1.目标
切换周榜出现目标请求
只有请求头fm-sign签名加密
2.逆向分析
直接搜fm-sign
可以看到 i["fm-sign"] = A
进入encryptParams方法
里面有个S()方法加密,是MD5加密
3.代码示例
js代码示例
javascript
const crypto = require('crypto')
function MD5Encrypt(e) {
return crypto.createHash("md5").update(e.toString()).digest("hex")
}
function encryptParams(e) {
this.salt = "LAA6edGHBkcc3eTiOIRfg89bu9ODA6PB"
let t = arguments.length > 1 && void 0 !== arguments[1] ? arguments[1] : ""
, o = Object.keys(e).sort()
, n = "";
o.forEach(t => {
n += t + e[t] + this.salt
}
);
let r = MD5Encrypt(n + t)
, a = ""
, i = 0
, s = r.length - 1;
for (; i < r.length && !(i >= s); i++,
s--)
a += (parseInt(r[i], 16) ^ parseInt(r[s], 16)).toString(16);
return a + r.substring(i)
}
let S = {
_time: Math.floor(Date.now() / 1e3),
cnonce: Math.floor(1e7 + 9e7 * Math.random())
}
, r = {
"time": 1748321467,
"system": "windows",
"platform": 1,
"id": 206,
"type": 1,
"ext": {
"uri": "https://www.fastmoss.com/zh/e-commerce/newProducts",
"_src": null
}
} ,
d = JSON.stringify(r),
A = encryptParams({...S}, d);
console.log(A)python代码示例
python
import hashlib
import json
import random
import time
# MD5 加密
def md5_encrypt(data):
return hashlib.md5(str(data).encode('utf-8')).hexdigest()
# 加密函数 encryptParams
def encrypt_params(e, t=""):
salt = "LAA6edGHBkcc3eTiOIRfg89bu9ODA6PB"
# 排序后的 key 列表
keys = sorted(e.keys())
n = ""
for key in keys:
n += f"{key}{e[key]}{salt}"
r = md5_encrypt(n + t)
a = ""
i = 0
s = len(r) - 1
while i < len(r) and i < s:
# 将十六进制字符转为整数,异或后再转回十六进制
char_i = r[i]
char_s = r[s]
xor_result = int(char_i, 16) ^ int(char_s, 16)
a += format(xor_result, 'x') # 转为十六进制字符
i += 1
s -= 1
a += r[i:]
return a
S = {
'_time': int(time.time()),
'cnonce': random.randint(1e7, 1e8)
}
r = {
"time": 1748321467,
"system": "windows",
"platform": 1,
"id": 206,
"type": 1,
"ext": {
"uri": "https://www.fastmoss.com/zh/e-commerce/newProducts",
"_src": None
}
}
d = json.dumps(r, separators=(',', ':'))
A = encrypt_params(S, d)
print(A)请求不要sign也是可以的