某保险行业协会接口返回加密数据解密算法

查看 142|回复 11
作者:threettiger   
查看某保险行业协会接口数据,发现都是加密的:


image.png (110.6 KB, 下载次数: 0)
下载附件
2024-8-17 15:39 上传

一般web网站很多都是使用异步请求使用ajax,


image.png (91.13 KB, 下载次数: 0)
下载附件
2024-8-17 15:23 上传

搜索“json.parse”有多处使用,


image.png (226.87 KB, 下载次数: 0)
下载附件
2024-8-17 15:25 上传

继续搜索请求地址中的“prodtermsinfo”,精准锁定解密位置,打下断点后,发现解密函数及解密后的数据。


image.png (250.27 KB, 下载次数: 0)
下载附件
2024-8-17 15:27 上传

[JavaScript] 纯文本查看 复制代码var l = Object(i["a"])(t.data);
找到i["a"]函数的定义也就是js解密函数:


image.png (149.09 KB, 下载次数: 0)
下载附件
2024-8-17 15:31 上传

[JavaScript] 纯文本查看 复制代码function r(e, t, n) {
            e = e.replaceAll("_", "+");
            var a = s
              , o = c;
            t && (a = i.a.enc.Utf8.parse(t),
            o = i.a.enc.Utf8.parse(n));
            var r = i.a.enc.Base64.parse(e)
              , l = i.a.enc.Base64.stringify(r)
              , d = i.a.AES.decrypt(l, a, {
                iv: o,
                mode: i.a.mode.CBC,
                padding: i.a.pad.ZeroPadding
            })
通过断点调试到解密函数,抓取到
t,n,a,o等参数,发现t,n为空未定义,
a words值为[811873078, 1664497716, 909534512, 912406841]
o words值为[808989744, 1697789748, 942748209, 875783733]


image.png (157.7 KB, 下载次数: 0)
下载附件
2024-8-17 15:35 上传

最终转换成python解密算法代码:
[Python] 纯文本查看 复制代码from base64 import b64decode
from Crypto.Cipher import AES
import struct
def decrypt_aes(e, t=None, n=None):
    # 将字符串中的 "_" 替换为 "+"
    e = e.replace("_", "+")
    # 如果 t 和 n 被提供,进行编码转换
    if t and n:
        a = t.encode('utf-8')
        o = n.encode('utf-8')
    else:
        # 如果未提供 t 和 n,默认处理
        # 从web调试过程中获取的 words 和 sigBytes
        a_words = [811873078, 1664497716, 909534512, 912406841]
        o_words = [808989744, 1697789748, 942748209, 875783733]
        # 将 words 转换为字节数组
        a = b''.join(struct.pack('>I', word) for word in a_words)
        o = b''.join(struct.pack('>I', word) for word in o_words)
    # 将 Base64 编码的字符串解码
    r = b64decode(e)
    # 使用密钥和初始向量创建 AES 解密器
    cipher = AES.new(a, AES.MODE_CBC, o)
    # 解密数据
    decrypted_data = cipher.decrypt(r)
    # 移除 ZeroPadding 填充字节
    decrypted_data = decrypted_data.rstrip(b'\x00')
    # 转换为字符串并返回
    return decrypted_data.decode('utf-8')
# 示例调用,假设 t 和 n 是密钥和 IV 的字符串形式
e = "blcWLsbHYQ5vv79e30zdQ7cyPC8nLbJ_00hFjKs6FQX16WTWPP4h45Wt4UMqZzTsL0HtHuQT2UVys4UddrDY7M8KrkKNALS2U6xYSW2AZYZjMBBC_VHAdLL2NPSlAj05acoyHKwNcWdIO713Jdb_t70oiLlJw3StwMsJvBdph3beCJSPKy88VuKsyda_itOQD3sqOV5uXpSgOLDc5qh1_URQ8gNHQ22KVHD8i0tawYFk1Zd/thQc9XknHiqmsky3Bk5ahQCgfP2A72s/LNm2H2PmTdfiRw02yZcEx8m5wDRtX9jPXh4dcmjClTsspCEGsXf/oss22JL5Ah3ty4QzInjkP7Wan_ulsZC8JbYzhbUjTUz0PFrTj2MPJmeFoRJDt6x_YqR32AaiMGBQfhkGokp2MJjPTGEPdAhk_9OJH9gI34L7iQO5LQwznxWPLujwtD1avYRyV_mFev4OHhAvaf66g0NwWpnyuYiqRTHE3dxEfFVjZNkhAoo0SDKGR93y3UpxvWdK5JYwzwfMMHOVAQbuhIRIcNs3UAdJvQ5bWnmHfRzmXSgY4v4iArTwWCAGOEqxZqTHOsw4FPqVehvmUg36t8kxZ0iwkqg5OPVkb3YHIC3TggIWWyOfIaFoqJ_0jjCId_UM0wGVcgs0cG6fCD8vBXwtpfMojTNNL3G7yMaiPinllS1Eq6J1Tj1gmw/zKJHF9KAHjygVWuwdFFuCImfHT_Sji_qvys1TudTOgrq_uZ0NG5mOoFYOpkgE2CRZYcGlkVySPmssE2gIaWJitnBYhNbf7CWVgy9nWQhChhp6/C2Up5VT4am3jl5LMy5pwHOKRe3alW96TgVHZCMcixKjhioh7svrK6nLi7vFvBH5QM2Wx9OTD5wkUKu09mjFrmIcvDQkHkLpzcvjZFQSPjAymLjwCtqmfGw/LnEhUCqLti0zN71/tDydU3DCIshAEUXcq3VKUyYzbcxTh6IPrKCPtiGBxfotwVE_ej/tmUzeBwXx31vWebEdI2KX2DZFyrVqzp35y5BYvsZ1lXJ9qAwJHE_o9Q4PaQn49kUufQF/wM/cl7Rg53nmXtc9wFJZVEYUnG8zdRIEsYkpOFMPIyvA53VA/F7YiyLd9q2OM7vSajx1C63kmHWaANsmdBoIjiudim9NfJ7LqniLkPRDP0PtOV8geh1YdzfKBm3b0zYfuaZhyhsyal6eJvLa3j8il5IB/qR9ESi/lyUAXH_2BUADLHSWcZycpwTydu4wwDPplsdPUAFyuuWbBfJ_4xPVWivJkF38cylW99LAHorSN3jhsUKCdSGIzETq/nIH2J/n0Reyo3YhMgppgtaxFEOM1N3s_iCKWCpXw8b2zDfnnJAek3hiehMrtDckFat9RUfHz9EOSOaYdcjLh6HDRchz1pWgYgFTIXHmcsRd6gxA6ffOtYIt698/nBf6K0/POGB6FwqsgQ10NxaLFKWNTcjL6vcVg9fpHV1WXeXzDlYkBKhzpyq1wJ4ffAfuytjizMf6zdFSqsGKJcsThwZsa6FZfBGADFkZseA2tAoAn3jw_ujUAWWaJvtz9iEfGnx1ma3HOt/YGTAanHLuO3GQ1SXutjiuBQUGO7r4fXx5fu74bjKCDOiovId5XFFrFlE2fGYyKrJPy3pSkGlggJL3xQNbIqdkVFZf2_/NF1wtTTA_YBZefVWWPvu5B3uX5ATKqbRn6GVUCPBKP4RiQwQNmLOH0DdjPETnv4bervc_/eNur_IBEmk2Cg2GsxwDk9rDK3jDitkreM0wbb9UnwnokV__kfgCMDNNSuUXHhzgRME6aXfq9ONQTbY8o7dyfd_vqMPzpUy/t_ta28eo_dRjNCk12bp4CApcWZgXRK63iPH7GLFgP8l1l_Zqps/y_O8_MJZTSBPLFEOtwP5VTes8WK36gcWXqT0llfoAEq1PPadpLuLSvRq4Lb2_32bUESGozr0lJRuW1ayk0O82RwPrLWripILqU/ZPMUnYhiSkss0LEe3F8yvn3DRlhnBcvcoUh/dBs4f3el4xIWM_hcejXCU6ZHXF0l8M5D0680yqGDteCdIDpgdTs4z5fG61X4QNJqRy36QhsPkA2rvohTz/PSzud5J0IUyLNdZGEDeMi7CNR8BWyqnzj3UdTZgTnJUposOeIWWEwTKso/mVHYZ6SQxnhD3Hg2thzAYu7ZyN8MnzpiNWBnFhyMxX/hTUcBD6iQbUdazg0q_I9gaHSX7bRmueTp4hqrgo_0FXuX5HvGJIzceHW8Y8SQoICG8Otk4TvYaHRHinWKwcpFphgoi9WodyrLIm8b/SA3/7H06mQmGVwuggXzeZXXdLNjI3F5TUr9AZUnXUgYCs_n7faID5ZYQH4ErvwSvtEeGs_GTLweoigu38jZ4qXPEwpAgJkJA1CUpOkQWR2JxwDmQByQw1KaDpGUX5h3gHYEmMLQf_WQb58uxxHjpNr5Fyg6lC60KbNkkB9l9ERkmdcI/Ysfw/RqxvHAkD6BQ2gntdi6OjdltlAz2cJJEfy8/idTRCNLlUWzLksPgHjFqZds2orzOCZ3tpDORvAEgnWPHzelw8SFOGwIQhHC3NUO255kmsUJzESiN03P9TZB87aLvAMhB5Vy43vlgUiSsdBFEoWcblCeWbyfR24nuN3ks/8tH9Ajw1JSJv7hWlC2Zu2ulz69bZoYLUTc3fQMwiNzX0TcckoQ_e0fwbfU2TNeY0wjeG6qGqPCMTdJPY2nSIzy/HxBpWchZciT1Lv6rVcL0gzzhATnPltF4ljOfHqC8Z4AdNvyhZ/MVySV_mOecD7DvDyaXIifqIfLJZPd8EQc0evDTgwqa7o/Y45gV/Ws0tWLH3KUtGmni7Pob9eLwi4y9qxTP8B8NICM91qfFwH4CsJzGRC0JcOgzfGuJXT94wFEKTQfPrEe29FRw7qV84r6weIIYSYPQVMRaR7jefyTnhIANtxY3tswRV/BIpT1PNaTbYfbkUbXc4YAdUlaQymU86lCnDdtjvzps2bZHZm04EsviIeW263d1wESDrrIV9JDJtqHmS2mseZgQXf49DRicj9/GRLNhSLXU7atTBktXV/2QV_/QARlu3JDnHicw9wcRC09iXOZ9m5kqJIsk/NmkWW2rnvTkprqAgyFTxAMs17rVWdhljuVhdeOL90IWvKLFo4vo4X19B/s9RurABaGSff1sNnUnSbi57H_eu5hzFZQv59Vki1nXXehfxeqceJl9Q3OdOltgO3Dxfajm23o3RPHTgSkEjzD8lsqn8rvIks4DE79dRJ4G2hn1E9jH11CUMFJP_3peWpbJja3YtQ7MNN1EV5/vmW4fpKdb0AOzl7DD7j45ClyYjBS4LyHjHZuJsQmJABT/9kayW4VLhN3dKWh9N0Km6uPErLuCxWXYmbrOZhM4qaKfgOpRXrONLloLxinFLYim/aYFdFZ7_SPNfIoEhvZu6GZaZBZnAEecrqV1kFg4IRRZ/ccUKUmsRNBwdzjpPORqxWQNq15qC8u2968kwvSpIXI2zCChZxfM5_YZKZW8xq_ZjPUS_RTnGyGEwnxAIT2AYTfwmKi4h07eS7HZ9Qh8Bg7rb_B47Nar_qs8W9QKWzIv_xjQkpzpw2khlXr1504pXFNvtJ/DdNsWMEAV/45hrvEeM2BTJWaDSx/5DlFV0EOmhKee6oew3/dqMp691FBce1Z_lvx1LF7cXTsUD9yBYXw2xgVCuK2M7Ls32_VTh3WIwTp3xLHohDAucr7QQ36rlRu9E92uNSZVLoa/Mtx2i9mEYfXhWPfJg0dsuwM7Uw535FljQTge_adYyzttRMpXVwmjxpFn4PuhXdO8Y6ft2KiF09s5kPHTKfu7ArykK95FrGRYd_ppoP_tkq2IueS84aPhFdCz4XU6Uc0P7koT0UWSIRPBT6n1ZbP58desBkGS4nC9H7qJ3uc4rUF/9bWMKRLlsnuP/Qn/988FORJcXjAaMOuvPneLXCuLgq_Wt3lnKkcUB7VF/YT6mSLKBYBZ3VkYEIFs4GbziU8P7od7fXmlW6s6EAa45biDUvZ1yx/VlZGLa0WKWwNabwtXRlcuSWnDmdImMzTiorMpA7/GuFcwR80QPNgD32rZstzUTkmzjOgHUebAFFvrj3xuT6Or8UgN5q8nJGkx1uaImsR7ISNwYDHcMuyhBjeMaMUCThmmmlWq/BTWCSB8Xq2dgDDaXv1vCQXLmhhm9cf4d8dNuKcTNTiYDCAUIq2Txt0jCmHSiHAgmcRTOnSETMBJghw0Lb0Y7pnmvTJXtImr8i0tOS2AM/vTzy_DCySemmVllZsNIzEdcw8qNElLxyK7Opa2H3/HsnsjlNamOug2keC4/SSESbj1fQ3FJ3WajlQ428aZNxmbQMntvyq_a_kJtO4cS5MpXrQC/Ec9LKNW_6KUusqyCiDXs2JDlGSteYUBVh9kLkaJ5PthvwRAprmmOfAZ98LD_F7sJoxmHBtLs2Gn38mhfs3Ow1zQQ71H87Y6_mLXh4MUO3IBFH3bw1d8owKZm9NmrJxkRarGJfLhm1zcRxoQFGhl27ElcY3i_tkx0ohuv4vcl9a7zPlD3BFVUMl62CGqQQTQG9FHv/RxMRG71JkuhEJ2LoBbT0p2Js/ICN85/9ttYn/39wrZs/M9HSGRLKcHbsG65ScUR66sbcEjP/2dFWifvwko9Cx/S8GwYCqwSZKtljHjt_g6PSxa_8z7unG/XejmzA5v7KSOmZgaEMAWSAUdATzp9mzY8/Gz5lZ8BzATe6F2uk2HWLTJ7Ri8rtz9E/1lEW_db98D8356xUBbbS9HTZFrU5KxRcqLrkVC0aHXArlCpmhgD6qZ4YhEoF4sjy4YnY_hH4Uz_Jnc0hqyxha42wBJ0ZBzx0SFhPfhCFeyMEnlq2wXyHVX4EHj1fsGvsdxVOSjca8yL6mT3TDs2Du1iRQLGatfobYWQhg69DHQp9wz8xl9LzMycgbM="
t = None
n = None
result = decrypt_aes(e)
print(result)


image.png (387.78 KB, 下载次数: 0)
下载附件
2024-8-17 15:17 上传

下载次数, 下载附件

threettiger
OP
  


baliao 发表于 2024-8-18 12:05
感谢大佬分享, 大佬能否指导下,这个怎么分析, 谢谢!
https://www.52pojie.cn/forum.php?mod=viewthread&ti ...

我也不是大佬,这些问题,多问问搜索引擎和chatgpt吧,
把下面大佬的爬虫搞明白了,你的答案就清楚了。
https://github.com/NanmiCoder/MediaCrawler
baliao   

感谢大佬分享, 大佬能否指导下,这个怎么分析, 谢谢!
https://www.52pojie.cn/forum.php?mod=viewthread&tid=1953911&page=1#pid51064664
dork   

可以举一反三
asdasxzca   

牛逼 啥网站啊
静似晨荷   

这个是查什么数据?
baishuihao   

接入后能看到什么
OMIZ11   

然而 还是没啥作用啊,保险要给还是得给
三滑稽甲苯   

思路很清晰,值得学习
Bob5230   

谢谢分享!
您需要登录后才可以回帖 登录 | 立即注册

返回顶部