西柚校园网之python模拟登录

最近爱上了爬虫，学会了抓网易云加密的评论后对校园网的MD5加密有点感兴趣，于是开始操作，首先是

登录界面http://172.16.245.50/

密码输入123456，此时按下F12，点击登录，然后会提示密码错误，没关系，包已经抓到了，点开网络，看到有两个包

• 第一个GET

• 第二个GET

参数很多，仔细观察可以知道，password和chksum和info是被加密的

 接下来，进入源码看看是如何加密的，搜索password

password直接用的是拼接，ok，那么下一步就是搜索hmd5

 ok，这就是password的加密过程，接下来是搜索chksum

 可以看到，将token和username进行拼接后再进行sha1加密，就可以得到chksum，接下来搜索info

这个稍显复杂，要先将数据转为字符串再进行 xEncode加密，然后再进行base64加密就可以得到i

了，然后info就出来了，接下来就是几种加密方式

base64（all.min.js）

 xEncode

下面是部分代码供参考。 

# Base64 加密算法
_PADCHAR = "="
_ALPHA = "LVoJPiCN2R8G90yg+hmFHuacZ1OWMnrsSTXkYpUq/3dlbfKwv6xztjI7DeBE45QA"def _getbyte(s, i):x = ord(s[i])if x > 255:print("INVALID_CHARACTER_ERR: DOM Exception 5")exit(0)return xdef get_base64(s):i = 0b10 = 0x = []imax = len(s) - len(s) % 3if len(s) == 0:return swhile i < imax:b10 = (_getbyte(s, i) << 16) | (_getbyte(s, i + 1) << 8) | _getbyte(s, i + 2)x.append(_ALPHA[(b10 >> 18)])x.append(_ALPHA[((b10 >> 12) & 63)])x.append(_ALPHA[((b10 >> 6) & 63)])x.append(_ALPHA[(b10 & 63)])i += 3if len(s) - imax == 1:b10 = _getbyte(s, i) << 16x.append(_ALPHA[(b10 >> 18)] + _ALPHA[((b10 >> 12) & 63)] + _PADCHAR + _PADCHAR)elif len(s) - imax == 2:b10 = (_getbyte(s, i) << 16) | (_getbyte(s, i + 1) << 8)x.append(_ALPHA[(b10 >> 18)] + _ALPHA[((b10 >> 12) & 63)] + _ALPHA[((b10 >> 6) & 63)] + _PADCHAR)return "".join(x)# Xencode 加密算法
def force(msg):ret = []for w in msg:ret.append(ord(w))return bytes(ret)def ordat(msg, idx):if len(msg) > idx:return ord(msg[idx])return 0def sencode(msg, key):l = len(msg)pwd = []for i in range(0, l, 4):pwd.append(ordat(msg, i) | ordat(msg, i + 1) << 8 | ordat(msg, i + 2) << 16| ordat(msg, i + 3) << 24)if key:pwd.append(l)return pwddef lencode(msg, key):l = len(msg)ll = (l - 1) << 2if key:m = msg[l - 1]if m < ll - 3 or m > ll:returnll = mfor i in range(0, l):msg[i] = chr(msg[i] & 0xff) + chr(msg[i] >> 8 & 0xff) + chr(msg[i] >> 16 & 0xff) + chr(msg[i] >> 24 & 0xff)if key:return "".join(msg)[0:ll]return "".join(msg)def get_xencode(msg, key):if msg == "":return ""pwd = sencode(msg, True)pwdk = sencode(key, False)if len(pwdk) < 4:pwdk = pwdk + [0] * (4 - len(pwdk))n = len(pwd) - 1z = pwd[n]y = pwd[0]c = 0x86014019 | 0x183639A0m = 0e = 0p = 0q = math.floor(6 + 52 / (n + 1))d = 0while 0 < q:d = d + c & (0x8CE0D9BF | 0x731F2640)e = d >> 2 & 3p = 0while p < n:y = pwd[p + 1]m = z >> 5 ^ y << 2m = m + ((y >> 3 ^ z << 4) ^ (d ^ y))m = m + (pwdk[(p & 3) ^ e] ^ z)pwd[p] = pwd[p] + m & (0xEFB8D130 | 0x10472ECF)z = pwd[p]p = p + 1y = pwd[0]m = z >> 5 ^ y << 2m = m + ((y >> 3 ^ z << 4) ^ (d ^ y))m = m + (pwdk[(p & 3) ^ e] ^ z)pwd[n] = pwd[n] + m & (0xBB390742 | 0x44C6F8BD)z = pwd[n]q = q - 1return lencode(pwd, False)# md5加密算法
def get_md5(password, token):return hmac.new(token.encode(), password.encode(), hashlib.md5).hexdigest()# sha1加密算法
def get_sha1(value):return hashlib.sha1(value.encode()).hexdigest()

def get_info():info_temp = {"username": username,"password": password,"ip": ip,"acid": ac_id,"enc_ver": enc}i = re.sub("'", '"', str(info_temp))i = re.sub(" ", '', i)return idef get_ip():global iphost_name = socket.gethostname()ip = socket.gethostbyname(host_name)def encrypt():global i, hmd5, chksumi = get_info()i = "{SRBX1}" + get_base64(get_xencode(i, token))hmd5 = get_md5(password, token)chksum = get_sha1(get_chksum())print("---加密完成---")