美文网首页
Python-RSA加密, 以🐘保资讯为例

Python-RSA加密, 以🐘保资讯为例

作者: 朝朝朝朝朝落 | 来源:发表于2021-12-30 15:17 被阅读0次

    目标App:


    WX20211230-141258@2x.png
    WX20211230-151603.png

    apk脱壳什么的我就不多讲了(请参考 https://www.jianshu.com/p/aef7cdca8263),

    抓包看请求:

    headers = {
    'Host': 'api.bz365.com',
    'android-version': '5.3',
    'app-channel': 'yingyongbao',
    'sign': '6182049170dc252a72a87e3875434c00',
    'imei': '8634045143851434',
    'cid': '140fe1da9e77d1d11e1',
    'content-type': 'application/json; charset=UTF-8',
    'content-length': '532',
    'accept-encoding': 'gzip',
    'user-agent': 'okhttp/3.14.0',
}
data = '{"bzValue":"s8x/dafMg691iD8BmSfu+1JI15TxrAJv8U+KE31+2D+Mka9Q5jj1SDKN06T0jckl9EOUq+J++u2sR9e1Z//5uKeBrgXKXsYFQMbKnkv5lj2hmCdaM7qOMwAVFAnXNPsBnoJq56k0ViHDHfVJHVCa3k/yCDbFHRTEQLoJ++pvzd67u24X5BYd3Uk9R03krt2rERpaZy4EGCGQH96TyqxOGw3tXBXHb73Ius0MwKWODjAKnGG1j/hjl1LGPHS9x9MWjGRI3IFJcDrOlfdBcTOUOcge+W4wkxilh7lzfwHcFIYWc8EXU7rLawXSs4sB/DyuRK7M41UcabFLPpwEIDBHiIDUTjKJnlagWKzqepsAnF7fz5KaIJEmHgWlbOiWv8Km4oxL6+FzyHsEc4UfzfmnI4Bmo6qmKsSHQF7BMPa+I0rS5ikFSjB7bCCe4ymZCmOQnoH55hmUoRIURyITZSDUllY0eF6KabEVVLBy32yOVgcYTvrG3jfgaKJj1ZxamYNEztDLMH"}'
response = requests.post('https://api.bz365.com/api/appSecondUnderstand/getMagazineLibsByParams', headers=headers, data=data)

    headers的sign和cid啥的每次都不变, 也不用在意, jadx 搜索 'bzValue'看结果:


    WX20211230-145529@2x.png WX20211230-145812.png WX20211230-145949.png WX20211230-150309.png

    hook代码

    jsCode2 = """
    Java.perform(function () {
    // Function to hook is defined here
    var q = Java.use('com.bz365.bznet.RsaUtil');
    q.signPublic.overload('java.lang.String','java.lang.String').implementation = function (a,b){
            send("start");
            send("a: "+a);
            send("b: "+b);            
            var result = this.signPublic(a,b);
            send("result:"+result);
            return result;
        };
    });  
"""

    结果:

    [*] start
[*] a: {"size":10,"pageNo":2,"contentTypeParentId":"0","bizData":{"apiVersion":"5.3","osType":"android","busiType":"dxapi","userId":"42xxxxxx1300"},"href":"HomeMagazineFragment","type":4,"userId":"4xxx21xxx71300","tid":"c7acxxxxxx20211xxxx0103006"}
[*] b: MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDw11mYofn5y1wVg1D3KgL77Z1UUrFNpoEEukzkL/uLWNBoCVLL89JuwyDBjEkzyiBZkFoy8947gEICRQvs1uTPsDVq7hBOLRUdq5qRBuJFQBeMKdCzsUggwdDXk8FS8ARH5jyt/jUrljxXXltVxnbA8QKQqdtld5f2Y+H7EuK3qwIDAQAB
[*] result:s8x/dafMg691iD8BmSfu+1JI15TxrAJv8U+KE31+2D+Mka9Q5jj1SDKN06T0jckl9EOUq+J++u2sR9e1Z//5uKeBrgXKXsYFQMbKnkv5lj2hmCdaM7qOMwAVFAnXNPsBnoJq56k0ViHDHfVJHVCa3k/yCDbFHRTEQLoJ++pvzd67u24X5BYd3Uk9R03krt2rERpaZy4EGCGQH96TyqxOGw3tXBXHb73Ius0MwKWODjAKnGG1j/hjl1LGPHS9x9MWjGRI3IFJcDrOlfdBcTOUOcge+W4wkxilh7lzfwHcFIYWc8EXU7rLawXSs4sB/DyuRK7M41UcabFLPpwEIDBHiIDUTjKJnlagWKzqepsAnF7fz5KaIJEmHgWlbOiWv8Km4oxL6+FzyHsEc4UfzfmnI4Bmo6qmKsSHQF7BMPa+I0rS5ikFSjB7bCCe4ymZCmOQnoH55hmUoRIURyITZSDUllY0eF6KabEVVLBy32yOVgcYTvrG3jfgaKJj1ZxamYNE

    参数也没啥, 就是咨询每个大类小类的data 加密了一下, 详细代码如下:

    def rsa_long_encrypt(pub_key_str, msg):
    '''要注意加密msg的长度'''
    msg = msg.encode('utf-8')
    length = len(msg)
    default_length = 117
    #公钥加密
    pubobj = Cipher_pkcs1_v1_5.new(RSA.importKey(base64.b64decode(pub_key_str)))
    #长度不用分段
    if length < default_length:
        return base64.b64encode(pubobj.encrypt(msg))
    #需要分段
    offset = 0
    res = []
    while length - offset > 0:
        if length - offset > default_length:
            res.append(pubobj.encrypt(msg[offset:offset+default_length]))
        else:
            res.append(pubobj.encrypt(msg[offset:]))
        offset += default_length
    byte_data = b''.join(res)

    return base64.b64encode(byte_data)
# 就选第一个key, 对应第一个value
pub_key_str='MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVoAabW8U9nNIL5JSMThPvcPuYn6B3XK5fRyEFefFph03ThkuGSzL15F5MqO/0ZrbLCdsz0mtAmSwCQx950Ge2lAMpmeWjYCx46K/75V575Fj4J8ovcGj/mSDmoj4nbAIO3BqMuUEW579ch3R4rQ+fXEiXlKt74mHzT3yJjML9PQIDAQAB'
msg={
    "size": 10,
    "pageNo": 1,
    "contentTypeParentId": "0",
    "bizData": {
        "apiVersion": "5.3",
        "osType": "android",
        "busiType": "dxapi",
        "userId": "xxx"#自己的id
    },
    "href": "HomeMagazineFragment",
    "type": 4,
    "userId": "xxx",#自己的id
    "tid": "xxx"#自己的tid
}
msg=json.dumps(msg)
bzValue= rsa_long_encrypt(pub_key_str, msg)
bzValue=bzValue.decode()
bzValue=bzValue +'VJRaEr'   #value写死
headers = {
    'Host': 'api.bz365.com',
    'android-version': '5.3',
    'app-channel': 'yingyongbao',
    'sign': 'xxxxxx',# 自己的sign
    'imei': 'xxxxxx',# 自己的imer
    'cid': 'xxxxxx',# 自己的cid
    'content-type': 'application/json; charset=UTF-8',
    'content-length': '532',
    'accept-encoding': 'gzip',
    'user-agent': 'okhttp/3.14.0',
}

data = {"bzValue":bzValue}
data=json.dumps(data)
response = requests.post('https://api.bz365.com/api/appSecondUnderstand/getMagazineLibsByParams', headers=headers, data=data)
rj=response .json()

    数据到手🤓


    WX20211230-151149@2x.png

    相关文章

      网友评论

          本文标题:Python-RSA加密, 以🐘保资讯为例

          本文链接:https://www.haomeiwen.com/subject/mfviqrtx.html

          延伸阅读

          深度阅读

          • 您也可以注册成为美文阅读网的作者,发表您的原创作品、分享您的心情!

          栏目导航

          热点阅读

          关于我们|服务条款|联系我们|Python-RSA加密, 以🐘保资讯为例|投稿指南|网站地图|RSS订阅|排版工具|手机版

          提供经典美文摘抄,优美散文欣赏,现代诗歌精选,短篇小说,心情随笔,表白情书范文,故事会在线阅读欣赏

          Copyright © 2014-2023 Haomeiwen.com All Rights Reserved. 好美文阅读网 版权所有

          备案信息:桂公网安备 45052102000051号 · 桂ICP备13007215号-3

          本站所收录作品、热点评论等信息部分来源互联网,目的只是为了系统归纳学习和传递资讯

          所有作品版权归原创作者所有,与本站立场无关,如不慎侵犯了你的权益,请联系我们告知,我们将做删除处理!