某个视频软件,我拿到最初的版本是有各类防护的(检测root,代理,抓包)
但是在网上找到一个版本好像都给干掉了,下面是用来刷vip的
ai
from hashlib import md5
import time
import requests
from Crypto.Cipher import AES
from Crypto.Util.Padding import pad, unpad
import base64,json
import random
MODE = AES.MODE_ECB
PAD_STYLE = 'pkcs7'
ENCODING = 'UTF-8'
key='l8N2iooyp07M9IWa'
url='http://apichlove.com'
def encrypt(plaintext: str, key: str) -> str:
key_bytes = key.encode(ENCODING)
cipher = AES.new(key_bytes, MODE)
plaintext_bytes = plaintext.encode(ENCODING)
plaintext_bytes_padded = pad(plaintext_bytes, AES.block_size, PAD_STYLE)
ciphertext_bytes = cipher.encrypt(plaintext_bytes_padded)
ciphertext_base64_bytes = base64.b64encode(ciphertext_bytes)
ciphertext = ciphertext_base64_bytes.decode(ENCODING)
return ciphertext
def decrypt(ciphertext: str, key: str) -> str:
key_bytes = key.encode(ENCODING)
decrypter = AES.new(key_bytes, MODE)
ciphertext_base64_bytes = ciphertext.encode(ENCODING)
ciphertext_bytes = base64.b64decode(ciphertext_base64_bytes)
plaintext_bytes_padded = decrypter.decrypt(ciphertext_bytes)
plaintext_bytes = unpad(plaintext_bytes_padded, AES.block_size, PAD_STYLE)
plaintext = plaintext_bytes.decode(ENCODING)
return plaintext
def x_t(url):
a = []
b = []
# url = 'app/api/auth/login/device'
v1 = str(int(time.time()))
v2 = md5(v1.encode()).hexdigest()[:8]
a.append('md5')
a.append(key)
a.append(v1)
a.append(v2)
a.append(url)
v3 = '|'.join(a)
v3 = md5(v3.encode()).hexdigest()
b.append('md5')
b.append(v1)
b.append(v2)
b.append(v3)
return '|'.join(b)
def getRandom(randomlength=16):
digits='0123456789'
ascii_letters='abcdefghigklmnopqrstuvwxyz'
str_list =[random.choice(digits +ascii_letters) for i in range(randomlength)]
random_str =''.join(str_list)
return random_str
def Token():
device_id='b2ad30fc-0301-3d50-a97f-'+getRandom(12)
data = json.dumps({"channel": "", "code": "", "device_no": device_id,"device_type": "A", "version": "1.0.0"})
data={'data':encrypt(data,key),'handshake':'v20200429'}
header = {'X-JSL-API-AUTH': x_t('/app/api/auth/login/device')}
result = requests.post(url+'/app/api/auth/login/device', json=data, headers=header).json()
msg=decrypt(result['data'],key)
# print(msg)
return json.loads(msg)['auth']['token'],device_id
def x_token(device_id,token):
Json=json.dumps({"device_no":device_id,"device_type":"A","token":token,"version":"1.0.0"})
return encrypt(Json,key)
def parent(code):
token,device_id=Token()
data={'data':encrypt(json.dumps({'code':code}),key),'handshake':'v20200429'}
header={'X-JSL-API-AUTH':x_t('/app/api/user/bindcode'),'X-TOKEN':x_token(device_id=device_id,token=token)}
result=requests.post(url+'/app/api/user/bindcode',json=data,headers=header).json()
print(result)
print(decrypt(result['data'],key))
header['X-JSL-API-AUTH']=x_t('/app/api/user/info')
# 你的X-TOKEN
# header['X-TOKEN']='4LJnAngoza8TZIz2otKTe52PhqbrW8GULUYVUu87AjDKzXQWPzNCDiHTohcbTWRcJ5V+mdgxrLVskUbLae90njTJJk4bG8tqYcgDX/fhwwG0VkkB11CY0wLhlxPfSkfMSlqmArvVTbrJ7UiydzotGh9nUHVrBqxMbDy9+iuhq9pFmucuV1SRKd/1pGxDNI0UX9nA5mpYMfYih0N/vR3A6+AdHQASRqBpeXSfMj3M7fHY/5W4fj0esNHkw93KjsnWM2FJWdNCYrkZC3tHWipUqKTk7zvbx20zaWo/c78VuePh8OeiCV2Htt9ah8+MNvAu+o6TERNF13aavGJkxeptaZs/+PFbBa397NVD4zQ28QDhkuOthPwHbpvOL/cWm9rjoL7TH7BdKGqjbYzHTvUnpWHQtJhGTPXRdNdSklDv4UDW/nsKTVVcv1LQAU1Oo5EnMwfZF2wmTtIRMRTPIi9zYFVhTYlJeFroe2fWrl8H9afzxz+fP+tm5aGSa7Ll0RBitPmN364On3xaWrRIiYGvfYsqckb6+BRQyDMXI+nHUMOAR2EcT6U3BMUCN5VJnkX8atWL76jdqPlFZzS9zyo5yaeiNLnQzVYm9wxNPuzb9ZMgvRQ4TnXfBGE5t8BiE4jAPJczvQhvWseHNy3M3wCd5b7CavKAVznoovCoLaqJpRX+bOWnttUWMLqdYxBnweL3'
# result=requests.post(url+'/app/api/user/info',data='{"handshake":"v20200429"}',headers=header).json()
# print(json.loads(decrypt(result['data'],key))['vip_expired'])
# 邀请码
for i in range(5):
parent('RWK6IF')
mls
api/user/traveler
JhbGciOiJIUzI1Ni
{"p":"9EYS4F"}
逆向过程