iOS安全攻防之解密逆向
2022-04-26 本文已影响0人
老王技术栈
今天给大家分享一次iOS 逆向解码http请求解密的经历
使用Monkeydev进行逆向破解
[MethodTrace] -[<ACUser: 0x28159b330> accessible]
[MethodTrace] -ret:0
2022-04-26 16:23:04.079215+0800 TurboApp[5944:202523] [tcp] tcp_input [C18.1:3] flags=[R] seq=4205160033, ack=0, win=0 state=CLOSED rcv_nxt=4205160033, snd_una=1281612678
2022-04-26 16:23:04.079429+0800 TurboApp[5944:202523] [tcp] tcp_input [C18.1:3] flags=[R] seq=4205160033, ack=0, win=0 state=CLOSED rcv_nxt=4205160033, snd_una=1281612678
2022-04-26 16:23:04.130279+0800 TurboApp[5944:202538] [connection] nw_endpoint_handler_set_adaptive_read_handler [C19.1 185.143.234.119:443 ready channel-flow (satisfied (Path is satisfied), viable, interface: en0, ipv4, dns)] unregister notification for read_timeout failed
2022-04-26 16:23:04.130370+0800 TurboApp[5944:202538] [connection] nw_endpoint_handler_set_adaptive_write_handler [C19.1 185.143.234.119:443 ready channel-flow (satisfied (Path is satisfied), viable, interface: en0, ipv4, dns)] unregister notification for write_timeout failed
2022-04-26 16:23:04.273672+0800 TurboApp[5944:202522] [tcp] tcp_input [C18.1:3] flags=[R] seq=4205160033, ack=0, win=0 state=CLOSED rcv_nxt=4205160033, snd_una=1281612678
2022-04-26 16:23:04.286476+0800 TurboApp[5944:202299] shared----><ACUserManager: 0x282b1a4c0>
[MethodTrace] -[<ACUser: 0x28159b330> username]
[MethodTrace] -ret:tbe49dd76a3173e56922
[MethodTrace] -[<ACUser: 0x28159b330> password]
[MethodTrace] -ret:bf50d720-2282-46a2-9394-89f0b187e5d6
2022-04-26 16:23:04.288829+0800 TurboApp[5944:202299] username--->tbe49dd76a3173e56922,,,password----->bf50d720-2282-46a2-9394-89f0b187e5d6
2022-04-26 16:23:04.434141+0800 TurboApp[5944:202299] AFHTTPSessionManager.success==>
path=mms/compatible/account/v3/activate/
response={length = 385, bytes = 0x6a6b4e53 476f6664 39527934 744b6b33 ... 792b564b 5167550a }
[MethodTrace] +[ACEncryption decryptDataFromBase64:{length = 385, bytes = 0x6a6b4e53 476f6664 39527934 744b6b33 ... 792b564b 5167550a } key:6FPdFO28oTn2C1h0 ]
[MethodTrace] -+[ACEncryption decrypt:{length = 288, bytes = 0x8e43521a 87ddf51c b8b4a937 8993291e ... 98803b2f 95290814 } key:6FPdFO28oTn2C1h0 ]
[MethodTrace] -+ret:{length = 273, bytes = 0x7b227573 65725f69 64223a20 32383531 ... 38626433 3134227d }
2022-04-26 16:23:04.436935+0800 TurboApp[5944:202299] ACEncryption.decrypt.after--->
decrypted_plain_text={"user_id": 28516780, "activated_hours": -1, "activated_at": "2022-04-26 08:23:04", "user_passwd": "c0d9dc41-bad1-4d99-9422-5c4865d525be", "token": "867b1ee7-32d9-406c-b771-7431e0702e45", "response_at_ms": 1650961384238, "user_name": "17f34922-c53a-11ec-922a-ed80548bd314"}
key=6FPdFO28oTn2C1h0
[MethodTrace] +ret:{length = 273, bytes = 0x7b227573 65725f69 64223a20 32383531 ... 38626433 3134227d }
2022-04-26 16:23:04.437211+0800 TurboApp[5944:202299] ACEncryption.md5.before--->{length = 273, bytes = 0x7b227573 65725f69 64223a20 32383531 ... 38626433 3134227d }
[MethodTrace] +[ACEncryption md5:{length = 273, bytes = 0x7b227573 65725f69 64223a20 32383531 ... 38626433 3134227d } ]
[MethodTrace] +ret:c1213601e6d2dfb639c5a780d5ae664d
[MethodTrace] -[<ACUser: 0x28159b330> saveVPNUserInfo:{
"activated_at" = "2022-04-26 08:23:04";
"activated_hours" = "-1";
"response_at_ms" = 1650961384238;
token = "867b1ee7-32d9-406c-b771-7431e0702e45";
"user_id" = 28516780;
"user_name" = "17f34922-c53a-11ec-922a-ed80548bd314";
"user_passwd" = "c0d9dc41-bad1-4d99-9422-5c4865d525be";
} ]
[MethodTrace] -ret:1
hopper反汇编之后的代码
说句体外话、其实所谓iOS引以为傲的安全只是针对iOS系统本身,很多iOS开发者过度依赖于iOS系统的安全、导致app本身其实并不安全,只要iOS设备越狱之后、app进行脱壳提取之后、基本上app想怎么玩都可以