温馨提示:
我们一般在做这类app逆向的之前,最好熟悉一下常用密码的md5,base64等加密后的字符串的样子 以123456为例
md5
e10adc3949ba59abbe56e057f20f883e
base64
MTIzNDU2
笔记
1 安装apk
2 抓包
手机:
user:18322221324
pwd:123456
charles参数:
url: https://chinayltx.com/app/api/v1/partnerLogin/login
method: post
formdata: phone=18322221324&password=e10adc3949ba59abbe56e057f20f883e
headeas: X-Sign:c410aa567cf93ba7f8ee7077aeabdae3
我们需要关注的地方
1 formdata中的password的生成
package com.yltx.oil.partner.modules.login.presenter;
...
// line 72
public void submitLogin(String str, String str2) {
this.mLoginUseCase.setName(str);
this.mLoginUseCase.setPwd(Md5.md5(str2));
this.mLoginUseCase.execute(new LoginSubscriber(this.view));
}
...
我们看到pwd是有str2md5加密之后生成的
用python实现就是
2 请求头里面的X-Sign的生成
private String sign(String str) {
return Md5.md5(this.token + this.reqTime + this.noncestr.substring(2) + str).toLowerCase();
}
this.token = ""
this.reqTime = int(time.time()*1000)
this.noncestr.substring(2) = "3456"
str = "phone=18322221324&password=e10adc3949ba59abbe56e057f20f883e" // formdata
python实现
import hashlib
import time
import requests
from loguru import logger
def encrypt_md5(data):
h = hashlib.md5()
h.update(data.encode("utf-8"))
res = h.hexdigest()
return res
def parse_params(phone,encrypt_pwd):
print(phone,encrypt_pwd)
logger.info("生成x-sign前{"phone":%s,"encrypt_pwd":%s}"%(phone,encrypt_pwd))
token = ""
reqTime = str(int(time.time() * 1000))
noncestr = "3456"
_str = "phone={}&password={}".format(phone,encrypt_pwd)
will_encrypt_data = token+reqTime+noncestr+_str
logger.info("请求头和formdata拼接结果"+will_encrypt_data)
res = encrypt_md5(will_encrypt_data)
logger.info("X-Sign生成结果"+res)
return res,reqTime
def login_request(phone,encrypt_pwd,x_sign,reqTime):
headers = {
"X-App": "native",
"X-Noncestr": "123456",
"X-OS": "partnerApp_android",
"X-Req-Time": reqTime,
"X-Sign": x_sign,
"X-Token": "",
"X-UserID": "",
"Host": "chinayltx.com",
"User-Agent": "okhttp/3.10.0"
}
url = "https://chinayltx.com/app/api/v1/partnerLogin/login"
data = {
"phone": phone,
"password": encrypt_pwd
}
response = requests.post(url, headers=headers, data=data,verify=False)
print(response.text)
print(response)
def run():
phone = "18322221324"
password = "123456"
encrypt_pwd = encrypt_md5(password)
x_sign,reqTime = parse_params(phone, encrypt_pwd)
login_request(phone,encrypt_pwd,x_sign,reqTime)
if __name__ == '__main__':
run()