发布文章内容,只为自己自学逆向分析做一个记录,方便以后加以巩固学习逆向分析。
本人为逆向学习小白,所以发布的内容都是简单的逆向分析。大佬请高抬贵手!
1、分析的登陆网站地址
http://www.leadbank.com.cn/login/2、使用工具
chrome浏览器
鬼鬼调试工具3、Post抓包登陆分析
测试账号 Steven2020 测试密码 a123456
post提交 返回数据
data: d59b937110d12446c0f10347b66e03c5014fb8bc462eb7544ca52656dbd6860007e283fc5f7e323c2fd2645924fe7c6151feb342cbfc545ff53da3c929db2d950d9e762d9d550f44272a0d26397f44262733cd31ec76c6ea5c11102363235a121523c43e6cb7c2aa7d5155c038e38f706c094bf6b0ddf4a2dfcae2f13ca8a7d936d4189f2b5303c74ffa82112ee9744a72f02d04da67cee53d4e29a50c5bf9beec12738aacc9506e432de1a16b041ba317893a51b863893d7c6d9e557d09f36f8679acee25c726107b3c0ddf4b67b509c7c573d6a7e43f1626ab23e78276ee17f94654ae252e0ee459f4ecf438888a61c421c637da9bb3928f766031bc3545e5
仅仅只有一个data 参数,说明 是多个参数拼接后进行的加密4、data解密
首先通过"data=" 这个关键词去全局搜索 哪个 JS文件 定义过这个参数。
加上 = 是为了可以更佳精准的搜索到
最终找到一个 字符串拼接的js,点击进入后,下断点调试
下断点后,可以发现,这个 变量 e 是
"{"terminal":"WEB","reqTime":"Sun, 31 Jan 2021 13:56:08 GMT","accessTerminal":"WEB","clientVersion":"4.1.0","version":"1.0","channelCode":"LD","appId":1002,"custMobile":"13888888888","custLoginPsw":"a123456","verifyCode":"36796"}"
包含了上面红框中的信息,除了一个 reqTime 是 取基于世界协调通用时间(UTC),另外的都是固定的值。加上"custMobile":"13888888888","custLoginPsw":"a123456","verifyCode":"36796",用户名 密码 和 验证码。然后进行 Object(f.a)() 方法进行加密;
进入 Object(f.a)(e) 的这个方法,发现存在公钥,那么就是一个RSA算法了。
现在的话,就是把这个加密算法的代码进行扣下来,首先把这个 function J() 函数 扣下来;
function J(t) {
var data = t.split("").reverse().join("");
!function(t) {
o = new Array(t);
for (var e = 0; e < o.length; e++)
o[e] = 0;
d = new h,
(n = new h).digits[0] = 1
}(130);
for (var e = new x("10001","","d741760e63aab01eecf8f2237468da2c9a1f3dfb7de74d8bed23de8eb734b0771aa88ab3acfe3d223f24c057a37f8976cd592a5061fba10cfa212ac7448ef4ce9710a3c5ecb176ed10f55612de976edda1a000faf74923efa80645d0654588c1bc314a28879aeda2ed08b0b83c3582ef3de1fe9125aa67130cdfcd3128732461"), r = data.length, l = "", c = 0, i = 0; r - c > 0; )
l = L(e, r - c > 128 ? data.substr(c, 128) : data.substr(c, r - c)) + l,
c = 128 * ++i;
return l
}然后开始缺少啥对象,或者是参数,就在扣相应的函数;
最终扣完了所有登陆的加密的代码
var o, n, d, l = [0, 32768, 49152, 57344, 61440, 63488, 64512, 65024, 65280, 65408, 65472, 65504, 65520, 65528, 65532, 65534, 65535], c = [0, 1, 3, 7, 15, 31, 63, 127, 255, 511, 1023, 2047, 4095, 8191, 16383, 32767, 65535], f = ["0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "a", "b", "c", "d", "e", "f"];
function h(t) {
this.digits = "boolean" == typeof t && 1 == t ? null : o.slice(0),
this.isNeg = !1
}
function v(s) {
for (var t = new h, i = s.length, e = 0; i > 0; i -= 4,
++e)
t.digits[e] = m(s.substr(Math.max(i - 4, 0), Math.min(i, 4)));
return t
}
function m(s) {
for (var t, e = 0, r = Math.min(s.length, 4), i = 0; i < r; ++i)
e <<= 4,
e |= (t = s.charCodeAt(i)) >= 48 && t <= 57 ? t - 48 : t >= 65 && t <= 90 ? 10 + t - 65 : t >= 97 && t <= 122 ? 10 + t - 97 : 0;
return e
}
function x(t, e, r) {
this.e = v(t),
this.d = v(e),
this.m = v(r),
this.chunkSize = 128,
this.radix = 16,
this.barrett = new w(this.m)
}
function k(t) {
var e = new h(!0);
return e.digits = t.digits.slice(0),
e.isNeg = t.isNeg,
e
}
function w(t) {
this.modulus = k(t),
this.k = A(this.modulus) + 1;
var e, r, o = new h;
o.digits[2 * this.k] = 1,
this.mu = (e = o,
r = this.modulus,
y(e, r)[0]),
this.bkplus1 = new h,
this.bkplus1.digits[this.k + 1] = 1,
this.modulo = T,
this.multiplyMod = U,
this.powMod = I
}
function A(t) {
for (var e = t.digits.length - 1; e > 0 && 0 == t.digits[e]; )
--e;
return e
}
function y(t, e) {
var q, r, o = j(t), d = j(e), l = e.isNeg;
if (o < d)
return t.isNeg ? ((q = k(n)).isNeg = !e.isNeg,
t.isNeg = !1,
e.isNeg = !1,
r = O(e, t),
t.isNeg = !0,
e.isNeg = l) : (q = new h,
r = k(t)),
[q, r];
q = new h,
r = t;
for (var c = Math.ceil(d / 16) - 1, f = 0; e.digits[c] < 32768; )
e = _(e, 1),
++f,
++d,
c = Math.ceil(d / 16) - 1;
r = _(r, f),
o += f;
for (var m = Math.ceil(o / 16) - 1, b = z(e, m - c); -1 != N(r, b); )
++q.digits[m - c],
r = O(r, b);
for (var i = m; i > c; --i) {
var v = i >= r.digits.length ? 0 : r.digits[i]
, x = i - 1 >= r.digits.length ? 0 : r.digits[i - 1]
, w = i - 2 >= r.digits.length ? 0 : r.digits[i - 2]
, y = c >= e.digits.length ? 0 : e.digits[c]
, C = c - 1 >= e.digits.length ? 0 : e.digits[c - 1];
q.digits[i - c - 1] = v == y ? 65535 : Math.floor((65536 * v + x) / y);
for (var T = q.digits[i - c - 1] * (65536 * y + C), U = 4294967296 * v + (65536 * x + w); T > U; )
--q.digits[i - c - 1],
T = q.digits[i - c - 1] * (65536 * y | C),
U = 65536 * v * 65536 + (65536 * x + w);
(r = O(r, E(b = z(e, i - c - 1), q.digits[i - c - 1]))).isNeg && (r = Q(r, b),
--q.digits[i - c - 1])
}
return r = S(r, f),
q.isNeg = t.isNeg != l,
t.isNeg && (q = l ? Q(q, n) : O(q, n),
r = O(e = S(e, f), r)),
0 == r.digits[0] && 0 == A(r) && (r.isNeg = !1),
[q, r]
}
function j(t) {
var e, r = A(t), o = t.digits[r], n = 16 * (r + 1);
for (e = n; e > n - 16 && 0 == (32768 & o); --e)
o <<= 1;
return e
}
function _(t, e) {
var r = Math.floor(e / 16)
, o = new h;
C(t.digits, 0, o.digits, r, o.digits.length - r);
for (var n = e % 16, d = 16 - n, i = o.digits.length - 1, c = i - 1; i > 0; --i,
--c)
o.digits[i] = o.digits[i] << n & 65535 | (o.digits[c] & l[n]) >>> d;
return o.digits[0] = o.digits[i] << n & 65535,
o.isNeg = t.isNeg,
o
}
function C(t, e, r, o, n) {
for (var d = Math.min(e + n, t.length), i = e, l = o; i < d; ++i,
++l)
r[l] = t[i]
}
function z(t, e) {
var r = new h;
return C(t.digits, 0, r.digits, e, r.digits.length - e),
r
}
function N(t, e) {
if (t.isNeg != e.isNeg)
return 1 - 2 * Number(t.isNeg);
for (var i = t.digits.length - 1; i >= 0; --i)
if (t.digits[i] != e.digits[i])
return t.isNeg ? 1 - 2 * Number(t.digits[i] > e.digits[i]) : 1 - 2 * Number(t.digits[i] < e.digits[i]);
return 0
}
function O(t, e) {
var r;
if (t.isNeg != e.isNeg)
e.isNeg = !e.isNeg,
r = Q(t, e),
e.isNeg = !e.isNeg;
else {
var o, n;
r = new h,
n = 0;
for (var i = 0; i < t.digits.length; ++i)
o = t.digits[i] - e.digits[i] + n,
r.digits[i] = o % 65536,
r.digits[i] < 0 && (r.digits[i] += 65536),
n = 0 - Number(o < 0);
if (-1 == n) {
n = 0;
for (var d = 0; d < t.digits.length; ++d)
o = 0 - r.digits[d] + n,
r.digits[d] = o % 65536,
r.digits[d] < 0 && (r.digits[d] += 65536),
n = 0 - Number(o < 0);
r.isNeg = !t.isNeg
} else
r.isNeg = t.isNeg
}
return r
}
function E(t, e) {
var r, o, n, d = new h;
r = A(t),
o = 0;
for (var l = 0; l <= r; ++l)
n = d.digits[l] + t.digits[l] * e + o,
d.digits[l] = 65535 & n,
o = n >>> 16;
return d.digits[1 + r] = o,
d
}
function S(t, e) {
var r = Math.floor(e / 16)
, o = new h;
C(t.digits, r, o.digits, 0, t.digits.length - r);
for (var n = e % 16, d = 16 - n, i = 0, l = i + 1; i < o.digits.length - 1; ++i,
++l)
o.digits[i] = o.digits[i] >>> n | (o.digits[l] & c[n]) << d;
return o.digits[o.digits.length - 1] >>>= n,
o.isNeg = t.isNeg,
o
}
function T(t) {
var e = R(t, this.k - 1)
, r = R(B(e, this.mu), this.k + 1)
, o = O(F(t, this.k + 1), F(B(r, this.modulus), this.k + 1));
o.isNeg && (o = Q(o, this.bkplus1));
for (var n = N(o, this.modulus) >= 0; n; )
n = N(o = O(o, this.modulus), this.modulus) >= 0;
return o
}
function U(t, e) {
var r = B(t, e);
return this.modulo(r)
}
function I(t, e) {
var r = new h;
r.digits[0] = 1;
for (var a = t, o = e; 0 != (1 & o.digits[0]) && (r = this.multiplyMod(r, a)),
0 != (o = S(o, 1)).digits[0] || 0 != A(o); )
a = this.multiplyMod(a, a);
return r
}
function L(t, s) {
for (var a = [], e = s.length, i = 0; i < e; )
a[i] = s.charCodeAt(i),
i++;
for (; a.length % t.chunkSize != 0; )
a[i++] = 0;
var r, o, n, d = a.length, l = "";
for (i = 0; i < d; i += t.chunkSize) {
for (n = new h,
r = 0,
o = i; o < i + t.chunkSize; ++r)
n.digits[r] = a[o++],
n.digits[r] += a[o++] << 8;
var c = t.barrett.powMod(n, t.e);
l += (16 == t.radix ? D(c) : H(c, t.radix)) + " "
}
return l.substring(0, l.length - 1)
}
function B(t, e) {
for (var r, o, n, d = new h, l = A(t), c = A(e), i = 0; i <= c; ++i) {
r = 0,
n = i;
for (var f = 0; f <= l; ++f,
++n)
o = d.digits[n] + t.digits[f] * e.digits[i] + r,
d.digits[n] = 65535 & o,
r = o >>> 16;
d.digits[i + l + 1] = r
}
return d.isNeg = t.isNeg != e.isNeg,
d
}
function R(t, e) {
var r = new h;
return C(t.digits, e, r.digits, 0, r.digits.length - e),
r
}
function F(t, e) {
var r = new h;
return C(t.digits, 0, r.digits, 0, e),
r
}
function D(t) {
for (var e = "", i = A(t); i > -1; --i)
e += P(t.digits[i]);
return e
}
function P(t) {
for (var e = "", i = 0; i < 4; ++i)
e += f[15 & t],
t >>>= 4;
return M(e)
}
function M(s) {
for (var t = "", i = s.length - 1; i > -1; --i)
t += s.charAt(i);
return t
}
function Q(t, e) {
var r;
if (t.isNeg != e.isNeg)
e.isNeg = !e.isNeg,
r = O(t, e),
e.isNeg = !e.isNeg;
else {
r = new h;
for (var o, n = 0, i = 0; i < t.digits.length; ++i)
o = t.digits[i] + e.digits[i] + n,
r.digits[i] = o % 65536,
n = Number(o >= 65536);
r.isNeg = t.isNeg
}
return r
}
var V = ["0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z"];
function H(t, e) {
var b = new h;
b.digits[0] = e;
for (var r = y(t, b), o = V[r[1].digits[0]]; 1 == N(r[0], d); )
r = y(r[0], b),
o += V[r[1].digits[0]];
return (t.isNeg ? "-" : "") + M(o)
}
function J(t) {
var data = t.split("").reverse().join("");
!function(t) {
o = new Array(t);
for (var e = 0; e < o.length; e++)
o[e] = 0;
d = new h,
(n = new h).digits[0] = 1
}(130);
for (var e = new x("10001","","d741760e63aab01eecf8f2237468da2c9a1f3dfb7de74d8bed23de8eb734b0771aa88ab3acfe3d223f24c057a37f8976cd592a5061fba10cfa212ac7448ef4ce9710a3c5ecb176ed10f55612de976edda1a000faf74923efa80645d0654588c1bc314a28879aeda2ed08b0b83c3582ef3de1fe9125aa67130cdfcd3128732461"), r = data.length, l = "", c = 0, i = 0; r - c > 0; )
l = L(e, r - c > 128 ? data.substr(c, 128) : data.substr(c, r - c)) + l,
c = 128 * ++i;
return l
}放入鬼鬼调试工具中,进行测试
测试出来的加密结果 和 网页中获取到的一模一样,那么至此这个登陆的RSA算法就破解了!