js逆向 天翼云登录
郑重声明
- 郑重声明:本项目的所有代码和相关文章, 仅用于经验技术交流分享,禁止将相关技术应用到不正当途径,因为滥用技术产生的风险与本人无关。
js代码
挺简单的就是一个MD5加密
const CryptoJS = require('crypto-js');
let T = function (e) {
var n = arguments.length > 1 && void 0 !== arguments[1] ? arguments[1] : ""
, t = arguments.length > 2 && void 0 !== arguments[2] ? arguments[2] : {}
, a = t.enc
, r = void 0 === a ? "Utf8" : a
, c = t.mode
, i = void 0 === c ? "ECB" : c
, o = t.padding
, u = void 0 === o ? "Pkcs7" : o
, d = CryptoJS.enc[r].parse(n)
, l = {
mode: CryptoJS.mode[i],
padding: CryptoJS.pad[u]
}
, s = CryptoJS.TripleDES.encrypt(e, d, l);
return s.toString()
};
let F = function (e) {
var n = arguments.length > 1 && void 0 !== arguments[1] ? arguments[1] : {};
if (e && "string" === typeof e) {
var t = n.text || "0"
, a = n.length || 24;
if (e.length < a)
for (var r = e.length; r < a; r++)
e += t;
else
e = e.substring(0, a);
return e
}
};
let _ = function () {
var e, n, t = arguments.length > 0 && void 0 !== arguments[0] ? arguments[0] : 32,
a = arguments.length > 1 && void 0 !== arguments[1] ? arguments[1] : 16,
r = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz".split(""), c = [];
if (a = a || r.length,
t)
for (e = 0; e < t; e++)
c[e] = r[0 | Math.random() * a];
else
for (c[8] = c[13] = c[18] = c[23] = "-",
c[14] = "4",
e = 0; e < 36; e++)
c[e] || (n = 0 | 16 * Math.random(),
c[e] = r[19 === e ? 3 & n | 8 : n]);
return c.join("")
};
function start(username, password) {
let a = _(),
n = (new Date).getTime() - '271',
t = "s54zv9bm1vd5czfujy6nnuxj1l4g2ny6",
r = CryptoJS.MD5(n + a + CryptoJS.MD5(a + t + n).toString()).toString()
return {
userName: username,
password: T(password, F(username)),
referrer: 'wap',
mainVersion: '300031500',
comParam_curTime: n,
comParam_seqCode: a,
comParam_signature: r,
isCheck: 'True',
locale: 'zh-cn',
}
}
python脚本
import execjs
import requests
username = '12dfa3@163.com'
password = '123456sfs'
headers = {
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9',
'Accept-Encoding': 'gzip, deflate, br', 'Accept-Language': 'zh-CN,zh;q=0.9', 'Cache-Control': 'no-cache',
'Connection': 'keep-alive', 'Cookie': 'loginToken=0c434916-cfe2-4c7a-897c-b39af46b6fca', 'Host': 'm.ctyun.cn',
'Pragma': 'no-cache', 'sec-ch-ua': '"Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"',
'sec-ch-ua-mobile': '?1', 'sec-ch-ua-platform': '"Android"', 'Sec-Fetch-Dest': 'document',
'Sec-Fetch-Mode': 'navigate', 'Sec-Fetch-Site': 'none', 'Sec-Fetch-User': '?1', 'Upgrade-Insecure-Requests': '1',
'User-Agent': 'Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Mobile Safari/537.36'}
url = 'https://m.ctyun.cn/account/login'
with open('./main.js', 'r')as f:
js = execjs.compile(f.read())
params = js.call('start', username, password)
print(params)
response = requests.get(url=url, params=params, headers=headers)
print(response.status_code)
print(response.text)