Article directory
Preface
Unlike symmetric encryption algorithms, asymmetric encryption algorithms require two keys: public key and private key. The public key and the private key are a pair. If the public key is used to encrypt data, only the corresponding private key can be used to decrypt it; if the private key is used to encrypt the data, then only the corresponding public key can be used to decrypt it. Decrypt. Because encryption and decryption use two different keys, this algorithm is called an asymmetric encryption algorithm.
Statement
All content in this article is only for learning and communication, and is not used for any other purpose. The complete code is not provided. The packet capture content, sensitive URLs, data interfaces, etc. have been processed Desensitization, commercial and illegal use is strictly prohibited, otherwise the author has nothing to do with any consequences arising therefrom!
This article is prohibited from being reproduced without permission, and is prohibited from being redistributed after any modification. The author is not responsible for any accidents caused by the unauthorized use of the technology explained in this article. If there is any infringement, please contact the author immediately Delete
1. Introduction to asymmetric encryption
- Common asymmetric encryption algorithms are RSA and DSA.
- The private key of the asymmetric encryption algorithm is held by the data recipient and will not be transmitted on the network, ensuring the security of the key.
- Asymmetric encryption algorithms are usually more computationally complex than symmetric encryption algorithms and have high performance consumption.
- Asymmetric encryption algorithms can be used for digital signatures.
- Common asymmetric encryption algorithms are RSA and DSA.
- The private key of the asymmetric encryption algorithm is held by the data recipient and will not be transmitted on the network, ensuring the security of the key.
- Asymmetric encryption algorithms are usually more computationally complex than symmetric encryption algorithms and have high performance consumption.
- Asymmetric encryption algorithms can be used for digital signatures.
- When used, public key encryption is used and private key decryption is used. The public key can be made public and the private key is kept by itself.
- The strength of the algorithm is complex, and security depends on the algorithm and key. However, due to the complexity of the algorithm, the encryption and decryption speed is slower than symmetric encryption.
2. Asymmetric features
Common JavaScript debugging algorithms
- Search keywords new JSEncrypt(), JSEncrypt, etc. Generally, the JSEncrypt library will be used, and there will be an operation of new an instance object;
- Search for the keywords setPublicKey, setKey, setPrivateKey, getPublicKey, etc. Generally, the implemented code contains the process of setting the key.
The private key, public key, plaintext, and ciphertext lengths of RSA also have a certain corresponding relationship, and you can also make a preliminary judgment from this aspect:
Private key length | Public key length | Plaintext length | Ciphertext length |
---|---|---|---|
428 | 128 | 1~53 | 88 |
812 | 216 | 1~117 | 172 |
1588 | 392 | 1~245 | 344 |
1. Javascript implementation
// npm install node-rsa --save
// 引用 node-rsa 加密模块
var NodeRSA = require('node-rsa');
function rsaEncrypt() {
pubKey = new NodeRSA(publicKey,'pkcs8-public');
var encryptedData = pubKey.encrypt(text, 'base64');
return encryptedData
}
function rsaDecrypt() {
priKey = new NodeRSA(privatekey,'pkcs8-private');
var decryptedData = priKey.decrypt(encryptedData, 'utf8');
return decryptedData
}
var key = new NodeRSA({
b: 512}); //生成512位秘钥
var publicKey = key.exportKey('pkcs8-public'); //导出公钥
var privatekey = key.exportKey('pkcs8-private'); //导出私钥
var text = "I love Python!"
var encryptedData = rsaEncrypt()
var decryptedData = rsaDecrypt()
console.log("公钥:\n", publicKey)
console.log("私钥:\n", privatekey)
console.log("加密字符串: ", encryptedData)
console.log("解密字符串: ", decryptedData)
2. python implementation
Module:rsa
import rsa
import base64
def rsa_encrypt(pu_key, t):
# 公钥加密
rsas = rsa.encrypt(t.encode("utf-8"), pu_key)
return base64.b64encode(rsas)
def rsa_decrypt(pr_key, t):
# 私钥解密
rsas = rsa.decrypt(base64.b64decode(t), pr_key).decode("utf-8")
return rsas
if __name__ == "__main__":
public_key, private_key = rsa.newkeys(512) # 生成公钥、私钥
print('公钥:', public_key)
print('私钥:', private_key)
text = 'I love Python!' # 加密对象
encrypted_str = rsa_encrypt(public_key, text)
print('加密字符串:', encrypted_str)
decrypted_str = rsa_decrypt(private_key, encrypted_str)
print('解密字符串:', decrypted_str)
3. Case analysis
1. RSA reverse analysis
- Reverse goal: Fangtianxia login
- Reverse parameter: form data
First perform packet capture analysis
Then enter the source code directly from the launcher
If you feel that you have found the form information, break the point and test it. We paused and tested the code to see if it is the data pwd we need
Basic confirmation, this is the location we need, search for key_to_encode
Then analyze the encryptedString algorithm part
and determine that the encryption part of the algorithm is the JS part
There are only more than 400 lines in total, so I chose to deduct all JS
Result Test
2. Multi-layer nested encryption case analysis
- Reverse goal: Microflow cloud platform login
Analyze the target, capture the packet, and find that there are two addresses that need to be analyzed
After checking and analyzing, it is found that the address Token contains the parameter address code to return the public key and item2 parameters a>
Analyze the Token and log in directly from the launcher
Directly see the encryption part at a glance
Set breakpoints for debugging and analysis< /span> to test the result< /span> and pass it in pull the slider to get the background public key item1 and item2 with time and reverse analyzed. Just is the part we need to reverse. Obviously, after password is encrypted by sha512, it is encrypted by RSA. var encrypted = encrypt.encrypt(pubCode + sha512(password)); encrypt.setPublicKey(pub);
var encrypt = new JSEncrypt();
Summary process notes:
https://api.wei-liu.com/api/v1/Token/code
item1: “-----BEGIN PUBLIC KEY-----\r\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo0nnZ/9wVN7HV/VeepE3\r\nIVAlAT6n1fmkXrHxbA08Olv+nYp7QlTW3heOEsOWTEMKRcYU1xAIMwt7pZ+qbyFD\r\nitnHkQUqneYs6PKeK2nDxGXR4MIRUz/MFJ4I3QRzmmklFPkJpfxnL0HnwNHw0fm4\r\nuX3GD9qxEcVsqSdhQMvgrW7gFQMD9tSiaXflgyQv1CZjCPNW2xSpWVoFl0+ODpFT\r\nsEmEt+uRiBD1ZVJnTVTCI0txqFLzFw/JwhUcUgflFRovtkcXTU+8aUCtnAAW019U\r\n5Anw6S4S6Ct2PTO0ZFwRNgjboRmT/0x/zdUfn/h6otQSllRfdqF1RVG4HoDf1U0s\r\neQIDAQAB\r\n-----END
PUBLIC KEY-----”
item2: “fcb20f51535b41179e2facaa4c7147df”Analyze JS and confirm the analysis location
var encrypt = new JSEncrypt(); encrypt.setPublicKey(pub); var
encrypted = encrypt.encrypt(pubCode + sha512(password));Basically, it can be confirmed that item1 is a public key file. After analyzing JS, we can get that pubcode is the parameter passed in by item2. That is, these two parameters are returned by the backend.
It was found that this case is multi-layer nested encryption sha512+RSA encryption
Write at the end:
My writing level is limited. If there are any explanations that are not in place or wrong, please give me some advice in the comment area and we can make progress together. If there is any If you need code and explanation communication, you can add me on WeChat 18847868809