分析只做研究使用无其他目的
password加密分析
首先放关键代码:
var i = security_password_222_lib_utils.Inherit
, n = security_password_222_lib_utils.addRule
, r = security_password_222_lib_input
, s = security_crypto_200_index
, o = security_client_utils_202_index.KeySequence;
return i(r, e, {
template: '<input type="password" tabindex="{tabindex}" id="{id}" name="{id}" class="ui-input i-text" "return false" "return false" "return false" oncut="return false" autocomplete="off" value="" />',
options: {},
getPassword: function() {
if (this.passwordCache)
return this.passwordCache;
var t = this.element.value;
if (!t)
return "";
this.element.value = "";
var e = new s.RSA // 支付宝密码加密使用RSA加密
, i = s.Base64.decode(this.options.TS);
e.setPublicKey(this.options.PK);
for (var n = "", r = 5, o = 0; r > o && (n = e.alipayEncrypt(2, i, t),
344 != n.length); o++)
;
344 != n.length && (n = ""),
this.passwordCache = n;
了解到了是RSA加密的,一般这种情况是后台把加密的pubkey返回给前段的,那么我们去找他的pubkey吧
(function(){
var prop = {
"WMode": 0,
"PK": "PYV7wxnFqz1ar0evEZ+3gpPQIGav7lkZ0GprOPMSXvioo3B9gV0JH8y0fzEdabPVndB2QT1Muap5c59sZ7za9VsSamx2id4qnFIrfk+P2bxscZ38y07sI4K15KQazWCYY73YlLNJFpAbQ004dUD87yk3wtC6iXbEXIqm2OsAujBih91ybG+GIS0liobzutW4i5KS8f0XuXCd76ujMeQD+jQaden9eJxriRr9hJWTFR0ZufIHkxm3aq7pFTLd2Ic65ka6Eml4DpsksZYE1u8XPH6CQd0sXjz1pMHe2Pt9e91cvYnb96rDognVA6dR9PEjnA35ZOmgaVNDQqTSZ6zlyyg/2flVtmaVlaTGDqNiilWZjaKOTM1WJRFqX9JMPfD0DraoF43SHO6ZcdmqBIqSBMI6uEUrqTnD2fc2AEqUTpJdMWTPZ/+eW0F37whEI7Men09JnJe6cgkB5HpvNNJP/rYfB5wMwP3lw7+o02EmOLLAC46IWQkRAMOwxq6+t7tTMQxqOfwTrMWouC+Lr2AiokG0tlK51Ipd+CMyGuvApyPzzvbDYdPf5Sn804KnbJFHWDJ7WwBWTBx2V8iP25T0CcbPanG5bIMSt9D9GN/66RBMILkJfWsBnbQel99BlLT+2J6SLHOay+Cyavah7Q7QfcjTFOcIh7UpocfzDUUPF34=",
"TS": "ODUzMTQ3MzQ3MTkz",
"BMode": {
"DMode": true,
"ReadOnly": false,
"MaxLength": 20
}
};
var renderArr = 'R',
sensorArr = '',
tolerate = true,
options = {
upgrade: '',
id: 'password',
prodType: '',
sid: 'web|authcenter_querypwd_login|478f6cdd-0736-4aa4-9e28-ee4d3a9a320eRZ13'
},
renderOptions = {
downloadPath: '',
downloadServer: 'https://download.alipay.com',
securityCenterServer: 'https://securitycenter.alipay.com',
container: "password_container",
R: {
id: 'password_rsainput',
hidnId: 'password',
PK: "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo0z/L+pelCPu6DwDFAY/3ITzesr8lnNmYjHht4XUJvLYYBwvDbHMc8xi9sPK9ohVHIKRVLVmmZ9SdmuWYN9HzCyyZ6kEHx+IDBPnulwjdeN/N0w25mVRhYDWxJ2/1C6cPIuNcISchOQdGKuAC0xR37i/kWH9sjBidAQjageYgQoj1HX81flZaPve75Esue85AHZ0VIurjwx7uEuxvQtvCIUvX1bbF13TIYuTbJbn/LrNHby1Kxp42ggNUjAkYUVSF7SC3UP+YGKruii7Vh1UnJ/rpVhjdt3It8le9px8H4Ltt9N3hzU17rBnFpp2ZnmiZVtlfMvsStY54Fl5cSJVxQIDAQAB",
TS: "ODUzMTQ3MzQ3MTkz",
alieditUpgradeVersions: "",
useSilentInstallation: false,
useKS: true,
tabindex: "2",
container: "password_container",
ksk: 'cf538a93-d442-4809-a04c-4fdecb40c621', useSixDigitPassword: false },
C1: {
id: "edit_password",
name: "edit_password",
hidnId: "password",
width: "180",
height: "24",
tabindex: "2",
container: "password_container",
passwordMode: "1",
timestamp: "5385314734",
pk: "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDS92pDVyWNT7dzG9zH0opH44z9FayCZTX5iqGUxUjPi667IkyaqrsmDPqKsJp47lJ29lzs+Qv8zjPPdmnxjFteMrfpc4ui24gL1iZnchwX87Ox/+Xrm8HFmKlhmUO9n/QgTT+Nz1RGMEN1+HijvsoAhS0TS8XjSfzRkrwvK2pJQIDAQAB",
alieditUpgradeVersions: ""
},
C2: {
id: "edit_password",
name: "edit_password",
hidnId: "password",
width: "180",
height: "24",
tabindex: "2",
container: "password_container",
passwordMode: "1",
timestamp: "5385314734",
pk: "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDS92pDVyWNT7dzG9zH0opH44z9FayCZTX5iqGUxUjPi667IkyaqrsmDPqKsJp47lJ29lzs+Qv8zjPPdmnxjFteMrfpc4ui24gL1iZnchwX87Ox/+Xrm8HFmKlhmUO9n/QgTT+Nz1RGMEN1+HijvsoAhS0TS8XjSfzRkrwvK2pJQIDAQAB",
alieditUpgradeVersions: "",
handler: "light.page",
prop: light.escapeHTML(light.inspect(prop)),
useKS: true,
ksk: 'cf538a93-d442-4809-a04c-4fdecb40c621' }
},
sensorOptions = {
websocketPorts: '27382,45242',
controlCheckTimeout: '3000'
};
var passwordProduct = new alipay.security.Password(options, renderArr, sensorArr, tolerate, renderOptions, sensorOptions);
passwordProduct.onReady(function () {
light.node(this.renderable ? '#J_edit_prompt_default' : '#J_edit_prompt_noEdit').removeClass('fn-hide');
});
passwordProduct.onReady(function(){
alipay.security.snowden.report();
});
if (light.page.scProducts) {
light.page.scProducts.push(passwordProduct);
}
if (light.page.products) {
light.page.products['password'] = passwordProduct;
}
alipay.security.useMultiplePolicy = true;
})()
关键
PK: "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo0z/L+pelCPu6DwDFAY/3ITzesr8lnNmYjHht4XUJvLYYBwvDbHMc8xi9sPK9ohVHIKRVLVmmZ9SdmuWYN9HzCyyZ6kEHx+IDBPnulwjdeN/N0w25mVRhYDWxJ2/1C6cPIuNcISchOQdGKuAC0xR37i/kWH9sjBidAQjageYgQoj1HX81flZaPve75Esue85AHZ0VIurjwx7uEuxvQtvCIUvX1bbF13TIYuTbJbn/LrNHby1Kxp42ggNUjAkYUVSF7SC3UP+YGKruii7Vh1UnJ/rpVhjdt3It8le9px8H4Ltt9N3hzU17rBnFpp2ZnmiZVtlfMvsStY54Fl5cSJVxQIDAQAB",
TS: "ODUzMTQ3MzQ3MTkz",
TS是Base64编码的,解码为"853147347193",每次请求的都会不一样.
下面就是模拟了:
var s = security_crypto_200_index
var e = new s.RSA // 支付宝密码加密使用RSA加密
, i = s.Base64.decode(this.options.TS);// 上面的TS
e.setPublicKey(this.options.PK); // 这个I也是上面的PK参数,也就是PK
for (var n = "", r = 5, o = 0; r > o && (n = e.alipayEncrypt(2, i, t), // t是明文密码
344 != n.length); o++)
;
344 != n.length && (n = ""),
this.passwordCache = n;// n就是最终的加密结果
node运行一下:
完成!