最新 京东E卡 滑块 分析

声明:
本文章中所有内容仅供学习交流使用，不用于其他任何目的，抓包内容、敏感网址、数据接口等均已做脱敏处理，严禁用于商业用途和非法用途，否则由此产生的一切后果均与作者无关！

逆向分析

response = session.post(url, headers=headers, params=params)
sid = response.json()['data']
cp = execjs.compile(open('jd.js','r',encoding='utf-8').read())
data = cp.call('getFp',sid)
url = "/fp"
response = session.post(url, headers=headers, data=data)
data = response.json()
fp = data['fp']
st = data['st']
data = cp.call('initBg',sid,st)
url = "/check"
response = session.post(url, headers=headers, data=data)
data = response.json()
imgJsonStr = data['img']
print(imgJsonStr)
img =json.loads(imgJsonStr)
b1 = img['b1']
b2 = img['b2']
with open('b1.jpg','wb') as f:
    f.write(base64.b64decode(b1.replace('data:image/jpg;base64,','')))
with open('b2.png','wb') as f:
    f.write(base64.b64decode(b2.replace('data:image/png;base64,','')))
# verify(st, sessionId, distance)
with open('b1.jpg','rb') as fp:
    background_bytes = fp.read()
with open('b2.png','rb') as fp:
    target_bytes = fp.read()
distance = getDistance()
result = verify()
data = result['data']
trace = result['trace']
print(trace)
url = "/check"

response = session.post(url, headers=headers, data=data)
data = response.json()
print(data)

结果

总结

1.出于安全考虑,本章未提供完整流程,调试环节省略较多,只提供大致思路,具体细节要你自己还原,相信你也能调试出来。