Reverse series | AES reverse encryption case analysis

AES encryption details

Introduction: the full name is advanced encryption standard (English Name: Advanced Encryption Standard), also known as Rijndael encryption method in cryptography, which is sponsored by the National Institute of standards and technology of the United States (NIST) was released in 2001 and became an effective standard in 2002. It is a block encryption standard adopted by the federal government of the United States. This standard is used to replace the original DES. It has been analyzed by many parties and widely used all over the world. It itself has only one key, which is used to realize encryption and decryption.

mode support

CBC, CFB, CTR, ctrgradman, ECB, OFB, etc.

padding support

ZeroPadding, noppadding, AnsiX923, Iso10126, Iso97971, Pkcs7, etc.

Basic parameters of encryption and decryption

In symmetric and asymmetric encryption algorithms, three parameters are often used: initial vector iv, encryption mode and padding. First, the meaning and function of the three parameters are introduced:

Initial vector iv

In cryptography, the initial vector, also known as the initial function, is used in combination with the key. As a means of encrypting data, it is a value of fixed length. The length of iv depends on the encryption method. It is usually equivalent to the length of the encryption key or password used. Generally, it is required to be a random number or quasi random number in the process of use, The initial vector generated by random number can achieve semantic security, which makes it difficult for attackers to crack the ciphertext that is consistent with the original text and generated with the same key.

Encryption mode

At present, the popular encryption and digital authentication algorithms adopt block encryption, which means that the encrypted plaintext is divided into fixed size data blocks, and then the cryptographic algorithm is executed., To get the ciphertext. Data blocks are usually of the same length as the key. The encryption mode is developed on the basis of the encryption algorithm, and can also exist independently of the encryption algorithm. The encryption mode defines how to convert plaintext larger than one data block size into ciphertext by reusing the encryption algorithm, and describes the process of encrypting each data block. At present, the more used encryption modes are CBC, ECB, PBC, CFB, OFB and CTR.

Filling method: padding

Block ciphers can only process data of a certain length, and the length of messages is usually variable. Therefore, the last piece of data in some modes needs to be filled before encryption. There are several filling methods, the simplest of which is to fill empty characters at the end of plaintext so that their length is an integer multiple of block data. The common filling methods are as follows: PKCS7, PKCSS, ZeroPadding, ISO10126 and ANSIX923.

JavaScript encryption

// Reference crypto JS encryption module
 var CryptoJS = require('crypto-js')

 function tripleAesEncrypt() {
     var key = CryptoJS.enc.Utf8.parse(aesKey),
         iv = CryptoJS.enc.Utf8.parse(aesIv),
         srcs = CryptoJS.enc.Utf8.parse(text),
         // CBC encryption mode, Pkcs7 filling mode
         encrypted = CryptoJS.AES.encrypt(srcs, key, {
             iv: iv,
             mode: CryptoJS.mode.CBC,
             padding: CryptoJS.pad.Pkcs7
         });
     return encrypted.toString();
 }

 function tripleAesDecrypt() {
     var key = CryptoJS.enc.Utf8.parse(aesKey),
         iv = CryptoJS.enc.Utf8.parse(aesIv),
         srcs = encryptedData,
         // CBC encryption mode, Pkcs7 filling mode
         decrypted = CryptoJS.AES.decrypt(srcs, key, {
             iv: iv,
             mode: CryptoJS.mode.CBC,
             padding: CryptoJS.pad.Pkcs7
         });
     return decrypted.toString(CryptoJS.enc.Utf8);
 }

 var text = "I love Python!"       // Object to be encrypted
 var aesKey = "6f726c64f2c2057c"   // Key, 16 multiples
 var aesIv = "0123456789ABCDEF"    // Offset, 16 multiples

 var encryptedData = tripleAesEncrypt()
 var decryptedData = tripleAesDecrypt()

 console.log("Encrypted string: ", encryptedData)
 console.log("Decrypt string: ", decryptedData)

 // Encrypted string: dZL7TLJR786VGvuUvqYGoQ==
 // Decryption string: I love Python!

python implementation

import base64
from Cryptodome.Cipher import ARC4


def rc4_encrypt(key, t):
    enc = ARC4.new(key.encode('utf8'))
    res = enc.encrypt(t.encode('utf-8'))
    res = base64.b64encode(res)
    return res


def rc4_decrypt(key, t):
    data = base64.b64decode(t)
    enc = ARC4.new(key.encode('utf8'))
    res = enc.decrypt(data)
    return res


if __name__ == "__main__":
    secret_key = '12345678'   # secret key
    text = 'I love Python!'   # Encrypted object
    encrypted_str = rc4_encrypt(secret_key, text)
    print('Encrypted string:', encrypted_str)
    decrypted_str = rc4_decrypt(secret_key, encrypted_str)
    print('Decryption string:', decrypted_str)


# Encrypted string: b'8tNVu3/U/veJR2KgyBw = '
# Decryption string: b'I love Python! '

case analysis

Target website: aHR0cDovL2p6c2MubW9odXJkLmdvdi5jbi9kYXRhL2NvbXBhbnk=

The analysis shows that the enterprise data is loaded through Ajax and encrypted. From past experience, the content before encryption should be json data, and the encryption method of data can not be seen. Therefore, general json data can search json Parse found the object code.

Through the global search, we found a total of three available codes. Through debugging and analysis, we found the app 84b2e728. JS is the target file.

Place a breakpoint at the suspicious code for debugging:

The variable E is the decrypted data, and the observation statement var e = JSON parse(h(t.data)); , Following the H function directly, you can see the obvious AES encryption:

It can be seen from the above figure that variable r is the data before encryption and variable t is the data after encryption.

function h(t) {
            var e = d.a.enc.Hex.parse(t)
              , n = d.a.enc.Base64.stringify(e)
              , a = d.a.AES.decrypt(n, f, {
                iv: m,
                mode: d.a.mode.CBC,
                padding: d.a.pad.Pkcs7
            })
              , r = a.toString(d.a.enc.Utf8);
            return r.toString()
        }

The encryption mode is CBC, the filling mode is pkcs7, and the missing values of offset m and f can be found above.

f = d.a.enc.Utf8.parse("jo8j9wGw%6HbxfFn")
m = d.a.enc.Utf8.parse("0123456789ABCDEF")

In python, you need to introduce CryptoJS and rewrite this function.

Keywords: Python crawler Python crawler security Web Security

Added by WiseGuy on Wed, 29 Dec 2021 17:15:47 +0200