10、利得金融网页Post登陆RSA算法加密分析【Post/Js逆向笔记】

发布文章内容,只为自己自学逆向分析做一个记录,方便以后加以巩固学习逆向分析。
本人为逆向学习小白,所以发布的内容都是简单的逆向分析。大佬请高抬贵手!

 1、分析的登陆网站地址

http://www.leadbank.com.cn/login/

2、使用工具

chrome浏览器

鬼鬼调试工具

3、Post抓包登陆分析

测试账号 Steven2020  测试密码 a123456

post提交 返回数据 

data: d59b937110d12446c0f10347b66e03c5014fb8bc462eb7544ca52656dbd6860007e283fc5f7e323c2fd2645924fe7c6151feb342cbfc545ff53da3c929db2d950d9e762d9d550f44272a0d26397f44262733cd31ec76c6ea5c11102363235a121523c43e6cb7c2aa7d5155c038e38f706c094bf6b0ddf4a2dfcae2f13ca8a7d936d4189f2b5303c74ffa82112ee9744a72f02d04da67cee53d4e29a50c5bf9beec12738aacc9506e432de1a16b041ba317893a51b863893d7c6d9e557d09f36f8679acee25c726107b3c0ddf4b67b509c7c573d6a7e43f1626ab23e78276ee17f94654ae252e0ee459f4ecf438888a61c421c637da9bb3928f766031bc3545e5



仅仅只有一个data 参数,说明 是多个参数拼接后进行的加密

10、利得金融网页Post登陆RSA算法加密分析【Post/Js逆向笔记】

4、data解密

首先通过"data=" 这个关键词去全局搜索 哪个 JS文件 定义过这个参数。

加上 =   是为了可以更佳精准的搜索到

10、利得金融网页Post登陆RSA算法加密分析【Post/Js逆向笔记】

最终找到一个 字符串拼接的js,点击进入后,下断点调试

10、利得金融网页Post登陆RSA算法加密分析【Post/Js逆向笔记】

 

下断点后,可以发现,这个 变量 e  是  

"{"terminal":"WEB","reqTime":"Sun, 31 Jan 2021 13:56:08 GMT","accessTerminal":"WEB","clientVersion":"4.1.0","version":"1.0","channelCode":"LD","appId":1002,"custMobile":"13888888888","custLoginPsw":"a123456","verifyCode":"36796"}"

10、利得金融网页Post登陆RSA算法加密分析【Post/Js逆向笔记】

10、利得金融网页Post登陆RSA算法加密分析【Post/Js逆向笔记】

 

包含了上面红框中的信息,除了一个 reqTime 是 取基于世界协调通用时间(UTC),另外的都是固定的值。加上"custMobile":"13888888888","custLoginPsw":"a123456","verifyCode":"36796",用户名 密码 和 验证码。然后进行 Object(f.a)() 方法进行加密;

10、利得金融网页Post登陆RSA算法加密分析【Post/Js逆向笔记】

 

进入 Object(f.a)(e) 的这个方法,发现存在公钥,那么就是一个RSA算法了。

10、利得金融网页Post登陆RSA算法加密分析【Post/Js逆向笔记】

 

现在的话,就是把这个加密算法的代码进行扣下来,首先把这个 function J() 函数 扣下来;

        function J(t) {
            var data = t.split("").reverse().join("");
            !function(t) {
                o = new Array(t);
                for (var e = 0; e < o.length; e++)
                    o[e] = 0;
                d = new h,
                (n = new h).digits[0] = 1
            }(130);
            for (var e = new x("10001","","d741760e63aab01eecf8f2237468da2c9a1f3dfb7de74d8bed23de8eb734b0771aa88ab3acfe3d223f24c057a37f8976cd592a5061fba10cfa212ac7448ef4ce9710a3c5ecb176ed10f55612de976edda1a000faf74923efa80645d0654588c1bc314a28879aeda2ed08b0b83c3582ef3de1fe9125aa67130cdfcd3128732461"), r = data.length, l = "", c = 0, i = 0; r - c > 0; )
                l = L(e, r - c > 128 ? data.substr(c, 128) : data.substr(c, r - c)) + l,
                c = 128 * ++i;
            return l
        }

然后开始缺少啥对象,或者是参数,就在扣相应的函数;

最终扣完了所有登陆的加密的代码

        var o, n, d, l = [0, 32768, 49152, 57344, 61440, 63488, 64512, 65024, 65280, 65408, 65472, 65504, 65520, 65528, 65532, 65534, 65535], c = [0, 1, 3, 7, 15, 31, 63, 127, 255, 511, 1023, 2047, 4095, 8191, 16383, 32767, 65535], f = ["0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "a", "b", "c", "d", "e", "f"];

 function h(t) {
            this.digits = "boolean" == typeof t && 1 == t ? null : o.slice(0),
            this.isNeg = !1
        }
        function v(s) {
            for (var t = new h, i = s.length, e = 0; i > 0; i -= 4,
            ++e)
                t.digits[e] = m(s.substr(Math.max(i - 4, 0), Math.min(i, 4)));
            return t
        }
        function m(s) {
            for (var t, e = 0, r = Math.min(s.length, 4), i = 0; i < r; ++i)
                e <<= 4,
                e |= (t = s.charCodeAt(i)) >= 48 && t <= 57 ? t - 48 : t >= 65 && t <= 90 ? 10 + t - 65 : t >= 97 && t <= 122 ? 10 + t - 97 : 0;
            return e
        }
        function x(t, e, r) {
            this.e = v(t),
            this.d = v(e),
            this.m = v(r),
            this.chunkSize = 128,
            this.radix = 16,
            this.barrett = new w(this.m)
        }
        function k(t) {
            var e = new h(!0);
            return e.digits = t.digits.slice(0),
            e.isNeg = t.isNeg,
            e
        }
        function w(t) {
            this.modulus = k(t),
            this.k = A(this.modulus) + 1;
            var e, r, o = new h;
            o.digits[2 * this.k] = 1,
            this.mu = (e = o,
            r = this.modulus,
            y(e, r)[0]),
            this.bkplus1 = new h,
            this.bkplus1.digits[this.k + 1] = 1,
            this.modulo = T,
            this.multiplyMod = U,
            this.powMod = I
        }
        function A(t) {
            for (var e = t.digits.length - 1; e > 0 && 0 == t.digits[e]; )
                --e;
            return e
        }
        function y(t, e) {
            var q, r, o = j(t), d = j(e), l = e.isNeg;
            if (o < d)
                return t.isNeg ? ((q = k(n)).isNeg = !e.isNeg,
                t.isNeg = !1,
                e.isNeg = !1,
                r = O(e, t),
                t.isNeg = !0,
                e.isNeg = l) : (q = new h,
                r = k(t)),
                [q, r];
            q = new h,
            r = t;
            for (var c = Math.ceil(d / 16) - 1, f = 0; e.digits[c] < 32768; )
                e = _(e, 1),
                ++f,
                ++d,
                c = Math.ceil(d / 16) - 1;
            r = _(r, f),
            o += f;
            for (var m = Math.ceil(o / 16) - 1, b = z(e, m - c); -1 != N(r, b); )
                ++q.digits[m - c],
                r = O(r, b);
            for (var i = m; i > c; --i) {
                var v = i >= r.digits.length ? 0 : r.digits[i]
                  , x = i - 1 >= r.digits.length ? 0 : r.digits[i - 1]
                  , w = i - 2 >= r.digits.length ? 0 : r.digits[i - 2]
                  , y = c >= e.digits.length ? 0 : e.digits[c]
                  , C = c - 1 >= e.digits.length ? 0 : e.digits[c - 1];
                q.digits[i - c - 1] = v == y ? 65535 : Math.floor((65536 * v + x) / y);
                for (var T = q.digits[i - c - 1] * (65536 * y + C), U = 4294967296 * v + (65536 * x + w); T > U; )
                    --q.digits[i - c - 1],
                    T = q.digits[i - c - 1] * (65536 * y | C),
                    U = 65536 * v * 65536 + (65536 * x + w);
                (r = O(r, E(b = z(e, i - c - 1), q.digits[i - c - 1]))).isNeg && (r = Q(r, b),
                --q.digits[i - c - 1])
            }
            return r = S(r, f),
            q.isNeg = t.isNeg != l,
            t.isNeg && (q = l ? Q(q, n) : O(q, n),
            r = O(e = S(e, f), r)),
            0 == r.digits[0] && 0 == A(r) && (r.isNeg = !1),
            [q, r]
        }
        function j(t) {
            var e, r = A(t), o = t.digits[r], n = 16 * (r + 1);
            for (e = n; e > n - 16 && 0 == (32768 & o); --e)
                o <<= 1;
            return e
        }
        function _(t, e) {
            var r = Math.floor(e / 16)
              , o = new h;
            C(t.digits, 0, o.digits, r, o.digits.length - r);
            for (var n = e % 16, d = 16 - n, i = o.digits.length - 1, c = i - 1; i > 0; --i,
            --c)
                o.digits[i] = o.digits[i] << n & 65535 | (o.digits[c] & l[n]) >>> d;
            return o.digits[0] = o.digits[i] << n & 65535,
            o.isNeg = t.isNeg,
            o
        }
        function C(t, e, r, o, n) {
            for (var d = Math.min(e + n, t.length), i = e, l = o; i < d; ++i,
            ++l)
                r[l] = t[i]
        }
        function z(t, e) {
            var r = new h;
            return C(t.digits, 0, r.digits, e, r.digits.length - e),
            r
        }
        function N(t, e) {
            if (t.isNeg != e.isNeg)
                return 1 - 2 * Number(t.isNeg);
            for (var i = t.digits.length - 1; i >= 0; --i)
                if (t.digits[i] != e.digits[i])
                    return t.isNeg ? 1 - 2 * Number(t.digits[i] > e.digits[i]) : 1 - 2 * Number(t.digits[i] < e.digits[i]);
            return 0
        }
        function O(t, e) {
            var r;
            if (t.isNeg != e.isNeg)
                e.isNeg = !e.isNeg,
                r = Q(t, e),
                e.isNeg = !e.isNeg;
            else {
                var o, n;
                r = new h,
                n = 0;
                for (var i = 0; i < t.digits.length; ++i)
                    o = t.digits[i] - e.digits[i] + n,
                    r.digits[i] = o % 65536,
                    r.digits[i] < 0 && (r.digits[i] += 65536),
                    n = 0 - Number(o < 0);
                if (-1 == n) {
                    n = 0;
                    for (var d = 0; d < t.digits.length; ++d)
                        o = 0 - r.digits[d] + n,
                        r.digits[d] = o % 65536,
                        r.digits[d] < 0 && (r.digits[d] += 65536),
                        n = 0 - Number(o < 0);
                    r.isNeg = !t.isNeg
                } else
                    r.isNeg = t.isNeg
            }
            return r
        }
        function E(t, e) {
            var r, o, n, d = new h;
            r = A(t),
            o = 0;
            for (var l = 0; l <= r; ++l)
                n = d.digits[l] + t.digits[l] * e + o,
                d.digits[l] = 65535 & n,
                o = n >>> 16;
            return d.digits[1 + r] = o,
            d
        }
        function S(t, e) {
            var r = Math.floor(e / 16)
              , o = new h;
            C(t.digits, r, o.digits, 0, t.digits.length - r);
            for (var n = e % 16, d = 16 - n, i = 0, l = i + 1; i < o.digits.length - 1; ++i,
            ++l)
                o.digits[i] = o.digits[i] >>> n | (o.digits[l] & c[n]) << d;
            return o.digits[o.digits.length - 1] >>>= n,
            o.isNeg = t.isNeg,
            o
        }
        function T(t) {
            var e = R(t, this.k - 1)
              , r = R(B(e, this.mu), this.k + 1)
              , o = O(F(t, this.k + 1), F(B(r, this.modulus), this.k + 1));
            o.isNeg && (o = Q(o, this.bkplus1));
            for (var n = N(o, this.modulus) >= 0; n; )
                n = N(o = O(o, this.modulus), this.modulus) >= 0;
            return o
        }
        function U(t, e) {
            var r = B(t, e);
            return this.modulo(r)
        }
        function I(t, e) {
            var r = new h;
            r.digits[0] = 1;
            for (var a = t, o = e; 0 != (1 & o.digits[0]) && (r = this.multiplyMod(r, a)),
            0 != (o = S(o, 1)).digits[0] || 0 != A(o); )
                a = this.multiplyMod(a, a);
            return r
        }
        function L(t, s) {
            for (var a = [], e = s.length, i = 0; i < e; )
                a[i] = s.charCodeAt(i),
                i++;
            for (; a.length % t.chunkSize != 0; )
                a[i++] = 0;
            var r, o, n, d = a.length, l = "";
            for (i = 0; i < d; i += t.chunkSize) {
                for (n = new h,
                r = 0,
                o = i; o < i + t.chunkSize; ++r)
                    n.digits[r] = a[o++],
                    n.digits[r] += a[o++] << 8;
                var c = t.barrett.powMod(n, t.e);
                l += (16 == t.radix ? D(c) : H(c, t.radix)) + " "
            }
            return l.substring(0, l.length - 1)
        }
        function B(t, e) {
            for (var r, o, n, d = new h, l = A(t), c = A(e), i = 0; i <= c; ++i) {
                r = 0,
                n = i;
                for (var f = 0; f <= l; ++f,
                ++n)
                    o = d.digits[n] + t.digits[f] * e.digits[i] + r,
                    d.digits[n] = 65535 & o,
                    r = o >>> 16;
                d.digits[i + l + 1] = r
            }
            return d.isNeg = t.isNeg != e.isNeg,
            d
        }
        function R(t, e) {
            var r = new h;
            return C(t.digits, e, r.digits, 0, r.digits.length - e),
            r
        }
        function F(t, e) {
            var r = new h;
            return C(t.digits, 0, r.digits, 0, e),
            r
        }
        function D(t) {
            for (var e = "", i = A(t); i > -1; --i)
                e += P(t.digits[i]);
            return e
        }
        function P(t) {
            for (var e = "", i = 0; i < 4; ++i)
                e += f[15 & t],
                t >>>= 4;
            return M(e)
        }
        function M(s) {
            for (var t = "", i = s.length - 1; i > -1; --i)
                t += s.charAt(i);
            return t
        }
        function Q(t, e) {
            var r;
            if (t.isNeg != e.isNeg)
                e.isNeg = !e.isNeg,
                r = O(t, e),
                e.isNeg = !e.isNeg;
            else {
                r = new h;
                for (var o, n = 0, i = 0; i < t.digits.length; ++i)
                    o = t.digits[i] + e.digits[i] + n,
                    r.digits[i] = o % 65536,
                    n = Number(o >= 65536);
                r.isNeg = t.isNeg
            }
            return r
        }
        var V = ["0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z"];
        function H(t, e) {
            var b = new h;
            b.digits[0] = e;
            for (var r = y(t, b), o = V[r[1].digits[0]]; 1 == N(r[0], d); )
                r = y(r[0], b),
                o += V[r[1].digits[0]];
            return (t.isNeg ? "-" : "") + M(o)
        }
        function J(t) {
            var data = t.split("").reverse().join("");
            !function(t) {
                o = new Array(t);
                for (var e = 0; e < o.length; e++)
                    o[e] = 0;
                d = new h,
                (n = new h).digits[0] = 1
            }(130);
            for (var e = new x("10001","","d741760e63aab01eecf8f2237468da2c9a1f3dfb7de74d8bed23de8eb734b0771aa88ab3acfe3d223f24c057a37f8976cd592a5061fba10cfa212ac7448ef4ce9710a3c5ecb176ed10f55612de976edda1a000faf74923efa80645d0654588c1bc314a28879aeda2ed08b0b83c3582ef3de1fe9125aa67130cdfcd3128732461"), r = data.length, l = "", c = 0, i = 0; r - c > 0; )
                l = L(e, r - c > 128 ? data.substr(c, 128) : data.substr(c, r - c)) + l,
                c = 128 * ++i;
            return l
        }

 放入鬼鬼调试工具中,进行测试

10、利得金融网页Post登陆RSA算法加密分析【Post/Js逆向笔记】

  测试出来的加密结果 和  网页中获取到的一模一样,那么至此这个登陆的RSA算法就破解了!

 

上一篇:打卡大卡打卡打卡 .17-21


下一篇:初级算法 加一