foreword
Since I have written several articles before, but I am not very satisfied personally, so this time I plan to summarize all the knowledge into one article. There may be many places where the writing is not very good. You are welcome to comment and point out, and I will correct it later.
Personal vx: http://wc.ljlju.cn/4ZGETK
Principles of snapping up software
When we click the buy button, we will send an HTTP request to the server of the platform. This HTTP request will carry your account information (token or cookie), product id, quantity, payment password, etc. and send it to the server. After the server receives the request, it will perform the snap-up operation, and then return the result, telling you whether the snap-up result is successful (successful snap-up, insufficient inventory, server exception...).
Our snap-up software just skips the step of clicking the snap-up button, and directly sends the HTTP request for snap-up to the platform server. Through the cyclic sending of the software, it can send dozens or hundreds of HTTP requests for snap-up in one second. If an HTTP request is successfully processed by the platform server and the return result is that the order was successfully placed, it means that the product has been grabbed. This method is much better than manual or dot connecter! ! !
View and analyze HTTP requests
Here I directly use a certain platform for learning and explanation, please do not perform illegal operations.
Open the following URL: https://m.eryday.fun
Click F12 on the keyboard to pop up the debug window
Next, click on the network
Well, at this time, let’s click on mine, then enter the mobile phone number, enter the verification code, and click the button to send the verification code. At this time, we can observe that there is such an interface
This is the interface that you request to the backend after you click the Get Verification Code button, and we will click on it
For the above picture, we generally need to pay attention to the following three points:
- Request URL address: https://m.eryday.fun/api/verify-code/send
- Request method: GET
- Content-type:application/json
This is the interface for sending verification codes. The user has not logged in at this time, and there is no token option in all request headers. I will talk about it later.
Let's click on the load first to see what is inside, the content in the load is the request body
Through observation, we sent the following information:
mobile:"13333333333" (我们输入的手机号)
id: "Jo9lbMldS5Gf6naD5KbAzA" (不确定是什么参数)
type:1(类型,这个应该是固定的)
captcha:x526(我们刚刚输入的验证码)
Let's click on the response again to see the content inside
Then click on the response to see the login result
We can see that this is the information returned by the interface after clicking the **"Send Verification Code" button. From the returned information, we can know that the verification code failed to be sent, because our mobile phone number input is 6, which triggers the risk control mechanism. Next, we refresh the page **enter a normal mobile phone number, and then click the send verification code button , and then observe the situation of the request interface.
The four requests framed above are all the requests in the process from entering the mobile phone number and verification code to clicking the send verification code button. Let’s open the requests one by one to see if there is any connection between them.
I believe that everyone has already sent it. The above unknown id data is the returned id after obtaining the picture verification code. At this point, we have analyzed and understood all the logic of this website sending verification codes. Next we come to the strands.
Step 1: Request the picture verification code interface to obtain the picture verification code
请求URL:https://m.eryday.fun/api/captcha/graph
请求方法:POST
请求头:content-type: application/json
请求体:{"type":1,"fontSize":20,"width":100,"height":40}
接口响应:
{
"code": "0",
"data": {
"id": "xV5ZjLU8QWS2wehcnNk1Mw",
"content": "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAGQAAAAoCAIAAACHGsgUAAAJnklEQVR4Xu2YWVBU2RnHfZmqTJKnzFuqkpf4MsnMvOButAYxBC03VHBDRR0bkUVBBdkFZW0FGtmhW5ahARGbRZaepkFBBEVwEGVrFQFBQFbZl+bkf7jtpbnQOE3NpCqk/3WqOPe759z79e985zvfZQXR6RdrBdfwv68ppTIoqeDvJh5frLVcucfVyl/8qrWLO2hJWoawQGqdud+zhhZQa2zuvBqb89UWu+KqRu447bUMYX2936O6sVXd8mNuuZ6Zt7plaVqGsH6/0XpkbELd0vdx+I+bbNQtS9MyhPW33S6Klk51i+xx7ebTfHXL0rQMYZ31EyNPsZeIsm9Mr6RIK9SGLFHLEBbOPmR05KnegWH5k7pvD3jaBCRzBy1JyxAWhLNvzTGfLzdYbfqB/6vEFKPlCes3kg6WFtLBWlhjY+TFC9I1t/JfFFZTEzl3jvB4c5pUyh32X1RLRy/KqBV6PLZdCEpb8teMW6GbXpQe0zaJNpW9fQpAEgnx8yOWlvS3ZmfPGa8Z1qtXKjru7mRggLbqamJrOwdcWRmZnGRnVHd0XJbJ/p2YuCYmxuT27YtSab5CoZyexq2ipiLWLTT5G/nsi7QRzrjvDnq5hGXkltYcdIphkZm5CSenlNzRi6pzqFPdJbT1odt4Fkrml505Q5GVlMyZohlWbKyKyO3bs8bcXJXRw4MEBKj6gYGkvV1cU7M9KUlSV9c5NISBPSMjstevLbKzj6Sntw8Oej3wOpV5qrGnkV/Kh1v6cfo9Iz1nc86yjoY8Dpl9i2Y5hUo2nPAPTJKxmLbbhux3iETHPz6fO1qD+vpIRQW5FJ+8LkJ/h0cUfsEutzjGDfvrFdeSf/peZLA2Zq1vie/LrpdTyil2omZYvr7EyookJpLCwlljba0KUFUVvRwdZfB95PNBqmt4eHbkJyXX1OwUix1lzq5yV1xefXAVPjkVOKXXpl+UXgwqCxqfGt/24zYYm/ubuZPnae+lCFQDweIChhTq8vUn/LIeVO+0C8Ut7mg1tbaSBw+ISEScnVW/YAvfdsPNXSftm/h8skt0nIHV9rHNXmoPf8KehDGWgNIA9iEaYGHvIArxyFu3VFywHGjIe/HxJDV1zuDY2GfXrt2tq5tjVJN3cdHBNFv/h/7oM5HlIHPIasgCrIy6DBhPZJyAMadxtuzWJNBBEyTL/2zkcMApep25H3blw59fGV+MQFMfiXV8+ZImnZAQbuLFpSBEuU1ksifJFFmke7ib4WKcYjw2OWaTawPH8ITgsmAYj6QfYZ+pAVZvL7l+nT44Koq8eUOUSroiaMpPeQFpEA0aHCRhYfnu7szuW1AFbx5vvnUKXCaVk/tS97Fbb33s+uqOasS56JlodfTqz+7E6elpfYsbW84EukVkIqyYTL/xpH9jc+fv1lt9vd8D4VNcTFfT03MOHTQnJ5pXiopoiEGKHoVpmqmz3Bl96Ssp4w+Ws7Sl9FzeudQXNBp42Ty9mcTPOqABVkMDEQjoS8LCaEC1tKje2TjzX6Hyctq3tqb9+nqMDPXyGp+a3dscpb5IWxN9HP6xFgBq6mt63ft6QjnR0N2QUpNilm5249ENtUkLqK2rz8Ay8KibyC8un9mGW8+ESOUfv9sXhP5KQ5p92IYUgr2BfIuN0d/PfRSi+GDawYTqBPTxXgbW/ab7CHzbPNuWgZbRyVHGaJhoyM7SAAvHXEQEPT+jo+nl/fvEzY0ehZmZBBGEowLuODrSWwUFJDjYRSBoAlMN8ij03iw6pZxW9o32YRljKmPyFHnvBt5NE3pQZtZnIoUh+JOeJ3FnzlXJM8X3pwVnPHPu3CFBQeT8eerFP7aJGXA7DtW5utLwkctpzaN2Si+g8Irw45Lj5a3l6FvnWDNcOgY7TmedRkDB+LD5IWO89NMldpYGWHl5RCgkPj4kLo5eIs0z64VAQxZj+tinEIJeIHCXSKQoNTTIXHLpQJodOmzWZBqiCcb4n+M339qM4H/e+ZwzERkSPxsrlZxMw8TwUNlft4QYmDwxO9GPBhc27s9mSFlezVrodNEo72Jvc4k5Tmf0j949CmeQB4qbiw+kHWCyAU4exsl7DffYWRpgIYUnJFBSYjG9RHyphzjTkmc+5bFbBYI8hcKCU8B9UutA/wbhyStFPujjZNmdvJuFhYAinwhiAYdGJ7Ddnzwh6el0UVxcuC9ctfPeSqObDp5vfnCRfWviG5dZwU+Q/knfzkeUy33r5wRYiGWEEvp4NeOPQbyBUaIRDkQYkdEY49D4bC7WAAsgEOgIrpwcGtBI84hvxA4gosKC43Z2dKsi34eGYsOi8kQ9hSqB85h3AwM7xOHH7lpj6w1PDCP4Nwo3Io++6HzpnH/VN1+YJeu1iqOwdga6zV8O5J1r1+iSYa8jNx5zi0dV9b57wEGQjmj6xvTKyNgEiizTy9FT7MnzyySsEuJErv9Qj35NZw27frkKyr2yvZK5ZE4AVlxY79/TjDgSGa/yNzycfiNFRpL8mZIPsZ6RQe3IX93dpK2N3srKwh1UnqinfEpKFD09uEQKi6msNBSmRBVVs64YRBtvjTi8jx9k4iA39HUzdSw8fKHKyNtng8AYxSHQeHnRdcECwYf2dlrAqMvQKhgJHlzMr8Qxu0+Y+bCwov6wS2yMZG6t/TlVva/CjvMr8ePeIAR1397UvYzD6ocSmQ8LmwkoZLzbnFUujVfIZKQhubLfIxCXY/ZOjx4RRWJZl7+oIqEWs5D6Y0RKh4AP5g6dZuc/nLIdsrBQzd7qe5nlpRe5yuSydI97ol7kav1I403R/4LROt1VXjtTzS0qFA1o6CC+GFjAND4xiXJ0t32YtsGFD8NjkmNv+96qG0HKKseKcRXRp36LzIeFvXXzJj3onHkfinmqvJ7Hu8v87CKemLGU84T4C7ucl2LNG58LdrZduEBLnuBgEhT3+niCEzw4lHKyrWOs4t3TWXxReihKUYJxPJkvIxsBGjqrjnozsNAuBt9B2vpireWzhhbuhEWF+tPzvifejk8LlC/4VBTXiFmX5pMi82GxGh+nGwFlOSIIMYXYQRGaGf5u2MaRIfHR1qXFMfSpdz5uoWGbYiTSM0o0FH4ze1GjUEa4yF1Yz6KeRnFHLCSUnaCDzchgQvnOIvvDP216BjRWxYsIVSjSqPrKHbpziDkl50sjrMWkUJCzZykyJHvNhfuvLqQnls5ftjtW1bes3OOKPs87sX9whDv6N9CSYP2/SgdLC+lgaSEdLC2kg6WFdLC0kA6WFtLB0kI6WFpIB0sL6WBpIR0sLfQff9KMdS4cH/oAAAAASUVORK5CYII="
},
"success": true,
"ext": {
"executionTime": "3",
"currentDate": "2023-04-14T00:02:42.023+08:00"
},
"msg": "操作成功"
}
Step 2: Send verification code
请求URL:https://m.eryday.fun/api/verify-code/send
请求方法:POST
请求头:content-type: application/json
请求体:{"mobile":"13553232231","type":1,"captcha":"mhru","id":"xV5ZjLU8QWS2wehcnNk1Mw"}
接口响应:
{
"code": "0",
"data": null,
"success": true,
"ext": {
"executionTime": "390",
"currentDate": "2023-04-14T00:02:48.629+08:00"
},
"msg": "验证码已发送到你的手机,请查收"
}
Through simple operations, we can analyze which interface is requested by the platform to send the verification code, and submit some data. Then if we want to implement it through software, the principle is that we also request these interfaces, just change the value of the mobile parameter to the mobile phone number we input, and then we can simulate sending the interface. The same is true for writing snap-up software. First find out the interface parameters of clicking the snap-up button. We simulate the same parameters through the software, and then send snap-up requests to the platform in a loop, so as to achieve the goal of being one step faster.
Next, I hope that everyone can draw inferences from one instance and analyze the information of the login interface of the platform.
By analyzing the login interface, we can obtain the value of the user's token. In all subsequent requests, carrying the token in the request header is equivalent to the request initiated by the user. The platform uses this token to associate this Which user initiated the request.
We can see that subsequent requests will carry this x-token (different names for different websites) in the request body to determine which user it is and whether it is logged in.
Common HTTP requests
Common HTTP requests are GET and POST requests. Usually it can be understood like this, what I need to get data from the server is a GET request, and what I want to submit data to the server is a POST request.
For example:
GET request : Get user information, get product information.
PSOT request : log in account, place an order.
HTTP request is divided into request header and response body
Common request headers in GET mode:
GET /login/person?name=liangjaing&password=123123 HTTP/1.1 //请求地址
Host: www.ljlju.cn //请求的目的地
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6) //浏览器类型
Gecko/20050225 Firefox/1.0.1
Connection: Keep-Alive //可以不用理解
Common request headers in POST mode ( application/x-www-form-urlencoded )
POST test/persion HTTP/1.1
Host: www.ljlju.cn
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6)
Gecko/20050225 Firefox/1.0.1
Content-Type: application/x-www-form-urlencoded //请求类型
Content-Length: 40
Connection: Keep-Alive
Cookie: xxxxxx
Token: xxxxxx //用户身份标识 拿到了token或者cookie就相当于登录了这个账号
name=liangjiang&password=123123 //请求体
Common request headers in POST mode ( application/json )
POST test/persion HTTP/1.1
Host: www.ljlju.cn
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6)
Gecko/20050225 Firefox/1.0.1
Content-Type: application/json //请求类型
Content-Length: 40
Connection: Keep-Alive
Cookie: xxxxxx
Token: xxxxxx //用户身份标识 拿到了token或者cookie就相当于登录了这个账号
{"name": "liangjiang", "mima": "123123"} //请求体
The response body is the result of server processing. Generally, the successful code value is 200, and the result of snapping up will be displayed in the response body.
{"success":false,"code":20001,"message":"账户密码错误","data":{}}
Manual mock request
If we end up writing snap-off software in easy language, it is recommended to use Jingyi programming assistant to simulate the request.
Software link
https://wws.lanzouy.com/b0fft39wj
Password: c5cx
We only need to fill in the information of the interface analyzed above, and click to send the request . Next, I will simulate to get the picture verification code. The request body (submit data) can be clicked to view the source first, and then copied in.
Finally, the response text we obtained is exactly the same as the response obtained by the browser. At this time, we manually copy the content in the content, data:image/png... Then open the browser, you can see the image verification code, we continue Simulate the interface for sending the verification code, and use the id of the picture verification code and the correct picture verification code as the submitted data. You can simulate the request to successfully send the verification code.
At this time, our mobile phone number successfully received the verification code of the platform.
Then, through the obtained verification code, and then simulate the login interface, the user's token can be obtained, so as to perform other subsequent operations. I will not demonstrate this step, I hope everyone can draw inferences from one instance.
Obtain the rush purchase interface in advance
Next, I will explain how to obtain the pre-purchase package
When we write snap-up interfaces, we often have to obtain them in advance. Next, I will teach you a trial-and-error method, which is also the easiest way to obtain advance packages.
Let's click in and take a look, remember to analyze the interface.
Let me first talk about the idea of grabbing the package in advance
Still looking at this picture, all we need to do is to get our hands dirty with the returned results
First of all, we need to understand what controls the changes in the three statuses of the website's products not on consignment -> on consignment -> sold out . In fact, this is the returned result
When we click on the product to enter the product details, the interface will return all the information of the product, of course including the consignment status of the product
If we want to obtain the advance package, we can intercept the interface data returned by the server in the third step, and change the data representing the consignment status to consignment, or directly modify the consignment time returned by the system. Originally, the system set the consignment time of this product to 2:00 p.m., so we change this time to the current time, so that we can get the advance package.
We can look at the return data of the product details of this platform
{
"code": "0",
"data": {
"id": "16",
"type": 1,
"itemsLevel": null,
"title": "KAJA纪念邀请盲盒 ",
"subtitle": null,
"mainImgUrl": "https://res10.eryday.fun/rs/product/20230405/aa0448d940058098.png",
"mainImg": {
"id": "89",
"sort": 0,
"path": "res10/rs/product/20230405/aa0448d940058098.png",
"url": "https://res10.eryday.fun/rs/product/20230405/aa0448d940058098.png",
"mediaType": 1,
"canDownload": false,
"isMain": false,
"props": {
"width": 1024,
"height": 1024
}
},
"markingPrice": null,
"price": 9.9,
"logicStatus": 4, // 逻辑状态 重点关注
"startTime": "2023-04-09T20:00:00.000+08:00", //开售时间 重点关注
"endTime": "2023-04-10T00:00:00.000+08:00",
"issueNumber": 5000,
"tags": [],
"author": "",
"authorImgUrl": null,
"issuer": "iFun官方",
"issuerImgUrl": "https://res10.eryday.fun/rs/content/20230220/7e64d39a4836b899.png",
"hasPreemption": true,
"preemptionDate": null,
"rebatePoint": "0",
"userCanPreemption": null,
"introImgUrls": [
"https://res10.eryday.fun/rs/product/20230409/7dd4a6ab4e2da912.png"
],
"detailHeaderMedia": {
"id": "96",
"sort": 0,
"path": "res10/rs/product/20230409/9141040f48f6a397.png",
"url": "https://res10.eryday.fun/rs/product/20230409/9141040f48f6a397.png",
"mediaType": 1,
"canDownload": false,
"isMain": false,
"props": {
"width": 1024,
"height": 1024
}
},
"detailMedias": [
{
"id": "95",
"sort": 0,
"path": "res10/rs/product/20230409/7dd4a6ab4e2da912.png",
"url": "https://res10.eryday.fun/rs/product/20230409/7dd4a6ab4e2da912.png",
"mediaType": 1,
"canDownload": false,
"isMain": false,
"props": {
"width": 1125,
"height": 4897
}
}
],
"purchaseNotes": "数字文创藏品为虚拟数字商品,而非实物。仅限年满18周岁的中国大陆实名认证用户购买。数字文创藏品的版权由发行方和原创作者拥有,除另行获得版权拥有者书面同意外,用户不得将数字文创藏品用于任何商业用途。本商品一经售出,不支持退换。请勿对数字文创藏品进行炒卖、场外交易、欺诈或以任何其他非法方式进行使用。"
},
"success": true,
"ext": {
"executionTime": "3",
"currentDate": "2023-04-15T01:12:32.885+08:00"
},
"msg": "操作成功"
}
Through observation, we can find that by modifying any of the above two parameters, the consignment status of the product can be modified, so as to obtain the rush purchase interface in advance.
At this time, our packet capture artifact is on the scene. Since the installation of fiddler is a little complicated, for the convenience of demonstration, we will use another software first. The functions are the same, and the purpose is to put it back on the server. At this stage of the data, the request is intercepted, the data inside is modified, and the modified data is returned to the platform.
We first modify the returned data in the text box, because this product is already sold out, so it is definitely not possible to change the consignment time, we directly change the product status, first change 4 to 1
{
"code": "0",
"data": {
"id": "16",
"type": 1,
"itemsLevel": null,
"title": "KAJA纪念邀请盲盒 ",
"subtitle": null,
"mainImgUrl": "https://res10.eryday.fun/rs/product/20230405/aa0448d940058098.png",
"mainImg": {
"id": "89",
"sort": 0,
"path": "res10/rs/product/20230405/aa0448d940058098.png",
"url": "https://res10.eryday.fun/rs/product/20230405/aa0448d940058098.png",
"mediaType": 1,
"canDownload": false,
"isMain": false,
"props": {
"width": 1024,
"height": 1024
}
},
"markingPrice": null,
"price": 9.9,
"logicStatus": 1,
"startTime": "2023-04-09T20:00:00.000+08:00",
"endTime": "2023-04-10T00:00:00.000+08:00",
"issueNumber": 5000,
"tags": [],
"author": "",
"authorImgUrl": null,
"issuer": "iFun官方",
"issuerImgUrl": "https://res10.eryday.fun/rs/content/20230220/7e64d39a4836b899.png",
"hasPreemption": true,
"preemptionDate": null,
"rebatePoint": "0",
"userCanPreemption": null,
"introImgUrls": [
"https://res10.eryday.fun/rs/product/20230409/7dd4a6ab4e2da912.png"
],
"detailHeaderMedia": {
"id": "96",
"sort": 0,
"path": "res10/rs/product/20230409/9141040f48f6a397.png",
"url": "https://res10.eryday.fun/rs/product/20230409/9141040f48f6a397.png",
"mediaType": 1,
"canDownload": false,
"isMain": false,
"props": {
"width": 1024,
"height": 1024
}
},
"detailMedias": [
{
"id": "95",
"sort": 0,
"path": "res10/rs/product/20230409/7dd4a6ab4e2da912.png",
"url": "https://res10.eryday.fun/rs/product/20230409/7dd4a6ab4e2da912.png",
"mediaType": 1,
"canDownload": false,
"isMain": false,
"props": {
"width": 1125,
"height": 4897
}
}
],
"purchaseNotes": "数字文创藏品为虚拟数字商品,而非实物。仅限年满18周岁的中国大陆实名认证用户购买。数字文创藏品的版权由发行方和原创作者拥有,除另行获得版权拥有者书面同意外,用户不得将数字文创藏品用于任何商业用途。本商品一经售出,不支持退换。请勿对数字文创藏品进行炒卖、场外交易、欺诈或以任何其他非法方式进行使用。"
},
"success": true,
"ext": {
"executionTime": "3",
"currentDate": "2023-04-15T01:12:32.885+08:00"
},
"msg": "操作成功"
}
We set up the system proxy first, and then intercept the response
It is found that the status has changed to be on sale soon, so let's continue to change it to 2 and try
Successfully light up the purchase button, we click to buy now. Then you can get the interface of snapping up.
According to the above idea, to analyze the request parameters of the snap-up interface, we can generate corresponding snap-up requests through software later, and then send them in batches.
Request URL: https://m.eryday.fun/api/order/trading
Request header:
Accept: */*
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6
Connection: keep-alive
Content-Length: 61
Content-Type: application/json
Cookie: cna=c4bf69feb31f409c960ec48a4ee23f74; acw_tc=0b68a81a16814951542354451e2d0c5a97f1af858edf8feda8a6d03f44f5ba
Host: m.eryday.fun
Origin: https://m.eryday.fun
Referer: https://m.eryday.fun/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1 Edg/112.0.0.0
x-app-type: 100
x-appversion: 1.0.9
x-appversionnum: 119
x-device-id: 16814957461176540747
x-device-type: 10
x-token: xxxxxxxxxx--xxxxxxxxxxx // 这里会携带token
Request body:
{"pid":"16","traceId":"487c83c5-bf6e-4c21-a12a-1039a3b30696"}
这个pid就是商品id,可以通过浏览器的地址,有个product_details?id=16获取
那么下面的这个traceId,应该就是平台的加密数据了,那么这个又是下面的知识点了,但是这个后面通过解密发现其实就是一个UUID,相当于一个随机的字符串,我们在手动模拟请求的时候可以随便改几个数据,也可以发送成功
In this way, we directly get the snap-up interface. You can find other platforms to practice your hands, this is still very simple. Especially the release time, it is recommended to change this first. 99% of platforms can obtain snap-up interface in advance through this method.
Several common methods of cracking interface encryption
Because Shuzang platforms are put on the shelves to catch ducks, the encryption measures of most platforms are actually not very good, and many of them are not encrypted at all. Basically, the encryption methods of Shuzang platforms are relatively simple.
The following are the more common encryption methods and some of their characteristics:
MD5 encryption
This encryption method is irreversible and is generally used when logging in, because it cannot be decrypted, so when you log in, encrypt the password with MD5 according to certain rules, and then send it to the server, and the server will get your password from the database. password, and then use the same rules for MD5 encryption (such as adding a specific string), and then compare it with the MD5 you passed, and if they are consistent, the login is successful.
假设我的密码是“123456”,一般网站做MD5加密的时候,会在密码后面拼接一串字符串变成“123456liangjiang666”,然后对123456liangjiang666进行MD5加密
加密后的数据为:b5f69f2a0b186354da715d6e80249e2b
这串加密的数据是无法解密的,但是不管加密123456liangjiang666多少次,最终的结果都是b5f69f2a0b186354da715d6e80249e2b
DES/AES encryption
DES is an algorithm that uses key encryption. The encryption algorithm is a symmetric encryption method, and the encryption and decryption operations need to use the same key (a set of character strings).
We generally need to pay attention to these three points in this encryption method
- Key: 7 bytes and 56 bits in total, it is the working key of the DES algorithm
- Data: 8 bytes 64 bits, which is the data to be encrypted or not decrypted
- Mode: The way DES works
When reversing JS, you only need to find the key, which has to be explained in the video.
RSA encryption
The RSA encryption algorithm is an asymmetric encryption algorithm.
- Encrypted with the public key and decrypted with the private key. The private key is generated through public key computation. Assume that the three parties ABC and ABC want to communicate with each other in encrypted form. They use public keys to encrypt information with each other, and use their corresponding private keys to encrypt information when reading information.
- The payment password entered by the user will be encrypted by RSA
Find the public key and private key when JS is reversed, and generally exist in the front end
base 64 pseudo-encryption
Base64 is a method of representing arbitrary binary data using 64-bit characters. base64 is an encoding method rather than an encryption algorithm. It just looks like encryption. The picture verification code mentioned above is base64 encoding. This does not need to be decrypted, just convert it.
The traceId encryption of the above platform is actually the above picture, let us ask chatgpt what is this?
We can generate it with software
The writing of rush buying software
You can choose many languages to write snap-up software, such as easy language, python, java, etc. I plan to explain this on the video, or go to my previous articles, I will show it and write it in chatgpt haha
Take it directly, if it is written in easy language, the software can be generated directly, which is very convenient
In the follow-up, we will show you how to buy and pick up soft products in the form of video.
