在拼多多数据库中其中的t_mall_conversation表中的message字段数据内容被加密了
提取相应的关键字:t_mall_conversationnn message
反编译、加密算法解析
采用AES加密算法,向量为{0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0},密钥为用户UID的MD5加密取前16位,UID的值在data/data/com.xunmeng.pinduoduo/files/pinUserFile文件中。
IV =newbyte{0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
uid =5564948642776;
MD5(uid) = 479EE2A088591D9856CCDC451C1B4515;
KEY = 479EE2A088591D98;
AES加密算法
UID值
POC 编写、破解过程验证
importandroid.util.Base64;
importjava.security.Key;
importjavax.crypto.Cipher;
//解密函数
publicStringPddMsgDecrypt(String msg){
if(TextUtils.isEmpty(msg)) {
returnmsg;
}
//MD5加密(uid)
String md5Text = MD5Utils.digest("5564948642776");
if(TextUtils.isEmpty(md5Text)) {
returnmsg;
}
//IV
byte[] iv =newbyte[]{0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
//KEY 取MD5前16位
byte[] key = md5Text.substring(0,16).getBytes();
//AES解密
try{
SecretKeySpec v1 =newSecretKeySpec(key,"AES");
IvParameterSpec v0_2 =newIvParameterSpec(iv);
Cipher v2 = Cipher.getInstance("AES/CBC/PKCS5Padding");
v2.init(2, ((Key)v1), ((AlgorithmParameterSpec)v0_2));
returnnewString(v2.doFinal(Base64.decode(msg,2)));
}
catch(Throwable unstd) {
Log.v("Lee","Fail to decrypt data with aes key through java");
returnmsg;
}
//POC 破解过程验证
PddMsgDecrypt("fKt3i73/hNjTPjEL/AIFhMLxuEd1XX0p9sfQ7++CPjgnTDnRzG+1dsiZ6S4f5/HlfCw4XL3/Oisudg2I+i2maQzjaoRGxa0iCtCWrKLwbZU5zkt4J0JCKtV3CZC5JQeVvfn++p8EjsHluhwidX7zg8hqA3wueZYUmwfHdyzMUultYeNOLYDfcmYXHhaFet0NUNvUKaBvwDZm2ah6Drpo9W1UK9GN6rntX58idkPULZnzZErIGHCnPIpJ5cVb8sIAo6iLOMSPPTmGyePfx35veXKVFm38u7o8jkWKOCFC6puHncyFu53f/wBNa0LmQINq5Qf62mgZFbXY+lcT9g+vqVhaW7oA2OsJh7bp+1Xrwv0OdZE1B04bFnpP14Z/1INz3MeMMutA48DoCDyJ2jqQTzFv94WiCnLTtFdoGpIy5bAFMg4zRwzyRYo5Z2kD2+EeyF/lXS+r3QBOACJrw3LEx1kLglyfSqJbdJU9CbQGNmCciZ5ec/glTHRvtefNIe2KHYYMPupxbwHbWHSSQCDyL5IgnfAbTc0jMk82KKlk2LyrlJxeTo4s5yk4njnAhLesGoaGfevnnpx12Unk3FpcQ+rrNC+zMjsjXM5wL5ly8o21x/KLAlGsOfM4YSJaH9f4QS3xU1x8jKZMDYr3LnBcNOU+5dRp3gUdEUFJgDN5wUhsjw5UyPDGZmETHG+pJOt8z9kOOJeuldOEfAAx7sJEor8dM6qJwGLI43LnapnwWYXeAkMfH7pR8coD6IrZgJW9sjt6EoFJa7NU1JTykSP3T7okQyEvk8fVdcHF+Hf6BawhXC2Xy6bWmymQKFXJhhzUeJeQEzZi9FU+TqyeTc7AYCYzrsHsjBHnJxC+P4hdexJXYDCue3qxsrz4zC3R+ZE50QpPUTjdrY3bmUmhk+RxgnUp+TpsUhVbb2p/m4017SWGJV+XPPdnG21uGoxcmNHwGN78jWmkI8kg/09+vBiqV4X8U8tXaD2dHKtJf5ZOr7nyADsqekX6EVrCXcKVlecGHvs0zJgScxb9fTS6bEfa2TW+4aZPVD/Zd9gK7+LD/kP0Lupx+9gQPTO4ElCVJ/hoYD2sBhc7Mmu9iLNKuTHOZ8pidvIoyEMj/4/CyZRUoS2eifc+L39xyEnB/P9+2k+a/xTS3gvkfYAD+OIUbok4uU0K1Rko1SLPoNdcxDOmbbcAl8oDOWH7Qd/qTfj4PQ3weIEgV6/p5ZZkPQi8UJi2Z21UO5M4aOyJVugwcDHvEAyJiVaOAPHd7I4CNj5B0LETEhc4NlOqoN2GvF9ztqdkk03Neb1YCZGT+Lgv8mzumyOccOM/K2wQfS7s9iNU4uGskFGYxUXOBhHLaRARhHny/EFiSbvZOtkqKEA9uRupHDjRzW+1ubRJfF++EubkwpvSQVhJfLZa4AWUS3PFUHP1cnwfwUUEKzaFXSLu6F+sPBb796KxK+Ulr7W8lBRsdmHZL60b7Zz582HAZnx+JFUcjiJKlqy2JqcEEyJAQ4S5B2M1WvFWCkQfaBrGrcd32WIGcEhL7ee5AhNLD+f8hfYwQXm2JLwWA9zg87Lt6MgQvumyjzKfH4NP9UTHuthcI3eM+AKHZoHXNeKVBEmvSApHUs5zQ44xwIfXby/m9pMBrRc/Wl+wHc80SGngLfK3JSmbD9KcTVxPez6qzjBUOlL2dZix5BY4pLZKCQhplMV9FljpTkweBxB8ya75vigSDveW6pcPtnxH4a23kuV3TP/6ba4k8cf40kWPXlx3RmZObp6c71Q69kSAnmtPi0O5bguSvBY/cnYHxyLj6OsflgEVYIECqOVPoioPeJ/0nAPMO2cs2cbsMRFqeWsYGUeFsu4tkeU21r8/G/FyR9CjCN7VX9ny0u37y1iVa6eh3TouzyP1CY7iZBo2NtR87cCqckAV9QphlK/FkZ5+IqkWohMHLyds+ezigvmHNaz4MQQ+QU7SIaHX/+juOxGcO8Gj83lb/n99FCx5Oyi58NfCRaocxsfFDQqoCOjrWs/ig+WTm6E=");
最后
数据库中加密的值,用以上Python代码成功解密成了如下的明文数据。
附件