贝壳钱包sig分析

15951088268 147852lj

18031529044----18031529044..

 

 

随便输了条帐号，分析登陆sig

===========================================

POST https://api.account.meitu.com/oauth/access_token.json HTTP/1.1

Unlogin-Token: acbe72e325cb8aa3162639e59b09c768

Content-Type: application/x-www-form-urlencoded

Content-Length: 503

Host: api.account.meitu.com

Connection: Keep-Alive

Accept-Encoding: gzip

User-Agent: okhttp/3.10.0

 

phone_cc=86

&client_channel_id=setup

&client_model=Nexus%205

&zip_version=2.5.0.8

&version=1.5.0

&mac=02%3A00%3A00%3A00%3A00%3A00

&client_id=1089867722

&client_language=zh-Hans

&sid=eedfb03a36f0d7465c62d580abf2cefe

&overseas=0

&sig=9e44cf54e391ac05ab092a3062826dc8

&sigVersion=1.2

&password=a123456

&device_name=google-Nexus%205

&sigTime=1531838910334

&phone=13046676555

&grant_type=phone

&os_type=android

&sdk_version=2.5.0

&client_os=6.0

&client_secret=457f936ee3241da4df4f  //固定，根据包名等信息计算出来的

&android_id=1bcbe8011e668a1f

&client_network=WIFI

 

按下面的顺序组装:

oauth/access_token.json+overseas+mac+version+client_id+phone+android_id+sdk_version+zip_version+client_secret+client_os+phone_cc+client_model+client_network+password+os_type+

sid+device_name+grant_type+client_channel_id+client_language+"qA#QH=M+Ns&q+Z&J"+sigTime

 

得到下面这一串原文:

oauth/access_token.json002:00:00:00:00:001.5.01089867722130466765551bcbe8011e668a1f2.5.02.5.0.8457f936ee3241da4df4f6.086Nexus 5WIFIa123456androideedfb03a36f0d7465c62d580abf2cefegoogle-Nexus 5phonesetupzh-HansqA#QH=M+Ns&q+Z&J1531838910334

 

把原文md5后得到:

e944fc453e19ca50ba90a2032628d68c

 

把md5后的值每两位进行交换顺序，得到的值就是请求出去的sig

9e44cf54e391ac05ab092a3062826dc8

 

 

 

 

登陆帐号:18031529044----18031529044.

.==================================

POST https://api.account.meitu.com/oauth/access_token.json HTTP/1.1

Unlogin-Token: b21eea5dbe689502b4b503476c3203ec

Content-Type: application/x-www-form-urlencoded

Content-Length: 509

Host: api.account.meitu.com

Connection: Keep-Alive

Accept-Encoding: gzip

User-Agent: okhttp/3.10.0

 

phone_cc=86&client_channel_id=setup&client_model=Nexus%205&zip_version=2.5.0.9&version=1.5.0&mac=02%3A00%3A00%3A00%3A00%3A00&client_id=1089867722&client_language=zh-Hans&sid=5ad55bb2400fcdaa3d8c7c18d2e4bc40&overseas=0&sig=ae82de849c78967fb69d631dedfc126e&sigVersion=1.2&password=18031529044..&device_name=google-Nexus%205&sigTime=1531840564991&phone=18031529044&grant_type=phone&os_type=android&sdk_version=2.5.0&client_os=6.0&client_secret=457f936ee3241da4df4f&android_id=1bcbe8011e668a1f&client_network=WIFI

 

HTTP/1.1 200 OK

Date: Tue, 17 Jul 2018 15:16:19 GMT

Server: Tengine

Content-Type: application/json;charset=utf-8

X-Powered-By: PHP/5.6.30

Cache-Control: no-cache, must-revalidate

Expires: Sat, 26 Jul 1997 05:00:00 GMT

Access-Control-Allow-Origin: *

Access-Control-Allow-Headers: Access-Token,Unlogin-Token

Access-Control-Expose-Headers: Unlogin-Token

X-Via: 1.1 PSzqstdxfe27:1 (Cdn Cache Server V2.0)

Connection: keep-alive

X-Dscp-Value: 0

CDN: wangsu

Content-Length: 1614

 

{"meta":{"code":0,"msg":"","error":"","request_uri":"\/oauth\/access_token.json","request_id":"5b4e0843b8df59.65333405859436697","sid":"5ad55bb2400fcdaa3d8c7c18d2e4bc40"},"response":{"access_token":"_v2NWY5YzQwMzgjMTUzNDQzMjU3OSM1NzYjMzEjMzE0MWQzZjVjOTEyNWM0OTU0YTAwN2RmNmU1ZGVkN2UzOCMjQkpfU0gjNWI0ZTA4NDM=","expires_at":1534432579,"refresh_token":"ce345bf339d0473f94aaf3b97409baeb","refresh_expires_at":1535728579,"uid":1604075576,"client_id":1089867722,"refresh_time":1533136579,"user":{"id":1604075576,"old_account_uid":"578404753","screen_name":"282095fdsf","country":100000,"province":370000,"city":370900,"country_name":"中国","province_name":"山东","city_name":"泰安","location":"中国山东泰安","avatar":"","gender":"m","birthday":"2015-02-01","description":"","created_at":1531817835,"has_assoc_phone":false,"wallet_flag":{"has_recharge":false,"has_income":false},"idcard_status":1,"assoc_phone_cc":null,"assoc_phone":null,"assoc_uid":null,"phone":"18031529044","phone_cc":86,"has_password":true,"has_phone":true,"email":"","email_verified":false,"external_platforms":[],"avatar_https":""},"suggested_info":{"screen_name":"282095fdsf","gender":"m","country":100000,"province":370000,"city":370900,"description":"","avatar":"","country_name":"中国","province_name":"山东","city_name":"泰安","location":"中国山东泰安","birthday":"2015-02-01"},"register_complete":true,"suggested_screen_name":"282095fdsf","suggested_avatar":"","suggested_gender":"m","suggested_country":100000,"suggested_province":370000,"suggested_city":370900,"suggested_description":"","suggested_avatar_https":""}}

 

md5原文：

oauth/access_token.json002:00:00:00:00:001.5.010898677221803152904418031529044..1bcbe8011e668a1f2.5.02.5.0.9457f936ee3241da4df4f5ad55bb2400fcdaa3d8c7c18d2e4bc406.086Nexus 5WIFIandroidgoogle-Nexus 5phonesetupzh-HansqA#QH=M+Ns&q+Z&J1531840564991

 

领币的请求

==============================================

GET https://api.bec.com/sign_in/get_award.json?gid=1492038125&app_version=10500&imei=000000000000000&with_multi_wallet=1&os_type=android&language=zh-Hans&os_version=23&app_versionName=1.5.0&emulator_check_result=0&channel=setup&pkg=bec.wallet.app&sig=450d53d007cdf5381843c19024c1e9e8&sigTime=1531840913460&sigVersion=1.3 HTTP/1.1

Charset: UTF-8

Content-Type: application/json

os_version: 23

os_type: android

language: zh-Hans

app_version: 10500

app_versionName: 1.5.0

pkg: bec.wallet.app

channel: setup

access-token: _v2NWY5YzQwMzgjMTUzNDQzMjU3OSM1NzYjMzEjMzE0MWQzZjVjOTEyNWM0OTU0YTAwN2RmNmU1ZGVkN2UzOCMjQkpfU0gjNWI0ZTA4NDM=

Host: api.bec.com

Connection: Keep-Alive

Accept-Encoding: gzip

User-Agent: okhttp/3.10.0

 

HTTP/1.1 200 OK

Date: Tue, 17 Jul 2018 15:22:11 GMT

Server: PWS/8.3.1.14

X-Px: nc h0-s2.p7-hkg ( h0-s1093.p1-sin), nc h0-s1093.p1-sin ( origin)

Content-Length: 807

Content-Type: application/json; charset=utf-8

Access-Control-Allow-Origin: *

CDN: TXCDN

Connection: keep-alive

 

{"meta":{"code":900302,"message":"奖励已领取","error":"[sign_in - GetAward] signin.GetAward 获取打卡签到奖励错误, error: {\"code\":900302,\"msg_zhhans\":\"奖励已领取\",\"msg_en\":\"Reward is collected\",\"log\":\"奖励已领取\",\"cause\":null}","request_id":"01cjmdba3e8f37n5wn7yzxp368","request_uri":"/sign_in/get_award.json?gid=1492038125&app_version=10500&imei=000000000000000&with_multi_wallet=1&os_type=android&language=zh-Hans&os_version=23&app_versionName=1.5.0&emulator_check_result=0&channel=setup&pkg=bec.wallet.app&sig=450d53d007cdf5381843c19024c1e9e8&sigTime=1531840913460&sigVersion=1.3"},"response":{"period":"1807171800-1807180000","award_name":"","award_num":"","award_pic":"","next_sign_in_time":1531843200,"hint":"每日0点、6点、12点、18点生成新奖励"}}

 

拼装顺序:

sign_in/get_award.json+imei+emulator_check_result+with_multi_wallet+app_versionName+app_version+gid+os_version+os_type+pkg+channel+language+ "nxr84F4M_!!rmEge"  +sigTime+"Tw5AY783H@EU3#XC"

 

 

md5原文:

 

sign_in/get_award.json000000000000000011.5.010500149203812523androidbec.wallet.appsetupzh-Hansnxr84F4M_!!rmEge1531840913460Tw5AY783H@EU3#XC

 

md5的值:

54d0350d70dc5f8381341c09421c9e8e

交换顺序后得到sig

450d53d007cdf5381843c19024c1e9e8