推荐学习书目
› Learn Python the Hard Way
Python Sites
› PyPI - Python Package Index
› http://diveintopython.org/toc/index.html
› Pocoo
值得关注的项目
› PyPy
› Celery
› Jinja2
› Read the Docs
› gevent
› pyenv
› virtualenv
› Stackless Python
› Beautiful Soup
› 结巴中文分词
› Green Unicorn
› Sentry
› Shovel
› Pyflakes
› pytest
Python 编程
› pep8 Checker
Styles
› PEP 8
› Google Python Style Guide
› Code Style from The Hitchhiker's Guide
求问,抓包某个 APP 协议, HTTP, BODY 为二进制式加密,求下思路
taxidriver · 2017-02-11 23:43:26 +08:00 · 4964 次点击这是一个创建于 2847 天前的主题,其中的信息可能已经有所发展或是发生改变。
协议 A REQUEST = { 0xDD, 0x07, 0xF0, 0x00, 0x00, 0x00, 0x1D, 0x4F, 0x00, 0x00, 0x2C, 0x00, 0x36, 0x31, 0x37, 0x36, 0x33, 0x30, 0x35, 0x39, 0x32, 0x30, 0x3D, 0x31, 0x3D, 0x30, 0x3D, 0x30, 0x3D, 0x30, 0x3D, 0x35, 0x30, 0x33, 0x39, 0x37, 0x2E, 0x33, 0x36, 0x37, 0x3D, 0x34, 0x33, 0x30, 0x32, 0x36, 0x37, 0x33, 0x33, 0x36, 0x30, 0x3D, 0x3D, 0x30, 0x3D, 0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x6D, 0x8F, 0x41, 0x1B, 0x3E, 0x97, 0xCD, 0x3A, 0x52, 0x96, 0x89, 0x84, 0xA3, 0x37, 0x2A, 0xCF, 0x36, 0x77, 0x7F, 0xCB, 0x46, 0xA2, 0xAA, 0x65, 0xD3, 0x95, 0x68, 0x2C, 0x42, 0x30, 0x6B, 0xD5, 0xA7, 0xA5, 0x20, 0x1B, 0xE3, 0x5F, 0xE4, 0x95, 0xAE, 0x7C, 0x89, 0xA5, 0xD7, 0x87, 0xE9, 0xF5, 0x9C, 0x8E, 0x3B, 0x1C, 0x86, 0x31, 0x6F, 0x1E, 0xCE, 0xDB, 0x2D, 0x0C, 0x75, 0x44, 0x8B, 0x4E, 0x96, 0xEF, 0xF0, 0x6F, 0x3F, 0x8A, 0x98, 0xBB, 0x25, 0x78, 0x7E, 0xD1, 0x44, 0xFA, 0x22, 0xB8, 0x47, 0x5D, 0xAA, 0x56, 0x1D, 0xCD, 0x50, 0x45, 0x95, 0x46, 0x30, 0x71, 0x73, 0x91, 0xE0, 0x65, 0x4D, 0x92, 0xCB, 0xF2, 0x32, 0xD1, 0x37, 0x3D, 0x5C, 0xAC, 0x92, 0xC0, 0xD4, 0xE9, 0xE5, 0x95, 0xBC, 0xA4, 0xFF, 0x50, 0x07, 0xD7, 0x52, 0x9B, 0x2A, 0x71, 0x5A, 0xA2, 0x06, 0x6F, 0xD8, 0x43, 0x92, 0xEE, 0x00, 0xC6, 0x2A, 0x93, 0x49, 0xF2, 0xC1, 0x28, 0x35, 0x00, 0xDD, 0x0C, 0xB5, 0x40, 0x40, 0xE5, 0xE4, 0x16, 0x29, 0x4C, 0x87, 0x20, 0xCA, 0xD3, 0x65, 0x51, 0x3C, 0x99, 0xD3, 0x1C, 0x23, 0x7E, 0x1C, 0x6C, 0x5A, 0xA5, 0xB6, 0x47, 0xD4, 0x38, 0x7D, 0x2B, 0xB7, 0x32, 0x86, 0x87, 0xD6, 0x4E, 0x36, 0x81, 0xD3, 0x0D, 0xA6, 0x9A };
协议 A RESPONSE = { 0xDD, 0x07, 0xB1, 0x00, 0x00, 0x00, 0x1D, 0x4F, 0x02, 0x00, 0x2C, 0x00, 0x36, 0x31, 0x37, 0x36, 0x33, 0x30, 0x35, 0x39, 0x32, 0x30, 0x3D, 0x31, 0x3D, 0x30, 0x3D, 0x30, 0x3D, 0x30, 0x3D, 0x35, 0x30, 0x33, 0x39, 0x37, 0x2E, 0x33, 0x36, 0x37, 0x3D, 0x34, 0x33, 0x30, 0x32, 0x36, 0x37, 0x33, 0x33, 0x36, 0x30, 0x3D, 0x3D, 0x30, 0x3D, 0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x39, 0x5D, 0xB1, 0x89, 0x7A, 0x85, 0x64, 0xE5, 0xD8, 0xD1, 0xDD, 0x7E, 0x43, 0x4A, 0x5A, 0xBF, 0x4F, 0x36, 0x9F, 0x14, 0x49, 0xF8, 0xFB, 0x77, 0xE0, 0xAD, 0x4F, 0x3C, 0x34, 0x20, 0xBB, 0x2D, 0xDB, 0xB6, 0xD2, 0xCA, 0xF9, 0x46, 0x48, 0x3B, 0xFD, 0xDB, 0x27, 0xA2, 0x3A, 0xC7, 0x96, 0xC6, 0x91, 0xCA, 0xC5, 0x48, 0xBC, 0xA2, 0xF0, 0x34, 0xDB, 0x8E, 0xCE, 0x61, 0xF4, 0xBA, 0x0D, 0x9D, 0x25, 0xED, 0xB4, 0x9B, 0x74, 0xE6, 0xDA, 0x0F, 0x04, 0xCF, 0x1C, 0x35, 0x98, 0xDE, 0x73, 0x7D, 0x68, 0x55, 0xB1, 0xFB, 0x39, 0xA4, 0x78, 0x9B, 0x00, 0x5A, 0xF4, 0x45, 0x36, 0x35, 0x84, 0xDC, 0x30, 0x82, 0x12, 0x83, 0x7B, 0x32, 0xB3, 0x15, 0x4A, 0x42, 0xEF, 0xA0, 0x8F, 0x03, 0x51, 0x0D, 0xD6, 0x89, 0x64, 0x74, 0x12, 0x5F, 0x2C, 0x3C, 0xAE };
协议 B REQUEST = { 0xDD, 0x07, 0xE0, 0x00, 0x00, 0x00, 0x14, 0xA4, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xE7, 0xAF, 0xCC, 0x48, 0x1F, 0xDA, 0x4A, 0xC7, 0xEB, 0xC9, 0x81, 0xF2, 0xE3, 0x13, 0x55, 0x5A, 0xE6, 0x57, 0xC3, 0x78, 0x5A, 0x02, 0xF2, 0x09, 0x59, 0x1B, 0x1D, 0x63, 0x6F, 0x82, 0xD6, 0xAE, 0xB1, 0x04, 0xB3, 0x7A, 0x37, 0x13, 0x88, 0x2B, 0x90, 0x75, 0xF2, 0x46, 0xAD, 0xF4, 0xE0, 0xF7, 0xDF, 0xCE, 0x7E, 0x03, 0x17, 0x39, 0xAE, 0xB0, 0xC1, 0xCB, 0x2E, 0xD4, 0xC8, 0xDD, 0x7F, 0x16, 0x70, 0xC3, 0xFE, 0x48, 0xC4, 0x36, 0x0C, 0xA4, 0x6B, 0xD7, 0x65, 0x5D, 0xB7, 0x00, 0xFA, 0xE5, 0x76, 0x9A, 0x2B, 0x9C, 0xF7, 0xE1, 0xBC, 0xA3, 0xFF, 0x17, 0x98, 0x26, 0xC7, 0x39, 0x0B, 0xFD, 0x2D, 0xB7, 0x81, 0xDB, 0x07, 0x59, 0x82, 0x4E, 0x16, 0x17, 0xB1, 0xFB, 0xB9, 0xEB, 0xA9, 0xC7, 0xCD, 0x0C, 0x6D, 0x4A, 0x16, 0x81, 0x2F, 0x3B, 0xB0, 0xE4, 0xAC, 0x54, 0x18, 0xB8, 0x6B, 0x65, 0x40, 0x84, 0x27, 0xCF, 0x1E, 0x19, 0xD1, 0x0B, 0x09, 0x55, 0x33, 0xC7, 0xB6, 0x66, 0x99, 0xD7, 0x2B, 0x4C, 0xE1, 0x1D, 0xA9, 0x74, 0x4D, 0xB7, 0x01, 0x5A, 0x77, 0xA6, 0x31, 0xED, 0x1A, 0xF4, 0x4F, 0x45, 0x6D, 0x7D, 0xA1, 0xF1, 0xD2, 0xE8, 0xEC, 0xCC, 0x68, 0xF7, 0x6E, 0x23, 0x30, 0x0D, 0xAD, 0x57, 0x06, 0xB9, 0xC3, 0xFF, 0x0C, 0xE5, 0x78, 0xF7, 0x9A, 0xC4, 0xDB, 0x83, 0xD5, 0x52, 0xF9, 0xFA, 0x26, 0x7B, 0xF4, 0x17, 0xDA, 0x83, 0x97, 0x60, 0x5F, 0xDB, 0x5F, 0x21, 0x2C, 0x15, 0x33, 0xD9, 0xDE, 0x1D };
协议 B RESPONSE = { 0xDD, 0x07, 0x45, 0x00, 0x00, 0x00, 0x14, 0xA4, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x29, 0xEA, 0xC2, 0x2A, 0xF8, 0x5E, 0xF2, 0xF2, 0xEF, 0x75, 0xA3, 0x2B, 0x9B, 0x60, 0x04, 0xA5, 0x93, 0xD3, 0xBD, 0xC3, 0x6A, 0x02, 0x6D, 0x16, 0xB0, 0x2F, 0xCC, 0x99, 0xDB, 0x25, 0x1A, 0xC3, 0xFB, 0x32, 0x98, 0x47, 0x30, 0xFF, 0x6D, 0xB5, 0x7C, 0x93, 0xD9, 0x88, 0x52, 0x8A, 0xB9, 0x55, 0x87, 0xE6, 0xB5, 0xF5, 0x17, 0xC1, 0x91, 0x55, 0x96 };
已经分析:0XDD07应该是头FLAG,接下来四个字节是后续数据长度,小端表示形式
 |
1
nyanyh 2017-02-12 00:35:25 +08:00  1
我觉得这个东西,发到看雪可能会得到更好的帮助
|
 |
2
virusdefender 2017-02-12 00:37:36 +08:00 via iPhone
逆向 app 啊
|
 |
3
AltairT 2017-02-12 00:58:29 +08:00 via iPhone
擦,自定义协议 udp 或 tcp 通讯的啊,嵌入式上常用
这个破解有难度,有文档都要仔细去看 |
 |
4
cnnblike 2017-02-12 02:23:11 +08:00 via iPhone 1
搜 magic signature ,估计是某个 stream compression 算法
|
 |
5
phrack 2017-02-12 08:29:37 +08:00 via Android 1
不逆向搞不出来,没有人直接看包就能分析的。
|
 |
6
forestyuan 2017-02-12 09:32:08 +08:00
包里的数据肯定跟你的应用有关
|
 |
7
ic3z 2017-02-12 10:00:25 +08:00 via Android 1
这些数据也许上帝知道含义吧。
|
 |
8
0xcb 2017-02-12 10:42:25 +08:00 via Android
给一组数据包想逆出协议,连 app 环境都没,怎么分析
|
 |
9
des 2017-02-12 11:06:26 +08:00
android 的话上 xposed hook 试试,还有只有一个包的话基本没办法分析的。
|
 |
10
realpg 2017-02-12 11:13:43 +08:00 1
记得 N 年前 V2 有个一样的帖子
当时的那个答案是: content-encoding:gzip |
 |
11
adslxyz 2017-02-12 12:15:04 +08:00
腾讯相关 APP 的包。包体已经加密过的了。协商密钥的部分这几个没有,加密部分解不出来的。
|
|
12
adslxyz 2017-02-12 12:20:10 +08:00
瞎猜一下:
DD 07 // header flag F0 00 00 00 // type short int ,body length = 240 1D 4F // type short ,flag 00 00 // type short 2C 00 // type short , header length = 44 36 31 37 36 33 30 35 39 32 30 3D 31 3D 30 3D 30 3D 30 3D 35 30 33 39 37 2E 33 36 37 3D 34 33 30 32 36 37 33 33 36 30 3D 3D 30 3D 30 (length = 44,str="6176305920=1=0=0=0=50397.367=4302673360==0=0") 00 00 00 00 // int 00 00 // short // encrypted body 6D 8F 41 1B 3E 97 CD 3A 52 96 89 84 A3 37 2A CF 36 77 7F CB 46 A2 AA 65 D3 95 68 2C 42 30 6B D5 A7 A5 20 1B E3 5F E4 95 AE 7C 89 A5 D7 87 E9 F5 9C 8E 3B 1C 86 31 6F 1E CE DB 2D 0C 75 44 8B 4E 96 EF F0 6F 3F 8A 98 BB 25 78 7E D1 44 FA 22 B8 47 5D AA 56 1D CD 50 45 95 46 30 71 73 91 E0 65 4D 92 CB F2 32 D1 37 3D 5C AC 92 C0 D4 E9 E5 95 BC A4 FF 50 07 D7 52 9B 2A 71 5A A2 06 6F D8 43 92 EE 00 C6 2A 93 49 F2 C1 28 35 00 DD 0C B5 40 40 E5 E4 16 29 4C 87 20 CA D3 65 51 3C 99 D3 1C 23 7E 1C 6C 5A A5 B6 47 D4 38 7D 2B B7 32 86 87 D6 4E 36 81 D3 0D A6 9A |
 |
13
thisisvoa 2017-02-13 09:03:57 +08:00
密钥变化滚动的,无法解析
|
Select Language