xhs sessionid searchid|算法分析
之前写过一篇
session_id search_id
加密算法分析文章,本次来说一说加密逻辑java
还原python
long v9 = System.currentTimeMillis(); long v4 = (long)(Math.random() * NaN); byte[] v7 = new byte[16]; long v9_1 = v9 & 0x7FFFFFFFFFFFFFFFL; long v4_1 = v4 & 0x7FFFFFFFFFFFFFFFL; int v8; for(v8 = 0; v8 <= 7; ++v8) { int v6 = 56 - (v8 << 3); v7[v8] = (byte)(((int)(v9_1 >>> v6))); v7[v8 + 8] = (byte)(((int)(v4_1 >>> v6))); } String v1 = new BigInteger(v7).toString(36);
主要逻辑是,获取时间戳,循环 8 次,每次都会进行无符号移位,最后在转成长整数去 36 进制字符串
v9 = int(time.time() * 1000) v4 = 0 v7 = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0] v9_1 = v9 & 0x7FFFFFFFFFFFFFFF v4_1 = v4 & 0x7FFFFFFFFFFFFFFF
for i in range(8): v6 = 56 - (i << 3) v7[i] = unsigned_right_shitf(v9_1, v6) v7[i + 8] = unsigned_right_shitf(v4_1, v6)
python
里没有无符号运算符,需要自己去写这个逻辑import ctypes def int_overflow(val): maxint = 2147483647 if not -maxint - 1 <= val <= maxint: val = (val + (maxint + 1)) % (2 * (maxint + 1)) - maxint - 1 return val def unsigned_right_shitf(n, i): # 数字小于0,则转为32位无符号uint if n < 0: n = ctypes.c_uint32(n).value # 正常位移位数是为正数,但是为了兼容js之类的,负数就右移变成左移好了 if i < 0: return -int_overflow(n << abs(i)) # print(n) return int_overflow(n >> i)
bytes_array = bytes(i % 256 for i in v7) bytes_to_int = int.from_bytes(bytes_array, byteorder='big', signed=False)
iv = [21, 1, 21, 5, 4, 15, 7, 9, 23, 3, 1, 6, 8, 12, 13, 91] iv_byte = bytes(i % 256 for i in iv)
def base36_encode(number): num_str = '0123456789abcdefghijklmnopqrstuvwxyz' if number == 0: return '0' base36 = [] while number != 0: number, i = divmod(number, 36) base36.append(num_str[i]) return ''.join(reversed(base36)) print(base36_encode(bytes_to_int))
到此代码就还原完成,运行一切正常,结果也出来了
更多精彩内容,源码文件下载等,原文链接,博主个人站点:http://www.qinless.com/275