赞
踩
发布文章内容,只为自己自学逆向分析做一个记录,方便以后加以巩固学习逆向分析。
本人为逆向学习小白,所以发布的内容都是简单的逆向分析。大佬请高抬贵手!
http://www.leadbank.com.cn/login/
- chrome浏览器
-
- 鬼鬼调试工具
- 测试账号 Steven2020 测试密码 a123456
-
- post提交 返回数据
-
- data: d59b937110d12446c0f10347b66e03c5014fb8bc462eb7544ca52656dbd6860007e283fc5f7e323c2fd2645924fe7c6151feb342cbfc545ff53da3c929db2d950d9e762d9d550f44272a0d26397f44262733cd31ec76c6ea5c11102363235a121523c43e6cb7c2aa7d5155c038e38f706c094bf6b0ddf4a2dfcae2f13ca8a7d936d4189f2b5303c74ffa82112ee9744a72f02d04da67cee53d4e29a50c5bf9beec12738aacc9506e432de1a16b041ba317893a51b863893d7c6d9e557d09f36f8679acee25c726107b3c0ddf4b67b509c7c573d6a7e43f1626ab23e78276ee17f94654ae252e0ee459f4ecf438888a61c421c637da9bb3928f766031bc3545e5
-
-
-
- 仅仅只有一个data 参数,说明 是多个参数拼接后进行的加密
首先通过"data=" 这个关键词去全局搜索 哪个 JS文件 定义过这个参数。
加上 = 是为了可以更佳精准的搜索到
最终找到一个 字符串拼接的js,点击进入后,下断点调试
下断点后,可以发现,这个 变量 e 是
"{"terminal":"WEB","reqTime":"Sun, 31 Jan 2021 13:56:08 GMT","accessTerminal":"WEB","clientVersion":"4.1.0","version":"1.0","channelCode":"LD","appId":1002,"custMobile":"13888888888","custLoginPsw":"a123456","verifyCode":"36796"}"
包含了上面红框中的信息,除了一个 reqTime 是 取基于世界协调通用时间(UTC),另外的都是固定的值。加上"custMobile":"13888888888","custLoginPsw":"a123456","verifyCode":"36796",用户名 密码 和 验证码。然后进行 Object(f.a)() 方法进行加密;
进入 Object(f.a)(e) 的这个方法,发现存在公钥,那么就是一个RSA算法了。
现在的话,就是把这个加密算法的代码进行扣下来,首先把这个 function J() 函数 扣下来;
- function J(t) {
- var data = t.split("").reverse().join("");
- !function(t) {
- o = new Array(t);
- for (var e = 0; e < o.length; e++)
- o[e] = 0;
- d = new h,
- (n = new h).digits[0] = 1
- }(130);
- for (var e = new x("10001","","d741760e63aab01eecf8f2237468da2c9a1f3dfb7de74d8bed23de8eb734b0771aa88ab3acfe3d223f24c057a37f8976cd592a5061fba10cfa212ac7448ef4ce9710a3c5ecb176ed10f55612de976edda1a000faf74923efa80645d0654588c1bc314a28879aeda2ed08b0b83c3582ef3de1fe9125aa67130cdfcd3128732461"), r = data.length, l = "", c = 0, i = 0; r - c > 0; )
- l = L(e, r - c > 128 ? data.substr(c, 128) : data.substr(c, r - c)) + l,
- c = 128 * ++i;
- return l
- }
然后开始缺少啥对象,或者是参数,就在扣相应的函数;
最终扣完了所有登陆的加密的代码
- var o, n, d, l = [0, 32768, 49152, 57344, 61440, 63488, 64512, 65024, 65280, 65408, 65472, 65504, 65520, 65528, 65532, 65534, 65535], c = [0, 1, 3, 7, 15, 31, 63, 127, 255, 511, 1023, 2047, 4095, 8191, 16383, 32767, 65535], f = ["0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "a", "b", "c", "d", "e", "f"];
-
- function h(t) {
- this.digits = "boolean" == typeof t && 1 == t ? null : o.slice(0),
- this.isNeg = !1
- }
- function v(s) {
- for (var t = new h, i = s.length, e = 0; i > 0; i -= 4,
- ++e)
- t.digits[e] = m(s.substr(Math.max(i - 4, 0), Math.min(i, 4)));
- return t
- }
- function m(s) {
- for (var t, e = 0, r = Math.min(s.length, 4), i = 0; i < r; ++i)
- e <<= 4,
- e |= (t = s.charCodeAt(i)) >= 48 && t <= 57 ? t - 48 : t >= 65 && t <= 90 ? 10 + t - 65 : t >= 97 && t <= 122 ? 10 + t - 97 : 0;
- return e
- }
- function x(t, e, r) {
- this.e = v(t),
- this.d = v(e),
- this.m = v(r),
- this.chunkSize = 128,
- this.radix = 16,
- this.barrett = new w(this.m)
- }
- function k(t) {
- var e = new h(!0);
- return e.digits = t.digits.slice(0),
- e.isNeg = t.isNeg,
- e
- }
- function w(t) {
- this.modulus = k(t),
- this.k = A(this.modulus) + 1;
- var e, r, o = new h;
- o.digits[2 * this.k] = 1,
- this.mu = (e = o,
- r = this.modulus,
- y(e, r)[0]),
- this.bkplus1 = new h,
- this.bkplus1.digits[this.k + 1] = 1,
- this.modulo = T,
- this.multiplyMod = U,
- this.powMod = I
- }
- function A(t) {
- for (var e = t.digits.length - 1; e > 0 && 0 == t.digits[e]; )
- --e;
- return e
- }
- function y(t, e) {
- var q, r, o = j(t), d = j(e), l = e.isNeg;
- if (o < d)
- return t.isNeg ? ((q = k(n)).isNeg = !e.isNeg,
- t.isNeg = !1,
- e.isNeg = !1,
- r = O(e, t),
- t.isNeg = !0,
- e.isNeg = l) : (q = new h,
- r = k(t)),
- [q, r];
- q = new h,
- r = t;
- for (var c = Math.ceil(d / 16) - 1, f = 0; e.digits[c] < 32768; )
- e = _(e, 1),
- ++f,
- ++d,
- c = Math.ceil(d / 16) - 1;
- r = _(r, f),
- o += f;
- for (var m = Math.ceil(o / 16) - 1, b = z(e, m - c); -1 != N(r, b); )
- ++q.digits[m - c],
- r = O(r, b);
- for (var i = m; i > c; --i) {
- var v = i >= r.digits.length ? 0 : r.digits[i]
- , x = i - 1 >= r.digits.length ? 0 : r.digits[i - 1]
- , w = i - 2 >= r.digits.length ? 0 : r.digits[i - 2]
- , y = c >= e.digits.length ? 0 : e.digits[c]
- , C = c - 1 >= e.digits.length ? 0 : e.digits[c - 1];
- q.digits[i - c - 1] = v == y ? 65535 : Math.floor((65536 * v + x) / y);
- for (var T = q.digits[i - c - 1] * (65536 * y + C), U = 4294967296 * v + (65536 * x + w); T > U; )
- --q.digits[i - c - 1],
- T = q.digits[i - c - 1] * (65536 * y | C),
- U = 65536 * v * 65536 + (65536 * x + w);
- (r = O(r, E(b = z(e, i - c - 1), q.digits[i - c - 1]))).isNeg && (r = Q(r, b),
- --q.digits[i - c - 1])
- }
- return r = S(r, f),
- q.isNeg = t.isNeg != l,
- t.isNeg && (q = l ? Q(q, n) : O(q, n),
- r = O(e = S(e, f), r)),
- 0 == r.digits[0] && 0 == A(r) && (r.isNeg = !1),
- [q, r]
- }
- function j(t) {
- var e, r = A(t), o = t.digits[r], n = 16 * (r + 1);
- for (e = n; e > n - 16 && 0 == (32768 & o); --e)
- o <<= 1;
- return e
- }
- function _(t, e) {
- var r = Math.floor(e / 16)
- , o = new h;
- C(t.digits, 0, o.digits, r, o.digits.length - r);
- for (var n = e % 16, d = 16 - n, i = o.digits.length - 1, c = i - 1; i > 0; --i,
- --c)
- o.digits[i] = o.digits[i] << n & 65535 | (o.digits[c] & l[n]) >>> d;
- return o.digits[0] = o.digits[i] << n & 65535,
- o.isNeg = t.isNeg,
- o
- }
- function C(t, e, r, o, n) {
- for (var d = Math.min(e + n, t.length), i = e, l = o; i < d; ++i,
- ++l)
- r[l] = t[i]
- }
- function z(t, e) {
- var r = new h;
- return C(t.digits, 0, r.digits, e, r.digits.length - e),
- r
- }
- function N(t, e) {
- if (t.isNeg != e.isNeg)
- return 1 - 2 * Number(t.isNeg);
- for (var i = t.digits.length - 1; i >= 0; --i)
- if (t.digits[i] != e.digits[i])
- return t.isNeg ? 1 - 2 * Number(t.digits[i] > e.digits[i]) : 1 - 2 * Number(t.digits[i] < e.digits[i]);
- return 0
- }
- function O(t, e) {
- var r;
- if (t.isNeg != e.isNeg)
- e.isNeg = !e.isNeg,
- r = Q(t, e),
- e.isNeg = !e.isNeg;
- else {
- var o, n;
- r = new h,
- n = 0;
- for (var i = 0; i < t.digits.length; ++i)
- o = t.digits[i] - e.digits[i] + n,
- r.digits[i] = o % 65536,
- r.digits[i] < 0 && (r.digits[i] += 65536),
- n = 0 - Number(o < 0);
- if (-1 == n) {
- n = 0;
- for (var d = 0; d < t.digits.length; ++d)
- o = 0 - r.digits[d] + n,
- r.digits[d] = o % 65536,
- r.digits[d] < 0 && (r.digits[d] += 65536),
- n = 0 - Number(o < 0);
- r.isNeg = !t.isNeg
- } else
- r.isNeg = t.isNeg
- }
- return r
- }
- function E(t, e) {
- var r, o, n, d = new h;
- r = A(t),
- o = 0;
- for (var l = 0; l <= r; ++l)
- n = d.digits[l] + t.digits[l] * e + o,
- d.digits[l] = 65535 & n,
- o = n >>> 16;
- return d.digits[1 + r] = o,
- d
- }
- function S(t, e) {
- var r = Math.floor(e / 16)
- , o = new h;
- C(t.digits, r, o.digits, 0, t.digits.length - r);
- for (var n = e % 16, d = 16 - n, i = 0, l = i + 1; i < o.digits.length - 1; ++i,
- ++l)
- o.digits[i] = o.digits[i] >>> n | (o.digits[l] & c[n]) << d;
- return o.digits[o.digits.length - 1] >>>= n,
- o.isNeg = t.isNeg,
- o
- }
- function T(t) {
- var e = R(t, this.k - 1)
- , r = R(B(e, this.mu), this.k + 1)
- , o = O(F(t, this.k + 1), F(B(r, this.modulus), this.k + 1));
- o.isNeg && (o = Q(o, this.bkplus1));
- for (var n = N(o, this.modulus) >= 0; n; )
- n = N(o = O(o, this.modulus), this.modulus) >= 0;
- return o
- }
- function U(t, e) {
- var r = B(t, e);
- return this.modulo(r)
- }
- function I(t, e) {
- var r = new h;
- r.digits[0] = 1;
- for (var a = t, o = e; 0 != (1 & o.digits[0]) && (r = this.multiplyMod(r, a)),
- 0 != (o = S(o, 1)).digits[0] || 0 != A(o); )
- a = this.multiplyMod(a, a);
- return r
- }
- function L(t, s) {
- for (var a = [], e = s.length, i = 0; i < e; )
- a[i] = s.charCodeAt(i),
- i++;
- for (; a.length % t.chunkSize != 0; )
- a[i++] = 0;
- var r, o, n, d = a.length, l = "";
- for (i = 0; i < d; i += t.chunkSize) {
- for (n = new h,
- r = 0,
- o = i; o < i + t.chunkSize; ++r)
- n.digits[r] = a[o++],
- n.digits[r] += a[o++] << 8;
- var c = t.barrett.powMod(n, t.e);
- l += (16 == t.radix ? D(c) : H(c, t.radix)) + " "
- }
- return l.substring(0, l.length - 1)
- }
- function B(t, e) {
- for (var r, o, n, d = new h, l = A(t), c = A(e), i = 0; i <= c; ++i) {
- r = 0,
- n = i;
- for (var f = 0; f <= l; ++f,
- ++n)
- o = d.digits[n] + t.digits[f] * e.digits[i] + r,
- d.digits[n] = 65535 & o,
- r = o >>> 16;
- d.digits[i + l + 1] = r
- }
- return d.isNeg = t.isNeg != e.isNeg,
- d
- }
- function R(t, e) {
- var r = new h;
- return C(t.digits, e, r.digits, 0, r.digits.length - e),
- r
- }
- function F(t, e) {
- var r = new h;
- return C(t.digits, 0, r.digits, 0, e),
- r
- }
- function D(t) {
- for (var e = "", i = A(t); i > -1; --i)
- e += P(t.digits[i]);
- return e
- }
- function P(t) {
- for (var e = "", i = 0; i < 4; ++i)
- e += f[15 & t],
- t >>>= 4;
- return M(e)
- }
- function M(s) {
- for (var t = "", i = s.length - 1; i > -1; --i)
- t += s.charAt(i);
- return t
- }
- function Q(t, e) {
- var r;
- if (t.isNeg != e.isNeg)
- e.isNeg = !e.isNeg,
- r = O(t, e),
- e.isNeg = !e.isNeg;
- else {
- r = new h;
- for (var o, n = 0, i = 0; i < t.digits.length; ++i)
- o = t.digits[i] + e.digits[i] + n,
- r.digits[i] = o % 65536,
- n = Number(o >= 65536);
- r.isNeg = t.isNeg
- }
- return r
- }
- var V = ["0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z"];
- function H(t, e) {
- var b = new h;
- b.digits[0] = e;
- for (var r = y(t, b), o = V[r[1].digits[0]]; 1 == N(r[0], d); )
- r = y(r[0], b),
- o += V[r[1].digits[0]];
- return (t.isNeg ? "-" : "") + M(o)
- }
- function J(t) {
- var data = t.split("").reverse().join("");
- !function(t) {
- o = new Array(t);
- for (var e = 0; e < o.length; e++)
- o[e] = 0;
- d = new h,
- (n = new h).digits[0] = 1
- }(130);
- for (var e = new x("10001","","d741760e63aab01eecf8f2237468da2c9a1f3dfb7de74d8bed23de8eb734b0771aa88ab3acfe3d223f24c057a37f8976cd592a5061fba10cfa212ac7448ef4ce9710a3c5ecb176ed10f55612de976edda1a000faf74923efa80645d0654588c1bc314a28879aeda2ed08b0b83c3582ef3de1fe9125aa67130cdfcd3128732461"), r = data.length, l = "", c = 0, i = 0; r - c > 0; )
- l = L(e, r - c > 128 ? data.substr(c, 128) : data.substr(c, r - c)) + l,
- c = 128 * ++i;
- return l
- }
放入鬼鬼调试工具中,进行测试
测试出来的加密结果 和 网页中获取到的一模一样,那么至此这个登陆的RSA算法就破解了!
Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。