一。前言
自从上次改了3DES密钥被大佬们秒了之后,最近发现"signType":"x2" 由x1变成x2 又改了算法
之前是
- '{"signSvn":"52","signType":"x1","appId":"xhs-pc-web","signVersion":"1","payload":"' + payload + '"}'
- '{"signSvn":"52","signType":"x2","appId":"xhs-pc-web","signVersion":"1","payload":"' + payload + '"}'
console.log被重写 需要我们改下
- (function() {
- var iframe = document.createElement('iframe');
- document.body.appendChild(iframe)
- window.console = iframe.contentWindow.console
- }());
找到base64的字符串位置
- x1=574270fbc00ef6b8223f46d0b1861def;x2=0|0|0|1|0|0|1|0|0|0|1|0|0|0|1;x3=undefined;x4=1722996167761;
- eDE9NTc0MjcwZmJjMDBlZjZiODIyM2Y0NmQwYjE4NjFkZWY7eDI9MHwwfDB8MXwwfDB8MXwwfDB8MHwxfDB8MHwwfDE7eDM9dW5kZWZpbmVkO3g0PTE3MjI5OTYxNjc3NjE7
- [101, 68, 69, 57, 78, 84, 99, 48, 77, 106, 99, 119, 90, 109, 74, 106, 77, 68, 66, 108, 90, 106, 90, 105, 79, 68, 73, 121, 77, 50, 89, 48, 78, 109, 81, 119, 89, 106, 69, 52, 78, 106, 70, 107, 90, 87, 89, 55, 101, 68, 73, 57, 77, 72, 119, 119, 102, 68, 66, 56, 77, 88, 119, 119, 102, 68, 66, 56, 77, 88, 119, 119, 102, 68, 66, 56, 77, 72, 119, 120, 102, 68, 66, 56, 77, 72, 119, 119, 102, 68, 69, 55, 101, 68, 77, 57, 100, 87, 53, 107, …]
- //AES分块16字节加密
- [101, 68, 69, 57, 78, 84, 99, 48, 77, 106, 99, 119, 90, 109, 74, 106]//第一段16字节明文
- [52, 111, 104, 122, 112, 107, 101, 110, 103, 97, 50, 56, 54, 114, 113, 56] //IV
- 明文与IV相异或
- 得到
- [81, 43, 45, 67, 62, 63, 6, 94, 42, 11, 81, 79, 108, 31, 59, 82]
这里也能发现AES的踪迹 SBOX(没有魔改)
AES的常数
然后看第二段加密
这里把第一段加密的结果 作为第二段加密的IV
试试
- {"signSvn":"52","signType":"x2","payload":"d2a8af8dfc09f7b2fdbb068d0f96009115869368e57d8145b28071ec3af2d3e37f7a27d842b2d41479357f5686a516833c41412635f860b26efd5f1ddf606daf9eae1fdb1137cc457c5ca0570a5fce2fc9128b7675742ef6097ac2ee7a630270d3f34837ca4b8463f0efe90b238c1dd94808b626470bfb649708a92bc9cf22fa892ccf3a90e78de1b62aff23c9a8904a"}
成功
总结:就是3DES 改成了 AES 没有魔改 学习下AES加密原理
自己研究下日记 就能搞出来
免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!更多信息从访问主页:qidao123.com:ToB企服之家,中国第一个企服评测及商务社交产业平台。 |
