前言

环境搭建

解读配置文件

Untitled

Untitled

Untitled

解析配置文件

Untitled

offset = 0
version = 0
if file[0] == "\\xD0"
    offset = 2
else
    offset = 9
    version = 1
end
index = 0
buffer = ''
email_info = {}
while index < file.length
    if (file[index] && file[index] > "\\x20" && file[index] < "\\x7f" && file[index] != "\\x3d")
        buffer += file[index]
        if ['Email', 'IncomingServer', 'OutgoingServer', 'Password'].include?(buffer)
            email_info[buffer] = find_string(file, index + offset) || nil
        elsif ['IncomingPort', 'OutgoingPort'].include?(buffer)
            email_info[buffer] = find_string(file, index + 5, 2) || nil
        elsif ['InComingSSL', 'OutgoingSSL'].include?(buffer)
            email_info[buffer] = find_string(file, index + 5, 2) == 1 || false
        else
            pass
        end
    else
        buffer = ''
    end
    index += 1
end
def find_string(file, offset, length = 0)
    result_string = ''
    if length == 0
        while (file[offset] > "\\x20" && file[offset] < "\\x7f")
            result_string << file[offset]
            offset += 1
        end
        return result_string
    elsif offset && length != 0
        return file[offset, length].unpack1('S!*') # port or ssl
    else
        return nil
    end
end

解密算法

def foxmail_crypto(version, ciphertext)
    miag_crypt = '~draGon~'
    v7_miag_crypt = '~F@7%m$~'
    fc0 = '5A'.to_i(16)
    if version == 1
        miag_crypt = v7_miag_crypt.unpack('c*')
        fc0 = '71'.to_i(16)
    end
    size = ciphertext.length / 2
    index = 0
    b = []
    (0..size).step(1) do |i|
        b[i] = ciphertext[index, 2].to_i(16)
        index += 2
    end
    b = b[0..-2]
    cc = []
    cc[0] = b[0] ^ fc0
    cc[1..-1] = b[1..-1]
    while miag_crypt.length < b.length
        new_miag_crypt = miag_crypt * 2
        miag_crypt = new_miag_crypt
    end
    d = []
    (1..b.length).each do |i|
        d[i - 1] = b[i] ^ miag_crypt[i - 1]
    end
    d[-1] = 0
    e = []
    (0..d.length - 1).each do |i|
        if (d[i] - cc[i] < 0)
            e[i] = d[i] + 255 - cc[i]
        else
            e[i] = d[i] - cc[i]
        end
    end
    e = e[0..-2]
    # require 'pry'; binding.pry
    return e.pack('C*')
end

使用演示

Untitled

参考:

https://wenku.baidu.com/view/1fcaf49cda38376baf1faeff#

https://github.com/jacobsoo/FoxmailRecovery/

Powered by Kali-Team