开启辅助访问 切换到宽版

精易论坛

 找回密码
 注册

QQ登录

只需一步,快速开始

用微信号发送消息登录论坛

新人指南 邀请好友注册 - 我关注人的新帖 教你赚取精币 - 每日签到


求职/招聘- 论坛接单- 开发者大厅

论坛版规 总版规 - 建议/投诉 - 应聘版主 - 精华帖总集 积分说明 - 禁言标准 - 有奖举报

查看: 11524|回复: 4
收起左侧

[技术专题] 某瓜视频 algorithm 分享

[复制链接]
发表于 2019-4-12 15:01:52 | 显示全部楼层 |阅读模式   重庆市重庆市

1、获取ck和Seq
POST http://api1000.akds.work//SzN4NGI4UDZ3ZWFrOHIydDJmZFZsZz09AU1UVTFOVEF3TWpjeU5qSTNOemMzTUE9PQ==?server=http%3A%2F%2Fapi1000.akds.work%2F&url=active%2Flog HTTP/1.1
terminal: 2
X-Auth-Key: 368480924a6c78e2e8681551a7cf4c21
flowId: 0b146aa3-65e2-4b54-baf3-1ee6e027de4a1555002726279
X-Auth-Nonce: 74699749
release: 119
Ip: 192.168.99.106
Response-Content-Type: application/json
Seq: 5a26efaa4eb0e15079fd259e7bd63a3a
X-Auth-TimeStamp: 1555002726279
pkg: cuke0001
X-Auth-Sign: YJSo3ae7Xja6RMA2c69JLzXr4KI%3D
Content-Type: application/json;charset=UTF-8
Content-Length: 354
User-Agent: Dalvik/2.1.0 (Linux; U; Android 6.0; Nexus 5 Build/MRA58K)
Host: api1000.akds.work
Connection: Keep-Alive
Accept-Encoding: gzip

ᏮᎷᏰᏤᏠᏼᏖᏺᏸᏥᏴᏻᏬᎷᎯᎷᏲᏺᏺᏲᏹᏰᎷᎹᎷᏰᏤᏠᏼᏘᏺᏱᏰᏹᎷᎯᎷᏛᏰᏭᏠᏦᎵᎠᎷᎹᎷᏺᏦᎷᎯᎷᎣᎻᎥᎷᎹᎷᏻᏰᏡᏜᏻᏳᏺᎷᎯᎷᏢᏼᏳᏼᎷᎹᎷᏰᏤᏠᏼᏜᏱᎷᎯᎷᎠᏴᎧᎣᏰᏳᏴᏴᎡᏰ᏷ᎥᏰᎤᎠᎥᎢᎬᏳᏱᎠᎬᏰᎢ᏷ᏱᎣᎦᏴᎦᏴᎣᎷᏨ

解出来的明文:
{"equiCompany":"google","equiModel":"Nexus 5","os":"6.0","netInfo":"wifi","equiId":"5a26efaa4eb0e15079fd59e7bd63a3a6"}


equiId是 md5(device_id + android_id + mac)


HTTP/1.1 200
Date: Thu, 11 Apr 2019 17:12:07 GMT
Content-Type: application/json
Connection: keep-alive
Set-Cookie: __cfduid=d0e19d986400c2f96405452f7d7cad0301555002727; expires=Fri, 10-Apr-20 17:12:07 GMT; path=/; domain=.akds.work; HttpOnly
Set-Cookie: JSESSIONID=A004E3767B22D288F7A2478825B4B976; Path=/; HttpOnly
Seq: efaa4eb0e15079fd59e72C30mCJKvCZSrDZC
domainVersion: 23898
_contextId: 0132da6e-3d2f-4858-9320-24c570c28266
flowId: 0b146aa3-65e2-4b54-baf3-1ee6e027de4a1555002726279
Cache-Control: no-store
Server: cloudflare
CF-RAY: 4c5e9564cad4774e-LAX
Content-Length: 201

ᏮᎷ᏶ᏺᏱᏰᎷᎯᎥᎹᎷᏱᏴᏡᏴᎷᎯᏎᏈᎹᎷᏰᏻᏠᏸᏖᏺᏱᏰᎷᎯᎷᏆᏀᏖᏖᏐᏆᏆᎷᎹᎷᏸᏦᏲᎷᎯᎷᏚᏞᎷᎹᎷᏦᏠ᏶᏶ᏰᏦᏦᎷᎯᏡᏧᏠᏰᏨ

解出来的明文:
{"code":0,"data":[],"enumCode":"SUCCESS","msg":"OK","success":true}

2、发码
POST http://api88.awk2.work//ZnFKb3hxRXZQUlJvK1l1Zml0RDZXQT09AU1UVTFOVEF3TXpBME9UVXlOek01T1E9PQ==?server=http%3A%2F%2Fapi88.awk2.work%2F&url=user%2Fsms HTTP/1.1
Cookie: __cfduid=d1fb447a34040533ca1df1deb2b9141831555002728; JSESSIONID=AB4591A48F8AE4D4901B866251E3976C
terminal: 2
X-Auth-Key: 368480924a6c78e2e8681551a7cf4c21                    //固定
flowId: fc448af1-c2d8-485e-b49a-ab41a25cc8051555003049530
X-Auth-Nonce: 96827043
release: 119
Ip: 192.168.99.106
Response-Content-Type: application/json
Seq: efaa4eb0e15079fd59e72C30mCJKvCZSrDZC                       //上一步返回
X-Auth-TimeStamp: 1555003049530
pkg: cuke0001
X-Auth-Sign: VLd%2FsvtPdh1tAsn%2B5xu9GryxOwE%3D
Content-Type: application/json;charset=UTF-8
Content-Length: 183
User-Agent: Dalvik/2.1.0 (Linux; U; Android 6.0; Nexus 5 Build/MRA58K)
Host: api88.awk2.work
Connection: Keep-Alive
Accept-Encoding: gzip

ᏮᎷᏥᏽᏺᏻᏰᎷᎯᎷᎤᎦᎣᎬᎠᎠᎧᎡᎭᎭᎭᎷᎹᎷᏡᏬᏥᏰᎷᎯᎷᏧᏰᏲᏼᏦᏡᏰᏧᎷᎹᎷ᏶ᏺᏠᏻᏡᏧᏬᏖᏺᏱᏰᎷᎯᎷᎾᎭᎣᎷᏨ

解出来的明文:
{"phone":"13695524888","type":"register","countryCode":"+86"}

======================================分析==============================================

----->>>Seq是返回的

----->>>url中那一串,其实是由两部分组成: base64(aes加密的请求方法名称(/user/sms.5) + "\u0001" + base64(本次随机生成的aesKey))

-->>本次请求url中的那一串,先进行base64解码之后,是这样子:

fqJoxqEvPRRo+YufitD6WA==MTU1NTAwMzA0OTUyNzM5OQ==

-->>前半部分用到的AES/CBC/PKCS5Padding方法:
key:1555003049527399
IV: 16-Bytes--String

加密前:
/user/sms.5

加密后:
fqJoxqEvPRRo+YufitD6WA==

-->>后半部分base64编码前的明文(其实就是随机aesKey值):1555003049527399

----->>>X-Auth-Sign用的是HmacSHA1加密(参数很多,没具体分析,加密后的密文,把\r,\n进行了删除):

key:cuke@appSecret#Ten2018!0816

加密前:
POST/user/sms?Authorization=&Seq=efaa4eb0e15079fd59e72C30mCJKvCZSrDZC&X-Auth-Key=368480924a6c78e2e8681551a7cf4c21&X-Auth-Nonce=96827043&X-Auth-TimeStamp=1555003049530&countryCode=+86&phone=13695524888&pkg=cuke0001&release=119&server=http://api88.awk2.work/&terminal=2&type=register&url=user/sms) (POST/user/sms?Authorization=&Seq=efaa4eb0e15079fd59e72C30mCJKvCZSrDZC&X-Auth-Key=368480924a6c78e2e8681551a7cf4c21&X-Auth-Nonce=96827043&X-Auth-TimeStamp=1555003049530&countryCode=+86&phone=13695524888&pkg=cuke0001&release=119&server=http://api88.awk2.work/&terminal=2&type=register&url=user/sms

加密后:
VLd/svtPdh1tAsn+5xu9GryxOwE=


----->>>flowId(其实就是  uuid + 时间戳):
        StringBuilder stringBuilder = new StringBuilder();
        stringBuilder.append(UUID.randomUUID().toString());
        stringBuilder.append(System.currentTimeMillis());
        String stringBuilder2 = stringBuilder.toString();


----->>>请求正文和返回正文,的加解密方法:

    public static String encodeRequest(String str) {
        char[] toCharArray = str.toCharArray();
        for (int i = 0; i < toCharArray.length; i++) {
            toCharArray[i] = (char) (toCharArray[i] ^ 20190101);
        }
        return String.valueOf(toCharArray);
    }

    public static String decodeResponse(String str) {
        char[] toCharArray = str.toCharArray();
        for (int i = 0; i < toCharArray.length; i++) {
            toCharArray[i] = (char) (toCharArray[i] ^ 20190101);
        }
        return String.valueOf(toCharArray);
    }

====================================================================================
HTTP/1.1 200
Date: Thu, 11 Apr 2019 17:17:29 GMT
Content-Type: application/json
Connection: keep-alive
Set-Cookie: JSESSIONID=974C189A3BDEC115096E70F616EE90F8; Path=/; HttpOnly
domainVersion: 23898
_contextId: c242e93c-0fb0-4e8b-8b1f-c8d4317c739c
flowId: fc448af1-c2d8-485e-b49a-ab41a25cc8051555003049530
Cache-Control: no-store
Server: cloudflare
CF-RAY: 4c5e9d41bcb1982f-LAX
Content-Length: 201

&#5102;&#5047;&#5110;&#5114;&#5105;&#5104;&#5047;&#5039;&#5029;&#5049;&#5047;&#5105;&#5108;&#5089;&#5108;&#5047;&#5039;&#5070;&#5064;&#5049;&#5047;&#5104;&#5115;&#5088;&#5112;&#5078;&#5114;&#5105;&#5104;&#5047;&#5039;&#5047;&#5062;&#5056;&#5078;&#5078;&#5072;&#5062;&#5062;&#5047;&#5049;&#5047;&#5112;&#5094;&#5106;&#5047;&#5039;&#5047;&#5082;&#5086;&#5047;&#5049;&#5047;&#5094;&#5088;&#5110;&#5110;&#5104;&#5094;&#5094;&#5047;&#5039;&#5089;&#5095;&#5088;&#5104;&#5096;


解出来的明文:
{"code":0,"data":[],"enumCode":"SUCCESS","msg":"OK","success":true}


发表于 2019-9-13 08:15:11 | 显示全部楼层   广东省深圳市
感谢发布原创作品,精易因你更精彩!
回复 支持 反对

使用道具 举报

结帖率:94% (15/16)
发表于 2019-6-2 14:54:45 | 显示全部楼层   广东省梅州市
感谢楼主分享!
回复 支持 反对

使用道具 举报

发表于 2019-4-16 22:31:04 高大上手机用户 | 显示全部楼层   山东省烟台市
同问  是不是需要逆向app找算法
回复 支持 反对

使用道具 举报

结帖率:82% (28/34)
发表于 2019-4-16 16:03:03 | 显示全部楼层   湖南省永州市
&#5102;&#5047;&#5104;&#5092;&#5088;&#5116;&#5078;&#5114;&#5112;&#5093;&#5108;&#5115;&#5100;&#5047;&#5039;&#5047;&#5106;&#5114;&#5114;&#5106;&#5113;&#5104;&#5047;&#5049;&#5047;&#5104;&#5092;&#5088;&#5116;&#5080;&#5114;&#5105;&#5104;&#5113;&#5047;&#5039;&#5047;&#5083;&#5104;&#5101;&#5088;&#5094;&#5045;&#5024;&#5047;&#5049;&#5047;&#5114;&#5094;&#5047;&#5039;&#5047;&#5027;&#5051;&#5029;&#5047;&#5049;&#5047;&#5115;&#5104;&#5089;&#5084;&#5115;&#5107;&#5114;&#5047;&#5039;&#5047;&#5090;&#5116;&#5107;&#5116;&#5047;&#5049;&#5047;&#5104;&#5092;&#5088;&#5116;&#5084;&#5105;&#5047;&#5039;&#5047;&#5024;&#5108;&#5031;&#5027;&#5104;&#5107;&#5108;&#5108;&#5025;&#5104;&#5111;&#5029;&#5104;&#5028;&#5024;&#5029;&#5026;&#5036;&#5107;&#5105;&#5024;&#5036;&#5104;&#5026;&#5111;&#5105;&#5027;&#5030;&#5108;&#5030;&#5108;&#5027;&#5047;&#5096;


这些字符串是怎么解密的啊
回复 支持 反对

使用道具 举报

您需要登录后才可以回帖 登录 | 注册

本版积分规则 致发广告者

发布主题 收藏帖子 返回列表

sitemap| 易语言源码| 易语言教程| 易语言论坛| 诚聘英才| 易语言模块| 手机版| 广告投放| 精易论坛
拒绝任何人以任何形式在本论坛发表与中华人民共和国法律相抵触的言论,本站内容均为会员发表,并不代表精易立场!
论坛帖子内容仅用于技术交流学习和研究的目的,严禁用于非法目的,否则造成一切后果自负!如帖子内容侵害到你的权益,请联系我们!
防范网络诈骗,远离网络犯罪 违法和不良信息举报电话0663-3422125,QQ: 800073686,邮箱:800073686@b.qq.com
Powered by Discuz! X3.4 揭阳市揭东区精易科技有限公司 ( 粤ICP备12094385号-1) 粤公网安备 44522102000125 增值电信业务经营许可证 粤B2-20192173

快速回复 返回顶部 返回列表