使用PHP,实现查询天府通余额
成都的巴适公交APP可以查询天府通余额,于是想将其移植到PHP代码上
解压apk,dex2jar反编译classes.dex为jar,用jd-gui.exe打开就可以看见代码了
原理就是向http://www.basiapp.com/Bus/BusCardBalance/请求数据
参数为signature,ASC加密数据为cardno=0001XXXXXXXX&time=Y-m-d H:i:s
加密秘钥为666AA4DF3533497D973D852004B975BC的MD5的特殊形式
接下来是获得URL地址,从而获得所需数据(8位卡号前面补0001)
获得卡片余额
BusCardBalance:卡片余额
QueryConsumption:消费记录
QueryTopUp:充值记录
解压apk,dex2jar反编译classes.dex为jar,用jd-gui.exe打开就可以看见代码了
public List getCardRechargeByNum(String paramString)
{
ArrayList localArrayList = new ArrayList();
localArrayList.add(new BasicNameValuePair("mod", "api"));
localArrayList.add(new BasicNameValuePair("ac", "BusConsumption"));
localArrayList.add(new BasicNameValuePair("op", "1"));
localArrayList.add(new BasicNameValuePair("cardno", "0001" + paramString));
StringBuffer localStringBuffer = new StringBuffer();
localStringBuffer.append(Config.BASE_URL);
localStringBuffer.append("Bus/QueryTopUp/");
localStringBuffer.append("?cardno=0001" + paramString);
localObject1 = new ArrayList();
for (;;)
{
try
{
String str = request(getHttpClient(), ParamUtils.generateSignature(localStringBuffer.toString()), null);
localJSONObject = new JSONObject(str.toLowerCase());
if (localJSONObject.getInt("status") == 101)
{
localType = new TypeToken() {}.getType();
System.out.println(">>>sss:" + str);
}
}
catch (Exception localException)
{
JSONObject localJSONObject;
Type localType;
localException.printStackTrace();
if ((localException instanceof InterruptedException)) {
continue;
}
(localException instanceof ConnectException);
if (localObject1 != null) {
continue;
}
return new ArrayList();
}
finally
{
if (localObject1 != null) {
continue;
}
new ArrayList();
}
try
{
localObject1 = (List)gson.fromJson(localJSONObject.getString("listdata"), localType);
if (localObject1 == null) {
localObject1 = new ArrayList();
}
return localObject1;
}
finally {}
}
}
[/java]
[java collapse="true" title="com.guoke.chengdu.bashi.tools.util.ParamUtils"]
public static final String generateSignature(String paramString)
{
if ((paramString != null) && (paramString.contains("http://www.basiapp.com")))
{
String[] arrayOfString = paramString.split("[?]");
if (arrayOfString != null) {}
try
{
if (arrayOfString.length > 1)
{
LogUtils.d(LogUtils.LogAuthor.AUTHOR, "before : " + arrayOfString[1] + "&time=" + getNowTime());
LogUtils.d(LogUtils.LogAuthor.AUTHOR, "after : " + AESUtil.encrypt(new StringBuilder(String.valueOf(arrayOfString[1])).append("&time=").append(getNowTime()).toString()));
String str2 = arrayOfString[0] + "?signature=" + AESUtil.encrypt(new StringBuilder(String.valueOf(arrayOfString[1])).append("&time=").append(getNowTime()).toString());
LogUtils.d(LogUtils.LogAuthor.AUTHOR, "split : " + str2);
return str2;
}
String str1 = paramString + "?signature=" + AESUtil.encrypt(new StringBuilder("time=").append(getNowTime()).toString());
LogUtils.d(LogUtils.LogAuthor.AUTHOR, "split : " + str1);
return str1;
}
catch (Exception localException)
{
localException.printStackTrace();
}
}
return paramString;
}
public static final String getNowTime()
{
return new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format(new Date());
} public static String keyValue = "666AA4DF3533497D973D852004B975BC";
public static String encrypt(String paramString)
throws Exception
{
SecretKeySpec localSecretKeySpec = new SecretKeySpec(shortmd5(keyValue), "AES");
Cipher localCipher = Cipher.getInstance("AES");
localCipher.init(1, localSecretKeySpec);
return byte2hex(localCipher.doFinal(paramString.getBytes())).toLowerCase();
}原理就是向http://www.basiapp.com/Bus/BusCardBalance/请求数据
参数为signature,ASC加密数据为cardno=0001XXXXXXXX&time=Y-m-d H:i:s
加密秘钥为666AA4DF3533497D973D852004B975BC的MD5的特殊形式
private static byte[] shortmd5(String paramString)
throws Exception
{
MessageDigest localMessageDigest = MessageDigest.getInstance("MD5");
localMessageDigest.update(paramString.getBytes("UTF-8"));
return localMessageDigest.digest();
}md5('',true)接下来是获得URL地址,从而获得所需数据(8位卡号前面补0001)
class Security {
public static function encrypt($input, $key) {
$size = mcrypt_get_block_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_ECB);
$input = Security::pkcs5_pad($input, $size);
$td = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_ECB, '');
$iv = mcrypt_create_iv (mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
mcrypt_generic_init($td, $key, $iv);
$data = mcrypt_generic($td, $input);
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
$data = bin2hex($data);
return $data;
}
private static function pkcs5_pad ($text, $blocksize) {
$pad = $blocksize - (strlen($text) % $blocksize);
return $text . str_repeat(chr($pad), $pad);
}
public static function decrypt($sStr, $sKey) {
$decrypted= mcrypt_decrypt(
MCRYPT_RIJNDAEL_128,
$sKey,
base64_decode($sStr),
MCRYPT_MODE_ECB
);
$dec_s = strlen($decrypted);
$padding = ord($decrypted[$dec_s-1]);
$decrypted = substr($decrypted, 0, -$padding);
return $decrypted;
}
}获得卡片余额
echo "http://www.basiapp.com/Bus/BusCardBalance/?signature=".Security::encrypt("cardno=0001{$CARD_NO}&time=". date('Y-m-d H:i:s',time()) , md5('666AA4DF3533497D973D852004B975BC',true));BusCardBalance:卡片余额
QueryConsumption:消费记录
QueryTopUp:充值记录