逆向工程视角解决:jd/京东APP 验证码wasm加密逆向分析

逆向工程视角解决:jd/京东APP 验证码wasm加密逆向分析

声明
本文章中所有内容仅供学习交流使用,不用于其他任何目的,抓包内容、敏感网址、数据接口等均已做脱敏处理,严禁用于商业用途和非法用途,否则由此产生的一切后果均与作者无关!

有相关问题请第一时间点击头像看简介或私信联系我删除博客!

部分python代码

url = "/app" params = { "source": "JDAP" } response = session.post(url, headers=headers, params=params) sid = response.json()['data'] cp = execjs.compile(open('e卡.js','r',encoding='utf-8').read()) data = cp.call('getFp',sid) url = "api/fp" response = session.post(url, headers=headers, data=data) data = response.json() fp = data['fp'] st = data['st'] data = cp.call('initBg',sid,st) url = "api/check" response = session.post(url, headers=headers, data=data) data = response.json() imgJsonStr = data['img'] print(imgJsonStr) img =json.loads(imgJsonStr) b1 = img['b1'] b2 = img['b2'] # print(b1.split('data:image/png;base64,')[1]) with open('b1.jpg','wb') as f: f.write(base64.b64decode(b1.replace('data:image/jpg;base64,',''))) with open('b2.png','wb') as f: f.write(base64.b64decode(b2.replace('data:image/png;base64,',''))) # verify(st, sessionId, distance) with open('b1.jpg','rb') as fp: background_bytes = fp.read() with open('b2.png','rb') as fp: target_bytes = fp.read() res = det.slide_match(target_bytes, background_bytes, simple_target=True) distance = getDistance() result = cp.call('verify',distance,sid,imgJsonStr,st) data = result['data'] trace = result['trace'] print(trace) url = "api/check" response = session.post(url, headers=headers, data=data) data = response.json() print(data)

结果

总结
1.出于安全考虑,本章未提供完整流程,调试环节省略较多,只提供大致思路,具体细节要你自己还原,相信你也能调试出来。
2.具体更多细节请看名字进入详情了解更多细节,具体细节要你自己还原,相信你也能调试出来。