fortifySCA内置规则破解到简单⼯具开发使⽤
摘要:前⼏天⽆意间有个⼩伙伴问我要fortify 内置最新规则,突然觉得内置规则既然能扫描代码缺陷,⽽他本质上是使⽤xml语⾔和内置源语⾔来编写的,⼼想能不能将其还原为xml⽂件,这样⾃定义规则的时候可以进⾏参考,少⾛弯路。说⼲就⼲,下⾯贴上具体步骤。
1. 既然猜测是通过解析xml规则来对代码进⾏静态分析的,所以,fortify内部肯定对加密规则进⾏了解密,将其转化为xml进⾏静态扫描分析。所以先进⾏⼀个初步搜索fortify相关jar包。在everything中输⼊ fortfiy*.jar,找到和fortify相关的jar包。最可疑的jar应该就是fortify-crypto-1.0.jar(因为已经开发好了jar包,所以后续也会搜到⼀些重复的内容)
2.将fortify-common-20.1.1.0007.jar fortify-crypto-1.0.jar fortify-public-20.1.1.0007.jar导⼊idea中,然后进⾏相关加密解密关键字搜索encrypt,decrypt,crypto后发现如下⽅法⽐较疑似。分析后,其实CryptoUtil中的⽅法更像是解密⼀个⽂件格式,因为他使⽤到了inputStream IO操作。
3.直接定位到CryptoUtil⼯具类中,查下这⼏个⽅法,发现调⽤关系是,先解密然后再解压缩。具体代码可以反编译jar包看源码。就不在赘述。
decryptCompresd(InputStream encrypted, String keyString)----->readHeaders(InputStream encrypted)------->decryptCompresdAfterHeaders(InputStr
4.测试分析结果是否正确。随便找⼀个内置规则解析⼀下,发现结果是对的。
5.直接把他的⼯具类考进项⽬使⽤即可,都省了引⼊jar包了。核⼼代码如下所⽰,⾥⾯有swing组件的东西,⽤的时候可以删除掉package com.lanju.decry;
import com.lanju.ui.CommonComponent;
import java.io.*;
潇洒风流public class FortifyRuleDecrypter {
private String ruleDir;
private String saveDir;
private String information;
public FortifyRuleDecrypter(String ruleDir, String saveDir) {
this.ruleDir = ruleDir;
this.saveDir = saveDir;
}
public void doDecrypt() {
File encryptRule = new File(ruleDir);
// 传⼊的是⽂件
if (encryptRule.isFile()) {
if (Name().endsWith(".bin")) {
decryptRule(encryptRule, new File(saveDir + File.parator + Name() + ".xml"));
} el {
CommonComponent.jTextArea.append("[-] The rule file suffix is.bin!");
System.out.println("[-] The rule file suffix is.bin!");
}
}
//传⼊是⽬录
if (encryptRule.isDirectory()) {
File[] listFile = encryptRule.listFiles();
for (File file : listFile) {
if (Name().endsWith(".bin")) {
File saveName = new File(saveDir + File.parator + Name().replace(".bin", "") + ".xml");
decryptRule(file, saveName);
}
}
}
}
}
public void decryptRule(File encFile, File decFile) {
try {
//调⽤decryptCompresd()对规则库进⾏解密
InputStream ruleStream = CryptoUtil.decryptCompresd(new FileInputStream(encFile), null);
OutputStream outputStream = new FileOutputStream(decFile);
byte[] b = new byte[1024];
while ((ad(b)) != -1) {
outputStream.write(b);
垃圾分类主题画}
ruleStream.clo();
outputStream.clo();
//System.out.println(String.format("[+] success %s -> %s", Name(), AbsolutePath()));公休假国家规定天数
information = String.format("[+] success %s -> %s", Name(), AbsolutePath()+"\r\n");
CommonComponent.jTextArea.append(information);
} catch (Exception e) {
//System.out.println(String.format("[-] fail %s -> %s", Name(), AbsolutePath()));
String infomation2 = String.format("[-] fail %s -> %s", Name(), AbsolutePath());
CommonComponent.jTextArea.append(infomation2);
e.printStackTrace();
}
}
public static void main(String[] args) {
//只接受两个参数
如何看五行缺什么/* if (args.length != 2) {
System.out.println("Usage: java -jar FortifyRuleDecrypter.jar [rule_dir|rule_file] <save_dir>");
}
FortifyRuleDecrypter decrypter = new FortifyRuleDecrypter(args[0], args[1]);
decrypter.doDecrypt();*/
}
}
将其打个jar包可以解密⽂件了。为了进⼀步有个友好的操作,想加个界⾯,看了⼀下午的swing组件开发,决定写⼀个。5,swing组件没啥说的,这个建议⼤家不⽤深究了,因为都没⼈⽤了,直接贴上代码吧
package com.lanju.ui;
import com.lanju.decry.FortifyRuleDecrypter;
import javax.swing.*;
import java.awt.event.ActionEvent;
import java.awt.event.ActionListener;
public class CommonComponent extends JFrame {
private JPanel jPanel1, jPanel2, jPanel3;
private JButton jButton1, jButton2, jButton3;
private JScrollPane scroll;
private JLabel name1, name2;
private JTextField field1, field2;
public static JTextArea jTextArea;
private static CommonComponent frame;
public CommonComponent() {
//初始化四个panel对象
怎么区分前鼻音和后鼻音
jPanel1 = new JPanel();
jPanel2 = new JPanel();
jPanel3 = new JPanel();
name1 = new JLabel("encrypt-rule:");
// ⽂本域
field1 = new JTextField(30);
//按钮
jButton1 = new JButton("选择路径");
jPanel1.add(name1);
jPanel1.add(field1);
jPanel1.add(jButton1);
this.add(jPanel1);
// 标签
name2 = new JLabel("decrypt-rule:");
// ⽂本域
field2 = new JTextField(30);
//按钮
佳木斯是几线城市jButton2 = new JButton("选择路径");
jPanel2.add(name2);
jPanel2.add(field2);
英语儿歌歌词
jPanel2.add(jButton2);
this.add(jPanel2);
//按钮
jButton3 = new JButton("开始解密");
jPanel3.add(jButton3);
this.add(jPanel3);
//下⽅显⽰信息
jTextArea = new JTextArea(1, 1);
//把定义的JTextArea放到JScrollPane⾥⾯去
scroll = new JScrollPane(jTextArea);
//分别设置⽔平和垂直滚动条⾃动出现
scroll.tVerticalScrollBarPolicy(
JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED);
jTextArea.tLineWrap(true);
this.add(scroll);
init();
}
public void init() {
//选择加密规则路径
jButton1.addActionListener(new ActionListener() {
@Override
public void actionPerformed(ActionEvent e) {
chooiceDirPath(field1);
}
});
//选择解密路径
jButton2.addActionListener(new ActionListener() {
@Override
白帝城托孤public void actionPerformed(ActionEvent e) {
chooiceDirPath(field2);
}
});
jButton3.addActionListener(new ActionListener() {
