Category Archives: Security

openssl生成key

Posted on by No Comments ↓

生成私钥及自签名证书(自签名这样就可以咯)

set OPENSSL_CONF=%OPENSSL_HOME%\bin\openssl.cfg
openssl genrsa 1024 > test.key
openssl req -new -x509 -nodes -key test.key -days 1095 -subj "/C=CN/ST=ShangHai/L=ShangHai/O=NEOHOPE/OU=Development/CN=NMyCA1024" > test.pem

生成私钥、证书请求及自签名证书(通常是把csr文件发给第三方机构申请证书,这里仍然是自签名)

set OPENSSL_CONF=%OPENSSL_HOME%\bin\openssl.cfg
openssl genrsa -out test1.key 1024
openssl req -new -key test.key -out test1.csr -subj -subj "/C=CN/ST=ShangHai/L=ShangHai/O=NEOHOPE/OU=Development/CN=NMyCA1024"
openssl x509 -req -days 3650 -in test1.csr -signkey test1.key -out test1.pem

这里请注意,自签名证书的话,上面两种方式是一样的。但这里只有一层,也就是没有CA的存在,如果需要CA及服务器两层的话,就要:
1、生成CA的私钥及证书
2、生成服务器私钥及证书
3、用CA的私钥对服务器证书签名
4、所有客户端信任CA证书

pem转为p12(私钥+证书)

set OPENSSL_CONF=%OPENSSL_HOME%\bin\openssl.cfg
openssl pkcs12 -export -out test.p12 -in test.pem -inkey test.key

pem转为jks的truststore(ca证书)

keytool -import -v -trustcacerts -file test.pem -keystore test.jks -storepass 123456 -alias caRoot
keytool -list -v -keystore test.jks -storepass 123456

p12转为jks的keystore(私钥+证书)

keytool -importkeystore -srckeystore test.p12 -destkeystore test1.jks -srcstoretype PKCS12 -deststoretype JKS -srcstorepass 123456 -deststorepass 123456
keytool -list -v -keystore test1.jks -storepass 123456

这里请注意,jks与p12的密码要设成一样的,否则有些时候会无法使用。

keytool生成key

Posted on by No Comments ↓

生成keystore及cert

#生成私钥
keytool -genkey -validity 10000 -keyalg RSA -dname "CN=neohope OU=neohope O=neohope L=Shanghai C=CN" -keystore node1.jks -alias node1 -keypass password -storepass password 
#导出证书
keytool -export -file node1.crt -keystore node1.jks -alias node1 -keypass password -storepass password 
#生成truststore
keytool -import -trustcacerts -file node1.crt -keystore trust.jks -alias node1 -keypass password -storepass password 
#查看
keytool -list -keystore node1.jks
keytool -list -keystore trust.jks

jks转p12

keytool -importkeystore -srckeystore node1.jks -srcstoretype JKS -deststoretype PKCS12 -destkeystore node1.p12 -srcstorepass password -deststorepass password

JKS与P12证书互转

Posted on by No Comments ↓ 
::JKS → P12
keytool -importkeystore -srckeystore keystore.jks -srcstoretype JKS -deststoretype PKCS12 -destkeystore keystore.p12

::P12 → JKS
keytool -importkeystore -srckeystore keystore.p12 -srcstoretype PKCS12 -deststoretype JKS -destkeystore keystore.jks

在这里,有一点大家一定要记住,P12的密码和JKS的密码一定要一致,否则很多容器(如Tomcat)无法加载。一般来说,JKS要求密码至少为6位,所以如果P12的密码位数太短,就要修改P12的密码啦:

openssl pkcs12 -in keystore.p12 -out keystore.pem -nodes
openssl pkcs12 -export -out keystore1.p12 -in keystore.pem

JBoss配置TLS

Posted on by No Comments ↓

文件%JBOSS_HOME%\server\default\deploy\jboss-web.deployer\server.xml
增加下面陪孩子

<Connector port="8443" address="${jboss.bind.address}"
          protocol="HTTP/1.1" SSLEnabled="true" 
          maxThreads="100" strategy="ms" maxHttpHeaderSize="8192"
      	  emptySessionPath="true"
      	  scheme="https" secure="true" clientAuth="false" 
      	  disableUploadTimeout="true" 
      	  keystoreFile="${jboss.server.home.dir}/conf/node1.jks"
      	  keystorePass="passward"
      	  keyAlias="node1"
      	  sslProtocol = "TLS" />

Tomcat配置TLS

Posted on by No Comments ↓

%TOMCAT_HOME%/conf/server.xml中添加以下配置即可

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
	       clientAuth="false" sslProtocol="TLS"
               keystoreFile="TOMCAT_HOME\conf\AXDS_2012_Keystore.jks"
               keystorePass="password"
	       truststoreFile="TOMCAT_HOME\conf\AXDS_2012_Truststore.jks" 
	       truststorePass="password"            
	       />

VC计算CString摘要

Posted on by No Comments ↓

1、VC计算字符串MD5摘要

//输入:要计算摘要的字符串
//输出:128位MD5摘要
#include <wincrypt.h>
CString szResult;

CString CDigestDlg::CalcMD5(CString strContent)
{
  DWORD dwLength=0;
  BYTE* pbContent=NULL;

  dwLength = (DWORD)strContent.GetLength();
  pbContent = new BYTE[dwLength];
  memcpy(pbContent,strContent.GetBuffer(dwLength),dwLength);

  //计算MD5编码
  HCRYPTPROV hCryptProv; 
  HCRYPTHASH hHash; 
  BYTE byteMD5[16]; 
  DWORD dwHashLen=16;
  CString szResult;

  if(CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT | CRYPT_MACHINE_KEYSET)) 
  {
    if(CryptCreateHash(hCryptProv, CALG_MD5, 0, 0, &hHash)) 
    {
      if(CryptHashData(hHash, pbContent, dwLength, 0))
      {

        if(CryptGetHashParam(hHash, HP_HASHVAL, byteMD5, &dwHashLen, 0)) 
        {
          szResult.Format(TEXT("%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x"),
            byteMD5[0],byteMD5[1],byteMD5[2],byteMD5[3],byteMD5[4],byteMD5[5],byteMD5[6],byteMD5[7]
            ,byteMD5[8],byteMD5[9],byteMD5[10],byteMD5[11],byteMD5[12],byteMD5[13],byteMD5[14],byteMD5[15]);
        }
        else
        {
          szResult=TEXT("Error getting hash param");
        }

      }
      else
      {
        szResult=TEXT("Error hashing data");
      }
    }
    else
    {
      szResult=TEXT("Error creating hash");
    }
  }
  else
  {
    szResult=TEXT("Error acquiring context");
  }

  CryptDestroyHash(hHash); 
  CryptReleaseContext(hCryptProv, 0); 
  delete[] pbContent;
  pbContent=NULL;

  return szResult;
}

2、VC计算字符串SHA1摘要

//输入:要计算摘要的字符串
//输出:160位SHA1摘要
#include <wincrypt.h>
CString szResult;

CString CDigestDlg::CalcSHA1(CString strContent)
{
  DWORD dwLength=0;
  BYTE* pbContent=NULL;

  dwLength = (DWORD)strContent.GetLength();
  pbContent = new BYTE[dwLength];
  memcpy(pbContent,strContent.GetBuffer(dwLength),dwLength);

  //计算MD5编码
  HCRYPTPROV hCryptProv; 
  HCRYPTHASH hHash; 
  BYTE byteSHA1[20]; 
  DWORD dwHashLen=20;
  CString szResult;

  if(CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT | CRYPT_MACHINE_KEYSET)) 
  {
    if(CryptCreateHash(hCryptProv, CALG_SHA1, 0, 0, &hHash)) 
    {
      if(CryptHashData(hHash, pbContent, dwLength, 0))
      {

        if(CryptGetHashParam(hHash, HP_HASHVAL, byteSHA1, &dwHashLen, 0)) 
        {
          szResult.Format(TEXT("%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x"),
            byteSHA1[0],byteSHA1[1],byteSHA1[2],byteSHA1[3],byteSHA1[4],byteSHA1[5],byteSHA1[6],byteSHA1[7],
            byteSHA1[8],byteSHA1[9],byteSHA1[10],byteSHA1[11],byteSHA1[12],byteSHA1[13],byteSHA1[14],byteSHA1[15],
            byteSHA1[16],byteSHA1[17],byteSHA1[18],byteSHA1[19]);
        }
        else
        {
          szResult=TEXT("Error getting hash param");
        }

      }
      else
      {
        szResult=TEXT("Error hashing data");
      }
    }
    else
    {
      szResult=TEXT("Error creating hash");
    }
  }
  else
  {
    szResult=TEXT("Error acquiring context");
  }

  CryptDestroyHash(hHash); 
  CryptReleaseContext(hCryptProv, 0); 
  delete[] pbContent;
  pbContent=NULL;

  return szResult;
}

VC计算文件摘要

Posted on by No Comments ↓

1、VC计算文件MD5摘要

//输入:文件路径
//输出:128位MD5摘要
#include <wincrypt.h>
CString szResult;

CString CMD5AndSHA1Dlg::CalcMD5(CString strFilePath)
{
  //读取文件
  CFile inFile;
  CFileException ex;
  DWORD dwLength=0;
  BYTE* pbContent=NULL;
  BOOL bRet;

  bRet=inFile.Open(strFilePath,CFile::modeRead | CFile::typeBinary | CFile::shareDenyWrite,&ex);
  if(bRet==FALSE)
  {
    return TEXT("Error opening file");;
  }

  dwLength = (DWORD)inFile.GetLength();
  pbContent = new BYTE[dwLength];
  if(pbContent==NULL)
  {
    return TEXT("Error not enough memory");;
  }
  inFile.Read(pbContent,dwLength);
  inFile.Close();

  //计算MD5编码
  HCRYPTPROV hCryptProv; 
  HCRYPTHASH hHash; 
  BYTE byteMD5[16]; 
  DWORD dwHashLen=16;
  CString szResult;

  if(CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT | CRYPT_MACHINE_KEYSET)) 
  {
    if(CryptCreateHash(hCryptProv, CALG_MD5, 0, 0, &hHash)) 
    {
      if(CryptHashData(hHash, pbContent, dwLength, 0))
      {

        if(CryptGetHashParam(hHash, HP_HASHVAL, byteMD5, &dwHashLen, 0)) 
        {
          szResult.Format(TEXT("%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x"),
            byteMD5[0],byteMD5[1],byteMD5[2],byteMD5[3],byteMD5[4],byteMD5[5],byteMD5[6],byteMD5[7]
            ,byteMD5[8],byteMD5[9],byteMD5[10],byteMD5[11],byteMD5[12],byteMD5[13],byteMD5[14],byteMD5[15]);
        }
        else
        {
          szResult=TEXT("Error getting hash param");
        }

      }
      else
      {
        szResult=TEXT("Error hashing data");
      }
    }
    else
    {
      szResult=TEXT("Error creating hash");
    }
  }
  else
  {
    szResult=TEXT("Error acquiring context");
  }

  CryptDestroyHash(hHash); 
  CryptReleaseContext(hCryptProv, 0); 
  delete[] pbContent;
  pbContent=NULL;

  return szResult;
}

2、VC计算文件SHA1摘要

//输入:文件路径(文件必须小于2^64bit)
//输出:160位SHA1摘要
#include <wincrypt.h>
CString szResult;

CString CMD5AndSHA1Dlg::CalcSHA1(CString strFilePath)
{
  //读取文件
  CFile inFile;
  CFileException ex;
  DWORD dwLength=0;
  BYTE* pbContent=NULL;
  BOOL bRet;

  bRet=inFile.Open(strFilePath,CFile::modeRead | CFile::typeBinary | CFile::shareDenyWrite,&ex);
  if(bRet==FALSE)
  {
    return TEXT("Error opening file");;
  }

  dwLength = (DWORD)inFile.GetLength();
  pbContent = new BYTE[dwLength];
  if(pbContent==NULL)
  {
    return TEXT("Error not enough memory");;
  }
  inFile.Read(pbContent,dwLength);
  inFile.Close();

  //计算MD5编码
  HCRYPTPROV hCryptProv; 
  HCRYPTHASH hHash; 
  BYTE byteSHA1[20]; 
  DWORD dwHashLen=20;
  CString szResult;

  if(CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT | CRYPT_MACHINE_KEYSET)) 
  {
    if(CryptCreateHash(hCryptProv, CALG_SHA1, 0, 0, &hHash)) 
    {
      if(CryptHashData(hHash, pbContent, dwLength, 0))
      {

        if(CryptGetHashParam(hHash, HP_HASHVAL, byteSHA1, &dwHashLen, 0)) 
        {
          szResult.Format(TEXT("%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x"),
            byteSHA1[0],byteSHA1[1],byteSHA1[2],byteSHA1[3],byteSHA1[4],byteSHA1[5],byteSHA1[6],byteSHA1[7],
            byteSHA1[8],byteSHA1[9],byteSHA1[10],byteSHA1[11],byteSHA1[12],byteSHA1[13],byteSHA1[14],byteSHA1[15],
            byteSHA1[16],byteSHA1[17],byteSHA1[18],byteSHA1[19]);
        }
        else
        {
          szResult=TEXT("Error getting hash param");
        }

      }
      else
      {
        szResult=TEXT("Error hashing data");
      }
    }
    else
    {
      szResult=TEXT("Error creating hash");
    }
  }
  else
  {
    szResult=TEXT("Error acquiring context");
  }

  CryptDestroyHash(hHash); 
  CryptReleaseContext(hCryptProv, 0); 
  delete[] pbContent;
  pbContent=NULL;

  return szResult;
}

汉化.net程序

Posted on by No Comments ↓

1.首先是反编译

ildasm11.exe /ALL /VISIBILITY=PUB+PRI+FAM+ASM+FAA+FOA+PSC /UNICODE Target.dll /OUT=Target.il

2.打开Target.il
搜索ldstr,后面就是你所需要汉化的字符串

同时会遇到bytearray类型的字符串,这些字符串是以UNICODE的HEX方式存储的,将汉化后内容,同样转成UNICODE的HEX字符串存回去,同时记住要修改字体

3.去掉StrongName
将Target.il中publickkey字段删除

4.生成snk

sn.exe -k Target.snk

5.重新编译并增加StrongName

ILASM11.exe Target.il /dll /key:Target.snk /resource:Target.res /out:Target_cn.dll

6.验证

sn -v Target_cn.dll

第一次汉化游戏

Posted on by No Comments ↓

上大学时,有款游戏叫“是男人就下100层”
无聊的时候玩玩还不错

但是看到上面的日文,我就不爽,干脆,汉化掉算了
查看后,没加壳,哈哈哈哈哈哈哈哈
掏出eXeScope,找出资源,我改。。。
很快菜单等资源都改好了

运行试试,感觉不错,但旁边怎么还有这么大的日文?
继续找,发现,居然是图片
算你狠,掏出PS,改了几张,换上去
啊~~~
好难看,字体好难看啊
我这个没审美观的人都觉得好难看啊

算了,这个汉化版就算了吧,还是不拿出去丢人了。

过了几个月,
一哥们跟我说,来,我有中文版,
我很想看看PS高人怎么换掉图片的,
结果,
结果,他只换了菜单,
还没我汉化的多。。。
心情大好,原来我不是最差的那个啦

其实,换掉菜单后,的确就容易入手一些了,
后来看到过比较好的版本,但加壳了,
也没空细细研究,高手还是普遍存在的

修改程序时间验证

Posted on by No Comments ↓

上大学的时候,用过一款仿真软件,但授权已经过期了,
使用的时候必须将时间调回到两年前,
可是杀毒软件就不开心啦,彻底罢工,
唉,谁让当时USB病毒横行呢,

为了不用再调试间,加上当时对反向工程十分的痴迷,于是开始尝试破解该软件
当时什么都不太懂,想法也很单纯,把时间锁定到两年前
用传说中的神器OllyDBG,找到所有调用时间API的地方,
比想像的乐观的多,只有两个地方调用了时间API,
而且,API调用的后面有足够的空间让我用汇编将年份改掉
很快就搞定了
当时很没追求,还足足开心了半个月
过了半年后,发现,不用修改他的程序就能改掉
又过了半年后,发现,专门有软件修改程序时间,哈哈,坐井观天啦

现在想起来,当时软件保护做的真差,连壳都没加,唉~~