57js加密AES返回数据加密第三弹

猿人学练习/57js加密AES返回数据加密第三弹/aes-test.js

@@ -8,11 +8,22 @@ function I(X, l) {
         'mode': k['mode']['ECB'],
         'padding': k['pad']['Pkcs7']
     });
+    console.log(v);
     return v['toString'](k['enc']['Utf8']);
 }
 
+X = "XNQigEGA";
+L = "hXjidu7fiaX+zCIK3g4Uj8F1fwIlgQKEHMiYw4KDmw4NT9Xpbs7b1//EL7IbezLAREIvqYZzUHRIK9ZpZmxkx7A/rzQbl+3VbzZaP8dTTaclgzq12BWctvyyMGq2DiQstSzpRSxymQGXL9R8uz+iHiL/MdXfTcYhS9bR+yIJjritl7UYPDsYy5uN2AGzE3oRov+yJIc2C4Uh8eQgHNQD4SUJMr9CUfz/kU3gjuUwkt0Gp3aygJBV1uvtxMCYq2UFGPx6IEto+Kap24JiqVYS/q0vjHftTFQcREIvqYZzUHS4XnOJJbJOqrA/rzQbl+3VWQXcqSkLjfqolh7H0BF7hQ==";
 
-X = "lVyahWFq";
-L = "ohKADHk8zYXczliObcRsvE70kmTI2RiN94ZOxQgxbhQ7pueMCCcH7mnDZU2Tj2KwP0cqYgzsflRzt/Qls+efrZtGFaLomQw24v9FvIOso6lMYKrKtw5qP3b8d13G1tQXIuHILMMXDSrtUjX3vV+nUl7lV8KebHccY0STT0un12bMkODx2FTcv93sn2UHoBMTIWBM3CY+cQpOYEYB7iovImwasNLA5vsYxgntDuyxubvP5oi7FZPvHqtThy3gw9ivk+MyCBpW21Gr2aF/Wz/BHA10B5alDqSzP0cqYgzsflQCxHiUkgI+FptGFaLomQw2T1hUihgNUvLYnFuUWRJ6sw==";
+console.log(I(X, L));
 
-console.log(I(X, L));
+
+function sign(key, data) {
+    return I(key, data);
+}
+
+
+module.exports =
+    {
+        sign
+    };

猿人学练习/57js加密AES返回数据加密第三弹/aes_encrypt.py

@@ -1,26 +0,0 @@
-import base64
-from Crypto.Cipher import AES
-
-
-# AES
-# 需要补位，str不是16的倍数那就补足为16的倍数
-def add_to_16(value):
-    while len(value) % 16 != 0:
-        value += '\0'
-    return str.encode(value)  # 返回bytes
-
-
-# 加密方法
-def encrypt(key, text):
-    aes = AES.new(add_to_16(key), AES.MODE_ECB)  # 初始化加密器
-    encrypt_aes = aes.encrypt(add_to_16(text))  # 先进行aes加密
-    encrypted_text = str(base64.encodebytes(encrypt_aes), encoding='utf-8')
-    return encrypted_text
-
-
-# 解密方法
-def decrypt(key, text):
-    aes = AES.new(add_to_16(key), AES.MODE_ECB)  # 初始化加密器
-    base64_decrypted = base64.decodebytes(text.encode(encoding='utf-8'))
-    decrypted_text = str(aes.decrypt(base64_decrypted), encoding='utf-8').replace('\0', '')  # 执行解密密并转码返回str
-    return decrypted_text

猿人学练习/57js加密AES返回数据加密第三弹/des_encrypt.py

@@ -1,24 +0,0 @@
-from Crypto.Cipher import DES
-
-key = b'abcdefgh'  # 密钥 8位或16位,必须为bytes
-
-
-def pad(text):
-    # 如果text不是8的倍数【加密文本text必须为8的倍数！】，补足为8的倍数
-    while len(text) % 8 != 0:
-        text += ' '
-    return text
-
-
-# 加密方法
-def encrypt(key, text):
-    des = DES.new(key, DES.MODE_ECB)  # 创建DES实例
-    padded_text = pad(text)
-    encrypted_text = des.encrypt(padded_text.encode('utf-8'))
-    return encrypted_text
-
-
-# 解密方法
-def decrypt(key, text):
-    des = DES.new(key, DES.MODE_ECB)
-    plain_text = des.decrypt(text).decode().rstrip(' ')

猿人学练习/57js加密AES返回数据加密第三弹/main.py

@@ -1,5 +1,16 @@
 import requests
-from des_encrypt import decrypt
+
+
+def get_decrypt(key, data):
+    data = {"key": key, "data": data}
+    url = f"http://127.0.0.1:3005/sign_57"
+    session = requests.session()
+    headers = {
+        'content-type': 'application/x-www-form-urlencoded; charset=UTF-8'
+    }
+    session.headers = headers
+    response = session.request("POST", url, data=data)
+    return response.json()
 
 
 def challenge57(page):
@@ -18,19 +29,15 @@ def run():
     data_num = 0
     for page in range(1, 101):
         response_json = challenge57(page)
-        print(response_json)
         result = response_json.get('result')
         key = result[0:8]
         data = result[8:]
-
-        decrypt_data_dict = decrypt(key, data)
-        print(decrypt_data_dict)
+        decrypt_data_dict = get_decrypt(key, data)
         data_list = decrypt_data_dict.get('data')
         print(data_list)
         for data in data_list:
             data_num += int(data.get('value'))
         print(data_num)
-    print(data_num)
 
 
 if __name__ == '__main__':

猿人学练习/57js加密AES返回数据加密第三弹/readme.md

@@ -0,0 +1,85 @@
+# 知识点： DES加密,重写加密函数
+
+## 解题思路
+
+请求查看结果地址，发现是结果加密
+
+![请求](./img/1.png)
+
+进入调试
+
+![请求](./img/2.png)
+
+打断点,发现是`crypto-js`加密
+
+![请求](./img/3.png)
+
+利用控制台查看变量值
+
+![请求](./img/4.png)
+
+既然知道了`crypto-js`加密
+
+    var k = P('crypto-js')
+      , C = X
+      , q = k['enc']['Utf8']['parse'](C)
+      , v = k['AES']['decrypt'](l, q, {
+        'mode': k['mode']['ECB'],
+        'padding': k['pad']['Pkcs7']
+
+编写js代码
+
+    const CryptoJS = require("crypto-js");
+    
+    function I(X, l) {
+        var k = CryptoJS
+            , C = X
+            , q = k['enc']['Utf8']['parse'](C)
+            , v = k.AES.decrypt(l, q, {
+            'mode': k['mode']['ECB'],
+            'padding': k['pad']['Pkcs7']
+        });
+        return v['toString'](k['enc']['Utf8']);
+    }
+    
+    X = "lVyahWFq";
+    L = "ohKADHk8zYXczliObcRsvE70kmTI2RiN94ZOxQgxbhQ7pueMCCcH7mnDZU2Tj2KwP0cqYgzsflRzt/Qls+efrZtGFaLomQw24v9FvIOso6lMYKrKtw5qP3b8d13G1tQXIuHILMMXDSrtUjX3vV+nUl7lV8KebHccY0STT0un12bMkODx2FTcv93sn2UHoBMTIWBM3CY+cQpOYEYB7iovImwasNLA5vsYxgntDuyxubvP5oi7FZPvHqtThy3gw9ivk+MyCBpW21Gr2aF/Wz/BHA10B5alDqSzP0cqYgzsflQCxHiUkgI+FptGFaLomQw2T1hUihgNUvLYnFuUWRJ6sw==";
+    
+    console.log(I(X, L));
+
+执行发现，报错
+
+    Error: Malformed UTF-8 data
+
+猜是魔改过的`CryptoJS`,下面进行单步调试
+
+![请求](./img/9.png)
+
+控制台打印`q`
+
+![请求](./img/5.png)
+
+本地打印，输出值相同，没有问题
+
+![请求](./img/6.png)
+
+继续调试
+
+控制台打印`v`
+
+![请求](./img/7.png)
+
+本地打印，输出值不相同
+
+![请求](./img/8.png)
+
+经过多次调试，发现是 k.AES.decrypt 存在魔改
+
+    v = k.AES.decrypt(l, q, {
+            'mode': k['mode']['ECB'],
+            'padding': k['pad']['Pkcs7']
+        }
+
+应该是`DES`重写了`AES`函数，
+
+    k.DES.decrypt

猿人学练习/57js加密AES返回数据加密第三弹/server.js

@@ -0,0 +1,19 @@
+const express = require('express');
+const app = express();
+const encryption = require("./aes-test");
+var bodyParser = require('body-parser');
+app.use(bodyParser());
+
+
+app.post('/sign_57', function (req, res) {
+    let result = '';
+    let key = req.body.key;
+    let data = req.body.data;
+    result = encryption.sign(key, data);
+    res.send(result.toString());
+});
+
+
+app.listen(3005, () => {
+    console.log("开启服务，端口 3005")
+});