數據包中的加密之RC4加密介紹

背景:在抓包過程中經常發現數據包被加密了,被加密成大小寫字母混雜著些‘+,/’這種。然后后面還有兩個==號,經常讓人誤以為僅僅是base64加密。(后悔大學沒好好聽密碼學這門課)。在一次偶然間對GitHub上找的免殺馬代碼學習的時候才認識了這個加密方式,在這個行業之間人與人的差距不是一點半點。
介紹:RC4算法的特點是算法簡單,執行速度快。并且密鑰長度是可變的,可變范圍為1-256字節(8-2048比特),在現在技術支持的前提下,當密鑰長度為128比特時,用暴力法搜索密鑰已經不太可行,所以能夠預見RC4的密鑰范圍任然能夠在今后相當長的時間里抵御暴力搜索密鑰的攻擊。實際上,現在也沒有找到對于128bit密鑰長度的RC4加密算法的有效攻擊方法。
正文開始
========================================
形如以下這種格式的

ySo7K1EC+OcYZ1EVu5DOxhU0gyDHzKW99O+iv02Gcbf/xxxJPbTkoW0GmAYEOPUuHXtR8APvmc1JEA5gixASLF/qphCZ64BxfO/2Qlw933WvLpKBhU4E6Z+r+jNz2Sw8MBOVKUzlqSm9BTUIdDw9i554fXwMkoqar9qbbCllfQMGI+s6Slo75+x4gBBsmfvJwwKF8RSUc/bXHbQQgfywcMSWMDrJ7aGSVXrNCUyXJy+Me9fpyrjw2+j6In9rVNfbaljKWsF9jro9HJXCdLc0eB0VDt3OSzqYY5gcQngE7n8qtVP9UAbaXCb2v8OzZ51wLC3OknMl1fIKC5VTVAFZj8jviS3ihLrP19/wiUuuvkEkf3oOqf9RSZe8VFXDAeKdclrN9S9yt5bJ0MxnlXgqb+aGWrBURVE3RBsaJXOHW4szqG+/YkkX4YuZzL9yMof7Tk9uIAq4D12880ptuwcugT+gJOpt62HPl5DEiseqR2yOURHUEpZGqtcjcWadwNf+9jl5Q==

這是某次抓包中隨機遇到的,具體明文是啥也不知道。即使到目前為止也不是很確定就是這種加密 。下面就使用python對這個加解密過程進行實現。可使用的語言很多,但是核心代碼沒變,部分代碼有改動,這里就這個免殺代碼里的部分拿出來進行加解密的實現。
加密代碼(python2):

import hashlib, base64

date = "username=admin,password=admin,111111111111,fsdfsanfjaaaa,aaaaa111=aaaaaa,111aaaaa111,2424,fffffffaaaaaaaaaaaaaaaaabbCCSSSSSSSSSSSSSAAAAAAAAAAAGGGGGGGGGGGGsd11111,dDAASFASDFS,1111,2222222222222,55555555555,1fasdfasfsddfdsadfdsfdssdcd"

def rc4(text, key):
    key = hashlib.md5(key).hexdigest()
    result = ''
    key_len = len(key)
    box = list(range(256))
    j = 0
    for i in range(256):
        j = (j + box[i] + ord(key[i%key_len]))%256
        box[i],box[j] = box[j],box[i]
    i = j = 0
    for element in text:
        i = (i+1)%256
        j = (j+box[i])%256
        box[i],box[j] = box[j],box[i]
        k = chr(ord(element) ^ box[(box[i]+box[j])%256])
        result += k
    result = base64.b64encode(result)
    return result
key = "abcd7788"
a = rc4(date,key)
print a

解密代碼如下(python2):

import hashlib, base64

def rc4(text, key):
    key = hashlib.md5(key).hexdigest()
    text = base64.b64decode(text)
    result = ''
    key_len = len(key)
    box = list(range(256))
    j = 0
    for i in range(256):
        j = (j + box[i] + ord(key[i%key_len]))%256
        box[i],box[j] = box[j],box[i]
    i = j = 0
    for element in text:
        i = (i+1)%256
        j = (j+box[i])%256
        box[i],box[j] = box[j],box[i]
        k = chr(ord(element) ^ box[(box[i]+box[j])%256])
        result += k
    return result

將兩處代碼進行整合,加解密過程結束后判斷明文是否一致,代碼如下:

# -*- coding: utf-8 -*-
import hashlib, base64

date = "username=admin,password=admin,111111111111,fsdfsanfjaaaa,aaaaa111=aaaaaa,111aaaaa111,2424,fffffffaaaaaaaaaaaaaaaaabbCCSSSSSSSSSSSSSAAAAAAAAAAAGGGGGGGGGGGGsd11111,dDAASFASDFS,1111,2222222222222,55555555555,1fasdfasfsddfdsadfdsfdssdcd"

def rc4(text, key):
    key = hashlib.md5(key).hexdigest()
    result = ''
    key_len = len(key)
    box = list(range(256))
    j = 0
    for i in range(256):
        j = (j + box[i] + ord(key[i%key_len]))%256
        box[i],box[j] = box[j],box[i]
    i = j = 0
    for element in text:
        i = (i+1)%256
        j = (j+box[i])%256
        box[i],box[j] = box[j],box[i]
        k = chr(ord(element) ^ box[(box[i]+box[j])%256])
        result += k
    result = base64.b64encode(result)
    return result
key = "abcd7788"
a = rc4(date,key)

def rc4_jie(text, key):
    key = hashlib.md5(key).hexdigest()
    text = base64.b64decode(text)
    result = ''
    key_len = len(key)
    box = list(range(256))
    j = 0
    for i in range(256):
        j = (j + box[i] + ord(key[i%key_len]))%256
        box[i],box[j] = box[j],box[i]
    i = j = 0
    for element in text:
        i = (i+1)%256
        j = (j+box[i])%256
        box[i],box[j] = box[j],box[i]
        k = chr(ord(element) ^ box[(box[i]+box[j])%256])
        result += k
    return result
b = rc4_jie(a,key)
if date == b:
    print "success"
    print date
    print a
    print b
else:
    print "fail"

運行截圖如下:


圖片.png
最后編輯于
?著作權歸作者所有,轉載或內容合作請聯系作者
平臺聲明:文章內容(如有圖片或視頻亦包括在內)由作者上傳并發布,文章內容僅代表作者本人觀點,簡書系信息發布平臺,僅提供信息存儲服務。