深度解析:网易充值登录 21.5 验证码 滑块 无感 分析
声明:本文章中所有内容仅供学习交流使用,不用于其他任何目的,抓包内容、敏感网址、数据接口等均已做脱敏处理,严禁用于商业用途和非法用途,否则由此产生的一切后果均与作者无关!逆向分析cp=execjs.compile(open('run.js'
声明:
本文章中所有内容仅供学习交流使用,不用于其他任何目的,抓包内容、敏感网址、数据接口等均已做脱敏处理,严禁用于商业用途和非法用途,否则由此产生的一切后果均与作者无关!
逆向分析
cp = execjs.compile(open('run.js', 'r', encoding='utf-8').read())
fp = cp.call('getFp')
url = "/api/v3/get"
params = {
"referer": "",
"zoneId": "CN31",
"id": bid,
"fp": fp,
"https": "true",
"type": "undefined",
"width": "",
"sizeType": "undefined",
"version": "2.21.5",
"dpr": "1.25",
"dev": "1",
"cb": cp.call('getCb'),
"acToken": acToken,
"ipv6": "false",
"runEnv": "10",
"group": "",
"scene": "",
"sdkVersion": "undefined",
"smsVersion": "v3",
"callback": "__JSONP_ckiuqwv_0"
}
response = session.get(url, headers=headers, params=params)
print(response.text)
data = json.loads(re.findall('{.*}', response.text)[0])['data']
token = data['token']
type = data['type']
url = "/api/v3/check"
data = cp.call('wugan_verify', token)
params = {
"referer": "",
"zoneId": "CN31",
"id": bid,
"version": "2.21.5",
"cb": cp.call('getCb'),
"extraData": extraData,
"bf": "0",
"runEnv": "10",
"sdkVersion": "undefined",
"token": token,
"type": "5",
"width": "",
"data": data,
"callback": "__JSONP_w2rnf2h_1"
}
response = session.get(url, headers=headers, params=params)
print(response.text)
url = "/api/v3/get"
params = {
"referer": "",
"zoneId": "CN31",
"acToken": cp.call('getAcToken'),
"id": bid,
"fp": fp,
"https": "true",
"type": "undefined",
"version": "2.21.5",
"dpr": "1.25",
"dev": "1",
"cb": cp.call('getCb'),
"ipv6": "false",
"runEnv": "10",
"group": "",
"scene": "",
"lang": "zh-CN",
"sdkVersion": "undefined",
"width": "250",
"audio": "false",
"sizeType": "10",
"smsVersion": "v3",
"token": token,
"callback": "__JSONP_eebchz0_18"
}
response = session.get(url, headers=headers, params=params)
print(response.text)
data = json.loads(re.findall('{.*}', response.text)[0])['data']
bg = data['bg'][0]
front = data['front'][0]
with open('./fg.png', 'wb') as fp1:
fp1.write(session.get(front, headers=headers).content)
with open('./bg.png', 'wb') as fp1:
fp1.write(session.get(bg, headers=headers).content)
distance = getDistance()
trace = _generate_trace(distance, int(time.time() * 1000))
# trace = get_track(distance)
print(distance)
print(trace)
data = cp.call('verify', token, trace, distance)
print(data)
url = "/api/v3/check"
结果
总结
1.出于安全考虑,本章未提供完整流程,调试环节省略较多,只提供大致思路,具体细节要你自己还原,相信你也能调试出来。