本帖最后由 小范q 于 2018-8-25 00:42 编辑
PS:APP 提供来源
app 下载 地址:
http://sj.qq.com/myapp/detail.htm?apkName=com.ideal.flyerteacafes
app 提供来源:
https://bbs.125.la/forum.php?mod=viewthread&tid=14222184&highlight=APP
第一步 抓登陆抓包:
POST /api/mobile/index.php?version=4&mobile=yes&cookietime=2592000&module=login&loginsubmit=yes&loginfield=auto&appkey=98bf6a79892a1148a1&token=MHwxNTM1MTI2NDQyODY1fDI3ZTEwY2IwMzJkZWVhYzc1ZThjMjcxYzQ3MTViODkwZWRiYWFiZTIyNTM2OTkzM2E1ZWRjNGM5MzNmOTM0Y2U%253D&appversion=6.24.0&transcode=yes HTTP/1.1
Cookie: cu3z_a47d_saltkey=m93mC04o; cu3z_a47d_uacc=9BDCDB5AC04DB852; cu3z_a47d_lastvisit=1535121212; cu3z_a47d_dismobilemessage=1; cu3z_a47d_nofavfid=1; cu3z_a47d_lastviewtime=0%7C1535125812; acw_tc=AQAAAGMZC0HSRAsADIhP2jtOmVhBTAPH; cu3z_a47d_mobile=2; cu3z_a47d_lastact=1535126355%09index.php%09
User-Agent: FKForum/6.24.0 (oppo oppo a59m; Android 5.1.1; Scale/540*960)
Content-Type: application/x-www-form-urlencoded;charset=UTF-8
Content-Length: 91
Host: www.flyertea.com
Connection: Keep-Alive
Accept-Encoding: gzip
username=13812345678&password=1234567890&Registrationid=1507bfd3f79390d77af&loadCache=false 复制代码
第二步 分析加密主要参数:
token=MHwxNTM1MTI2NDQyODY1fDI3ZTEwY2IwMzJkZWVhYzc1ZThjMjcxYzQ3MTViODkwZWRiYWFiZTIyNTM2OTkzM2E1ZWRjNGM5MzNmOTM0Y2U%253D
第三步 反编译逆向找到其主要算法
--------------------------------------------------------------------------------------------------------------------------
private void usernameLogin(String arg5, String arg6) {
this.getDialog().proDialogShow();
XutilsHelp.clearCookie();
FlyRequestParams v1 = new FlyRequestParams(HttpRequest.HTTP_login);
v1.addQueryStringParameter("transcode", "(TV;)V");
v1.addBodyParameter("username", arg5);
v1.addBodyParameter("password", arg6);
v1.addBodyParameter("Registrationid", JPushInterface.getRegistrationID(FlyerApplication.getContext()));
XutilsHttp.Post(v1, new StringCallback() {
public void flySuccess(Object arg1) {
this.flySuccess(((String)arg1));
}
public void flySuccess(String arg4) {
if(LoginVideoPresenter.this.isViewAttached()) {
Logger.i("<+TE;>;>;)", new Object[0]);
if(JsonAnalysis.isSuccessEquals1(arg4)) {
LoginVideoPresenter.this.loginInit(JsonAnalysis.getBean(arg4, LoginBase.class));
}
else {
ToastUtils.showToast(JsonAnalysis.getMessage(arg4));
LoginVideoPresenter.this.getDialog().proDialogDissmiss();
}
}
}
});
}
------------------------------------------------------------------------------------------------------------------
public class FlyRequestParams extends RequestParams {
private boolean loadCache;
public FlyRequestParams(String arg11) {
super(arg11);
this.loadCache = false;
String v4 = UserManger.isLogin() ? UserManger.getUserInfo().getMember_uid() + ", locaPath=\'" + DateUtil.getDateline() : "0|" + DateUtil.getDateline();
String v3 = StringTools.encodeBase64(v4 + ", locaPath=\'" + HmacSha256.getSignature(v4, "feb0e9a398bf6a79892a114825316a93").getBytes());
this.addQueryStringParameter("appkey", "98bf6a79892a1148a1");
this.addQueryStringParameter("token", v3);
this.addQueryStringParameter("appversion", Tools.getVersion());
String v0 = UserManger.getCookie();
if(!TextUtils.isEmpty(((CharSequence)v0))) {
this.addHeader("Cookie", v0);
}
Object v2 = FlyerApplication.getContext().getSystemService("÷");
this.addHeader("User-Agent", "FKForum/" + Tools.getVersion() + " (" + Build.BRAND + " " + Build.MODEL + "; Android " + Build$VERSION.RELEASE + "; Scale/" + ((WindowManager)v2).getDefaultDisplay().getWidth() + "*" + ((WindowManager)v2).getDefaultDisplay().getHeight() + ") ");
}
------------------------------------------------------------------------------------------------------------------
public static long getDateline() {
return System.currentTimeMillis();
}
------------------------------------------------------------------------------------------------------------------
public static String getSignature(String arg7, String arg8) {
Mac v3;
SecretKeySpec v5 = new SecretKeySpec(arg8.getBytes(), "HmacSHA256");
try {
v3 = Mac.getInstance("HmacSHA256");
v3.init(((Key)v5));
}
catch(InvalidKeyException v0) {
v0.printStackTrace();
}
catch(NoSuchAlgorithmException v0_1) {
v0_1.printStackTrace();
}
return HmacSha256.byte2hex(v3.doFinal(arg7.getBytes()));
}
复制代码
第四步 算法总结
Token = Base64En(v1 + ", locaPath=\'" + HmacSha256(v1, key));
PS:
① 【
v1 = UserManger.isLogin() ? UserManger.getUserInfo().getMember_uid() + ", locaPath=\'" + DateUtil.getDateline() : "0|" + DateUtil.getDateline();
简言之 当APP处于登陆状态:
v1 = uid + ", locaPath=\'" + 现行13位时间戳();
未登录状态 :
v1 = "0|" + 现行13位时间戳();
】
② key = "feb0e9a398bf6a79892a114825316a93";
第五步 算法移植
js 移植见附件
js移植.rar
(3.69 KB, 下载次数: 90)
评分
查看全部评分