gaolei
/
api_py
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
算法暴露接口(xhs、dy、ks、wx、hnw)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
0 Tags
459 KiB
 
Tree: 8441f09ae5
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '8441f09ae5'
${ noResults }
api_py/xhs/shield_md5.py

250 lines
13 KiB
Raw Blame History

import binascii
"""
小红书 md5处理 魔改部分s盒、魔改运算过程中位移量、魔值顺序修改
最终shield 是进行hmac,而需要的hash值通过 shield_aes.py 生成
逆向版本 6.97.0.1
"""
# md5的s盒 其中有几位 被处理了
SV = [0xd76aa478, 0xe8c7b756, 0x242070db, 0xc1bdceee, 0xf57c0faf,
0x4787c62a, 0xa8304613, 0xfd469501, 0x698098d8, 0x8b44f7af,
0xffff5bb1, 0x895cd7be, 0x6b901122, 0xfd987193, 0xa679438e,
0x49b40821, 0xf61e2562&0xFF00FF00, 0xc040b340, 0x265e5a51, 0xe9b6c7aa& 0xFF0011FF,
0xd62f105d, 0x2441453, 0xd8a1e681, 0xe7d3fbc8, 0x21e1cde6,
0xc33707d6, 0xf4d50d87, 0x455a14ed, 0xa9e3e905, 0xfcefa3f8 & 0xFF110011,
0x676f02d9, 0x8d2a4c8a, 0xfffa3942, 0x8771f681, 0x6d9d6122,
0xfde5380c, 0xa4beea44, 0x4bdecfa9, 0xf6bb4b60, 0xbebfbc70,
0x289b7ec6, 0xeaa127fa, 0xd4ef3085, 0x4881d05, 0xd9d4d039,
0xe6db99e5, 0x1fa27cf8, 0xc4ac5665, 0xf4292244, 0x432aff97,
0xab9423a7, 0xfc93a039, 0x655b59c3, 0x8f0ccc92, 0xffeff47d,
0x85845dd1, 0x6fa87e4f, 0xfe2ce6e0, 0xa3014314, 0x4e0811a1,
0xf7537e82, 0xbd3af235, 0x2ad7d2bb, 0xeb86d391]
# 根据ascil编码把字符转成对应的二进制
def binvalue(val, bitsize):
binval = bin(val)[2:] if isinstance(val, int) else bin(ord(val))[2:]
if len(binval) > bitsize:
raise ("binary value larger than the expected size")
while len(binval) < bitsize:
binval = "0" + binval
return binval
def string_to_bit_array(text):
array = list()
for char in text:
binval = binvalue(char, 8)
array.extend([int(x) for x in list(binval)])
return array
# 循环左移
def leftCircularShift(k, bits):
bits = bits % 32
k = k % (2 ** 32)
upper = (k << bits) % (2 ** 32)
result = upper | (k >> (32 - (bits)))
return (result)
# 分块
def blockDivide(block, chunks):
result = []
size = len(block) // chunks
for i in range(0, chunks):
result.append(int.from_bytes(block[i * size:(i + 1) * size], byteorder="little"))
return result
# F函数作用于“比特位”上
# if x then y else z
def F(X, Y, Z):
compute = ((X & Y) | ((~X) & Z))
return compute
# if z then x else y
def G(X, Y, Z):
return ((X & Z) | (Y & (~Z)))
# if X = Y then Z else ~Z
def H(X, Y, Z):
return (X ^ Y ^ Z)
def I(X, Y, Z):
return (Y ^ (X | (~Z)))
# 四个F函数
def FF(a, b, c, d, M, s, t):
xhsTemp = leftCircularShift((a + F(b, c, d) + M + t), s)
result = b + xhsTemp
return (result)
def GG(a, b, c, d, M, s, t):
result = b + leftCircularShift((a + G(b, c, d) + M + t), s)
return (result)
def HH(a, b, c, d, M, s, t):
result = b + leftCircularShift((a + H(b, c, d) + M + t), s)
return (result)
def HH1(a, b, c, d, M, s, t):
result = b + leftCircularShift((a + H(b, c, d) + M + t), s)
return (result)
def II(a, b, c, d, M, s, t):
result = b + leftCircularShift((a + I(b, c, d) + M + t), s)
return (result)
# 数据转换
def fmt8(num):
bighex = "{0:08x}".format(num)
binver = binascii.unhexlify(bighex)
result = "{0:08x}".format(int.from_bytes(binver, byteorder='little'))
return (result)
# 计算比特长度
def bitlen(bitstring):
return len(bitstring) * 8
def md5sum(msg):
# 计算比特长度,如果内容过长,64个比特放不下。就取低64bit。
msgLen = bitlen(msg) % (2 ** 64)
# 先填充一个0x80,其实是先填充一个1,后面跟对应个数的0,因为一个明文的编码至少需要8比特,所以直接填充 0b10000000即0x80
msg = msg + b'\x80' # 0x80 = 1000 0000
zeroPad = (448 - (msgLen + 8) % 512) % 512
zeroPad //= 8
msg = msg + b'\x00' * zeroPad + msgLen.to_bytes(8, byteorder='little')
# 计算循环轮数,512个为一轮
msgLen = bitlen(msg)
iterations = msgLen // 512
# print(msgLen, iterations)
# 初始化变量
# 算法魔改的第一个点,也是最明显的点
D = 0x67452301
C = 0xefcdab89
B = 0x98badcfe
A = 0x10325476
# main loop 魔改点 位移数基本都改了
for i in range(0, iterations):
a = A
b = B
c = C
d = D
block = msg[i * 64:(i + 1) * 64]
M = blockDivide(block, 16)
# Rounds 16
a = FF(a, b, c, d, M[0], 6, SV[0])
d = FF(d, a, b, c, M[1], 13, SV[1])
c = FF(c, d, a, b, M[2], 17, SV[2])
b = FF(b, c, d, a, M[3], 21, SV[3])
a = FF(a, b, c, d, M[4], 7, SV[4])
d = FF(d, a, b, c, M[5], 12, SV[5])
c = FF(c, d, a, b, M[6], 17, SV[6])
b = FF(b, c, d, a, M[7], 20, SV[7])
a = FF(a, b, c, d, M[8], 7, SV[8])
d = FF(d, a, b, c, M[9], 12, SV[9])
c = FF(c, d, a, b, M[10], 16, SV[10])
b = FF(b, c, d, a, M[11], 22, SV[11])
a = FF(a, b, c, d, M[12], 7, SV[12])
d = FF(d, a, b, c, M[13], 13, SV[13])
c = FF(c, d, a, b, M[14], 17, SV[14])
b = FF(b, c, d, a, M[15], 22, SV[15])
a = GG(a, b, c, d, M[1], 5, SV[16])
d = GG(d, a, b, c, M[6], 9, SV[17])
c = GG(c, d, a, b, M[11], 14, SV[18])
b = GG(b, c, d, a, M[0], 20, SV[19])
a = GG(a, b, c, d, M[5], 5, SV[20]) # 21 step
d = GG(d, a, b, c, M[10], 9, SV[21]) # 22 step
c = GG(c, d, a, b, M[15], 14, SV[22]) # 23 step
b = GG(b, c, d, a, M[4], 20, SV[23])
a = GG(a, b, c, d, M[9], 5, SV[24])
d = GG(d, a, b, c, M[14], 9, SV[25])
c = GG(c, d, a, b, M[3], 14, SV[26]) # 27 step
b = GG(b, c, d, a, M[8], 20, SV[27])
a = GG(a, b, c, d, M[13], 5, SV[28]) # 29 step
d = GG(d, a, b, c, M[2], 9, SV[29]) # 30 step
c = GG(c, d, a, b, M[7], 14, SV[30])
b = GG(b, c, d, a, M[12], 20, SV[31])
# 16轮
a = HH(a, b, c, d, M[5], 4, SV[32]) # 33 step
d = HH(d, a, b, c, M[8], 11, SV[33])
c = HH(c, d, a, b, M[11], 16, SV[34])
b = HH(b, c, d, a, M[14], 23, SV[35]) # 36
a = HH(a, b, c, d, M[1], 4, SV[36]) # 37
d = HH(d, a, b, c, M[4], 11, SV[37]) # 38
c = HH(c, d, a, b, M[7], 16, SV[38]) # 39
# 正常的第40步
# b = HH(b, c, d, a, M[10], 23, SV[39])
a = HH(a, b, c, d, M[13], 4, SV[40]) # 第40步
b = HH(b, c, a, d, M[10], 23, SV[39]) # 第41步
c = HH(c, d, a, b, M[3], 16, SV[42]) # 第42步
d = HH(d, a, b, c, M[0], 11, SV[41]) # 43
b = HH(b, c, d, a, M[6], 23, SV[43]) # 44
a = HH(a, b, c, d, M[9], 4, SV[44]) # 45
d = HH(d, a, b, c, M[12], 11, SV[45]) # 46
c = HH(c, d, a, b, M[15], 16, SV[46]) # 47
b = HH(b, c, d, a, M[2], 23, SV[47]) # 48
a = II(a, b, c, d, M[0], 6, SV[48])
d = II(d, a, b, c, M[7], 10, SV[49])
c = II(c, d, a, b, M[14], 15, SV[50])
b = II(b, c, d, a, M[5], 21, SV[51]) # 52
a = II(a, b, c, d, M[12], 6, SV[52])
d = II(d, a, b, c, M[3], 10, SV[53])
c = II(c, d, a, b, M[10], 15, SV[54])
b = II(b, c, d, a, M[1], 21, SV[55]) # 56
a = II(a, b, c, d, M[8], 6, SV[56])
d = II(d, a, b, c, M[15], 10, SV[57])
c = II(c, d, a, b, M[6], 15, SV[58])
b = II(b, c, d, a, M[13], 21, SV[59]) # 60
a = II(a, b, c, d, M[4], 6, SV[60])
d = II(d, a, b, c, M[11], 10, SV[61])
c = II(c, d, a, b, M[2], 15, SV[62]) # 63
b = II(b, c, d, a, M[9], 21, SV[63])
A = (A + a) % (2 ** 32)
B = (B + b) % (2 ** 32)
C = (C + c) % (2 ** 32)
D = (D + d) % (2 ** 32)
result = fmt8(A) + fmt8(B) + fmt8(C) + fmt8(D)
return result
def reverse(m):
return "".join([m[i+1] + m[i] for i in range(0, len(m), 2)])
if __name__ == "__main__":
key_list = [0x67452301, 0xefcdab89, 0x98badcfe, 0x10325476]
# 第一轮计算 获得结果 c4a02b20 e93108b2 d607639f 52569057 这个和f6填充 得到结果
data = bytes.fromhex("9cb4ec61773bebe384b03865794a3034c3bff438fedeb53d9c15a556feaaf8548bf532ee979caebb543f21edd9f4972370a4cce474a2c277a897aa4bf65fbf4d2f6170692f736e732f76312f6e6f74652f666565646e6f74655f69643d36366439323830333030303030303030316630316236383926706167653d31266e756d3d352666657463685f6d6f64653d3126736f757263653d266164735f747261636b5f69643d6669643d3137323538373037303531303636376565333737323431396563336236353064393436663763386632653137266465766963655f66696e6765727072696e743d3230323430393034313530303332663930373030323232316565343637393364323839346164323532366438383230316165626231666534646263626661266465766963655f66696e6765727072696e74313d3230323430393034313530303332663930373030323232316565343637393364323839346164323532366438383230316165626231666534646263626661266c61756e63685f69643d3137323539333737363626747a3d417369612532465368616e67686169266368616e6e656c3d504d67647431393933353733372676657273696f6e4e616d653d362e39372e302e312664657669636549643d32666537353036322d613532382d333334302d626564332d32323061363766376632343026706c6174666f726d3d616e64726f6964267369643d73657373696f6e2e31373235383730373132363338383830383638313238266964656e7469666965725f666c61673d3026743d313732353933373739372670726f6a6563745f69643d454346414146266275696c643d3639373031383126785f74726163655f706167655f63757272656e743d6578706c6f72655f66656564266c616e673d7a682d48616e73266170705f69643d4543464141463031267569733d6461726b706c6174666f726d3d616e64726f6964266275696c643d363937303138312664657669636549643d32666537353036322d613532382d333334302d626564332d323230613637663766323430")
# 2f6170692f736e732f76312f6e6f74652f666565646e6f74655f69643d36366365656162653030303030303030316430336235343626706167653d31266e756d3d352666657463685f6d6f64653d3126736f757263653d266164735f747261636b5f69643d6669643d3137323136333931353431303334383363306461616163653263613932363663626133376163396665313134266465766963655f66696e6765727072696e743d3230323430373232313735383139323830393030366537653333346534363632383632306636373638626366336230313533623139373762396636636436266465766963655f66696e6765727072696e74313d3230323430373232313735383139323830393030366537653333346534363632383632306636373638626366336230313533623139373762396636636436266370755f6e616d653d5175616c636f6d6d2b546563686e6f6c6f676965732532432b496e632b534d38313530266465766963655f6d6f64656c3d70686f6e65266c61756e63685f69643d3137323735373830333626747a3d417369612532465368616e67686169266368616e6e656c3d4350412d334453502d4e332d5a534b4a2676657273696f6e4e616d653d362e39372e302e31266f766572736561735f6368616e6e656c3d302664657669636549643d31313932313466632d306665352d336165382d393164642d62616138323163313133323426706c6174666f726d3d616e64726f6964267369643d73657373696f6e2e31373231363339323031313432303736333831313331266964656e7469666965725f666c61673d3426743d313732373539303939382670726f6a6563745f69643d454346414146266275696c643d36393730313831266c616e673d7a682d48616e73266170705f69643d4543464141463031267569733d6461726b267465656e616765723d30706c6174666f726d3d616e64726f6964266275696c643d363937303138312664657669636549643d31313932313466632d306665352d336165382d393164642d626161383231633131333234
# data = bytes.fromhex("868da458ff5a821fcff6f8bdafc009f56debf5290e0758a5d3ba4a4ae08b55764982003382b5907464bc90c34b877308474d16dec037edcfbf0ed45c2c045e2d2f6170692f736e732f76312f6e6f74652f666565646e6f74655f69643d36366365656162653030303030303030316430336235343626706167653d31266e756d3d352666657463685f6d6f64653d3126736f757263653d266164735f747261636b5f69643d6669643d3137323136333931353431303334383363306461616163653263613932363663626133376163396665313134266465766963655f66696e6765727072696e743d3230323430373232313735383139323830393030366537653333346534363632383632306636373638626366336230313533623139373762396636636436266465766963655f66696e6765727072696e74313d3230323430373232313735383139323830393030366537653333346534363632383632306636373638626366336230313533623139373762396636636436266370755f6e616d653d5175616c636f6d6d2b546563686e6f6c6f676965732532432b496e632b534d38313530266465766963655f6d6f64656c3d70686f6e65266c61756e63685f69643d3137323735373830333626747a3d417369612532465368616e67686169266368616e6e656c3d4350412d334453502d4e332d5a534b4a2676657273696f6e4e616d653d362e39372e302e31266f766572736561735f6368616e6e656c3d302664657669636549643d31313932313466632d306665352d336165382d393164642d62616138323163313133323426706c6174666f726d3d616e64726f6964267369643d73657373696f6e2e31373231363339323031313432303736333831313331266964656e7469666965725f666c61673d3426743d313732373539303939382670726f6a6563745f69643d454346414146266275696c643d36393730313831266c616e673d7a682d48616e73266170705f69643d4543464141463031267569733d6461726b267465656e616765723d30706c6174666f726d3d616e64726f6964266275696c643d363937303138312664657669636549643d32666537353036322d613532382d333334302d626564332d323230613637663766323430")
# 第二轮计算 获得key c4a02b20e93108b2d607639f52569057
# 7e424e3418de39d5ca9a0ba8d9dfde24
# data = bytes.fromhex("ece7ce329530e875a59c92d7c5aa639f07819f43646d32cfb9d020208ae13f1c23e86a59e8dffa1e0ed6faa921ed19622d277cb4aa5d87a5d564be36466e34477e424e3418de39d5ca9a0ba8d9dfde24")
print("plainText: ", data)
print("result: ", md5sum(data))