本文主要是介绍芒果TV登录加密分析,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
芒果TV(h5)登录加密分析
此内容更新时间: 2024/01/21, 芒果TV Web[H5]端登录分析
一、抓个包
很直观的参数~舒服
二、侦查它
| 参数 | 值 | 说明 |
|---|---|---|
| invoker | msite | 不管它 |
| username | 13888888888 | 手机号 |
| password | 84ca49******4a3d | 密码加密 |
| pwdType | 1 | 密码类型 |
| smscode | 86 | 不管它 |
| sign | 41e168a185add482c71277cca9bcb0c8 | 签名令牌 |
| abroad | 0 | 不管它 |
| deviceid | 9f2f10de-093d-4079-ae9d-bc5eeedf5d26 | 设备id |
| captcha | 图形验证码 |
2.1 拷问deviceid
2.1.1 算法定位
没有混淆, 直接搜deviceid 下断
看看Q.gL是什么东西
再看看o.eP
继续往前找
没啥, 若是 cookie或localstorage 存在mg_uuid这玩意儿,直接从这两个口袋里偷
首次运行肯定不存在, 所以回到Q.gL
var r = n(6835)
, i = n(7632)
, o = n(4767);
function s() {try {var t = (0,o.eP)("mg_uuid");return t || (t = (0,i.Z)(),(0,o.d8)("mg_uuid", t, 9e3, ".mgtv.com")),t} catch (e) {return ""}
}
如果o.eP()未能取到值, 则调用i.Z()来取值, o.d8()很明显就是保存了
看看i.Z() 如上代码, 这里的i导入了7632模块
单纯的生成随机uuid
2.1.2 算法实现
import uuidmg_uuid = str(uuid.uuid4())
deviceid = mg_uuid
2.2 拷问password
2.2.1 算法定位
小玩意儿就是好
进入c看看是啥
这小东西好像还是个RSA加密, 没啥需要注意的, 就是拼接了时间戳和随机数之后进行加密, 如:
17058489040.112442429301682361705848904170123456
直接抠代码了
function c(t) {return y(131), t = function () {var t = String(Date.parse(new Date)).substring(0, 10),e = String(Math.random()),n = String(e + t + t + e).substring(0, 32);return t + n}() + t,function (t, e) {var n = [],r = e.length,i = 0;for (; i < r;) n[i] = e.charCodeAt(i), i++;for (; n.length % t.chunkSize != 0;) n[i++] = 0;var o, s, a, u = n.length,c = "";for (i = 0; i < u; i += t.chunkSize) {for (a = new m, o = 0, s = i; s < i + t.chunkSize; ++o) a.digits[o] = n[s++], a.digits[o] += n[s++] << 8;var f = t.barrett.powMod(a, t.e),l = 16 == t.radix ? k(f) : S(f, t.radix);c += "".concat(l, " ")}return c.substring(0, c.length - 1)}(new f("10001", "", "A5245A4630DD7CE9D8A967E33A50EB52C2634FD042C4BFBCF5A5C1317A234FD0D1D2C75D083946AF70CE480C399FAD8EEBE9F5A904F30E4D3C91CDD7C27C4D07E27015D46B29A003E9D49834E19041A7BA45A95E6161697975721E88949E8023DA682895086223683593F054E7AAE0E07C40DB33BD80EE5909CE48D17C07D097"), t)
}function f(t, e, n) {this.e = j(t), this.d = j(e), this.m = j(n), this.chunkSize = 2 * I(this.m), this.radix = 16, this.barrett = new V(this.m)
}
var l, p, h, d = 16,g = 65536,v = 65535;function y(t) {l = new Array(t);for (var e = 0; e < l.length; e++) l[e] = 0;p = new m, (h = new m).digits[0] = 1
}
y(20);
w(1e15);function m(t) {this.digits = "boolean" === typeof t && 1 == t ? null : l.slice(0), this.isNeg = !1
}function b(t) {var e = new m(!0);return e.digits = t.digits.slice(0), e.isNeg = t.isNeg, e
}function w(t) {var e = new m;e.isNeg = t < 0, t = Math.abs(t);for (var n = 0; t > 0;) e.digits[n++] = t & v, t = Math.floor(t / g);return e
}function _这篇关于芒果TV登录加密分析的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
