foreword
Encountered many times data encryption situation. Before, I saw how others debug the front-end, and then reversely obtain the key to decrypt the traffic. This time, I will give you a practical experience.
One, the reverse
Our goal is a letter applet.
First, let's take a look at the request traffic of this applet. When a normal person looks at it and can't figure out what is being transmitted at a glance, we can basically conclude that it encrypts the traffic.
Then we look at the return request - still confused:
After the above two pictures, it can be judged that there is traffic encryption in this applet. As for global traffic encryption or partial traffic encryption, this can only be determined after analysis.
If only part of the traffic is encrypted, you can also test to see if there are any fish that have slipped through the net. If it is global traffic encryption, you must reverse the source code of the applet and then analyze it.
For the reverse of a letter applet, a fairy simulator plus a 6.X version of a letter is used. Because the higher version of Android and the certain letter no longer trust the system certificate, which will cause the situation that the package cannot be captured, so use the Android 5 plus 6.X version of the certain letter.
Referring to the article on the Internet, I got the wxapkg file of the applet from the simulator. This file is located in my environment:
/data/data/com.tencent.mm/MicroMsg/7e3e7c**********706/appbrand/pkg
Because there are many small programs, I don't know which one is the target file. Download all these wxapkg files through adb, and then extract the source code from the wxapkg file. Here, use wxappUnpacker to extract it with one click:
The source code file structure of the obtained target applet is as follows, and then the analysis phase is entered.
2. Analytical
[Click
to view] 1. Network security learning route
2. E-books (white hats)
3. Internal video of security companies4,
100 src documents5
, common security interview questions6in
ctfcompetitions , emergency response notes
Enter the code audit link to analyze the front-end code algorithm.
The above applet is reversed, and the obtained source code structure is as follows:
Because I have not analyzed a certain letter applet before, here I first learned some basic knowledge of the applet. There are two key points. The first one is app.js. This file is the entry file of the entire project. A small program is registered through the App() method, and the life cycle of the entire program is determined.
The second is module.exports, the modularization of a letter applet. Personal understanding is the method exposed to the outside world, which can be used by other methods to call this module, similar to the public method.
After understanding the above two points, go back to the source code of the project itself. By browsing the entire file structure, it is found that the encryption method definitions are located in the /utils file.
What needs to be paid attention to is the encrypt.js file, which defines the encryption and decryption methods for traffic. code directly.
From the above code, we can see that encrypt.js exposes two methods of encrypt and decrypt through module.exports. These two should be the methods used to encrypt and decrypt traffic. Let's analyze the encrypt function first:
The Encrypt function passes two parameters e and n, and then assigns the parameter n to s after being processed by the r function, where the content of the r function is as follows. In order to secure the strings inside, the interception length has been modified, which is different from the original program:
The r function intercepts a section of the passed parameter and then splices it with the string, then uses the SHA256 function to sign, and then intercepts the middle part, converts the letters to uppercase, and returns.
Going back to the encrypt function, the key for AES encryption and decryption stored in the variable i is written in the code in a hard-coded way. Then the variable u stores the formatted s variable, and the variable c stores the formatted parameter e.
Then comes the encryption part.
Let's first understand the encryption of AES. There are different modes for AES, the CBC mode is used in this program. In this mode, the plaintext is first divided into several small segments, and then each small segment is XORed with the initial block or the ciphertext segment of the previous segment, and then combined with the ciphertext segment of the previous segment. key to encrypt.
In the process of encryption and decryption using CBC mode, an initial vector needs to be defined. The initial vector is used for random data encryption, and the effect is to pass the same key for the same plaintext. Different initial vectors can produce different ciphertexts.
Back to the code itself. It can be seen that the encrypt function calls the encrypt method of the AES module for encryption, and the passed parameters are c plaintext, i key, and then the variable u represents the initial vector, which is encrypted in CBC mode.
After analyzing the Encrypt function, look at the decrypt function again, and the code above:
The Decrypt function still passes two parameters e, s, and then processes the parameter e through the formatString function. The specific content of the formString function is as follows, and the e parameter is processed to remove newlines and spaces:
The variable i still stores the parameter s processed by the r function, the variable u stores the formatted key, and the variable c stores the formatted variable i. Finally, the decrypt function of the AES module is called to decrypt, and the result is stored in the variable o.
Parameter transmission for decryption, e ciphertext, u key, c initialization vector, decrypt in CBC mode. Here the initialization vectors for encryption and decryption are handled by the r function.
In the above analysis, encryption and decryption pass two parameters, and then one of the parameters is used to generate the initial vector. Because this parameter is not fixed in the above process, it is necessary to analyze the source of this parameter so that the entire data can be completely decrypted.
Going back to the project itself, a request.js file is introduced in app.js, in which the http request method is encapsulated, and the interface is exposed externally:
In line 108, there is a piece of code:
r=(0,n.encrypt)(JSON.stringify(r),d)
This code should call the encryption function to encrypt the request data. Two parameters are passed here, where the d parameter is the parameter used to generate the iv vector in the encryption process, and at the end of line 103, you can see that the source of the d parameter is the function getRandomUuid. Let's take a look at the contents of this function:
What this function does is just generate a random string and return it. But in the 105th line of code in the previous picture, this d is assigned to i.uuid. When we first looked at the request packet, there was a uuid field in the request body of the http request:
So it can be confirmed that the field of this uuid is the parameter used to generate the iv vector.
Then continue to follow up with our code. After the traffic is encrypted, a c function will be called, and then return. So we need to look at the specific content of this c function, because the decryption process should be in this c function:
Send an http request at line 61. If the request successfully enters the callback function, the data is decrypted. This decryption shows that the passed parameter c.uuid is the uuid field in the request packet.
3. Decryption
The analysis of the whole applet is basically over here. Next, you only need to write a decryption script according to the above key, iv vector generation, algorithm, etc.
For high (tou) efficiency (lan) for (mo) industry (yu), the PHP version of the AES decryption script that was previously developed and written was modified and modified. The final effect is as follows:
Enter the uuid parameter and the ciphertext, click decrypt and return to the plaintext, modify the plaintext and click encrypt to return the ciphertext.
Decryption of the returned packet:
Well, the traffic encryption analysis of this applet is all over.