Ubuntu 14.04.4 LTS (GNU/Linux 3.13.0-52-generic x86_64) PHP 5.5.9-1ubuntu4.19 (cli)
Practical process
I have an encrypted project and a PHP extended dynamic link library (jinhou.so) on hand. The PHP code looks like the following:<?php /* xxxx技术有限公司版权所有: 2016-09-08 08:18:00 */ jhgo('uGpqefbDEBkqp4preQ2UaAp3RAUeJAZ5s4aERAQMkxbJTgEovHnQw6WxsA99sAhSacJCLGxZL4Q4u6zFyGveuDUoemktHGkMaB5D'); ?>
##:
82dsa7dsas32112389uy7aydh8h2h2i412 I wondered if it belonged to him Encryption Key. After re-reading the code, it turned out to be true. In the https://github.com/eixom/zoeeyguard/blob/master/src/guard.h
file. The original one is
28dsa7dsas12312389uy7aydh8h1h2i312
. After making the changes, I found that it still didn't work. As expected, I am still Too Young Too Simple.
Are there any other parameters that have been changed? But other parameters are in array format, which is a headache. /* private key */
#define PRIVATE_KEY "28dsa7dsas12312389uy7aydh8h1h2i312"
#define PRIVATE_KEY_LEN sizeof(PRIVATE_KEY)
/* order */
static const unsigned char OBFUSCATED_ORDER[] = {
13, 6, 5, 7, 1, 15, 14, 20
, 9, 16, 19, 4, 18, 10, 2, 8
, 12, 3, 11, 0, 17
};
#define ORDER_SIZE sizeof(OBFUSCATED_ORDER) / sizeof(* OBFUSCATED_ORDER)
/* alphabet for base64 */
static const unsigned char OBFUSCATED_ALPHABET[] = {
's', '4', 'N', 'E', 'k', 'X', 'c', 'u'
, 'J', '2', 'U', 'o', 'O', 'w', 'K', 'v'
, 'h', 'H', 'C', '/', 'D', 'q', 'l', 'R'
, 'B', 'r', '5', 'Z', 'S', 'Q', '6', 'W'
, '3', 'L', 'j', '8', '1', 'z', '0', 'G'
, 'n', 'e', 'y', 'b', 'I', 'd', 'i', 'P'
, 'A', '9', '7', '+', 'm', 'V', 'M', 'Y'
, 'F', 'g', 'f', 'p', 'a', 'T', 't', 'x'
};
#define ALPHABET_SIZE 64
Change the files in guard.h based on the data. After recompiling, it was successfully decrypted.
<?php require_cache(APP_PATH.'/Lib/Action/User/AddonAction.class.php'); ?>
1. This cracking did not take much time, mainly thanks to the fact that the encryption scheme and encryption code were clearly told to us.
2. The main time is to test the encryption parameters. Fortunately, the .so file is not packed.3. During the cracking process, I also learned about the flaws of PHP encryption.
【Recommended learning: