Js逆向入门之sm加解密
地址:
aHR0cHM6Ly9mdXd1Lm5oc2EuZ292LmNuL25hdGlvbmFsSGFsbFN0LyMvc2VhcmNoL21lZGljYWw/Y29kZT05MDAwMCZmbGFnPWZhbHNlJmdiRmxhZz10cnVlCiA=(base64)
加密参数
1. payload
2. response
3. 如图
4. 目标数据
加密位置
1. signData
2. encData
3.其他参数
**
x-tif-nonce: N7unnPrD
x-tif-signature: 6de8df9e7e64500718720eab273b959a88aa601eaa6afdcf190ee7a5985c51aa
x-tif-timestamp: 1656150301**
方法一:webpack 模块导出
这里只测试了是否可调用
方法二:python 还原
def main():
timestamp = int(time.time())
c, u = ret_u(timestamp)
headers.update({'x-tif-signature': get_sha256(u)})
headers.update({'x-tif-nonce': c})
headers.update({'x-tif-timestamp': str(timestamp)})
encData = data_encryption(
'{"addr":"","regnCode":"110000","medinsName":"","medinsLvCode":"","medinsTypeCode":"","openElec":"","pageNum":1,"pageSize":10}')
data = 'appCode=T98HPCGN5ZVVQBS8LZQNOAEXVI9GYHKQ' \
'&data={"pageNum":"1","pageSize":"10","regnCode":"110000"}' \
'&encType=SM4&signType=SM2' \
f'×tamp={timestamp}' \
'&version=1.0.0&key=NMVFVILMKT13GEMD3BKPKCTBOQBPZR2P'
signData = js_code.call('get_sign', data)
# signData = sm2_sign(data)
payload = {
'data':
{
"data": {
"encData": encData
},
"appCode": "T98HPCGN5ZVVQBS8LZQNOAEXVI9GYHKQ",
"version": "1.0.0",
"encType": "SM4",
"signType": "SM2",
"timestamp": timestamp,
"signData": signData
}
}
response = requests.post(url='https://fuwu.nhsa.gov.cn/ebus/fuwu/api/nthl/api/CommQuery/queryFixedHospital',
json=payload, headers=headers)
print('res::', response.text)
print('res::', json.loads(data_decryption(response.json()['data']['data']['encData'])))
if __name__ == '__main__':
main()
以上只是部分代码
sm2签名也不是python版本
不够完美
测试结果:
结束