如何破解 Adobe Air 中的 EncryptedLocalStore? [英] How to crack EncryptedLocalStore in Adobe Air?
问题描述
假设用户 Tom 安装了一个名为 X 的 Adobe Air 应用程序,并且 X 在 EncryptedLocalStore 中存储了一些秘密;那么 Tom 想要破解 EncryptedLocalStore(检查并更改其内容),他怎么做?
Assume user Tom installed an Adobe Air app named X, and X stores some secret in EncryptedLocalStore; then Tom wants to crack EncryptedLocalStore (inspect and alter its content), how could he do that?
谢谢!
推荐答案
根据AS3语言参考:
加密本地存储中的数据受用户操作系统帐户凭据的保护.其他实体无法访问商店中的数据,除非他们可以以该用户身份登录.但是,对于由经过身份验证的用户运行的其他应用程序的访问,数据并不安全.因此,您的应用程序可能希望对用户保密的数据(例如用于许可或数字权限管理的密钥)并不安全.ELS 不是存储此类信息的合适位置.只适合存放用户的私人数据,例如密码.
The data in the encrypted local store is protected by the user’s operating system account credentials. Other entities cannot access the data in the store unless they can login as that user. However, the data is not secure against access by other applications run by an authenticated user. Thus, data that your application may want to keep secret from users, such as keys used for licensing or digital rights management, is not secure. The ELS is not an appropriate location for storing such information. It is only an appropriate place for storing a user’s private data, such as passwords.
关于加密的一些注意事项:
Some notes about encryption:
AIR 使用 Windows 上的 DPAPI、Mac OS 和 iOS 上的 KeyChain 以及 Linux 上的 KeyRing 或 KWallet 将加密的本地存储与每个应用程序和用户.
AIR uses DPAPI on Windows, KeyChain on Mac OS and iOS, and KeyRing or KWallet on Linux to associate the encrypted local store to each application and user.
加密的本地存储使用AES-CBC 128 位加密.
在 Android 上,EncryptedLocalStorage 类存储的数据未加密.
让我们总结一下:
- 如果有人可以登录用户帐户,他就可以访问
EncryptedLocalStore EncryptedLocalStore由操作系统管理,而不是 AIR- 数据已加密,但在 Android 上未加密
- If someone can login to the user account, he can access the
EncryptedLocalStore - The
EncryptedLocalStoreis managed by the operating system, not AIR - Data are encrypted but not on Android
如果你想破解这样的存储,你必须:
If you want to crack such storage you would have to:
- 检索存储内容
- 破解加密(非常好)
- 查找有关解析此类数据存储库的规范
- 编写自己的数据读取器
这篇关于如何破解 Adobe Air 中的 EncryptedLocalStore?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
