nftqin网站登录参数s算法逆向
  • 抓包数据

:method: POST
:authority: api.nftqin.com
:scheme: https
:path: /api/app/passwordLogin
content-length: 126
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="102", "Google Chrome";v="102"
authorization: Bearer null
content-type: application/json
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.nftqin.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.nftqin.com/
accept-encoding: gzip, deflate, br
accept-language: zh-CN,zh;q=0.9

{"s":"3D7A54D66A313029FE566CFFEE8BEA87","ts":1656659052039,"phone":"15512345578","password":"dsfsdfsdf234234234","platform":4}
根据抓包数据可以确定的是,ts参数是13位时间戳,phone是登录帐号,password是帐号密码,并且密码无加密,platform根据分析是一个固定参数,代表pc端web登录。
s是一个未知的签名参数。
s算法函数:
 function p() {
var e = arguments.length > 0 && void 0 !== arguments[0] ? arguments[0] : {}
, a = 4;
e.platform = a;
var n = ""
, t = 0;
uni.getStorageSync("serveTime") && (t = uni.getStorageSync("serveTime"));
var c = (new Date).getTime() + Number(t);
e.ts = c;
for (var u = [], l = 0, p = Object.entries(e); l < p.length; l++) {
var g = (0,
i.default)(p[l], 2)
, f = g[0]
, m = g[1];
m && "captcha" != f && u.push(f)
}
u.sort(),
u.forEach((function(a) {
n += "".concat(a, "=").concat(e[a], "&")
}
));
var y = new s.default;
return n += y.decode(d),//参数排序拼接后,再拼接上key
n = (0,
o.default)(n).toUpperCase(),//md5
e = (0,
r.default)({
s: n,
ts: c
}, e),
e
}

s签名算法过程:明文参数排序后拼接成字符串,最后拼接上一个key值,再计算md5值得到s值。

key=GuINI98Ct86qbhddazbTjoOAhGmyUNnP4AqVt2lp5NXk5mRTCfTW42QDYFJpKT7iCFoXL6GLnWb0wHKV9d7k3rhhyZh19oZgHxoGCslYLu8NkLulzwRuHk3X6AmfiiSi

password=sdfsdgdsg2312321&phone=15512345678&platform=4&ts=1656661669193&key=GuINI98Ct86qbhddazbTjoOAhGmyUNnP4AqVt2lp5NXk5mRTCfTW42QDYFJpKT7iCFoXL6GLnWb0wHKV9d7k3rhhyZh19oZgHxoGCslYLu8NkLulzwRuHk3X6AmfiiSi

对以上字符串计算md5值得到s值

----------------------------------------------------------------------------------------------------
文章内容仅用作技术探讨研究,禁止他用!
若相关单位认为文章内容不适合公开发表,请联系站长删除!
----------------------------------------------------------------------------------------------------
暂无评论

发送评论 编辑评论


				
|´・ω・)ノ
ヾ(≧∇≦*)ゝ
(☆ω☆)
(╯‵□′)╯︵┴─┴
 ̄﹃ ̄
(/ω\)
∠( ᐛ 」∠)_
(๑•̀ㅁ•́ฅ)
→_→
୧(๑•̀⌄•́๑)૭
٩(ˊᗜˋ*)و
(ノ°ο°)ノ
(´இ皿இ`)
⌇●﹏●⌇
(ฅ´ω`ฅ)
(╯°A°)╯︵○○○
φ( ̄∇ ̄o)
ヾ(´・ ・`。)ノ"
( ง ᵒ̌皿ᵒ̌)ง⁼³₌₃
(ó﹏ò。)
Σ(っ °Д °;)っ
( ,,´・ω・)ノ"(´っω・`。)
╮(╯▽╰)╭
o(*////▽////*)q
>﹏<
( ๑´•ω•) "(ㆆᴗㆆ)
😂
😀
😅
😊
🙂
🙃
😌
😍
😘
😜
😝
😏
😒
🙄
😳
😡
😔
😫
😱
😭
💩
👻
🙌
🖕
👍
👫
👬
👭
🌚
🌝
🙈
💊
😶
🙏
🍦
🍉
😣
Source: github.com/k4yt3x/flowerhd
颜文字
Emoji
小恐龙
花!
下一篇