某云签署签名算法逆向分析

这里有签名验证，开始逆向

这里看到signInfo是f

往上看f是由p的sha256得来

再往上看，p由h的base64得来

h为appid和bussNo和timestamp和random生成

appid是固定的，每个账号一个，我这里为R45W5Gj7PzPdp7Di

现在找bussno

bussno是x

而x为上面的那个return x得来

点进去这个函数查看

将这个js写成python

import random
#bussNo
def random_word(use_range, min_len, max_len=None):
    chars = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
    length = min_len if not use_range else random.randint(min_len, max_len)
    return ''.join(random.choice(chars) for _ in range(length))

# Example usage:
random_str = random_word(False, 32)  # 'e', 't' parameters from the original function.
print(f"bussNo:{random_str}")

现在还剩下timestamp和random

Timestamp可以直接python生成

还剩下random

往回看

这里random的值为C519AE22F9684C5E84298AA67752B5B7

发现是S.data.value的值

这个S.data.value的值是由这个数据包的返回包得来

（这里我请求了另一个数据包，所以跟上面的不一样）

现在可以得出random的python算法

import random
#bussNo
def random_word(use_range, min_len, max_len=None):
    chars = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
    length = min_len if not use_range else random.randint(min_len, max_len)
    return ''.join(random.choice(chars) for _ in range(length))

# Example usage:
random_str = random_word(False, 32)  # 'e', 't' parameters from the original function.
print(f"bussNo:{random_str}")

from datetime import datetime

#timestamp
current_timestamp = int(datetime.utcnow().timestamp() * 1000)
print(f"Timestamp: {current_timestamp}")

#appID
appID='R45W5Gj7PzPdp7Di'


#请求
import requests
import json
# 请求的URL
url = ''

# 请求头
headers = {
    'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0',
    'Content-Type': 'application/json',
    'Accept': '*/*',
    'Origin': 'http://120.236.104.54:19092',
    'Referer': 'http://120.236.104.54:19092/choose-location',
    'Accept-Encoding': 'gzip, deflate, br',
    'Accept-Language': 'zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6',
    'Connection': 'close',
}

# 请求体
data = {
    "appId": "R45W5Gj7PzPdp7Di",
    "timestamp": current_timestamp,
    "bussNo": random_str,
    "data": {}
}

# 发送POST请求
response = requests.post(url, headers=headers, data=json.dumps(data))

# 打印响应内容
print(response.text)
# 解析响应内容为JSON
response_json = response.json()

# 从JSON中提取value的内容
value_content = response_json['data']['value']

# 打印value的内容
print(f"random:{value_content}")

现在所有参数都有了，回去取h的base64的值，h为appid和bussNo和timestamp和random加在一起

现在将h的值base64加密

完整代码：

import random
#bussNo
def random_word(use_range, min_len, max_len=None):
    chars = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
    length = min_len if not use_range else random.randint(min_len, max_len)
    return ''.join(random.choice(chars) for _ in range(length))

# Example usage:
random_str = random_word(False, 32)  # 'e', 't' parameters from the original function.
print(f"bussNo:{random_str}")

from datetime import datetime

#timestamp
current_timestamp = int(datetime.utcnow().timestamp() * 1000)
print(f"Timestamp: {current_timestamp}")

#appID
appID='R45W5Gj7PzPdp7Di'


#请求获取random值
import requests
import json
# 请求的URL
url = ''

# 请求头
headers = {
    'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0',
    'Content-Type': 'application/json',
    'Accept': '*/*',
    'Origin': 'http://120.236.104.54:19092',
    'Referer': 'http://120.236.104.54:19092/choose-location',
    'Accept-Encoding': 'gzip, deflate, br',
    'Accept-Language': 'zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6',
    'Connection': 'close',
}

# 请求体
data = {
    "appId": "R45W5Gj7PzPdp7Di",
    "timestamp": current_timestamp,
    "bussNo": random_str,
    "data": {}
}

# 发送POST请求
response = requests.post(url, headers=headers, data=json.dumps(data))

# 打印响应内容
print(response.text)
# 解析响应内容为JSON
response_json = response.json()

# 从JSON中提取value的内容
value_content = response_json['data']['value']

# 打印value的内容
print(f"random:{value_content}")

#h的值
h = f'appId={appID}&bussNo={random_str}&timestamp={str(current_timestamp)}&random={value_content}'
print(f'h的值:{h}')

import base64
# 将h字符串编码为bytes
h_bytes = h.encode('utf-8')

# 对bytes进行Base64编码
h_base64 = base64.b64encode(h_bytes)

# 打印Base64编码后的字符串
print(f"h的Base64加密后的值：{h_base64}")


import hashlib
# 对Base64编码后的数据进行SHA256哈希
hash_sha256 = hashlib.sha256(h_base64)

# 获取SHA256哈希后的十六进制表示形式
sha256_hex = hash_sha256.hexdigest()

# 打印SHA256哈希后的值，即signInfo的值
print(f"h的SHA256哈希值：{sha256_hex}")
print(f"signInfo：{sha256_hex}")