Python crawler advanced essential | Signature encryption logic analysis of a financial information website (old site update)

Today website

aHR0cHMlM0EvL3d3dy5jbHMuY24vdGVsZWdyYXBo

This website is proposed by students in the Js reverse engineering group. The encryption and decryption of this website has already written a case. I heard that the encryption has been changed, so I took the time to write an analysis.

(The above string of ciphertext can be decoded with Base64)

Packet capture and encryption positioning

Open the website and open the packet capture at the same time. All XHR requests carry sign encryption parameters

There are many results of search parameters, so we directly hit XHR breakpoints, like the following

It will automatically disconnect after a short while

When the website breaks, if this parameter has been generated, it should be to find the stack, and look up in the stack.

So don't mess up the steps

I don’t have to worry about how to find the location of this parameter. You can see it after a few times of debugging.

Parameter encryption analysis

The logic of p here looks a bit complicated

p = r ?l({},b(l({}, r)),{sign:g(l({}, r))}):{sign:g("")}

In fact, it is a ternary expression. If you don't understand how this logic is executed, you can read some of the Js tutorials recommended before. I don't need to worry about this here.

You can see that the main logic here is the following paragraph

sign:g(l({}, r))

So what are we looking for these methods?

The advanced logic seems to be somewhat complicated, but let’s not worry about it, just focus on the change of the value of t

When we gradually execute the following line of code,

Let's look at the value of t, we observe through console

You can see that the middle operation here is to splice the parameters together

def params_format(params):
 url =''if params:if not isinstance(params, dict):
   raise Exception('params must be a dictionary')  #Not in dictionary format throws an exception
  url +='&'.join([str(key)+'='+str(value)for key, value in params.items()])
  strSplit = url.split('&')
  strSorted =sorted(strSplit)
  strConvert ='&'.join(strSorted)return strConvert

I wrote a general Python code

We have now considered most of the code, but it seems that there is no encryption operation, so we continue to execute

You can see that the next step is an encryption

The encrypted result is a string of ciphertext

We chase in is the following code

Here I will test it directly with the website to see if I can hit it

The test result is the same as that printed above, which is sha1

Directly analyze the next step t = a(t)

Chasing in again, see the following code

In fact, the signs are also very clear, and the results of the MD5 test are the same.

I also tested the other signs on this website are all encrypted logic, some of the reasons are changed because of the time stamps in them, it is almost no difficulty.

That’s all for today, let’s meet again next time~

Love&Share [Finish]

Recommended Posts

Python crawler advanced essential | Signature encryption logic analysis of a financial information website (old site update)
Python crawler advanced essential | Decryption logic analysis of an index analysis platform
Python crawler advanced essential | About a free IP publishing platform webpage encryption parameter logic analysis
Python crawler advanced essential | a live data analysis platform encryption parameter sign analysis
Python crawler advanced must-have | Logical analysis of the encryption parameters of the jump link on a certain information publishing platform
Analysis of JS of Python crawler