乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2013-05-02: 积极联系厂商并且等待厂商认领中,细节不对外公开 2013-07-31: 厂商已经主动忽略漏洞,细节向公众公开
这个bug能修改安卓 ios 所有版本的大掌门游戏数据,无限增强自己削弱敌人,通过这个bug的利用这款网络游戏已经没有区别了.
本地数据aes加密,战斗过程没有网络验证下面代码主要作用是解密游戏的数据并进行修改和2次加密处理完成后直接覆盖游戏数据文件就可达到随意修改游戏的目的,
from Crypto.Cipher import AESfrom Crypto import Randomimport osdef walk_dir(dirs): for root,dirs, files in os.walk( dirs ): for f in files: file_path = os.path.join( root,f ) file_path='%s'%file_path file_md5 = f if file_path.endswith('.s') or file_path.endswith('.c'): encryptorDZM(file_path,file_path+'encry') try: encryptorDZM(file_path,file_path+'encry') except: print 'error at %s' % file_pathdef encryptorDZM(filein, fileout): key = "2IG'csN3B:R)l*?roi*zlkjRikfZ/fax" mode = AES.MODE_CBC encryptor = AES.new(key, mode,'0000000000000000') fhandle = open(filein,'rb') cryptorbuffer = fhandle.read() fhandle.close() decryptorbuffer = encryptor.decrypt(cryptorbuffer) fwritehandle = open(fileout,'w+b') fwritehandle.write(decryptorbuffer) fwritehandle.close()def fuckDZM(filein, fileout): key = "2IG'csN3B:R)l*?roi*zlkjRikfZ/fax" mode = AES.MODE_CBC encryptor = AES.new(key, mode,'0000000000000000') fhandle = open(filein,'rb') cryptorbuffer = valueFuck(fhandle.read()) cryptorbuffer = valueFuck2(cryptorbuffer) cryptorbuffer = valueFuck3(cryptorbuffer) fhandle.close() decryptorbuffer = encryptor.encrypt(cryptorbuffer) fwritehandle = open(fileout,'wb') fwritehandle.write(decryptorbuffer) fwritehandle.close()def makefakestr(strin): strout = ' 1' while 1: if len(strin) > len(strout): strout = strout+' ' #makefakestr(strout) else: return stroutdef valueFuck3(buffervalue): valueindex = buffervalue.index(r'"magic":') print buffervalue[valueindex+len(r'"magic":'):].split(',')[0] valuelist = buffervalue.split(r'"magic":') fuckbuffer = buffervalue for valuesig in valuelist: #if len(valuesig.split(',')[0]) < 6: print r'"magic":'+valuesig.split(',')[0] print r'"magic":'+makefakestr(valuesig.split(',')[0]) fuckbuffer = fuckbuffer.replace(r'"magic":'+ valuesig.split(',')[0],r'"magic":'+makefakestr(valuesig.split(',')[0])) print len(fuckbuffer) print len(buffervalue) return fuckbufferdef valueFuck2(buffervalue): valueindex = buffervalue.index(r'"attack":') print buffervalue[valueindex+len(r'"attack":'):].split(',')[0] valuelist = buffervalue.split(r'"attack":') fuckbuffer = buffervalue for valuesig in valuelist: #if len(valuesig.split(',')[0]) < 6: print r'"attack":'+valuesig.split(',')[0] print r'"attack":'+makefakestr(valuesig.split(',')[0]) fuckbuffer = fuckbuffer.replace(r'"attack":'+ valuesig.split(',')[0],r'"attack":'+makefakestr(valuesig.split(',')[0])) print len(fuckbuffer) print len(buffervalue) return fuckbufferdef valueFuck(buffervalue): valueindex = buffervalue.index(r'"health":') print buffervalue[valueindex+len(r'"health":'):].split(',')[0] valuelist = buffervalue.split(r'"health":') fuckbuffer = buffervalue for valuesig in valuelist: #if len(valuesig.split(',')[0]) < 6: print r'"health":'+valuesig.split(',')[0] print r'"health":'+makefakestr(valuesig.split(',')[0]) fuckbuffer = fuckbuffer.replace(r'"health":'+ valuesig.split(',')[0],r'"health":'+makefakestr(valuesig.split(',')[0])) print len(fuckbuffer) print len(buffervalue) return fuckbufferif __name__ == '__main__': #valueFuck(open(r'E:\DZMipad\91_release.app\release\176\f3692980f34eb0438348faeaae0ae0c90094B0.cencry').read()) walk_dir(r'E:\DZMipad'); filefuck = open(r'E:\DZMipad\jianghu.txt') for filename in filefuck: infile = r'E:\DZMipad\release' + '\\' + filename.replace('/','\\')[:-1] + 'encry' outfile = infile + '.fuck' print infile print outfile #fuckDZM(infile,outfile) try: fuckDZM(infile,outfile) except: pass
增强网络验证,祝大坑门越来越好.
未能联系到厂商或者厂商积极拒绝
