【APP逆向10】Java中常见加密与python实现

  • 1.隐藏字节,String v4 = new String(new byte[]{-26, -83, -90, -26, -78, -101, -23, -67, -112});
byte_list = [-26, -83, -90, -26, -78, -101, -23, -67, -112]

bs = bytearray()  # python字节数组
for item in byte_list:
    if item < 0:
        item = item + 256
    bs.append(item)

str_data = bs.decode('utf-8')  # data = bytes(bs)
print(str_data)
  • 2.uuid
    • java代码
import java.util.UUID;

public class Hello {
    public static void main(String[] args){
        String uid = UUID.randomUUID().toString();
        System.out.println(uid);
    }
}
  • python实现
import uuid

uid = str(uuid.uuid4())
print(uid)
  • 3.随机值
    • Java实现
import java.math.BigInteger;
import java.security.SecureRandom;

public class Hello {

    public static void main(String[] args) {
        // 随机生成80位,10个字节
        BigInteger v4 = new BigInteger(80, new SecureRandom());
        // 让字节以16进制展示
        String res = v4.toString(16);
        System.out.println(res);

    }
}
  • python实现
import random

data = random.randbytes(10)    #python3.9才有
print([item for item in data])
print([hex(item)[2:] for item in data])
#由于java中少于两位时,会自动补0
print([hex(item)[2:].rjust(2, "0") for item in data])

print("".join([hex(item)[2:].rjust(2, "0") for item in data]))

#如果是python3.9以下版本
import random

byte_list = [random.randint(0, 255) for i in range(10)]
print("".join([hex(item)[2:].rjust(2, "0") for item in byte_list]))
  • 4.MD5加密
    • java实现
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Base64;

public class Hello {

    public static void main(String[] args) throws NoSuchAlgorithmException {
        String name = "周杰伦";
        MessageDigest instance = MessageDigest.getInstance("MD5");
        instance.update("xxxxxx".getBytes());   //加盐
        
        byte[] nameBytes = instance.digest(name.getBytes());
        
        System.out.println(Arrays.toString(nameBytes));

        String res = new String(nameBytes);
        System.out.println(res);

        // 十六进制展示
        StringBuilder sb = new StringBuilder();
        for(int i=0;i<nameBytes.length;i++){
            int val = nameBytes[i] & 255;  // 负数转换为正数
            if (val<16){
                sb.append("0");
            }
            sb.append(Integer.toHexString(val));
        }
        String hexData = sb.toString();
        System.out.println(hexData); // e6ada6e6b29be9bd90
    }
}

  • python实现
import hashlib

obj = hashlib.md5('yyy'.encode('utf-8'))   #加盐
obj.update('xxxxx'.encode('utf-8'))

# java中没有这个功能。
v1 = obj.hexdigest()
print(v1) # fb0e22c79ac75679e9881e6ba183b354

v2 = obj.digest()
print(v2) # b'\xfb\x0e"\xc7\x9a\xc7Vy\xe9\x88\x1ek\xa1\x83\xb3T'
  • 5.AES加密
    java实现
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import java.io.UnsupportedEncodingException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Base64;

public class Hello {

    public static void main(String[] args) throws Exception {
        String data = "周杰伦";
        String key = "fd6b639dbcff0c2a1b03b389ec763c4b";
        String iv = "77b07a672d57d64c";
		
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        
        // 加密
        byte[] raw = key.getBytes();
        SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES");
        IvParameterSpec ivSpec = new IvParameterSpec(iv.getBytes());
        
        
        
        cipher.init(Cipher.ENCRYPT_MODE, skeySpec, ivSpec);
        byte[] encrypted = cipher.doFinal(data.getBytes());
        
        // System.out.println(Arrays.toString(encrypted));
        
    }
}

  • python实现
# pip install pycryptodome
from Crypto.Cipher import AES
from Crypto.Util.Padding import pad

KEY = "fd6b639dbcff0c2a1b03b389ec763c4b"
IV = "77b07a672d57d64c"


def aes_encrypt(data_string):
    aes = AES.new(
        key=KEY.encode('utf-8'),
        mode=AES.MODE_CBC,
        iv=IV.encode('utf-8')
    )
    raw = pad(data_string.encode('utf-8'), 16)
    return aes.encrypt(raw)

data = aes_encrypt("周杰伦")
print(data)
print([ i for i in data])
  • 6.Base64编码
    • java实现
import java.util.Base64;

public class Hello {

    public static void main(String[] args) {
        String name = "周杰伦";
        // 编码
        Base64.Encoder encoder  = Base64.getEncoder();
        String res = encoder.encodeToString(name.getBytes());
        System.out.println(res); // "5q2m5rKb6b2Q"
		
        // 解码
        Base64.Decoder decoder  = Base64.getDecoder();
        byte[] origin = decoder.decode(res);
        String data = new String(origin);
        System.out.println(data); // 周杰伦

    }
}
  • python实现
import base64

name = "周杰伦"

res = base64.b64encode(name.encode('utf-8'))
print(res) # b'5q2m5rKb6b2Q'

data = base64.b64decode(res)
origin = data.decode('utf-8')
print(origin) # "周杰伦"
  • 注意点:base64常与其他加密组合使用,如AES;不同语言特殊符号处理可能不一样,需要我们进行hook后对比再进行相应的替换。
posted @ 2024-01-23 22:09  Tony_xiao  阅读(76)  评论(0编辑  收藏  举报