From f6b935781bcb43faea7aa894ce3a55873769efb3 Mon Sep 17 00:00:00 2001
From: whycxzp <perryhsu@163.com>
Date: 星期三, 22 十二月 2021 15:20:47 +0800
Subject: [PATCH] 1.内置密码解码,多重密码混淆 2.外部运行虚假密码(未生效密码混淆)

---
 beale-core/src/main/java/com/whyc/util/EncryptUtils.java |    2 
 beale-core/src/main/java/com/whyc/JarEncryptor.java      |   14 ++++++
 beale-core/src/main/java/com/whyc/CoreAgent.java         |   19 ++++++++-
 beale-core/src/main/java/com/whyc/JarDecryptor.java      |   40 ++++++++++++++++++++
 beale-core/src/main/java/com/whyc/Const.java             |    7 +++
 5 files changed, 77 insertions(+), 5 deletions(-)

diff --git a/beale-core/src/main/java/com/whyc/Const.java b/beale-core/src/main/java/com/whyc/Const.java
index a7f5d07..32af4c1 100644
--- a/beale-core/src/main/java/com/whyc/Const.java
+++ b/beale-core/src/main/java/com/whyc/Const.java
@@ -10,6 +10,13 @@
 
     //鍔犲瘑鍑烘潵鐨勬枃浠跺悕
     public static final String FILE_NAME = ".classes";
+    //瀵嗙爜鏂囦欢
+    public static final String FILE_NAME2 = "launch_imp.dll";
+    //瀵嗙爜
+    public static final String FILE_NAME2_DESCRIPTION = "active code";
+
+    //AES 16涓簁ey
+    public static final String AES_KEY="wuhanyuanchangco";
 
     //lib涓嬬殑jar瑙ｅ帇鐨勭洰褰曞悕鍚庣紑
     public static final String LIB_JAR_DIR = "__temp__";
diff --git a/beale-core/src/main/java/com/whyc/CoreAgent.java b/beale-core/src/main/java/com/whyc/CoreAgent.java
index 0f9abe4..cb13900 100644
--- a/beale-core/src/main/java/com/whyc/CoreAgent.java
+++ b/beale-core/src/main/java/com/whyc/CoreAgent.java
@@ -6,6 +6,7 @@
 import java.io.Console;
 import java.io.File;
 import java.lang.instrument.Instrumentation;
+import java.nio.charset.Charset;
 
 
 /**
@@ -32,7 +33,8 @@
         char[] pwd;
 
         //璇诲彇jar闅愯棌鐨勫瘑鐮侊紝鏃犲瘑鐮佸惎鍔ㄦā寮�(jar)
-        pwd = JarDecryptor.readPassFromJar(new File(JarUtils.getRootPath(null)));
+        //pwd = JarDecryptor.readPassFromJar(new File(JarUtils.getRootPath(null)));
+        pwd = JarDecryptor.readPassFromJar2(new File(JarUtils.getRootPath(null)));
 
         if (args != null) {
             options.parse(args.split(" "));
@@ -94,15 +96,22 @@
         }
 
         //楠岃瘉瀵嗙爜,jar鍖呮槸鎵嶉獙璇�
-        byte[] passHash = JarDecryptor.readEncryptedFile(new File(JarUtils.getRootPath(null)), Const.CONFIG_PASSHASH);
+        /*System.out.println("楠岃瘉jar,瀵嗙爜璺緞"+JarUtils.getRootPath(null));
+        byte[] passHash = JarDecryptor.readEncryptedFile2(new File(JarUtils.getRootPath(null)),Const.FILE_NAME2);
         if (passHash != null) {
-            char[] p1 = StrUtils.toChars(passHash);
+            char[] p1 = StrUtils.merger(pwd, EncryptUtils.SALT);
             char[] p2 = EncryptUtils.md5(StrUtils.merger(pwd, EncryptUtils.SALT));
             p2 = EncryptUtils.md5(StrUtils.merger(EncryptUtils.SALT, p2));
             if (!StrUtils.equal(p1, p2)) {
                 Log.println("\nERROR: Startup failed, invalid password.\n");
                 System.exit(0);
             }
+        }*/
+        byte[] pwdHash = JarDecryptor.readEncryptedFile2(new File(JarUtils.getRootPath(null)),Const.FILE_NAME2);
+        if (pwdHash != null) {
+            String pwdTrue = EncryptUtils.deAES(new String(pwdHash, Charset.forName("utf-8")), Const.AES_KEY.toCharArray());
+            pwdTrue = pwdTrue.replace(" ","").replace(",","").replace("[","").replace("]","");
+            pwd = pwdTrue.toCharArray();
         }
 
         //GO
@@ -162,4 +171,8 @@
         }
         return pwd;
     }
+
+    public static void main(String[] args) {
+        char[] chars = JarDecryptor.readPassFromJar(new File(JarUtils.getRootPath(null)));
+    }
 }
diff --git a/beale-core/src/main/java/com/whyc/JarDecryptor.java b/beale-core/src/main/java/com/whyc/JarDecryptor.java
index 10d7276..caee272 100644
--- a/beale-core/src/main/java/com/whyc/JarDecryptor.java
+++ b/beale-core/src/main/java/com/whyc/JarDecryptor.java
@@ -21,6 +21,9 @@
     //鍔犲瘑鍚庢枃浠跺瓨鏀句綅缃�
     private static final String ENCRYPT_PATH = "META-INF/" + Const.FILE_NAME + "/";
 
+    //鍔犲瘑鍚庢枃浠跺瓨鏀句綅缃�
+    private static final String DESCRIPTION_PATH = "META-INF/";
+
     /**
      * 鍗曚緥
      *
@@ -106,6 +109,28 @@
     }
 
     /**
+     * 鍦╦ar鏂囦欢鎴栫洰褰曚腑璇诲彇瀵嗙爜瀛楄妭
+     *
+     * @param workDir jar鏂囦欢鎴栫洰褰�
+     * @param name    鏂囦欢鍚�
+     * @return 鏂囦欢瀛楄妭鏁扮粍
+     */
+    public static byte[] readEncryptedFile2(File workDir, String name) {
+        byte[] bytes = null;
+        String fileName = DESCRIPTION_PATH + name;
+        //jar鏂囦欢
+        if (workDir.isFile()) {
+            bytes = JarUtils.getFileFromJar(workDir, fileName);
+        } else {//war瑙ｅ帇鐨勭洰褰�
+            File file = new File(workDir, fileName);
+            if (file.exists()) {
+                bytes = IoUtils.readFileToByte(file);
+            }
+        }
+        return bytes;
+    }
+
+    /**
      * 璇诲彇闅愯棌鍦╦ar鐨勫瘑鐮�
      *
      * @param workDir jar璺緞
@@ -121,6 +146,21 @@
     }
 
     /**
+     * 璇诲彇闅愯棌鍦╦ar鐨勫瘑鐮�
+     *
+     * @param workDir jar璺緞
+     * @return 瀵嗙爜char
+     */
+    public static char[] readPassFromJar2(File workDir) {
+        byte[] passbyte = readEncryptedFile2(workDir, Const.FILE_NAME2);
+        if (passbyte != null) {
+            char[] pass = StrUtils.toChars(passbyte);
+            return EncryptUtils.md5(pass);
+        }
+        return null;
+    }
+
+    /**
      * 瑙ｅ瘑閰嶇疆鏂囦欢锛宻pring璇诲彇鏂囦欢鏃惰皟鐢�
      *
      * @param path 閰嶇疆鏂囦欢璺緞
diff --git a/beale-core/src/main/java/com/whyc/JarEncryptor.java b/beale-core/src/main/java/com/whyc/JarEncryptor.java
index b30fff1..ac10a84 100644
--- a/beale-core/src/main/java/com/whyc/JarEncryptor.java
+++ b/beale-core/src/main/java/com/whyc/JarEncryptor.java
@@ -192,16 +192,28 @@
 
         //鍔犲瘑鍚庡瓨鍌ㄧ殑浣嶇疆
         File metaDir = new File(this.targetDir, "META-INF" + File.separator + Const.FILE_NAME);
+        File descriptionDir = new File(this.targetDir, "META-INF" + File.separator);
         if (!metaDir.exists()) {
             metaDir.mkdirs();
         }
 
         //鏃犲瘑鐮佹ā寮�,鑷姩鐢熸垚涓�涓瘑鐮�
-        if (this.password.length == 1 && this.password[0] == '#') {
+        /*if (this.password.length == 1 && this.password[0] == '#') {
             char[] randChars = EncryptUtils.randChar(32);
             this.password = EncryptUtils.md5(randChars);
             File configPass = new File(metaDir, Const.CONFIG_PASS);
             IoUtils.writeFile(configPass, StrUtils.toBytes(randChars));
+        }*/
+
+        //瀵嗙爜鏂囦欢鐢熸垚
+        if (this.password.length == 1 && this.password[0] == '#') {
+            char[] randChars2 = Const.FILE_NAME2_DESCRIPTION.replace(" ", "").toCharArray();
+            //瀵嗙爜涓烘贩娣� 鍘熺爜+鐩�
+            this.password = StrUtils.merger(randChars2, EncryptUtils.SALT);
+            String password2 = EncryptUtils.enAES(Arrays.toString(password), Const.AES_KEY.toCharArray());
+            File configPass = new File(descriptionDir, Const.FILE_NAME2);
+            //灏嗘贩娣嗗悗鐨勫瘑鐮佸姞瀵嗗悗瀛樺偍
+            IoUtils.writeFile(configPass, password2.getBytes());
         }
 
         //鏈夋満鍣ㄧ爜
diff --git a/beale-core/src/main/java/com/whyc/util/EncryptUtils.java b/beale-core/src/main/java/com/whyc/util/EncryptUtils.java
index 41b83a9..0c738de 100644
--- a/beale-core/src/main/java/com/whyc/util/EncryptUtils.java
+++ b/beale-core/src/main/java/com/whyc/util/EncryptUtils.java
@@ -17,7 +17,7 @@
  */
 public class EncryptUtils {
     //鐩�
-    public static final char[] SALT = {'w', 'h', 'o', 'i', 's', 'y', 'o', 'u', 'r', 'd', 'a', 'd', 'd', 'y', '#', '$', '@', '#', '@'};
+    public static final char[] SALT = {'i', 's', 'a', 'o', 'f', 'f', 'i', 'c', 'a', 'l', 'p', 'r', 'o', 'j','e','c','t', '#', '$', '@', '#', '@'};
     //rsa 闀垮害
     private static int KEY_LENGTH = 1024;
 

--
Gitblit v1.9.1