|
|
1、获取ck和Seq
POST http://api1000.akds.work//SzN4NGI4UDZ3ZWFrOHIydDJmZFZsZz09AU1UVTFOVEF3TWpjeU5qSTNOemMzTUE9PQ==?server=http%3A%2F%2Fapi1000.akds.work%2F&url=active%2Flog HTTP/1.1
terminal: 2
X-Auth-Key: 368480924a6c78e2e8681551a7cf4c21
flowId: 0b146aa3-65e2-4b54-baf3-1ee6e027de4a1555002726279
X-Auth-Nonce: 74699749
release: 119
Ip: 192.168.99.106
Response-Content-Type: application/json
Seq: 5a26efaa4eb0e15079fd259e7bd63a3a
X-Auth-TimeStamp: 1555002726279
pkg: cuke0001
X-Auth-Sign: YJSo3ae7Xja6RMA2c69JLzXr4KI%3D
Content-Type: application/json;charset=UTF-8
Content-Length: 354
User-Agent: Dalvik/2.1.0 (Linux; U; Android 6.0; Nexus 5 Build/MRA58K)
Host: api1000.akds.work
Connection: Keep-Alive
Accept-Encoding: gzip
ᏮᎷᏰᏤᏠᏼᏖᏺᏸᏥᏴᏻᏬᎷᎯᎷᏲᏺᏺᏲᏹᏰᎷᎹᎷᏰᏤᏠᏼᏘᏺᏱᏰᏹᎷᎯᎷᏛᏰᏭᏠᏦᎵᎠᎷᎹᎷᏺᏦᎷᎯᎷᎣᎻᎥᎷᎹᎷᏻᏰᏡᏜᏻᏳᏺᎷᎯᎷᏢᏼᏳᏼᎷᎹᎷᏰᏤᏠᏼᏜᏱᎷᎯᎷᎠᏴᎧᎣᏰᏳᏴᏴᎡᏰ᏷ᎥᏰᎤᎠᎥᎢᎬᏳᏱᎠᎬᏰᎢ᏷ᏱᎣᎦᏴᎦᏴᎣᎷᏨ
解出来的明文:
{"equiCompany":"google","equiModel":"Nexus 5","os":"6.0","netInfo":"wifi","equiId":"5a26efaa4eb0e15079fd59e7bd63a3a6"}
equiId是 md5(device_id + android_id + mac)
HTTP/1.1 200
Date: Thu, 11 Apr 2019 17:12:07 GMT
Content-Type: application/json
Connection: keep-alive
Set-Cookie: __cfduid=d0e19d986400c2f96405452f7d7cad0301555002727; expires=Fri, 10-Apr-20 17:12:07 GMT; path=/; domain=.akds.work; HttpOnly
Set-Cookie: JSESSIONID=A004E3767B22D288F7A2478825B4B976; Path=/; HttpOnly
Seq: efaa4eb0e15079fd59e72C30mCJKvCZSrDZC
domainVersion: 23898
_contextId: 0132da6e-3d2f-4858-9320-24c570c28266
flowId: 0b146aa3-65e2-4b54-baf3-1ee6e027de4a1555002726279
Cache-Control: no-store
Server: cloudflare
CF-RAY: 4c5e9564cad4774e-LAX
Content-Length: 201
ᏮᎷ᏶ᏺᏱᏰᎷᎯᎥᎹᎷᏱᏴᏡᏴᎷᎯᏎᏈᎹᎷᏰᏻᏠᏸᏖᏺᏱᏰᎷᎯᎷᏆᏀᏖᏖᏐᏆᏆᎷᎹᎷᏸᏦᏲᎷᎯᎷᏚᏞᎷᎹᎷᏦᏠ᏶᏶ᏰᏦᏦᎷᎯᏡᏧᏠᏰᏨ
解出来的明文:
{"code":0,"data":[],"enumCode":"SUCCESS","msg":"OK","success":true}
2、发码
POST http://api88.awk2.work//ZnFKb3hxRXZQUlJvK1l1Zml0RDZXQT09AU1UVTFOVEF3TXpBME9UVXlOek01T1E9PQ==?server=http%3A%2F%2Fapi88.awk2.work%2F&url=user%2Fsms HTTP/1.1
Cookie: __cfduid=d1fb447a34040533ca1df1deb2b9141831555002728; JSESSIONID=AB4591A48F8AE4D4901B866251E3976C
terminal: 2
X-Auth-Key: 368480924a6c78e2e8681551a7cf4c21 //固定
flowId: fc448af1-c2d8-485e-b49a-ab41a25cc8051555003049530
X-Auth-Nonce: 96827043
release: 119
Ip: 192.168.99.106
Response-Content-Type: application/json
Seq: efaa4eb0e15079fd59e72C30mCJKvCZSrDZC //上一步返回
X-Auth-TimeStamp: 1555003049530
pkg: cuke0001
X-Auth-Sign: VLd%2FsvtPdh1tAsn%2B5xu9GryxOwE%3D
Content-Type: application/json;charset=UTF-8
Content-Length: 183
User-Agent: Dalvik/2.1.0 (Linux; U; Android 6.0; Nexus 5 Build/MRA58K)
Host: api88.awk2.work
Connection: Keep-Alive
Accept-Encoding: gzip
ᏮᎷᏥᏽᏺᏻᏰᎷᎯᎷᎤᎦᎣᎬᎠᎠᎧᎡᎭᎭᎭᎷᎹᎷᏡᏬᏥᏰᎷᎯᎷᏧᏰᏲᏼᏦᏡᏰᏧᎷᎹᎷ᏶ᏺᏠᏻᏡᏧᏬᏖᏺᏱᏰᎷᎯᎷᎾᎭᎣᎷᏨ
解出来的明文:
{"phone":"13695524888","type":"register","countryCode":"+86"}
======================================分析==============================================
----->>>Seq是返回的
----->>>url中那一串,其实是由两部分组成: base64(aes加密的请求方法名称(/user/sms.5) + "\u0001" + base64(本次随机生成的aesKey))
-->>本次请求url中的那一串,先进行base64解码之后,是这样子:
fqJoxqEvPRRo+YufitD6WA==�MTU1NTAwMzA0OTUyNzM5OQ==
-->>前半部分用到的AES/CBC/PKCS5Padding方法:
key:1555003049527399
IV: 16-Bytes--String
加密前:
/user/sms.5
加密后:
fqJoxqEvPRRo+YufitD6WA==
-->>后半部分base64编码前的明文(其实就是随机aesKey值):1555003049527399
----->>>X-Auth-Sign用的是HmacSHA1加密(参数很多,没具体分析,加密后的密文,把\r,\n进行了删除):
key:cuke@appSecret#Ten2018!0816
加密前:
POST/user/sms?Authorization=&Seq=efaa4eb0e15079fd59e72C30mCJKvCZSrDZC&X-Auth-Key=368480924a6c78e2e8681551a7cf4c21&X-Auth-Nonce=96827043&X-Auth-TimeStamp=1555003049530&countryCode=+86&phone=13695524888&pkg=cuke0001&release=119&server=http://api88.awk2.work/&terminal=2&type=register&url=user/sms) (POST/user/sms?Authorization=&Seq=efaa4eb0e15079fd59e72C30mCJKvCZSrDZC&X-Auth-Key=368480924a6c78e2e8681551a7cf4c21&X-Auth-Nonce=96827043&X-Auth-TimeStamp=1555003049530&countryCode=+86&phone=13695524888&pkg=cuke0001&release=119&server=http://api88.awk2.work/&terminal=2&type=register&url=user/sms
加密后:
VLd/svtPdh1tAsn+5xu9GryxOwE=
----->>>flowId(其实就是 uuid + 时间戳):
StringBuilder stringBuilder = new StringBuilder();
stringBuilder.append(UUID.randomUUID().toString());
stringBuilder.append(System.currentTimeMillis());
String stringBuilder2 = stringBuilder.toString();
----->>>请求正文和返回正文,的加解密方法:
public static String encodeRequest(String str) {
char[] toCharArray = str.toCharArray();
for (int i = 0; i < toCharArray.length; i++) {
toCharArray[i] = (char) (toCharArray[i] ^ 20190101);
}
return String.valueOf(toCharArray);
}
public static String decodeResponse(String str) {
char[] toCharArray = str.toCharArray();
for (int i = 0; i < toCharArray.length; i++) {
toCharArray[i] = (char) (toCharArray[i] ^ 20190101);
}
return String.valueOf(toCharArray);
}
====================================================================================
HTTP/1.1 200
Date: Thu, 11 Apr 2019 17:17:29 GMT
Content-Type: application/json
Connection: keep-alive
Set-Cookie: JSESSIONID=974C189A3BDEC115096E70F616EE90F8; Path=/; HttpOnly
domainVersion: 23898
_contextId: c242e93c-0fb0-4e8b-8b1f-c8d4317c739c
flowId: fc448af1-c2d8-485e-b49a-ab41a25cc8051555003049530
Cache-Control: no-store
Server: cloudflare
CF-RAY: 4c5e9d41bcb1982f-LAX
Content-Length: 201
ᏮᎷ᏶ᏺᏱᏰᎷᎯᎥᎹᎷᏱᏴᏡᏴᎷᎯᏎᏈᎹᎷᏰᏻᏠᏸᏖᏺᏱᏰᎷᎯᎷᏆᏀᏖᏖᏐᏆᏆᎷᎹᎷᏸᏦᏲᎷᎯᎷᏚᏞᎷᎹᎷᏦᏠ᏶᏶ᏰᏦᏦᎷᎯᏡᏧᏠᏰᏨ
解出来的明文:
{"code":0,"data":[],"enumCode":"SUCCESS","msg":"OK","success":true}
|
|
粤公网安备 44522102000125 增值电信业务经营许可证 粤B2-20192173
发表于 2019-4-12 15:01:52
主题置顶卡
沉默卡
变色卡
扫一扫,关注易界动态