好友
阅读权限25
听众
最后登录1970-1-1
|
可可网络验证licensekey算法分析
先说下,分享成果,同时希望大神能帮忙分析下最后的 二级密文 通过ras加密成 key的过程(二级密文长度1700多,rsa是1024的密钥一次只能加密117个字符,不知道怎么拆开加密的,忘了以前在哪见到有人说过补位0什么的)
可可就不多说了,授权用的域名授权,提供加密的LicenseKey。Licensekey一共经过了3次加密(可可自定义加密1,自定义加密2,rsa加密)
1、首先明文格式:用_ksreg_分开
这个可以启动可可范例后用ce去搜索你的域名就可以找到
_lHU3WqzJYErRbgFAp6Z0oh8sQaScjVNx1PvDfC9IKTueyMt7LkGid5n4Bwm2XO|_ksreg_3S8uYdKfABm9ye1gFp02OxEWU4kILRM7vtHhNlQGcbJnCXV5qrTDzjwZis6aoP_ksreg_http://v9.hphu.com:8080/kss_api/api.php_ksreg_http://v9b.hphu.com/kss_api/api.php_ksreg_16_ksreg_39999_ksreg_5d5316c8d65e289d2dce1f76a8fc33b9_ksreg_900_ksreg_4_ksreg_00003_ksreg_Bq2hxuVu87IH_ksreg_PS1RWk9nSkVhZmhtNy9ybzFiUmFVVEw4NG9kc1hzWDhrdGllYW5vWGloS1hiWFo1Rzg1dHlkdFN4TzdtZ1pjWGd3OGVyZlhkeXJnTzNCQWJiTWdaZFFxWkFkVnUrSXFjVEpm_ksreg_
2、明文经过 倒序和插入随机字符后变成一级密文 (看绿色和红色字)
_HgLePrTsXkB_FmJpNERVVjZFDXHSLrPUTnXVBkFFJkNWRxVFZFDZHaDdHWLTPiTJXWBQFCJNMzQTUnYJCXGeKkOhSlWZAyEVIGMOQ3UdYGCWGjKpO1SZWtAdEzITM4QNUFYdUkYlCHGdK1OgSzWRA1EoIFMWQiUhY1CSGoKlOGSWWvA5EWIYMlQlUGYdCrGhKDOWSzWhA1EcIkM9QGMNQ4UwYECVGVKFOmSUWiAFEzIbMyQ9UyYNBtFhJmNZRhVVZkDSHnL9PkTWXRB1FSJPN_RgVeZrDsHkD_HHLIP7T8XuBVFuJxNhR2VqZBD_HgLePrTsXkB_F3J0N0R0V0Z_DgHeLrPsTkX_B4F_JgNeRrVsZkD_Z0D0H9L_PgTeXrBsFkJ_N9RbV3Z3DcHfL8PaT6X7BfF1JeMcQdU2YdC9G8K2OeS5W6AdE8IcM6Q1U3Q5UdY5C_GgKeOrSsWkA_E9I9M9Q9U3Y_CgGeKrOsSkW_A6E1I_MgQeUrYsCkG_KpOhSpW.AiEpIaM/IiMpQaU_YsCsGkK/OmSoWcA.EuIhMpQhU.YbC9GvK/O/S:WpAtEtIhM_QgUeXrBsFkJ_NpRhVpZ.DiZpDaH/LiPpTaX_BsFsJkN/R0V8Z0D8H:LmPoTcX.BuFhJpNhR.V9ZvD/H/L:PpTtXtBhF_JgNeRrVsRkV_ZPDoHaL6PsTiXZBwFjJzNDRTVrZqD5HVLXPCTnXJBbFcJGNQRlVNZhDHHtLvP7TMXRBLFIJkM4QUMWQEUxYOC2G0KpOFSgW1AeEyI9MmQBUAYfCKGdKYOuS8WSA3E_IgMeQrUsYkC_G|KOOXS2WmAwEBI4EnI5MdQiUGYkCLG7KtOMSyWeAuETIKMIQ9UCYfCDGvKPO1SxWNAVEjIcMSQaUQYsC8GhKoO0SZW6ApWAAFEgIbMRPrTEXYBJFzJqNWR3VUZHDlH_L
3、一级密文经过可可传输算法加密生成二级密文:
3F4x_pFx6216fMtxoIox8W6PJpgxgSG6yWuay57tVj_g44xWfrBtCmIWMrQFw51Fo4vx645tfM6umiLpo4UggiJt6jGPtzaaf6hFtHtIJrkuJ2MuoM6uMzit_rsugva66vIsf2GPwjkD9Mmx958PwmfWgjKYV4pgRi4WMzwUMSfKVrCW|5estX2PC53tCzAxyMRaokDUfWYZyIhg8zaWmWs6_59uCHnxwmhP8z0ZVjr6tym6wmDWMi36CMsIMMFs6HWD_MgFMj9at2Caq27uf4Jaf64W4WcgRv5FoXD_J54WVHZxtSeUt7oxyrCKCr1xfj1VV4w69jZny4gurIp_Vi2g12mZfmXWu62f9aYFtHGtfjk6ypKNmXP_KSAfoHrugzZxwr7Zm2Bnf6Vay5OFCWQxJ6SWymfu9iss6r7UV6KZ62wa9mvpC2RW8iwDJ7NPhWQ5VkisJ4aaViRuA56A4VQgp5GP825W9zda_FBWrSln9yl615n0g7CgmIzL4k061jxYJ|OIq5dZJjNZwSrs97OW05_IyX3U1IZ04WjpKipL6KRF8WOZ87iZ6H9D8IzNu4kFoKiu_IsF62DtJpt0y4r6UzcY8y7Iy4B_9irP|SjI9Fou|jtF6VYgp2DTyWKuVrz5JKAZtrvAwdVNjmyK9ksIkzAKVIGuk6uS4s4pRjD4mVVIS28nwaFWsmEVJ2QISI1VVdzsspxf4l5_pHznMngppSbJ_jPPpSMV_gAN15v_8X4tMjY_miX_MiLuMV2uV6SK9iKF_MH_CHuW462D96WZ066smvhtyvW0oMUsR6tUyjQPM5HW9vJIqrMptdrNmjCzoVstRiIK6ibUpSpLyIfgurbU8kqNKS3x9|YFfMjA_nHt|SWZyMgUC4L04S2gSrfV8gDafIms8zMPjiCg_X3IrjsfVgBs6Hpxydrpm2Jn6|YPu4HfwjNZfWGIwWQxjrMTmsrpuv5UoWMpyML_yoIpSr|Ytc4IoWQaJc5PwIlTJlGsjiufgX0tVrsLM2x_hMa4tHZWm6cKtHHI1rMJ_ahZs5s44zntqvnuV78guixnMyiNSMrKwsPxpvqAwV1IhjOLVVPtr4VX6lL_1MsAovi_RMkf9F|ZtSwV821Zs67IwnTt|r_J47QUk2ZtygLUJvA0JaePqWOSf5aNwIef85ZIkIZAySb_r6DFo4t_srDuoX8ZkicuJlnNU6rutcuI|Iq0gMsuM6tLgXgpmz_Kon9prHka82hFKj1f_6uPhrqa_s9_g56PMF|u6gm
这个可以自己反编译可可9.3模块ec能找到解密函数,同时也可以参考php crypt95.php下的HY_DecryptDecrypt函数 都是网络传输解密算法
4、再经过rsa加密生成key:
BnQt8Jn8qJdXjd/ha8YQCrWkMbWxKqNg/CkK/ti4ghU0rusjku9Oh7V65ar8I3tOx8TtvQ/nyqICheJi2j77YV8JNbP90iipApG2F2rEpqaEn5v0q2qGMUwV944rFiSv4bC34YZ2EdLLSBDQE1iPuIwGid/s5CJABVDIfnVFkxEgHWzT9Gaq6DH9gHqpPa6kwt5UVpTFEB4wb6qMe8idC+Y1dHPUKORO8qsnaLodutKR9/Mcq/YtArcSZYhA15N3I127W3rXoL3285aI/r7rFntal69cnZrdpSxnjdKJnE2Dnwfzaw+NAQlJkNAuxOW4MyWYVz7zYTHjWbYl2L+I3JVpsr9e/n79f9KMTiXXrxWWS7xaSFRKCHa3cRUUjO3eY2ksqpyZVGPccIoi3gaMgHq/ZATiRfYyBS8y/b+D3Au37ieJoIpROmnZOHCHEu8TunJfmUyZ362dAfgS3dEJfenqKZJBVK2PFMZtAcyaS+J956fK4G2wfGfwQ6fJO+uVraRnKEnEnfstrEtk/y1GTYk2Xf/KLqm89UVvunjDp9BLunaX+5iYASMgybjyPXpFXHe/8Fg9QHtJZ92Gpj6gM9cz0a1i8bpL+Bcq0vPchCAq+/eoiFfRRrX9/uczoMBoAu3F94rM4i4FONSZLPW1M5xE3PWvFPWXfpYw4PzoC9uSDIEVwJKj4ax5znaU0FqZ23jIbuo4NzhvuUiemOT31vvmZLpkYcT3sSorppkyfYj74Yg4i3sUGcmQoNH/tuD2IJbfI5JUnFihag3nZMIBi0iBcoyUR9QPHUpSvp3qXl+36KAVoLVHhSLMJsDIvcONGdnNHSbRa7DTi8NFC0284VvkXRjvLzoMW7X84NbKfVs+cehimBlHBs897Sqg8Rhswy3+8Kq9UpGskNDrWyzWur0KkA/IpW666wMh4Q0i0EU/dCmHe7H1h2BFrmgp6qeqMSZQ1VWT8qLSPXMyCLez0ytkha49qaWChYc4UwG1llubblYrvfh3vOvQr6/CNGvtYs0n4ERMQTN8F7mn76qSNKiriPo+5cipnTPOFeVpXubdSvWqF22x76ZHUmvwT4xzxNoLPQRAwwlBCG1QAQ5Jx1rf8/hrQIUBda3vmn+rUTHWzBtvcF+New9TXd9S+cUsuE54RsNNdSkI++nIt4rHahpiFBI3fZKuxZH4BAtG2qx3Vs5VLPQOeMtWkG1Tb3bOD2H+2IU+LrcEBg6vSLlTQObsqILJCBH4ApzQQRr+mvcqZHWxdPDdMCicRpmKl60aCz2iAarGfTQArH0+7WCQx1MudbLMP8op7gkjNSJNw0KSE5EyuhXiqLwxlsPnb8bDz3bP7o/pvWJyTuPXtfjTFqRiAyuPTM7gEn9pCejcikZV1YHjy7t0vScnnjeRWX5LC1wAlPJADoQM/5qMhLQqrxjQaCJmydOP++RjOAziMlhWwjiiHRHauVM+7/kNhiT1tZ38zAULFXnSnvdBHOPLgLJzmAgAfRtfEdV6RzVVmC433vmSztnzL+7K/FkRtC9UgyIk/D3rN6FLyV785cZHYqGRf8lPH8FF8Q79LFkeBfwumMfzGdkzunKebpaiyfJez2XiKIJZ7MPmkRHBnb1kS24XzQAVsEXDpJAVejWQkr9qAVzl7lsMYQojHOgE2sxbCZiMpTyN/BCUxlXBjpnGAlP8A5Jv3rU529BN1e+yppw=
第4步暂时没弄清楚,可可的rsa是1024的密钥,一次最多支持加密117字节,而二级密文长度1275,Licensekey长度1708(固定),不知道要如何去拆分二级密文再分次加密后base64
从Licensekey长度固定而二级密文长度是不固定的可以知道,必定是二级密文经过补位达到一个长度再 加密 后所有key长度都是一致的,在此分享自己的分析过程,希望大神能够帮忙分析下rsa生成key的过程。
|
免费评分
-
查看全部评分
本帖被以下淘专辑推荐:
- · 学习及教程|主题: 1126, 订阅: 1118
- · 优秀逆向文|主题: 238, 订阅: 93
|
发帖前要善用【论坛搜索】功能,那里可能会有你要找的答案或者已经有人发布过相同内容了,请勿重复发帖。 |
|
|
|
|
|
|
发表于 2017-5-10 12:59
|
发表于 2018-5-21 09:12
