问:此smali类是否解密数据?它使用什么加密? [英] Q: Does this smali class decrypt data? what encryption is it using?
问题描述
问:此smali类是否解密数据?它使用什么加密?
Q: Does this smali class decrypt data? what encryption is it using?
我需要帮助找出此代码用于解密接收到的文件文本的内容吗? 加密的文本会像混乱中的预期那样打印出来,是否有一种方法可以使用我需要帮助理解的信息来手动解密文本?
I need help finding out what this code uses to decrypt the file text it receives? the encrypted text prints out as expected in a jumbled mess, is there a way to manually decrypt the text using the information I need help understanding?
谢谢
> <
package utils;
import android.util.Log;
import com.crashlytics.android.Crashlytics;
import java.io.BufferedOutputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.security.SecureRandom;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.io.FileUtils;
public class EFileIO {
private static byte[] df(byte[] var0, byte[] var1) throws Exception {
SecretKeySpec var2 = new SecretKeySpec(var0, "AES");
Cipher var3 = Cipher.getInstance("AES");
var3.init(2, var2);
return var3.doFinal(var1);
}
private static byte[] ef(byte[] var0, byte[] var1) throws Exception {
SecretKeySpec var2 = new SecretKeySpec(var0, "AES");
Cipher var3 = Cipher.getInstance("AES");
var3.init(1, var2);
return var3.doFinal(var1);
}
private static byte[] gk(String var0) throws Exception {
byte[] var1 = var0.getBytes("UTF-8");
KeyGenerator var2 = KeyGenerator.getInstance("AES");
SecureRandom var3 = SecureRandom.getInstance("SHA1PRNG", "Crypto");
var3.setSeed(var1);
var2.init(128, var3);
return var2.generateKey().getEncoded();
}
public static String rf(File var0) {
String var1 = "";
String var3;
String var5;
try {
byte[] var2 = df(gk("AIzaSyDVQJ323-Th1pPJIcDrSt0KYFMTuLJR7Vw"), FileUtils.readFileToByteArray(var0));
var3 = new String(var2, "UTF-8");
} catch (Exception var4) {
Crashlytics.log(6, "EFILEIO.java", "rf, mf.getName(): " + var0.getName());
Crashlytics.logException(var4);
var4.printStackTrace();
var5 = var1;
return var5;
}
var5 = var3;
return var5;
}
public static void wr(StringBuilder var0, File var1) {
try {
FileOutputStream var3 = new FileOutputStream(var1);
BufferedOutputStream var2 = new BufferedOutputStream(var3);
byte[] var5 = ef(gk("AIzaSyDVQJ323-Th1pPJIcDrSt0KYFMTuLJR7Vw"), var0.toString().trim().getBytes("UTF-8"));
StringBuilder var6 = new StringBuilder();
Log.e("FileIo", var6.append("wr: content ").append(var5).toString());
var2.write(var5);
var2.flush();
var2.close();
} catch (Exception var4) {
Crashlytics.log(6, "EFILEIO.java", "wr, mf.getName(): " + var1.getName());
Crashlytics.logException(var4);
var4.printStackTrace();
}
推荐答案
您的问题的(简短)答案是是".
The (short) answer to your question is YES.
您的类(方法wr)正在使用固定密钥对字符串(封装在StringBuilder中)进行加密,并将密文保存到光盘上的文件中.另一种方法(rf)是读取带有密文的文件,然后使用固定密钥对其进行解密,然后打印出 解密/明文到控制台.
Your class (method wr) is encrypting a String (wrapped in a StringBuilder) with a fixed key and saves the ciphertext to a file on the disc. Another method (rf) is reading the file with the ciphertext, decrypts it with the fixed key and prints the decrypted / plaintext to the console.
这是您的类中的5种方法,并有简短说明:
These are the 5 methods in your class with a short description:
gk =生成一个固定的 16字节(128位)长的密钥,用于AES加密/解密
gk = generates a fixed 16 byte (128 bit) long key for AES en-/decryption
ef =用生成的密钥加密字节数组
ef = encrypts a byte array with the generated key
df =用生成的密钥解密字节数组
df = decrypts a byte array with the generated key
wr =将加密的字节数组(使用方法ef)写入光盘上的文件
wr = writes the encrypted byte array (using method ef) to a file on the disc
rf =将文件的内容读取到字节数组,使用方法df解密并显示解密的文本
rf = reads the contents of a file to a byte array, decrypts it with method df and shows the decrypted text
该类使用AES/ECB/PKCS5PADDING模式进行加密(我在OpenJDK 11上手动完成了解密,因此该模式在Android上与您的加密服务提供商有别的名字).方法ef + df的初始化 "Cipher.getInstance("AES")"会导致标准" ECB-PKCS5PADDING模式不安全,不应再使用.
The class uses the AES/ECB/PKCS5PADDING mode for encryption (I done the decryption manually on OpenJDK 11, so maybe the mode has another name with your crypto service provider on Android). The initialisation in methods ef + df with "Cipher.getInstance("AES")" results in the "standard" ECB-PKCS5PADDING mode which is insecure and should be no longer used.
如果创建了密文文件"cipher.dat",则可以使用此简单程序解密内容并将其显示在控制台上(没有适当的异常处理...):
If you created a ciphertextfile "cipher.dat" you can use this simple program to decrypt the content and show it on the console (there is no proper exception handling...):
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.SecretKeySpec;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
public class SimpleDecryption {
public static void main(String[] args) throws InvalidKeyException, NoSuchPaddingException, NoSuchAlgorithmException, IOException, BadPaddingException, IllegalBlockSizeException {
System.out.println("Simple decryption method for\n" +
"https://stackoverflow.com/questions/140131/convert-a-string-representation-of-a-hex-dump-to-a-byte-array-using-java");
String filename = "cipher.dat";
byte[] fixedKey = hexStringToByteArray("e409c02fb48745a14f5e1c03e3c6f0ca");
Cipher aesCipher = Cipher.getInstance("AES/ECB/PKCS5PADDING");
SecretKeySpec secretKeySpec = new SecretKeySpec(fixedKey, "AES");
aesCipher.init(Cipher.DECRYPT_MODE, secretKeySpec);
System.out.println("decrypted text: " + new String(aesCipher.doFinal(Files.readAllBytes(Paths.get(filename))),"UTF-8"));
}
public static byte[] hexStringToByteArray(String s) {
int len = s.length();
byte[] data = new byte[len / 2];
for (int i = 0; i < len; i += 2) {
data[i / 2] = (byte) ((Character.digit(s.charAt(i), 16) << 4)
+ Character.digit(s.charAt(i + 1), 16));
}
return data;
}
}
示例输出:
Simple decryption method for
https://stackoverflow.com/questions/140131/convert-a-string-representation-of-a-hex-dump-to-a-byte-array-using-java
decrypted text: This text needs to get encrypted
这篇关于问:此smali类是否解密数据?它使用什么加密?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
