58电话加密破解+58电话接口

文章来源--http://jkvast.iteye.com/blog/1175708（如作者不愿被引用，联系必删除，谢谢）

由于58同城在页面上抓取二手房信息的时候，用户的联系电话是图片的，本人水平关系无法进行很好的识别，所以转为抓取其android客户端比较容易，之前都是好好的，最近发现其升级到1.3.0.0后手机号码进行了加密，所以直接反编译其android客户端，查到其用的是des加密，而且加密的key很容易就拿到，下面贴出解密方法。(des加解密比较简单下面贴出来)

Java代码

1. import java.security.SecureRandom;

2. import javax.crypto.Cipher;

3. import javax.crypto.SecretKey;

4. import javax.crypto.SecretKeyFactory;

5. import javax.crypto.spec.DESKeySpec;

6. public class Decode458 {

7. static byte[] key = null; //这个key如果有需要请反编译58客户端获取这里不便贴出

8. public static void main(String[] args) throws Exception {

9. System.out.println(new String(Decode458.decode(Decode458.convertHexString("002E674657AE8239982087DCB2E6A99B"))));

10. System.out.println(Decode458.toHexString(Decode458.encode("13219863008".getBytes())));

11. }

12. public static byte[] decode(byte[] paramArrayOfByte) {

13. try {

14. SecureRandom localSecureRandom = new SecureRandom();

15. DESKeySpec localDESKeySpec = new DESKeySpec(key);

16. SecretKey localSecretKey = SecretKeyFactory.getInstance("DES")

17. .generateSecret(localDESKeySpec);

18. Cipher localCipher = Cipher.getInstance("DES");

19. localCipher.init(2, localSecretKey, localSecureRandom);

20. return localCipher.doFinal(paramArrayOfByte);

21. } catch (Exception e) {

22. e.printStackTrace();

23. return null;

24. }

25. }

26. public static byte[] encode(byte[] paramArrayOfByte) {

27. try {

28. SecureRandom localSecureRandom = new SecureRandom();

29. DESKeySpec localDESKeySpec = new DESKeySpec(key);

30. SecretKey localSecretKey = SecretKeyFactory.getInstance("DES")

31. .generateSecret(localDESKeySpec);

32. Cipher localCipher = Cipher.getInstance("DES");

33. localCipher.init(1, localSecretKey, localSecureRandom);

34. return localCipher.doFinal(paramArrayOfByte);

35. } catch (Exception e) {

36. e.printStackTrace();

37. return null;

38. }

39. }

40. public static byte[] convertHexString(String text) {

41. byte digest[] = new byte[text.length() / 2];

42. for (int i = 0; i < digest.length; i++) {

43. String byteString = text.substring(2 * i, 2 * i + 2);

44. int byteValue = Integer.parseInt(byteString, 16);

45. digest[i] = (byte) byteValue;

46. }

47. return digest;

48. }

49. public static String toHexString(byte b[]) {

50. StringBuffer hexString = new StringBuffer();

51. for (int i = 0; i < b.length; i++) {

52. String plainText = Integer.toHexString(0xff & b[i]);

53. if (plainText.length() < 2)

54. plainText = "0" + plainText;

55. hexString.append(plainText);

56. }

57. return hexString.toString();

58. }

59. }

很久没写博，上来溜溜，我是firstep

补充

时至今日，58已经不在des

58电话接口

通过app进行抓包，可以很清楚看到58app电话接口是没有加签名的，这个设计也许是因为58认为无伤大雅，也有可能是历史原因，app版本强制升级用户体验不好了，至于真实原因无从得知。