0x00 抓包
登录数据包(含滑块)
POST https://passport.suning.com/ids/login HTTP/1.1
hiro_trace_id: 046a3f6a7d9646e1ac085084eb9e7282
hiro_trace_type: SDK
User-Agent: Mozilla/5.0(Linux; U;SNEBUY-APP;5.8.3-187;SNCLIENT;Android 5.1.1; zh; vivo X9 Plus) AppleWebKit/533.0 (KHTML, like Gecko)Version/4.0 Mobile Safari/533.1
Content-Type: application/x-www-form-urlencoded;charset=utf-8
Host: passport.suning.com
Connection: Keep-Alive
Accept-Encoding: gzip
Cookie: tradeLdc=NJGX_YG;dfpToken="TSXYtspj6PGCjsxCYBBlg03e9";route=b835ab6b662d5bd8f63acce2c485304a; cityId=9264; districtId=12115;newCity=021_1000267_9264; district_pd_code=0210399;_device_session_id=8859735876761583750093066_BA51FAF78948C36CCF601FB6C394496910EF63CAF1B831013561DC3E9186F956A0665C0723E7C94E534726AF53B2DD42;dfpToken=TSXYtspj6PGCjsxCYBBlg03e9
Content-Length: 1689
jsonViewType=true&username=13565656565&version=1.0&password=123123123&slideVerifyCode=MDg1MkVDOTc1RTJCMzgyNjFGQzhGQzI2N0I1MDg5NjVfMF4xMjNeNTQwLDk2MF4tXi1eMTU4NDQy%0ANjQ2Mjk1N14tXjE3Mi4xNi4yLjZeNS4xLjFeODY1MTY2MDIxMTAyOTM3%0A%5EIAR%5E0EC6D94EB36C87FB61430A73F2F16D96F0E0566A11C8A304E8FBCAFA933D12E57BE8099DE79D079E52FE858E4E8577C3B791E026835C0B3C6E9FD2C8F733AEB543D973EF2D758273CC4F2619536BF9BB31D93FFD6C82A95C91CDCE01BC57239F58DD8AEEB79CD19D5174382D39835500EBC48A7A54BD78C2768193E8B9F34C63CEF77F55403806293335D8A103B58031B79440650DA393B5B791E026835C0B3CBABD7648BD5E43703CEBF19D8532269736BA622F4AAFE207DD06FBCFA450821C823E21972410F5CA3B9DB943C0E313319FA39DC91F4612DF20A66BD4E7F407A630969A56A721F3AF62A685C6B53BD7083661168CA14F4017D0821A0E1780B9992E6C72A0FA7E4B482637B620DEA7D9842E8585CB60C10D156D573A8016D328E436A6828757635D92B791E026835C0B3CF20B505A6D22549914EC2EF7F39DD5AF67A3A21BFA3BEF44E9C585C06D8349EB6EDE2ADFFC80C9E595C355EE6F9D23B1F2E9D79F692F9B8AC68034EAE572C5CE7670748151BBD353748170984AD5C0DE3ADD7A7A6CE6512A5E08CCC3734B76D89DBA4636CF99603DFB4D6681F5EACDB47FAB5753735CC51C59A8F0B23E3859271C0468E06B268DAEB791E026835C0B3CD77197B6DE9ADEDD98C2B0017E72B403680521D5DB30B3A30794194D84797B68B5D06E478B1FC6D0CEABEC64BECA4E9333029B1EDA16067A39EB84A1FD5576F6A5CCDA8048530045B2D0F1CFBCFDF63BE5D8E76641475F4B0AADEE28055197D7DFACDA4092CD48F2073696ABE43066AE9E7E8FE58628817AEA0028A035C9FF0007464B47E61FEAF330969A56A721F3AFFD061BC6AFB395CEE8835F2D6A7639EE&loginTheme=b2c&loginChannel=208000202003&rememberMe=true&rememberMeType=app&client=app&lotAndLat=0.0%2C0.0&service=https%3A%2F%2Faq.suning.com%2Fasc%2Fauth%3FtargetUrl%3Dhttp%3A%2F%2Fmyapi.suning.com%2Fapi%2Fmember%2FqueryMemberBaseInfo.do
参数分析:
可以看到有个slideVerifyCode
这个字段加密了,翻译过来是滑动验证码的意思,可以确定这个是滑块验证码
账号密码都是明文,就不用分析了,现在要解决的是这个滑动验证码是怎么生成的
0x01 逆向
APP没壳,拿到DEX,直接反编译成JAR文件,用GD-GUI打开
搜索关键词slideVerifyCode
跟进
可以看到这个值是由构造方法初始化的,现在我们要做的就是查找什么地方调用了这个初始
化的值
切换到jadx这个工具,方便查看交叉引用,唯一的缺点就是打开太慢
这个值是在构造方法的固定第四个参数
继续查交叉引用
跟过去,继续查交叉引用
一直跟着走
最后到了一个滑块的类
可以看到 是一个3des加密
剩下的就是分析算法了,也没啥难度了
要的加作者q1125571793来拿,易语言 的算法
正常登录