Chinaunix首页 | 论坛 | 博客
  • 博客访问: 336869
  • 博文数量: 95
  • 博客积分: 2030
  • 博客等级: 大尉
  • 技术积分: 738
  • 用 户 组: 普通用户
  • 注册时间: 2006-08-12 09:11
文章分类

全部博文(95)

文章存档

2018年(4)

2017年(16)

2016年(61)

2015年(1)

2013年(3)

2006年(10)

我的朋友

分类: Java

2017-01-22 11:08:25

一、准备

下载需要的jar包:1: sun.misc.BASE64Decoder.jar
        2: bcprov-ext-jdk16-1.46.jar

二、查找文件

查找SerializedSystemIni.dat 
第一步:weblogic的路径一般都在/oracle/weblogic/目录下
第二步:查找domain的路径:一般都配置在domain-registry.xml
第三步:$domain/security/ 目录下就是我们要找的SerializedSystemIni.dat文件了
第四步: $domain/config/jdbc/
 
 
查找文件包含的内容,命令: grep -R "SerializedSystemIni.dat" * 命令来查找

三、解密

  1. import org.bouncycastle.jce.provider.BouncyCastleProvider;

  2. import Decoder.BASE64Decoder;

  3. import javax.crypto.*;
  4. import javax.crypto.spec.IvParameterSpec;
  5. import javax.crypto.spec.PBEKeySpec;
  6. import javax.crypto.spec.PBEParameterSpec;
  7. import javax.crypto.spec.SecretKeySpec;
  8. import java.io.FileInputStream;
  9. import java.io.IOException;
  10. import java.io.InputStream;
  11. import java.security.InvalidAlgorithmParameterException;
  12. import java.security.InvalidKeyException;
  13. import java.security.NoSuchAlgorithmException;
  14. import java.security.Security;
  15. import java.security.spec.InvalidKeySpecException;


  16. public class WebLogicPasswordDecryptor {

  17.     public static void main(String args[]) throws IOException, NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException, InvalidKeySpecException, InvalidAlgorithmParameterException {

  18.         Security.addProvider(new BouncyCastleProvider());
  19.         //serializedSystemIniPath
  20. // String serializedSystemIniPath = args[0]; SerializedSystemIni.dat的路径
  21.         String serializedSystemIniPath="D:\\work\\weblogic\\SerializedSystemIni.dat";
  22. // String ciphertext = args[1]; 需要解密的字符串
  23.         String ciphertext="XXXXXXXXXX";
  24.         String cleartext = "";

  25.         if (ciphertext.startsWith("{AES}")){
  26.             ciphertext = ciphertext.replaceAll("^[{AES}]+", "");
  27.             cleartext = decryptAES(serializedSystemIniPath,ciphertext);
  28.         } else if (ciphertext.startsWith("{3DES}")){
  29.             ciphertext = ciphertext.replaceAll("^[{3DES}]+", "");
  30.             cleartext = decrypt3DES(serializedSystemIniPath, ciphertext);
  31.         }

  32.         System.out.println(cleartext);
  33.     }

  34.     public static String decryptAES(String SerializedSystemIni, String ciphertext) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidAlgorithmParameterException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException, IOException {

  35.         byte[] encryptedPassword1 = new BASE64Decoder().decodeBuffer(ciphertext);
  36.         byte[] salt = null;
  37.         byte[] encryptionKey = null;

  38.         String key = "0xccb97558940b82637c8bec3c770f86fa3a391a56";

  39.         char password[] = new char[key.length()];

  40.         key.getChars(0, password.length, password, 0);

  41.         FileInputStream is = new FileInputStream(SerializedSystemIni);
  42.         try {
  43.             salt = readBytes(is);

  44.             int version = is.read();
  45.             if (version != -1) {
  46.                 encryptionKey = readBytes(is);
  47.                 if (version >= 2) {
  48.                     encryptionKey = readBytes(is);
  49.                 }
  50.             }
  51.         } catch (IOException e) {

  52.         }

  53.         SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("PBEWITHSHAAND128BITRC2-CBC");

  54.         PBEKeySpec pbeKeySpec = new PBEKeySpec(password, salt, 5);

  55.         SecretKey secretKey = keyFactory.generateSecret(pbeKeySpec);

  56.         PBEParameterSpec pbeParameterSpec = new PBEParameterSpec(salt, 0);

  57.         Cipher cipher = Cipher.getInstance("PBEWITHSHAAND128BITRC2-CBC");
  58.         cipher.init(Cipher.DECRYPT_MODE, secretKey, pbeParameterSpec);
  59.         SecretKeySpec secretKeySpec = new SecretKeySpec(cipher.doFinal(encryptionKey), "AES");

  60.         byte[] iv = new byte[16];
  61.         System.arraycopy(encryptedPassword1, 0, iv, 0, 16);
  62.         int encryptedPasswordlength = encryptedPassword1.length - 16 ;
  63.         byte[] encryptedPassword2 = new byte[encryptedPasswordlength];
  64.         System.arraycopy(encryptedPassword1, 16, encryptedPassword2, 0, encryptedPasswordlength);
  65.         IvParameterSpec ivParameterSpec = new IvParameterSpec(iv);
  66.         Cipher outCipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
  67.         outCipher.init(Cipher.DECRYPT_MODE, secretKeySpec, ivParameterSpec);

  68.         byte[] cleartext = outCipher.doFinal(encryptedPassword2);

  69.         return new String(cleartext, "UTF-8");

  70.     }

  71.     public static String decrypt3DES(String SerializedSystemIni, String ciphertext) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidAlgorithmParameterException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException, IOException {

  72.         byte[] encryptedPassword1 = new BASE64Decoder().decodeBuffer(ciphertext);
  73.         byte[] salt = null;
  74.         byte[] encryptionKey = null;

  75.         String PW = "0xccb97558940b82637c8bec3c770f86fa3a391a56";

  76.         char password[] = new char[PW.length()];

  77.         PW.getChars(0, password.length, password, 0);

  78.         FileInputStream is = new FileInputStream(SerializedSystemIni);
  79.         try {
  80.             salt = readBytes(is);

  81.             int version = is.read();
  82.             if (version != -1) {
  83.                 encryptionKey = readBytes(is);
  84.                 if (version >= 2) {
  85.                     encryptionKey = readBytes(is);
  86.                 }
  87.             }


  88.         } catch (IOException e) {

  89.         }

  90.         SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("PBEWITHSHAAND128BITRC2-CBC");

  91.         PBEKeySpec pbeKeySpec = new PBEKeySpec(password, salt, 5);

  92.         SecretKey secretKey = keyFactory.generateSecret(pbeKeySpec);

  93.         PBEParameterSpec pbeParameterSpec = new PBEParameterSpec(salt, 0);

  94.         Cipher cipher = Cipher.getInstance("PBEWITHSHAAND128BITRC2-CBC");
  95.         cipher.init(Cipher.DECRYPT_MODE, secretKey, pbeParameterSpec);
  96.         SecretKeySpec secretKeySpec = new SecretKeySpec(cipher.doFinal(encryptionKey),"DESEDE");

  97.         byte[] iv = new byte[8];
  98.         System.arraycopy(salt, 0, iv, 0, 4);
  99.         System.arraycopy(salt, 0, iv, 4, 4);

  100.         IvParameterSpec ivParameterSpec = new IvParameterSpec(iv);
  101.         Cipher outCipher = Cipher.getInstance("DESEDE/CBC/PKCS5Padding");
  102.         outCipher.init(Cipher.DECRYPT_MODE, secretKeySpec, ivParameterSpec);

  103.         byte[] cleartext = outCipher.doFinal(encryptedPassword1);
  104.         return new String(cleartext, "UTF-8");

  105.     }

  106.     public static byte[] readBytes(InputStream stream) throws IOException {
  107.         int length = stream.read();
  108.         byte[] bytes = new byte[length];
  109.         int in = 0;
  110.         int justread;
  111.         while (in < length) {
  112.             justread = stream.read(bytes, in, length - in);
  113.             if (justread == -1) {
  114.                 break;
  115.             }
  116.             in += justread;
  117.         }
  118.         return bytes;
  119.     }
  120. }

参见https://github.com/NetSPI/WebLogicPasswordDecryptor,这里是整合了一下

阅读(436) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~
评论热议
请登录后评论。

登录 注册