2 某联合伙人安卓登录逆向

勇哥的ID
57 阅读1分钟

image.png

温馨提示:

我们一般在做这类app逆向的之前,最好熟悉一下常用密码的md5,base64等加密后的字符串的样子 以123456为例

md5

e10adc3949ba59abbe56e057f20f883e

base64

MTIzNDU2

笔记

1 安装apk
2 抓包

    手机:
        user:18322221324
        pwd:123456
    charles参数:
        url: https://chinayltx.com/app/api/v1/partnerLogin/login
        method: post
        formdata: phone=18322221324&password=e10adc3949ba59abbe56e057f20f883e
        headeas: X-Sign:c410aa567cf93ba7f8ee7077aeabdae3

我们需要关注的地方
1 formdata中的password的生成
    package com.yltx.oil.partner.modules.login.presenter;
    ...
    // line 72
    public void submitLogin(String str, String str2) {
        this.mLoginUseCase.setName(str);
        this.mLoginUseCase.setPwd(Md5.md5(str2));
        this.mLoginUseCase.execute(new LoginSubscriber(this.view));
    }

    ...
    我们看到pwd是有str2md5加密之后生成的

    用python实现就是





2 请求头里面的X-Sign的生成

    private String sign(String str) {
        return Md5.md5(this.token + this.reqTime + this.noncestr.substring(2) + str).toLowerCase();
    }

    this.token = ""
    this.reqTime = int(time.time()*1000)
    this.noncestr.substring(2) = "3456"
    str = "phone=18322221324&password=e10adc3949ba59abbe56e057f20f883e"  // formdata

python实现

import hashlib
import time

import requests
from loguru import logger

def encrypt_md5(data):
    h = hashlib.md5()
    h.update(data.encode("utf-8"))
    res = h.hexdigest()
    return res

def parse_params(phone,encrypt_pwd):
    print(phone,encrypt_pwd)
    logger.info("生成x-sign前{"phone":%s,"encrypt_pwd":%s}"%(phone,encrypt_pwd))
    token = ""
    reqTime = str(int(time.time() * 1000))
    noncestr = "3456"
    _str = "phone={}&password={}".format(phone,encrypt_pwd)
    will_encrypt_data = token+reqTime+noncestr+_str
    logger.info("请求头和formdata拼接结果"+will_encrypt_data)
    res = encrypt_md5(will_encrypt_data)
    logger.info("X-Sign生成结果"+res)
    return res,reqTime

def login_request(phone,encrypt_pwd,x_sign,reqTime):
    headers = {
        "X-App": "native",
        "X-Noncestr": "123456",
        "X-OS": "partnerApp_android",
        "X-Req-Time": reqTime,
        "X-Sign": x_sign,
        "X-Token": "",
        "X-UserID": "",
        "Host": "chinayltx.com",
        "User-Agent": "okhttp/3.10.0"
    }
    url = "https://chinayltx.com/app/api/v1/partnerLogin/login"
    data = {
        "phone": phone,
        "password": encrypt_pwd
    }
    response = requests.post(url, headers=headers, data=data,verify=False)

    print(response.text)
    print(response)


def run():
    phone = "18322221324"
    password = "123456"
    encrypt_pwd = encrypt_md5(password)
    x_sign,reqTime = parse_params(phone, encrypt_pwd)
    login_request(phone,encrypt_pwd,x_sign,reqTime)




if __name__ == '__main__':
    run()
avatar
文章
阅读
粉丝
相关推荐
逆向万例|No.00004【APP 篇】某联合伙人登录接口加密参数分析
873阅读
 · 
6点赞
Android逆向之某APP逆向实践
12k阅读
 · 
58点赞
Android逆向之逆向工具
6.3k阅读
 · 
50点赞
某app登录协议逆向分析
2.9k阅读
 · 
0点赞
为什么都是技术合伙人被踢出局?
11k阅读
 · 
38点赞
Android 逆向入门保姆级教程
16k阅读
 · 
119点赞
跟肉丝姐学 Frida 安卓逆向之快速搭建 Frida 安卓逆向环境
3.2k阅读
 · 
12点赞
【验证码逆向专栏】安某客滑块逆向
13k阅读
 · 
9点赞
【验证码逆向专栏】某片滑块、点选验证码逆向分析
8.1k阅读
 · 
6点赞
Android 逆向之脱壳实战篇
5.5k阅读
 · 
83点赞

友情链接: