PXE2 发表于 2009-7-15 14:37:46

迅雷协议分析--多链接资源获取(ZF)

回复包解密后,里面带着的链接地址就是P2SP的多个可供下载的服务器的链接地址.
而且回复里面包含一些文件相关的信息,比如SHA-1 HASH值之类的,大家有兴趣的话,可以自
已分析它的包的结构,我下篇文章分析它的包结构,呵呵:)

注意,上面的发送包和回复包不是关联的,因为我调试的时候没有把它们关取在一起,送了不同的包进行分析的.

好了,客户端与服务器之间的获取多个下载源的加密通信过程就到此结束了,这儿我主要的只介绍
它们通信的加密算法而已,具体其它的协议以后有时间再发.

                时间仓促,如有不足之处,还请多多指教.

最后附上加解密的源代码.
#include <stdio.h>
#include <string.h>
#include <openssl/aes.h>
#include "thunder-md5.h"


unsigned char thunder[]={
         0x34, 0x00, 0x00, 0x00, 0x96, 0x00, 0x00, 0x00,0x80,0x00,
         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
         0x00,0x00,0x00,0x00,0x40,0x00,0x00,0x00,0x00,0x00,0x00,0x00};

unsigned char thunder_md5_pad[]={
         0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
         0x00,0x00,0x00,0x00,0x00,0x00,0x40,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
unsigned char thunder_AES_key;//thunder MD5 padding data

unsigned char in[]={0x02,0x3A,0xA0,0x8A,0x5E
,0x52,0x22,0xAC,0x5E,0xFA,0xC8,0xF6,0x54,0xE8,0xDC,0x9A,0xBC,0xE6,0x78,0x11,0xD9
,0x59,0xC3,0xE8,0x64,0x8E,0xB8,0x93,0xEA,0xE7,0x43,0x28,0xBA,0x16,0xFF,0xC4,0xA9
,0xDC,0xAB,0x26,0x7C,0x56,0x08,0x47,0xD9,0xA9,0x37,0xF6,0xC1,0x3A,0x7B,0x68,0xC8
,0x11,0x74,0x9D,0x62,0x6D,0x4C,0x6C,0xE7,0xAD,0x08,0x46,0x70,0x31,0xAC,0x97,0x34
,0xAE,0x15,0x18,0x37,0xB3,0x97,0x32,0x91,0x13,0xF8,0xFB,0xAA,0x30,0x75,0x10,0x02
,0x78,0x8E,0xF6,0x38,0x1D,0x43,0x6B,0xB9,0xF4,0xDE,0xC4,0x09,0x23,0x3A,0x27,0x8B
,0xE6,0x2C,0x5D,0x87,0xBF,0x4C,0xBF,0xBF,0x54,0x15,0x4E,0xDB,0x8F,0x77,0x95,0xC0
,0x67,0xEE,0x1E,0xB4,0xB4,0x36,0xF6,0xEF,0xCF,0x96,0x77,0x1A,0xEA,0x9E,0x63,0x11
,0x40,0xFC,0xE1,0x23,0x81,0x90,0x92,0x5E,0xFE,0x23,0x36,0xFB,0x1A,0x23,0x37,0x9A
,0x7D,0x20,0x95,0xCA,0x47,0xC2,0xDA,0xE9,0xE8,0xFE,0x30,0x4C,0xA0,0xFE,0x4F,0x6E
,0xA0,0xA5,0x81,0x45,0xBA,0xAF,0x68,0xEE,0x60,0xA1,0xD5,0x00,0xA8,0xDC,0xCC,0x80
,0x84,0x0C,0x19,0xCF,0x81,0xB9,0x13,0xC0,0x13,0x07,0xE8,0x70,0x05,0x79,0x15,0xF5
,0xD5,0x2B,0x05,0xA1,0xDD,0x34,0xD8,0xD9,0xC3,0xE7,0x05,0x70,0x05,0x79,0x15,0xF5
,0xD5,0x2B,0x05,0xA1,0xDD,0x34,0xD8,0xD9,0xC3,0xE7,0x05,0x70,0x05,0x79,0x15,0xF5
,0xD5,0x2B,0x05,0xA1,0xDD,0x34,0xD8,0xD9,0xC3,0xE7,0x05,0x10,0x3A,0xCC,0x2F,0x13
,0xE1,0xE1,0x8C,0x7B,0xC9,0xC5,0x48,0xB3,0x85,0x73,0x55,0x87,0xEE,0x99,0x14,0x67
,0xB2,0x1B,0x01,0x1B,0x56,0x01,0x2F,0xFB,0x47,0x07,0x88,0xBD,0x4C,0xD2,0x1A,0x08
,0x14,0x42,0xF3,0xF5,0xC2,0x7C,0x26,0x9E,0x24,0x00,0xA4,0xEA,0x5F,0x20,0xFC,0xCA
,0x80,0xF6,0x9B,0xC9,0x28,0x5B,0x55,0x22,0x94,0x33,0x4F,0x3E,0x1B,0xC6,0x31,0x23
,0x82,0xB1,0x97,0x3E,0xC1,0x00,0x2F,0xEF,0xCE,0x06,0x7B,0xAA,0xCD,0xA6,0x61,0xF5
,0xC9,0x59,0x8E,0xDB,0xF6,0x49,0x73,0x9C,0xB9,0x08,0x05,0xC3,0x1E,0xEB,0xA6,0xD3
,0x0F,0xBB,0x86,0xFD,0xFC,0xCC,0x99,0x89,0x61,0xA9,0xB1,0xF9,0x30,0xC7,0x48,0xB1
,0x79,0x6C,0x75,0x26,0x8C,0xF5,0x46,0xF4,0x7F,0x04,0xED,0xD1,0x2B,0x16,0x2D,0x94
,0x2F,0x2C,0xDE,0x6E,0x7B,0x97,0xE7,0x28,0x8B,0xDA,0x0D};//Encrypt data
unsigned char out;
int main(int argc, char *argv[])
{
   
      MD5_CTX c;
      AES_KEY aes_key;
      int i,j;

      MD5Init(&c);
      Transform((unsigned long *)c.buf,(unsigned long*)thunder);
      strncpy((char*)&thunder_AES_key,(const char*)&c.buf,16);

      AES_set_decrypt_key((const unsigned char *)&thunder_AES_key,128,&aes_key);
      for ( i=0;i<sizeof(in)/16;i++)
      {
          AES_decrypt((const unsigned char *)&in,(unsigned char *)&out,&aes_key);
      }
   
      for ( i=0;i<sizeof(in)/16;i++)
      {
          for ( j=0;j<16;j++)
          {
            printf("%02x ",out);
          }
          printf("   ");
          for ( j=0;j<16;j++)
          {
            printf("%c",out);
          }
          printf("\n");
      }
   return 0;
}


http://hi.baidu.com/vessial/blog/item/c7791654b2a19b1a3b29352f.html

PXE2 发表于 2009-7-15 15:57:22

再来个linux下雷
http://blogimg.chinaunix.net/blog/upfile2/090715152206.gz

jiangtao9999 发表于 2009-7-15 19:29:16

太邪恶了。从底层开始搞讯雷,估计讯雷连喊疼的机会都没有了……

PXE2 发表于 2009-7-16 12:51:47

有兴趣的都可以下了测下

whistler_wmz 发表于 2009-7-16 13:20:58

PXE2 发表于 2009-7-16 17:12:08

这个配合的到的地址下的比真雷还快

http://code.google.com/p/multicurl/

wsm 发表于 2009-11-16 15:05:00

没看懂 这段代码是把迅雷的加密的回复地址转成可见的地址? 楼主准备开发个Linux迅雷?

sejishikong 发表于 2009-11-16 16:29:42

不是,是可以分析迅雷的协议,从而找到迅雷提供的镜像下载地址。

jiangtao9999 发表于 2009-11-16 17:09:28

最好还是能完美支持全部迅雷协议,雷雷互传的功能要比找镜像功能更重要。

sejishikong 发表于 2009-11-16 17:15:15

wine+迅雷。

whistler_wmz 发表于 2009-11-16 18:52:18

爱煞 发表于 2011-5-7 06:29:17

看著暈暈呼呼滴,還要多向各位前輩們學習啊

muwanqing 发表于 2011-7-21 23:39:13

高手呀:shock: :shock:

npcomet 发表于 2018-1-26 18:26:13

支持

sejishikong 发表于 2018-5-20 10:50:18

迅雷现在也基本不行了。
页: [1] 2
查看完整版本: 迅雷协议分析--多链接资源获取(ZF)