一、xhr请求流分析

  • XHR截图
  • get_challenge 请求分析

    • 时间戳1比时间戳2早
    • 账号、IP正常填写

  • srun_portal 请求分析

  • 查看js分析请求过程:

    • 1.密码的加密:
        hmd5 = pwd(data.password, token); function pwd(d, k) {return md5(d, k);}

    md5 javascript代码见如下js文件里:

    • 2.info的加密:
 i = info({username: username,password: data.password,ip: (data.ip || response.client_ip),acid: data.ac_id,enc_ver: enc}, token);function info(d, k) {return "{SRBX1}" + $.base64.encode(xEncode(json(d), k));}

base64算法:

xencode算法也在all.min.js
json函数就是json格式化

function json(d) {return JSON.stringify(d);}
  • 3.chksum的加密:
    function chksum(d) {return sha1(d);}

sha1算法也在all.min.js

golang实现

通过otto库执行需要的js函数,避免重新手写加密耗时长

//main.go
package mainimport ("crypto/sha1""encoding/json""fmt""github.com/jinzhu/configor""io/ioutil""log""net/http""os""regexp""strconv""strings""time"
)type PostFields struct {Action      stringUsername    stringPassword    stringACid        intIp          stringChksum      stringInfo        stringN           inttype_       intos          stringname        stringDoubleStack int
}type Challenge struct {Username stringIp       string
}type CFG struct {Account stringPasswd stringIp string
}var cfg= &CFG{}
var timeMs int
var cookie string
func (cg *CFG)LoadYml(){err := configor.Load(cg, "./config.yml")if err != nil {log.Printf("conf load failed, err is: %v\n", err)}log.Printf("cfg is: %v\n", cfg)
}
func main() {cfg.LoadYml()CreatVM()for {postValues := &PostFields{Action:      "login",Username:    cfg.Account,Password:    cfg.Passwd,ACid:        1,Ip:          cfg.Ip,Chksum:      "",Info:        "",N:           200,type_:       1,os:          "Windows 10",name:        "Windows",DoubleStack: 0,}//获取tokenchallenge := getChallenge()token := challenge//token := "28101732b5c8810d90dc4404079edb317a59932d52ac851a2a2aed6505655d5c"time.Sleep(time.Second)//获取postValue的info字段postValues.Info = generateInfo(postValues, token)fmt.Println(postValues.Info)//获取密码token加密md5值hmd5 := getHmd5(postValues.Password, token)chkStr := getChkStr(token, hmd5, postValues)postValues.Chksum = getChkSumUseSha1(chkStr)//postValues.Chksum = getChkSum(chkStr)//portal认证resp := srunPortal(postValues)fmt.Println(resp)if SuccessLogin(resp) {fmt.Println("登陆成功!")getDetails()break} else {fmt.Println("登陆失败!")getDetails()//rand.Intn(5)time.Sleep( 5* time.Second)}}}func SuccessLogin(resp string) bool {if len(resp) < 2 {return false}reg := regexp.MustCompile(`"error":"(.*?)",`)if reg.FindStringSubmatch(resp)[1] == "ok" {return true} else {return false}
}func getChkSumUseSha1(str string) string {res := ""sum := sha1.Sum([]byte(str))for _, v := range sum {res += fmt.Sprintf("%x", v)}return res
}func srunPortal(datas *PostFields) string {url := "https://gw.buaa.edu.cn/cgi-bin/srun_portal"req, err := http.NewRequest("GET", url, nil)if err != nil {log.Print(err)os.Exit(1)}q := req.URL.Query()q.Add("callback", "jQuery112404477632700586378_"+strconv.Itoa(timeMs))q.Add("_", strconv.Itoa(timeMs+2))q.Add("action", datas.Action)q.Add("username", datas.Username)q.Add("password", datas.Password)q.Add("ac_id", strconv.Itoa(datas.ACid))q.Add("ip", datas.Ip)q.Add("chksum", datas.Chksum)q.Add("info", datas.Info)q.Add("n", strconv.Itoa(datas.N))q.Add("type", strconv.Itoa(datas.type_))q.Add("os", datas.os)q.Add("name", datas.name)q.Add("double_stack", strconv.Itoa(datas.DoubleStack))req.URL.RawQuery = q.Encode()req.Header.Set("Cookie", cookie)req.Header.Set("Connection", "keep-alive")//req.Header.Set("sec-ch-ua",`Not;A Brand";v="99", "Google Chrome";v="91", "Chromium";v="91`)//req.Header.Set("sec-ch-ua-mobile","?0")//req.Header.Set("Sec-Fetch-Dest","empty")//req.Header.Set("Sec-Fetch-Mode","cors")//req.Header.Set("Sec-Fetch-Site","same-origin")//req.Header.Set("X-Requested-With","XMLHttpRequest")req.Header.Set("User-Agent", "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36")fmt.Println(req.Header)fmt.Println(req.URL.String())// Output:// http://api.themoviedb.org/3/tv/popular?another_thing=foo+%26+bar&api_key=key_from_environment_or_flagvar resp *http.Responseresp, err = http.DefaultClient.Do(req)if err != nil {log.Print(err)}defer resp.Body.Close()result, _ := ioutil.ReadAll(resp.Body)fmt.Printf("[x] %v\n", string(result))return string(result)
}func getChkSum(str string) string {sum, err := Vm.Call("sha1", nil, str)if err != nil {fmt.Printf("sha1 failed with err:%v\n", err)panic("")}return sum.String()
}func getChkStr(token, hmd5 string, values *PostFields) string {var chkstr = token + values.Usernamechkstr += token + hmd5chkstr += token + strconv.Itoa(values.ACid)chkstr += token + values.Ipchkstr += token + strconv.Itoa(values.N)chkstr += token + strconv.Itoa(values.type_)chkstr += token + values.Infovalues.Password = "{MD5}" + hmd5return chkstr
}func generateInfo(postValue *PostFields, token string) string {jsonp, err := json.Marshal(&struct {Username string `json:"username"`Passwd   string `json:"password"`Ip       string `json:"ip"`Acid     string `json:"acid"`EncVer   string `json:"enc_ver"`}{Username: postValue.Username,Passwd:   postValue.Password,Ip:       postValue.Ip,Acid:     strconv.Itoa(postValue.ACid),EncVer:   "srun_bx1",})if err != nil {fmt.Printf("marshal json with err :%v", err)panic("")}//fmt.Printf("jsonp :%#v", string(jsonp))xEncodeValue, err := Vm.Call("xEncode", nil, string(jsonp), token)if err != nil {fmt.Printf("call xEncode failed with err :%v", err)log.Panic("")}base64EncodeValue, err := Vm.Call("base64encode", nil, xEncodeValue)if err != nil {fmt.Printf("call base64.encode failed with err :%v\n", err)}return "{SRBX1}" + base64EncodeValue.String()
}func getHmd5(password, token string) string {hdm5V, err := Vm.Call("md5", nil, password, token)if err != nil {panic(err)}return hdm5V.String()
}func getChallenge() string {url := "https://gw.buaa.edu.cn/cgi-bin/get_challenge"data := Challenge{Username: cfg.Account,Ip:       cfg.Ip,}req, err := http.NewRequest("GET", url, nil)if err != nil {log.Print(err)os.Exit(1)}q := req.URL.Query()timeMs = int(time.Now().UnixNano() / 1e6)q.Add("callback", "jQuery112404477632700586378_"+strconv.Itoa(timeMs))q.Add("_", strconv.Itoa(timeMs+1))q.Add("username", data.Username)q.Add("ip", data.Ip)req.URL.RawQuery = q.Encode()req.Header.Set("User-Agent", "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36")req.Header.Set("Connection", "keep-alive")//req.Header.Set("sec-ch-ua",`Not;A Brand";v="99", "Google Chrome";v="91", "Chromium";v="91`)//req.Header.Set("sec-ch-ua-mobile","?0")//req.Header.Set("Sec-Fetch-Dest","empty")//req.Header.Set("Sec-Fetch-Mode","cors")//req.Header.Set("Sec-Fetch-Site","same-origin")fmt.Println(req.URL.String())var resp *http.Responseresp, err = http.DefaultClient.Do(req)if err != nil {log.Print(err)}defer resp.Body.Close()result, _ := ioutil.ReadAll(resp.Body)fmt.Printf("[x] %v\n", string(result))cookie = strings.Split(resp.Header.Get("Set-Cookie"), ";")[0]fmt.Println("cookie", cookie)return findExg(string(result))
}func findExg(s string) string {reg := regexp.MustCompile(`"challenge":"(.*?)",`)return reg.FindStringSubmatch(s)[1]
}func getDetails() {url := "https://gw.buaa.edu.cn/cgi-bin/rad_user_info"req, err := http.NewRequest("GET", url, nil)if err != nil {log.Print(err)os.Exit(1)}q := req.URL.Query()time1 := int(time.Now().UnixNano() / 1e6)q.Add("callback", "jQuery112404477632700586378_"+strconv.Itoa(time1))q.Add("_", strconv.Itoa(time1+2))req.URL.RawQuery = q.Encode()req.Header.Set("User-Agent", "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36")req.Header.Set("Connection", "keep-alive")req.Header.Set("Cookie", cookie)//req.Header.Set("sec-ch-ua",`Not;A Brand";v="99", "Google Chrome";v="91", "Chromium";v="91`)//req.Header.Set("sec-ch-ua-mobile","?0")//req.Header.Set("Sec-Fetch-Dest","empty")//req.Header.Set("Sec-Fetch-Mode","cors")//req.Header.Set("Sec-Fetch-Site","same-origin")fmt.Println(req.URL.String())var resp *http.Responseresp, err = http.DefaultClient.Do(req)if err != nil {log.Print(err)}defer resp.Body.Close()result, _ := ioutil.ReadAll(resp.Body)fmt.Printf("[x] %v\n", string(result))
}

//ottoExec.go
package mainimport ("github.com/robertkrimen/otto""io/ioutil""log"
)var Vm *otto.Otto
func CreatVM(){bytes,err := ioutil.ReadFile("./main/all.min.js")if err != nil {log.Printf("read js failed with err : %v",err)panic("")}else{Vm = otto.New()_,err= Vm.Run(string(bytes))if err != nil {panic(err)}}
}
//all.min.js
//md5 v2.10.0
!function (n) {"use strict";function t(n, t) {var r = (65535 & n) + (65535 & t);return (n >> 16) + (t >> 16) + (r >> 16) << 16 | 65535 & r}function r(n, t) {return n << t | n >>> 32 - t}function e(n, e, o, u, c, f) {return t(r(t(t(e, n), t(u, f)), c), o)}function o(n, t, r, o, u, c, f) {return e(t & r | ~t & o, n, t, u, c, f)}function u(n, t, r, o, u, c, f) {return e(t & o | r & ~o, n, t, u, c, f)}function c(n, t, r, o, u, c, f) {return e(t ^ r ^ o, n, t, u, c, f)}function f(n, t, r, o, u, c, f) {return e(r ^ (t | ~o), n, t, u, c, f)}function i(n, r) {n[r >> 5] |= 128 << r % 32,n[14 + (r + 64 >>> 9 << 4)] = r;var e, i, a, d, h, l = 1732584193, g = -271733879, v = -1732584194, m = 271733878;for (e = 0; e < n.length; e += 16)i = l,a = g,d = v,h = m,g = f(g = f(g = f(g = f(g = c(g = c(g = c(g = c(g = u(g = u(g = u(g = u(g = o(g = o(g = o(g = o(g, v = o(v, m = o(m, l = o(l, g, v, m, n[e], 7, -680876936), g, v, n[e + 1], 12, -389564586), l, g, n[e + 2], 17, 606105819), m, l, n[e + 3], 22, -1044525330), v = o(v, m = o(m, l = o(l, g, v, m, n[e + 4], 7, -176418897), g, v, n[e + 5], 12, 1200080426), l, g, n[e + 6], 17, -1473231341), m, l, n[e + 7], 22, -45705983), v = o(v, m = o(m, l = o(l, g, v, m, n[e + 8], 7, 1770035416), g, v, n[e + 9], 12, -1958414417), l, g, n[e + 10], 17, -42063), m, l, n[e + 11], 22, -1990404162), v = o(v, m = o(m, l = o(l, g, v, m, n[e + 12], 7, 1804603682), g, v, n[e + 13], 12, -40341101), l, g, n[e + 14], 17, -1502002290), m, l, n[e + 15], 22, 1236535329), v = u(v, m = u(m, l = u(l, g, v, m, n[e + 1], 5, -165796510), g, v, n[e + 6], 9, -1069501632), l, g, n[e + 11], 14, 643717713), m, l, n[e], 20, -373897302), v = u(v, m = u(m, l = u(l, g, v, m, n[e + 5], 5, -701558691), g, v, n[e + 10], 9, 38016083), l, g, n[e + 15], 14, -660478335), m, l, n[e + 4], 20, -405537848), v = u(v, m = u(m, l = u(l, g, v, m, n[e + 9], 5, 568446438), g, v, n[e + 14], 9, -1019803690), l, g, n[e + 3], 14, -187363961), m, l, n[e + 8], 20, 1163531501), v = u(v, m = u(m, l = u(l, g, v, m, n[e + 13], 5, -1444681467), g, v, n[e + 2], 9, -51403784), l, g, n[e + 7], 14, 1735328473), m, l, n[e + 12], 20, -1926607734), v = c(v, m = c(m, l = c(l, g, v, m, n[e + 5], 4, -378558), g, v, n[e + 8], 11, -2022574463), l, g, n[e + 11], 16, 1839030562), m, l, n[e + 14], 23, -35309556), v = c(v, m = c(m, l = c(l, g, v, m, n[e + 1], 4, -1530992060), g, v, n[e + 4], 11, 1272893353), l, g, n[e + 7], 16, -155497632), m, l, n[e + 10], 23, -1094730640), v = c(v, m = c(m, l = c(l, g, v, m, n[e + 13], 4, 681279174), g, v, n[e], 11, -358537222), l, g, n[e + 3], 16, -722521979), m, l, n[e + 6], 23, 76029189), v = c(v, m = c(m, l = c(l, g, v, m, n[e + 9], 4, -640364487), g, v, n[e + 12], 11, -421815835), l, g, n[e + 15], 16, 530742520), m, l, n[e + 2], 23, -995338651), v = f(v, m = f(m, l = f(l, g, v, m, n[e], 6, -198630844), g, v, n[e + 7], 10, 1126891415), l, g, n[e + 14], 15, -1416354905), m, l, n[e + 5], 21, -57434055), v = f(v, m = f(m, l = f(l, g, v, m, n[e + 12], 6, 1700485571), g, v, n[e + 3], 10, -1894986606), l, g, n[e + 10], 15, -1051523), m, l, n[e + 1], 21, -2054922799), v = f(v, m = f(m, l = f(l, g, v, m, n[e + 8], 6, 1873313359), g, v, n[e + 15], 10, -30611744), l, g, n[e + 6], 15, -1560198380), m, l, n[e + 13], 21, 1309151649), v = f(v, m = f(m, l = f(l, g, v, m, n[e + 4], 6, -145523070), g, v, n[e + 11], 10, -1120210379), l, g, n[e + 2], 15, 718787259), m, l, n[e + 9], 21, -343485551),l = t(l, i),g = t(g, a),v = t(v, d),m = t(m, h);return [l, g, v, m]}function a(n) {var t, r = "", e = 32 * n.length;for (t = 0; t < e; t += 8)r += String.fromCharCode(n[t >> 5] >>> t % 32 & 255);return r}function d(n) {var t, r = [];for (r[(n.length >> 2) - 1] = void 0,t = 0; t < r.length; t += 1)r[t] = 0;var e = 8 * n.length;for (t = 0; t < e; t += 8)r[t >> 5] |= (255 & n.charCodeAt(t / 8)) << t % 32;return r}function h(n) {return a(i(d(n), 8 * n.length))}function l(n, t) {var r, e, o = d(n), u = [], c = [];for (u[15] = c[15] = void 0,o.length > 16 && (o = i(o, 8 * n.length)),r = 0; r < 16; r += 1)u[r] = 909522486 ^ o[r],c[r] = 1549556828 ^ o[r];return e = i(u.concat(d(t)), 512 + 8 * t.length),a(i(c.concat(e), 640))}function g(n) {var t, r, e = "";for (r = 0; r < n.length; r += 1)t = n.charCodeAt(r),e += "0123456789abcdef".charAt(t >>> 4 & 15) + "0123456789abcdef".charAt(15 & t);return e}function v(n) {return unescape(encodeURIComponent(n))}function m(n) {return h(v(n))}function p(n) {return g(m(n))}function s(n, t) {return l(v(n), v(t))}function C(n, t) {return g(s(n, t))}function A(n, t, r) {return t ? r ? s(t, n) : C(t, n) : r ? m(n) : p(n)}"function" == typeof define && define.amd ? define(function () {return A}) : "object" == typeof module && module.exports ? module.exports = A : n.md5 = A
}(this);
//js-sha1 v0.6.0
!function () {"use strict";function t(t) {t ? (f[0] = f[16] = f[1] = f[2] = f[3] = f[4] = f[5] = f[6] = f[7] = f[8] = f[9] = f[10] = f[11] = f[12] = f[13] = f[14] = f[15] = 0,this.blocks = f) : this.blocks = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0],this.h0 = 1732584193,this.h1 = 4023233417,this.h2 = 2562383102,this.h3 = 271733878,this.h4 = 3285377520,this.block = this.start = this.bytes = this.hBytes = 0,this.finalized = this.hashed = !1,this.first = !0}var h = "object" == typeof window ? window : {}, s = !h.JS_SHA1_NO_NODE_JS && "object" == typeof process && process.versions && process.versions.node;s && (h = global);var i = !h.JS_SHA1_NO_COMMON_JS && "object" == typeof module && module.exports, e = "function" == typeof define && define.amd, r = "0123456789abcdef".split(""), o = [-2147483648, 8388608, 32768, 128], n = [24, 16, 8, 0], a = ["hex", "array", "digest", "arrayBuffer"], f = [], u = function (h) {return function (s) {return new t(!0).update(s)[h]()}}, c = function () {var h = u("hex");s && (h = p(h)),h.create = function () {return new t},h.update = function (t) {return h.create().update(t)};for (var i = 0; i < a.length; ++i) {var e = a[i];h[e] = u(e)}return h}, p = function (t) {var h = eval("require('crypto')"), s = eval("require('buffer').Buffer"), i = function (i) {if ("string" == typeof i)return h.createHash("sha1").update(i, "utf8").digest("hex");if (i.constructor === ArrayBuffer)i = new Uint8Array(i);else if (void 0 === i.length)return t(i);return h.createHash("sha1").update(new s(i)).digest("hex")};return i};t.prototype.update = function (t) {if (!this.finalized) {var s = "string" != typeof t;s && t.constructor === h.ArrayBuffer && (t = new Uint8Array(t));for (var i, e, r = 0, o = t.length || 0, a = this.blocks; r < o;) {if (this.hashed && (this.hashed = !1,a[0] = this.block,a[16] = a[1] = a[2] = a[3] = a[4] = a[5] = a[6] = a[7] = a[8] = a[9] = a[10] = a[11] = a[12] = a[13] = a[14] = a[15] = 0),s)for (e = this.start; r < o && e < 64; ++r)a[e >> 2] |= t[r] << n[3 & e++];elsefor (e = this.start; r < o && e < 64; ++r)(i = t.charCodeAt(r)) < 128 ? a[e >> 2] |= i << n[3 & e++] : i < 2048 ? (a[e >> 2] |= (192 | i >> 6) << n[3 & e++],a[e >> 2] |= (128 | 63 & i) << n[3 & e++]) : i < 55296 || i >= 57344 ? (a[e >> 2] |= (224 | i >> 12) << n[3 & e++],a[e >> 2] |= (128 | i >> 6 & 63) << n[3 & e++],a[e >> 2] |= (128 | 63 & i) << n[3 & e++]) : (i = 65536 + ((1023 & i) << 10 | 1023 & t.charCodeAt(++r)),a[e >> 2] |= (240 | i >> 18) << n[3 & e++],a[e >> 2] |= (128 | i >> 12 & 63) << n[3 & e++],a[e >> 2] |= (128 | i >> 6 & 63) << n[3 & e++],a[e >> 2] |= (128 | 63 & i) << n[3 & e++]);this.lastByteIndex = e,this.bytes += e - this.start,e >= 64 ? (this.block = a[16],this.start = e - 64,this.hash(),this.hashed = !0) : this.start = e}return this.bytes > 4294967295 && (this.hBytes += this.bytes / 4294967296 << 0,this.bytes = this.bytes % 4294967296),this}},t.prototype.finalize = function () {if (!this.finalized) {this.finalized = !0;var t = this.blocks, h = this.lastByteIndex;t[16] = this.block,t[h >> 2] |= o[3 & h],this.block = t[16],h >= 56 && (this.hashed || this.hash(),t[0] = this.block,t[16] = t[1] = t[2] = t[3] = t[4] = t[5] = t[6] = t[7] = t[8] = t[9] = t[10] = t[11] = t[12] = t[13] = t[14] = t[15] = 0),t[14] = this.hBytes << 3 | this.bytes >>> 29,t[15] = this.bytes << 3,this.hash()}},t.prototype.hash = function () {var t, h, s = this.h0, i = this.h1, e = this.h2, r = this.h3, o = this.h4, n = this.blocks;for (t = 16; t < 80; ++t)h = n[t - 3] ^ n[t - 8] ^ n[t - 14] ^ n[t - 16],n[t] = h << 1 | h >>> 31;for (t = 0; t < 20; t += 5)s = (h = (i = (h = (e = (h = (r = (h = (o = (h = s << 5 | s >>> 27) + (i & e | ~i & r) + o + 1518500249 + n[t] << 0) << 5 | o >>> 27) + (s & (i = i << 30 | i >>> 2) | ~s & e) + r + 1518500249 + n[t + 1] << 0) << 5 | r >>> 27) + (o & (s = s << 30 | s >>> 2) | ~o & i) + e + 1518500249 + n[t + 2] << 0) << 5 | e >>> 27) + (r & (o = o << 30 | o >>> 2) | ~r & s) + i + 1518500249 + n[t + 3] << 0) << 5 | i >>> 27) + (e & (r = r << 30 | r >>> 2) | ~e & o) + s + 1518500249 + n[t + 4] << 0,e = e << 30 | e >>> 2;for (; t < 40; t += 5)s = (h = (i = (h = (e = (h = (r = (h = (o = (h = s << 5 | s >>> 27) + (i ^ e ^ r) + o + 1859775393 + n[t] << 0) << 5 | o >>> 27) + (s ^ (i = i << 30 | i >>> 2) ^ e) + r + 1859775393 + n[t + 1] << 0) << 5 | r >>> 27) + (o ^ (s = s << 30 | s >>> 2) ^ i) + e + 1859775393 + n[t + 2] << 0) << 5 | e >>> 27) + (r ^ (o = o << 30 | o >>> 2) ^ s) + i + 1859775393 + n[t + 3] << 0) << 5 | i >>> 27) + (e ^ (r = r << 30 | r >>> 2) ^ o) + s + 1859775393 + n[t + 4] << 0,e = e << 30 | e >>> 2;for (; t < 60; t += 5)s = (h = (i = (h = (e = (h = (r = (h = (o = (h = s << 5 | s >>> 27) + (i & e | i & r | e & r) + o - 1894007588 + n[t] << 0) << 5 | o >>> 27) + (s & (i = i << 30 | i >>> 2) | s & e | i & e) + r - 1894007588 + n[t + 1] << 0) << 5 | r >>> 27) + (o & (s = s << 30 | s >>> 2) | o & i | s & i) + e - 1894007588 + n[t + 2] << 0) << 5 | e >>> 27) + (r & (o = o << 30 | o >>> 2) | r & s | o & s) + i - 1894007588 + n[t + 3] << 0) << 5 | i >>> 27) + (e & (r = r << 30 | r >>> 2) | e & o | r & o) + s - 1894007588 + n[t + 4] << 0,e = e << 30 | e >>> 2;for (; t < 80; t += 5)s = (h = (i = (h = (e = (h = (r = (h = (o = (h = s << 5 | s >>> 27) + (i ^ e ^ r) + o - 899497514 + n[t] << 0) << 5 | o >>> 27) + (s ^ (i = i << 30 | i >>> 2) ^ e) + r - 899497514 + n[t + 1] << 0) << 5 | r >>> 27) + (o ^ (s = s << 30 | s >>> 2) ^ i) + e - 899497514 + n[t + 2] << 0) << 5 | e >>> 27) + (r ^ (o = o << 30 | o >>> 2) ^ s) + i - 899497514 + n[t + 3] << 0) << 5 | i >>> 27) + (e ^ (r = r << 30 | r >>> 2) ^ o) + s - 899497514 + n[t + 4] << 0,e = e << 30 | e >>> 2;this.h0 = this.h0 + s << 0,this.h1 = this.h1 + i << 0,this.h2 = this.h2 + e << 0,this.h3 = this.h3 + r << 0,this.h4 = this.h4 + o << 0},t.prototype.hex = function () {this.finalize();var t = this.h0, h = this.h1, s = this.h2, i = this.h3, e = this.h4;return r[t >> 28 & 15] + r[t >> 24 & 15] + r[t >> 20 & 15] + r[t >> 16 & 15] + r[t >> 12 & 15] + r[t >> 8 & 15] + r[t >> 4 & 15] + r[15 & t] + r[h >> 28 & 15] + r[h >> 24 & 15] + r[h >> 20 & 15] + r[h >> 16 & 15] + r[h >> 12 & 15] + r[h >> 8 & 15] + r[h >> 4 & 15] + r[15 & h] + r[s >> 28 & 15] + r[s >> 24 & 15] + r[s >> 20 & 15] + r[s >> 16 & 15] + r[s >> 12 & 15] + r[s >> 8 & 15] + r[s >> 4 & 15] + r[15 & s] + r[i >> 28 & 15] + r[i >> 24 & 15] + r[i >> 20 & 15] + r[i >> 16 & 15] + r[i >> 12 & 15] + r[i >> 8 & 15] + r[i >> 4 & 15] + r[15 & i] + r[e >> 28 & 15] + r[e >> 24 & 15] + r[e >> 20 & 15] + r[e >> 16 & 15] + r[e >> 12 & 15] + r[e >> 8 & 15] + r[e >> 4 & 15] + r[15 & e]},t.prototype.toString = t.prototype.hex,t.prototype.digest = function () {this.finalize();var t = this.h0, h = this.h1, s = this.h2, i = this.h3, e = this.h4;return [t >> 24 & 255, t >> 16 & 255, t >> 8 & 255, 255 & t, h >> 24 & 255, h >> 16 & 255, h >> 8 & 255, 255 & h, s >> 24 & 255, s >> 16 & 255, s >> 8 & 255, 255 & s, i >> 24 & 255, i >> 16 & 255, i >> 8 & 255, 255 & i, e >> 24 & 255, e >> 16 & 255, e >> 8 & 255, 255 & e]},t.prototype.array = t.prototype.digest,t.prototype.arrayBuffer = function () {this.finalize();var t = new ArrayBuffer(20), h = new DataView(t);return h.setUint32(0, this.h0),h.setUint32(4, this.h1),h.setUint32(8, this.h2),h.setUint32(12, this.h3),h.setUint32(16, this.h4),t};var y = c();i ? module.exports = y : (h.sha1 = y,e && define(function () {return y}))
}();
//json2 v20160511
"object" != typeof JSON && (JSON = {}),function () {"use strict";function f(t) {return t < 10 ? "0" + t : t}function this_value() {return this.valueOf()}function quote(t) {return rx_escapable.lastIndex = 0,rx_escapable.test(t) ? '"' + t.replace(rx_escapable, function (t) {var e = meta[t];return "string" == typeof e ? e : "\\u" + ("0000" + t.charCodeAt(0).toString(16)).slice(-4)}) + '"' : '"' + t + '"'}function str(t, e) {var r, n, o, u, f, a = gap, i = e[t];switch (i && "object" == typeof i && "function" == typeof i.toJSON && (i = i.toJSON(t)),"function" == typeof rep && (i = rep.call(e, t, i)),typeof i) {case "string":return quote(i);case "number":return isFinite(i) ? String(i) : "null";case "boolean":case "null":return String(i);case "object":if (!i)return "null";if (gap += indent,f = [],"[object Array]" === Object.prototype.toString.apply(i)) {for (u = i.length,r = 0; r < u; r += 1)f[r] = str(r, i) || "null";return o = 0 === f.length ? "[]" : gap ? "[\n" + gap + f.join(",\n" + gap) + "\n" + a + "]" : "[" + f.join(",") + "]",gap = a,o}if (rep && "object" == typeof rep)for (u = rep.length,r = 0; r < u; r += 1)"string" == typeof rep[r] && (n = rep[r],o = str(n, i),o && f.push(quote(n) + (gap ? ": " : ":") + o));elsefor (n in i)Object.prototype.hasOwnProperty.call(i, n) && (o = str(n, i),o && f.push(quote(n) + (gap ? ": " : ":") + o));return o = 0 === f.length ? "{}" : gap ? "{\n" + gap + f.join(",\n" + gap) + "\n" + a + "}" : "{" + f.join(",") + "}",gap = a,o}}var rx_one = /^[\],:{}\s]*$/, rx_two = /\\(?:["\\\/bfnrt]|u[0-9a-fA-F]{4})/g, rx_three = /"[^"\\\n\r]*"|true|false|null|-?\d+(?:\.\d*)?(?:[eE][+\-]?\d+)?/g, rx_four = /(?:^|:|,)(?:\s*\[)+/g,rx_escapable = /[\\\"\u0000-\u001f\u007f-\u009f\u00ad\u0600-\u0604\u070f\u17b4\u17b5\u200c-\u200f\u2028-\u202f\u2060-\u206f\ufeff\ufff0-\uffff]/g,rx_dangerous = /[\u0000\u00ad\u0600-\u0604\u070f\u17b4\u17b5\u200c-\u200f\u2028-\u202f\u2060-\u206f\ufeff\ufff0-\uffff]/g;"function" != typeof Date.prototype.toJSON && (Date.prototype.toJSON = function () {return isFinite(this.valueOf()) ? this.getUTCFullYear() + "-" + f(this.getUTCMonth() + 1) + "-" + f(this.getUTCDate()) + "T" + f(this.getUTCHours()) + ":" + f(this.getUTCMinutes()) + ":" + f(this.getUTCSeconds()) + "Z" : null},Boolean.prototype.toJSON = this_value,Number.prototype.toJSON = this_value,String.prototype.toJSON = this_value);var gap, indent, meta, rep;"function" != typeof JSON.stringify && (meta = {"\b": "\\b","\t": "\\t","\n": "\\n","\f": "\\f","\r": "\\r",'"': '\\"',"\\": "\\\\"},JSON.stringify = function (t, e, r) {var n;if (gap = "",indent = "","number" == typeof r)for (n = 0; n < r; n += 1)indent += " ";else"string" == typeof r && (indent = r);if (rep = e,e && "function" != typeof e && ("object" != typeof e || "number" != typeof e.length))throw new Error("JSON.stringify");return str("", {"": t})}),"function" != typeof JSON.parse && (JSON.parse = function (text, reviver) {function walk(t, e) {var r, n, o = t[e];if (o && "object" == typeof o)for (r in o)Object.prototype.hasOwnProperty.call(o, r) && (n = walk(o, r),void 0 !== n ? o[r] = n : delete o[r]);return reviver.call(t, e, o)}var j;if (text = String(text),rx_dangerous.lastIndex = 0,rx_dangerous.test(text) && (text = text.replace(rx_dangerous, function (t) {return "\\u" + ("0000" + t.charCodeAt(0).toString(16)).slice(-4)})),rx_one.test(text.replace(rx_two, "@").replace(rx_three, "]").replace(rx_four, "")))return j = eval("(" + text + ")"),"function" == typeof reviver ? walk({"": j}, "") : j;throw new SyntaxError("JSON.parse")})}();function xEncode(str, key) {if (str == "") {return "";}var v = s(str, true),k = s(key, false);if (k.length < 4) {k.length = 4;}var n = v.length - 1,z = v[n],y = v[0],c = 0x86014019 | 0x183639A0,m,e,p,q = Math.floor(6 + 52 / (n + 1)),d = 0;while (0 < q--) {d = d + c & (0x8CE0D9BF | 0x731F2640);e = d >>> 2 & 3;for (p = 0; p < n; p++) {y = v[p + 1];m = z >>> 5 ^ y << 2;m += (y >>> 3 ^ z << 4) ^ (d ^ y);m += k[(p & 3) ^ e] ^ z;z = v[p] = v[p] + m & (0xEFB8D130 | 0x10472ECF);}y = v[0];m = z >>> 5 ^ y << 2;m += (y >>> 3 ^ z << 4) ^ (d ^ y);m += k[(p & 3) ^ e] ^ z;z = v[n] = v[n] + m & (0xBB390742 | 0x44C6F8BD);}return l(v, false);
}function s(a, b) {var c = a.length, v = [];for (var i = 0; i < c; i += 4) {v[i >> 2] = a.charCodeAt(i) | a.charCodeAt(i + 1) << 8 | a.charCodeAt(i + 2) << 16 | a.charCodeAt(i + 3) << 24;}if (b) {v[v.length] = c;}return v;
}function l(a, b) {var d = a.length, c = (d - 1) << 2;if (b) {var m = a[d - 1];if ((m < c - 3) || (m > c))return null;c = m;}for (var i = 0; i < d; i++) {a[i] = String.fromCharCode(a[i] & 0xff, a[i] >>> 8 & 0xff, a[i] >>> 16 & 0xff, a[i] >>> 24 & 0xff);}if (b) {return a.join('').substring(0, c);} else {return a.join('');}
}
var _PADCHAR = "="
var _ALPHA = "LVoJPiCN2R8G90yg+hmFHuacZ1OWMnrsSTXkYpUq/3dlbfKwv6xztjI7DeBE45QA"
function base64encode(s) {if (arguments.length !== 1) {throw "SyntaxError: exactly one argument required"}s = String(s);var i, b10, x = [], imax = s.length - s.length % 3;if (s.length === 0) {return s}for (i = 0; i < imax; i += 3) {b10 = (_getbyte(s, i) << 16) | (_getbyte(s, i + 1) << 8) | _getbyte(s, i + 2);x.push(_ALPHA.charAt(b10 >> 18));x.push(_ALPHA.charAt((b10 >> 12) & 63));x.push(_ALPHA.charAt((b10 >> 6) & 63));x.push(_ALPHA.charAt(b10 & 63))}switch (s.length - imax) {case 1:b10 = _getbyte(s, i) << 16;x.push(_ALPHA.charAt(b10 >> 18) + _ALPHA.charAt((b10 >> 12) & 63) + _PADCHAR + _PADCHAR);break;case 2:b10 = (_getbyte(s, i) << 16) | (_getbyte(s, i + 1) << 8);x.push(_ALPHA.charAt(b10 >> 18) + _ALPHA.charAt((b10 >> 12) & 63) + _ALPHA.charAt((b10 >> 6) & 63) + _PADCHAR);break}return x.join("")
}function _getbyte(s, i) {var x = s.charCodeAt(i);if (x > 255) {throw "INVALID_CHARACTER_ERR: DOM Exception 5"}return x
}

附录

  • 网页原版关键代码
    /** dm* url: /cgi-bin/rad_user_dm* params [@ip,@username,@time,@sign]* sign sha1(time+username+ip+unbind+time)*/function dm(url, data, callback) {var t = Date.parse(new Date()) / 1000;var params = {ip: data.ip,username: data.username,time: t,unbind: 0,sign: ""};var unbind = 0;if (portal.MacAuth) {unbind = 1;params.unbind = 1;}var sign = sha1(t + data.username + data.ip + unbind + t);params.sign = sign;return $.get(url + "/cgi-bin/rad_user_dm", params, callback, "jsonp");}/** Remember Me* Url:/v1/srun_portal_remember*/function remember(data, callback) {$.get(autoBuildUrl(url) + "/v1/srun_portal_remember", data, callback);}/** @Login* @params [@username, @domain, @password, @ac_id, @ip, @type, @os, @name]* @callback*/$.Login = function (url, data, callback) {var username = data.username + (data.domain || "");var challengeCallback = function (response) {if (response.error != "ok") {//Process Error Messagevar message = error(response.ecode, response.error);return callback({error: "fail",message: message});}var token = response.challenge,i = info({username: username,password: data.password,ip: (data.ip || response.client_ip),acid: data.ac_id,enc_ver: enc}, token),hmd5 = pwd(data.password, token);var chkstr = token + username;chkstr += token + hmd5;chkstr += token + data.ac_id;chkstr += token + (data.ip || response.client_ip);chkstr += token + n;chkstr += token + type;chkstr += token + i;var os = getOS();if (data.otp) {data.password = "{OTP}" + data.password;} else {data.password = "{MD5}" + hmd5;}var params = {action: "login",username: username,password: data.password,ac_id: data.ac_id,ip: data.ip || response.client_ip,chksum: chksum(chkstr),info: i,n: n,type: type,os: os.device,name: os.platform,double_stack: data.double_stack};var authCallback = function (resp) {if (resp.error == "ok") {var ploy_msg = "";if (resp.ploy_msg !== undefined) {ploy_msg = resp.ploy_msg;if (ploy_msg.indexOf("E0000") == 0) {ploy_msg = "";}}return callback({error: "ok",message: ploy_msg});}//Process Error Messagevar message = error(resp.ecode, resp.error, resp.error_msg);if (typeof resp.ploy_msg != "undefined") {message = resp.ploy_msg;}return callback({error: "fail",message: message});};srunPortal(url, params, authCallback);};var params = {username: username,ip: (data.ip || "")};getChallenge(url, params, challengeCallback);};

深澜portal认证协议参数分析及模拟登陆的golang实现相关推荐

  1. 使用深澜宽带认证客户端的问题及解决办法

    登录深澜宽带认证客户端,出现以下问题: 解决办法: 我使用的是WIN8系统,解决办法同WIN7与XP. 1. 打开"控制面板"→"管理工具"→"服务& ...

  2. 360路由器登录协议的分析和模拟实现

    本文博客地址:http://blog.csdn.net/qq1084283172/article/details/78878057 一.360路由器登录协议分析的工具配置 1. 路由器型号:360路由 ...

  3. 转载 OAuth认证协议原理分析及使用方法

    本文系转载 原文地址http://kejibo.com/oauth/ 感谢原作者 新:oauth第二代  oauth2开放认证协议原理及案例分析 写于 2011-8-4 twitter或豆瓣用户一定会 ...

  4. OAuth认证协议原理分析及使用方法

    twitter或豆瓣用户一定会发现,有时候,在别的网站,点登录后转到 twitter登录,之后转回原网站,你会发现你已经登录此网站了, 这种网站就是这个效果.其实这都是拜 OAuth所赐. OAuth ...

  5. java token认证机制,OAuth认证协议原理分析及使用方法

    twitter或豆瓣用户一定会发现,有时候,在别的网站,点登录后转到twitter登录,之后转回原网络 twitter或豆瓣用户一定会发现,有时候,在别的网站,点登录后转到 twitter登录,之后转 ...

  6. 湖北工业大学(HBUT)校园网使用路由器、深澜(srun)认证计费系统v4.5.3

    路由器wifi即连即用,不用每次认证登录. 一.pppoe拨号上网. 在路由器的上网设置中选择pppoe进行拨号上网,账号就是登录校园网的账号密码.这种方法最为简单方便,可以在各种路由器中使用. 注意 ...

  7. 华为12708动态用户组UCL技术对接深澜AAA实现基于用户产品套餐的策略路由和免费流量与限速策略

    需求:深澜AAA设备在原有移动.联通.电信产品上新开校园网产品,每月提供20G免费流量(限速8M/4M)后20元/月包月使用(限速20M/10M). 因默认路由走深澜代拨(运营商宽带),校园网宽带用户 ...

  8. 多服务器认证协议,轻量级的多服务器认证协议及其应用的研究

    摘要: 随着科学技术水平的提高,人类生活与网络息息相关.为了获取真实有效的服务,身份认证技术是其中关键因素.在传统的单服务器环境中,用户为了获取不同的服务,需要在不同的服务器下反复注册,并记住大量的账 ...

  9. 深澜认证协议分析,python模拟登录

    深澜校园网模拟登录 1.分析api 连接到校园网,登录网站自动弹出来 http://172.16.8.6/srun_portal_pc?ac_id=1&theme=basic2 先输入错的密码 ...

最新文章

  1. spring boot 系列之四:spring boot 整合JPA
  2. P2831 愤怒的小鸟
  3. 李开复:AlphaGo 若打败了世界冠军,意味着什么?
  4. Vue全家桶实战02_【从入门到放弃系列】
  5. 国产芯片WiFi物联网智能插座—电源功能设计
  6. 使用python爬取链家上海二手房信息的案例
  7. cadence 通孔焊盘_Allegro PCB -通孔焊盘制作 及Flash制作
  8. TDA4VM VTM模块使用笔记
  9. Android开发之仿QQ表情实现(下)
  10. google账户配置foxmail和使用foxmail
  11. SHOW TABLES语法
  12. 一、SpringCloud五大神兽之Eureka(eurekaServer集群)
  13. javascript重要事件总结(onsubmit/onclick/onload/onfocus/onblur/onmouseover/onmouseout)
  14. python之生成器(~函数,列表推导式,生成器表达式)
  15. 微信公众号定时推送消息
  16. 案例-分析上市公司财务数据判断企业财务造假——基于R语言
  17. MIT 计算机操作环境导论Missing Semester Lesson 9 安全和密码学
  18. 当前DOS用户界面的设计
  19. [实用软件推荐] GIF截图软件 ScreenToGif
  20. (转载)The NT Insider:Stop Interrupting Me -- Of PICs and APICs

热门文章

  1. 对Java新员工培训练习的评价:玩具
  2. 博客推广优化SEO排名方案大汇总!何必东奔西走这里的博客优化的文章应有尽有!!...
  3. 南京林业大学c语言选修题库,南京林业大学计算机正版题库(参考).doc
  4. ffmpeg mp4 to wmv and wmv to mp4
  5. 2020-02写不出影评的逼逼
  6. pandas模块:resample自定义采样频率
  7. 【预告】网络研讨会|下一代汽车操作系统微内核seL4:seL4基金会主席谈物理系统安全工程实践
  8. 利用websocket+Vuex完成一个实时聊天软件(前端部分)
  9. Boost库学习の时间日期处理
  10. Vue微信公众号 创建自定义菜单