当前位置：网站首页>Airport cloud business sign analysis

Airport cloud business sign analysis

2022-07-27 14:24:00 【respectable:】

Here, go directly to the algorithm to find the topic , As for how to reverse the applet, you can GitHub On the search wxunpack hear .

Here I will not repeat the process of capturing bags , We saw it in the bag header Are there in nonceStr、sign

Search the applet source code directly through keywords to get the key parts ：

if ("POST" === t) y.sign = r(d, m.url.replace(a.default.HOST, ""), p, v, S), m.data = d; else {

for (var h = m.url + "?", b = 0, w = Object.keys(d); b < w.length; b++) {

var P = w[b];

h += P + "=" + d[P] + "&";

}

h = h.substring(0, h.length - 1), m.url = h, y.sign = r({}, m.url.replace(a.default.HOST, ""), p, v, S);

}

Let's take a look at this 2 The difference between lines of code ：

r(d, m.url.replace(a.default.HOST, ""), p, v, S)

r({}, m.url.replace(a.default.HOST, ""), p, v, S)

Through the analysis here, we can see , If t It should be the stored interface access type POST/GET, If it is POST It calls r The first argument to the function is d, If it is GET It is directly {}, that d It's a post data , Even dynamic debugging is not necessary .

and r The implementation process of the function is a splicing and md5 encryption , As shown below

function r(o, n, r, s, i) {

for (var u = "", c = 0, l = Object.keys(o).sort(); c < l.length; c++) {

var d = l[c], f = o[d];

if ("object" === e(f) && null !== f) {

var g = JSON.stringify(o[d]);

u += d + "=" + (g = g.split("").sort().join("")) + "&";

} else 0 === f || f ? u += d + "=" + o[d] + "&" : (o[d] = "", u += d + "=&");

}

return u += "url=" + n + "&", u += r ? "accessToken=" + r + "&" : "", u += "timestamp=" + s + "&",

u += "nonceStr=" + i + "&", u += "key=" + a.default.PLAM_KEY, t.md5Encrypt(u);

}