Click above ↑ ↑ ↑ blue word [ protocol analysis and restoration ] to follow us
" Algorithm for analyzing partial data in communication TCP long connections. "
As an old-fashioned stock trading software, the data in the communication da communication is quite rich, and the free ones are also very rich, and the accuracy is also very good. For example, this kind of information related to stocks.
Along the way, the functions of communication da have been continuously enriched. There are clients of various platforms. Of course, there are many people and organizations using them. Connection should have existed since the PC era, and it has been used on mobile terminals, showing its technical strength. After all, this is an era where HTTP interfaces are everywhere. People who are familiar with TCP multi-threaded development Not easy to find either.
Although the technology is good, but I don't know the specific reason, the communication da communication has been kept in the unencrypted mode of the TCP connection, probably because the iteration of the technology needs to involve too many modules, it is not easy to do. Of course, for crawlers, although it is not encrypted, it is still difficult to crawl the data in the TCP connection.
Tongdaxin’s TCP long-connection traffic is not encrypted. However, looking around, there are many data in it that are not in plain text, which is not intuitive enough. Today, let’s take a look at the data in Tongdaxin’s TCP long-connection, and decode some of the data inside, right? For those who understand, it is equivalent to decrypting.
01
—
packet analysis
According to the standard process, to analyze the decryption protocol, you must first find the packet flow and find the identification method of the data flow, but there is no such method here. If you are interested, you can find it by yourself. It is very easy to find. The following directly analyzes the long connection traffic.
First of all, let’s take a look at the general situation of Tongdaxin’s long connection. There are plain text and invisible garbled characters. The plain text is probably some commands and parameters, and of course the stock code:
There are too many garbled characters. I found a piece of data from it. It is a complete TCP packet captured by wireshark. It is a complete data block. Look at the original data in hex dump mode:
After a rough analysis, the first 32 bytes are probably equivalent to the block header. Let’s ignore it. The long data in the back should be the content of the transmission. After some analysis, the process is omitted. In fact, just look at the data directly. It can be seen that the data starting with hexadecimal 789c is most likely to be compressed data. This spell is based on experience. If you are not experienced enough, analyze the code and try to decompress it directly. The results are as follows:
Sorry, this is the decrypted result of the written tool.
The data is compressed by deflate, and it can be decompressed. It is easy to implement with python's zlib library. The Chinese character encoding is GBK. Pay attention, otherwise it will be garbled when you unpack it. If you compress it in the reverse direction, choose compresslevel 6.
Let's take a look at the code of the complete codec version:
def deflate(data, compresslevel=9):
compress = zlib.compressobj(
compresslevel,
zlib.DEFLATED,
-zlib.MAX_WBITS,
zlib.DEF_MEM_LEVEL,
0
)
deflated = compress.compress(data)
deflated += compress.flush()
return deflated
def inflate(data):
decompress = zlib.decompressobj(
-zlib.MAX_WBITS
)
inflated = decompress.decompress(data)
inflated += decompress.flush()
return inflated
def dectongdaxin(decoded_data):
orig= inflate(decoded_data[2:])
return orig
def enctongdaxin(data):
orig= deflate(data,6)
crc=0
crc = zlib.adler32(data) & 0xffffffff
return bytes.fromhex('789C')+orig+crc.to_bytes(4, byteorder="big")
It's very simple, if you are interested, you can try to decrypt it yourself.
02
—
Finish
The decryption method of long connection data is introduced here. If you have any questions about application traffic decryption, you can talk to me. If you have any strange things, you can also give me a look and make friends. I have unlocked a lot of games and applications recently, so boring.
Don't forget to click "Looking", "Like" and "Share"
The new rule, to receive tweets in time, you must first star the official account
Don't forget to star or you will miss out
Long press to follow and communicate all the time.