"Krpano" Encryption XML manual decryption analysis

Krpano allows the XML file to be encrypted, and the XML is protected accordingly. There are two types of encryption, the first of which is public encryption, which allows other Krpano to read the XML in a panorama, while the other is private, allowing only encrypted users to read the XML. The algorithms for two encryption methods are consistent, except that public encryption uses a common decryption key, while private encryption is encrypted based on a user's own key.

However, since Krpano can run in the browser, XML will appear in memory during parsing, so you can extract the decrypted XML using browser debugging techniques.

A typical, extra-dense XML file is as follows

1	<encrypted>KENCRUBR6XHk18l9V8NcuX33cW/5TK3svI6......</encrypted>

Tagged with <encrypted></encrypted>, while the first three letters of the ciphertext are Ken

Manual decryption of XML detailed steps

The manual decryption analysis is carried out as an example of http://vr.pacificparkbrooklyn.com/in a Panorama project on the Web site:

1, open the URL in Chrome, press F12 to open the debugging interface, on the network page can be viewed to an encrypted XML

2. Open the Source tab, locate the Ppb.js, format the code ({} button), and navigate to the position of line 500,499,436 to add a breakpoint

3. Re-refresh the page, the code will be interrupted at that location, continue to execute the code, when the code stops at 436 lines of eval, click the Step Into button to enter the function

4. After entering the function, the function is formatted, the CTRL+F search "Ken", you can find a function, the function is the decryption function

5. Add a breakpoint at the beginning and end of the function, and click Execute multiple times until the encrypted file name appears

6. Execute to the end of the function, you can see the decrypted XML in memory, enter the variable name n in the console window to complete the decrypted XML, you can copy it from the console, save it locally.

As can be seen, Krpano is not ideal for XML protection, and if you want to get stronger protection, consider the following several aspects

1. Consider the processing of Ken, the encrypted file header, to avoid being directly anchored to the decryption function when debugging

2. Consider changing the encryption and decryption algorithm to prevent automatic decryption by the software

3. Consider the fragment decryption, not in memory somewhere in the full decrypted XML, increase the difficulty of decryption

If you want to use the software to automatically decrypt the XML file, you can refer to this article Http://rentu.azurewebsites.net/post/2016/08/23/krpano-krpano-xml

Latest Blog Address:http://blog.turenlong.com/

"Krpano" Encryption XML manual decryption analysis