支付宝抢银行支付活动

支付宝抢银行支付活动

需要实现在淘宝App中使用支付宝进行自动支付以抢一些银行的优惠名额。

支付流程

创建支付订单

image-20221207180210691

请求与响应都使用protobuf序列化。

响应解码数据:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
 cat 7.dump|protoc --decode_raw
1: "0"
9: 1
12: "QUICKPAY@cashier-pay-confirm-flex"
14: "{\"costTitle\":\"\351\234\200\344\273\230\346\254\276\",\"cost\":\"2002.80\",\"helpQuery\":\"&uid=2088202871367592&bizId=trade10001&contextUUID=500--1-C-R-803110e679fa4425a44799c4af307547-2212060132-7593&app=tb&bizOrderId=20221205223150e533394160b43c0000Y05503147592&applyOrderId=202212052231518f13194b835a2b0000Y15503147592\",\"exitConfirmDlg\":{\"rightTxt\":\"\347\273\247\347\273\255\344\273\230\346\254\276\",\"leftTxt\":\"\346\224\276\345\274\203\",\"leftAct\":{\"name\":\"loc:exit\",\"type\":\"submit\"},\"asyncQueryDelay\":0,\"message\":\"\346\230\257\345\220\246\346\224\276\345\274\203\346\234\254\346\254\241\344\273\230\346\254\276\357\274\237\"},\"hidden_logon_id\":\"sev***@foxmail.com\",\"payTool\":\"\345\273\272\350\256\276\351\223\266\350\241\214\344\277\241\347\224\250\345\215\241(5281)\",\"operationPropagate\":{\"asyncQuery\":true,\"asyncQueryDelay\":0,\"action\":\"/propagate/query\",\"asyncParams\":{\"propagateRequestId\":\"2022120522315180f3ecd65e7d7e0000NN7592\"}},\"logon_id\":\"sevencow@foxmail.com\",\"newAccountSwitch\":true,\"costTip\":\"\351\207\221\351\242\235\357\274\2322002.80\345\205\203\",\"micpwdPay\":true,\"channels\":true,\"sloganText\":\"\346\234\254\346\234\215\345\212\241\347\224\261\346\224\257\344\273\230\345\256\235(\344\270\255\345\233\275)\347\275\221\347\273\234\346\212\200\346\234\257\346\234\211\351\231\220\345\205\254\345\217\270\346\217\220\344\276\233\",\"VIData\":\"{\\\"vid\\\":\\\"componentVerify_003ea5b418d41d5742e8546476e40d0959RZ55B_mobile_cashier_payment_N_1\\\",\\\"data\\\":\\\"eyJkYXRhIjoie1wiaXNGaW5kUFBXXCI6dHJ1ZSxcImNsaWVudERlY2lzaW9uQ29uZmlnXCI6e1wiZXh0cmFjdENvbmZpZ1wiOntcImVuYWJsZVwiOmZhbHNlfSxcInByZWRpY3RDb25maWdcIjp7XCJlbmFibGVcIjp0cnVlLFwidmVyc2lvblwiOjEyfSxcInN0cmF0ZWd5Q29uZmlnXCI6e1wiZW5hYmxlXCI6dHJ1ZSxcInZlcnNpb25cIjozNzB9fSxcImlzTmV3TVVJXCI6e1wiTkFUSVZFX1BBWU1FTlRfUEFTU1dPUkRcIjp0cnVlLFwiRlBcIjp0cnVlfSxcImlzU2ltcGxlUFBXXCI6ZmFsc2UsXCJoaWRlRGVjaXNpb25UaXBcIjpcIllcIixcInByZWRhdGFcIjp7XCJiaW9Qcm9kdWN0c1wiOntcIkZQXCI6e1wiY2hhbGxlbmdlXCI6XCJ7XFxcImV4dHNcXFwiOlt7XFxcImRhdGFcXFwiOlxcXCJ7XFxcXFxcXCJjaGFsbGVuZ2VcXFxcXFxcIjpcXFxcXFxcImU3M2U1Y2U1ZDQ5MzgyZDA5NmQ4NjUwOWY3MjA5MjY0XFxcXFxcXCIsXFxcXFxcXCJrZXlJZFxcXFxcXFwiOlxcXFxcXFwiMjA4ODIwMjg3MTM2NzU5MlxcXFxcXFwifVxcXCIsXFxcImlkXFxcIjpcXFwicmVxUGFyYW1cXFwifV0sXFxcImhlYWRlclxcXCI6e1xcXCJhcHBJRFxcXCI6XFxcIkFCQ19JbmNfQWxpcGF5X0lGQUFfU2VydmVyXzAxXFxcIixcXFwiYXV0aFR5cGVcXFwiOjEsXFxcImlwdlxcXCI6e1xcXCJtalxcXCI6MSxcXFwibW5cXFwiOjF9LFxcXCJvcFxcXCI6XFxcIkF1dGhcXFwiLFxcXCJvcFR5cGVcXFwiOlxcXCJSZXF1ZXN0XFxcIn0sXFxcInNpZ25lZERhdGFcXFwiOntcXFwiaWRlbnRpZnlEYXRhXFxcIjpcXFwiQlFCN0F3V0FCQUFDQUFBQUJvQVhBZ0VBQUFBQ0FBQUFBQUVBQUltUnd3LUhHZS1fN0ZhMkZETnYyV3U5eUFZSk9rS2tkczBCSmdaRV9vaGNXY252RXVyZExmTjNxZzN5bFdBSUt0ZDFQSmFmMW1MWTVLaWlFcllCZUNwVmdrOTJUWkVBb2tLMmpqRHd0bHhhWEQyenNKTzV5d2Fxd0NsZkRzSktJOHEtRmZGa21LMzYxWWZ0Y2xzRDdMUzJSUDRjTlEtSnFxWHdNU3F3Sk14Q3BVR09uZXVSc2c3ejI0NGxHX1Z5TmFsQm9wRVRvVTEwNUtOS2JLYUQ3OGx4Sm91cGdWaHpfdkVoSURWaWdDMV9zMUNfYW9VTE9BeXBwTldYY1NROF9XNTNBUVBiR3AxYm9fb1ZyVnA0elUxVHJlMkJJRXFOSWozOXVJNXFFMEhiNmVLb0tIaGM4V3BlZ3htMERmWDRfaWVRcjcwbHBvbUVzYm5jNVo0QU9DY0RBQUFBQVFBQkFBRUFBRWRlelVxWkQ3aWJ1bGQ2X3ZqbzhORFJqUVFyeldxbW56N0g1YV8zQTFzUGNRM1RBd0lKSEtqYzYybmhmVWxmano3N0xLSG52Z1RQZ3Z5MksxZVVTQXhkeDRucGJzR1FrN1o4SjVQbUxYN0RBNlo3dkRrRFZhMV9EalBta3JiVFpUWnc4dkxMMHpGLVd6dWFQTDhWM1BQNUlNM1k4VzNkS2xEVURudkFLbFdzbjNvcWFWVHktaDFjd3VZbVd5aE1YT3BpNzN2dkk1ZVN2UXNUVzF0aU1Zc2RiNWRaTzhZb0o2eEM4M1h0YktPd2p1c3c4Qk9qREdiSW1uUEZNS0pIMTlyYnZ5ODZ4U2Z2MnVMS2Y0Q0V0bnJvWHB2WHQwQktWdDdTMFk3bUhVQjFuNEZkV1VQZzBKajdtNW9sc0JKMUJDRXowZHQ0RnpYZ3BmMkVUVTY0ZW5FSWdBUUFBd0FBQUFlQUFBRmlFQ1BicG5SZ21lSVoxdlBYQnA1SHlscXkyNjJ6emxka1FJTWdaQWRnWDgxQXRXM042X3NpdWVPSEduRGZKajVsX1h0dGl6YWMxLVg4ZS1JYU1Ic1NPNTBVNVExZUgwUHp4eDd2R2RkZkhOdW5fRjNBNDh5dnZUTU5XSlp2LTZWWTM4ZlVEWWRIRWVSTVI2eEYzOGtiV29GQnV1bUxlYTZXbkhYZnZ2VlRwdnl0eU5kUWlKOW8wVnNKb2ZxMXVnUE9hTnFUVG9ZSlRCYTVFcDBTR2d0T1lkYnJZTjJnN3BMQ1p4cEc1dkpZNkJmZFk4UmY1WVZyUGtJMXl3VVhDY1U5WG9ZUGM5LWJfb2pUOHVaY01LN1VrQlo4blBJOEJNbl9HOElvaHRFM282WnlVcUl5dkdUT0RvMktybk5mMTNXQndlRG94ekVZcTJDdV9TOHVubXcxQmdCSUFBR0FJQUJsTnpObE5XTmxOV1EwT1RNNE1tUXdPVFprT0RZMU1EbG1Oekl3T1RJMk5BS0FFQUF5TURnNE1qQXlPRGN4TXpZM05Ua3lENEFFQUFFQUFBQVJnQVFBWUFBQUFBXFxcIixcXFwic2NoZW1lXFxcIjpcXFwiSUZBRlYxVExWXFxcIn19XCIsXCJVU0VSX0lEXCI6XCIyMDg4MjAyODcxMzY3NTkyXCIsXCJ0eXBlXCI6XCJGUFwiLFwibWF4RmFpbFRpbWVzXCI6M319LFwiYmlvVHlwZXNcIjpcIltcXFwiRlBcXFwiXVwiLFwibXVsdGlCaW9cIjp0cnVlfSxcInVzZXJJZFwiOlwiMjA4ODIwMjg3MTM2NzU5MlwiLFwic2hvd0ZpbmRQd2RcIjpcIk5cIixcIm1jU2FsZXNQcm9kXCI6XCJcIixcIm1jQml6SWRcIjpcInRyYWRlMTAwMDFcIixcImNsb3VkRGVjaXNpb25cIjpcIntcXFwidV9mcHN3aXRjaF9ydFxcXCI6XFxcIjAuMFxcXCIsXFxcImRfZmFjZXN1Y1xcXCI6XFxcIjAuMTUxOTI1ODc2MDg3ODI2NDZcXFwiLFxcXCJ1X2ZhY2VzdWNfY250XFxcIjpcXFwiMFxcXCIsXFxcImxhc3RwYXlfcHJvZFxcXCI6XFxcImZwXFxcIixcXFwidV9mYWNlaWRjYWxsZWRcXFwiOjAuMCxcXFwiZmFjZWlkX3Njb3JlXFxcIjo3LjM0NixcXFwiZnBfc2NvcmVcXFwiOjcuMDY0OTk5OTk5OTk5OTk5NSxcXFwidV9mYWNlaWRzd2l0Y2hcXFwiOlxcXCIwXFxcIixcXFwidV9mcHN1Y19ydFxcXCI6XFxcIjAuOTI1OTI1OTI1OTI1OTI1OVxcXCIsXFxcInVfZnBjYWxsZWRcXFwiOjI3LjAsXFxcInVfcHdkc3VjX2NudFxcXCI6XFxcIjBcXFwiLFxcXCJwYXl0aW1lX2hyc1xcXCI6XFxcIjIyXFxcIixcXFwidV96ZmFjZWNhbGxlZFxcXCI6MC4wLFxcXCJ1X2Zwc3VjX2NudFxcXCI6XFxcIjI1XFxcIixcXFwidGFvYmFvX3Njb3JlXFxcIjpcXFwiMC4zMjMzNjYzN1xcXCIsXFxcImxvd2VuZFxcXCI6XFxcIjBcXFwiLFxcXCJwd2Rfc2NvcmVcXFwiOi0yLjg3MSxcXFwiemZhY2Vfc2NvcmVcXFwiOjAuNDI0OTk5OTk5OTk5OTk5OTN9XCIsXCJmb3Jnb3QyVmVyaWZ5XCI6XCJOXCIsXCJtYmlvVHlwZXNcIjpcIltcXFwiRlBcXFwiXVwiLFwiaXNFeGlzdFBQV1wiOnRydWUsXCJpbnRlbGxpZ2VudEVuYWJsZVwiOnRydWUsXCJ0aW1lc3RhbXBcIjpcIjE2NzAyNTA3MTE1MzNcIn0iLCJleHRJbmZvIjp7ImNvcmVQcm9kQ29kZSI6ImZpbmdlcnByaW50UGF5In0sImZpbmlzaCI6ZmFsc2UsIm5leHRTdGVwIjoiUEFZTUVOVF9QQVNTV09SRF9QTFVTIiwic3VjY2VzcyI6dHJ1ZSwidG9rZW4iOiIzOWE3M2YwNjEzYmJjOWM1MmFjM2YyNWRjYWMyY2QwZDU5Ulo1NUIifQ==\\\"}\",\"originalCost\":\"2004.00\",\"payToolLogo\":\"https://pic.alipayobjects.com/oss-fix/i/mobileapp/png/201410/3jU228X11B.png_fix.png_[pixelWidth]x.png\",\"detail\":[{\"price\":\"\302\245 2004.00\",\"info\":\"\350\256\242\345\215\225\351\207\221\351\242\235\"},{\"price\":\"-\302\245 1.20\",\"discount\":true,\"isDiscount\":true,\"info\":\"\347\276\216\345\233\275\350\277\220\351\200\232\345\215\241\347\253\213\345\207\217\"}],\"payRetrieveOnce\":\"false\",\"spmObj\":{\"instId\":\"CCB\",\"tradeNo\":\"2022120522001167591446486770\",\"bizIdentity\":\"trade10001\",\"channelType\":\"EXPRESS_CC\",\"bizPdCode\":\"MC510301000000000001\"},\"account\":\"sev***@foxmail.com\",\"viPwdTpl\":\"{\\\"format\\\":\\\"JSON\\\",\\\"gray\\\":false,\\\"needRes\\\":false,\\\"platform\\\":\\\"common\\\",\\\"publishVersion\\\":\\\"150924\\\",\\\"requireTime\\\":\\\"0302\\\",\\\"tag\\\":\\\"QUICKPAY\\\",\\\"time\\\":\\\"0302\\\",\\\"tplHash\\\":\\\"ef792502402c0878f6865461a1a295e7\\\",\\\"tplId\\\":\\\"QUICKPAY@cashier-pwd-check-flex\\\",\\\"tplUrl\\\":\\\"https://gw.alipayobjects.com/os/mobiletms/dFwRIaupYyMRSLsDWFWr.json\\\",\\\"tplVersion\\\":\\\"5.3.7\\\",\\\"userId\\\":\\\"2088202871367592\\\"} \"}"
15: 753
16: 1
20: "RZ55v9NuTTbXYiYGyhT1ZEYa24M73zmobilecashierRZ55"
26: "2088202871367592"
28: "{\"clientLogData\":{\"bizNo\":\"2022120522001167591446486770\",\"bizType\":\"trade\",\"service\":\"mobile.securitypay.pay\",\"outTradeNo\":\"T200P3071476910618371952\",\"bizIdentity\":\"trade10001\",\"partnerId\":\"PARTNER_TAOBAO_ORDER\",\"cashierOrderId\":\"20221205223150e533394160b43c0000Y05503147592\"},\"buildChannelGroups\":true}"
29 {
  3: "150924"
  5: "1083"
  7 {
    6: 0x312e342e
  }
  8: "{\"userId\":\"2088202871367592\",\"needRes\":false,\"requireTime\":\"1076\",\"tplUrl\":\"https://gw.alipayobjects.com/os/mobiletms/hVRjsqlDoipSJzoBRCYJ.json\",\"gray\":false,\"tplHash\":\"51e4b09314ff4bb50c3f587290db78fd\"}"
}

解码后出现一堆套娃般的JSON…

其中一段较长的Base64数据解码后:

1
2
3
4
5
6
7
8
9
10
{
    "data":"{"isFindPPW":true,"clientDecisionConfig":{"extractConfig":{"enable":false},"predictConfig":{"enable":true,"version":12},"strategyConfig":{"enable":true,"version":370}},"isNewMUI":{"NATIVE_PAYMENT_PASSWORD":true,"FP":true},"isSimplePPW":false,"hideDecisionTip":"Y","predata":{"bioProducts":{"FP":{"challenge":"{\"exts\":[{\"data\":\"{\\\"challenge\\\":\\\"e73e5ce5d49382d096d86509f7209264\\\",\\\"keyId\\\":\\\"2088202871367592\\\"}\",\"id\":\"reqParam\"}],\"header\":{\"appID\":\"ABC_Inc_Alipay_IFAA_Server_01\",\"authType\":1,\"ipv\":{\"mj\":1,\"mn\":1},\"op\":\"Auth\",\"opType\":\"Request\"},\"signedData\":{\"identifyData\":\"BQB7AwWABAACAAAABoAXAgEAAAACAAAAAAEAAImRww-HGe-_7Fa2FDNv2Wu9yAYJOkKkds0BJgZE_ohcWcnvEurdLfN3qg3ylWAIKtd1PJaf1mLY5KiiErYBeCpVgk92TZEAokK2jjDwtlxaXD2zsJO5ywaqwClfDsJKI8q-FfFkmK361YftclsD7LS2RP4cNQ-JqqXwMSqwJMxCpUGOneuRsg7z244lG_VyNalBopEToU105KNKbKaD78lxJoupgVhz_vEhIDVigC1_s1C_aoULOAyppNWXcSQ8_W53AQPbGp1bo_oVrVp4zU1Tre2BIEqNIj39uI5qE0Hb6eKoKHhc8Wpegxm0DfX4_ieQr70lpomEsbnc5Z4AOCcDAAAAAQABAAEAAEdezUqZD7ibuld6_vjo8NDRjQQrzWqmnz7H5a_3A1sPcQ3TAwIJHKjc62nhfUlfjz77LKHnvgTPgvy2K1eUSAxdx4npbsGQk7Z8J5PmLX7DA6Z7vDkDVa1_DjPmkrbTZTZw8vLL0zF-WzuaPL8V3PP5IM3Y8W3dKlDUDnvAKlWsn3oqaVTy-h1cwuYmWyhMXOpi73vvI5eSvQsTW1tiMYsdb5dZO8YoJ6xC83XtbKOwjusw8BOjDGbImnPFMKJH19rbvy86xSfv2uLKf4CEtnroXpvXt0BKVt7S0Y7mHUB1n4FdWUPg0Jj7m5olsBJ1BCEz0dt4FzXgpf2ETU64enEIgAQAAwAAAAeAAAFiECPbpnRgmeIZ1vPXBp5Hylqy262zzldkQIMgZAdgX81AtW3N6_siueOHGnDfJj5l_Xttizac1-X8e-IaMHsSO50U5Q1eH0Pzxx7vGddfHNun_F3A48yvvTMNWJZv-6VY38fUDYdHEeRMR6xF38kbWoFBuumLea6WnHXfvvVTpvytyNdQiJ9o0VsJofq1ugPOaNqTToYJTBa5Ep0SGgtOYdbrYN2g7pLCZxpG5vJY6BfdY8Rf5YVrPkI1ywUXCcU9XoYPc9-b_ojT8uZcMK7UkBZ8nPI8BMn_G8IohtE3o6ZyUqIyvGTODo2KrnNf13WBweDoxzEYq2Cu_S8unmw1BgBIAAGAIABlNzNlNWNlNWQ0OTM4MmQwOTZkODY1MDlmNzIwOTI2NAKAEAAyMDg4MjAyODcxMzY3NTkyD4AEAAEAAAARgAQAYAAAAA\",\"scheme\":\"IFAFV1TLV\"}}","USER_ID":"2088202871367592","type":"FP","maxFailTimes":3}},"bioTypes":"[\"FP\"]","multiBio":true},"userId":"2088202871367592","showFindPwd":"N","mcSalesProd":"","mcBizId":"trade10001","cloudDecision":"{\"u_fpswitch_rt\":\"0.0\",\"d_facesuc\":\"0.15192587608782646\",\"u_facesuc_cnt\":\"0\",\"lastpay_prod\":\"fp\",\"u_faceidcalled\":0.0,\"faceid_score\":7.346,\"fp_score\":7.0649999999999995,\"u_faceidswitch\":\"0\",\"u_fpsuc_rt\":\"0.9259259259259259\",\"u_fpcalled\":27.0,\"u_pwdsuc_cnt\":\"0\",\"paytime_hrs\":\"22\",\"u_zfacecalled\":0.0,\"u_fpsuc_cnt\":\"25\",\"taobao_score\":\"0.32336637\",\"lowend\":\"0\",\"pwd_score\":-2.871,\"zface_score\":0.42499999999999993}","forgot2Verify":"N","mbioTypes":"[\"FP\"]","isExistPPW":true,"intelligentEnable":true,"timestamp":"1670250711533"}",
    "extInfo":{
        "coreProdCode":"fingerprintPay"
    },
    "finish":false,
    "nextStep":"PAYMENT_PASSWORD_PLUS",
    "success":true,
    "token":"39a73f0613bbc9c52ac3f25dcac2cd0d59RZ55B"
}

data:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
{
    "isFindPPW":true,
    "clientDecisionConfig":{
        "extractConfig":{
            "enable":false
        },
        "predictConfig":{
            "enable":true,
            "version":12
        },
        "strategyConfig":{
            "enable":true,
            "version":370
        }
    },
    "isNewMUI":{
        "NATIVE_PAYMENT_PASSWORD":true,
        "FP":true
    },
    "isSimplePPW":false,
    "hideDecisionTip":"Y",
    "predata":{
        "bioProducts":{
            "FP":{
                "challenge":"{"exts":[{"data":"{\"challenge\":\"e73e5ce5d49382d096d86509f7209264\",\"keyId\":\"2088202871367592\"}","id":"reqParam"}],"header":{"appID":"ABC_Inc_Alipay_IFAA_Server_01","authType":1,"ipv":{"mj":1,"mn":1},"op":"Auth","opType":"Request"},"signedData":{"identifyData":"BQB7AwWABAACAAAABoAXAgEAAAACAAAAAAEAAImRww-HGe-_7Fa2FDNv2Wu9yAYJOkKkds0BJgZE_ohcWcnvEurdLfN3qg3ylWAIKtd1PJaf1mLY5KiiErYBeCpVgk92TZEAokK2jjDwtlxaXD2zsJO5ywaqwClfDsJKI8q-FfFkmK361YftclsD7LS2RP4cNQ-JqqXwMSqwJMxCpUGOneuRsg7z244lG_VyNalBopEToU105KNKbKaD78lxJoupgVhz_vEhIDVigC1_s1C_aoULOAyppNWXcSQ8_W53AQPbGp1bo_oVrVp4zU1Tre2BIEqNIj39uI5qE0Hb6eKoKHhc8Wpegxm0DfX4_ieQr70lpomEsbnc5Z4AOCcDAAAAAQABAAEAAEdezUqZD7ibuld6_vjo8NDRjQQrzWqmnz7H5a_3A1sPcQ3TAwIJHKjc62nhfUlfjz77LKHnvgTPgvy2K1eUSAxdx4npbsGQk7Z8J5PmLX7DA6Z7vDkDVa1_DjPmkrbTZTZw8vLL0zF-WzuaPL8V3PP5IM3Y8W3dKlDUDnvAKlWsn3oqaVTy-h1cwuYmWyhMXOpi73vvI5eSvQsTW1tiMYsdb5dZO8YoJ6xC83XtbKOwjusw8BOjDGbImnPFMKJH19rbvy86xSfv2uLKf4CEtnroXpvXt0BKVt7S0Y7mHUB1n4FdWUPg0Jj7m5olsBJ1BCEz0dt4FzXgpf2ETU64enEIgAQAAwAAAAeAAAFiECPbpnRgmeIZ1vPXBp5Hylqy262zzldkQIMgZAdgX81AtW3N6_siueOHGnDfJj5l_Xttizac1-X8e-IaMHsSO50U5Q1eH0Pzxx7vGddfHNun_F3A48yvvTMNWJZv-6VY38fUDYdHEeRMR6xF38kbWoFBuumLea6WnHXfvvVTpvytyNdQiJ9o0VsJofq1ugPOaNqTToYJTBa5Ep0SGgtOYdbrYN2g7pLCZxpG5vJY6BfdY8Rf5YVrPkI1ywUXCcU9XoYPc9-b_ojT8uZcMK7UkBZ8nPI8BMn_G8IohtE3o6ZyUqIyvGTODo2KrnNf13WBweDoxzEYq2Cu_S8unmw1BgBIAAGAIABlNzNlNWNlNWQ0OTM4MmQwOTZkODY1MDlmNzIwOTI2NAKAEAAyMDg4MjAyODcxMzY3NTkyD4AEAAEAAAARgAQAYAAAAA","scheme":"IFAFV1TLV"}}",
                "USER_ID":"2088202871367592",
                "type":"FP",
                "maxFailTimes":3
            }
        },
        "bioTypes":"["FP"]",
        "multiBio":true
    },
    "userId":"2088202871367592",
    "showFindPwd":"N",
    "mcSalesProd":"",
    "mcBizId":"trade10001",
    "cloudDecision":"{"u_fpswitch_rt":"0.0","d_facesuc":"0.15192587608782646","u_facesuc_cnt":"0","lastpay_prod":"fp","u_faceidcalled":0.0,"faceid_score":7.346,"fp_score":7.0649999999999995,"u_faceidswitch":"0","u_fpsuc_rt":"0.9259259259259259","u_fpcalled":27.0,"u_pwdsuc_cnt":"0","paytime_hrs":"22","u_zfacecalled":0.0,"u_fpsuc_cnt":"25","taobao_score":"0.32336637","lowend":"0","pwd_score":-2.871,"zface_score":0.42499999999999993}",
    "forgot2Verify":"N",
    "mbioTypes":"["FP"]",
    "isExistPPW":true,
    "intelligentEnable":true,
    "timestamp":"1670250711533"
}

challenge: 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
{
    "exts":[
        {
            "data":"{"challenge":"e73e5ce5d49382d096d86509f7209264","keyId":"2088202871367592"}",
            "id":"reqParam"
        }
    ],
    "header":{
        "appID":"ABC_Inc_Alipay_IFAA_Server_01",
        "authType":1,
        "ipv":{
            "mj":1,
            "mn":1
        },
        "op":"Auth",
        "opType":"Request"
    },
    "signedData":{
        "identifyData":"BQB7AwWABAACAAAABoAXAgEAAAACAAAAAAEAAImRww-HGe-_7Fa2FDNv2Wu9yAYJOkKkds0BJgZE_ohcWcnvEurdLfN3qg3ylWAIKtd1PJaf1mLY5KiiErYBeCpVgk92TZEAokK2jjDwtlxaXD2zsJO5ywaqwClfDsJKI8q-FfFkmK361YftclsD7LS2RP4cNQ-JqqXwMSqwJMxCpUGOneuRsg7z244lG_VyNalBopEToU105KNKbKaD78lxJoupgVhz_vEhIDVigC1_s1C_aoULOAyppNWXcSQ8_W53AQPbGp1bo_oVrVp4zU1Tre2BIEqNIj39uI5qE0Hb6eKoKHhc8Wpegxm0DfX4_ieQr70lpomEsbnc5Z4AOCcDAAAAAQABAAEAAEdezUqZD7ibuld6_vjo8NDRjQQrzWqmnz7H5a_3A1sPcQ3TAwIJHKjc62nhfUlfjz77LKHnvgTPgvy2K1eUSAxdx4npbsGQk7Z8J5PmLX7DA6Z7vDkDVa1_DjPmkrbTZTZw8vLL0zF-WzuaPL8V3PP5IM3Y8W3dKlDUDnvAKlWsn3oqaVTy-h1cwuYmWyhMXOpi73vvI5eSvQsTW1tiMYsdb5dZO8YoJ6xC83XtbKOwjusw8BOjDGbImnPFMKJH19rbvy86xSfv2uLKf4CEtnroXpvXt0BKVt7S0Y7mHUB1n4FdWUPg0Jj7m5olsBJ1BCEz0dt4FzXgpf2ETU64enEIgAQAAwAAAAeAAAFiECPbpnRgmeIZ1vPXBp5Hylqy262zzldkQIMgZAdgX81AtW3N6_siueOHGnDfJj5l_Xttizac1-X8e-IaMHsSO50U5Q1eH0Pzxx7vGddfHNun_F3A48yvvTMNWJZv-6VY38fUDYdHEeRMR6xF38kbWoFBuumLea6WnHXfvvVTpvytyNdQiJ9o0VsJofq1ugPOaNqTToYJTBa5Ep0SGgtOYdbrYN2g7pLCZxpG5vJY6BfdY8Rf5YVrPkI1ywUXCcU9XoYPc9-b_ojT8uZcMK7UkBZ8nPI8BMn_G8IohtE3o6ZyUqIyvGTODo2KrnNf13WBweDoxzEYq2Cu_S8unmw1BgBIAAGAIABlNzNlNWNlNWQ0OTM4MmQwOTZkODY1MDlmNzIwOTI2NAKAEAAyMDg4MjAyODcxMzY3NTkyD4AEAAEAAAARgAQAYAAAAA",
        "scheme":"IFAFV1TLV"
    }
}

根据支付宝的设置,如果开通了指纹支付,就可以使用指纹+密码支付。如果没有开通指纹支付,只能使用密码。

这一步返回的信息中,其中比较关键的有vid,token,identifyData,timestamp

指纹支付

将响应中的参数identifyData签名后发送到服务器进行验证。

签名调用的方法:

1
com.alipay.security.mobile.alipayauthenticatorservice.fingerprint.ta.TAInterationV1.sendCommandAndData(android.content.Context, int, byte[]) : com.alipay.security.mobile.alipayauthenticatorservice.message.Result

image-20221208154930920

指纹支付似乎不仅依赖identifyData这个参数,也许和challenge有关,做过一些尝试,比如尝试拦截正常生成的签名信息,在脚本中”重放”,偶尔能成功,偶尔失败,并未找到根本原因。

指纹支付这个流程需要仔细研究下IFFA(比如《IFAA本地免密技术规范(TIFAA 0001-2016).pdf》)

密码支付

使用RSA公钥将用户输入的密码+响应中的timestamp进行加密,发送到服务器验证码密码是否正确。

支付宝的支付密码一般是6位数字,支付宝(淘宝)商家的支付密码可以设置超过6位的字符(英文、数字、字符),调用加密的方法不同,但实际效果是一样的。

1
2
3
4
5
6
7
8
var RsaUtils = Java.use("com.alipay.mobile.verifyidentity.module.password.pay.customized.utils.RsaUtils");
RsaUtils.encryptAlpay.overload('java.lang.String', 'java.lang.String').implementation = function(arg_0, arg_1) {
    console.log("RsaUtils->encryptAlpay (argType: java.lang.String): " + arg_0);
    console.log("RsaUtils->encryptAlpay (argType: java.lang.String): " + arg_1);
    var retval = this.encryptAlpay(arg_0, arg_1)
    console.log("RsaUtils->encryptAlpay (retType: java.lang.String): " + retval)
    return retval;
}

image-20221208155425043

其他

支付宝抓包

之前都是hook 签名函数,可以获取到请求体的内容,但需要手动去复制、解码,不方便重放。

这次尝试了新方法:将原来支付宝API地址替换成代理Burp的代理地址(将https替换成http,地址改为抓包电脑的地址),burp设置一下重定向。

image-20221208160232536

淘宝抓包

抢优惠时需要先发数据包到淘宝服务器,获取订单签名信息,否则拿之前的签名信息请求支付宝,不会出新的优惠。

好在网上一搜就发现了淘宝抓包的方法:

1
2
3
4
var SwitchConfig = Java.use('mtopsdk.mtop.global.SwitchConfig');
SwitchConfig.isGlobalSpdySwitchOpen.overload().implementation = function () {
    return false
}