spdbccc_web加解密逆向

1	`https://ecentre.spdbccc.com.cn/creditcard/indexActivity.htm?changeSts0=&data=001181&itemcode=pudaxiben6`

获取jwttoken

GET /msup-basic-link/link/parse?data=001181&itemcode=pudaxiben6&userBrowserReferer=&userScreenResolution=411*731&time_millis=1640326178483 HTTP/1.1
Host: ecentre.spdbccc.com.cn
Sec-Ch-Ua: " Not A;Brand";v="99", "Chromium";v="96", "Google Chrome";v="96"
Accept: application/json, text/plain, */*
Content-Type: application/json;charset=utf-8
Sec-Ch-Ua-Mobile: ?1
User-Agent: Mozilla/5.0 (Linux; Android 8.0; Pixel 2 Build/OPD3.170816.012) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Mobile Safari/537.36
Sec-Ch-Ua-Platform: "Android"
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://ecentre.spdbccc.com.cn/creditcard/indexActivity.htm?changeSts1=&data=001181&itemcode=pudaxiben6
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close

HTTP/1.1 200 OK
Date: Fri, 24 Dec 2021 06:09:37 GMT
Content-Type: application/json
Connection: close
X-Application-Context: msup-shunt:30920
Vary: Accept-Encoding
Set-Cookie: jwtToken=eyJhbGciOiJIUzUxMiJ9.eyJyZWNvcmRJZCI6ImRjN2Y1ZmNmOTg1MzRiNWJhYzU2ZWJiMDZlMzUwN2RkIiwiYWN0aXZpdHlDb2RlIjoiWjE4NjAxIiwibGlua051bSI6IjAwMTE4MSIsInVzZXJCcm93c2VyUmVmZXJlciI6IiIsImNhcmRHcm91cElkIjoxMzg0NSwicHJpdmlsZWdlR3JvdXBJZCI6IjIwMyIsImlzRmlyc3RDYXJkIjoxLCJpdGVtQ29kZSI6InB1ZGF4aWJlbjYiLCJzcGVjaWFsQ2FyZFR5cGUiOjAsImV4cCI6MTY0MDMzNjk3Nywic3BlY2lhbEFjdGNvZGVUeXBlIjoiU0YwMTAiLCJ1c2VyU2NyZWVuUmVzb2x1dGlvbiI6IjQxMSo3MzEifQ.iZKBlWCQ-A5LSlfgZXsLappPsvhZ3_W44o3Xmg2bruFLY4C9EpaNSHKnDlROP-3Jkk05tBofDbnCIswozK6v2A; Max-Age=10800; Expires=Fri, 24-Dec-2021 09:09:37 GMT; Path=/; HttpOnly
Set-Cookie: jwtToken=eyJhbGciOiJIUzUxMiJ9.eyJsaW5rTnVtIjoiMDAxMTgxIiwiY2FyZEdyb3VwSWQiOjEzODQ1LCJwcml2aWxlZ2VHcm91cElkIjoiMjAzIiwiY2FyZE5hbWUiOiLmtablj5Hnvo7lm73ov5DpgJrnmb3ph5Hkv6HnlKjljaEiLCJpdGVtQ29kZSI6InB1ZGF4aWJlbjYiLCJzcGVjaWFsQWN0Y29kZVR5cGUiOiJTRjAxMCIsInJlY29yZElkIjoiZGM3ZjVmY2Y5ODUzNGI1YmFjNTZlYmIwNmUzNTA3ZGQiLCJhY3Rpdml0eUNvZGUiOiJaMTg2MDEiLCJ1c2VyQnJvd3NlclJlZmVyZXIiOiIiLCJzcGVjaWFsQWN0Y29kZVR5cGVQYXJNYXAiOnt9LCJpc0ZpcnN0Q2FyZCI6MSwic3BlY2lhbENhcmRUeXBlIjoyLCJjYXJkQ2hhbm5lbElkIjoxNjY0LCJwYXJ0bmVySWQiOiIiLCJleHAiOjE2NDAzMzY5NzcsInByb2R1Y3RObyI6IjAxODYiLCJ1c2VyU2NyZWVuUmVzb2x1dGlvbiI6IjQxMSo3MzEifQ.twa6RyRXoHDXz9Crc_HNh1xqjnAmbFNNgvNx3WVeRwYSKGfZ_fdE3_rHgKdPsYmw3KItT88KDHx4b48WQHO_ag; Max-Age=10800; Expires=Fri, 24-Dec-2021 09:09:37 GMT; Path=/; HttpOnly
Content-Security-Policy: frame-ancestors ccc.spdb.com.cn
X-Frame-Options: ALLOW-FROM https://ccc.spdb.com.cn
Server: alb/2.0.0
X-Ser: BC136_dx-lt-yd-jiangsu-huaian-8-cache-7, BC73_dx-sichuan-chengdu-14-cache-3
Content-Length: 374

{"respCode":"0000","respMsg":null,"sysCode":null,"respMap":{"recordId":"dc7f5fcf98534b5bac56ebb06e3507dd","activityCode":"Z18601","smsTriggerType":"1","skipPageNo":"baseInfo","itemCode":"pudaxiben6","abtestFlowFlag":[{"name":"isEnableHomeAddr","type":0},{"name":"isEnableCopanyAddr","type":null}],"partnerId":"","specialActcodeType":"SF010","InsuranceFlag":"1"},"data":null}

获取token

GET /msup-user-base/base/msup/sms/init-token HTTP/1.1
Host: ecentre.spdbccc.com.cn
Cookie: jwtToken=eyJhbGciOiJIUzUxMiJ9.eyJsaW5rTnVtIjoiMDAxMTgxIiwiY2FyZEdyb3VwSWQiOjEzODQ1LCJwcml2aWxlZ2VHcm91cElkIjoiMjAzIiwiY2FyZE5hbWUiOiLmtablj5Hnvo7lm73ov5DpgJrnmb3ph5Hkv6HnlKjljaEiLCJpdGVtQ29kZSI6InB1ZGF4aWJlbjYiLCJzcGVjaWFsQWN0Y29kZVR5cGUiOiJTRjAxMCIsInJlY29yZElkIjoiZGM3ZjVmY2Y5ODUzNGI1YmFjNTZlYmIwNmUzNTA3ZGQiLCJhY3Rpdml0eUNvZGUiOiJaMTg2MDEiLCJ1c2VyQnJvd3NlclJlZmVyZXIiOiIiLCJzcGVjaWFsQWN0Y29kZVR5cGVQYXJNYXAiOnt9LCJpc0ZpcnN0Q2FyZCI6MSwic3BlY2lhbENhcmRUeXBlIjoyLCJjYXJkQ2hhbm5lbElkIjoxNjY0LCJwYXJ0bmVySWQiOiIiLCJleHAiOjE2NDAzMzY5NzcsInByb2R1Y3RObyI6IjAxODYiLCJ1c2VyU2NyZWVuUmVzb2x1dGlvbiI6IjQxMSo3MzEifQ.twa6RyRXoHDXz9Crc_HNh1xqjnAmbFNNgvNx3WVeRwYSKGfZ_fdE3_rHgKdPsYmw3KItT88KDHx4b48WQHO_ag; _pk_ses.34.6fac=*; bs_did=8892ac19-922e-43da-839a-1a0efb70198d|t=1640326054410; _pk_id.34.6fac=c2e0b6865a369f47.1640326180.1.1640326273.1640326180.
Sec-Ch-Ua: " Not A;Brand";v="99", "Chromium";v="96", "Google Chrome";v="96"
Accept: application/json, text/plain, */*
Sec-Ch-Ua-Mobile: ?1
User-Agent: Mozilla/5.0 (Linux; Android 8.0; Pixel 2 Build/OPD3.170816.012) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Mobile Safari/537.36
Sec-Ch-Ua-Platform: "Android"
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://ecentre.spdbccc.com.cn/creditcard/indexActivity.htm?changeSts0=&data=001181&itemcode=pudaxiben6
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close

HTTP/1.1 200 OK
Date: Fri, 24 Dec 2021 06:11:12 GMT
Content-Type: application/json;charset=UTF-8
Connection: close
X-Application-Context: msup-shunt:30920
Vary: Accept-Encoding
Content-Security-Policy: frame-ancestors ccc.spdb.com.cn
X-Frame-Options: ALLOW-FROM https://ccc.spdb.com.cn
Server: alb/2.0.0
X-Ser: BC134_dx-lt-yd-hebei-shijiazhuang-8-cache-1, BC79_dx-sichuan-chengdu-14-cache-3
Content-Length: 212

{"respCode":"0000","respMsg":null,"sysCode":null,"respMap":{"token":"57316146556d576a3631364356323067744641496370535a464b75672b3475754975534c4d79514d667736424f424e6c535a4d2b38546445324656735a694775"},"data":null}

发送短信

# 固定密钥
t.AES_KEY = "ipFVEo5wzl6s634Z",
t.AES_KEY_2 = "1udC6R2qJDyDjMqP",
t.RANDOM_KEY_1 = "6ntScd00C1lWUGYPOtEBgeZQhRRj3G6jt6sMhoQK",
t.RANDOM_KEY_2 = "P7C0TtGT27UMCV5G2RUVoierESUBM5sfARfjp3c9",

1
2
3

参数加密:
qcm1 = md5(aes_ecb_decrypt(base64_decode(unhex(token)), AES_KEY) + RANDOM_KEY_1)
qcm2 = hex(base64_encode(aes_ecb_encrypt(phone+RANDOM_KEY_2, AES_KEY_2)))

POST /msup-user-base/base/msup/sms/sms-code-9502 HTTP/1.1
Host: ecentre.spdbccc.com.cn
Cookie: jwtToken=eyJhbGciOiJIUzUxMiJ9.eyJsaW5rTnVtIjoiMDAxMTgxIiwiY2FyZEdyb3VwSWQiOjEzODQ1LCJwcml2aWxlZ2VHcm91cElkIjoiMjAzIiwiY2FyZE5hbWUiOiLmtablj5Hnvo7lm73ov5DpgJrnmb3ph5Hkv6HnlKjljaEiLCJpdGVtQ29kZSI6InB1ZGF4aWJlbjYiLCJzcGVjaWFsQWN0Y29kZVR5cGUiOiJTRjAxMCIsInJlY29yZElkIjoiZGM3ZjVmY2Y5ODUzNGI1YmFjNTZlYmIwNmUzNTA3ZGQiLCJhY3Rpdml0eUNvZGUiOiJaMTg2MDEiLCJ1c2VyQnJvd3NlclJlZmVyZXIiOiIiLCJzcGVjaWFsQWN0Y29kZVR5cGVQYXJNYXAiOnt9LCJpc0ZpcnN0Q2FyZCI6MSwic3BlY2lhbENhcmRUeXBlIjoyLCJjYXJkQ2hhbm5lbElkIjoxNjY0LCJwYXJ0bmVySWQiOiIiLCJleHAiOjE2NDAzMzY5NzcsInByb2R1Y3RObyI6IjAxODYiLCJ1c2VyU2NyZWVuUmVzb2x1dGlvbiI6IjQxMSo3MzEifQ.twa6RyRXoHDXz9Crc_HNh1xqjnAmbFNNgvNx3WVeRwYSKGfZ_fdE3_rHgKdPsYmw3KItT88KDHx4b48WQHO_ag; _pk_ses.34.6fac=*; bs_did=8892ac19-922e-43da-839a-1a0efb70198d|t=1640326054410; _pk_id.34.6fac=c2e0b6865a369f47.1640326180.1.1640326273.1640326180.
Content-Length: 229
Sec-Ch-Ua: " Not A;Brand";v="99", "Chromium";v="96", "Google Chrome";v="96"
Accept: application/json, text/plain, */*
Content-Type: application/json;charset=UTF-8
Sec-Ch-Ua-Mobile: ?1
User-Agent: Mozilla/5.0 (Linux; Android 8.0; Pixel 2 Build/OPD3.170816.012) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Mobile Safari/537.36
Sec-Ch-Ua-Platform: "Android"
Origin: https://ecentre.spdbccc.com.cn
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://ecentre.spdbccc.com.cn/creditcard/indexActivity.htm?changeSts0=&data=001181&itemcode=pudaxiben6
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close

{"qcm1":"a789fc5221899162f9d502000196dff9","qcm2":"684f64624b4843717337446d7953412f595165306c38304f33582b4e626c5a5244452b334f324e48766b362b6e69346167544978613572692b496b70303972714830372f774f442f484465464c4f37767965455630773d3d"}

HTTP/1.1 200 OK
Date: Fri, 24 Dec 2021 06:11:12 GMT
Content-Type: application/json;charset=UTF-8
Connection: close
X-Application-Context: msup-shunt:30920
Vary: Accept-Encoding
Content-Security-Policy: frame-ancestors ccc.spdb.com.cn
X-Frame-Options: ALLOW-FROM https://ccc.spdb.com.cn
Server: alb/2.0.0
X-Ser: BC147_dx-lt-yd-zhejiang-jinhua-5-cache-4, BC78_dx-sichuan-chengdu-14-cache-3
Content-Length: 74

{"respCode":"0000","respMsg":null,"sysCode":null,"respMap":{},"data":null}

note

远程调用任意JS函数上一篇

浦大喜奔App加密算法逆向下一篇