2024.07.17百度旋转验证码协议分析(python纯算法)
目的:学习一下大厂js算法
接口调用位置:bd站长工具提交收录
先看结果
接口分析:
1.拉取验证码接口:cap/style
ak、tk2个参数可能是加密生成,
ak静态页面写死的。猜测是用于区分接口调用来源。
我习惯触发接口前清空网络请求列表,所以tk参数搜索没有搜到。
单步调式了一下。发现是读取的接口的返回值,由init接口返回。
"tk": "5189HXyp3xmZLSqXoijKAJxe/qe3ocyVykP45WrCKc9x4L4VIMLyv1W/+G+OMThzACPoMfJ9peZRb94pYtcMA67sPbRMAakOVrZFHWOniqy2At2BFzZ7rBgDesS0zYoucky2aSMaqOMQSG6oDc9H0I/SO+25xsRDLW/Ebm9+bb4vflE=",
"as": "63c4261c",
2.分析验证接口
_: 2024-07-17T09:42:14.681Z
refer: https://ziyuan.baidu.com/linksubmit/index
ak: ecufIZkFOt4DBhoSHZDu3qWRqrP3kZRf
as: 63c4261c
scene: search
tk: 5189HXyp3xmZLSqXoijKAJxe/qe3ocyVykP45WrCKc9x4L4VIMLyv1W/+G+OMThzACPoMfJ9peZRb94pYtcMA67sPbRMAakOVrZFHWOniqy2At2BFzZ7rBgDesS0zYoucky2aSMaqOMQSG6oDc9H0I/SO+25xsRDLW/Ebm9+bb4vflE=
ver: 2
cv: submit
typeid: spin-0
fuid: FOCoIC3q5fKa
fs: guqeBcPx6GJ9KdoGEfNotVbUovP7mORGFiZKLHBt60QdcMr+Pv3v7xN1u6vdsO7EenBia8+mQ57+0cCZ7OFt0OR2Zz5PdBtWJc7ySoULJoAO
解决fuid和fs即可
2.1 fuid:搜索一下很好找
进入U函数:AES-ECB-128-PKCS7
#python实现对应算法
key="FfdsnvsootJmvNfl"
def AES_ECB_ENCRYPT(data,key):
cipher = AES.new(key, AES.MODE_ECB)
ciphertext = cipher.encrypt(pad(data, AES.block_size))
ciphertext_base64 = base64.b64encode(ciphertext).decode('utf-8')
print(ciphertext_base64)
return ciphertext_base64
2.2 fs生成逻辑:
AES-ECB-128 注意填充模式
key的位置:
#python还原上面逻辑
if as1[-1] in ["A","B","C","D","E","F","G","a","b","c","d","e","f","g"]:
k = hashlib.md5(f"{as1}appsapi2".encode('utf-8')).hexdigest()
elif as1[-1] in ["5","6","7","8","9"]:
k = keccak.new(digest_bits=512)
k.update(f"{as1}appsapi2".encode('utf-8'))
k = k.hexdigest()
elif as1[-1] in ['0', '1', '2', '3', '4']:
k = keccak.new(digest_bits=256)
k.update(f"{as1}appsapi2".encode('utf-8'))
k = k.hexdigest()
else:
raise Exception("未知加密方式")
newkey = k[0:16]
python还原fs生成算法
3.提交验证结果
想要源码的留言吧(纯python实现 没有扣js)
作者:qqq413104200