夜雨聆风
浅探APP
脱壳反编译查找加密逻辑
package com.mob.tools.utils;import android.text.TextUtils;import android.util.Base64;import com.mob.commons.p;import com.mob.commons.t;import com.mob.tools.MobLog;import com.mob.tools.proguard.PublicMemberKeeper;import java.io.ByteArrayInputStream;import java.io.File;import java.io.FileInputStream;import java.io.InputStream;import java.io.OutputStream;import java.net.URLEncoder;import java.security.MessageDigest;import java.security.Provider;import java.security.Security;import java.util.zip.CRC32;import javax.crypto.Cipher;import javax.crypto.CipherInputStream;import javax.crypto.spec.SecretKeySpec;import org.apache.commons.lang3.StringUtils;/* loaded from: C:\Users\A\Desktop\新建文件夹 (3)\APP\classes9.dex */public class Data implements PublicMemberKeeper {public static String AES128Decode(String str, byte[] bArr) throws Throwable {if (str == null || bArr == null) {return null;}return new String(AES128Decode(str.getBytes("UTF-8"), bArr), "UTF-8");}public static byte[] AES128Encode(String str, String str2) throws Throwable {if (str == null || str2 == null) {return null;}byte[] bytes = str.getBytes("UTF-8");byte[] bArr = new byte[16];System.arraycopy(bytes, 0, bArr, 0, Math.min(bytes.length, 16));byte[] bytes2 = str2.getBytes("UTF-8");SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, p.b("003Odkfddi"));Cipher cipher = getCipher(p.b("003Gdkfddi") + p.b("003k:fdfg") + p.b("008%eh)k:fhgjfgdihhfh") + p.b("006c[cbcbch]d dd"), p.b("0024ehfg"));cipher.init(1, secretKeySpec);byte[] bArr2 = new byte[cipher.getOutputSize(bytes2.length)];cipher.doFinal(bArr2, cipher.update(bytes2, 0, bytes2.length, bArr2, 0));return bArr2;}public static String AES128PaddingDecode(byte[] bArr, byte[] bArr2) throws Throwable {if (bArr == null || bArr2 == null) {return null;}byte[] bArr3 = new byte[16];System.arraycopy(bArr, 0, bArr3, 0, Math.min(bArr.length, 16));SecretKeySpec secretKeySpec = new SecretKeySpec(bArr3, p.b("003Sdkfddi"));Cipher cipher = getCipher(p.b("003Zdkfddi") + p.b("003k@fdfg") + p.b("008EehPkMfhgjfgdihhfh") + p.b("006cHcbcbch)d]dd"), p.b("002$ehfg"));cipher.init(2, secretKeySpec);return new String(cipher.doFinal(bArr2), "UTF-8");}@Deprecatedpublic static String Base64AES(String str, String str2) {if (str == null || str2 == null) {return null;}try {String encodeToString = Base64.encodeToString(AES128Encode(str2, str), 0);return (!TextUtils.isEmpty(encodeToString) && encodeToString.contains(StringUtils.LF)) ? encodeToString.replace(StringUtils.LF, "") : encodeToString;} catch (Throwable th) {MobLog.getInstance().w(th);return null;}}public static String CRC32(byte[] bArr) throws Throwable {CRC32 crc32 = new CRC32();crc32.update(bArr);long value = crc32.getValue();StringBuilder sb = new StringBuilder();sb.append(String.format("%02x", Integer.valueOf(((byte) (value >>> 56)) & 255)));sb.append(String.format("%02x", Integer.valueOf(((byte) (value >>> 48)) & 255)));sb.append(String.format("%02x", Integer.valueOf(((byte) (value >>> 40)) & 255)));sb.append(String.format("%02x", Integer.valueOf(((byte) (value >>> 32)) & 255)));sb.append(String.format("%02x", Integer.valueOf(((byte) (value >>> 24)) & 255)));sb.append(String.format("%02x", Integer.valueOf(((byte) (value >>> 16)) & 255)));sb.append(String.format("%02x", Integer.valueOf(((byte) (value >>> 8)) & 255)));sb.append(String.format("%02x", Integer.valueOf(((byte) value) & 255)));while (sb.charAt(0) == '0') {sb = sb.deleteCharAt(0);}return sb.toString().toLowerCase();}public static String MD5(String str) {byte[] rawMD5;if (str == null || (rawMD5 = rawMD5(str)) == null) {return null;}return a(rawMD5);}public static byte[] SHA1(String str) throws Throwable {if (TextUtils.isEmpty(str)) {return null;}return SHA1(str.getBytes("utf-8"));}private static String a(byte[] bArr) {StringBuffer stringBuffer = new StringBuffer();for (byte b2 : bArr) {stringBuffer.append(String.format("%02x", Byte.valueOf(b2)));}return stringBuffer.toString();}public static String byteToHex(byte[] bArr) {return byteToHex(bArr, 0, bArr.length);}public static Cipher getCipher(String str, String str2) throws Throwable {Cipher cipher = null;if (!TextUtils.isEmpty(str2)) {try {Provider provider = Security.getProvider(str2);if (provider != null) {cipher = Cipher.getInstance(str, provider);}} catch (Throwable unused) {}}return cipher == null ? Cipher.getInstance(str, str2) : cipher;}public static byte[] rawMD5(String str) {if (str == null) {return null;}try {return rawMD5(str.getBytes("utf-8"));} catch (Throwable th) {MobLog.getInstance().w(th);return null;}}public static String urlEncode(String str) {try {return urlEncode(str, "utf-8");} catch (Throwable th) {MobLog.getInstance().w(th);return null;}}public static String byteToHex(byte[] bArr, int i, int i2) {StringBuffer stringBuffer = new StringBuffer();if (bArr == null) {return stringBuffer.toString();}while (i < i2) {stringBuffer.append(String.format("%02x", Byte.valueOf(bArr[i])));i++;}return stringBuffer.toString();}public static String MD5(byte[] bArr) {if (bArr == null) {return null;}return MD5(bArr, 0, bArr.length);}public static byte[] rawMD5(byte[] bArr) {if (bArr == null) {return null;}return rawMD5(bArr, 0, bArr.length);}public static String urlEncode(String str, String str2) throws Throwable {String encode = TextUtils.isEmpty(str) ? "" : URLEncoder.encode(str, str2);return TextUtils.isEmpty(encode) ? encode : encode.replace("+", "%20");}public static byte[] AES128Decode(byte[] bArr, byte[] bArr2) throws Throwable {if (bArr == null || bArr2 == null) {return null;}byte[] bArr3 = new byte[16];System.arraycopy(bArr, 0, bArr3, 0, Math.min(bArr.length, 16));SecretKeySpec secretKeySpec = new SecretKeySpec(bArr3, p.b("003?dkfddi"));Cipher cipher = getCipher(p.b("003^dkfddi") + p.b("003k=fdfg") + p.b("005Ueh*k]dgdcfh") + p.b("006cYcbcbch>d_dd"), p.b("002Gehfg"));cipher.init(2, secretKeySpec);byte[] bArr4 = new byte[cipher.getOutputSize(bArr2.length)];cipher.doFinal(bArr4, cipher.update(bArr2, 0, bArr2.length, bArr4, 0));return bArr4;}public static String MD5(byte[] bArr, int i, int i2) {byte[] rawMD5;if (bArr == null || (rawMD5 = rawMD5(bArr, i, i2)) == null) {return null;}return a(rawMD5);}public static byte[] SHA1(byte[] bArr) throws Throwable {MessageDigest messageDigest = MessageDigest.getInstance(p.b("005Hdieidkghgb"));messageDigest.update(bArr);return messageDigest.digest();}public static byte[] rawMD5(byte[] bArr, int i, int i2) {ByteArrayInputStream byteArrayInputStream;byte[] bArr2 = null;if (bArr == null) {return null;}try {byteArrayInputStream = new ByteArrayInputStream(bArr, i, i2);} catch (Throwable th) {th = th;byteArrayInputStream = null;}try {bArr2 = rawMD5(byteArrayInputStream);t.a(byteArrayInputStream);} catch (Throwable th2) {th = th2;try {MobLog.getInstance().w(th);t.a(byteArrayInputStream);return bArr2;} catch (Throwable th3) {t.a(byteArrayInputStream);throw th3;}}return bArr2;}public static String MD5(File file) {FileInputStream fileInputStream;if (file == null || !file.exists()) {return null;}try {fileInputStream = new FileInputStream(file);} catch (Throwable th) {th = th;fileInputStream = null;}try {byte[] rawMD5 = rawMD5(fileInputStream);t.a(fileInputStream);if (rawMD5 == null) {return null;}return a(rawMD5);} catch (Throwable th2) {th = th2;try {MobLog.getInstance().w(th);t.a(fileInputStream);return null;} catch (Throwable th3) {t.a(fileInputStream);throw th3;}}}public static byte[] rawMD5(InputStream inputStream) {if (inputStream == null) {return null;}try {byte[] bArr = new byte[1024];MessageDigest messageDigest = MessageDigest.getInstance(p.b("003.fiejgd"));int read = inputStream.read(bArr);while (read != -1) {messageDigest.update(bArr, 0, read);read = inputStream.read(bArr);}return messageDigest.digest();} catch (Throwable th) {MobLog.getInstance().w(th);return null;}}public static byte[] AES128Encode(byte[] bArr, String str) throws Throwable {if (bArr == null || str == null) {return null;}return AES128Encode(bArr, str.getBytes("UTF-8"));}public static void AES128Decode(String str, InputStream inputStream, OutputStream outputStream) throws Throwable {if (str == null) {return;}AES128Decode(str.getBytes("UTF-8"), inputStream, outputStream);}public static byte[] AES128Encode(byte[] bArr, byte[] bArr2) throws Throwable {SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, p.b("003Cdkfddi"));Cipher cipher = getCipher(p.b("003:dkfddi") + p.b("003k3fdfg") + p.b("008:eh@k4fhgjfgdihhfh") + p.b("006c*cbcbchMdLdd"), p.b("0027ehfg"));cipher.init(1, secretKeySpec);byte[] bArr3 = new byte[cipher.getOutputSize(bArr2.length)];cipher.doFinal(bArr3, cipher.update(bArr2, 0, bArr2.length, bArr3, 0));return bArr3;}public static void AES128Decode(byte[] bArr, InputStream inputStream, OutputStream outputStream) throws Throwable {CipherInputStream cipherInputStream;Throwable th;if (bArr == null || inputStream == null || outputStream == null) {return;}byte[] bArr2 = new byte[16];System.arraycopy(bArr, 0, bArr2, 0, Math.min(bArr.length, 16));SecretKeySpec secretKeySpec = new SecretKeySpec(bArr2, p.b("0033dkfddi"));Cipher cipher = getCipher(p.b("003Gdkfddi") + p.b("003k<fdfg") + p.b("008_eh=k@fhgjfgdihhfh") + p.b("006cIcbcbch<dWdd"), p.b("002,ehfg"));cipher.init(2, secretKeySpec);try {cipherInputStream = new CipherInputStream(inputStream, cipher);} catch (Throwable th2) {cipherInputStream = null;th = th2;}try {byte[] bArr3 = new byte[1024];for (int read = cipherInputStream.read(bArr3); read != -1; read = cipherInputStream.read(bArr3)) {outputStream.write(bArr3, 0, read);}outputStream.flush();t.a(cipherInputStream);} catch (Throwable th3) {th = th3;t.a(cipherInputStream);throw th;}}}
通过代码可以看出,这是AES-EBC的加密,直接hook一下
接着在一个图片上传点上传shell,拿下
