QQ登录

只需一步,快速开始

 找回密码
 注册

QQ登录

只需一步,快速开始

查看: 7599|回复: 15

迅雷协议分析--多链接资源获取(ZF)

[复制链接]
发表于 2009-7-15 14:37:46 | 显示全部楼层 |阅读模式
回复包解密后,里面带着的链接地址就是P2SP的多个可供下载的服务器的链接地址.
而且回复里面包含一些文件相关的信息,比如SHA-1 HASH值之类的,大家有兴趣的话,可以自
已分析它的包的结构,我下篇文章分析它的包结构,呵呵

注意,上面的发送包和回复包不是关联的,因为我调试的时候没有把它们关取在一起,送了不同的包进行分析的.

好了,客户端与服务器之间的获取多个下载源的加密通信过程就到此结束了,这儿我主要的只介绍
它们通信的加密算法而已,具体其它的协议以后有时间再发.

                时间仓促,如有不足之处,还请多多指教.

最后附上加解密的源代码.
#include <stdio.h>
#include <string.h>
#include <openssl/aes.h>
#include "thunder-md5.h"


unsigned char thunder[]={
         0x34, 0x00, 0x00, 0x00, 0x96, 0x00, 0x00, 0x00,0x80,0x00,
         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
         0x00,0x00,0x00,0x00,0x40,0x00,0x00,0x00,0x00,0x00,0x00,0x00};

unsigned char thunder_md5_pad[]={
         0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
         0x00,0x00,0x00,0x00,0x00,0x00,0x40,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
unsigned char thunder_AES_key[16];//thunder MD5 padding data

unsigned char in[]={0x02,0x3A,0xA0,0x8A,0x5E
,0x52,0x22,0xAC,0x5E,0xFA,0xC8,0xF6,0x54,0xE8,0xDC,0x9A,0xBC,0xE6,0x78,0x11,0xD9
,0x59,0xC3,0xE8,0x64,0x8E,0xB8,0x93,0xEA,0xE7,0x43,0x28,0xBA,0x16,0xFF,0xC4,0xA9
,0xDC,0xAB,0x26,0x7C,0x56,0x08,0x47,0xD9,0xA9,0x37,0xF6,0xC1,0x3A,0x7B,0x68,0xC8
,0x11,0x74,0x9D,0x62,0x6D,0x4C,0x6C,0xE7,0xAD,0x08,0x46,0x70,0x31,0xAC,0x97,0x34
,0xAE,0x15,0x18,0x37,0xB3,0x97,0x32,0x91,0x13,0xF8,0xFB,0xAA,0x30,0x75,0x10,0x02
,0x78,0x8E,0xF6,0x38,0x1D,0x43,0x6B,0xB9,0xF4,0xDE,0xC4,0x09,0x23,0x3A,0x27,0x8B
,0xE6,0x2C,0x5D,0x87,0xBF,0x4C,0xBF,0xBF,0x54,0x15,0x4E,0xDB,0x8F,0x77,0x95,0xC0
,0x67,0xEE,0x1E,0xB4,0xB4,0x36,0xF6,0xEF,0xCF,0x96,0x77,0x1A,0xEA,0x9E,0x63,0x11
,0x40,0xFC,0xE1,0x23,0x81,0x90,0x92,0x5E,0xFE,0x23,0x36,0xFB,0x1A,0x23,0x37,0x9A
,0x7D,0x20,0x95,0xCA,0x47,0xC2,0xDA,0xE9,0xE8,0xFE,0x30,0x4C,0xA0,0xFE,0x4F,0x6E
,0xA0,0xA5,0x81,0x45,0xBA,0xAF,0x68,0xEE,0x60,0xA1,0xD5,0x00,0xA8,0xDC,0xCC,0x80
,0x84,0x0C,0x19,0xCF,0x81,0xB9,0x13,0xC0,0x13,0x07,0xE8,0x70,0x05,0x79,0x15,0xF5
,0xD5,0x2B,0x05,0xA1,0xDD,0x34,0xD8,0xD9,0xC3,0xE7,0x05,0x70,0x05,0x79,0x15,0xF5
,0xD5,0x2B,0x05,0xA1,0xDD,0x34,0xD8,0xD9,0xC3,0xE7,0x05,0x70,0x05,0x79,0x15,0xF5
,0xD5,0x2B,0x05,0xA1,0xDD,0x34,0xD8,0xD9,0xC3,0xE7,0x05,0x10,0x3A,0xCC,0x2F,0x13
,0xE1,0xE1,0x8C,0x7B,0xC9,0xC5,0x48,0xB3,0x85,0x73,0x55,0x87,0xEE,0x99,0x14,0x67
,0xB2,0x1B,0x01,0x1B,0x56,0x01,0x2F,0xFB,0x47,0x07,0x88,0xBD,0x4C,0xD2,0x1A,0x08
,0x14,0x42,0xF3,0xF5,0xC2,0x7C,0x26,0x9E,0x24,0x00,0xA4,0xEA,0x5F,0x20,0xFC,0xCA
,0x80,0xF6,0x9B,0xC9,0x28,0x5B,0x55,0x22,0x94,0x33,0x4F,0x3E,0x1B,0xC6,0x31,0x23
,0x82,0xB1,0x97,0x3E,0xC1,0x00,0x2F,0xEF,0xCE,0x06,0x7B,0xAA,0xCD,0xA6,0x61,0xF5
,0xC9,0x59,0x8E,0xDB,0xF6,0x49,0x73,0x9C,0xB9,0x08,0x05,0xC3,0x1E,0xEB,0xA6,0xD3
,0x0F,0xBB,0x86,0xFD,0xFC,0xCC,0x99,0x89,0x61,0xA9,0xB1,0xF9,0x30,0xC7,0x48,0xB1
,0x79,0x6C,0x75,0x26,0x8C,0xF5,0x46,0xF4,0x7F,0x04,0xED,0xD1,0x2B,0x16,0x2D,0x94
,0x2F,0x2C,0xDE,0x6E,0x7B,0x97,0xE7,0x28,0x8B,0xDA,0x0D};//Encrypt data
unsigned char out[4096];
int main(int argc, char *argv[])
{
   
      MD5_CTX c;
      AES_KEY aes_key;
      int i,j;

      MD5Init(&c);
      Transform((unsigned long *)c.buf,(unsigned long*)thunder);
      strncpy((char*)&thunder_AES_key,(const char*)&c.buf,16);

      AES_set_decrypt_key((const unsigned char *)&thunder_AES_key,128,&aes_key);
      for ( i=0;i<sizeof(in)/16;i++)
      {
          AES_decrypt((const unsigned char *)&in[i*16],(unsigned char *)&out[i*16],&aes_key);
      }
     
      for ( i=0;i<sizeof(in)/16;i++)
      {
          for ( j=0;j<16;j++)
          {
              printf("%02x ",out[i*16+j]);
          }
          printf("     ");
          for ( j=0;j<16;j++)
          {
              printf("%c",out[i*16+j]);
          }
          printf("\n");
      }
     return 0;
}


http://hi.baidu.com/vessial/blog ... a19b1a3b29352f.html
 楼主| 发表于 2009-7-15 15:57:22 | 显示全部楼层
回复

使用道具 举报

发表于 2009-7-15 19:29:16 | 显示全部楼层
太邪恶了。从底层开始搞讯雷,估计讯雷连喊疼的机会都没有了……
回复

使用道具 举报

 楼主| 发表于 2009-7-16 12:51:47 | 显示全部楼层
有兴趣的都可以下了测下
回复

使用道具 举报

whistler_wmz 该用户已被删除
发表于 2009-7-16 13:20:58 | 显示全部楼层
提示: 作者被禁止或删除 内容自动屏蔽
回复

使用道具 举报

 楼主| 发表于 2009-7-16 17:12:08 | 显示全部楼层
这个配合的到的地址下的比真雷还快

http://code.google.com/p/multicurl/
回复

使用道具 举报

发表于 2009-11-16 15:05:00 | 显示全部楼层
没看懂 这段代码是把迅雷的加密的回复地址转成可见的地址? 楼主准备开发个Linux迅雷?
回复

使用道具 举报

发表于 2009-11-16 16:29:42 | 显示全部楼层
不是,是可以分析迅雷的协议,从而找到迅雷提供的镜像下载地址。
回复

使用道具 举报

发表于 2009-11-16 17:09:28 | 显示全部楼层
最好还是能完美支持全部迅雷协议,雷雷互传的功能要比找镜像功能更重要。
回复

使用道具 举报

发表于 2009-11-16 17:15:15 | 显示全部楼层
wine+迅雷。
回复

使用道具 举报

whistler_wmz 该用户已被删除
发表于 2009-11-16 18:52:18 | 显示全部楼层
提示: 作者被禁止或删除 内容自动屏蔽
回复

使用道具 举报

发表于 2011-5-7 06:29:17 | 显示全部楼层
看著暈暈呼呼滴,還要多向各位前輩們學習啊
回复

使用道具 举报

发表于 2011-7-21 23:39:13 | 显示全部楼层
高手呀
回复

使用道具 举报

发表于 2018-1-26 18:26:13 | 显示全部楼层
支持
回复

使用道具 举报

发表于 2018-5-20 10:50:18 | 显示全部楼层
迅雷现在也基本不行了。
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 注册

本版积分规则

GMT+8, 2024-3-28 19:18 , Processed in 0.053213 second(s), 15 queries .

© 2021 Powered by Discuz! X3.5.

快速回复 返回顶部 返回列表