Thebackgroundofthiscrackingis:afriendwantstoregularlysynchronizethebusinessinformationofacertaincompany,evaluateandtestit.RelativelymorelikelyistheinterfaceofQi*bao.Afteradayofhardwork,Ifinallygotapoint.Makearecordforfuturereview!1.接口分析c0951f38fbe39d08a765:ea9e74813f6211841f5dccee4398f32ee78bf4a82d23ca00c36e4662a7f275dad91ea7fb13d521567ab0aa3e821225761e349684782d40c3db38ba4a893d931e这段无法解释,其他均可以理解【都是老司机,不解释了】尝试不传这个参数该参数是接口校验值,所以要想爬接口,就必须破解算法2.Howtocrackthealgorithma.ThecharacteristicsofkeyvalueandvaluevalueThekeyvalueis20bits,andthevaluevalueis128bits.Searchaccordingtokeywordsinjs.b.Howtogeneratetherequestparameter[t,e]andusethebreakpointdebuggingofchrome,finallyfoundc.Anewquestioniscoming,whatisthealgorithmoftheparameter[n]?Theimplementationmethodwasfoundbymeansofbreakpoints.[Becausetherearetoomanysingle-stepdebugging,itcan’tbereproduced,soIcan’ttakeascreenshot]Themainprincipleistodividethestringbasedontherequestedurl,getthevalueoftheletter0-65545accordingtothesingleletter,andthentaketheremainder20,accordingtotheremainderValue,fromthesetarray,getthecorrespondingvalueaccordingtothekeyandthenconcatenatetogetn.Thed.nalgorithmisonlythefirststep,andthentherequestedvalueisgeneratedaccordington.Thealgorithmisthathmac512isthesameastheinterfacerequest,youcanbreatheasighofrelief,theworkishalfdone.Next,isthealgorithmforgeneratingtherequestedkey.f.Throughdebugging,itisfoundthatthealgorithmofthekeyandthealgorithmofthevaluearesimilar.Theyareallhmac512encryptionmethods,buttherequestvalueisdifferent,andthenaccordingtothecalculatedencryptionvalue,startfrom10andintercept20.3.Localimplementation4.SummaryThiscrackingofQi*baoisarareaccumulationofexperience.Fromtheothercrackingmethodsofgoogleonthewholenetwork,andhowtodebugitstepbystep,Ifinallycrackedthegenerationalgorithm.Therearehardworkandthoughtsofgivingup,butalsohappinessandasenseofaccomplishment.However,inordertoensurethattheinterestsofothersarenotaffected,somekeytechnologiesinthearticlearenotshown.Thisisjustarecord.Ofcourse,thereshouldbeacompletesetofimplementationplansinthefollow-up.Afterall,atthispoint,ifyoudon'tgetsomethingout,youcan'tsatisfyyourcuriosity.
