某云无感滑块逆向之懵了几天(下)【修改一下有始有终】
本帖最后由 xhtdtk 于 2024-11-16 23:45 编辑继上次发帖《某云无感滑块逆向之“大爷,饶了我吧!”(上)》后休息了几天,终于到了第三、四次请求的时候。
由于后两次请求与第二次请求相比,共通点太多了,因此直接从第四次请求的棘手点开始。
CaptchaVerifyParam
第四次请求的数据:
AccessKeyId: LTAI5tSEBwYMwVKAQGpxmvTd
SignatureMethod: HMAC-SHA1
SignatureVersion: 1.0
Format: JSON
Timestamp: 2024-11-16T13:24:00Z
Version: 2023-03-05
Action: VerifyCaptchaV2
SceneId: 19x5u7lo
CertifyId: 784e2c8e17317634323122429e7d15
CaptchaVerifyParam: {"sceneId":"19x5u7lo","certifyId":"784e2c8e17317634323122429e7d56","deviceToken":"V0VCI3NoODdiZDE1MTJoc2IwM2NiNDA1ODAzYTMwN2RiZTMyLWgtMTczMTc2MzQzMjc3NS0yNGY3NjYxN2NjMzI0NTYyOGE4ZTEwMTBlY2M5NDgyMSNpZVphRjVYUmdVNE12OVg5enVSdDJwT0h5UzQ3dWFacDYxL0xBeUFRMW1HQTBCK3NHc29HWEVkMGxPcDdqaXRmS0loak5DcjdWUmtBMEdqb25LcnNHN2praG00dUZmcmdPdTk2aUxCVkhZT0pMakNVWVcvVk1CVVpXYXpxejZGUmVJM0xjbno4OFdBRmVDTWdHcFQrYVVkb2FOaldGLzg5TE1qakx2a3V3RzlSNTRpZjUrWEpCaTlSeUo4Tit1OXBKYXNFZlQxNnlqR2hZeXhFR0VzcmFPV0RqUE9GcTF0V2VNa3dZbnArVDVJbTFCcjJ2ODdKeVN4V3pEM1JzZW5lejYvYUNXNncwRTd3Zi9qTGZDY0dkdDlCYkx1YkViVmc2a2VyS1JnQ3JvY0ozRHhTcGh6MVhSM2FXYWs3NGxxbzZPV0ZodjRPRmxuV1RTQlhSQzR0TTVvbElLRHpFN0p1OEUzd2s2Z3A4Mytob0dOOEZUa1lKTFNxTzl3aCtQbzVrc1FlR3hGeEdFbFJGSlQxYkFPcjlwZkU0WVZwTlRWZEVKNkEwTzV3dFUyaVlPMDFYUnpjSjhSNkt0SnQ1NDZhY2xCWFhJS3M4bjVKRGJXdEVuQTR1YVNPMnJGbFRKby9RdW04QnJuYmVka0lZeDYrYnZzWXFkRXNjUCtPNk5qVW1CMC9VbkRHdSt3RUx1YloycXBKVHNVdGEvajI3eGJuUjVwYmtHK2h6K2FMSjN1b3gwaUxyZ0tBcUwxNzcxOXlYVVVGV3k5dkhPMGtOVDNGU1ZtZU5qSDcrVjRhRHFYUktLODA5NFZuUHlBPSMxOTMjYmQ0ZWI3OGQxMDZmYjZkMGRhMzY2NjFiYzFiZmU5NDQ=","data":"9C7KCvl4RYVgo6OMyroU9/ypkF4oF6VAQVfO67MUjktcpOnAwsbZ4V/wABio2n91qYK5zm8oBJovzLxw75+/hSeEZLKTx88gog2YAV0vytBzgKMffxqaK8s84UYseNMym2OjMHA/PJsMV3yvQkcisUNhQ1kaiEE440Ezo2FfkHWeGXuM7ltILusv6hz+fsOjAbOlyk3odkrhuPACfQNe0FbZN1YgmXghhgmlyk8G8RzW69P81f/WhJ5lKcfqFMxIceZ4pctkQD2Ns0Ngvt6KY+T3c7btJOLkTm0ZrlfVgh3BF4z2N9wa1CFuNWzk2PiBNgBXberkKE1D/856+BnmjR3VNG9Etxebdd9N/U7qyooaQF2oZg/ZBQIvyNsfi0Gbn02N0ViEkFvz/Ge4yNpOqIqNM/Fc/9jrlwFSGk4m01wh/ez+lKC+dHmHIoPu3U9W7u9ud96iD+jD4qv7W84aELyFYF7YwtXsxjflhgg7cvQ2rL0D/pg9tBKpU6m3mf5zJUeOOwsdRUb5FdthhmLzNTp4z+E/ugnLMYQFPNc3vnMxdwwQJKDM5Tim2uFL6/P7r/kOSRgC9XVdMjcllpOsY2UjiQQ0c3wAwAQfMcM9WRErKNXKlileZDPVgGwhSWxlajGcFXUDdSDA4ITw+G0uVueEAI+LcdHDscRWaInbocyeoF5yXKjbvUmngoJZUOM/uAKUPh7yrxqnayxfCcf8m1rycpGCDyetEfjB9F1bbBJvpHZ0o2BJL50AD/wL3G71cQq2HnkJCOZG8tyUeDL2IYUqZ+2MRJ2uD6MV0L3zU1R/DFYT7YNWUVZnB3ThrWwPUFTPTDcSF6hGc5rFHCLxS1tEqsH29+vS7ByVZIjW9QzEX0+ezGzhA4mhiNET9QR3nCJfoP+UBMYgiRDTFDqdFV0DnxZAs7BypkU2jLfNcGuz8J9KjkGMbmTagCvRBbKYNy8OW93z6LSjcsHtVSfV6nf3/7sEj0s2nfaMsQpiBD7wyGuqj/hf1z70b8gerfOlFRSD5XpkkVLHHG9lexHM14oqYJP0Ze4579qDZkCvB0WZZfKYo2YgcNsa9VtAkVlImFicDlRCgJL29Nfkanii4Q5xvvCbTa//DtOMphtdFc5BjwOjurmGiFvO07e8r2XH8losV/aHjBeYOmZnh88KIGZLjYHdppHq08/JUxNJoWRZLz5dO7nj6Rf4E3SfNTURqIn9mJ2ufcxBoNW9hDLSdFB8wUNeP1xggt3bIa5cRFX9MTsK8tWSEnBY/PDgAW7cBw5ssQzlDAs8T9+2El4t2XyxsI2aJnFFEB2dVAWe5M8wz1Ekdmd8Y0xWcjlEJ0mvIvWGDiiZMQAbmiPqdn+W27M82lKGawWnxAlU/D/ShCSNQBbRsKhbz/ZqR90kLyloeytvmjHG1degwvLwK7RPvhLkfUmD6F1zC9jQEpiXTOBXCyemU+f1Yt6EqNbYdEWYYflMQdWnFViSy+6ohCb8KM06VG/dazrSEjGpCbNqcEOza2sELqde2LL1YnMQNemVgdgjRF2pdJNiXgzDRZK5gzswQrwT44D4xPoY1FGuWd3Zu+QnmgUwPj/7ozbcQHkgsIFvq98FkO3zT/yAoEkJIyggEdgHQafUd5chMLvBDYS9Z2bCWNl//gnDu3+qy8F4qX/+l8GG9i+A9TVoPKNDjKoBIo7OwYA3Qv1OonRNP0TiiyGAsDEPy3npY7thgPKdbNrht53yJ1PdtC9g+jUR6mjj8OYywVnAXObssbwbaSL7xZgC4MnHNc2seysSonPh85oEb4yyS0UQaYAJtb4hztzr5RMBN7qnngFVecmqZuWYF0Y40klgLSOe/RoZUVCQ+Kz9h0WQBMI3CZMWqubMl1wE8J0OKPMtfo9vpdr+Vy0QmadC8A7PoTD22f92WEW0x4TIf++0oZ//3MU3vQozgrWaGHgmKPVyzT6dHyMW4CXot9SJQJjqkZi525M1GncUecWcX5VcKJAWmg8uqcthPRBpXeC2AymrNrlq2Oyrv4ZUejo5xAcLOvV+jKIcrGPeHttXkKp6+86rl9tjMT2X5QH83/qDNJmBrt3DkgvuoaWv/WRWZ/rYnPPsz3fvy7/IW64Y5rkcNCzEYpzlMJgRR7/OJUuqQU1UcrhdI8W8zzhKJF8OVWUWH3WoXVtKwilcNCat0BiarVH0JCBsbIJ4DYHE38Whdaic+VgPoyGcZIDQf3TTAFGcVWMzoi8RCXjYzXxiLn7FmD+9CYofiTYB4M7lVwm3GUFC9z2g6kS3stsGAL84c0EE0Qb/fuvpoB9n7Wdz5e/oYBAEjU4/ECuUVbmjMqvi3rK5F3WEXIxgWqyu2Zy15aYEBKGwL0rV5U9tQANRVM6XC5ae/R+mTVAoghs+RkLMqgkmhb28DLMNzk+yXAAmHOfjK24MxIfFGHvANnnB+KPQYZSYXPq4XwS8BDGtfaXaEjr8zy4eHB2YN2fgADtebaUCGEMOYl7XyuIwLfjPoQEJlw8/7Vfb6RSHW4one3otqFTZz/AGPoJwlHk94XdPbd+Q/9tqZnrtBliN2Sn9+Sl6zUdL2YS7drf4oz72SRWiKSHQpcM0Lcbf/PAEk0p6Q1HJXh/EOen2MnkKlPRFXZ95o1fWnqhE6qVKeldGP5Da0cYoChkBresGi/SBgaAIQx46VDK0NapZmEmonvykVBASIEhY3J9DkdPxzPOj9WKG9IIit68CdIJ+yrOMaqUSWSjnh+3fUnsbe73nfbYUVuOJkJks+GkFuzEXsnvX1/ZPVyshA+i+ZpVZ//culIGzGSfrUeBMM2FVmK58pemHsyGBIlg9w4VrXdB56HoWAZj2iB0TuCGlcO83skGJ/B3q0mDRMeJSl/3Aw4EL9FUm5Uyhc2WsyvXrzRTiJwmUniV39Q6WVahEwIWzazoGz4rWCxTBY8UYaPJF6T4jjr0bi5NT+GOadxiFd0NIpjbpJeDxUXv1uXm2nv7WiK7YdObKSlVSgVCMeCThXWH4j4nhXAF7uI7xBBEjjLQNHzTTi2BN1IG6xUM9lYLKQ02Ti22vmQixeBURzfgUKwvji69/kv//D66mV5doMBxnIBIcVXel92RUjBESsTdz6H2sGVLkY7DdAAPpU49XfZw6YyBGgFxnrvu9wnauya/BBs01q+9Keh13jQ2XRCUfzr3d6SuiE67NaB4ct2e5A5PYnnwBax8NnZJXfvdC7xDBFEM5JwWPfGt12SFr6aDp33XRzkz7BRkDFN4v7S/S7rDH/9rqg4LGx4ar6ZKDdKlwS/t2jEY2Qlx5bI8ZDM9qORV/KPfFtfYPZ4Z2w2ua2oszBf+WcV3bJ5rBb2ug3dZUTKoG1Gi+7Rf4e7QoI1lfMT+mNDs1Hsf5uMOsTSvIv196NGKAi5c7qhDADKwtUOM8BjE4ttDMQac5N2eSUJl+BSGjjD/kdC+m+KRnpy8wugwEh43k+91AzMiTyNRSzJ/R5VcE7/k8HNwpkGXIhn8QWoqcH1wfVhB6Bb5vQSKV7bh6nyX8+d7UVllGauz9CSGEVPYZKLnRdqa1GgI2h8bo2i0EP94ToQddM0JC7eg/fOkHwZpe/0VnarVCqPML0h7Gw5PlkCqodY4L3k/AYiWPEyjksSLkBAJo7nTMg4DswUlRm6QpVQPz36ATxtBsP4qUuXUhAM/N9HfsLafZgf0256izSiHOBp+SjMD4jQlZ2bhJm1y5gTJZiAiwEXPs1u68F8ZxMyL7IwM9Wd8g/oOhYo1f21lUJwGWVYBzf/7ANr1/NMHW+rqk3CxBNjiC4VufInPn5FnhHJbrclCj7JdIvniu/miIFXtjVa2mIJ3H2xcgWq4/Jj3LAuahzCbf4EkVGvoziGZAL0Kdvz6xei0Ezrbrf7g+FnIVgaWK/EpKXq8jeW1QfXRFcV9opPo2UE1LduiB36J6uqGXPOVrkKaMCHQxEzAYHBGKUi7XyqBEvRnf4y9kRYg3AWhIVVRllVWQrVr4FGznoTbpV/Xmg6gBJC2NnxKe7ik9VkKuQR/DiwHaVuzc/EXUAY72oGewkhH4nEmrwL9efPD+NwSgVRMKujG7nzoEz5KPOpZ8ZUN2sQ9PnkoblMn8kqY9ZQKVNbZc/vjq5rIgSKqmn4bdIxKzOMqlb+uEuFVuQxVK5YQwvnN8Qe/rskK1mXKeQFX7cTqtVM+T8t+cR+J5MEFGcwFHrGXGbqeUDQdAyt4L1m1Nh3hsTcaJe+tqz51TuW0X5LbXYZJ8TmuUWHiM1kFum1ufWRHV411KDPftuAACQy9W/qel5dbsHx1eZ/WbV5y3kwhndKuCHNDRoa5Iy+t91eLjatrFr5JVLDSvRQCqzyOJtEp+H/hdKMv3kN7bOKqIpYGBSIc0WdLQPqHEO/BaTKBDbYAmhLruljeLzjo2LT7VhUjGNpn1gHIX5VZu+intOWL+W/80BQMqxAtvCQe+CPC0JwdvuvGqtS+rXmSEhoubjgd4B2J2mhM5vistcMim1S1g4/uf8CVvf29qaLJo2cAQYIrqAoKWpT0aNBWqTL/WzXB4A5kNChf4L788BIzZP53dXM8eXrZCda+mhD/01pAtnRjtuFHZHruHrAY9hxK1o1eVsoq8usRNazdTNW4NBQqChLY4wN+J6QDFt2T6rJvAByDCS0N5AnCV8cedNHzA+3i95P/mTwPyMHYRN2Fn2H2VNjJfpoTpFyCQZDAxuwQuSCS9j8M6bTWfcqPBbEsIghIGtQMXY/arwP+qEu+c8GcVNV2qwi1YczStIjjqzgjKxlQOQonHEdnB4Q5Vy5y1gHwyGwXBQgaWygCKdSI7o+W2eJ7pTXUOAOVvZSD7bCvx85UcOnOsdkw95kXIFUkggdvWL3VaJv2whVwBw7I53BkHxYNH2Gd1ugIDBJS/1CYcovCagbDuwQ1rtYNFT3+fiWkN1EUTTw0WTIr5Abe9rbGrRWgXsVP8oL4lK/gOv7rHQGonUT3jtNdjh9h88gzLpeKPrY8uTCKx/EPbkisYSAc1EbAlIIGGDVEkKoVwWHtfDDD2R73AEPYQKPcrSp81wUk1M0eDlT3k9Eht7T+HGJ3/GV8eS28SiByKxoP1TK9z5TC8wcROCnGsXMbh/H5VkIGlEYSoEjJ+lYZoyLV0G55DadgdaPMU8OxMtT/3W/nCC1r0t/1I11K3DcdzMc9sjIjqrlQef5F44/36hF0Hjp1Yubsov/n5f5bRH1a8yIdGmmQ8J46ElRIX4OCLq/19W+aBHsusKDKMsSlpQghgV2bP+I84mZmj7MevbeDm6w3VLbX6Sj8hB+tNfPZpiBSCKJSdNBqDX/QX55cHk1zp7AajLftalhbS3gQDq22WkfRCBnoU3xisfMNkGAwgp0o5bYU6CYiHWMB8PhWEzZYq6qHF+W9Icmpe2RVtA8e1hnBx4dB7tXWKoFuP2wILmIiM9vl0Am6TpnIMmvMjxzDoUF6BG9YYGpHxi318Fj8SurRltjPcKzZ+v8EbdwyZ6FDUbT82b6rG5YbqmSxFdVVF5S+mMU42kgYYeuEo8tIdoJ4YMkaaVvA+qQbR1yDflaF1832HfEpKjHDeu1RrbvRqis8nisBLVVCWIrNdUmamEWEZiYItryEAryNwQL5LI9/lyY9E8YQ0gtg4xSBKUMagNC5O+v0adgti5bNZreeZgGzL0IKD1bt2znn5XBT1CvMwphq5rYdMqRFO04Hoy6zLK+iGQGAZH8dq5TSAtdnRudWbyPw8sQ4MXJcycB549PjTsjDGjR2NPsaT9L2i/nK0Q8Ki6Ipe70rwK0RpGb0muT7oeB2r4L2PHnsP1QJWsq6VYgTkIoy/zq7mgfmgpYSfRQwAbruM3sfh+++UWhLQu9yknDyx8X281EzNAgJir3228tgzoaLtLbK/pp2xDZyPAlYVs6rHu8CUHjP/JN0c8XrLQYSWJt3OBDXXWHyy+zwHkU5snu7rGy90VIifGrdcRa3TNDzyMN6SFjIpOvyq1PziI05Z+Wo68tVmED/FnJ7bU0hN2/4SjliCfeOqtBBKNZaGbzgHQZjEznWGhxvjAyaqHFfWyQXtAfQaSui+5uxuv1Ok6wSdfTodXSpQK+ueAvtIk5M1IZbubPG76yrA/EJV8suAzmH91OHF6+RCGrFB5T4pjPYjCsZQU0oMUdtzW5N57jk2IeUtfFj6dYJGVatrZeA3u2WFa2wp2279aEaQVonm9Zr+g3DDiu9JChcESC1RgPhcNB9hDyn8XzNtoXMURcqMoHDoJ+4xzLRGdx5Oz/wwlii59N65uT3s7N+HLbWhncghRShtmeHVCJPpwFDacFaO+5Sj8AvOZ9LIoHG8QV2MENGqYaxNDbAzSNVFc8GdbopcSn1m3Dz0/HH69hK2w/Uqy1Dj9S2LrT/qQC9cDSgn1pPHQURoKvn3TQWEvaHXDuHmMvWdFXtBtxEKf4WNINhFgOxYkMrtgw/sopHQgcfO0bgkU301Au955UGs5uIBI9aoeG2ilkP9CHyhvIjR8Yk/bQl1EAUuLLWQoEKdID7toPW+xMEvmImy18uzhgrorWUCl0IUOqXvoALKhA1QfWn1nj1AhVHeA8py1clxpp5lpREFXPEOwwfeaw2CX0/m7odIdZ8/zOiMBPkK67sk78In4F52fgVc10Kwa4qi/L/vv11UkTc6xZzqw29Mp+BOHWlwklr4VskUyv9KDklLBFMBCTP/I1NWmhOOEaHTXZqpHS3wb6SrMDBISSC8VlTEp5IBtVtdYMf/8FIjT9ez2yLTHpAn0FSE09Rx8mNTmW4L8ZOpITkWVrPnN2Lk6w/7JWT99wycL4MgsUb0x837UUb9ZETQNYQYxod5RZ24i9HF84mfZMK33zNFAQzrTepdlVG18jTSi019vVEPVrzpL0Ctz7yWNeGkPd7lvsShf9VAu2j9Jla+Unk3PeTCy8YvfRbl1ftvi1SKc286IdV8e24Vw3SYygPL0Q2TjKkWb8J2ktZKIZQL5n0RHis5SVJmGFU7ZQzoPMQWgt4KhElsftTP5PMMGr5VKPBPGXWdQi6JpB9JngeChhx3gAppCE3npSPuqMQu2jFEMBp31jOBcz7Pd8BInzgypiywq7y1prXLXD2ui1mnludaULvklju3iqXUEtGg4lylHoidekcPztMoFLugJ9MS8d36W0pLDFW7poXWqBIUqOXypB8s5w+fjD0BgdxzbZb2tVTK6qgSpUlW3SaeGVxsUkC5UBlsKyJ87SaPKjvJHHXt5ai97iJlxQj31d+f/QyiVovOz8+ndrOO+WQ5vFSvAgsI9y+2+ocL39+p/DNwRjpu2F8Exn7A7sPJ+G4x7mg93QSFqwSBq2+lgTfpzxpLLRcZlj6m2ri8uKjNF2803dRmISxVC48b6iUFdVoUp/b0OXSSmMpCgqd9uB5obuNE08SiWxc8IVB5MXYTOAKYM7mwOLGRhynnhvElN/tWEsSM3TRwm8shICeUWVKrEDhgoP5Us0ZKkmBM"}
UserUserId: D9g3+lrRzZ8T0CvauHYne4QnyywTl98nhVI/Rceo1Mw=
SignatureNonce: 20c847de-3508-41c8-8d29-6123c46a9e19
Signature: gDr5lqDGihTqmWp8nslRdDKc2l0=
其中CaptchaVerifyParam的数据为
sceneId
certifyId
deviceToken
data
data其实就是轨迹的加密,而轨迹的格式如下
track_dict = {
"TrackList": {
"mc": "597,308,15083, ,1",
"tc": "",
"mu": "",
"te": "",
"mp": "1388,438,14451,1|1388,438,14452,1|1381,435,14452,1|1370,434,14453,1|1360,431,14454,1|1352,429,14455,1|1341,426,14456,1|1332,425,14457,1|1320,422,14458,1|1310,421,14459,1|1298,417,14460,1|1289,416,14461,1|1276,413,14462,1|1267,412,14463,1|1255,409,14464,1|1245,408,14465,1|1233,404,14466,1|1224,403,14467,1|1211,400,14468,1|1202,399,14469,1|1190,396,14470,1|1180,395,14471,1|1171,391,14472,1|1160,390,14473,1|1148,387,14474,1|1137,386,14475,1|1125,382,14476,1|1113,381,14477,1|1099,378,14478,1|1088,377,14479,1|1079,374,14480,1|1076,373,14481,1|1074,372,14482,1|1069,372,14486,1|1061,370,14487,1|1053,369,14488,1|1042,366,14489,1|1033,365,14490,1|1024,362,14491,1|1016,361,14492,1|1005,357,14493,1|996,356,14494,1|989,355,14495,1|983,355,14496,1|974,353,14497,1|966,352,14498,1|957,351,14499,1|949,349,14500,1|941,348,14501,1|933,345,14502,1|924,344,14503,1|919,343,14504,1|912,341,14505,1|905,340,14506,1|899,339,14507,1|892,337,14508,1|885,336,14509,1|880,335,14510,1|877,335,14511,1|873,333,14512,1|867,333,14513,1|863,332,14514,1|858,330,14515,1|855,329,14516,1|849,328,14517,1|848,328,14518,1|845,328,14519,1|842,328,14520,1|839,328,14521,1|835,326,14522,1|832,326,14523,1|830,325,14524,1|829,325,14525,1|827,325,14526,1|825,323,14527,1|824,323,14528,1|823,322,14529,1|821,322,14531,1|819,322,14532,1|817,322,14533,1|816,322,14535,1|815,321,14536,1|814,320,14537,1|814,319,14606,1|814,318,14607,1|814,317,14639,1|814,316,14639,1|814,315,14650,1|814,314,14650,1|814,313,14651,1|814,312,14656,1|814,311,14657,1|814,310,14663,1|814,309,14664,1|813,308,14669,1|811,307,14671,1|811,306,14673,1|811,305,14677,1|811,304,14677,1|810,303,14678,1|809,303,14680,1|809,302,14684,1|809,301,14686,1|807,301,14687,1|806,299,14690,1|805,299,14691,1|804,298,14692,1|803,298,14694,1|801,297,14696,1|800,296,14697,1|799,296,14698,1|798,296,14699,1|797,294,14700,1|794,293,14701,1|793,293,14704,1|792,293,14705,1|789,291,14706,1|787,290,14708,1|786,290,14709,1|781,289,14710,1|780,288,14711,1|778,287,14712,1|776,287,14714,1|773,287,14715,1|772,287,14716,1|770,287,14717,1|768,287,14718,1|767,287,14719,1|763,286,14720,1|761,285,14721,1|758,284,14722,1|756,284,14723,1|755,284,14724,1|753,284,14725,1|749,282,14726,1|746,282,14727,1|743,281,14728,1|741,281,14729,1|738,281,14730,1|735,281,14731,1|734,281,14732,1|732,281,14733,1|730,281,14734,1|727,281,14735,1|724,281,14736,1|721,281,14737,1|718,281,14738,1|715,281,14739,1|712,281,14740,1|709,281,14741,1|707,281,14742,1|705,281,14743,1|703,281,14744,1|700,281,14745,1|697,281,14746,1|694,281,14747,1|693,281,14748,1|691,281,14749,1|689,281,14750,1|687,281,14751,1|685,281,14752,1|683,281,14753,1|682,281,14754,1|680,281,14755,1|679,281,14756,1|677,281,14757,1|675,281,14759,1|674,281,14760,1|672,281,14761,1|670,281,14763,1|669,281,14764,1|667,281,14767,1|666,281,14769,1|665,281,14773,1|664,281,14774,1|663,281,14846,1|662,281,14847,1|661,281,14847,1|660,281,14857,1|659,281,14859,1|658,281,14867,1|657,281,14868,1|656,282,14871,1|656,283,14873,1|655,284,14878,1|654,284,14880,1|654,285,14888,1|652,286,14890,1|651,286,14896,1|650,286,14897,1|649,287,14902,1|649,288,14905,1|648,288,14912,1|647,288,14913,1|646,288,14920,1|645,288,14922,1|644,290,14923,1|643,291,14929,1|642,291,14931,1|641,291,14934,1|639,291,14936,1|638,291,14937,1|637,291,14938,1|637,292,14939,1|635,294,14941,1|634,294,14946,1|632,295,14947,1|632,296,14948,1|630,296,14950,1|629,296,14953,1|628,296,14954,1|627,296,14955,1|626,296,14956,1|625,298,14957,1|624,298,14958,1|623,299,14959,1|621,299,14961,1|620,299,14962,1|619,300,14963,1|618,301,14964,1|617,301,14965,1|616,301,14966,1|615,301,14967,1|613,301,14968,1|612,301,14970,1|610,303,14971,1|609,304,14973,1|608,304,14975,1|607,304,14976,1|606,304,14977,1|604,305,14979,1|603,307,14981,1|601,307,14983,1|600,307,14984,1|599,307,14991,1|598,307,14992,1|597,308,14993,1|597,309,15136,1|598,309,15143,1|599,309,15144,1|600,309,15146,1|601,309,15148,1|602,309,15149,1|603,309,15150,1|604,309,15152,1|607,309,15153,1|608,309,15154,1|610,309,15155,1|611,309,15156,1|612,309,15158,1|613,309,15159,1|615,309,15160,1|617,309,15162,1|619,309,15163,1|622,309,15164,1|624,309,15165,1|626,309,15166,1|628,309,15168,1|631,309,15169,1|634,309,15170,1|635,309,15171,1|637,309,15172,1|639,309,15173,1|640,309,15174,1|642,309,15175,1|645,309,15176,1|648,309,15177,1|651,309,15178,1|654,309,15179,1|655,309,15180,1|657,309,15181,1|661,309,15182,1|663,309,15183,1|665,309,15184,1|668,309,15185,1|671,309,15186,1|676,309,15187,1|680,309,15188,1|682,309,15189,1|686,309,15190,1|688,309,15191,1|692,309,15192,1|696,309,15193,1|699,309,15194,1|702,309,15195,1|705,309,15196,1|710,309,15197,1|714,309,15198,1|718,309,15199,1|721,309,15200,1|726,309,15201,1|730,309,15202,1|739,311,15203,1|743,312,15204,1|747,313,15205,1|753,315,15206,1|760,316,15207,1|768,317,15208,1|774,319,15209,1|781,320,15210,1|788,321,15211,1|796,323,15212,1|802,324,15213,1|809,325,15214,1|816,327,15215,1|824,328,15216,1|832,329,15217,1|840,331,15218,1|846,334,15219,1|853,336,15220,1|860,337,15221,1|867,337,15222,1|876,339,15223,1|884,340,15224,1|890,341,15225,1|897,343,15226,1|904,344,15227,1|912,345,15228,1|918,347,15229,1",
"tmv": "",
"mm": "597,308,15083,1|597,309,15136,1|598,309,15143,1|599,309,15144,1|600,309,15146,1|601,309,15148,1|602,309,15149,1|603,309,15150,1|604,309,15152,1|607,309,15153,1|608,309,15154,1|610,309,15155,1|611,309,15156,1|612,309,15158,1|613,309,15159,1|615,309,15160,1|617,309,15162,1|619,309,15163,1|622,309,15164,1|624,309,15165,1|626,309,15166,1|628,309,15168,1|631,309,15169,1|634,309,15170,1|635,309,15171,1|637,309,15172,1|639,309,15173,1|640,309,15174,1|642,309,15175,1|645,309,15176,1|648,309,15177,1|651,309,15178,1|654,309,15179,1|655,309,15180,1|657,309,15181,1|661,309,15182,1|663,309,15183,1|665,309,15184,1|668,309,15185,1|671,309,15186,1|676,309,15187,1|680,309,15188,1|682,309,15189,1|686,309,15190,1|688,309,15191,1|692,309,15192,1|696,309,15193,1|699,309,15194,1|702,309,15195,1|705,309,15196,1|710,309,15197,1|714,309,15198,1|718,309,15199,1|721,309,15200,1|726,309,15201,1|730,309,15202,1|739,311,15203,1|743,312,15204,1|747,313,15205,1|753,315,15206,1|760,316,15207,1|768,317,15208,1|774,319,15209,1|781,320,15210,1|788,321,15211,1|796,323,15212,1|802,324,15213,1|809,325,15214,1|816,327,15215,1|824,328,15216,1|832,329,15217,1|840,331,15218,1|846,334,15219,1|853,336,15220,1|860,337,15221,1|867,337,15222,1|876,339,15223,1|884,340,15224,1|890,341,15225,1|897,343,15226,1|904,344,15227,1|912,345,15228,1|918,347,15229,1",
"ks": "",
"fi": "",
"startTime": 1731508021832,
"si": "1393,3440,1271,1393,1271,1392,1440,154.55950543806017,3440"
},
"TrackStartTime": 1731508021832,
"VerifyTime": 1731508037064,
"arg": "ak0haTIeEhFPZD69TgF/NhZ+Qn2WFvAlZZ8OCRkY"
}
这里轨迹的信息先不管什么意思,我们是看看如何实现加密的。
在别的帖子里,轨迹的加密说是zip加密,我也不知道什么意思,但是我在逆向的时候注意到了关键词【TextEncoder】【Uint8Array】,说明和普通的aes、hmac、XHRcipher不一样。
后来发现是将轨迹信息转化为数组、然后转化为二进制、然后再进行转化得到的,通过百度和扣代码的方式,终于拿下轨迹的加密,和浏览器生成的一模一样。
最后轨迹的加密再进行aes加密就是需要的data。
有始有终,补充加密细节
找到输出加密的函数
此时我们注意一下ts,在控制台输入ts(t)后就是数组,我们进入ts函数看一下
ts函数返回一个e,e的生成找到关键词textencoder,百度一下是什么意思
没看懂什么意思,但是照抄就对了,写个js试一下
对比控制台生成的数据是一模一样的,那么这个数组又是如何变成加密的数据呢
这个push就是生成就加密的数据
找到需要扣的代码了,但是注意,我看到了prototype,说明不能只扣一段,否则补环境非常麻烦。
然后实现了效果(上面第一个图),加密之后进行aes加密,密钥和偏移量不是很隐秘因此不再啰嗦了,至于其他加密不重要但是却有必要,慢慢找总能找的到。
最后从浏览器生成的轨迹里复制后测试成功。
我使用.net+playwright, +google浏览器,在打开显示后拖动滑块,要么没到位置,要么就是出个错误提示,要重试
在普通 google浏览器里就可以正常拖动 厉害厉害
一看到加密数据就蒙了
我昨天也是为了一个阿里滑块验证折腾很久
js和python直接滑动不能通过,最后用ddxoft虚拟鼠标滑动的 一看到加密数据就蒙了 哥们牛逼 来学习一下,牛逼 来学习一下 太难学了 进来学习一下,牛逼 看到加密就懵,我自己逻辑能力不太行 太强了,学习一下