-
抓包数据
:method: POST
:authority: api.nftqin.com
:scheme: https
:path: /api/app/passwordLogin
content-length: 126
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="102", "Google Chrome";v="102"
authorization: Bearer null
content-type: application/json
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.nftqin.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.nftqin.com/
accept-encoding: gzip, deflate, br
accept-language: zh-CN,zh;q=0.9
{"s":"3D7A54D66A313029FE566CFFEE8BEA87","ts":1656659052039,"phone":"15512345578","password":"dsfsdfsdf234234234","platform":4}
根据抓包数据可以确定的是,ts参数是13位时间戳,phone是登录帐号,password是帐号密码,并且密码无加密,platform根据分析是一个固定参数,代表pc端web登录。
s是一个未知的签名参数。
s算法函数:
function p() {
var e = arguments.length > 0 && void 0 !== arguments[0] ? arguments[0] : {}
, a = 4;
e.platform = a;
var n = ""
, t = 0;
uni.getStorageSync("serveTime") && (t = uni.getStorageSync("serveTime"));
var c = (new Date).getTime() + Number(t);
e.ts = c;
for (var u = [], l = 0, p = Object.entries(e); l < p.length; l++) {
var g = (0,
i.default)(p[l], 2)
, f = g[0]
, m = g[1];
m && "captcha" != f && u.push(f)
}
u.sort(),
u.forEach((function(a) {
n += "".concat(a, "=").concat(e[a], "&")
}
));
var y = new s.default;
return n += y.decode(d),//参数排序拼接后,再拼接上key
n = (0,
o.default)(n).toUpperCase(),//md5
e = (0,
r.default)({
s: n,
ts: c
}, e),
e
}
s签名算法过程:明文参数排序后拼接成字符串,最后拼接上一个key值,再计算md5值得到s值。
key=GuINI98Ct86qbhddazbTjoOAhGmyUNnP4AqVt2lp5NXk5mRTCfTW42QDYFJpKT7iCFoXL6GLnWb0wHKV9d7k3rhhyZh19oZgHxoGCslYLu8NkLulzwRuHk3X6AmfiiSi
password=sdfsdgdsg2312321&phone=15512345678&platform=4&ts=1656661669193&key=GuINI98Ct86qbhddazbTjoOAhGmyUNnP4AqVt2lp5NXk5mRTCfTW42QDYFJpKT7iCFoXL6GLnWb0wHKV9d7k3rhhyZh19oZgHxoGCslYLu8NkLulzwRuHk3X6AmfiiSi 对以上字符串计算md5值得到s值