京东礼品卡绑定算法分析

声明本文章中所有内容仅供学习交流使用不用于其他任何目的抓包内容、敏感网址、数据接口等均已做脱敏处理严禁用于商业用途和非法用途否则由此产生的一切后果均与作者无关逆向过程部分python代码url /app params { source: JDAP } response session.post(url, headersheaders, paramsparams) sid response.json()[data] cp execjs.compile(open(e卡.js,r,encodingutf-8).read()) data cp.call(getFp,sid) url api/fp response session.post(url, headersheaders, datadata) data response.json() fp data[fp] st data[st] data cp.call(initBg,sid,st) url api/check response session.post(url, headersheaders, datadata) data response.json() imgJsonStr data[img] print(imgJsonStr) img json.loads(imgJsonStr) b1 img[b1] b2 img[b2] # print(b1.split(data:image/png;base64,)[1]) with open(b1.jpg,wb) as f: f.write(base64.b64decode(b1.replace(data:image/jpg;base64,,))) with open(b2.png,wb) as f: f.write(base64.b64decode(b2.replace(data:image/png;base64,,))) # verify(st, sessionId, distance) with open(b1.jpg,rb) as fp: background_bytes fp.read() with open(b2.png,rb) as fp: target_bytes fp.read() res det.slide_match(target_bytes, background_bytes, simple_targetTrue) distance getDistance() result cp.call(verify,distance,sid,imgJsonStr,st) data result[data] trace result[trace] print(trace) url api/check response session.post(url, headersheaders, datadata) data response.json() print(data)结果总结1.出于安全考虑,本章未提供完整流程,调试环节省略较多,只提供大致思路,具体细节要你自己还原,相信你也能调试出来。