贝壳找房Authorization算法

cgq664315

app 下载 地址：
http://sj.qq.com/myapp/detail.htm?apkName=com.lianjia.beike
第一步抓个登陆发验证码的包

  

GET https://app.api.ke.com/user/account/sendverifycodeforbindmobilev2?mobile_phone_no=13326565656 HTTP/1.1
x-req-id: e00ff70e-bc17-4044-a35c-f78acb32018d
Page-Schema: register%2Ffastlogin
Referer: register%2Ffastregister
Cookie: lianjia_udid=865166027426629;lianjia_ssid=75851a93-26c2-49a8-9eb7-cc8f99bf57c9;lianjia_uuid=0a573ab1-63b5-409d-8918-5f7ed7e61b67
Dynamic-SDK-VERSION: 1.1.0
Lianjia-City-Id: 410323
parentSceneId: 5596148239526137856
source-global: {}
User-Agent: Beike2.45.0;gionee f100; Android 5.1.1
Lianjia-Channel: Android_ke_baidupinzhuannei
Lianjia-Device-Id: 865166027426999
Lianjia-Version: 2.45.0
Lianjia-Im-Version: 2.34.0
Lianjia-Recommend-Allowable: 1
Authorization: MjAxODAxMTFfYW5kcm9pZDo4OTQ3ZTViOWUyNzY3ZmFkOGE4NDkxNWIwNDcwZTI3NDNkNDkzMDI2
extension: lj_imei=865166027426629&lj_duid=DuJS34UhUciix/eawe4VSLWEY8mWRVkGBit6fsyNDD/NLlUAbE+xg2ZpttRz/ra6FqHd1+JzBu9GWqfOGfyo1hSQ&lj_android_id=aff431a764d6b2da&lj_device_id_android=865166027426629&mac_id=00:81:23:6b:7d:a4
WLL-KGSA: LJAPPVA accessKeyId=sjoe98HI099dhdD7; nonce=fEELhMml5pD164faC24xpGZP5zuCGwRd; timestamp=1622391411; signature=tQTYX+xYJU5trNKllZ1pXtI254QDxUEVBS4EtHF6w1I=
Host: app.api.ke.com
Connection: Keep-Alive
Accept-Encoding: gzip

GET https://app.api.ke.com/user/account/sendverifycodeforbindmobilev2?mobile_phone_no=13326565656 HTTP/1.1<br /> x-req-id: e00ff70e-bc17-4044-a35c-f78acb32018d<br /> Page-Schema: register%2Ffastlogin<br /> Referer: register%2Ffastregister<br /> Cookie: lianjia_udid=865166027426629;lianjia_ssid=75851a93-26c2-49a8-9eb7-cc8f99bf57c9;lianjia_uuid=0a573ab1-63b5-409d-8918-5f7ed7e61b67<br /> Dynamic-SDK-VERSION: 1.1.0<br /> Lianjia-City-Id: 410323<br /> parentSceneId: 5596148239526137856<br /> source-global: {}<br /> User-Agent: Beike2.45.0;gionee f100; Android 5.1.1<br /> Lianjia-Channel: Android_ke_baidupinzhuannei<br /> Lianjia-Device-Id: 865166027426999<br /> Lianjia-Version: 2.45.0<br /> Lianjia-Im-Version: 2.34.0<br /> Lianjia-Recommend-Allowable: 1<br /> Authorization: MjAxODAxMTFfYW5kcm9pZDo4OTQ3ZTViOWUyNzY3ZmFkOGE4NDkxNWIwNDcwZTI3NDNkNDkzMDI2<br /> extension: lj_imei=865166027426629&lj_duid=DuJS34UhUciix/eawe4VSLWEY8mWRVkGBit6fsyNDD/NLlUAbE+xg2ZpttRz/ra6FqHd1+JzBu9GWqfOGfyo1hSQ&lj_android_id=aff431a764d6b2da&lj_device_id_android=865166027426629&mac_id=00:81:23:6b:7d:a4<br /> WLL-KGSA: LJAPPVA accessKeyId=sjoe98HI099dhdD7; nonce=fEELhMml5pD164faC24xpGZP5zuCGwRd; timestamp=1622391411; signature=tQTYX+xYJU5trNKllZ1pXtI254QDxUEVBS4EtHF6w1I=<br /> Host: app.api.ke.com<br /> Connection: Keep-Alive<br /> Accept-Encoding: gzip

简单看一下:是个GET请求URL只有个明文的手机号，猜测加密在协议头
第二步:协议头都是一些位置，IP,设备号，所在城市，和版本号，用精益网页助手测试了一下发现加密                                                                                                                              Authorization: MjAxODAxMTFfYW5kcm9pZDo4OTQ3ZTViOWUyNzY3ZmFkOGE4NDkxNWIwNDcwZTI3NDNkNDkzMDI2                                                                                                                  好家伙我直接精益编程助手一键解码  base64解码结果20180111_android:8947e5b9e2767fad8a84915b0470e2743d493026                                                                                                           再抓一个包一看前面20180111_android:都一样，看看后面是什么妖魔鬼怪，查下壳，没壳，打开我的jadx-gui，直接搜关键字Authorization，然后就发现Appid + COLON_SEPARATOR + c 组成的,最后 Base64，我hook一下Appid，得出hook结果
d5e343d453aecca8b14b2dc687c381camobile_phone_no=13326565656    直接去md5一对比，既然不对，看了一眼，直接精益编程助手一键编码，原来是sha1，一加密结果为8947e5b9e2767fad8a84915b0470e2743d493026加上20180111_android:和抓到的一样就完事了

cgq664315

guzhi 发表于 2023-7-20 11:36
wll-kgsa加密参数呢

自己抓包撒

cgq664315

guzhi 发表于 2023-7-20 11:36
wll-kgsa加密参数呢

自己解密

guzhi

wll-kgsa加密参数呢

zzzzdddd

学习了学习了

313503791

学习了学习了

cgq664315

111111111111