得物(毒)加密算法解析 得物逆向
寫在前面:
本文僅限交流學習使用,請勿使用在任何非法商業(yè)活動,禁止用于非法用途。否則后果自負。如有侵權(quán),請告知刪除,謝謝!
抓包分析:
本文以detailV3接口為例:
POST? https://app.dewu.com/api/v1/h5/index/fire/flow/product/detailV3
{
? "sign": "925981af5b1b6abfb57b795a4553f845",
? "spuId": 1263267,
? "propertyValueId": 29740814,
? "sourceName": "hottest",
? "skuId": 0
}
可以看到請求body里有一個sign加密參數(shù),反編譯小程序后用微信開發(fā)者工具打開,發(fā)現(xiàn)下面這段很可疑:
return e = Object.keys(t).sort().reduce((function (e, r) {return void 0 === t[r] ? e : "".concat(e).concat(r).concat(n(t[r]))}), ""), e += "19bc545a393a25177083d4a748807cc0", Object(r.md5)(e)大概就是json鍵值拼接后加上一段常量值,取其md5
果然一致
響應(yīng)體解密:
請求成功之后發(fā)現(xiàn)返回的是一段密文,由于比較長,這里摘抄一部分:
D352B3D6550E7A3443379AF45BA1EAD737CFA4DAC2562A71B3F62D454B07CF7EE813BF029F7677F9473BBBC7A55CC69E40670406D297EE6319467158FD579653C75C861473508C4C0437C5E52232387B52CC9B31849C022495964571ADD9E6615BEB74893EF89C74F62F9DC64A72F96552C56B9C500B74299A74F9C62BF38FCEC24B76D2E3D44611153FA1D42B1EFD9EE38410078B56797A1701D4F4BFE0DEDC50C6F923A41333915D23F1B3D5FC8B9F2D8F4268E89F4D12C9345C8125EAE4F14170AB70A5A4BD20E72339C980A1F6F12AB1716CA7F735DCA8AF566B1A3446F3A5EDF002E7B14236DD7A556A56091DD219FE60B532CBE90524A1A48E85FFF84E13F52CD9C2388D8B52625B7F8D3E9E1EB196EE92266B7609B84DA3F25A6AD861A3A8BFE5EC91EB1DA17214096E8C38879908A7C700D6C08A9E7F0B1CC48B455D40F088C39FD5EE9F6051F19B85CF078BEE7E35AAA7CA488BEC439C9825B7998C00962E7AC39B974EDED334E1796131145A4D42E5DD1BD1863ACD0B3BC42CDA1EFFB587AFE3ED0A37E7D6D738E85187AC5064F289E45486BDD1CE4F5018817D281062493D9CD26A3DC7D212A263E39F9DDF00758D428BAEF6B4D08176DA8C8E0170CD728C3966FC396BE73D6C0D8436DCF615688B506353E2CB67C69BCF1875074A98AA6DD8E9E39C7CB748B50D620286FA03B9D6DD360D2C49CA46C705C530AB7F13D52BD8AB32345AB436E9DBFE37EAEBA4DDB2131CC30023A9F8CB2BF320704AD386A79200B90A2ED21AE229E0227C31F9B2D386E1B94CD57354CC63BFC9D57F88EC7F2126799D94135A731A3C85F673790C31B3DF68C07E460895B179DE9DEE8BE9EB070EBC5ED4589C9569883C009FA50DAB7E400F0724693FD26799DEF1B7399F96DECFCC3C8640B7537F1AAA8E689F2C7106115700DB47D465F59FA3916E3D9F60B818B808E3A6D48F7492802F32EA7BEDF39DC6E68725F787DF2E40092606080EA16EE4816A786A587BA812E4A2F3AB11ED8E57561AACABD49A15BE6DED571CF252CF5A87D995DC1CF413D7845FED1A0748B363855B69FB69A2A2DA69D6C356DD64D143F2BE9329A2737FFE77BB463F2D7EAA4ED89282310693CF34B9E8F6AC13AA23F56E691B39292A20BA9C2CA5F0F35782075BA31B16B80EDA091A125BEEBF58812B10C3A508077363F7DE5404EFA0B073A324D3AA06118DC48EB099976C7FE4D9F36F925219F5479B4B00FC9FB64B8B04078171397667A5722B23FC96EA8FD182C164AE0C90B9EE0D7D9283A441DB8ED374B8CE1DF5360A458151617CB9F6F3A08459C1955CAF7D6EFE15D14CD65DEA5082FDD2E8D792498
我們需要后續(xù)的協(xié)議操作肯定離不開返回的內(nèi)容,所以解密響應(yīng)體非常重要,追蹤函數(shù)后發(fā)現(xiàn)下面這個函數(shù):
function Z(t, n, i, o, a) {var s, c = m,u = g,l = t[u(574, "PY[)")] || t,p = u(575, "Q)iM"),f = e(i ? i[u(576, "BT!N")](",") : ["1", "1"], 2),h = f[0],d = f[1];if ("wx" === o ? s = wx : "qq" === o ? s = qq : "dy" === o && (s = tt), a || (rt = d, s[c(577)](u(578, "A9qh"), d)), "1" === h) {var v;try {var y = S[c(45)][c(579)][u(580, "GVzz")](l),_ = S[u(581, "kYAm")][u(582, "s*Gd")][u(583, "vPY@")](y);if (!(v = S.MM[u(584, "a%bJ")](_, S[u(585, "1VQD")][u(586, "2dNh")][c(235)](n[c(54)](10, 16)), {iv: S[u(587, "PY[)")][c(62)][c(235)](n[u(588, "FCI6")](20, 16)),mode: S[c(589)][c(568)],padding: S[c(569)][u(590, "GA59")]})[u(591, "^My#")](S[c(45)][c(62)])[c(20)]())) try {var b = S[c(45)][c(579)][c(235)](l),x = S[c(45)][c(159)][c(63)](b);(v = S.MM[c(592)](x, S[c(45)][u(593, "Vih(")][u(594, "#Ace")](p[c(54)](10, 16)), {iv: S[u(595, "3M![")][c(62)][u(596, "^My#")](p[c(54)](20, 16)),mode: S[u(597, "3M![")][c(568)],padding: S[u(598, "1VQD")][c(570)]})[u(599, "IL7s")](S[u(600, "O@Bp")][c(62)])[u(601, "QHvF")]()) || (v = t)} catch (e) {v = t}} catch (e) {try {var w = S[c(45)][c(579)][c(235)](l),k = S[c(45)][u(602, "8ByR")][c(63)](w);(v = S.MM[u(603, "h]Ba")](k, S[u(604, "X9C9")][u(605, "JLqm")][c(235)](p[u(606, "BT!N")](10, 16)), {iv: S[u(607, "wh7E")][u(608, "2a!b")][c(235)](p[c(54)](20, 16)),mode: S[c(589)][c(568)],padding: S[u(609, "FCI6")][c(570)]})[c(20)](S[u(610, "X55z")][u(611, "BT!N")])[u(612, "dsUg")]()) || (v = t)} catch (e) {v = t}}return r(v) === c(613) ? JSON[c(63)](v) : v}return r(t) === c(613) ? JSON[c(63)](t) : t }通過調(diào)用該函數(shù)成功解密出如下數(shù)據(jù):
總結(jié)
以上是生活随笔為你收集整理的得物(毒)加密算法解析 得物逆向的全部內(nèi)容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 利率交換 IRS 估值 (1) 前言
- 下一篇: win7 下面串口驱动装好串口工具却找不