AES和DES
- AES和DES对称加密,是一种比较传统的加密方式,其加密运算、解密运算使用的是同样的密钥,信息的发送者。
- 和信息的接收者在进行信息的传输与处理的时候,必须共同持有该密钥(称为对称密码),是一种对称加密算法。
- 对称
加密用的是encrypt()函数,解密用的是decrypt()函数。如果数据有明显的加密一般可以搜索decrypt来找到解密的位置。
AES与DES的区别
- 加密后密文长度不同
- DES加密后密文长度是8的整数倍
- AES加密后密文的长度是16的整数倍
- 安全度不同
- 一般情况下DES足够安全
- 如果要求高可以使用AES
- DES和AES切换只需要修改CryptoJS.DES→CryptoJS.AES
案例一:
天津市公共资源交易平台:ggzy.zwfwb.tj.gov.cn/jyxxzfcg/in… 点击页面的子链接会发现,获取的链接ID与实际请求链接的ID是不一样的
#html中的链接,获取的ID是1083835
<a url="http://ggzy.zwfwb.tj.gov.cn:80/jyxxzcgz/1083835.jhtml" target="_blank">
#真实获得请求的ID是这样的 lZPxIVPouKDd26MnYaXOXg
http://ggzy.zwfwb.tj.gov.cn/jyxxzcgz/lZPxIVPouKDd26MnYaXOXg.jhtml
逆向代码:
const CryptoJS = require("crypto-js");
function link_tn(hh){
var aa = hh.split("/");
var aaa = aa.length;
var bbb = aa[aaa - 1].split('.');
var ccc = bbb[0];
var s="qnbyzzwmdgghmcnm"
var srcs = CryptoJS.enc.Utf8.parse(ccc);
var k = CryptoJS.enc.Utf8.parse(s);
var en = CryptoJS.AES.encrypt(srcs, k, {
mode: CryptoJS.mode.ECB,
padding: CryptoJS.pad.Pkcs7
});
var ddd = en.toString();
ddd = ddd.replace(/\//g, "^");
ddd = ddd.substring(0, ddd.length - 2);
var bbbb = ddd + '.' + bbb[1];
aa[aaa - 1] = bbbb;
var uuu = '';
for (i = 0; i < aaa; i++) {
uuu += aa[i] + '/'
}
uuu = uuu.substring(0, uuu.length - 1)
return uuu
}
url="http://ggzy.zwfwb.tj.gov.cn:80/jyxxxqgg/1083831.jhtml"
console.log(link_tn(url));
案例二:
全国建筑市场监管公共服务平台:jzsc.mohurd.gov.cn/data/compan…
获取难点:获取的数据都是加密的,所以获取的步骤如下:
1.通过请求体数据和链接发起请求
2.(加密)响应体
3.再将加密的数据进行解密
4.得出解密数据
常见的加密可以通过关键词搜索的方法来确认,进行全局搜索关键词decrypt,进行定位加解密位置。
再者可以通过搜索JSON.parse因为加密数据是需要再次转换回明文的,很可能需要进行转换。 jz.js
const CryptoJS = require("crypto-js"); //导入模块
//d={a:CryptoJS} ,下面代码中的d.a就可以用CryptoJS来代替
function b(t) {
f = CryptoJS.enc.Utf8.parse("jo8j9wGw%6HbxfFn") //先定了一个值
m = CryptoJS.enc.Utf8.parse("0123456789ABCDEF");
console.log(f);
console.log(m);
//[1785673834, 964118391, 624314466, 2019968622] f
//[808530483, 875902519, 943276354, 1128547654] m
f = CryptoJS.enc.Utf8.parse("Dt8j9wGw%6HbxfFn"); //后续对f值进行了修改
console.log(f);
var e = CryptoJS.enc.Hex.parse(t) //这里的d.a就是d={a:CryptoJS}定义之后的CryptoJS
, n = CryptoJS.enc.Base64.stringify(e)
, a = CryptoJS.AES.decrypt(n, f, {
iv: m,
mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.Pkcs7
})
, r = a.toString(CryptoJS.enc.Utf8);
//Error: Malformed UTF-8 data,说明传入的数据是有问题的
return r.toString()
}
data = "5588a9e126c91a28cc2f6813e3793369c25469a35a79a5541917e64a1f6f6af3b007f2317f40bc5a73d2b225a7bcf520ba04c039d08ae0e89b926b92cf12d835aca3b29576f8c796f1cbf11aff2c75ec6240235cbbe13967d39bb4ce37b9f7d52abef0ad1d1991c542001f347687101405ce70604ed44e79102c29ab72106d30f1b13f2387c974210141c4e722a9692bfdca4e17b7c2ad02ad630a1dfb0fe552b218d4facfebd7df53eb81f22a2938d09d9157a1afcd85500f3603b966c81c6b146e6d04a6389fcfec856929cb8b8617028389968d4a74ea3bb45e416f1ce1313d94ebaa89d1c7851d3574fd899692db6a02c593bb06b729494c069bcc06c5fa2f889316d71d63d131cd513b6aa73dec72fdbb4cbdf488cdb6429c19411f4d624d0a24d288db3b5630941318216ad6c3ab09d0af882d301c3e8c431d7c7ce270354924ad34e4a775ce88715ac9895163f8aa1741170f9af90836aa1df4d3659a2705ceb4832cd571e899fc6293be72da400848493ef9ab9668ab65f848bcd0e16dbcac502675c5cf500f38745c1d44f1c9913645b27f6736c470403039ceeca215a1788494bb8db77c17d1b9af1782b09867d1684bd52adb5acd5574ef20844f3a5f8d60595b4b5252886f4284fc207f522ec9e78157fcec564f9742f4095063d2e91703e78195faf49a7bcf4e9b962d129f798df6cd3638104cd9569fecadd87f4ec9e976ab8f0f59fc84ca7ad9b485f91d39a1c1910e431ce38b0a91bd528aa42142edf76a1532c746fbbaa536a51dc45bef4b9254ddee778505b080f3853f6df27f8f9df326228c5d2360734d00f80ca2b02a5d1fbec1d941313526215e6f4a202ddd459a9da053cd805e5e9fde4ea6b4abd19d70b1969a8a9f0eafeffe84a7e39421ed758fd4abec12600e7d7381723b9b4340e4102cfea6fcb8002642c7511a53b3fcab4ae3cb1220e3146cbf140637c9dc5b20cd032d2ad101e6c2acc4fd12ec13c9cd051ef2b298424375c9ff5cadf3970ccb71940c0869e5476a712b5ebe00b1cafa7374009d4bc023bf03fe2276d3c98ace2df74930f404e8395d0f77e9982c19b5382b64e8b5c7b2768c47c641b4b650ae3795fae5129bab6b0fa40dbc4896bafa55ea4481a414a574fc5bf13263df08b86febc82e075bdb1580785913fa0aaf3f8eb424aaa6d937e0d5b85a045e90ffcf29129f9a9865546d0a8bb87552914ec2005ae52d951e9d64310637f558082ebfbe76caee6d0eaad733b321e10c46cb4c450af652d2f1b579292d894d193b8db2e2bcd244b598a0c6fecec74e854d30d81cf1f36b366adcc6a089ac00a5147b68990e8665408d898553aace68112e85afde1c49d93d2ab5ea5747d40636a6f9089117c949d8e10821d286fd5bc1875a82b10f91d1fdde4ba5d92762a03089999c6d323b09e193d1909250af985c9f4ba83de381bfcb72b6640e1205f0964764aecd7ad0623c3fc5e53eeaa4c860d26b2f8367457bfa9cb6b05756c01bbc70082b184715944a9de661b3c216c36b5792ad83d062ec01df7519408fa201772873ac95acd91732a1cded92a6890f0e950795eca120325c5422a186c869c620cec39a0bc8a42d6cf4e5b52e8df9e4e0150137c817fb2dedb54211075216c13e3aa5399d070db232f41625404f4eefd5d29b425c14a51097d13978efc680580214846d7f19f925d8c52d8f8c78939de69db85521f37ff6e83eb8a9720899ba51e054427d709b388bdf7ba7bc3e82d7f2d97ca07f0e0b16a9ac3154cf128995687ea11809c04ed5957e326f4ebbfb2fad487e42c710fdc7f227755c1807153bfc1d08aca165a845f09a0f8ba5a14cfd1fbb0dacf652617a35e36c51283660f402eee0ad855cbac95acf439a04c3d1947d4fc0d55785e7bfc28de9d44e50c79e55f797197f005523051e82905b9b0f674bbbef57a7ac56f6bf5a567a738b31be69d5e16984b4d6bf3c85fe213141976dfe4e776e60020d717a358ae975859931c63364cd80cf4a17efe4c2e561b69dc9553205f2d609cbbd6d9181b4405823b0782df6fb305fa96ebb3a41334a5e9cbc6423d56d02c244e75080a2f3d79d28d9cf078134658f676b8fa988f05f10a00acb5690a960fa129dc3ee18394436320c62ba4a64feec4c53dbdeb4dc60481063a29fa8d808482958cccfe62a747737ed930ad5502e9abae56b3c51a5277b3f613e7efb8b4b2b875b375ee20ce3038b9aac74aa6d2cfdcd197a796d83626ae5ae2244a479acb296b01f17e45ae31888664a3fe9a24472a6c6dc2a7f6d46dbef82bcdaece68851922770295bdc5feeb1bcf121ab9c133382d031fffe5d060945587be21119a959744d55c2e98dd7402e4ff9b4d627bc71b3e776bc1fd5f92d556b6ba47feda81797e7469ae91807bcff1f161e00832bb12a4729b5ba8090835a50df307b460a10b6881dd7713a14fa642321d07771ae227403a1473a682501f04f9bebd1e9692aeba64b2018212ceba05869556b213cff09d363974b0f5f746140319f825a9c7bc4ffbf8e02fdce6b230d4b08d2f76e8d60b9f15c52df636e6404558a6145faadf8861e22ad564fda3e3f7f4a9f7b45ab1cd15e62e24b1f951cebc3cd9e81e2dcc3a0c0bbb5179b132dd42dc539ba58d7e981cbeb9a2293ef0bf6d475fa184031170745ae329295dcb2a80a02ddd7c3aaa0797a01987200fd7cf04db88b6757f2fbd2041c065288784342a5cf2694bc77d71c7af963f661755beebe2639cd87be732497ad84f5df32a519f8aa95e5cf52b06252ddce4b6faa8f88f0ac5bfee7e955ae03ae7d91f1f97d83cce3ed6989950d4de5c5924aab640140c13f24539a963f9b3f0964f4add1036ecfaad7654bd158ce7a41fbe00966312df875581050b32d4b6ae90463bcb96509762f0b02633754dbdee701750946a445c09b0e78cd7e83773f546713c6bd248f31d8b84b32dd8ce35904b6a963c4e6c5bf920e06eb885bbdfaab938602646d6d4761fc9c6a43c76996eda2cc4d733c2371fbe0d672523afbc971ba853db307c4d2dee99be9a83cada19aed8299908398549c20a1951d6596dd8db3c0f545c6faf167eb7134526e3bf4df44db00494cce0f9363e8df2051c3c854355783e0545826bb23e351e045b1ad2eee3266e344476bb76703f6a0e452d27f07c2e1866f70f1cace15646f7a084dbfd6d68df2231f3bdb9a040744ae54f8d03b6bc2b5881c71f2b350dfc1df1be86d0f7c6f5142d45b2cfd32ac634ebbab3708b05c2d1c89c50d0bb2e15a17b85cf01c08217ff2267128a36008912dcab2b1410a325b73d6b7778c9a9e9f3d50bfda8aa527505f47bf1f7eef4446da7f421168525f0a92a97dfb0d1c4e613fa45ab6e93bf9b87055d0c84d4aa9d404e40762f8c7eb60736a7597d76a8ceea8d29c1a8667a4248ce38051c9cc98b392d43cf078ac5e885b1dbae7c4b663336151caa29f80c43ce997e52a0f6048e37728f054c32de77e5bb88879ee7a1c92de10d4675206608371d08f295bfe9c402687d5239ad5b529433579b28e36aeda1a83dd007ec78bbbe012d1f2ae13b14d4a88c4758e810438e4c3961a0e9d7b0e7dc7b080cef334037b3693c69ad625acd6fc26db6730376c3075f10b5a3a8a95914ff85649356dbf06d56f6da2c05b058cc8b5d44b0a6326d33deaf76658a1d3dce9de83b94b8a339ac3e0e3efe55b7a96e06b8a3b422e079b72a0a2062bf6ce498913cde4a87d9d98de17c69fc57a9a7de70884ccd45387f3fc7f75a084a0937e17264f40603f9e763d0c8a9df40b8bedeff308959227c7eed2b3c4a23d4f8acfb8665362a1f204b6d105ce4cecde1e11fe859eff76f381e7c407e9da1854ccf55fef361b1b06c3c454e35c1586aed739ed862aea918d251aaa52d153e7e6ae42a1854a54fda3e811f3d338e617cdcec1bf3da63527bcf00ce08f6ed5af61c46f83c56836b6d9138d7fc66221f3bb761f60fefc8e3aec3f84846bfbf41e4db330899aa7c12e08cb0b624ade2c3dcda2ae3c6d5ce5cc5cb236b9ed0d3b38087d25a5dd8fc4af57948b79c9b41843c168f03988dbbc80a1cbfb6df83f14402f628bcdfa3f0b217b6d253d308800a65bb693a6465d26ab4ea8701d318204b2b03330ae4ca325e17379c543de91cfdb75366b4dd11ac56ebe3cdf08df83acdcdc7cfbf701f8772185a129f289975cfc21811ff7732103759b09b715d9ad4707da4fce9690ff5bb0e5b8a3d0a3dc5d7e5e0d5a367c1bdd56a279e7869dcd7e1a405f97ac9450b60b3e78a7895f974818e222fd85eafb762909665b3cf7b80240f1582750f1cb0c5f980f5ae68218f5c92d32a1b94b085453b7043a99a2af3a63ac4fe47d8ca8349c56c94ba8b41d6cb54549be11ff0ad9732b6644d311c46d93d6f090643244c47d2120002049ca649f8a105797a8a5a9b5222dd2b03d255934e4cd4d7acc182b0069bc5edc5254c9e022f082a1d8cbd16739a4779f678eef74a3dc438d1f1d057ff989459fbb04a2fbb29914234be5676887d0797db0147778a44cf16e38fdf20f09a15b0469b03e7c20af3b0f91dac2c0928cee29a4798048b3b8582b2d6667af2170de488a8a33d84b55acfa1e58673e8f084d9eeb379ac29d09aa42035e16872f8e018f4bd51897750e0efad3d8f4b426ab240274d346c5896698f23ff21efe3e8ebbd9a2cc61c552775f80753a26b995e271c8f143ed71206fd9ae39742a0899a5769ad944779ebfdbb13116323df2309d708b160369d2ab120273d07861b5bf4b4f87ff9ed2010727ea7548ffd9b579a389829d4a57073fccdf7d6c115da80e53d7f01d2aeb028665dcbe40fd97a6c6d090656bc84b9ea49f54ec8323b725c866ad5fad01207d60aa65e0250a8300eb80da1fe60ddf13fe4c3591316816275344e976b9f5fe3a7cfd456fe7357a2f8fff8aa3a847162b68ab1e27084971f77e9658d47a18e21bde5d38e8fd5db345fba5e822ccd8ee82e1c615d4c9a7b0eaf84b3cbc0fb8328e01abc28509ad367bafc3154a2ddd354e2d759d74fe5d3e27a7d9dc6cdda5f74a50ad0ec7fdefa66d09aa09c60cb4f88df3e9d2ef0047cd36bfffdce99cd60081ea6646dd561d9c0da7e766388cb9a4787ea1da2df2ab7f7dd72d1c67144c298f58933370cccf2a0e6f8ab7b84ca910bd05c289b5532f2c29c274e114449ff7052c5472be5bd17ad2014881b01be1ee2833c4df676b0efa09bf24451adb636b6faa5f4e25a5ea40d54133662c25dcba0bbedaf34c21873f9119c9a6e33be6081e9b5d61ee40f961c8c2269aa9732876371517818a80b6c8cf61070b36067a5dfa2ce658a9cd59fd4d3cc00c1f472bc56d0046e0711fd2537fe3d47cde69a540623231811ae06ab11aeaa6bb0216851b7b8a5fa755ef636f735d74dfea8455a30e9be4e22e9b8e4e59be05ab0d62980786626f9242088cfb655b56e9de7b6213b062c27e6d532be8d114e8a06df6d89e863df975e87a758c2b3fd56758724d2181f75895bf043e7c8563fe00c2a6b2e890e36c0ca0b5248bae46c0ba42de3894a6e76e92c3d4de7d123d5c635856c5ced951274ca03892ac72f56181b846fd8bdb72d893deee627ce7cad71cb166ed5bf15c5cce04267cd36ece5f1696bf32e0855a92a357ade0c07e72d5b65e0c7322d0e7e9abcf86878783605bd81100a1a777861fc844a9c0d6ce24bcef8fa9aad3c7fbc06ff10a5bd1312c4ac43cbfbcbe8b6ac06fb57663e6cd31b1797e2b526a7c097bfdcd2908881b7afd909b9b8340b2036e16f68349b9eed95293a4a9805e1461c626db08724757be3a993184ee86b52736ceb03801c0b16adfd3578d7a585d29da695d9d510bb18a1de427c276f1c9d32aed0e58dc3da80377e67e19a1f723ac11c83ff26c2385c4e66dfa9ab3cedd2e9194fd8c465785bc9a28b156234b48fe4379e9fdde53dc4c70d752e2e8a1200dade0787015e2ba561dbb481015336135d4fa4bb4747b6ac3ccf6d458ae77900843b09a99aab6f9dfe37fad502a5fb608b8496cfc0a52c62123ba7e3353ccaa4356c1c4d4d7e316bef2635a5de2a76a561d6f51022801e8e21fec8528fe977138bcde92da22b2761ef47fb820e30fe9528dfa3a4ecf9a92f0415624b15445d838b62a6da942a6ab8cd5061279e378660d4dc068382b7b1714112c635bf6eb4ee85f954ed088998e0e0bb7b362b08c3f6201f3de380afc70585b21d1d6e4bb034562bb1d3eb8eb169c10d2bfbd6f3361ba79f44b36ebfda5ff689b305f2ff457c61abef2f457e17cd9786bcd22f5f756bb88cdf5eae42d8a41f8506a05063097145a3107253ad13385f9f22bc01dc6aa382eec79615bc27ebef8efd1e2c7666803ff29999e61947cf179cdb30cc393e490f0e727b1fd3dba3d1b738b028e620b737b295b23e2b147ed992780dbb31ca90e38bafcb6dc7f6df3e727cc81af3568f1e072c8aea81ec6d9e305fa3332f85ea1a03d2ea967211057eb508643ba63ebf66066d559bf4e13e00b2aea5fac815bb0a9ca3a280e0edf16b7"
result = JSON.parse(b(data))
console.log(result);
案例三:
有道翻译:fanyi.youdao.com/index.html#…
const CryptoJS = require("crypto");
function y(e) {
return CryptoJS.createHash("md5").update(e).digest()
}
R = (t,o,n)=>{
if (!t)
return null;
const a = Buffer.alloc(16, y(o))
, i = Buffer.alloc(16, y(n))
, r = CryptoJS.createDecipheriv("aes-128-cbc", a, i);
let s = r.update(t, "base64", "utf-8");
return s += r.final("utf-8"),
s
}
o="Z21kD9ZK1ke6ugku2ccWuwRmpItPkRr5XcmzOgAKD0GcaHTZL9kyNKkN2aYY6yiOTB6M3VxGQbjsH5cHXvoQxd-RBxWjFzDztcmY6xpvfkaHOoKZOJ4RslJ6-5VNRX7_uaR7-K0LfZ5Kd4fCXwN2rZqth-YVlZu4EJRifJTQVsXTo5E9i2a0YPnSS0KIFnle"
decodeKey="ydsecret://query/key/B*RGygVywfNBwpmBaZg*WT7SIOUP2T0C9WHMZN39j^DAdaZhAnxvGcCY6VYFwnHl"
decodeIv="ydsecret://query/iv/C@lZe2YzHtZ2CYgaXKSVfsb7Y4QWHjITPPZ0nQp87fBeJ!Iv6v^6fvi2WN@bYpJ4"
const a = R(o, decodeKey,decodeIv)
console.log(a);
- 如果是加密数据,就往下看是如何解密的
- 如果是明文数据,就网上找如何解密的
