PS:APP 提供来源
app 下载 地址:
http://sj.qq.com/myapp/detail.htm?apkName=com.xiudang.jiukuaiyou.ui
app 提供来源:
https://bbs.125.la/forum.php?mod=viewthread&tid=14213102&highlight=APP
第一步 抓登陆抓包:
POST https://muser.juanpi.com/login/check HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1.1; oppo a59m Build/LYZ28N)/jiu;4.9.1;oppo a59m;Android;5.1.1;101218
Host: muser.juanpi.com
Connection: Keep-Alive
Accept-Encoding: gzip
Content-Length: 577
apisign=f395adc7b6e2e2c8d1252b3a82c34e44&jpAppName=jiu&jpAppNetwork=4&jpAppVersion=4.9.1&jpDeviceName=oppo+a59m&jpDid=359593493182282&jpFeature=&jpFreshUtype=&jpGoodsUtype=&jpId=00000000-56a5-e113-4dd3-5e175b8a34c1&jpJpidAbAttr=9&jpLocation=上海市&jpLoginSource=&jpPlatform=Android&jpReleaseLevel=1&jpScreen=720x1280&jpSign=&jpSize=l&jpSystemVersion=5.1.1&jpTicks=1533902307556&jpTimeLine=2&jpToSwitch=2&jpUid=0&jpUidAbAttr=8&jpUserGroup=&jpUtm=101218&password=AtVG0TK+tueSC5ukI5qOPQ==&piccode=&username=CtN7Fw+mkXB6D4mel1BIUQ==&verifyid= 复制代码
第二步 分析加密主要参数:
1 apisign=f395adc7b6e2e2c8d1252b3a82c34e44 (MD5加密)
2 password=AtVG0TK+tueSC5ukI5qOPQ== (AES/CBCPKCS5Padding)
3 username=CtN7Fw+mkXB6D4mel1BIUQ== (AES/CBC/PKCS5Padding)
第三步 逆向找到其主要算法
1 . apisign
Map hashMap = new HashMap();
hashMap.put("type", this.third);
String str = ལྗོངས.m1086(JPUrl.Oauth_Web) + "?apisign=" + NetEngine.m604(hashMap) + "&type=" + this.third;
ʼʼ.m1396("", "third url=" + str);
--------------------------------------------------------
public static String m604(Map<String, String> map) {
return ʻי.m929(m605((Map) map, true, false) + JuanpiJni.m751());
}
----------------------------------------------------
public static String m929(String str) {
try {
MessageDigest instance = MessageDigest.getInstance("MD5");
instance.reset();
instance.update(str.getBytes());
return m901(instance.digest());
} catch (Exception e) {
return null;
}
}
复制代码
2 password /username
public static MapBean getUserLoginInfo(String arg4, String arg5, String arg6, String arg7) {
HashMap v0 = new HashMap();
((Map)v0).put("username", ʻי.ˋˋ(arg4));
((Map)v0).put("password", ʻי.ˋˋ(arg5));
((Map)v0).put("verifyid", arg6);
((Map)v0).put("piccode", arg7);
--------------------------------------------------------
public static String ˋˋ(String arg2) {
String v0;
try {
v0 = com.base.ib.utils.कैलसक्रपयोगक्ताओं.कैलसक्रपयोगक्ताओं(arg2, ʻי.སྔོན(JuanpiJni.कैलसक्रपयोगक्ताओं()));
}
catch(Exception v1) {
v1.printStackTrace();
}
return v0;
}
------------------------------------------------------------
public class कैलसक्रपयोगक्ताओं {
public static byte[] कैलसक्रपयोगक्ताओं;
static {
कैलसक्रपयोगक्ताओं.कैलसक्रपयोगक्ताओं = new byte[]{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
if(Boolean.FALSE.booleanValue()) {
System.out.println(Hack.class);
}
}
public static String कैलसक्रपयोगक्ताओं(String arg5, String arg6) throws UnsupportedEncodingException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException {
byte[] v0 = arg5.getBytes("UTF-8");
IvParameterSpec v1 = new IvParameterSpec(कैलसक्रपयोगक्ताओं.कैलसक्रपयोगक्ताओं);
SecretKeySpec v2 = new SecretKeySpec(arg6.getBytes("UTF-8"), "AES");
Cipher v3 = Cipher.getInstance("AES/CBC/PKCS5Padding");
v3.init(1, ((Key)v2), ((AlgorithmParameterSpec)v1));
return Base64.encodeToString(v3.doFinal(v0), 0);
}
复制代码
第四步 总结
1 . apisign = MD5("jpAppName=jiu&jpAppNetwork=4&jpAppVersion=4.9.1&jpDeviceName=oppo a59m&jpDid=359593493182282&jpFeature=&jpFreshUtype=&jpGoodsUtype=&jpId=00000000-56a5-e113-4dd3-5e175b8a34c1&jpJpidAbAttr=9&jpLocation=上海市&jpLoginSource=&jpPlatform=Android&jpReleaseLevel=1&jpScreen=720x1280&jpSign=&jpSize=l&jpSystemVersion=5.1.1&jpTicks=1533902307556&jpTimeLine=2&jpToSwitch=2&jpUid=0&jpUidAbAttr=8&jpUserGroup=&jpUtm=101218&password=kvDHs5GQlLv2v9hHZR2uBA==
&piccode=&username=CtN7Fw+mkXB6D4mel1BIUQ==
&verifyid=juanpi_oauth#$A.*$%(#$%16rwtr712^")
PS:
apisign =MD5(body + “juanpi_oauth#$A.*$%(#$%16rwtr712^”);
==========================================================================
2. password = AES/CBC/PKCS5Padding(pwd,key,iv);
username == AES/CBC/PKCS5Padding(user,key,iv);
PS: key = 85d32385edcd3304be7fbf4be51d3a2f;
iv = Hex.parse(0000000000000000); )
评分
查看全部评分