我反编译了一个 iOS 应用程序,我看到了用于加密字符串的私钥和方法。我用 charles 来捕捉这些数据,并有一个像这样的字符串: Charles package data
/random1/name/BQPnTF9MX8A3FbV1V5jtFozQnSkNtBK5AFJyTnzBJZgFkXIZyWlvxd3LzH6eIQznMLW7U8V3M5FDU9j9zGrkajIc5VjqIS1q8Sy+L9tLPE51aIy0xlKVlRgqjWGe0HGUBBAtlTk+rOZEeR/+TODnEN79mYtgWTNpscRr9dy6DoWw7wvE7MiLIibdCjQ4PbcFQ/EpvIjgWOzCorbobYbEUoI/aw== HTTP/1.1
然后我查看了iOS代码,看到了他们的方法反汇编器
所以我写了一个 php 服务器来解码这个加密的字符串:
require __DIR__ . '/../autoload.php';
$password = "e12d33re";
$base64Encrypted = "BQN7evDaWMlRXiOOeCEIkL6+3K2dLRKv/e9tYTxrSVMTojf6gMPL7hW7gfuYHt622CIlfon5vsGpv9ykM6WbbMPdH7Q56lcbRPA2KO9aquYR5fM8e0fGGb7AQzPs3G0CJAAYG0E9i8cG1VH3uVP6VWjK5LkpRuUOk8QuoG1j3eP0fUZVY8RSjKyFZpbLlDIrANg4T5DmkigVTEN82QYCbLv2Iw==";
$cryptor = new \RNCryptor\Decryptor();
$plaintext = $cryptor->decrypt($base64Encrypted, $password);
echo "Base64 Encrypted:\n$base64Encrypted\n\n";
echo "Plaintext:\n$plaintext\n\n";
但我无法解密它。
我通过代码检查了它的版本,发现它是版本 5
$base64Encrypted = "BQN7evDaWMlRXiOOeCEIkL6+3K2dLRKv/e9tYTxrSVMTojf6gMPL7hW7gfuYHt622CIlfon5vsGpv9ykM6WbbMPdH7Q56lcbRPA2KO9aquYR5fM8e0fGGb7AQzPs3G0CJAAYG0E9i8cG1VH3uVP6VWjK5LkpRuUOk8QuoG1j3eP0fUZVY8RSjKyFZpbLlDIrANg4T5DmkigVTEN82QYCbLv2Iw==";
$actualVersion = ord(substr(base64_decode($base64Encrypted), 0, 1));
我在 ios 二进制文件中看到了 rncryptor lib。
第一张图片,我用私钥成功解密(他们用RNcryptor加密了v4字符串)http://i.stack.imgur.com/Kq5m1.png
第二张图片,他们使用未知方法加密,但肯定是 100% rncryptor(他们不加密 v4 字符串) http://i.stack.imgur.com/NfScg.png