Skip to content

附录 · 认证体系逆向工程命令索引

本文档收集第二章(认证体系)所有报告中使用的逆向工程命令与样本输出 日期: 2026-06-29


1. 基础字符串提取

bash
# 提取所有认证相关字符串
strings atomcode.bin.bak | grep -iE "oauth|pkce|authorization|token|auth" | grep -v "https\?://" | sort -u

# 提取平台服务器 URL
strings atomcode.bin.bak | grep -E "acs\.atomgit|platform.*server|ATOMCODE_PLATFORM" | sort -u
# 输出示例:
# ATOMCODE_PLATFORM_SERVER
# https://acs.atomgit.com

# 提取登录相关字符串
strings atomcode.bin.bak | grep -E "login_url|force_login|refresh_token|login_success" | sort -u
# 输出示例:
# login_url
# force_login=true
# refresh_token
# login_success

# 提取 OAuth 端点
strings atomcode.bin.bak | grep -E "/auth/|/token|/login|/logout" | grep -v "images/\|audio/" | sort -u
# 输出示例:
# /auth/status
# /auth/login
# /auth/token
# /auth/check

2. 结构体提取

bash
# 提取所有认证相关结构体
strings atomcode.bin.bak | grep -E "struct (StoredAuth|AuthInfo|UserInfo|Platform|Refreshed|TokenResponse|BrokerResponse|ClaimResponse|AuthorizationServer|ClientRegistration)" | sort -u
# 输出示例:
# struct AuthInfo with 6 elements
# struct StoredAuth with 4 elements
# struct UserInfo with 5 elements
# struct PlatformUserInfo with 5 elements
# struct PlatformTokenResponse with 5 elements
# struct PlatformLoginResponse with 2 elements
# struct PlatformCheckResponse with 1 element
# struct RefreshedAuth with 5 elements
# struct RefreshedUser with 5 elements
# struct BrokerResponse with 5 elements
# struct ClaimResponse with 3 elements
# struct AuthorizationServerMetadata with 5 elements
# struct ClientRegistrationResponse with 2 elements

3. Token 运行时验证

bash
# 1. 查看本地存储的 token 文件
cat ~/.atomcode/auth.toml
# 输出示例:
# access_token = "atc_xxxxx..."
# token_type = "Bearer"
# expires_at = 1748612345
# refresh_token = "atc_refresh_xxxxx..."

# 2. 提取 token 用于 API 测试
TOKEN=$(python3 -c "
import tomllib
with open('$HOME/.atomcode/auth.toml','rb') as f:
    print(tomllib.load(f)['access_token'])
")
echo "Token: ${TOKEN:0:20}..."

# 3. 验证认证状态
curl -s http://localhost:13456/auth/status | jq .
# 输出示例:
# {"status":"logged_in","user":{"id":"...","name":"..."}}

# 4. 测试未认证请求
curl -s -o /dev/null -w "%{http_code}" http://localhost:13456/chat \
  -H "Content-Type: application/json" \
  -d '{"message":"hi"}'
# 输出: 401

# 5. 测试已认证请求
curl -s -o /dev/null -w "%{http_code}" http://localhost:13456/chat \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"message":"hi"}'
# 输出: 200

4. Broker(代理)命令提取

bash
# 提取 Broker 相关字符串
strings atomcode.bin.bak | grep -iE "broker|claim|claim-v2|claiming|refused" | grep -v "https\?://" | sort -u
# 输出示例:
# claim
# claimed
# claiming segment
# Claim refused
# already claimed (or under review)
# CodingPlan already claimed
# CodingPlan claimed
# /coding-plan/claim-v2
# Failed to send refresh token request to broker
# Failed to parse broker response

# 提取认领端点
strings atomcode.bin.bak | grep -E "/coding-plan/|/claim" | sort -u
# 输出:
# /coding-plan/claim-v2

5. CodingPlan 加密层命令

bash
# 提取 CodingPlan 加密相关
strings atomcode.bin.bak | grep -iE "codingplan|crypto.*key|ecdsa|ed25519|signature|verify" | grep -v "crates/" | sort -u | head -20

# 提取 CodingPlan 源文件路径
strings atomcode.bin.bak | grep "^crates/atomcode-codingplan-crypto/" | sort -u
# 输出:
# crates/atomcode-codingplan-crypto/src/versions/v1.rs

6. 认证文件系统路径

bash
# 提取认证文件路径
strings atomcode.bin.bak | grep -E "auth\.toml|\.atomcode/auth|\.atomcode/sessions" | sort -u
# 输出示例:
# auth.toml
# ~/.atomcode/auth.toml

# 查看认证目录结构
ls -la ~/.atomcode/
# 输出示例:
# auth.toml
# config.toml
# sessions/
# datalog/
# telemetry/

7. 所有认证相关 crate 路径

bash
strings atomcode.bin.bak | grep "^crates/atomcode.*auth\|^crates/atomcode.*login\|^crates/atomcode.*token\|^crates/atomcode.*oauth\|^crates/atomcode.*coding_plan\|^crates/atomcode.*atomgit" | sort -u
# 输出:
# crates/atomcode-core/src/atomgit/client.rs
# crates/atomcode-core/src/auth/oauth.rs
# crates/atomcode-core/src/coding_plan/setup.rs
# crates/atomcode-daemon/src/api_auth.rs
# crates/atomcode-daemon/src/auth_token.rs
# crates/atomcode-tuix/src/event_loop/oauth_poll.rs

📅 生成: 2026-06-29

基于 VitePress 构建 · AtomCode v4.25.3 逆向工程分析文档