淘宝千牛店铺保证金页面sign参数JS算法解密过程
1.访问保证金详细列表,观察地址,包含jsv比较特殊,F12后,搜索jsv
Request URL: https://acs.m.taobao.com/h5/mtop.alibaba.jibu.bill.get/1.0/?jsv=2.7.0&appKey=32484673&t=1663944403364&sign=8f399904b8f3829f095e1be1a0850997&api=mtop.alibaba.jibu.bill.get&ecode=1&type=originaljson&timeout=20000&v=1.0&dataType=json&data=%7B%22pageSize%22%3A20%2C%22pageNum%22%3A2%2C%22startTime%22%3A%222022-09-01%2000%3A00%3A00%22%2C%22endTime%22%3A%222022-09-23%2023%3A59%3A59%22%2C%22detailTypeCode%22%3A%22allBill%22%2C%22sceneCodeType%22%3A1%2C%22bizCode%22%3A%22taobao.jibu%22%7D
2.打开sign所在位置
3.分析代码,有16万行。根据看视频获取的有限信息,决定扣JS代码。
4.找到sign所在的函数,全部放在调试器中。修改一下函数名,去掉后面的自动运行参数。
5.sign参数JS算法代码
function jm(e) { function t(e, t) { return e << t | e >>> 32 - t } function n(e, t) { var n, r, o, a, i; return o = 2147483648 & e, a = 2147483648 & t, i = (1073741823 & e) + (1073741823 & t), (n = 1073741824 & e) & (r = 1073741824 & t) ? 2147483648 ^ i ^ o ^ a : n | r ? 1073741824 & i ? 3221225472 ^ i ^ o ^ a : 1073741824 ^ i ^ o ^ a : i ^ o ^ a } function r(e, r, o, a, i, l, s) { return e = n(e, n(n(function(e, t, n) { return e & t | ~e & n }(r, o, a), i), s)), n(t(e, l), r) } function o(e, r, o, a, i, l, s) { return e = n(e, n(n(function(e, t, n) { return e & n | t & ~n }(r, o, a), i), s)), n(t(e, l), r) } function a(e, r, o, a, i, l, s) { return e = n(e, n(n(function(e, t, n) { return e ^ t ^ n }(r, o, a), i), s)), n(t(e, l), r) } function i(e, r, o, a, i, l, s) { return e = n(e, n(n(function(e, t, n) { return t ^ (e | ~n) }(r, o, a), i), s)), n(t(e, l), r) } function l(e) { var t, n = "", r = ""; for (t = 0; 3 >= t; t++) n += (r = "0" + (e >>> 8 * t & 255).toString(16)).substr(r.length - 2, 2); return n } var s, u, c, d, f, p, h, m, v, y; for (y = function(e) { for (var t, n = e.length, r = n + 8, o = 16 * ((r - r % 64) / 64 + 1), a = new Array(o - 1), i = 0, l = 0; n > l; ) i = l % 4 * 8, a[t = (l - l % 4) / 4] = a[t] | e.charCodeAt(l) << i, l++; return i = l % 4 * 8, a[t = (l - l % 4) / 4] = a[t] | 128 << i, a[o - 2] = n << 3, a[o - 1] = n >>> 29, a }(e = function(e) { e = e.replace(/\r\n/g, "\n"); for (var t = "", n = 0; n < e.length; n++) { var r = e.charCodeAt(n); 128 > r ? t += String.fromCharCode(r) : r > 127 && 2048 > r ? (t += String.fromCharCode(r >> 6 | 192), t += String.fromCharCode(63 & r | 128)) : (t += String.fromCharCode(r >> 12 | 224), t += String.fromCharCode(r >> 6 & 63 | 128), t += String.fromCharCode(63 & r | 128)) } return t }(e)), p = 1732584193, h = 4023233417, m = 2562383102, v = 271733878, s = 0; s < y.length; s += 16) u = p, c = h, d = m, f = v, p = r(p, h, m, v, y[s + 0], 7, 3614090360), v = r(v, p, h, m, y[s + 1], 12, 3905402710), m = r(m, v, p, h, y[s + 2], 17, 606105819), h = r(h, m, v, p, y[s + 3], 22, 3250441966), p = r(p, h, m, v, y[s + 4], 7, 4118548399), v = r(v, p, h, m, y[s + 5], 12, 1200080426), m = r(m, v, p, h, y[s + 6], 17, 2821735955), h = r(h, m, v, p, y[s + 7], 22, 4249261313), p = r(p, h, m, v, y[s + 8], 7, 1770035416), v = r(v, p, h, m, y[s + 9], 12, 2336552879), m = r(m, v, p, h, y[s + 10], 17, 4294925233), h = r(h, m, v, p, y[s + 11], 22, 2304563134), p = r(p, h, m, v, y[s + 12], 7, 1804603682), v = r(v, p, h, m, y[s + 13], 12, 4254626195), m = r(m, v, p, h, y[s + 14], 17, 2792965006), p = o(p, h = r(h, m, v, p, y[s + 15], 22, 1236535329), m, v, y[s + 1], 5, 4129170786), v = o(v, p, h, m, y[s + 6], 9, 3225465664), m = o(m, v, p, h, y[s + 11], 14, 643717713), h = o(h, m, v, p, y[s + 0], 20, 3921069994), p = o(p, h, m, v, y[s + 5], 5, 3593408605), v = o(v, p, h, m, y[s + 10], 9, 38016083), m = o(m, v, p, h, y[s + 15], 14, 3634488961), h = o(h, m, v, p, y[s + 4], 20, 3889429448), p = o(p, h, m, v, y[s + 9], 5, 568446438), v = o(v, p, h, m, y[s + 14], 9, 3275163606), m = o(m, v, p, h, y[s + 3], 14, 4107603335), h = o(h, m, v, p, y[s + 8], 20, 1163531501), p = o(p, h, m, v, y[s + 13], 5, 2850285829), v = o(v, p, h, m, y[s + 2], 9, 4243563512), m = o(m, v, p, h, y[s + 7], 14, 1735328473), p = a(p, h = o(h, m, v, p, y[s + 12], 20, 2368359562), m, v, y[s + 5], 4, 4294588738), v = a(v, p, h, m, y[s + 8], 11, 2272392833), m = a(m, v, p, h, y[s + 11], 16, 1839030562), h = a(h, m, v, p, y[s + 14], 23, 4259657740), p = a(p, h, m, v, y[s + 1], 4, 2763975236), v = a(v, p, h, m, y[s + 4], 11, 1272893353), m = a(m, v, p, h, y[s + 7], 16, 4139469664), h = a(h, m, v, p, y[s + 10], 23, 3200236656), p = a(p, h, m, v, y[s + 13], 4, 681279174), v = a(v, p, h, m, y[s + 0], 11, 3936430074), m = a(m, v, p, h, y[s + 3], 16, 3572445317), h = a(h, m, v, p, y[s + 6], 23, 76029189), p = a(p, h, m, v, y[s + 9], 4, 3654602809), v = a(v, p, h, m, y[s + 12], 11, 3873151461), m = a(m, v, p, h, y[s + 15], 16, 530742520), p = i(p, h = a(h, m, v, p, y[s + 2], 23, 3299628645), m, v, y[s + 0], 6, 4096336452), v = i(v, p, h, m, y[s + 7], 10, 1126891415), m = i(m, v, p, h, y[s + 14], 15, 2878612391), h = i(h, m, v, p, y[s + 5], 21, 4237533241), p = i(p, h, m, v, y[s + 12], 6, 1700485571), v = i(v, p, h, m, y[s + 3], 10, 2399980690), m = i(m, v, p, h, y[s + 10], 15, 4293915773), h = i(h, m, v, p, y[s + 1], 21, 2240044497), p = i(p, h, m, v, y[s + 8], 6, 1873313359), v = i(v, p, h, m, y[s + 15], 10, 4264355552), m = i(m, v, p, h, y[s + 6], 15, 2734768916), h = i(h, m, v, p, y[s + 13], 21, 1309151649), p = i(p, h, m, v, y[s + 4], 6, 4149444226), v = i(v, p, h, m, y[s + 11], 10, 3174756917), m = i(m, v, p, h, y[s + 2], 15, 718787259), h = i(h, m, v, p, y[s + 9], 21, 3951481745), p = n(p, u), h = n(h, c), m = n(m, d), v = n(v, f); return (l(p) + l(h) + l(m) + l(v)).toLowerCase() }
6.竟然可以直接运行,运气也太好了。看来淘宝的程序员是非常正常的,哈哈。
7.根据这个参数,组合测试的数据,直接测试成功。
r.token + "&" + s + "&" + l + "&" + n.data
浙公网安备 33010602011771号