nodejs最新电商jd m端h5st 4.2签名算法4.2版本逆向,jd API接口,jd商品数据采集

前言:

jd m端使用最新的h5st 4.2签名算法,与h5st 4.1版本有很大的不同。在这儿分析一下,供大家参考。

一、目标地址(Base64解码)

javascript 复制代码
aHR0cHM6Ly9zby5tLmpkLmNvbS93YXJlL3NlYXJjaC5hY3Rpb24/a2V5d29yZD0lRTklOTklQTQlRTYlQjklQkYlRTYlOUMlQkEmc2VhcmNoRnJvbT1ob21lJnNmPTE1JmFzPTA=

逆向发现,是h5st 4.2版本的签名算法,比之前h5st 4.1版本的逆向难度大大提高,算法里面混淆了window,JD等环境变量,难于分离。

二、body参数的加密逆向(Base64解码):

1、评论接口(Base64解码):

javascript 复制代码
aHR0cHM6Ly9hcGkubS5qZC5jb20vd2FyZS9jb21tZW50L2dldENvbW1lbnRMaXN0P2xvZ2luVHlwZT0yJmFwcGlkPW1fY29yZSZ1dWlkPTQ4NzA4MTI3NTkxNzY2NzAxJmZ1bmN0aW9uSWQ9Y29tbWVudF9nZXRDb21tZW50TGlzdCZ4LWFwaS1laWQtdG9rZW49amRkMDNYS05CM0M1NENJMlk2SEJUM0VPWUE1SllZM05HU1lCQzRBQ1FSRVE0WjNPVEdFU09XSFVPSk5JMkRBTUFNQk1HNk42WllBQkZPQUVTT0FaR042Qk9aQkROVElBQUFBTU1DUzVWQzdJQUFBQUFEWVg3REVYUFkzN1ZaTVgmanNvbnA9c2t1SkRFdmFsJmg1c3Q9MjAyMzExMjgxNTE3NTc5NDYlM0JpdzMzdDMzYWdwOW16dDMxJTNCZTQyNTYlM0J0azAyd2FhYzMxYjc3NDFsTXlzemVETXJNak16NGVnREU4SDlwVWN4M2daRi14THdyMm9PRUNYNGNkOE80cnFIX0gxdjFFNTVKc3JiRmtoVFIxcjlJMzFEMmtmXyUzQjZhMWU2YzIwZWRiYWFlOTExMTcxMDUzYjM1MTA1YTA4MDBlYTE0MjViODAyYzY4ZDA2ZGYyNjZhMDE4Y2NlNGMlM0I0LjIlM0IxNzAxMTU1ODc3OTQ2JTNCMGFlZWZhZjUyYzVhN2ZhMzFhMWFkNWUwNmM4NTUxZmRhODVhZDVmNDUzNmU3ZTRhYTYzOWMyN2M3NDJjYjAzNWJjNDA0ZTA0MmRhNzFhNmZhYTg1MzY4Mjk0MTIxYzk5ODBkNTVhZWMyZjY5ZDcxMjJjMDcxZDljMDdmYTAyNzc4ZGE3MzY3NDZiNTRlNTQ1Y2I5NzE1NGYwNzk2NjA0ZDZjOGRjYTY3NThhOTYwMmM0MzkyMThhNDYyNTM0NTllNzYzYjJhY2MyZjlkZWUyZmNkYTQ5YzhmYTg0NTBhNTUzMmMwMDhkYjE2YTY0OGRkOTE2ZmNjMDkyMjc1MTFjYmU0NjM2ZDU0MTZlY2NlZGJmOTVmYzFkOGZkZGE3MDRkMmI5OGFmNjg5YmQ1MjYwOTJiN2E2MTM3NDU1NzZjYzc4YTcyZTI5MDc2Mzg3Mzk1OThjMGJlNDE2NWI3YTFiYjM1ZDg4YzlhZmNlYzUyZWU0ZTc0NTRmZGQ2MDE4YTEwMGJiOTU0ZmJmZDAyMmE4NDFmZDViZTZmZDNhMzcwMDJmMjViZmVjNmRkMGJmZDMwNzc5YmY2YTk0YzAwYjkyNDhhMmU0Zjk1ODY2MmNlYTQ2MGMxNmQyNWVhNDFlNGE0NTIxMGJmNzg2Mjk1MTY2MTk5NjIzMjY5ZjEyODgyNjc4NGU4MTI3NTlkMDg3ZDQ4ZmMxYjhjYjk4NDFhY2U5MSZib2R5PXslMjJleHRlcm5hbExvZ2luVHlwZSUyMjoxLCUyMmNhbGxiYWNrJTIyOiUyMnNrdUpERXZhbCUyMiwlMjJ2ZXJzaW9uJTIyOiUyMnYyJTIyLCUyMnBhZ2VzaXplJTIyOiUyMjEwJTIyLCUyMnNjZW5ldmFsJTIyOiUyMjIlMjIsJTIyc2NvcmUlMjI6JTIyMCUyMiwlMjJza3UlMjI6JTIyMTI4MjI3MiUyMiwlMjJzb3J0dHlwZSUyMjolMjI1JTIyLCUyMnBhZ2UlMjI6JTIyMSUyMiwlMjJ0JTIyOiUyMjAuNDU4MzEyNDczMTM0NDQzNDUlMjJ9JmFwcENvZGU9bXMwY2E5NTExNAo=

2、参数h5st:

h5st=20231128151757946%3Biw33t33agp9mzt31%3Be4256%3Btk02waac31b7741lMyszeDMrMjMz4egDE8H9pUcx3gZF-xLwr2oOECX4cd8O4rqH_H1v1E55JsrbFkhTR1r9I31D2kf_%3B6a1e6c20edbaae911171053b35105a0800ea1425b802c68d06df266a018cce4c%3B4.2%3B1701155877946%3B0aeefaf52c5a7fa31a1ad5e06c8551fda85ad5f4536e7e4aa639c27c742cb035bc404e042da71a6faa85368294121c9980d55aec2f69d7122c071d9c07fa02778da736746b54e545cb97154f0796604d6c8dca6758a9602c439218a46253459e763b2acc2f9dee2fcda49c8fa8450a5532c008db16a648dd916fcc09227511cbe4636d5416eccedbf95fc1d8fdda704d2b98af689bd526092b7a613745576cc78a72e2907638739598c0be4165b7a1bb35d88c9afcec52ee4e7454fdd6018a100bb954fbfd022a841fd5be6fd3a37002f25bfec6dd0bfd30779bf6a94c00b9248a2e4f958662cea460c16d25ea41e4a45210bf786295166199623269f128826784e812759d087d48fc1b8cb9841ace91

可以看到版本号为:4.2

3、body参数:

body参数解码为:

javascript 复制代码
{"externalLoginType":1,"callback":"skuJDEval","version":"v2","pagesize":"10","sceneval":"2","score":"0","sku":"1282272","sorttype":"5","page":"1","t":"0.45831247313444345"}

4、body参数的加密位置与h5st 4.1版本基本相同,加密代码如下:

javascript 复制代码
function sha256_digest(e) {
            var t = 8
              , r = 0;
            function n(e, t) {
                var r = (65535 & e) + (65535 & t);
                return (e >> 16) + (t >> 16) + (r >> 16) << 16 | 65535 & r
            }
            function o(e, t) {
                return e >>> t | e << 32 - t
            }
            function i(e, t) {
                return e >>> t
            }
            function a(e, t, r) {
                return e & t ^ ~e & r
            }
            function s(e, t, r) {
                return e & t ^ e & r ^ t & r
            }
            function c(e) {
                return o(e, 2) ^ o(e, 13) ^ o(e, 22)
            }
            function l(e) {
                return o(e, 6) ^ o(e, 11) ^ o(e, 25)
            }
            function u(e) {
                return o(e, 7) ^ o(e, 18) ^ i(e, 3)
            }
            function d(e) {
                return o(e, 17) ^ o(e, 19) ^ i(e, 10)
            }
            return function(e) {
                for (var t = r ? "0123456789ABCDEF" : "0123456789abcdef", n = "", o = 0; o < 4 * e.length; o++)
                    n += t.charAt(e[o >> 2] >> 8 * (3 - o % 4) + 4 & 15) + t.charAt(e[o >> 2] >> 8 * (3 - o % 4) & 15);
                return n
            }(function(e, t) {
                var r, o, i, f, p, h, v, m, g, y, _ = new Array(1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298), w = new Array(1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225), b = new Array(64);
                e[t >> 5] |= 128 << 24 - t % 32,
                e[15 + (t + 64 >> 9 << 4)] = t;
                for (var x = 0; x < e.length; x += 16) {
                    r = w[0],
                    o = w[1],
                    i = w[2],
                    f = w[3],
                    p = w[4],
                    h = w[5],
                    v = w[6],
                    m = w[7];
                    for (var k = 0; k < 64; k++)
                        b[k] = k < 16 ? e[k + x] : n(n(n(d(b[k - 2]), b[k - 7]), u(b[k - 15])), b[k - 16]),
                        g = n(n(n(n(m, l(p)), a(p, h, v)), _[k]), b[k]),
                        y = n(c(r), s(r, o, i)),
                        m = v,
                        v = h,
                        h = p,
                        p = n(f, g),
                        f = i,
                        i = o,
                        o = r,
                        r = n(g, y);
                    w[0] = n(r, w[0]),
                    w[1] = n(o, w[1]),
                    w[2] = n(i, w[2]),
                    w[3] = n(f, w[3]),
                    w[4] = n(p, w[4]),
                    w[5] = n(h, w[5]),
                    w[6] = n(v, w[6]),
                    w[7] = n(m, w[7])
                }
                return w
            }(function(e) {
                for (var r = Array(), n = (1 << t) - 1, o = 0; o < e.length * t; o += t)
                    r[o >> 5] |= (e.charCodeAt(o / t) & n) << 24 - o % 32;
                return r
            }(e = function(e) {
                e = e.replace(/\r\n/g, "\n");
                for (var t = "", r = 0; r < e.length; r++) {
                    var n = e.charCodeAt(r);
                    n < 128 ? t += String.fromCharCode(n) : n > 127 && n < 2048 ? (t += String.fromCharCode(n >> 6 | 192),
                    t += String.fromCharCode(63 & n | 128)) : (t += String.fromCharCode(n >> 12 | 224),
                    t += String.fromCharCode(n >> 6 & 63 | 128),
                    t += String.fromCharCode(63 & n | 128))
                }
                return t
            }(e)), e.length * t))
        }


function O(e) {
        var  n = {};

        var o = void 0;
        try {
            o = sha256_digest(e.body).toString()
        } catch (e) {
            console.log(e)
        }
        return n.body = o,
        n
    }

经验证,与浏览器返回的结果一致。

三、h5st 4.2逆向

1、全局搜索h5st字符串,找到h5st位置如下:

(图1 h5st位置)

2、经过一番单步调试跟踪,最终逆向出h5st 4.2源码,部分代码如下:

javascript 复制代码
var o='95cb3'
var r={
    "functionId": "te_m_searchWareComment",
    "appid": "jd-cphdeveloper-m",
    "body": "4663b8a26f440c134fbb4445ebddb2df4c981a5ad56443a3014e73f09070f33d"
}
var t=
{
    "functionId": "te_m_searchWareComment",
    "appid": "jd-cphdeveloper-m",
    "body": "4663b8a26f440c134fbb4445ebddb2df4c981a5ad56443a3014e73f09070f33d",
    "_stk": "appid,body,functionId",
    "_ste": 1,
    "h5st": "20231107170525941;p93wttizgm993334;95cb3;tk03wa21f1c2218nAJHZh2GrX7JgxkMuU3khCJOUxXTX2l-JXupACRTvMdoPH3OuVXgocCHLarlNL64g2oHmopf-UrZ2;39cc132f90bdd6e98e6e69c08ab3d0654290564292a985812bf95a42efd9bf20;4.2;1699347925941;0aeefaf52c5a7fa31a1ad5e06c8551fda85ad5f4536e7e4aa639c27c742cb035bc404e042da71a6faa85368294121c9980d55aec2f69d7122c071d9c07fa02778da736746b54e545cb97154f0796604d6c8dca6758a9602c439218a46253459e763b2acc2f9dee2fcda49c8fa8450a5532c008db16a648dd916fcc09227511cbe4636d5416eccedbf95fc1d8fdda704d2b98af689bd526092b7a613745576cc79acb2f870cb9875b4228766f18671197b784ca2933493b06da50f28ff6d591e785cc4d4dd084c226f2d26e157fdff20bc011a5a81400ab87eae7ec2ca90e47ba9db6f8e9236e768d07c6b30fb81590e5b195e026dd7fe9610dce0d317a67fcce"
}

               var a= new h.default(function(e, t) {
                    var r = O(s);
                    D[o].sign(r).then(function(t) {
                        return s.h5st = encodeURI(t.h5st || ""),
                        e(s)
                    })
                }
//技术支持:v+:byc6352
//.....................................................篇幅太长,难于显示...................................
                return function(e) {
                    var t = {
                        _0x5d064b: 229,
                        _0x9dfbcc: 216
                    };
                    return o[function(e, n, o, i) {
                        return r(t._0x5d064b, n - -876, i)
                    }(0, 521, 0, 619)](this, arguments)
                }
//.....................................................篇幅太长,难于显示...................................

3、nodejs中调试成功请求到数据:

(h5st 4.2 nodejs中调试成功请求到数据)

四、h5st4.2在cmd命令行成功请求到接口数据

(图3 h5st 4.2 在cmd命令行成功请求到接口数据)

大功告成!!!

相关推荐
qingyunliushuiyu2 个月前
企业如何使用数据分析管理系统
数据分析·数据采集·bi·数据分析系统·数据分析管理系统
亿牛云爬虫专家2 个月前
优化数据的抓取规则:减少无效请求
python·数据采集·多线程·爬虫代理·数据抓取·代理ip·房价
亿牛云爬虫专家2 个月前
如何通过subprocess在数据采集中执行外部命令 —以微博为例
爬虫·python·数据采集·多线程·代理ip·subprocess·微博
程序者王大川2 个月前
【物联网】时序数据库InfluxDB解析及1.x版本与2.x版本区别详解
java·数据库·物联网·数据采集·时序数据库·数据·工业互联网平台
康谋自动驾驶2 个月前
康谋分享 | 汽车仿真与AI的结合应用
自动驾驶·汽车·数据采集·ad·仿真
亿牛云爬虫专家2 个月前
WebDriver与Chrome DevTools Protocol:如何在浏览器自动化中提升效率
爬虫·自动化·数据采集·chrome devtools·爬虫代理·webdriver·代理ip
亿牛云爬虫专家3 个月前
HttpClient在ASP.NET Core中的最佳实践:实现高效的HTTP请求
后端·http·asp.net·数据采集·爬虫代理·httpclient·代理ip
東方神山3 个月前
【NI-DAQmx入门】LabVIEW数据采集基础应用程序框架
数据采集·labview·状态机·ni-daqmx
CharonXA3 个月前
用Python实现亚马逊Amazon高性能爬虫采集销量信息
开发语言·爬虫·python·网络爬虫·数据采集·亚马逊爬虫工具·亚马逊数据抓取
爱桥代码的程序媛3 个月前
鸿蒙媒体开发【相机数据采集保存】音频和视频
数码相机·音视频·数据采集·harmonyos·鸿蒙·媒体·鸿蒙开发