某翻译平台翻译接口逆向之加解密参数刨析

上文链接

某翻译平台翻译接口逆向之webpack学习

分析参数

加密参数： ${t}

function S(e, t) {return _(`client=${u}&mysticTime=${e}&product=${d}&key=${t}`)
}
function k(e, t) {const n = (new Date).getTime();return {sign: S(n, e),client: u,product: d,appVersion: p,vendor: g,pointParam: m,mysticTime: n,keyfrom: f,mid: h,screen: A,model: v,network: b,abtest: T,yduuid: t || "abcdefg"}
}

线上跟栈找到关键位置

fetchTextTranslateSecretKey: async({commit: e},t)=>{const n = "webfanyi-key-getter", a = "asdjnjfenknafdfsdfsd";return new Promise((t=>{o.A.getTextTranslateSecretKey({keyid: n}, a).then((n=>{0 === n.code && n.data.secretKey && (e("UPDATE_SECRET_KEY", n.data.secretKey),e("UPDATE_DECODE_KEY", n.data.aesKey),e("UPDATE_DECODE_IV", n.data.aesIv),t(n.data.secretKey))})).catch((e=>{}))}))
}

发现新请求接口

aHR0cHM6Ly9kaWN0LnlvdWRhby5jb20vd2VidHJhbnNsYXRlL2tleQ==

逆向网址

aHR0cHM6Ly9mYW55aS55b3VkYW8uY29tLw==

逆向链接

aHR0cHM6Ly9mYW55aS55b3VkYW8uY29tLyMv

逆向接口

aHR0cHM6Ly9kaWN0LnlvdWRhby5jb20vd2VidHJhbnNsYXRlL2tleQ==

逆向过程

请求方式

GET

逆向参数

sign 7ce3cf3d4cf7ded169f40a8562b2722b

yduuid abcdefg

过程分析

上文逆向链接：某翻译平台翻译接口逆向之webpack学习

可以看出该接口进行加密参数构建时候参数【${t}】=== 'asdjnjfenknafdfsdfsd'

此接口返回数据：

secretKey === ${t} // 加密参数

aesKey === t // AES 解密key

aesIv === n // AES 解密iv

代码结构

Python

def getSign( param, key ):"""获取加密参数 sign"""with open( 'translation.js', 'r', encoding='utf-8', errors='ignore' ) as f:js_tamp = f.read()jsDrive = execjs.compile( js_tamp )data = {'client': param[ 'client'] ,'time': iTime,'product': param[ 'product' ],'key': key}sign = jsDrive.call( 'getSign', data )return sign

def getAesInfo():"""获取加密key及解密key与iv数据"""query = {'keyid': 'webfanyi-key-getter','client': 'fanyideskweb','product': 'webfanyi','appVersion': '1.0.0','vendor': 'web','pointParam': 'client,mysticTime,product','mysticTime': iTime,'keyfrom': 'fanyi.web','mid': 1,'screen': 1,'model': 1,'network': 'wifi','abtest': 0,'yduuid': '2f9fca73d004ffed88121a15b5e4b717'}key = 'asdjnjfenknafdfsdfsd'query[ 'sign']  = getSign( query, key )response = requests.get( url, headers=headers, params=query )if response.status_code == 200:result = json.loads( response.text )return { 'key': result['data']['secretKey'], 'aesKey': result['data']['aesKey'], 'aesIv': result['data']['aesIv'] }else:print( response )print( response.text )

def getTranslation( trans, keyInfo ):"""请求翻译接口并对结果解密"""data = {'i': trans,'from': 'auto','to': '','domain': 0,'dictResult': 'true','keyid': 'webfanyi','client': 'fanyideskweb','product': 'webfanyi','appVersion': '1.0.0','vendor': 'web','pointParam': 'client,mysticTime,product','mysticTime': iTime,'keyfrom': 'fanyi.web','mid': 1,'screen': 1,'model': 1,'network': 'wifi','abtest': 0,'yduuid': '2f9fca73d004ffed88121a15b5e4b717',}data['sign'] = getSign( data, keyInfo['key'] )response = requests.post( url, headers=headers, data=data )if response.status_code == 200:with open( 'translation.js', 'r', encoding='utf-8', errors='ignore' ) as f:js_tamp = f.read()jsDrive = execjs.compile(js_tamp)arg = {'t': keyInfo['aesKey'],'n': keyInfo['aesIv']}info = jsDrive.call('aesDecrypt', response.text, arg )print( info )else:print( response )print( response.text )

结果验证

#!/usr/bin/env python
# -*- coding: utf-8 -*-
# @Time   : 2024/4/22 18:38
# @Author : Carey
# @File : translation.py
# @Description
import subprocess
from functools import partial
subprocess.Popen = partial(subprocess.Popen, encoding="utf-8")import time
import json
import requests
import execjsiTime = round( time.time()*1000 )headers = {'Accept': 'application/json, text/plain, */*','Accept-Encoding': 'gzip, deflate, br, zstd','Accept-Language': 'en,zh-CN;q=0.9,zh;q=0.8,ja;q=0.7','Content-Type': 'application/x-www-form-urlencoded','Origin': 'https://fanyi.youdao.com','Referer': 'https://fanyi.youdao.com/','User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36','Cookie': 'OUTFOX_SEARCH_USER_ID=2832382@117.22.144.72; OUTFOX_SEARCH_USER_ID_NCOO=1947820840.9198918; DICT_DOCTRANS_SESSION_ID=YWRiYTJjYmUtNmMwZC00MTA4LTgyMWItOTBmMDQ5MzUzZmI2'
}def getSign( param, key ):"""获取加密参数 sign"""with open( 'translation.js', 'r', encoding='utf-8', errors='ignore' ) as f:js_tamp = f.read()jsDrive = execjs.compile( js_tamp )data = {'client': param[ 'client'] ,'time': iTime,'product': param[ 'product' ],'key': key}sign = jsDrive.call( 'getSign', data )return signdef getAesInfo():"""获取加密key及解密key与iv数据"""query = {'keyid': 'webfanyi-key-getter','client': 'fanyideskweb','product': 'webfanyi','appVersion': '1.0.0','vendor': 'web','pointParam': 'client,mysticTime,product','mysticTime': iTime,'keyfrom': 'fanyi.web','mid': 1,'screen': 1,'model': 1,'network': 'wifi','abtest': 0,'yduuid': '2f9fca73d004ffed88121a15b5e4b717'}key = 'asdjnjfenknafdfsdfsd'query[ 'sign']  = getSign( query, key )response = requests.get( url, headers=headers, params=query )if response.status_code == 200:result = json.loads( response.text )return { 'key': result['data']['secretKey'], 'aesKey': result['data']['aesKey'], 'aesIv': result['data']['aesIv'] }else:print( response )print( response.text )def getTranslation( trans, keyInfo ):"""请求翻译接口并对结果解密"""data = {'i': trans,'from': 'auto','to': '','domain': 0,'dictResult': 'true','keyid': 'webfanyi','client': 'fanyideskweb','product': 'webfanyi','appVersion': '1.0.0','vendor': 'web','pointParam': 'client,mysticTime,product','mysticTime': iTime,'keyfrom': 'fanyi.web','mid': 1,'screen': 1,'model': 1,'network': 'wifi','abtest': 0,'yduuid': '2f9fca73d004ffed88121a15b5e4b717',}data['sign'] = getSign( data, keyInfo['key'] )response = requests.post( url, headers=headers, data=data )if response.status_code == 200:with open( 'translation.js', 'r', encoding='utf-8', errors='ignore' ) as f:js_tamp = f.read()jsDrive = execjs.compile(js_tamp)arg = {'t': keyInfo['aesKey'],'n': keyInfo['aesIv']}info = jsDrive.call('aesDecrypt', response.text, arg )print( arg )print( info )else:print( response )print( response.text )if __name__ == '__main__':keyInfo = getAesInfo()getTranslation( '你叫什么名字', keyInfo )