【Python3爬蟲】破解時光網登入加密引數並實現模擬登入
阿新 • • 發佈:2020-07-05
一、站點分析
MTime 時光網是一個電影媒體與電商服務平臺,而這次做的模擬登入則是依靠其手機端站點,站點地址為:https://m.mtime.cn/#。切換到登入頁面,再分別輸入賬號和錯誤的密碼,點選登入,登入失敗,截圖如下:
開啟開發者工具,選擇“Network”,切換到“XHR”選項,找到一條名為 login.api 的請求,開啟後可以發現就是登入所傳送的請求,再檢視該請求的引數部分,截圖如下:
二、引數破解
1.引數分析
經過前面的分析可知有五個引數需要獲取,分別是 t、name、password、code 和 codeId,其中 code 和 codeId 目前看來是空的,無須處理,而 name 就是輸入的手機號,password 應該是輸入的密碼加密後的結果,剩下一個 t 還不知道是什麼含義。
2.引數獲取
在開發者工具中,Ctrl + F 全域性搜尋“password”,找到如下的 JavaScript 檔案:
https://static3.mtime.cn/html5/20200116143308/js/views/member/signin.js
開啟該檔案後搜尋“password”,首先是獲取 name 屬性為“password”的輸入框,在下文中還發現了 vcode 和 vcodeId,這兩個就是後面請求所需的 code 和 vcode 引數的值,截圖如下:
繼續搜尋“password”,可以找到一個 getPassword() 方法,用於獲取輸入的密碼內容,截圖如下:
接著搜尋“password”,找到如下內容:
這就是登入請求時的引數部分,其中密碼 password 是將輸入的密碼進行加密後的結果,使用的是 f.desEcbPkcs7 方法,那這個方法具體是什麼呢?
3.加密方法
在上面的 JS 檔案中的 217 行打上斷點,然後重新整理頁面並重新登入,頁面會進入 debugger 模式,然後選中desEcbPkcs7 部分,點選後跳轉到 app.all.min.js 中的如下程式碼部分:
這個 af 函式就是加密方法了,其中用到了一個變數 CryptoJS,要獲取這個變數的定義,就在上面程式碼中的1033行打上斷點,再重新登入一遍,定位到 CryptoJS 的定義部分,截圖如下:
對於變數 CryptoJS 的定義包含在 libs.all.min.js 中,但這個檔案中的程式碼量比較大,若全部複製下來使用會不方便,而我們也只需要得到對變數 CryptoJS 進行定義的程式碼就夠了,所以建議先把該 JS 檔案儲存到本地,再用編輯器開啟,就能很快地得到我們所需要的程式碼了,即使如此還是有一千四百多行(汗~)。
var CryptoJS = CryptoJS || function (g, w) {
var m = {}
, q = m.lib = {}
, j = q.Base = function () {
function a() {
}
return {
extend: function (e) {
a.prototype = this;
var c = new a;
return e && c.mixIn(e),
c.$super = this,
c
},
create: function () {
var c = this.extend();
return c.init.apply(c, arguments),
c
},
init: function () {
},
mixIn: function (c) {
for (var f in c) {
c.hasOwnProperty(f) && (this[f] = c[f])
}
c.hasOwnProperty("toString") && (this.toString = c.toString)
},
clone: function () {
return this.$super.extend(this)
}
}
}()
, v = q.WordArray = j.extend({
init: function (a, c) {
a = this.words = a || [],
this.sigBytes = c != w ? c : 4 * a.length
},
toString: function (a) {
return (a || x).stringify(this)
},
concat: function (a) {
var o = this.words
, f = a.words
, l = this.sigBytes
, a = a.sigBytes;
this.clamp();
if (l % 4) {
for (var c = 0; c < a; c++) {
o[l + c >>> 2] |= (f[c >>> 2] >>> 24 - 8 * (c % 4) & 255) << 24 - 8 * ((l + c) % 4)
}
} else {
if (65535 < f.length) {
for (c = 0; c < a; c += 4) {
o[l + c >>> 2] = f[c >>> 2]
}
} else {
o.push.apply(o, f)
}
}
return this.sigBytes += a,
this
},
clamp: function () {
var c = this.words
, a = this.sigBytes;
c[a >>> 2] &= 4294967295 << 32 - 8 * (a % 4),
c.length = g.ceil(a / 4)
},
clone: function () {
var a = j.clone.call(this);
return a.words = this.words.slice(0),
a
},
random: function (e) {
for (var a = [], c = 0; c < e; c += 4) {
a.push(4294967296 * g.random() | 0)
}
return v.create(a, e)
}
})
, p = m.enc = {}
, x = p.Hex = {
stringify: function (a) {
for (var o = a.words, a = a.sigBytes, f = [], l = 0; l < a; l++) {
var c = o[l >>> 2] >>> 24 - 8 * (l % 4) & 255;
f.push((c >>> 4).toString(16)),
f.push((c & 15).toString(16))
}
return f.join("")
},
parse: function (a) {
for (var i = a.length, c = [], f = 0; f < i; f += 2) {
c[f >>> 3] |= parseInt(a.substr(f, 2), 16) << 24 - 4 * (f % 8)
}
return v.create(c, i / 2)
}
}
, b = p.Latin1 = {
stringify: function (a) {
for (var i = a.words, a = a.sigBytes, c = [], f = 0; f < a; f++) {
c.push(String.fromCharCode(i[f >>> 2] >>> 24 - 8 * (f % 4) & 255))
}
return c.join("")
},
parse: function (a) {
for (var i = a.length, c = [], f = 0; f < i; f++) {
c[f >>> 2] |= (a.charCodeAt(f) & 255) << 24 - 8 * (f % 4)
}
return v.create(c, i)
}
}
, h = p.Utf8 = {
stringify: function (a) {
try {
return decodeURIComponent(escape(b.stringify(a)))
} catch (c) {
throw Error("Malformed UTF-8 data")
}
},
parse: function (a) {
return b.parse(unescape(encodeURIComponent(a)))
}
}
, k = q.BufferedBlockAlgorithm = j.extend({
reset: function () {
this._data = v.create(),
this._nDataBytes = 0
},
_append: function (a) {
"string" == typeof a && (a = h.parse(a)),
this._data.concat(a),
this._nDataBytes += a.sigBytes
},
_process: function (y) {
var f = this._data
, s = f.words
, e = f.sigBytes
, l = this.blockSize
, z = e / (4 * l)
, z = y ? g.ceil(z) : g.max((z | 0) - this._minBufferSize, 0)
, y = z * l
, e = g.min(4 * y, e);
if (y) {
for (var c = 0; c < y; c += l) {
this._doProcessBlock(s, c)
}
c = s.splice(0, y),
f.sigBytes -= e
}
return v.create(c, e)
},
clone: function () {
var a = j.clone.call(this);
return a._data = this._data.clone(),
a
},
_minBufferSize: 0
});
q.Hasher = k.extend({
init: function () {
this.reset()
},
reset: function () {
k.reset.call(this),
this._doReset()
},
update: function (a) {
return this._append(a),
this._process(),
this
},
finalize: function (a) {
return a && this._append(a),
this._doFinalize(),
this._hash
},
clone: function () {
var a = k.clone.call(this);
return a._hash = this._hash.clone(),
a
},
blockSize: 16,
_createHelper: function (a) {
return function (e, c) {
return a.create(c).finalize(e)
}
},
_createHmacHelper: function (a) {
return function (e, c) {
return d.HMAC.create(a, c).finalize(e)
}
}
});
var d = m.algo = {};
return m
}(Math)
, CryptoJS = CryptoJS || function (g, w) {
var m = {}
, q = m.lib = {}
, j = q.Base = function () {
function a() {
}
return {
extend: function (e) {
a.prototype = this;
var c = new a;
return e && c.mixIn(e),
c.$super = this,
c
},
create: function () {
var c = this.extend();
return c.init.apply(c, arguments),
c
},
init: function () {
},
mixIn: function (c) {
for (var f in c) {
c.hasOwnProperty(f) && (this[f] = c[f])
}
c.hasOwnProperty("toString") && (this.toString = c.toString)
},
clone: function () {
return this.$super.extend(this)
}
}
}()
, v = q.WordArray = j.extend({
init: function (a, c) {
a = this.words = a || [],
this.sigBytes = c != w ? c : 4 * a.length
},
toString: function (a) {
return (a || x).stringify(this)
},
concat: function (a) {
var o = this.words
, f = a.words
, l = this.sigBytes
, a = a.sigBytes;
this.clamp();
if (l % 4) {
for (var c = 0; c < a; c++) {
o[l + c >>> 2] |= (f[c >>> 2] >>> 24 - 8 * (c % 4) & 255) << 24 - 8 * ((l + c) % 4)
}
} else {
if (65535 < f.length) {
for (c = 0; c < a; c += 4) {
o[l + c >>> 2] = f[c >>> 2]
}
} else {
o.push.apply(o, f)
}
}
return this.sigBytes += a,
this
},
clamp: function () {
var c = this.words
, a = this.sigBytes;
c[a >>> 2] &= 4294967295 << 32 - 8 * (a % 4),
c.length = g.ceil(a / 4)
},
clone: function () {
var a = j.clone.call(this);
return a.words = this.words.slice(0),
a
},
random: function (e) {
for (var a = [], c = 0; c < e; c += 4) {
a.push(4294967296 * g.random() | 0)
}
return v.create(a, e)
}
})
, p = m.enc = {}
, x = p.Hex = {
stringify: function (a) {
for (var o = a.words, a = a.sigBytes, f = [], l = 0; l < a; l++) {
var c = o[l >>> 2] >>> 24 - 8 * (l % 4) & 255;
f.push((c >>> 4).toString(16)),
f.push((c & 15).toString(16))
}
return f.join("")
},
parse: function (a) {
for (var i = a.length, c = [], f = 0; f < i; f += 2) {
c[f >>> 3] |= parseInt(a.substr(f, 2), 16) << 24 - 4 * (f % 8)
}
return v.create(c, i / 2)
}
}
, b = p.Latin1 = {
stringify: function (a) {
for (var i = a.words, a = a.sigBytes, c = [], f = 0; f < a; f++) {
c.push(String.fromCharCode(i[f >>> 2] >>> 24 - 8 * (f % 4) & 255))
}
return c.join("")
},
parse: function (a) {
for (var i = a.length, c = [], f = 0; f < i; f++) {
c[f >>> 2] |= (a.charCodeAt(f) & 255) << 24 - 8 * (f % 4)
}
return v.create(c, i)
}
}
, h = p.Utf8 = {
stringify: function (a) {
try {
return decodeURIComponent(escape(b.stringify(a)))
} catch (c) {
throw Error("Malformed UTF-8 data")
}
},
parse: function (a) {
return b.parse(unescape(encodeURIComponent(a)))
}
}
, k = q.BufferedBlockAlgorithm = j.extend({
reset: function () {
this._data = v.create(),
this._nDataBytes = 0
},
_append: function (a) {
"string" == typeof a && (a = h.parse(a)),
this._data.concat(a),
this._nDataBytes += a.sigBytes
},
_process: function (y) {
var f = this._data
, s = f.words
, e = f.sigBytes
, l = this.blockSize
, z = e / (4 * l)
, z = y ? g.ceil(z) : g.max((z | 0) - this._minBufferSize, 0)
, y = z * l
, e = g.min(4 * y, e);
if (y) {
for (var c = 0; c < y; c += l) {
this._doProcessBlock(s, c)
}
c = s.splice(0, y),
f.sigBytes -= e
}
return v.create(c, e)
},
clone: function () {
var a = j.clone.call(this);
return a._data = this._data.clone(),
a
},
_minBufferSize: 0
});
q.Hasher = k.extend({
init: function () {
this.reset()
},
reset: function () {
k.reset.call(this),
this._doReset()
},
update: function (a) {
return this._append(a),
this._process(),
this
},
finalize: function (a) {
return a && this._append(a),
this._doFinalize(),
this._hash
},
clone: function () {
var a = k.clone.call(this);
return a._hash = this._hash.clone(),
a
},
blockSize: 16,
_createHelper: function (a) {
return function (e, c) {
return a.create(c).finalize(e)
}
},
_createHmacHelper: function (a) {
return function (e, c) {
return d.HMAC.create(a, c).finalize(e)
}
}
});
var d = m.algo = {};
return m
}(Math);
(function () {
var a = CryptoJS
, b = a.lib.WordArray;
a.enc.Base64 = {
stringify: function (c) {
var k = c.words
, f = c.sigBytes
, h = this._map;
c.clamp();
for (var c = [], d = 0; d < f; d += 3) {
for (var j = (k[d >>> 2] >>> 24 - 8 * (d % 4) & 255) << 16 | (k[d + 1 >>> 2] >>> 24 - 8 * ((d + 1) % 4) & 255) << 8 | k[d + 2 >>> 2] >>> 24 - 8 * ((d + 2) % 4) & 255, g = 0; 4 > g && d + 0.75 * g < f; g++) {
c.push(h.charAt(j >>> 6 * (3 - g) & 63))
}
}
if (k = h.charAt(64)) {
for (; c.length % 4;) {
c.push(k)
}
}
return c.join("")
},
parse: function (d) {
var d = d.replace(/\s/g, "")
, h = d.length
, j = this._map
, k = j.charAt(64);
k && (k = d.indexOf(k),
-1 != k && (h = k));
for (var k = [], i = 0, l = 0; l < h; l++) {
if (l % 4) {
var c = j.indexOf(d.charAt(l - 1)) << 2 * (l % 4)
, g = j.indexOf(d.charAt(l)) >>> 6 - 2 * (l % 4);
k[i >>> 2] |= (c | g) << 24 - 8 * (i % 4),
i++
}
}
return b.create(k, i)
},
_map: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="
}
}
)(),
function (c) {
function m(a, x, q, v, f, w, u) {
return a = a + (x & q | ~x & v) + f + u,
(a << w | a >>> 32 - w) + x
}
function h(a, x, q, v, f, w, u) {
return a = a + (x & v | q & ~v) + f + u,
(a << w | a >>> 32 - w) + x
}
function k(a, x, q, v, f, w, u) {
return a = a + (x ^ q ^ v) + f + u,
(a << w | a >>> 32 - w) + x
}
function g(a, x, q, v, f, w, u) {
return a = a + (q ^ (x | ~v)) + f + u,
(a << w | a >>> 32 - w) + x
}
var l = CryptoJS
, j = l.lib
, p = j.WordArray
, j = j.Hasher
, b = l.algo
, d = [];
(function () {
for (var a = 0; 64 > a; a++) {
d[a] = 4294967296 * c.abs(c.sin(a + 1)) | 0
}
}
)(),
b = b.MD5 = j.extend({
_doReset: function () {
this._hash = p.create([1732584193, 4023233417, 2562383102, 271733878])
},
_doProcessBlock: function (q, v) {
for (var t = 0; 16 > t; t++) {
var w = v + t
, f = q[w];
q[w] = (f << 8 | f >>> 24) & 16711935 | (f << 24 | f >>> 8) & 4278255360
}
for (var w = this._hash.words, f = w[0], r = w[1], i = w[2], n = w[3], t = 0; 64 > t; t += 4) {
16 > t ? (f = m(f, r, i, n, q[v + t], 7, d[t]),
n = m(n, f, r, i, q[v + t + 1], 12, d[t + 1]),
i = m(i, n, f, r, q[v + t + 2], 17, d[t + 2]),
r = m(r, i, n, f, q[v + t + 3], 22, d[t + 3])) : 32 > t ? (f = h(f, r, i, n, q[v + (t + 1) % 16], 5, d[t]),
n = h(n, f, r, i, q[v + (t + 6) % 16], 9, d[t + 1]),
i = h(i, n, f, r, q[v + (t + 11) % 16], 14, d[t + 2]),
r = h(r, i, n, f, q[v + t % 16], 20, d[t + 3])) : 48 > t ? (f = k(f, r, i, n, q[v + (3 * t + 5) % 16], 4, d[t]),
n = k(n, f, r, i, q[v + (3 * t + 8) % 16], 11, d[t + 1]),
i = k(i, n, f, r, q[v + (3 * t + 11) % 16], 16, d[t + 2]),
r = k(r, i, n, f, q[v + (3 * t + 14) % 16], 23, d[t + 3])) : (f = g(f, r, i, n, q[v + 3 * t % 16], 6, d[t]),
n = g(n, f, r, i, q[v + (3 * t + 7) % 16], 10, d[t + 1]),
i = g(i, n, f, r, q[v + (3 * t + 14) % 16], 15, d[t + 2]),
r = g(r, i, n, f, q[v + (3 * t + 5) % 16], 21, d[t + 3]))
}
w[0] = w[0] + f | 0,
w[1] = w[1] + r | 0,
w[2] = w[2] + i | 0,
w[3] = w[3] + n | 0
},
_doFinalize: function () {
var a = this._data
, o = a.words
, f = 8 * this._nDataBytes
, i = 8 * a.sigBytes;
o[i >>> 5] |= 128 << 24 - i % 32,
o[(i + 64 >>> 9 << 4) + 14] = (f << 8 | f >>> 24) & 16711935 | (f << 24 | f >>> 8) & 4278255360,
a.sigBytes = 4 * (o.length + 1),
this._process(),
a = this._hash.words;
for (o = 0; 4 > o; o++) {
f = a[o],
a[o] = (f << 8 | f >>> 24) & 16711935 | (f << 24 | f >>> 8) & 4278255360
}
}
}),
l.MD5 = j._createHelper(b),
l.HmacMD5 = j._createHmacHelper(b)
}(Math),
function () {
var a = CryptoJS
, f = a.lib
, c = f.Base
, d = f.WordArray
, f = a.algo
, b = f.EvpKDF = c.extend({
cfg: c.extend({
keySize: 4,
hasher: f.MD5,
iterations: 1
}),
init: function (g) {
this.cfg = this.cfg.extend(g)
},
compute: function (h, q) {
for (var l = this.cfg, k = l.hasher.create(), p = d.create(), m = p.words, r = l.keySize, l = l.iterations; m.length < r;) {
g && k.update(g);
var g = k.update(h).finalize(q);
k.reset();
for (var j = 1; j < l; j++) {
g = k.finalize(g),
k.reset()
}
p.concat(g)
}
return p.sigBytes = 4 * r,
p
}
});
a.EvpKDF = function (g, i, h) {
return b.create(h).compute(g, i)
}
}(),
CryptoJS.lib.Cipher || function (k) {
var C = CryptoJS
, x = C.lib
, A = x.Base
, v = x.WordArray
, B = x.BufferedBlockAlgorithm
, y = C.enc.Base64
, D = C.algo.EvpKDF
, b = x.Cipher = B.extend({
cfg: A.extend(),
createEncryptor: function (a, c) {
return this.create(this._ENC_XFORM_MODE, a, c)
},
createDecryptor: function (a, c) {
return this.create(this._DEC_XFORM_MODE, a, c)
},
init: function (a, d, c) {
this.cfg = this.cfg.extend(c),
this._xformMode = a,
this._key = d,
this.reset()
},
reset: function () {
B.reset.call(this),
this._doReset()
},
process: function (a) {
return this._append(a),
this._process()
},
finalize: function (a) {
return a && this._append(a),
this._doFinalize()
},
keySize: 4,
ivSize: 4,
_ENC_XFORM_MODE: 1,
_DEC_XFORM_MODE: 2,
_createHelper: function () {
return function (a) {
return {
encrypt: function (e, c, d) {
return ("string" == typeof c ? j : z).encrypt(a, e, c, d)
},
decrypt: function (e, c, d) {
return ("string" == typeof c ? j : z).decrypt(a, e, c, d)
}
}
}
}()
});
x.StreamCipher = b.extend({
_doFinalize: function () {
return this._process(!0)
},
blockSize: 1
});
var m = C.mode = {}
, w = x.BlockCipherMode = A.extend({
createEncryptor: function (a, c) {
return this.Encryptor.create(a, c)
},
createDecryptor: function (a, c) {
return this.Decryptor.create(a, c)
},
init: function (a, c) {
this._cipher = a,
this._iv = c
}
})
, m = m.CBC = function () {
function c(l, e, f) {
var d = this._iv;
d ? this._iv = k : d = this._prevBlock;
for (var h = 0; h < f; h++) {
l[e + h] ^= d[h]
}
}
var a = w.extend();
return a.Encryptor = a.extend({
processBlock: function (d, h) {
var l = this._cipher
, f = l.blockSize;
c.call(this, d, h, f),
l.encryptBlock(d, h),
this._prevBlock = d.slice(h, h + f)
}
}),
a.Decryptor = a.extend({
processBlock: function (d, h) {
var l = this._cipher
, f = l.blockSize
, o = d.slice(h, h + f);
l.decryptBlock(d, h),
c.call(this, d, h, f),
this._prevBlock = o
}
}),
a
}()
, g = (C.pad = {}).Pkcs7 = {
pad: function (a, i) {
for (var c = 4 * i, c = c - a.sigBytes % c, f = c << 24 | c << 16 | c << 8 | c, h = [], d = 0; d < c; d += 4) {
h.push(f)
}
c = v.create(h, c),
a.concat(c)
},
unpad: function (a) {
a.sigBytes -= a.words[a.sigBytes - 1 >>> 2] & 255
}
};
x.BlockCipher = b.extend({
cfg: b.cfg.extend({
mode: m,
padding: g
}),
reset: function () {
b.reset.call(this);
var a = this.cfg
, d = a.iv
, a = a.mode;
if (this._xformMode == this._ENC_XFORM_MODE) {
var c = a.createEncryptor
} else {
c = a.createDecryptor,
this._minBufferSize = 1
}
this._mode = c.call(a, this, d && d.words)
},
_doProcessBlock: function (a, c) {
this._mode.processBlock(a, c)
},
_doFinalize: function () {
var a = this.cfg.padding;
if (this._xformMode == this._ENC_XFORM_MODE) {
a.pad(this._data, this.blockSize);
var c = this._process(!0)
} else {
c = this._process(!0),
a.unpad(c)
}
return c
},
blockSize: 4
});
var q = x.CipherParams = A.extend({
init: function (a) {
this.mixIn(a)
},
toString: function (a) {
return (a || this.formatter).stringify(this)
}
})
, m = (C.format = {}).OpenSSL = {
stringify: function (a) {
var c = a.ciphertext
, a = a.salt
, c = (a ? v.create([1398893684, 1701076831]).concat(a).concat(c) : c).toString(y);
return c = c.replace(/(.{64})/g, "$1\n")
},
parse: function (a) {
var a = y.parse(a)
, d = a.words;
if (1398893684 == d[0] && 1701076831 == d[1]) {
var c = v.create(d.slice(2, 4));
d.splice(0, 4),
a.sigBytes -= 16
}
return q.create({
ciphertext: a,
salt: c
})
}
}
, z = x.SerializableCipher = A.extend({
cfg: A.extend({
format: m
}),
encrypt: function (a, h, d, f) {
var f = this.cfg.extend(f)
, c = a.createEncryptor(d, f)
, h = c.finalize(h)
, c = c.cfg;
return q.create({
ciphertext: h,
key: d,
iv: c.iv,
algorithm: a,
mode: c.mode,
padding: c.padding,
blockSize: a.blockSize,
formatter: f.format
})
},
decrypt: function (a, f, c, d) {
return d = this.cfg.extend(d),
f = this._parse(f, d.format),
a.createDecryptor(c, d).finalize(f.ciphertext)
},
_parse: function (a, c) {
return "string" == typeof a ? c.parse(a) : a
}
})
, C = (C.kdf = {}).OpenSSL = {
compute: function (a, f, c, d) {
return d || (d = v.random(8)),
a = D.create({
keySize: f + c
}).compute(a, d),
c = v.create(a.words.slice(f), 4 * c),
a.sigBytes = 4 * f,
q.create({
key: a,
iv: c,
salt: d
})
}
}
, j = x.PasswordBasedCipher = z.extend({
cfg: z.cfg.extend({
kdf: C
}),
encrypt: function (a, f, c, d) {
return d = this.cfg.extend(d),
c = d.kdf.compute(c, a.keySize, a.ivSize),
d.iv = c.iv,
a = z.encrypt.call(this, a, f, c.key, d),
a.mixIn(c),
a
},
decrypt: function (a, f, c, d) {
return d = this.cfg.extend(d),
f = this._parse(f, d.format),
c = d.kdf.compute(c, a.keySize, a.ivSize, f.salt),
d.iv = c.iv,
z.decrypt.call(this, a, f, c.key, d)
}
})
}(),
function () {
function g(a, f) {
var c = (this._lBlock >>> a ^ this._rBlock) & f;
this._rBlock ^= c,
this._lBlock ^= c << a
}
function w(a, f) {
var c = (this._rBlock >>> a ^ this._lBlock) & f;
this._lBlock ^= c,
this._rBlock ^= c << a
}
var m = CryptoJS
, q = m.lib
, j = q.WordArray
, q = q.BlockCipher
, v = m.algo
,
p = [57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18, 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36, 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22, 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4]
,
x = [14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10, 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2, 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48, 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32]
, b = [1, 2, 4, 6, 8, 10, 12, 14, 15, 17, 19, 21, 23, 25, 27, 28]
, h = [{
0: 8421888,
268435456: 32768,
536870912: 8421378,
805306368: 2,
1073741824: 512,
1342177280: 8421890,
1610612736: 8389122,
1879048192: 8388608,
2147483648: 514,
2415919104: 8389120,
2684354560: 33280,
2952790016: 8421376,
3221225472: 32770,
3489660928: 8388610,
3758096384: 0,
4026531840: 33282,
134217728: 0,
402653184: 8421890,
671088640: 33282,
939524096: 32768,
1207959552: 8421888,
1476395008: 512,
1744830464: 8421378,
2013265920: 2,
2281701376: 8389120,
2550136832: 33280,
2818572288: 8421376,
3087007744: 8389122,
3355443200: 8388610,
3623878656: 32770,
3892314112: 514,
4160749568: 8388608,
1: 32768,
268435457: 2,
536870913: 8421888,
805306369: 8388608,
1073741825: 8421378,
1342177281: 33280,
1610612737: 512,
1879048193: 8389122,
2147483649: 8421890,
2415919105: 8421376,
2684354561: 8388610,
2952790017: 33282,
3221225473: 514,
3489660929: 8389120,
3758096385: 32770,
4026531841: 0,
134217729: 8421890,
402653185: 8421376,
671088641: 8388608,
939524097: 512,
1207959553: 32768,
1476395009: 8388610,
1744830465: 2,
2013265921: 33282,
2281701377: 32770,
2550136833: 8389122,
2818572289: 514,
3087007745: 8421888,
3355443201: 8389120,
3623878657: 0,
3892314113: 33280,
4160749569: 8421378
}, {
0: 1074282512,
16777216: 16384,
33554432: 524288,
50331648: 1074266128,
67108864: 1073741840,
83886080: 1074282496,
100663296: 1073758208,
117440512: 16,
134217728: 540672,
150994944: 1073758224,
167772160: 1073741824,
184549376: 540688,
201326592: 524304,
218103808: 0,
234881024: 16400,
251658240: 1074266112,
8388608: 1073758208,
25165824: 540688,
41943040: 16,
58720256: 1073758224,
75497472: 1074282512,
92274688: 1073741824,
109051904: 524288,
125829120: 1074266128,
142606336: 524304,
159383552: 0,
176160768: 16384,
192937984: 1074266112,
209715200: 1073741840,
226492416: 540672,
243269632: 1074282496,
260046848: 16400,
268435456: 0,
285212672: 1074266128,
301989888: 1073758224,
318767104: 1074282496,
335544320: 1074266112,
352321536: 16,
369098752: 540688,
385875968: 16384,
402653184: 16400,
419430400: 524288,
436207616: 524304,
452984832: 1073741840,
469762048: 540672,
486539264: 1073758208,
503316480: 1073741824,
520093696: 1074282512,
276824064: 540688,
293601280: 524288,
310378496: 1074266112,
327155712: 16384,
343932928: 1073758208,
360710144: 1074282512,
377487360: 16,
394264576: 1073741824,
411041792: 1074282496,
427819008: 1073741840,
444596224: 1073758224,
461373440: 524304,
478150656: 0,
494927872: 16400,
511705088: 1074266128,
528482304: 540672
}, {
0: 260,
1048576: 0,
2097152: 67109120,
3145728: 65796,
4194304: 65540,
5242880: 67108868,
6291456: 67174660,
7340032: 67174400,
8388608: 67108864,
9437184: 67174656,
10485760: 65792,
11534336: 67174404,
12582912: 67109124,
13631488: 65536,
14680064: 4,
15728640: 256,
524288: 67174656,
1572864: 67174404,
2621440: 0,
3670016: 67109120,
4718592: 67108868,
5767168: 65536,
6815744: 65540,
7864320: 260,
8912896: 4,
9961472: 256,
11010048: 67174400,
12058624: 65796,
13107200: 65792,
14155776: 67109124,
15204352: 67174660,
16252928: 67108864,
16777216: 67174656,
17825792: 65540,
18874368: 65536,
19922944: 67109120,
20971520: 256,
22020096: 67174660,
23068672: 67108868,
24117248: 0,
25165824: 67109124,
26214400: 67108864,
27262976: 4,
28311552: 65792,
29360128: 67174400,
30408704: 260,
31457280: 65796,
32505856: 67174404,
17301504: 67108864,
18350080: 260,
19398656: 67174656,
20447232: 0,
21495808: 65540,
22544384: 67109120,
23592960: 256,
24641536: 67174404,
25690112: 65536,
26738688: 67174660,
27787264: 65796,
28835840: 67108868,
29884416: 67109124,
30932992: 67174400,
31981568: 4,
33030144: 65792
}, {
0: 2151682048,
65536: 2147487808,
131072: 4198464,
196608: 2151677952,
262144: 0,
327680: 4198400,
393216: 2147483712,
458752: 4194368,
524288: 2147483648,
589824: 4194304,
655360: 64,
720896: 2147487744,
786432: 2151678016,
851968: 4160,
917504: 4096,
983040: 2151682112,
32768: 2147487808,
98304: 64,
163840: 2151678016,
229376: 2147487744,
294912: 4198400,
360448: 2151682112,
425984: 0,
491520: 2151677952,
557056: 4096,
622592: 2151682048,
688128: 4194304,
753664: 4160,
819200: 2147483648,
884736: 4194368,
950272: 4198464,
1015808: 2147483712,
1048576: 4194368,
1114112: 4198400,
1179648: 2147483712,
1245184: 0,
1310720: 4160,
1376256: 2151678016,
1441792: 2151682048,
1507328: 2147487808,
1572864: 2151682112,
1638400: 2147483648,
1703936: 2151677952,
1769472: 4198464,
1835008: 2147487744,
1900544: 4194304,
1966080: 64,
2031616: 4096,
1081344: 2151677952,
1146880: 2151682112,
1212416: 0,
1277952: 4198400,
1343488: 4194368,
1409024: 2147483648,
1474560: 2147487808,
1540096: 64,
1605632: 2147483712,
1671168: 4096,
1736704: 2147487744,
1802240: 2151678016,
1867776: 4160,
1933312: 2151682048,
1998848: 4194304,
2064384: 4198464
}, {
0: 128,
4096: 17039360,
8192: 262144,
12288: 536870912,
16384: 537133184,
20480: 16777344,
24576: 553648256,
28672: 262272,
32768: 16777216,
36864: 537133056,
40960: 536871040,
45056: 553910400,
49152: 553910272,
53248: 0,
57344: 17039488,
61440: 553648128,
2048: 17039488,
6144: 553648256,
10240: 128,
14336: 17039360,
18432: 262144,
22528: 537133184,
26624: 553910272,
30720: 536870912,
34816: 537133056,
38912: 0,
43008: 553910400,
47104: 16777344,
51200: 536871040,
55296: 553648128,
59392: 16777216,
63488: 262272,
65536: 262144,
69632: 128,
73728: 536870912,
77824: 553648256,
81920: 16777344,
86016: 553910272,
90112: 537133184,
94208: 16777216,
98304: 553910400,
102400: 553648128,
106496: 17039360,
110592: 537133056,
114688: 262272,
118784: 536871040,
122880: 0,
126976: 17039488,
67584: 553648256,
71680: 16777216,
75776: 17039360,
79872: 537133184,
83968: 536870912,
88064: 17039488,
92160: 128,
96256: 553910272,
100352: 262272,
104448: 553910400,
108544: 0,
112640: 553648128,
116736: 16777344,
120832: 262144,
124928: 537133056,
129024: 536871040
}, {
0: 268435464,
256: 8192,
512: 270532608,
768: 270540808,
1024: 268443648,
1280: 2097152,
1536: 2097160,
1792: 268435456,
2048: 0,
2304: 268443656,
2560: 2105344,
2816: 8,
3072: 270532616,
3328: 2105352,
3584: 8200,
3840: 270540800,
128: 270532608,
384: 270540808,
640: 8,
896: 2097152,
1152: 2105352,
1408: 268435464,
1664: 268443648,
1920: 8200,
2176: 2097160,
2432: 8192,
2688: 268443656,
2944: 270532616,
3200: 0,
3456: 270540800,
3712: 2105344,
3968: 268435456,
4096: 268443648,
4352: 270532616,
4608: 270540808,
4864: 8200,
5120: 2097152,
5376: 268435456,
5632: 268435464,
5888: 2105344,
6144: 2105352,
6400: 0,
6656: 8,
6912: 270532608,
7168: 8192,
7424: 268443656,
7680: 270540800,
7936: 2097160,
4224: 8,
4480: 2105344,
4736: 2097152,
4992: 268435464,
5248: 268443648,
5504: 8200,
5760: 270540808,
6016: 270532608,
6272: 270540800,
6528: 270532616,
6784: 8192,
7040: 2105352,
7296: 2097160,
7552: 0,
7808: 268435456,
8064: 268443656
}, {
0: 1048576,
16: 33555457,
32: 1024,
48: 1049601,
64: 34604033,
80: 0,
96: 1,
112: 34603009,
128: 33555456,
144: 1048577,
160: 33554433,
176: 34604032,
192: 34603008,
208: 1025,
224: 1049600,
240: 33554432,
8: 34603009,
24: 0,
40: 33555457,
56: 34604032,
72: 1048576,
88: 33554433,
104: 33554432,
120: 1025,
136: 1049601,
152: 33555456,
168: 34603008,
184: 1048577,
200: 1024,
216: 34604033,
232: 1,
248: 1049600,
256: 33554432,
272: 1048576,
288: 33555457,
304: 34603009,
320: 1048577,
336: 33555456,
352: 34604032,
368: 1049601,
384: 1025,
400: 34604033,
416: 1049600,
432: 1,
448: 0,
464: 34603008,
480: 33554433,
496: 1024,
264: 1049600,
280: 33555457,
296: 34603009,
312: 1,
328: 33554432,
344: 1048576,
360: 1025,
376: 34604032,
392: 33554433,
408: 34603008,
424: 0,
440: 34604033,
456: 1049601,
472: 1024,
488: 33555456,
504: 1048577
}, {
0: 134219808,
1: 131072,
2: 134217728,
3: 32,
4: 131104,
5: 134350880,
6: 134350848,
7: 2048,
8: 134348800,
9: 134219776,
10: 133120,
11: 134348832,
12: 2080,
13: 0,
14: 134217760,
15: 133152,
2147483648: 2048,
2147483649: 134350880,
2147483650: 134219808,
2147483651: 134217728,
2147483652: 134348800,
2147483653: 133120,
2147483654: 133152,
2147483655: 32,
2147483656: 134217760,
2147483657: 2080,
2147483658: 131104,
2147483659: 134350848,
2147483660: 0,
2147483661: 134348832,
2147483662: 134219776,
2147483663: 131072,
16: 133152,
17: 134350848,
18: 32,
19: 2048,
20: 134219776,
21: 134217760,
22: 134348832,
23: 131072,
24: 0,
25: 131104,
26: 134348800,
27: 134219808,
28: 134350880,
29: 133120,
30: 2080,
31: 134217728,
2147483664: 131072,
2147483665: 2048,
2147483666: 134348832,
2147483667: 133152,
2147483668: 32,
2147483669: 134348800,
2147483670: 134217728,
2147483671: 134219808,
2147483672: 134350880,
2147483673: 134217760,
2147483674: 134219776,
2147483675: 0,
2147483676: 133120,
2147483677: 2080,
2147483678: 131104,
2147483679: 134350848
}]
, k = [4160749569, 528482304, 33030144, 2064384, 129024, 8064, 504, 2147483679]
, d = v.DES = q.extend({
_doReset: function () {
for (var a = this._key.words, u = [], f = 0; 56 > f; f++) {
var l = p[f] - 1;
u[f] = a[l >>> 5] >>> 31 - l % 32 & 1
}
a = this._subKeys = [];
for (l = 0; 16 > l; l++) {
for (var c = a[l] = [], o = b[l], f = 0; 24 > f; f++) {
c[f / 6 | 0] |= u[(x[f] - 1 + o) % 28] << 31 - f % 6,
c[4 + (f / 6 | 0)] |= u[28 + (x[f + 24] - 1 + o) % 28] << 31 - f % 6
}
c[0] = c[0] << 1 | c[0] >>> 31;
for (f = 1; 7 > f; f++) {
c[f] >>>= 4 * (f - 1) + 3
}
c[7] = c[7] << 5 | c[7] >>> 27
}
u = this._invSubKeys = [];
for (f = 0; 16 > f; f++) {
u[f] = a[15 - f]
}
},
encryptBlock: function (a, c) {
this._doCryptBlock(a, c, this._subKeys)
},
decryptBlock: function (a, c) {
this._doCryptBlock(a, c, this._invSubKeys)
},
_doCryptBlock: function (y, A, t) {
this._lBlock = y[A],
this._rBlock = y[A + 1],
g.call(this, 4, 252645135),
g.call(this, 16, 65535),
w.call(this, 2, 858993459),
w.call(this, 8, 16711935),
g.call(this, 1, 1431655765);
for (var B = 0; 16 > B; B++) {
for (var z = t[B], C = this._lBlock, e = this._rBlock, f = 0, l = 0; 8 > l; l++) {
f |= h[l][((e ^ z[l]) & k[l]) >>> 0]
}
this._lBlock = e,
this._rBlock = C ^ f
}
t = this._lBlock,
this._lBlock = this._rBlock,
this._rBlock = t,
g.call(this, 1, 1431655765),
w.call(this, 8, 16711935),
w.call(this, 2, 858993459),
g.call(this, 16, 65535),
g.call(this, 4, 252645135),
y[A] = this._lBlock,
y[A + 1] = this._rBlock
},
keySize: 2,
ivSize: 2,
blockSize: 2
});
m.DES = q._createHelper(d),
v = v.TripleDES = q.extend({
_doReset: function () {
var a = this._key.words;
this._des1 = d.createEncryptor(j.create(a.slice(0, 2))),
this._des2 = d.createEncryptor(j.create(a.slice(2, 4))),
this._des3 = d.createEncryptor(j.create(a.slice(4, 6)))
},
encryptBlock: function (a, c) {
this._des1.encryptBlock(a, c),
this._des2.decryptBlock(a, c),
this._des3.encryptBlock(a, c)
},
decryptBlock: function (a, c) {
this._des3.decryptBlock(a, c),
this._des2.encryptBlock(a, c),
this._des1.decryptBlock(a, c)
},
keySize: 6,
ivSize: 2,
blockSize: 2
}),
m.TripleDES = q._createHelper(v)
}();
CryptoJS.mode.ECB = function () {
var a = CryptoJS.lib.BlockCipherMode.extend();
return a.Encryptor = a.extend({
processBlock: function (b, c) {
this._cipher.encryptBlock(b, c)
}
}),
a.Decryptor = a.extend({
processBlock: function (b, c) {
this._cipher.decryptBlock(b, c)
}
}),
a
}();
得到了加密程式碼之後,我們只需要使用 execjs 進行編譯和呼叫就可以了,使用方法可以參考上一篇部落格。
三、模擬登入
通過前面的步驟,我們已經能夠得到登入所需要的引數了,編寫好加密方法之後,可以使用 Postman 進行測試,下面是用 Postman 進行登入的 POST 請求的響應結果:
從圖中可以看到,返回的是一個 JSON 檔案,其中包含了登入請求是否成功、登入的結果資訊和使用者資訊等內容。下面就是使用 Python 編寫的模擬登入時光網的程式碼:
"""
Version: Python3.7
Author: OniOn
Site: http://www.cnblogs.com/TM0831/
Time: 2020/7/5 14:19
"""
import execjs
import requests class MTimeSpider:
def __init__(self, username, password):
self.username = username
self.password = password def encrypted(self):
"""
use JavaScript to encrypt the password
:return:
"""
with open("encrypt.js", "r", encoding="utf-8") as f:
ctx = execjs.compile(f.read())
self.password = ctx.call("encrypt", self.password) def request(self):
"""
send request and get the response
:return:
"""
self.encrypted()
login_api = "https://m.mtime.cn/Service/callback-comm.mi/user/login.api"
data = {
"t": "",
"name": self.username,
"password": self.password,
"code": "",
"codeId": ""
}
res = requests.post(url=login_api, data=data)
status, msg = res.json()["data"]["status"], res.json()["data"]["msg"]
# print(status, msg)
if status == 1:
name = res.json()["data"]["user"]["nickname"]
print("使用者: {} 登入成功!".format(name))
else:
print("登入失敗!{}".format(msg)) if __name__ == '__main__':
print("請輸入賬號:")
usr = input()
print("請輸入密碼:")
pwd = input()
spider = MTimeSpider(usr, pwd)
spider.request()
執行後的截圖如下:
完整程式碼已上傳到 GitHub!