key = GetEncryptKEY(); StringSource((BYTE*)key.c_str(), key.size(), true, new Base64Decoder( new StringSink(Decoded))); key = Decoded; key = key.substr(5);//去除首位5个字符 Decoded.clear();
如此可以得到这一样一个字符串
这是没有去除字符的情况下,这个时候去除之后 即祛除了首位的DPAPI 如此便获得了一个初步解密的KEY。但在这之后,我们还需要对这个KEY做一次解密,因为这个时候的KEY还不能真正算是解密的KEY 他还需要进行一次DPAPI解密
DPAPI的解密函数部分代码如下:
DATA_BLOB input; input.pbData = (BYTE*)(cryptData); DATA_BLOB output; DWORD blen; for(blen=128; blen<=2048; blen+=16) { input.cbData = blen; if (CryptUnprotectData(&input, NULL, NULL, NULL, NULL, 0, &output)) break; } if (blen>=2048) return 0; CHAR *decrypted = (CHAR *)malloc(clearSize); if (!decrypted) { LocalFree(output.pbData); return 0; } memset(decrypted, 0, clearSize); memcpy(decrypted, output.pbData, (clearSize < output.cbData) ? clearSize - 1 : output.cbData); _snwprintf_s(clearData, clearSize, _TRUNCATE, L"%S", decrypted); free(decrypted); LocalFree(output.pbData); return 1;
在解密之后我们可以得到:
然后我们对加密字符串进行处理,取出iv和chiper。再使用aes-gcm解密即可。
iv =iv.substr(3,12); StringSource((BYTE*)iv.c_str(), iv.size(), true, new HexEncoder( new StringSink(Encoded))); iv = Encoded; Encoded.clear(); //---------------------------------------------------------// //开始处理chiper if (chiper.size() < 30){ return "wu xiao zi fu chuan....."; } StringSource((BYTE*)chiper.c_str(), chiper.size(), true, new HexEncoder( new StringSink(Encoded))); chiper = Encoded; Encoded.clear();
解密
try { StringSource((BYTE*)iv.c_str(), iv.size(), true, new HexDecoder( new StringSink(Decoded) ) // HexEncoder ); // StringSource iv = Decoded; Decoded.clear(); StringSource((BYTE*)key.c_str(), key.size(), true, new HexDecoder( new StringSink(Decoded) ) // HexEncoder ); // StringSource key = Decoded; Decoded.clear(); StringSource((BYTE*)chiper.c_str(), chiper.size(), true, new HexDecoder( new StringSink(Decoded) ) // HexEncoder ); // StringSource chiper = Decoded; Decoded.clear(); cout << chiper << endl; GCM< AES >::Decryption d; d.SetKeyWithIV((BYTE*)key.c_str(), key.size(), (BYTE*)iv.c_str(), iv.size()); StringSource s(chiper, true, new AuthenticatedDecryptionFilter(d, new StringSink(recovered) ) // StreamTransformationFilter ); // StringSource cout << "recovered text: " << recovered << endl; } catch (const CryptoPP::Exception& e) { cerr << e.what() << endl; //exit(1); } return recovered;
最终献上Demo源码
// Chrome80解密Demo.cpp : 定义控制台应用程序的入口点。 // #include "stdafx.h" #include <string> #include <fstream> #include <iostream> /*********************************\ 加密库头存放在这 \*********************************/ #include "cryptopp\base64.h" using CryptoPP::Base64Decoder; using CryptoPP::Base64Encoder; #include "cryptopp/hex.h" using CryptoPP::HexEncoder; using CryptoPP::HexDecoder; #include "cryptopp/filters.h" using CryptoPP::StringSink; using CryptoPP::StringSource; using CryptoPP::AuthenticatedEncryptionFilter; using CryptoPP::AuthenticatedDecryptionFilter; #include "cryptopp/aes.h" using CryptoPP::AES; #include "cryptopp/gcm.h" using CryptoPP::GCM; #include "cryptopp/secblock.h" using CryptoPP::SecByteBlock; /*********************************\ 加密库头加载完毕 \*********************************/ using namespace std; #pragma comment(lib,"userenv.lib") #pragma comment(lib,"cryptlib.lib") #pragma comment(lib,"Crypt32.lib") //RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAAFBcVfgeqrR6TWICu+11nQAAAAAAIAAAAAABBmAAAAAQAAIAAAAJxLse8lqGAP4o493iTyljEUUF9y76AAoprRgHJwesCyAAAAAA6AAAAAAgAAIAAAAFtTd4B22Ky/x2LVgQUSaKku2rCvsv+FiMFj+lGN8LmZMAAAANBlkfPhV/zVaMALHr0gK6dM7nFsfNTv6bfFKCyKbIorgbBnjfKp+K5MVz9iizYVs0AAAACihmRGBIQ6oDkgjzCk+9AhePof4eUhB98pb7UlbGgssV2fnGRrBYQHW8Gyyp9W4pojyn9J7GQixtdCIPBwEW92 //763130954DBA6D89BBAB2FF4A4460AEA7B823BA5BAF01B2B5E2CECDED5855F6E1E7B57946599C6ACD7D60F4B03FC11D5F7C6A39FA59FBF33D7 int DecryptPass(CHAR *cryptData, WCHAR *clearData, UINT clearSize) { DATA_BLOB input; input.pbData = (BYTE*)(cryptData); DATA_BLOB output; DWORD blen; for (blen = 128; blen <= 2048; blen += 16) { input.cbData = blen; if (CryptUnprotectData(&input, NULL, NULL, NULL, NULL, 0, &output)) break; } if (blen >= 2048) return 0; CHAR *decrypted = (CHAR *)malloc(clearSize); if (!decrypted) { LocalFree(output.pbData); return 0; } memset(decrypted, 0, clearSize); memcpy(decrypted, output.pbData, (clearSize < output.cbData) ? clearSize - 1 : output.cbData); _snwprintf_s(clearData, clearSize, _TRUNCATE, L"%S", decrypted); free(decrypted); LocalFree(output.pbData); return 1; } int _tmain(int argc, _TCHAR* argv[]) { string EncryptValue; string key, iv, chiper, recovered; string Decoded, Encoded; WCHAR enc_value[2048]; char enc_value_a[2048]; ZeroMemory(enc_value, sizeof(enc_value)); ZeroMemory(enc_value_a, sizeof(enc_value_a)); cout << "请输入EncryptKEY[BASE64]:" << endl; cin >> key; cout << "请输入EncryptValue[HEX]:" << endl; cin >> EncryptValue; cout << "<---------------开始解密流程--------------->\r\n" << endl; //开始赋值 iv = EncryptValue; chiper = EncryptValue; StringSource((BYTE*)key.c_str(), key.size(), true, new Base64Decoder( new StringSink(Decoded))); key = Decoded; Decoded.clear(); cout << "1:EncryptKEY 进行Base64解密:\r\n" << key << "\r\n" << endl; key = key.substr(5); cout << "2:EncryptKEY 去除首5个字符:\r\n" << key << "\r\n" << endl; DecryptPass((char*)key.c_str(), enc_value, 2048); _snprintf_s(enc_value_a, sizeof(enc_value_a), _TRUNCATE, "%S", enc_value); key = enc_value_a; cout << "3:EncryptKEY 进行DPAPI解密:\r\n" << key << "\r\n" << endl; StringSource((BYTE*)key.c_str(), key.size(), true, new HexEncoder( new StringSink(Encoded))); key = Encoded; Encoded.clear(); cout << "4:对已经通过DPAPI的EncryptKEY 进行HEX编码:\r\n" << key << "\r\n" << endl; StringSource((BYTE*)iv.c_str(), iv.size(), true, new HexDecoder( new StringSink(Decoded))); iv = Decoded; Decoded.clear(); iv=iv.substr(3, 15); StringSource((BYTE*)iv.c_str(), iv.size(), true, new HexEncoder( new StringSink(Encoded))); iv = Encoded; Encoded.clear(); iv = iv.substr(0,iv.size()-6); cout << "5:对要解密的字符串进行反HEX编码 也就是解码 并且截取之后再次 进行HEX编码 赋值给iv:\r\n" << iv << "\r\n" << endl; chiper = chiper.substr(30); cout << "6:对要解密的字符串进行截取末尾15:\r\n" << chiper << "\r\n" << endl; try { StringSource((BYTE*)iv.c_str(), iv.size(), true, new HexDecoder( new StringSink(Decoded) ) // HexEncoder ); // StringSource iv = Decoded; Decoded.clear(); StringSource((BYTE*)key.c_str(), key.size(), true, new HexDecoder( new StringSink(Decoded) ) // HexEncoder ); // StringSource key = Decoded; Decoded.clear(); StringSource((BYTE*)chiper.c_str(), chiper.size(), true, new HexDecoder( new StringSink(Decoded) ) // HexEncoder ); // StringSource chiper = Decoded; Decoded.clear(); cout << chiper << endl; GCM< AES >::Decryption d; d.SetKeyWithIV((BYTE*)key.c_str(), key.size(), (BYTE*)iv.c_str(), iv.size()); StringSource s(chiper, true, new AuthenticatedDecryptionFilter(d, new StringSink(recovered) ) // StreamTransformationFilter ); // StringSource cout << "7:最终解密文本为:\r\n" << recovered << "\r\n" << endl; } catch (const CryptoPP::Exception& e) { cerr << e.what() << endl; //exit(1); } system("pause"); return 0; }
附上一张解密靓照
核对下解密的密文是否正确
