Article directory
Preface
Symmetric encryption uses the same key for encryption and decryption. Both parties receiving the information need to know the key and encryption and decryption algorithm in advance and the keys are the same. Then the data is encrypted and decrypted. Symmetric encryption algorithms are used to encrypt sensitive data and other information.
This article mainly talks about the summary of two common algorithms:
- DES: 56-bit key, gradually deprecated because the key is too short.
- AES: There are 128-bit, 192-bit, and 256-bit keys, which are more popular now. Longer keys can increase the difficulty and cost of cracking.
Summary of working modes
- ECB mode, the full name is Electronic Codebook mode, translated as electronic codebook mode, each data block is independently encrypted/decrypted
- CBC mode, the full name is Cipher Block Chaining mode, translated as cipher text group link mode
- First, the plaintext is divided into several small blocks, and then each small block is logically XORed with the initial block or the previous ciphertext segment, and then encrypted with the key. The first plaintext block is logically XORed with a data block called the initialization vector.
- CFB mode, the full name is Cipher FeedBack mode, translated as cipher text feedback mode
- OFB mode is the full name of Output Feedback mode, which is translated as output feedback mode.
- CTR mode, the full name is Counter mode, translated as counter mode.
iv: Prevent the same plaintext block from being encrypted into the same ciphertext block
Reference document: https://zhuanlan.zhihu.com/p/252551522
Statement
All content in this article is only for learning and communication, and is not used for any other purpose. The complete code is not provided. The packet capture content, sensitive URLs, data interfaces, etc. have been processed Desensitization, commercial and illegal use is strictly prohibited, otherwise the author has nothing to do with any consequences arising therefrom!
This article is prohibited from being reproduced without permission, and is prohibited from being redistributed after any modification. The author is not responsible for any accidents caused by the unauthorized use of the technology explained in this article. If there is any infringement, please contact the author immediately Delete
1. DES algorithm
1. Introduction to the algorithm
DES is a block encryption algorithm that encrypts data in 64-bit blocks. A set of 64 bits of plaintext is input from one end of the algorithm, and a 64-bit set of ciphertext is output from the other end. DES is a symmetric algorithm: the same algorithm is used for encryption and decryption (except for different key arrangements).
The length of the key is 56 bits (the key is usually represented as a 64-bit number, but every 8th bit is used for parity checking and can be ignored). The key can be any 56-digit number and can be changed at any time.
There are three entry parameters for the DES algorithm: Key, Data, and Mode. Among them, Key is 8 bytes and 64 bits in total, which is the working key of the DES algorithm; Data is also 8 bytes and 64 bits, which is the data to be encrypted or decrypted: Mode is the working mode of DES, and there are two types: Encryption or decrypt.
The working process of the DES algorithm: If the Mode is encryption, use the Key to encrypt the data Data, and generate the password form of the Data (64 bits) as the output result of DES; if the Mode is decryption, use the Key to encrypt the password The data in the form of Data is decrypted and restored to the plain form of Data (64 bits) as the output result of DES.
Simply put, the algorithm is just a basic technology of encryption. The basic building block of DES is a combination of these technologies. It acts on the plain text based on the key. This is the well-known round ( round). DES has 16 rounds, which means that the same combining technique is performed on the plaintext packets 16 times.
- mode supports: CBC, CFB, CTR, CTRGladman, ECB, OFB, etc.
- padding support: ZeroPadding, NoPadding, AnsiX923, Iso10126, Iso97971, Pkcs7, etc.
algorithm form
References:
- RFC 4772:https://datatracker.ietf.org/doc/rfc4772/
- DES Wikipedia: https://en.wikipedia.org/wiki/Data_Encryption_Standard
2. Javascript implementation
There are three entry parameters for the DES algorithm
- key、DATA、Mode、padding
- The key is 7 bytes and 56 bits in total, which is the working key of the DES algorithm.
- Data is 8 bytes and 64 bits, which is the data to be encrypted or decrypted.
- Mode is how DES works
- padding is padding mode. If the length of the encrypted ciphertext does not reach the specified integer multiple (8 bytes, 16 bytes), padding
// 引用 crypto-js 加密模块
var CryptoJS = require('crypto-js')
function desEncrypt() {
var key = CryptoJS.enc.Utf8.parse(desKey),
iv = CryptoJS.enc.Utf8.parse(desIv),
srcs = CryptoJS.enc.Utf8.parse(text),
// CBC 加密模式,Pkcs7 填充方式
encrypted = CryptoJS.DES.encrypt(srcs, key, {
iv: iv,
mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.Pkcs7
});
return encrypted.toString();
}
function desDecrypt() {
var key = CryptoJS.enc.Utf8.parse(desKey),
iv = CryptoJS.enc.Utf8.parse(desIv),
srcs = encryptedData,
// CBC 加密模式,Pkcs7 填充方式
decrypted = CryptoJS.DES.decrypt(srcs, key, {
iv: iv,
mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.Pkcs7
});
return decrypted.toString(CryptoJS.enc.Utf8);
}
var text = "I love Python!" // 待加密对象
var desKey = "6f726c64f2c2057" // 密钥
var desIv = "0123456789ABCDEF" // 初始向量
var encryptedData = desEncrypt()
var decryptedData = desDecrypt()
console.log("加密字符串: ", encryptedData)
console.log("解密字符串: ", decryptedData)
// 加密字符串: +ndbEkWNw2QAfIYQtwC14w==
// 解密字符串: I love Python!
3. python implementation
First you need to import the installation package
pip install pyDes
Code
import binascii
# 加密模式 CBC,填充方式 PAD_PKCS5
from pyDes import des, CBC, PAD_PKCS5
def des_encrypt(key, text, iv):
k = des(key, CBC, iv, pad=None, padmode=PAD_PKCS5)
en = k.encrypt(text, padmode=PAD_PKCS5)
return binascii.b2a_hex(en)
def des_decrypt(key, text, iv):
k = des(key, CBC, iv, pad=None, padmode=PAD_PKCS5)
de = k.decrypt(binascii.a2b_hex(text), padmode=PAD_PKCS5)
return de
if __name__ == '__main__':
secret_key = '12345678' # 密钥
text = 'hello world' # 加密对象
iv = secret_key # 偏移量
secret_str = des_encrypt(secret_key, text, iv)
print('加密字符串:', secret_str)
clear_str = des_decrypt(secret_key, secret_str, iv)
print('解密字符串:', clear_str)
# 加密字符串:b'302d3abf2421169239f829b38a9545f1'
# 解密字符串:b'I love Python!'
2. AES algorithm
Environment installation
pip install pycryptodome -i pip源
1. Introduction to the algorithm
Introduction: The full name is Advanced Encryption Standard (English name: Advanced Encryption Standard), also known as Rijndael encryption method in cryptography. It was released by the National Institute of Standards and Technology (NIST) in 2001 and became an effective standard in 2002. It is a block encryption standard adopted by the U.S. federal government. This standard is used to replace the original DES. It has been analyzed by many parties and is widely used around the world. It has only one key, which is used to implement encryption and decryption.
- mode supports: CBC, CFB, CTR, CTRGladman, ECB, OFB, etc.
- padding support: ZeroPadding, NoPadding, AnsiX923, Iso10126, Iso97971, Pkcs7, etc.
References:
- RFC 3268:https://datatracker.ietf.org/doc/rfc3268/
- AES Wikipedia: https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
Parameter definition:
- key length (key digits, password length) AES128, AES192, AES256 (128 bits, 192 bits or 256 bits)
- key (key, password) key refers to the password, AES128 is 128 bits, if there are not enough digits, some libraries may automatically fill in to 128.
- IV (vector) IV is called the initial vector. The encrypted strings of different IVs are different. The same IV is required for encryption and decryption.
- mode (encryption mode) AES is divided into several modes, such as ECB, CBC, CFB, etc. Except for ECB, which is not very secure because it does not use IV, the differences between these modes are not too obvious.
- padding (padding method) needs to use the same PADDING mode for encryption and decryption. Most PADDING modes are PKCS5, PKCS7, and NOPADDING.
Encryption principle:
The AES encryption algorithm uses a block cipher system. The length of each block data is 128 bits and 16 bytes. The key length can be 128 bits and 16 bytes, 192 bits or 256 bits. There are four encryption modes in total. We usually use CBC mode that requires an initialization vector IV, the length of the initialization vector is also 128 bits and 16 bytes.
2. Javascript implementation
// 引用 crypto-js 加密模块
var CryptoJS = require('crypto-js')
function tripleAesEncrypt() {
var key = CryptoJS.enc.Utf8.parse(aesKey),
iv = CryptoJS.enc.Utf8.parse(aesIv),
srcs = CryptoJS.enc.Utf8.parse(text),
// CBC 加密方式,Pkcs7 填充方式
encrypted = CryptoJS.AES.encrypt(srcs, key, {
iv: iv,
mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.Pkcs7
});
return encrypted.toString();
}
function tripleAesDecrypt() {
var key = CryptoJS.enc.Utf8.parse(aesKey),
iv = CryptoJS.enc.Utf8.parse(aesIv),
srcs = encryptedData,
// CBC 加密方式,Pkcs7 填充方式
decrypted = CryptoJS.AES.decrypt(srcs, key, {
iv: iv,
mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.Pkcs7
});
return decrypted.toString(CryptoJS.enc.Utf8);
}
var text = "I love Python!" // 待加密对象
var aesKey = "6f726c64f2c2057c" // 密钥,16 倍数
var aesIv = "0123456789ABCDEF" // 偏移量,16 倍数
var encryptedData = tripleAesEncrypt()
var decryptedData = tripleAesDecrypt()
console.log("加密字符串: ", encryptedData)
console.log("解密字符串: ", decryptedData)
// 加密字符串: dZL7TLJR786VGvuUvqYGoQ==
// 解密字符串: I love Python!
3. Case analysis
1. Case DES algorithm
- Reverse target: Ye Eun
First confirm the interface
and analyze its preview into ciphertext
Directly analyze the launcher
Found a callback function, set a breakpoint to test to see if it is the required position
Stopped , and then analyze the ternary expression of this piece, webInstace.shell(e) is the required place, enter
and find that it is an AST obfuscated code
And at the bottom of the code webInstace = new webDES();
The basic encryption method is DES encryption
Because there are only more than 2,000 lines, I am lazy, so I choose to select them all. , and then patch the environment
and then find the following error message
Go to the console to see what it is
patch JS Environment, normal data was obtained
The results are as follows
2. Case AES algorithm
- Reverse goal: National construction market supervision service platform
Check the reverse target and process the packet capture
The packet capture results can be analyzed. This interface data is hexadecimal-encoded data. If it needs to be collected, it needs to use an algorithm. Analysis
For websites with data encryption, first look at the launcher to analyze the JS file, and then search globally for json.parse(, generally the encrypted data returned by the background will be type converted.
Data confirmation
From here you can find that t.data is the data returned by the background, h is the method in JavaScript, and the data becomes plain text after h, so you need to analyze the h method first
After review and analysis, the h method is an algorithm, and you can try to use the standard algorithm first
Javascript reverse engineering
var CryptoJS = require('crypto-js');
function h(t) {
f = CryptoJS.enc.Utf8.parse("jo8j9wGw%6HbxfFn")
m = CryptoJS.enc.Utf8.parse("0123456789ABCDEF");
var key = e = CryptoJS.enc.Hex.parse(t)
n = CryptoJS.enc.Base64.stringify(e)
var decrypt = CryptoJS.AES.decrypt(n, f,{
iv: m,
mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.Pkcs7
});
return decrypt.toString(CryptoJS.enc.Utf8).toString();
}
Result test
Write at the end:
My writing level is limited. If there are any explanations that are not in place or wrong, please give me some advice in the comment area and we can make progress together. If there is any If you need code and explanation communication, you can add me on WeChat 18847868809