-
-
app不同版本插件匹配的加密方式
-
2022-1-21 17:16 5730
-
配置信息的加密方式
配置信息加密后,需要还原,所有需要采用可逆的加密方式,我这里采用:AES+魔改Base64(魔改作用你懂得)
1:AES密钥唯一,不同的UserId采用不同的密钥,比如采用:特殊字符+微信账号
2:配置信息通过网络发放,web后台根据UserId下发配置信息。
3:其中额外的Base64加密,是方便网络传输、和调试。因为AES加密会产生不可见字符。
4:魔改的Base64 ,不方便发布。在此先用apache的Base64替代。(其实魔改也是采用apache的Base64修改了字符表而已。)
#jadx查看插件代码
#配置生成代码
下发的配置可以临时存放在本来文件、或变量,方便测试。
#大概代码
生成配置信息的模拟代码如测试用例AesUtilTest2 类的方法createConfWXsAesBase64String705。为了方便调试,这部分代码在android工程的单元测试中,不会打包进apk.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 | public class AesUtilTest2 { @Test public void aesEncryptAndBase64() { / / String str_Org = "aaabbbccc111222333" ; String str_Org = "订阅地址 :如stompEndpointRegistry.addEndpoint(\"/endpointWechat\") 或使用@ServerEndpoint创建\n" + "容许跨域\n" + "是否开启SockJS支持\n" + "推送:声明SimpMessagingTemplate ,调用convertAndSend方法(或者使用@SendTo和@SendToUser注解)\n" + "一对一发送消息\n" + "Principal:身份验证和授权\n" + "stomp协议:STOMP即Simple (or Streaming) Text Orientated Messaging Protocol,简单(流)文本定向消息协议,它提供了一个可互操作的连接格式,允许STOMP客户端与任意STOMP消息代理(Broker)进行交互。\n" + "WebSocket(stomp服务端)" ; String strEncrypt = AesUtil.aesEncrypt(str_Org,PluginsConfig.AES_KEY); System.out.println( "Aes加密后=\n" + strEncrypt); / / base64 + byte [] bytes_base64strEncrypt = org.apache.mina.util.Base64.encodeBase64(strEncrypt.getBytes()); String strEncryptAesBase64 = new String(bytes_base64strEncrypt); System.out.println( "Aes+base64加密后=\n" + strEncryptAesBase64); / / base64 - byte[] bytes_needdecodeBase64 = strEncryptAesBase64.getBytes(); byte[] bytes_decodeBase64 = org.apache.mina.util.Base64.decodeBase64(bytes_needdecodeBase64); / / String str_Decrypt = AesUtil.aesDecrypt(strEncrypt,PluginsConfig.AES_KEY); String str_Decrypt = AesUtil.aesDecrypt(new String (bytes_decodeBase64),PluginsConfig.AES_KEY); System.out.println( "Aes解码后=\n" + str_Decrypt); } / * * * 这里用于生成配置信息的aes + base64的加密数据 * / @Test public void createConfWXsAesBase64String () { / / String str_needToCreateVersion = "6.7.3" ; / / 配置版本 / / String str_needToCreateVersion = "7.0.14" ; / / 配置版本 String str_needToCreateVersion = "8.0.18" ; / / 配置版本 / / 生成配置信息 ConfWXs confWXs = new ConfWXs(); switch (str_needToCreateVersion){ case PluginsConfig.wechat7_0_5: setConfig705(confWXs); break ; case PluginsConfig.wechat7_0_14: setConfig7014bak(confWXs); break ; case PluginsConfig.wechat8_0_18: setConfig8018(confWXs); break ; default: throw new UnsupportedOperationException( " 不支持的版本 " ); } String str_Jsoon = new Gson().toJson(confWXs) ; / / aes + String strEncrypt = AesUtil.aesEncrypt(str_Jsoon,PluginsConfig.AES_KEY); / / 与userId有关 System.out.println( "Aes加密后=\n" + strEncrypt); / / base64 + byte [] bytes_base64strEncrypt = org.apache.mina.util.Base64.encodeBase64(strEncrypt.getBytes()); String strEncryptAesBase64 = new String(bytes_base64strEncrypt); System.out.println( "Aes+base64加密后(即需要下发的密文)=\n" + strEncryptAesBase64); / / = = = = = = = = 从这里copy出aes + base64加密后的数据 / / base64 - byte[] bytes_needdecodeBase64 = strEncryptAesBase64.getBytes(); byte[] bytes_decodeBase64 = org.apache.mina.util.Base64.decodeBase64(bytes_needdecodeBase64); / / aes - String str_Decrypt = AesUtil.aesDecrypt(new String (bytes_decodeBase64),PluginsConfig.AES_KEY); System.out.println( "Aes解码后=\n" + str_Decrypt); / / 测试是否可以生成会对象 ConfWXs confWXs2 = new Gson().fromJson(str_Decrypt,ConfWXs. class ); System.out.println(confWXs2.conf_chatRoom.abstract_Chartroom_d_method); } / * * * 企业微信 * / @Test public void createConfWXsAesBase64String705 () { / / int needToCreateVersion = 12427 ; / / 配置版本 / / int needToCreateVersion = 16463 ; / / 配置版本 int needToCreateVersion = 18808 ; / / 配置版本Wework_vc_4_0_0 / / 生成配置信息 ConfWeworks confWeworks = new ConfWeworks(); switch (needToCreateVersion){ case WeworkConfig.Wework_vc_3_0_16: setConfig3_0_16(confWeworks); break ; case WeworkConfig.Wework_vc_3_1_6: setConfig7_0_14(confWeworks); break ; case WeworkConfig.Wework_vc_4_0_0: setConfig4_0_0(confWeworks); break ; default: throw new UnsupportedOperationException( " 不支持的版本 " ); } ... } / / = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = private void setConfig705(ConfWXs config705) { / / 与setConfig8018 类似 } / / wechatwechat7014 private void setConfig7014bak(ConfWXs config7014) { / / 与setConfig8018 类似 } / / wechat7014 - - >wechat8018_2060 private void setConfig8018(ConfWXs config8018) { / / 设置CONF_COMM / / 通讯类 config8018.conf_comm.GET_COMM_MODEL_CLASS = "com.tencent.mm.model.aabh" ; config8018.conf_comm.GET_COMM_MODEL_CLASS_init_method = "bwl" ; ... config8018.conf_comm.COMM_CLASS_SEND_METHOD = "a" ; / / 场景抽象累NetSceneBase config8018.conf_comm.COMM_CLASS_SEND_METHOD_PARA1_CLASSE = "com.tencent.mm.aao.p" ; config8018.conf_comm.Wechat_md5Util = "com.tencent.mm.bb.g" ; / / 获取消息摘要getMessageDigest config8018.conf_comm.Wechat_md5Util_bytesMD5_method = "getMessageDigest" ; config8018.conf_comm.Wechat_md5Util_getMD5 = "getMD5" ; config8018.conf_chatRoom.Action_Chatroom_Qrcode_param5_Classe = "com.tencent.mm.network.bss" ; / / 创建群createchatroom config8018.conf_chatRoom.CreateRoom_callback_Classe = "com.tencent.mm.chatroom.asd.k" ; / / AccountStorage config8018.conf_chatRoom.Get_ChatroomOpt_Obj_Class = "com.tencent.mm.model.c" ; ... config8018.conf_lable.AddLable_callback_Class = "com.tencent.mm.plugin.label.b.a" ; / / config8018.conf_lable.AddLable_callback_Class_listField = "Irs" ; ... / / CONF_Message / / VideoRunnable config8018.conf_message.Action_VideoRunnable_Class = "com.tencent.mm.pluginsdk.model.aq" ; / / 接口interface config8018.conf_message.Action_VideoRunnable_arg6_Class = "com.tencent.mm.pluginsdk.model.aq$a" ; ... / / = = = = = CONF_Sns config8018.conf_sns.Wechat_protocal_protobuf_cdn_snsServerId_field = "Id" ; config8018.conf_sns.Wechat_protocal_protobuf_cdn_xOe_field = "sZKy" ; config8018.conf_sns.Wechat_protocal_protobuf_cdn_xOf_field = "ZKz" ; / / = = = CONF_Friend config8018.conf_friend.WECHAT_getUserInfo_Class = "com.tencent.mm.model.aaz" ; / / ConfigStorageLogic config8018.conf_friend.WECHAT_getUserInfo_Class_getMyWechcatId = "buz" ; ... / / typeByAddFriend config8018.conf_friend.SearchFriendInfo_Class_typeByAddFriend_field = "ZaFu" ; / / = = = CONF_DB config8018.conf_db.WECHAT_conversationOpt_CLASS = "com.tencent.mm.bbl.d" ; ... } } |
[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法
赞赏
他的文章
dy逆向分析
8778
app不同版本插件匹配的加密方式
5731
看原图