-
-
app不同版本插件匹配的加密方式
-
发表于: 2022-1-21 17:16 6661
-
配置信息加密后,需要还原,所有需要采用可逆的加密方式,我这里采用:AES+魔改Base64(魔改作用你懂得)
1:AES密钥唯一,不同的UserId采用不同的密钥,比如采用:特殊字符+微信账号
2:配置信息通过网络发放,web后台根据UserId下发配置信息。
3:其中额外的Base64加密,是方便网络传输、和调试。因为AES加密会产生不可见字符。
4:魔改的Base64 ,不方便发布。在此先用apache的Base64替代。(其实魔改也是采用apache的Base64修改了字符表而已。)
#jadx查看插件代码
#配置生成代码
下发的配置可以临时存放在本来文件、或变量,方便测试。
#大概代码
生成配置信息的模拟代码如测试用例AesUtilTest2 类的方法createConfWXsAesBase64String705。为了方便调试,这部分代码在android工程的单元测试中,不会打包进apk.
public
class
AesUtilTest2 {
@Test
public void aesEncryptAndBase64() {
/
/
String str_Org
=
"aaabbbccc111222333"
;
String str_Org
=
"订阅地址 :如stompEndpointRegistry.addEndpoint(\"/endpointWechat\") 或使用@ServerEndpoint创建\n"
+
"容许跨域\n"
+
"是否开启SockJS支持\n"
+
"推送:声明SimpMessagingTemplate ,调用convertAndSend方法(或者使用@SendTo和@SendToUser注解)\n"
+
"一对一发送消息\n"
+
"Principal:身份验证和授权\n"
+
"stomp协议:STOMP即Simple (or Streaming) Text Orientated Messaging Protocol,简单(流)文本定向消息协议,它提供了一个可互操作的连接格式,允许STOMP客户端与任意STOMP消息代理(Broker)进行交互。\n"
+
"WebSocket(stomp服务端)"
;
String strEncrypt
=
AesUtil.aesEncrypt(str_Org,PluginsConfig.AES_KEY);
System.out.println(
"Aes加密后=\n"
+
strEncrypt);
/
/
base64
+
byte [] bytes_base64strEncrypt
=
org.apache.mina.util.Base64.encodeBase64(strEncrypt.getBytes());
String strEncryptAesBase64
=
new String(bytes_base64strEncrypt);
System.out.println(
"Aes+base64加密后=\n"
+
strEncryptAesBase64);
/
/
base64
-
byte[] bytes_needdecodeBase64
=
strEncryptAesBase64.getBytes();
byte[] bytes_decodeBase64
=
org.apache.mina.util.Base64.decodeBase64(bytes_needdecodeBase64);
/
/
String str_Decrypt
=
AesUtil.aesDecrypt(strEncrypt,PluginsConfig.AES_KEY);
String str_Decrypt
=
AesUtil.aesDecrypt(new String (bytes_decodeBase64),PluginsConfig.AES_KEY);
System.out.println(
"Aes解码后=\n"
+
str_Decrypt);
}
/
*
*
*
这里用于生成配置信息的aes
+
base64的加密数据
*
/
@Test
public void createConfWXsAesBase64String () {
/
/
String str_needToCreateVersion
=
"6.7.3"
;
/
/
配置版本
/
/
String str_needToCreateVersion
=
"7.0.14"
;
/
/
配置版本
String str_needToCreateVersion
=
"8.0.18"
;
/
/
配置版本
/
/
生成配置信息
ConfWXs confWXs
=
new ConfWXs();
switch (str_needToCreateVersion){
case PluginsConfig.wechat7_0_5:
setConfig705(confWXs);
break
;
case PluginsConfig.wechat7_0_14:
setConfig7014bak(confWXs);
break
;
case PluginsConfig.wechat8_0_18:
setConfig8018(confWXs);
break
;
default:
throw new UnsupportedOperationException(
" 不支持的版本 "
);
}
String str_Jsoon
=
new Gson().toJson(confWXs) ;
/
/
aes
+
String strEncrypt
=
AesUtil.aesEncrypt(str_Jsoon,PluginsConfig.AES_KEY);
/
/
与userId有关
System.out.println(
"Aes加密后=\n"
+
strEncrypt);
/
/
base64
+
byte [] bytes_base64strEncrypt
=
org.apache.mina.util.Base64.encodeBase64(strEncrypt.getBytes());
String strEncryptAesBase64
=
new String(bytes_base64strEncrypt);
System.out.println(
"Aes+base64加密后(即需要下发的密文)=\n"
+
strEncryptAesBase64);
/
/
=
=
=
=
=
=
=
=
从这里copy出aes
+
base64加密后的数据
/
/
base64
-
byte[] bytes_needdecodeBase64
=
strEncryptAesBase64.getBytes();
byte[] bytes_decodeBase64
=
org.apache.mina.util.Base64.decodeBase64(bytes_needdecodeBase64);
/
/
aes
-
String str_Decrypt
=
AesUtil.aesDecrypt(new String (bytes_decodeBase64),PluginsConfig.AES_KEY);
System.out.println(
"Aes解码后=\n"
+
str_Decrypt);
/
/
测试是否可以生成会对象
ConfWXs confWXs2
=
new Gson().fromJson(str_Decrypt,ConfWXs.
class
);
System.out.println(confWXs2.conf_chatRoom.abstract_Chartroom_d_method);
}
/
*
*
*
企业微信
*
/
@Test
public void createConfWXsAesBase64String705 () {
/
/
int
needToCreateVersion
=
12427
;
/
/
配置版本
/
/
int
needToCreateVersion
=
16463
;
/
/
配置版本
int
needToCreateVersion
=
18808
;
/
/
配置版本Wework_vc_4_0_0
/
/
生成配置信息
ConfWeworks confWeworks
=
new ConfWeworks();
switch (needToCreateVersion){
case WeworkConfig.Wework_vc_3_0_16:
setConfig3_0_16(confWeworks);
break
;
case WeworkConfig.Wework_vc_3_1_6:
setConfig7_0_14(confWeworks);
break
;
case WeworkConfig.Wework_vc_4_0_0:
setConfig4_0_0(confWeworks);
break
;
default:
throw new UnsupportedOperationException(
" 不支持的版本 "
);
}
...
}
/
/
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
private void setConfig705(ConfWXs config705) {
/
/
与setConfig8018 类似
}
/
/
wechatwechat7014
private void setConfig7014bak(ConfWXs config7014) {
/
/
与setConfig8018 类似
}
/
/
wechat7014
-
-
>wechat8018_2060
private void setConfig8018(ConfWXs config8018) {
/
/
设置CONF_COMM
/
/
通讯类
config8018.conf_comm.GET_COMM_MODEL_CLASS
=
"com.tencent.mm.model.aabh"
;
config8018.conf_comm.GET_COMM_MODEL_CLASS_init_method
=
"bwl"
;
...
config8018.conf_comm.COMM_CLASS_SEND_METHOD
=
"a"
;
/
/
场景抽象累NetSceneBase
config8018.conf_comm.COMM_CLASS_SEND_METHOD_PARA1_CLASSE
=
"com.tencent.mm.aao.p"
;
config8018.conf_comm.Wechat_md5Util
=
"com.tencent.mm.bb.g"
;
/
/
获取消息摘要getMessageDigest
config8018.conf_comm.Wechat_md5Util_bytesMD5_method
=
"getMessageDigest"
;
config8018.conf_comm.Wechat_md5Util_getMD5
=
"getMD5"
;
config8018.conf_chatRoom.Action_Chatroom_Qrcode_param5_Classe
=
"com.tencent.mm.network.bss"
;
/
/
创建群createchatroom
config8018.conf_chatRoom.CreateRoom_callback_Classe
=
"com.tencent.mm.chatroom.asd.k"
;
/
/
AccountStorage
config8018.conf_chatRoom.Get_ChatroomOpt_Obj_Class
=
"com.tencent.mm.model.c"
;
...
config8018.conf_lable.AddLable_callback_Class
=
"com.tencent.mm.plugin.label.b.a"
;
/
/
config8018.conf_lable.AddLable_callback_Class_listField
=
"Irs"
;
...
/
/
CONF_Message
/
/
VideoRunnable
config8018.conf_message.Action_VideoRunnable_Class
=
"com.tencent.mm.pluginsdk.model.aq"
;
/
/
接口interface
config8018.conf_message.Action_VideoRunnable_arg6_Class
=
"com.tencent.mm.pluginsdk.model.aq$a"
;
...
/
/
=
=
=
=
=
CONF_Sns
config8018.conf_sns.Wechat_protocal_protobuf_cdn_snsServerId_field
=
"Id"
;
config8018.conf_sns.Wechat_protocal_protobuf_cdn_xOe_field
=
"sZKy"
;
config8018.conf_sns.Wechat_protocal_protobuf_cdn_xOf_field
=
"ZKz"
;
/
/
=
=
=
CONF_Friend
config8018.conf_friend.WECHAT_getUserInfo_Class
=
"com.tencent.mm.model.aaz"
;
/
/
ConfigStorageLogic
config8018.conf_friend.WECHAT_getUserInfo_Class_getMyWechcatId
=
"buz"
;
...
/
/
typeByAddFriend
config8018.conf_friend.SearchFriendInfo_Class_typeByAddFriend_field
=
"ZaFu"
;
/
/
=
=
=
CONF_DB
config8018.conf_db.WECHAT_conversationOpt_CLASS
=
"com.tencent.mm.bbl.d"
;
...
}
}
public
class
AesUtilTest2 {
@Test
public void aesEncryptAndBase64() {
/
/
String str_Org
=
"aaabbbccc111222333"
;
String str_Org
=
"订阅地址 :如stompEndpointRegistry.addEndpoint(\"/endpointWechat\") 或使用@ServerEndpoint创建\n"
+
"容许跨域\n"
+
"是否开启SockJS支持\n"
+
"推送:声明SimpMessagingTemplate ,调用convertAndSend方法(或者使用@SendTo和@SendToUser注解)\n"
+
"一对一发送消息\n"
+
"Principal:身份验证和授权\n"
+
"stomp协议:STOMP即Simple (or Streaming) Text Orientated Messaging Protocol,简单(流)文本定向消息协议,它提供了一个可互操作的连接格式,允许STOMP客户端与任意STOMP消息代理(Broker)进行交互。\n"
+
"WebSocket(stomp服务端)"
;
String strEncrypt
=
AesUtil.aesEncrypt(str_Org,PluginsConfig.AES_KEY);
System.out.println(
"Aes加密后=\n"
+
strEncrypt);
/
/
base64
+
byte [] bytes_base64strEncrypt
=
org.apache.mina.util.Base64.encodeBase64(strEncrypt.getBytes());
String strEncryptAesBase64
=
new String(bytes_base64strEncrypt);
System.out.println(
"Aes+base64加密后=\n"
+
strEncryptAesBase64);
/
/
base64
-
byte[] bytes_needdecodeBase64
=
strEncryptAesBase64.getBytes();
byte[] bytes_decodeBase64
=
org.apache.mina.util.Base64.decodeBase64(bytes_needdecodeBase64);
/
/
String str_Decrypt
=
AesUtil.aesDecrypt(strEncrypt,PluginsConfig.AES_KEY);
String str_Decrypt
=
AesUtil.aesDecrypt(new String (bytes_decodeBase64),PluginsConfig.AES_KEY);
System.out.println(
"Aes解码后=\n"
+
str_Decrypt);
}
/
*
*
*
这里用于生成配置信息的aes
+
base64的加密数据
*
/
@Test
public void createConfWXsAesBase64String () {
/
/
String str_needToCreateVersion
=
"6.7.3"
;
/
/
配置版本
/
/
String str_needToCreateVersion
=
"7.0.14"
;
/
/
配置版本
String str_needToCreateVersion
=
"8.0.18"
;
/
/
配置版本
/
/
生成配置信息
ConfWXs confWXs
=
new ConfWXs();
switch (str_needToCreateVersion){
case PluginsConfig.wechat7_0_5:
setConfig705(confWXs);
break
;
case PluginsConfig.wechat7_0_14:
setConfig7014bak(confWXs);
break
;
case PluginsConfig.wechat8_0_18:
setConfig8018(confWXs);
break
;
default:
throw new UnsupportedOperationException(
" 不支持的版本 "
);
}
String str_Jsoon
=
new Gson().toJson(confWXs) ;
/
/
aes
+
String strEncrypt
=
AesUtil.aesEncrypt(str_Jsoon,PluginsConfig.AES_KEY);
/
/
与userId有关
System.out.println(
"Aes加密后=\n"
+
strEncrypt);
/
/
base64
+
byte [] bytes_base64strEncrypt
=
org.apache.mina.util.Base64.encodeBase64(strEncrypt.getBytes());
String strEncryptAesBase64
=
new String(bytes_base64strEncrypt);
System.out.println(
"Aes+base64加密后(即需要下发的密文)=\n"
+
strEncryptAesBase64);
/
/
=
=
=
=
=
=
=
=
从这里copy出aes
+
base64加密后的数据
/
/
base64
-
byte[] bytes_needdecodeBase64
=
strEncryptAesBase64.getBytes();
byte[] bytes_decodeBase64
=
org.apache.mina.util.Base64.decodeBase64(bytes_needdecodeBase64);
/
/
aes
-
String str_Decrypt
=
AesUtil.aesDecrypt(new String (bytes_decodeBase64),PluginsConfig.AES_KEY);
System.out.println(
"Aes解码后=\n"
+
str_Decrypt);
/
/
测试是否可以生成会对象
ConfWXs confWXs2
=
new Gson().fromJson(str_Decrypt,ConfWXs.
class
);
System.out.println(confWXs2.conf_chatRoom.abstract_Chartroom_d_method);
}
赞赏记录
参与人
雪币
留言
时间
Youlor
感谢你的贡献,论坛因你而更加精彩!
2024-9-15 02:00
伟叔叔
为你点赞~
2023-3-18 04:26
一笑人间万事
为你点赞~
2023-1-12 21:59
赞赏
他的文章
- dy逆向分析 10068
- app不同版本插件匹配的加密方式 6662
- [原创]RC4、Base64魔改看雪CTF-变形金刚学习笔记 15041
- [原创]企业微信逆向分析之——自己二维码——静态分析 14631
- [求助]转发微信视频或图片朋友圈是否可以不上传视频 12625
看原图
赞赏
雪币:
留言: