Shulou(Shulou.com)06/01 Report--

This article shows you how to analyze RSA and XXTEA in JS encryption. The content is concise and easy to understand, which will definitely brighten your eyes. I hope you can get something through the detailed introduction of this article.

The website to be studied this time uses rsa encryption and xxtea.

Let's first review the basic version of the debugging process described in the previous article:

If the page is redirected, you must check preservelog to prevent packet loss.

Check to see if there is a framework to right view the frame source code (pop-up login interface)

Login try to use the wrong password to prevent redirection.

View key landing packages and analyze which parameters are encrypted

Use another browser to analyze which parameters are fixed values

Preliminary guess on encryption method

Search

Direct search for parameters

Pwd=

Pwd =

Pwd:

Pwd:

Right-click in the password box to check and view id name type

Find the encrypted place (key point)

Debug

Find all the encryption codes.

Start from the last step and find what you need.

If you are looking for a function, search should bring function xxx.

If you see a class in the encrypted place, and then add the method to the native object using prototype, set the

Find out all the methods added to the native object

It doesn't matter if you find too much of the function, as long as you don't report an error, it won't affect the result, but you can't find less.

The above is the core process of debugging in the previous article, and then we will continue to practice it with a practical case.

RSA

Take a look at the encryption parameters to be parsed, and remember the first few points of the process:

Next, search for parameters and analyze js files that may have encrypted code:

Tried the possible parameter names listed in the above process, and found no useful information, so try to directly search the password keyword, find a file that may be related to login, and search for suspected encryption codes:

Try to test a breakpoint first:

Successfully enter the breakpoint next, is what is missing to find what to make up on it, we strongly recommend that you download a webstorm to facilitate debugging.

Let's first fill in the values in the code and run to see what the error report is:

According to the error report, let's find out where the RSAKey is here. We don't know how to find the corresponding code by hovering the mouse over the corresponding position.

You can do it repeatedly, and find out what is missing until there is no error in the js file.

Summary

Xianyu found some simple websites, looked at the corresponding RSA encryption methods, and summarized the following routines:

General rsa encryption usually declares a rsa object first.

Local use of public key encryption, namely public key

There is usually an Encrypt keyword

The character length after encryption is 128 or 256 bits.

The combination of the above routines can help us to quickly judge the encryption mode, and it is convenient for us to sort out the decryption ideas.

XXTEA

"Micro encryption algorithms (TEA) and their associated variants (XTEA,Block TEA,XXTEA) are block encryption algorithms that are easy to describe and easy to implement (typical lines of code).

XXTEA is the latest variety, which was proposed in 1998. No one has yet found a way to attack it, which is an improvement on some of the previous variants. The XXTEA algorithm is very secure and very fast, so it is very suitable for Web development.

The above quote is from https://my.oschina.net/mickelfeng/blog/109388

After introducing XXTEA, let's take a look at what the encryption case website looks like:

You can see that the transmitted parameters are all encrypted ciphertext. For this kind of encryption, we can refer to the id,class in the submission form. After viewing the id of the password box, search pass globally:

If you find the location of the suspected code, you can test it with a breakpoint if you are not sure, and confirm the encrypted location by sending the breakpoint:

The next step is the process of making up for what is missing. After decryption, it is found that the encryption process of this website is a xxtea.base64 encryption.

The above content is how to analyze RSA and XXTEA in JS encryption. Have you learned any knowledge or skills? If you want to learn more skills or enrich your knowledge reserve, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.