这段代码关键部分就是 function ee(){} 我输入密码,然后经过加密,通过 post 方式请求返回服务器。我用 python 写个模拟登陆,但是这段加密搞不定,照着写出来的代码,运行结果不对。。 正确的值如下: upass: E1f0813d4cea349c75b135043842608b123456781
~~~~~~~~~~~~~javascript 代码~~~~~~~~~~~~~~~~~~~~~~~~
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<script language="JavaScript"><!--
sv=0;sv1=0;v6='http://[::]:9002/v6 ';myv6ip=' ';v4serip='10.100.10.104' ;m46=0;v46ip='172.19.213.68' ;
ps=1;pid='1';calg='12345678';
function safe_add(x,y){
var lsw=(x&0xFFFF)+(y&0xFFFF)
var msw=(x>>16)+(y>>16)+(lsw>>16)
return(msw<<16)|(lsw&0xFFFF)}
function rol(num,cnt){return(num<<cnt)|(num>>>(32-cnt));}
function cmn(q,a,b,x,s,t){return safe_add(rol(safe_add(safe_add(a,q),safe_add(x,t)),s),b);}
function ff(a,b,c,d,x,s,t){return cmn((b&c)|((~b)&d),a,b,x,s,t);}
function gg(a,b,c,d,x,s,t){return cmn((b&d)|(c&(~d)),a,b,x,s,t);}
function hh(a,b,c,d,x,s,t){return cmn(b^c^d,a,b,x,s,t);}
function ii(a,b,c,d,x,s,t){return cmn(c^(b|(~d)),a,b,x,s,t);}
function coreMD5(x){
var a=1732584193
var b=-271733879
var c=-1732584194
var d=271733878
for(i=0; i < x.length; i+=16){
var olda=a
var oldb=b
var oldc=c
var oldd=d
a=ff(a,b,c,d,x[i+0],7,-680876936)
d=ff(d,a,b,c,x[i+1],12,-389564586)
c=ff(c,d,a,b,x[i+2],17,606105819)
b=ff(b,c,d,a,x[i+3],22,-1044525330)
a=ff(a,b,c,d,x[i+4],7,-176418897)
d=ff(d,a,b,c,x[i+5],12,1200080426)
c=ff(c,d,a,b,x[i+6],17,-1473231341)
b=ff(b,c,d,a,x[i+7],22,-45705983)
a=ff(a,b,c,d,x[i+8],7,1770035416)
d=ff(d,a,b,c,x[i+9],12,-1958414417)
c=ff(c,d,a,b,x[i+10],17,-42063)
b=ff(b,c,d,a,x[i+11],22,-1990404162)
a=ff(a,b,c,d,x[i+12],7,1804603682)
d=ff(d,a,b,c,x[i+13],12,-40341101)
c=ff(c,d,a,b,x[i+14],17,-1502002290)
b=ff(b,c,d,a,x[i+15],22,1236535329)
a=gg(a,b,c,d,x[i+1],5,-165796510)
d=gg(d,a,b,c,x[i+6],9,-1069501632)
c=gg(c,d,a,b,x[i+11],14,643717713)
b=gg(b,c,d,a,x[i+0],20,-373897302)
a=gg(a,b,c,d,x[i+5],5,-701558691)
d=gg(d,a,b,c,x[i+10],9,38016083)
c=gg(c,d,a,b,x[i+15],14,-660478335)
b=gg(b,c,d,a,x[i+4],20,-405537848)
a=gg(a,b,c,d,x[i+9],5,568446438)
d=gg(d,a,b,c,x[i+14],9,-1019803690)
c=gg(c,d,a,b,x[i+3],14,-187363961)
b=gg(b,c,d,a,x[i+8],20,1163531501)
a=gg(a,b,c,d,x[i+13],5,-1444681467)
d=gg(d,a,b,c,x[i+2],9,-51403784)
c=gg(c,d,a,b,x[i+7],14,1735328473)
b=gg(b,c,d,a,x[i+12],20,-1926607734)
a=hh(a,b,c,d,x[i+5],4,-378558)
d=hh(d,a,b,c,x[i+8],11,-2022574463)
c=hh(c,d,a,b,x[i+11],16,1839030562)
b=hh(b,c,d,a,x[i+14],23,-35309556)
a=hh(a,b,c,d,x[i+1],4,-1530992060)
d=hh(d,a,b,c,x[i+4],11,1272893353)
c=hh(c,d,a,b,x[i+7],16,-155497632)
b=hh(b,c,d,a,x[i+10],23,-1094730640)
a=hh(a,b,c,d,x[i+13],4,681279174)
d=hh(d,a,b,c,x[i+0],11,-358537222)
c=hh(c,d,a,b,x[i+3],16,-722521979)
b=hh(b,c,d,a,x[i+6],23,76029189)
a=hh(a,b,c,d,x[i+9],4,-640364487)
d=hh(d,a,b,c,x[i+12],11,-421815835)
c=hh(c,d,a,b,x[i+15],16,530742520)
b=hh(b,c,d,a,x[i+2],23,-995338651)
a=ii(a,b,c,d,x[i+0],6,-198630844)
d=ii(d,a,b,c,x[i+7],10,1126891415)
c=ii(c,d,a,b,x[i+14],15,-1416354905)
b=ii(b,c,d,a,x[i+5],21,-57434055)
a=ii(a,b,c,d,x[i+12],6,1700485571)
d=ii(d,a,b,c,x[i+3],10,-1894986606)
c=ii(c,d,a,b,x[i+10],15,-1051523)
b=ii(b,c,d,a,x[i+1],21,-2054922799)
a=ii(a,b,c,d,x[i+8],6,1873313359)
d=ii(d,a,b,c,x[i+15],10,-30611744)
c=ii(c,d,a,b,x[i+6],15,-1560198380)
b=ii(b,c,d,a,x[i+13],21,1309151649)
a=ii(a,b,c,d,x[i+4],6,-145523070)
d=ii(d,a,b,c,x[i+11],10,-1120210379)
c=ii(c,d,a,b,x[i+2],15,718787259)
b=ii(b,c,d,a,x[i+9],21,-343485551)
a=safe_add(a,olda)
b=safe_add(b,oldb)
c=safe_add(c,oldc)
d=safe_add(d,oldd);}
return [a,b,c,d];}
function binl2hex(binarray){
var hex_tab="0123456789abcdef"
var str=""
for(var i=0; i < binarray.length * 4; i++){
str+=hex_tab.charAt((binarray[i>>2] >>((i%4)*8+4))&0xF)+
hex_tab.charAt((binarray[i>>2] >>((i%4)*8))&0xF)
}
return str;}
function binl2b64(binarray){
var tab="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
var str=""
for(var i=0; i < binarray.length * 32; i+=6){
str+=tab.charAt(((binarray[i>>5] <<(i%32))&0x3F)|((binarray[i>>5+1] >>(32-i%32))&0x3F))
}
return str;}
function str2binl(str){
var nblk=((str.length+8)>>6)+1 // number of 16-word blocks
var blks=new Array(nblk * 16)
for(var i=0; i < nblk * 16; i++) blks[i]=0
for(var i=0; i < str.length; i++)
blks[i>>2]|=(str.charCodeAt(i)&0xFF) <<((i%4) * 8)
blks[i>>2]|=0x80 <<((i%4) * 8)
blks[nblk*16-2]=str.length * 8
return blks;}
function strw2binl(str){
var nblk=((str.length+4)>>5)+1 // number of 16-word blocks
var blks=new Array(nblk * 16)
for(var i=0; i < nblk * 16; i++) blks[i]=0
for(var i=0; i < str.length; i++)
blks[i>>1]|=str.charCodeAt(i) <<((i%2) * 16)
blks[i>>1]|=0x80 <<((i%2) * 16)
blks[nblk*16-2]=str.length * 16
return blks;}
function hexMD5(str){return binl2hex(coreMD5( str2binl(str)))}
function hexMD5w(str){return binl2hex(coreMD5(strw2binl(str)))}
function b64MD5(str){return binl2b64(coreMD5( str2binl(str)))}
function b64MD5w(str){return binl2b64(coreMD5(strw2binl(str)))}
function calcMD5(str){return binl2hex(coreMD5( str2binl(str)))}
function xproc1(str){
var EChars="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
var out,i,len,c1,c2,c3;
len=str.length;
i=0;
out = "";
while(i<len){
c1=str.charCodeAt(i++)&0xff;
if(i==len){out+=EChars.charAt(c1>>2);
out+=EChars.charAt((c1&0x3)<<4);
out+= "==";
break;}
c2=str.charCodeAt(i++);
if(i==len){out+=EChars.charAt(c1>>2);
out+=EChars.charAt(((c1&0x3)<<4)|((c2&0xF0)>>4));
out+=EChars.charAt((c2&0xF)<<2);
out+="=";
break;}
c3=str.charCodeAt(i++);
out+=EChars.charAt(c1>>2);
out+=EChars.charAt(((c1&0x3)<<4)|((c2&0xF0)>>4));
out+=EChars.charAt(((c2&0xF)<<2)|((c3&0xC0)>>6));
out+=EChars.charAt(c3&0x3F);}
return out;}
function cc(ss){f0.R1.value=ss;}
function ee(){
if(f1.DDDDD.value==""){alert("??ê?è??úμ???o? Please enter your account account number");return false;}
f0.DDDDD.value=f1.DDDDD.value
if(ps==0){f0.upass.value=xproc1(f1.upass.value);}
else{tmpchar=pid+f1.upass.value+calg;f0.upass.value=calcMD5(tmpchar)+calg+pid;f0.R2.value=1;}
document.f0.submit();
return false;}
//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~` 我用 python 写的加密代码
def safe_add(x,y):
lsw=(x & 0xFFFF)+(y & 0xFFFF)
msw=(x >> 16)+(y >> 16)+(lsw >> 16)
return(msw << 16)|(lsw & 0xFFFF)
def rol(num,cnt):
tmp = num << 2
tmp1 = abs(num) >> (32 - cnt)
return (tmp | tmp1)
def cmn(q,a,b,x,s,t):
return safe_add(rol(safe_add(safe_add(a, q), safe_add(x, t)), s), b)
def ff(a,b,c,d,x,s,t):
return cmn((b & c)|((~b) & d),a,b,x,s,t)
def gg(a,b,c,d,x,s,t):
return cmn((b & d)|(c & (~d)),a,b,x,s,t)
def hh(a,b,c,d,x,s,t):
return cmn(b ^ c ^ d, a, b, x, s, t)
def ii(a,b,c,d,x,s,t):
return cmn(c^(b|(~d)),a,b,x,s,t)
def coreMD5(x):
a=1732584193
b=-271733879
c=-1732584194
d=271733878
for i in range(0,len(x),16):
olda=a
oldb=b
oldc=c
oldd=d
a = ff(a, b, c, d, x[i + 0], 7, -680876936)
d = ff(d, a, b, c, x[i + 1], 12, -389564586)
c = ff(c, d, a, b, x[i + 2], 17, 606105819)
b = ff(b, c, d, a, x[i + 3], 22, -1044525330)
a = ff(a, b, c, d, x[i + 4], 7, -176418897)
d = ff(d, a, b, c, x[i + 5], 12, 1200080426)
c = ff(c, d, a, b, x[i + 6], 17, -1473231341)
b = ff(b, c, d, a, x[i + 7], 22, -45705983)
a = ff(a, b, c, d, x[i + 8], 7, 1770035416)
d = ff(d, a, b, c, x[i + 9], 12, -1958414417)
c = ff(c, d, a, b, x[i + 10], 17, -42063)
b = ff(b, c, d, a, x[i + 11], 22, -1990404162)
a = ff(a, b, c, d, x[i + 12], 7, 1804603682)
d = ff(d, a, b, c, x[i + 13], 12, -40341101)
c = ff(c, d, a, b, x[i + 14], 17, -1502002290)
b = ff(b, c, d, a, x[i + 15], 22, 1236535329)
a = gg(a, b, c, d, x[i + 1], 5, -165796510)
d = gg(d, a, b, c, x[i + 6], 9, -1069501632)
c = gg(c, d, a, b, x[i + 11], 14, 643717713)
b = gg(b, c, d, a, x[i + 0], 20, -373897302)
a = gg(a, b, c, d, x[i + 5], 5, -701558691)
d = gg(d, a, b, c, x[i + 10], 9, 38016083)
c = gg(c, d, a, b, x[i + 15], 14, -660478335)
b = gg(b, c, d, a, x[i + 4], 20, -405537848)
a = gg(a, b, c, d, x[i + 9], 5, 568446438)
d = gg(d, a, b, c, x[i + 14], 9, -1019803690)
c = gg(c, d, a, b, x[i + 3], 14, -187363961)
b = gg(b, c, d, a, x[i + 8], 20, 1163531501)
a = gg(a, b, c, d, x[i + 13], 5, -1444681467)
d = gg(d, a, b, c, x[i + 2], 9, -51403784)
c = gg(c, d, a, b, x[i + 7], 14, 1735328473)
b = gg(b, c, d, a, x[i + 12], 20, -1926607734)
a = hh(a, b, c, d, x[i + 5], 4, -378558)
d = hh(d, a, b, c, x[i + 8], 11, -2022574463)
c = hh(c, d, a, b, x[i + 11], 16, 1839030562)
b = hh(b, c, d, a, x[i + 14], 23, -35309556)
a = hh(a, b, c, d, x[i + 1], 4, -1530992060)
d = hh(d, a, b, c, x[i + 4], 11, 1272893353)
c = hh(c, d, a, b, x[i + 7], 16, -155497632)
b = hh(b, c, d, a, x[i + 10], 23, -1094730640)
a = hh(a, b, c, d, x[i + 13], 4, 681279174)
d = hh(d, a, b, c, x[i + 0], 11, -358537222)
c = hh(c, d, a, b, x[i + 3], 16, -722521979)
b = hh(b, c, d, a, x[i + 6], 23, 76029189)
a = hh(a, b, c, d, x[i + 9], 4, -640364487)
d = hh(d, a, b, c, x[i + 12], 11, -421815835)
c = hh(c, d, a, b, x[i + 15], 16, 530742520)
b = hh(b, c, d, a, x[i + 2], 23, -995338651)
a = ii(a, b, c, d, x[i + 0], 6, -198630844)
d = ii(d, a, b, c, x[i + 7], 10, 1126891415)
c = ii(c, d, a, b, x[i + 14], 15, -1416354905)
b = ii(b, c, d, a, x[i + 5], 21, -57434055)
a = ii(a, b, c, d, x[i + 12], 6, 1700485571)
d = ii(d, a, b, c, x[i + 3], 10, -1894986606)
c = ii(c, d, a, b, x[i + 10], 15, -1051523)
b = ii(b, c, d, a, x[i + 1], 21, -2054922799)
a = ii(a, b, c, d, x[i + 8], 6, 1873313359)
d = ii(d, a, b, c, x[i + 15], 10, -30611744)
c = ii(c, d, a, b, x[i + 6], 15, -1560198380)
b = ii(b, c, d, a, x[i + 13], 21, 1309151649)
a = ii(a, b, c, d, x[i + 4], 6, -145523070)
d = ii(d, a, b, c, x[i + 11], 10, -1120210379)
c = ii(c, d, a, b, x[i + 2], 15, 718787259)
b = ii(b, c, d, a, x[i + 9], 21, -343485551)
a = safe_add(a, olda)
b = safe_add(b, oldb)
c = safe_add(c, oldc)
d = safe_add(d, oldd)
return [a,b,c,d]
def str2binl(str):
nblk=((len(str)+8) >> 6)+1
blks=[0 for i in range(0,nblk*16)]
for i in range(0,len(str)):
blks[i>>2] = blks[i>>2] | ((int(str[i])& 0xFF) <<((i%4) * 8))
blks[i>>2] = blks[i>>2] | (0x80 <<((i%4) * 8))
blks[(nblk*16 - 2)] = len(str) * 8
return blks
def binl2hex(binarray):
hex_tab="0123456789abcdef"
str=""
for i in range(len(binarray)*4):
str= str + hex_tab[(binarray[i>>2] >>((i%4)*8+4))&0xF]+hex_tab[(binarray[i>>2] >>((i%4)*8))&0xF]
return str
def calcMD5(str):
return binl2hex(coreMD5( str2binl(str)))
str = '12345678'
pid = '1'
calg = '12345678'
def main():
tmpchar = pid + str +calg
tmpchar2 = calcMD5(tmpchar)
passd = tmpchar2 +calg +pid
print passd
if __name__ == "__main__":
main()
1
m939594960 2016-04-26 16:51:07 +08:00
用 pyv8
直接用 js 算结果啊 |
2
livesmart OP @m939594960
谢谢,我去试试。。但是你能不能告诉我,我哪里错了。。。。 |
3
fish267 2016-04-26 16:59:10 +08:00 1
I prefer go die.
|
4
m939594960 2016-04-26 17:01:35 +08:00 1
@livesmart 太多了 我也没仔( KAN )细( BU )看( DONG ) 不过对效率等等要求不是很高的话 直接运行这个 js 取结果就好了 应该是最好的办法 。中间那么长一段 其实就是个 md5 加密, python 直接用库生成就好了
如果非得要用 python 去实现这个加密的过程 推荐吧 js 放到 chrome 中运行一下 然后下断点 看下每一步的数值 然后 python 也进行一步一步的 查看一下数值 问题出现在哪就很好看出来了 |
5
mV2GK 2016-04-26 17:01:56 +08:00 1
每一步都加个 print 对比下输出不就知道了。。。
|
6
j0kER 2016-04-26 17:09:00 +08:00
@m939594960 pyv8 怎么安装啊。。 pip 安装不起来
|
7
gimp 2016-04-26 17:16:16 +08:00 1
|
8
mdzz 2016-04-26 17:19:02 +08:00 6
你 TM 在逗我
>>> import hashlib >>> ANS = 'E1f0813d4cea349c75b135043842608b123456781' >>> >>> str = '12345678' >>> pid = '1' >>> calg = '12345678' >>> >>> tmpchar = pid + str + calg >>> tmpchar2 = hashlib.md5(tmpchar).hexdigest() >>> passd = tmpchar2 + calg + pid >>> passd.capitalize() == ANS True >>> |
11
qqmishi 2016-04-26 17:46:53 +08:00
怎么感觉和我们学校教务网加密方式一样啊 23333
当初我也是耐心的看了一遍源码,最后放弃直接用 python 的 md5 库了 23333 |
13
est 2016-04-26 18:02:45 +08:00
爬的网站还不够多,没看出来这是 md5 库。。。
|
14
lxy 2016-04-26 18:13:30 +08:00
看到那个 calcMD5 还不明白么……
|
15
blotd 2016-04-26 21:59:26 +08:00 1
```javascript
// JS Hashlib Lib : https://github.com/LuoZijun/hashlib.js // 把 hashlib.js 引入你的 html 。 // <script type="text/javascript" src="hashlib.js"></script> var target = 'E1f0813d4cea349c75b135043842608b123456781'; var str = '12345678'; var pid = '1'; var calg = '12345678'; var tmpchar = pid + str + calg; var hash = new hashlib.md5(tmpchar).hexdigest(); var array = (hash + calg + pid).split(''); array.splice(0, 1, array[0].toUpperCase() ); var result = array.join(''); console.log( 'Target: ' + result + ' Result: ' + result ); console.log( target == result ); ``` |
16
zmj1316 2016-04-26 22:03:06 +08:00
带 js 的除非像这种特别明显的我都是偷懒直接上 pyV8
|
17
guokeke 2016-04-27 02:12:30 +08:00 via Android
→_→,感觉这是某校园网的登录啊,你一定是要干坏事!
|
18
wwxiong 2016-04-27 09:19:55 +08:00 1
python 的位运算机制和 js 是不一样的。特别针对高位有符号左移位。你可以借助 python ctypes 模块来处理。
python >>> -1231313132112 << 2 -4925252528448 js -1231313132112 << 2 1074960064 |