Java AES加密的前8字节结果是否总是相同的?
首先,我对逆向工程完全是新手。我试图从Android.apk文件中解密资产,以了解原因。反编译.apk文件,这是我观察到的Java AES加密的前8字节结果是否总是相同的?,java,android,encryption,aes,Java,Android,Encryption,Aes,首先,我对逆向工程完全是新手。我试图从Android.apk文件中解密资产,以了解原因。反编译.apk文件,这是我观察到的 public static String a(String var0) { String var1 = null; byte[] var3; try { var3 = a(a(), var0.getBytes()); } catch (Exception var2) {
public static String a(String var0) {
String var1 = null;
byte[] var3;
try {
var3 = a(a(), var0.getBytes());
} catch (Exception var2) {
var3 = null;
}
if (var3 != null) {
var1 = a(var3);
}
return var1;
}
private static String a(byte[] var0) {
if (var0 == null) {
return "";
} else {
StringBuffer var2 = new StringBuffer(var0.length * 2);
for(int var1 = 0; var1 < var0.length; ++var1) {
a(var2, var0[var1]);
}
return var2.toString();
}
}
private static void a(StringBuffer var0, byte var1) {
var0.append("0123456789ABCDEF".charAt(var1 >> 4 & 15)).append("0123456789ABCDEF".charAt(var1 & 15));
}
private static byte[] a() throws Exception {
return f.a(new byte[]{33, 83, -50, -89, -84, -114, 80, 99, 10, 63, 22, -65, -11, 30, 101, -118});
}
private static native byte[] a(String var0);
private static byte[] a(byte[] var0, byte[] var1) throws Exception {
SecretKeySpec var3 = new SecretKeySpec(var0, "AES");
Cipher var2 = Cipher.getInstance("AES/CBC/PKCS5Padding");
var2.init(1, var3, new IvParameterSpec(b()));
return var2.doFinal(var1);
}
public static String b(String var0) {
try {
var0 = new String(b(a(), a(var0)));
return var0;
} catch (Exception var1) {
return null;
}
}
private static byte[] b() {
// $FF: Couldn't be decompiled
}
private static byte[] b(byte[] var0, byte[] var1) throws Exception {
SecretKeySpec var3 = new SecretKeySpec(var0, "AES");
Cipher var2 = Cipher.getInstance("AES/CBC/PKCS5Padding");
var2.init(2, var3, new IvParameterSpec(b()));
return var2.doFinal(var1);
}
由于Android Studio代码混淆,类和变量名无法读取,但至少我可以看出它使用了AES/CBC/PKCS5Padding
加密/解密方案。好!!现在我可以猜到奇怪的硬编码字节[16]
和一些散列字符串用于key,IV用于AES
但非常奇怪的是,在这个apk中,每个加密的资产文件都以相同的8字节开始。我测试了一个与上面类似的示例代码,但是我的代码为不同的输入提供了不同的头。我想这可能是个线索,但我不知道。(当然,我在反编译代码中找不到硬编码的8字节)
AES加密的前8字节结果是否总是相同的?或者它是否使用了另一种二次加密?CBC模式下AES输出的前8个字节不会相同,除非前16个字节全部相同,这反过来意味着明文的前16个字节和IV相同。但是,您观察到的前8个字节可能不是AES输出,它可能用于生成IV和/或salt。
public class f {
private static native f.a a(String var0);
public static byte[] a(byte[] var0) {
if (var0 != null) {
f.a var1 = a("QrMgt8GGYI6T52ZY5AnhtxkLzb8egpFn3j5JELI8H6wtACbUnZ5cc3aYTsTRbmkAkRJeYbtx92LPBWm7nBO9UIl7y5i5MQNmUZNf5QENurR5tGyo7yJ2G0MBjWvy6iAtlAbacKP0SwOUeUWx5dsBdyhxa7Id1APtybSdDgicBDuNjI0mlZFUzZSS9dmN8lBD0WTVOMz0pRZbR3cysomRXOO1ghqjJdTcyDIxzpNAEszN8RMGjrzyU7Hjbmwi6YNK");
if (var1 != null) {
return a(var0, var1);
}
}
return null;
}
private static native byte[] a(byte[] var0, f.a var1);
private static class a {
public int[] d;
public int x;
public int y;
private a() {
this.d = new int[256];
}
}
}