逆向目标
- 网站:
https://www.fastmoss.com/shop-marketing/tiktok - 接口:
https://www.fastmoss.com/api/shop/shopList/ - 参数:
fm-sign
逆向分析
我们今天要分析的是店铺排名,先分析网络请求,找到目标接口
按照上图操作Copy as cURL,将curl 转为 python request
直接分析测试 python 代码,加密点只能是 cookie 或 fm-sign参数,先来测试 cookie,代码里直接设置为 None 然后运行依然可以拿到请求结果,说明加密和 cookie 无关,那就只能是 fm-sign 参数了,如下
import requests
headers = {
"fm-sign": "479f735a55570d174198e5c1ce93f515",
"lang": "EN_US",
"priority": "u=1, i",
"referer": "https://www.fastmoss.com/shop-marketing/tiktok",
"region": "US",
"user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36"
}
url = "https://www.fastmoss.com/api/shop/shopList/"
params = {
"page": "1",
"pagesize": "10",
"order": "1,2",
"region": "US",
"_time": "1727184797",
"cnonce": "57869802"
}
response = requests.get(url, headers=headers, cookies=None, params=params)
print(response.json())
逆向过程
搜索关键词 fm-sign
跟进去打上断点并刷新网页
p = m.encryptParams({...d}, h);
i["fm-sign"] = p
加密入口我门找到了,跟进去看下
把这个函数拷贝到本地执行
window = global;
function encryptParams(e) {
let t = arguments.length > 1 && void 0 !== arguments[1] ? arguments[1] : ""
, n = window.Object.keys(e).sort()
, o = "";
n.forEach(t => {
o += t + e[t] + this.salt
}
);
let r = d()(o + t).toString()
, a = ""
, i = 0
, l = r.length - 1;
for (; i < r.length && !(i >= l); i++,
l--)
a += (window.parseInt(r[i], 16) ^ window.parseInt(r[l], 16)).toString(16);
return a + r.substring(i)
}
var e = {
"page": 1,
"pagesize": 10,
"order": "1,2",
"region": "US",
"_time": 1727185503,
"cnonce": 83043105
};
var result = encryptParams(e);
console.log(result);
执行报错 let r = d()(o + t).toString() ^ReferenceError: d is not defined,我们去网站执行到这步分析
r是 32位 的 16进制 字符串,猜测大概率是 md5 值,我们直接来验证下有没有魔改,分别在网页上和本地对字符串 1 做 md5,然后比较结果
// 网站求 md5 值
d()('1').toString()
>> c4ca4238a0b923820dcc509a6f75849b
// 本地求 md5 值
var CryptoJS = require("crypto-js");
console.log(CryptoJS.MD5('1').toString());
>> c4ca4238a0b923820dcc509a6f75849b
网页和本地结果一致,说明网站的 md5 方法是没有魔改的标准方法,到这几 fm-sign 就分析完了,我们直接使用 CryptoJS.MD5 替换 d() 方法即可
逆向总结
完整的 js 代码如下
var CryptoJS = require("crypto-js");
window = global;
this.salt = "asjdfoaur3ur829322";
function encryptParams(e) {
let t = arguments.length > 1 && void 0 !== arguments[1] ? arguments[1] : ""
, n = window.Object.keys(e).sort()
, o = "";
n.forEach(t => {
o += t + e[t] + this.salt
}
);
let r = CryptoJS.MD5(o + t).toString()
, a = ""
, i = 0
, l = r.length - 1;
for (; i < r.length && !(i >= l); i++,
l--)
a += (window.parseInt(r[i], 16) ^ window.parseInt(r[l], 16)).toString(16);
return a + r.substring(i)
}
var e = {
"page": 1,
"pagesize": 10,
"order": "1,2",
"region": "US",
"_time": 1727185503,
"cnonce": 83043105
};
var result = encryptParams(e);
console.log(result);
原创声明:未经许可,不得转载。
如有侵权,请联系作者删除删除
