array=[7,90,115,1,117,99,114,97,24]id=arraycode=list(b'))baa!!!(@@###qq')for i in range(len(code)):    id[i%9]=code[i]^id[i%9]idstr=''for i in range(9):    idstr+=chr(id[i])print(idstr)

for(int i=0;i<32;i++){    keyexpantion(key)    AES_CBC(code,key,iv)    iv=SubBytes(iv)    key^=iv    key=SbuBytes(key)    iv^=key}

from Crypto.Cipher import AESsbox = [[0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76],        [0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0, 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0],        [0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC, 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15],        [0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A, 0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75],        [0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0, 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84],        [0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B, 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF],        [0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85, 0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8],        [0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5, 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2],        [0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17, 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73],        [0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88, 0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB],        [0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C, 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79],        [0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9, 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08],        [0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6, 0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A],        [0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E, 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E],        [0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94, 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF],        [0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68, 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16]]def SubBytes(state):    return [sbox[i][j] for i,j in [(t>>4,t&0xf) for t in state]]def Bytesxor(data1,data2):    data1=list(data1)    data2=list(data2)    res=[]    for i in range(len(data1)):        res.append(data1[i]^data2[i])    return bytearray(res)key=bytearray(b'\x29\x23\xBE\x84\xE1\x6C\xD6\xAE\x52\x90\x49\xF1\xF1\xBB\xE9\xEB')iv=bytearray(b'\xB3\xA6\xDB\x3C\x87\x0C\x3E\x99\x24\x5E\x0D\x1C\x06\xB7\x47\xDE')keyarray=[]keyarray.append(key)ivarray=[]ivarray.append(iv)data=b'\xF6\x1C\xE3\xD7\xF9\xFB\x0B\x1A\x8B\xA2\x1D\xD8\x97\x94\x05\xC4\x6D\x97\xE7\x62\xB6\x7C\xEF\x9A\x88\x1B\xA4\x4D\xFD\xB0\xE4\x6E'for i in range(31):    iv=bytearray(SubBytes(iv))    key=Bytesxor(key, iv)    key=bytearray(SubBytes(key))    keyarray.append(key)    iv=Bytesxor(key, iv)    ivarray.append(iv)keyarray.reverse()ivarray.reverse()print(len(keyarray))for i in range(32):    key=keyarray[i]    iv=ivarray[i]    aes=AES.new(bytes(key), AES.MODE_CBC,bytes(iv))    data=aes.decrypt(data)print(data)'''iv=subbytes(iv)key=key^ivkey=subbytes(key)iv^=key''''''key29 23 BE 84 E1 6C D6 AE 52 90 49 F1 F1 BB E9 EB1B C5 C5 A8 42 4F 43 09 43 E8 0B 3C 0B C9 3B 4226 27 03 37 AE 17 98 5E 1D 76 5D 86 52 D4 15 5D20 56 F3 DF E4 A7 7E E5 70 68 69 D5 70 F7 F9 C9'''

# 往期推荐

1.内核、容器与eBPF攻防初探

2.CVE-2019-10999复现学习

3.怎样制作一个防止重打包的APK【反脱壳反HOOK】

4.CVE-2019-9081 Laravel5.7 反序列化 RCE复现

5.某火热区块链游戏(mir4)的一次通信协议分析

6.从分析一个赌球APP中入门安卓逆向、开发、协议分析