Internet to see dat file to crack, but are java and python, and did not see the JS
she had some interest, it intends to achieve with JS. Node platform is the
article in accordance with the terms of the process, to facilitate understanding. If you want to direct implementation of the code, please pull the end.
1. Review the encrypted files
Micro letter dat image files in xxxx/FileStorage/Imagethe directory
must first view the encrypted dat file. Directly open is certainly not, because it is binary data, so it is necessary to open a hex.
If you are using VS Code, it is very convenient, direct ctrl + shift + xopen-ons store search hexdump for VSCode , with this plugin you can easily view files in hex code VSCode above:
Then open the file with VScode, right click on the file Show Hexdumpyou can view the hex:
2. Get XORed
Micro letter how dat file is encrypted? The principle is simple: the content of the document is the exclusive OR operation by a certain value to be encrypted, so we have to calculate its XOR value.
JPG picture files are at the beginning FF D8 FF E0 00 10 4A 46 49 46so we can first use the FF D8 FFfirst test calculations. (Most of the files are jpg, png course, there exists a small number of files, you can try a few dat file)
certainly do not have to calculate, we open the WIN10 own calculator, switch to programmer mode hex XOR operation
just beginning hex file is open 5B 7C 5B, so let 5B 7C 5Band FF D8 FFXOR-like:
the outcome is A4 A4 A4obvious, XOR value is A4(hex)that is can be decrypted by XOR value and the original dat file files
Everyone XOR value may be different
3. file parsing code
console.time('完成,耗时');
var fs = require('fs');
var xor = 'a4a4a4a4a4'; //异或值(十六进制)
xor = hexToBin(xor);
var dataPath = './0c9a14c9d42da570d3ea13466be20608.dat'; //要解密的文件路径
var resPath = './res.'; //存放路径
var xorLen = 2;
//读取文件,获取到十六进制数据
fs.readFile(dataPath, { encoding: 'hex' }, function (err, data /** 加密后的十六进制数据*/) {
if (err) {
console.log(err);
} else {
var res = handleEncrypted(data, xor); //解密后的十六进制数据
var extension = getNameExtension(res.substring(0,4));
var hex = Buffer.from(res, 'hex'); //转为十六进制
fs.writeFile(resPath + extension, hex, function (err) {
if (err) {
console.log('出错:', err);
}
console.timeEnd('完成,耗时');
})
}
})
//解密加密数据
function handleEncrypted(strEncrypted) {
//先获取异或值(仅限于jpg文件)
// getXor(strEncrypted.substring(0, 4));
let strLength = strEncrypted.length;
var source = '';
var list = [];
for (var i = 0; i < strLength; i = i + xorLen) {
var str = strEncrypted.substring(0, xorLen);
strEncrypted = strEncrypted.substring(xorLen);
var res = getResult(str);
list.push(res);
}
source = list.join('');
return source;
}
//获取异或值
function getXor(str) {
xor = 'ffd8';
xor = getResult(str);
return;
}
//获取文件名后缀
function getNameExtension(hex) {
var str = hex.substring(0, 4);
var res = dataHead.find(function (item) {
return item.hex === hex;
}).name
return res;
}
//十六进制转二进制
function hexToBin(str) {
let hex_array = [{ hex: '0', bin: "0000" }, { hex: '1', bin: "0001" }, { hex: '2', bin: "0010" }, { hex: '3', bin: "0011" }, { hex: '4', bin: "0100" }, { hex: '5', bin: "0101" }, { hex: '6', bin: "0110" }, { hex: '7', bin: "0111" },
{ hex: '8', bin: "1000" }, { hex: '9', bin: "1001" }, { hex: 'a', bin: "1010" }, { hex: 'b', bin: "1011" }, { hex: 'c', bin: "1100" }, { hex: 'd', bin: "1101" }, { hex: 'e', bin: "1110" }, { hex: 'f', bin: "1111" }];
let value = "";
for (let i = 0; i < str.length; i++) {
value += hex_array.find(function (item) {
return item.hex == str[i];
}).bin;
}
return value;
}
//二进制转十六进制
function binToHex(str) {
let hex_array = [{ hex: '0', bin: "0000" }, { hex: '1', bin: "0001" }, { hex: '2', bin: "0010" }, { hex: '3', bin: "0011" }, { hex: '4', bin: "0100" }, { hex: '5', bin: "0101" }, { hex: '6', bin: "0110" }, { hex: '7', bin: "0111" },
{ hex: '8', bin: "1000" }, { hex: '9', bin: "1001" }, { hex: 'a', bin: "1010" }, { hex: 'b', bin: "1011" }, { hex: 'c', bin: "1100" }, { hex: 'd', bin: "1101" }, { hex: 'e', bin: "1110" }, { hex: 'f', bin: "1111" }];
let value = '';
let list = [];
while (str.length > 4) {
list.push(str.substring(0, 4));
str = str.substring(4);
}
list.push(str);
for (let i = 0; i < list.length; i++) {
value += hex_array.find(function (item) {
return item.bin == list[i];
}).hex;
}
return value;
}
//获取计算结果
function getResult(a) {
let A = hexToBin(a);
let B = xor;
let d = "";
for (let i = 0; i < A.length; i++) {
if (A[i] === B[i]) {
d = d.concat('0');
} else {
d = d.concat('1');
}
}
return binToHex(d);
}
//扩展名-十六进制表
var dataHead = [
{
name: 'jpg',
hex: 'ffd8'
},
{
name: 'png',
hex: '8950'
},
{
name: 'gif',
hex: '4749'
}
]
In fact, I write the code is not very good, a lot of places did not do optimization, as well as batch processing not realize this, and so free the blog will be updated, if possible, will be packaged into exe files.
