首页
社区
课程
招聘
问答 CTF 排行榜 知识库 工具下载 峰会 看雪商城 证书查询
  1. 社区
  2. Android安全
    3. 发新帖
[原创]某商超小程序加密算法解析
发表于: 2021-7-12 23:00 13828

[原创]某商超小程序加密算法解析

灵风_spirit 活跃值
2021-7-12 23:00
13828

image-20210706151936444

下载地址:7e6K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6%4N6%4N6Q4x3X3g2U0K9r3q4J5L8r3g2K6M7s2u0G2P5s2W2Q4x3X3g2U0L8$3#2Q4x3V1j5`.

(前提:手机和电脑均安装好charles证书)

证书安装及支持抓包https设置指引请参考: 819K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6T1L8r3!0Y4i4K6u0W2j5%4y4V1L8W2)9J5k6h3&6W2N6q4)9J5c8Y4k6A6j5%4c8G2M7Y4V1H3z5e0b7K6i4K6u0r3j5i4u0@1K9h3y4D9k6g2)9J5c8X3c8W2N6r3q4A6L8s2y4Q4x3V1j5I4x3o6j5K6x3K6t1H3z5e0g2Q4x3V1j5`.

image-20210712171621034

下载地址:d03K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6%4N6%4N6Q4x3X3g2H3L8%4y4@1L8h3q4F1i4K6u0W2j5$3!0E0i4K6u0r3

支持导入cURL,便捷高效,导入操作如下图

image-20210712171745333

image-20210712174731685

下载地址:80aK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6E0i4K6u0V1K9K6M7K6i4K6u0V1j5$3!0E0i4K6u0W2M7$3#2Q4x3X3c8@1j5#2)9J5k6h3y4F1i4K6u0r3j5#2)9J5c8X3#2Q4x3X3g2C8y4K6y4Q4x3X3g2U0L8$3#2Q4x3V1k6E0K9i4m8%4i4K6u0r3y4e0M7@1z5e0f1I4i4K6u0W2K9s2c8E0L8l9`.`.

华为p9 android 6.0

(android7.0以上版本抓包工具默认抓不到https请求,因为7.0以上只信任系统级别证书,而charles证书是安装到用户级目录的。

解决方式:可将charles证书升级为系统证书,即安装证书到系统证书目录下。

具体操作可参考连接:24fK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6%4N6%4N6Q4x3X3g2H3K9h3q4F1M7$3S2W2L8W2)9J5k6h3y4G2L8g2)9J5c8X3q4J5N6r3W2U0L8r3g2Q4x3V1j5&6y4K6t1&6x3e0p5^5x3U0M7#2y4q4)9J5c8R3`.`. )

手机上操作该小程序,找到可以进行重新定位的地方点击来触发请求以获取附近的门店,随后charles捕捉到相关接口请求

image-20210712223517703

选中相关请求右键复制其cURL格式数据 ,导入到postman进行调试分析

image-20210712173322417

观察发现是个post请求, 请求体是URL编码后的,不易阅读,我们进行url解码

(注意这里获取的cURL接口数据和图例所示的不是同一个请求,图例所示的抓包接口被笔者不小心清除了,于是重新抓了一次请求~)

如下为url解码后的cURL接口数据,这下好看多了~

观察可知有data、h5、paramsMD5三个参数,整理如下:

手机重复操作,经多次调用抓包该接口后对比发现:

h5 这个值是固定的yx_touch

paramsMD5 通过字面意思判断为加密参数,但其数据格式不像MD5,猜测是用了MD5后又进行了其他的编码加密

观察可知获取门店要传入的经纬度入参也是加密的,正常来说经纬度均是数字
{"longitude":"MTIwLjE1NDc3NQ==","latitude":"MzAuMzA1ODIy"}

前述提到的RE文件管理器app

如今微信小程序单包体积不能超过4M(小程序基础依赖包除外),如果项目内容过大,开发者会使用分包模式

拿下图举例来说(下图所示小程序包是其他应用的,非本文要分析的case)

image-20210712164945927

其中:

_2124598774_821.wxapkg 3.3M 主包

_-588782754_76.wxapkg 1.5M 子包

_152740959_13.wxapkg 89k 子包

_1123949441_552.wxapkg 14M 基础依赖包

打开小程序一顿操作后,会在小程序包存放目录下自动下载生成对应的包

通过re文件管理器直捣微信小程序包路径:
/data/data/com.tencent.mm/MicroMsg/"$用户MD5"/appbrand/pkg/_*_xxx.wxapkg
通过re文件管理器打成zip包发送到个人钉钉或者QQ、微信等,电脑完成文件接收

提示:若在之前打开过多个小程序,可以先进入目录全部删除,这样好区分小程序包的归属

####

下载地址:134K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4K9i4c8W2k6g2)9J5k6h3y4G2L8g2)9J5c8X3N6#2L8K6b7&6x3U0t1%4x3K6M7%4x3q4)9J5c8Y4N6^5j5i4m8H3g2h3&6H3j5h3y4C8k6i4t1`.
运行前提需要安装node环境
该工具运行需要一些node依赖库,安装指引在链接中README.md文档中有

等我弄明白了~, 有基础的同学可以参考这个 d5cK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6E0M7q4)9J5k6i4N6W2K9i4S2A6L8W2)9J5k6i4q4I4i4K6u0W2j5$3!0E0i4K6u0r3M7#2)9J5c8U0c8n7k6i4u0m8x3f1W2B7x3@1u0X3e0h3g2Y4x3V1I4m8x3r3y4E0y4h3M7`.

笔者太菜,看的不太懂~

下载地址:6fdK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6V1k6i4k6W2L8r3!0H3k6i4u0K6i4K6u0W2N6$3g2A6P5r3W2F1i4K6u0W2M7i4q4Q4x3X3g2U0L8$3#2Q4x3V1k6E0K9h3&6A6M7s2u0G2k6%4u0S2L8g2)9J5c8X3c8W2N6W2)9J5c8X3c8W2N6Y4c8G2L8$3I4K6i4K6u0r3M7%4c8S2j5X3I4W2i4K6u0W2K9s2c8E0L8l9`.`.

用于阅读代码,代码跳转追踪

image-20210712165335021

是骡子是马拉出来溜溜,不是有个加密叫paramsMD5吗,全局搜索试试看:

好嘛,定位到2处代码,直觉告诉我选request.js中的,直接定位到一个函数getHmacSha256(n)。
再看看这个data结构,含data、h5、paramMD5,和之前接口分析的结论一致,通用格式没的说~

image-20210712165507451

变量t:
三目运算表达式,为true时貌似表示是BETA版本运行,那么正常使用的版本应该是false,所以猜测t="@653yx#*^&HrTy99",是一个固定盐值。

将前述接口分析中的参数data进行复制,粘贴进来改一下代码再加一个打印语句执行调试看看结果:

针对这个错误,百度了一番找到个解决方案:
1e3K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6T1L8r3!0Y4i4K6u0W2j5%4y4V1L8W2)9J5k6h3&6W2N6q4)9J5c8Y4y4A6L8X3q4@1i4K6g2X3x3K6x3I4z5o6b7^5z5o6m8Q4x3V1k6S2M7Y4c8A6j5$3I4W2i4K6u0r3k6r3g2@1j5h3W2D9M7#2)9J5c8U0R3#2y4e0x3K6x3o6V1#2

小程序使用async出现regeneratorRuntime is not defined错误说是少个依赖库,下载之

修改common.js代码引入该包:

解决思路
我看到小程序代码中有这样的片段:

看起来就是引入库的方式,于是我学了下写了这样一段:

再次运行:

继续分析它的生成逻辑,追到相关代码,添加打印语句:

上述r是个base64对象,且用到了它的words和sigBytes两个属性:

继续分析r的生成逻辑, 添加几行打印语句:

加了几句打印语句执行看看:

很明显了,是用“@653yx#*^&HrTy99”作为key种子初始化加密对象,然后将拼接的字符串n传入进行加密
百科了一下,该方法背后调用了著名的加密Hmac-Sha256

看来关于密码学笔者也需要系统地学一学~

前端能加密,后端一定有对应的解密。梳理一下上述分析的加密逻辑后,用java或者python写个测试demo验证一下

image-20210712190729823

混淆代码阅读性差,且代码量也繁杂,实现加密翻译或许有点吃力;那么我们转换思路,由“破译”转为“利用”
重新梳理一下上述加密流程,将涉及加密的代码整理出来,拷贝到一个js文件作为一个工具库来拿到最后的加密结果:
具体过程:

crypto-js 为前端一个加密库 介绍参见:84aK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6T1L8r3!0Y4i4K6u0W2j5%4y4V1L8W2)9J5k6h3&6W2N6q4)9J5c8X3y4S2L8%4W2S2L8U0l9^5x3U0W2Q4x3V1k6S2M7Y4c8A6j5$3I4W2i4K6u0r3k6r3g2@1j5h3W2D9M7#2)9J5c8U0R3^5z5o6R3$3y4U0x3#2

function getSignStr (str) {
var hash = CryptoJS.HmacSHA256(str, key);
// let hashInHex= CryptoJS.enc.Hex.stringify(hash); //base64_str
return stringify(hash);
}

public class ExecuteScript {

}

那就这样吧,也不失为一种解决策略;倘若不是为了爬虫,完全复刻出java版的加密逻辑工作量太大没必要

{\"longitude\":\"MTIwLjE1NDc3NQ==\",\"latitude\":\"MzAuMzA1ODIy\"}

经纬度的加密相比paramsMD5来说简单太多,这个不难就不展开了,大体说一下思路:

直接用java写段demo反向验证,用base64加密尝试下

结论:就是单纯的base64加密

心得:

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
curl -H 'Host: yx.feiniu.com' -H 'content-type: application/x-www-form-urlencoded' -H 'User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 MicroMessenger/8.0.7(0x18000731) NetType/WIFI Language/zh_CN' -H 'Referer: 671K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6K6k6i4u0$3K9h3y4W2N6$3g2U0K9r3q4@1i4K6u0W2j5$3!0E0i4K6u0r3N6%4R3H3z5r3y4U0y4X3u0V1x3e0g2X3j5h3u0X3j5e0f1K6i4K6u0r3z5o6y4Q4x3V1k6H3j5h3N6W2i4K6u0V1k6Y4u0S2L8h3g2Q4x3X3g2Z5N6r3#2D9i4K6t1%4 --data-binary "data=%7B%22apiVersion%22%3A%22t141%22%2C%22appVersion%22%3A%221.5.1%22%2C%22areaCode%22%3A%22CS000016%22%2C%22channel%22%3A%22online%22%2C%22clientid%22%3A%22a7ea53059fc868e2e3e2dd7c04027035%22%2C%22device_id%22%3A%22tv179yrhs3kv9RXjJv6uJNmdkN6kTbmaUHQE%22%2C%22time%22%3A1626080760465%2C%22reRule%22%3A%224%22%2C%22token%22%3A%227ae362df162da5ffbfc408ed8e3d4ff3%22%2C%22viewSize%22%3A%22720x1184%22%2C%22networkType%22%3A%22wifi%22%2C%22isSimulator%22%3Afalse%2C%22osType%22%3A%224%22%2C%22scopeType%22%3A1%2C%22businessType%22%3A2%2C%22businessId%22%3A%2217210001%22%2C%22deliveryCircleType%22%3A%221%22%2C%22body%22%3A%7B%22longitude%22%3A%22MTIwLjE1NDc3NQ%3D%3D%22%2C%22latitude%22%3A%22MzAuMzA1ODIy%22%7D%7D&h5=yx_touch&paramsMD5=iOWz8O%2BxL9r9GX4k5Te%2F2U5HGTRk1GQ6YqLnMErWrAI%3D" --compressed '5faK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6&6P5q4)9J5k6h3k6W2K9h3&6A6N6g2)9J5k6h3y4G2L8g2)9J5c8X3#2W2L8h3u0W2M7W2)9J5k6s2W2^5j5i4m8H3i4K6u0r3L8r3!0U0j5i4c8A6L8$3&6Q4x3V1k6Z5L8$3#2W2f1%4c8G2M7X3g2x3K9i4y4@1i4K6u0r3N6o6p5@1x3g2)9J5y4H3`.`.
curl -H 'Host: yx.feiniu.com' -H 'content-type: application/x-www-form-urlencoded' -H 'User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 MicroMessenger/8.0.7(0x18000731) NetType/WIFI Language/zh_CN' -H 'Referer: 671K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6K6k6i4u0$3K9h3y4W2N6$3g2U0K9r3q4@1i4K6u0W2j5$3!0E0i4K6u0r3N6%4R3H3z5r3y4U0y4X3u0V1x3e0g2X3j5h3u0X3j5e0f1K6i4K6u0r3z5o6y4Q4x3V1k6H3j5h3N6W2i4K6u0V1k6Y4u0S2L8h3g2Q4x3X3g2Z5N6r3#2D9i4K6t1%4 --data-binary "data=%7B%22apiVersion%22%3A%22t141%22%2C%22appVersion%22%3A%221.5.1%22%2C%22areaCode%22%3A%22CS000016%22%2C%22channel%22%3A%22online%22%2C%22clientid%22%3A%22a7ea53059fc868e2e3e2dd7c04027035%22%2C%22device_id%22%3A%22tv179yrhs3kv9RXjJv6uJNmdkN6kTbmaUHQE%22%2C%22time%22%3A1626080760465%2C%22reRule%22%3A%224%22%2C%22token%22%3A%227ae362df162da5ffbfc408ed8e3d4ff3%22%2C%22viewSize%22%3A%22720x1184%22%2C%22networkType%22%3A%22wifi%22%2C%22isSimulator%22%3Afalse%2C%22osType%22%3A%224%22%2C%22scopeType%22%3A1%2C%22businessType%22%3A2%2C%22businessId%22%3A%2217210001%22%2C%22deliveryCircleType%22%3A%221%22%2C%22body%22%3A%7B%22longitude%22%3A%22MTIwLjE1NDc3NQ%3D%3D%22%2C%22latitude%22%3A%22MzAuMzA1ODIy%22%7D%7D&h5=yx_touch&paramsMD5=iOWz8O%2BxL9r9GX4k5Te%2F2U5HGTRk1GQ6YqLnMErWrAI%3D" --compressed '5faK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6&6P5q4)9J5k6h3k6W2K9h3&6A6N6g2)9J5k6h3y4G2L8g2)9J5c8X3#2W2L8h3u0W2M7W2)9J5k6s2W2^5j5i4m8H3i4K6u0r3L8r3!0U0j5i4c8A6L8$3&6Q4x3V1k6Z5L8$3#2W2f1%4c8G2M7X3g2x3K9i4y4@1i4K6u0r3N6o6p5@1x3g2)9J5y4H3`.`.
curl -H 'Host: yx.feiniu.com' -H 'content-type: application/x-www-form-urlencoded' -H 'User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 MicroMessenger/8.0.7(0x18000731) NetType/WIFI Language/zh_CN' -H 'Referer: 3f1K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6K6k6i4u0$3K9h3y4W2N6$3g2U0K9r3q4@1i4K6u0W2j5$3!0E0i4K6u0r3N6%4R3H3z5r3y4U0y4X3u0V1x3e0g2X3j5h3u0X3j5e0f1K6i4K6u0r3z5o6y4Q4x3V1k6H3j5h3N6W2i4K6u0V1k6Y4u0S2L8h3g2Q4x3X3g2Z5N6r3#2D9i4K6t1%4 --data-binary "data={"apiVersion":"t141","appVersion":"1.5.1","areaCode":"CS000016","channel":"online","clientid":"a7ea53059fc868e2e3e2dd7c04027035","device_id":"tv179yrhs3kv9RXjJv6uJNmdkN6kTbmaUHQE","time":1626080760465,"reRule":"4","token":"7ae362df162da5ffbfc408ed8e3d4ff3","viewSize":"720x1184","networkType":"wifi","isSimulator":false,"osType":"4","scopeType":1,"businessType":2,"businessId":"17210001","deliveryCircleType":"1","body":{"longitude":"MTIwLjE1NDc3NQ==","latitude":"MzAuMzA1ODIy"}}&h5=yx_touch&paramsMD5=iOWz8O+xL9r9GX4k5Te/2U5HGTRk1GQ6YqLnMErWrAI=" --compressed '306K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6&6P5q4)9J5k6h3k6W2K9h3&6A6N6g2)9J5k6h3y4G2L8g2)9J5c8X3#2W2L8h3u0W2M7W2)9J5k6s2W2^5j5i4m8H3i4K6u0r3L8r3!0U0j5i4c8A6L8$3&6Q4x3V1k6Z5L8$3#2W2f1%4c8G2M7X3g2x3K9i4y4@1i4K6u0r3N6o6p5@1x3g2)9J5y4H3`.`.
curl -H 'Host: yx.feiniu.com' -H 'content-type: application/x-www-form-urlencoded' -H 'User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 MicroMessenger/8.0.7(0x18000731) NetType/WIFI Language/zh_CN' -H 'Referer: 3f1K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6K6k6i4u0$3K9h3y4W2N6$3g2U0K9r3q4@1i4K6u0W2j5$3!0E0i4K6u0r3N6%4R3H3z5r3y4U0y4X3u0V1x3e0g2X3j5h3u0X3j5e0f1K6i4K6u0r3z5o6y4Q4x3V1k6H3j5h3N6W2i4K6u0V1k6Y4u0S2L8h3g2Q4x3X3g2Z5N6r3#2D9i4K6t1%4 --data-binary "data={"apiVersion":"t141","appVersion":"1.5.1","areaCode":"CS000016","channel":"online","clientid":"a7ea53059fc868e2e3e2dd7c04027035","device_id":"tv179yrhs3kv9RXjJv6uJNmdkN6kTbmaUHQE","time":1626080760465,"reRule":"4","token":"7ae362df162da5ffbfc408ed8e3d4ff3","viewSize":"720x1184","networkType":"wifi","isSimulator":false,"osType":"4","scopeType":1,"businessType":2,"businessId":"17210001","deliveryCircleType":"1","body":{"longitude":"MTIwLjE1NDc3NQ==","latitude":"MzAuMzA1ODIy"}}&h5=yx_touch&paramsMD5=iOWz8O+xL9r9GX4k5Te/2U5HGTRk1GQ6YqLnMErWrAI=" --compressed '306K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6&6P5q4)9J5k6h3k6W2K9h3&6A6N6g2)9J5k6h3y4G2L8g2)9J5c8X3#2W2L8h3u0W2M7W2)9J5k6s2W2^5j5i4m8H3i4K6u0r3L8r3!0U0j5i4c8A6L8$3&6Q4x3V1k6Z5L8$3#2W2f1%4c8G2M7X3g2x3K9i4y4@1i4K6u0r3N6o6p5@1x3g2)9J5y4H3`.`.
data: {"apiVersion":"t141","appVersion":"1.5.1","areaCode":"CS000016","channel":"online","clientid":"a7ea53059fc868e2e3e2dd7c04027035","device_id":"tv179yrhs3kv9RXjJv6uJNmdkN6kTbmaUHQE","time":1626080760465,"reRule":"4","token":"7ae362df162da5ffbfc408ed8e3d4ff3","viewSize":"720x1184","networkType":"wifi","isSimulator":false,"osType":"4","scopeType":1,"businessType":2,"businessId":"17210001","deliveryCircleType":"1","body":{"longitude":"MTIwLjE1NDc3NQ==","latitude":"MzAuMzA1ODIy"}}
h5: yx_touch
paramsMD5: iOWz8O+xL9r9GX4k5Te/2U5HGTRk1GQ6YqLnMErWrAI=
data: {"apiVersion":"t141","appVersion":"1.5.1","areaCode":"CS000016","channel":"online","clientid":"a7ea53059fc868e2e3e2dd7c04027035","device_id":"tv179yrhs3kv9RXjJv6uJNmdkN6kTbmaUHQE","time":1626080760465,"reRule":"4","token":"7ae362df162da5ffbfc408ed8e3d4ff3","viewSize":"720x1184","networkType":"wifi","isSimulator":false,"osType":"4","scopeType":1,"businessType":2,"businessId":"17210001","deliveryCircleType":"1","body":{"longitude":"MTIwLjE1NDc3NQ==","latitude":"MzAuMzA1ODIy"}}
h5: yx_touch
paramsMD5: iOWz8O+xL9r9GX4k5Te/2U5HGTRk1GQ6YqLnMErWrAI=
 
 
 
 
 
 
 
 
 
 
 
 
 
 
# 主包反编译
node wxWxapkg.js ../../wxapkg/xxxx/_-2094256841_77.wxapkg
# 子包反编译
node wxWxapkg.js  -s=/Users/toretto/crack/wxapkg/xxxx/_-2094256841_77  ../../wxapkg/xxxx/_571009734_77.wxapkg
....
#部分子包反编译可能会报错,但没关系,不影响后续的加密分析过程
# 主包反编译
node wxWxapkg.js ../../wxapkg/xxxx/_-2094256841_77.wxapkg
# 子包反编译
node wxWxapkg.js  -s=/Users/toretto/crack/wxapkg/xxxx/_-2094256841_77  ../../wxapkg/xxxx/_571009734_77.wxapkg
....
#部分子包反编译可能会报错,但没关系,不影响后续的加密分析过程
 
 
function getHmacsha256(e) {
 var n = JSON.stringify(e) + e.isSimulator + e.viewSize + e.networkType + e.time, t = _common2.default.environment === _config.ENVIRONMENTS.BETA ? "@yx789*&^DKJ##CC" : "@653yx#*^&HrTy99";
 console.log("request.js@32 n: " + n);
 return _encBase2.default.stringify((0, _hmacSha2.default)(n, t));
}
function getHmacsha256(e) {
 var n = JSON.stringify(e) + e.isSimulator + e.viewSize + e.networkType + e.time, t = _common2.default.environment === _config.ENVIRONMENTS.BETA ? "@yx789*&^DKJ##CC" : "@653yx#*^&HrTy99";
 console.log("request.js@32 n: " + n);
 return _encBase2.default.stringify((0, _hmacSha2.default)(n, t));
}
 
var a = {"apiVersion":"t141","appVersion":"1.5.1","areaCode":"CS000016","channel":"online","clientid":"a7ea53059fc868e2e3e2dd7c04027035","device_id":"tv179yrhs3kv9RXjJv6uJNmdkN6kTbmaUHQE","time":1626080760465,"reRule":"4","token":"7ae362df162da5ffbfc408ed8e3d4ff3","viewSize":"720x1184","networkType":"wifi","isSimulator":false,"osType":"4","scopeType":1,"businessType":2,"businessId":"17210001","deliveryCircleType":"1","body":{"longitude":"MTIwLjE1NDc3NQ==","latitude":"MzAuMzA1ODIy"}};
 
 
function getHmacsha256(e) {
    // var n = JSON.stringify(e) + e.isSimulator + e.viewSize + e.networkType + e.time, t = _common2.default.environment === _config.ENVIRONMENTS.BETA ? "@yx789*&^DKJ##CC" : "@653yx#*^&HrTy99";
    var n = JSON.stringify(e) + e.isSimulator + e.viewSize + e.networkType + e.time, t = "@653yx#*^&HrTy99";
    console.log("request.js@32 n: " + n);
    return _encBase2.default.stringify((0, _hmacSha2.default)(n, t));
}
 
console.log(getHmacsha256(a));
var a = {"apiVersion":"t141","appVersion":"1.5.1","areaCode":"CS000016","channel":"online","clientid":"a7ea53059fc868e2e3e2dd7c04027035","device_id":"tv179yrhs3kv9RXjJv6uJNmdkN6kTbmaUHQE","time":1626080760465,"reRule":"4","token":"7ae362df162da5ffbfc408ed8e3d4ff3","viewSize":"720x1184","networkType":"wifi","isSimulator":false,"osType":"4","scopeType":1,"businessType":2,"businessId":"17210001","deliveryCircleType":"1","body":{"longitude":"MTIwLjE1NDc3NQ==","latitude":"MzAuMzA1ODIy"}};
 
 
function getHmacsha256(e) {
    // var n = JSON.stringify(e) + e.isSimulator + e.viewSize + e.networkType + e.time, t = _common2.default.environment === _config.ENVIRONMENTS.BETA ? "@yx789*&^DKJ##CC" : "@653yx#*^&HrTy99";
    var n = JSON.stringify(e) + e.isSimulator + e.viewSize + e.networkType + e.time, t = "@653yx#*^&HrTy99";
    console.log("request.js@32 n: " + n);
    return _encBase2.default.stringify((0, _hmacSha2.default)(n, t));
}
 
console.log(getHmacsha256(a));
#运行
node request.js
# 运行结果报错:
regeneratorRuntime is not defined     在 comment.js中
#运行
node request.js
# 运行结果报错:
regeneratorRuntime is not defined     在 comment.js中
 
#生成package.json
npm init
#下载缺少的包
npm install regenerator@0.13.1
# 将所缺文缺runtime.js移动到项目中
cd node_modules/regenerator-runtime/
#与common.js同目录
cp runtime.js /Users/toretto/crack/wxapkg/darunfa/_-2094256841_77/service/
#生成package.json
npm init
#下载缺少的包
npm install regenerator@0.13.1
# 将所缺文缺runtime.js移动到项目中
cd node_modules/regenerator-runtime/
#与common.js同目录
cp runtime.js /Users/toretto/crack/wxapkg/darunfa/_-2094256841_77/service/
// 最上方添加
import regeneratorRuntime from './runtime.js'
// 最上方添加
import regeneratorRuntime from './runtime.js'
#再次运行
node request.js
#还报错:
can not import modules from outside
#不能从外部导入文件,没有js基础的我盲猜可能是微信小程序无此语法(因为代码全局搜索import关键字后没有任何匹配项)。

[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课

收藏
免费 4
支持
分享
最新回复 (0)
游客
登录 | 注册 方可回帖
回帖 表情 雪币赚取及消费
高级回复
返回