安卓逆向中常见的加密算法

1、接口中的方法

根据调用关系，找到接口中的方法。

interface IRequest{
    public void send(String url);
}

class Context{
    public IRequest req;

    public Context(IRequest req){
        this.req = req;
    }

    public void doRequest(){
        String url = "/click/android2/"
        this.req.send(url);
    }
}

public class Hello{
    public static void main(String[] args){

    }
}

当我们通过关键字"/click/android2/"定位到了13行doRequest方法中，可以发现调用了接口中的send方法，我们可以从两个方面去思考：

• 思路1：寻找实现了IRequest接口的类
• 思路2：谁传入的req？

2、隐藏的字节

注意：一个汉字表示3个字节

String v4 = new String(new byte[]{-26, -83, -90, -26, -78, -101, -23, -67, -112});

3、UUID

import java.util.UUID;

public class Hello{
    public static void main(String[] args){
        String uid = UUID.randomUUID().toString();
        System.out.println(uid);
    }
}

4、随机值

import java.math.BigInteger;
import java.security.SecureRandom;

public class Hello{
    public static void main(String[] args){
        // 随机生成80位，10个字节
        BigInteger v4 = new BigInteger(80, new SecureRandom());
        // 让字节以16进制展示
        String res = v4.toString(16);
        System.out.println(res);

    }
}

在python中表示：

import random
# python中的16进制会有0x前缀，所以使用切片[2:]
open_udid = "".join([hex(i)[2:] for i in random.randbytes(10)])
print(open_udid)

5、时间戳

public class Hello{
    public static void main(String[] args){
        // 生成秒级别
        String t1 = String valueOf(System.currentTimeMillis() / 1000);
        // 生成毫秒级别
        String t2 = String valueOf(System.currentTimeMillis());

        System.out.println(t1);
        System.out.println(t2);
    }
}

6、十六进制字符串

import java.util.Arrays;

public class Hello {
    public static void main(String[] args) {
        String name = "小猪佩奇";
        byte[] nameBytes = name.getBytes();
        
        // [-27, -80, -113, -25, -116, -86, -28, -67, -87, -27, -91, -121]
        System.out.println(Arrays.toString(nameBytes));
        StringBuilder sb = new StringBuilder();
        for(int i = 0;i < nameBytes.length; i++){
            int val = nameBytes[i] & 255;           // 负数转化为正数
            if(val < 16){
                sb.append("0");
            }
            sb.append(Integer.toHexString(val));
        }
        String res = sb.toString();     // e5b08fe78caae4bda9e5a587
        System.out.println(res);
    }
}

使用python实现：

name = "小猪佩奇"

data_list = []
for item in name.encode('utf-8'):
    val = hex(item)		# 将字节转化为16进制
    data = val[2:].zfill(2)	# 去掉前缀0x, 不足两位的补上
    data_list.append(data)

result = ''.join(data_list)
print(result)

七、base64

import java.util.Base64;

public class base64 {
    public static void main(String[] args) {
        String name = "小猪佩奇";
        // 加密
        Base64.Encoder encoder = Base64.getEncoder();
        String res = encoder.encodeToString(name.getBytes());
        System.out.println(res);    // 5bCP54yq5L2p5aWH

        // 解密
        Base64.Decoder decoder = Base64.getDecoder();
        byte[] origin = decoder.decode(res);
        String data = new String(origin);
        System.out.println(data);
    }
}

用python实现：

import base64

name = "小猪佩奇"
# 加密
res = base64.b64encode(name.encode('utf-8')).decode('utf-8')
# 解密
print(base64.b64decode(res.encode('utf-8')).decode('utf-8'))

八、md5加密

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;

public class base64 {
    public static void main(String[] args) throws NoSuchAlgorithmException {
        String name = "小猪佩奇";

        MessageDigest instance = MessageDigest.getInstance("MD5");
        instance.update("xxxxxx".getBytes());               // 加盐
        byte[] nameBytes = instance.digest(name.getBytes());    // 返回字节数组

        System.out.println(Arrays.toString(nameBytes));

        String res = new String(nameBytes);
        System.out.println(res);

        // 十六进制展示
        StringBuilder sb = new StringBuilder();
        for(int i = 0;i < nameBytes.length; i++){
            int val = nameBytes[i] & 255;
            if(val < 16){
                sb.append("0");
            }
            sb.append(Integer.toHexString(val));
        }
        String hexData = sb.toString();
        System.out.println(hexData);
    }
}

用python表示为：

from hashlib import md5

name = "小猪佩奇"
obj = md5()
obj.update(name.encode('utf-8'))

res = obj.digest()      # 返回字节字符串
print(res)
res = obj.hexdigest()   # 返回的是16进制字节字符串
print(res)

九、sha-256加密

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;

public class base64 {
    public static void main(String[] args) throws NoSuchAlgorithmException {
        String name = "小猪佩奇";

        MessageDigest instance = MessageDigest.getInstance("sha-256");
        instance.update("xxxxxx".getBytes());               // 加盐
        byte[] nameBytes = instance.digest(name.getBytes());    // 返回字节数组

        System.out.println(Arrays.toString(nameBytes));

        String res = new String(nameBytes);
        System.out.println(res);

        // 十六进制展示
        StringBuilder sb = new StringBuilder();
        for(int i = 0;i < nameBytes.length; i++){
            int val = nameBytes[i] & 255;
            if(val < 16){
                sb.append("0");
            }
            sb.append(Integer.toHexString(val));
        }
        String hexData = sb.toString();
        System.out.println(hexData);
    }
}

用python表示为：

from hashlib import md5

name = "小猪佩奇"
obj = md5()
obj.update(name.encode('utf-8'))

res = obj.digest()      # 返回字节字符串
print(res)
res = obj.hexdigest()   # 返回的是16进制字节字符串
print(res)

十、aes加密

import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;

public class base64 {
    public static void main(String[] args) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
        String name = "小猪佩奇";
        String key = "fd6b639dbcff0c2a1b03b389ec763c4b";
        String iv = "77b07a672d57d64c";

        // 加密
        byte[] raw = key.getBytes();
        SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES");
        IvParameterSpec ivSpec = new IvParameterSpec(iv.getBytes());

        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        cipher.init(Cipher.ENCRYPT_MODE, skeySpec, ivSpec);
        byte[] encrypted = cipher.doFinal(name.getBytes());

        System.out.println(Arrays.toString(encrypted));
    }
}

用python表示为：

from Crypto.Cipher import AES
from Crypto.Util.Padding import pad

name = "小猪佩奇"
key = "fd6b639dbcff0c2a1b03b389ec763c4b"
iv = "77b07a672d57d64c"

aes = AES.new(key=key.encode('utf-8'), iv=iv.encode('utf-8'), mode=AES.MODE_CBC)
name = pad(name.encode('utf-8'), 16)
res = aes.encrypt(name)
print(res)

十一、gzip压缩

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.util.Arrays;
import java.util.zip.GZIPInputStream;
import java.util.zip.GZIPOutputStream;

public class base64 {
    public static void main(String[] args) throws IOException {
        // 压缩
        String name = "小猪佩奇";

        ByteArrayOutputStream v0_1 = new ByteArrayOutputStream();
        GZIPOutputStream v1 = new GZIPOutputStream((v0_1));
        v1.write(name.getBytes());
        v1.close();

        byte[] arg6 = v0_1.toByteArray();   // gzip压缩后
        System.out.println(Arrays.toString(arg6));

        // 解压缩
        ByteArrayOutputStream out = new ByteArrayOutputStream();
        ByteArrayInputStream in = new ByteArrayInputStream(arg6);
        GZIPInputStream ungzip = new GZIPInputStream(in);
        byte[] buffer = new byte[256];
        int n;
        while((n = ungzip.read(buffer)) >= 0){
            out.write(buffer, 0, n);
        }
        byte[] res = out.toByteArray();
        System.out.println(out.toString("utf-8"));
    }
}

用python表示为：

import gzip

# 压缩
name = "小猪佩奇"
s_in = name.encode("utf-8")
s_out = gzip.compress(s_in)
print([i for i in s_out])

# 解压缩
res = gzip.decompress(s_out)
print(res)
print(res.decode('utf-8'))