代码收藏家技术教程 2024-08-22

2024.07.17百度旋转验证码协议分析(python纯算法)

目的：学习一下大厂js算法

接口调用位置：bd站长工具提交收录

先看结果

接口分析：

1.拉取验证码接口：cap/style

ak、tk2个参数可能是加密生成，

ak静态页面写死的。猜测是用于区分接口调用来源。

我习惯触发接口前清空网络请求列表，所以tk参数搜索没有搜到。

单步调式了一下。发现是读取的接口的返回值，由init接口返回。

"tk": "5189HXyp3xmZLSqXoijKAJxe/qe3ocyVykP45WrCKc9x4L4VIMLyv1W/+G+OMThzACPoMfJ9peZRb94pYtcMA67sPbRMAakOVrZFHWOniqy2At2BFzZ7rBgDesS0zYoucky2aSMaqOMQSG6oDc9H0I/SO+25xsRDLW/Ebm9+bb4vflE=",
"as": "63c4261c",

2.分析验证接口

_: 2024-07-17T09:42:14.681Z
refer: https://ziyuan.baidu.com/linksubmit/index
ak: ecufIZkFOt4DBhoSHZDu3qWRqrP3kZRf
as: 63c4261c
scene: search
tk: 5189HXyp3xmZLSqXoijKAJxe/qe3ocyVykP45WrCKc9x4L4VIMLyv1W/+G+OMThzACPoMfJ9peZRb94pYtcMA67sPbRMAakOVrZFHWOniqy2At2BFzZ7rBgDesS0zYoucky2aSMaqOMQSG6oDc9H0I/SO+25xsRDLW/Ebm9+bb4vflE=
ver: 2
cv: submit
typeid: spin-0
fuid: FOCoIC3q5fKa
fs: guqeBcPx6GJ9KdoGEfNotVbUovP7mORGFiZKLHBt60QdcMr+Pv3v7xN1u6vdsO7EenBia8+mQ57+0cCZ7OFt0OR2Zz5PdBtWJc7ySoULJoAO

解决fuid和fs即可

2.1 fuid:搜索一下很好找

进入U函数：AES-ECB-128-PKCS7

#python实现对应算法
key="FfdsnvsootJmvNfl"
def AES_ECB_ENCRYPT(data,key):
    cipher = AES.new(key, AES.MODE_ECB)
    ciphertext = cipher.encrypt(pad(data, AES.block_size))
    ciphertext_base64 = base64.b64encode(ciphertext).decode('utf-8')
    print(ciphertext_base64)
    return ciphertext_base64

2.2 fs生成逻辑：

AES-ECB-128 注意填充模式

key的位置：

    #python还原上面逻辑
    if as1[-1] in ["A","B","C","D","E","F","G","a","b","c","d","e","f","g"]:
       k = hashlib.md5(f"{as1}appsapi2".encode('utf-8')).hexdigest()

    elif as1[-1] in ["5","6","7","8","9"]:
        k = keccak.new(digest_bits=512)
        k.update(f"{as1}appsapi2".encode('utf-8'))
        k = k.hexdigest()
    elif as1[-1] in ['0', '1', '2', '3', '4']:
        k = keccak.new(digest_bits=256)
        k.update(f"{as1}appsapi2".encode('utf-8'))
        k = k.hexdigest()
    else:
        raise Exception("未知加密方式")

    newkey = k[0:16]

python还原fs生成算法