精易论坛

标题: 小Hei鱼APP解密sign算法 [打印本页]

作者: Lunction    时间: 2019-3-5 09:59
标题: 小Hei鱼APP解密sign算法
1、发送验证码
POST /tnp/app/member/sendSMSCode HTTP/1.1
sid: 730155c7-eb06-466d-9499-ec021d2ff1d0
User-Agent: BFApp/3.4.1/Dalvik/2.1.0 (Linux; U; Android 6.0; Nexus 5 Build/MRA58K)
X-Trace-ID: ebe82e98-cfeb-400f-8c3e-faf0577cee9f
sessionid:
host:  
Content-Type: application/json; charset=UTF-8
Content-Length: 1345
Connection: Keep-Alive
Accept-Encoding: gzip

{
  "baseParams": {
    "appType": "2",
    "appVersion": "3.4.1",
    "brand": "google",
    "cId": "3c86a0c9a8a2a098fced22f3e5ee6025",
    "cpuABI": "armeabi-v7a",
    "device": "hammerhead",
    "deviceIdSm": "a32805d44913e84b",
    "deviceIdXhy": "201903042217046tmrr3e13vydpooy3d4b6t0q0hchf4qr66c20ddede1f4ce1830c9e36a0516739a57a45ede2821f0bc7f505af98d38e0530yucdiler8jxfudwqffrc7vitkcwznv1",
    "deviceName": "Nexus 5",
    "deviceToken": "",
    "deviceType": "APP",
    "displayrom": "MRA58K",
    "fingerPrint": "ro2f0-sN4lhaXKx7c-PfD8drecksokRBQavND6qgb5aPXl4HMmm0y3hMizZw7TuXXPjK-imd1xS1D0cTO8xqn1fFuqJTWhmStb04zI-b_Z1lbS62w8m9reKO62tyY2hudvpyr5WGa2Gep8KfYx1ys-iyVdveYY0v",
    "hardware": "hammerhead",
    "locateAddress": "未知",
    "locateCity": "未知",
    "locateDistrict": "未知",
    "locationProvince": "未知",
    "majorAppVersion": "3.4.1",
    "manufacturer": "LGE",
    "network": "WIFI",
    "networkOperator": "unknown",
    "pValue": "01002200001900000",
    "pValueNo": "01002200001900000",
    "platformId": "android",
    "position": {
      "lat": "0.0",
      "lon": "0.0"
    },
    "screenResolution": "1080,1776",
    "serial": "0663654df0db2ddf",
    "tencentMac": "",
    "termId": "359125051738526",
    "termModel": "android-build Nexus 5",
    "termSysVersion": "6.0",
    "wifiMac": "d0:76:e7:4a:07:53",
    "wifiSsid": "powerC"
  },
  "bizParams": {
    "forceLogin": 0,
    "phoneNum": "13247741888",
    "templateId": 0,
    "type": 100,
    "userPhone": ""
  },
  "phoneNumber": "",
  "sign": "484f42f00818716494d056d277deaac0",
  "timestamp": "1551709877238",
  "token": ""
}

md5:
forceLogin=0&phoneNum=13247741888&templateId=0&timestamp=1551709877238&type=100@qpzm6%$#@!~
结果=>484f42f00818716494d056d277deaac0


HTTP/1.1 200
Date: Mon, 04 Mar 2019 14:31:17 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 30
Connection: keep-alive
Server: Poseidon

{
  "errorCode": 0,
  "success": true
}



2、检测验证码
POST /tnp/app/member/extension/checkSMSCode HTTP/1.1
sid: d963037a-f60a-4a4e-8921-bbb0a6a3e640
User-Agent: BFApp/3.4.1/Dalvik/2.1.0 (Linux; U; Android 6.0; Nexus 5 Build/MRA58K)
X-Trace-ID: 207b4656-7377-4344-829a-3b885ba5b0af
sessionid:
host:  
Content-Type: application/json; charset=UTF-8
Content-Length: 1317
Connection: Keep-Alive
Accept-Encoding: gzip

{
  "baseParams": {
    "appType": "2",
    "appVersion": "3.4.1",
    "brand": "google",
    "cId": "3c86a0c9a8a2a098fced22f3e5ee6025",
    "cpuABI": "armeabi-v7a",
    "device": "hammerhead",
    "deviceIdSm": "a32805d44913e84b",
    "deviceIdXhy": "201903042217046tmrr3e13vydpooy3d4b6t0q0hchf4qr66c20ddede1f4ce1830c9e36a0516739a57a45ede2821f0bc7f505af98d38e0530yucdiler8jxfudwqffrc7vitkcwznv1",
    "deviceName": "Nexus 5",
    "deviceToken": "",
    "deviceType": "APP",
    "displayrom": "MRA58K",
    "fingerPrint": "ro2f0-sN4lhaXKx7c-PfD8drecksokRBQavND6qgb5aPXl4HMmm0y3hMizZw7TuXXPjK-imd1xS1D0cTO8xqn1fFuqJTWhmStb04zI-b_Z1lbS62w8m9reKO62tyY2hudvpyr5WGa2Gep8KfYx1ys-iyVdveYY0v",
    "hardware": "hammerhead",
    "locateAddress": "未知",
    "locateCity": "未知",
    "locateDistrict": "未知",
    "locationProvince": "未知",
    "majorAppVersion": "3.4.1",
    "manufacturer": "LGE",
    "network": "WIFI",
    "networkOperator": "unknown",
    "pValue": "01002200001900000",
    "pValueNo": "01002200001900000",
    "platformId": "android",
    "position": {
      "lat": "0.0",
      "lon": "0.0"
    },
    "screenResolution": "1080,1776",
    "serial": "0663654df0db2ddf",
    "tencentMac": "",
    "termId": "359125051738526",
    "termModel": "android-build Nexus 5",
    "termSysVersion": "6.0",
    "wifiMac": "d0:76:e7:4a:07:53",
    "wifiSsid": "powerC"
  },
  "bizParams": {
    "phoneNum": "13247741888",
    "smsCode": "1234",
    "type": 100
  },
  "phoneNumber": "",
  "sign": "e3210a0c327c7d32332475d1e674d2c9",
  "timestamp": "1551710134740",
  "token": ""
}

md5:
phoneNum=13247741888&smsCode=1234&timestamp=1551710134740&type=100@qpzm6%$#@!~
结果=>e3210a0c327c7d32332475d1e674d2c9

HTTP/1.1 200
Date: Mon, 04 Mar 2019 14:35:35 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 89
Connection: keep-alive
Server: Poseidon

{
  "errorCode": 90010002,
  "msg": "验证码失效啦,重新获取一个吧",
  "success": false
}

3、注册
POST /tnp/app/member/register HTTP/1.1
sid: 216be9e5-d2ca-44af-8ca9-c3f38854ec59
User-Agent: BFApp/3.4.1/Dalvik/2.1.0 (Linux; U; Android 6.0.1; MI 3W MIUI/8.9.13)
X-Trace-ID: f0ef5334-bea6-48b2-ae50-3f32a2f4b527
sessionid:
host:  
Content-Type: application/json; charset=UTF-8
Content-Length: 1310
Connection: Keep-Alive
Accept-Encoding: gzip

{"baseParams":{"appType":"2","appVersion":"3.4.1","brand":"Xiaomi","cId":"","cpuABI":"armeabi-v7a","device":"cancro","deviceIdSm":"8b14fa2c38ce3372","deviceIdXhy":"20190304230538bmxejjrjfguybqesur4jirpl14g9dv938014d8f8124f42bfa272da14c9f4e54f233c51738d8208aa7f1aa1d2326d4e5d8queolr8geouvdtw9q8hulhl2ff9116f1","deviceName":"MI 3W","deviceToken":"","deviceType":"APP","displayrom":"MMB29M","fingerPrint":"NQaLg3fCVXlxVIuw9eSTlfbeySbJdROzF2q-ZA4Uf-caoGUI8FOB2YL2FKuJvRiq2467YuXdE5WRW6Kt-JQKaCXCWhNwW1GdbwncHZQ6_D8smijRBhZDqHYw9Pucem0zkIV8ig9XeVEuX23RSrLo38H9ctyi51Ns","hardware":"qcom","locateAddress":"δ֪","locateCity":"δ֪","locateDistrict":"δ֪","locationProvince":"δ֪","majorAppVersion":"3.4.1","manufacturer":"Xiaomi","network":"WIFI","networkOperator":"unknown","pValue":"01002200001900000","pValueNo":"01002200001900000","platformId":"android","position":{"lat":"0.0","lon":"0.0"},"screenResolution":"1080,1920","serial":"b219bff","tencentMac":"","termId":"8b14fa2c38ce3372","termModel":"builder MI 3W","termSysVersion":"6.0.1","wifiMac":"88:25:82:81:36:48","wifiSsid":"TP-LINK"},"bizParams":{"password":"","phoneNum":"15916937401","smsCode":"2051","templateId":10381,"thirdAuthType":0},"phoneNumber":"","sign":"980a6aa30a54a898c1653e13bca6e554","timestamp":"1551712124294","token":""}



{"password":"","phoneNum":"15916937401","smsCode":"2051","templateId":10381,"thirdAuthType":0}

phoneNum=15916937401&smsCode=2051&templateId=10381&thirdAuthType=0&timestamp=1551712124294@qpzm6%$#@!~
结果=>980a6aa30a54a898c1653e13bca6e554


承接APP算法逆向 Java逆向 SO解密 XPhook  脱壳等 QQ:46660816 请直奔主题 交流QQ群:270587  算法在Java层 有兴趣的可以自行练习  检测XP或者Root 提示风险存在


作者: juste    时间: 2019-3-5 11:21
牛逼了我的哥
作者: 走路有点憨    时间: 2019-3-5 11:40
这谁顶得住啊。不是逆向吧
作者: lyou    时间: 2019-3-7 06:18
看看   谢谢分享
作者: 田心杨    时间: 2019-3-7 17:47
不错,多谢分享,万分感谢!`
作者: 上千吨水    时间: 2019-3-11 22:41
感谢大佬谢谢
作者: 上千吨水    时间: 2019-3-11 22:41
大佬有视频教学吗  感谢感谢
作者: thw023824    时间: 2019-4-23 17:31
牛逼了,看着有点像数美啊
作者: duanyijun    时间: 2022-4-10 11:51
好东西。厉害厉害




欢迎光临 精易论坛 (https://125.confly.eu.org/) Powered by Discuz! X3.4