芒果TV登录加密分析

本文主要是介绍芒果TV登录加密分析，希望对大家解决编程问题提供一定的参考价值，需要的开发者们随着小编来一起学习吧！

芒果TV(h5)登录加密分析

此内容更新时间: 2024/01/21, 芒果TV Web[H5]端登录分析

一、抓个包

很直观的参数~舒服

二、侦查它

参数	值	说明
invoker	msite	不管它
username	13888888888	手机号
password	84ca49******4a3d	密码加密
pwdType	1	密码类型
smscode	86	不管它
sign	41e168a185add482c71277cca9bcb0c8	签名令牌
abroad	0	不管它
deviceid	9f2f10de-093d-4079-ae9d-bc5eeedf5d26	设备id
captcha		图形验证码

2.1 拷问`deviceid`

2.1.1 算法定位

没有混淆, 直接搜deviceid 下断

deviceid_1

看看Q.gL是什么东西

deviceid_2

再看看o.eP

deviceid_3

继续往前找

deviceid_4

没啥, 若是 cookie或localstorage 存在mg_uuid这玩意儿,直接从这两个口袋里偷

首次运行肯定不存在, 所以回到Q.gL

var r = n(6835)
, i = n(7632)
, o = n(4767);
function s() {try {var t = (0,o.eP)("mg_uuid");return t || (t = (0,i.Z)(),(0,o.d8)("mg_uuid", t, 9e3, ".mgtv.com")),t} catch (e) {return ""}
}

如果o.eP()未能取到值, 则调用i.Z()来取值, o.d8()很明显就是保存了

看看i.Z() 如上代码, 这里的i导入了7632模块

deviceid_5

单纯的生成随机uuid

2.1.2 算法实现

import uuidmg_uuid = str(uuid.uuid4())
deviceid = mg_uuid

2.2 拷问`password`

2.2.1 算法定位

小玩意儿就是好

password_1

进入c看看是啥

password_2

这小东西好像还是个RSA加密, 没啥需要注意的, 就是拼接了时间戳和随机数之后进行加密, 如:

17058489040.112442429301682361705848904170123456

直接抠代码了

function c(t) {return y(131), t = function () {var t = String(Date.parse(new Date)).substring(0, 10),e = String(Math.random()),n = String(e + t + t + e).substring(0, 32);return t + n}() + t,function (t, e) {var n = [],r = e.length,i = 0;for (; i < r;) n[i] = e.charCodeAt(i), i++;for (; n.length % t.chunkSize != 0;) n[i++] = 0;var o, s, a, u = n.length,c = "";for (i = 0; i < u; i += t.chunkSize) {for (a = new m, o = 0, s = i; s < i + t.chunkSize; ++o) a.digits[o] = n[s++], a.digits[o] += n[s++] << 8;var f = t.barrett.powMod(a, t.e),l = 16 == t.radix ? k(f) : S(f, t.radix);c += "".concat(l, " ")}return c.substring(0, c.length - 1)}(new f("10001", "", "A5245A4630DD7CE9D8A967E33A50EB52C2634FD042C4BFBCF5A5C1317A234FD0D1D2C75D083946AF70CE480C399FAD8EEBE9F5A904F30E4D3C91CDD7C27C4D07E27015D46B29A003E9D49834E19041A7BA45A95E6161697975721E88949E8023DA682895086223683593F054E7AAE0E07C40DB33BD80EE5909CE48D17C07D097"), t)
}function f(t, e, n) {this.e = j(t), this.d = j(e), this.m = j(n), this.chunkSize = 2 * I(this.m), this.radix = 16, this.barrett = new V(this.m)
}
var l, p, h, d = 16,g = 65536,v = 65535;function y(t) {l = new Array(t);for (var e = 0; e < l.length; e++) l[e] = 0;p = new m, (h = new m).digits[0] = 1
}
y(20);
w(1e15);function m(t) {this.digits = "boolean" === typeof t && 1 == t ? null : l.slice(0), this.isNeg = !1
}function b(t) {var e = new m(!0);return e.digits = t.digits.slice(0), e.isNeg = t.isNeg, e
}function w(t) {var e = new m;e.isNeg = t < 0, t = Math.abs(t);for (var n = 0; t > 0;) e.digits[n++] = t & v, t = Math.floor(t / g);return e
}function _