JS加密算法簡單分析

此次分析百度音樂的評論請求的加密，首先先看包

看到有兩個地方1. param，2. sign，基本能夠判定sign是用的MD5加密的

那麼咱們從html頁面分析入手，恰巧看到html代碼中有寫到這麼一段

右鍵點擊open in Source panel

熟悉的配方，熟悉的味道，看起來就是MD5，在函數末尾下個斷點(點擊前面的行號就能夠下斷點)，換頁便可運行，F10一直單步運行，發現最後會跳轉到另外一個js

看來這裏就是加密的地方，param應該是AES加密

因此param和sign的計算應該是這樣

# -*- coding:utf-8 -*-
#!/usr/bin/env python
# http://music.baidu.com/data/tingapi/v1/restserver/ting?method=baidu.ting.ugcmsg.getCommentListByType&timestamp=1528636009&param=NT6J1C5axIckxMHUH2k3Ph1pDNp7wWl6s0IoSsSQMcRi1YJKw0RdAfhQ0ULfOwjRNvoopUj6Ki6jMzXwBLatcQ%3D%3D&sign=c16dd43318fc66aa6b2865b7ce25541b&from=web

import time
import base64
from Crypto.Cipher import AES
import hashlib

def md5Encrypt(text):
    m1 = hashlib.md5()
    m1.update(text)
    return m1.hexdigest()
def aesEncrypt(text, secKey):
    pad = 16 - len(text) % 16
    text = text + pad * chr(pad)
    encryptor = AES.new(secKey, 2,secKey)
    ciphertext = encryptor.encrypt(text)
    ciphertext = base64.b64encode(ciphertext)
    return ciphertext

# timestamp = str(int(time.time()))
# offset = "20"
timestamp = "1528636009"
offset = "80"
size = "20"
musicid = "242078437"
text = "from=web&offset="+offset+"&size="+size+"&type=2&type_id="+musicid
key = md5Encrypt("baidu_taihe_music_secret_key"+timestamp)[8:24]
param = aesEncrypt(text,key)
sign = md5Encrypt("baidu_taihe_music"+param+timestamp)
複製代碼

剛巧與上面計算出來的結果同樣，結束