博客内容使用 CC BY-NC-SA 3.0 授权发布。
Powered by Hexo & SimpleBlock .
PHP还原强智教务管理信息系统加密过程
求助帖,还是自己解决了。
概述
教务系统地址http://jwxt.whsw.cn/,你会发现登陆只能用ie浏览器,他喵的chrome和firefox都不支持。用其他浏览器登录时会提示密码错误,原因是他会先在前端加密密码再跟服务器通讯。而加密用的js和vbs,其他浏览器都只能js加密,vbs加密过程就不支持了,所以加密不完全导致提示密码错误。唉,这套系统也太老了,最后更新还是2005年,无力吐槽。
js加密还原
原过程
var pwd = theform.PassWord.value;
var rndNum = 394058;
rndNum = rndNum.toString();
var curPos = 0;
var tmpStr,EnCryptStr = "";
for(Cnt=0;Cnt<pwd.length;Cnt++){
if(Cnt % rndNum.length == 0 ) curPos = 0;
tmpStr = pwd.substring(Cnt,Cnt+1);
EnCryptStr += String.fromCharCode(tmpStr.charCodeAt(0) - Cnt - rndNum.substring(curPos,curPos+1));
curPos +=1;
}
theform.PassWord.value = EnCryptStr;//Assigned the EncryptPassword value to the PassWord TextFiled
theform.EnRndNum.value = rndNum;
用php还原
$pwd = "";
$rndNum = "394058";
$curPos = 0;
$tmpStr = "";
$EnCryptStr = "";
for($Cnt=0;$Cnt&lt;strlen($pwd);$Cnt++)
{
if($Cnt % strlen($rndNum) == 0 ) $curPos = 0;
$tmpStr = substr($pwd,$Cnt,1);
$EnCryptStr = $EnCryptStr. fromCharCode(charCodeAt($tmpStr) - $Cnt - substr($rndNum,$curPos,1));
$curPos +=1;
}
echo $EnCryptStr;
echo ''&lt;br&gt;'';
echo $rndNum;
echo ''&lt;br&gt;'';
echo EncryptString($EnCryptStr);
function fromCharCode($codes) {
if (is_scalar($codes)) $codes= func_get_args();
$str= '''';
foreach ($codes as $code) $str.= chr($code);
return $str;
}
function charCodeAt($word) {
if (is_array($word))
$arr = $word;
else
$arr = str_split($word);
$bin_str = '''';
foreach ($arr as $value)
$bin_str .= decbin(ord($value));
$bin_str = preg_replace(''/^.{4}(.{4}).{2}(.{6}).{2}(.{6})$/'',''$1$2$3'', $bin_str);
return bindec($bin_str);
}
vbs加密还原
原函数
Function EncryptString(InputText , ThePassword )''用户口令加密
Dim il_bit, il_x, il_y, il_z, il_len, i
Dim is_out
Password = InputText
il_len = Len(Password)
il_x = 0
il_y = 0
is_out = ""
For i = 1 To il_len
il_bit = AscW(Mid(Password, i, 1)) ''W系列支持unicode
il_y = (il_bit * 13 Mod 256) + il_x
is_out = is_out & ChrW(Fix(il_y)) ''取整 int和fix区别: fix修正负数
il_x = il_bit * 13 / 256
Next
is_out = is_out & ChrW(Fix(il_x))
Password = is_out
il_len = Len(Password)
il_x = 0
il_y = 0
is_out = ""
For i = 1 To il_len
il_bit = AscW(Mid(Password, i, 1)) ''取前4位值
il_y = il_bit / 16 + 64
is_out = is_out & ChrW(Fix(il_y)) ''取后4位值
il_y = (il_bit Mod 16) + 64
is_out = is_out & ChrW(Fix(il_y))
Next
EncryptString = is_out
End Function
}
用php还原
function EncryptString($Password){ //密码前端加密部分
$il_len = strlen($Password);
$il_x = 0;
$il_y = 0;
$is_out = "";
for($i=0;$i< $il_len;$i++){
$il_bit = ord(substr($Password, $i, 1));
$il_y = ($il_bit * 13 % 256) + $il_x;
$is_out = $is_out. Chr(fix($il_y));
$il_x = $il_bit * 13 / 256;
}
$is_out = $is_out. Chr(fix($il_x));
$Password = $is_out;
$il_len = strlen($Password);
$il_x = 0;
$il_y = 0;
$is_out = "";
for($i=0;$i<$il_len;$i++){
$il_bit = ord(substr($Password, $i, 1));
$il_y = $il_bit / 16 + 64;
$is_out = $is_out. Chr(fix($il_y));
$il_y = ($il_bit % 16) + 64;
$is_out = $is_out. Chr(fix($il_y));
}
return $is_out;
}
function fix($il_y) {
if(floor($il_y) < 0){
return floor($il_y)+1;
}else{
return floor($il_y);
}
}
自此php就完美还原了两个加密过程,再模拟登陆就简单了。
他喵的调试一下午啊啊啊啊啊、、、
- 2013.7.06 更新 第二段加密函数里面floor不能完全还原fix函数,所以自定义fix函数。