JS reverse | turned out, we have btoa for atob and misunderstanding? Base64 more than that simple!

Disclaimer: This article is only for study and research, is prohibited for illegal purposes, or peril, if infringement, please inform delete, thank you!

introduction

 The story is this, a reader friends need to simulate a web site login:
 aHR0cDovL3d3dy56bGRzai5jb20v

 I went in and saw very simple ah, not that RSA encryption it?

 Tiger fierce meal operation, involving the whole RSA buckle down, and then replaced in Python base64.b64encode btoa function call with (due to NoPadding herein RSA encryption mode, and therefore the same plaintext is encrypted ciphertext return the same specifically related .RSA is beyond the scope of this article, the back will be out a detailed tutorial), comparison of the results is as follows:

 ah? Why not the same result? Checked the code, and did not check to determine what the browser environment, overturned ...
 Just at this time, and a reader asked me a question, why the following two will be different? Interested free to try:

"IcORUmfDlcOPDsOSwr06fMKgBMKcTQ=="

 Is the JS atob and btoa, not equal to the Python base64 in b64decode and b64encode it?

Principle Analysis

 If you are interested to see answers can skip this section.

 btoa atob are two functions and the window object, wherein btoa is binary to ASCII, binary data for represented by ASCII code, i.e. Base64 encoding process, and is atob binary to ASCII, the ASCII code for resolves binary data, i.e. Base64 decoding process of ^[1]

 We all know the basic ASCII code, we have talked about what the next binary yes.

 binary 是JS字符集的另外一个子集，它类似于 ASCII 字符集，但是字符的码点(charCode)不再限制到 127， 它包含了255 以内的字符。binary string设计的目的不是用于代表字符， 而是代表二进制数据。由 binary string 代表的二进制数据大小是原始数据的两倍，然而这对于最终用户是不可见的， 因为JavaScript strings 的长度是以2字节为单位进行计算的。比如， “Hello world” 这个字符串属于 ASCII 子集, 而 ÀÈÌÒÙ 不属于ASCII码^[2]，但属于binary。

 所以btoa和atob其实还涉及了编码问题，我们只需要找出相同编码进行替换即可。在node.js环境中，提供了一个 Buffer 类，用于操作二进制及Base64转码。而在Python环境中，有一个 Latin1 编码^[3]与JS的binary相同，因此可以构造代码了。

代码实现

一、node.js环境

 1.直接安装btoa-atob库（不推荐）

 2.通过Buffer类实现转换

// atob
var s = new Buffer.from("待解码的字符", "base64").toString("binary")
// btoa
var s = new Buffer.from("待编码的字符", "binary").toString("base64")

二、Python环境

 通过Latin1编码进行转换

import base64
# atob
s = base64.b64decode("待解码的字符".encode("utf8")).decode("latin1")
# btoa
s = base64.b64encode("待编码的字符".encode("latin1")).decode("utf8")

三、成果展示

参考资料

[1] https://my.oschina.net/itblog/blog/1613977
[2] https://developer.mozilla.org/zh-CN/docs/Web/API/DOMString/Binary
[3] https://baike.baidu.com/item/latin1/1183590?fr=aladdin

 欢迎关注我的公众号“逆向新手”，逆向系列将持续更新！