Skip to content
This repository has been archived by the owner on Sep 24, 2021. It is now read-only.

又双叒 更新了 #21

Open
gg11011011 opened this issue Apr 30, 2020 · 25 comments
Open

又双叒 更新了 #21

gg11011011 opened this issue Apr 30, 2020 · 25 comments

Comments

@gg11011011
Copy link

callback: jQuery110208448685595287795_1588213215377
fpdm: 011001600211
fphm: 12412412
r: 0.5140375363656053
v: V2.0.03_001
nowtime: 1588215652582
publickey: 0E4A6CDDAFCC4687986D13F2027E2B50
key9: e2243655225930a88366a5c0c20e753c
_: 1588213215390
flwq39: WfuTVayxbBZFRcuVwLn1tEkN98Rl2GFfR5n6qeJ9K17djSc14EN7o8grOnF21Vikhrcvxyp8Lz89znRqkOL79rAixP9qllQGVC639L18ZVymI3La97FrcvY3PRcNEAFpExoFhu6+06yBP8Q4epeoDByXvY02vgcpVwgyRNBjELA=
@gg11011011
Copy link
Author

key9:
yuqet.js 里的
$[_0x3c85('0x29')]['cy'] = function(_0x4caced, _0x22f8eb, _0xa37456)

$[_0x3c85('0x29')][_0x3c85('0x2a')] = function(_0x5db4e8, _0x53ad84, _0x11f8e9)

@BB-fat
Copy link
Owner

BB-fat commented Apr 30, 2020

我吐了,我严重怀疑他们在看我们,我们刚搞出来他们就加一个签名

@carrytameng
Copy link

哈,我刚准备问key9哪来的

@carrytameng
Copy link

这页面里的js复杂度是我人生中见过最复杂的

@xmcheng
Copy link

xmcheng commented Apr 30, 2020

加油,持续搞定他

@gg11011011
Copy link
Author 

public static String key9(String key1, String key2, String yzmSj){
    String k = key1 + key2;
    String kk = key1+key2+key2+key1;
    String kkk = key1+key1+key2+key1+key2+key2 ;
    String one = "123456" + chuyu(k, Integer.valueOf(key2)%2);
    String six = "654321" + chuyu(kk,Integer.valueOf(key2)%2);
    String ko =  toK(kkk);
    String[] chars = ko.split("");

    TreeSet<String> treeSet = new TreeSet();
    for (String s : chars) {
        treeSet.add(s);
    }
    //把treeSet拼接成字符串
    ko = "";
    for (String s : treeSet) {
        ko += s;
    }



    k = toK(k.substring(0,8)) + toK(k.substring(8));
    kk = toK(kk.substring(0,9)) +toK(kk.substring(9,17)) +toK(kk.substring(17));
    kkk = toK(kkk.substring(0,15)) +toK(kkk.substring(15,30)) +toK(kkk.substring(30));

    System.out.println(k);
    System.out.println(kk);
    System.out.println(kkk);

    System.out.println(ko);
    System.out.println(one);
    System.out.println(six);
    String k3 = encrypt(    encrypt(ko)+ ko.length()*7 +
            gen( toSub(ko) ,  encode(toSub(ko) ))
            ).toUpperCase();

    System.out.println(encrypt(encrypt(yzmSj) + yzmSj.length() * 7 +
            gen(toSub(yzmSj), encode(toSub(yzmSj)))
    ).toUpperCase());
    System.out.println(k3);
    String k4 = encrypt(key1) + encrypt(key2) + encrypt(yzmSj) + encrypt(k) +encrypt(kk) +encrypt(kkk)
            + encrypt(one) +encrypt(six) +encrypt(k3) + kkkkk(k,kk,kkk,one);
    System.out.println(k4);
    String k5 =  k4 +  kkkkk(one,six,key1,yzmSj) +
            encrypt(    encrypt(yzmSj)+ yzmSj.length()*7 +
                    gen( toSub(yzmSj) ,  encode(toSub(yzmSj) ))
            ).toUpperCase();
    System.out.println(k5);
    String k6 = encrypt(  k5 +encrypt(key1) + encrypt(key2) + encrypt(yzmSj)  )   ;

    System.out.println(k6);
    return k6;

}
public static String toK(String k ){
    char [] arr = k.toCharArray();
    Arrays.sort(arr);
    String sortedStr=new String(arr);  //加上这句
    return sortedStr;
}

public static String chuyu(String k , int i ){
    String str = "";
    char [] arr = k.toCharArray();
    for (char s : arr) {
       if( s % 2  == i ){
           str += s;
       }

    }
    return str;
}


public static String kkkkk(String k1,String k2,String k3,String k4){
    return  encrypt(     encrypt(k1)+ k2.length()*7  +  gen( toSub(k3)  ,encode( toSub(k4)) )  ).toUpperCase();
}
public static String gen(String n, String c) {
    String d = encrypt(n);
    String i = encrypt(n) + c;
    String h = "402880bd5c76101f015c903ee811504e";
    return encrypt(d + i + h + n.trim().length()).toUpperCase();
}

@BB-fat
Copy link
Owner

BB-fat commented Apr 30, 2020

我天,你也太快了,你是魔鬼吧😃

@qianshui1
Copy link 

public static String key9(String key1, String key2, String yzmSj){
    String k = key1 + key2;
    String kk = key1+key2+key2+key1;
    String kkk = key1+key1+key2+key1+key2+key2 ;
    String one = "123456" + chuyu(k, Integer.valueOf(key2)%2);
    String six = "654321" + chuyu(kk,Integer.valueOf(key2)%2);
    String ko =  toK(kkk);
    String[] chars = ko.split("");

    TreeSet<String> treeSet = new TreeSet();
    for (String s : chars) {
        treeSet.add(s);
    }
    //把treeSet拼接成字符串
    ko = "";
    for (String s : treeSet) {
        ko += s;
    }



    k = toK(k.substring(0,8)) + toK(k.substring(8));
    kk = toK(kk.substring(0,9)) +toK(kk.substring(9,17)) +toK(kk.substring(17));
    kkk = toK(kkk.substring(0,15)) +toK(kkk.substring(15,30)) +toK(kkk.substring(30));

    System.out.println(k);
    System.out.println(kk);
    System.out.println(kkk);

    System.out.println(ko);
    System.out.println(one);
    System.out.println(six);
    String k3 = encrypt(    encrypt(ko)+ ko.length()*7 +
            gen( toSub(ko) ,  encode(toSub(ko) ))
            ).toUpperCase();

    System.out.println(encrypt(encrypt(yzmSj) + yzmSj.length() * 7 +
            gen(toSub(yzmSj), encode(toSub(yzmSj)))
    ).toUpperCase());
    System.out.println(k3);
    String k4 = encrypt(key1) + encrypt(key2) + encrypt(yzmSj) + encrypt(k) +encrypt(kk) +encrypt(kkk)
            + encrypt(one) +encrypt(six) +encrypt(k3) + kkkkk(k,kk,kkk,one);
    System.out.println(k4);
    String k5 =  k4 +  kkkkk(one,six,key1,yzmSj) +
            encrypt(    encrypt(yzmSj)+ yzmSj.length()*7 +
                    gen( toSub(yzmSj) ,  encode(toSub(yzmSj) ))
            ).toUpperCase();
    System.out.println(k5);
    String k6 = encrypt(  k5 +encrypt(key1) + encrypt(key2) + encrypt(yzmSj)  )   ;

    System.out.println(k6);
    return k6;

}
public static String toK(String k ){
    char [] arr = k.toCharArray();
    Arrays.sort(arr);
    String sortedStr=new String(arr);  //加上这句
    return sortedStr;
}

public static String chuyu(String k , int i ){
    String str = "";
    char [] arr = k.toCharArray();
    for (char s : arr) {
       if( s % 2  == i ){
           str += s;
       }

    }
    return str;
}


public static String kkkkk(String k1,String k2,String k3,String k4){
    return  encrypt(     encrypt(k1)+ k2.length()*7  +  gen( toSub(k3)  ,encode( toSub(k4)) )  ).toUpperCase();
}
public static String gen(String n, String c) {
    String d = encrypt(n);
    String i = encrypt(n) + c;
    String h = "402880bd5c76101f015c903ee811504e";
    return encrypt(d + i + h + n.trim().length()).toUpperCase();
}

sixsixsixsix

@carrytameng
Copy link

为啥我试了还是 “系统异常,请重试!”,求教大神

@gg11011011
Copy link
Author

首先图片获取,大部分参数是不检验的,只有有参数,就能直接获取到 不知道你时哪里错误
发现 encrypt 其实是MD5 encode 是 base64
我读取信息的 publicKey 如下
public static String publicKey(String fpdm, String fphm, String yzmSj) {
String[] a = new String[]{"a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z"};
String[] b = new String[]{"0", "9", "2", "8", "4", "5", "6", "7", "3", "1"};
int c = Integer.valueOf(fpdm.substring(2, 3));
String d = a[Integer.valueOf(b[c])];
String e = encrypt(d + a[2] + "i" + encrypt(yzmSj));

    String f = encrypt(fphm + moveTo(fpdm.substring(0, 11)) + moveTo(e)) +
            encode(fphm + moveTo(encrypt(fphm + e.length())).toUpperCase()) +
            gen(fphm.substring(0, 2), (fpdm + e).length() * 7 + "").toUpperCase();
    f = encrypt(f);
    return f;
}

@liuzhisheng
Copy link 

public static String key9(String key1, String key2, String yzmSj){
    String k = key1 + key2;
    String kk = key1+key2+key2+key1;
    String kkk = key1+key1+key2+key1+key2+key2 ;
    String one = "123456" + chuyu(k, Integer.valueOf(key2)%2);
    String six = "654321" + chuyu(kk,Integer.valueOf(key2)%2);
    String ko =  toK(kkk);
    String[] chars = ko.split("");

    TreeSet<String> treeSet = new TreeSet();
    for (String s : chars) {
        treeSet.add(s);
    }
    //把treeSet拼接成字符串
    ko = "";
    for (String s : treeSet) {
        ko += s;
    }



    k = toK(k.substring(0,8)) + toK(k.substring(8));
    kk = toK(kk.substring(0,9)) +toK(kk.substring(9,17)) +toK(kk.substring(17));
    kkk = toK(kkk.substring(0,15)) +toK(kkk.substring(15,30)) +toK(kkk.substring(30));

    System.out.println(k);
    System.out.println(kk);
    System.out.println(kkk);

    System.out.println(ko);
    System.out.println(one);
    System.out.println(six);
    String k3 = encrypt(    encrypt(ko)+ ko.length()*7 +
            gen( toSub(ko) ,  encode(toSub(ko) ))
            ).toUpperCase();

    System.out.println(encrypt(encrypt(yzmSj) + yzmSj.length() * 7 +
            gen(toSub(yzmSj), encode(toSub(yzmSj)))
    ).toUpperCase());
    System.out.println(k3);
    String k4 = encrypt(key1) + encrypt(key2) + encrypt(yzmSj) + encrypt(k) +encrypt(kk) +encrypt(kkk)
            + encrypt(one) +encrypt(six) +encrypt(k3) + kkkkk(k,kk,kkk,one);
    System.out.println(k4);
    String k5 =  k4 +  kkkkk(one,six,key1,yzmSj) +
            encrypt(    encrypt(yzmSj)+ yzmSj.length()*7 +
                    gen( toSub(yzmSj) ,  encode(toSub(yzmSj) ))
            ).toUpperCase();
    System.out.println(k5);
    String k6 = encrypt(  k5 +encrypt(key1) + encrypt(key2) + encrypt(yzmSj)  )   ;

    System.out.println(k6);
    return k6;

}
public static String toK(String k ){
    char [] arr = k.toCharArray();
    Arrays.sort(arr);
    String sortedStr=new String(arr);  //加上这句
    return sortedStr;
}

public static String chuyu(String k , int i ){
    String str = "";
    char [] arr = k.toCharArray();
    for (char s : arr) {
       if( s % 2  == i ){
           str += s;
       }

    }
    return str;
}


public static String kkkkk(String k1,String k2,String k3,String k4){
    return  encrypt(     encrypt(k1)+ k2.length()*7  +  gen( toSub(k3)  ,encode( toSub(k4)) )  ).toUpperCase();
}
public static String gen(String n, String c) {
    String d = encrypt(n);
    String i = encrypt(n) + c;
    String h = "402880bd5c76101f015c903ee811504e";
    return encrypt(d + i + h + n.trim().length()).toUpperCase();
}

这部分有js吗?

@carrytameng
Copy link

前面获取图片、数据解码都OK的,就最后提交vatQuery接口请求,一直报“系统异常,请重试!”,很难找到是哪个参数不行

@BB-fat
Copy link
Owner

BB-fat commented May 6, 2020

@carrytameng 你用Chrome抓一下包,对比分析一下参数呗,flwq39每次都不一样,但是别的应该差不多。

@ruanzupan
Copy link

前面获取图片、数据解码都OK的,就最后提交vatQuery接口请求,一直报“系统异常,请重试!”,很难找到是哪个参数不行

我用selenium来自动测试也是报这个错,我用的Chrome 81.0 ,而后我换成它官方推荐的Chrome 55之后就可以查询了,同一张发票。你可以试试 request post的时候改一下 user-agent试试看吧,我没测试。

@BB-fat
Copy link
Owner

BB-fat commented May 7, 2020

Webdriver行不通,因为它4月更新有反自动化的东西,会识别webdriver

@ruanzupan
Copy link

Webdriver行不通,因为它4月更新有反自动化的东西,会识别webdriver

好吧,难怪好好的突然怎么就用不了了,原来反爬了。

@ruanzupan
Copy link

Webdriver行不通,因为它4月更新有反自动化的东西,会识别webdriver

把window.navigator.webdriver值改成undefined之后可以破解它的反自动化爬取,页面上有能正确查询发票,但是我用mimtdump脚本抓取到response.text的时候,返回的数据确是一堆字母,形如下:{"data": "QTdCJTRya2V5NSUyMiFzQSUyNjAwMSFyMiUyJyUyMmgleTIlNjIlM0VlMjIwQUUyJTt5JUExNjAxOTZ5MjQlITIlODplQTElITUlOEJlOTclITUlQUFlODElITclQTFlQkElITUlQjplQkYlITclOTJlQjUlITUlQUJlOTAlITclQTxlOTElITYlOEVlODAlITYlOUNlODklITklOTplOTAlITUlODFlQUMlITUlOEBlQjglITIlODplQTE5NTQ1MDVwMzMzNDY1OTJzMFclITIlODplQTElITUlOEJlOTclITUlQUFlODElITUlQjtlODIlITklOUJlOTIlITclQTxlODAlITUlOENlQkElITYlOTtlOUYlITYlQjplOTYlITglQjxlQUYlITUlOEJlOTclITQlQkVlOEMlITklODxlOEMzQUU1JTsGJUI3QUU2JTp4JTlGQUU2JUR5JTk2QUU3JUQCJUJDQUU1JTpwJTg4QUU2JUV1JUJDQUU1JTt1JUFEQUU2JUV1JUJDMjAyJUF1JThGQUI3JTRwJTIwNDc3MS91MzAxMTg1JUFyJTg5QUExJUF0JUI4QUFEJUF1JTlCQUJEJUF1JUJCQUJBJUF4JUFFQUJFJUF5JTkzQUI2JUF4JUExQThDJUF4JTgyQUExJUF0JUJCQUJEJUF2JTlDQTg5JUF5JTk5QTkwJUF1JTg1QUFDJUF1JThGQUI4JUF1JThEQTk3JUF1JUFFQTgxJUF2JUIwQUI4JUF2JTk2QUIwJUF2JTk0QUFGJUF4JUExQThDJTRwJTIwQTIwNDFwMDE2NDQ3NztwNTI1NDAyMDtlRTIlLDklQTVlRTglJTUlQkBlRTUlJUUlODplRTUlJkMlODZlRTUlLDUlODNlRTclLTQlQjFlRTUlJUQlOTZlRTUlJUUlOUFlRTQlJjglOUVlRTYlLUMlODplRTklLTklOTZlRTUlLDUlQUNlRTUlLEYlQjtlRTIlLDklQTV5MTYxNDExM1tyMzkxMDU4NTZlRTIlLDklQTVlRTglJTUlQkBlRTUlJUUlODplRTUlJjglODRlRTklLUIlODVlRTclJkYlOTJlRTglJjclQUB5OSVFMSU4RiECNyVFMCVCQSEBNCVFMSVBNCEBNyVFMyVBNyF5MSVFMiU4QSF4MCVFMSU5QiEBRCVFMSVCQyF4MCVFMSU4NSF4MyVFMSVBRCECNSVFMSU4QyF5NiVFMSU5OSEBOEElITUlOENlQkEzQUU2JUV1JUJDQUU0JUR4JTg5QUU1JURxJTgyQTIwMDR5LTgzNzk2MDt4JUUyQTg5JUVxJUU2QThCJToCJUU1QTk1JTt2JUU5QTkzJUR2JUU4QUExJTsDJUU4QUE1JUQGJUU1QUFFJTt5JUU4QUE1JUQGJUU1QUJEJURxJUU4QUI3JUUGJUU2QTk0JUUGJUU4QUExJTsDJTIwNjkzODtwMDcwLDEwMDZxJUUyQTg5JUVxOTEyMjEuMDBlRTIlLDklQTVxMTg2Ny45NCEFMiU4LSVBMTVwMzEyMSVFMiF4OSVBNSVFMiF4OSVBNTY2MTFzMjkyMTg3MSEFMiU4LSVBMTZlRTIlLDklQTV3NTUzMTMzNTJ3MzI2Mzg4NTNzNiVFNiU4OSEBMU4lITIlODplQTE5LSUyMiFyQyUyNmtleTNlMjIlN0ElMjRqJUU2QTk1JTp5JUU1QUFEJUV2JUU0QUI4JTpzJUU3QTk0JUV4JUU0QUJCJUUBJUU1QTk5JUV4KiVFMyU4OSEBOSVFLCU4MSF5NCVFMyVCRCF5MSVFMSU4MSF5QyVFLCVCRCEBNiVFMyVBRSEBMSVFMyU5MCF4NiVFMyVCMyECQiVFMyVCQiF5RiVFNiU5NiF4OEtZDk5ILTZ3LTMlITIlOTBlODglITUlQTFlOTclITIlOTBlODgxQUUyJTp2JTg4MjYzNzVuNjgxMDE1OTR5MjAzMTQwJUFyJTk2QTg4NjBzNzEuMjglRTRlOTYlLDgxMy5wJUUyQTk2JTt4ODYyLC4zMiEFMiU5MiU4ODVwOTA2NTQ5OTZwMDAwNDAwMDZlRTIlLDklQTVqJUU2QTk1JTp5JUU1QUFEJUV2JUU0QUI4JTpzJUU3QTk0JUV4JUU0QUJCJUUBJUU1QTk5JUV4KiVFMSU4NSF4OSVFMyVCQyF4NiVFMSVCMSF5NSVFMyVBNCECQSVFMiU5RiF5QyVFNiU5NiF4OEtZF1laLTZxLTEyOTIlRTRlOTYlLDglRTFlOEYlJjAlRTRlOTYlLDgxJUFyJTk2QTg4ODR5Ni40MjAxNzB5OTExMTA0NDRlRTIlLTYlODt4Mjk2OjQ2JUFyJTk2QTg4MTNuMCVFNiU5NiF4ODEwMzguNTJlRTIlLTYlODtxMDkwMjE0OTpwMDAwNDAwMDZwJUUyQTg5JUVxKiVFMiU5NSF5OSVFMSVBRCEBNiVFMCVCOCF5MyVFMyU5NCEBOCVFMCVCQiEBQSVFMSU5OSEBOColITklODFlOEQlITQlQkRlQjYlITUlQjVlOTUlITclQTJlQkElITYlOUBlOUMlITIlOTBlODhLDVNZWi9wMS0xNi0zJUFyJTk2QTg4JUF1JThGQUIwJUFyJTk2QTg4MSEFMiU5MiU4ODtyOTYuMDYwMTx2OTkxNTUwNDJyJUUyQTk2JTt4ODI5Mi40NiEFMiU5MiU4ODVzLjAlITIlOTBlODgxNDc4LjF0JUUyQTk2JTt4MTA5NDYxNDp5MDAwNDAwMDZwMCVFNiU4OSEBMSolITYlOTFlOTklITUlQUJlQTYlITQlQjtlOTMlITclOTJlQTglITQlQkRlQUElITUlOTplQTgqQUU1JUR3JUE1QUU1JTt1JUI3QUU1JURxJTk1QUU3JUV0JUJBQUU2JToGJTlDQUUyJTp2JTg4H1lTWVltMDEtNTItNCEFMiU5MiU4OCEFNSU4IiVCMCEFMiU5MiU4ODVlRTIlLTYlODt4Mjk2OjQ2MDV3Njk5NTE1MDJ0MiVFNiU5NiF4ODgyLTYuNDBlRTIlLTYlODtxMy4wQUUyJTp2JTg4NTA3OC51NCVFNiU5NiF4ODEwLTA2MTJ5OTAwNDAwMDZwMDAlNjIlMkNlMjJrAXk0JTRyJTNBQTIyJTRyJTJDQTIya2E5NSUyNiUzQSFyMjElNjIlN0J="},所以这个就是你们说的那个flwq39加密吗?

@BB-fat
Copy link
Owner

BB-fat commented May 7, 2020

flwq39那个是请求时候的签名,服务端校验之后决定是否正常返回,你这个data是正常返回之后的加密数据,需要解密,之前验证码返回的data加密我已经破解过了,这个不确定和验证码那里的是不是一样,估计这破网站的尿性,应该是不一样的算法。

@modem1024k
Copy link

我用你的yzm.py,返回是这个InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
InsecureRequestWarning)
({'key1': 'errv', 'key2': '', 'key3': '', 'key4': ''}, <requests.sessions.Session object at 0x00000238E3C658D0>),这个需要如何处理?请指教,谢谢

@modem1024k
Copy link

你的程序发的内容是:GET https://fpcy.anhui.chinatax.gov.cn/NWebQuery/yzmQuery?callback=jQuery1102045870758052653293_1581247300793&fpdm=034151900111&fphm=00867099&r=0.2992333402900412&v=V2.0.02_002&nowtime=1589423189354&area=3400&publickey=EA6378C03A420E78059707B76ECEF8FC HTTP/1.1
Host: fpcy.anhui.chinatax.gov.cn
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36
Accept-Encoding: gzip, deflate
Accept: /
Connection: keep-alive
正确的包内容是
GET https://fpcy.anhui.chinatax.gov.cn/NWebQuery/yzmQuery?callback=jQuery11020530547570930477_1589423009798&fpdm=034151900111&fphm=00867099&r=0.7243047684178852&v=V2.0.03_002&nowtime=1589423135474&publickey=EF362E19350D49B44E7B65F34CB6505D&key9=a6950f0477a490c89fdcbcf7eaa7ef6a&_=1589423009800&flwq39=Dg%2BnbyFZbAeGHZR4JN%2FoTCoMVZiDDH9bM6NlMzyNbOOE9wk36%2Fm5nJ6b2CDzoag4A8WFnCxLI78XSTczrqvXCE9YHGqXhUCNfRz9s%2BNwQXwv5LAAnV9aoUaM4LkuRqInTu86qMFS61sihSFdABUFdzv2FoxNT7yj8KWhL6HRYIU%3D HTTP/1.1
Host: fpcy.anhui.chinatax.gov.cn
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36
Accept: /
Referer: https://inv-veri.chinatax.gov.cn/index.html
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Cookie: yfx_c_g_u_id_10000056=_ck20042108535617612651191767091; yfx_f_l_v_t_10000056=f_t_1587430436734__r_t_1587430436734__v_t_1587430436734__r_c_0; yfx_mr_10000056=%3A%3Amarket_type_free_search%3A%3A%3A%3Abaidu%3A%3A%3A%3A%3A%3A%3A%3Awww.baidu.com%3A%3A%3A%3Apmf_from_free_search; yfx_mr_f_10000056=%3A%3Amarket_type_free_search%3A%3A%3A%3Abaidu%3A%3A%3A%3A%3A%3A%3A%3Awww.baidu.com%3A%3A%3A%3Apmf_from_free_search; yfx_key_10000056=; JSESSIONID=ZOcQ6QA7D6jri_Bdtg7wpASMM_aY3_X9THJuIebQJWbjVKrkLU-m!-498538042; fpcyhhbc=49228713

是不是必须要有cookie才可以?请指教

@BB-fat
Copy link
Owner

BB-fat commented May 14, 2020

和cookie没有关系,前端时间更新了两个签名flwq39key9其中flwq39我已经破解完成了,但是目前只有js版本的,没有加到python里,key9还没有时间破解。

@modem1024k
Copy link

明白了,谢谢,只能用selenium来查发票,就是速度很慢

@TongJin123
Copy link 

public static String key9(String key1, String key2, String yzmSj){
    String k = key1 + key2;
    String kk = key1+key2+key2+key1;
    String kkk = key1+key1+key2+key1+key2+key2 ;
    String one = "123456" + chuyu(k, Integer.valueOf(key2)%2);
    String six = "654321" + chuyu(kk,Integer.valueOf(key2)%2);
    String ko =  toK(kkk);
    String[] chars = ko.split("");

    TreeSet<String> treeSet = new TreeSet();
    for (String s : chars) {
        treeSet.add(s);
    }
    //把treeSet拼接成字符串
    ko = "";
    for (String s : treeSet) {
        ko += s;
    }



    k = toK(k.substring(0,8)) + toK(k.substring(8));
    kk = toK(kk.substring(0,9)) +toK(kk.substring(9,17)) +toK(kk.substring(17));
    kkk = toK(kkk.substring(0,15)) +toK(kkk.substring(15,30)) +toK(kkk.substring(30));

    System.out.println(k);
    System.out.println(kk);
    System.out.println(kkk);

    System.out.println(ko);
    System.out.println(one);
    System.out.println(six);
    String k3 = encrypt(    encrypt(ko)+ ko.length()*7 +
            gen( toSub(ko) ,  encode(toSub(ko) ))
            ).toUpperCase();

    System.out.println(encrypt(encrypt(yzmSj) + yzmSj.length() * 7 +
            gen(toSub(yzmSj), encode(toSub(yzmSj)))
    ).toUpperCase());
    System.out.println(k3);
    String k4 = encrypt(key1) + encrypt(key2) + encrypt(yzmSj) + encrypt(k) +encrypt(kk) +encrypt(kkk)
            + encrypt(one) +encrypt(six) +encrypt(k3) + kkkkk(k,kk,kkk,one);
    System.out.println(k4);
    String k5 =  k4 +  kkkkk(one,six,key1,yzmSj) +
            encrypt(    encrypt(yzmSj)+ yzmSj.length()*7 +
                    gen( toSub(yzmSj) ,  encode(toSub(yzmSj) ))
            ).toUpperCase();
    System.out.println(k5);
    String k6 = encrypt(  k5 +encrypt(key1) + encrypt(key2) + encrypt(yzmSj)  )   ;

    System.out.println(k6);
    return k6;

}
public static String toK(String k ){
    char [] arr = k.toCharArray();
    Arrays.sort(arr);
    String sortedStr=new String(arr);  //加上这句
    return sortedStr;
}

public static String chuyu(String k , int i ){
    String str = "";
    char [] arr = k.toCharArray();
    for (char s : arr) {
       if( s % 2  == i ){
           str += s;
       }

    }
    return str;
}


public static String kkkkk(String k1,String k2,String k3,String k4){
    return  encrypt(     encrypt(k1)+ k2.length()*7  +  gen( toSub(k3)  ,encode( toSub(k4)) )  ).toUpperCase();
}
public static String gen(String n, String c) {
    String d = encrypt(n);
    String i = encrypt(n) + c;
    String h = "402880bd5c76101f015c903ee811504e";
    return encrypt(d + i + h + n.trim().length()).toUpperCase();
}

key9应该是 _0x3f04ae['prototype']['yzm'] = function(_0x30e042, _0x46d655, _0xd57abe) 这个函数吧?

@modem1024k
Copy link

这个文章好像能完美解决key问题https://blog.csdn.net/qq_35228149/article/details/106818057

@digtial
Copy link

digtial commented Nov 26, 2020

我做成服务接口,见https://blog.csdn.net/Open_CV_NLP/article/details/109828259

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
10 participants
@liuzhisheng @carrytameng @xmcheng @gg11011011 @ruanzupan @TongJin123 @qianshui1 @BB-fat @modem1024k @digtial