谁能解释一下下面的代码?是否可以检索加密密钥?我认为除了混淆之外,代码还被严重混淆,我可以识别出它正在使用诸如DESEDE和CBC和PKCS5Padding 之类的算法来加密来自应用程序的 http 发布流量。我的问题是有人知道如何在这里检索密钥吗?
package c.e.a.a.g;
import a.a;
import android.util.Base64;
import java.io.UnsupportedEncodingException;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Random;
import java.util.regex.Pattern;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.SecretKeySpec;
public class b {
/* renamed from: a reason: collision with root package name */
private static volatile b f4799a;
/* renamed from: b reason: collision with root package name */
private byte[] f4800b = null;
/* renamed from: c reason: collision with root package name */
private String f4801c;
private b() {
try {
this.f4801c = a.a(new byte[]{97, 110, 100, 95, 50, 51, 116, 107, 108, 35, 95, 97, 105, 116, 33}, new byte[]{75, 24, 109, 27, -24, -51, 22, -58, -44, -74, 21, 91, -88, 48, -52, -63, 69, -67, 71, 17, 116, 77, 70, -94, 41, 121, 20, 120, 8, 121, 33, 77});
} catch (GeneralSecurityException e2) {
e2.printStackTrace();
}
this.f4800b = e(this.f4801c);
}
public static b a() {
if (f4799a == null) {
synchronized (b.class) {
if (f4799a == null) {
f4799a = new b();
}
}
}
return f4799a;
}
private final String c(String str) {
try {
Cipher instance = Cipher.getInstance("DESEDE/ECB/PKCS5Padding");
instance.init(2, new SecretKeySpec(this.f4800b, "DESede"));
return a(instance.doFinal(new a().a(str)));
} catch (Exception e2) {
e2.printStackTrace();
return null;
}
}
private final String d(String str) {
try {
Cipher instance = Cipher.getInstance("DESEDE/ECB/PKCS5Padding");
instance.init(1, new SecretKeySpec(this.f4800b, "DESede"));
try {
return Base64.encodeToString(instance.doFinal(str.getBytes()), 0);
} catch (IllegalBlockSizeException e2) {
e2.printStackTrace();
return "";
} catch (BadPaddingException e3) {
e3.printStackTrace();
return "";
}
} catch (NoSuchAlgorithmException e4) {
e4.printStackTrace();
} catch (NoSuchPaddingException e5) {
e5.printStackTrace();
} catch (InvalidKeyException e6) {
e6.printStackTrace();
}
}
private final byte[] e(String str) {
try {
return MessageDigest.getInstance("MD5").digest(str.getBytes("UTF-8"));
} catch (NoSuchAlgorithmException e2) {
e2.printStackTrace();
return null;
} catch (UnsupportedEncodingException e3) {
e3.printStackTrace();
return null;
}
}
public String b(String str) {
StringBuilder sb = new StringBuilder();
sb.append(str);
sb.append(b());
return d(sb.toString());
}
private String b() {
int nextInt = new Random().nextInt(999999);
StringBuilder sb = new StringBuilder();
sb.append("|");
sb.append(nextInt);
return sb.toString();
}
public String a(String str) {
return c(str).split(Pattern.quote("|"))[0];
}
public b(String str) {
this.f4800b = e(str);
}
private final String a(byte[] bArr) {
StringBuffer stringBuffer = new StringBuffer();
for (byte b2 : bArr) {
stringBuffer.append((char) b2);
}
return stringBuffer.toString();
}
}
此代码生成的加密 http post 请求示例如下所示:
{"MobileUsersBE":{"AppVersion":"vB0gg8dKw8/ssTAXDUHLDw==\n","DeviceCode":"NUIDvs43seBumI3SU7Q1R/NWzO0ylo08jPjWcGUxZsFCjEu/IEjcEUYM4V6zswVc\n","DeviceType":"android","GCMCellId":"","Password":"P4fM264BxQXhd3RQu5vk8w==\n","UserName":"i2WZyhFJ9CZTx40Th83siw==\n"},"ServiceUsersBE":{"AppVersion":"ZA+PaD1HcAVZ384ENwEWBw==\n","DeviceCode":"NUIDvs43seBumI3SU7Q1R/NWzO0ylo08jPjWcGUxZsFOFoCbYVotoPrT8YV4yEHL\n","DeviceType":"android","Password":"t1h6/ATZ26VA8nS+fcnvkv0wtPbV8onO\n","TransactionCode":"vfTVe1PFdoFSMOdyYSxAI33cLtBw3z3uUrzOGlZJafQYzgg+Te+n/sDv/nyll3T2","UserName":"N67a2TEuY68jsRadkP0JGrh64aKxVin1\n"}}