tx充值QB页面的mobile_save接口中的encrypt_msg值算法。
本帖学习研究探讨
目标网站地址 http://pay.qq.com/h5/
版本
&base_key_version=H5_1.0.21
&encrypt_way=web_new_encrypt
目的是拿到最终的支付链接。
https://api.unipay.qq.com/v1/r/1450000490/mobile_save
可以看到 不管是QQ支付还是微信支付,最终的支付链接是从这个接口中返回的,说明接口请求地址一样,参数不一样
这个接口中的参数非常的多
我们可以逐一排查 最终可以发现
openid: openkey:
这两个参数就不用解释了,类似于cookie账号密码
session_token: r: uuid :
以上就是些固定,或随机参数,这些参数不是很重要,可要可不要。
anti_auto_script_token_id
encrypt_msg
base_key_version
web_token
经过观察发现这几个参数均为加密参数中必要参数
其中 anti_auto_script_token_id web_token 在加载选择支付框架时均有返回
base_key_version 参数不变,为加密版本信息
现在开始分析今天的主角encrypt_msg ----------------------
全局搜索该加密参数名称encrypt_msg
经验所得 猜测它是一个aes加密(这里仅猜测),后来发现是障眼法而已
function _0x13963a() {
var _0x21b15a = '';
try {
for (var _0x45eecd = [_0x4c5f('0x386') + 'Heigh' + 't', 'avail' + _0x4c5f('0x323'), 'color' + 'Depth', _0x4c5f('0x214') + _0x4c5f('0x1e') + 'h', _0x4c5f('0x150') + _0x4c5f('0xcb'), _0x4c5f('0x150') + _0x4c5f('0x35f'), _0x4c5f('0x362') + 't', _0x4c5f('0x336'), _0x4c5f('0x365') + _0x4c5f('0xc6') + 'I', 'logic' + _0x4c5f('0x2f2') + 'I', 'pixel' + _0x4c5f('0x2e'), _0x4c5f('0xd4') + 'eInte' + 'rval'], _0x19dc5e = 0x52 * -0x67 + -0x1 * -0x16d3 + 0xa2b * 0x1; _0x19dc5e < _0x45eecd[_0x4c5f('0x8e') + 'h']; _0x19dc5e++) {
var _0x1e98fc = _0x45eecd[_0x19dc5e];
void (-0x17d0 + 0x1 * -0xaa7 + 0x2277) !== window[_0x4c5f('0x3ac') + 'n'][_0x1e98fc] && (_0x21b15a += window[_0x4c5f('0x3ac') + 'n'][_0x1e98fc]);
}
} catch (_0x4b288a) {}
return _0x59528b(_0x21b15a);
}
var _0x21ace1 = _0x16a64c[_0x4c5f('0x189') + _0x4c5f('0x38a') + _0x4c5f('0x359')]
, _0x259597 = !!_0x21ace1;
function _0x3a0788() {
if (_0x259597)
return _0x21ace1;
_0x259597 = !(0x1c4a + 0x1c2a + -0x3874 * 0x1);
try {
var _0x4ef4bc = []
, _0x5da87a = [_0x4c5f('0x14e') + _0x4c5f('0x3c2'), _0x4c5f('0x2ae') + _0x4c5f('0x1f7'), _0x4c5f('0x1f7')]
, _0x3fa725 = ['Andal' + _0x4c5f('0x206') + 'o', _0x4c5f('0x1c6'), _0x4c5f('0x1c6') + _0x4c5f('0x127') + 'k', _0x4c5f('0x1c6') + '\x20Hebr' + 'ew', _0x4c5f('0x1c6') + '\x20MT', _0x4c5f('0x1c6') + '\x20Narr' + 'ow', _0x4c5f('0x1c6') + _0x4c5f('0x74') + _0x4c5f('0x39e') + _0x4c5f('0x379') + 'd', _0x4c5f('0x1c6') + _0x4c5f('0x40') + _0x4c5f('0xd8') + 'S', _0x4c5f('0x1e0') + _0x4c5f('0x115') + _0x4c5f('0x15b') + 'Sans\x20' + 'Mono', 'Book\x20' + _0x4c5f('0x23f') + 'ua', _0x4c5f('0x263') + 'an\x20Ol' + _0x4c5f('0x19a') + 'le', 'Calib' + 'ri', _0x4c5f('0x33a') + 'ia', _0x4c5f('0x33a') + _0x4c5f('0x3c9') + 'th', _0x4c5f('0x243') + 'ry', _0x4c5f('0x243') + _0x4c5f('0x2bf') + _0x4c5f('0xb2'), _0x4c5f('0x243') + _0x4c5f('0x174') + _0x4c5f('0x1c4') + _0x4c5f('0x34b'), 'Comic' + _0x4c5f('0x36a'), 'Comic' + _0x4c5f('0x36a') + '\x20MS', _0x4c5f('0x12') + 'las', _0x4c5f('0x1cd') + 'er', _0x4c5f('0x1cd') + _0x4c5f('0x179') + 'w', 'Garam' + _0x4c5f('0x269'), _0x4c5f('0x77') + 'a', 'Georg' + 'ia', _0x4c5f('0x15f') + _0x4c5f('0x1bc'), _0x4c5f('0x15f') + 'tica\x20' + _0x4c5f('0x2a3'), _0x4c5f('0x53') + 't', _0x4c5f('0x3a') + 'a\x20Bri' + _0x4c5f('0x1b0'), _0x4c5f('0x3a') + _0x4c5f('0x2fa') + _0x4c5f('0x368') + _0x4c5f('0x50'), 'Lucid' + _0x4c5f('0x3d3') + 'sole', _0x4c5f('0x3a') + _0x4c5f('0x59'), _0x4c5f('0x30f') + _0x4c5f('0x31e') + 'NDE', _0x4c5f('0x3a') + _0x4c5f('0x168') + _0x4c5f('0x3cc') + _0x4c5f('0x37c'), _0x4c5f('0x3a') + _0x4c5f('0x254') + 's', _0x4c5f('0x3a') + _0x4c5f('0x254') + _0x4c5f('0x2a5') + 'ewrit' + 'er', _0x4c5f('0x3a') + 'a\x20San' + _0x4c5f('0x28b') + _0x4c5f('0x1f5'), 'Micro' + _0x4c5f('0x12e') + _0x4c5f('0x3b2') + _0x4c5f('0x137'), _0x4c5f('0x102') + 'o', _0x4c5f('0x2d5') + _0x4c5f('0x1cc') + _0x4c5f('0x217') + 'a', _0x4c5f('0x256') + 'thic', _0x4c5f('0x293') + _0x4c5f('0x63'), _0x4c5f('0x388') + _0x4c5f('0x303'), _0x4c5f('0x364') + _0x4c5f('0x2cb') + _0x4c5f('0xb') + _0x4c5f('0x1d5') + 'rif', _0x4c5f('0xa0') + _0x4c5f('0x1d5') + _0x4c5f('0x14c'), _0x4c5f('0x22e') + _0x4c5f('0x14c'), _0x4c5f('0x120') + 'D', _0x4c5f('0x120') + _0x4c5f('0x1db'), _0x4c5f('0x35b') + 'ino', 'Palat' + _0x4c5f('0x222') + _0x4c5f('0xf8') + 'pe', 'Segoe' + _0x4c5f('0x2ea') + 't', _0x4c5f('0x121') + _0x4c5f('0x201') + 'pt', 'Segoe' + _0x4c5f('0x212'), _0x4c5f('0x121') + _0x4c5f('0x186') + 'ight', _0x4c5f('0x121') + _0x4c5f('0xe9') + _0x4c5f('0x375') + 'ld', _0x4c5f('0x121') + _0x4c5f('0xe9') + _0x4c5f('0x29'), _0x4c5f('0x2f9') + 'a', 'Times', _0x4c5f('0xfd') + _0x4c5f('0x57') + _0x4c5f('0x136'), _0x4c5f('0xfd') + _0x4c5f('0x57') + _0x4c5f('0x136') + _0x4c5f('0x87'), _0x4c5f('0x3b6') + 'chet\x20' + 'MS', _0x4c5f('0xe1') + 'na', _0x4c5f('0x25a') + _0x4c5f('0x24d'), _0x4c5f('0x25a') + _0x4c5f('0xa2') + '2', _0x4c5f('0x25a') + 'ings\x20' + '3'];
if (document['fonts'] && document[_0x4c5f('0x3ab')][_0x4c5f('0x3')])
try {
for (var _0x1a4872 = 0x9e0 + 0x23cf + -0x2daf, _0x1c034b = _0x3fa725['lengt' + 'h']; _0x1a4872 < _0x1c034b; _0x1a4872++)
!function(_0x2c80c7) {
try {
return document[_0x4c5f('0x3ab')][_0x4c5f('0x3')]('12px\x20' + _0x2c80c7);
} catch (_0x32d0f2) {
return !(0x17 * -0xdb + -0x165a * -0x1 + 0x12 * -0x26);
}
}(_0x3fa725[_0x1a4872]) || _0x4ef4bc['push'](('0' + _0x1a4872)[_0x4c5f('0xe0')](-(0x1930 * -0x1 + -0x915 + 0xb6d * 0x3)));
var _0x19bd36 = _0x4ef4bc[_0x4c5f('0x106')](';');
return _0x16a64c[_0x4c5f('0x189') + _0x4c5f('0x38a') + _0x4c5f('0x359')] = _0x21ace1 = _0x3d8b3d(_0x19bd36),
_0x21ace1;
} catch (_0x282811) {}
var _0x8b1c7e = document[_0x4c5f('0x1ab')] || document[_0x4c5f('0x1a7') + _0x4c5f('0xda') + 'sByTa' + _0x4c5f('0x25e')](_0x4c5f('0x1ab'))[0x1 * -0x1213 + 0x1a8 * -0x10 + 0x2c93]
, _0x448b22 = document[_0x4c5f('0x3e') + _0x4c5f('0x3b5') + _0x4c5f('0xb1')]('div')
, _0x157d22 = document['creat' + _0x4c5f('0x3b5') + 'ent'](_0x4c5f('0x21d'))
, _0x2a8a71 = {}
, _0x1cfe2e = {}
, _0x5bd96c = function() {
var _0x317ae3 = document['creat' + _0x4c5f('0x3b5') + 'ent'](_0x4c5f('0x21a'));
return _0x317ae3[_0x4c5f('0x10e')][_0x4c5f('0x5c') + _0x4c5f('0x1ec')] = _0x4c5f('0x345') + 'ute',
_0x317ae3[_0x4c5f('0x10e')][_0x4c5f('0x1eb')] = _0x4c5f('0x2fe') + 'px',
_0x317ae3['style'][_0x4c5f('0x1fa') + 'ize'] = '72px',
_0x317ae3['style']['lineH' + _0x4c5f('0x153')] = _0x4c5f('0x335') + 'l',
_0x317ae3[_0x4c5f('0xee') + 'HTML'] = _0x4c5f('0x37a') + _0x4c5f('0x37a') + _0x4c5f('0x27d'),
_0x317ae3;
}
用node来运行这些混淆的代码,如果对速度要求不是特别高的可以想到补环境,但是这种方式特别慢。
咱们今天就用易语言来写这个
到这里解密就已经成功了。可以经过测试发现,里面主要参数有几个openid,openkey 支付方式pay_method 金额buy_quantity 内容accounttype 时间戳ts
token_id=&openid=9625CD2089880047E1342DA5782D9DD5&openkey=7EE33C0021AB61CC5C79DF1257966B79&session_id=openid&session_type=kp_accesstoken&zoneid=1&pay_method=wechat&buy_quantity=10&mb_pwd=&pay_id=&auth_key=&card_value=&accounttype=qb&provide_uin=&extend=&ts=1663256770&cr_flex=1&webversion=stdV2.13.13.1.ios.other&from_h5=1
经测试以上内容缺一不可,不过还好这些东西都是可以看得见的,都是可以很简单的解决的
经过易语言计算可以做到毫秒级计算
经过替换时间戳,已知web_token参数为加密密码 经过加密得到msg内容,
现在模拟发送post
成功得到wx和qq的必要参数,到这里就结束了。感谢大家观看。
如有权益问题可以联系我删除文章来源:https://www.toymoban.com/news/detail-472291.html
长期更新文章来源地址https://www.toymoban.com/news/detail-472291.html
到了这里,关于tx H5_1.0.19算法 tx算法 encrypt_msg 腾讯encrypt_msg算法mobile_save接口中的msg值算法。的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!
