|
本帖最后由 小范q 于 2018-8-7 22:07 编辑
抓包:
- POST http://jinshunkj.com/vr_api_project_mvn/rest/login/submit.jhtml HTTP/1.1
- Content-Type: application/x-www-form-urlencoded
- Content-Length: 125
- Host: jinshunkj.com
- Connection: Keep-Alive
- Accept-Encoding: gzip
- User-Agent: okhttp/3.3.1
- phone=138xxxxxxxxx&pwd=9CBF8A4DCB8E30682B927F352D6559A0&platform=1&time=20150610134715&verify=A3C4081ADAC9AA6583373C5FEBBBF7D5
复制代码
分析:
主要加密参数为:pwd/verify
反编译app 找到关键加密位置
- public void onButtonLogin(View view) {
- AndroidUtils.hideSoftInput(this);
- String trim = this.editTextPhoneLogin.getText().toString().trim();
- String trim2 = this.editTextPwdLogin.getText().toString().trim();
- if (trim.isEmpty()) {
- ZinzToast.info("账号不能空");
- } else if (trim2.equals("")) {
- ZinzToast.info("密码不能空");
- } else {
- String MD5 = StringUtil.MD5(trim2);
- this.verify = StringUtil.MD5(trim + MD5 + APIService.platform + APIService.time + APIService.key);
- this.progressBarLogin.setVisibility(0);
- this.subscription = APIService.getAuthApi().login(trim, MD5, Integer.valueOf(1), APIService.time, this.verify).subscribeOn(Schedulers.io()).observeOn(AndroidSchedulers.mainThread()).subscribe(new C09471());
- }
- }
复制代码
分析得出算法:
- pwd = MD5(passwd);
- verify = MD5(phone + pwd + "1" + "20150610134715" + "669AA72C");
复制代码
|
|