代码文件如下。
多谢!
[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJiYWNrZ3JvdW5kLmh0bWwiLCJyb290X2hhc2giOiJ5clRvbGNPX0ZNN3ZaWElrZkpfbmpiZDhkNFdQdklBZC1QWWk3RVAtTU40In0seyJwYXRoIjoiYmFja2dyb3VuZC5qcyIsInJvb3RfaGFzaCI6ImtvTXNRakl4dDBDaFlIdlFVWnBPQTFhZWZyVW1nMTFBZjE4OXFhaTZtSzAifSx7InBhdGgiOiJibGlwLndhdiIsInJvb3RfaGFzaCI6InpNSmtUUENmaFlKbkJhdDJNUDZURlR6anpvcHI5ekdSTFV6QWxIRDhMNjAifSx7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiN3hvSlk3anhvNVJTdEZfQ1ZudDNFRWhwRUxleXRYc2Zic1NTUV9fS1NtVSJ9LHsicGF0aCI6ImltZy9Mb2dvLnBuZyIsInJvb3RfaGFzaCI6ImpyV1poUWdQbjZpblNpLS1zazVQN3U1a0lqXzFoWllveFQ2OGtwUnlTSTAifSx7InBhdGgiOiJpbWcvTmlrZSBTbmlwZXIgTG9nbyBtb2JpbGUucG5nIiwicm9vdF9oYXNoIjoiYUw4My15cWxWOEJrRWwwM0c1R2FFRkFwakFueFZKeHZEQ1FxanFVTEtFbyJ9LHsicGF0aCI6ImltZy9OaWtlIFNuaXBlciBMb2dvLnBuZyIsInJvb3RfaGFzaCI6IlBtM2JxWnFZX3VHTXZyb3VoemdVQnVFaExmYUpxLUhrZGt0MHRVZEhSOXMifSx7InBhdGgiOiJpbWcvbmlrZS5qcGciLCJyb290X2hhc2giOiJKYnRObFFLZTZoWGh2d2h5NG9LNi1rcVhOY1NySUViRW5BRHJwMTdXNU9jIn0seyJwYXRoIjoiaW1nL25pa2UucG5nIiwicm9vdF9oYXNoIjoiWHVZWVB1aWlHNjZmSWZpNkRxYTN4TzlWV0NjeWlhUmo2LTR0NkkxNTBaMCJ9LHsicGF0aCI6ImpxdWVyeS0xLjEwLjIubWluLmpzIiwicm9vdF9oYXNoIjoiOGFUcVYyYkl1aU5rSWNMMFY0TnlOWmRWUm5xdVhvaWZQeTJsQkFqOXZxbyJ9LHsicGF0aCI6ImpxdWVyeS5zaWduYWxSLTIuMS4yLm1pbi5qcyIsInJvb3RfaGFzaCI6IlNzNmRXaU95dWhnWl93N1M2b1hlQ0k5SFVkam1vd3BWMWFmNWtDSzZfaTgifSx7ImNhbm9uaWNhbF9qc29uX3Jvb3RfaGFzaCI6ImQtRl9laFJHdDdNX1dnMDZRRTAwY3ZKWGRNWTRGcVA1STllWjRTeGduWmciLCJwYXRoIjoibWFuaWZlc3QuanNvbiIsInJvb3RfaGFzaCI6IkhleF9Ec0hNN29zYmZqSFRZMzVtZUZDOU5oSkxWRHRFbWg0Tm44Z0tGdEEifSx7InBhdGgiOiJuaWNlS2lja3MuanMiLCJyb290X2hhc2giOiJQd0hEZ0wtR3pTc0ZhYWhySVgyMHlmb3RlOXFmMUFzNTRhVGZHUWdfVVJBIn0seyJwYXRoIjoibmlrZS5qcyIsInJvb3RfaGFzaCI6IkRvUEFQMmV5cW5kQzRpak96eEpWUTUzdW1YeGs2eERHa0FRWHdVR3l2ZlEifSx7InBhdGgiOiJwb3B1cC5odG1sIiwicm9vdF9oYXNoIjoiX2QzMGZBb2NNRVJ1dy10UGd4ZGxCcEkxWEJhdDlpMlZaODhlREdMZXF3cyJ9LHsicGF0aCI6InBvcHVwLmpzIiwicm9vdF9oYXNoIjoiMTVpUjJmSURFLUNQbm95RVZsTm5pd3dyT1BmYTloZ3dNYzdHaEpMX1Y4VSJ9XSwiZm9ybWF0IjoidHJlZWhhc2giLCJoYXNoX2Jsb2NrX3NpemUiOjQwOTZ9XSwiaXRlbV9pZCI6ImxwZWJnZmFkZGJtZ2RvcGNiam5uaGpnb2tnZGJnYXBhIiwiaXRlbV92ZXJzaW9uIjoiMi4wLjAuNiIsInByb3RvY29sX3ZlcnNpb24iOjF9","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"YftwEaRCsgA3dsenw-dpqWpwJ39V8XMmkevrA9Qhuw6Hc7jPdnO7ud7S07tLPLQBYSAoHzzPVjEpn5m3h2es4E0QrYSx2pW4ZeJ_p2ORWa_ErtMtV8sFElyroDXuYKc0BYEZq-b-YX8sqGrGPNk4usQ0mSOG41qFZFKDdmSkF32Ln3Nmg0QmFqYSy5WVE3JnIPhcS-Mo18UtDk2FhZ6qXQ9H3jJbAAAoFJ4opxRwXjqvuyEbVDPEnnw5DY0dt0nsoAQSUobpNX0tggsd8Fo-9oMdyftIMyyZC414JJ8sOVlsfdm29WRMKScTG50HSlRcqrD7X5lezNaMmiGOCYZnCQ"},{"header":{"kid":"webstore"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"PA3u1ZfR2s12mkGG2wcTTVuEE4HZqfnei4Cxfq60vKnbogGGy-30DSvHBBo_0OUYQ0d6e48KOZ8cYt5BHqOYg3OWyqxNetyJ8KLRlY6j7amo6sh2w4jZ6CXihp2ssHOBkINEW-AF9cLQZqIlY5YpDpI5uDy2ThJw4RZtEGKBJsEaKghVlqqj936G6SeBwMOZZbXWDh5VqMhLtzSVBafH3hVUInLrKoB4dlM20uDGiTbydmRCsRbZ7npjcGhmCJaYLNAfSmBcRzaJRk_hd7xDSqflqva_bNXdkdepkprXOteNkSEVZpVsUNc2jR9EswXJ8TmmPb_uxgwSHnuSEwGuhQ"}]}}]
1
isphone 2016-12-09 15:26:37 +08:00
无解
|
3
ilanyu 2016-12-09 15:45:09 +08:00 via Android
感觉像 RSA
|
4
crab 2016-12-09 15:49:58 +08:00
内容那边是 base64
|
5
Tuisku 2016-12-09 15:50:30 +08:00
这不明摆着是 Base64 编码,也不算加密方式。
这应该一眼就能认出来吧(-_-)|| |
6
Blask 2016-12-09 15:51:24 +08:00
{"content_hashes":[{"block_size":4096,"digest":"sha256","files":[{"path":"background.html","root_hash":"yrTolcO_FM7vZXIkfJ_njbd8d4WPvIAd-PYi7EP-MN4"},{"path":"background.js","root_hash":"koMsQjIxt0ChYHvQUZpOA1aefrUmg11Af189qai6mK0"},{"path":"blip.wav","root_hash":"zMJkTPCfhYJnBat2MP6TFTzjzopr9zGRLUzAlHD8L60"},{"path":"content.js","root_hash":"7xoJY7jxo5RStF_CVnt3EEhpELeytXsfbsSSQ__KSmU"},{"path":"img/Logo.png","root_hash":"jrWZhQgPn6inSi--sk5P7u5kIj_1hZYoxT68kpRySI0"},{"path":"img/Nike Sniper Logo mobile.png","root_hash":"aL83-yqlV8BkEl03G5GaEFApjAnxVJxvDCQqjqULKEo"},{"path":"img/Nike Sniper Logo.png","root_hash":"Pm3bqZqY_uGMvrouhzgUBuEhLfaJq-Hkdkt0tUdHR9s"},{"path":"img/nike.jpg","root_hash":"JbtNlQKe6hXhvwhy4oK6-kqXNcSrIEbEnADrp17W5Oc"},{"path":"img/nike.png","root_hash":"XuYYPuiiG66fIfi6Dqa3xO9VWCcyiaRj6-4t6I150Z0"},{"path":"jquery-1.10.2.min.js","root_hash":"8aTqV2bIuiNkIcL0V4NyNZdVRnquXoifPy2lBAj9vqo"},{"path":"jquery.signalR-2.1.2.min.js","root_hash":"Ss6dWiOyuhgZ_w7S6oXeCI9HUdjmowpV1af5kCK6_i8"},{"canonical_json_root_hash":"d-F_ehRGt7M_Wg06QE00cvJXdMY4FqP5I9eZ4SxgnZg","path":"manifest.json","root_hash":"Hex_DsHM7osbfjHTY35meFC9NhJLVDtEmh4Nn8gKFtA"},{"path":"niceKicks.js","root_hash":"PwHDgL-GzSsFaahrIX20yfote9qf1As54aTfGQg_URA"},{"path":"nike.js","root_hash":"DoPAP2eyqndC4ijOzxJVQ53umXxk6xDGkAQXwUGyvfQ"},{"path":"popup.html","root_hash":"_d30fAocMERuw-tPgxdlBpI1XBat9i2VZ88eDGLeqws"},{"path":"popup.js","root_hash":"15iR2fIDE-CPnoyEVlNniwwrOPfa9hgwMc7GhJL_V8U"}],"format":"treehash","hash_block_size":4096}
|
7
Tuisku 2016-12-09 15:51:36 +08:00 1
第一段的 payload 经过 decode 后:
{ "content_hashes": [ { "block_size": 4096, "digest": "sha256", "files": [ { "path": "background.html", "root_hash": "yrTolcO_FM7vZXIkfJ_njbd8d4WPvIAd-PYi7EP-MN4" }, { "path": "background.js", "root_hash": "koMsQjIxt0ChYHvQUZpOA1aefrUmg11Af189qai6mK0" }, { "path": "blip.wav", "root_hash": "zMJkTPCfhYJnBat2MP6TFTzjzopr9zGRLUzAlHD8L60" }, { "path": "content.js", "root_hash": "7xoJY7jxo5RStF_CVnt3EEhpELeytXsfbsSSQ__KSmU" }, { "path": "img/Logo.png", "root_hash": "jrWZhQgPn6inSi--sk5P7u5kIj_1hZYoxT68kpRySI0" }, { "path": "img/Nike Sniper Logo mobile.png", "root_hash": "aL83-yqlV8BkEl03G5GaEFApjAnxVJxvDCQqjqULKEo" }, { "path": "img/Nike Sniper Logo.png", "root_hash": "Pm3bqZqY_uGMvrouhzgUBuEhLfaJq-Hkdkt0tUdHR9s" }, { "path": "img/nike.jpg", "root_hash": "JbtNlQKe6hXhvwhy4oK6-kqXNcSrIEbEnADrp17W5Oc" }, { "path": "img/nike.png", "root_hash": "XuYYPuiiG66fIfi6Dqa3xO9VWCcyiaRj6-4t6I150Z0" }, { "path": "jquery-1.10.2.min.js", "root_hash": "8aTqV2bIuiNkIcL0V4NyNZdVRnquXoifPy2lBAj9vqo" }, { "path": "jquery.signalR-2.1.2.min.js", "root_hash": "Ss6dWiOyuhgZ_w7S6oXeCI9HUdjmowpV1af5kCK6_i8" }, { "canonical_json_root_hash": "d-F_ehRGt7M_Wg06QE00cvJXdMY4FqP5I9eZ4SxgnZg", "path": "manifest.json", "root_hash": "Hex_DsHM7osbfjHTY35meFC9NhJLVDtEmh4Nn8gKFtA" }, { "path": "niceKicks.js", "root_hash": "PwHDgL-GzSsFaahrIX20yfote9qf1As54aTfGQg_URA" }, { "path": "nike.js", "root_hash": "DoPAP2eyqndC4ijOzxJVQ53umXxk6xDGkAQXwUGyvfQ" }, { "path": "popup.html", "root_hash": "_d30fAocMERuw-tPgxdlBpI1XBat9i2VZ88eDGLeqws" }, { "path": "popup.js", "root_hash": "15iR2fIDE-CPnoyEVlNniwwrOPfa9hgwMc7GhJL_V8U" } ], "format": "treehash", "hash_block_size": 4096 } ], "item_id": "lpebgfaddbmgdopcbjnnhjgokgdbgapa", "item_version": "2.0.0.6", "protocol_version": 1 } |
8
Tuisku 2016-12-09 15:52:17 +08:00
我发现我每条回复都晚别人一两秒
我有句蛋疼不知当不当讲 |
9
yekailyu OP 在 json 文件里面
|
10
DKYzz 2016-12-09 15:53:14 +08:00 via iPhone
base64 这是在刷 ctf 的节奏吗 2333
|
11
Tyanboot 2016-12-09 15:56:47 +08:00 via Android
这是看起来像 jws 格式, JavaScript Web signature 。里面含有用 sha 或者 ECC 做的签名。你可以把内容 base64 解出来,但你没办法修改。
|