逆向中常见的加密算法

base 系列

base64 编码过程

如上图所示:

  1. 将字符串转换成二进制序列
  2. 按每 6 个二进制位为一组,分成若干组
  3. 如果不足 6 位,则最低位补 0
  4. 每 6 位组成一个新的字节,高位补 00,构成一个新的二进制序列
  5. 根据 base64 索引表中的值找到对应的字符
  6. 凑齐 4 字节整数倍,在末尾补 “=” 号

特征识别

  • 编码表
  • 密文长度 %4==0,字符特征
  • 加密填充符
  • bit:3 * 8 变 4 * 6

常规魔改

  • 编码表(TLS、SMC 等各种反调试位置)

变表 base64 解密示例:

1
2
3
4
5
6
7
8
9
10
11
12
import base64
# 原表
origin = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'
# 变表
base = 'aUiBDdopSQVOFlfLnTNrv4sj+MJW3g2Cy5IZk6APYt9RGwqm/8H7eKcx1EzbX0hu'
# 密文
c = 'r6lrnKTo27T5FsDxfB+ElZMIlBQZMAS/MB6AlB4klBnelZFeFrTACn=='
# 创建映射表
table = str.maketrans(base,origin)
# 明文
m = str(base64.b64decode(c.translate(table)),encoding=('utf-8'))
print(m)

RC4

一个类似于逐字节异或的加密算法

它属于对称加密算法中的流密码加密算法,流密码不对明文数据进行分组,而是用密钥生成与明文一样长短的密码流对明文进行加密

特征识别

  • 初始化和加密分离
  • sbox 初始化 s[i]=i,密钥填充
  • 取模运算,对明文处理只有最后一部分

加密过程

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
void rc4_init(unsigned char* s, unsigned char* key, int len){
    int i = 0, j = 0;
    char k[256] = { 0 };
    for (i = 0; i<256; i++)
    {
        s[i] = i;
        k[i] = key[i%len];  //密钥填充
    }
    for (i = 0; i<256; i++) //用k对s进行初始置换
    {
        j = (j + s[i] + k[i]) % 256;
        swap(s[i],s[j]);
    }
}

void rc4_crypt(unsigned char* s, unsigned char* Data, int len){
    int i = 0, j = 0, t = 0;
    unsigned int k = 0;
    for (k = 0; k<len; k++)
    {
        i = (i + 1) % 256;
        j = (j + s[i]) % 256;
        swap(s[i],s[j]);
        t = (s[i] + s[j]) % 256;
        Data[k] ^= s[t];    //xor data
    }
}

常规魔改

  • 异或的时候加入其它算数运算
  • 取模长度更改

Tea 系列

特征识别

  • 常量特征:delta 0x9e3779b9
  • 密钥特征:4个32位字符
  • 明文输入:32位字符为单位
  • 异或&移位特征

tea 加密过程

1
2
3
4
5
6
7
8
9
10
11
void encrypt(uint32_t* v, uint32_t* k) {  
    uint32_t delta=0x9e3779b9;
    uint32_t v0 = v[0], v1 = v[1], sum = 0;               
    for (int i = 0; i < 32; i++) {                      
        sum += delta;  
        v0 += ((v1<<4) + k[0]) ^ (v1 + sum) ^ ((v1>>5) + k[1]);  
        v1 += ((v0<<4) + k[2]) ^ (v0 + sum) ^ ((v0>>5) + k[3]);  
    }                                                
    v[0] = v0; 
    v[1] = v1;  
}

tea 解密过程

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
#include <bits/stdc++.h>
using namespace std;
void decrypt (uint32_t* v, uint32_t* k) {  
    uint32_t v0=v[0], v1=v[1], sum=0xC6EF3720, i;  
    uint32_t delta=0x9e3779b9;                    
    uint32_t k0=k[0], k1=k[1], k2=k[2], k3=k[3];   
    for (i=0; i<32; i++) {                       
        v1 -= ((v0<<4) + k2) ^ (v0 + sum) ^ ((v0>>5) + k3);  
        v0 -= ((v1<<4) + k0) ^ (v1 + sum) ^ ((v1>>5) + k1);  
        sum -= delta;  
    }                                             
    v[0]=v0; v[1]=v1;  
}  

int main()
{
	uint32_t k[4] = {11,22,33,44};
	uint32_t v[10] = {0x7c12e17f,0x43c2b691,0xa8d8d6ce,0x6280ecc8,0xe6e18c6e,0x20d6dfa3,0xf2dd40c,0xb819b77e,0xb9258436,0x5d3e88b6};
	for(int i = 0; i < 5; i++){
		uint32_t f[2]  = {v[2*i],v[2*i+1]};
		decrypt(f,k);
		for(int j = 0; j < 2; j++){
			printf("%c", f[j]&0xff);
			printf("%c", (f[j]>>8)&0xff);
			printf("%c", (f[j]>>16)&0xff);
			printf("%c", (f[j]>>24)&0xff);
		}
	}
	
	return 0;
}

xtea 加密过程

1
2
3
4
5
6
7
8
9
10
void encrypt(uint32_t* v, uint32_t* k) {  
    unsigned int i;  
    uint32_t v0=v[0], v1=v[1], sum=0, delta=0x9E3779B9;  
    for (i=0; i < 32; i++) {  
        v0 += (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + key[sum & 3]);  
        sum += delta;  
        v1 += (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + key[(sum>>11) & 3]);  
    }  
    v[0]=v0; v[1]=v1;  
}

xxtea 加密过程

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
v = 明文
k = 密钥
n = len(v)
rounds = 6 + int(52 / n)
sum = c_uint32(0)
z = v[n - 1].value
while rounds > 0:
    sum.value += DELTA
    e = (sum.value >> 2) & 3
    p = 0
    while p < n - 1:
        y = v[p + 1].value
        v[p].value += (((z >> 5 ^ y << 2) + (y >> 3 ^ z << 4)) ^ ((sum.value ^ y) + (k[(p & 3) ^ e] ^ z)))
        z = v[p].value
        p += 1
    y = v[0].value
    v[n - 1].value += (((z >> 5 ^ y << 2) + (y >> 3 ^ z << 4)) ^ ((sum.value ^ y) + (k[(p & 3) ^ e] ^ z)))
    z = v[n - 1].value
    rounds -= 1

xxtea 解密过程

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
from ctypes import c_uint32

DELTA = 0x9E3779B9
def decrypt(v, n, k):
    rounds = 6 + int(52 / n)
    sum = c_uint32(rounds * DELTA)
    y = v[0].value
    while rounds > 0:
        e = (sum.value >> 2) & 3
        p = n - 1
        while p > 0:
            z = v[p - 1].value
            v[p].value -= (((z >> 5 ^ y << 2) + (y >> 3 ^ z << 4)) ^ ((sum.value ^ y) + (k[(p & 3) ^ e] ^ z)))
            y = v[p].value
            p -= 1
        z = v[n - 1].value
        v[0].value -= (((z >> 5 ^ y << 2) + (y >> 3 ^ z << 4)) ^ ((sum.value ^ y) + (k[(p & 3) ^ e] ^ z)))
        y = v[0].value
        sum.value -= DELTA
        rounds -= 1


if __name__ == "__main__":
    k = [0x73645212, 0x31378432, 0x12325153, 0x34356531]

    m = [c_uint32(0xe034b77),c_uint32(0xfec9c3af),c_uint32(0x763b3820),c_uint32(0x8bdcc362),c_uint32(0xf443f322),c_uint32(0x6a0759bb),c_uint32(0x8d67f594),c_uint32(0x320282e4),c_uint32(0xef25b93c),c_uint32(0x4cad32cd)]
    decrypt(m, len(m), k)
    for i in m:
        for j in range(4):
            print(chr(i.value&0xff),end='')
            i.value >>= 8

AES

特征识别

  • sbox 16*16 常量特征
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
unsigned char S[256] = {
        0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76,
        0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0, 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0,
        0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC, 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15,
        0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A, 0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75,
        0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0, 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84,
        0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B, 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF,
        0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85, 0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8,
        0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5, 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2,
        0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17, 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73,
        0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88, 0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB,
        0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C, 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79,
        0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9, 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08,
        0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6, 0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A,
        0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E, 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E,
        0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94, 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF,
        0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68, 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16
};
  • 加密过程:密钥扩展–>轮密钥生成–>字节替换、行移位–>列替换和轮密钥加
  • 密钥长度和轮数的对应
    • 128bits–>10rounds
    • 192bits–>12rounds
    • 256bits–>14rounds

AES 解密过程

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
from Crypto.Cipher import AES

def aes_decrypt(key_str, ciphertext_hex):
    # 将16进制字符串转换为字节序列
    ciphertext_bytes = bytes.fromhex(ciphertext_hex)
    # 将字符串密钥转换为字节序列
    key = key_str.encode('utf-8')
    # 创建AES解密器
    cipher = AES.new(key, AES.MODE_ECB)
    # 解密
    decrypted_data = cipher.decrypt(ciphertext_bytes)
    print(decrypted_data)

key_str = "wh5el_1n_45saes!"
ciphertext_hex = '722ee3cce160be26b48240831e126dc9397a40fa21a328f53880b28523464249'
plaintext_hex_result = aes_decrypt(key_str, ciphertext_hex)

DES

Blowfish

特征识别

  • 常量特征:16 进制的 pai hex 数据填充 PBOX
1
2
3
4
5
p[0] = 0x243F6A88
P[1] = 0X85A308D3
P[2] = 0X13198A2E
P[3] = 0X03707344
...
  • 对称加密
  • 密钥长度不定–>32-448位

国密 SM4

特征识别

  • 分组长度、密钥长度为 128bit
  • 32 轮运算 + 反序变换
  • sbox 常量特征
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
SBOX = [
0xD6, 0x90, 0xE9, 0xFE, 0xCC, 0xE1, 0x3D, 0xB7, 0x16, 0xB6, 0x14, 0xC2, 0x28, 0xFB, 0x2C, 0x05, 0x2B, 0x67, 0x9A,
0x76, 0x2A, 0xBE, 0x04, 0xC3, 0xAA, 0x44, 0x13, 0x26, 0x49, 0x86, 0x06, 0x99, 0x9C, 0x42, 0x50, 0xF4, 0x91, 0xEF,
0x98, 0x7A, 0x33, 0x54, 0x0B, 0x43, 0xED, 0xCF, 0xAC, 0x62, 0xE4, 0xB3, 0x1C, 0xA9, 0xC9, 0x08, 0xE8, 0x95, 0x80,
0xDF, 0x94, 0xFA, 0x75, 0x8F, 0x3F, 0xA6, 0x47, 0x07, 0xA7, 0xFC, 0xF3, 0x73, 0x17, 0xBA, 0x83, 0x59, 0x3C, 0x19,
0xE6, 0x85, 0x4F, 0xA8, 0x68, 0x6B, 0x81, 0xB2, 0x71, 0x64, 0xDA, 0x8B, 0xF8, 0xEB, 0x0F, 0x4B, 0x70, 0x56, 0x9D,
0x35, 0x1E, 0x24, 0x0E, 0x5E, 0x63, 0x58, 0xD1, 0xA2, 0x25, 0x22, 0x7C, 0x3B, 0x01, 0x21, 0x78, 0x87, 0xD4, 0x00,
0x46, 0x57, 0x9F, 0xD3, 0x27, 0x52, 0x4C, 0x36, 0x02, 0xE7, 0xA0, 0xC4, 0xC8, 0x9E, 0xEA, 0xBF, 0x8A, 0xD2, 0x40,
0xC7, 0x38, 0xB5, 0xA3, 0xF7, 0xF2, 0xCE, 0xF9, 0x61, 0x15, 0xA1, 0xE0, 0xAE, 0x5D, 0xA4, 0x9B, 0x34, 0x1A, 0x55,
0xAD, 0x93, 0x32, 0x30, 0xF5, 0x8C, 0xB1, 0xE3, 0x1D, 0xF6, 0xE2, 0x2E, 0x82, 0x66, 0xCA, 0x60, 0xC0, 0x29, 0x23,
0xAB, 0x0D, 0x53, 0x4E, 0x6F, 0xD5, 0xDB, 0x37, 0x45, 0xDE, 0xFD, 0x8E, 0x2F, 0x03, 0xFF, 0x6A, 0x72, 0x6D, 0x6C,
0x5B, 0x51, 0x8D, 0x1B, 0xAF, 0x92, 0xBB, 0xDD, 0xBC, 0x7F, 0x11, 0xD9, 0x5C, 0x41, 0x1F, 0x10, 0x5A, 0xD8, 0x0A,
0xC1, 0x31, 0x88, 0xA5, 0xCD, 0x7B, 0xBD, 0x2D, 0x74, 0xD0, 0x12, 0xB8, 0xE5, 0xB4, 0xB0, 0x89, 0x69, 0x97, 0x4A,
0x0C, 0x96, 0x77, 0x7E, 0x65, 0xB9, 0xF1, 0x09, 0xC5, 0x6E, 0xC6, 0x84, 0x18, 0xF0, 0x7D, 0xEC, 0x3A, 0xDC, 0x4D,
0x20, 0x79, 0xEE, 0x5F, 0x3E, 0xD7, 0xCB, 0x39, 0x48]
  • 密钥扩展左移 13、23 位,常量
1
2
3
4
5
6
7
8
9
10
11
FK = {0xa3b1bac6, 0x56aa3350, 0x677d9197, 0xb27022dc};
CK = {
        0x00070e15, 0x1c232a31, 0x383f464d, 0x545b6269,
        0x70777e85, 0x8c939aa1, 0xa8afb6bd, 0xc4cbd2d9,
        0xe0e7eef5, 0xfc030a11, 0x181f262d, 0x343b4249,
        0x50575e65, 0x6c737a81, 0x888f969d, 0xa4abb2b9,
        0xc0c7ced5, 0xdce3eaf1, 0xf8ff060d, 0x141b2229,
        0x30373e45, 0x4c535a61, 0x686f767d, 0x848b9299,
        0xa0a7aeb5, 0xbcc3cad1, 0xd8dfe6ed, 0xf4fb0209,
        0x10171e25, 0x2c333a41, 0x484f565d, 0x646b7279
};
  • 加密过程线性变换左移 2、10、18、24 位

Hash

hash 不可逆,所以如果解题遇到 hash 基本以算法识别+撞库为主

md5、sha1、sha256、sha384、sha512 等等
加密过程有大量移位操作且不可逆

特征识别

  • MD5 常量特征
1
2
3
4
5
ABCD
0x67452301   
0x0EFCDAB89  
0x98BADCFE   
0x10325476
  • MD5 64轮移位表

CRC64

CRC 校验的本质就是多项式除法

CRC64 解密脚本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
import struct


def shld(a1, a2):
    return ((a1 << 1) | (a2 >> 31)) & 0xffffffff


def shl(a1):
    return (a1 << 1) & 0xffffffff


def shr(a1):
    return (a1 >> 1) & 0xffffffff


def de(buf):
    for i in range(0, 10, 2):
        ta = buf[i]
        tb = buf[i + 1]
        for k in range(64):

            if (ta & 1):
                ta = (0x54AA4A9 ^ ta) & 0xffffffff
                ta = shr(ta) | ((tb & 1) << 31)

                tb = shr(tb) | (1 << 31)
            else:
                ta = shr(ta) | ((tb & 1) << 31)

                tb = shr(tb)
        buf[i] = ta
        buf[i + 1] = tb


def main():
    flag = [0x149b24c1, 0xbc17996, 0x192ce051, 0x1666bae6, 0xf0f13109, 0x713168a1, 0xcc4fa796, 0x9d5344d9, 0x623329f6, 0x5e22b5da]
    de(flag)
    for i in range(len(flag)):
        print(hex(flag[i]), end=', ')
    print()
    flag = b''.join(struct.pack("<I", i) for i in flag)
    print(flag)


if __name__ == '__main__':
    main()

CRC64 加密函数

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
def en(buf):
    for i in range(0, 10, 2):
        ta = buf[i]
        tb = buf[i + 1]
        for k in range(64):
            if tb & 2147483648 == 2147483648:
                tb = shld(tb, ta)
                ta = shl(ta)
                ta = (88777897 ^ ta) & 4294967295
            else:
                tb = shld(tb, ta)
                ta = shl(ta)
            buf[i] = ta
            buf[i + 1] = tb

RSA