记录一下前端算法的学习
js分析
首先搜索encSecKey
在core_xxxxxx.js中,查看一下
encSecKey一共有三处结果,其中第一处在js中说明了params也就是encText是由方法b得到,encSecKey由方法c得到
var maxDigits, ZERO_ARRAY, bigZero, bigOne, dpl10, lr10, hexatrigesimalToChar, hexToChar, highBitMasks, lowBitMasks, biRadixBase = 2, biRadixBits = 16, bitsPerDigit = biRadixBits, biRadix = 65536, biHalfRadix = biRadix >>> 1, biRadixSquared = biRadix * biRadix, maxDigitVal = biRadix - 1, maxInteger = 9999999999999998;
setMaxDigits(20),
dpl10 = 15,
lr10 = biFromNumber(1e15),
hexatrigesimalToChar = new Array("0","1","2","3","4","5","6","7","8","9","a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z"),
hexToChar = new Array("0","1","2","3","4","5","6","7","8","9","a","b","c","d","e","f"),
highBitMasks = new Array(0,32768,49152,57344,61440,63488,64512,65024,65280,65408,65472,65504,65520,65528,65532,65534,65535),
lowBitMasks = new Array(0,1,3,7,15,31,63,127,255,511,1023,2047,4095,8191,16383,32767,65535);
!function() {
function a(a) {
var d, e, b = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789", c = "";
for (d = 0; a > d; d += 1)
e = Math.random() * b.length,
e = Math.floor(e),
c += b.charAt(e);
return c
}
function b(a, b) {
var c = CryptoJS.enc.Utf8.parse(b)
, d = CryptoJS.enc.Utf8.parse("0102030405060708")
, e = CryptoJS.enc.Utf8.parse(a)
, f = CryptoJS.AES.encrypt(e, c, {
iv: d,
mode: CryptoJS.mode.CBC
});
return f.toString()
}
function c(a, b, c) {
var d, e;
return setMaxDigits(131),
d = new RSAKeyPair(b,"",c),
e = encryptedString(d, a)
}
function d(d, e, f, g) {
var h = {}
, i = a(16);
return h.encText = b(d, g),
h.encText = b(h.encText, i),
h.encSecKey = c(i, e, f),
h
}
function e(a, b, d, e) {
var f = {};
return f.encText = c(a + e, b, d),
f
}
window.asrsea = d,
window.ecnonasr = e
}();b是AES,c是RSA,然后我们下断点来分析传入参数:
this: Window
d: "{"rid":"R_SO_4_2061978961","threadId":"R_SO_4_2061978961","pageNo":"1","pageSize":"20","cursor":"-1","offset":"0","orderType":"1","csrf_token":""}"
e: "010001"
f: "00e0b509f6259df8642dbc35662901477df22677ec152b5ff68ace615bb7b725152b3ab17a876aea8a5aa76d2e417629ec4ee341f56135fccf695280104e0312ecbda92557c93870114af6c9d05c4f7f0c3685b7a46bee255932575cce10b424d813cfe4875d3e82047b97ddef52741d546b8e289dc6935b3ece0462db0a22b8e7"
g: "0CoJUm6Qyw8W8jud"d是明文,e是RSA公钥指数e,g是密钥,encText进行了两次AES加密,第一次是密钥g,第二次则是调用a获取了16位随机数,然后用这个随机数作为密钥对加密后的密文进行二次加密。
function a(a) {
var d, e, b = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789", c = "";
for (d = 0; a > d; d += 1)
e = Math.random() * b.length,
e = Math.floor(e),
c += b.charAt(e);
return c
} function b(a, b) {
var c = CryptoJS.enc.Utf8.parse(b)
, d = CryptoJS.enc.Utf8.parse("0102030405060708")
, e = CryptoJS.enc.Utf8.parse(a)
, f = CryptoJS.AES.encrypt(e, c, {
iv: d,
mode: CryptoJS.mode.CBC
});
return f.toString()
}理论验证
第一步加密:
参数iv在b方法中已经有了,即0102030405060708,而这个密钥g是不变的,都是一样的g: "0CoJUm6Qyw8W8jud"
第二步加密:
我们用生成的16位随机数,上面断点测试里的i='6Mjc1USUwVotpmmg'做密钥重新加密:
rv/2nZ65iJ6nSJ5cMLjtrCiIHP9hUOgGjnuMaKPXraKUDgjcZMcbFciWMQekT3d7xY1vFdqoTs6FNkcq3IDIoGbweRcWVd6lvhHH9/LBifwIPiKASNy/QUkSbTvYoacP2pZ4NFJF/r5e5OeaBfjmDBOnCvuGDbDaYqhaxJSdU6BWBHrmjPsw48yhTQgIbhT6G3JT0AJgx897z0RcSHoB0jW36ntRlzjkssHZKzKcGLMwALeluY+SdSu3ogKgiQ/fMMI2kEFtcrXcxbUF/AwvLCeT9yDttHeODDJyhDnouDA=
和图片里的encText一样
encSecKey在方法d中可以看到是调用c方法:c(i,e,f)
i:16位随机数,e:指数,f:公钥
然后我们直接借助源文件中的各种声明函数再写一个加密就好了
var n = "00e0b509f6259df8642dbc35662901477df22677ec152b5ff68ace615bb7b725152b3ab17a876aea8a5aa76d2e417629ec4ee341f56135fccf695280104e0312ecbda92557c93870114af6c9d05c4f7f0c3685b7a46bee255932575cce10b424d813cfe4875d3e82047b97ddef52741d546b8e289dc6935b3ece0462db0a22b8e7";
var e = "010001";
var a = "a9txe8uybyUI8mN3";
function enc(a, b, c) {
var d, e;
setMaxDigits(131);
d = new RSAKeyPair(b,"",c);
e = encryptedString(d, a);
return e;
}
console.log(enc(a,e,n));18c2ad34bd59063138805e40622403cc813a2891241799b50b49f7d5e8090c99af51fce9b743a53fe0ce86ad797153a0035dad823ac8a38bae43a77bdd271ae7372bdcaa8a67e6a1baf04cdffe276225842a2282e45b78eb954137fca362096403bef24576948400726e197ab2bd2bf7a6b5559b5a9436228ad9e941eef6d83c
