【Android逆向】破解看雪9月算法破解第二题
1. apk安装到手机,一样的界面,随便输入一样的报错
2. apk拖入到jadx重看看
public native String sha1(String str);
static {
System.loadLibrary("native-lib");
}
/* JADX INFO: Access modifiers changed from: protected */
@Override // androidx.fragment.app.FragmentActivity, androidx.activity.ComponentActivity, androidx.core.app.ComponentActivity, android.app.Activity
public void onCreate(Bundle bundle) {
super.onCreate(bundle);
setContentView(R.layout.activity_main);
initViews();
}
private void initViews() {
this.edt_code = (EditText) findViewById(R.id.edt_code);
this.edt_username = (EditText) findViewById(R.id.edt_username);
Button button = (Button) findViewById(R.id.btn_register);
this.btn_register = button;
button.setOnClickListener(new View.OnClickListener() { // from class: com.r0ysue.sha1.MainActivity.1
@Override // android.view.View.OnClickListener
public void onClick(View view) {
String obj = MainActivity.this.edt_username.getText().toString();
if (MainActivity.this.sha1(obj).equals(MainActivity.this.edt_code.getText().toString())) {
Toast.makeText(MainActivity.this, "SUCCESS!", 0).show();
} else {
Toast.makeText(MainActivity.this, "ERROR!", 0).show();
}
}
});
}
和第一题的套路一样,native方法名换成了sha1
3. 导出so,放入IDA中进行分析
jstring __fastcall Java_com_r0ysue_sha1_MainActivity_sha1(JNIEnv *env, jobject object, void *str)
{
char *v4; // x20
__int64 v5; // x23
char *v6; // x20
char v8[44]; // [xsp+4h] [xbp-7Ch] BYREF
char v9[24]; // [xsp+30h] [xbp-50h] BYREF
__int64 v10; // [xsp+48h] [xbp-38h]
v10 = *(_QWORD *)(_ReadStatusReg(ARM64_SYSREG(3, 3, 13, 0, 2)) + 40);
v4 = (char *)(*env)->GetStringUTFChars(env, str, 0LL);
strlen(v4);
sub_1BC0((int)v9, v4);
v5 = 0LL;
v6 = v8;
do
{
sub_7E8(v6, -1LL);
++v5;
v6 += 2;
}
while ( v5 != 20 );
return (*env)->NewStringUTF(env, v8);
}
进入sub_1BC0中看看
__int64 __fastcall sub_1BC0(int a1, void *a2)
{
__int128 v4; // [xsp+0h] [xbp-80h] BYREF
__int64 v5; // [xsp+10h] [xbp-70h]
int v6; // [xsp+18h] [xbp-68h]
__int64 v7; // [xsp+68h] [xbp-18h]
v7 = *(_QWORD *)(_ReadStatusReg(ARM64_SYSREG(3, 3, 13, 0, 2)) + 40);
v4 = xmmword_1C50;
v5 = 0xC3D2E1F0LL;
v6 = 0;
sub_19F0((int)&v4, a2);
return sub_1AD4(a1, (int)&v4);
}
这个0xC3D2E1F0很眼熟,查了一些果然是sha1的特征初始化常量之一
sha1 初始化常量
A = 0x67452301
B = 0xEFCDAB89
C = 0x98BADCFE
D = 0x10325476
E = 0xC3D2E1F0
sha1 常量K
K = [0x5A827999, 0x6ED9EBA1, 0x8F1BBCDC, 0xCA62C1D6]
0≤t≤19 K = 0x5A827999
20≤t≤39 K = 0x6ED9EBA1
40≤t≤59 K = 0x8F1BBCDC
60≤t≤79 K = 0xCA62C1D6
既然已经找到了第一个,看看xmmword_1C50 会不会有所发现
0000000000001C50 01 23 45 67 89 AB CD EF FE CC BA 98 76 54 32 10 .#Eg........vT2.
可以看到 这个数组对应的值,正好就是另外这个初始化变量的值(小端展示,需倒着看)
但是注意到有一个值是对应不上的 FE CC BA 98 76这里故意是将DC改成了CC, 所以相信直接用标准的Sha1算法计算出来的值,和这里的sha1算出来的值绝对是不一样的;
而在后续sub_19F0方法中我们找到了所有的K值,说明K是没有被魔改的
4. 编写frida看看,返回值是多少
function main() {
Java.perform(function () {
var MainActivityHandler = Java.use('com.r0ysue.sha1.MainActivity')
console.log('1111')
if (MainActivityHandler != undefined) {
console.log('2222' )
MainActivityHandler.sha1.implementation = function (str) {
console.log('hooked src str = ' + str)
var ret = this.sha1(str)
console.log('hooked ret = ' + ret)
return ret
}
}
})
}
setTimeout(main, 1000)
日志
2222
hooked src str = abcd
hooked ret = 84fa69e00c65b500653e402ab42f9a2f26daa02c
通过在线sha1计算后的值是81fe8bfe87576c3ecb22426f8e57847382917acf
果然如我们所料,两个sha1的结果不一致
5. 编写python注册机,通过修改初始化常量值来匹配试试
#初始化变量
K = [0x5A827999, 0x6ED9EBA1, 0x8F1BBCDC, 0xCA62C1D6]
A = 0x67452301
B = 0xEFCDAB89
C = 0x98BACCFE
D = 0x10325476
E = 0xC3D2E1F0
A0 = 0x67452301
B0 = 0xEFCDAB89
C0 = 0x98BACCFE
D0 = 0x10325476
E0 = 0xC3D2E1F0
'''字节转换,字节(8bit)->字(32bit)'''
def CharToWord( context,i):
return ((ord(context[i]) & 0x000000ff) << 24) | ((ord(context[i + 1]) & 0x000000ff) << 16) | ((ord(context[i + 2]) & 0x000000ff) << 8) | (ord(context[i + 3]) & 0x000000ff)
'''填充补位获得原始明文'''
def SHA1_fill(plaintext, group, length):
print("补位后的明文:")
text1 = list(plaintext)
for n in range(length//8, 56):
text1.append(chr(0))
plaintext=''.join(text1)
temp = length // 32
len1 = length
while len1 > 0:
len1 = len1//32
if len1:
for j in range(0, temp):
group[j] = CharToWord(plaintext, 4 * j)
print(hex(group[j]))
else:
text = list(plaintext)
b = 0x80
text.insert(length // 8, chr(b))
plaintext = ''.join(text)
group[temp] = CharToWord(plaintext, temp * 4)
print(hex(group[temp]))
break
group[15] = length
for i in range(temp + 1,16):
print(hex(group[i]).ljust(10, '0'))
'''f函数'''
def f(B ,C ,D , t):
if t >=0 and t <= 19:
return (B & C) ^ (~B & D)
if t >= 20 and t <= 39:
return B ^ C ^ D
if t >= 40 and t <= 59:
return (B & C) ^ (B & D) ^ (C & D)
if t >= 60 and t <= 79:
return B ^ C ^ D
'''获得 Kt'''
def GETK(t):
if t >= 0 and t <= 19:
return K[0]
if t >= 20 and t <= 39:
return K[1]
if t >= 40 and t <= 59:
return K[2]
if t >= 60 and t <= 79:
return K[3]
'''获得 Wt ,这里要特别注意mod(2**32)'''
def GETW(w):
for i in range(16,80):
w[i] = (((w[i - 3] ^ w[i - 8] ^ w[i - 14] ^ w[i - 16]) << 1) | ((w[i - 3] ^ w[i - 8] ^ w[i - 14] ^ w[i - 16]) >> 31)) % 2**32
'''步函数,注意mod(2**32)'''
def Step(t,w):
global A
global B
global C
global D
global E
T = (((A << 5) | (A >> 27)) + f(B, C, D, t) + E + w[t] + GETK(t)) % 2**32
E = D
D = C
C = ((B << 30) | (B >> 2)) % 2**32
B = A
A = T
'''获得密文'''
def GetCipher(cipher):
cipher[0] = (A0 + A) % 2**32
cipher[1] = (B0 + B) % 2**32
cipher[2] = (C0 + C) % 2**32
cipher[3] = (D0 + D) % 2**32
cipher[4] = (E0 + E) % 2**32
print("密文为:")
for j in range(0, 5):
print(hex(cipher[j])[2:], end='')
print()
def SHA1(context, cipher):
len1 = len(context) * 8
group = []
for i in range(80):
group.append(0)
SHA1_fill(context, group, len1)
GETW(group)
for t in range(80):
Step(t, group)
GetCipher(cipher)
m = input("请输入长度小于56的明文:")
c = []
for i in range(0, 5):
c.append(0)
SHA1(m, c)
'''以下为python自带sha1函数,以便对照'''
import hashlib
print("自带函数哈希后密文:")
b = hashlib.sha1()
b.update(m.encode())
sha1 = b.hexdigest()
print(sha1)
日志
密文为:
84fa69e0c65b500653e402ab42f9a2f26daa02c
自带函数哈希后密文:
81fe8bfe87576c3ecb22426f8e57847382917acf
ok,成功对上,输入到手机爆破成功
