声明:
本文章中所有内容仅供学习交流,严禁用于商业用途和非法用途,否则由此产生的一切后果均与作者无关,若有侵权,请联系我立即删除!
名称:365玩游戏平台
目标:登入参数
加密类型:MD5
目标网址: http://minilogin.sgty.com/
第一步: 查看接口参数
加密值:password,sign
这里我们一眼就可以看出是用了MD5加密的为什么呢、这里首先要讲为什么每次去请求接口的时候把密码输入为123456,因为输入123456生成的MD5、SHA1等值是常见的我们一眼就能看出来
MD5:e10adc3949ba59abbe56e057f20f883e
SHA1:7c4a8d09ca3762af61e59520943dc26494f8941b
SHA256:8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92
SHA512:ba3253876aed6bc22d4a6ff53d8406c6ad864195ed144ab5c87621b6c233b548baeae6956df346ec8c17f5ea10f35ee3cbc514797ed7ddd3145464e2a0bab413
第二步: 搜索参数名
这里我们初步判断完是MD5后我们再看我们要的参数是否都可以实现,我们可以看到这个password应该就是MD5(密码)去加密的 但是这个sign我们不知道是怎么去生成的,所以这里我们去搜索sign这个参数,我们就可以定位到如下
定位到加密位置后我们再点下登入,我们可以看到传进来的data就是我们输入的明文密码sign=t(k + o.domain)这个o.domain
第一个o.domain的值是static.365wan.com
第二个就是k的值,k的值应该是经过这一段去生成的红色框框部分,我们先看一下生成的k值是怎么样的
这个k值不就是account+MD5(password)+o.domain吗?瞬间豁然开朗
加密要的参数都有了我们下来就差一个t方法了,我们老样子进入t这个方法,我们可以看到这里定义了一个t方法传入参数i返回加密后的参数值 我们直接扣下来用就可以了
第三步:实现加密参数
var t = function(i) {
var a = function(a, i) {
var e, f, b, c, g;
b = a & 2147483648;
c = i & 2147483648;
e = a & 1073741824;
f = i & 1073741824;
g = (a & 1073741823) + (i & 1073741823);
return e & f ? g ^ 2147483648 ^ b ^ c : e | f ? g & 1073741824 ? g ^ 3221225472 ^ b ^ c : g ^ 1073741824 ^ b ^ c : g ^ b ^ c
}, j = function(i, b, c, e, f, g, h) {
i = a(i, a(a(b & c | ~b & e, f), h));
return a(i << g | i >>> 32 - g, b)
}, d = function(i, b, c, e, f, g, h) {
i = a(i, a(a(b & e | c & ~e, f), h));
return a(i << g | i >>> 32 - g, b)
}, m = function(i, b, c, e, g, f, h) {
i = a(i, a(a(b ^ c ^ e, g), h));
return a(i << f | i >>> 32 - f, b)
}, p = function(i, b, c, e, f, g, h) {
i = a(i, a(a(c ^ (b | ~e), f), h));
return a(i << g | i >>> 32 - g, b)
}, l = function(i) {
var a = "", b = "", c;
for (c = 0; c <= 3; c++) {
b = i >>> c * 8 & 255;
b = "0" + b.toString(16);
a = a + b.substr(b.length - 2, 2)
}
return a
}, g = [], h, o, k, q, n, e, f, b, c, g = i, i = g.length;
i > 32 ? (g = g + "".charCodeAt(),
i = i + 4) : 1;
h = i + 8;
o = ((h - h % 64) / 64 + 1) * 16;
k = Array(o - 1);
for (n = q = 0; n < i; ) {
h = (n - n % 4) / 4;
q = n % 4 * 8;
k[h] = k[h] | g.charCodeAt(n) << q;
n++
}
h = (n - n % 4) / 4;
k[h] = k[h] | 128 << n % 4 * 8;
k[o - 2] = i << 3;
k[o - 1] = i >>> 29;
g = k;
e = 1732584193;
f = 4023233417;
b = 2562383102;
c = 271733878;
i = g.length;
for (h = 0; h < i; h = h + 16) {
o = e;
k = f;
q = b;
n = c;
e = j(e, f, b, c, g[h + 0], 7, 3614090360);
c = j(c, e, f, b, g[h + 1], 12, 3905402710);
b = j(b, c, e, f, g[h + 2], 17, 606105819);
f = j(f, b, c, e, g[h + 3], 22, 3250441966);
e = j(e, f, b, c, g[h + 4], 7, 4118548399);
c = j(c, e, f, b, g[h + 5], 12, 1200080426);
b = j(b, c, e, f, g[h + 6], 17, 2821735955);
f = j(f, b, c, e, g[h + 7], 22, 4249261313);
e = j(e, f, b, c, g[h + 8], 7, 1770035416);
c = j(c, e, f, b, g[h + 9], 12, 2336552879);
b = j(b, c, e, f, g[h + 10], 17, 4294925233);
f = j(f, b, c, e, g[h + 11], 22, 2304563134);
e = j(e, f, b, c, g[h + 12], 7, 1804603682);
c = j(c, e, f, b, g[h + 13], 12, 4254626195);
b = j(b, c, e, f, g[h + 14], 17, 2792965006);
f = j(f, b, c, e, g[h + 15], 22, 1236535329);
e = d(e, f, b, c, g[h + 1], 5, 4129170786);
c = d(c, e, f, b, g[h + 6], 9, 3225465664);
b = d(b, c, e, f, g[h + 11], 14, 643717713);
f = d(f, b, c, e, g[h + 0], 20, 3921069994);
e = d(e, f, b, c, g[h + 5], 5, 3593408605);
c = d(c, e, f, b, g[h + 10], 9, 38016083);
b = d(b, c, e, f, g[h + 15], 14, 3634488961);
f = d(f, b, c, e, g[h + 4], 20, 3889429448);
e = d(e, f, b, c, g[h + 9], 5, 568446438);
c = d(c, e, f, b, g[h + 14], 9, 3275163606);
b = d(b, c, e, f, g[h + 3], 14, 4107603335);
f = d(f, b, c, e, g[h + 8], 20, 1163531501);
e = d(e, f, b, c, g[h + 13], 5, 2850285829);
c = d(c, e, f, b, g[h + 2], 9, 4243563512);
b = d(b, c, e, f, g[h + 7], 14, 1735328473);
f = d(f, b, c, e, g[h + 12], 20, 2368359562);
e = m(e, f, b, c, g[h + 5], 4, 4294588738);
c = m(c, e, f, b, g[h + 8], 11, 2272392833);
b = m(b, c, e, f, g[h + 11], 16, 1839030562);
f = m(f, b, c, e, g[h + 14], 23, 4259657740);
e = m(e, f, b, c, g[h + 1], 4, 2763975236);
c = m(c, e, f, b, g[h + 4], 11, 1272893353);
b = m(b, c, e, f, g[h + 7], 16, 4139469664);
f = m(f, b, c, e, g[h + 10], 23, 3200236656);
e = m(e, f, b, c, g[h + 13], 4, 681279174);
c = m(c, e, f, b, g[h + 0], 11, 3936430074);
b = m(b, c, e, f, g[h + 3], 16, 3572445317);
f = m(f, b, c, e, g[h + 6], 23, 76029189);
e = m(e, f, b, c, g[h + 9], 4, 3654602809);
c = m(c, e, f, b, g[h + 12], 11, 3873151461);
b = m(b, c, e, f, g[h + 15], 16, 530742520);
f = m(f, b, c, e, g[h + 2], 23, 3299628645);
e = p(e, f, b, c, g[h + 0], 6, 4096336452);
c = p(c, e, f, b, g[h + 7], 10, 1126891415);
b = p(b, c, e, f, g[h + 14], 15, 2878612391);
f = p(f, b, c, e, g[h + 5], 21, 4237533241);
e = p(e, f, b, c, g[h + 12], 6, 1700485571);
c = p(c, e, f, b, g[h + 3], 10, 2399980690);
b = p(b, c, e, f, g[h + 10], 15, 4293915773);
f = p(f, b, c, e, g[h + 1], 21, 2240044497);
e = p(e, f, b, c, g[h + 8], 6, 1873313359);
c = p(c, e, f, b, g[h + 15], 10, 4264355552);
b = p(b, c, e, f, g[h + 6], 15, 2734768916);
f = p(f, b, c, e, g[h + 13], 21, 1309151649);
e = p(e, f, b, c, g[h + 4], 6, 4149444226);
c = p(c, e, f, b, g[h + 11], 10, 3174756917);
b = p(b, c, e, f, g[h + 2], 15, 718787259);
f = p(f, b, c, e, g[h + 9], 21, 3951481745);
e = a(e, o);
f = a(f, k);
b = a(b, q);
c = a(c, n)
}
return (l(e) + l(f) + l(b) + l(c)).toLowerCase()
};
account = '13755558888'
password = '123456'
domain = "static.365wan.com"
k = account+t(password)
sign = t(k+domain)
console.log(sign)
结果展示:
看完点个赞吧,喜欢的可以点个关注!