一. Base64加密原理:(摘自小聰大牛的博客)
把每三個字符,共24位2進制的ASCII碼,折分成連續4個6位的ASCII碼,再在每個ASCII碼前面補00變成8位, 最後對應一個碼錶來變成編碼字符:
碼錶爲(從0~63分別依次對應):
0對應A………………………………………………………………………………63對應/
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
如果最後不夠3位數,則補0,這時後面對應的編碼是“=”
例:原文: a b c
ASCII碼: 01100001 | 01100010 | 01100011
分成4個: 011000 | 010110 | 001001 | 100011
補足位數: 00011000 | 00010110 | 00001001 | 00100011
數值大小: 24 22 9 35
對應編碼: Y W J j
編碼結果: YWJj
如果只有ab兩個字符,則第三個字符用全0來代替,這時結果爲YWI=
其實按照算法,=對應的編碼其實也可以認爲是爲0,所以QQ==和QQAA用來解密的話,都是A,但是後面補0時用“=”是加密算法自己的設置,所以加密結果只能是QQ==而不會是QQAA
知道了加密原理,解密原理就反其道而行之就行了,呵呵……
二. 加密特徵:
大小寫字母及數字混排,末尾可能包含等號
三. Base64解密方法:
我們還是以一個實例來簡單講解base64解密方法,在實際的網馬解密中,這種加密方式很少見。今天我們提供一種解密的方法,
在這裏用到的解密工具爲:notepad++ 這個軟件(附件爲notepad++)。後續我們還會講解使用一些其他的解密工具來解密base64。
npp_5.4.5.0.rar (2.83 MB, 下載次數: 83)
YgBlAGcAaQBuADwAYgByAD4AMAA4ADEAMgAwADcALAAxACwAMQAsADEALAAyADAAMAAsADAALAAwACwAMQAwACwAOQAwACwAMAAsACwAMwAwACwALAAwACwAMQAsADEAMAAwACwAMQAsADAALAAxADgAMAAsADYAMAAsADEAMAAsADMALAAxADAALAAwACwAOQAwACwAMQAyADMANAAsADAAPABiAHIAPgAsAGgAdAB0AHAAOgAvAC8AdwB3AHcALgBjAG4AZwBnAC4AbwByAGcALwBhAGQALwBhAGQAMQAuAGUAeABlACwAYQBkADEALAAxADMAOQAwADAAMAAsADUAMAAwADAAMAAwACwAMQAsADEALAAsADsAaAB0AHQAcAA6AC8ALwB3AHcAdwAuAGMAbgBnAGcALgBvAHIAZwAvAGEAZAAvAG0AcwBuADAANwA0AC4AZQB4AGUALABtAHMAbgAsADEANAA3ADAAMAAwACwANQAwADAAMAAwADAALAAyACwAMQAsACwAOwBoAHQAdABwADoALwAvAHcAdwB3AC4AYwBuAGcAZwAuAG8AcgBnAC8AYQBkAC8AcQBxADIAMwAuAGUAeABlACwAcQBxACwANAA3ADAAMAAwACwANQAwADAAMAAwADAAMAAsADMALAAxACwALAA7ADwAYgByAD4APABiAHIAPgA2ADAAPABiAHIAPgA8AGIAcgA+ADwAYgByAD4APABiAHIAPgAxADEALAAxACwAMQAwADAALAAwAC0AMgA0ACwAMgA1ADAALAAxADAAMAAsACgAMAAsADAAOwApACwAMQAzADAALAA1ADAAMAAsACgAYQBsAGwAKQAsAGgAdAB0AHAAJQAzAEEALwAvAHcAdwB3AC4AdQBkADkAOQAuAGMAbwBtAC8AdAByAGEAYwBrAC4AYQBzAHAAeAAlADMARgB0AHkAcABlACUAMwBEAEMAUABBACUAMgA2AGkAZAAlADMARAA5ADkAMwAsACwAMAAsADAALAAwACwAMQAsADAALAAsADAAPABiAHIAPgAyADEAMAAwADAAMAAwACwAMQAwADAALAAwAC0AMgA0ACwAMAAsAGgAdAB0AHAAOgAvAC8AdwB3AHcALgB1AGQAOQA5AC4AYwBvAG0ALwB0AHIAYQBjAGsALgBhAHMAcAB4AD8AdAB5AHAAZQA9AEMAUABTACYAaQBkAD0AOQA5ADMAJgBjAG8AZABlAD0AMQAwADMAMQAyADMAMQAsAGgAdAB0AHAAJQAzAEEALwAvAHcAdwB3AC4AYgBhAGkAZAB1AC4AYwBvAG0ALwA8AGIAcgA+ADIAMQAwADAAMAAwADAALAAxADAAMAAsADAALQAyADQALAAwACwAaAB0AHQAcAA6AC8ALwB3AHcAdwAuAHUAZAA5ADkALgBjAG8AbQAvAHQAcgBhAGMAawAuAGEAcwBwAHgAPwB0AHkAcABlAD0AQwBQAFMAJgBpAGQAPQA5ADkAMwAmAGMAbwBkAGUAPQAxADAAMwAxADIAMwAxACwAaAB0AHQAcAAlADMAQQAvAC8AdwB3AHcALgAxADYAMwAuAGMAbwBtAC8APABiAHIAPgAyADEAMAAwADAAMAAwACwAMQAwADAALAAwAC0AMgA0ACwAMAAsAGgAdAB0AHAAOgAvAC8AdwB3AHcALgB1AGQAOQA5AC4AYwBvAG0ALwB0AHIAYQBjAGsALgBhAHMAcAB4AD8AdAB5AHAAZQA9AEMAUABTACYAaQBkAD0AOQA5ADMAJgBjAG8AZABlAD0AMQAwADMAMQAyADMAMQAsAGgAdAB0AHAAJQAzAEEALwAvAHcAdwB3AC4AcwBpAG4AYQAuAGMAbwBtAC8APABiAHIAPgAyADEAMAAwADAAMAAwACwAMQAwADAALAAwAC0AMgA0ACwAMAAsAGgAdAB0AHAAOgAvAC8AdwB3AHcALgB1AGQAOQA5AC4AYwBvAG0ALwB0AHIAYQBjAGsALgBhAHMAcAB4AD8AdAB5AHAAZQA9AEMAUABTACYAaQBkAD0AOQA5ADMAJgBjAG8AZABlAD0AMQAwADMAMQAyADMAMQAsAGgAdAB0AHAAJQAzAEEALwAvAHcAdwB3AC4AcwBvAGgAdQAuAGMAbwBtAC8APABiAHIAPgAyADEAMAAwADAAMAAwACwAMQAwADAALAAwAC0AMgA0ACwAMAAsAGgAdAB0AHAAOgAvAC8AdwB3AHcALgB1AGQAOQA5AC4AYwBvAG0ALwB0AHIAYQBjAGsALgBhAHMAcAB4AD8AdAB5AHAAZQA9AEMAUABTACYAaQBkAD0AOQA5ADMAJgBjAG8AZABlAD0AMQAwADMAMQAyADMAMQAsAGgAdAB0AHAAJQAzAEEALwAvAHcAdwB3AC4AdABhAG8AYgBhAG8ALgBjAG8AbQAvADwAYgByAD4AZQBuAGQAPABiAHIAPgA=
將上述代碼複製粘貼到notepad++,詳細步驟參看下例截圖:
接下來ctrl+a選中代碼,
點擊TextFX菜單下TextFXTools下的Base64 Decode後,
點擊file下的save as(另存爲),將代碼保存爲擴展名爲txt(文件名任意)的文件。
直接打開保存好的文檔即可看到解密後的內容。
最終的解密結果相見下圖,紅色框中內容均爲病毒的下載地址(可能已失效):