本文只适用于初学者,只需要会打断点追踪就可以了。
前端js代码除了经常使用Base64编码和解码之外,MD5加密也是常用手段。
关于MD5加密,学计算机的都应该有了解。百度百科解释在此。
简介
MD5算法的原理可简要的叙述为:MD5码以512位分组来处理输入的信息,且每一分组又被划分为16个32位子分组,经过了一系列的处理后,算法的输出由4个32位分组组成,将这4个32位分组级联后将生成一个128位散列值。
在MD5算法中,首先需要对信息进行填充,这个数据按位(bit)补充,要求最终的位数对512求模的结果为448。也就是说数据补位后,其位数长度只差64位(bit)就是512的整数倍。
即便是这个数据的位数对512求模的结果正好是448也必须进行补位。
补位的实现过程:首先在数据后补一个1 bit; 接着在后面补上一堆0 bit, 直到整个数据的位数对512求模的结果正好为448。总之,至少补1位,而最多可能补512位。
js实现
观察某网站
请求链接只有一个,便于我们学习。
Form Data有很多参数,我们就来追踪salt吧,因为一眼看上去就是需要一定业务逻辑才能得到的。
全局搜索salt,只有1个js中存在
代码中浏览一下salt,在8935行设置断点。这里有个函数generateSaltSign,看上去除了产生salt,应该可以吧sign也一起解决了。
刷新页面,追踪进去,可以看到下面代码
看到嘛,4个动态参数的逻辑都有了
- ts:"" + (new Date).getTime()
- bv:md5(navigator.appVersion)。appVersion是常量,可以在控制台直接输出看一下。
- salt:ts+parseInt(10 * Math.random(), 10)
- sign:md5(“fanyideskweb” + e + salt + “n%A-rKaT5fb[Gy?;N5@Tj”) 。e是需要翻译的内容
在这4个参数中,有2个用到了md5加密函数。
扫描二维码关注公众号,回复:
9477223 查看本文章
继续追踪,下一步就能看到md5加密过程了。
我们可以把js代码从这里复制到js文件,稍微调整一下,然后在node.js中执行一下,看看效果。
function n(e, t) {
return e << t | e >>> 32 - t
}
function md5(e) {
var t, n, i, o, a, s, m, g, v, y = Array();
for (e = h(e),
y = d(e),
s = 1732584193,
m = 4023233417,
g = 2562383102,
v = 271733878,
t = 0; t < y.length; t += 16)
n = s,
i = m,
o = g,
a = v,
s = l(s, m, g, v, y[t + 0], 7, 3614090360),
v = l(v, s, m, g, y[t + 1], 12, 3905402710),
g = l(g, v, s, m, y[t + 2], 17, 606105819),
m = l(m, g, v, s, y[t + 3], 22, 3250441966),
s = l(s, m, g, v, y[t + 4], 7, 4118548399),
v = l(v, s, m, g, y[t + 5], 12, 1200080426),
g = l(g, v, s, m, y[t + 6], 17, 2821735955),
m = l(m, g, v, s, y[t + 7], 22, 4249261313),
s = l(s, m, g, v, y[t + 8], 7, 1770035416),
v = l(v, s, m, g, y[t + 9], 12, 2336552879),
g = l(g, v, s, m, y[t + 10], 17, 4294925233),
m = l(m, g, v, s, y[t + 11], 22, 2304563134),
s = l(s, m, g, v, y[t + 12], 7, 1804603682),
v = l(v, s, m, g, y[t + 13], 12, 4254626195),
g = l(g, v, s, m, y[t + 14], 17, 2792965006),
m = l(m, g, v, s, y[t + 15], 22, 1236535329),
s = c(s, m, g, v, y[t + 1], 5, 4129170786),
v = c(v, s, m, g, y[t + 6], 9, 3225465664),
g = c(g, v, s, m, y[t + 11], 14, 643717713),
m = c(m, g, v, s, y[t + 0], 20, 3921069994),
s = c(s, m, g, v, y[t + 5], 5, 3593408605),
v = c(v, s, m, g, y[t + 10], 9, 38016083),
g = c(g, v, s, m, y[t + 15], 14, 3634488961),
m = c(m, g, v, s, y[t + 4], 20, 3889429448),
s = c(s, m, g, v, y[t + 9], 5, 568446438),
v = c(v, s, m, g, y[t + 14], 9, 3275163606),
g = c(g, v, s, m, y[t + 3], 14, 4107603335),
m = c(m, g, v, s, y[t + 8], 20, 1163531501),
s = c(s, m, g, v, y[t + 13], 5, 2850285829),
v = c(v, s, m, g, y[t + 2], 9, 4243563512),
g = c(g, v, s, m, y[t + 7], 14, 1735328473),
m = c(m, g, v, s, y[t + 12], 20, 2368359562),
s = u(s, m, g, v, y[t + 5], 4, 4294588738),
v = u(v, s, m, g, y[t + 8], 11, 2272392833),
g = u(g, v, s, m, y[t + 11], 16, 1839030562),
m = u(m, g, v, s, y[t + 14], 23, 4259657740),
s = u(s, m, g, v, y[t + 1], 4, 2763975236),
v = u(v, s, m, g, y[t + 4], 11, 1272893353),
g = u(g, v, s, m, y[t + 7], 16, 4139469664),
m = u(m, g, v, s, y[t + 10], 23, 3200236656),
s = u(s, m, g, v, y[t + 13], 4, 681279174),
v = u(v, s, m, g, y[t + 0], 11, 3936430074),
g = u(g, v, s, m, y[t + 3], 16, 3572445317),
m = u(m, g, v, s, y[t + 6], 23, 76029189),
s = u(s, m, g, v, y[t + 9], 4, 3654602809),
v = u(v, s, m, g, y[t + 12], 11, 3873151461),
g = u(g, v, s, m, y[t + 15], 16, 530742520),
m = u(m, g, v, s, y[t + 2], 23, 3299628645),
s = f(s, m, g, v, y[t + 0], 6, 4096336452),
v = f(v, s, m, g, y[t + 7], 10, 1126891415),
g = f(g, v, s, m, y[t + 14], 15, 2878612391),
m = f(m, g, v, s, y[t + 5], 21, 4237533241),
s = f(s, m, g, v, y[t + 12], 6, 1700485571),
v = f(v, s, m, g, y[t + 3], 10, 2399980690),
g = f(g, v, s, m, y[t + 10], 15, 4293915773),
m = f(m, g, v, s, y[t + 1], 21, 2240044497),
s = f(s, m, g, v, y[t + 8], 6, 1873313359),
v = f(v, s, m, g, y[t + 15], 10, 4264355552),
g = f(g, v, s, m, y[t + 6], 15, 2734768916),
m = f(m, g, v, s, y[t + 13], 21, 1309151649),
s = f(s, m, g, v, y[t + 4], 6, 4149444226),
v = f(v, s, m, g, y[t + 11], 10, 3174756917),
g = f(g, v, s, m, y[t + 2], 15, 718787259),
m = f(m, g, v, s, y[t + 9], 21, 3951481745),
s = r(s, n),
m = r(m, i),
g = r(g, o),
v = r(v, a);
return (p(s) + p(m) + p(g) + p(v)).toLowerCase()
}
function h(e) {
e = e.toString().replace(/\x0d\x0a/g, "\n");
for (var t = "", n = 0; n < e.length; n++) {
var r = e.charCodeAt(n);
if (r < 128)
t += String.fromCharCode(r);
else if (r > 127 && r < 2048)
t += String.fromCharCode(r >> 6 | 192),
t += String.fromCharCode(63 & r | 128);
else if (r >= 55296 && r <= 56319) {
if (n + 1 < e.length) {
var i = e.charCodeAt(n + 1);
if (i >= 56320 && i <= 57343) {
var o = 1024 * (r - 55296) + (i - 56320) + 65536;
t += String.fromCharCode(240 | o >> 18 & 7),
t += String.fromCharCode(128 | o >> 12 & 63),
t += String.fromCharCode(128 | o >> 6 & 63),
t += String.fromCharCode(128 | 63 & o),
n++
}
}
} else
t += String.fromCharCode(r >> 12 | 224),
t += String.fromCharCode(r >> 6 & 63 | 128),
t += String.fromCharCode(63 & r | 128)
}
return t
}
function d(e) {
for (var t, n = e.length, r = n + 8, i = 16 * ((r - r % 64) / 64 + 1), o = Array(i - 1), a = 0, s = 0; s < n; )
a = s % 4 * 8,
o[t = (s - s % 4) / 4] = o[t] | e.charCodeAt(s) << a,
s++;
return t = (s - s % 4) / 4,
a = s % 4 * 8,
o[t] = o[t] | 128 << a,
o[i - 2] = n << 3,
o[i - 1] = n >>> 29,
o
}
function p(e) {
var t, n = "", r = "";
for (t = 0; t <= 3; t++)
n += (r = "0" + (e >>> 8 * t & 255).toString(16)).substr(r.length - 2, 2);
return n
}
function l(e, t, o, a, s, l, c) {
return e = r(e, r(r(i(t, o, a), s), c)),
r(n(e, l), t)
}
function i(e, t, n) {
return e & t | ~e & n
}
function r(e, t) {
var n, r, i, o, a;
return i = 2147483648 & e,
o = 2147483648 & t,
n = 1073741824 & e,
r = 1073741824 & t,
a = (1073741823 & e) + (1073741823 & t),
n & r ? 2147483648 ^ a ^ i ^ o : n | r ? 1073741824 & a ? 3221225472 ^ a ^ i ^ o : 1073741824 ^ a ^ i ^ o : a ^ i ^ o
}
function o(e, t, n) {
return e & n | t & ~n
}
function a(e, t, n) {
return e ^ t ^ n
}
function s(e, t, n) {
return t ^ (e | ~n)
}
function c(e, t, i, a, s, l, c) {
return e = r(e, r(r(o(t, i, a), s), c)),
r(n(e, l), t)
}
function u(e, t, i, o, s, l, c) {
return e = r(e, r(r(a(t, i, o), s), c)),
r(n(e, l), t)
}
function f(e, t, i, o, a, l, c) {
return e = r(e, r(r(s(t, i, o), a), c)),
r(n(e, l), t)
}
aaaaa="5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.87 Safari/537.36"
console.log(md5(aaaaa))
我把navigator.appVersion直接赋值给aaaaa,运行结果如下
c:\Program Files\nodejs>node.exe C:\website\js\test.js
f07c6164a4cf751f3f6b190b0aeb0d22
结果和第一张图中的bv值完全一致。
注意:我在h函数中的replace函数前追加了一个toString()函数。
因为在node.js中运行报错如下
e = e.replace(/\x0d\x0a/g, "\n");
^
TypeError: e.replace is not a function
查了网上,用了这个办法解决。
python实现
在python中实现md5加密就非常简单了。
import hashlib
def getMD5(e):
md5 = hashlib.md5()
md5.update(e.encode('utf-8'))
sign = md5.hexdigest()
return sign
print getMD5("5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.87 Safari/537.36")
结果也是一致的
C:\website\js>python youdao.py
f07c6164a4cf751f3f6b190b0aeb0d22
