浦大喜奔App加密算法逆向

浦大喜奔App加密算法逆向

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
{"deviceNumber":"866146034911242","telephone":"13800138009","channel":"01","useFlag":"uF1bl8Fy8yUaP1oI_6K0Z58nhPGMJr2Iu90nnKyuv0CJx-qvmE30m3J8ELt87zW1","version":"6.2.0"}xFkHqapOI3




MessageDigest.update input: 7b226465766963654e756d626572223a22383636313436303334393131323432222c2274656c6570686f6e65223a223133383030313338303033222c226368616e6e656c223a223031222c22757365466c6167223a22754631626c3846793879556150316f495f364b305a35386e6850474d4a7232497539306e6e4b79757630434a782d71766d4533306d334a38454c7438377a5731222c2276657273696f6e223a22362e322e30227d4f53486e526358685776
{"time":"2021-11-16T13:23:08.935Z","txnType":"Crypto","lib":"java.security.MessageDigest","method":"update","artifact":[{"name":"Raw Data","value":"7b226465766963654e756d626572223a22383636313436303334393131323432222c2274656c6570686f6e65223a223133383030313338303033222c226368616e6e656c223a223031222c22757365466c6167223a22754631626c3846793879556150316f495f364b305a35386e6850474d4a7232497539306e6e4b79757630434a782d71766d4533306d334a38454c7438377a5731222c2276657273696f6e223a22362e322e30227d4f53486e526358685776","argSeq":0}]}
MessageDigest.getAlgorithm: MD5
MessageDigest.digest: 62798b6df33a282a05c100771cb374e5
{"time":"2021-11-16T13:23:08.951Z","txnType":"Crypto","lib":"java.security.MessageDigest","method":"digest","artifact":[{"name":"Algorithm","value":"MD5","argSeq":0},{"name":"Digest","value":"62798b6df33a282a05c100771cb374e5","argSeq":0}]}
MessageDigest.update input: 7b2272657370436f6465223a2239393937222c227265737044657363223a22e5bd93e5898de794a8e688b7e4b88de5ad98e59ca8e38082222c22666c6167223a2230222c22756e5573654d7367223a22e682a8e69a82e697a0e6b395e4bdbfe794a8e8afade99fb3e58aa8e7a081efbc8ce8afb7e4bdbfe794a8e79fade4bfa1e58aa8e7a081e9aa8ce8af81227d4f53486e526358685776
{"time":"2021-11-16T13:23:09.249Z","txnType":"Crypto","lib":"java.security.MessageDigest","method":"update","artifact":[{"name":"Raw Data","value":"7b2272657370436f6465223a2239393937222c227265737044657363223a22e5bd93e5898de794a8e688b7e4b88de5ad98e59ca8e38082222c22666c6167223a2230222c22756e5573654d7367223a22e682a8e69a82e697a0e6b395e4bdbfe794a8e8afade99fb3e58aa8e7a081efbc8ce8afb7e4bdbfe794a8e79fade4bfa1e58aa8e7a081e9aa8ce8af81227d4f53486e526358685776","argSeq":0}]}
MessageDigest.getAlgorithm: MD5
MessageDigest.digest: 7e3d14635260f52f6e466dc5d46bb0b7
{"time":"2021-11-16T13:23:09.263Z","txnType":"Crypto","lib":"java.security.MessageDigest","method":"digest","artifact":[{"name":"Algorithm","value":"MD5","argSeq":0},{"name":"Digest","value":"7e3d14635260f52f6e466dc5d46bb0b7","argSeq":0}]}


POST /micrombank/register/check.do HTTP/1.1
Host: mbank.spdbccc.com.cn
Token:
Content-Type: application/x-www-form-urlencoded
Content-Length: 664
Accept-Encoding: gzip, deflate
User-Agent: okhttp/3.3.0
Connection: close

key=00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000AD635DE8762A1F4D42B6505C1DFD390F989468375C3B9E54219A01D28E0AF2EDAA06C3F371B382C2DB3B7A92B6DB6B22EB310C8D74F093B08B78B0738D4B7140925BF1E9B56F87D6F12C080154808FE4B45B75616D2D6439C2F77B470303A48F74B57DE02C470711FAE7AED&sign=62798B6DF33A282A05C100771CB374E5&data=MjLEB%252BCHaGvBuU3GyNhbIUBnXCLYr6Whd6i%252BxDA%252Fezb1jeb7fKzpWVIDZFWq5MW8nM2er%252BbhNeflzh6h5Qtu5X0BhX3SswQQbND0NNkzjbYtJVVOLqWssa0fEV8MIp61nc2M%252Fvwv516ynRiJEObTIt1E%252BINQANY4kVvJfrVEPakPBip6iPuOGTusKv6g5jxZXtUumdfadyts3tjw8Xh3h3feGv4cbbqnqRKwjS5rDcE%253D



{"deviceNumber":"866146034911242","telephone":"13800138003","channel":"01","useFlag":"uF1bl8Fy8yUaP1oI_6K0Z58nhPGMJr2Iu90nnKyuv0CJx-qvmE30m3J8ELt87zW1","version":"6.2.0"}OSHnRcXhWv




digest: 217bae12599374899ff93fa1246cf53d
java.lang.Exception
  at java.security.MessageDigest.digest(Native Method)
  at com.spdbccc.app.safety.d.k(PG:400)
  at com.spdbccc.app.network.utils.HttpUtils.getHashMap(PG:143)
  at com.spdbccc.app.network.impl.TxCompatImpl.post(PG:298)
  at com.spdbccc.app.network.impl.TxCompatImpl.post(PG:261)
  at com.spdbccc.app.network.HttpRequestImpl.sendRequest(PG:203)
  at com.spdbccc.app.network.HttpRequestImpl.sendRequest(PG:214)
  at com.spdbccc.app.network.HttpRequestImpl.sendRequestDialogNoIntercetpError(PG:134)
  at com.spdbccc.app.sp.login.activity.LoginCodeCheckActivity.onPlAidentifCodeValidGetClick(PG:402)
  at com.spdbccc.app.sp.login.activity.LoginCodeCheckActivity.onClick(PG:260)
  at android.view.View.performClick(View.java:5647)
  at android.view.View$PerformClick.run(View.java:22462)
  at android.os.Handler.handleCallback(Handler.java:754)
  at android.os.Handler.dispatchMessage(Handler.java:95)
  at android.os.Looper.loop(Looper.java:163)
  at android.app.ActivityThread.main(ActivityThread.java:6276)
  at java.lang.reflect.Method.invoke(Native Method)
  at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:898)
  at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:788)

input: null
digest: 7cf48275d24f645ed37f6a3f9b0db5ac
java.lang.Exception
  at java.security.MessageDigest.digest(Native Method)
  at com.spdbccc.app.safety.d.k(PG:400)
  at com.spdbccc.app.network.utils.HttpUtils.deCyptResponseBody(PG:82)
  at com.spdbccc.app.network.rx.TransformerErrorUtil$1.applyJson(PG:116)
  at com.spdbccc.app.network.rx.TransformerErrorUtil$1.apply(PG:84)
  at io.reactivex.internal.operators.observable.ObservableFlatMap$MergeObserver.onNext(PG:121)
  at io.reactivex.internal.operators.observable.ObservableObserveOn$ObserveOnObserver.d(PG:200)
  at io.reactivex.internal.operators.observable.ObservableObserveOn$ObserveOnObserver.run(PG:252)
  at io.reactivex.internal.schedulers.ScheduledRunnable.run(PG:66)
  at io.reactivex.internal.schedulers.ScheduledRunnable.call(PG:57)
  at java.util.concurrent.FutureTask.run(FutureTask.java:237)
  at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:272)
  at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1133)
  at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:607)
  at java.lang.Thread.run(Thread.java:760)



com.spdbccc.app.network.utils.HttpUtils


arg1:  {"deviceNumber":"866146034911242","telephone":"13800138006","channel":"01","useFlag":"uF1bl8Fy8yUaP1oI_6K0Z58nhPGMJr2Iu90nnKyuv0CJx-qvmE30m3J8ELt87zW1","version":"6.2.0"}uX5Un4te0C
ret:  FB9842160B8D8647885CB0BA655060AB
https://mbank.spdbccc.com.cn/micrombank/register/check.do {"deviceNumber":"866146034911242","telephone":"13800138006","channel":"01","useFlag":"uF1bl8Fy8yUaP1oI_6K0Z58nhPGMJr2Iu90nnKyuv0CJx-qvmE30m3J8ELt87zW1","version":"6.2.0"}
key : 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000519A4FA10D3FA4EDFC58DED220D8A25D3CA43FCF66AA2F2FEDD4031F5CC50C23CEEFAFED75BF6DFD844DEE3DE01CE6F4B67B152349282FB8DF6970E8AF689D228E5B3A3244242334DA192C7FE28E2C33CCD5F0B3A079344499B776F6F6066BE172024AFC123649CA765214D
sign : FB9842160B8D8647885CB0BA655060AB
data : q9OP%2BTIgZv%2FyR9icWmhiUPh5cWIh%2BuAi7Ko8L9g5COm%2FWluKVRSDx9svQ1ozT9Z9XEUnvR%2F1ogGO5wWZI5Wf%2Fqp24o7WI%2FAQ%2BRnMh76Jf5Fc2ghK2I4RWWGuG7AxoKssO5pPTbvtPgZ8e4C35oNj1nJs4Jcm13P7qW48yqeg6nPcpkqb0J6Gpma5JOSg%2B%2BRA6xF9%2FnF59fVT9nHb9vXnLSLmc%2BXCS%2BC3AvMsIE%2BWQlM%3D
arg1:  {"respCode":"9997","respDesc":"当前用户不存在。","flag":"0","unUseMsg":"您暂无法使用语音动码,请使用短信动码验证"}uX5Un4te0C
ret:  FED0EC57FE0A9C2EEA40091BAE57473E





q2P0rj5069l9QXt4p3irqdT2xs5TDE9u7Z8N



|----entered--com.spdbccc.app.application.MyApplication.p get_des3_key_part1 randomstr(12)
|----retval: q2P0rj5069l9


|----entered--com.spdbccc.app.application.MyApplication.r get_des3_key_part2 (get_code /link.do)
|----retval: dKqVOMK401jj


|----entered--com.spdbccc.app.application.MyApplication.q
|----retval: QXt4p3irqdT2xs5TDE9u7Z8N


|----entered--com.spdbccc.app.application.MyApplication.s
|----retval: xPOzTECPwV


random(12)   random(24)
q2P0rj5069l9 QXt4p3irqdT2xs5TDE9u7Z8N

des3_key: q2P0rj5069l9 dKqVOMK401jj

sign_key: xPOzTECPwV

QXt4p3irqdT2xs5TDE9u7Z8N


{"respCode":"0000","respDesc":"成功","data":{"code":"dKqVOMK401jj","salt":"xPOzTECPwV","ver":"99","val":"MIIHojCCBoqgAwIBAgIQDLQOc27VcNivx8QAZVfp4TANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTQwMgYDVQQDEytEaWdpQ2VydCBTSEEyIEV4dGVuZGVkIFZhbGlkYXRpb24gU2VydmVyIENBMB4XDTE5MDYxODAwMDAwMFoXDTIxMDczMDEyMDAwMFowggEvMR0wGwYDVQQPDBRQcml2YXRlIE9yZ2FuaXphdGlvbjETMBEGCysGAQQBgjc8AgEDEwJDTjEXMBUGCysGAQQBgjc8AgECDAbkuIrmtbcxJjAkBgsrBgEEAYI3PAIBAQwV6Ieq55Sx6LS45piT6K+V6aqM5Yy6MRswGQYDVQQFExI5MTMxMDExNTc1OTAyNTMwWFExCzAJBgNVBAYTAkNOMREwDwYDVQQHEwhTaGFuZ2hhaTFCMEAGA1UECgw55LiK5rW35rWm5Lic5Y+R5bGV6ZO26KGM6IKh5Lu95pyJ6ZmQ5YWs5Y+45L+h55So5Y2h5Lit5b+DMRgwFgYDVQQLDA/ov5DokKXmioDmnK/pg6gxHTAbBgNVBAMTFG1iYW5rLnNwZGJjY2MuY29tLmNuMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7/YLBeDwgE93jjchQesOQkxl/AsmFEyeppMb2COYPNJpSdvjE3ZOuFC1r/VIHMoSoPSSKHHL/dk9db8Pnu5Dq5R61ygEv2hd1mQcoWmXEebPUdNK6WnhEVMnmFiqVUHX3AjwzTKkCYOsnqW7Fo9UD9vQdfdcZz+WYxk+PjpapnxksiNkHnB03JWfccmYnUavbd10fx9rTVP5ZxQ5mr7FtPYuzWRoGqFuSzwipEnf8uuchRSGqEAnlveEvnwvatP5+zLxvkIHNh1as0olszmHEfuRCZssBmAXDCfqSzWj7e6TPCgQ/b2ZKdA8Di4J6YXnBli7JH/Wn1YFfsUQzu39iQIDAQABo4IDcDCCA2wwHwYDVR0jBBgwFoAUPdNQpdagre7zSmAKZdMh1Pj41g8wHQYDVR0OBBYEFHAE2ESk12B8wgZ1Ef/iJUyRBiDzMB8GA1UdEQQYMBaCFG1iYW5rLnNwZGJjY2MuY29tLmNuMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdQYDVR0fBG4wbDA0oDKgMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NoYTItZXYtc2VydmVyLWcyLmNybDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NoYTItZXYtc2VydmVyLWcyLmNybDBLBgNVHSAERDBCMDcGCWCGSAGG/WwCATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAcGBWeBDAEBMIGIBggrBgEFBQcBAQR8MHowJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBSBggrBgEFBQcwAoZGaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkV4dGVuZGVkVmFsaWRhdGlvblNlcnZlckNBLmNydDAJBgNVHRMEAjAAMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdgDuS723dc5guuFCaR+r4Z5mow9+X7By2IMAxHuJeqj9ywAAAWtpa8/3AAAEAwBHMEUCIQCkhdFd6kOrShUgEClVNcg9xOzZJdn833Qu68MvfUHoVQIgIxic66Swgzi3kKyXheiER+8ZUQKfyb86MWze7SG8ZksAdQBWFAaaL9fC7NP14b1Esj7HRna5vJkRXMDvlJhV1onQ3QAAAWtpa8xBAAAEAwBGMEQCIElyNBx/b4jsXv6l18iBq3CShvmf9m/aV9oz7biJUzh2AiBOerenZlbZnh6a7iti92pJ8NCqXBpjhG2eg6aUT+aVygB3AId1v+dZfPiMQ5lfvfNu/1aNR1Y2/0q1YMG06v9eoIMPAAABa2lrzYoAAAQDAEgwRgIhAJzQUJpEP4NB08bLAk1N/cIO4cKBIasOuGnNb5nj56MkAiEAnGwUXuPFsfl5LwBYt7LcdyHKDj26z37E7B84gXTytxwwDQYJKoZIhvcNAQELBQADggEBAE0IeBB4XvJtslbKHihd0kzw54hafJ4K+TjsOkkHKSGWJCE8rlzwKitKBKJAJbUMG/h+3WoRfBQPTT3zr/qLOHa9sOBoxZPmsbpVrY0bxyIAk+Iq3quMx8/7mCm+NnXxmYsDuT9ldUXAvzvpvrTuLbWDp4YKgMfDrS1dePeyxX0QQH+lrWa0tHuAdPlzmsm5S7WX3HnFkiSRU3/y0hRn295WYHgR6nHSs9u9WC8fCdazZ1aMQoiZVdIXQS/xqd6CND8NmVItwwxvkvKQYaqMgwEJ2kIZqD/q29qZXXGwiIIcAaLwqdXiqMVcVI6v4GbdIZv41Z3++WWq3nc7kJfyBfE=","imgUrl":"","useFlag":"oH1ZNpqPoRURBDaYr6QDz72GmGihDu3T7P0FbAgv67cM8R245ZqNdXJ8ELt87zW1","realmFlag":"1"}}





通信流程
1. 生成一个24随机字符串作为des3的密钥(des3_key_first_time),如QXt4p3irqdT2xs5TDE9u7Z8N, 加密请求后请求/capp-mbank-link/link.do,获取code, salt
2. 后续的des3密钥为长度为12的随机字符串(des3_key_part1)+/capp-mbank-link/link.do返回的code(des3_key_part2).
3. salt用于md5签名
4. 发送请求时的key的明文为 des3_key_part1 + des3_key_first_time


POST /capp-mbank-link/link.do HTTP/1.1
Host: mbank.spdbccc.com.cn
Token:
Content-Type: application/x-www-form-urlencoded
Content-Length: 668
Accept-Encoding: gzip, deflate
User-Agent: okhttp/3.3.0
Connection: close

key=000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008369EFBF2C123CD1C1CA39A9AC2D9E8D911E97E0AE5716BA890BE22C699B430B74DD1A6DAEF42C284E110400DD2F96EF84A8EA71590AC3403C478A2C1A0F51D5D6285E566D7DDB8&sign=A0CAC694575C6F53E175D353BF037B13&data=Tv4DywZCkz%252BU1LI54eLblGimO3XIu4%252B4CTcz0qtDZFP2DGxXN36jr%252FhhaG7gTTQY7mrpj8UEblwEc4EOY5QsWZaiYum%252FVYMc4FHN01EEQVLRFTgrkrDhsj7OPa5IJHUaTKXW6g51Um65Ybl8kTEaytLZEAOoCqXGlz1VjrYVQ%252FIBuJsB8%252FUBmy%252BbfHQlopqyT23PXqD2AgNTiDNkJWyXUysOaKy4mNsBHozE9knyfUg%253D



HTTP/1.1 200 OK
Date: Wed, 17 Nov 2021 13:46:48 GMT
Content-Type: text/plain;charset=utf-8
Content-Length: 3799
Connection: close
Server: nginx
X-Via: 1.1 PSjsczsx2uf34:6 (Cdn Cache Server V2.0), 1.1 ddx38:7 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 619507c8_ddx38_52959-21334

{"result":"oBJPYLjyctSAdH7T9lHVCKERQdzzQ//TUgpAFmpUeijxMwIXdyhkr/pdB+ElDBqYVz3ZmNbbpjtxiKFIDu87DleDoV2xTGE3SombHK+NCvpj2t8lkKiJOU9tz16g9gID/GYl2eyTdr60wu47Cv+Edq/RTI19RNvSJF9BV14NBLvJwgWA15F7W4tZUCAe3yocul5xf7MC7jyrOWIkjAcp6Fyqn98s6qdATNY46LvvK4P/xw5SQ/9Y+sBnQtCDhr8bhr+ixGN9eqpsoP0aQdoLD5VUbXoiRbVh/oF/BXexUkCPpIm8kbIwvbh1mg2+XJekM9oYgFRjotTn9x/ROADd1tMmQe2H8shMfiGl3biHwKsgjLFb3BwR8iwX0guuXzDCUVX63WVkoSxGKm0tjHhVsLElU/wjqo2tRs1kS49g90b3UTFsyXVMkBd7cVHor8hNpN3IIM81a6IG22oIDTneyfGkHY8cEBQbD+rBfKCIlw10CUdwHmHLax6ndeRzbBpQ5MD6DjXfRIXd0oilKV8HIE+QCwfDn76/5YMoqXrTAEwmYimFvaiQ+5zSY8o8g4dlGbQ3r7dVeWcNgo6RGPSRwc6p8QdEUqyAcwiSj2ic+nm0BmJwTbynKs3KyiiMk/+8ywIrXddwyq8Rs431V9Zhai8XE9rcXQ9dXjuKIvnv5MB7AEwaRO60rIvLDyB58fhQ91eJpcyoLlFvIFRECD+0W/4erkn7cuKsAmVSApMVcJlXphC7YPk6S0X7oiV0qMjtA6AQbGMUjfGZQfpEpymyNtf0P2Tw3+XzoZxPjDsfRl1J+42G0lPthEVEY0ai/w14P/IJUxluKaEpxvfBa94ljDSviSVNfpD93BwciArMBGc/HNhaKsXClbKqFnUMkHa7b0rTKEux1FJ5v22WvrOqkmrPeRffyfDm6eeQGwX32nDV6RolQ8jFqg6RWKuGoOnmO/RqqcRqsSFY7Gmag62uJ6QGMekrGzerqwGFT0n6JFj2TDxWYFUZz3ecN8+Bhc0DR8nSTw1kCSMptFnmtdkW43E6QNkCgg07x/qzoVPysd2U5oBK3JMxFzBLJVn87Ou49NCsUHSbDV4hmXZnkmhgOzqNlHDZKj+U/yUZ8Uk5/JBznMAh5LWm8Yqguxznke2iKgyRpvzg2Tx+xB/v6nKLArqllTyAr0+IyZ10K0nrWbSkHBUK4KOlpySAtvSIgbCZmjHAXhuUQVFBSNPVzfLBigi3fQMNQn3V2dYvURtVP4B6tVRzfxnJDK0YeCEKzVMnut+WjuRehY40dPiyFTHTAegma9XUUlKVAlhcK0/leGvk68/sPlaeMTSEi8Txr6mb9ps3F9c3z7RT0q4f10aqrPQuZDIMFCQg2T4WmQWoz7n28G7+onzYO7F8Wxa+7PPlG9r5+JceSxsePKm3uLnaTDvFlAPAcCS/+xQ46w5t7cN7aOuK6Da9mCcaovphToUfwBlfGBcBslygkKXO9tnpbbTYhGU+jxxNhMezZKlH+md0Lovi8Q+BN+0Q6ymfLLRKb+EK1/r1U+7ojK7g+cR0Hag1h4KYHBOa/LaRzYKCOJYZ2WR64IJO7Umiqp1H8Tbq1rn7czIycXzsYtbsRbnQvnEpWLiWxo5i9ZUasRJqFFvfbcrk3sCU9tbe+cvqD8qkz3N1C44S1lE42/z9JLKyH6L24trJfs2e4vGA55QK1wtlDbz64PuiOsBe4DWBs+0ScpRtg3zlif/Xzz6qM7rzB2ti31qDRtkGFBhHbCfTjRh3q90jcFs6o5FReZmXOeszyEOML0/tLa9exUxdWp5K8nkXEEM/dYem8IIyr9LI2Whc1LXpfN/WRndsKE1Uh1EHMDXKQNqQz1cixPz2XkAczO1KXTH7HbmyM9oYgFRjotRWyUQnHZfBSWOb+H45uHCHacViyIrlYYJVlsxus5XLqtAWpkugzTs8MDXKQNqQz1cixPz2XkAczJ0OZ/PVJdZMM9oYgFRjotRWyUQnHZfBSWOb+H45uHCHacViyIrlYYJVlsxus5XLqgfeWQyfORWC3Y0MDxWR0ilsAnCmoT5GLO+dIkUAcy8Owun4YyQdNwpjJnmiGdua0YDbLYh8x8OVtn7Oxe2NJOorWCheiFQ2UNTja0Yhkp18h2P3ptHWzaxk0azyJ9PyOJLF7PHKxxMQD93M/HVmu4TLu9+brAgawK0/8TGVX5tB39Zs+UKEogR3Uu1QOQUO9coClgavhJynFdfbldTNHuR+j5NCz+P8dW4OtwmfFynGZgLvnWWQjaLLu9+brAgawHhFnsDurutUIsT89l5AHMx79l/yJ0ZsDFBMEfE05t0+BGZ5p260vegeL2f1ZwnSJ7C29GzsOUVoYW+m6hEN4gBiA7AV2G8Jq36u5gWQOaSa3gj1gC0q1mOjT/qUwjD+/bInVp+CG5Dop/DzCOHt3TmfOmBfSvx6ZegH+m/quqLJVG6cJEfehnboNRWAycO2UGLVx/+ZL6D7GuKo0TBo8pQtqDYtbdCyFFCkWWdJct9TyNVn/alV9dQaP9e4ir3vnwetdGGvCpR9AcZgwOOuUHwl6sOFJ/2gQywjLTrTEQUDzg6Ja8CsYGf2oZnX52b+PDn2ErtHsDUNjf3fN+wnLdklJka/RMpgXQ2C37v8QMMQcyEE9Vx9iIWxsFnBvKrfrnGwRSkgZLXHsqaHvVQTMlUW569eojm/j5NhXNkh3QmOWNz8ir9vMn5qH3Pd+K9WLQk95KexkbfV/TSLpLJ2dq4K0OrAfClBShdRzdJnbyZR+WeBSI8FQj/OppBg8Bm5ilWd8hYyGgbUXdyNjj/PUd94nIt2mJBllkogWtVcATp741QGCnNB6H0HvhRK50JLVRs6UssDVTvTw6jjZzn4V2X/RD4RIgI5KAlcD3vlvZ6xhhh2dSddUmsXLSOWSkXvuu1cro2bEdoPSWRm0U9RLfV8VPnaRvtsGraJTg6LeOBAn7M/kiXGld/wUJiFffdxLsN+mF/hjS+xU70ocgamGePipwCJ87P6wKZHUyxQnGh3WjiymDXhCiZ6McRW1bc3ZrxCrU0qUs0sT3vZAa5GNgq8oPYmSztAChtkq5Qg8KlcTEOnfkIsG6TqXiTN9SO8Bdrt6QY2p480pXVWM5qMTGajr/IUeEqeEwzVL9fPgj7N4k9L/X2n9KUhhnSAk/VoH1BmNbivkXzSlE/yJi3F8OMoBPRHrLTg+0UBzvzOmV1yaC6uloZjDwUiQBSq+rOkLk9VwbbxzOYOpPvwiYhAgitEAOUWl04ikOmEZtBb9TpDvUNN/FW7CZ2TZ+1bQZxSv1UiIQQk4cwIyj/wvd7ND93uRUbJzsnKNSoCKcRzOTe6MC9MXY3jXW6h9M2r9XK6HQJaOQxD20LLUn234YDn4T84TqtOoP3aRuRgf9PkjM6/QlkNKRC1i2przHpi5ufLGF6ko+QdZLtgLia9Ol9l4oiU1I3xZkA+k9kshdwJihGGoNLN2uShMlYaPDUPjfH8fiwVcmecZgei5/8V9dYqgdMDj49KfwLFN/5v6qGUjUsDP7FYYyOQiU7lH87l39jZwbDA0E1ceL029Qp3NSvHC/e99vbCzuMwQ912TDC1pCGUwydKkwFqztFOwKY16h0nmIQD7F3uDkOFOhT3tGm4uAVFzXuurZU/wcRHbERnGelGzQKD5/XyTU7+pMlINtCWZiMLTvLm/wBBA8ZSRGwM2r4iHzXr8LpkvvK+CHktJq1nj+02lhVP5/3kveRpfzh6zbOkOolRyPWO","sign":""}





//key = q2P0rj5069l9QXt4p3irqdT2xs5TDE9u7Z8N

POST /micrombank/register/check.do HTTP/1.1
Host: mbank.spdbccc.com.cn
Token:
Content-Type: application/x-www-form-urlencoded
Content-Length: 644
Accept-Encoding: gzip, deflate
User-Agent: okhttp/3.3.0
Connection: close

key=00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001621C6CF5B07496C635C82BC4F44B4DF47DFBEFD3ACC7FED524B7E67784AD2702D3F402B6225DAA7716690400830E918C4BC96D2F17C36EA6A61E2DA3BFF108471D82C96CFB8298DE9BAA2F371CD59303836495AF84A8EA71590AC3403C478A2C1A0F51D5D6285E566D7DDB8&sign=05AF5FE3D023DCBC5939F411EFBB7A57&data=gfvd%252F%252FWuXhrK1%252FFSm3aS9iBg8ws7W9p%252BiAEsPmW3cPW0GOthdx9JxBJH8pDfGPP1685STb76giM6xzBkfeyRAnL3aRRTB6u3jlMEtrAlHc26Ezmh7xeaS4tVeKyDoemCYIMGEQtGYADt4yN5Lc6Fi0qtuRY%252FIqjx8YlbDJtJ7YLhrqIjz2oGhcH0ezyi6NSQJqOrAw5W6scxkPwqFnvCnQ%253D%253D




HTTP/1.1 200 OK
Date: Wed, 17 Nov 2021 13:46:54 GMT
Content-Type: text/plain;charset=utf-8
Content-Length: 247
Connection: close
Server: alb/2.0.0
X-Via: 1.1 PSjsczsx2uf34:6 (Cdn Cache Server V2.0), 1.1 ddx38:7 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 619507ce_ddx38_53810-14039

{"result":"0Eyf4LhbxVg5WAUzVVtm32I4Iaw14g0LT/FpWRBMLAKF8yPQG/JgN7xDrlQTvwQW4SvASAPKx9EdMEP4NvlklL8cNUopQjiURIZWwVu7LhEkhScgeXdPRfRuRAGEHHmVnLKf4ndeFIaP3/TXsYp1sLaao0PflIHNEND3CBlorA4L+iOtEhmzv+eMSkoI1AKS","sign":"EDA0BFFB987EAF30A5122A63FCB00389"}



/-------------------------
send



NIR9Zw1MbKrKLIKqT622z6J7






POST /capp-mbank-link/link.do HTTP/1.1
Host: mbank.spdbccc.com.cn
Token:
Content-Type: application/x-www-form-urlencoded
Content-Length: 676
Accept-Encoding: gzip, deflate
User-Agent: okhttp/3.3.0
Connection: close

key=0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000075236CA540E242749A635EC7EE8FE18BAE5AEC0470E93EBFAD193033AE2D990035ABA7F026B168F5D79AC93653D57AF0CF934166C3C4319723AD3ECF4688E604EAF74221BF7C7E7&sign=E0C2DC7F69501BAB109C7EE73BCC57B0&data=bP6PyB%252FGGwbQ5pIxKRgbijjwc9NpsvIgWSP%252BORtf%252Bi2%252BYMBCUVZ3lr60iH6bPTkY06Wpa0NZpRLAfhrvrCRrbhZHuwV0SEi7bEn%252FsCI0d3E1lueMYf87XSwDGltqgP0ft3PwBBPreMhnjKY12C%252F1kQIRcz3SoeQbrG8%252FnrUf8gw3BaYRxgK9FuowGfJpzyKyMU210a48vc%252FvwLlmc4zO9faNvd6zfoUr3P57%252BGftkXc%253D


HTTP/1.1 200 OK
Date: Wed, 17 Nov 2021 14:33:54 GMT
Content-Type: text/plain;charset=utf-8
Content-Length: 3799
Connection: close
Server: nginx
X-Via: 1.1 shx225:9 (Cdn Cache Server V2.0), 1.1 ddx38:7 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 619512d2_ddx37_9181-31118

{"result":"0CAghjHWw30YORIysx0Oj0hvgg5EVeDf78VBJBZu+9Lyj2k9phpvJfYSFSXHr/5B8I3nZnktXRmO6FsQ9ImvvoJLx3MhztLX892BeBZJRAU0bKJjwWKsYDFNtdGuPL3PVQmCA9FShVw96o8uEzbqbePDNze0UjhqCpdnQH4AwoJNi9mU0e7NbEWFSYPaBP6hkeVbgVhtrKCbP0j955k4Ge8N0wQFjSp0/ht1YWMQMbuAckVA3RJQmdG283rq7Jmn/yCvraxoEv+uOzRePDPSaJkvJvY8xxmDIrhNsutHKYnhnpBy1rtiGClo8wLTvtgrrTfkKY6UhT60tDAzO7BokNNMKGMIawQcgRRq9qU/6okRDuT/EWyXnLF3u9hq5GIHmw6FrBrEZUKxwZsJBuYfWdcu0jgEOYgQEU/uge4E+BwgkJweiDMekj666O6v49JHS3f7cqmrUehyQojnxLWLwhub33v4UUj5rcE4vzQO/ezKrPjoXhAdoSTueIOEdzAaHJPlfvyR/N6ZIIPwrd/tBTSE8WvLJoU9bvhszaZwEXIKHtn12qYdBK6fwggb5Ly+0nngM3qoH3VRyKOv3yoUZmgzI5358Rcym4c41V+B12DAmOZ+e33GuT8tKfPpW81in4TX1cH//pCj0QJBd6TlD3uG6/SZLKdulHRxif+gWOmbpNWgAtGGx1rB3dM5DucryGGXKHG4Ps/bbktJ2kJAAT2Emre+knLK9Dpibn1HREaI0sLldSZeVyRl8dtyGn5CzCrxjXlum9scPT8QBhwmMucdX2Lf6Ns0yL9PGahC29cN4rww7GQCOP8uTagEXL8N8NQiF9Y56P48SudZ4y7ZIfnNc+lXAPQCgVG4M/BDPotRe1K9TrJ5u5ZsOoWf72tMgMFlKK5P16+TutvwVhg3xV6UJNVaU5AsAmHndOvqZ0RQ8Gf/8Q8/SniK6xnUHQOxZqU2U31GqArsjZjsu/QE2Q8jKEHMIw+Hb1PEQM5F/vFg9vDNgIhi7AoAjuRd+iodVvbh6Ly+lPbkkkQkMzi20pO8fJY+bItjdM7zLdLugI4X1C3pMe568LSRvoQaU9Ctp5PyA4j/4Q0zuoaITLM4+7Gf+ufWPoe5+I8O4+uhKDFY7GXQkbYeU2ciibJCL4mRPqd2kaGC4lBNaxmGRBbs0bJxin2AqXpvBbnx2mshxbg/L2fKlR3k+9eNXv4WhBq+ma/QY0z0vtXLDvKOYXVcVQhzxlyEZsWuKLLyTpB6s/4XFvpP65zWJt84ZTH4B23UUOiPVz626W8OZ9/dfS5XR60MW8YZWMsu3RnKgwS5HtEWrG8KojsbkZdfPtzC+m7xRe+BiDeBbXRaeD2YQ1LzRHcpSh6Khot2EzXekYW2Jq9BhbIWNyPxkQNIuWH9P9c8Y5RFg2uPnlAR4vCGtdKMhRHpJd1Wy7yCb9nh5p9KVYzwZ9qPalvNej38SMnmNf7MSben3xxsWPXsKjzrEukVsdRIOZY0VdpzLwePGMGPGDFV8bFjzByXJw7MBZZNusshMT6vT/P6AH39wNkwmozS8MD0rflxiFmMjD3b3KN6fSb8+kVARO2RQBTPbnan7jm1wDmDY1vOtYIqnk0/068DLL7T5NBYXd9naUDgxA2LIdL9+YAVHR7Hi81a8s6exUpFHxwGc7Q3/16/uDaMC5nmGYP0OVs94mOJq7pPBH0WDMTl7oqoK9hcY81YxII9XQZd3YkZ95EXf3qMdRJfUl9jofIY26XY1vVGYvwELxVy7HeAeLNdU7pC9DbF0edKkn3420xkvO2m+chXy4ncYfzqf+1Atk22fnSgn7GUr5nfJGJuFDQQH0VLcOjTcJEf9KRJJ6PqNx99BEG4qmLhRg+vViDrezO5EmYbrTfkKY6UhT4McZQWenJRXTx6c/w0XlHNQGQHCyfTiLECHw+L/53oT6zkPq+DsaneJ6PqNx99BEG4qmLhRg+vVpkapCi7cIwMrTfkKY6UhT4McZQWenJRXTx6c/w0XlHNQGQHCyfTiLECHw+L/53oT288G2naX60qmnA3LXVtale+E2qj39aMQ8u2vwTPbCySmfo87Lk2SvId+oXfnTqNBHzrCDMivOXIYyrLyQQhrqD8W8mts5/BcFq1COFC53lbbXezkEspKd8FqNuXALM0oRIzWohyj3li8SrWSlVhUuFocKdVIBnjstp9SvpyMC41PqtqJvZsRbHqSVxiVfB29ubql8n/Wk/TC+8kQnmZPchrromEDQAjIXEdG4cjeaYO1txL/TdYh8docKdVIBnjsuyy0aubP19puKpi4UYPr1axT+ZaGf6EEvcadjS+kvYAdcotZMGl/MkpEvrVULS0wbJFO+xIjW/adz3FrtPNO6tmA3z7DgjphwvIvtFS2Kt2PjbAmULluayIlpac/y9yDbbITOTreK7ke4FCBO1r8yIBjkRrI1fUzgYlG2XALN5bRP+Az6bn6o37TSsy548Y93Twd4OgsF8I1085oKXRx2RjPeXwu0B5Szz4JpHJGFGQFTNB9jXz/IQuJeS7ZG+tH0WTc9HrRiL03rrY0Wyb23lr9S2uHjg4yu0LtTxP8sz9pYEP30g6Cl3ug2WmCAgEmjo6WjXmNVTn+7BbiSXweYErqCrzGq9sbpineB+JqQgaCpz0qF3Lf4OJkJ47vLBwqlnUqPmsbpUeBW+DXvvOOIQt394FPsT1Znn4c9fPIbU0yrVW0wyNyapQKXp/zm8AK1mVFVBUDw+BDIR44xpDJaQUbf6I/mU3IaT0GGfkhKLmrYR0/9YK/uW47XgpokwmT9yHEvdx2y7UGnN6Gy/7onJM8kPSaTdIr4zxL7rGFnRJZV20z+z7ei+NgPogdaugv2An0jjr41a2gDP5485WYETEjwdB9S8bRyQwqaFLDIdJqeJdAsTKDyKYEKOzn5B5+2DjzZamekQw/mUFGWsRuzzme4wQntS4OmYhyinV1r/RgaDPQrBcdSu3f+yu/ALGLM7yQWIUf9QFu02RWjOUQ0FBaiusKimqCsR6OKWqxlx0ihfK279o03+Xc91uG1FooeHNTfzlNYKEvKxyrDhan2HEo723ecTnUTrodlp0WT+fuj+Fm4uF/QifPIiOt9P6jCEApZrDHMeeKsyETIS8cS59YL9SgxEhRB0jYGOKcdPd1QlCs+rn6shy8AWsLSFiEO00vFDdQbA61YG+6BtcVvC55qPSxWoPKuzY6ccNPWcDjWSyHex1bHsGHHMLoRdHu8dezYKDzVuagRzNIB/orokHjf59TClLKUx/wBssATsA0ztZJ/Dx+MRvrLt3kVdoCgyQOqyEGGx6f+XvohKNtAoecU2cqVu5AYTxd5LjdmAk2dndejzXVzgEieB/C07p9u37uee+cBEbQISkZ/sf2uqH9VjVeiZGbuGDbp1J2ph9e+eWtn3IHsYTQNoN26HUDDdkf4S69KCK3Lgw0DA/Wllw+WPWOk02mMZy+yAaw6q1J1H8S6TlL7yToeJaDVyL7/WnPl0cZCCtuKnG6JACg8bJfv/2wTfJXh5A6ZNCxQM+zHGQarWaX4JwYUKUbqE9GS226PULhdpSbl2HlOXpfzPAolrUgNPObNes2VumYHaMyI60R4XTow+sk/3xGwskBamfbRSnn0AA1beXRgRBPM++ZgSfM5cnbSgkzR0xytEIhR2izlSdjW5SqPawMLuVOrGFSzH9Sp39ukFIRKzKh+TYqQxesPT/gppUE0FLbzdVWHqvfz9AoPC2d1BItqv6XDgt+GykdFLq","sign":""}





/*


{"respCode":"0000","respDesc":"成功","data":{"code":"phHeBy2pwQy7","salt":"vvfTjhraPL","ver":"99","val":"MIIHojCCBoqgAwIBAgIQDLQOc27VcNivx8QAZVfp4TANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTQwMgYDVQQDEytEaWdpQ2VydCBTSEEyIEV4dGVuZGVkIFZhbGlkYXRpb24gU2VydmVyIENBMB4XDTE5MDYxODAwMDAwMFoXDTIxMDczMDEyMDAwMFowggEvMR0wGwYDVQQPDBRQcml2YXRlIE9yZ2FuaXphdGlvbjETMBEGCysGAQQBgjc8AgEDEwJDTjEXMBUGCysGAQQBgjc8AgECDAbkuIrmtbcxJjAkBgsrBgEEAYI3PAIBAQwV6Ieq55Sx6LS45piT6K+V6aqM5Yy6MRswGQYDVQQFExI5MTMxMDExNTc1OTAyNTMwWFExCzAJBgNVBAYTAkNOMREwDwYDVQQHEwhTaGFuZ2hhaTFCMEAGA1UECgw55LiK5rW35rWm5Lic5Y+R5bGV6ZO26KGM6IKh5Lu95pyJ6ZmQ5YWs5Y+45L+h55So5Y2h5Lit5b+DMRgwFgYDVQQLDA/ov5DokKXmioDmnK/pg6gxHTAbBgNVBAMTFG1iYW5rLnNwZGJjY2MuY29tLmNuMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7/YLBeDwgE93jjchQesOQkxl/AsmFEyeppMb2COYPNJpSdvjE3ZOuFC1r/VIHMoSoPSSKHHL/dk9db8Pnu5Dq5R61ygEv2hd1mQcoWmXEebPUdNK6WnhEVMnmFiqVUHX3AjwzTKkCYOsnqW7Fo9UD9vQdfdcZz+WYxk+PjpapnxksiNkHnB03JWfccmYnUavbd10fx9rTVP5ZxQ5mr7FtPYuzWRoGqFuSzwipEnf8uuchRSGqEAnlveEvnwvatP5+zLxvkIHNh1as0olszmHEfuRCZssBmAXDCfqSzWj7e6TPCgQ/b2ZKdA8Di4J6YXnBli7JH/Wn1YFfsUQzu39iQIDAQABo4IDcDCCA2wwHwYDVR0jBBgwFoAUPdNQpdagre7zSmAKZdMh1Pj41g8wHQYDVR0OBBYEFHAE2ESk12B8wgZ1Ef/iJUyRBiDzMB8GA1UdEQQYMBaCFG1iYW5rLnNwZGJjY2MuY29tLmNuMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdQYDVR0fBG4wbDA0oDKgMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NoYTItZXYtc2VydmVyLWcyLmNybDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NoYTItZXYtc2VydmVyLWcyLmNybDBLBgNVHSAERDBCMDcGCWCGSAGG/WwCATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAcGBWeBDAEBMIGIBggrBgEFBQcBAQR8MHowJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBSBggrBgEFBQcwAoZGaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkV4dGVuZGVkVmFsaWRhdGlvblNlcnZlckNBLmNydDAJBgNVHRMEAjAAMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdgDuS723dc5guuFCaR+r4Z5mow9+X7By2IMAxHuJeqj9ywAAAWtpa8/3AAAEAwBHMEUCIQCkhdFd6kOrShUgEClVNcg9xOzZJdn833Qu68MvfUHoVQIgIxic66Swgzi3kKyXheiER+8ZUQKfyb86MWze7SG8ZksAdQBWFAaaL9fC7NP14b1Esj7HRna5vJkRXMDvlJhV1onQ3QAAAWtpa8xBAAAEAwBGMEQCIElyNBx/b4jsXv6l18iBq3CShvmf9m/aV9oz7biJUzh2AiBOerenZlbZnh6a7iti92pJ8NCqXBpjhG2eg6aUT+aVygB3AId1v+dZfPiMQ5lfvfNu/1aNR1Y2/0q1YMG06v9eoIMPAAABa2lrzYoAAAQDAEgwRgIhAJzQUJpEP4NB08bLAk1N/cIO4cKBIasOuGnNb5nj56MkAiEAnGwUXuPFsfl5LwBYt7LcdyHKDj26z37E7B84gXTytxwwDQYJKoZIhvcNAQELBQADggEBAE0IeBB4XvJtslbKHihd0kzw54hafJ4K+TjsOkkHKSGWJCE8rlzwKitKBKJAJbUMG/h+3WoRfBQPTT3zr/qLOHa9sOBoxZPmsbpVrY0bxyIAk+Iq3quMx8/7mCm+NnXxmYsDuT9ldUXAvzvpvrTuLbWDp4YKgMfDrS1dePeyxX0QQH+lrWa0tHuAdPlzmsm5S7WX3HnFkiSRU3/y0hRn295WYHgR6nHSs9u9WC8fCdazZ1aMQoiZVdIXQS/xqd6CND8NmVItwwxvkvKQYaqMgwEJ2kIZqD/q29qZXXGwiIIcAaLwqdXiqMVcVI6v4GbdIZv41Z3++WWq3nc7kJfyBfE=","imgUrl":"","useFlag":"k5gRGdD0uYVW8AfUdIk_p3JyY7ebcrf28VdYZHUM5NYEryeFsIdwhnJ8ELt87zW1","realmFlag":"1"}}


*/

des3_key_first_time: NIR9Zw1MbKrKLIKqT622z6J7
des3_key_part1: 6e47clWDX1hX
des3_key_part2: phHeBy2pwQy7
// 6e47clWDX1hX NIR9Zw1MbKrKLIKqT622z6J7

POST /micrombank/login/send-dynamic-verifi-code.do HTTP/1.1
Host: mbank.spdbccc.com.cn
Token:
Content-Type: application/x-www-form-urlencoded
Content-Length: 684
Accept-Encoding: gzip, deflate
User-Agent: okhttp/3.3.0
Connection: close

key=00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000274B3B5913AC6B6645A21691E510DB3A7E474AF5AD6A82E6774BF901EC0E3ACDACB1B9B38483506A9701A85C5F0500A2EF87D0101A3AA344002E43D5B83F53B4DDF0F698A393844B1283D5B8F5EEC4F26DD9F370CF934166C3C4319723AD3ECF4688E604EAF74221BF7C7E7&sign=A5BA5B01D9C455A82E36D7EFD989710A&data=%252BfwRNOkbim6cPaKl%252FDFHs0myEmZRlIw9ipxlMGF1ZAqcXwplBdSs%252FI9QAhRQYnqA0AvAq%252F8rHp%252Bv4Z7uf0b0hZUJfoSpy1c2HvYYLqOCRzO%252FepghdTJLUpPdUdmiLa4stq6L4CvHgX6EfVRDtkw1k2Nh9WEVxrc4DgQKH%252FaHyYWJsQJOPFByeBaA0%252BMJ0XmIXb85487L07PS%252BoaSOVeeiF%252F%252BDo5tvcQ5USN7jTb8Bis%253D

/*
{"deviceNumber":"","bizType":"01","phoneNo":"13800138003","channel":"01","useFlag":"uF1bl8Fy8yUaP1oI_6K0Z58nhPGMJr2Iu90nnKyuv0CJx-qvmE30m3J8ELt87zW1","version":"6.2.0"}
*/



HTTP/1.1 200 OK
Date: Wed, 17 Nov 2021 14:34:31 GMT
Content-Type: text/plain;charset=utf-8
Content-Length: 227
Connection: close
Server: nginx
X-Via: 1.1 shx225:9 (Cdn Cache Server V2.0), 1.1 ddx38:7 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 619512f7_ddx37_9597-38412

{"result":"fU/Yr4doaiXaZ9rjoOriLYHny5pnhm2sYuCNT/vbgD7hQMgt/aHeDa5BoufzpPWMaumEIzBwvoPkPRdFffUnDd8R5RiJYpyY6dhxQuY0EYJ7F54vPhQP0HMAcCPu9zm8b2jXxTDRx6QeQG/hBVaudObMK9HmLGey7IbXOm2Tg14=","sign":"29A9AF98B80AECC8C1E52FDE89E0F205"}


/*
{"respCode":"0000","respDesc":"尊敬的用户,您的动态码已发送至输入手机尾号8003,请注意查收。"}
*/

参数中的KEY实际上是RSA加密后的结果,但这里e较小,存在漏洞,可以通过低加密指数攻击得到私钥,解密代码:

参考资料:https://blog.csdn.net/qq_38154820/article/details/110102864

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
import gmpy
import libnum
from Crypto.Util import number
import gmpy2
def getd(e,p,q):
    phi = (p - 1) * (q - 1)
    d = gmpy2.invert(e, phi) % phi
    return d
def getm(m):
    return int(m.encode('hex'), 16)
c=0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001621C6CF5B07496C635C82BC4F44B4DF47DFBEFD3ACC7FED524B7E67784AD2702D3F402B6225DAA7716690400830E918C4BC96D2F17C36EA6A61E2DA3BFF108471D82C96CFB8298DE9BAA2F371CD59303836495AF84A8EA71590AC3403C478A2C1A0F51D5D6285E566D7DDB8
n=0xDDDEF88A4C58F5E319381CC8401F7BBBEEFC71B05865140B5473600A4D097372DD793D426520EAFFE17E8D39C84BC38353D04070F56D3AA7BB01EFB6B0627A4DD48A82BAD829EC782FBF62CB07E8726ECCFABF78A3EDF3D85C23C461D4568D2AAC77D210CDDCF50F26E170C28FF967CC860E405902DB6E7CD664EAD5C6A14FD5DADFD2543F3199000B61D9F8FFD01187A78AA0CF6BE9D7EF6C3BD5F5919A6CD2DD4A37FEB9A44D9EEE98A681F652BF1D
e=3
i = 0
while 1:
    if (gmpy.root(c + i * n, 3)[1] == 1):
        m = gmpy.root(c + i * n, 3)[0]
        print libnum.n2s(m)
        print i
        break
    i = i + 1

frida测试代码

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
var HttpUtils = Java.use('com.spdbccc.app.network.utils.HttpUtils')
    HttpUtils.getEncyptKey.implementation = function(){
        var retval = this.getEncyptKey()
        console.log('getEncyptKey: ', retval)
        return retval
    }
    HttpUtils.getHashMap.overload('java.lang.String', 'java.lang.String', 'boolean').implementation = function(arg0, arg1, arg2){
        // var retval = this.getHashMap(arg0, arg1, arg2)
        console.log(arg0, arg1, arg2)
        flag = true
        var retval = this.getHashMap('http://www.baidu.com', '{"deviceNumber":"11111111","telephone":"11111","channel":"01","useFlag":"111-qvmE30m3J8ELt87zW1","version":"6.2.0"}', arg2)
        console.log(retval)
        var keys = retval.keySet();
        var iterator = keys.iterator();
        while (iterator.hasNext()) {
        var k = iterator.next();
            console.log("(key): "+k + " : " +"(value):"+ retval.get(k));
        }
        console.log('==========================')
        var retval = this.getHashMap('http://www.baidu.com', '{"deviceNumber":"222222222","telephone":"222222222222222","channel":"01","useFlag":"111-qvmE30m3J8ELt87zW1","version":"6.2.0"}', arg2)
        console.log(retval)
        var keys = retval.keySet();
        var iterator = keys.iterator();
        while (iterator.hasNext()) {
        var k = iterator.next();
            console.log("(key): "+k + " : " +"(value):"+ retval.get(k));
        }

        return retval
    }

完整请求代码:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
import sys
reload(sys)
sys.setdefaultencoding("utf-8")
import requests
import random
import binascii
import urllib
import hashlib
import base64
import json
from Crypto.Cipher import DES3
import time


def pkcs7padding(text):
    bs = 8
    length = len(text)
    padding_size = length
    padding = bs - padding_size % bs
    padding_text = chr(padding) * padding
    return text + padding_text


def pkcs7unpadding(text):
    length = len(text)
    unpadding = ord(text[length - 1])
    return text[0:length - unpadding]


def get_sign(data, sign_key):
    s = data + sign_key
    return hashlib.md5(s).hexdigest().upper()


def des3_encrypt(key, data):
    cryptor = DES3.new(key, DES3.MODE_ECB)
    data = pkcs7padding(data)
    encrypted = cryptor.encrypt(data)
    return base64.b64encode(encrypted)


def des3_decrypt(key, data):
    cryptor = DES3.new(key, DES3.MODE_ECB)
    data = base64.b64decode(data)
    plain = cryptor.decrypt(data)
    plain = pkcs7unpadding(plain)
    return plain


def rsa_encrypt(x):
    x = int(x, 16)
    n = 0xDDDEF88A4C58F5E319381CC8401F7BBBEEFC71B05865140B5473600A4D097372DD793D426520EAFFE17E8D39C84BC38353D04070F56D3AA7BB01EFB6B0627A4DD48A82BAD829EC782FBF62CB07E8726ECCFABF78A3EDF3D85C23C461D4568D2AAC77D210CDDCF50F26E170C28FF967CC860E405902DB6E7CD664EAD5C6A14FD5DADFD2543F3199000B61D9F8FFD01187A78AA0CF6BE9D7EF6C3BD5F5919A6CD2DD4A37FEB9A44D9EEE98A681F652BF1D
    r = (x ** 3) % n
    hex_str = hex(r)
    hex_str = hex_str.replace('0x', '').replace('L', '').upper()
    length = len(hex_str)
    zeros = '0' * (352 - length)
    return zeros + hex_str


def quote(s):
    r = urllib.quote(s)
    r = r.replace('/', '%2f')
    r = urllib.quote(r)
    return r


def randmonstr(length):
    chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ' * 2
    return ''.join(random.sample(chars, length))


def get_key(proxies={}):
    url = "http://mbank.spdbccc.com.cn/capp-mbank-link/link.do"
    headers = {"Token": "", "Content-Type": "application/x-www-form-urlencoded", "User-Agent": "okhttp/3.3.0"}
    first_key = randmonstr(24)
    des3_key_part1 = randmonstr(12)
    useFlag = randmonstr(64)
    deviceNumber = randmonstr(64)

    d = {"netDeviation": "-165", "sysVersion": "29", "deviceType": "unknown", "ver": "-1", "code": first_key,
         "useFlag": useFlag, "channel": "01", "deviceManufacturer": "unknown", "version": "7.1.1",
         "deviceNumber": deviceNumber}
    req_data = json.dumps(d)

    req_data_enc = des3_encrypt(first_key, req_data)
    req_data_enc_quoted = quote(req_data_enc)
    sign = get_sign(req_data, '')
    first_key_hex = binascii.hexlify(first_key)
    rsa_key = rsa_encrypt(first_key_hex)
    post_data = 'key={rsa_key}&sign={sign}&data={enc_data}'.format(rsa_key=rsa_key, sign=sign,
                                                                   enc_data=req_data_enc_quoted)
    http = requests.post(url, post_data, headers=headers, proxies=proxies, timeout=10)
    resp_json = http.json()
    result = resp_json.get('result')
    resp_data = des3_decrypt(first_key, result)
    logging.info('get_key...')
    logging.info(resp_data)
    resp_data_dict = json.loads(resp_data)
    code = resp_data_dict.get('data', {}).get('code')
    salt = resp_data_dict.get('data', {}).get('salt')
    if code is None:
        print result
        print('error')
        return None, None, None, None, None, None
    return des3_key_part1, first_key, code, salt, useFlag, deviceNumber


def sendcode(key, des3_key, salt, useFlag, deviceNumber, phone, proxies={}):
    url = "http://mbank.spdbccc.com.cn/micrombank/login/send-dynamic-verifi-code.do"
    headers = {"Token": '', "Content-Type": "application/x-www-form-urlencoded", "User-Agent": "okhttp/3.3.0"}
    d = {"deviceNumber": deviceNumber, "bizType": "01", "phoneNo": phone, "channel": "01", "useFlag": useFlag,
         "version": "7.1.1"}
    req_data = json.dumps(d)
    req_data_enc = des3_encrypt(des3_key, req_data)
    req_data_enc_quoted = quote(req_data_enc)
    sign = get_sign(req_data, salt)
    post_data = 'key={rsa_key}&sign={sign}&data={enc_data}'.format(rsa_key=key, sign=sign, enc_data=req_data_enc_quoted)
    http = requests.post(url, post_data, headers=headers, proxies=proxies, timeout=10)
    resp_json = http.json()
    result = resp_json.get('result')
    resp_data = des3_decrypt(des3_key, result)
    print(resp_data)