-1

首先,这不是家庭作业或其他人给予的任何其他任务。这是来自游戏小程序的功能,我希望它更安全。使用此功能,您可以为游戏的握手部分生成密码。但是为每个玩家使用相同的编码密码,这只是一件愚蠢的事情。你真的很容易受到攻击,这就是我所处的情况。这就是为什么我想分析这个函数的作用并想出一种为每个唯一连接生成密码的方法。所以,请试着理解我。

这是功能:

public String g(String paramString)
  {
    boolean bool = d.r;
    try
    {
      if (!bool)
      {
        if (paramString.length() < 3)
        {
          a(tc[2]);
          return "";
        }
        if (bool);
      }
      else
      {
        if (paramString.length() > 200)
        {
          a(tc[3]);
          return "";
        }
        paramString = paramString.toLowerCase();
      }
      String str1 = "";
      String str2 = paramString;
      paramString = paramString.toLowerCase();
      char[] arrayOfChar1 = { 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', ' ' };
      char[] arrayOfChar2 = { 'x', 'f', 'n', 'g', 'd', '9', 's', 'j', 'o', 'q', '5', 'a', 'z', 'w', '6', '0', 'e', '4', 'c', 'r', '1', 'v', 't', '3', 'b', 'y', 'h', '2', 'u', '7', 'm', 'i', 'k', '8', 'l', 'p', '?' };
      char[] arrayOfChar3 = { 'f', 'e', '8', 'r', 'k', 't', '7', 'b', 'c', 'm', 'o', 'q', '2', '3', 'g', 's', 'n', 'x', '0', 'p' };
      char[] arrayOfChar4 = paramString.toCharArray();
      char[] arrayOfChar5 = str2.toCharArray();
      int i1 = 0;
      if (bool);
      do
      {
        int i2 = 0;
        int i3 = 0;
        if (bool);
        do
          do
          {
            if (!bool)
            {
              if (arrayOfChar4[i1] == arrayOfChar1[i3])
                i2 = 1;
            }
            else
            {
              int i4 = paramString.length();
              int i5 = (int)Math.round(Math.random() * 19.0D);
              int i6 = i3 + i5 + i4;
              if (bool);
              String str3;
              do
              {
                do
                  i6 -= arrayOfChar2.length;
                while (i6 >= arrayOfChar2.length);
                str1 = str1 + "" + arrayOfChar3[i5];
                str3 = String.valueOf(arrayOfChar2[i6]);
              }
              while (bool);
              if (arrayOfChar4[i1] != arrayOfChar5[i1])
                str3 = str3.toUpperCase();
              str1 = str1 + "" + str3;
            }
            i3++;
          }
          while (i3 < arrayOfChar1.length);
        while (bool);
        if (i2 == 0)
          str1 = str1 + "\\" + arrayOfChar4[i1];
        i1++;
      }
      while (i1 < arrayOfChar4.length);
      return str1;
    }
    catch (Exception localException)
    {
    }
    return "";
  }

这是它生成的一些示例:

    aaa -> cafg89  
    aaa -> ca3eca  
    aaa -> q6fged  
    aaa -> fgg4ow  
    aaaa -> tqp3srmw  
    aaaa -> 75e9rjcz  
    bbb -> o6q00t  
    bbb -> 0tczcz  
    bbbb -> 03o0bzo0  
    bbbb -> rogrt5kq

但这里是最可疑的例子:

1111111 -> 00000000000000  
222222 -> 000000000000  
33333 -> 0000000000  
5555555 -> m5m5m5m5m5m5m5  
666666 -> m5m5m5m5m5m5  
77777 -> m5m5m5m5m5  
8888 -> m5m5m5m5  
999 -> m5m5m5

我现在有点绝望,这就是我推运气的原因。谢谢你的每一句话。

4

2 回答 2

2

There some doubt that the decompiler has succeeded in generating code that matches the behaviour of the bytecodes. For instance, the code says if (bool); in a couple of places, and it is hard to see why the bytecodes would ever do that. If we can't trust the decompiled code, then there has to be some doubt in any conclusions that we draw from the code.

The other point to make is that your assumption here:

With this function you generate a password for the game's handshake part. But using the same encoded password for every player, its just a stupid thing to do.

It is clear from the output that you provide that this code does not generate the same output for a given input. And it would be rather surprising if it did, given that it appears to be repeatedly calling Random as part of the scrambling algorithm.

In short, you are attempting to fix a problem that does not exist ... or at least not in the form that you describe.

于 2012-07-22T11:34:09.047 回答
0

要为每个唯一连接生成唯一密码,您可以使用以下内容:

SHA256(secret + connectionNumber + dateAndTime)

secret是一个固定的秘密密码,您可以根据需要经常更改。

connectionNumber是当天迄今为止建立的连接的计数。

dateAndTime是标准格式的当前数据和时间。

将所有三个转换为字符串,连接并应用 SHA-256。这将为您提供一个字节数组。如果您需要文本而不是字节,请使用 Base64 进行转换。

例如:

String password = Base64(SHA256("myBIGsecret52012-07-23T13:06:25.254Z"));
于 2012-07-23T12:09:57.437 回答