GiWifi手机版加密分析
通过搜索gatewayId找到g.java可以得出以下代码
gwAddress
hashMap.put("gwAddress", EncryptUtil.getEncrypt(CacheAuth.getInstance().getGwIp())
service_type
hashMap.put("service_type", Integer.valueOf(CacheAccount.getInstance().getLoginServiceType())
staticPassword
hashMap.put("staticPassword", EncryptUtil.getEncrypt(str3))
phone
hashMap.put("phone", EncryptUtil.getEncrypt(str))
ip
hashMap.put("ip", EncryptUtil.getEncrypt(CacheAuth.getInstance().getLocalIp())
staType
hashMap.put("staType", EncryptUtil.getEncrypt(s.l(context))
staModel
hashMap.put("staModel", EncryptUtil.getEncrypt(s.b())
apMac 空
hashMap.put("apMac", "")
version版本
明文 2.4.1.3
mac
hashMap2.put("mac", CacheAuth.getInstance().getLocalMac());
gatewayId
hashMap2.put("gatewayId", CacheAuth.getInstance().getGwId());
token
hashMap2.put("token", CacheAccount.getInstance().getUserToken());
不需要管的数据有
apMac version
以上为固定数据
调用EncryptUtil.getEncrypt有
gwAddress staticPassword phone ip staType staModel
调用CacheAuth.getInstance有
mac gatewayId token service_type
首先分析EncryptUtil.getEncrypt
public static String getEncrypt(String str) {
return d.a("5447c08b53e8dac4", str);
}
getEncrypt调用了d.a
invoke-static {v0, p0}, Lcom/gbcom/gwifi/codec/d;->b(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;
根据il语言定位gbcom/gwifi/codec/d.java翻阅代码
package com.gbcom.gwifi.codec;
import android.util.Base64;
import java.security.Key;
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
public class d {
private static final String a = "AES/ECB/PKCS5Padding";
public static String a(String str, String str2) {
if (str2 == null) {
return "";
}
try {
Key a = a(str);
Cipher instance = Cipher.getInstance(a);
instance.init(1, a);
return Base64.encodeToString(instance.doFinal(str2.getBytes()), 2);
} catch (Exception e) {
e.printStackTrace();
return "";
}
}
private static Key a(String str) throws Exception {
try {
return new SecretKeySpec(str.getBytes(), "AES");
} catch (Exception e) {
e.printStackTrace();
throw e;
}
}
public static String b(String str, String str2) {
try {
Key a = a(str);
Cipher instance = Cipher.getInstance(a);
instance.init(2, a);
return new String(instance.doFinal(Base64.decode(str2, 2))).trim();
} catch (Exception e) {
e.printStackTrace();
return "";
}
}
}
因为是两个参数所以确定了public static String a(String str, String str2)
调用了Cipher使用5447c08b53e8dac4生成对象,然后用1,AES/ECB/PKCS5Padding进行初始化
进行对str2加密后base64编码
根据执行流程可知b函数应该是解密函数
public static String b(String str, String str2) {
try {
Key a = a(str);
Cipher instance = Cipher.getInstance(a);
instance.init(2, a);
return new String(instance.doFinal(Base64.decode(str2, 2))).trim();
} catch (Exception e) {
e.printStackTrace();
return "";
}
}
调用了Cipher使用5447c08b53e8dac4生成对象,然后2,AES/ECB/PKCS5Padding进行初始化
进行对str2进行解base64编码去空格后进行解码
然后开始分析getLocalMac getGwId getUserToken
我们先去CacheAuth找到getLocalMac getGwId
public String getLocalMac() {
String toUpperCase;
synchronized (this) {
toUpperCase = getStringValue(CACHE_LOCAL_MAC, "").toUpperCase();
}
return toUpperCase;
}
有getStringValue相关值就一定有设置
public void setLocalMac(String str) {
synchronized (this) {
if (com.gbcom.gwifi.util.a.b(str)) {
if (!(str.equals("00:00:00:00:00:00") || str.equals("02:00:00:00:00:00"))) {
String trim = str.trim();
String localMac = getLocalMac();
if (!trim.toUpperCase().equals(localMac)) {
setStringValue(CACHE_LOCAL_MAC, trim);
this.authBean.setClientMac(trim);
if (!r.e(localMac)) {
j.b(TAG, "BaseGiWiFiInfoView send WIFI_MAC_CHANGE_ACTION");
GBApplication.instance().sendBroadcast(new Intent(com.gbcom.gwifi.util.c.by));
}
GiwifiPushAgent.getInstance(GBApplication.instance()).updateStatus();
}
}
}
}
}
我们继续搜索setLocalMac可以找到
str = jSONObject2.getString("userMac");
CacheAuth.getInstance().setLocalMac(str);
这里抓包获取到的是明文,而上边的格式应该是加密的,所以可以推测getLocalMac getGwId在某处被加密过了,跟上述加密同理
接下来看getUserToken
public String getUserToken(boolean z, EMAError eMAError) {
return native_getUserToken(z, eMAError);
}
这里也看不到特殊的地方,应该也在某处被特殊加密过了,跟上述加密同理
看不懂,不接地气
页:
[1]