封包问题
封包返回登录上去了 但是有心跳验证这是什么算法 怎么解密呢 小白请教也不懂逆向 软件也是无壳的发送的r=0&cf=i8yTln7uF3hQPXLJ0VAYF3syZ7XJ%2Fu0G%2FxvaiZ7vJamrzvV3jzy2oHoMk07g2PBbNoTx%2FJfX7YEdSRzfLno87JAnqpWqdxsC%2B3M7zrdByK15tr%2FQvOnTxKpSQv9arkDSUXP8Lv582%2FWjdclpePEtm0Fxdl7tYdbKY%2Blm1m25ly%2FlY4NH0ogdaPch3uS4RFqfVUZDq%2BWY194v8MX9BRD5hI%2FBN2bO7V2jSF64y0lKaEToEcT9alueOWRbdViOVB8I%2FhfLj7N%2BFp3EKurDaMIoBt%2B%2FKvaTZLAvhy6db9Jgrf7tyBl%2F8GhL%2FDj79wkaEWSsm%2FWeuBRciDw9TqYH70LZPQ%2BPHs8w2Ki7%2BWWa6lnqjCOmsRWuRzoLnMeZRC4l0HfMvXKY9Uk3YXf%2BpQX9Qypjkt9dTzQDMhBcyZl6nT%2FHwCRIgvc3cc81BkYjqKt1TB56f3octfLHsOAiSLilEJ8BO3DVhqKIsUH0w0W4vLBsMmnrJWoNZnj%2Bb6NB%2FHww2634yohMpqlISsvEct4uD3uUNuNjcJ83D0GKppArAweuRwuHWSFD4GsxoYcjmAIIa31IywP%2F0mCSgmQB1Grpg5wTZPm0wzcqphUfUXqFcQkmtQZL7yG5vMjM6yBlJkn8wIuwq1MbMqBu0JneEzeu1NwCJ%2BqDIr7ahVJzuw%2B8%2FiHFRCplR9CnY2RFPDbADGYda0QUaM%2Bl3p%2BdZ01qqY2Zh%2FQdtDFygbXWbaaTBWKIna%2BEog4xcPtnXv%2BkIBja5ynT7dq%2Bkx8QsMLj0hp9B22UVb9e9WFIntK0%2BWYnDgVtfMJMN1LpqEJyI326EO46O4QqgqafhcyhZnxbq9LCjkf7jyPOoWidet8vLn%2FDIL%2BgKT5LuJ28GLhkRvhjuZDI2OaYkpLYLOSauERNkY8HvI4B9kS1lxfMlUdCxupoZXvS1l58gB8DFY3IjGb0W291erw4v093NLmPDBELf1HWC8fJwTqqZAfZxQN3g2rdK40LENHKxL0qbFsdozSCGVdupfrO3ivaW8jry5qYWkQFaa0ZyMkxDtwSNm18J98%2BbxKL0o9GHfKG%2F6GU3EJ3ln7TMxITAOdUJoANWpurwjHB8W8E0VEd3jV4YWkeHhURH9%2F1D7XLZ7sLwbfp7iK2MzqPzbVZx4gi%2BRuSYJwN8FpUBsS1XeyvsAL3bHqnQ2%2FdPEkOtyuTB73LjzWjD6fCgB1aQdFZEW%2Brs53rwn8sCw7tZkZ%2Bc7tZ1w%3D%3D&v=3.30&sign=d1QsPGEQFyCVzbB%2BRl9JsF8%2Fr4ul%2Ba9q3JL7ixax4sGRHb83qWYxMzvi7AnzSOCkAwF6H9qj%2BOMifMNuwNuTBrYI1VGvDExka4RBe8%2BWc5ypJGFpq6OjZCVbTf29OmNTOZssnBkwR1ODKxrdS%2By5%2FnoPLUq3IONFXKdn83CVFyg%3D&key=65949&did=76663×tamp=1756449946334
接收的
1F 8B 08 00 00 00 00 00 00 FF 05 C0 36 12 82 B0 | 6
BF B8 32 28 0A 1E 0E 0E 94 1C 45 8E 16 6A 36 03 | 2( Ej6
89 F4 48 15 78 BD 77 32 CE 77 BB F8 B8 5C A0 FA | H x w2 w \
42 17 82 90 F4 F3 B2 42 24 B4 CB A6 8A 8C 5D 59 | B B$ ]Y
33 43 8C 93 6D 05 51 1F D2 B7 98 67 1E 6D 7C 66 | 3Cm Q g m|f
04 35 C0 88 70 9D 0B 28 B7 D9 3B 7A 55 FC 14 36 |5p(;zU6
83 03 15 D6 5B E6 34 42 C7 AD 93 C7 61 16 02 2A | [ 4B a*
76 49 97 67 89 48 AD B1 80 0C C3 E8 17 5F 6E DA | vI g H _n
57 77 2B 8D AD A4 64 1A C2 55 5B 0E 3E 4D 82 31 | Ww+ dU[ >M 1
5B BB 23 35 87 88 A5 CA C8 7B 44 BE C4 96 28 F7 | [ #5 {D (
5E D1 96 34 7F 9E FE 10 B9 85 E2 AE 00 00 00 | ^4
算法为RC4算法,密钥是动态密钥,密钥的计算方式为取北京时间戳的前七位,例如时间戳1756533824,则取1756533作为加解密钥
{:5_127:}{:5_127:}大佬带带吧 由于没有软件,分析你给的发包数据,“cf=”应该是加密信息的主体,主体经过一层加密,最后再用base64编码之后,在进行url编码,最终变成现在的样子,看样子数据至少经过了三个算法的加密 khuntoria 发表于 2025-8-29 19:14
由于没有软件,分析你给的发包数据,“cf=”应该是加密信息的主体,主体经过一层加密,最后再用base64编码 ...
软件没壳子 一个算法我都不会找三个我就更头疼了 khuntoria 发表于 2025-8-29 19:14
由于没有软件,分析你给的发包数据,“cf=”应该是加密信息的主体,主体经过一层加密,最后再用base64编码 ...
软件:https://wwph.lanzout.com/iyeIZ34w950j 软件是X64的,加密是这样的{22,154,237,26,86,160,104,79,255,113,158,184,144,63,138,142,197,209,126,104,61,52,11,105,143,184,21,189,26,250,55,88,182,104} 奈何实在不懂X64dbg,IDA又提示缺少模块无法使用,烦请大哥看一眼 沐泽 发表于 2025-8-30 00:27
软件:https://wwph.lanzout.com/iyeIZ34w950j 软件是X64的,加密是这样的{22,154,237,26,86,160,104 ...
怎么反客为主了 初雪不之秋 发表于 2025-8-30 00:37
怎么反客为主了
看着大哥在,就顺便发一下了,你把软件发出来,才好看 图像链接 - 失败
请检查VM是否开机
请检查vnc是否开启
然后重新启动
沐泽 发表于 2025-8-30 00:27
软件:https://wwph.lanzout.com/iyeIZ34w950j 软件是X64的,加密是这样的{22,154,237,26,86,160,104 ...
提示这个
图像链接 - 失败
请检查VM是否开机
请检查vnc是否开启
然后重新启动
页:
[1]
2