车机app签到接口抓到了但是参数加密了

查看 41|回复 2
作者:幕后胸手   
长安的引力域签到接口接口抓到了,但是参数是加密的,不知道下一步应该怎么办了,请大佬指点一下小弟
[Asm] 纯文本查看 复制代码POST /user/signIn HTTP/2
host: api.uni.changan.com.cn
appversion: 2.0.0
os: Android
loginchannel: 3004
sign: 478153C58EC77F41BDD614957FDA1261
operatorname: not found
networkstate: WIFI
token: user:token:app:7503231:uni-52b8fe4d2721516364eb19dde72d31c8
osversion: 9
fingerprint:
x-tenant-app: ca-boot-ui-yunli-app
seccode: GyrSp/n34LpOfU8mghvxLrlvbOsymVcLWA0AqU6IlAtGPzFnm+YZhA6VUYFrdAzpnFCQcqgPYd3DPl3pU/J+BQscR01TIoQ5MAAuT57OuAT8OCtxBo/T8R+5YOEGcSfTW4vVGNcDViP0M5F304gPZrJTzV0zm9L/Q/0M0vwR2fuhh+bpbfb2tKHNu8gznvShgVoZXlSMknSplrVgGToy/bVmUdB2aLcPdHHQ1IqKa9xUTBe/i9dNMFlG0ZPnaxGy1YNXSClYtcwmsUEZUwq772DkiFCW6Mn+XjP8wvAYbsI+JZQ0bSgYW4KePZCYMSCXF5h53M3i+clM+s3Mf5TWOA==
model: NX709S
brand: ipad
timestamp: 1730702742663
codelab: codelabs
body:
content-type: application/json
content-length: 40
accept-encoding: gzip
user-agent: okhttp/4.10.0
{"paramEncr":"ylvaSHO9EGrY+wdDz1nJyw=="}

接口, 参数

次谐波   

接下来需要逆向了,jadui 查看app 源码,看签名生成方法。不过这这种的大概率在so层,需要unidbg调用,不行的话只能xposed rpc调用。
tantanxin147   

app不会弄,曲线了一下,这是引力域小程序的签到,你试试和app的是不是一样的。[Python] 纯文本查看 复制代码import random
import time
import hashlib
from Crypto.Cipher import AES
from Crypto.Util.Padding import pad
from base64 import b64encode
from Crypto.PublicKey import RSA
from Crypto.Cipher import PKCS1_v1_5
import json
import requests
#生成16位随机字符串作为AES密钥
def generate_random_key(length=16):
    chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
    return ''.join(random.choice(chars) for _ in range(length))
#AES加密,key和iv
def aes_encrypt(text, key):
    key_bytes = key.encode('utf-8')
    iv = key_bytes[:16]  # 使用密钥前16位作为IV,其实和key是一样的
    cipher = AES.new(key_bytes, AES.MODE_CBC, iv)
    padded_data = pad(text.encode('utf-8'), AES.block_size)
    encrypted = cipher.encrypt(padded_data)
    return b64encode(encrypted).decode('utf-8')
#RSA加密key生成codeEncryptedStr
def rsa_encrypt(text):
    public_key = """-----BEGIN PUBLIC KEY-----
    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCd0x5KWJKH+99QIvadRgvaYxD1
    HXxwvy/v7H0AYLu/CCaKGGZERtNJiar8d2LcYeeD5FQ+/9bwX5pNnxefwMQgLHyt
    xpGsKO/pIjrSytZX1bvNA6WIWbGH/an//md/cBXOQvq1hrNsKfwdZWIOgIj1N5MY
    cc7cLPLJToq2XqpP9QIDAQAB
    -----END PUBLIC KEY-----"""
   
    rsa_key = RSA.importKey(public_key)
    cipher = PKCS1_v1_5.new(rsa_key)
    encrypted = cipher.encrypt(text.encode('utf-8'))
    return b64encode(encrypted).decode('utf-8')
#生成sign,MD5加密paramEncryptedStr参数 + 时间戳 + 固定字符串并转大写
def generate_sign(param_str, timestamp):
    sign_str = f"{param_str}{timestamp}hyzh-unistar-5KWJKH291IvadR"
    return hashlib.md5(sign_str.encode('utf-8')).hexdigest().upper()
def generate_request_params(body):
    random_key = generate_random_key(16)
    timestamp = int(time.time() * 1000)
   
    param_encrypted_str = aes_encrypt(body, random_key)
    code_encrypted_str = rsa_encrypt(random_key)
    sign = generate_sign(json.dumps({"paramEncryptedStr": param_encrypted_str}), timestamp)
   
    print("\n=== 生成的参数 ===")
    print(f"时间戳: {timestamp}")
    print(f"paramEncryptedStr: {param_encrypted_str}")
    print(f"codeEncryptedStr: {code_encrypted_str}")  
    print(f"sign: {sign}")
    print(f"随机key和iv: {random_key}")
    print("=================\n")
   
    return {
        "timestamp": timestamp,
        "paramEncryptedStr": param_encrypted_str,
        "codeEncryptedStr": code_encrypted_str,
        "sign": sign
    }
def send_request():
    body = "{}"
    params = generate_request_params(body)
   
    headers = {
        "Content-Type": "application/json",
        "timestamp": str(params["timestamp"]),
        "codeEncryptedStr": params["codeEncryptedStr"],
        "sign": params["sign"],
        "token": "", # 替换成你的token
        "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 MicroMessenger/7.0.20.1781(0x6700143B) NetType/WIFI MiniProgramEnv/Windows WindowsWechat/WMPF WindowsWechat(0x63090a13) XWEB/8555"
    }
   
    data = {
        "paramEncryptedStr": params["paramEncryptedStr"]
    }
   
    try:
        response = requests.post(
            "https://wxapi.uni.changan.com.cn/user/signIn",
            headers=headers,
            json=data
        )
        print("\n=== 请求结果 ===")
        print(f"状态码: {response.status_code}")
        print(f"响应内容: {response.text}")
        print("=================\n")
        return response
        
    except Exception as e:
        print(f"请求发生错误: {str(e)}")
        return None
if __name__ == "__main__":
    response = send_request()
[i]
您需要登录后才可以回帖 登录 | 立即注册

返回顶部