(JS逆向专栏十四)某游平台网站登入SHA1
声明:
本文章中所有内容仅供学习交流,严禁用于商业用途和非法用途,否则由此产生的一切后果均与作者无关,若有侵权,请联系我立即删除!
名称:逗游
目标:登入参数
加密类型:SHA1
目标网址:https://www.doyo.cn/passport/login
第一步: 查看接口参数
password
第二步: 搜索参数名
我们通过搜索可以直接定位到这个地方,这里我们可以很清晰的看到逻辑,就是先请求一个链接拿到返回的nonce和ts 然后获取密码先走一边SHA1后再nonce+ts+pwd再走一遍SHA1实现最终的加密
同理我们进入SHA1这个方法然后把整个扣下来
第三步:实现加密参数
/* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */
/* SHA-1 implementation in JavaScript | (c) Chris Veness 2002-2010 | www.movable-type.co.uk */
/* - see http://csrc.nist.gov/groups/ST/toolkit/secure_hashing.html */
/* http://csrc.nist.gov/groups/ST/toolkit/examples.html */
/* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */var Sha1 = {}; // Sha1 namespace/*** Generates SHA-1 hash of string** @param {String} msg String to be hashed* @param {Boolean} [utf8encode=true] Encode msg as UTF-8 before generating hash* @returns {String} Hash of msg as hex character string*/
Sha1.hash = function(msg, utf8encode) {utf8encode = (typeof utf8encode == 'undefined') ? true : utf8encode;// convert string to UTF-8, as SHA only deals with byte-streamsif (utf8encode) msg = Utf8.encode(msg);// constants [§4.2.1]var K = [0x5a827999, 0x6ed9eba1, 0x8f1bbcdc, 0xca62c1d6];// PREPROCESSING msg += String.fromCharCode(0x80); // add trailing '1' bit (+ 0's padding) to string [§5.1.1]// convert string msg into 512-bit/16-integer blocks arrays of ints [§5.2.1]var l = msg.length/4 + 2; // length (in 32-bit integers) of msg + ‘1’ + appended lengthvar N = Math.ceil(l/16); // number of 16-integer-blocks required to hold 'l' intsvar M = new Array(N);for (var i=0; i>> 32, but since JS converts// bitwise-op args to 32 bits, we need to simulate this by arithmetic operatorsM[N-1][14] = ((msg.length-1)*8) / Math.pow(2, 32); M[N-1][14] = Math.floor(M[N-1][14])M[N-1][15] = ((msg.length-1)*8) & 0xffffffff;// set initial hash value [§5.3.1]var H0 = 0x67452301;var H1 = 0xefcdab89;var H2 = 0x98badcfe;var H3 = 0x10325476;var H4 = 0xc3d2e1f0;// HASH COMPUTATION [§6.1.2]var W = new Array(80); var a, b, c, d, e;for (var i=0; i>>(32-n));
}//
// hexadecimal representation of a number
// (note toString(16) is implementation-dependant, and
// in IE returns signed numbers when used on full words)
//
Sha1.toHexStr = function(n) {var s="", v;for (var i=7; i>=0; i--) { v = (n>>>(i*4)) & 0xf; s += v.toString(16); }return s;
}/* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */
/* Utf8 class: encode / decode between multi-byte Unicode characters and UTF-8 multiple */
/* single-byte character encoding (c) Chris Veness 2002-2010 */
/* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */var Utf8 = {}; // Utf8 namespace/*** Encode multi-byte Unicode string into utf-8 multiple single-byte characters * (BMP / basic multilingual plane only)** Chars in range U+0080 - U+07FF are encoded in 2 chars, U+0800 - U+FFFF in 3 chars** @param {String} strUni Unicode string to be encoded as UTF-8* @returns {String} encoded string*/
Utf8.encode = function(strUni) {// use regular expressions & String.replace callback function for better efficiency // than procedural approachesvar strUtf = strUni.replace(/[\u0080-\u07ff]/g, // U+0080 - U+07FF => 2 bytes 110yyyyy, 10zzzzzzfunction(c) { var cc = c.charCodeAt(0);return String.fromCharCode(0xc0 | cc>>6, 0x80 | cc&0x3f); });strUtf = strUtf.replace(/[\u0800-\uffff]/g, // U+0800 - U+FFFF => 3 bytes 1110xxxx, 10yyyyyy, 10zzzzzzfunction(c) { var cc = c.charCodeAt(0); return String.fromCharCode(0xe0 | cc>>12, 0x80 | cc>>6&0x3F, 0x80 | cc&0x3f); });return strUtf;
}/*** Decode utf-8 encoded string back into multi-byte Unicode characters** @param {String} strUtf UTF-8 string to be decoded back to Unicode* @returns {String} decoded string*/
Utf8.decode = function(strUtf) {// note: decode 3-byte chars first as decoded 2-byte strings could appear to be 3-byte char!var strUni = strUtf.replace(/[\u00e0-\u00ef][\u0080-\u00bf][\u0080-\u00bf]/g, // 3-byte charsfunction(c) { // (note parentheses for precence)var cc = ((c.charCodeAt(0)&0x0f)<<12) | ((c.charCodeAt(1)&0x3f)<<6) | ( c.charCodeAt(2)&0x3f); return String.fromCharCode(cc); });strUni = strUni.replace(/[\u00c0-\u00df][\u0080-\u00bf]/g, // 2-byte charsfunction(c) { // (note parentheses for precence)var cc = (c.charCodeAt(0)&0x1f)<<6 | c.charCodeAt(1)&0x3f;return String.fromCharCode(cc); });return strUni;
}
nonce = 'aSef3nIolC';
ts = 1691483451;
password = '123456'
pwd = Sha1.hash(password);
pwd = Sha1.hash(nonce+ts+pwd);
console.log(pwd); 结果展示
看完点个赞吧,喜欢的可以点个关注!
本文来自互联网用户投稿,文章观点仅代表作者本人,不代表本站立场,不承担相关法律责任。如若转载,请注明出处。 如若内容造成侵权/违法违规/事实不符,请点击【内容举报】进行投诉反馈!