298次浏览

jeb3.0 动态调试app寻找登录加密全过程 (二) – POST登录代码实现

在上篇文章 https://www.citext.cn/2689.html 中我们成功的分析出所有的加密, 现在用C++来实现整个登录过程, RSA和AES CBC模式加密是调用openssl库来实现的, http提交用的libcurl库, 全部都打包到工程文件了

工程文件下载地址: https://66-1251737204.cos.ap-beijing-1.myqcloud.com/citext.cn/project/curl_ssl_httpLogin.rar

效果图:

程序部分代码:

#include"http.h"
#include"encrypt.h"


//文本替换
void string_replace(std::string &strBig, const std::string &strsrc, const std::string &strdst)
{
	std::string::size_type pos = 0;
	std::string::size_type srclen = strsrc.size();
	std::string::size_type dstlen = strdst.size();

	while ((pos = strBig.find(strsrc, pos)) != std::string::npos)
	{
		strBig.replace(pos, srclen, strdst);
		pos += dstlen;
	}
}

//取文本中间
std::string get_middle_text(std::string source, std::string front, std::string behind)
{
	int ind = source.find(front);//找到前面文本的位置
	ind +=  front.length();
	int end = source.find(behind, ind);
	
	return source.substr(ind, end - ind);
}

void login(char *username, char *password)
{

	std::string aeskey = "6dda72836e8845a8";
	char iv[] = "Cp99-!qazXSw2-88";

	
	std::string PostData = "\{\"password\":\"MD5\",\"userCode\":\"test\"\}";
	std::string passwordMD5;

	passwordMD5 = md5_encrypt(password, strlen(password));

	string_replace(PostData, "test", username);
	string_replace(PostData, "MD5", passwordMD5);


	std::string timestamp = get_timeS();
	std::string sign = timestamp;

	sign.append("##Lottery2017$$");

	sign = md5_encrypt((char *)sign.c_str(), sign.length());
	sign = "sign: " + sign;


	//RSA加密
	std::string two = EncodeRSAKeyFile("pubkey.pem", aeskey);
	std::string key = base64Encode((unsigned char *)two.c_str(), two.size());
	key = "key: " + key;

	timestamp = "timestamp: " + timestamp;


	std::cout << PostData << std::endl;
	std::cout << sign << std::endl;
	std::cout << timestamp << std::endl;
	std::cout << key << std::endl;

	int fillSize = get_fill_size(PostData.size());//取得数据经过填充后的大小, 增大空间接收
	PostData.reserve(PostData.size() + fillSize + 1);

	//AES加密
	std::string body = aes_encrypt((char *)PostData.c_str(), PostData.size(), (char *)aeskey.c_str(), iv);
	body = base64Encode((const unsigned char *)body.c_str(), fillSize);

	string_replace(body, "=", "\\u003d");


	std::string buffer = "\{\"body\":\"aes_encrypt_data\"\}";
	string_replace(buffer, "aes_encrypt_data", body);


	HTTP_CURL http;
	http.Open("https://ttsy-apid2ddw.tgcloud2.com:5869/lottery-api-tg0152/api/v2/user/login");
	http.SetTimeouts(10);
	http.SetRequestHeader("deviceId: 863535273811746");
	http.SetRequestHeader((char *)sign.c_str());
	http.SetRequestHeader((char *)key.c_str());
	http.SetRequestHeader((char *)timestamp.c_str());
	http.SetRequestHeader("deviceName: OPPO PCRT00");
	http.SetRequestHeader("User-Agent: Android");
	http.SetRequestHeader("Content-Type: application/json; charset=UTF-8");
	http.SetRequestHeader("version: V2.1.1");
	http.SetRequestHeader("packageName: com.tg9.ttsy");



	http.Send((char *)buffer.c_str());


	std::cout << "curl返回状态: " << http.GetStatus() << std::endl;
	std::cout << "网页返回: " << http.GetResponseToGBK() << std::endl;
	std::cout <<"协议头: "<< http.GetAllResponseHeader() << std::endl;


	//取出登录成功后的密文
	buffer = get_middle_text(http.GetResponseToGBK(), "body\\\":\\\"", "\\\"\}\"");
	std::cout<<buffer<<std::endl;


	//判断是否登录成功
	if (buffer.length() > 1000)
	{
		//解密密文
		buffer = base64Decode(buffer.c_str(), buffer.size());

		std::cout << UTF8ToGBK((char *)aes_decrypt((char *)buffer.c_str(), buffer.size(), (char *)aeskey.c_str(), iv).c_str()) << std::endl;

	}

	

}

int main()
{
	curl_global_init(CURL_GLOBAL_ALL);

	login("citext", "00000000");
	

	curl_global_cleanup();
	return 0;
}

发表评论

电子邮件地址不会被公开。 必填项已用*标注