chengying-4.0登入接口逆向
首先是登入的加密
url:http://xxxxx/api/v2/user/login
参数
1. username:
admin@dtstack.com
2. password:
614bb9438210c6972fbe5fa1875d56bebe28fd3d86ea76830afc4e79cfc7159c328285c19db0f4789db01ea644989f6fce5aae5304dc04b332743d2967808fcfae0a0ef35c7435b81423b90a425d1fba36ea2b04584e9440d030e7ca56fe0cc7e14819b562a5edd38d96527514f65a8cff9c388303f9fd12463fdf184ea8e95c
登入对应加密位置
可以看出"sm2" === i为false 所以可以配置
也可以看出是rsa加密
值得注意的是 这个public_key是请求过来的
比较简单直接上代码吧
def getPwd(t):
n = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="
r = "0123456789abcdefghijklmnopqrstuvwxyz" # 这里需要替换为实际的函数或方法
i = ""
s = 0
o = 0
for e in range(len(t)):
if t[e] == "=":
break
h = n.index(t[e])
if h >= 0:
if s == 0:
i += r[h >> 2]
o = 3 & h
s = 1
elif s == 1:
i += r[o << 2 | h >> 4]
o = 15 & h
s = 2
elif s == 2:
i += r[o]
i += r[h >> 2]
o = 3 & h
s = 3
else:
i += r[o << 2 | h >> 4]
i += r[15 & h]
s = 0
return i
def encrypt_password(publicKey, password):
rsakey = RSA.importKey(publicKey)
cipher = PKCS1_v1_5.new(rsakey)
cipher_text = base64.b64encode(cipher.encrypt(password.encode('utf-8')))
pwd = getPwd(cipher_text.decode('utf-8'))
return pwd
def login_app(ip, username, password):
url_getPublicKey = f"http://{ip}/api/v2/user/getPublicKey"
url_login = f"http://{ip}/login"
resopnse_PublicKey = requests.get(url_getPublicKey)
publicKey = resopnse_PublicKey.json()['data']['encrypt_public_key']
password = encrypt_password(publicKey, password)
print(password)
