CN111104693A - Android platform software data cracking method, terminal device and storage medium - Google Patents
Android platform software data cracking method, terminal device and storage medium Download PDFInfo
- Publication number
- CN111104693A CN111104693A CN201911367937.1A CN201911367937A CN111104693A CN 111104693 A CN111104693 A CN 111104693A CN 201911367937 A CN201911367937 A CN 201911367937A CN 111104693 A CN111104693 A CN 111104693A
- Authority
- CN
- China
- Prior art keywords
- software
- key
- cracked
- file
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Abstract
The invention relates to an Android platform software data cracking method, terminal equipment and a storage medium, wherein the method comprises the following steps: s1: performing reverse processing on software to be cracked to obtain a Default KDF iter and a Default Page Size; s2: building simulation software, copying a key file corresponding to the software to be cracked, and modifying the UID in the copied key file into the UID corresponding to the simulation software to be used as the key file of the simulation software; s3: reading the key file through simulation software to generate a key object in a Cipher parameter; s4: acquiring contents corresponding to the parameters data and IV; s5: decrypting the content of the parameter data through a decryption algorithm, a key object and an IV value corresponding to software to be decrypted which are contained in the Cipher parameter to obtain a value of a parameter key; s6: and decrypting the software to be cracked according to the three parameters of the Default KDF iter, the Default Page Size and the key. The method and the device read the key file of the software to be cracked by constructing the simulation software, realize the acquisition of the cracked key and finally realize the cracking of the database file.
Description
Technical Field
The invention relates to the field of data cracking, in particular to a method for cracking Android platform software data, terminal equipment and a storage medium.
Background
Signal is application software developed by Open Whisper Systems company, and is used for integrally encrypting database files by adopting an AES-256-CBC encryption algorithm.
Although the higher information security is favored by users, the Signal communication information is often needed to be analyzed in case detection, and the higher data protection capability of the case detection causes certain difficulty in case evidence collection work.
Disclosure of Invention
In order to solve the problems, the invention provides an Android platform software data cracking method, terminal equipment and a storage medium.
The specific scheme is as follows:
a method for breaking Android platform software data comprises the following steps:
s1: carrying out reverse processing on a database file of the software to be cracked to obtain values of corresponding parameters Default KDFiter and Default Page Size;
s2: building simulation software, copying a key file corresponding to the software to be cracked, and modifying the UID in the copied key file into the UID corresponding to the simulation software to be used as the key file of the simulation software;
s3: reading the key file through simulation software to generate a key object in a Cipher parameter;
s4: the simulation software opens a configuration file corresponding to the software to be cracked, and obtains the contents corresponding to the parameters data and IV;
s5: the simulation software decrypts the content of the parameter data through a decryption algorithm, a key object and an IV value corresponding to the software to be decrypted, which are contained in the Cipher parameter, so as to obtain a value of the parameter key, and converts the value into a character string format;
s6: and decrypting the database file of the software to be cracked according to the three parameters of the Default KDF iter, the Default Page Size and the key.
Further, the software to be cracked is Signal software.
Further, the decryption algorithm is an AES-GCM algorithm.
The Android platform software data cracking terminal device comprises a processor, a memory and a computer program which is stored in the memory and can run on the processor, wherein the steps of the method of the embodiment of the invention are realized when the processor executes the computer program.
A computer-readable storage medium, in which a computer program is stored, which, when being executed by a processor, carries out the steps of the method according to an embodiment of the invention as described above.
According to the technical scheme, under the Android KeyStore safety mechanism, the key file of the software to be cracked is read by constructing simulation software, so that the cracked key is obtained, the cracking of the database file is finally realized, and the help is provided for the evidence obtaining work.
Drawings
Fig. 1 is a flowchart illustrating a first embodiment of the present invention.
Fig. 2 is a schematic code diagram after software reverse processing in this embodiment.
Detailed Description
To further illustrate the various embodiments, the invention provides the accompanying drawings. The accompanying drawings, which are incorporated in and constitute a part of this disclosure, illustrate embodiments of the invention and, together with the description, serve to explain the principles of the embodiments. Those skilled in the art will appreciate still other possible embodiments and advantages of the present invention with reference to these figures.
The invention will now be further described with reference to the accompanying drawings and detailed description.
The first embodiment is as follows:
in this embodiment, Signal software is taken as an example for explanation, and a data cracking method for Android platform software is provided, as shown in fig. 1, the method includes the following steps:
s1: and performing reverse processing on a database file of the Signal software, and obtaining corresponding parameters Default KDF iter and Default Page Size from the code, wherein the Default KDF iter represents iteration times, and the DefaultPage Size represents Page Size.
Db, wherein the database file of the Signal software is signal.db, and an AES-256-CBC encryption algorithm is adopted in the encryption process, so that three variable parameters, namely Default KDF iter, Default PageSize and key, corresponding to the database file need to be determined for cracking the database file, and the rest parameters can adopt Default parameters.
As shown in FIG. 2, the value of the parameter Default KDF iter is 1 and the value of Default Page Size is 4096.
S2: and constructing simulation software, copying the key file corresponding to the Signal software, and modifying the UID corresponding to the Signal software in the copied key file into the UID corresponding to the simulation software to be used as the key file of the simulation software.
In the security mechanism of the Android KeyStore, each software has a unique key namespace, so that keys of different software are different, and a key file (secret key file) of each software is stored in a/data/misc/KeyStore/user _ x/directory of the Android system, such as the key file 10123_ USRPKEY _ MyKey, wherein "10123" is a UID corresponding to the software, and "MyKey" is an alias (alias) of the key.
Since the installation file of each piece of software already determines the unique UID corresponding to the piece of software when the installation file is installed, the Android KeyStore security mechanism is fooled by copying the key file and modifying the UID therein.
Since the operation needs root authority, the method in the embodiment is only suitable for root Android devices.
S3: and reading the key file through simulation software to generate a key object in the Cipher parameter.
Cipher is a class in java that is used to provide cryptographic functionality for encryption and decryption. It forms the core of the JavaCryptographic Extension (JCE) framework.
Parameters corresponding to Cipher include a decryption algorithm, a key object, and an IV value.
S4: and the simulation software opens a configuration file (XML file) corresponding to the Signal software and acquires the contents corresponding to the parameters data and IV.
In this embodiment, the contents corresponding to the parameters data and IV are stored in the location corresponding to the node name of the configuration file, "pref _ database _ encrypted _ secret," in the format of json, and the data and IV values are obtained by searching the node.
S5: the simulation software decrypts the content of the parameter data through a decryption algorithm, a key object and an IV value corresponding to Signal software contained in the Cipher parameter to obtain a value of the parameter key, and converts the value into a character string format.
The decryption algorithm in this embodiment is the AES-GCM algorithm.
Since the decrypted key value is in binary format, it needs to be converted into a string format.
S6: and decrypting the database file Signal.db of the Signal software according to the three parameters of the Default KDF iter, the Default Page Size and the key.
After decryption, the database tool DB Browser for SQLite can be used for reading the content of the database file Signal.db.
The embodiment of the invention provides an Android platform software data cracking method, which is characterized in that under an Android KeyStore safety mechanism, a key file of Signal software is read by constructing simulation software, so that a cracking key is obtained, cracking of a database file is finally realized, and help is provided for evidence obtaining work.
Example two:
the invention also provides Android platform software data cracking terminal equipment which comprises a memory, a processor and a computer program which is stored in the memory and can run on the processor, wherein the steps in the method embodiment of the first embodiment of the invention are realized when the processor executes the computer program.
Further, as an executable scheme, the Android platform software data destruction terminal device may be a desktop computer, a notebook, a mobile phone, a cloud server, and other computing devices. The Android platform software data cracking terminal equipment can comprise, but is not limited to, a processor and a memory. Those skilled in the art can understand that the composition structure of the Android platform software data cracking terminal device is only an example of the Android platform software data cracking terminal device, and does not constitute a limitation on the Android platform software data cracking terminal device, and the Android platform software data cracking terminal device may include more or less components than the above, or combine some components, or different components, for example, the Android platform software data cracking terminal device may further include an input/output device, a network access device, a bus, and the like, which is not limited in the embodiments of the present invention.
Further, as an executable solution, the processor may be a Central Processing Unit (CPU), other general purpose processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, a discrete Gate or transistor logic device, a discrete hardware component, and the like. The general processor can be a microprocessor or the processor can also be any conventional processor and the like, the processor is a control center of the Android platform software data cracking terminal device, and various interfaces and lines are used for connecting all parts of the whole Android platform software data cracking terminal device.
The memory can be used for storing the computer program and/or the module, and the processor realizes various functions of the Android platform software data cracking terminal device by running or executing the computer program and/or the module stored in the memory and calling data stored in the memory. The memory can mainly comprise a program storage area and a data storage area, wherein the program storage area can store an operating system and an application program required by at least one function; the storage data area may store data created according to the use of the mobile phone, and the like. In addition, the memory may include high speed random access memory, and may also include non-volatile memory, such as a hard disk, a memory, a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), at least one magnetic disk storage device, a Flash memory device, or other volatile solid state storage device.
The invention also provides a computer-readable storage medium, in which a computer program is stored, which, when being executed by a processor, carries out the steps of the above-mentioned method of an embodiment of the invention.
If the module/unit integrated with the Android platform software data cracking terminal device is realized in the form of a software functional unit and is sold or used as an independent product, the module/unit can be stored in a computer readable storage medium. Based on such understanding, all or part of the flow of the method according to the embodiments of the present invention may also be implemented by a computer program, which may be stored in a computer-readable storage medium, and when the computer program is executed by a processor, the steps of the method embodiments may be implemented. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, usb disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM ), Random Access Memory (RAM), software distribution medium, and the like.
While the invention has been particularly shown and described with reference to a preferred embodiment, it will be understood by those skilled in the art that various changes in form and detail may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (5)
1. A method for breaking Android platform software data is characterized by comprising the following steps:
s1: carrying out reverse processing on a database file of the software to be cracked to obtain values of corresponding parameters Default KDF iter and Default Page Size;
s2: building simulation software, copying a key file corresponding to the software to be cracked, and modifying the UID in the copied key file into the UID corresponding to the simulation software to be used as the key file of the simulation software;
s3: reading the key file through simulation software to generate a key object in a Cipher parameter;
s4: the simulation software opens a configuration file corresponding to the software to be cracked, and obtains the contents corresponding to the parameters data and IV;
s5: the simulation software decrypts the content of the parameter data through a decryption algorithm, a key object and an IV value corresponding to the software to be decrypted, which are contained in the Cipher parameter, so as to obtain a value of the parameter key, and converts the value into a character string format;
s6: and decrypting the database file of the software to be cracked according to the three parameters of the Default KDF iter, the Default Page Size and the key.
2. The Android platform software data destruction method according to claim 1, characterized in that: the software to be cracked is Signal software.
3. The Android platform software data destruction method according to claim 1, characterized in that: the decryption algorithm is an AES-GCM algorithm.
4. The Android platform software data cracking terminal equipment is characterized in that: comprising a processor, a memory and a computer program stored in the memory and running on the processor, the processor implementing the steps of the method according to any one of claims 1 to 3 when executing the computer program.
5. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 3.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911367937.1A CN111104693A (en) | 2019-12-26 | 2019-12-26 | Android platform software data cracking method, terminal device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911367937.1A CN111104693A (en) | 2019-12-26 | 2019-12-26 | Android platform software data cracking method, terminal device and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111104693A true CN111104693A (en) | 2020-05-05 |
Family
ID=70423306
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911367937.1A Withdrawn CN111104693A (en) | 2019-12-26 | 2019-12-26 | Android platform software data cracking method, terminal device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111104693A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112738079A (en) * | 2020-12-28 | 2021-04-30 | 厦门市美亚柏科信息股份有限公司 | Cross-platform APP data decryption method and system |
| CN113407924A (en) * | 2021-06-01 | 2021-09-17 | 厦门市美亚柏科信息股份有限公司 | Barrier-free service-based application lock opening method, terminal device and storage medium |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103701829A (en) * | 2014-01-03 | 2014-04-02 | 厦门市美亚柏科信息股份有限公司 | Method of off-line analyzing DPAPI (Data Protection Application Programming Interface) enciphered data |
| US20150121088A1 (en) * | 2013-10-30 | 2015-04-30 | Lsi Corporation | Method of managing aligned and unaligned data bands in a self encrypting solid state drive |
| CN106788999A (en) * | 2016-12-09 | 2017-05-31 | 武汉中软通证信息技术有限公司 | A kind of wechat evidence collecting method and system based on data collision |
| CN107135078A (en) * | 2017-06-05 | 2017-09-05 | 浙江大学 | PBKDF2 cryptographic algorithms accelerated method and equipment therefor |
| CN108268801A (en) * | 2018-01-19 | 2018-07-10 | 电子科技大学 | Xilinx FPGA based on reverse-engineering consolidate core IP crack methods |
| CN105095513B (en) * | 2015-09-09 | 2018-07-31 | 浪潮(北京)电子信息产业有限公司 | A kind of method and apparatus cracking oracle database account password |
| CN109583217A (en) * | 2018-11-21 | 2019-04-05 | 深圳市易讯天空网络技术有限公司 | A kind of encryption of internet electric business platform user private data and decryption method |
| CN110046477A (en) * | 2019-04-04 | 2019-07-23 | 上海望友信息科技有限公司 | Industrial application software verification authorization method, system, medium, client/server-side |
-
2019
- 2019-12-26 CN CN201911367937.1A patent/CN111104693A/en not_active Withdrawn
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150121088A1 (en) * | 2013-10-30 | 2015-04-30 | Lsi Corporation | Method of managing aligned and unaligned data bands in a self encrypting solid state drive |
| CN103701829A (en) * | 2014-01-03 | 2014-04-02 | 厦门市美亚柏科信息股份有限公司 | Method of off-line analyzing DPAPI (Data Protection Application Programming Interface) enciphered data |
| CN105095513B (en) * | 2015-09-09 | 2018-07-31 | 浪潮(北京)电子信息产业有限公司 | A kind of method and apparatus cracking oracle database account password |
| CN106788999A (en) * | 2016-12-09 | 2017-05-31 | 武汉中软通证信息技术有限公司 | A kind of wechat evidence collecting method and system based on data collision |
| CN107135078A (en) * | 2017-06-05 | 2017-09-05 | 浙江大学 | PBKDF2 cryptographic algorithms accelerated method and equipment therefor |
| CN108268801A (en) * | 2018-01-19 | 2018-07-10 | 电子科技大学 | Xilinx FPGA based on reverse-engineering consolidate core IP crack methods |
| CN109583217A (en) * | 2018-11-21 | 2019-04-05 | 深圳市易讯天空网络技术有限公司 | A kind of encryption of internet electric business platform user private data and decryption method |
| CN110046477A (en) * | 2019-04-04 | 2019-07-23 | 上海望友信息科技有限公司 | Industrial application software verification authorization method, system, medium, client/server-side |
Non-Patent Citations (2)
| Title |
|---|
| WENJIAN LUO 等: "Authentication by Encrypted Negative Password", 《 IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY 》 * |
| 李玲双: "加密文档破解系统的设计与实现", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112738079A (en) * | 2020-12-28 | 2021-04-30 | 厦门市美亚柏科信息股份有限公司 | Cross-platform APP data decryption method and system |
| CN113407924A (en) * | 2021-06-01 | 2021-09-17 | 厦门市美亚柏科信息股份有限公司 | Barrier-free service-based application lock opening method, terminal device and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111885024B (en) | Login information processing method and equipment | |
| US10484352B2 (en) | Data operations using a proxy encryption key | |
| US8473740B2 (en) | Method and system for secured management of online XML document services through structure-preserving asymmetric encryption | |
| CN108063756B (en) | Key management method, device and equipment | |
| CN111741028B (en) | Service processing method, device, equipment and system | |
| US8769302B2 (en) | Encrypting data and characterization data that describes valid contents of a column | |
| CN112016120A (en) | Event prediction method and device based on user privacy protection | |
| CN111132150A (en) | Method and device for protecting data, storage medium and electronic equipment | |
| US11604740B2 (en) | Obfuscating cryptographic material in memory | |
| Park et al. | Research on Note-Taking Apps with Security Features. | |
| CN113792297A (en) | Service processing method, device and equipment | |
| CN111104693A (en) | Android platform software data cracking method, terminal device and storage medium | |
| CN116522358A (en) | Data encryption method, device, computing equipment and storage medium | |
| Park et al. | A methodology for the decryption of encrypted smartphone backup data on android platform: A case study on the latest samsung smartphone backup system | |
| CN112800467B (en) | Online model training method, device and equipment based on data privacy protection | |
| CN114398623A (en) | Method for determining security policy | |
| CN113282959A (en) | Service data processing method and device and electronic equipment | |
| CN111984989A (en) | Method, device, system and medium for verifying, issuing and accessing URL (uniform resource locator) | |
| CN111143879A (en) | Android platform SD card file protection method, terminal device and storage medium | |
| US8144876B2 (en) | Validating encrypted archive keys with MAC value | |
| CN112307449B (en) | Authority hierarchical management method, device, electronic equipment and readable storage medium | |
| CN115758432A (en) | Omnibearing data encryption method and system based on machine learning algorithm | |
| CN115098877A (en) | File encryption and decryption method and device, electronic equipment and medium | |
| CN110516468B (en) | Method and device for encrypting memory snapshot of virtual machine | |
| CN101112040B (en) | Method for protection of a digital rights file |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20200505 |
|
| WW01 | Invention patent application withdrawn after publication |