-
-
app不同版本插件匹配的加密方式
-
发表于: 2022-1-21 17:16
-
配置信息加密后,需要还原,所有需要采用可逆的加密方式,我这里采用:AES+魔改Base64(魔改作用你懂得)
1:AES密钥唯一,不同的UserId采用不同的密钥,比如采用:特殊字符+微信账号
2:配置信息通过网络发放,web后台根据UserId下发配置信息。
3:其中额外的Base64加密,是方便网络传输、和调试。因为AES加密会产生不可见字符。
4:魔改的Base64 ,不方便发布。在此先用apache的Base64替代。(其实魔改也是采用apache的Base64修改了字符表而已。)
#jadx查看插件代码
#配置生成代码
下发的配置可以临时存放在本来文件、或变量,方便测试。
#大概代码
生成配置信息的模拟代码如测试用例AesUtilTest2 类的方法createConfWXsAesBase64String705。为了方便调试,这部分代码在android工程的单元测试中,不会打包进apk.
public class AesUtilTest2 {
@Test
public void aesEncryptAndBase64() {
//String str_Org = "aaabbbccc111222333";
String str_Org = "订阅地址 :如stompEndpointRegistry.addEndpoint(\"/endpointWechat\") 或使用@ServerEndpoint创建\n" +
"容许跨域\n" +
"是否开启SockJS支持\n" +
"推送:声明SimpMessagingTemplate ,调用convertAndSend方法(或者使用@SendTo和@SendToUser注解)\n" +
"一对一发送消息\n" +
"Principal:身份验证和授权\n" +
"stomp协议:STOMP即Simple (or Streaming) Text Orientated Messaging Protocol,简单(流)文本定向消息协议,它提供了一个可互操作的连接格式,允许STOMP客户端与任意STOMP消息代理(Broker)进行交互。\n" +
"WebSocket(stomp服务端)";
String strEncrypt = AesUtil.aesEncrypt(str_Org,PluginsConfig.AES_KEY);
System.out.println("Aes加密后=\n"+strEncrypt);
//base64+
byte [] bytes_base64strEncrypt = org.apache.mina.util.Base64.encodeBase64(strEncrypt.getBytes());
String strEncryptAesBase64 = new String(bytes_base64strEncrypt);
System.out.println("Aes+base64加密后=\n"+strEncryptAesBase64);
//base64-
byte[] bytes_needdecodeBase64 = strEncryptAesBase64.getBytes();
byte[] bytes_decodeBase64 = org.apache.mina.util.Base64.decodeBase64(bytes_needdecodeBase64);
//String str_Decrypt =AesUtil.aesDecrypt(strEncrypt,PluginsConfig.AES_KEY);
String str_Decrypt =AesUtil.aesDecrypt(new String (bytes_decodeBase64),PluginsConfig.AES_KEY);
System.out.println("Aes解码后=\n"+str_Decrypt);
}
/**
* 这里用于生成配置信息的aes+base64的加密数据
*/
@Test
public void createConfWXsAesBase64String () {
//String str_needToCreateVersion = "6.7.3";//配置版本
//String str_needToCreateVersion = "7.0.14";//配置版本
String str_needToCreateVersion = "8.0.18";//配置版本
//生成配置信息
ConfWXs confWXs = new ConfWXs();
switch (str_needToCreateVersion){
case PluginsConfig.wechat7_0_5:
setConfig705(confWXs);
break;
case PluginsConfig.wechat7_0_14:
setConfig7014bak(confWXs);
break;
case PluginsConfig.wechat8_0_18:
setConfig8018(confWXs);
break;
default:
throw new UnsupportedOperationException(" 不支持的版本 ");
}
String str_Jsoon = new Gson().toJson(confWXs) ;
//aes+
String strEncrypt = AesUtil.aesEncrypt(str_Jsoon,PluginsConfig.AES_KEY);//与userId有关
System.out.println("Aes加密后=\n"+strEncrypt);
//base64+
byte [] bytes_base64strEncrypt = org.apache.mina.util.Base64.encodeBase64(strEncrypt.getBytes());
String strEncryptAesBase64 = new String(bytes_base64strEncrypt);
System.out.println("Aes+base64加密后(即需要下发的密文)=\n"+strEncryptAesBase64);//========从这里copy出aes+base64加密后的数据
//base64-
byte[] bytes_needdecodeBase64 = strEncryptAesBase64.getBytes();
byte[] bytes_decodeBase64 = org.apache.mina.util.Base64.decodeBase64(bytes_needdecodeBase64);
//aes-
String str_Decrypt =AesUtil.aesDecrypt(new String (bytes_decodeBase64),PluginsConfig.AES_KEY);
System.out.println("Aes解码后=\n"+str_Decrypt);
//测试是否可以生成会对象
ConfWXs confWXs2 = new Gson().fromJson(str_Decrypt,ConfWXs.class);
System.out.println(confWXs2.conf_chatRoom.abstract_Chartroom_d_method);
}
/**
* 企业微信
*/
@Test
public void createConfWXsAesBase64String705 () {
//int needToCreateVersion = 12427;//配置版本
//int needToCreateVersion = 16463;//配置版本
int needToCreateVersion = 18808;//配置版本Wework_vc_4_0_0
//生成配置信息
ConfWeworks confWeworks = new ConfWeworks();
switch (needToCreateVersion){
case WeworkConfig.Wework_vc_3_0_16:
setConfig3_0_16(confWeworks);
break;
case WeworkConfig.Wework_vc_3_1_6:
setConfig7_0_14(confWeworks);
break;
case WeworkConfig.Wework_vc_4_0_0:
setConfig4_0_0(confWeworks);
break;
default:
throw new UnsupportedOperationException(" 不支持的版本 ");
}
...
}
//=================================
private void setConfig705(ConfWXs config705) {
//与setConfig8018 类似
}
//wechatwechat7014
private void setConfig7014bak(ConfWXs config7014) {
//与setConfig8018 类似
}
//wechat7014-->wechat8018_2060
private void setConfig8018(ConfWXs config8018) {
//设置CONF_COMM
//通讯类
config8018.conf_comm.GET_COMM_MODEL_CLASS = "com.tencent.mm.model.aabh";
config8018.conf_comm.GET_COMM_MODEL_CLASS_init_method = "bwl";
...
config8018.conf_comm.COMM_CLASS_SEND_METHOD ="a";
//场景抽象累NetSceneBase
config8018.conf_comm.COMM_CLASS_SEND_METHOD_PARA1_CLASSE ="com.tencent.mm.aao.p";
config8018.conf_comm.Wechat_md5Util = "com.tencent.mm.bb.g";
//获取消息摘要getMessageDigest
config8018.conf_comm.Wechat_md5Util_bytesMD5_method = "getMessageDigest";
config8018.conf_comm.Wechat_md5Util_getMD5 = "getMD5";
config8018.conf_chatRoom.Action_Chatroom_Qrcode_param5_Classe = "com.tencent.mm.network.bss";
//创建群createchatroom
config8018.conf_chatRoom.CreateRoom_callback_Classe = "com.tencent.mm.chatroom.asd.k";
//AccountStorage
config8018.conf_chatRoom.Get_ChatroomOpt_Obj_Class = "com.tencent.mm.model.c";
...
config8018.conf_lable.AddLable_callback_Class = "com.tencent.mm.plugin.label.b.a";
//
config8018.conf_lable.AddLable_callback_Class_listField = "Irs";
...
//CONF_Message
//VideoRunnable
config8018.conf_message.Action_VideoRunnable_Class = "com.tencent.mm.pluginsdk.model.aq";
//接口interface
config8018.conf_message.Action_VideoRunnable_arg6_Class ="com.tencent.mm.pluginsdk.model.aq$a";
...
//=====CONF_Sns
config8018.conf_sns.Wechat_protocal_protobuf_cdn_snsServerId_field = "Id";
config8018.conf_sns.Wechat_protocal_protobuf_cdn_xOe_field = "sZKy";
config8018.conf_sns.Wechat_protocal_protobuf_cdn_xOf_field = "ZKz";
//===CONF_Friend
config8018.conf_friend.WECHAT_getUserInfo_Class = "com.tencent.mm.model.aaz";
//ConfigStorageLogic
config8018.conf_friend.WECHAT_getUserInfo_Class_getMyWechcatId = "buz";
...
//typeByAddFriend
config8018.conf_friend.SearchFriendInfo_Class_typeByAddFriend_field = "ZaFu";
//===CONF_DB
config8018.conf_db.WECHAT_conversationOpt_CLASS = "com.tencent.mm.bbl.d";
...
}
}public class AesUtilTest2 {
@Test
public void aesEncryptAndBase64() {
//String str_Org = "aaabbbccc111222333";
String str_Org = "订阅地址 :如stompEndpointRegistry.addEndpoint(\"/endpointWechat\") 或使用@ServerEndpoint创建\n" +
"容许跨域\n" +
"是否开启SockJS支持\n" +
"推送:声明SimpMessagingTemplate ,调用convertAndSend方法(或者使用@SendTo和@SendToUser注解)\n" +
"一对一发送消息\n" +
"Principal:身份验证和授权\n" +
"stomp协议:STOMP即Simple (or Streaming) Text Orientated Messaging Protocol,简单(流)文本定向消息协议,它提供了一个可互操作的连接格式,允许STOMP客户端与任意STOMP消息代理(Broker)进行交互。\n" +
"WebSocket(stomp服务端)";
String strEncrypt = AesUtil.aesEncrypt(str_Org,PluginsConfig.AES_KEY);
System.out.println("Aes加密后=\n"+strEncrypt);
//base64+
byte [] bytes_base64strEncrypt = org.apache.mina.util.Base64.encodeBase64(strEncrypt.getBytes());
String strEncryptAesBase64 = new String(bytes_base64strEncrypt);
System.out.println("Aes+base64加密后=\n"+strEncryptAesBase64);
//base64-
byte[] bytes_needdecodeBase64 = strEncryptAesBase64.getBytes();
byte[] bytes_decodeBase64 = org.apache.mina.util.Base64.decodeBase64(bytes_needdecodeBase64);
//String str_Decrypt =AesUtil.aesDecrypt(strEncrypt,PluginsConfig.AES_KEY);
String str_Decrypt =AesUtil.aesDecrypt(new String (bytes_decodeBase64),PluginsConfig.AES_KEY);
System.out.println("Aes解码后=\n"+str_Decrypt);
}
/**
* 这里用于生成配置信息的aes+base64的加密数据
*/
@Test
public void createConfWXsAesBase64String () {
//String str_needToCreateVersion = "6.7.3";//配置版本
//String str_needToCreateVersion = "7.0.14";//配置版本
String str_needToCreateVersion = "8.0.18";//配置版本
//生成配置信息
ConfWXs confWXs = new ConfWXs();
switch (str_needToCreateVersion){
case PluginsConfig.wechat7_0_5:
setConfig705(confWXs);
break;
case PluginsConfig.wechat7_0_14:
setConfig7014bak(confWXs);
break;
case PluginsConfig.wechat8_0_18:
setConfig8018(confWXs);
break;
default:
throw new UnsupportedOperationException(" 不支持的版本 ");
}
String str_Jsoon = new Gson().toJson(confWXs) ;
//aes+
String strEncrypt = AesUtil.aesEncrypt(str_Jsoon,PluginsConfig.AES_KEY);//与userId有关
System.out.println("Aes加密后=\n"+strEncrypt);
//base64+
byte [] bytes_base64strEncrypt = org.apache.mina.util.Base64.encodeBase64(strEncrypt.getBytes());
String strEncryptAesBase64 = new String(bytes_base64strEncrypt);
System.out.println("Aes+base64加密后(即需要下发的密文)=\n"+strEncryptAesBase64);//========从这里copy出aes+base64加密后的数据
//base64-
byte[] bytes_needdecodeBase64 = strEncryptAesBase64.getBytes();
byte[] bytes_decodeBase64 = org.apache.mina.util.Base64.decodeBase64(bytes_needdecodeBase64);
//aes-
String str_Decrypt =AesUtil.aesDecrypt(new String (bytes_decodeBase64),PluginsConfig.AES_KEY);
System.out.println("Aes解码后=\n"+str_Decrypt);
//测试是否可以生成会对象
ConfWXs confWXs2 = new Gson().fromJson(str_Decrypt,ConfWXs.class);
System.out.println(confWXs2.conf_chatRoom.abstract_Chartroom_d_method);
}
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
|
|
|---|---|
