hi all:
本人新人,喜欢解密。有4-5年编程经验。用php python js类脚本比较多。太空虚,想找东西学,无意中在看雪找到解密的东西,好喜欢。但不知道怎么下手学。我是要去买点书?或者下点pdf看看?还是先从实例入手?
书的话,在网上下了几本,慢慢看吧,有点枯燥,不过我耐得住。嘿嘿。
实例我找了个,先说明一下,我弄这个实例,不是想知道解密的方法,而是想学到怎么去分析,怎么猜测解密的过程。要渔,不是鱼。谢谢~~!
这是一个游戏的封包。为了不想太难入手,我特意找了近十年前的一款老游戏来做例子。封包,应该不会用特别复杂的加密,不然服务器端处理就会比较耗资源。
我先是弄了一些例子,好来截取封包。但是也没有学过测试,不知道怎么得出一些更高效的测试用例,就随便弄了一些。需要的话,我再重新去取吧。
这些封包是Wireshark截取到的data段,其他数据段基本相同。
6d:f8:76:33:53:eb:04:de:af:d9:ab:24:db:7c:2b:3c:1c:c9:73:f4:e8:0d:23:d9:a7:7b:81:8c:75:34:43:2a:bd:1d:b6:0b:96:f9:20:83:30:c3:e2:45:13:f6:c7:3e:7d:50:a0:fb:21:8f:96:20:0d:f3:ad:90:a6:f9:b9:15:25:a1:ca:c5:d7:05:67:e5:1b:15
5b:87:cc:c0:df:67:d5:77:78:9a:39:cc:25:0a:66:43:74:32:57:27:9f:6d:85:9b:6b:2c:37:1a:d3:68:89:fe:5a:47:85:1b:50:23:61:6e:d7:ac:1d:ee:12:07:c3:e3:ba:db:b2:20:89:1c:ab:80:d8:66:da:d0:ee:d3:1a:fb:80:ea:60:f5:9a:74:8f:f9:87:0d
09:68:a4:65:e5:2d:60:f3:10:a1:4e:c1:36:6d:0a:80:e2:66:2f:76:ce:9c:7d:cb:ec:cf:04:04:93:5f:1a:1e:c0:0c:1a:3d:75:90:48:ee:36:f0:55:e9:75:ed:32:d4:c2:52:91:74:e0:d5:7f:d7:16:89:c6:66:cb:fa:14:67:eb:c4:1c:34:b3:4e:7a:87:53:f0
be:d3:3c:63:ca:90:10:a8:d9:04:7c:0f:75:d6:f0:be:3f:9f:8e:ac:83:b3:8b:42:3c:b7:ef:f5:27:ce:46:90:a9:02:63:4a:ae:6b:11:fd:93:65:45:eb:33:a5:7c:4c:0e:6c:6c:b9:ce:69:3b:cb:f0:39:93:1c:51:0e:d3:9a:a0:3a:a7:da:6d:23:1b:a5:c1:0d
c1:99:05:11:8c:a8:92:f8:d9:54:be:9c:57:6a:e2:eb:1d:f3:e8:f4:e0:da:67:92:cd:5b:50:f3:b8:ee:02:40:e8:c5:b0:a4:18:5a:bc:2d:c2:29:ef:3a:2a:5d:49:1b:a8:f4:64:4b:f8:51:53:0e:9c:36:84:53:e4:8b:21:d8:42:f4:2f:c2:01:c8:af:29:ee:a5
dc:1b:2a:ad:be:96:69:b2:04:c0:33:88:81:1d:e0:c2:41:3d:30:0c:19:de:5c:0f:31:96:93:b8:b7:41:56:64:a2:30:3c:8e:ee:55:d4:f8:23:7a:10:d6:fa:15:7a:4c:24:48:2c:5d:f5:28:05:b0:87:86:34:b1:20:c9:7b:c8:44:94:75:b3:8c:23:b2:c5:ef:86
a2:d7:3b:6b:d1:9c:85:67:6c:6a:31:3a:71:9a:4c:fd:1b:bc:e3:6e:70:60:5f:67:b1:4e:67:24:67:35:cf:f2:58:df:6f:59:1b:59:b9:e1:bc:44:ab:5a:aa:c9:69:01:41:24:96:9e:f5:32:b0:3d:33:f8:11:5b:ec:12:bc:5c:2f:9d:3c:7c:9d:95:6e:ca:1c:a5
c2:6f:6c:61:e6:2e:fb:58:ac:75:87:33:7c:87:6e:0c:7f:32:64:7d:e5:c2:f9:01:33:60:84:d2:a7:d6:6a:3c:ed:64:be:0b:63:b5:fa:f0:87:ac:e9:5e:d8:32:96:e4:bb:dd:05:c4:85:3d:6f:84:71:c8:79:7f:3f:86:8f:ff:4b:b2:a3:6d:84:74:a0:f6:7a:0d
90:68:3f:90:e7:d8:70:58:e1:63:0d:97:be:aa:59:63:87:f5:94:f6:48:78:47:79:8f:48:78:ab:6a:5a:f3:05:4c:fa:1a:3b:12:7a:29:d7:35:43:74:6d:5b:09:f9:b4:71:ae:d1:54:fb:fd:e8:02:20:ab:78:da:04:57:48:7f:10:db:0e:41:a1:c7:0a:de:30:1d
90:60:f7:4b:2f:0b:d4:20:0a:60:4c:e6:d3:a3:87:ab:1a:27:64:85:a0:32:c5:bc:45:e8:9d:c4:fb:74:a1:e3:3b:37:e8:80:b2:31:6c:8a:1b:de:de:37:99:25:dc:7a:39:eb:10:f0:a6:66:c6:1b:ef:34:51:ac:40:33:66:58:dc:d6:6f:e6:db:56:86:c3:b7:cf
aa:f8:0a:fc:e8:24:b3:f9:3f:25:e8:bf:1b:18:5d:2a:f4:3f:d1:56:ed:49:9f:0c:1b:ad:a8:6a:c5:10:8b:0f:8d:0c:23:5a:1f:aa:e8:ad:77:b7:65:a0:1e:c8:1f:1f:50:91:bd:f9:43:ed:86:e7:90:14:ae:98:39:65:a9:b1:53:a4:2e:fa:d5:79:0e:00:3e:e6
f5:17:3c:b2:81:85:ca:e1:be:ce:9f:a2:e5:41:0f:18:79:de:3c:f3:dc:e8:5b:b7:5f:c6:0e:62:52:49:94:32:51:8c:17:5b:7e:0f:86:d8:c7:58:8b:02:6f:94:a9:64:32:fe:07:ee:97:7f:c6:a0:08:bd:13:c8:30:5e:7f:66:96:96:88:46:b7:2f:d0:d9:43:13
66:f0:2d:d1:03:01:c6:ce:2f:5f:06:48:06:1b:a1:bf:55:c9:e2:5e:fd:cb:42:1f:0a:84:59:b4:27:64:a0:1a:8b:86:6f:11:f6:a1:80:3b:1d:71:9b:31:48:50:aa:62:e3:18:f8:b4:63:b4:67:d9:20:c0:33:c0:a3:0b:3f:3a:57:38:b3:f0:54:55:ac:0c:88:7a
df:e5:16:a2:81:67:eb:c9:3a:81:ad:fc:05:f1:0b:53:67:df:cd:90:0e:82:a0:a9:8a:4e:91:bd:d9:88:2f:f2:72:97:40:ba:98:12:52:38:cd:74:4b:7d:e4:b4:b0:cc:78:15:1d:12:4c:d1:02:17:df:1d:a4:67:f5:30:b7:ac:f9:89:c5:8d:5f:4d:f0:ef:2d:50
以上每一行为一个数据密文。明文全部相同,都是字符“1”(也就是我在游戏里直接发送了1的聊天信息)。所有密文长度都是74。后来经过一些测试,发现规律:
聊天信息明文长度 密文长度
1-6 74
7-14 82
15-22 90
23-30 98
31-38 106
... ...
由于我也没做过游戏开发,所以不知道这具体的明文是什么格式。是接口类型?接口号?数据值?我都不太明白。规律,暂时只找到每次加密,明文相同的情况下,密文长度都相同,但是密文没重复过。我猜的话,会不会是这个数据里,有一段是随机的key,然后数据经过异或或者什么算法,得到密文,然后与key一起传送。或者是把时间戳当成key?
好吧,大概就这么多,大家能看得出我的水平是有多菜了吧?真心求学分析的过程,请随意喷!每帖必复。
谢谢大家!
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!