月度归档:2016年11月

正则一

#python 获取本机ip(网上清一色的抄的用socket库)

def getlocalip():
    strs_tmp = commands.getstatusoutput('ifconfig')
    strs = strs_tmp[1]
    m_ip = re.findall('inet\s[^\s]+:(\d+\.\d+\.\d+\.\d+)\s', strs)
    ip_str = ''
    for a_ip in m_ip:
        if a_ip == "127.0.0.1":
            continue
        ip_str = ip_str + '_' + a_ip
    ip_str = ip_str.strip("_")
    if not ip_str:
        print "local ip is null"
        exit()
    return ip_str

#判断字符串是否为base64字符串

<?php
function is_base64_encoded($data){
        if (preg_match('%^[a-zA-Z0-9/+]*={0,2}$%', $data)) {
            return TRUE;
        } else {
            return FALSE;
        }
    }
 
var_dump(is_base64_encoded("iash21iawhdj98UH3")); // true
var_dump(is_base64_encoded("#iu3498r")); // false
var_dump(is_base64_encoded("asiudfh9w=8uihf")); // false
var_dump(is_base64_encoded("a398UIhnj43f/1!+sadfh3w84hduihhjw==")); // true
 
?>

生成元快速计算方法一

取安全素数 P   使P = 2Q+1       P Q都必须为素数,  如最小的安全素数为 (5,7,11…..) Q 对应就为 (2,3,5…..)

取任意数    a 同时满足如下条件:

1.a^2 mod P  !=1

2. a^Q mod P !=1

此时 a 就为一个生成元,

比如:  Q=5 P=11

则生成元有  k1=2,k2=6.。。。。

在 diffie-hellman中 

A:tmp1 = G^k1 mod P   =  5^2 mod 11 == 3  (send B)

B:tmp2 = G^k2 mod P   =  5 ^6 mod 11 == 5  (send A)

A(key) = tmp2 ^ k1 mod P = 5^2 mod 11  ==3

B(key) = tmp1 ^ k2 mod P = 3^6  mod 11 ==3 

A(key)==B(key)

over .

 

Py2exe Disassembly

今天分析一EXE文件, 操起IDA,发现无解,  发现关键字python  操作 Resource Hacker  发现 PYTHONSCRIPT 资源节点,  显示为Py2exe 打包

1. exe –>pyc

https://github.com/matiasb/unpy2exe (推荐)

https://sourceforge.net/projects/py2exedumper

python unpy2exe.py xxx.exe

2.pyc –>py 

https://github.com/wibiti/uncompyle2

安装好后执行  uncompyle2  xxxx.py.pyc

linux系统调用号 eax中表示调用

很久没写汇编了。 都快忘记完了。标记下。

#define __NR_restart_syscall 0
#define __NR_exit 1
#define __NR_fork 2
#define __NR_read 3
#define __NR_write 4
#define __NR_open 5
#define __NR_close 6
#define __NR_waitpid 7
#define __NR_creat 8
#define __NR_link 9
#define __NR_unlink 10
#define __NR_execve 11
#define __NR_chdir 12
#define __NR_time 13
#define __NR_mknod 14
#define __NR_chmod 15
#define __NR_lchown 16
#define __NR_break 17
#define __NR_oldstat 18
#define __NR_lseek 19
#define __NR_getpid 20
#define __NR_mount 21
#define __NR_umount 22
#define __NR_setuid 23
#define __NR_getuid 24
#define __NR_stime 25
#define __NR_ptrace 26
#define __NR_alarm 27
#define __NR_oldfstat 28
#define __NR_pause 29
#define __NR_utime 30
#define __NR_stty 31
#define __NR_gtty 32
#define __NR_access 33
#define __NR_nice 34
#define __NR_ftime 35
#define __NR_sync 36
#define __NR_kill 37
#define __NR_rename 38
#define __NR_mkdir 39
#define __NR_rmdir 40
#define __NR_dup 41
#define __NR_pipe 42
#define __NR_times 43
#define __NR_prof 44
#define __NR_brk 45
#define __NR_setgid 46
#define __NR_getgid 47
#define __NR_signal 48
#define __NR_geteuid 49
#define __NR_getegid 50
#define __NR_acct 51
#define __NR_umount2 52
#define __NR_lock 53
#define __NR_ioctl 54
#define __NR_fcntl 55
#define __NR_mpx 56
#define __NR_setpgid 57
#define __NR_ulimit 58
#define __NR_oldolduname 59
#define __NR_umask 60
#define __NR_chroot 61
#define __NR_ustat 62
#define __NR_dup2 63
#define __NR_getppid 64
#define __NR_getpgrp 65
#define __NR_setsid 66
#define __NR_sigaction 67
#define __NR_sgetmask 68
#define __NR_ssetmask 69
#define __NR_setreuid 70
#define __NR_setregid 71
#define __NR_sigsuspend 72
#define __NR_sigpending 73
#define __NR_sethostname 74
#define __NR_setrlimit 75
#define __NR_getrlimit 76 /* Back compatible 2Gig limited rlimit */
#define __NR_getrusage 77
#define __NR_gettimeofday 78
#define __NR_settimeofday 79
#define __NR_getgroups 80
#define __NR_setgroups 81
#define __NR_select 82
#define __NR_symlink 83
#define __NR_oldlstat 84
#define __NR_readlink 85
#define __NR_uselib 86
#define __NR_swapon 87
#define __NR_reboot 88
#define __NR_readdir 89
#define __NR_mmap 90
#define __NR_munmap 91
#define __NR_truncate 92
#define __NR_ftruncate 93
#define __NR_fchmod 94
#define __NR_fchown 95
#define __NR_getpriority 96
#define __NR_setpriority 97
#define __NR_profil 98
#define __NR_statfs 99
#define __NR_fstatfs 100
#define __NR_ioperm 101
#define __NR_socketcall 102
#define __NR_syslog 103
#define __NR_setitimer 104
#define __NR_getitimer 105
#define __NR_stat 106
#define __NR_lstat 107
#define __NR_fstat 108
#define __NR_olduname 109
#define __NR_iopl 110
#define __NR_vhangup 111
#define __NR_idle 112
#define __NR_vm86old 113
#define __NR_wait4 114
#define __NR_swapoff 115
#define __NR_sysinfo 116
#define __NR_ipc 117
#define __NR_fsync 118
#define __NR_sigreturn 119
#define __NR_clone 120
#define __NR_setdomainname 121
#define __NR_uname 122
#define __NR_modify_ldt 123
#define __NR_adjtimex 124
#define __NR_mprotect 125
#define __NR_sigprocmask 126
#define __NR_create_module 127
#define __NR_init_module 128
#define __NR_delete_module 129
#define __NR_get_kernel_syms 130
#define __NR_quotactl 131
#define __NR_getpgid 132
#define __NR_fchdir 133
#define __NR_bdflush 134
#define __NR_sysfs 135
#define __NR_personality 136
#define __NR_afs_syscall 137 /* Syscall for Andrew File System */
#define __NR_setfsuid 138
#define __NR_setfsgid 139
#define __NR__llseek 140
#define __NR_getdents 141
#define __NR__newselect 142
#define __NR_flock 143
#define __NR_msync 144
#define __NR_readv 145
#define __NR_writev 146
#define __NR_getsid 147
#define __NR_fdatasync 148
#define __NR__sysctl 149
#define __NR_mlock 150
#define __NR_munlock 151
#define __NR_mlockall 152
#define __NR_munlockall 153
#define __NR_sched_setparam 154
#define __NR_sched_getparam 155
#define __NR_sched_setscheduler 156
#define __NR_sched_getscheduler 157
#define __NR_sched_yield 158
#define __NR_sched_get_priority_max 159
#define __NR_sched_get_priority_min 160
#define __NR_sched_rr_get_interval 161
#define __NR_nanosleep 162
#define __NR_mremap 163
#define __NR_setresuid 164
#define __NR_getresuid 165
#define __NR_vm86 166
#define __NR_query_module 167
#define __NR_poll 168
#define __NR_nfsservctl 169
#define __NR_setresgid 170
#define __NR_getresgid 171
#define __NR_prctl 172
#define __NR_rt_sigreturn 173
#define __NR_rt_sigaction 174
#define __NR_rt_sigprocmask 175
#define __NR_rt_sigpending 176
#define __NR_rt_sigtimedwait 177
#define __NR_rt_sigqueueinfo 178
#define __NR_rt_sigsuspend 179
#define __NR_pread64 180
#define __NR_pwrite64 181
#define __NR_chown 182
#define __NR_getcwd 183
#define __NR_capget 184
#define __NR_capset 185
#define __NR_sigaltstack 186
#define __NR_sendfile 187
#define __NR_getpmsg 188 /* some people actually want streams */
#define __NR_putpmsg 189 /* some people actually want streams */
#define __NR_vfork 190
#define __NR_ugetrlimit 191 /* SuS compliant getrlimit */
#define __NR_mmap2 192
#define __NR_truncate64 193
#define __NR_ftruncate64 194
#define __NR_stat64 195
#define __NR_lstat64 196
#define __NR_fstat64 197
#define __NR_lchown32 198
#define __NR_getuid32 199
#define __NR_getgid32 200
#define __NR_geteuid32 201
#define __NR_getegid32 202
#define __NR_setreuid32 203
#define __NR_setregid32 204
#define __NR_getgroups32 205
#define __NR_setgroups32 206
#define __NR_fchown32 207
#define __NR_setresuid32 208
#define __NR_getresuid32 209
#define __NR_setresgid32 210
#define __NR_getresgid32 211
#define __NR_chown32 212
#define __NR_setuid32 213
#define __NR_setgid32 214
#define __NR_setfsuid32 215
#define __NR_setfsgid32 216
#define __NR_pivot_root 217
#define __NR_mincore 218
#define __NR_madvise 219
#define __NR_madvise1 219 /* delete when C lib stub is removed */
#define __NR_getdents64 220
#define __NR_fcntl64 221
/* 223 is unused */
#define __NR_gettid 224
#define __NR_readahead 225
#define __NR_setxattr 226
#define __NR_lsetxattr 227
#define __NR_fsetxattr 228
#define __NR_getxattr 229
#define __NR_lgetxattr 230
#define __NR_fgetxattr 231
#define __NR_listxattr 232
#define __NR_llistxattr 233
#define __NR_flistxattr 234
#define __NR_removexattr 235
#define __NR_lremovexattr 236
#define __NR_fremovexattr 237
#define __NR_tkill 238
#define __NR_sendfile64 239
#define __NR_futex 240
#define __NR_sched_setaffinity 241
#define __NR_sched_getaffinity 242
#define __NR_set_thread_area 243
#define __NR_get_thread_area 244
#define __NR_io_setup 245
#define __NR_io_destroy 246
#define __NR_io_getevents 247
#define __NR_io_submit 248
#define __NR_io_cancel 249
#define __NR_fadvise64 250
#define __NR_set_zone_reclaim 251
#define __NR_exit_group 252
#define __NR_lookup_dcookie 253
#define __NR_epoll_create 254
#define __NR_epoll_ctl 255
#define __NR_epoll_wait 256
#define __NR_remap_file_pages 257
#define __NR_set_tid_address 258
#define __NR_timer_create 259
#define __NR_timer_settime (__NR_timer_create+1)
#define __NR_timer_gettime (__NR_timer_create+2)
#define __NR_timer_getoverrun (__NR_timer_create+3)
#define __NR_timer_delete (__NR_timer_create+4)
#define __NR_clock_settime (__NR_timer_create+5)
#define __NR_clock_gettime (__NR_timer_create+6)
#define __NR_clock_getres (__NR_timer_create+7)
#define __NR_clock_nanosleep (__NR_timer_create+8)
#define __NR_statfs64 268
#define __NR_fstatfs64 269
#define __NR_tgkill 270
#define __NR_utimes 271
#define __NR_fadvise64_64 272
#define __NR_vserver 273
#define __NR_mbind 274
#define __NR_get_mempolicy 275
#define __NR_set_mempolicy 276
#define __NR_mq_open 277
#define __NR_mq_unlink (__NR_mq_open+1)
#define __NR_mq_timedsend (__NR_mq_open+2)
#define __NR_mq_timedreceive (__NR_mq_open+3)
#define __NR_mq_notify (__NR_mq_open+4)
#define __NR_mq_getsetattr (__NR_mq_open+5)
#define __NR_sys_kexec_load 283
#define __NR_waitid 284
/* #define __NR_sys_setaltroot 285 */
#define __NR_add_key 286
#define __NR_request_key 287
#define __NR_keyctl 288
#define __NR_ioprio_set 289
#define __NR_ioprio_get 290
#define __NR_inotify_init 291
#define __NR_inotify_add_watch 292
#define __NR_inotify_rm_watch 293

#define NR_syscalls 294

另附上DEMO:

#hello.s 
.data                    # 数据段声明
        msg : .string "Hello, world!\\n" # 要输出的字符串
        len = . - msg                   # 字串长度
.text                    # 代码段声明
.global _start           # 指定入口函数

_start:                  # 在屏幕上显示一个字符串
        movl $len, %edx  # 参数三:字符串长度
        movl $msg, %ecx  # 参数二:要显示的字符串
        movl $1, %ebx    # 参数一:文件描述符(stdout) 
        movl $4, %eax    # 系统调用号(sys_write) 
        int  $0x80       # 调用内核功能

                         # 退出程序
        movl $9,%ebx     # 参数一:退出代码
        movl $1,%eax     # 系统调用号(sys_exit) 
        int  $0x80       # 调用内核功能

php 与 c 语言 互通加密、解密

有一项目,加密由C语言的类库实现, 前端为PHP,逆向了一个SO库文件, DEMO如下:

c库加密代码如下:

// Generate AES 128-bit key   key 为 32 --47 对应的ASC码
    for (i=0; i<16; ++i) {
        key[i] = 32 + i;
    }
 
    // Set encryption key   IV为空  要搞哪样?
    for (i=0; i<AES_BLOCK_SIZE; ++i) {
        iv[i] = 0;
    }
    if (AES_set_encrypt_key(key, 128, &aes) < 0) {
        fprintf(stderr, "Unable to set encryption key in AES\n");
        exit(-1);
    }
 
    // alloc encrypt_string
    encrypt_string = (unsigned char*)calloc(len, sizeof(unsigned char));    
    if (encrypt_string == NULL) {
        fprintf(stderr, "Unable to allocate memory for encrypt_string\n");
        exit(-1);
    }
 
    // encrypt (iv will change)
    AES_cbc_encrypt(input_string, encrypt_string, len, &aes, iv, AES_ENCRYPT);

php 解密代码如下:

$key='';
$iv='';
for($i=0;$i<16;$i++){
$code = $i+32;
$key .= chr($code); 
}
echo $key . "\n";
echo strlen($key) . "\n";

for($j=0;$j<16;$j++){
$code = 0;
$iv .= chr($code); 
}
echo $iv . "\n";
echo strlen($iv) . "\n";

$cbc1 = base64_decode("3lIz3M9hGbfV2r5JKNGDmFRX3OB8tXKaPYCnOZvOj4Qx0kVze0gpPcEthX4f6v6lLs1KeQWCAWpctNJ8UlK6/ZbEn+WOVVV5FfmudfoHDZg640sPJnA9i3u8Ar7dYzX9
6rxQc38Qeo3lEyBgWevDAweGIYqKrWU3qbE1nhQbj/zhYVK/FW/MWNVt750Nj9X2Ev3wGq9r4Fm9Cp6EhYP9JiODIkV7xscgHlJmR1/Pt0iDlVDaxmFoLZ2tbiNojk+m
3MC900ObBYokr1Vv/vNBBB9Eu8oEzis1IkJv5SbWgz+WLJIWX1eEbyhNqZBEf3bdEvlnQUd5d/cVUI+HZHtiak+EUZkQesxx+o1Bh60DYqStyLbfK19cNSV3PNgykOS+
cZVLXWRjdJfLZ9U5CZlzH4fvBGNUzw9waOk4kdkvvLeFDiXcSwoM7UJVZhhSwSaxPDRi+HoBrpDG4cAr/YggUfjz0UHaIPtGN2BWuhy0rQ/FGPNEIdIstbNcfIpKsF+N
gHDF49lEJ2NbHa0MyXn9JpVeD+X8Z85qsDEAIGZyGNMYBJ07f/pmtWvjRqhnY99JDBOEvsL7kNMI+GbFOsltr6NZyhZb7RFZUdmCFYMI0P16DG3rmMCCq/uRNJcWSCga
ByySRq5G2mdSLSQfgK/hEwRhpnLFIMi5OqaH8KJdf8kz2pedhO7LO61o/IvLSqwhm02/I6GsNfrJUzPf8fCX7kwBb/DNSSM1S2aHCxpFcqPv9baK1heXxVJHKUYCGtgF");
$cbc_dec = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key,$cbc1, MCRYPT_MODE_CBC, $iv);
echo "cbc_de:". $cbc_dec."\n";

成功解密。

gcc 编译过程中LD_LIBRARY_PATH当前目录问题

写了个base64  的测试程序,出了一点点小问题

分别如下文件 

base64.h

base64.c

main.c  #测试程序

先编译base64动态库

gcc base64.c -fPIC -shared -o libbase64.so   #不出意外会在当前目录生成libbase64.so文件

接下来编译测试程序

gcc main.c  -L. -lbase64 -o main #生成测试文件

执行测试程序出现了 

yy@yy-System-Product-Name:/data/clang/base641$ ./main 
./main: error while loading shared libraries: libbase64.so: cannot open shared object file: No such file or directory

明显的没有找到base64的库

ldd看一下

yy@yy-System-Product-Name:/data/clang/base641$ ldd ./main
	linux-vdso.so.1 =>  (0x00007ffd0e7df000)
	libbase64.so => not found
	libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fa9003dd000)
	/lib64/ld-linux-x86-64.so.2 (0x0000559c756f3000)

意料中的not found 

ld_debug调试一下

yy@yy-System-Product-Name:/data/clang/base641$ LD_DEBUG=libs ./main 
     10504:	find library=libbase64.so [0]; searching
     10504:	 search cache=/etc/ld.so.cache
     10504:	 search path=/lib/x86_64-linux-gnu/tls/x86_64:/lib/x86_64-linux-gnu/tls:/lib/x86_64-linux-gnu/x86_64:/lib/x86_64-linux-gnu:/usr/lib/x86_64-linux-gnu/tls/x86_64:/usr/lib/x86_64-linux-gnu/tls:/usr/lib/x86_64-linux-gnu/x86_64:/usr/lib/x86_64-linux-gnu:/lib/tls/x86_64:/lib/tls:/lib/x86_64:/lib:/usr/lib/tls/x86_64:/usr/lib/tls:/usr/lib/x86_64:/usr/lib		(system search path)
     10504:	  trying file=/lib/x86_64-linux-gnu/tls/x86_64/libbase64.so
     10504:	  trying file=/lib/x86_64-linux-gnu/tls/libbase64.so
     10504:	  trying file=/lib/x86_64-linux-gnu/x86_64/libbase64.so
     10504:	  trying file=/lib/x86_64-linux-gnu/libbase64.so
     10504:	  trying file=/usr/lib/x86_64-linux-gnu/tls/x86_64/libbase64.so
     10504:	  trying file=/usr/lib/x86_64-linux-gnu/tls/libbase64.so
     10504:	  trying file=/usr/lib/x86_64-linux-gnu/x86_64/libbase64.so
     10504:	  trying file=/usr/lib/x86_64-linux-gnu/libbase64.so
     10504:	  trying file=/lib/tls/x86_64/libbase64.so
     10504:	  trying file=/lib/tls/libbase64.so
     10504:	  trying file=/lib/x86_64/libbase64.so
     10504:	  trying file=/lib/libbase64.so
     10504:	  trying file=/usr/lib/tls/x86_64/libbase64.so
     10504:	  trying file=/usr/lib/tls/libbase64.so
     10504:	  trying file=/usr/lib/x86_64/libbase64.so
     10504:	  trying file=/usr/lib/libbase64.so
     10504:	
./main: error while loading shared libraries: libbase64.so: cannot open shared object file: No such file or directory

发现没到当前目录找。

解决办法:

一 把 libbase64.so 复制到定义的lib目录中去,或者做好软链接,显然我不想这样做。

二 导出 LD_LIBRARY_PATH

#临时
export LD_LIBRARY_PATH=./

#或者在 /etc/profile 中添加永久的

LD_LIBRARY_PATH=./ 
export LD_LIBRARY_PATH

over.

关于静态编译

编译一系统时使用静态编译发现发下警告:

Using 'getaddrinfo' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking

用一简单办法:

使用 musl-gcc 代替 gcc就行:

apt-get install musl-tools

musl-gcc -o xxx xxx.c -static

CRC计算

采用CRC进行差错校验,生成多项式为G(X)=X4+X+1,信息码字为10111,则计算出的CRC校验码?

G(X)=X4+X+1  ==>    10011   (1*x^4+0*x^3+0*x^2+1*x^1+1*x^0    就这么来的, 看指数)

10111    ==>   101110000   (后面添加4个0    G(X)=X4+X+1    次方数最高的为4,就添4个0  )

(差为做的异或运行,并不是做差运算)  求最后的异或结果就对了,

关于网络安全法一

官方立法机构全国人大公布了备受争议的《网络安全法》。其中值得注意的规定包括保存半年以上的日志,强制实名制,网络服务商必须提供技术支持,特殊时刻可断网等等。

第二十一条 国家实行网络安全等级保护制度。网络运营者应当按照网络安全等级保护制度的要求,履行下列安全保护义务,保障网络免受干扰、破坏或者未经授权的访问,防止网络数据泄露或者被窃取、篡改…(三)采取监测、记录网络运行状态、网络安全事件的技术措施,并按照规定留存相关的网络日志不少于六个月。

第二十四条 网络运营者为用户办理网络接入、域名注册服务,办理固定电话、移动电话等入网手续,或者为用户提供信息发布、即时通讯等服务,在与用户签订协议或者确认提供服务时,应当要求用户提供真实身份信息。用户不提供真实身份信息的,网络运营者不得为其提供相关服务。国家实施网络可信身份战略,支持研究开发安全、方便的电子身份认证技术,推动不同电子身份认证之间的互认。

第二十八条 网络运营者应当为公安机关、国家安全机关依法维护国家安全和侦查犯罪的活动提供技术支持和协助。

第三十七条 关键信息基础设施的运营者在中华人民共和国境内运营中收集和产生的个人信息和重要数据应当在境内存储。因业务需要,确需向境外提供的,应当按照国家网信部门会同国务院有关部门制定的办法进行安全评估;法律、行政法规另有规定的,依照其规定。

第四十三条 个人发现网络运营者违反法律、行政法规的规定或者双方的约定收集、使用其个人信息的,有权要求网络运营者删除其个人信息;发现网络运营者收集、存储的其个人信息有错误的,有权要求网络运营者予以更正。网络运营者应当采取措施予以删除或者更正。

第四十七条 网络运营者应当加强对其用户发布的信息的管理,发现法律、行政法规禁止发布或者传输的信息的,应当立即停止传输该信息,采取消除等处置措施,防止信息扩散,保存有关记录,并向有关主管部门报告。

第五十条 国家网信部门和有关部门依法履行网络信息安全监督管理职责,发现法律、行政法规禁止发布或者传输的信息的,应当要求网络运营者停止传输,采取消除等处置措施,保存有关记录;对来源于中华人民共和国境外的上述信息,应当通知有关机构采取技术措施和其他必要措施阻断传播。

第五十八条 因维护国家安全和社会公共秩序,处置重大突发社会安全事件的需要,经国务院决定或者批准,可以在特定区域对网络通信采取限制等临时措施。

第六十九条 网络运营者违反本法规定,有下列行为之一的,由有关主管部门责令改正;拒不改正或者情节严重的,处五万元以上五十万元以下罚款,对直接负责的主管人员和其他直接责任人员,处一万元以上十万元以下罚款:(一)不按照有关部门的要求对法律、行政法规禁止发布或者传输的信息,采取停止传输、消除等处置措施的;(二)拒绝、阻碍有关部门依法实施的监督检查的; (三)拒不向公安机关、国家安全机关提供技术支持和协助的。