和彩云网盘研究记录

Lkeme SVIP+
  2021-03-23 12:25:45 2021-03-23 12:25:45 创建   2024-04-15 15:30:53 2024-04-15 15:30:53 更新      1.4k 字  7 分钟  

前言

清一色的开篇,目的只为水一篇文章…
本次研究对象 和彩云网盘(mCloud)7.3.4
此记录更偏向于结果,只保证研究版本有效,去年分析的,今年才发,不保证有效

栗子

账密方式登录

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
POST https://aas.caiyun.feixin.10086.cn/tellin/thirdlogin.do HTTP/1.1
x-DeviceInfo: 1|10.0.3.15|1|7.3.4|Netease|MuMu|87AD2EDF19FFE5D7779D4191937FD5F0|08-00-27-e5-3d-e6|android 6.0.1|900X1600|zh|||
x-ExpRoute-Code: routeCode=18880886001,type=10
Accept-Charset: UTF-8
x-NetType: 1
x-MM-Source: 000
x-SvcType: 1
Accept: text/html,application/xhtml+xml,application/xml;
Connection: keep-alive
x-huawei-channelSrc: 10000023
X-Tingyun-Id: p35OnrDoP8k;c=2;r=1339375589;
Content-Type: text/plain; charset=utf-8
Content-Length: 344
Host: aas.caiyun.feixin.10086.cn
Accept-Encoding: gzip
User-Agent: okhttp/3.11.0

<?xml version="1.0" encoding="UTF-8"?><root><msisdn>18880886001</msisdn><random/><secinfo>871D0A9E95ABA22B4604224CFBA24E605FABBC34</secinfo><version>572</version><clienttype>414</clienttype><pintype>9</pintype><dycpwd/><cpid>58</cpid><verfycode/><requestip>10.0.2.15</requestip><mac/><extInfo/><UID/><loginMode>1</loginMode><srvInfoVer/></root>

# 账密正确情况
HTTP/1.1 200 OK
Set-Cookie: JSESSIONID=DE25E78BB56608CD1C186B867BF33C67; Path=/tellin/; Secure; HttpOnly
Content-Type: text/plain;charset=utf-8
Content-Length: 4992
Date: Sun, 25 Oct 2020 04:35:41 GMT
Server: HTTPS

8F5060F5F1158B1CD0C081BA51C02C12DAD4C8F839CE2E44954B1DFE5A7C0137F0FA3FEB366B23A7B9EB4535AC403D0CDF26EB5973C647B26BEB85EBDCA65595AFFC1149A6D387
........

# 账密错误情况
HTTP/1.1 200 OK
Set-Cookie: JSESSIONID=87D4DF3AB2ABD9A5CEB777E26419377F; Path=/tellin/; Secure; HttpOnly
Content-Type: text/plain;charset=utf-8
Content-Length: 86
Date: Sun, 25 Oct 2020 04:33:13 GMT
Server: HTTPS

<root><return>200050401</return><desc>The user information is incorrect.</desc></root>

观察以上登录请求发现加密的东西不少,请求头、请求体、响应体都有不同程度的加密

请求头(Request Headers)

只写几个比较重要的,大部分可以为空或者默认值

x-DeviceInfo

1
x-DeviceInfo: 1|10.0.3.15|1|7.3.4|Netease|MuMu|87AD2EDF19FFE5D7779D4191937FD5F0|08-00-27-e5-3d-e6|android 6.0.1|900X1600|zh|||

包含的东西比较多,以|分隔数据 ,下面表格按分割后的数据显示

原始数据 代表内容
1(1) 网络类型
10.0.3.15 IP地址
1(2) 固定默认
7.3.4 SDK版本
Netease MANUFACTURER
MuMu MODEL
87AD2EDF19FFE5D7779D4191937FD5F0 生成UUID
08-00-27-e5-3d-e6 MAC地址
android 6.0.1 ANDROID版本
900X1600 分辨率
zh 默认值

x-ExpRoute-Code

1
x-ExpRoute-Code: routeCode=18880886001,type=10
原始数据 代表内容
routeCode 手机号
type 如果是手机号登录 默认值为10

请求体(Request Payload)

内容组成为XML,大部分可以为空或者默认值

XML

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
<?xml version="1.0" encoding="UTF-8"?>
<root>
    <msisdn>18880886001</msisdn>
    <random/>
    <secinfo>871D0A9E95ABA22B4604224CFBA24E605FABBC34</secinfo>
    <version>572</version>
    <clienttype>414</clienttype>
    <pintype>9</pintype>
    <dycpwd/>
    <cpid>58</cpid>
    <verfycode/>
    <requestip>10.0.2.15</requestip>
    <mac/>
    <extInfo/>
    <UID/>
    <loginMode>1</loginMode>
    <srvInfoVer/>
</root>

以下sha-1()md5()等代表加密方式 , {}代表字符串拼接填充

原始数据 代表内容
secinfo sha-1(fetion.com.cn:{password})

响应体(Response Payload)

密文

登录成功后,返回数据为一长串密文,需要搭配上下文的东西解密使用 

1
2
8F5060F5F1158B1CD0C081BA51C02C12DAD4C8F839CE2E44954B1DFE5A7C0137F0FA3FEB366B23A7B9EB4535AC403D0CDF26EB5973C647B26BEB85EBDCA65595AFFC1149A6D387
........
1
2
3
4
5
6
# 拼接字符串
add_key = GErfJus#Ofr%
# 秘钥算法
clientkeyDecrypt = md5({secinfo}{add_key}) -> substring(0, 16) -> toUpperCase()
# 解密算法
result = AES() -> decodeCerResponse(byte(response), byte(clientkeyDecrypt))

算法为AES加密解密(ECB模式) , 解密秘钥为以上clientkeyDecrypt
clientkeyDecrypt 为MD5后取前16位转大写 , ECB模式无填充解密即可 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
<root>
    <return>0</return>
    <imspwd>E7E673CD95AEF839206A15A62AFE60E5</imspwd>
    <sbc></sbc>
    <domain></domain>
    <svnlist></svnlist>
    <svnuser></svnuser>
    <svnpwd></svnpwd>
    <htslist></htslist>
    <userType>1</userType>
    <userid>1711h52AR1yI</userid>
    <loginid>160334480555369</loginid>
    <heartime>4</heartime>
    <funcId>1000000000000000</funcId>
    <token>gquJ43xQ|1|RCS|1605936805651|BnEaDQrCg8cUJ1Mp4GjV1.dmGoOVrB0meR52eij8PBOOtkY8x3c5MI92EP_rBWg4tuPUOLExb.wl724cetD5rUHz5BlW5OzaMK0Z6SiA52Kst0Nvt.sBnIi4bYK8x5etKwRZeTUya6ULgApq_vQgTdM9pCaqnaKiDV1vqBGXkaQ-</token>
    <expiretime>2592000</expiretime>
    <authToken>gquJ43xQ|1|RCS|1605936805651|BnEaDQrCg8cUJ1Mp4GjV1.dmGoOVrB0meR52eij8PBOOtkY8x3c5MI92EP_rBWg4tuPUOLExb.wl724cetD5rUHz5BlW5OzaMK0Z6SiA52Kst0Nvt.sBnIi4bYK8x5etKwRZeTUya6ULgApq_vQgTdM9pCaqnaKiDV1vqBGXkaQ-</authToken>
    <atExpiretime>2592000</atExpiretime>
    <deviceid>5617A97CE3EA4B7187F4A6D84CB02880</deviceid>
    <serverinfo>
        <mbhttpsurl>https://ose1.caiyun.feixin.10086.cn:8542/isbo/openApi/</mbhttpsurl>
        <fburl>http://mrp.weibo.10086.cn</fburl>
        <editurl>http://edit.caiyun.feixin.10086.cn</editurl>
        <mediaurl>http://120.132.156.103:80</mediaurl>
        <cmpassurl>https://www.cmpassport.com</cmpassurl>
        <cytxlurl>https://auth.cytxl.com.cn</cytxlurl>
        <fxcaptchaurl>http://nav.fetion.com.cn</fxcaptchaurl>
        <xmppaddr>221.176.66.104:5225,221.176.66.104:5226,221.176.66.104:5227</xmppaddr>
        <boshurl>221.176.66.104:8081,221.176.66.104:8082,221.176.66.104:8083</boshurl>
        <marketurl>http://mcmm.caiyun.feixin.10086.cn:80</marketurl>
        <invitecodeurl>http://caiyun.feixin.10086.cn/i.jsp</invitecodeurl>
        <pingurl>http://221.176.66.99:80</pingurl>
        <rifurl>http://ose.caiyun.feixin.10086.cn:80/richlifeApp</rifurl>
        <wapUrl>http://caiyun.feixin.10086.cn:7070</wapUrl>
        <rifhttpsurl>https://ose.caiyun.feixin.10086.cn:443/richlifeApp</rifhttpsurl>
        <chargeUrl>https://cmmedia.caiyun.feixin.10086.cn:443</chargeUrl>
        <isboUrl>https://ose1.caiyun.feixin.10086.cn:8542</isboUrl>
        <calURL>http://ose.caiyun.feixin.10086.cn/richlifeApp</calURL>
        <testTermConnectURL>http://aas.caiyun.feixin.10086.cn/tellin/usr/puc/ispace/testTermConnect.do</testTermConnectURL>
    </serverinfo>
    <account>15802336010</account>
    <expiryDate>-1</expiryDate>
    <areaCode>23</areaCode>
    <provCode>23</provCode>
    <userExtInfo>
        <passID>844163976</passID>
        <AndID>844163976</AndID>
        <isRegWeibo>-1</isRegWeibo>
        <accessToken>NTE1MUFCNjcxMTM2RjA1QTg3N0VBOUU4ODQzRjE3QkIyOEY2RjQ4Qzk5RUY4NUFDMEVBODMxOEQyRTk2NEU1ODo0NDYxMDE=</accessToken>
    </userExtInfo>
    <srvInfoVer>D071457A5A1AE65EADDB39E38EE3A2F8</srvInfoVer>
</root>

注意解密后数据尾部有N个\x0f or \x0b or \x0c or \x06
可能为其他不同的字符,最好写通用匹配方式去除

实现

仓库地址 和彩云-内容加解密
代码逻辑比较简单,详情施工中…

总结

该文章代码只为学习,麻烦未经允许禁止转载哦

END.

  • 标题: 和彩云网盘研究记录
  • 作者: Lkeme
  • 创建于 : 2021-03-23 12:25:45
  • 更新于 : 2024-04-15 15:30:53
  • 链接: https://mudew.com/2021/03/23/和彩云网盘研究记录/
  • 版权声明: 本文章采用 CC BY-NC-SA 4.0 进行许可。
评论
此页目录
和彩云网盘研究记录
  1. 前言
  2. 栗子
  3. 请求头(Request Headers)
    1. x-DeviceInfo
    2. x-ExpRoute-Code
  4. 请求体(Request Payload)
    1. XML
  5. 响应体(Response Payload)
    1. 密文
  6. 实现
  7. 总结