python实现爱奇艺登陆的密码RSA加密

  分析爱奇艺登陆post参数中的password

  email:12345678911

  passwd:028d4c1305a6a9baaed3947bade99d4205337fdcabef59b6f7b073f11a220339768b359fd8c8999b934fbf008ee75b9435f23741d3e9251cab8358de6cfde4ac

  agenttype:1

  __NEW:1

  checkExist:1

  piccode:

  lang:

  ptid:01010021010000000000

  verifyPhone:1

  area_code:86

  dfp:a02851d93263354fe2b7f9a1527421045236d10ea384ea0fd798f87000c2f3afac

  envinfo:eyJqbiI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS82My4wLjMyMzkuMjYgU2FmYXJpLzUzNy4zNiBDb3JlLzEuNjMuNjc4OC40MDAgUVFCcm93c2VyLzEwLjMuMjg2NC40MDAiLCJjbSI6InpoLUNOIiwiZ3UiOjI0LCJ1ZiI6MSwianIiOlsxMzY2LDc2OF0sImRpIjpbMTM2Niw3MjhdLCJ6cCI6LTQ4MCwidWgiOjEsInNoIjoxLCJoZSI6MSwiem8iOjEsInJ2IjoidW5rbm93biIsIm54IjoiV2luMzIiLCJpdyI6InVua25vd24iLCJxbSI6WyJDaHJvbWl1bSBQREYgUGx1Z2luOjpQb3J0YWJsZSBEb2N1bWVudCBGb3JtYXQ6OmFwcGxpY2F0aW9uL3gtZ29vZ2xlLWNocm9tZS1wZGZ+cGRmIiwiQ2hyb21pdW0gUERGIFZpZXdlcjo6OjphcHBsaWNhdGlvbi9wZGZ+cGRmIiwiTmF0aXZlIENsaWVudDo6OjphcHBsaWNhdGlvbi94LW5hY2x+LGFwcGxpY2F0aW9uL3gtcG5hY2x+IiwiU2hvY2t3YXZlIEZsYXNoOjpTaG9ja3dhdmUgRmxhc2ggMjcuOSByOTo6YXBwbGljYXRpb24veC1zaG9ja3dhdmUtZmxhc2h+c3dmLGFwcGxpY2F0aW9uL2Z1dHVyZXNwbGFzaH5zcGwiLCJXaWRldmluZSBDb250ZW50IERlY3J5cHRpb24gTW9kdWxlOjpFbmFibGVzIFdpZGV2aW5lIGxpY2Vuc2VzIGZvciBwbGF5YmFjayBvZiBIVE1MIGF1ZGlvL3ZpZGVvIGNvbnRlbnQuICh2ZXJzaW9uOiAxLjQuOC4xMDI5KTo6YXBwbGljYXRpb24veC1wcGFwaS13aWRldmluZS1jZG1+Il0sIndyIjoiYzNjOWM3MTdjNzkwODJhZGJlM2YxNDQwNjU3NjVkZWEiLCJ3ZyI6ImI1ZDZkMzY1MmQwZTNkYmI3MDc4YTMzY2JiOWYzZDY0IiwiZmsiOmZhbHNlLCJyZyI6ZmFsc2UsInh5IjpmYWxzZSwiam0iOmZhbHNlLCJiYSI6ZmFsc2UsInRtIjpbMCxmYWxzZSxmYWxzZV0sImF1Ijp0cnVlLCJtaSI6IjZjMmY3ZTNhLTQzMTUtZDkzYi1jZjYxLWIxYWI1MThiOTFmMyIsImNsIjoiUENXRUIiLCJzdiI6IjEuMCIsImpnIjoiYzhjNTQ0Nzk0MTNmZDAyY2NmMzM0MDk3YjVmNWVlODYiLCJmaCI6ImV1anRmbjlqd3BucTltejJ3OWpqcTFvdiIsImlmbSI6W3RydWUsNDYwLDQyMCwiaHR0cHM6Ly93d3cuaXFpeWkuY29tLyJdLCJleCI6IiIsImR2Ijoib24iLCJwdiI6ZmFsc2V9

  全局查找password综合分析得到下面发送请求的js

  methods: {

  send: function(e, t) {

  var i=this;

  e=e || {},

  e.passwd && (e.passwd=r.rsaFun(e.passwd)),

  s.getEnvAndDfp(function(a) {

  "A00000"==a.code ? (e.dfp=a.data.dfp,

  e.envinfo=a.data.env) : (e.dfp="",

  e.envinfo=""),

  i._remoteInterface.send({

  ifname: "login",

  param: e,

  domain: o

  }, function(e) {

  t && t(e)

  })

  })

  },

  可以知道e.passwd=r.rsaFun(e.passwd)

  密码是RSA非对称加密方式,继续查询r.rsaFun得到下面减肥后的函数:

  rsaFun: function(e) {

  var t="ab86b6371b5318aaa1d3c9e612a9f1264f372323c8c0f19875b5fc3b3fd3afcc1e5bec527aa94bfa85bffc157e4245aebda05389a5357b75115ac94f074aefcd"

  , n="10001"

  , a=Q.crypto.rsa.RSAUtils.getKeyPair(n, "", t)

  , i=Q.crypto.rsa.RSAUtils.encryptedString(a, encodeURIComponent(e)).replace(/\s/g, "-");

  return i

  }

  可以得到公钥和偏移量,再继续查询getKeyPair,可得到加密函数

  var c=function(a, b) {

  function c(a) {

  var b=f

  , c=b.biDivideByRadixPower(a, this.k - 1)

  , d=b.biMultiply(c, this.mu)

  , e=b.biDivideByRadixPower(d, this.k + 1)

  , g=b.biModuloByRadixPower(a, this.k + 1)

  , h=b.biMultiply(e, this.modulus)

  , i=b.biModuloByRadixPower(h, this.k + 1)

  , j=b.biSubtract(g, i);

  j.isNeg && (j=b.biAdd(j, this.bkplus1));

  for (var k=b.biCompare(j, this.modulus) >=0; k; )

  j=b.biSubtract(j, this.modulus),

  k=b.biCompare(j, this.modulus) >=0;

  return j

  }

  function d(a, b) {

  var c=f.biMultiply(a, b);

  return this.modulo(c)

  }

  function e(a, b) {

  var c=new t;

  c.digits[0]=1;

  for (var d=a, e=b; ; ) {

  if (0 !=(1 & e.digits[0]) && (c=this.multiplyMod(c, d)),

  e=f.biShiftRight(e, 1),

  0==e.digits[0] && 0==f.biHighIndex(e))

  break;

  d=this.multiplyMod(d, d)

  }

  return c

  }

  var f, g={};

  "undefined"==typeof g.RSAUtils && (f=g.RSAUtils={});

  var h, k, l, m, n=16, o=n, p=65536, q=p >>> 1, r=p * p, s=p - 1, t=g.BigInt=function(a) {

  this.digits="boolean"==typeof a && a===!0 ? null : k.slice(0),

  this.isNeg=!1

  }

  ;

  f.setMaxDigits=function(a) {

  h=a,

  k=new Array(h);

  for (var b=0; b < k.length; b++)

  k[b]=0;

  l=new t,

  m=new t,

  m.digits[0]=1

  }

  ,

  f.setMaxDigits(20);

  var u=15;

  f.biFromNumber=function(a) {

  var b=new t;

  b.isNeg=0 > a,

  a=Math.abs(a);

  for (var c=0; a > 0; )

  b.digits[c++]=a & s,

  a=Math.floor(a / p);

  return b

  }

  ;

  var v=f.biFromNumber(1e15);

  f.biFromDecimal=function(a) {

  for (var b, c="-"==a.charAt(0), d=c ? 1 : 0; d < a.length && "0"==a.charAt(d); )

  ++d;

  字数超限,有删除

  f.encryptedString=function(a, b) {

  for (var c=[], d=b.length, e=0; d > e; )

  c[e]=b.charCodeAt(e),

  e++;

  for (; 0 !=c.length % a.chunkSize; )

  c[e++]=0;

  var g, h, i, j=c.length, k="";

  for (e=0; j > e; e +=a.chunkSize) {

  for (i=new t,

  g=0,

  h=e; h < e + a.chunkSize; ++g)

  i.digits[g]=c[h++],

  i.digits[g] +=c[h++] << 8;

  var l=a.barrett.powMod(i, a.e)

  , m=16==a.radix ? f.biToHex(l) : f.biToString(l, a.radix);

  k +=m + " "

  }

  return k.substring(0, k.length - 1)

  }

  ,

  f.decryptedString=function(a, b) {

  var c, d, e, g=b.split(" "), h="";

  for (c=0; c < g.length; ++c) {

  var i;

  for (i=16==a.radix ? f.biFromHex(g[c]) : f.biFromString(g[c], a.radix),

  e=a.barrett.powMod(i, a.d),

  d=0; d <=f.biHighIndex(e); ++d)

  h +=String.fromCharCode(255 & e.digits[d], e.digits[d] >> 8)

  }

  return 0==h.charCodeAt(h.length - 1) && (h=h.substring(0, h.length - 1)),

  h

  }

  ,

  f.setMaxDigits(130),

  b[a]=g

  }(a, b);

  对其进行调试改写

  var b={};

  var a={};

  function c(a) {

  var b=f,

  c=b.biDivideByRadixPower(a, this.k - 1),

  d=b.biMultiply(c, this.mu),

  e=b.biDivideByRadixPower(d, this.k + 1),

  g=b.biModuloByRadixPower(a, this.k + 1),

  h=b.biMultiply(e, this.modulus),

  i=b.biModuloByRadixPower(h, this.k + 1),

  j=b.biSubtract(g, i);

  j.isNeg && (j=b.biAdd(j, this.bkplus1));

  for (var k=b.biCompare(j, this.modulus) >=0; k;) j=b.biSubtract(j, this.modulus),

  k=b.biCompare(j, this.modulus) >=0;

  return j

  }

  function d(a, b) {

  var c=f.biMultiply(a, b);

  return this.modulo(c)

  }

  function e(a, b) {

  var c=new t;

  c.digits[0]=1;

  for (var d=a,

  e=b;;) {

  if (0 !=(1 & e.digits[0]) && (c=this.multiplyMod(c, d)), e=f.biShiftRight(e, 1), 0==e.digits[0] && 0==f.biHighIndex(e)) break;

  d=this.multiplyMod(d, d)

  }

  return c

  }

  f.biDivide=function(a, b) {

  return f.biDivideModulo(a, b)[0]

  },

  f.biModulo=function(a, b) {

  return f.biDivideModulo(a, b)[1]

  },

  f.biMultiplyMod=function(a, b, c) {

  return f.biModulo(f.biMultiply(a, b), c)

  },

  f.biPow=function(a, b) {

  for (var c=m,

  d=a;;) {

  if (0 !=(1 & b) && (c=f.biMultiply(c, d)), b >>=1, 0==b) break;

  d=f.biMultiply(d, d)

  }

  return c

  },

  f.biPowMod=function(a, b, c) {

  for (var d=m,

  e=a,

  g=b;;) {

  if (0 !=(1 & g.digits[0]) && (d=f.biMultiplyMod(d, e, c)), g=f.biShiftRight(g, 1), 0==g.digits[0] && 0==f.biHighIndex(g)) break;

  e=f.biMultiplyMod(e, e, c)

  }

  return d

  },

  g.BarrettMu=function(a) {

  this.modulus=f.biCopy(a),

  this.k=f.biHighIndex(this.modulus) + 1;

  var b=new t;

  b.digits[2 * this.k]=1,

  this.mu=f.biDivide(b, this.modulus),

  this.bkplus1=new t,

  this.bkplus1.digits[this.k + 1]=1,

  this.modulo=c,

  this.multiplyMod=d,

  this.powMod=e

  };

  var A=function(a, b, c) {

  var d=f;

  this.e=d.biFromHex(a),

  this.d=d.biFromHex(b),

  this.m=d.biFromHex(c),

  this.chunkSize=2 * d.biHighIndex(this.m),

  this.radix=16,

  this.barrett=new g.BarrettMu(this.m)

  };

  f.getKeyPair=function(a, b, c) {

  return new A(a, b, c)

  },

  "undefined"==typeof g.twoDigit && (g.twoDigit=function(a) {

  return (10 > a ? "0" : "") + String(a)

  }),

  f.encryptedString=function(a, b) {

  for (var c=[], d=b.length, e=0; d > e;) c[e]=b.charCodeAt(e),

  e++;

  for (; 0 !=c.length % a.chunkSize;) c[e++]=0;

  var g, h, i, j=c.length,

  k="";

  for (e=0; j > e; e +=a.chunkSize) {

  for (i=new t, g=0, h=e; h < e + a.chunkSize; ++g) i.digits[g]=c[h++],

  i.digits[g] +=c[h++] << 8;

  var l=a.barrett.powMod(i, a.e),

  m=16==a.radix ? f.biToHex(l) : f.biToString(l, a.radix);

  k +=m + " "

  }

  return k.substring(0, k.length - 1)

  },

  f.decryptedString=function(a, b) {

  var c, d, e, g=b.split(" "),

  h="";

  for (c=0; c < g.length; ++c) {

  var i;

  for (i=16==a.radix ? f.biFromHex(g[c]) : f.biFromString(g[c], a.radix), e=a.barrett.powMod(i, a.d), d=0; d <=f.biHighIndex(e); ++d) h +=String.fromCharCode(255 & e.digits[d], e.digits[d] >> 8)

  }

  return 0==h.charCodeAt(h.length - 1) && (h=h.substring(0, h.length - 1)),

  h

  },

  f.setMaxDigits(130),

  b[a]=g

  function getpwd(e) {

  var t="ab86b6371b5318aaa1d3c9e612a9f1264f372323c8c0f19875b5fc3b3fd3afcc1e5bec527aa94bfa85bffc157e4245aebda05389a5357b75115ac94f074aefcd",

  n="10001",

  a=f.getKeyPair(n, "", t),

  i=f.encryptedString(a, encodeURIComponent(e)).replace(/\s/g, "-");

  return i

  };

  简化了调用方式,测试一下getpwd(666666)

  返回结果和传递的值一致。

 

  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值