调用博主最近登录时间
生活中的HYGGE
学习通学号登录简析

学习通学号登录简析

hygge
2022-10-29 / 3 评论 / 564 阅读 / 正在检测是否收录...

抓包分析

l9t9np1x.png

序号参数名描述
1fid学校ID
2uname加密后的学号
3password加密后的密码
4numcode验证码

除了这几个参数是变动的外,其他的都可以保持原样。

判断一下学号和密码的加密特征

0QgUbMUJj2usHikiqtb8HQ==

22个字符加上两个等号 大概可能为..AES加密

直接搜索请求的路径:/unitlogin,定位到login.js文件

l9t9sxhc.png

向上翻找一下

// 对学号和密码进行加密
if(t == "true"){
    let transferKey = "u2oh6Vu^HWe4_AES";
    password = encryptByAES(password, transferKey);
    uname = encryptByAES(uname, transferKey);
}

// 使用的加密方法
function encryptByAES(message, key){
    let CBCOptions = {
        iv: CryptoJS.enc.Utf8.parse(key),
        mode:CryptoJS.mode.CBC,
        padding: CryptoJS.pad.Pkcs7
    };
    let aeskey = CryptoJS.enc.Utf8.parse(key);
    let secretData = CryptoJS.enc.Utf8.parse(message);
    let encrypted = CryptoJS.AES.encrypt(
        secretData,
        aeskey,
        CBCOptions
    );
    return CryptoJS.enc.Base64.stringify(encrypted.ciphertext);
}

这里就很明显了
学号和密码的加密方式都是采用 AES 加密
加密模式为CBC
key为:u2oh6Vu^HWe4_AES

chsarp中复现

请求体处理,需要对学号和密码加密后的文本进行URL编码:

string requestBody = $"pid=-1&fid={schoolId}&uname={HttpUtility.UrlEncode(AESHelper.AesEncrypt(sn))}&numcode={verify}&password={HttpUtility.UrlEncode(AESHelper.AesEncrypt(password))}&refer=http%253A%252F%252Fi.chaoxing.com&t=true&hidecompletephone=0&doubleFactorLogin=0&independentId=0";

AES加密工具类:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Cryptography;
using System.Text;
using System.Threading.Tasks;

namespace OnlineCourseToolKit.Utils
{
    /// <summary>
    /// AES加密解密 助手类
    /// CBC加密模式
    /// </summary>
    public class AESHelper
    {
        /// <summary>
        /// 默认密钥-长度32位
        /// </summary>
        private const string Key = "u2oh6Vu^HWe4_AES";

        /// <summary>
        /// 默认向量-长度16位
        /// </summary>
        private const string Iv = "u2oh6Vu^HWe4_AES";


        /// <summary>  
        /// AES加密  
        /// </summary>  
        /// <param name="str">需要加密字符串</param>  
        /// <returns>加密后字符串</returns> 
        public static string AesEncrypt(string str)
        {
            return Encrypt(str, Key);
        }

        /// <summary>  
        /// AES解密  
        /// </summary>  
        /// <param name="str">需要解密字符串</param>  
        /// <returns>解密后字符串</returns>  
        public static string AesDecrypt(string str)
        {
            return Decrypt(str, Key);
        }


        /// <summary>
        ///  AES 加密
        /// </summary>
        /// <param name="str">明文(待加密)</param>
        /// <param name="key">密文</param>
        /// <returns></returns>
        private static string Encrypt(string str, string key)
        {
            if (string.IsNullOrEmpty(str)) return null;
            Byte[] toEncryptArray = Encoding.UTF8.GetBytes(str);

            RijndaelManaged rm = new RijndaelManaged
            {
                Key = Encoding.UTF8.GetBytes(key),
                Mode = CipherMode.CBC,
                Padding = PaddingMode.PKCS7,
                IV = Encoding.UTF8.GetBytes(Iv)
            };

            ICryptoTransform cTransform = rm.CreateEncryptor();
            Byte[] resultArray = cTransform.TransformFinalBlock(toEncryptArray, 0, toEncryptArray.Length);

            return Convert.ToBase64String(resultArray, 0, resultArray.Length);
        }
        /// <summary>
        ///  AES 解密
        /// </summary>
        /// <param name="str">明文(待解密)</param>
        /// <param name="key">密文</param>
        /// <returns></returns>
        private static string Decrypt(string str, string key)
        {
            if (string.IsNullOrEmpty(str)) return null;
            Byte[] toEncryptArray = Convert.FromBase64String(str);

            RijndaelManaged rm = new RijndaelManaged
            {
                Key = Encoding.UTF8.GetBytes(key),
                Mode = CipherMode.ECB,
                Padding = PaddingMode.PKCS7,
                IV = Encoding.UTF8.GetBytes(Iv)
            };

            ICryptoTransform cTransform = rm.CreateDecryptor();
            Byte[] resultArray = cTransform.TransformFinalBlock(toEncryptArray, 0, toEncryptArray.Length);

            return Encoding.UTF8.GetString(resultArray);
        }
    }
}
2

评论 (3)

取消
  1. 头像
    yj
      Windows 10 x64 Edition Windows 10 x64 Edition  /  Google Chrome 95.0.4638.69 Google Chrome 95.0.4638.69

    dalao

    回复
  2. 头像
    无知的小白
      Windows 10 x64 Edition Windows 10 x64 Edition  /  Google Chrome 94.0.4606.71 Google Chrome 94.0.4606.71

    看不懂,大佬能写一遍不

    回复
    1. 头像
      hygge 作者
        Android 12 Android 12  /  Google Chrome 107.0.0.0 Google Chrome 107.0.0.0
      @ 无知的小白

      表情 不能

      回复