python实现爱奇艺登陆的密码RSA加密

其他 2019-01-03 00:24:17 阅读次数: 0
版权声明:禁止转载至其它平台,转载至博客需带上此文链接。 https://blog.csdn.net/qq_41841569/article/details/85463039

python实现爱奇艺登陆的密码RSA加密

分析爱奇艺登陆post参数中的password

python实现爱奇艺登陆的密码RSA加密

email:12345678911
passwd:028d4c1305a6a9baaed3947bade99d4205337fdcabef59b6f7b073f11a220339768b359fd8c8999b934fbf008ee75b9435f23741d3e9251cab8358de6cfde4ac
agenttype:1
__NEW:1
checkExist:1
piccode:
lang:
ptid:01010021010000000000
verifyPhone:1
area_code:86
dfp:a02851d93263354fe2b7f9a1527421045236d10ea384ea0fd798f87000c2f3afac
envinfo:eyJqbiI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS82My4wLjMyMzkuMjYgU2FmYXJpLzUzNy4zNiBDb3JlLzEuNjMuNjc4OC40MDAgUVFCcm93c2VyLzEwLjMuMjg2NC40MDAiLCJjbSI6InpoLUNOIiwiZ3UiOjI0LCJ1ZiI6MSwianIiOlsxMzY2LDc2OF0sImRpIjpbMTM2Niw3MjhdLCJ6cCI6LTQ4MCwidWgiOjEsInNoIjoxLCJoZSI6MSwiem8iOjEsInJ2IjoidW5rbm93biIsIm54IjoiV2luMzIiLCJpdyI6InVua25vd24iLCJxbSI6WyJDaHJvbWl1bSBQREYgUGx1Z2luOjpQb3J0YWJsZSBEb2N1bWVudCBGb3JtYXQ6OmFwcGxpY2F0aW9uL3gtZ29vZ2xlLWNocm9tZS1wZGZ+cGRmIiwiQ2hyb21pdW0gUERGIFZpZXdlcjo6OjphcHBsaWNhdGlvbi9wZGZ+cGRmIiwiTmF0aXZlIENsaWVudDo6OjphcHBsaWNhdGlvbi94LW5hY2x+LGFwcGxpY2F0aW9uL3gtcG5hY2x+IiwiU2hvY2t3YXZlIEZsYXNoOjpTaG9ja3dhdmUgRmxhc2ggMjcuOSByOTo6YXBwbGljYXRpb24veC1zaG9ja3dhdmUtZmxhc2h+c3dmLGFwcGxpY2F0aW9uL2Z1dHVyZXNwbGFzaH5zcGwiLCJXaWRldmluZSBDb250ZW50IERlY3J5cHRpb24gTW9kdWxlOjpFbmFibGVzIFdpZGV2aW5lIGxpY2Vuc2VzIGZvciBwbGF5YmFjayBvZiBIVE1MIGF1ZGlvL3ZpZGVvIGNvbnRlbnQuICh2ZXJzaW9uOiAxLjQuOC4xMDI5KTo6YXBwbGljYXRpb24veC1wcGFwaS13aWRldmluZS1jZG1+Il0sIndyIjoiYzNjOWM3MTdjNzkwODJhZGJlM2YxNDQwNjU3NjVkZWEiLCJ3ZyI6ImI1ZDZkMzY1MmQwZTNkYmI3MDc4YTMzY2JiOWYzZDY0IiwiZmsiOmZhbHNlLCJyZyI6ZmFsc2UsInh5IjpmYWxzZSwiam0iOmZhbHNlLCJiYSI6ZmFsc2UsInRtIjpbMCxmYWxzZSxmYWxzZV0sImF1Ijp0cnVlLCJtaSI6IjZjMmY3ZTNhLTQzMTUtZDkzYi1jZjYxLWIxYWI1MThiOTFmMyIsImNsIjoiUENXRUIiLCJzdiI6IjEuMCIsImpnIjoiYzhjNTQ0Nzk0MTNmZDAyY2NmMzM0MDk3YjVmNWVlODYiLCJmaCI6ImV1anRmbjlqd3BucTltejJ3OWpqcTFvdiIsImlmbSI6W3RydWUsNDYwLDQyMCwiaHR0cHM6Ly93d3cuaXFpeWkuY29tLyJdLCJleCI6IiIsImR2Ijoib24iLCJwdiI6ZmFsc2V9

全局查找password综合分析得到下面发送请求的js

methods: {
 send: function(e, t) {
 var i = this;
 e = e || {},
 e.passwd && (e.passwd = r.rsaFun(e.passwd)),
 s.getEnvAndDfp(function(a) {
 "A00000" == a.code ? (e.dfp = a.data.dfp,
 e.envinfo = a.data.env) : (e.dfp = "",
 e.envinfo = ""),
 i._remoteInterface.send({
 ifname: "login",
 param: e,
 domain: o
 }, function(e) {
 t && t(e)
 })
 })
 },

可以知道e.passwd = r.rsaFun(e.passwd)

密码是RSA非对称加密方式,继续查询r.rsaFun得到下面函数:

 rsaFun: function(e) {
 var t = "ab86b6371b5318aaa1d3c9e612a9f1264f372323c8c0f19875b5fc3b3fd3afcc1e5bec527aa94bfa85bffc157e4245aebda05389a5357b75115ac94f074aefcd"
 , n = "10001"
 , a = Q.crypto.rsa.RSAUtils.getKeyPair(n, "", t)
 , i = Q.crypto.rsa.RSAUtils.encryptedString(a, encodeURIComponent(e)).replace(/s/g, "-");
 return i
 }

可以得到公钥和偏移量,再继续查询getKeyPair,可得到加密函数

var c = function(a, b) {
 function c(a) {
 var b = f
 , c = b.biDivideByRadixPower(a, this.k - 1)
 , d = b.biMultiply(c, this.mu)
 , e = b.biDivideByRadixPower(d, this.k + 1)
 , g = b.biModuloByRadixPower(a, this.k + 1)
 , h = b.biMultiply(e, this.modulus)
 , i = b.biModuloByRadixPower(h, this.k + 1)
 , j = b.biSubtract(g, i);
 j.isNeg && (j = b.biAdd(j, this.bkplus1));
 for (var k = b.biCompare(j, this.modulus) >= 0; k; )
 j = b.biSubtract(j, this.modulus),
 k = b.biCompare(j, this.modulus) >= 0;
 return j
 }
 function d(a, b) {
 var c = f.biMultiply(a, b);
 return this.modulo(c)
 }
 function e(a, b) {
 var c = new t;
 c.digits[0] = 1;
 for (var d = a, e = b; ; ) {
 if (0 != (1 & e.digits[0]) && (c = this.multiplyMod(c, d)),
 e = f.biShiftRight(e, 1),
 0 == e.digits[0] && 0 == f.biHighIndex(e))
 break;
 d = this.multiplyMod(d, d)
 }
 return c
 }
 var f, g = {};
 "undefined" == typeof g.RSAUtils && (f = g.RSAUtils = {});
 var h, k, l, m, n = 16, o = n, p = 65536, q = p >>> 1, r = p * p, s = p - 1, t = g.BigInt = function(a) {
 this.digits = "boolean" == typeof a && a === !0 ? null : k.slice(0),
 this.isNeg = !1
 }
 ;
 f.setMaxDigits = function(a) {
 h = a,
 k = new Array(h);
 for (var b = 0; b < k.length; b++)
 k[b] = 0;
 l = new t,
 m = new t,
 m.digits[0] = 1
 }
 ,
 f.setMaxDigits(20);
 var u = 15;
 f.biFromNumber = function(a) {
 var b = new t;
 b.isNeg = 0 > a,
 a = Math.abs(a);
 for (var c = 0; a > 0; )
 b.digits[c++] = a & s,
 a = Math.floor(a / p);
 return b
 }
 ;
 var v = f.biFromNumber(1e15);
 f.biFromDecimal = function(a) {
 for (var b, c = "-" == a.charAt(0), d = c ? 1 : 0; d < a.length && "0" == a.charAt(d); )
 ++d;
 字数超限,有删除
 f.encryptedString = function(a, b) {
 for (var c = [], d = b.length, e = 0; d > e; )
 c[e] = b.charCodeAt(e),
 e++;
 for (; 0 != c.length % a.chunkSize; )
 c[e++] = 0;
 var g, h, i, j = c.length, k = "";
 for (e = 0; j > e; e += a.chunkSize) {
 for (i = new t,
 g = 0,
 h = e; h < e + a.chunkSize; ++g)
 i.digits[g] = c[h++],
 i.digits[g] += c[h++] << 8;
 var l = a.barrett.powMod(i, a.e)
 , m = 16 == a.radix ? f.biToHex(l) : f.biToString(l, a.radix);
 k += m + " "
 }
 return k.substring(0, k.length - 1)
 }
 ,
 f.decryptedString = function(a, b) {
 var c, d, e, g = b.split(" "), h = "";
 for (c = 0; c < g.length; ++c) {
 var i;
 for (i = 16 == a.radix ? f.biFromHex(g[c]) : f.biFromString(g[c], a.radix),
 e = a.barrett.powMod(i, a.d),
 d = 0; d <= f.biHighIndex(e); ++d)
 h += String.fromCharCode(255 & e.digits[d], e.digits[d] >> 8)
 }
 return 0 == h.charCodeAt(h.length - 1) && (h = h.substring(0, h.length - 1)),
 h
 }
 ,
 f.setMaxDigits(130),
 b[a] = g
 }(a, b);

对其进行调试改写

var b = {};
var a = {};
function c(a) {
 var b = f,
 c = b.biDivideByRadixPower(a, this.k - 1),
 d = b.biMultiply(c, this.mu),
 e = b.biDivideByRadixPower(d, this.k + 1),
 g = b.biModuloByRadixPower(a, this.k + 1),
 h = b.biMultiply(e, this.modulus),
 i = b.biModuloByRadixPower(h, this.k + 1),
 j = b.biSubtract(g, i);
 j.isNeg && (j = b.biAdd(j, this.bkplus1));
 for (var k = b.biCompare(j, this.modulus) >= 0; k;) j = b.biSubtract(j, this.modulus),
 k = b.biCompare(j, this.modulus) >= 0;
 return j
}
function d(a, b) {
 var c = f.biMultiply(a, b);
 return this.modulo(c)
}
function e(a, b) {
 var c = new t;
 c.digits[0] = 1;
 for (var d = a,
 e = b;;) {
 if (0 != (1 & e.digits[0]) && (c = this.multiplyMod(c, d)), e = f.biShiftRight(e, 1), 0 == e.digits[0] && 0 == f.biHighIndex(e)) break;
 d = this.multiplyMod(d, d)
 }
 return c
}
f.biDivide = function(a, b) {
 return f.biDivideModulo(a, b)[0]
},
f.biModulo = function(a, b) {
 return f.biDivideModulo(a, b)[1]
},
f.biMultiplyMod = function(a, b, c) {
 return f.biModulo(f.biMultiply(a, b), c)
},
f.biPow = function(a, b) {
 for (var c = m,
 d = a;;) {
 if (0 != (1 & b) && (c = f.biMultiply(c, d)), b >>= 1, 0 == b) break;
 d = f.biMultiply(d, d)
 }
 return c
},
f.biPowMod = function(a, b, c) {
 for (var d = m,
 e = a,
 g = b;;) {
 if (0 != (1 & g.digits[0]) && (d = f.biMultiplyMod(d, e, c)), g = f.biShiftRight(g, 1), 0 == g.digits[0] && 0 == f.biHighIndex(g)) break;
 e = f.biMultiplyMod(e, e, c)
 }
 return d
},
g.BarrettMu = function(a) {
 this.modulus = f.biCopy(a),
 this.k = f.biHighIndex(this.modulus) + 1;
 var b = new t;
 b.digits[2 * this.k] = 1,
 this.mu = f.biDivide(b, this.modulus),
 this.bkplus1 = new t,
 this.bkplus1.digits[this.k + 1] = 1,
 this.modulo = c,
 this.multiplyMod = d,
 this.powMod = e
};
var A = function(a, b, c) {
 var d = f;
 this.e = d.biFromHex(a),
 this.d = d.biFromHex(b),
 this.m = d.biFromHex(c),
 this.chunkSize = 2 * d.biHighIndex(this.m),
 this.radix = 16,
 this.barrett = new g.BarrettMu(this.m)
};
f.getKeyPair = function(a, b, c) {
 return new A(a, b, c)
},
 "undefined" == typeof g.twoDigit && (g.twoDigit = function(a) {
 return (10 > a ? "0" : "") + String(a)
}),
f.encryptedString = function(a, b) {
 for (var c = [], d = b.length, e = 0; d > e;) c[e] = b.charCodeAt(e),
 e++;
 for (; 0 != c.length % a.chunkSize;) c[e++] = 0;
 var g, h, i, j = c.length,
 k = "";
 for (e = 0; j > e; e += a.chunkSize) {
 for (i = new t, g = 0, h = e; h < e + a.chunkSize; ++g) i.digits[g] = c[h++],
 i.digits[g] += c[h++] << 8;
 var l = a.barrett.powMod(i, a.e),
 m = 16 == a.radix ? f.biToHex(l) : f.biToString(l, a.radix);
 k += m + " "
 }
 return k.substring(0, k.length - 1)
},
f.decryptedString = function(a, b) {
 var c, d, e, g = b.split(" "),
 h = "";
 for (c = 0; c < g.length; ++c) {
 var i;
 for (i = 16 == a.radix ? f.biFromHex(g[c]) : f.biFromString(g[c], a.radix), e = a.barrett.powMod(i, a.d), d = 0; d <= f.biHighIndex(e); ++d) h += String.fromCharCode(255 & e.digits[d], e.digits[d] >> 8)
 }
 return 0 == h.charCodeAt(h.length - 1) && (h = h.substring(0, h.length - 1)),
 h
},
f.setMaxDigits(130),
b[a] = g
function getpwd(e) {
 var t = "ab86b6371b5318aaa1d3c9e612a9f1264f372323c8c0f19875b5fc3b3fd3afcc1e5bec527aa94bfa85bffc157e4245aebda05389a5357b75115ac94f074aefcd",
 n = "10001",
 a = f.getKeyPair(n, "", t),
 i = f.encryptedString(a, encodeURIComponent(e)).replace(/s/g, "-");
 return i
};

简化了调用方式,测试一下getpwd(666666)

返回结果和传递的值一致

猜你喜欢

转载自blog.csdn.net/qq_41841569/article/details/85463039
今日推荐
openKylin 社区生态委员会第六次会议圆满召开
阿里云正式发布通义千问 2.5
Python 3.13 发布首个 Beta:实验性自由线程模式和 JIT、改进交互式解释器
Stack Overflow 拿我的代码去训练 AI 大模型,还封了我的账号
Pop!_OS 的 COSMIC 桌面完成 App Store 上架工作
报告:Django 仍然是 74% 开发者的首选
《2024 年一季度互联网投融资运行情况》研究报告
15 年前上了“FFmpeg 耻辱柱”,今天他还得谢谢咱——腾讯QQPlayer一雪前耻?
TIOBE 5 月榜单:Fortran “复活”进入 Top 10
GCC 14.1 发布
面壁智能发布 Eurux-8x22B 开源大模型 —— 堪称「理科状元」
开源日报 | 谷歌扶持鸿蒙上位;开源Rabbit R1;Docker加持的安卓手机;微软的焦虑和野心;海尔电器把开放平台关了
周排行
计算机组成与设计(七)—— 除法器
Integer Approximation(分治+枚举)
大话数据库索引
windows10系统JDK的配置及下载地址
mysql实现秒值转换中原六仔平台搭建
Codeforces Round #556 (Div. 1)
百练1064 网线主管
Codeforces 995F Cowmpany Cowmpensation
子集生成之增量构造法,位向量法,二进制法
ERROR: cmd.exe failed with args /c "/APK\gradle\rungradle.bat...
每日归档
更多
2024-05-10(38)
2024-05-09(35)
2024-05-08(42)
2024-05-07(14)
2024-05-06(40)
2024-05-05(0)
2024-05-04(7)
2024-05-03(19)
2024-05-02(0)
2024-05-01(4)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022