Java帮助了解RSA加密/解密文件和SD卡

Java帮助了解RSA加密/解密文件和SD卡

我对 Java 或 Android 应用程序毫无经验(有 C 语言编程经验),并尝试对 [现已停用/不受支持的] 应用程序进行逆向工程,该应用程序需要序列号*并使用带 PKCS1Padding 的 RSA 对其进行加密。我很乐意分享我所拥有的内容,因为无法联系到创建者,只有极少数人拥有与此相关的文件(或访问软件),因此密钥可能“在外”。我认为代码如下...我大致了解它在做什么。

.class public Lcom/h1dd3n/securefiles/Keygen;
.super Ljava/lang/Object;
.source "Keygen.java"


# static fields
.field static key:Ljava/lang/String;

.field static modulus:Ljava/math/BigInteger;

.field static pubExp:Ljava/math/BigInteger;


# direct methods
.method static constructor <clinit>()V
    .locals 3

    .prologue
    const/16 v2, 0x10

    .line 15
    const-string v0, "00FB451D3F45D82B92FC6F243D50441DD75F2DB995842A3D389FC4536A27F42242C9C8DCB4DA0E2573E5CA2E5D0A2AD7E790D8A79CAC2DE68BEAF99D21E229A9CF04ABD09D61C8C66C4FE3B32456496305792FF9D2D2198B87BFAB2637518C1D3F44D27B93EF2C0ED3379993D04944EB356D4BDE343017CFB13405B403A3D81D2C7B099AE5651CF14DD3CBE21C435076F244D9DA8F54DA19BA6301AF1F7DA699E2EBFD9C0BB2778D812E8D9BE66089B2783B9E60FA28FA83CD3B356669BC15BC84058FEEE493CCFBE2E13E0B53B01886D47EB75BFC75758A5CFA5A1836E697FD51846578B4BDEDE3A6BD1FE4D49ABAC072AED433AC5A19BF94C9F6C7F4D95740EF"

    sput-object v0, Lcom/h1dd3n/securefiles/Keygen;->key:Ljava/lang/String;

    .line 16
    new-instance v0, Ljava/math/BigInteger;

    sget-object v1, Lcom/h1dd3n/securefiles/Keygen;->key:Ljava/lang/String;

    invoke-direct {v0, v1, v2}, Ljava/math/BigInteger;-><init>(Ljava/lang/String;I)V

    sput-object v0, Lcom/h1dd3n/securefiles/Keygen;->modulus:Ljava/math/BigInteger;

    .line 17
    new-instance v0, Ljava/math/BigInteger;

    const-string v1, "010001"

    invoke-direct {v0, v1, v2}, Ljava/math/BigInteger;-><init>(Ljava/lang/String;I)V

    sput-object v0, Lcom/h1dd3n/securefiles/Keygen;->pubExp:Ljava/math/BigInteger;

    return-void
.end method

.method public constructor <init>()V
    .locals 0

    .prologue
    .line 14
    invoke-direct {p0}, Ljava/lang/Object;-><init>()V

    return-void
.end method

.method public static encrypt(Ljava/lang/String;)[B
    .locals 7
    .param p0, "text"    # Ljava/lang/String;

    .prologue
    .line 23
    :try_start_0
    new-instance v2, Ljava/security/spec/RSAPublicKeySpec;

    sget-object v5, Lcom/h1dd3n/securefiles/Keygen;->modulus:Ljava/math/BigInteger;

    sget-object v6, Lcom/h1dd3n/securefiles/Keygen;->pubExp:Ljava/math/BigInteger;

    invoke-direct {v2, v5, v6}, Ljava/security/spec/RSAPublicKeySpec;-><init>(Ljava/math/BigInteger;Ljava/math/BigInteger;)V

    .line 24
    .local v2, "keySpec":Ljava/security/spec/RSAPublicKeySpec;
    const-string v5, "RSA"

    invoke-static {v5}, Ljava/security/KeyFactory;->getInstance(Ljava/lang/String;)Ljava/security/KeyFactory;

    move-result-object v3

    .line 25
    .local v3, "kf":Ljava/security/KeyFactory;
    invoke-virtual {v3, v2}, Ljava/security/KeyFactory;->generatePublic(Ljava/security/spec/KeySpec;)Ljava/security/PublicKey;

    move-result-object v4

    .line 27
    .local v4, "publicKey":Ljava/security/PublicKey;
    const-string v5, "RSA/ECB/PKCS1Padding"

    invoke-static {v5}, Ljavax/crypto/Cipher;->getInstance(Ljava/lang/String;)Ljavax/crypto/Cipher;

    move-result-object v0

    .line 28
    .local v0, "cipher":Ljavax/crypto/Cipher;
    const/4 v5, 0x1

    invoke-virtual {v0, v5, v4}, Ljavax/crypto/Cipher;->init(ILjava/security/Key;)V

    .line 29
    invoke-virtual {p0}, Ljava/lang/String;->getBytes()[B

    move-result-object v5

    invoke-virtual {v0, v5}, Ljavax/crypto/Cipher;->doFinal([B)[B
    :try_end_0
    .catch Ljava/lang/Exception; {:try_start_0 .. :try_end_0} :catch_0

    move-result-object v5

    .line 35
    .end local v0    # "cipher":Ljavax/crypto/Cipher;
    .end local v2    # "keySpec":Ljava/security/spec/RSAPublicKeySpec;
    .end local v3    # "kf":Ljava/security/KeyFactory;
    .end local v4    # "publicKey":Ljava/security/PublicKey;
    :goto_0
    return-object v5

    .line 31
    :catch_0
    move-exception v1

    .line 33
    .local v1, "e":Ljava/lang/Exception;
    invoke-virtual {v1}, Ljava/lang/Exception;->printStackTrace()V

    .line 35
    const/4 v5, 0x0

    goto :goto_0
.end method

现在我有一个文件,我想查看使用此方法加密的原始内容。我到底该怎么做?如果可能的话,我也有兴趣在基于 Windows 的系统上以类似的方式创建新文件...

完整的 apk 源代码(减去资源,因为里面有一些机密内容)可用这里(它只适用于某些 v5/v6 Android 设备)

我希望解密的文件是[这里]

该文件在 SecureKeySource\smali\com\tmsec\securedisk\Activator 中生成并保存到 SD 卡上。

*序列号是 SD 卡中的制造商数据,然后被加密并被另一个软件用于允许访问。该设备有密码写保护以防止删除/格式化。如果你丢失了这张 SD 卡,你就完蛋了,因为你不能访问程序!设备将被检查,如果数据不匹配,将拒绝访问。这是在创建时(几年前)想到的极低预算下最安全的方法;我不知道他们为什么这样做...我有密钥备份,但没有办法将它们与卡关联,也没有办法创建新卡,除非购买旧的 Android 平板电脑/手机并希望它们能与 microSD 卡一起使用(不知道他们最初是如何在普通 SD 卡上做到这一点的!!OTG 适配器似乎不显示制造商数据?)。我确实有密码来删除写访问权限,从而允许格式化卡,因为至少这是记录下来的。

相关内容