-
-
[求助]求大神帮忙分析一下这是加密
-
发表于:
2016-10-9 21:31
6863
-
麻烦大神们帮忙分析一下学校客户端的portal认证是什么加密算法。
先说一下流程,首先客户端通过initial.zsm这个密匙对
<?xml version="1.0" encoding="UTF-8"?><request><host-name>Nexus 5X</host-name><user-agent>CCTP/AndroidPhone/21</user-agent><client-id>354360070129457</client-id><ipv4>10.100.240.111</ipv4><ipv6></ipv6><mac>64:BC:0C:83:29:3A</mac><ostag>Nexus 5X/ostag><local-time>2016-10-09 21:04:33</local-time></request>
这段进行加密
得到
4A06C8F083752703EE2E95067998BF61DA13F45E6A1CEF1E8DA32F6D17FC4483FDDD16E41BA3F5BA2698933FF7D5F1DD1C8A14BC673C4C075C99BCD896681EEF4D66E2BB4A6FA7FDA630E3373C639768CB08DA54D36E818AF6E9CA8C6041BF9BB8810254D14CB49BDD67220688A17CA3DDC21B44452A1BDAE56264BB4BBC188F6481E2293321D84417D9130396909A587B29A5868EBB5A06CFC23D87377DF5335FC286F27FD0699CD1FEF4A3FA9E1F704FDAA2A5B6E7FC0371841F6B80CBDF4C43C9F5850B6743284B97FC7E425D4441F954E34B4556848B63B6F18314A566EC5DDA5F17D080B90461FA4842BD55EF407E4966F53E5A262F30DB71FECDB4141E2062CB89DEA098911D5460622ED1D1FF7FF53F0A5522E44E7FF77A8EC2EC5E0835A8D315B0D36C0E40CE6F8327881C5FBD435460374113D22EDDF628B6961E8B
然后把加密内容发送给服务器,服务器返回一段乱码(密匙)写入到336258240.zsm,
再通过336258240.zsm 给下面这段加密
<?xml version="1.0" encoding="UTF-8"?><request><host-name>Nexus 5X</host-name><user-agent>CCTP/AndroidPhone/21</user-agent><client-id>354360070129457</client-id><ipv4>10.100.240.111</ipv4><ipv6></ipv6><mac>64:BC:0C:83:29:3A</mac><ostag>Nexus 5X/ostag><local-time>2016-10-09 21:04:49</local-time></request>
加密后:
1736A01471D05C76E8B779F9D84D7F8636728D5384AFC98DB0529A01980663FA41355778B62D6B8F19417153F0AE6191B7CE7B765793BEEDF4383F2EA1FABA18A0103CC3BAA69DC83572310DC0CEBB41DC24B11487F777572BA83953E0F549121D0F5CD83081F6A1131D39298B043432D730C20349010DC11C38BA24E167D453032930DCA2FF773151785B5E793CF968888B726FA57773BC9385E0AB0238BD4BC91DE9161237C2B4057987F0B940F34123C48B0FF8B2B6BE752F824790DA963D60E43104EE3A0F144DC8F35CB5A1F60CE0BBB8854FFA380A2849F367465E2668D69285ED0660E34411DC01E450B1D70F079BC6FAB267ACE6B9CAA3FD8B40485CE1C512C7A829C6EC8A0D240EEF02ED47ADCF94105C21D3B2BE2307381701BA498887580815A1527477E4A9F212FB73A8F7
继续把上面这段加密内容发送给服务器,然后返回
1736A01471D05C76E8B779F9D84D7F8636728D5384AFC98DB0529A01980663FA41355778B62D6B8F19437459EDA93A93E3D561611198ABBEA4321029EDB8F90AA12C668DE4FAD88C212D640193C4B4569771A60182A8775B63B90E79D7CE03274D574BCF298CD4AC42406A3689092778DA33CE03015E568B0029F768ED65CE5353
然后客户端通过336258240.zsm这个密匙解密,得到下面明文
<?xml version="1.0" encoding="UTF-8"?><response><ticket>54ab47024dfa6360914a643b80e8d8eb</ticket><expire>3600</expire></response>
就完成了portal认证。
其中336258240.zsm中前面的001@1868BB1F24C64822FCA723F58641658F7B7BCC45D9F59BDBE25D9755C71D039E$8E903648-50A8-4872-9D7F-DFD9C9BA4321,应该不是密匙的一部分,因为需要发送header 为User-Agent:8E903648-50A8-4872-9D7F-DFD9C9BA4321 给服务器。整个算法应该是写在libDyKey.so这里面的。
附:initial.zsm,336258240.zsm,libDyKey.so
归档.zip
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
