猫客网络论坛地址:http://www.bestmk.cn/?thread-150.htm
抓包:
POST https://data.10086.cn/app/login/dispatcherServlet.action HTTP/1.1
Resolution: 1920*1080
mobile: B4F72840D65BAC3775B64A32EC18AD33
Action: login
AppID: com.aspirecn.dcop
Cookie:
IMEI: 716281B3BB0F73F1E8BF15B3E1DC661C
ClientVer: android3.3
Channelid: WDJ006
Content-Type: text/html;charset=UTF-8
ClientHash: 660902b250a0cfa6246a207657924201
Client-Agent: Android_Vandroid3.3/1080*1920
user-id: CF7825ACEB7104688047A3C4C22F954934386D0FB947B2CAFE907B3126752635B7D40D82D1157EF3EF9E94305C7B8D23E513AECFF1E44DDF72A9B7D5424FE280
APIVersion: 1.0.0
ClientVersion: android3.3
Accept-Language: UTF-8
User-Agent: Dalvik/2.1.0 (Linux; U; Android 6.0.1; Unsupported MI Cancro Build/MOB30Z)
Host: data.10086.cn
Connection: Keep-Alive
Accept-Encoding: gzip
Content-Length: 47
{"password":"B15AC6CD1A2C82032508569A2966726D"}
返回:
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=33D6321F49D5B117C1E06459594F3CC3; Path=/app; HttpOnly
Set-Cookie: dcop_cookie__user_phone=X3QRnMz5OCxchQxWc9GAoTVTUzx5MJFgsXzLT4WpfKlJZYwHGM4HSzN0mMg85f5t3nlu0no_QINszRnXHQ4o53jy-hTONP76airkBkFKdAQ; Path=/
Set-Cookie: all_pay_key=L3a-VlTpLiTp8bhNaY079olLHsnZm5Gau0rBmB2_znf_edfb7H3mRCYDNoGuuayVhKz8Aln663CuKOrqjWOYbbIg6_V5taIUanzLYJv0RzxlLGTDuo3UnrudO8gExc2J; Path=/
Set-Cookie: sso_key=90gIrtLvQ1Oz3mXlJ_hZdLry9GETFoikz3P7Awq3sHVvO88hCz8cnJj2kuya39ogPpZUNHHDr18g4pjcHokUsxOk9C-hZH1S6RKRYLzqRUENdmXaFjTG1a1i8_mN49S9; Path=/
Content-Length: 63
Date: Thu, 08 Dec 2016 03:56:25 GMT
{"result":"200","sessionid":"33D6321F49D5B117C1E06459594F3CC3"}
分析:
userid:
public static String b(Context arg4) {
String v0 = System.getProperty(arg4.getPackageName(), null);
if(v0 == null) {
v0 = "android:" + UUID.randomUUID().toString() + System.currentTimeMillis();
System.setProperty(arg4.getPackageName(), v0);
}
return a.a(v0);//a方法就是下面的AES/CBC/PKCS5Padding加密
}
password,mobile,imei加密算法代码
public static String encPasswd(String arg4) {
String v0_2;
try {
Cipher v0_1 = Cipher.getInstance("AES/CBC/PKCS5Padding");
v0_1.init(1, new SecretKeySpec("$015%^Wechat&/S_".getBytes(), "AES"), new IvParameterSpec(new byte[]{112, -106, -100, 39, 8, -90, 46, -79, -103, -18, 13, 98, 79, 42, 40, 110}));
v0_2 = a(v0_1.doFinal(arg4.getBytes("UTF-8")));
}
catch(Exception v0) {
v0.printStackTrace();
v0_2 = null;
}
return v0_2;
}
private static String a(byte[] arg5) {
StringBuffer v2 = new StringBuffer();
int v0;
for(v0 = 0; v0 < arg5.length; ++v0) {
String v1 = Integer.toHexString(arg5[v0] & 255);
if(v1.length() == 1) {
v1 = String.valueOf('0') + v1;
}
v2.append(v1.toUpperCase());
}
return v2.toString();
}
ClientHash算法:
String str="android3.3"+"com.aspirecn.dcop"+"flowpool_aspirecn_2014";
getClientHash(str);
public static String getClientHash(String arg5) {
MessageDigest v0 = null;
try {
v0 = MessageDigest.getInstance("MD5");
v0.reset();
v0.update(arg5.getBytes("UTF-8"));
}
catch(UnsupportedEncodingException v1) {
v1.printStackTrace();
}
catch(NoSuchAlgorithmException v1_1) {
System.out.println("NoSuchAlgorithmException caught!");
System.exit(-1);
}
byte[] v1_2 = v0.digest();
StringBuffer v2 = new StringBuffer();
int v0_1;
for(v0_1 = 0; v0_1 < v1_2.length; ++v0_1) {
if(Integer.toHexString(v1_2[v0_1] & 255).length() == 1) {
v2.append("0").append(Integer.toHexString(v1_2[v0_1] & 255));
}
else {
v2.append(Integer.toHexString(v1_2[v0_1] & 255));
}
}
return v2.toString();
}