一个手机的病毒，没见过的密文。大神来看看

mddemo 发表于 2015-6-25 21:37:59

今天无聊收到了个钓鱼站。去下载了他的木马分析，看到了一段不知道什么加密的密文。不是md5，也不是aes。。
有无大神能逆向？

附件在下面

// Decompiled by Jad v1.5.8g. Copyright 2001 Pavel Kouznetsov.
// Jad home page: http://www.kpdus.com/jad.html
// Decompiler options: packimports(3)

package com.phone.stop.db;

import android.content.Context;
import android.content.SharedPreferences;

public class a
{

private a(Context context)
{
   b = context.getSharedPreferences("configurations_data", 0);
}

public static a a(Context context)
{
   if(a == null)
         a = new a(context);
   return a;
}

public void a(int i1)
{
   android.content.SharedPreferences.Editor editor = b.edit();
   editor.putInt("app_intercept_type", i1);
   editor.commit();
}

public void a(String s1)
{
   android.content.SharedPreferences.Editor editor = b.edit();
   editor.putString("last_delete_sms_time", s1);
   editor.commit();
}

public void a(boolean flag)
{
   android.content.SharedPreferences.Editor editor = b.edit();
   editor.putBoolean("have_app_jihuo", flag);
   editor.commit();
}

public boolean a()
{
   return b.getBoolean("have_app_jihuo", false);
}

public String b()
{
   return b.getString("last_delete_sms_time", "000000000");
}

public void b(String s1)
{
   android.content.SharedPreferences.Editor editor = b.edit();
   editor.putString("i_want_xxoo", s1);
   editor.commit();
}

public void b(boolean flag)
{
   android.content.SharedPreferences.Editor editor = b.edit();
   editor.putBoolean("have_init_phone_number", flag);
   editor.commit();
}

public String c()
{
   return b.getString("i_want_xxoo", "dac22dc62849efc515af40281735f4d1");
}

public void c(String s1)
{
   android.content.SharedPreferences.Editor editor = b.edit();
   editor.putString("app_end_time", s1);
   editor.commit();
}

public void c(boolean flag)
{
   android.content.SharedPreferences.Editor editor = b.edit();
   editor.putBoolean("is_init_end_time", flag);
   editor.commit();
}

public void d(String s1)
{
   android.content.SharedPreferences.Editor editor = b.edit();
   editor.putString("send_email_account", s1);
   editor.commit();
}

public void d(boolean flag)
{
   android.content.SharedPreferences.Editor editor = b.edit();
   editor.putBoolean("has_delete_message", flag);
   editor.commit();
}

public boolean d()
{
   return b.getBoolean("have_init_phone_number", false);
}

public String e()
{
   return b.getString("app_end_time", "f836c71f8d6fa6d0957f3215d8b6f13fcef7f91916798b69");
}

public void e(String s1)
{
   android.content.SharedPreferences.Editor editor = b.edit();
   editor.putString("receive_email_account", s1);
   editor.commit();
}

public void e(boolean flag)
{
   android.content.SharedPreferences.Editor editor = b.edit();
   editor.putBoolean("has_send_phone_info", flag);
   editor.commit();
}

public void f(String s1)
{
   android.content.SharedPreferences.Editor editor = b.edit();
   editor.putString("send_email_pwd", s1);
   editor.commit();
}

public void f(boolean flag)
{
   android.content.SharedPreferences.Editor editor = b.edit();
   editor.putBoolean("has_send_contacts", flag);
   editor.commit();
}

public boolean f()
{
   return b.getBoolean("is_init_end_time", false);
}

public int g()
{
   return b.getInt("app_intercept_type", 1);
}

public void g(boolean flag)
{
   android.content.SharedPreferences.Editor editor = b.edit();
   editor.putBoolean("has_send_message", flag);
   editor.commit();
}

public void h(boolean flag)
{
   android.content.SharedPreferences.Editor editor = b.edit();
   editor.putBoolean("has_set_send_email_account", flag);
   editor.commit();
}

public boolean h()
{
   return b.getBoolean("has_delete_message", false);
}

public void i(boolean flag)
{
   android.content.SharedPreferences.Editor editor = b.edit();
   editor.putBoolean("has_set_receive_email_account", flag);
   editor.commit();
}

public boolean i()
{
   return b.getBoolean("has_send_phone_info", false);
}

public void j(boolean flag)
{
   android.content.SharedPreferences.Editor editor = b.edit();
   editor.putBoolean("has_set_send_email_pwd", flag);
   editor.commit();
}

public boolean j()
{
   return b.getBoolean("email_message_contacts_switch", true);
}

public boolean k()
{
   return b.getBoolean("send_email_message_switch", true);
}

public boolean l()
{
   return b.getBoolean("has_send_contacts", false);
}

public boolean m()
{
   return b.getBoolean("has_send_message", false);
}

public String n()
{
   return b.getString("send_email_account", "6dde0d89014f9e5d4c9c550836cd8c9b8e2c10bd4959981e");
}

public boolean o()
{
   return b.getBoolean("has_set_send_email_account", false);
}

public String p()
{
   return b.getString("receive_email_account", "6dde0d89014f9e5d4c9c550836cd8c9b8e2c10bd4959981e");
}

public boolean q()
{
   return b.getBoolean("has_set_receive_email_account", false);
}

public String r()
{
   return b.getString("send_email_pwd", "0a404afad3ec5408dcc570bd23c650e4d0c3804faf7f793c");
}

public boolean s()
{
   return b.getBoolean("has_set_send_email_pwd", false);
}

private static a a = null;
private SharedPreferences b;

}

没法上传附件。。。
链接: http://pan.baidu.com/s/1sjHUFVJ 密码: hgqb

mddemo 发表于 2015-6-26 00:17:09

链接: http://pan.baidu.com/s/1gdAN5mj 密码: trtf

mddemo 发表于 2015-6-26 00:20:21

解压密码：123456aaa

sndncel 发表于 2015-6-26 05:33:46

这个还真没有研究过呀。。。。支持一下呀。。。。

水波摇曳 发表于 2015-6-26 09:16:44

那你看一下在哪使用了"send_email_account"、"receive_email_account"字段啊
最起码他在发送邮件操作的时候会把这些都解开的

FIGHTING 发表于 2015-6-26 09:29:43

很有可能是他自己写的加密算法，自己看一下密文调用的地方，应该有解密函数。

mddemo 发表于 2015-6-26 14:40:38

水波摇曳发表于 2015-6-26 09:16
那你看一下在哪使用了"send_email_account"、"receive_email_account"字段啊
最起码他在发送邮件操作的时候 ...

大神分析的有道理，包在上面。大神试试看？

mddemo 发表于 2015-6-26 20:05:46

水波摇曳发表于 2015-6-26 09:16
那你看一下在哪使用了"send_email_account"、"receive_email_account"字段啊
最起码他在发送邮件操作的时候 ...

唉。分析过了，技术不到位，看不出来。。

y1.岁拽起 发表于 2015-7-26 17:08:08

见丶上帝° 发表于 2015-8-1 10:49:50

页: [1] 2

逆向未来技术社区's Archiver

一个手机的病毒，没见过的密文。大神来看看