Java中的OpenSSL EVP_BytesToKey问题 [英] OpenSSL EVP_BytesToKey issue in Java

问题描述

我正在对API进行逆向工程，我发现它使用AES-256-CBC进行加密。

我还发现它使用EVP_BytesToKey来加密HTTP请求。在我发现这个我测试了它，但我有一些问题（可能是因为我没经验）。我不知道在哪里把密码

I'm reverse engineering an API and I found out that it uses AES-256-CBC for encryption.
I also found out that it uses EVP_BytesToKey to encrypt HTTP requests. After I found out about this I tested it but I had some issues (probably because I'm inexperienced). I don't know where to put the password

这是需要被解密的内容： FP2xttTh / wm5Kr45Vh / PEvsdxgfL3NgxxMMk9hTkPfJd7vSJXTlhjiZlQajnBcMAVknANpv5FNCMRD + epDSOA2epKOzstSmhC0il2TlwgKqaT + 97zomCMUCIfdaJYnLz5gBth1MIpxO30bx9zPg8cbOJcLnMmCo3vtSDCalgjHICf5FevI7DgrWnWC1U4wab0rx / rWhGFJ0sOW1ImDi9DkCy + guQZIrojbZxRlvGzv1mU / avP5hbKgWIheJpYQvvM12RyCNuVxjHK / oZ1mCQLVjvpED291lxsGTNHPUrc2NI7LCj / xOztjgsukpBP9K1nsUIgEyfVFUfTf5sh4QPccZnJ1bzKqPD

And this is what needs to be decrypted: FP2xttTh/wm5Kr45Vh/PEvsdxgfL3NgxxMMk9hTkPfJd7vSJXTlhjiZlQajnBcMAVknANpv5FNCMRD+epDSOA2epKOzstSmhC0il2TlwgKqaT+97zomCMUCIfdaJYnLz5gBth1MIpxO30bx9zPg8cbOJcLnMmCo3vtSDCalgjHICf5FevI7DgrWnWC1U4wab0rx/rWhGFJ0sOW1ImDi9DkCy+guQZIrojbZxRlvGzv1mU/avP5hbKgWIheJpYQvvM12RyCNuVxjHK/oZ1mCQLVjvpED291lxsGTNHPUrc2NI7LCj/xOztjgsukpBP9K1nsUIgEyfVFUfTf5sh4QPccZnJ1bzKqPD

谁告诉我的钥匙，它的解密方式的人也给了我这个

The person who told me the key and the way it's decrypted also gave me this

REMOVED

推荐答案

告诉我的人密钥及其解密的方式也给了我这个

The person who told me the key and the way it's decrypted also gave me this

# base64 data must be stored in a file named "...-tmp.decrypt" 
# Usage: decrypt.sh secret sessionId 
SALT="$(cat $2 | base64 -d | head -c +8 | od -A n -t x1 | head -n 1 | tr -d " ")" 
echo -n "Salted__" > $2.enc cat $2 | base64 -d >> $2.enc cat $2.enc | openssl aes-256-cbc -d -k "$1" -md md5 -S "$SALT"

我们在这里有什么

• 盐是由输入的前8个字节构成的


• aes-256-cbc用于

常数：

 private static final int SALT_LENGTH = 8; 
 private static final int ITERATIONS = 1;
 private static final int KEY_SIZE_BITS = 256;

 private static final int INDEX_KEY = 0;
 private static final int INDEX_IV = 1;

除盐和输入

        // iv is 8 bytes of the input
        byte[] inputBytes = Base64.getDecoder().decode(INPUT);
        byte[] salt = new byte[SALT_LENGTH];
        System.arraycopy(inputBytes, 0, salt, 0, SALT_LENGTH);
        byte[] encrypted = new byte[inputBytes.length - SALT_LENGTH];
        System.arraycopy(inputBytes, SALT_LENGTH, encrypted, 0, encrypted.length);

并解密（你从哪里获得原始代码？原始作者的归属不会受到伤害）

and decrypt (where did you get the original code from? attribution to the original author wouldn't hurt)

        Cipher aesCBC = Cipher.getInstance("AES/CBC/Pkcs5Padding");
        MessageDigest md5 = MessageDigest.getInstance("MD5");

        // --- create key and IV  ---
        // the IV is useless, OpenSSL might as well have use zero's
        final byte[][] keyAndIV = EVP_BytesToKey(
                KEY_SIZE_BITS / 8,
                aesCBC.getBlockSize(),
                md5,
                salt,
                PASSWORD_STRING.getBytes("UTF-8"),
                ITERATIONS);
        SecretKeySpec key = new SecretKeySpec(keyAndIV[INDEX_KEY], "AES");
        IvParameterSpec iv = new IvParameterSpec(keyAndIV[INDEX_IV]);

        // --- initialize cipher instance and decrypt ---
        aesCBC.init(Cipher.DECRYPT_MODE, key, iv);
        byte[] decrypted = aesCBC.doFinal(encrypted);

        System.out.println(new String(decrypted, "UTF-8"));

我们得到一个结果

  {"difficulty":5,"friend_id":1962395051,"is_playing_script":true,
 "selected_team_num":3,"support_items":
 [{"quantity":2,"support_item_id":6},{"quantity":2,"support_item_id":1505},{"quantity":2,"support_item_id":1202},{"quantity":2,"support_item_id":1701}]}

我仍然看到两件事丢失：

Still I see 2 things missing:

1. 密码强度

正如@ dave_thompson_085指出的那样，密码看起来像是PEM的一部分档案，我同意他的意见。这是非常错误的，因为PEM文件定义了严格的模式，这将有效地降低密码的随机性

as @dave_thompson_085 pointed out, the password looks like part of a PEM file and I agree with him. That's very wrong as the PEM file has defined rigid schema and that will effectively lower randomness of the password

我建议使用真正随机的密码，例如，生成为

I advice to use really random password, e,g, generated as

openssl rand -hex 16
openssl rand -base64 16

1. 经过身份验证的加密

1. authenticated encryption

密文不包含任何完整性信息，以防密文被更改，没有选择检测到更改，因此无法确保完整性

the ciphertext doesn't contain any integrity information so in case the ciphertext is be altered, there is no option the alteration is detected, so you cannot ensure integrity

需要沿密文发送额外的完整性信息（例如密文的hmac）

extra integrity information needs to be sent along the ciphertext (e.g. hmac of the ciphertext)

这篇关于Java中的OpenSSL EVP_BytesToKey问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！