关于被京东打年兽的LOG参数整破防这件事
登陆成功 XXXXX,欢迎使用京东年兽助手。本助手完全免费,盗卖可耻!{"code":"1"}
{"code":0,"data":{"bizCode":0,"bizMsg":"success","result":{"taskToken":"P12yocclaiZIOBYFjRWn6W7zh4JCGD43XxIlHvr","taskType":7},"success":true},"msg":"调用成功"}
{"msg":"query success!","toast":{"subTitle":"任务已完成,获得8000爆竹","mainTitle":"","toastPic":""},"returnMsg":"query success!","code":"0","refreshKey":[{"name":"$result.floatingLayerCopy","value":"获得8000爆竹"}],"activeState":"ac77737e1454476ff49f26a6b539d1be","transParam":"","channelPoint":{"babelChannel":"","greytp":"1","rec_broker":"","loginCellularNetwork":0,"pageId":""},"showToast":"1"}
{"code":"1"}
{"code":0,"data":{"bizCode":0,"bizMsg":"success","result":{"taskToken":"P12yocclaiZIOBYFjRWn6W7zh4JCGD43XtCluRK","taskType":7},"success":true},"msg":"调用成功"}
{"msg":"query success!","toast":{"subTitle":"任务已完成,获得8000爆竹","mainTitle":"","toastPic":""},"returnMsg":"query success!","code":"0","refreshKey":[{"name":"$result.floatingLayerCopy","value":"获得8000爆竹"}],"activeState":"ac77737e1454476ff49f26a6b539d1be","transParam":"","channelPoint":{"babelChannel":"","greytp":"1","rec_broker":"","loginCellularNetwork":0,"pageId":""},"showToast":"1"}
{"code":"1"}
{"code":0,"data":{"bizCode":0,"bizMsg":"success","result":{"taskToken":"P12yocclaiZIOBYFjRWn6W7zh4JCGD43X1OncZo","taskType":7},"success":true},"msg":"调用成功"}
{"msg":"query success!","toast":{"subTitle":"任务已完成,获得8000爆竹","mainTitle":"","toastPic":""},"returnMsg":"query success!","code":"0","refreshKey":[{"name":"$result.floatingLayerCopy","value":"获得8000爆竹"}],"activeState":"ac77737e1454476ff49f26a6b539d1be","transParam":"","channelPoint":{"babelChannel":"","greytp":"1","rec_broker":"","loginCellularNetwork":0,"pageId":""},"showToast":"1"}
{"code":"1"}
{"code":0,"data":{"bizCode":-1002,"bizMsg":"啊哦,活动太火爆了,请稍后再试~","success":false},"msg":"调用成功"}
{"msg":"query success!","toast":{"subTitle":"活动异常啦,请稍后再试~","mainTitle":"","toastPic":""},"returnMsg":"query success!","code":"0","refreshKey":[],"activeState":"76bb38df2cb0ab7b58a8464e4adb140e","transParam":"","channelPoint":{"babelChannel":"","greytp":"1","rec_broker":"","loginCellularNetwork":0,"pageId":""},"showToast":"1"}
{"code":"1"}
{"code":0,"data":{"bizCode":-1002,"bizMsg":"啊哦,活动太火爆了,请稍后再试~","success":false},"msg":"调用成功"}
经过测试发现抓包获得的log参数有效期仅为4次。没错,就是四次。用完失效
然后尝试修改浏览器 User-Agent 为手机的设备码,结果这样子生成的log无法使用,直接火爆...
还是老老实实手动吧...
https://i.bmp.ovh/imgs/2022/01/38c479133635ec9e.png
最后有没有大佬分享下log处理思路??
经过网页断点分析,知道log的计算方式存在于这个js文件内
https://storage.360buyimg.com/babel/01144582/3251773/production/dev/index.f79cd0827eff23460b27.js
function Rp(e) {
var t = e.secretp
, n = e.sceneId
, r = void 0 === n ? Cp : n
, e = Ip()
, n = e.log
, e = e.random;
return JSON.stringify({
extraData: {
log: encodeURIComponent(n),
sceneid: r
},
secretp: t,
random: e
})
}
破防啦,不整了。京东把我号火爆了。溜了溜了 本帖最后由 fjcqv 于 2022-1-13 01:05 编辑
log用了 smashUtils.get_risk_result计算。
开始会运行smashUtils.init(),内部会调用getAppOsInformation和getPhoneBasicInfo,在浏览器会跳出异常
分析有误 太多加密,
本帖最后由 幽溪左畔 于 2022-1-20 21:12 编辑
RPC暂时能用= = 但是过程比较复杂很难对外开放 效率还不是很高 。。。。 再加上活动快结束也没什么研究兴趣了 上次环游,有大佬解出来了,必须要app开头的ck。这次解散群了。直接在浏览器里生成的log都会火爆,不知道要验app里面什么参数。 好像发错区了,版主可以帮忙移动到求助区吗? 期待大佬的成品啊,这几天还都是人工手动做任务的。 大佬成果能分享下么 浏览器怎么调整到页面不显示用京东app打开? Ryanyan 发表于 2022-1-12 16:25
f12 CTRL+shift+M
https://wbbny.m.jd.com/babelDiy/Zeus/41AJZXRUJeTqdBK9bPoPgUJiodcU/index.html
地址这个,切换到手机模式,显示来京东app参与