news 2026/7/6 2:47:23

加密方式:XOR with db_password(与数据库密码进行 XOR 加密)

作者头像

张小明

前端开发工程师

1.2k 24
文章封面图
加密方式:XOR with db_password(与数据库密码进行 XOR 加密)
  1. 数据库密码(即加密密钥):AIDoc#2024Secure
  2. 原始哈希:用于验证日志完整性的 SHA256
<?php $data = file_get_contents('/var/www/html/uploads/admin/upload_logs/access.log.backup'); $key = 'AIDoc#2024Secure'; $decrypted = ''; for ($i = 0; $i < strlen($data); $i++) { $decrypted .= chr(ord($data[$i]) ^ ord($key[$i % strlen($key)])); } echo nl2br(htmlspecialchars($decrypted)); ?>

解密结果:

{"time":"2024-10-10 14:30:12","ip":"192.168.1.100","action":"upload","file":"report.pdf","status":"success"} {"time":"2024-10-10 15:14:51","ip":"203.0.113.88","action":"shell_exec","command":"cat /opt/secrets/operation_darknet.txt","log_id":"LOG-20241010-88239","severity":"critical"} {"time":"2024-10-10 15:15:22","ip":"203.0.113.88","action":"file_steal","file":"operation_darknet.txt","size":4521,"log_id":"LOG-20241010-88240","severity":"critical"} 从解密后的日志中提取出三条关键证据:
  1. 攻击者 IP:203.0.113.88(执行 shell_exec 和 file_steal 操作的 IP)
  2. 关键日志 ID:LOG-20241010-88239(首次 shell_exec 的日志条目,标记为 critical 严重级别)
  3. 被窃取的机密文件:operation_darknet.txt(攻击者从 /opt/secrets/ 目录窃取的文件)

访问 submit.php,提交三个值:

Attacker IP: 203.0.113.88 Key Log ID: LOG-20241010-88239 Confidential File Name: operation_darknet.txt

返回结果:

Verification passed: flag{1jsm71kr3inr981udk4j7jq5s2s5iia7}

re

CodeSign

一个移动保险库显示访问已被允许,但秘密仍然没有出现在眼前。请理解应用如何决定展示内容,并还原隐藏结果。

apk安卓逆向

跳到主activity

public class MainActivity extends AppCompatActivity { private static final byte[] SECRET_DATA = {86, 10, 3, 1, 77, 124, 123, 97, 109, 37, 64, 90, 2, 89, 8, 5, 111, 115, 64, 66, 4, 16, 65, 62, 123, 8, 88, 81, 30}; @Override // androidx.fragment.app.FragmentActivity, androidx.activity.ComponentActivity, androidx.core.app.ComponentActivity, android.app.Activity protected void onCreate(Bundle bundle) { super.onCreate(bundle); setContentView(R.layout.activity_main); final TextView textView = (TextView) findViewById(R.id.tv_console); final TextView textView2 = (TextView) findViewById(R.id.tv_flag); ((Button) findViewById(R.id.btn_unlock)).setOnClickListener(new View.OnClickListener() { // from class: com.icqctf.signcheck.MainActivity$$ExternalSyntheticLambda0 @Override // android.view.View.OnClickListener public final void onClick(View view) { this.f$0.m125lambda$onCreate$0$comicqctfsigncheckMainActivity(textView2, textView, view); } }); } /* renamed from: lambda$onCreate$0$com-icqctf-signcheck-MainActivity, reason: not valid java name */ /* synthetic */ void m125lambda$onCreate$0$comicqctfsigncheckMainActivity(TextView textView, TextView textView2, View view) { String strDecrypt = decrypt(SECRET_DATA, SignUtils.getAppSignature(this)); textView.setText(strDecrypt); if (strDecrypt.startsWith("flag{")) { textView2.setText("> ACCESS GRANTED.\n> DATA RENDERED TO BUFFER.\n> UI OUTPUT: DISABLED (Security Mode)"); textView2.setTextColor(-16711936); } else { textView2.setText("> SIGNATURE MISMATCH.\n> DECRYPTION FAILED.\n> OUTPUT GARBAGE."); textView2.setTextColor(SupportMenu.CATEGORY_MASK); } } private String decrypt(byte[] bArr, String str) { if (str == null || str.length() == 0) { return ""; } byte[] bytes = str.getBytes(); byte[] bArr2 = new byte[bArr.length]; for (int i = 0; i < bArr.length; i++) { bArr2[i] = (byte) (bArr[i] ^ bytes[i % bytes.length]); } return new String(bArr2); } }

直接找关键逻辑

if (strDecrypt.startsWith("flag{")) { textView2.setText("> ACCESS GRANTED.\n> DATA RENDERED TO BUFFER.\n> UI OUTPUT: DISABLED (Security Mode)");

String strDecryptflag{开头

再去看String strDecrypt的逻辑

String strDecrypt = decrypt(SECRET_DATA, SignUtils.getAppSignature(this)); private String decrypt(byte[] bArr, String str) { if (str == null || str.length() == 0) { return ""; } byte[] bytes = str.getBytes(); byte[] bArr2 = new byte[bArr.length]; for (int i = 0; i < bArr.length; i++) { bArr2[i] = (byte) (bArr[i] ^ bytes[i % bytes.length]); } return new String(bArr2); }

逻辑不复杂,把SECRET_DATASignUtils.getAppSignature进行异或

继续跳转去看getAppSignature

版权声明: 本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若内容造成侵权/违法违规/事实不符,请联系邮箱:809451989@qq.com进行投诉反馈,一经查实,立即删除!
网站建设 2026/7/6 2:40:50

从选型到落地:2026年值得关注的AI知识库系统

​——聚焦智能知识管理新范式&#xff0c;解析企业级AI知识库选型与实施路径引言&#xff1a;AI知识库的时代价值与2026趋势前瞻在数字化转型持续深化的背景下&#xff0c;企业对知识资产的管理和利用正经历从“被动存储”向“主动赋能”的跃迁。AI知识库作为融合自然语言处理…

作者头像 李华
网站建设 2026/7/6 2:39:17

闲谈《道德经》001|上德不德

大家好&#xff0c;我是道影子。 我年届五十&#xff0c;少时二十余年潜心修佛&#xff0c;而立之年舍佛归道&#xff0c;机缘入山拜隐世高人为关门弟子&#xff0c;亲传正统道家导引、龟息古法&#xff0c;半生贯通释道双宗实修&#xff0c;结合数十年亲身行气印证&#xff0c…

作者头像 李华
网站建设 2026/7/6 2:38:57

MDIO总线驱动开发实战:基于Linux内核4.19的PHY寄存器读写与调试

MDIO总线驱动开发实战&#xff1a;基于Linux内核4.19的PHY寄存器读写与调试在嵌入式Linux开发中&#xff0c;网络设备的稳定性和性能往往取决于底层驱动的质量。MDIO总线作为MAC与PHY芯片之间的管理通道&#xff0c;其驱动实现直接影响着网络接口的配置、状态监控和故障排查效率…

作者头像 李华