Js逆向入门之sm加解密分析

Js逆向入门之sm加解密

地址：
aHR0cHM6Ly9mdXd1Lm5oc2EuZ292LmNuL25hdGlvbmFsSGFsbFN0LyMvc2VhcmNoL21lZGljYWw/Y29kZT05MDAwMCZmbGFnPWZhbHNlJmdiRmxhZz10cnVlCiA=(base64)

加密参数

1. payload
2. response

3. 如图

4. 目标数据

加密位置

1. signData
2. encData

3.其他参数
**
x-tif-nonce: N7unnPrD
x-tif-signature: 6de8df9e7e64500718720eab273b959a88aa601eaa6afdcf190ee7a5985c51aa
x-tif-timestamp: 1656150301**

方法一：webpack 模块导出

这里只测试了是否可调用

方法二：python 还原

def main():
    timestamp = int(time.time())
    c, u = ret_u(timestamp)
    headers.update({'x-tif-signature': get_sha256(u)})
    headers.update({'x-tif-nonce': c})
    headers.update({'x-tif-timestamp': str(timestamp)})
    encData = data_encryption(
        '{"addr":"","regnCode":"110000","medinsName":"","medinsLvCode":"","medinsTypeCode":"","openElec":"","pageNum":1,"pageSize":10}')
    data = 'appCode=T98HPCGN5ZVVQBS8LZQNOAEXVI9GYHKQ' \
           '&data={"pageNum":"1","pageSize":"10","regnCode":"110000"}' \
           '&encType=SM4&signType=SM2' \
           f'×tamp={timestamp}' \
           '&version=1.0.0&key=NMVFVILMKT13GEMD3BKPKCTBOQBPZR2P'
    signData = js_code.call('get_sign', data)
    # signData = sm2_sign(data)
    payload = {
        'data':
            {
                "data": {
                    "encData": encData
                },
                "appCode": "T98HPCGN5ZVVQBS8LZQNOAEXVI9GYHKQ",
                "version": "1.0.0",
                "encType": "SM4",
                "signType": "SM2",
                "timestamp": timestamp,
                "signData": signData
            }
    }
    response = requests.post(url='https://fuwu.nhsa.gov.cn/ebus/fuwu/api/nthl/api/CommQuery/queryFixedHospital',
                             json=payload, headers=headers)
    print('res::', response.text)
    print('res::', json.loads(data_decryption(response.json()['data']['data']['encData'])))


if __name__ == '__main__':
    main()

以上只是部分代码
sm2签名也不是python版本
不够完美

测试结果：

结束