当前位置:   article > 正文

11、利得金融网页Post登陆RSA算法加密分析【Post/Js逆向笔记】_rsa post

rsa post

发布文章内容,只为自己自学逆向分析做一个记录,方便以后加以巩固学习逆向分析。
本人为逆向学习小白,所以发布的内容都是简单的逆向分析。大佬请高抬贵手!

 1、分析的登陆网站地址

http://www.leadbank.com.cn/login/

2、使用工具

  1. chrome浏览器
  2. 鬼鬼调试工具

3、Post抓包登陆分析

  1. 测试账号 Steven2020 测试密码 a123456
  2. post提交 返回数据
  3. data: d59b937110d12446c0f10347b66e03c5014fb8bc462eb7544ca52656dbd6860007e283fc5f7e323c2fd2645924fe7c6151feb342cbfc545ff53da3c929db2d950d9e762d9d550f44272a0d26397f44262733cd31ec76c6ea5c11102363235a121523c43e6cb7c2aa7d5155c038e38f706c094bf6b0ddf4a2dfcae2f13ca8a7d936d4189f2b5303c74ffa82112ee9744a72f02d04da67cee53d4e29a50c5bf9beec12738aacc9506e432de1a16b041ba317893a51b863893d7c6d9e557d09f36f8679acee25c726107b3c0ddf4b67b509c7c573d6a7e43f1626ab23e78276ee17f94654ae252e0ee459f4ecf438888a61c421c637da9bb3928f766031bc3545e5
  4. 仅仅只有一个data 参数,说明 是多个参数拼接后进行的加密

4、data解密

首先通过"data=" 这个关键词去全局搜索 哪个 JS文件 定义过这个参数。

加上 =   是为了可以更佳精准的搜索到

最终找到一个 字符串拼接的js,点击进入后,下断点调试

 

下断点后,可以发现,这个 变量 e  是  

"{"terminal":"WEB","reqTime":"Sun, 31 Jan 2021 13:56:08 GMT","accessTerminal":"WEB","clientVersion":"4.1.0","version":"1.0","channelCode":"LD","appId":1002,"custMobile":"13888888888","custLoginPsw":"a123456","verifyCode":"36796"}"

 

包含了上面红框中的信息,除了一个 reqTime 是 取基于世界协调通用时间(UTC),另外的都是固定的值。加上"custMobile":"13888888888","custLoginPsw":"a123456","verifyCode":"36796",用户名 密码 和 验证码。然后进行 Object(f.a)() 方法进行加密;

 

进入 Object(f.a)(e) 的这个方法,发现存在公钥,那么就是一个RSA算法了。

 

现在的话,就是把这个加密算法的代码进行扣下来,首先把这个 function J() 函数 扣下来;

  1. function J(t) {
  2. var data = t.split("").reverse().join("");
  3. !function(t) {
  4. o = new Array(t);
  5. for (var e = 0; e < o.length; e++)
  6. o[e] = 0;
  7. d = new h,
  8. (n = new h).digits[0] = 1
  9. }(130);
  10. for (var e = new x("10001","","d741760e63aab01eecf8f2237468da2c9a1f3dfb7de74d8bed23de8eb734b0771aa88ab3acfe3d223f24c057a37f8976cd592a5061fba10cfa212ac7448ef4ce9710a3c5ecb176ed10f55612de976edda1a000faf74923efa80645d0654588c1bc314a28879aeda2ed08b0b83c3582ef3de1fe9125aa67130cdfcd3128732461"), r = data.length, l = "", c = 0, i = 0; r - c > 0; )
  11. l = L(e, r - c > 128 ? data.substr(c, 128) : data.substr(c, r - c)) + l,
  12. c = 128 * ++i;
  13. return l
  14. }

然后开始缺少啥对象,或者是参数,就在扣相应的函数;

最终扣完了所有登陆的加密的代码

  1. var o, n, d, l = [0, 32768, 49152, 57344, 61440, 63488, 64512, 65024, 65280, 65408, 65472, 65504, 65520, 65528, 65532, 65534, 65535], c = [0, 1, 3, 7, 15, 31, 63, 127, 255, 511, 1023, 2047, 4095, 8191, 16383, 32767, 65535], f = ["0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "a", "b", "c", "d", "e", "f"];
  2. function h(t) {
  3. this.digits = "boolean" == typeof t && 1 == t ? null : o.slice(0),
  4. this.isNeg = !1
  5. }
  6. function v(s) {
  7. for (var t = new h, i = s.length, e = 0; i > 0; i -= 4,
  8. ++e)
  9. t.digits[e] = m(s.substr(Math.max(i - 4, 0), Math.min(i, 4)));
  10. return t
  11. }
  12. function m(s) {
  13. for (var t, e = 0, r = Math.min(s.length, 4), i = 0; i < r; ++i)
  14. e <<= 4,
  15. e |= (t = s.charCodeAt(i)) >= 48 && t <= 57 ? t - 48 : t >= 65 && t <= 90 ? 10 + t - 65 : t >= 97 && t <= 122 ? 10 + t - 97 : 0;
  16. return e
  17. }
  18. function x(t, e, r) {
  19. this.e = v(t),
  20. this.d = v(e),
  21. this.m = v(r),
  22. this.chunkSize = 128,
  23. this.radix = 16,
  24. this.barrett = new w(this.m)
  25. }
  26. function k(t) {
  27. var e = new h(!0);
  28. return e.digits = t.digits.slice(0),
  29. e.isNeg = t.isNeg,
  30. e
  31. }
  32. function w(t) {
  33. this.modulus = k(t),
  34. this.k = A(this.modulus) + 1;
  35. var e, r, o = new h;
  36. o.digits[2 * this.k] = 1,
  37. this.mu = (e = o,
  38. r = this.modulus,
  39. y(e, r)[0]),
  40. this.bkplus1 = new h,
  41. this.bkplus1.digits[this.k + 1] = 1,
  42. this.modulo = T,
  43. this.multiplyMod = U,
  44. this.powMod = I
  45. }
  46. function A(t) {
  47. for (var e = t.digits.length - 1; e > 0 && 0 == t.digits[e]; )
  48. --e;
  49. return e
  50. }
  51. function y(t, e) {
  52. var q, r, o = j(t), d = j(e), l = e.isNeg;
  53. if (o < d)
  54. return t.isNeg ? ((q = k(n)).isNeg = !e.isNeg,
  55. t.isNeg = !1,
  56. e.isNeg = !1,
  57. r = O(e, t),
  58. t.isNeg = !0,
  59. e.isNeg = l) : (q = new h,
  60. r = k(t)),
  61. [q, r];
  62. q = new h,
  63. r = t;
  64. for (var c = Math.ceil(d / 16) - 1, f = 0; e.digits[c] < 32768; )
  65. e = _(e, 1),
  66. ++f,
  67. ++d,
  68. c = Math.ceil(d / 16) - 1;
  69. r = _(r, f),
  70. o += f;
  71. for (var m = Math.ceil(o / 16) - 1, b = z(e, m - c); -1 != N(r, b); )
  72. ++q.digits[m - c],
  73. r = O(r, b);
  74. for (var i = m; i > c; --i) {
  75. var v = i >= r.digits.length ? 0 : r.digits[i]
  76. , x = i - 1 >= r.digits.length ? 0 : r.digits[i - 1]
  77. , w = i - 2 >= r.digits.length ? 0 : r.digits[i - 2]
  78. , y = c >= e.digits.length ? 0 : e.digits[c]
  79. , C = c - 1 >= e.digits.length ? 0 : e.digits[c - 1];
  80. q.digits[i - c - 1] = v == y ? 65535 : Math.floor((65536 * v + x) / y);
  81. for (var T = q.digits[i - c - 1] * (65536 * y + C), U = 4294967296 * v + (65536 * x + w); T > U; )
  82. --q.digits[i - c - 1],
  83. T = q.digits[i - c - 1] * (65536 * y | C),
  84. U = 65536 * v * 65536 + (65536 * x + w);
  85. (r = O(r, E(b = z(e, i - c - 1), q.digits[i - c - 1]))).isNeg && (r = Q(r, b),
  86. --q.digits[i - c - 1])
  87. }
  88. return r = S(r, f),
  89. q.isNeg = t.isNeg != l,
  90. t.isNeg && (q = l ? Q(q, n) : O(q, n),
  91. r = O(e = S(e, f), r)),
  92. 0 == r.digits[0] && 0 == A(r) && (r.isNeg = !1),
  93. [q, r]
  94. }
  95. function j(t) {
  96. var e, r = A(t), o = t.digits[r], n = 16 * (r + 1);
  97. for (e = n; e > n - 16 && 0 == (32768 & o); --e)
  98. o <<= 1;
  99. return e
  100. }
  101. function _(t, e) {
  102. var r = Math.floor(e / 16)
  103. , o = new h;
  104. C(t.digits, 0, o.digits, r, o.digits.length - r);
  105. for (var n = e % 16, d = 16 - n, i = o.digits.length - 1, c = i - 1; i > 0; --i,
  106. --c)
  107. o.digits[i] = o.digits[i] << n & 65535 | (o.digits[c] & l[n]) >>> d;
  108. return o.digits[0] = o.digits[i] << n & 65535,
  109. o.isNeg = t.isNeg,
  110. o
  111. }
  112. function C(t, e, r, o, n) {
  113. for (var d = Math.min(e + n, t.length), i = e, l = o; i < d; ++i,
  114. ++l)
  115. r[l] = t[i]
  116. }
  117. function z(t, e) {
  118. var r = new h;
  119. return C(t.digits, 0, r.digits, e, r.digits.length - e),
  120. r
  121. }
  122. function N(t, e) {
  123. if (t.isNeg != e.isNeg)
  124. return 1 - 2 * Number(t.isNeg);
  125. for (var i = t.digits.length - 1; i >= 0; --i)
  126. if (t.digits[i] != e.digits[i])
  127. return t.isNeg ? 1 - 2 * Number(t.digits[i] > e.digits[i]) : 1 - 2 * Number(t.digits[i] < e.digits[i]);
  128. return 0
  129. }
  130. function O(t, e) {
  131. var r;
  132. if (t.isNeg != e.isNeg)
  133. e.isNeg = !e.isNeg,
  134. r = Q(t, e),
  135. e.isNeg = !e.isNeg;
  136. else {
  137. var o, n;
  138. r = new h,
  139. n = 0;
  140. for (var i = 0; i < t.digits.length; ++i)
  141. o = t.digits[i] - e.digits[i] + n,
  142. r.digits[i] = o % 65536,
  143. r.digits[i] < 0 && (r.digits[i] += 65536),
  144. n = 0 - Number(o < 0);
  145. if (-1 == n) {
  146. n = 0;
  147. for (var d = 0; d < t.digits.length; ++d)
  148. o = 0 - r.digits[d] + n,
  149. r.digits[d] = o % 65536,
  150. r.digits[d] < 0 && (r.digits[d] += 65536),
  151. n = 0 - Number(o < 0);
  152. r.isNeg = !t.isNeg
  153. } else
  154. r.isNeg = t.isNeg
  155. }
  156. return r
  157. }
  158. function E(t, e) {
  159. var r, o, n, d = new h;
  160. r = A(t),
  161. o = 0;
  162. for (var l = 0; l <= r; ++l)
  163. n = d.digits[l] + t.digits[l] * e + o,
  164. d.digits[l] = 65535 & n,
  165. o = n >>> 16;
  166. return d.digits[1 + r] = o,
  167. d
  168. }
  169. function S(t, e) {
  170. var r = Math.floor(e / 16)
  171. , o = new h;
  172. C(t.digits, r, o.digits, 0, t.digits.length - r);
  173. for (var n = e % 16, d = 16 - n, i = 0, l = i + 1; i < o.digits.length - 1; ++i,
  174. ++l)
  175. o.digits[i] = o.digits[i] >>> n | (o.digits[l] & c[n]) << d;
  176. return o.digits[o.digits.length - 1] >>>= n,
  177. o.isNeg = t.isNeg,
  178. o
  179. }
  180. function T(t) {
  181. var e = R(t, this.k - 1)
  182. , r = R(B(e, this.mu), this.k + 1)
  183. , o = O(F(t, this.k + 1), F(B(r, this.modulus), this.k + 1));
  184. o.isNeg && (o = Q(o, this.bkplus1));
  185. for (var n = N(o, this.modulus) >= 0; n; )
  186. n = N(o = O(o, this.modulus), this.modulus) >= 0;
  187. return o
  188. }
  189. function U(t, e) {
  190. var r = B(t, e);
  191. return this.modulo(r)
  192. }
  193. function I(t, e) {
  194. var r = new h;
  195. r.digits[0] = 1;
  196. for (var a = t, o = e; 0 != (1 & o.digits[0]) && (r = this.multiplyMod(r, a)),
  197. 0 != (o = S(o, 1)).digits[0] || 0 != A(o); )
  198. a = this.multiplyMod(a, a);
  199. return r
  200. }
  201. function L(t, s) {
  202. for (var a = [], e = s.length, i = 0; i < e; )
  203. a[i] = s.charCodeAt(i),
  204. i++;
  205. for (; a.length % t.chunkSize != 0; )
  206. a[i++] = 0;
  207. var r, o, n, d = a.length, l = "";
  208. for (i = 0; i < d; i += t.chunkSize) {
  209. for (n = new h,
  210. r = 0,
  211. o = i; o < i + t.chunkSize; ++r)
  212. n.digits[r] = a[o++],
  213. n.digits[r] += a[o++] << 8;
  214. var c = t.barrett.powMod(n, t.e);
  215. l += (16 == t.radix ? D(c) : H(c, t.radix)) + " "
  216. }
  217. return l.substring(0, l.length - 1)
  218. }
  219. function B(t, e) {
  220. for (var r, o, n, d = new h, l = A(t), c = A(e), i = 0; i <= c; ++i) {
  221. r = 0,
  222. n = i;
  223. for (var f = 0; f <= l; ++f,
  224. ++n)
  225. o = d.digits[n] + t.digits[f] * e.digits[i] + r,
  226. d.digits[n] = 65535 & o,
  227. r = o >>> 16;
  228. d.digits[i + l + 1] = r
  229. }
  230. return d.isNeg = t.isNeg != e.isNeg,
  231. d
  232. }
  233. function R(t, e) {
  234. var r = new h;
  235. return C(t.digits, e, r.digits, 0, r.digits.length - e),
  236. r
  237. }
  238. function F(t, e) {
  239. var r = new h;
  240. return C(t.digits, 0, r.digits, 0, e),
  241. r
  242. }
  243. function D(t) {
  244. for (var e = "", i = A(t); i > -1; --i)
  245. e += P(t.digits[i]);
  246. return e
  247. }
  248. function P(t) {
  249. for (var e = "", i = 0; i < 4; ++i)
  250. e += f[15 & t],
  251. t >>>= 4;
  252. return M(e)
  253. }
  254. function M(s) {
  255. for (var t = "", i = s.length - 1; i > -1; --i)
  256. t += s.charAt(i);
  257. return t
  258. }
  259. function Q(t, e) {
  260. var r;
  261. if (t.isNeg != e.isNeg)
  262. e.isNeg = !e.isNeg,
  263. r = O(t, e),
  264. e.isNeg = !e.isNeg;
  265. else {
  266. r = new h;
  267. for (var o, n = 0, i = 0; i < t.digits.length; ++i)
  268. o = t.digits[i] + e.digits[i] + n,
  269. r.digits[i] = o % 65536,
  270. n = Number(o >= 65536);
  271. r.isNeg = t.isNeg
  272. }
  273. return r
  274. }
  275. var V = ["0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z"];
  276. function H(t, e) {
  277. var b = new h;
  278. b.digits[0] = e;
  279. for (var r = y(t, b), o = V[r[1].digits[0]]; 1 == N(r[0], d); )
  280. r = y(r[0], b),
  281. o += V[r[1].digits[0]];
  282. return (t.isNeg ? "-" : "") + M(o)
  283. }
  284. function J(t) {
  285. var data = t.split("").reverse().join("");
  286. !function(t) {
  287. o = new Array(t);
  288. for (var e = 0; e < o.length; e++)
  289. o[e] = 0;
  290. d = new h,
  291. (n = new h).digits[0] = 1
  292. }(130);
  293. for (var e = new x("10001","","d741760e63aab01eecf8f2237468da2c9a1f3dfb7de74d8bed23de8eb734b0771aa88ab3acfe3d223f24c057a37f8976cd592a5061fba10cfa212ac7448ef4ce9710a3c5ecb176ed10f55612de976edda1a000faf74923efa80645d0654588c1bc314a28879aeda2ed08b0b83c3582ef3de1fe9125aa67130cdfcd3128732461"), r = data.length, l = "", c = 0, i = 0; r - c > 0; )
  294. l = L(e, r - c > 128 ? data.substr(c, 128) : data.substr(c, r - c)) + l,
  295. c = 128 * ++i;
  296. return l
  297. }

 放入鬼鬼调试工具中,进行测试

  测试出来的加密结果 和  网页中获取到的一模一样,那么至此这个登陆的RSA算法就破解了!

 

声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/凡人多烦事01/article/detail/647182
推荐阅读
相关标签
  

闽ICP备14008679号