最新某宝x-sign参数生成原理

淘宝x-sign算法解密分析

我在上一篇博客中给大家介绍了淘宝接口如何抓取,今天我来给大家介绍一下淘宝中校验参数x-sign的生成了,现在大家都知道只要有了x-sign基本上所有事情都可以干,包括但不仅限于商品信息,商品评价,秒杀活动等等
本文将演示如何获取淘宝商品评价信息,以iphone11为例 https://detail.tmall.com/item.htm?id=602659642364

抓包分析

通过charles手机抓包分析得出评价获取参数为如下几个:
url:http://guide-acs.m.taobao.com/gw/mtop.taobao.rate.detaillist.get/4.0
参数:data={“rateType”:"",“hasPic”:“1”,“foldFlag”:“0”,“pageNo”:“1”,“pageSize”:“10”,“auctionNumId”:“602659642364”}
头信息:有好多头信息,最重要的x-sign

签名接口调用

先放一个postman的图片 [外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-pUVSS7Nl-1588948458935)(https://github.com/Colinlyj210/x-sign/raw/master/w2.png?raw=true)]

使用说明:

  1. 图片中的请求地址并不是真实的请求地址,需要联系qq获取
  2. 发请求的时候必须是post json格式,可能需要协议头Content-Type:application/json
  3. token是接口校验参数,需要联系qq获取
  4. 获取签名的时候参数值都不需要转义,发请求抓数据的时候可能需要转义
  5. 所有参数必须使用""包起来,必须是字符串

参数说明

  1. data:就是参数data,为了避免出现编码问题,使用base64编码再传给我。编码前的data不要使用 urlencode.
  2. appKey:默认"21646297",淘宝的appKey这个值是固定,如果是淘宝系其他app,这个值不一样
  3. pv:默认"6.3",可选"6.2"或者"6.3"
  4. useMiniWua:默认"0" 需要x-mini-wua的时候,设置为"1",当pv="6.3"的时候,都是带x-mini-wua返回值的
  5. useWua:默认"0" 需要wua的时候,设置为"1"
  6. `如有其他疑问,或者需要帮助的请联系qq: 946420414

返回值说明

返回值有x-sign,x-mini-wua,wua等 需要自己发请求测试,此处不再说明

python 版本demo

运行条件: python3 + requests 库

#!/usr/bin/env python
# coding:utf8

import os
import json
import requests
from urllib.parse import quote
from urllib.parse import quote_plus
from pprint import pprint
import base64
import time

def gwMtopApi(api, v, data, uid="0", sid="0", method='GET'):
    utdid = "XLWkskakX5EDAEAuXveJ2YJy"
    appKey = "21646297"
    timestamp = time.time()
    t = int(timestamp)
    lat = "31.23238"
    lng = "121.477733"
    ttid = '701186@taobao_android_9.1.0'
    deviceId = "Akuvfv2rDaTsFg2EJoAi5vGWE8wGLLTOVgrx3XMZ2a_M"
    features = "27"
    pageId = "https://market.m.taobao.com/app/tmall-wireless/group-card-618/pages/cc-shareItem?wh_ttid=native"
    pageName = "market.m.taobao.com/app/tmall-wireless/group-card-618/pages/cc-shareItem"
    # 数据使用base64做下编码
    b64Data = base64.b64encode(data.encode("utf-8"))
    pprint(b64Data)
    postData = {

        "utdid": utdid,
        "uid": uid,
        # 设备id
        "deviceId": deviceId,
        "appKey": appKey,
        "x-features": features,
        "ttid": ttid,
        "location": lng + ',' + lat,
        "v": v,
        "sid": sid,
        # 时间戳 10位数
        "t": t,
        "api": api,
        "useWua": "1",
        "data": b64Data,
        "pageId": pageId,
        "pageName": pageName
    }
    pprint(postData)
    result = getTaobaoSigns(postData)

    jobj = json.loads(result)
    dataJobj = jobj["data"]

    pprint(dataJobj['x-mini-wua'])
    body = "data=" + quote_plus(data)
    requestUrl = "https://guide-acs.m.taobao.com/gw/{0}/{1}/".format(api, v)
    proxies = None


    headers = {
        "x-appkey": appKey,
        "x-devid": deviceId,
        "x-ttid": quote_plus(ttid),
        "x-sign": quote_plus(dataJobj['x-sign']),
        "x-umt": quote_plus(dataJobj['x-umt']),
        "x-mini-wua": quote_plus(dataJobj['x-mini-wua']),
        "x-sgext": dataJobj['x-sgext'],
        "x-t": str(t),
        "x-location": quote_plus("{0},{1}".format(lng, lat)),
        "x-app-ver": "9.1.0",
        "f-refer": "mtop",
        "x-nq": "WIFI",
        "x-nettype": "WIFI",
        "x-region-channel": "CN",
        "f-refer": "mtop",
        "content-type": "application/x-www-form-urlencoded;charset=UTF-8",
        "A-SLIDER-Q": "appKey%3D21646297%26ver%3D0",

        "x-bx-version": "6.4.11",
        "x-page-url": quote_plus(pageId),
        "a-orange-q": "appKey=21646297&appVersion=9.1.0&clientAppIndexVersion=1120191120160145573&clientVersionIndexVersion=0",
        "x-page-name": pageName,

        "x-pv": "6.3",
        "x-c-traceid": "XLWkskakX5EDAEAuXveJ2YJy1574237572826005219386",
        "x-features": features,
        "x-app-conf-v": str(19),
        "x-utdid": utdid,

        "c-lauch-info": "0,0,1574237572825,1574233432783,3",
        "User-Agent": "MTOPSDK%2F3.1.1.7+%28Android%3B8.1.0%3BHuawei%3BNexus+6P%29",
        "Connection": "Keep-Alive",
        "Accept-Encoding": "gzip",
        "x-bx-version": "6.4.11"
    }

    if uid != "":
        headers["x-uid"] = uid
        headers["x-sid"] = sid

    if method == 'GET':
        requestUrl = "https://guide-acs.m.taobao.com/gw/{0}/{1}/?{2}".format(api, v, body)
        pprint(requestUrl)
        result = requests.get(requestUrl, timeout=20, headers=headers, proxies=proxies, verify=False)

    else:
        result = requests.post(requestUrl, data=body, headers=headers, timeout=20, proxies=proxies, verify=False)

    pprint(result)
    if result.status_code == requests.codes.ok:
        pprint(result.text)


def getTaobaoSigns(arr):
    pprint(arr)
    requestURL = "http://127.0.0.1:8080/fakeTbParam"

    headers = {
        "allow_access": "true",
        "Content-Type": "application/x-www-form-urlencoded"
    }


    result = requests.post(requestURL, data=arr, timeout=20, headers=headers)
    pprint(result.text)
    dataStr = ""
    if result.status_code == requests.codes.ok:
        dataStr = result.text
    pprint(dataStr)
    return dataStr


def getTaobaoDetail():
    data = '''{"LBS":"{\\"SG_TMCS_1H_DS\\":\\"{\\\\\\"stores\\\\\\":[]}\\",\\"SG_TMCS_FRESH_MARKET\\":\\"{\\\\\\"stores\\\\\\":[]}\\",\\"TB\\":\\"{\\\\\\"stores\\\\\\":[{\\\\\\"code\\\\\\":\\\\\\"185784179\\\\\\",\\\\\\"bizType\\\\\\":\\\\\\"2\\\\\\",\\\\\\"type\\\\\\":\\\\\\"1\\\\\\"}]}\\",\\"TMALL_MARKET_B2C\\":\\"{\\\\\\"stores\\\\\\":[{\\\\\\"code\\\\\\":\\\\\\"105\\\\\\",\\\\\\"bizType\\\\\\":\\\\\\"REGION_TYPE_CITY\\\\\\",\\\\\\"addrId\\\\\\":\\\\\\"8813741971\\\\\\",\\\\\\"type\\\\\\":\\\\\\"CHOOSE_ADDR\\\\\\"},{\\\\\\"code\\\\\\":\\\\\\"107\\\\\\",\\\\\\"bizType\\\\\\":\\\\\\"REGION_TYPE_REGION\\\\\\",\\\\\\"addrId\\\\\\":\\\\\\"8813741971\\\\\\",\\\\\\"type\\\\\\":\\\\\\"CHOOSE_ADDR\\\\\\"}]}\\",\\"TMALL_MARKET_O2O\\":\\"{\\\\\\"stores\\\\\\":[{\\\\\\"code\\\\\\":\\\\\\"233930143\\\\\\",\\\\\\"bizType\\\\\\":\\\\\\"DELIVERY_TIME_ONE_HOUR\\\\\\",\\\\\\"addrId\\\\\\":\\\\\\"8813741971\\\\\\",\\\\\\"type\\\\\\":\\\\\\"CHOOSE_ADDR\\\\\\"}]}\\"}","URL_REFERER_ORIGIN":"https://s.m.taobao.com/h5entry?utparam=%7B%22ranger_buckets_native%22%3A%22tsp2189_21618_normaluser01%22%7D&spm=a2141.1.searchbar.searchbox&scm=1007.home_topbar.searchbox.d&_navigation_params=%7B%22needdismiss%22%3A%220%22%2C%22animated%22%3A%220%22%2C%22needpoptoroot%22%3A%220%22%7D","_navigation_params":"{\\"needdismiss\\":\\"0\\",\\"animated\\":\\"0\\",\\"needpoptoroot\\":\\"0\\"}","ad_type":"1.0","apptimestamp":"1575125141","areaCode":"CN","brand":"google","canP4pVideoPlay":"true","countryNum":"156","device":"Nexus 6P","editionCode":"CN","filterEmpty":"true","filterUnused":"true","from":"suggest_all-query","homePageVersion":"v6","imei":"867686023424128","imsi":"09647Nexus617c3","info":"wifi","isBeta":"false","itemfields":"commentCount,newDsr","layeredSrp":"true","n":"10","needTabs":"true","network":"wifi","new_shopstar":"true","page":"2","pos":"0_0","q":"iphone11","rainbow":"14071,14070,12994,14154","referrer":"com.taobao.taobao","schemaType":"all","scm":"1007.home_topbar.searchbox.d","searchFramework":"true","search_action":"initiative","search_wap_mall":"false","setting_on":"imgBanners,userdoc,tbcode,pricerange,localshop,smartTips,firstCat,dropbox,realsale,insertTexts,tabs","showspu":"true","sort":"_sale","spm":"a2141.1.searchbar.searchbox","sputips":"on","style":"list","subtype":"text","sugg":"iphone11_0_0","suggest_rn":"bucketid_1-rn_9ce4a9df-e0c0-418d-80a2-df54040958ed","sversion":"8.3","taoxianda":"true","ttid":"701186@taobao_android_9.2.0","utd_id":"XLWkskakX5EDAEAuXveJ2YJy","utparam":"{\\"ranger_buckets_native\\":\\"tsp2189_21618_normaluser01\\"}","vm":"nw"}'''


    api = "mtop.taobao.wsearch.appsearch"
    v = "1.0"
    gwMtopApi(api, v, data, uid="60348168", sid="96d58db05c3654c6015572075f9e41ea")


if __name__ == '__main__':
    getTaobaoDetail()

技术支持

感谢大家在百忙中阅读我的博客。
如有技术问题请联系qq: 946420414

你可能感兴趣的:(签名算法,android,web,app,c++,java,tensorflow)