2024.07.17百度旋转验证码协议分析(python纯算法)

见贤思齐

目的：学习一下大厂js算法接口调用位置：bd站长工具提交收录先看结果接口分析：1.拉取验证码接口：cap/styleak、tk2个参数可能是加密生成，ak静态页面写死的。猜测是用于区分接口调用来源。我习惯触发接口前清空网络请求列表，所以tk参数搜索没有搜到。单步调式了一下。发现是读取的接口的返回值，由init接口返回。"tk":"5189HXyp3xmZLSqXoijKAJxe/qe3ocyVykP45WrCKc9x4L4VIMLyv1W/+G+OMThzACPoMfJ9peZRb94pYtcMA67sPbRMAakOVrZFHWOniqy2At2BFzZ7rBgDesS0zYoucky2aSMaqOMQSG6oDc9H0I/SO+25xsRDLW/Ebm9+bb4vflE=","as":"63c4261c",2.分析验证接口_:2024-07-17T09:42:14.681Zrefer:https://ziyuan.baidu.com/linksubmit/indexak:ecufIZkFOt4DBhoSHZDu3qWRqrP3kZRfas:63c4261cscene:searchtk:5189HXyp3xmZLSqXoijKAJxe/qe3ocyVykP45WrCKc9x4L4VIMLyv1W/+G+OMThzACPoMfJ9peZRb94pYtcMA67sPbRMAakOVrZFHWOniqy2At2BFzZ7rBgDesS0zYoucky2aSMaqOMQSG6oDc9H0I/SO+25xsRDLW/Ebm9+bb4vflE=ver:2cv:submittypeid:spin-0fuid:FOCoIC3q5fKafs:guqeBcPx6GJ9KdoGEfNotVbUovP7mORGFiZKLHBt60QdcMr+Pv3v7xN1u6vdsO7EenBia8+mQ57+0cCZ7OFt0OR2Zz5PdBtWJc7ySoULJoAO解决fuid和fs即可2.1 fuid:搜索一下很好找进入U函数：AES-ECB-128-PKCS7#python实现对应算法key="FfdsnvsootJmvNfl"defAES_ECB_ENCRYPT(data,key):cipher=AES.new(key,AES.MODE_ECB)ciphertext=cipher.encrypt(pad(data,AES.block_size))ciphertext_base64=base64.b64encode(ciphertext).decode('utf-8')print(ciphertext_base64)returnciphertext_base642.2 fs生成逻辑：AES-ECB-128注意填充模式key的位置：#python还原上面逻辑ifas1[-1]in["A","B","C","D","E","F","G","a","b","c","d","e","f","g"]:k=hashlib.md5(f"{as1}appsapi2".encode('utf-8')).hexdigest()elifas1[-1]in["5","6","7","8","9"]:k=keccak.new(digest_bits=512)k.update(f"{as1}appsapi2".encode('utf-8'))k=k.hexdigest()elifas1[-1]in['0','1','2','3','4']:k=keccak.new(digest_bits=256)k.update(f"{as1}appsapi2".encode('utf-8'))k=k.hexdigest()else:raiseException("未知加密方式")newkey=k[0:16]python还原fs生成算法3.提交验证结果想要源码的留言吧（纯python实现没有扣js）