我对 Java 或 Android 应用程序毫无经验(有 C 语言编程经验),并尝试对 [现已停用/不受支持的] 应用程序进行逆向工程,该应用程序需要序列号*并使用带 PKCS1Padding 的 RSA 对其进行加密。我很乐意分享我所拥有的内容,因为无法联系到创建者,只有极少数人拥有与此相关的文件(或访问软件),因此密钥可能“在外”。我认为代码如下...我大致了解它在做什么。
.class public Lcom/h1dd3n/securefiles/Keygen;
.super Ljava/lang/Object;
.source "Keygen.java"
# static fields
.field static key:Ljava/lang/String;
.field static modulus:Ljava/math/BigInteger;
.field static pubExp:Ljava/math/BigInteger;
# direct methods
.method static constructor <clinit>()V
.locals 3
.prologue
const/16 v2, 0x10
.line 15
const-string v0, "00FB451D3F45D82B92FC6F243D50441DD75F2DB995842A3D389FC4536A27F42242C9C8DCB4DA0E2573E5CA2E5D0A2AD7E790D8A79CAC2DE68BEAF99D21E229A9CF04ABD09D61C8C66C4FE3B32456496305792FF9D2D2198B87BFAB2637518C1D3F44D27B93EF2C0ED3379993D04944EB356D4BDE343017CFB13405B403A3D81D2C7B099AE5651CF14DD3CBE21C435076F244D9DA8F54DA19BA6301AF1F7DA699E2EBFD9C0BB2778D812E8D9BE66089B2783B9E60FA28FA83CD3B356669BC15BC84058FEEE493CCFBE2E13E0B53B01886D47EB75BFC75758A5CFA5A1836E697FD51846578B4BDEDE3A6BD1FE4D49ABAC072AED433AC5A19BF94C9F6C7F4D95740EF"
sput-object v0, Lcom/h1dd3n/securefiles/Keygen;->key:Ljava/lang/String;
.line 16
new-instance v0, Ljava/math/BigInteger;
sget-object v1, Lcom/h1dd3n/securefiles/Keygen;->key:Ljava/lang/String;
invoke-direct {v0, v1, v2}, Ljava/math/BigInteger;-><init>(Ljava/lang/String;I)V
sput-object v0, Lcom/h1dd3n/securefiles/Keygen;->modulus:Ljava/math/BigInteger;
.line 17
new-instance v0, Ljava/math/BigInteger;
const-string v1, "010001"
invoke-direct {v0, v1, v2}, Ljava/math/BigInteger;-><init>(Ljava/lang/String;I)V
sput-object v0, Lcom/h1dd3n/securefiles/Keygen;->pubExp:Ljava/math/BigInteger;
return-void
.end method
.method public constructor <init>()V
.locals 0
.prologue
.line 14
invoke-direct {p0}, Ljava/lang/Object;-><init>()V
return-void
.end method
.method public static encrypt(Ljava/lang/String;)[B
.locals 7
.param p0, "text" # Ljava/lang/String;
.prologue
.line 23
:try_start_0
new-instance v2, Ljava/security/spec/RSAPublicKeySpec;
sget-object v5, Lcom/h1dd3n/securefiles/Keygen;->modulus:Ljava/math/BigInteger;
sget-object v6, Lcom/h1dd3n/securefiles/Keygen;->pubExp:Ljava/math/BigInteger;
invoke-direct {v2, v5, v6}, Ljava/security/spec/RSAPublicKeySpec;-><init>(Ljava/math/BigInteger;Ljava/math/BigInteger;)V
.line 24
.local v2, "keySpec":Ljava/security/spec/RSAPublicKeySpec;
const-string v5, "RSA"
invoke-static {v5}, Ljava/security/KeyFactory;->getInstance(Ljava/lang/String;)Ljava/security/KeyFactory;
move-result-object v3
.line 25
.local v3, "kf":Ljava/security/KeyFactory;
invoke-virtual {v3, v2}, Ljava/security/KeyFactory;->generatePublic(Ljava/security/spec/KeySpec;)Ljava/security/PublicKey;
move-result-object v4
.line 27
.local v4, "publicKey":Ljava/security/PublicKey;
const-string v5, "RSA/ECB/PKCS1Padding"
invoke-static {v5}, Ljavax/crypto/Cipher;->getInstance(Ljava/lang/String;)Ljavax/crypto/Cipher;
move-result-object v0
.line 28
.local v0, "cipher":Ljavax/crypto/Cipher;
const/4 v5, 0x1
invoke-virtual {v0, v5, v4}, Ljavax/crypto/Cipher;->init(ILjava/security/Key;)V
.line 29
invoke-virtual {p0}, Ljava/lang/String;->getBytes()[B
move-result-object v5
invoke-virtual {v0, v5}, Ljavax/crypto/Cipher;->doFinal([B)[B
:try_end_0
.catch Ljava/lang/Exception; {:try_start_0 .. :try_end_0} :catch_0
move-result-object v5
.line 35
.end local v0 # "cipher":Ljavax/crypto/Cipher;
.end local v2 # "keySpec":Ljava/security/spec/RSAPublicKeySpec;
.end local v3 # "kf":Ljava/security/KeyFactory;
.end local v4 # "publicKey":Ljava/security/PublicKey;
:goto_0
return-object v5
.line 31
:catch_0
move-exception v1
.line 33
.local v1, "e":Ljava/lang/Exception;
invoke-virtual {v1}, Ljava/lang/Exception;->printStackTrace()V
.line 35
const/4 v5, 0x0
goto :goto_0
.end method
现在我有一个文件,我想查看使用此方法加密的原始内容。我到底该怎么做?如果可能的话,我也有兴趣在基于 Windows 的系统上以类似的方式创建新文件...
完整的 apk 源代码(减去资源,因为里面有一些机密内容)可用这里(它只适用于某些 v5/v6 Android 设备)
我希望解密的文件是[这里]
该文件在 SecureKeySource\smali\com\tmsec\securedisk\Activator 中生成并保存到 SD 卡上。
*序列号是 SD 卡中的制造商数据,然后被加密并被另一个软件用于允许访问。该设备有密码写保护以防止删除/格式化。如果你丢失了这张 SD 卡,你就完蛋了,因为你不能访问程序!设备将被检查,如果数据不匹配,将拒绝访问。这是在创建时(几年前)想到的极低预算下最安全的方法;我不知道他们为什么这样做...我有密钥备份,但没有办法将它们与卡关联,也没有办法创建新卡,除非购买旧的 Android 平板电脑/手机并希望它们能与 microSD 卡一起使用(不知道他们最初是如何在普通 SD 卡上做到这一点的!!OTG 适配器似乎不显示制造商数据?)。我确实有密码来删除写访问权限,从而允许格式化卡,因为至少这是记录下来的。