江西省技能培训平台(逆向破解登录)
登录破解(国密sm2加密方式)
请求接口
https://api.cloud.wozhipei.com/auth/user/v1/login
使用身份证和密码登录发现有password加密,好开始逆向js
全局搜索发现使用国密SM2进行加密
模拟算法
js
使用js进行模拟算法
<!DOCTYPE html>
<html lang="en">
<head><meta charset="UTF-8"><title>Title</title>
</head>
<script src="./sm2.js"></script>
<script src="./base64.js"></script>
<script>async function fetchPublicKeyAndEncrypt() {try {// 发送fetch请求并等待响应数据解析为JSON格式let response = await fetch('https://api.cloud.wozhipei.com/auth/user/v1/public_key', {method: 'GET',headers: {'Content-Type': 'application/json',"User-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36",}});let result = await response.json();console.log('提交成功,服务器返回:', result["data"]);console.log('sm2Encrypt', sm2);// 获取公钥let publicKey = result["data"];// 待加密的密码let pwd = "你的密码";let cipherMode = 1; // 1 - C1C3C2,0 - C1C2C3,默认为1console.log("编码后的pwd: ",btoa(pwd))// 等待加密操作完成并获取加密后的数据let encryptData = await sm2.doEncrypt(btoa(pwd), publicKey, cipherMode);return {publicKey, encryptData};}catch(error){console.error('请求出错:', error);}}async function login(data) {try {// 发送fetch请求并等待响应数据解析为JSON格式let response = await fetch('https://api.cloud.wozhipei.com/auth/user/v1/login', {method: 'POST',body: data,headers: {'Content-Type': 'application/json',"User-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36",}});console.log('响应:', response);let result = await response.json();return result} catch (error) {console.error('请求出错:', error);}}// 调用异步函数并处理返回值fetchPublicKeyAndEncrypt().then(({publicKey, encryptData}) => {if (publicKey && encryptData) {var data = {"account": "你的身份证","appKey": "WEB","sid": 1018,"type": 1,"authOpenId": "","authType": "","publicKey": publicKey,"password": encryptData}console.log('获取到的公钥:', publicKey);console.log('加密后的数据:', encryptData);console.log('请求体:', JSON.stringify(data));login(JSON.stringify(data)).then(res => {console.log('loingrespionse:', res);})}});</script>
<body></body></html>
成功登录:
python_124">python
python使用gmssl,注意这里有个坑,
直接pip install gmssl 下载的版本是3.2.1的是旧版的sm2加密方式开始用旧标准的一直没校验不通过这个坑我走了好久,这要感谢我的学弟发现这个坑
有两个标准,这个网站是新标准的,如果使用旧标准的话后端无法解密导致校验不通过。
旧版3.2.1
新版3.2.2
代码:
login.py
python"># coding=gb2312
from gmssl import sm2
import requests
from base64 import b64encodedef getToken(idCar, pwd):public_keyUrl = "https://api.cloud.wozhipei.com/auth/user/v1/public_key"headers = {"User-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36","Content-Type": "application/json"}response = requests.get(public_keyUrl, headers=headers)public_key = response.json()["data"]def encrypt(data):# sm2 加密sm2_crypt = sm2.CryptSM2(public_key=public_key, private_key="", mode=1)return sm2_crypt.encrypt(data).hex()data_str = pwddata_bytes = data_str.encode('utf-8')encoded_data = b64encode(data_bytes)encryptData = encrypt(encoded_data)data = {"account": idCar,"appKey": "WEB","sid": 1018,"type": 1,"authOpenId": "","authType": "","publicKey": public_key,"password": encryptData}response = requests.post("https://api.cloud.wozhipei.com/auth/user/v1/login", headers=headers, json=data)return response.content.decode("utf-8")token = getToken("身份证", "密码")
print(token)
