企知道加密逆向:揭秘数据解密过程
引言
在当今的互联网时代,数据安全与隐私保护显得尤为重要。许多平台为了保护用户数据,采用了各种加密技术。今天,我们将深入探讨“企知道”平台的数据加密与解密过程,通过逆向工程揭示其背后的技术细节。
企知道平台简介
“企知道”是一个提供企业信息查询服务的平台,用户可以通过该平台获取企业的详细信息。为了保护数据的安全性,平台在数据传输和存储过程中采用了加密技术。
加密与解密过程
- user-agent-web和响应体的AES解密
import base64
from Crypto.Cipher import AES
from Crypto.Util.Padding import unpad
import requests, execjs
def decrypt(data):
html = base64.b64decode(data)
key = b'xc46VoB49X3PGYAg'
aes = AES.new(key=key, mode=AES.MODE_ECB)
info = aes.decrypt(html)
decrypt_data = unpad(info, 16).decode()
return decrypt_data
def webid():
js = '''
const crypto = require('crypto');
window = {}
window.navigator ={
userAgent:'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36'
}
function md5(data){
return crypto.createHash('md5').update(String(data)).digest('hex');
}
function z_i() {
var t = undefined;
var e = (t || window.navigator.userAgent || Object(a_m)(4, 8)) + (new Date).getTime() + Object(a_m)(4, 8);
return 'X/'.concat(md5(e))
}
function a_m(t, e, n) {
var r, o = "";
void 0 === t && (t = 6),
"string" == typeof e && (n = e),
r = e && "number" == typeof e ? Math.round(Math.random() * (e - t)) + t : t,
n = n || "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
for (var i = 0; i < r; i++) {
var a = Math.round(Math.random() * (n.length - 1));
o += n.substring(a, a + 1)
}
return o
}
'''
exec = execjs.compile(js)
return exec.call('z_i')
h = {
"accept": "application/json, text/plain, */*",
"content-type": "application/json;charset=UTF-8",
"origin": "https://www.qizhidao.com",
"user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36",
"user-agent-web": webid(),
}
2.响应体AES解密
`headers = {
'accept': 'application/json, text/plain, */*',
'accept-language': 'zh-CN,zh;q=0.9,ja;q=0.8',
'accesstoken': 'eyJhbGciOiJIUzUxMiJ9.ZXlKNmFYQWlPaUpFUlVZaUxDSmhiR2NpT2lKa2FYSWlMQ0psYm1NaU9pSkJNVEk0UTBKRExVaFRNalUySW4wLi5rdWdWREt0bkp0bFplamtuWXBKQ3FnLkczX0xGbWhSMDFsV2QxSHpUNk0zTXFGUDdVOUtIVk9Hc19GcnI0V3RCMk5iSmxEdTN6SFppaWllNTQyRkc1OWpXUzJBVjBONm5WeFJMaV9ncXlPRzA4NDdnU3JuNThqWUxyak92OEk3UXR2cFJlR2RlMkQzZGpkZDNPcDBNRENSVG1PN1BsbXdPRlEwNkVDS3BjeDJDUXI4azhpVU1HT3lpMWNmdUNpTkhVbmlOcjY0LTR5d0xSQWtYMnV4RDN3aEFlLXRxcE9XQ3NGaS1LTlVTMVJ3MEZxYkpHSkNxT2VEOW9fWkJvQU5rTmcuVG52YnJZZi1yUUk5bXVQY0x0a01VUQ.DLY-GhfSeQygZ29fkDEEJ7_TC1OUgAG8D0cq_cJU1O77TOBx2t-WEo3l-F-SQZInm_WwKwrNnlJcSas5uGMGkw',
'cache-control': 'no-cache',
'content-type': 'application/json; charset=UTF-8',
'cookie': 'wz_uuid=X%2F8af57e65084681cd4e6eb5cd47833e12; sensorsdata2015jssdkchannel=%7B%22prop%22%3A%7B%22_sa_channel_landing_url%22%3A%22%22%7D%7D; sensorsdata2015jssdkcross=%7B%22distinct_id%22%3A%22ee785505c9264ec28c5159483bd20fa3%22%2C%22first_id%22%3A%2219154cf949c1293-0fd8cf5411b2e3-18525637-2304000-19154cf949d2ad0%22%2C%22props%22%3A%7B%22%24latest_traffic_source_type%22%3A%22%E7%9B%B4%E6%8E%A5%E6%B5%81%E9%87%8F%22%2C%22%24latest_search_keyword%22%3A%22%E6%9C%AA%E5%8F%96%E5%88%B0%E5%80%BC_%E7%9B%B4%E6%8E%A5%E6%89%93%E5%BC%80%22%2C%22%24latest_referrer%22%3A%22%22%7D%2C%22identities%22%3A%22eyIkaWRlbnRpdHlfY29va2llX2lkIjoiMTkxNTRjZjk0OWMxMjkzLTBmZDhjZjU0MTFiMmUzLTE4NTI1NjM3LTIzMDQwMDAtMTkxNTRjZjk0OWQyYWQwIiwiJGlkZW50aXR5X2xvZ2luX2lkIjoiZWU3ODU1MDVjOTI2NGVjMjhjNTE1OTQ4M2JkMjBmYTMifQ%3D%3D%22%2C%22history_login_id%22%3A%7B%22name%22%3A%22%24identity_login_id%22%2C%22value%22%3A%22ee785505c9264ec28c5159483bd20fa3%22%7D%2C%22%24device_id%22%3A%2219154cf949c1293-0fd8cf5411b2e3-18525637-2304000-19154cf949d2ad0%22%7D; acw_tc=784e2ca617259321143138628e48e1014dbf253b9b1fc52c25bd9e0ef25e0e; Hm_lvt_9ea3e7293b7c088e0d2c88874b63e7dd=1723704777,1724642076,1725932115; HMACCOUNT=2E326638849A0B5E; ticket=eyJhbGciOiJIUzUxMiJ9.ZXlKNmFYQWlPaUpFUlVZaUxDSmhiR2NpT2lKa2FYSWlMQ0psYm1NaU9pSkJNVEk0UTBKRExVaFRNalUySW4wLi5rdWdWREt0bkp0bFplamtuWXBKQ3FnLkczX0xGbWhSMDFsV2QxSHpUNk0zTXFGUDdVOUtIVk9Hc19GcnI0V3RCMk5iSmxEdTN6SFppaWllNTQyRkc1OWpXUzJBVjBONm5WeFJMaV9ncXlPRzA4NDdnU3JuNThqWUxyak92OEk3UXR2cFJlR2RlMkQzZGpkZDNPcDBNRENSVG1PN1BsbXdPRlEwNkVDS3BjeDJDUXI4azhpVU1HT3lpMWNmdUNpTkhVbmlOcjY0LTR5d0xSQWtYMnV4RDN3aEFlLXRxcE9XQ3NGaS1LTlVTMVJ3MEZxYkpHSkNxT2VEOW9fWkJvQU5rTmcuVG52YnJZZi1yUUk5bXVQY0x0a01VUQ.DLY-GhfSeQygZ29fkDEEJ7_TC1OUgAG8D0cq_cJU1O77TOBx2t-WEo3l-F-SQZInm_WwKwrNnlJcSas5uGMGkw; _g_t_=5d12f330a818a7b68d06930bfe27ead3; SSO_SESSION_ID=Y2U5ZjZjYmQtMmY5ZC00Y2VhLWE3ZGEtYjQwZjAzZGM3NGUx; token=eyJhbGciOiJIUzUxMiJ9.ZXlKNmFYQWlPaUpFUlVZaUxDSmhiR2NpT2lKa2FYSWlMQ0psYm1NaU9pSkJNVEk0UTBKRExVaFRNalUySW4wLi5rdWdWREt0bkp0bFplamtuWXBKQ3FnLkczX0xGbWhSMDFsV2QxSHpUNk0zTXFGUDdVOUtIVk9Hc19GcnI0V3RCMk5iSmxEdTN6SFppaWllNTQyRkc1OWpXUzJBVjBONm5WeFJMaV9ncXlPRzA4NDdnU3JuNThqWUxyak92OEk3UXR2cFJlR2RlMkQzZGpkZDNPcDBNRENSVG1PN1BsbXdPRlEwNkVDS3BjeDJDUXI4azhpVU1HT3lpMWNmdUNpTkhVbmlOcjY0LTR5d0xSQWtYMnV4RDN3aEFlLXRxcE9XQ3NGaS1LTlVTMVJ3MEZxYkpHSkNxT2VEOW9fWkJvQU5rTmcuVG52YnJZZi1yUUk5bXVQY0x0a01VUQ.DLY-GhfSeQygZ29fkDEEJ7_TC1OUgAG8D0cq_cJU1O77TOBx2t-WEo3l-F-SQZInm_WwKwrNnlJcSas5uGMGkw; accessToken=eyJhbGciOiJIUzUxMiJ9.ZXlKNmFYQWlPaUpFUlVZaUxDSmhiR2NpT2lKa2FYSWlMQ0psYm1NaU9pSkJNVEk0UTBKRExVaFRNalUySW4wLi5rdWdWREt0bkp0bFplamtuWXBKQ3FnLkczX0xGbWhSMDFsV2QxSHpUNk0zTXFGUDdVOUtIVk9Hc19GcnI0V3RCMk5iSmxEdTN6SFppaWllNTQyRkc1OWpXUzJBVjBONm5WeFJMaV9ncXlPRzA4NDdnU3JuNThqWUxyak92OEk3UXR2cFJlR2RlMkQzZGpkZDNPcDBNRENSVG1PN1BsbXdPRlEwNkVDS3BjeDJDUXI4azhpVU1HT3lpMWNmdUNpTkhVbmlOcjY0LTR5d0xSQWtYMnV4RDN3aEFlLXRxcE9XQ3NGaS1LTlVTMVJ3MEZxYkpHSkNxT2VEOW9fWkJvQU5rTmcuVG52YnJZZi1yUUk5bXVQY0x0a01VUQ.DLY-GhfSeQygZ29fkDEEJ7_TC1OUgAG8D0cq_cJU1O77TOBx2t-WEo3l-F-SQZInm_WwKwrNnlJcSas5uGMGkw; creditNo=%22%22; param_sign=Yamx0A; x-web-ip=114.216.162.68, 121.199.80.185, 120.78.44.141, 100.121.108.10; Hm_lpvt_9ea3e7293b7c088e0d2c88874b63e7dd=1725933163',
'device-id': 'BBgFkW9MoK2NBVWhiaCYRxw3GcvkX0xOVdahV9sUnatws/0ZK2MvzupndS6cQ7oDGvCqyEJrpl5orx3mnZPCuiA==',
'eagleeye-pappname': 'fyw9n1jhpf@07619cbd1f4e9df',
'eagleeye-sessionid': 't0mOL0X9vF2sXs1FCjtajbvlsU8C',
'eagleeye-traceid': '7f8fc837172593330992010304e9df',
'h5version': 'v1.0.0',
'origin': 'https://www.qizhidao.com',
'pragma': 'no-cache',
'priority': 'u=1, i',
'referer': 'https://www.qizhidao.com/',
'sec-ch-ua': '"Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"',
'sec-ch-ua-mobile': '?0',
'sec-ch-ua-platform': '"macOS"',
'sec-fetch-dest': 'empty',
'sec-fetch-mode': 'cors',
'sec-fetch-site': 'same-site',
'sensordeviceid': '19154cf949c1293-0fd8cf5411b2e3-18525637-2304000-19154cf949d2ad0',
'sensorsdistinctid': 'ee785505c9264ec28c5159483bd20fa3',
'signature': '28a8424c13146c4537da02f5db7b7060.3H8lII',
'token': 'eyJhbGciOiJIUzUxMiJ9.ZXlKNmFYQWlPaUpFUlVZaUxDSmhiR2NpT2lKa2FYSWlMQ0psYm1NaU9pSkJNVEk0UTBKRExVaFRNalUySW4wLi5rdWdWREt0bkp0bFplamtuWXBKQ3FnLkczX0xGbWhSMDFsV2QxSHpUNk0zTXFGUDdVOUtIVk9Hc19GcnI0V3RCMk5iSmxEdTN6SFppaWllNTQyRkc1OWpXUzJBVjBONm5WeFJMaV9ncXlPRzA4NDdnU3JuNThqWUxyak92OEk3UXR2cFJlR2RlMkQzZGpkZDNPcDBNRENSVG1PN1BsbXdPRlEwNkVDS3BjeDJDUXI4azhpVU1HT3lpMWNmdUNpTkhVbmlOcjY0LTR5d0xSQWtYMnV4RDN3aEFlLXRxcE9XQ3NGaS1LTlVTMVJ3MEZxYkpHSkNxT2VEOW9fWkJvQU5rTmcuVG52YnJZZi1yUUk5bXVQY0x0a01VUQ.DLY-GhfSeQygZ29fkDEEJ7_TC1OUgAG8D0cq_cJU1O77TOBx2t-WEo3l-F-SQZInm_WwKwrNnlJcSas5uGMGkw',
'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36',
'user-agent-web': webid(),
}`
data = '{"content":"华为","current":3,"found_years":[],"pageSize":20,"platform":1,"isDefinedYears":0,"isSwitch":0}'.encode('utf-8')
response = requests.post('https://app.qizhidao.com/qzd-bff-enterprise/qzd/v1/enterprise/zhichan/enterpriseListV2', headers=headers, data=data)
print(response.json())
print(decrypt_aes(response.json()['data1'], response.json()['hasUse']))
需要注意的是此AES解密的key是一个列表 每次返回的response里面会有一个hasUse就是key的index 所以直接把需要解密的数据跟key的index传到decrypt_aes就好了