某宝APP接口抓包与X-sign教程
某宝APP接口抓包与X-sign教程
最近有在做淘宝相关的业务研究,避免不了需要抓包抓接口分析数据,对于这类APP抓包需要安卓手机和抓包软件,我推荐使用:
- Packet Capture(无root抓包): https://wwa.lanzoui.com/ik6SLttn0ef(蓝奏云)
- 安卓手机(root + Android5.1版本左右)本人使用:小米4 android5.1(二手不到100)
Packet Capture使用:
下载安装证书
选择APP,监听抓包
抓取到我们想要的API接口和参数后,需要通过参数生成xsign值 ,获取xsign值有2种方法
1.一种是通过Xposed框架 Hook App关键函数,生成模块,在模块内搭建客户端,Springboot搭建服务端用于接收用户请求的参数数据,模块客户端接收到服务端传来的数据,通过CallMethod函数获取xsign,并返回给用户。缺点是需建立在模拟器上,资源消耗较大,多线程承受能力弱,容易受网络波动。
@Override
public void handleLoadPackage(XC_LoadPackage.LoadPackageParam lpparam) throws Throwable {
if (lpparam.packageName.contains("com.taobao.")) {
XposedHelpers.findAndHookMethod("mtopsdk.security.InnerSignImpl", lpparam.classLoader, "getUnifiedSign", new Object[]{HashMap.class, HashMap.class, String.class, String.class, Boolean.TYPE, new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
synchronized (this) {
AliHook.obj[0] = param.thisObject;
if (!AliHook.aBoolean) {
aBoolean =true;
start( UUID.randomUUID().toString());
}
}
}
@Override
protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
HashMap<String, String> hashMap = (HashMap) param.args[0];
for (String key : hashMap.keySet()) {
XposedBridge.log("[Map] " + key + " " + hashMap.get(key));
}
XposedBridge.log("[AppKey] " + param.args[2]);
XposedBridge.log("[AuthCode] " + param.args[3]);
XposedBridge.log("[boolean] " + param.args[4]);
}
}});
}
2.暴力扣出APP的生成Xsign的SO文件
int __stdcall xsign(const char* srcData, char* dest, uint32_t *dest_len)
{
if (dest == NULL || srcData == NULL || dest_len == NULL) {
return 1;
}
if (*dest_len < 60) {
return 2;
}
const char* white_iv = "6zi8tey4328TcUh1";
int srcSize = strlen(srcData);
const char * secret = "f2438a7500e0d6ac7535327b67b67b8e";
const char * prefix = "ab20380090";
vector<uint8_t> out;
vector<uint8_t> base64;
vector<uint8_t> data;
vector<uint8_t> encryptData;
uint8_t buffer[EVP_MAX_MD_SIZE];
unsigned int size = out.size();
size = data.size();
//string hashStr = byteToHexStr(data);
//print_bytes(&indexTable[0], 163438);
std::string temp(reinterpret_cast<char const*>(&indexTable), sizeof(indexTable));
printf("strIndexTable = %s", temp);
data.resize(EVP_MAX_MD_SIZE);
HMAC(EVP_sha1(), secret, strlen(secret), (const unsigned char*)srcData, srcSize, &data.front(), &size);
data.resize(size);
string hashStr = byteToHexStr(data);
printf("hashStr = %s", hashStr);
hashStr += '&';
hashStr += secret;
data.assign(hashStr.begin(), hashStr.end());
encrypt(data, &encryptData, (uint8_t*)white_iv);
base64Encode(&encryptData.front(), encryptData.size(), &base64);
out.resize(EVP_MAX_MD_SIZE);
size = out.size();
HMAC(EVP_sha1(), secret, strlen(secret), &base64.front(), base64.size(), &out.front(), &size);
out.resize(size);
string str = byteToHexStr(out);
//vector outBase64;
//base64Encode(&out.front(), out.size(), &outBase64);
//string str;
//str.assign(outBase64.begin(), outBase64.end());
*dest_len = strlen(prefix);
memcpy(dest, prefix, *dest_len);
memcpy(dest + *dest_len, str.data(), str.size());
*dest_len += str.size();
dest[*dest_len] = 0;
return 0;
}
int main(int argc, char *argv[])
{
uint32_t len = 64;
char buf[64];
xsign(argv[1], buf, &len);
//cookie(argv[1], argv[2], argv[3], buf, len);
cout << buf;
return 0;
}
以易语言为例:
1.将C++代码生成DLL提供给易语言使用 优点:不依赖网络 直接调用 支持多线程
抓包工作抓包数据:
api:mtop.relationrecommend.wirelessrecommend.recommend
v:2.0
data:{"appId":"14658","params":"{\"area\":\"shouye_classifier\",\"type\":\"all\",\"industry_id\":\"\",\"catmap_version\":\"3.0\",\"sversion\":\"\"}"}
具体易语言代码
.版本 2
.支持库 dp1
.支持库 spec
xpv = “6.2”
t = 时间_取现行时间戳 (真)
xuid = 文本_取出中间文本 (cookie, “unb=”, “;”, , )
sid = 文本_取出中间文本 (cookie, “cookie2=”, “;”, , )
.如果真 (xuid = “”)
xuid = “0”
.如果真结束
.如果真 (sid = “”)
sid = “0”
.如果真结束
deviceId = 文本_取随机字符 (44)
utdid = 文本_取随机字符 (24)
appKey = “21646297”
lat = “39.916295”
lng = “116.410344”
ttid = “00407@taobaolive_android_1.8.23”
features = “27”
xsign拼接数据 = utdid + “&” + xuid + “&&” + appKey + “&” + 取数据摘要 (到字节集 (编码_gb2312到utf8 (data))) + “&” + t + “&” + api + “&” + v + “&” + sid + “&” + ttid + “&” + deviceId + “&” + lat + “&” + lng + “&” + features
.如果真 (xpv = “6.2”)
xsign拼接数据 = xsign拼接数据 + “&&&&&&&”
.如果真结束
buflen = 64
xsign (xsign拼接数据, buf, buflen)
xsign = 到文本 (buf)
调试输出 (xsign)
http.Auto ()
.如果 (method = 1)
http.Open (“POST”, “http://guide-acs.m.taobao.com/gw/” + api + “/” + v)
.否则
http.Open (“GET”, “http://guide-acs.m.taobao.com/gw/” + api + “/” + v + “/?data=” + 编码_URL编码 (data, 真, 真))
.如果结束
http.SetRequestHeader (“user-agent”, “MTOPSDK%2F3.0.4.7+%28Android%3B5.1.1%3Bxiaomi%3Bmi+pad%29”)
http.SetRequestHeader (“x-appkey”, appKey, )
http.SetRequestHeader (“x-t”, t, )
http.SetRequestHeader (“x-pv”, xpv, )
http.SetRequestHeader (“x-sign”, xsign, )
http.SetRequestHeader (“x-features”, features, )
http.SetRequestHeader (“x-location”, lng + “%2C” + lat, )
http.SetRequestHeader (“x-ttid”, ttid, )
http.SetRequestHeader (“x-utdid”, utdid, )
http.SetRequestHeader (“x-devid”, deviceId, )
http.SetRequestHeader (“x-uid”, xuid, )
http.SetRequestHeader (“x-sid”, sid, )
.如果真 (cookie ≠ “”)
http.SetCookie (cookie)
.如果真结束
.如果 (method = 1)
http.Send (“data=” + data)
.否则
http.Send ()
.如果结束
返回文本 = http.GetResponseTextU2A ()
返回 (返回文本)
本文章仅限参考研究,若违规可联系QQ:205468941 删除
本文章仅限参考研究,若违规可联系QQ:205468941 删除
本文章仅限参考研究,若违规可联系QQ:205468941 删除