Python crawler advanced essential | analysis of encryption parameter sign of a device mall

Today website

aHR0cHM6Ly90aXRhbm1hdHJpeC5jb20vdGd4eA==

This example comes from communication group 4

Parameter positioning and analysis

This parameter can be found directly through the following request

aHR0cHM6Ly9tYWNhZmUudGl0YW5tYXRyaXguY29tL21hY2FmZS9nZXRTdGF0ZQ==

The next step is the search method. We talked about several methods to locate encryption parameters before,

Supplementary content

A reader asked me which article it was in the message area, but I didn't find it for a while

Just fill it up here

1. Parameter search - quickly locate by searching the parameter name of the encrypted value, similar to the following example

sign: 
sign :
sign= 
sign = 
# Why do you search like this from a development perspective

2. xhr breakpoint - this method has some limitations and requires some stack analysis capability

F12 - Click[ Sources]- Right toolbar [as shown in the following figure] - Create a new breakpoint and enter the breakpoint to match in the input box url

This principle is to match whether the url contains the string you set when xhr contracts. If so, use the debugger

So don't fill in the url with variable parameters here, just fill in the main part of the url

ps: the parameters change every time. Of course, they can't match

3. js call stack analysis method - basically can be used, with strong universality

Find the request you need to analyze in the console - Pick him - Find[ Initiator] - Find a breakpoint - Refresh again

Continue the above analysis and try the options I listed one by one

After that, you can mark the breakpoint and refresh it to verify whether it is generated through this logic

like this

It's broken, like this

Then analyze ke.a.hash

Don't panic when it's disconnected, and don't remember to analyze what the hash did

Look at the parameters first

Copy it like me

appid=201010&client={"system":"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","version":"1.0.0"}&param={"serviceKey":"a4966e02741c4cc091fe1834d00f149c"}&rank=7294033887935694&timestamp=2021/12/03 20:02:08&token=&key=72933362EAA649B893699E6191BC898F

Then look at what happens after this hash

Copy it again

fd38dd0d6427bb8cc13e62568af6dd27

Do more steps in this step to confirm the following points

1,Is the parameter constant?
2,Is the parameter length constant?
3,Are parameters returned or carried in other requests?

After confirmation, look at the characteristics

1,Are there any similar results with some common algorithms?
2,Is it a significant fixed length of 16 and 32 bits?
3,Is it with base64 Looks like? - Usually the result is in uppercase and lowercase letters, 0-9,+/ Composition, some will be = ending

It takes only a few minutes to complete the above points. You can save a lot of time slowly. You can use this time to seriously summarize or read some technical articles (such as salted fish mine)

After confirmation, will you find some characteristics that meet some guesses?

Then try some online encrypted test websites

16. I often use the following website for 32-bit hash test

https://1024tools.com/hash

If you have something useful, you can also share a wave

Paste in the plaintext we just copied

Don't you think it will come out?

Post the code written by the J guy in the group

# -*- coding: utf-8 -*-#

#-------------------------------------------------------------------------------
# Project:      js_nx
# Name:         sss
# Description:
# Author: ah J
# Date:         2021/12/2
#-------------------------------------------------------------------------------

import requests,json,hashlib
import time


def md5(xx):
    return hashlib.md5(xx.encode()).hexdigest()

headers = {
    'Connection': 'keep-alive',
    'Pragma': 'no-cache',
    'Cache-Control': 'no-cache',
    'sec-ch-ua': '" Not A;Brand";v="99", "Chromium";v="96", "Google Chrome";v="96"',
    'Accept': 'application/json, text/plain, */*',
    'apiVersion': '1.0',
    'Content-Type': 'application/json;charset=UTF-8',
    'sec-ch-ua-mobile': '?0',
    'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36',
    'sec-ch-ua-platform': '"Windows"',
    'Origin': 'https://titanmatrix.com',
    'Sec-Fetch-Site': 'same-site',
    'Sec-Fetch-Mode': 'cors',
    'Sec-Fetch-Dest': 'empty',
    'Referer': 'https://titanmatrix.com/',
    'Accept-Language': 'zh-CN,zh;q=0.9',
}

data = {
    "appid": "201010",
    "client": {
        "system": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36",
        "version": "1.0.0"
    },
    "param": {
        "serviceId": "a4966e02741c4cc091fe1834d00f149c",
        "sid": 7017,
        "pkey": "",
        "withParam": True,
        "noWaterMark": True
    },
    "timestamp":time.strftime("%Y/%m/%d %H:%M:%S", time.localtime()),
    "rank": "9018048684590414",
    "sign": ""
}

enc_data = "appid=" + data['appid'] + "&client=" + json.dumps(data['client'],separators=(',',':')) + "&param=" + json.dumps(data['param'],separators=(',',':')) \
           + "&rank=" + data['rank'] + "&timestamp=" + data['timestamp'] + "&token=" + ""+ "&key=" + "72933362EAA649B893699E6191BC898F"
print(enc_data)
sign = md5(enc_data)
print(sign)
data['sign'] = sign
response = requests.post('https://macafe.titanmatrix.com/macafe/getState', headers=headers, data=json.dumps(data,separators=(',',':')))
print(response.text)

Well, that's all for today.

I am a salted fish fishing without update

Yes, please reply~

I'll see you next time.

Posted on Tue, 07 Dec 2021 00:24:13 -0500 by mblack0508