前言:在滲透測驗程序中,我們經常會碰到登錄處用js加密欄位的情況,在大多數情況下,看到這種加密方式,我們都會放棄對該登錄處進行暴力破解,本文主要講解對js加密進行繞過,以達到爆破或繞反爬的目的!
對登錄處使用sm2國密加密演算法的某網站進行爆破
該網站圖形驗證碼失效,只要能對密碼欄位進行相應的加密,就可以爆破!
訪問網站,輸入用戶名:admin、密碼:123456 以及正確的圖形驗證碼進行登錄,
抓包,可以看到密碼欄位被加密為很長的一段字符
F12打開開發者除錯模式,切換到Network選項卡,
重新登錄一遍,可以看到password欄位進行了加密
切換到Source選項卡,ctrl+shift+F 調出全域搜索框,全域搜索 password 欄位
跳到 checkuser.js 檔案,我們看看password欄位經過哪些加密
password經過兩次加密
var password = hex_md5($("#password").val());
password = sm2Encrypt(password, publicKey_).toLocaleUpperCase();
第一步的加密很簡單,就是呼叫hex_md5加密函式對password進行加密,通過全域搜索hex_md5,在md5.js檔案中找到了該函式,如下
function hex_md5(s){ return binl2hex(core_md5(str2binl(s), s.length * chrsz));}
然后我們看第二步加密,第二步加密呼叫了 sm2Encrypt() 函式對第一步加密后的字串再進行加密,
我們在全域搜索sm2Encrypt,最終在sm2.js檔案中找到了該加密函式,通過百度搜索sm2加密演算法,發現該演算法是國密加密演算法,
SM2國密加密演算法
SM2是國家密碼管理局于2010年12月17日發布的橢圓曲線公鑰密碼演算法, SM2演算法和RSA演算法都是公鑰密碼演算法,SM2演算法是一種更先進安全的演算法,在我們國家商用密碼體系中被用來替換RSA演算法,
隨著密碼技術和計算機技術的發展,目前常用的1024位RSA演算法面臨嚴重的安全威脅,我們國家密碼管理部門經過研究,決定采用SM2橢圓曲線演算法替換RSA演算法,
更多的關于橢圓曲線的加密方法就不細講,
以上來自百度百科,
所以,現在我們需要對sm2Encrypt加密函式進行模擬,我使用nodejs來進行模擬,本地創建sm2.js檔案,把網站上sm2.js檔案中的sm2Encrypt()加密函式復制進來,末尾加一個console.log()列印,便于我們查看結果,再把網站的md5.js檔案拷貝到sm2.js同目錄下,而publickey則在sm2.js全域定義了 ,而publickey則在sm2.js全域定義了
var md5=require("./md5.js")
var publicKey = "0469623686396c766185cd705cbd517714b377ae80b4b919a9de2b688f1cfa3edb60f67a13b6ecc8eef422577083d90844d635a675efef9cb6fa48386045a94518";
var data="123456"
/**
* [SM2Encrypt description]
* @param {[type]} data [待加密資料]
* @param {[type]} publickey [公鑰 hex]
* @param {[type]} cipherMode [加密模式 C1C3C2:1, C1C2C3:0]
* @return {[type]} [回傳加密后的資料 hex]
*/
function sm2Encrypt(data, publickey, cipherMode) {
cipherMode = cipherMode == 0 ? cipherMode : 1;
//msg = SM2.utf8tob64(msg);
data=md5.hex_md5(data);
var msgData = CryptoJS.enc.Utf8.parse(data);
?
var pubkeyHex = publickey;
if (pubkeyHex.length > 64 * 2) {
pubkeyHex = pubkeyHex.substr(pubkeyHex.length - 64 * 2);
}
?
var xHex = pubkeyHex.substr(0, 64);
var yHex = pubkeyHex.substr(64);
?
?
var cipher = new SM2Cipher(cipherMode);
var userKey = cipher.CreatePoint(xHex, yHex);
?
msgData = cipher.GetWords(msgData.toString());
?
var encryptData = cipher.Encrypt(userKey, msgData);
return '04' + encryptData;
}
console.log(sm2Encrypt(data,publicKey))運行該js檔案,提示CryptoJS is not defined,于是在開頭加入 var CryptoJS = require("crypto-js");
并且安裝crypto-js模塊
cnpm install crypto-js
安裝完之后,再次運行,提示 SM2Cipher is not defined ,提示這個報錯是因為該函式里面用到的一些其他函式我們沒有復制出來,所以得一個個把相關的依賴函式復制出來,
在加密的地方打斷點,F11進行跟進
一步一步跳,找到了SM2Cipher函式,將其復制到我們的 js 檔案中
再次運行,這次提示 KJUR is not defined
百度了下發現需要安裝 jsrsasign
于是安裝該模塊,并且在腳本的開頭加入引入陳述句 var KJUR=require("jsrsasign");
再次運行,提示 unregistered EC curve name: sm2,這是引入的 jsrsasign.js 檔案報的例外
于是猜測需要去注冊sm2曲線名稱,我們繼續翻閱網站的sm2.js檔案,終于找到了注冊該sm2曲線名稱的代碼,將其復制到我們的代碼中
再次運行,則提示如下的錯:TypeError: ECPointFp.decodeFromHex is not a function
我們在匯入的模塊里面全域搜索該函式 ECPointFp.decodeFromHex,發現匯入的模塊中其實是有該函式的
于是我們將之前的這條陳述句 var KJUR=require("jsrsasign"); 改為 var jsrsasign=require("jsrsasign"); ,然后再次運行,對運行報錯的函式,全域搜索,如果在匯入的模塊中含有該函式,則在其前面加上jsrsasign.
如果到匯入的模塊中不含有該函式,則說明該函式是該網站自己定義的,我們到網站的sm2.js中把該函式復制下來就行,比如function SM3Digest函式,我們匯入的模塊中不含有該函式,但是在網站中是定義了該函式的,我們將其復制下來到我們自己的代碼中即可
最后,經過一個函式一個函式的跟蹤其依賴,最終將其加密演算法模擬了出來,如下:
sm2.js
var CryptoJS = require("crypto-js");
var jsrsasign=require("jsrsasign");
var md5=require("./md5.js")
var publicKey = "0469623686396c766185cd705cbd517714b377ae80b4b919a9de2b688f1cfa3edb60f67a13b6ecc8eef422577083d90844d635a675efef9cb6fa48386045a94518";
var data="123456"
/**
* [SM2Encrypt description]
* @param {[type]} data [待加密資料]
* @param {[type]} publickey [公鑰 hex]
* @param {[type]} cipherMode [加密模式 C1C3C2:1, C1C2C3:0]
* @return {[type]} [回傳加密后的資料 hex]
*/
function sm2Encrypt(data, publickey, cipherMode) {
cipherMode = cipherMode == 0 ? cipherMode : 1;
//msg = SM2.utf8tob64(msg);
data=md5.hex_md5(data);
var msgData = CryptoJS.enc.Utf8.parse(data);
var pubkeyHex = publickey;
if (pubkeyHex.length > 64 * 2) {
pubkeyHex = pubkeyHex.substr(pubkeyHex.length - 64 * 2);
}
var xHex = pubkeyHex.substr(0, 64);
var yHex = pubkeyHex.substr(64);
var cipher = new SM2Cipher(cipherMode);
var userKey = cipher.CreatePoint(xHex, yHex);
msgData = cipher.GetWords(msgData.toString());
var encryptData = cipher.Encrypt(userKey, msgData);
return '04' + encryptData;
}
function SM2Cipher(cipherMode) {
this.ct = 1;
this.p2 = null;
this.sm3keybase = null;
this.sm3c3 = null;
this.key = new Array(32);
this.keyOff = 0;
if (typeof(cipherMode) != 'undefined') {
this.cipherMode = cipherMode
} else {
this.cipherMode = SM2CipherMode.C1C3C2
}
}
SM2Cipher.prototype = {
getHexString: function(h) {
if((h.length & 1) == 0){
return h;
}else {
return "0" + h;
}
},
Encrypt: function(pubKey, plaintext) {
var data = new Array(plaintext.length);
Array.Copy(plaintext, 0, data, 0, plaintext.length);
var c1 = this.InitEncipher(pubKey);
this.EncryptBlock(data);
var c3 = new Array(32);
this.Dofinal(c3);
var hexString;
switch(this.cipherMode) {
case SM2CipherMode.C1C3C2:
hexString = this.getHexString(c1.getX().toBigInteger().toRadix(16)) + this.getHexString(c1.getY().toBigInteger().toRadix(16))
+ this.GetHex(c3).toString() + this.GetHex(data).toString();
//hexString = this.getHexString(c1.getX().toBigInteger().toRadix(16)) + this.getHexString(c1.getY().toBigInteger().toRadix(16)) + this.GetHex(c3).toString() + this.GetHex(data).toString();
//hexString = this.getHexString(c1.getX().toBigInteger().toRadix(16)) + this.getHexString(c1.getY().toBigInteger().toRadix(16)) + this.GetHex(c3).toString() + this.GetHex(data).toString();
break;
case SM2CipherMode.C1C2C3:
hexString = c1.getX().toBigInteger().toRadix(16) + c1.getY().toBigInteger().toRadix(16) + this.GetHex(data).toString() + this.GetHex(c3).toString();
break;
default:
throw new Error("[SM2:Decrypt]invalid type cipherMode("+ this.cipherMode +")");
}
return hexString
},
GetHex: function(arr) {
var words = new Array(32);
var j = 0;
for (var i = 0; i < arr.length * 2; i += 2) {
words[i >>> 3] |= parseInt(arr[j]) << (24 - (i % 8) * 4);
j++
}
var wordArray = new CryptoJS.lib.WordArray.init(words, arr.length);
return wordArray
},
Reset: function() {
this.sm3keybase = new SM3Digest();
this.sm3c3 = new SM3Digest();
var xWords = this.GetWords(this.p2.getX().toBigInteger().toRadix(16));
var yWords = this.GetWords(this.p2.getY().toBigInteger().toRadix(16));
this.sm3c3.BlockUpdate(xWords, 0, xWords.length);
this.sm3keybase.BlockUpdate(xWords, 0, xWords.length);
this.sm3keybase.BlockUpdate(yWords, 0, yWords.length);
this.ct = 1;
this.NextKey()
},
NextKey: function() {
var sm3keycur = new SM3Digest(this.sm3keybase);
sm3keycur.Update(this.ct >> 24 & 0xff);
sm3keycur.Update(this.ct >> 16 & 0xff);
sm3keycur.Update(this.ct >> 8 & 0xff);
sm3keycur.Update(this.ct & 0xff);
sm3keycur.DoFinal(this.key, 0);
this.keyOff = 0;
this.ct++
},
EncryptBlock: function(data) {
this.sm3c3.BlockUpdate(data, 0, data.length);
for (var i = 0; i < data.length; i++) {
if (this.keyOff == this.key.length) {
this.NextKey()
}
data[i] ^= this.key[this.keyOff++]
}
},
Dofinal: function(c3) {
var yWords = this.GetWords(this.p2.getY().toBigInteger().toRadix(16));
this.sm3c3.BlockUpdate(yWords, 0, yWords.length);
this.sm3c3.DoFinal(c3, 0);
this.Reset()
},
InitEncipher: function(userKey) {
var k = null;
var c1 = null;
var ec = new jsrsasign.KJUR.crypto.ECDSA({
"curve": "sm2"
});
var keypair = ec.generateKeyPairHex();
k = new jsrsasign.BigInteger(keypair.ecprvhex, 16);
var pubkeyHex = keypair.ecpubhex;
c1 = jsrsasign.ECPointFp.decodeFromHex(ec.ecparams['curve'], pubkeyHex);
this.p2 = userKey.multiply(k);
this.Reset();
return c1;
},
GetWords: function(hexStr) {
var words = [];
var hexStrLength = hexStr.length;
for (var i = 0; i < hexStrLength; i += 2) {
words[words.length] = parseInt(hexStr.substr(i, 2), 16)
}
return words
},
CreatePoint: function(x, y) {
var ec = new jsrsasign.KJUR.crypto.ECDSA({
"curve": "sm2"
});
var ecc_curve = ec.ecparams['curve'];
var pubkeyHex = '04' + x + y;
var point = jsrsasign.ECPointFp.decodeFromHex(ec.ecparams['curve'], pubkeyHex);
return point
}
};
jsrsasign.KJUR.crypto.ECParameterDB.regist(
"sm2", // name
256,
"FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFF", // p
"FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFC", // a
"28E9FA9E9D9F5E344D5A9E4BCF6509A7F39789F515AB8F92DDBCBD414D940E93", // b
"FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFF7203DF6B21C6052B53BBF40939D54123", // n
"1", // h
"32C4AE2C1F1981195F9904466A39C9948FE30BBFF2660BE1715A4589334C74C7", // gx
"BC3736A2F4F6779C59BDCEE36B692153D0A9877CC62A474002DF32E52139F0A0", // gy
["sm2", "SM2"]
); // alias
Array.Copy = function (sourceArray, sourceIndex, destinationArray, destinationIndex, length) {
var cloneArray = sourceArray.slice(sourceIndex, sourceIndex + length);
for (var i = 0; i < cloneArray.length; i++) {
destinationArray[destinationIndex] = cloneArray[i];
destinationIndex++
}
};
function SM3Digest() {
this.BYTE_LENGTH = 64;
this.xBuf = new Array();
this.xBufOff = 0;
this.byteCount = 0;
this.DIGEST_LENGTH = 32;
//this.v0 = [0x7380166f, 0x4914b2b9, 0x172442d7, 0xda8a0600, 0xa96f30bc, 0x163138aa, 0xe38dee4d, 0xb0fb0e4e];
//this.v0 = [0x7380166f, 0x4914b2b9, 0x172442d7, -628488704, -1452330820, 0x163138aa, -477237683, -1325724082];
this.v0 = [1937774191, 1226093241, 388252375, -628488704, -1452330820, 372324522, -477237683, -1325724082];
this.v = new Array(8);
this.v_ = new Array(8);
this.X0 = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0];
this.X = new Array(68);
this.xOff = 0;
this.T_00_15 = 0x79cc4519;
this.T_16_63 = 0x7a879d8a;
if (arguments.length > 0) {
this.InitDigest(arguments[0])
} else {
this.Init()
}
}
SM3Digest.prototype = {
Init: function () {
this.xBuf = new Array(4);
this.Reset()
}, InitDigest: function (t) {
this.xBuf = new Array(t.xBuf.length);
Array.Copy(t.xBuf, 0, this.xBuf, 0, t.xBuf.length);
this.xBufOff = t.xBufOff;
this.byteCount = t.byteCount;
Array.Copy(t.X, 0, this.X, 0, t.X.length);
this.xOff = t.xOff;
Array.Copy(t.v, 0, this.v, 0, t.v.length)
}, GetDigestSize: function () {
return this.DIGEST_LENGTH
}, Reset: function () {
this.byteCount = 0;
this.xBufOff = 0;
Array.Clear(this.xBuf, 0, this.xBuf.length);
Array.Copy(this.v0, 0, this.v, 0, this.v0.length);
this.xOff = 0;
Array.Copy(this.X0, 0, this.X, 0, this.X0.length)
}, GetByteLength: function () {
return this.BYTE_LENGTH
},
ProcessBlock: function () {
var i;
var ww = this.X;
var ww_ = new Array(64);
for (i = 16; i < 68; i++) {
ww[i] = this.P1(ww[i - 16] ^ ww[i - 9] ^ (roateLeft(ww[i - 3], 15))) ^ (roateLeft(ww[i - 13], 7)) ^ ww[i - 6]
}
for (i = 0; i < 64; i++) {
ww_[i] = ww[i] ^ ww[i + 4]
}
var vv = this.v;
var vv_ = this.v_;
Array.Copy(vv, 0, vv_, 0, this.v0.length);
var SS1, SS2, TT1, TT2, aaa;
//roateLeft
for (i = 0; i < 16; i++) {
aaa = roateLeft(vv_[0], 12);
SS1 = aaa + vv_[4] + roateLeft(this.T_00_15, i);
SS1 = roateLeft(SS1, 7);
SS2 = SS1 ^ aaa;
TT1 = this.FF_00_15(vv_[0], vv_[1], vv_[2]) + vv_[3] + SS2 + ww_[i];
TT2 = this.GG_00_15(vv_[4], vv_[5], vv_[6]) + vv_[7] + SS1 + ww[i];
vv_[3] = vv_[2];
vv_[2] = roateLeft(vv_[1], 9);
vv_[1] = vv_[0];
vv_[0] = TT1;
vv_[7] = vv_[6];
vv_[6] = roateLeft(vv_[5], 19);
vv_[5] = vv_[4];
vv_[4] = this.P0(TT2)
}
for (i = 16; i < 64; i++) {
aaa = roateLeft(vv_[0], 12);
SS1 = aaa + vv_[4] + roateLeft(this.T_16_63, i);
SS1 = roateLeft(SS1, 7);
SS2 = SS1 ^ aaa;
TT1 = this.FF_16_63(vv_[0], vv_[1], vv_[2]) + vv_[3] + SS2 + ww_[i];
TT2 = this.GG_16_63(vv_[4], vv_[5], vv_[6]) + vv_[7] + SS1 + ww[i];
vv_[3] = vv_[2];
vv_[2] = roateLeft(vv_[1], 9);
vv_[1] = vv_[0];
vv_[0] = TT1;
vv_[7] = vv_[6];
vv_[6] = roateLeft(vv_[5], 19);
vv_[5] = vv_[4];
vv_[4] = this.P0(TT2)
}
for (i = 0; i < 8; i++) {
vv[i] ^= (vv_[i])
}
this.xOff = 0;
Array.Copy(this.X0, 0, this.X, 0, this.X0.length)
},
ProcessWord: function (in_Renamed, inOff) {
var n = in_Renamed[inOff] << 24;
n |= (in_Renamed[++inOff] & 0xff) << 16;
n |= (in_Renamed[++inOff] & 0xff) << 8;
n |= (in_Renamed[++inOff] & 0xff);
this.X[this.xOff] = n;
if (++this.xOff == 16) {
this.ProcessBlock()
}
}, ProcessLength: function (bitLength) {
if (this.xOff > 14) {
this.ProcessBlock()
}
this.X[14] = (this.URShiftLong(bitLength, 32));
this.X[15] = (bitLength & (0xffffffff))
},
IntToBigEndian: function (n, bs, off) {
bs[off] = (n >>> 24 & 0xFF);
bs[++off] = (n >>> 16 & 0xFF);
bs[++off] = (n >>> 8 & 0xFF);
bs[++off] = (n & 0xFF);
},
DoFinal: function (out_Renamed, outOff) {
this.Finish();
for (var i = 0; i < 8; i++) {
this.IntToBigEndian(this.v[i], out_Renamed, outOff + i * 4)
}
this.Reset();
return this.DIGEST_LENGTH
}, Update: function (input) {
this.xBuf[this.xBufOff++] = input;
if (this.xBufOff == this.xBuf.length) {
this.ProcessWord(this.xBuf, 0);
this.xBufOff = 0
}
this.byteCount++
}, BlockUpdate: function (input, inOff, length) {
while ((this.xBufOff != 0) && (length > 0)) {
this.Update(input[inOff]);
inOff++;
length--
}
while (length > this.xBuf.length) {
this.ProcessWord(input, inOff);
inOff += this.xBuf.length;
length -= this.xBuf.length;
this.byteCount += this.xBuf.length
}
while (length > 0) {
this.Update(input[inOff]);
inOff++;
length--
}
}, Finish: function () {
var bitLength = (this.byteCount << 3);
this.Update((128));
while (this.xBufOff != 0) this.Update((0));
this.ProcessLength(bitLength);
this.ProcessBlock()
}, ROTATE: function (x, n) {
return (x << n) | (this.URShift(x, (32 - n)))
},
P0: function (X) {
return ((X) ^ roateLeft((X), 9) ^ roateLeft((X), 17))
},
P1: function (X) {
return ((X) ^ roateLeft((X), 15) ^ roateLeft((X), 23))
},
FF_00_15: function (X, Y, Z) {
return (X ^ Y ^ Z)
}, FF_16_63: function (X, Y, Z) {
return ((X & Y) | (X & Z) | (Y & Z))
}, GG_00_15: function (X, Y, Z) {
return (X ^ Y ^ Z)
}, GG_16_63: function (X, Y, Z) {
return ((X & Y) | (~X & Z))
}, URShift: function (number, bits) {
console.error(number);
if (number > Int32.maxValue || number < Int32.minValue) {
//number = Int32.parse(number)
console.error(number);
number = IntegerParse(number);
}
if (number >= 0) {
return number >> bits
} else {
return (number >> bits) + (2 << ~bits)
}
}, URShiftLong: function (number, bits) {
var returnV;
var big = new jsrsasign.BigInteger();
big.fromInt(number);
if (big.signum() >= 0) {
returnV = big.shiftRight(bits).intValue()
} else {
var bigAdd = new BigInteger();
bigAdd.fromInt(2);
var shiftLeftBits = ~bits;
var shiftLeftNumber = '';
if (shiftLeftBits < 0) {
var shiftRightBits = 64 + shiftLeftBits;
for (var i = 0; i < shiftRightBits; i++) {
shiftLeftNumber += '0'
}
var shiftLeftNumberBigAdd = new BigInteger();
shiftLeftNumberBigAdd.fromInt(number >> bits);
var shiftLeftNumberBig = new BigInteger("10" + shiftLeftNumber, 2);
shiftLeftNumber = shiftLeftNumberBig.toRadix(10);
var r = shiftLeftNumberBig.add(shiftLeftNumberBigAdd);
returnV = r.toRadix(10)
} else {
shiftLeftNumber = bigAdd.shiftLeft((~bits)).intValue();
returnV = (number >> bits) + shiftLeftNumber
}
}
return returnV
}, GetZ: function (g, pubKeyHex) {
var userId = CryptoJS.enc.Utf8.parse("1234567812345679");
var len = userId.words.length * 4 * 8;
this.Update((len >> 8 & 0x00ff));
this.Update((len & 0x00ff));
var userIdWords = this.GetWords(userId.toString());
this.BlockUpdate(userIdWords, 0, userIdWords.length);
var aWords = this.GetWords(g.curve.a.toBigInteger().toRadix(16));
var bWords = this.GetWords(g.curve.b.toBigInteger().toRadix(16));
var gxWords = this.GetWords(g.getX().toBigInteger().toRadix(16));
var gyWords = this.GetWords(g.getY().toBigInteger().toRadix(16));
var pxWords = this.GetWords(pubKeyHex.substr(0, 64));
var pyWords = this.GetWords(pubKeyHex.substr(64, 64));
this.BlockUpdate(aWords, 0, aWords.length);
this.BlockUpdate(bWords, 0, bWords.length);
this.BlockUpdate(gxWords, 0, gxWords.length);
this.BlockUpdate(gyWords, 0, gyWords.length);
this.BlockUpdate(pxWords, 0, pxWords.length);
this.BlockUpdate(pyWords, 0, pyWords.length);
var md = new Array(this.GetDigestSize());
this.DoFinal(md, 0);
return md
}, GetWords: function (hexStr) {
var words = [];
var hexStrLength = hexStr.length;
for (var i = 0; i < hexStrLength; i += 2) {
words[words.length] = parseInt(hexStr.substr(i, 2), 16)
}
return words
}, GetHex: function (arr) {
var words = [];
var j = 0;
for (var i = 0; i < arr.length * 2; i += 2) {
words[i >>> 3] |= parseInt(arr[j]) << (24 - (i % 8) * 4);
j++
}
var wordArray = new CryptoJS.lib.WordArray.init(words, arr.length);
return wordArray
}
};
Array.Clear = function (destinationArray, destinationIndex, length) {
for (elm in destinationArray) {
destinationArray[elm] = null
}
};
function roateLeft(n, distance) {
//return ((n << distance) | (n >>> (32 - distance)));
return (n << distance)|(n >>> -distance);
}
SM2CipherMode = {
C1C2C3: 0,
C1C3C2: 1
};
console.log(sm2Encrypt(data,publicKey))然后,我們可以用burpsuite的插件對這個 js 加密函式進行呼叫爆破,如下
轉載請註明出處,本文鏈接:https://www.uj5u.com/qita/233102.html
標籤:其他