Notice! ! ! ! The reverse example of a government website is only used as a learning case, and other individuals and groups are prohibited from making profit! ! ! !
case analysis
Step 1: The figure marked below is to get the request breakpoint, and the breakpoint comes from the request url
Step 2: It’s a bit of metaphysics (I have little knowledge, so I will manually implement the response throughout the article and you can see some important information in this process). Manually implement the response process after the breakpoint
Step 3: By manually performing the next step, you will get the content of each step after the operation (the same as debugging debug)
Step 4: From a large list of response content to the normal content of the page, call the fm(t) function, put the mouse on this position, and get the relevant .js file. just click in
Step 5: Show me: fm(t) function. Through this function, you can be sure that the AES CBC mode pkcs7 padding is used. As can be seen from the figure below, f is the key, h is the offset (vi), and n is a large string of contents wrapped by hex and base64
Step 6: Execute step by step, and you can see the key process from "garbled characters" to content.
the code
Python AES part reference https://blog.csdn.net/yt_xy/article/details/108863258 blogger
# 十六进制转base64
import codecs
hex_string = '' # 十六进制数值
b64_string = codecs.encode(codecs.decode(hex_string, 'hex'), 'base64').decode()
# 解密
# !!!!!!!!
# 本人参考https://blog.csdn.net/yt_xy/article/details/108863258 博主
from Crypto.Cipher import AES
import base64
class Encrypt:
def __init__(self, key, iv):
self.key = key.encode('utf-8')
self.iv = iv.encode('utf-8')
# @staticmethod
def pkcs7padding(self, text):
"""明文使用PKCS7填充 """
bs = 16
length = len(text)
bytes_length = len(text.encode('utf-8'))
padding_size = length if (bytes_length == length) else bytes_length
padding = bs - padding_size % bs
padding_text = chr(padding) * padding
self.coding = chr(padding)
return text + padding_text
def aes_encrypt(self, content):
""" AES加密 """
cipher = AES.new(self.key, AES.MODE_CBC, self.iv)
# 处理明文
content_padding = self.pkcs7padding(content)
# 加密
encrypt_bytes = cipher.encrypt(content_padding.encode('utf-8'))
# 重新编码
result = str(base64.b64encode(encrypt_bytes), encoding='utf-8')
return result
def aes_decrypt(self, content):
"""AES解密 """
self.pkcs7padding(content)
cipher = AES.new(self.key, AES.MODE_CBC, self.iv)
content = base64.b64decode(content)
text = cipher.decrypt(content).decode('utf-8')
return text.rstrip(self.coding)
if __name__ == '__main__':
key = '******'
iv = '****'
a = Encrypt(key=key, iv=iv)
d = a.aes_decrypt(b64_string)
print("解密:", d)