云南移动app加密

发表于 | 更新于: | 分类于 | | 阅读次数:
云南移动安卓手机APP的破解与模拟登录,找出Des加密的加密密码是关键。

登录需要用到的加密字段

Fields encrypt mode
password des cbc
jsonParam Base64
md5sign Md5

密码加密

1
2
3

password = EncryptGZipUtils.encode(EncryptGZipUtils.desEncode(secret, password.getBytes("UTF-8")));

jsonParam加密

1
2
3
4
5
6

String data = "[{\"dynamicURI\":\"/login\",\"dynamicParameter\":{\"method\":\"ln\",\"m\":\""+ mobile
                +"\",\"p\":\""+ password +
                "\",\"deviceCode\":\"\"},\"dynamicDataNodeName\":\"pwdLogin_node\"}]";
String jsonParam = Base64.encode(data.getBytes("GBK"));

请求体中的md5sign

1
2
3
final String MD5_KEY = "11100android!@#";
String Md5Sign = Md5Util.toMd5(MD5_KEY + deviceId + jsonParam);

登录密码加密util

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83

package com.zhangzb.utils;

import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import java.io.UnsupportedEncodingException;

/**
 * Created by zhangzb on 17-8-2.
 */
public class EncryptGZipUtils {
    public static final int ACTION_MASK = 255;

    private static final char[] legalChars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/".toCharArray();

    private static byte[] iv = new byte[]{(byte) 1, (byte) 2, (byte) 3, (byte) 4, (byte) 5, (byte) 6, (byte) 7, (byte) 8};

    public static String encode(byte[] data) {
        int len = data.length;
        StringBuffer buf = new StringBuffer((data.length * 3) / 2);
        int end = len - 3;
        int i = 0;
        int n = 0;
        int d;
        while (i <= end) {
            d = (((data[i] & ACTION_MASK) << 16) | ((data[i + 1] & ACTION_MASK) << 8)) | (data[i + 2] & ACTION_MASK);
            buf.append(legalChars[(d >> 18) & 63]);
            buf.append(legalChars[(d >> 12) & 63]);
            buf.append(legalChars[(d >> 6) & 63]);
            buf.append(legalChars[d & 63]);
            i += 3;
            int n2 = n + 1;
            if (n >= 14) {
                n2 = 0;
                buf.append(" ");
            }
            n = n2;
        }
        if (i == (0 + len) - 2) {
            d = ((data[i] & ACTION_MASK) << 16) | ((data[i + 1] & ACTION_MASK) << 8);
            buf.append(legalChars[(d >> 18) & 63]);
            buf.append(legalChars[(d >> 12) & 63]);
            buf.append(legalChars[(d >> 6) & 63]);
            buf.append("=");
        } else if (i == (0 + len) - 1) {
            d = (data[i] & ACTION_MASK) << 16;
            buf.append(legalChars[(d >> 18) & 63]);
            buf.append(legalChars[(d >> 12) & 63]);
            buf.append("==");
        }
        return buf.toString();
    }

    public static byte[] desEncode(String secret, byte[] byteS) {
        try {
            IvParameterSpec zeroIv = new IvParameterSpec(iv);
            SecretKeySpec key = new SecretKeySpec(secret.getBytes(), "DES");
            Cipher cipher = Cipher.getInstance("DES/CBC/PKCS5Padding");
            cipher.init(1, key, zeroIv);
            return cipher.doFinal(byteS);
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public static void main(String[] args) {
        String pwd = "82**88";

        String secret = "!@#j*&!k";

        try {
            String secretPwd = encode(EncryptGZipUtils.desEncode(secret, pwd.getBytes("UTF-8")));
            System.out.println(secretPwd);
        } catch (UnsupportedEncodingException e) {
            e.printStackTrace();
        }
    }
}

觉得有帮助就赞赏一下吧
0%