易盾逆向分析(滑块、点选、无感知)
易盾破解过两个版本,2.19.1和2.21.3,都是之前整过的,现在升级了,由于工作也不需要,就没有再整过了。2.19.1版本,无感知、滑块、点选都整了一遍,写成公共提供调用。
先看下JAVA代码
package com.xxxx.cccc.web;import lombok.extern.log4j.Log4j;
import lombok.extern.log4j.Log4j2;import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;import org.apache.http.HttpException;
import org.jsoup.helper.StringUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;import com.xxxx.cccc.model.CommonRequest;
import com.xxxx.cccc.model.ResultModel;
import com.xxxx.cccc.service.ProxyService;
import com.xxxx.cccc.util.ExceptionUtil;
import com.xxxx.cccc.util.YidunCheckRpcUtil;
import com.xxxx.cccc.util.YidunCheckUtil;
import com.xxxx.cccc.util.YidunCheckUtil2;
import com.xxxx.cccc.util.YidunCheckUtil_2_19_1;
import com.xxxx.cccc.util.YidunCheckUtil_2_21_3;
//公共服务
@RestController
@RequestMapping("/common")
@Log4j
public class CommonController {@AutowiredProxyService proxyService;/*** 易盾-获取滑块验证后的数据-点选* * @param papercheckRequest* @return*/@RequestMapping(value ="/yidun/getCheckData" , method = RequestMethod.POST)public ResultModel getCheckData(@RequestBody CommonRequest commonRequest){ResultModel resultModel = null;try {log.info("易盾-获取滑块验证后的数据-点选,请求入参:"+commonRequest);if(!commonRequest.checkParam()){return new ResultModel("-1","输入参数不完整");}int len = 1;//循环次数for(int i=0;i
import java.io.FileOutputStream;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.UUID;import org.apache.commons.io.IOUtils;
import org.apache.http.Header;
import org.apache.http.HttpEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.util.EntityUtils;
import org.eclipse.jetty.util.StringUtil;
import org.springframework.util.StringUtils;import com.alibaba.fastjson.JSONObject;
import com.baidu.aip.util.Base64Util;import lombok.extern.log4j.Log4j;/*** version 2.17.4* 易盾-获取滑块验证后的数据* 1.获取图片的fp指纹参数存在浏览器环境校验,校验不过也会正常返回图片,但是会降低通过率,不到10%*/
@Log4j
public class YidunCheckUtil {public static String userAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36";public static String ipAddress = JsFrontConstants.nodejsUrl;public static String fpUrl = ipAddress+"/yidun/yzm/fp";public static String cbUrl = ipAddress+"/yidun/yzm/cb";public static String callbackUrl = ipAddress+"/yidun/yzm/callback";public static String getAcTokenUrl = ipAddress+"/yidun/yzm/getAcToken";public static String getMUrl = ipAddress+"/yidun/yzm/getM";public static String getPUrl = ipAddress+"/yidun/yzm/getP";public static String getExtUrl = ipAddress+"/yidun/yzm/getExt";public static String getDataUrl = ipAddress+"/yidun/yzm/getData";public static String getDataForWgzUrl = ipAddress+"/yidun/yzm/getDataForWgz";public static String getTraceUrl = ipAddress+"/yidun/yzm/getTrace";public static String getTraceForWgzUrl = ipAddress+"/yidun/yzm/getTraceForWgz";public static String getCn31StrUrl = ipAddress+"/yidun/yzm/getCn31Str";public static String getDataForHuaKuaiUrl = ipAddress+"/yidun/yzm/getDataForHuakuai";public static String getTraceForHuakuaiUrl = ipAddress+"/yidun/yzm/getTraceForHuakuai?zuobiao=";public static IOcr iOcr = new MachineOcr(); /*** 获取滑块验证后的数据-点选* @author xxx* @param * @return*/public static ResultModel getCheckData(ProxyService proxyService,List proxyList) throws Exception{ResultModel resultModel = new ResultModel("0","处理成功");HttpClientWrapper hw = null;HttpGet httpGet = null;CloseableHttpResponse execute = null;Header[] headers = null;HttpEntity entity = null;byte[] bytes = null;String result = null;//hw = new HttpClientWrapper(5000,5000, 5000);if(proxyService == null){//hw = new HttpClientWrapper(5000,5000, 5000);}else{log.info("YidunCheckUtil linshi shiong daili...");//hw = proxyService.getClientWithProxy(15000,15000,15000,proxyList);}hw = new HttpClientWrapper(50000,50000, 50000,"127.0.0.1",8888);CloseableHttpClient client = hw.getClient();//1.获取滑块图片地址String fp = JiangsuTaxbureauUtil.getData(fpUrl);//fp = "R/9JR4ti/ydmwA6UEJ41QqUdudp/aeDHkOl44riYGdbc56uundMeNHaleXSyME7P0qAzlLc8IARE+pTmovebBp4hW2lPDq\\\\6olZp0QQx9kzO0wdzYD9214KL\\\\Dc+/KYtCSSvS0eMBqzZiAYONRBq0i09nxtXDf\\\\mDdh2U/ReM3ZZZKt+:1655391775324";//fp = URLEncoder.encode(fp);String cb = JiangsuTaxbureauUtil.getData(cbUrl);String callback = JiangsuTaxbureauUtil.getData(callbackUrl);String url = "https://c.dun.163.com/api/v2/get?referer=https%3A%2F%2Fetax.jiangsu.chinatax.gov.cn%2Fsso%2Flogin&zoneId=CN31&id=1a623022803d4cbc86fa157ec267bb36&fp="+fp+"&https=true&type=undefined&version=2.17.4&dpr=1&dev=1&cb="+cb+"&ipv6=false&runEnv=10&group=&scene=&lang=zh-CN&width=0&audio=false&token=&callback="+callback;httpGet = new HttpGet(url);httpGet.setHeader("Host","c.dun.163.com");httpGet.setHeader("Referer","https://etax.jiangsu.chinatax.gov.cn/");httpGet.setHeader("User-Agent",userAgent);httpGet.setHeader("Accept","*/*");httpGet.setHeader("Accept-Encoding","gzip, deflate, br");httpGet.setHeader("Accept-Language","zh-CN,zh;q=0.9");httpGet.setHeader("Cache-Control","no-cache");httpGet.setHeader("Connection","keep-alive");httpGet.setHeader("Pragma","no-cache");httpGet.setHeader("sec-ch-ua","\"Chromium\";v=\"92\", \" Not A;Brand\";v=\"99\", \"Google Chrome\";v=\"92\"");httpGet.setHeader("sec-ch-ua-mobile","?0");httpGet.setHeader("Sec-Fetch-Dest","script");httpGet.setHeader("Sec-Fetch-Mode","no-cors");httpGet.setHeader("Sec-Fetch-Site","cross-site");httpGet.setConfig(hw.getRequestConfig());execute = client.execute(httpGet);entity = execute.getEntity(); bytes = EntityUtils.toByteArray(entity);result = new String(bytes,"UTF-8");if(StringUtils.isEmpty(result)){return new ResultModel("-1","获取滑块失败");}result = result.substring(result.indexOf("(")+1,result.indexOf(")"));log.info("YidunCheckUtil getCheckData getYzm result:"+result);JSONObject objJSon = JSONObject.parseObject(result);JSONObject dataJSon = objJSon.getJSONObject("data");String bg = (String)dataJSon.getJSONArray("bg").get(0);//滑块图片String front = dataJSon.getString("front");//点选文本String token = dataJSon.getString("token");String type = dataJSon.getString("type");String zoneId = dataJSon.getString("zoneId");log.info("YidunCheckUtil getCheckData bg:"+bg);log.info("YidunCheckUtil getCheckData front:"+front);log.info("YidunCheckUtil getCheckData token:"+token);if(StringUtils.isEmpty(front)){return new ResultModel("-1","获取滑块失败");}//2.获取图片数据httpGet = new HttpGet(bg);httpGet.setConfig(hw.getRequestConfig());execute = client.execute(httpGet);entity = execute.getEntity(); bytes = EntityUtils.toByteArray(entity);String zuobiao = "";String guiji = "";String baseImage = Base64Util.encode(bytes);if(StringUtils.isEmpty(baseImage)){return new ResultModel("-1","获取滑块图片失败");}//3.识别图片String orcData = iOcr.getCodeNormal(baseImage, front);if(StringUtil.isBlank(orcData) || orcData.indexOf("500 Internal Server") >= 0) {return new ResultModel("-1","识别滑块失败");}JSONObject ocrJson = JSONObject.parseObject(orcData);zuobiao = ocrJson.getString("points");guiji = ocrJson.getString("track");log.info("YidunCheckUtil getCheckData zuobiao:"+zuobiao);log.info("YidunCheckUtil getCheckData guiji:"+guiji);////调用自己的轨迹算法 测试发现自己的轨迹算法通过率高些guiji = JiangsuTaxbureauUtil.getData(getTraceUrl+"?urlKey="+zuobiao);//System.out.println("my guiji:"+guiji);if(StringUtils.isEmpty(zuobiao) || StringUtils.isEmpty(guiji)){return new ResultModel("-1","识别滑块失败");}url = "https://c.dun.163.com/api/v2/check?referer=https%3A%2F%2Fetax.jiangsu.chinatax.gov.cn%2Fsso%2Flogin&zoneId=CN31&id=1a623022803d4cbc86fa157ec267bb36&width=310&type=3&version=2.17.4&extraData=&bf=0&runEnv=10";httpGet = new HttpGet(url);Thread.sleep(100);//故意让程序慢些,避免反爬//5.校验滑块url = url +"&token="+token;url = url +"&callback="+JiangsuTaxbureauUtil.getData(callbackUrl);url = url +"&acToken="+JiangsuTaxbureauUtil.getData(getAcTokenUrl);url = url +"&cb="+JiangsuTaxbureauUtil.getData(cbUrl);String data = JiangsuTaxbureauUtil.getData(getDataUrl+"?guiji="+guiji+"&token="+token+"&zuobiao="+zuobiao);url = url +"&data="+data;log.info("YidunCheckUtil getCheckData url:"+url);httpGet = new HttpGet(url);httpGet.setHeader("Accept","*/*");httpGet.setHeader("Accept-Encoding","gzip, deflate, br");httpGet.setHeader("Accept-Language","zh-CN,zh;q=0.9");httpGet.setHeader("Cache-Control","no-cache");httpGet.setHeader("Connection","keep-alive");httpGet.setHeader("Pragma","no-cache");httpGet.setHeader("Referer","https://etax.jiangsu.chinatax.gov.cn/");httpGet.setHeader("sec-ch-ua","\"Chromium\";v=\"92\", \" Not A;Brand\";v=\"99\", \"Google Chrome\";v=\"92\"");httpGet.setHeader("sec-ch-ua-mobile","?0");httpGet.setHeader("Sec-Fetch-Dest","script");httpGet.setHeader("Sec-Fetch-Mode","no-cors");httpGet.setHeader("Sec-Fetch-Site","cross-site");httpGet.setHeader("Host","c.dun.163.com");httpGet.setHeader("User-Agent",userAgent);httpGet.setConfig(hw.getRequestConfig());execute = client.execute(httpGet);entity = execute.getEntity(); bytes = EntityUtils.toByteArray(entity);result = new String(bytes,"UTF-8");log.info("YidunCheckUtil getCheckData validate result:"+result);if(StringUtils.isEmpty(result)){return new ResultModel("-1","校验点选返回为空");}result = result.substring(result.indexOf("(")+1, result.indexOf(")"));JSONObject objJson = JSONObject.parseObject(result);JSONObject dataJson = objJson.getJSONObject("data");String validate = dataJson.getString("validate");if(StringUtils.isEmpty(validate)){return new ResultModel("-1","校验点选失败");}//3.获取CN31加密串 Map map = new HashMap();map.put("validate", validate);map.put("fp", URLDecoder.decode(fp));ResponseContent response = HttpHelper.postJsonEntity(getCn31StrUrl, JSONObject.toJSONString(map));String cn31Str = response.getContent();log.info("YidunCheckUtil getCheckData cn31Str:"+cn31Str);resultModel.setData(cn31Str);if(StringUtils.isEmpty(cn31Str)){return new ResultModel("-1","获取CN31失败");}return resultModel;}/*** 获取滑块验证后的数据-无感知* @author bree* @param * @return*/public static ResultModel getWgzData(ProxyService proxyService) throws Exception{ResultModel resultModel = new ResultModel("0","处理成功");Map dataMap = new HashMap();HttpClientWrapper hw = null;HttpGet httpGet = null;CloseableHttpResponse execute = null;Header[] headers = null;HttpEntity entity = null;byte[] bytes = null;String res = null;String result = null;hw = new HttpClientWrapper(5000,5000, 5000);CloseableHttpClient client = hw.getClient();//1.获取验证码String url = "https://c.dun.163.com/api/v2/get?referer=%s&zoneId=CN31&id=cf15aac06ccf490181f29b72fe13c3d4&fp=%s&https=true&type=undefined&width=0&version=2.16.0&dpr=1.25&dev=1&cb=%s&ipv6=false&runEnv=10&group=&scene=&callback=%s";String fp = JiangsuTaxbureauUtil.getData(fpUrl);String cb = JiangsuTaxbureauUtil.getData(cbUrl);String callback = JiangsuTaxbureauUtil.getData(callbackUrl);String referer = "https%3A%2F%2Fetax.hunan.chinatax.gov.cn%2Fwsbs%2FtoLogin.do";url = String.format(url, referer,fp,cb,callback);httpGet = new HttpGet(url);httpGet.setHeader("Host","c.dun.163.com");httpGet.setHeader("Referer","https://etax.hunan.chinatax.gov.cn/");httpGet.setHeader("User-Agent","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36");httpGet.setHeader("Accept","*/*");httpGet.setHeader("Accept-Encoding","gzip, deflate, br");httpGet.setHeader("Accept-Language","zh-CN,zh;q=0.9");httpGet.setHeader("sec-ch-ua","\"Chromium\";v=\"92\", \" Not A;Brand\";v=\"99\", \"Google Chrome\";v=\"92\"");httpGet.setHeader("sec-ch-ua-mobile","?0");httpGet.setHeader("Sec-Fetch-Dest","*/*");httpGet.setHeader("Sec-Fetch-Mode","no-cors");httpGet.setHeader("Sec-Fetch-Site","cross-site");httpGet.setConfig(hw.getRequestConfig());execute = client.execute(httpGet);entity = execute.getEntity(); bytes = EntityUtils.toByteArray(entity);result = new String(bytes,"UTF-8");log.info("yidun wuganzhi get yzm code:"+result);if(StringUtils.isEmpty(result)){return new ResultModel("-1","获取滑块失败");}result = result.substring(result.indexOf("(")+1,result.indexOf(")"));JSONObject objJSon = JSONObject.parseObject(result);JSONObject dataJSon = objJSon.getJSONObject("data");String error = objJSon.getString("error");String message = objJSon.getString("msg");String token = dataJSon.getString("token");if(!"0".equals(error)){return new ResultModel("-1",message);}Thread.sleep(1000);//2.校验url = "https://c.dun.163.com/api/v2/check?referer=%s&zoneId=CN31&id=cf15aac06ccf490181f29b72fe13c3d4&version=2.16.0&cb=%s&extraData=&bf=0&runEnv=10&token=%s&acToken=%s&type=5&width=438&data=%s&callback=%s";cb = JiangsuTaxbureauUtil.getData(cbUrl);callback = JiangsuTaxbureauUtil.getData(callbackUrl);String acToken = JiangsuTaxbureauUtil.getData(getAcTokenUrl);/* List list = new TraceUtil().getPAndTrace();String zuobiao = list.get(0);String guiji = list.get(1);*/String str = JiangsuTaxbureauUtil.getData(getTraceForWgzUrl);JSONObject traceJson = JSONObject.parseObject(str);String zuobiao = traceJson.getString("zuobiao");String guiji = traceJson.getString("guiji");;String data = JiangsuTaxbureauUtil.getData(getDataForWgzUrl+"?guiji="+guiji+"&token="+token+"&zuobiao="+zuobiao);url = String.format(url, referer,cb,token,acToken,data,callback);log.info("yidun wuganzhi zuobiao:"+zuobiao);log.info("yidun wuganzhi guiji:"+guiji);log.info("yidun wuganzhi url:"+url);httpGet = new HttpGet(url);httpGet.setHeader("Host","c.dun.163.com");httpGet.setHeader("Referer","https://etax.hunan.chinatax.gov.cn/");httpGet.setHeader("User-Agent","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36");httpGet.setHeader("Accept","*/*");httpGet.setHeader("Accept-Encoding","gzip, deflate, br");httpGet.setHeader("Accept-Language","zh-CN,zh;q=0.9");httpGet.setHeader("sec-ch-ua","\"Chromium\";v=\"92\", \" Not A;Brand\";v=\"99\", \"Google Chrome\";v=\"92\"");httpGet.setHeader("sec-ch-ua-mobile","?0");httpGet.setHeader("Sec-Fetch-Dest","*/*");httpGet.setHeader("Sec-Fetch-Mode","no-cors");httpGet.setHeader("Sec-Fetch-Site","cross-site");httpGet.setHeader("Pragma","no-cache");httpGet.setConfig(hw.getRequestConfig());execute = client.execute(httpGet);entity = execute.getEntity(); bytes = EntityUtils.toByteArray(entity);result = new String(bytes,"UTF-8");result = result.substring(result.indexOf("(")+1,result.indexOf(")"));log.info("yidun wuganzhi check result:"+result);dataMap.put("checkResult", result);//3.获取CN31加密串 objJSon = JSONObject.parseObject(result);dataJSon = objJSon.getJSONObject("data");boolean resultFlag = dataJSon.getBooleanValue("result");if(resultFlag){String validate = dataJSon.getString("validate");Map map = new HashMap();map.put("validate", validate);map.put("fp", URLDecoder.decode(fp));ResponseContent response = HttpHelper.postJsonEntity(getCn31StrUrl, JSONObject.toJSONString(map));String cn31Str = response.getContent();log.info("cn31Str:"+cn31Str);dataMap.put("cn31Str", cn31Str);}else{return new ResultModel("-1","校验失败");}resultModel.setData(dataMap);return resultModel;}/*** 获取滑块验证后的数据-滑块* @author bree* @param * @return*/public static ResultModel getHuaKuaiData(ProxyService proxyService) throws Exception{ResultModel resultModel = new ResultModel("0","处理成功");HttpClientWrapper hw = null;HttpGet httpGet = null;CloseableHttpResponse execute = null;Header[] headers = null;HttpEntity entity = null;byte[] bytes = null;String res = null;String result = null;hw = new HttpClientWrapper(5000,5000, 5000);CloseableHttpClient client = hw.getClient();//1.获取验证码String url = "https://c.dun.163.com/api/v2/get?referer=%s&zoneId=CN31&id=07e2387ab53a4d6f930b8d9a9be71bdf&fp=%s&https=true&type=2&version=2.16.0&dpr=1.25&dev=1&cb=%s&ipv6=false&runEnv=10&group=&scene=&lang=zh-CN&width=320&audio=false&token=&callback=%s";String fp = JiangsuTaxbureauUtil.getData(fpUrl);String cb = JiangsuTaxbureauUtil.getData(cbUrl);String callback = JiangsuTaxbureauUtil.getData(callbackUrl);String referer = "https%3A%2F%2Fdun.163.com%2Ftrial%2Fjigsaw";//如果网站应用了易盾,这里可能需要更改,这里是从官网测试的url = String.format(url, referer,fp,cb,callback);httpGet = new HttpGet(url);httpGet.setHeader("Host","c.dun.163.com");httpGet.setHeader("Referer","https://dun.163.com/");//如果网站应用了易盾,这里可能需要更改httpGet.setHeader("User-Agent","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36");httpGet.setHeader("Accept","*/*");httpGet.setHeader("Accept-Encoding","gzip, deflate, br");httpGet.setHeader("Accept-Language","zh-CN,zh;q=0.9");httpGet.setHeader("sec-ch-ua","\"Chromium\";v=\"92\", \" Not A;Brand\";v=\"99\", \"Google Chrome\";v=\"92\"");httpGet.setHeader("sec-ch-ua-mobile","?0");httpGet.setHeader("Sec-Fetch-Dest","script");httpGet.setHeader("Sec-Fetch-Mode","no-cors");httpGet.setHeader("Sec-Fetch-Site","same-site");httpGet.setConfig(hw.getRequestConfig());execute = client.execute(httpGet);entity = execute.getEntity(); bytes = EntityUtils.toByteArray(entity);result = new String(bytes,"UTF-8");if(StringUtils.isEmpty(result)){return new ResultModel("-1","获取滑块失败");}result = result.substring(result.indexOf("(")+1,result.indexOf(")"));log.info("yidun huakuai get yzm code:"+result);JSONObject objJSon = JSONObject.parseObject(result);JSONObject dataJSon = objJSon.getJSONObject("data");String bg = (String)dataJSon.getJSONArray("bg").get(0);//滑块背景图片String front = (String)dataJSon.getJSONArray("front").get(0);//缺口图片String token = dataJSon.getString("token");String type = dataJSon.getString("type");String zoneId = dataJSon.getString("zoneId");if(StringUtils.isEmpty(token)){return new ResultModel("-1","获取滑块失败");}log.info("yidun huakuai bg:"+bg); log.info("yidun huakuai front:"+front); log.info("yidun huakuai token:"+token);//2.获取配置url = "https://c.dun.163.com/api/v2/getconf?referer=%s&zoneId=&id=07e2387ab53a4d6f930b8d9a9be71bdf&ipv6=false&runEnv=10&type=2&loadVersion=2.2.3&callback=%s";callback = JiangsuTaxbureauUtil.getData(callbackUrl);url = String.format(url,referer,callback);httpGet = new HttpGet(url);httpGet.setHeader("Host","c.dun.163.com");httpGet.setHeader("Referer","https://dun.163.com/");//如果网站应用了易盾,这里可能需要更改httpGet.setHeader("User-Agent","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36");httpGet.setHeader("Accept","*/*");httpGet.setHeader("Accept-Encoding","gzip, deflate, br");httpGet.setHeader("Accept-Language","zh-CN,zh;q=0.9");httpGet.setHeader("sec-ch-ua","\"Chromium\";v=\"92\", \" Not A;Brand\";v=\"99\", \"Google Chrome\";v=\"92\"");httpGet.setHeader("sec-ch-ua-mobile","?0");httpGet.setHeader("Sec-Fetch-Dest","*/*");httpGet.setHeader("Sec-Fetch-Mode","no-cors");httpGet.setHeader("Sec-Fetch-Site","same-site");httpGet.setConfig(hw.getRequestConfig());execute = client.execute(httpGet);entity = execute.getEntity(); bytes = EntityUtils.toByteArray(entity);result = new String(bytes,"UTF-8");if(StringUtils.isEmpty(token)){return new ResultModel("-1","获取配置失败");}result = result.substring(result.indexOf("(")+1,result.indexOf(")"));log.info("yidun huakuai get config:"+result); objJSon = JSONObject.parseObject(result);dataJSon = objJSon.getJSONObject("data");JSONObject acJSon = dataJSon.getJSONObject("ac");String acToken = acJSon.getString("token");log.info("yidun huakuai acToken:"+acToken); //3.获取图片数据httpGet = new HttpGet(bg);httpGet.setConfig(hw.getRequestConfig());execute = client.execute(httpGet);entity = execute.getEntity(); bytes = EntityUtils.toByteArray(entity);String backImage = Base64Util.encode(bytes);httpGet = new HttpGet(front);httpGet.setConfig(hw.getRequestConfig());execute = client.execute(httpGet);entity = execute.getEntity(); bytes = EntityUtils.toByteArray(entity);String frontImage = Base64Util.encode(bytes);//4.识别图片String zuobiao = "";String guiji = "";zuobiao = iOcr.getX(backImage, frontImage);if(StringUtils.isEmpty(zuobiao)){return new ResultModel("-1","识别坐标失败");}log.info("yidun huakuai zuobiao:"+zuobiao); //5.获取轨迹String str = JiangsuTaxbureauUtil.getData(getTraceForHuakuaiUrl+zuobiao);JSONObject traceJson = JSONObject.parseObject(str);guiji = traceJson.getString("guiji");String zhZuobiao = traceJson.getString("zhZuobiao");//转换坐标log.info("yidun huakuai zhuanhuanhou zuobiao:"+zhZuobiao); log.info("yidun huakuai guiji:"+guiji); Thread.sleep(1000);//6.校验url = "https://c.dun.163.com/api/v2/check?referer=%s&zoneId=CN31&id=07e2387ab53a4d6f930b8d9a9be71bdf&token=%s&acToken=%s&data=%s&width=320&type=2&version=2.16.0&cb=%s&extraData=&bf=0&runEnv=10&callback=%s";cb = JiangsuTaxbureauUtil.getData(cbUrl);callback = JiangsuTaxbureauUtil.getData(callbackUrl);//String acToken = JiangsuTaxbureauUtil.getData("http://127.0.0.1:7002/yidun/yzm/getAcToken");String data = JiangsuTaxbureauUtil.getData(getDataForHuaKuaiUrl+"?guiji="+guiji+"&token="+token+"&zuobiao="+zuobiao);url = String.format(url, referer,token,acToken,data,cb,callback);log.info("yidun huakuai request url:"+url); httpGet = new HttpGet(url);httpGet.setHeader("Host","c.dun.163.com");httpGet.setHeader("Referer","https://dun.163.com/trial/jigsaw");httpGet.setHeader("User-Agent","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36");httpGet.setHeader("Accept","*/*");httpGet.setHeader("Accept-Encoding","gzip, deflate, br");httpGet.setHeader("Accept-Language","zh-CN,zh;q=0.9");httpGet.setHeader("sec-ch-ua","\"Chromium\";v=\"92\", \" Not A;Brand\";v=\"99\", \"Google Chrome\";v=\"92\"");httpGet.setHeader("sec-ch-ua-mobile","?0");httpGet.setHeader("Sec-Fetch-Dest","*/*");httpGet.setHeader("Sec-Fetch-Mode","no-cors");httpGet.setHeader("Sec-Fetch-Site","cross-site");httpGet.setHeader("Pragma","no-cache");httpGet.setConfig(hw.getRequestConfig());execute = client.execute(httpGet);entity = execute.getEntity(); bytes = EntityUtils.toByteArray(entity);result = new String(bytes,"UTF-8");log.info("yidun huakuai check result:"+result); result = result.substring(result.indexOf("(")+1,result.indexOf(")"));resultModel.setData(result);return resultModel;}public static String setCookie(String cookieStr,Header[] headers){for(Header header: headers){if("set-cookie".equals(header.getName().toLowerCase())){cookieStr += header.getValue() + "; ";}}return cookieStr;}
}
import java.io.FileOutputStream;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.UUID;import org.apache.commons.io.IOUtils;
import org.apache.http.Header;
import org.apache.http.HttpEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.util.EntityUtils;
import org.eclipse.jetty.util.StringUtil;
import org.springframework.util.StringUtils;import com.alibaba.fastjson.JSONObject;
import com.baidu.aip.util.Base64Util;import lombok.extern.log4j.Log4j;/*** version 2.19.1* 易盾-获取滑块验证后的数据* 1.获取图片的fp指纹参数存在浏览器环境校验,校验不过也会正常返回图片,但是会降低通过率,不到10%* 这点经过测试,初步判断是请求易盾携带头信息不全导致*/
@Log4j
public class YidunCheckUtil_2_21_3 {public static String userAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36";public static IOcr iOcr = new MachineOcr(); public static String getTrace(String zuobiao) throws Exception{//获取acTokenzuobiao = URLEncoder.encode(zuobiao);String signUrl = "http://127.0.0.1:5620/business-demo/invoke?action=getTrace&group=yidun&zuobiao="+zuobiao;ResponseContent response = HttpHelper.getUrlRespContent(signUrl);String content = response.getContent();JSONObject contentObj = JSONObject.parseObject(content);String trace = contentObj.getString("data");return trace;}public static String getAcToken() throws Exception{//获取acTokenString signUrl = "http://127.0.0.1:5620/business-demo/invoke?action=getAcToken&group=yidun";ResponseContent response = HttpHelper.getUrlRespContent(signUrl);String content = response.getContent();JSONObject contentObj = JSONObject.parseObject(content);String acToken = contentObj.getString("data");return acToken;}public static JSONObject getYzmParam() throws Exception{String signUrl = "http://127.0.0.1:5620/business-demo/invoke?action=getYzmParam&group=yidun";ResponseContent response = HttpHelper.getUrlRespContent(signUrl);String content = response.getContent();JSONObject contentObj = JSONObject.parseObject(content);return contentObj;}public static String getData(String zuobiao,String guiji,String token) throws Exception{String mgetDataUrl = "http://127.0.0.1:5620/business-demo/invoke?action=getData&guiji=%s&token=%s&zuobiao=%s&group=yidun";mgetDataUrl = mgetDataUrl.format(mgetDataUrl, URLEncoder.encode(guiji),token,URLEncoder.encode(zuobiao));ResponseContent response = HttpHelper.getUrlRespContent(mgetDataUrl);String data = response.getContent();JSONObject objJson = JSONObject.parseObject(data);JSONObject mObj = new JSONObject();mObj.put("d", objJson.get("d"));mObj.put("ext", objJson.get("ext"));mObj.put("m", objJson.get("m"));mObj.put("p", objJson.get("p"));data = URLEncoder.encode(mObj.toJSONString());return data;}/*** 获取滑块验证后的数据-点选* @author bree* @param * @return*/public static ResultModel getCheckData(ProxyService proxyService,List proxyList) throws Exception{ResultModel resultModel = new ResultModel("0","处理成功");boolean flag = false;TaxBureauContext context = new TaxBureauContext();byte[] bytes = null;context.hw = new HttpClientWrapper(5000,5000, 5000,"127.0.0.1",8888);CloseableHttpClient client = context.hw.getClient();context.httpClient = client;//1.获取验证码JSONObject contentObj = getYzmParam();String referer = "https%3A%2F%2Fetax.jiangsu.chinatax.gov.cn%2Fsso%2Flogin";String fp = URLEncoder.encode(contentObj.getString("fp"));String cb = URLEncoder.encode(contentObj.getString("cb"));String callback = contentObj.getString("callback");String acToken = getAcToken();String url = "https://c.dun.163.com/api/v3/get?referer=%s&zoneId=CN31&acToken=%s&id=1a623022803d4cbc86fa157ec267bb36&fp=%s&https=true&type=undefined&version=2.21.2&dpr=1&dev=1&cb=%s&ipv6=false&runEnv=10&group=&scene=&lang=zh-CN&sdkVersion=undefined&width=0&audio=false&sizeType=10&smsVersion=v2&token=%s&callback=%s";url = String.format(url, referer,acToken,fp,cb,"",callback);context.httpGet = new HttpGet(url);context.httpGet.setHeader("Host","c.dun.163.com");context.httpGet.setHeader("Referer","https://etax.jiangsu.chinatax.gov.cn/");context.httpGet.setHeader("sec-ch-ua","\"Chromium\";v=\"110\", \"Not A(Brand\";v=\"24\", \"Google Chrome\";v=\"110\"");context.httpGet.setHeader("sec-ch-ua-mobile","?0");context.httpGet.setHeader("sec-ch-ua-platform","\"Windows\"");context.httpGet.setHeader("Sec-Fetch-Dest","script");context.httpGet.setHeader("Sec-Fetch-Mode","no-cors");context.httpGet.setHeader("Sec-Fetch-Site","cross-site");context.httpGet.setHeader("User-Agent",userAgent); context.httpGet.setConfig(context.hw.getRequestConfig());context.execute = context.httpClient.execute(context.httpGet);Header[] headers = context.execute.getAllHeaders();context.httpEntity = context.execute.getEntity();context.byteArr = EntityUtils.toByteArray(context.httpEntity);String result = new String(context.byteArr,"utf-8");System.out.println("result:"+result);result = result.substring(result.indexOf("(")+1,result.indexOf(")"));JSONObject objJSon = JSONObject.parseObject(result);String msg = objJSon.getString("msg");if(!"ok".equals(msg)) {resultModel.setCode("-1");resultModel.setMessage("获取验证码失败");return resultModel;}JSONObject dataJSon = objJSon.getJSONObject("data");String bg = (String)dataJSon.getJSONArray("bg").get(0);//滑块图片String front = dataJSon.getString("front");//点选文本String token = dataJSon.getString("token");String type = dataJSon.getString("type");String zoneId = dataJSon.getString("zoneId");//2.获取图片数据context.httpGet = new HttpGet(bg);context.httpGet.setConfig(context.hw.getRequestConfig());context.execute = client.execute(context.httpGet);context.httpEntity = context.execute.getEntity(); bytes = EntityUtils.toByteArray(context.httpEntity);String zuobiao = "";String guiji = "";String baseImage = Base64Util.encode(bytes);if(StringUtils.isEmpty(baseImage)){resultModel.setCode("-1");resultModel.setMessage("获取验证码失败");return resultModel;}//3.识别图片TaxbureauConstants.setOcrUrl("http://monitor.taxservices.cn/");IOcr iOcr = new MachineOcr(); String orcData = iOcr.getCodeNormal(baseImage, front);if(StringUtil.isBlank(orcData) || orcData.indexOf("500 Internal Server") >= 0) {resultModel.setCode("-1");resultModel.setMessage("识别验证码失败");return resultModel;}JSONObject ocrJson = JSONObject.parseObject(orcData);zuobiao = ocrJson.getString("points");//guiji = ocrJson.getString("track");////调用自己的轨迹算法 测试发现自己的轨迹算法通过率高些guiji = getTrace(zuobiao);System.out.println("my guiji:"+guiji);if(StringUtils.isEmpty(zuobiao) || StringUtils.isEmpty(guiji)){resultModel.setCode("-1");resultModel.setMessage("识别验证码失败");return resultModel;}//4.校验滑块url = "https://c.dun.163.com/api/v3/check?referer=%s&zoneId=CN31&id=1a623022803d4cbc86fa157ec267bb36&token=%s&acToken=undefined&width=310&type=3&version=2.21.2&cb=%s&extraData=&bf=0&runEnv=10&sdkVersion=undefined&callback=%s";Thread.sleep(500);//故意让程序慢些,避免反爬contentObj = getYzmParam();cb = URLEncoder.encode(contentObj.getString("cb"));callback = contentObj.getString("callback");url = String.format(url, referer,token,cb,callback);String data = getData(zuobiao,guiji,token);log.info("YidunCheckUtil data:"+data);url = url +"&data="+data;log.info("YidunCheckUtil getCheckData url:"+url);context.httpGet = new HttpGet(url);context.httpGet.setHeader("Accept","*/*");context.httpGet.setHeader("Accept-Encoding","gzip, deflate, br");context.httpGet.setHeader("Accept-Language","zh-CN,zh;q=0.9");context.httpGet.setHeader("Cache-Control","no-cache");context.httpGet.setHeader("Connection","keep-alive");context.httpGet.setHeader("Pragma","no-cache");context.httpGet.setHeader("Host","c.dun.163.com");context.httpGet.setHeader("Referer","https://etax.jiangsu.chinatax.gov.cn/");context.httpGet.setHeader("sec-ch-ua","\"Chromium\";v=\"110\", \"Not A(Brand\";v=\"24\", \"Google Chrome\";v=\"110\"");context.httpGet.setHeader("sec-ch-ua-mobile","?0");context.httpGet.setHeader("sec-ch-ua-platform","\"Windows\"");context.httpGet.setHeader("Sec-Fetch-Dest","script");context.httpGet.setHeader("Sec-Fetch-Mode","no-cors");context.httpGet.setHeader("Sec-Fetch-Site","cross-site");context.httpGet.setHeader("Host","c.dun.163.com");context.httpGet.setHeader("User-Agent",userAgent);context.httpGet.setConfig(context.hw.getRequestConfig());context.execute = client.execute(context.httpGet);context.httpEntity = context.execute.getEntity(); bytes = EntityUtils.toByteArray(context.httpEntity);result = new String(bytes,"UTF-8");log.info("YidunCheckUtil getCheckData validate result:"+result);if(StringUtils.isEmpty(result)){resultModel.setCode("-1");resultModel.setMessage("校验验证码失败");return resultModel;}result = result.substring(result.indexOf("(")+1, result.indexOf(")"));JSONObject objJson = JSONObject.parseObject(result);JSONObject dataJson = objJson.getJSONObject("data");String validate = dataJson.getString("validate");if(StringUtils.isEmpty(validate)){resultModel.setCode("-1");resultModel.setMessage("校验验证码失败");return resultModel;}else {return resultModel;}}}
签名破解使用了补环境方式,采用VM2执行
var express = require('express');
var router = express.Router();var http = require('http');
var url = require('url'); var traceUtil = require('../tools/traceUtil'); var yidunUtil = require('../tools/yidunUtil');
var yidunWatchUtil = require('../tools/yidunWatchUtil'); var fs = require('fs');
const {VM,VMScript} = require('vm2');//npm install vm2const file = `${__dirname}/../src/runcode/yidun_huakuai-2.19.1.js`;//需要vm2执行的JS代码
const vm = new VM();
//使用VMScript可以调试,在调试代码中增加debugger即可
const script = new VMScript(fs.readFileSync(file),`${__dirname}.mycode.js`);router.get('/yzm/cb', function(request, response, next) {var rdata = url.parse(request.url,true).query; //获取参数var urlKey = rdata['urlKey'];vm.setGlobal('myfunType','cb');//入参传值vm.run(script);var cb = vm.getGlobal('myresult');//获取返回值// console.log('返回结果 cb:\n');// console.log(cb);cb = encodeURIComponent(cb);response.writeHead(200, {'Content-Type': 'application/json'});response.end(cb);
});router.get('/yzm/fp', function(request, response, next) {var rdata = url.parse(request.url,true).query; //获取参数var urlKey = rdata['urlKey'];vm.setGlobal('myfunType','fp');//入参传值vm.run(script);var fp = vm.getGlobal('myresult');//获取返回值// console.log('返回结果 fp:\n');// console.log(fp);fp = encodeURIComponent(fp);response.writeHead(200, {'Content-Type': 'application/json'});response.end(fp);
});router.get('/yzm/callback', function(request, response, next) {var rdata = url.parse(request.url,true).query; //获取参数var urlKey = rdata['urlKey'];vm.setGlobal('myfunType','callback');//入参传值vm.run(script);var callb = vm.getGlobal('myresult');//获取返回值// console.log('返回结果 callb:\n');//console.log(callb);callb = encodeURIComponent(callb);response.writeHead(200, {'Content-Type': 'application/json'});response.end(callb);
});router.get('/yzm/getM', function(request, response, next) {var rdata = url.parse(request.url,true).query; //获取参数var urlKey = rdata['urlKey'];//轨迹值var token = rdata['token'];vm.setGlobal('myfunType','getM');//入参传值vm.setGlobal('mytoken',token);vm.setGlobal('myguiji',urlKey);vm.run(script);var mOut = vm.getGlobal('myresult');//获取返回值// console.log('返回结果 mOut:\n');//console.log(mOut);mOut = encodeURIComponent(mOut);response.writeHead(200, {'Content-Type': 'application/json'});response.end(mOut);
});router.get('/yzm/getP', function(request, response, next) {var rdata = url.parse(request.url,true).query; //获取参数var urlKey = rdata['urlKey'];//3个坐标值var token = rdata['token'];vm.setGlobal('myfunType','getP');//入参传值vm.setGlobal('mytoken',token);vm.setGlobal('myzuobiao',urlKey);vm.run(script);var pOut = vm.getGlobal('myresult');//获取返回值// console.log('返回结果 pOut:\n');// console.log(pOut);pOut = encodeURIComponent(pOut);response.writeHead(200, {'Content-Type': 'application/json'});response.end(pOut);
});router.get('/yzm/getExt', function(request, response, next) {var rdata = url.parse(request.url,true).query; //获取参数var urlKey = rdata['urlKey'];//轨迹值var token = rdata['token'];vm.setGlobal('myfunType','getExt');//入参传值vm.setGlobal('mytoken',token);vm.setGlobal('myguiji',urlKey);vm.run(script);var extOut = vm.getGlobal('myresult');//获取返回值// console.log('返回结果 extOut:\n');
// console.log(extOut);extOut = encodeURIComponent(extOut);response.writeHead(200, {'Content-Type': 'application/json'});response.end(extOut);
});router.get('/yzm/getAcToken', function(request, response, next) {var rdata = url.parse(request.url,true).query; //获取参数var urlKey = rdata['urlKey'];//轨迹值var token = rdata['token'];vm.setGlobal('myfunType','getAcToken');//入参传值vm.run(script);var acToken = vm.getGlobal('myresult');//获取返回值// console.log('返回结果 acToken:\n');// console.log(acToken);acToken = encodeURIComponent(acToken);response.writeHead(200, {'Content-Type': 'application/json'});response.end(acToken);
});router.get('/yzm/getTrace', function(request, response, next) {var rdata = url.parse(request.url,true).query; //获取参数var urlKey = rdata['urlKey'];//3个坐标值var trace = traceUtil.getTrace(urlKey);//获取返回值// console.log('返回结果 trace:\n');// console.log(trace);response.writeHead(200, {'Content-Type': 'application/json'});response.end(trace);
});router.get('/yzm/getTraceForWgz', function(request, response, next) {var rdata = url.parse(request.url,true).query; //获取参数//var urlKey = rdata['urlKey'];//1个坐标值var trace = traceUtil.getTraceForWgz();//获取返回值// console.log('返回结果 trace:\n');// console.log(trace);response.writeHead(200, {'Content-Type': 'application/json'});response.end(JSON.stringify(trace));
});//获取滑块轨迹
router.get('/yzm/getTraceForHuakuai', function(request, response, next) {var rdata = url.parse(request.url,true).query; //获取参数var zuobiao = rdata['zuobiao'];//1个坐标值var trace = traceUtil.getTraceForHuakuai(zuobiao);//获取返回值// console.log('返回结果 trace:\n');// console.log(trace);response.writeHead(200, {'Content-Type': 'application/json'});response.end(JSON.stringify(trace));
});router.get('/yzm/getData', function(request, response, next) {var rdata = url.parse(request.url,true).query; //获取参数var guiji = rdata['guiji'];//轨迹值var token = rdata['token'];var zuobiao = rdata['zuobiao'];vm.setGlobal('myfunType','getData');//入参传值vm.setGlobal('mytoken',token);vm.setGlobal('myguiji',guiji);vm.setGlobal('myzuobiao',zuobiao);vm.run(script);var dataOut = vm.getGlobal('myresult');//获取返回值// console.log('返回结果 dataOut:\n');// console.log(dataOut);response.writeHead(200, {'Content-Type': 'application/json'});response.end(dataOut);
});
//无感知调用这个,只有ext参数中传输的坐标点数量不同,传1,点选传3
router.get('/yzm/getDataForWgz', function(request, response, next) {var rdata = url.parse(request.url,true).query; //获取参数var guiji = rdata['guiji'];//轨迹值var token = rdata['token'];var zuobiao = rdata['zuobiao'];vm.setGlobal('myfunType','getDataForWgz');//入参传值vm.setGlobal('mytoken',token);vm.setGlobal('myguiji',guiji);vm.setGlobal('myzuobiao',zuobiao);vm.run(script);var dataOut = vm.getGlobal('myresult');//获取返回值//console.log('返回结果 dataOut:\n');// console.log(dataOut);response.writeHead(200, {'Content-Type': 'application/json'});response.end(dataOut);
});//滑块调用这个,只有ext参数中传输的坐标点数量不同,传1,点选传3
router.get('/yzm/getDataForHuakuai', function(request, response, next) {var rdata = url.parse(request.url,true).query; //获取参数var guiji = rdata['guiji'];//轨迹值var token = rdata['token'];var zuobiao = rdata['zuobiao'];vm.setGlobal('myfunType','getDataForHuakuai');//入参传值vm.setGlobal('mytoken',token);vm.setGlobal('myguiji',guiji);vm.setGlobal('myzuobiao',zuobiao);vm.run(script);var dataOut = vm.getGlobal('myresult');//获取返回值// console.log('返回结果 dataOut:\n');// console.log(dataOut);response.writeHead(200, {'Content-Type': 'application/json'});response.end(dataOut);
});//无感知获取CN31加密串
router.post('/yzm/getCn31Str', function(request, response, next) {var validate = request.body.validate;var fp = request.body.fp;vm.setGlobal('myfunType','getCn31Str');//入参传值vm.setGlobal('wgz_validate',validate);vm.setGlobal('wgz_fp',fp);vm.run(script);var dataOut = vm.getGlobal('myresult');//获取返回值// console.log('返回结果 dataOut:\n');// console.log(dataOut);response.writeHead(200, {'Content-Type': 'application/json'});response.end(dataOut);});router.post('/yzm/getYzmParam', function(request, response, next) {//var validate = request.body.validate;var WM_DID = request.body.WM_DID;var result = {};result = yidunUtil.getYzmParam(WM_DID);response.writeHead(200, {'Content-Type': 'application/json'});response.end(JSON.stringify(result));});router.post('/yzm/getCbByV3D', function(request, response, next) {//var validate = request.body.validate;//var fp = request.body.fp;var result = {};result = yidunWatchUtil.getCbByV3D();response.writeHead(200, {'Content-Type': 'application/json'});response.end(JSON.stringify(result));});router.post('/yzm/getDByV3D', function(request, response, next) {var objJson = request.body.objJson;var result = {};result = yidunWatchUtil.getDByV3D(objJson);response.writeHead(200, {'Content-Type': 'application/json'});response.end(JSON.stringify(result));});router.post('/yzm/getData/new', function(request, response, next) {var guiji = request.body.guiji;var token = request.body.token;var zuobiao = request.body.zuobiao;var data = yidunUtil.getData(token,zuobiao,guiji);var res = JSON.stringify(data);res = encodeURIComponent(res);response.writeHead(200, {'Content-Type': 'application/json'});response.end(res);
});router.post('/yzm/getAcTokenWatch', function(request, response, next) {//var validate = request.body.validate;var WM_DID = request.body.WM_DID;var result = {};result = yidunWatchUtil.getAcToken(WM_DID);response.writeHead(200, {'Content-Type': 'application/json'});response.end(JSON.stringify(result));});module.exports = router;
补环境是在志远框架上进行了补充编写的。调用的服务层是自己编写。
如有问题,或者需要补环境改进版,请私信!
xObP8s/gudi/zrPMoaJKU7K5u7e+s7/Os8yhokpBVkHP4LnYv86zzMjn0OjSqtKyv8nS1MGqz7VRUaGjDQoNCtf31d8gUVEgNDA0NTQwMjI5纯技术交流,请勿用于非法用途,如有权益问题可以发私信联系我删除.
本文来自互联网用户投稿,文章观点仅代表作者本人,不代表本站立场,不承担相关法律责任。如若转载,请注明出处。 如若内容造成侵权/违法违规/事实不符,请点击【内容举报】进行投诉反馈!