成都银行微银行小程序加密及签名算法

成都银行微银行小程序加密及签名算法

加密及签名算法

加密使用了SM4, 签名使用SM3。
SM4加解密的密钥是固定值。

1
2
3
4
5
6
7
8
9
10
11
const h = "c7f257b248563df6326769cc6c43a6af"
, f = "00bec4b971def04147c51f1d9ae91f0415009bb0c1c736641dcb2b4523af1a3098"
, a = "04570cb7ed9c676aceb8f11ba06f736a729dbaad96a7cd66b484f92b460884fd053f7cef9e403e71d159a6a44e9d5194db8850e830962029c24987be981438ebbf";
var c = function(t) {
    let e = s.sm4.encrypt(t, h, {
        iv: h,
        mode: "cbc",
        padding: "pkcs#5"
    });
    return d(e)
}

image-20230603102323843

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
def get_sign(data):
    hash_hex = sm3.sm3_hash(func.bytes_to_list(data.encode()))
    data = binascii.unhexlify(hash_hex)
    return base64.b64encode(data).decode()

def encrypt(data):
    key = binascii.unhexlify('c7f257b248563df6326769cc6c43a6af')
    iv = binascii.unhexlify('c7f257b248563df6326769cc6c43a6af')    
    crypt_sm4 = CryptSM4()
    crypt_sm4.set_key(key, SM4_ENCRYPT)
    encrypted = crypt_sm4.crypt_cbc(iv, data.encode())
    return base64.b64encode(encrypted).decode()   

data = '{"body":{"activ_id":"AC861688779535048704"},"timestamp":1685758739046,"nonce":"58739046"}'
print('sign:', get_sign(data))
print('data:', encrypt(data))

'''
# output
sign: cbXReQpjToXVilj3LQfZQlrV5HFRrf1jn63V06vXUwk=

data: eUhNzC1ZLpRdK6ink5rE0rP0nn0TcmiKsEZ/Lf0vLxaOB1Ci+WpvOhHnJPYaIFVuNmQrziKmEmjDP9q5KFVGUci5wDCNdHgfwWF3Hv2EXmjgfvCNbR6yAMeFAZgNWrFv
'''

抢券请求

1
2
3
4
5
6
7
8
9
10
11
12
13
14
POST /mkt/web-api/v1/coupon-center/get-coupon HTTP/1.1
Host: ad.mkt.bocd.com.cn
Content-Type: application/json;charset=UTF-8
Origin: https://ad.mkt.bocd.com.cn
MACTOKEN: Bearer eyJhbGciOiJIUzUxMiIsInppcCI6IkRFRiJ9.eNocjMsKwjAQRf9l1g3kMUmT7lwoKhZBFN1JSEZbBZtFxGrpv1vK3Z1zuAP4d26gGqBL9NpEqKBb7s5Xva-TFrLMp8XqsG3uz-_l-FvXUIBPac4-PaFyZK2SQRhJ6GAs4JHbyXlnA3GMLEorGCrtmC3RMBQ3J0wImnOarlqfoRLG6nIaxwKoTzMwykjFcfwDAAD__w.-GBe99gsGjBUKfzReXT8aVLVkJWGTgR60YblTQ5esISlL26leZI-HGVuquxmILjYjh9uCBIU9gYvcSa-PD00Mg
Accept-Encoding: gzip, deflate
Connection: close
Accept: application/json, text/plain, */*
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 15_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 MicroMessenger/8.0.28(0x18001c2e) NetType/WIFI Language/zh_CN miniProgram/wxe439e8832c162e49
Referer: https://ad.mkt.bocd.com.cn/mkt/activ/2023/coupon-center/detail?activId=AC861687358211252224&couponId=CC861360088521793536&batchDate=20230603
Content-Length: 237
Accept-Language: zh-CN,zh-Hans;q=0.9

{"data":"eUhNzC1ZLpRdK6ink5rE0ka0Pvd7zPD4sJjXibz+06NEUk3QGEd+pZwqZbeoAL7vry4BVokCLDvny98QPoX/VLrQoVXSefXpGf8A6rCddBtqoVgbNCIY5+2QSrtjQ9k05MD5VCzCxBag3cBoGTGGnLrwlgucGpw3fNIxrvGDAKo=","sign":"AYE5PMzWpXF6WjYKE1Bp41BDBGKEw0lOGsi1wel+0pw="}

请求体解密后:

1
{"body":{"activ_id":"AC861687358211252224","coupon_id":"CC861360088521793536"},"timestamp":1685757515254,"nonce":"57515254"}