V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
shenmi10086
V2EX  ›  程序员

某淘 App 接口 x-sign 签名计算

  •  
  •   shenmi10086 · 2019-11-07 19:04:39 +08:00 · 5251 次点击
    这是一个创建于 1850 天前的主题,其中的信息可能已经有所发展或是发生改变。

    一楼可能不能发那么多字

    8 条回复    2019-12-13 14:59:39 +08:00
    shenmi10086
        1
    shenmi10086  
    OP
       2019-11-07 19:05:47 +08:00
    某淘 App 接口 x-sign 签名计算


    这个小插件是手淘接口请求时 Header 头里面 的 x-sign 字段的计算

    xp 插件 不多解释了。这个插件会自动抓包手淘请求的接口打印在 xp 框架的日志里面,所以可以自行进行任意接口封装,比方说 手淘里面的 淘口令生成、淘口令解析、淘宝详情页面等等这些接口。
    shenmi10086
        2
    shenmi10086  
    OP
       2019-11-07 19:06:10 +08:00
    步骤:

    1:准备一个拥有 xp 框架的手机(模拟器)

    2:安装官方淘宝 7.6.0 版本、和本篇文章的插件,安装好后启动插件,重启手机生效

    3:点开一下安装的 XP 框架跟手机淘宝 APP

    4:把手机(模拟器)10086 端口转发出来(这个插件默认监听 10086 端口)
    shenmi10086
        3
    shenmi10086  
    OP
       2019-11-07 19:08:22 +08:00
    5:JXU4QkY3JXU2QzQyJXU4RkQ5JXU0RTJBJXU3QUVGJXU1M0UzJXVGRjBDJXU2M0E1JXU1M0UzJXU4REVGJXU3NTMxJXU5RUQ4JXU4QkE0JXU2NjJGL2lucHV0JTIwJXVGRjA4JXU3OTNBJXU0RjhCJXVGRjFBMTI3LjAuMC4xJTNBMTAwODYvc2lnbiV1RkYwOSUyQ0dFVCV1OEJGNyV1NkM0MiV1RkYwQyV1NTNDMiV1NjU3MCV1NTNFQSV1NjcwOSV1NEUyNCV1NEUyQSUyOGlucHV0JXUzMDAxYXBwa2V5JTI5JTIwJTI4JXU3OTNBJXU0RjhCJXVGRjFBaHR0cCUzQS8vMTI3LjAuMC4xJTNBMTAwODYvc2lnbiUzRmlucHV0JTNEWGExJTI1MmIxbnFSb2J3REFJWkUzaERPamglMjUyZnQlMjUyNiUyNTI2JTI1MjYyMTY0NjI5NyUyNTI2OTk5MTRiOTMyYmQzN2E1MGI5ODNjNWU3YzkwYWU5M2IlMjUyNjE1NzI4MzYwMzQlMjUyNm10b3AudGFvYmFvLndpcmVsZXNzLmhvbWVwYWdlLnJlbWluZCUyNTI2My4wJTI1MjYlMjUyNjI3MDIwMCUyNTQwdGFvYmFvX2FuZHJvaWRfNy42LjAlMjUyNkFuRjc3UlBfelk4SjQ2Wi13b3o1TFBCNTFUZmNqbDJpV0kyckNUbHVNSmluJTI1MjYlMjUyNiUyNTI2MjclMjZhcHBfa2V5JTNEMjE2NDYyOTclMjkldUZGMEMldTY3MDAldTU0MEUldThCRjcldTZDNDIldTdFRDMldTY3OUMldTVDMzEldTRGMUEldTUxRkEldTY3NjUlM0ElN0IlMjJzaWduJTIyJTNBJTIyYWIyMDM4MDA5MGQ0YWQ1YWUyOWIwYmRkNThlNzYxMjYwY2YzMzRiM2MxMmUwNWE0ZWQlMjIlN0Q=
    shenmi10086
        4
    shenmi10086  
    OP
       2019-11-07 19:09:21 +08:00
    PS: 抓取的日志大致为

    JTBBQmFzZSUyMFNpZ25TdHJpbmclMjBSZXMlMjgldThGRDkldTRFMkEldTY2MkZpbnB1dCUyMCV1NTNDMiV1NjU3MCV1RkYwQyV1OEZEQiV1ODg0QyV1N0I3RSV1NTQwRCV1NjVGNiV1OTcwMCV1ODk4MSV1NEYyMCV1NTE2NSV1NzY4NCUyOSUyMCUzRSUzRSUzRSUyMCU3QklOUFVUJTNEWGExKzFucVJvYndEQUlaRTNoRE9qaC90JTI2JTI2JTI2MjE2NDYyOTclMjY5OTkxNGI5MzJiZDM3YTUwYjk4M2M1ZTdjOTBhZTkzYiUyNjE1NzI4MzU5OTElMjZtdG9wLmNvbW1vbi5nZXR0aW1lc3RhbXAlMjYqJTI2JTI2MjcwMjAwQHRhb2Jhb19hbmRyb2lkXzcuNi4wJTI2JTI2JTI2JTI2MjclN0QlMEElMEFCYXNlJTIwU2lnbiUyMFBhcmFtcyU1QyU1QjAlNUQlMjgldThGRDkldTRFMkEldTY2MkYldThDMDMldTc1MjgldTdCN0UldTU0MEQldTY1QjkldTZDRDUldTY1RjYldTRGMjAldTUxNjUldTc2ODQldTdCMkMldTRFMDAldTRFMkEldTUzQzIldTY1NzAlMjklMjAlM0UlM0UlM0UlMjAlN0J1aWQlM0RudWxsJTJDJTIwdHRpZCUzRDI3MDIwMEB0YW9iYW9fYW5kcm9pZF83LjYuMCUyQyUyMHNpZCUzRG51bGwlMkMlMjB4LWZlYXR1cmVzJTNEMjclMkMlMjBkYXRhJTNEJTdCJTdEJTJDJTIwdiUzRColMkMlMjB1dGRpZCUzRFhhMSsxbnFSb2J3REFJWkUzaERPamgvdCUyQyUyMHQlM0QxNTcyODM1OTkxJTJDJTIwYXBpJTNEbXRvcC5jb21tb24uZ2V0dGltZXN0YW1wJTJDJTIwZGV2aWNlSWQlM0RudWxsJTJDJTIwYXBwS2V5JTNEMjE2NDYyOTclN0QlMEElMEFCYXNlJTIwU2lnbiUyMFBhcmFtcyU1QyU1QjElNUQlMjgldThGRDkldTRFMkEldTY2MkYldThDMDMldTc1MjgldTdCN0UldTU0MEQldTY1QjkldTZDRDUldTY1RjYldTRGMjAldTUxNjUldTc2ODQldTdCMkMldTRFOEMldTRFMkEldTUzQzIldTY1NzAldUZGMEMldTVFOTQldThCRTUldTY2MkZhcHBrZXklMjklMjAlM0UlM0UlM0UlMjAyMTY0NjI5NyUwQSUwQUJhc2UlMjBTaWduJTIwUGFyYW1zJTVDJTVCMiU1RCUyOCV1OEZEOSV1NEUyQSV1NjYyRiV1OEMwMyV1NzUyOCV1N0I3RSV1NTQwRCV1NjVCOSV1NkNENSV1NjVGNiV1NEYyMCV1NTE2NSV1NzY4NCV1N0IyQyV1NEUwOSV1NEUyQSV1NTNDMiV1NjU3MCV1RkYwQyV1NTdGQSV1NjcyQyV1NEUzQW51bGwlMjklMjAlM0UlM0UlM0UlMjBudWxsJTBBJTBBQmFzZSUyMFNpZ24lMjBSZXMlMjgldThGRDkldTRFMkEldTY2MkYldThDMDMldTc1MjgldTdCN0UldTU0MEQldTY1QjkldTZDRDUldUZGMEMldTY3MDAldTU0MEUldTc2ODQldTdFRDMldTY3OUMlMjklMjAlM0UlM0UlM0UlMjBhYjIwMzgwMDkwZDRmNjIyNmNjZDk0MjgwZDgwMjUyZGNjNzAyZDkxN2I5ZTdkYjAyMw==
    shenmi10086
        5
    shenmi10086  
    OP
       2019-11-07 19:09:47 +08:00
    JTBBQmFzZSUyMFRhb2JhbyUyMFVybCUyOCV1OEZEOSV1NEUyQSV1NjYyRiV1OEJGNyV1NkM0MiV1NkREOCV1NUI5RCV1NjVGNiV1NzY4NCV1NjU3NCV1NEUyQWh0dHAldTUzNEYldThCQUUldTRGRTEldTYwNkYldUZGMENHRVQlMjAldThCRjcldTZDNDIldUZGMEMldTUzRUEldTY3MDlVUkwlMjAldThEREYlMjBoZWFkZXIldTU5MzQldTkwRTgldTUyMDYldTUyMkIldTc2ODQldTRFMEQldTk3MDAldTg5ODEldTc2ODQlMjklMjAlM0UlM0UlM0UlMjBSZXF1ZXN0JTdCJTIwdXJsJTNEaHR0cHMlM0EvL2d1aWRlLWFjcy5tLnRhb2Jhby5jb20vZ3cvbXRvcC5jb21tb24uZ2V0dGltZXN0YW1wLyovJTNGZGF0YSUzRCUyNTdCJTI1N0QlMkMlMjBtZXRob2QlM0RHRVQlMkMlMjBhcHBLZXklM0QyMTY0NjI5NyUyQyUyMGF1dGhDb2RlJTNEbnVsbCUyQyUyMGhlYWRlcnMlM0QlN0Jjb250ZW50LXR5cGUlM0RhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQlM0JjaGFyc2V0JTNEVVRGLTglMkMlMjB4LXVtdCUzRFMyMUxJclZMT3AxRXN6VnVOUE5hJTI1MkJ2NzBVVzUwcVZOWiUyQyUyMHgtYXBwLWNvbmYtdiUzRDE5JTJDJTIweC1mZWF0dXJlcyUzRDI3JTJDJTIweC11dGRpZCUzRFhhMSUyNTJCMW5xUm9id0RBSVpFM2hET2poJTI1MkZ0JTJDJTIwdXNlci1hZ2VudCUzRE1UT1BTREslMjUyRjMuMC40LjcrJTI1MjhBbmRyb2lkJTI1M0I0LjQuNCUyNTNCaVRvb2xzQVZNX1QwMDI2NDUwUyUyNTNCaVRvb2xzQVZNX1QwMDI2NDUwUyUyNTI5JTJDJTIweC1wdiUzRDUuMSUyQyUyMHgtbWluaS13dWElM0RISG5CX2tvUjRZZGUyRWg4elM5MUV2ako5JTI1MkJsME1Fd3BKZFJkWGRNWkdnbDRSaHl2S0lXblRIYkhWT2FBJTI1MkJYeDNteklodzR3Y0RtTWVIQ2hGVCUyNTJCcnpUZHBiMnhYVUplUzZib0VKZXdwc3oxJTI1MkJIU0glMjUyQkUlMjUzRCUyQyUyMGNhY2hlLWNvbnRyb2wlM0Ruby1jYWNoZSUyQyUyMHgtYy10cmFjZWlkJTNEbnVsbDE1NzI4MzU5OTE0ODAwMDAxMTI0NDAlMkMlMjB4LWFwcGtleSUzRDIxNjQ2Mjk3JTJDJTIweC10JTNEMTU3MjgzNTk5MSUyQyUyMHgtYXBwLXZlciUzRDcuNi4wJTJDJTIweC10dGlkJTNEMjcwMjAwJTI1NDB0YW9iYW9fYW5kcm9pZF83LjYuMCUyQyUyMHgtc2lnbiUzRGFiMjAzODAwOTBkNGY2MjI2Y2NkOTQyODBkODAyNTJkY2M3MDJkOTE3YjllN2RiMDIzJTJDJTIwZi1yZWZlciUzRG10b3AlN0QlMkMlMjBib2R5JTNEbnVsbCUyQyUyMHNlcU5vJTNETVRPUDElMkMlMjBjb25uZWN0VGltZW91dE1pbGxzJTNEMTAwMDAlMkMlMjByZWFkVGltZW91dE1pbGxzJTNEMTUwMDAlMkMlMjByZXRyeVRpbWVzJTNEMSUyQyUyMGJpeklkJTNEMCUyQyUyMGVudiUzRDAlMkMlMjByZXFDb250ZXh0JTNEbnVsbCUyQyUyMGFwaSUzRG10b3AuY29tbW9uLmdldHRpbWVzdGFtcCU3RA==
    shenmi10086
        6
    shenmi10086  
    OP
       2019-11-07 19:09:55 +08:00
    上面是大致的抓包打印的日志信息,至于怎么导出 XP 框架的日志,玩过的都知道吧,或者自行百度吧,非常简单。下面有 PHP 跟 Python 两个版本的调用例子。

    附件
    eHAldTYzRDIldTRFRjYlMjBodHRwcyUzQS8vd3d3LmxhbnpvdXMuY29tL2k3N3o5c2IlMEEldTZERDgldTVCOUQ3LjYuMCUyMGh0dHBzJTNBLy93d3cubGFuem91cy5jb20vaTc3emE3ZyUwQVBIUCV1OEMwMyV1NzUyOCV1NEY4QiV1NUI1MCUyMGh0dHBzJTNBLy93d3cubGFuem91cy5jb20vaTc3emE4aCUwQVB5dGhvbiV1OEMwMyV1NzUyOCV1NEY4QiV1NUI1MCUyMGh0dHBzJTNBLy93d3cubGFuem91cy5jb20vaTc3emE5aQ==
    ixuuux
        7
    ixuuux  
       2019-11-11 19:20:17 +08:00
    牛批,不过现在淘宝升级了 x-sign 版本,最新的是 6.3,之前的版本风控更严,而且会被慢慢淘汰,考虑搞一下最新的吗?
    shenmi10086
        8
    shenmi10086  
    OP
       2019-12-13 14:59:39 +08:00
    最新的 6.3 x-sign 已经搞到手了 企鹅 MTIxMTk2MDc4MyUwQQ==
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   2592 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 25ms · UTC 15:31 · PVG 23:31 · LAX 07:31 · JFK 10:31
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.