient;
using System.IO;
using System.Security.Cryptography;
using System.Text;
using Launcher.GX.Source_files;

public class SqlHelper
{
	private static readonly string PasswordHash;

	private static readonly string SaltKey;

	private static readonly string VIKey;

	private static int Timeout;

	public const string BestNet = "MuOnline";

	public const string ExtDataBase = "MuOnlineGKEx";

	public const string UserInfoCURD = "UserInfoCURD";

	public static string BestDataSource;

	public static string BestUserId;

	public static string BestPwd;

	public const int localhost = 0;

	public const int IsWindow = 0;

	public const int IsUpdate = 1;

	public const int IsReaderConfig = 1;

	public const int IsArea = 1;

	private static Dictionary<string, string> ConnStrs;

	static SqlHelper()
	{
		PasswordHash = "P@@Sw0rd";
		SaltKey = "S@LT&KEY";
		VIKey = "@1B2c3D4e5F6g7H8";
		Timeout = 1000;
		BestDataSource = "";
		BestUserId = "";
		BestPwd = "";
		ConnStrs = new Dictionary<string, string>();
		INIFile inif = new INIFile(AppDomain.CurrentDomain.BaseDirectory + "LauncherCfg");
		Globals.SQLAddress = Decrypt(AES_EnorDecrypt.AESDecrypt(inif.Read("Config", "SQLAddress"), Decrypt(inif.Read("Config", "AESPass"))));
		Globals.SQLUserName = Decrypt(AES_EnorDecrypt.AESDecrypt(inif.Read("Config", "SQLUserName"), Decrypt(inif.Read("Config", "AESPass"))));
		Globals.SQLUserPass = Decrypt(AES_EnorDecrypt.AESDecrypt(inif.Read("Config", "SQLUserPass"), Decrypt(inif.Read("Config", "AESPass"))));
		BestUserId = Globals.SQLUserName;
		BestPwd = Globals.SQLUserPass;
		bool flag = true;
		string cFile = "Config-Dev.ini";
		if (File.Exists(cFile))
		{
			using StreamReader sr = new StreamReader(cFile);
			string line;
			while ((line = sr.ReadLine()) != null)
			{
				if (line.IndexOf("IpAddress") >= 0)
				{
					BestDataSource = line.Split('=')[1];
					BestDataSource = BestDataSource.Replace("\"", "");
					BestDataSource = BestDataSource.Trim();
					break;
				}
			}
		}
		if (string.IsNullOrEmpty(BestDataSource))
		{
			BestDataSource = Globals.SQLAddress;
		}
		bool flag2 = false;
		bool flag3 = false;
		ConnStrs.Add("MuOnline", "Data Source=" + BestDataSource + ";Initial Catalog=MuOnline;Persist Security Info=True;User ID=" + BestUserId + ";pwd=" + BestPwd);
		ConnStrs.Add("MuOnlineGKEx", "Data Source=" + BestDataSource + ";Initial Catalog=MuOnlineGKEx;Persist Security Info=True;User ID=" + BestUserId + ";pwd=" + BestPwd);
	}

	private static SqlConnection GetConnection(string database)
	{
		if (string.IsNullOrEmpty(database))
		{
			throw new Exception("未设置参数：database");
		}
		if (!ConnStrs.ContainsKey(database))
		{
			throw new Exception("未找到数据库：" + database);
		}
		return new SqlConnection(ConnStrs[database]);
	}

	private static SqlCommand GetCommand(SqlConnection conn, SqlTransaction transaction, CommandType cmdType, string sql, SqlParameter[] parms)
	{
		SqlCommand cmd = new SqlCommand(sql, conn);
		cmd.CommandType = cmdType;
		cmd.CommandTimeout = Timeout;
		if (transaction != null)
		{
			cmd.Transaction = transaction;
		}
		if (parms != null && parms.Length != 0)
		{
			cmd.Parameters.AddRange(parms);
		}
		return cmd;
	}

	public static DataTable QueryDataTable(string database, string sql, SqlParameter[] parms, CommandType cmdType)
	{
		if (string.IsNullOrEmpty(database))
		{
			throw new Exception("未设置参数：database");
		}
		if (string.IsNullOrEmpty(sql))
		{
			throw new Exception("未设置参数：sql");
		}
		try
		{
			using SqlConnection conn = GetConnection(database);
			conn.Open();
			using SqlCommand cmd = GetCommand(conn, null, cmdType, sql, parms);
			using SqlDataAdapter da = new SqlDataAdapter(cmd);
			DataTable dt = new DataTable();
			da.Fill(dt);
			return dt;
		}
		catch (SqlException ex)
		{
			StringBuilder log = new StringBuilder();
			log.Append("查询数据出错：");
			log.Append(ex);
			throw new Exception(log.ToString());
		}
	}

	public static DataSet QueryDataSet(string database, string sql, SqlParameter[] parms, CommandType cmdType)
	{
		if (string.IsNullOrEmpty(database))
		{
			throw new Exception("未设置参数：database");
		}
		if (string.IsNullOrEmpty(sql))
		{
			throw new Exception("未设置参数：sql");
		}
		try
		{
			using SqlConnection conn = GetConnection(database);
			conn.Open();
			using SqlCommand cmd = GetCommand(conn, null, cmdType, sql, parms);
			using SqlDataAdapter da = new SqlDataAdapter(cmd);
			DataSet ds = new DataSet();
			da.Fill(ds);
			return ds;
		}
		catch (SqlException ex)
		{
			StringBuilder log = new StringBuilder();
			log.Append("查询数据出错：");
			log.Append(ex);
			throw new Exception(log.ToString());
		}
	}

	public static object QueryScalar(string database, string sql, SqlParameter[] parms, CommandType cmdType)
	{
		if (string.IsNullOrEmpty(database))
		{
			throw new Exception("未设置参数：database");
		}
		if (string.IsNullOrEmpty(sql))
		{
			throw new Exception("未设置参数：sql");
		}
		try
		{
			using SqlConnection conn = GetConnection(database);
			conn.Open();
			using SqlCommand cmd = GetCommand(conn, null, cmdType, sql, parms);
			return cmd.ExecuteScalar();
		}
		catch (SqlException ex)
		{
			StringBuilder log = new StringBuilder();
			log.Append("处理出错：");
			log.Append(ex);
			throw new Exception(log.ToString());
		}
	}

	public static int Execute(string database, string sql, SqlParameter[] parms, CommandType cmdType)
	{
		if (string.IsNullOrEmpty(database))
		{
			throw new Exception("未设置参数：database");
		}
		if (string.IsNullOrEmpty(sql))
		{
			throw new Exception("未设置参数：sql");
		}
		int count = 0;
		try
		{
			using SqlConnection conn = GetConnection(database);
			conn.Open();
			using SqlCommand cmd = GetCommand(conn, null, cmdType, sql, parms);
			if (cmdType == CommandType.StoredProcedure)
			{
				cmd.Parameters.AddWithValue("@RETURN_VALUE", "").Direction = ParameterDirection.ReturnValue;
			}
			count = cmd.ExecuteNonQuery();
			if (count <= 0 && cmdType == CommandType.StoredProcedure)
			{
				count = (int)cmd.Parameters["@RETURN_VALUE"].Value;
			}
		}
		catch (SqlException ex)
		{
			StringBuilder log = new StringBuilder();
			log.Append("处理出错：");
			log.Append(ex);
			throw new Exception(log.ToString());
		}
		return count;
	}

	public static DataTable QueryDataTable(string database, string sql, CommandType cmdType, IDictionary<string, object> values)
	{
		SqlParameter[] parms = DicToParams(values);
		return QueryDataTable(database, sql, parms, cmdType);
	}

	public static DataSet QueryDataSet(string database, string sql, CommandType cmdType, IDictionary<string, object> values)
	{
		SqlParameter[] parms = DicToParams(values);
		return QueryDataSet(database, sql, parms, cmdType);
	}

	public static object QueryScalar(string database, string sql, CommandType cmdType, IDictionary<string, object> values)
	{
		SqlParameter[] parms = DicToParams(values);
		return QueryScalar(database, sql, parms, cmdType);
	}

	public static int Execute(string database, string sql, CommandType cmdType, IDictionary<string, object> values)
	{
		SqlParameter[] parms = DicToParams(values);
		return Execute(database, sql, parms, cmdType);
	}

	public static SqlParameter[] DicToParams(IDictionary<string, object> values)
	{
		if (values == null)
		{
			return null;
		}
		SqlParameter[] parms = new SqlParameter[values.Count];
		int index = 0;
		foreach (KeyValuePair<string, object> kv in values)
		{
			SqlParameter parm = null;
			if (kv.Value == null)
			{
				parm = new SqlParameter(kv.Key, DBNull.Value);
			}
			else
			{
				Type t = kv.Value.GetType();
				parm = new SqlParameter(kv.Key, NetToSql(kv.Value.GetType()));
				parm.Value = kv.Value;
			}
			parms[index++] = parm;
		}
		return parms;
	}

	public static SqlDbType NetToSql(Type t)
	{
		SqlDbType dbType = SqlDbType.Variant;
		switch (t.Name)
		{
		case "Int16":
			dbType = SqlDbType.SmallInt;
			break;
		case "Int32":
			dbType = SqlDbType.Int;
			break;
		case "Int64":
			dbType = SqlDbType.BigInt;
			break;
		case "Single":
			dbType = SqlDbType.Real;
			break;
		case "Decimal":
			dbType = SqlDbType.Decimal;
			break;
		case "Byte[]":
			dbType = SqlDbType.VarBinary;
			break;
		case "Boolean":
			dbType = SqlDbType.Bit;
			break;
		case "String":
			dbType = SqlDbType.NVarChar;
			break;
		case "Char[]":
			dbType = SqlDbType.Char;
			break;
		case "DateTime":
			dbType = SqlDbType.DateTime;
			break;
		case "DateTime2":
			dbType = SqlDbType.DateTime2;
			break;
		case "DateTimeOffset":
			dbType = SqlDbType.DateTimeOffset;
			break;
		case "TimeSpan":
			dbType = SqlDbType.Time;
			break;
		case "Guid":
			dbType = SqlDbType.UniqueIdentifier;
			break;
		case "Xml":
			dbType = SqlDbType.Xml;
			break;
		case "Object":
			dbType = SqlDbType.Variant;
			break;
		}
		return dbType;
	}

	public static string Decrypt(string encryptedText)
	{
		byte[] cipherTextBytes = Convert.FromBase64String(encryptedText);
		byte[] keyBytes = new Rfc2898DeriveBytes(PasswordHash, Encoding.ASCII.GetBytes(SaltKey)).GetBytes(32);
		RijndaelManaged symmetricKey = new RijndaelManaged
		{
			Mode = CipherMode.CBC,
			Padding = PaddingMode.None
		};
		ICryptoTransform decryptor = symmetricKey.CreateDecryptor(keyBytes, Encoding.ASCII.GetBytes(VIKey));
		MemoryStream memoryStream = new MemoryStream(cipherTextBytes);
		CryptoStream cryptoStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read);
		byte[] plainTextBytes = new byte[cipherTextBytes.Length];
		int decryptedByteCount = cryptoStream.Read(plainTextBytes, 0, plainTextBytes.Length);
		memoryStream.Close();
		cryptoStream.Close();
		return Encoding.UTF8.GetString(plainTextBytes, 0, decryptedByteCount).TrimEnd("\0".ToCharArray());
	}
}

优品食代

需要解的密文
这个wkG/oMjA4jwkOjcsWpnNDBNkwRqFRQ86/06sOCrwTTY2z3lxATXy97gUYhwn8rbo
和
这个AESPass=fNi19HyJbf6jevOk3zGja94RmzauHaDIcr4Fy5+WWPI=

mirs

直接hook就行了。

3yu3

简单的办法，把软件运行起来，WINHEX打开对应程序内存里查找“Persist Security Info=True;User ID=” 应该能看到。

3yu3

mirs 发表于 2023-2-22 11:41
直接hook就行了。

大佬，C#如何HOOK外部程序 ，有成品参考一下吗。

appzy

This code is a C# implementation of AES encryption and decryption using the Rijndael class from the System.Security.Cryptography namespace. It provides two methods for encryption (AESEncrypt) and two methods for decryption (AESDecrypt) that accept either a string or an array of bytes as input data.

The encryption methods take a string key as input and use it to generate a byte array key and a byte array vector. The encryption process then uses the key and vector to create an instance of the Rijndael class, and uses that to encrypt the input data using a CryptoStream.

The decryption methods take the encrypted data and the same string key as input and use it to generate the byte array key and vector. The decryption process then uses the key and vector to create an instance of the Rijndael class, and uses that to decrypt the input data using a CryptoStream.

The code also contains a method (GetIv) for generating a random initialization vector (IV) of a specified length. The IV is used in the encryption process to add an extra layer of security by ensuring that two identical plaintexts encrypted with the same key will produce different ciphertexts.

Overall, this code can be used to securely encrypt and decrypt sensitive data using AES encryption with the Rijndael algorithm.