diff --git a/猿人学练习/57js加密AES返回数据加密第三弹/aes-test.js b/猿人学练习/57js加密AES返回数据加密第三弹/aes-test.js index eb16c42..db44bbc 100644 --- a/猿人学练习/57js加密AES返回数据加密第三弹/aes-test.js +++ b/猿人学练习/57js加密AES返回数据加密第三弹/aes-test.js @@ -8,11 +8,22 @@ function I(X, l) { 'mode': k['mode']['ECB'], 'padding': k['pad']['Pkcs7'] }); + console.log(v); return v['toString'](k['enc']['Utf8']); } +X = "XNQigEGA"; +L = "hXjidu7fiaX+zCIK3g4Uj8F1fwIlgQKEHMiYw4KDmw4NT9Xpbs7b1//EL7IbezLAREIvqYZzUHRIK9ZpZmxkx7A/rzQbl+3VbzZaP8dTTaclgzq12BWctvyyMGq2DiQstSzpRSxymQGXL9R8uz+iHiL/MdXfTcYhS9bR+yIJjritl7UYPDsYy5uN2AGzE3oRov+yJIc2C4Uh8eQgHNQD4SUJMr9CUfz/kU3gjuUwkt0Gp3aygJBV1uvtxMCYq2UFGPx6IEto+Kap24JiqVYS/q0vjHftTFQcREIvqYZzUHS4XnOJJbJOqrA/rzQbl+3VWQXcqSkLjfqolh7H0BF7hQ=="; -X = "lVyahWFq"; -L = "ohKADHk8zYXczliObcRsvE70kmTI2RiN94ZOxQgxbhQ7pueMCCcH7mnDZU2Tj2KwP0cqYgzsflRzt/Qls+efrZtGFaLomQw24v9FvIOso6lMYKrKtw5qP3b8d13G1tQXIuHILMMXDSrtUjX3vV+nUl7lV8KebHccY0STT0un12bMkODx2FTcv93sn2UHoBMTIWBM3CY+cQpOYEYB7iovImwasNLA5vsYxgntDuyxubvP5oi7FZPvHqtThy3gw9ivk+MyCBpW21Gr2aF/Wz/BHA10B5alDqSzP0cqYgzsflQCxHiUkgI+FptGFaLomQw2T1hUihgNUvLYnFuUWRJ6sw=="; +console.log(I(X, L)); -console.log(I(X, L)); \ No newline at end of file + +function sign(key, data) { + return I(key, data); +} + + +module.exports = + { + sign + }; diff --git a/猿人学练习/57js加密AES返回数据加密第三弹/aes_encrypt.py b/猿人学练习/57js加密AES返回数据加密第三弹/aes_encrypt.py deleted file mode 100644 index 6f56d38..0000000 --- a/猿人学练习/57js加密AES返回数据加密第三弹/aes_encrypt.py +++ /dev/null @@ -1,26 +0,0 @@ -import base64 -from Crypto.Cipher import AES - - -# AES -# 需要补位,str不是16的倍数那就补足为16的倍数 -def add_to_16(value): - while len(value) % 16 != 0: - value += '\0' - return str.encode(value) # 返回bytes - - -# 加密方法 -def encrypt(key, text): - aes = AES.new(add_to_16(key), AES.MODE_ECB) # 初始化加密器 - encrypt_aes = aes.encrypt(add_to_16(text)) # 先进行aes加密 - encrypted_text = str(base64.encodebytes(encrypt_aes), encoding='utf-8') - return encrypted_text - - -# 解密方法 -def decrypt(key, text): - aes = AES.new(add_to_16(key), AES.MODE_ECB) # 初始化加密器 - base64_decrypted = base64.decodebytes(text.encode(encoding='utf-8')) - decrypted_text = str(aes.decrypt(base64_decrypted), encoding='utf-8').replace('\0', '') # 执行解密密并转码返回str - return decrypted_text diff --git a/猿人学练习/57js加密AES返回数据加密第三弹/des_encrypt.py b/猿人学练习/57js加密AES返回数据加密第三弹/des_encrypt.py deleted file mode 100644 index fcac198..0000000 --- a/猿人学练习/57js加密AES返回数据加密第三弹/des_encrypt.py +++ /dev/null @@ -1,24 +0,0 @@ -from Crypto.Cipher import DES - -key = b'abcdefgh' # 密钥 8位或16位,必须为bytes - - -def pad(text): - # 如果text不是8的倍数【加密文本text必须为8的倍数!】,补足为8的倍数 - while len(text) % 8 != 0: - text += ' ' - return text - - -# 加密方法 -def encrypt(key, text): - des = DES.new(key, DES.MODE_ECB) # 创建DES实例 - padded_text = pad(text) - encrypted_text = des.encrypt(padded_text.encode('utf-8')) - return encrypted_text - - -# 解密方法 -def decrypt(key, text): - des = DES.new(key, DES.MODE_ECB) - plain_text = des.decrypt(text).decode().rstrip(' ') diff --git a/猿人学练习/57js加密AES返回数据加密第三弹/img/1.png b/猿人学练习/57js加密AES返回数据加密第三弹/img/1.png new file mode 100644 index 0000000..1c1c3b5 Binary files /dev/null and b/猿人学练习/57js加密AES返回数据加密第三弹/img/1.png differ diff --git a/猿人学练习/57js加密AES返回数据加密第三弹/img/2.png b/猿人学练习/57js加密AES返回数据加密第三弹/img/2.png new file mode 100644 index 0000000..556b596 Binary files /dev/null and b/猿人学练习/57js加密AES返回数据加密第三弹/img/2.png differ diff --git a/猿人学练习/57js加密AES返回数据加密第三弹/img/3.png b/猿人学练习/57js加密AES返回数据加密第三弹/img/3.png new file mode 100644 index 0000000..45389b0 Binary files /dev/null and b/猿人学练习/57js加密AES返回数据加密第三弹/img/3.png differ diff --git a/猿人学练习/57js加密AES返回数据加密第三弹/img/4.png b/猿人学练习/57js加密AES返回数据加密第三弹/img/4.png new file mode 100644 index 0000000..db2fcbe Binary files /dev/null and b/猿人学练习/57js加密AES返回数据加密第三弹/img/4.png differ diff --git a/猿人学练习/57js加密AES返回数据加密第三弹/img/5.png b/猿人学练习/57js加密AES返回数据加密第三弹/img/5.png new file mode 100644 index 0000000..71d0efe Binary files /dev/null and b/猿人学练习/57js加密AES返回数据加密第三弹/img/5.png differ diff --git a/猿人学练习/57js加密AES返回数据加密第三弹/img/6.png b/猿人学练习/57js加密AES返回数据加密第三弹/img/6.png new file mode 100644 index 0000000..708829e Binary files /dev/null and b/猿人学练习/57js加密AES返回数据加密第三弹/img/6.png differ diff --git a/猿人学练习/57js加密AES返回数据加密第三弹/img/7.png b/猿人学练习/57js加密AES返回数据加密第三弹/img/7.png new file mode 100644 index 0000000..281d33f Binary files /dev/null and b/猿人学练习/57js加密AES返回数据加密第三弹/img/7.png differ diff --git a/猿人学练习/57js加密AES返回数据加密第三弹/img/8.png b/猿人学练习/57js加密AES返回数据加密第三弹/img/8.png new file mode 100644 index 0000000..eb6e860 Binary files /dev/null and b/猿人学练习/57js加密AES返回数据加密第三弹/img/8.png differ diff --git a/猿人学练习/57js加密AES返回数据加密第三弹/img/9.png b/猿人学练习/57js加密AES返回数据加密第三弹/img/9.png new file mode 100644 index 0000000..a69350a Binary files /dev/null and b/猿人学练习/57js加密AES返回数据加密第三弹/img/9.png differ diff --git a/猿人学练习/57js加密AES返回数据加密第三弹/main.py b/猿人学练习/57js加密AES返回数据加密第三弹/main.py index 550e8a1..61333ab 100644 --- a/猿人学练习/57js加密AES返回数据加密第三弹/main.py +++ b/猿人学练习/57js加密AES返回数据加密第三弹/main.py @@ -1,5 +1,16 @@ import requests -from des_encrypt import decrypt + + +def get_decrypt(key, data): + data = {"key": key, "data": data} + url = f"http://127.0.0.1:3005/sign_57" + session = requests.session() + headers = { + 'content-type': 'application/x-www-form-urlencoded; charset=UTF-8' + } + session.headers = headers + response = session.request("POST", url, data=data) + return response.json() def challenge57(page): @@ -18,19 +29,15 @@ def run(): data_num = 0 for page in range(1, 101): response_json = challenge57(page) - print(response_json) result = response_json.get('result') key = result[0:8] data = result[8:] - - decrypt_data_dict = decrypt(key, data) - print(decrypt_data_dict) + decrypt_data_dict = get_decrypt(key, data) data_list = decrypt_data_dict.get('data') print(data_list) for data in data_list: data_num += int(data.get('value')) print(data_num) - print(data_num) if __name__ == '__main__': diff --git a/猿人学练习/57js加密AES返回数据加密第三弹/readme.md b/猿人学练习/57js加密AES返回数据加密第三弹/readme.md index e69de29..7def83b 100644 --- a/猿人学练习/57js加密AES返回数据加密第三弹/readme.md +++ b/猿人学练习/57js加密AES返回数据加密第三弹/readme.md @@ -0,0 +1,85 @@ +# 知识点: DES加密,重写加密函数 + +## 解题思路 + +请求查看结果地址,发现是结果加密 + +![请求](./img/1.png) + +进入调试 + +![请求](./img/2.png) + +打断点,发现是`crypto-js`加密 + +![请求](./img/3.png) + +利用控制台查看变量值 + +![请求](./img/4.png) + +既然知道了`crypto-js`加密 + + var k = P('crypto-js') + , C = X + , q = k['enc']['Utf8']['parse'](C) + , v = k['AES']['decrypt'](l, q, { + 'mode': k['mode']['ECB'], + 'padding': k['pad']['Pkcs7'] + +编写js代码 + + const CryptoJS = require("crypto-js"); + + function I(X, l) { + var k = CryptoJS + , C = X + , q = k['enc']['Utf8']['parse'](C) + , v = k.AES.decrypt(l, q, { + 'mode': k['mode']['ECB'], + 'padding': k['pad']['Pkcs7'] + }); + return v['toString'](k['enc']['Utf8']); + } + + X = "lVyahWFq"; + L = "ohKADHk8zYXczliObcRsvE70kmTI2RiN94ZOxQgxbhQ7pueMCCcH7mnDZU2Tj2KwP0cqYgzsflRzt/Qls+efrZtGFaLomQw24v9FvIOso6lMYKrKtw5qP3b8d13G1tQXIuHILMMXDSrtUjX3vV+nUl7lV8KebHccY0STT0un12bMkODx2FTcv93sn2UHoBMTIWBM3CY+cQpOYEYB7iovImwasNLA5vsYxgntDuyxubvP5oi7FZPvHqtThy3gw9ivk+MyCBpW21Gr2aF/Wz/BHA10B5alDqSzP0cqYgzsflQCxHiUkgI+FptGFaLomQw2T1hUihgNUvLYnFuUWRJ6sw=="; + + console.log(I(X, L)); + +执行发现,报错 + + Error: Malformed UTF-8 data + +猜是魔改过的`CryptoJS`,下面进行单步调试 + +![请求](./img/9.png) + +控制台打印`q` + +![请求](./img/5.png) + +本地打印,输出值相同,没有问题 + +![请求](./img/6.png) + +继续调试 + +控制台打印`v` + +![请求](./img/7.png) + +本地打印,输出值不相同 + +![请求](./img/8.png) + +经过多次调试,发现是 k.AES.decrypt 存在魔改 + + v = k.AES.decrypt(l, q, { + 'mode': k['mode']['ECB'], + 'padding': k['pad']['Pkcs7'] + } + +应该是`DES`重写了`AES`函数, + + k.DES.decrypt \ No newline at end of file diff --git a/猿人学练习/57js加密AES返回数据加密第三弹/server.js b/猿人学练习/57js加密AES返回数据加密第三弹/server.js new file mode 100644 index 0000000..658e6c0 --- /dev/null +++ b/猿人学练习/57js加密AES返回数据加密第三弹/server.js @@ -0,0 +1,19 @@ +const express = require('express'); +const app = express(); +const encryption = require("./aes-test"); +var bodyParser = require('body-parser'); +app.use(bodyParser()); + + +app.post('/sign_57', function (req, res) { + let result = ''; + let key = req.body.key; + let data = req.body.data; + result = encryption.sign(key, data); + res.send(result.toString()); +}); + + +app.listen(3005, () => { + console.log("开启服务,端口 3005") +});