• 京东小程序h5st


    声明
    本文章中所有内容仅供学习交流使用,不用于其他任何目的,抓包内容、敏感网址、数据接口等均已做脱敏处理,严禁用于商业用途和非法用途,否则由此产生的一切后果均与作者无关!wx a15018601872              
    本文章未经许可禁止转载,禁止任何修改后二次传播,擅自使用本文讲解的技术而导致的任何意外,作者均不负责,若有侵权,请联系作者立即删除!q 2766958292

    1.逆向过程

    整体过程和h5st网页版差不多。感觉小程序对环境检测并不是很严格。访问多次太多直接封openid。加密流程差不都。首先对body加密。加密后把整个函数扣下来调用一下就行了。

    1. sha256_digest=function(r) {
    2. function n(r, n) {
    3. var t = (65535 & r) + (65535 & n);
    4. return (r >> 16) + (n >> 16) + (t >> 16) << 16 | 65535 & t
    5. }
    6. function t(r, n) {
    7. return r >>> n | r << 32 - n
    8. }
    9. function e(r, n) {
    10. return r >>> n
    11. }
    12. function o(r, n, t) {
    13. return r & n ^ ~r & t
    14. }
    15. function u(r, n, t) {
    16. return r & n ^ r & t ^ n & t
    17. }
    18. function a(r) {
    19. return t(r, 2) ^ t(r, 13) ^ t(r, 22)
    20. }
    21. function f(r) {
    22. return t(r, 6) ^ t(r, 11) ^ t(r, 25)
    23. }
    24. function i(r) {
    25. return t(r, 7) ^ t(r, 18) ^ e(r, 3)
    26. }
    27. function c(r) {
    28. return t(r, 17) ^ t(r, 19) ^ e(r, 10)
    29. }
    30. var h = 8
    31. , C = 0;
    32. return r = function(r) {
    33. r = r.replace(/\r\n/g, "\n");
    34. for (var n = "", t = 0; t < r.length; t++) {
    35. var e = r.charCodeAt(t);
    36. e < 128 ? n += String.fromCharCode(e) : e > 127 && e < 2048 ? (n += String.fromCharCode(e >> 6 | 192),
    37. n += String.fromCharCode(63 & e | 128)) : (n += String.fromCharCode(e >> 12 | 224),
    38. n += String.fromCharCode(e >> 6 & 63 | 128),
    39. n += String.fromCharCode(63 & e | 128))
    40. }
    41. return n
    42. }(r),
    43. function(r) {
    44. for (var n = C ? "0123456789ABCDEF" : "0123456789abcdef", t = "", e = 0; e < 4 * r.length; e++)
    45. t += n.charAt(r[e >> 2] >> 8 * (3 - e % 4) + 4 & 15) + n.charAt(r[e >> 2] >> 8 * (3 - e % 4) & 15);
    46. return t
    47. }(function(r, t) {
    48. var e, h, C, g, d, v, A, l, m, S, s = new Array(1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298), y = new Array(1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225), w = new Array(64);
    49. r[t >> 5] |= 128 << 24 - t % 32,
    50. r[15 + (t + 64 >> 9 << 4)] = t;
    51. for (var p = 0; p < r.length; p += 16) {
    52. e = y[0],
    53. h = y[1],
    54. C = y[2],
    55. g = y[3],
    56. d = y[4],
    57. v = y[5],
    58. A = y[6],
    59. l = y[7];
    60. for (var b = 0; b < 64; b++)
    61. w[b] = b < 16 ? r[b + p] : n(n(n(c(w[b - 2]), w[b - 7]), i(w[b - 15])), w[b - 16]),
    62. m = n(n(n(n(l, f(d)), o(d, v, A)), s[b]), w[b]),
    63. S = n(a(e), u(e, h, C)),
    64. l = A,
    65. A = v,
    66. v = d,
    67. d = n(g, m),
    68. g = C,
    69. C = h,
    70. h = e,
    71. e = n(m, S);
    72. y[0] = n(e, y[0]),
    73. y[1] = n(h, y[1]),
    74. y[2] = n(C, y[2]),
    75. y[3] = n(g, y[3]),
    76. y[4] = n(d, y[4]),
    77. y[5] = n(v, y[5]),
    78. y[6] = n(A, y[6]),
    79. y[7] = n(l, y[7])
    80. }
    81. return y
    82. }(function(r) {
    83. for (var n = Array(), t = (1 << h) - 1, e = 0; e < r.length * h; e += h)
    84. n[e >> 5] |= (r.charCodeAt(e / h) & t) << 24 - e % 32;
    85. return n
    86. }(r), r.length * h))
    87. }

    但是需要主要token,和fp。这两个手动调用一下函数赋值给fe就行了。还有一些小细节就不说了。

    2.结果

    3.总结
    1.出于安全考虑,本章未提供完整流程,调试环节省略较多,只提供大致思路,具体细节要你自己还原,相信你也能调试出来。
    wx a15018601872 、x30184483xx
    q 2766958292
    仅用于学习交流👉侵权+wx

     

  • 相关阅读:
    阿里云服务器公网带宽收费价格表_1M到100M报价
    猿创征文|公众号开发之路——为了研究公众号,我注册了公司
    TSN中流的路由与调度的研究
    springboot项目中application.properties无法变成小树叶问题解决
    总结1062
    Javascript知识【JS-String对象&JS-Array对象&验证码切换】
    .NET桌面程序集成Web网页开发的十种解决方案
    给C#新增一个时间类型: YearMonth
    【牛客网-公司真题-前端入门篇】——58同城2021校招笔试-前端
    删除GitLab中的仓库
  • 原文地址:https://blog.csdn.net/weixin_54573778/article/details/139469394