首页
社区
课程
招聘
[原创]360freewifi逆向分析
2017-7-6 10:17 12501

[原创]360freewifi逆向分析

2017-7-6 10:17
12501

很早之前逆的360freewifi,没想到现在还可以用。发出来给大家玩吧。


1、发送与接收数据包内容

360wifiPOST包的内容:

POST /intf.php?check_update_key=&full=1&qid=0&devtype=android&nettype=mobile&manufacturer=Xiaomi&model=MI+4LTE&os=4.4.4&channel=100000&v=321&m2=b435f8072334d321f228f0a31f948470&nance=1436435681663&inviter_qid=0&method=Wifi.password&lld=pIoapfB9u%2FA%3D&tp=1&sign=49464fdf8dec35a6dadc17b0e361a741 HTTP/1.1

User-agent: 360freewifi

Cookie: Q=;T=;

Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Host: api.free.wifi.360.cn

Connection: Keep-Alive

Accept-Encoding: gzip

Content-Length: 6401

 

 

params=tbbHjdXr5vccAGLquHZpEYz3U10ZJ9e1SsFq3ruzvWDTKCfyJ3cFyfMBLHc9NNZcBUOA4q6H6G5Qa%2FgVM7RtR2acVXaTbR9soTQp2hAQvkfynmKVDC1lwNYX3spHor%2Fer321ElamrfqDWQcdvumwYYelpzbN%2FYF3jPdTXRkn17VKwWreu7O9YNMoJ%2FIndwXJ8wEsdz001lxTtRoU9CPHj8hiv%2BcKEGKIQqKhMd6rKHOhNCnaEBC%2BR%2FKeYpUMLWXA1hfeykeiv96vfbUSVqat%2BoNZBx2%2B6bBhbPghYabO4JjmlqmIm%2FFOGtPZs343tUP%2Brfftjk3UBIwqjRmCyEblJakG4z%2FdOAaz1FLIze4Mhlg86R2xggZxHjbyfXL11aPeVsXBi0YcNVf%2Fe2r21rfRKPuJF%2FhwB73q7J5f6QEfdcmIs%2FG3vUbu1BoSrjDlJydQnecXQODv%2Fo5HgcJZrzwNAKsBK4wf8pktgabryWztp6I0YiFw7wN12u40RyUSijfXUaBn%2BM64m8fqPGwIzpiqpce%2FGQZ3wlSCekeCwwDebe5EFIUvJoIkZT4lfXehD%2FicGKUYyUMxLECTKTzvXcu70tMoJ%2FIndwXJ8wEsdz001lx5%2Fo8K6hL3%2FdOpPPHKZ%2BdfEIxj%2B7a%2FwxihNCnaEBC%2BR%2FKeYpUMLWXA1hfeykeiv96vfbUSVqat%2BoNZBx2%2B6bBhj%2BYif9Kqtcu0U0PwTenU%2F9GG4cT3jJQGvDwYmVg3Elet9%2B2OTdQEjCqNGYLIRuUlFnggSPa0a2W4B%2BWnbqLhbq4OcNt4MKz4NvJ9cvXVo95WxcGLRhw1V%2F97avbWt9Eo%2B4kX%2BHAHversnl%2FpAR91yeHMOhZGVQX87aQAy1KgpSPT2bN%2BN7VD%2Fq337Y5N1ASMKo0ZgshG5SUWeCBI9rRrZRl950Cmq0OfIdxCbh7WYKY28n1y9dWj3lbFwYtGHDVX%2F3tq9ta30Sj7iRf4cAe96uyeX%2BkBH3XJoHiNThebqImZg1h0So2JDNBL0rHldp3sV6pFDB89%2FSI6qbzdm7IUz1GgZ%2FjOuJvHafmY4n64XW%2FfB3IjrqOok1tDiaeOh4c4tPwnpottKTzmkLmn7JK656E0KdoQEL5H0qYbu55bV66%2FFV4iSjmREXUijOD32u3uN2Of27XOurbTEjwvRlVXp5s1DfBkrufcxtvdlyfMo0%2B90ep6h3Eg9nB%2BxAl4Z8e6wDrvyJckaSUas11lTV3fcMCAijYVTjlNmGCU5BUG01xL7dKT%2B%2FoU9szxiGp1sul4XQ7wg0R4XFuqE%2BsfUUKxqRmckLonFVEieHBN4MogxiJjOlXCMKT6lQsialrW%2Fcz345aA%2FBTnrFJXqkUMHz39Is2LAeJ6eBwmUaBn%2BM64m8f6VIe7w8KvHX0Lfe02Wt8OsekwBNyC0JG0%2FCemi20pPOaQuafskrrnoTQp2hAQvkfSphu7nltXrr8VXiJKOZERdSKM4Pfa7e42Ji9SEvHN2i22pCE1aqN8oGSTiCBbltzTKCfyJ3cFyfMBLHc9NNZccTY7MG1QH1E6E2KcgYg0jgSHlhrRsb8OoTQp2hAQvkfynmKVDC1lwNYX3spHor%2Fer321ElamrfqDWQcdvumwYQCjJTiD6tyLtZV4cWZCWJuh%2B5PGkuPXw203UQrXfsIK4FE3fH5%2FcPEzHJJe%2F6nWBgPb8IL3GGAWQyVKZ%2BbZx6JFBkZze2gJwmdFS%2BKKMW0yUaBn%2BM64m8dAIcc7x0gb8lJip3lJq0QtFAUkRc2XqQWz7oU7jgBmO1cyRHw8rs1FUoE5atWfIWat9%2B2OTdQEjCqNGYLIRuUlzq8jX6ZBfvUULy7EsAX1JqtrEPPE1MVeNvJ9cvXVo95WxcGLRhw1V%2F97avbWt9Eo%2B4kX%2BHAHversnl%2FpAR91yWohfEG6iooxICyr40OuHIfG292XJ8yjT1gAmvX03I79cH7ECXhnx7r2iIkajpgocFWo9%2B7ocSym4uQhME8cMvmYYJTkFQbTXEvt0pP7%2BhT2zPGIanWy6XhdDvCDRHhcW6oT6x9RQrGpGZyQuicVUSIQSVxe5j5YXoz3U10ZJ9e1TDKybMNUYVz%2BOIN0GUGBcnBT4%2BKPPCb2eaOrczGtuOzc45NxCOponLqX1obD06LBcH7ECXhnx7oBwALoNmvlNyuJAvU1Mn7CWfyyRpFtS9qin4CMBKB2bJI7266Un38%2Fjv4r5S3KETlWNKjaLSN9fCq9nMWZEs%2FwUaBn%2BM64m8f9LMNTsyrMdS5vRj6FAAznI2zUCwFuEee0%2FCemi20pPOaQuafskrrnoTQp2hAQvkfSphu7nltXrr8VXiJKOZERdSKM4Pfa7e4UX%2Flj%2ByIoGYz3U10ZJ9e1hFfh%2BxMB6Ub%2BOIN0GUGBcnBT4%2BKPPCb2B73eqa9956SLj9RkmR3FsrF6aK8604AMcH7ECXhnx7oBwALoNmvlNyuJAvU1Mn7C%2BJcY0Pu0azWin4CMBKB2bCDTTIMYRaxcIhuWNkbxKcEE1Fwtw5t5GMbb3ZcnzKNPnqd54cg1f41HgcJZrzwNAKsBK4wf8pktwBCJG2VOkZgPGKFerm08JiwLLHNuSyqBUaBn%2BM64m8fqPGwIzpiqpce%2FGQZ3wlSCekeCwwDebe5EFIUvJoIkZX1JiAOE6tZP%2BcrWRYa3iQ9XqkUMHz39IoDx8%2BXXDUn9cH7ECXhnx7rOG7AoiaZg0HLUTBm%2BBzeBKyYWq79d5NOYYJTkFQbTXEvt0pP7%2BhT2zPGIanWy6XhdDvCDRHhcW6oT6x9RQrGpGZyQuicVUSIEPPY6D97GhJi00NzEkqHFZz%2FGNkSASdvTKCfyJ3cFyfMBLHc9NNZcSf%2BexxjYKRluK5wj%2B4BhjBGdJsBjy2saoTQp2hAQvkfynmKVDC1lwNYX3spHor%2Fer321ElamrfqDWQcdvumwYanR6l9QdGfoV%2Ban60bobt%2BM91NdGSfXtXFlcfsfFImR%2FjiDdBlBgXJwU%2BPijzwm9kqRXUjhMLeiWX%2BUI3ycCaVPvGkmK3Fun3B%2BxAl4Z8e6AcAC6DZr5TcriQL1NTJ%2BwviXGND7tGs1op%2BAjASgdmzBvujKGXqNGg18o6iA2zhS4d8YsbRvseGt9%2B2OTdQEjCqNGYLIRuUltXMYkccyDkp13KGDrWKMCZ7dmh998lUXNvJ9cvXVo95WxcGLRhw1V%2F97avbWt9Eo%2B4kX%2BHAHversnl%2FpAR91yWohfEG6iooxI2NvG9VWXCtXqkUMHz39IiuY8HqrZQnIUaBn%2BM64m8eKtDRAxhEQZOmadHq23TEOqur5HkCa93m0%2FCemi20pPOaQuafskrrnoTQp2hAQvkfSphu7nltXrr8VXiJKOZERdSKM4Pfa7e43Y5%2Fbtc66tmcmRNDn8oDAwriMTvYyJRV4AFST0qRTZsT%2BLQYAtMEbtIBoiWrx6DlK1NX3%2BrxMxR%2FVyRAiheaalTXMv6gJDkuyTkj%2FJZ6ylaHUxyzjzVHFcH7ECXhnx7pVq1VqW4o0e9edoNT%2FfXTjWo04yhx2oseLbZweTIQQKleqRQwfPf0igPHz5dcNSf1wfsQJeGfHug%2BperibQOJ49D9gYHmgDY47S5GTcf1s4JhglOQVBtNcS%2B3Sk%2Fv6FPbM8YhqdbLpeF0O8INEeFxbqhPrH1FCsakZnJC6JxVRIvfaZFEyYhpyxtvdlyfMo09ru9b2Ob0%2BTXB%2BxAl4Z8e6Sp3HFkJndbEi5PbmDC0zCuSwVVDw9WnEmGCU5BUG01xL7dKT%2B%2FoU9szxiGp1sul4XQ7wg0R4XFuqE%2BsfUUKxqRmckLonFVEiKx56f9kIdXygCpmTIo%2FDpYDCrWVduWaBP5x8XrlJIiq0gGiJavHoOaEDNSoGF3sM3VuaUBoGmlcUmQ8OmSsuGLJOSP8lnrKVodTHLOPNUcVwfsQJeGfHulWrVWpbijR7152g1P99dOPS8vNTRFYG3dMfBB1CNp9tnz5uwVkTIVwawS1LPXl%2B4q337Y5N1ASMKo0ZgshG5SUeS6hp2J1UkgQ8m%2F%2FhPPoltkb8E%2FBvVyI28n1y9dWj3lbFwYtGHDVX%2F3tq9ta30Sj7iRf4cAe96uyeX%2BkBH3XJ6u2rOWU8ufkbC5yICgW%2FYD0WIfCxQR0rrfftjk3UBIwqjRmCyEblJUNgJEhkxvSxcPw%2BPY0ntlYGziBoWHBTPDbyfXL11aPeVsXBi0YcNVf%2Fe2r21rfRKPuJF%2FhwB73q7J5f6QEfdcmgeI1OF5uoiZmDWHRKjYkMw5Ct4Plu9QMaEq4w5ScnUEtTNkDN%2FRThR4HCWa88DQCrASuMH%2FKZLS%2BSAezl2vr5DxihXq5tPCYsCyxzbksqgVGgZ%2FjOuJvH6jxsCM6YqqXHvxkGd8JUgnpHgsMA3m3uRBSFLyaCJGU1pd4UIDTOEr4PNfUK0%2Bwa4wz9%2BhDk0Dk9FiHwsUEdK6337Y5N1ASMKo0ZgshG5SXbfqhlidP7oD1Kb5Wg5ZmlPkGj9ppfdwI28n1y9dWj3lbFwYtGHDVX%2F3tq9ta30Sj7iRf4cAe96uyeX%2BkBH3XJXhbdntNwmbhYf0O3paBD64z3U10ZJ9e14VYg0TEqkef%2BOIN0GUGBcnBT4%2BKPPCb2S5FwGzhaFup7yDGc0RQVrVKya4mDRKGgcH7ECXhnx7oBwALoNmvlNyuJAvU1Mn7C%2BJcY0Pu0azWin4CMBKB2bECr6UUVLa5Cq%2FY9Q1zy77zG292XJ8yjTzz%2B0iNaHYSDcH7ECXhnx7oPqXq4m0DieA5V1SCnGyB0Kn6o06YF%2FwKYYJTkFQbTXEvt0pP7%2BhT2zPGIanWy6XhdDvCDRHhcW6oT6x9RQrGpGZyQuicVUSKoO%2BjeiwwwQAGL9TdKspOXjRvPv2dTGtC0gGiJavHoObq36zFR7vdCMEBpwHCubdF8onci7Mx60bJOSP8lnrKVodTHLOPNUcVwfsQJeGfHulWrVWpbijR7152g1P99dOOx%2FsaN5NpJFrGyFegMzrWJeABUk9KkU2Z2YBfSP1ygQbSAaIlq8eg5LNs3Tclr35IRiBm1gEMDnL3xi2xNX4VLsk5I%2FyWespWh1Mcs481RxXB%2BxAl4Z8e6VatValuKNHvXnaDU%2F3104xdiWGvoVLgsJ7h%2BbebHtCHQyKzz8%2FSyVhoSrjDlJydQyGOshijrbatHgcJZrzwNAKsBK4wf8pktKdtM1sfmRMcRiUKGMBHDumjqGUSKBLZqUaBn%2BM64m8fqPGwIzpiqpce%2FGQZ3wlSCekeCwwDebe5EFIUvJoIkZX0c1oRQp9v00EC9zVNU9ELVWKRjS7vXOHgAVJPSpFNmdgQV0xtbHDe0gGiJavHoObq36zFR7vdCr%2BaUM2qPZRAVBP6H7dTYQrJOSP8lnrKVodTHLOPNUcVwfsQJeGfHulWrVWpbijR7152g1P99dOOVXgemahwy%2FHU8L9BKO0hQxnA%2FQNi9CHAz4pk8%2BhzeEIz3U10ZJ9e1b3EgiuEQAbP%2BOIN0GUGBcnBT4%2BKPPCb2DNria99pJ0BdzGLG9v76ZjMoMJP46f1pcH7ECXhnx7oBwALoNmvlNyuJAvU1Mn7CWfyyRpFtS9qin4CMBKB2bCkRMAR5slzAqaMQuVSbEypEadtMnucAo%2BotaP8vfxZ90ygn8id3BcnzASx3PTTWXBaDn53R%2BS%2B6SQMTYbRsod1Izk6te5Je9qE0KdoQEL5H8p5ilQwtZcDWF97KR6K%2F3q99tRJWpq36g1kHHb7psGEDAKD0UJ7MtXa%2FTF4ZU5slcdVljpWL4Omt9%2B2OTdQEjCqNGYLIRuUlnSgiky6Z71RZuwdVbETTZv2DXQ5PD4gNNvJ9cvXVo95WxcGLRhw1V%2F97avbWt9Eo%2B4kX%2BHAHversnl%2FpAR91yaB4jU4Xm6iJoMAwNTUUcOUcuP49OsuT9egVyoFrQ5EHZSUenAdeahKt9%2B2OTdQEjCqNGYLIRuUlaB4IDV0eFlw2kunCGrRyiJZx3sken%2BN6NvJ9cvXVo95WxcGLRhw1V%2F97avbWt9Eo%2B4kX%2BHAHvepWSFTyqmTmgg%3D%3D

 

服务器返回包的内容:

HTTP/1.1 200 OK

Server: nginx/1.2.9

Date: Thu, 09 Jul 2015 09:54:41 GMT

Content-Type: application/json

Transfer-Encoding: chunked

Connection: close

Cache-Control: no-store

SIP: 10.139.95.11

 

 

2654

{"errno":0,"errmsg":"","data":{"list":"rnEKQgTYxrVgB0osQMHNsiEcIyEkbdt\/tz1hEeJzJc5VzV1RcPHXh47SFUZt8SrvBnZOgsRuMkNP8WILWh8fhPt5F0UcWZ+\/LIYOBAtGMxhBPTx+6Ms2YJBa42MHlX7J1wZt7K1d4tZSjVaq0Et5njsjNJJeDw6Dea\/SeCRnKy9Tn0fD4LNHjMecNm4XXm+O1poqcRPb\/Yfa47qd6hu1eU8ml0UG0zZBqgwngDKpp35w86T770g9rrWTjvjR\/duBFzdJex8JEHtnGnRletVuqs0vawIqeKhf1yveGkqnIYtGXmM3MMk0Vi1l+3URHfTPiwRVBF+gbN0+3\/KBKHATa+xjDCmrrIN94jLVq7GdiqltN1EK137CCuE+TEwb8l3DEq7EMAFcPwZQkjJLyya\/ME9KYcQXJxnu\/TGV19lUr0EQcu+ynY6ZUAOS8POeWJhR0Vs\/Jz+enmsQzsQ9\/IyHK5ShnqDAKooOcwpil6q4BHY9kdd6U5yvQRj0z6cA22FhvOYUABFIszBsMIzw3tO+q8CBWLrkgG1AbPghYabO4Ji4N25GpLaFuGvna\/9rq9ddbvke0v3WDTNnRUviijFtMs\/kqjgRf\/x6tQAFLfAluJfcGFynwMiHppdSQ5xzRp\/lUmMgEcPrONQi92Rt9vdPHDvQ8yNYU3ZzbN+k1EaSMP4musiIQGa7VYwX8o9YhnVgWZld7Oa7Pw8cWKsCEmvA1n2lHQPMb+Y6A80UDsgP4BQQQF4Xs\/gWhJIEJcCME1vS2zydLxWLucqBpuvJbO2nojRiIXDvA3Xa468VxGM\/qtPyZ7r+veJdQS1l+3URHfTPiwRVBF+gbN0+3\/KBKHATa5B70UomeCIe5kknn4ZyechtN1EK137CCuRBa5wSzTWLrC78JDrAm49QkjJLyya\/ME9KYcQXJxnu\/TGV19lUr0EQcu+ynY6ZUAOS8POeWJhR0Vs\/Jz+enmsQzsQ9\/IyHK5ShnqDAKooOcwpil6q4BHY9kdd6U5yvQRj0z6cA22FhDD1kac2MUUIKcMyYlZwIMeB4yoDA6lSUFL56dWnbUMDYLO4I9KpcsqUfcpl9xiYIsnjHDkBc9QiyUfvAjKMcWBtRh9g\/cgQ+j5a9Ba482yhx4z5ETU5FEMIzn7lA+GDHPLPXaYYehMpkJKCBDsC3wVQJU8A0LYMgwqgvfXBMF63bmsZzgHHp7hopzT0KK+QPGvN80wxmVKsDkvDznliYUYCQbOR0pvDZutJ7VCilCnbcWZZXVOQnWM4bsCiJpmDQctRMGb4HN4H1ZBCzkxHSeMITKqsx27SqfUmIA4Tq1k+yoXlAqVVTqONI\/0uVG+KWd7Gl9weJ745OG9oHNcHpTFbFwYtGHDVXsph9qt6cHzon4kdwnbX+JEOW69UClL7fxKLAALbuEsZMtn5WqycQfbfFCpHCTG0aeEsHXKF0u6kmTz1Cd51yMmtqEDyolCRrqLADdet5e\/QQCnV27UlRSF+XE\/cBSBUCEuh\/3tb9uiZ5PDlWtLNSvvlbCMjgXC0JMxySXv+p1gYD2\/CC9xhgFjMC5OBn5rW26WfqfEJ+GjlO\/Q6Ngol9dKUfcpl9xiYIsnjHDkBc9QiyUfvAjKMcWDIoflyv89\/J\/MrQH+TGO8Zx4z5ETU5FELws2FY2O0VTPLPXaYYehMqBrQ4kIe6lSVQJU8A0LYMgwqgvfXBMF63bmsZzgHHp7hopzT0KK+QPGvN80wxmVKsDkvDznliYUYCQbOR0pvDZutJ7VCilCnbcWZZXVOQnWD7oW0lNdgtnGrNdZU1d33DAgIo2FU45TcITKqsx27Sq\/maUaXqWtcO6yZ5HvAdM6wPEOU5YtspqBnZOgsRuMkNP8WILWh8fhPt5F0UcWZ+\/LIYOBAtGMxjTrDtiqsk9TpBa42MHlX7J8EbP3LWDmkpSjVaq0Et5njsjNJJeDw6Dea\/SeCRnKy9Tn0fD4LNHjMecNm4XXm+O1poqcRPb\/Yfa47qd6hu1eU8ml0UG0zZBqgwngDKpp35w86T770g9rrWTjvjR\/duBVn9AlUIz3DbfB3IjrqOok1tDiaeOh4c41yveGkqnIYsrHnp\/2Qh1fGpJJ5chWy4iDrXOQ4gfzDyfLEeR3RsCapHqb\/QSCy64UBlXfyF\/GvTynmKVDC1lwGnK8u8L62QNuFDUI+ImwLCXUkOcc0af5bvhEVMIbxGRUMe\/cJECQYyh5TYGjlzV395+XkbOW5ngd4AOdLDyySYQzsQ9\/IyHK38+3hZe7\/34IVxzRzmuM8G3oK72pst4OTo124+kijC8OQ5hg11TjqPsZ0cdQN9I56mVBemCN9tJXQU2qEe3TU8LG9wRK09wf6Fm7HCth3tu6eqfbLWXfw05oGMb5SZtkYLw0veBsD3yGhziqN3rpRgoT8LKnXVFakpPh9OP+BlPPiQXqjWLLyAtZft1ER30z4sEVQRfoGzdPt\/ygShwE2uQe9FKJngiHuVRCVuVXbqurkdPHFS1BVFx4z5ETU5FELh\/7cCPWAZJKCvXZrPgHxlMtn5WqycQfbfFCpHCTG0aeEsHXKF0u6kmTz1Cd51yMmtqEDyolCRrqLADdet5e\/QQCnV27UlRSF+XE\/cBSBUCEuh\/3tb9uiZ5PDlWtLNSvvlbCMjgXC0JMxySXv+p1gYD2\/CC9xhgFkMlSmfm2cei6WfqfEJ+GjmAteUcyHOaISkhadmheepguYEXhbEqvWOq+B\/\/GdYqqiJXof8OnpKCKA4BFf5heQaGAhgk6pVmnk6+WlmEvf\/TvxQJCoyqyKUq\/Ljia1yP\/APCXaGHHPwUlDvhyUa9wG\/9HspQvguXdn2lHQPMb+Y6A2No0X6E7sjeIQfVgHjwq3ZKPx\/IthWNNVkAmN\/Lvxb4M2fR27O3FNslzcFnYiQ7oclA49wwbl5ShElUrGQNQAKStKS17tC5j2mYFHx7u08bq+mMFTHYTX1De3X2Pn5xa+dr\/2ur111u+R7S\/dYNM2dFS+KKMW0yD8xUIcTfhztK93so5iWpuNyCVVqH4RfWe+HTxVYyP+zugWnwLu7YxIi936gfGwhKf1UlsyWGmm\/5TxiPluxvdrVinUyIyD91GDPr6CQDEs51DC\/yuPVYOkPwYy6lNQl3s5Gm2J8dbvPscWkXNUlPhxs740xzKhfAGwMCl+huClojxeGbbqDwP3DGmF3kyzLPdSKM4Pfa7e7URxr8nVcN5MU8C1T0Qq9Da+dr\/2ur111u+R7S\/dYNMzjWtXWYyFVn8p5ilQwtZcDH7GbvwaHqi\/zq19PTEBDaN4nMMapP3LmPiK3rAT6VIk4sJOU1VwS9oeU2Bo5c1d\/efl5GzluZ4HeADnSw8skmEM7EPfyMhyt\/Pt4WXu\/9+CFcc0c5rjPBt6Cu9qbLeDk6NduPpIowvDkOYYNdU46j7GdHHUDfSOeBQ\/lGoTtK\/EccQ61FwuUvywvUXP8MMXgEv9sTYoSrxE\/KRfj2xPmfnyxHkd0bAmqR6m\/0EgsuuFAZV38hfxr08p5ilQwtZcAjfatwXsTxAXF7ZWVaCm8Bl1JDnHNGn+XQQk\/EBHO\/3iL3ZG32908cO9DzI1hTdnNs36TURpIw\/ia6yIhAZrtVjBfyj1iGdWBZmV3s5rs\/DxxYqwISa8DWfaUdA8xv5joDzRQOyA\/gFBBAXhez+BaEkgQlwIwTW9LbPJ0vFYu5ygxnpjcXn6Y58dwR679CXoEVi4FAZw1m1wNdh9buNjXutDsHsRwt+7f6bbZFoCBIRfFNGfr\/9tjvuYEXhbEqvWOq+B\/\/GdYqqsuAQXwRzvF9RDiqYepMW2uGAhgk6pVmnvM9K\/nPlm0kDwGalqeJLmFtQgEhXOam2wPCXaGHHPwUGZ9LBAhBkonfQiKM4pQ8A32lHQPMb+Y6A2No0X6E7sjeIQfVgHjwq3ZKPx\/IthWNNVkAmN\/Lvxb4M2fR27O3FNslzcFnYiQ7\/gxQaiOWcfFqNl53XJb9HPoraaDrb9wGoHiNThebqImZg1h0So2JDBVDhQCDZvDR40j\/S5Ub4pZ3saX3B4nvjk4b2gc1welMVsXBi0YcNVfQMFNQhvCfm6Yf46OVPsaGRgd18TokLhwVxCmOhY852ky2flarJxB9t8UKkcJMbRp4SwdcoXS7qSZPPUJ3nXIya2oQPKiUJGuosAN163l79BAKdXbtSVFIX5cT9wFIFQIS6H\/e1v26Jnk8OVa0s1K++VsIyOBcLQkzHJJe\/6nWBriiNkbpfe5CJ\/B3ZtnJR0vk9DIMH3s3vZf2Z\/gOUeFqE8ZkUg29fkgGdk6CxG4yQ0\/xYgtaHx+E+3kXRRxZn7+MbOO6pDUy+vFiqcpwzraRkFrjYweVfsl0WmnN69LcK1KNVqrQS3meOyM0kl4PDoN5r9J4JGcrL1OfR8Pgs0eMx5w2bhdeb47WmipxE9v9h9rjup3qG7V5TyaXRQbTNkGqDCeAMqmnfnDzpPvvSD2utZOO+NH924Fiypw4pf6yLHGDQCDVX2AYr65ma53zjp7XK94aSqchiwQ89joP3saEG8rV8G+MzD9r52v\/a6vXXW75HtL91g0zZ0VL4ooxbTJGcUze5TzqutAZXzV533GBqNglQ7MYaNGXUkOcc0af5WddJuw3YQgHtoKW0Ws6d4AKCsAOY7S+OGzfpNRGkjD+JrrIiEBmu1WMF\/KPWIZ1YFmZXezmuz8PHFirAhJrwNZ9pR0DzG\/mOgPNFA7ID+AUEEBeF7P4FoSSBCXAjBNb0ts8nS8Vi7nKRIYKB7OMcDoQbjTbReahtWI698znMrHj6qOD2ZnLeSKCCghP558Jbp8sR5HdGwJqVbQDS3vR0ISR6m\/0EgsuuCcrVZJQTwV5+Mv2Ye2I+rCrMQJ1NQ3Zd3Qo\/ZFNT2llbTdRCtd+wgolhP\/b49PZICivxi3w6uVKFMFVPW8Uihih5TYGjlzV3wnHi27WXj53d1b9IsByzqsQzsQ9\/IyHK38+3hZe7\/34IVxzRzmuM8G3oK72pst4OTo124+kijC8OQ5hg11TjqPsZ0cdQN9I57VzGJHHMg5Kddyhg61ijAncud1MQHpkzgGEE4vx5o2POJL9ikEIJbUtZft1ER30z4sEVQRfoGzdPt\/ygShwE2vsYwwpq6yDfeIy1auxnYqpbTdRCtd+wgrhPkxMG\/JdwxKuxDABXD8GUJIyS8smvzBPSmHEFycZ7v0xldfZVK9BEHLvsp2OmVADkvDznliYUdFbPyc\/np5rEM7EPfyMhyuUoZ6gwCqKDnMKYpequAR2PZHXelOcr0EY9M+nANthYaUfJFckA1teBvLmk1nmNI2Yv71dlOtGjndcRU8rxG+wWbNo9F5IWVHjCg042g3+64r16l\/Yswsvkepv9BILLriPWQvf0jwEZLE1kqWtCmt3kHvRSiZ4Ih5gSVfAWOlztm03UQrXfsIKOCbrAFXLVa1uIJnSdVu9LpDXmPAmtHliA8JdoYcc\/BSF9XfTMWuztt9CIozilDwDfaUdA8xv5joDY2jRfoTuyN4hB9WAePCrdko\/H8i2FY01WQCY38u\/FvgzZ9Hbs7cU2yXNwWdiJDs0Ytfu9ituzNpBMZzGIm0z0qHhy0BF2LjVoWjwJn5QQKOvbHb7gT92pR9ymX3GJgiyeMcOQFz1CLJR+8CMoxxYMih+XK\/z38nZiZtEzpOZbJGrCM7o5QVYHFK7UFDvnAxA8uCifF3sJir8uOJrXI\/8A8JdoYcc\/BSUO+HJRr3Ab\/0eylC+C5d2faUdA8xv5joDY2jRfoTuyN4hB9WAePCrdko\/H8i2FY01WQCY38u\/FvgzZ9Hbs7cU2yXNwWdiJDuOf8SdS\/n+Mwc3PSiHX4vxT853Yx0OSWdSb8Q5piIXAlV\/uQUrJ5W8BnZOgsRuMkNP8WILWh8fhPt5F0UcWZ+\/LIYOBAtGMxjnrCG1VDBOf5Ba42MHlX7J5eu8qgNwiV1SjVaq0Et5njsjNJJeDw6Dea\/SeCRnKy9Tn0fD4LNHjMecNm4XXm+O1poqcRPb\/Yfa47qd6hu1eU8ml0UG0zZBqgwngDKpp35w86T770g9rrWTjvjR\/duB+lSHu8PCrx2qm1290tsCkHXNMWAC1Aye1yveGkqnIYsrHnp\/2Qh1fMLBeEdT4whnyJfNQ\/V4w9B+mytSivQINcFy6qNhPhfGOA2dhjfKSCWFua6XNW9N\/ZGrCM7o5QVY8PMUeYcUEcQ8s9dphh6EyoGtDiQh7qVJVAlTwDQtgyDCqC99cEwXrduaxnOAcenuGinNPQor5A8a83zTDGZUqwOS8POeWJhRgJBs5HSm8Nm60ntUKKUKdtxZlldU5CdYPuhbSU12C2fjtw5pDvUPCBy72rUmxQwbwhMqqzHbtKqTEi94m1Ejb7NCvRP0eAm8LWX7dREd9M+LBFUEX6Bs3T7f8oEocBNr7GMMKausg33iMtWrsZ2KqW03UQrXfsIK4T5MTBvyXcMSrsQwAVw\/BlCSMkvLJr8wT0phxBcnGe79MZXX2VSvQRBy77KdjplQA5Lw855YmFHRWz8nP56eaxDOxD38jIcrlKGeoMAqig5zCmKXqrgEdj2R13pTnK9BGPTPpwDbYWHqr4YPKuzVtX9gavu6h45asMtIa4mTQfWeJVbRuTmaqsU8C1T0Qq9Da+dr\/2ur111u+R7S\/dYNM2dFS+KKMW0yz+SqOBF\/\/HqbBolp\/TQg4QZVQe7nXnqzl1JDnHNGn+U0fYmCClcsZlqhIF9PAkShO9DzI1hTdnNs36TURpIw\/ia6yIhAZrtVjBfyj1iGdWBZmV3s5rs\/DxxYqwISa8DWfaUdA8xv5joDzRQOyA\/gFBBAXhez+BaEkgQlwIwTW9LbPJ0vFYu5yi+SAezl2vr5DxihXq5tPCbPI4yIq4j6kiDTTIMYRaxczccpia2BQsZAC0w5ohOUAC1l+3URHfTPiwRVBF+gbN0+3\/KBKHATa5B70UomeCIetTJcW6G6f9NtN1EK137CCuRBa5wSzTWLX0jYJQ64rl1QkjJLyya\/ME9KYcQXJxnu\/TGV19lUr0EQcu+ynY6ZUAOS8POeWJhR0Vs\/Jz+enmsQzsQ9\/IyHK5ShnqDAKooOcwpil6q4BHY9kdd6U5yvQRj0z6cA22FhS5FwGzhaFup7yDGc0RQVrXIy3NsAZfATkiQfN0AniHZ0y+zIr4oKu58sR5HdGwJqkepv9BILLrhQGVd\/IX8a9PKeYpUMLWXAJww+HyewkN0GVUHu5156s5dSQ5xzRp\/lmCwAYOnpdz1Qx79wkQJBjKHlNgaOXNXf3n5eRs5bmeB3gA50sPLJJhDOxD38jIcrfz7eFl7v\/fghXHNHOa4zwbegrvamy3g5OjXbj6SKMLw5DmGDXVOOo+xnRx1A30jnqkfiLzdhUyzlax0TDv+pZ7rsvog+dZ4f1AjJccC9RFC+ynLNs2O9Y7etdQIOqEk7a+dr\/2ur111u+R7S\/dYNM2dFS+KKMW0yz+SqOBF\/\/HoiYrKAp0EIdNyCVVqH4RfWLhei2U9ajLPugWnwLu7YxIi936gfGwhKf1UlsyWGmm\/5TxiPluxvdrVinUyIyD91GDPr6CQDEs51DC\/yuPVYOkPwYy6lNQl3s5Gm2J8dbvPscWkXNUlPhxs740xzKhfAurfrMVHu90IwQGnAcK5t0XyidyLszHrRdSKM4Pfa7e79LYq42nZAvKUfcpl9xiYIsnjHDkBc9QiyUfvAjKMcWDIoflyv89\/JAKUAZSYX8iaGAhgk6pVmnvM9K\/nPlm0ktl46LQc9O0XugWnwLu7YxIi936gfGwhKde6cn81D3Jv5TxiPluxvdq4am\/GonBWMGDPr6CQDEs51DC\/yuPVYOkPwYy6lNQl3s5Gm2J8dbvPscWkXNUlPhxs740xzKhfALNs3Tclr35IRiBm1gEMDnL3xi2xNX4VLdSKM4Pfa7e73NXtqAtfgNi1l+3URHfTPiwRVBF+gbN0+3\/KBKHATa5B70UomeCIeq+BYsKYizy1tN1EK137CCgHYeowFBbQ6SWVP9vhlGVhQkjJLyya\/ME9KYcQXJxnu\/TGV19lUr0EQcu+ynY6ZUAOS8POeWJhR0Vs\/Jz+enmsQzsQ9\/IyHK5ShnqDAKooOcwpil6q4BHY9kdd6U5yvQRj0z6cA22Fh6q+GDyrs1bU8M1325px+0\/PDAhWaHH3mXlLKFbwGJAJ4+dRXWbMFYFfQ8NABquAmY6jB1B\/9vKAkYGdk6CxG4yQ0\/xYgtaHx+E+3kXRRxZn7+MbOO6pDUy+vFiqcpwzraRkFrjYweVfsl0WmnN69LcK1KNVqrQS3meOyM0kl4PDoN5r9J4JGcrL1OfR8Pgs0eMx5w2bhdeb47WmipxE9v9h9rjup3qG7V5TyaXRQbTNkGqDCeAMqmnfnDzpPvvSD2utZOO+NH924GL\/0NrcBNMOmACXiDkdBqxLiH9oHwLbJrXK94aSqchi+rOMxXGIp2wrYk5MUqGwpXQ9B50X\/v9d\/h+qCv2Iq3Zan2ZTlbvqA8tZft1ER30z4sEVQRfoGzdPt\/ygShwE2vsYwwpq6yDfeIy1auxnYqpbTdRCtd+wgrhPkxMG\/JdwxKuxDABXD8GUJIyS8smvzBPSmHEFycZ7v0xldfZVK9BEHLvsp2OmVADkvDznliYUdFbPyc\/np5rEM7EPfyMhyuUoZ6gwCqKDnMKYpequAR2PZHXelOcr0EY9M+nANthYQza4mvfaSdAXcxixvb++mYO13O41v\/VrFhzb7+8TeNnFlPxILag0hU6Tm7yOg2xm1oKQYeOev7aTgSdI55sGYviVdezgldX4oX6UNTXma60LWX7dREd9M+LBFUEX6Bs3T7f8oEocBNrkHvRSiZ4Ih7eNWXVD0DpG203UQrXfsIK\/pHiRwc20H9vH0KnT8YpqM1XWdjSJCFKT0phxBcnGe79MZXX2VSvQRBy77KdjplQA5Lw855YmFHRWz8nP56eaxDOxD38jIcrlKGeoMAqig5zCmKXqrgEdj2R13pTnK9BGPTPpwDbYWHaVwX98xgepVMh\/8+mhgrQ05\/01nIieOYvz8drLWw2AiLWwQnOWJ6IMfxP+E4x+8gGdk6CxG4yQ0\/xYgtaHx+E+3kXRRxZn7+MbOO6pDUy+vFiqcpwzraRkFrjYweVfsl0WmnN69LcK1KNVqrQS3meOyM0kl4PDoN5r9J4JGcrL1OfR8Pgs0eMx5w2bhdeb47WmipxE9v9h9rjup3qG7V5TyaXRQbTNkGqDCeAMqmnfnDzpPvvSD2utZOO+NH924HdDhKuYtl3QBaKlu8bX8GAIAecdIDYHHTXK94aSqchi2FIgyYN7TsMnyxHkd0bAmqR6m\/0EgsuuFAZV38hfxr08p5ilQwtZcDH7GbvwaHqi\/zq19PTEBDaN4nMMapP3LmPiK3rAT6VIlDHv3CRAkGMoeU2Bo5c1d\/efl5GzluZ4HeADnSw8skmEM7EPfyMhyt\/Pt4WXu\/9+CFcc0c5rjPBt6Cu9qbLeDk6NduPpIowvDkOYYNdU46jVdRzsQRUPs4=","check_update_key":"df5c6a0b7627abcb9ad31c4acdf40646"}}

0

2、数据包的构造

1、构造POST包中params明文数据为:

[{"lng":"0.000000","alt":"0.0","ssid":"CMCC","signal":82,"mac":"9c:d2:1e:fe:24:df","lat":"0.000000"},{"lng":"0.000000","alt":"0.0","ssid":"CMCM_5G","signal":82,"mac":"64:09:80:44:70:45","lat":"0.000000"},{"lng":"0.000000","alt":"0.0","ssid":"fate_ever","signal":82,"mac":"60:d8:19:c5:09:ad","lat":"0.000000"},{"lng":"0.000000","alt":"0.0","ssid":"appstore","signal":82,"mac":"18:cf:5e:00:38:97","lat":"0.000000"},{"lng":"0.000000","alt":"0.0","ssid":"CMCM","signal":82,"mac":"64:09:80:44:70:44","lat":"0.000000"},{"lng":"0.000000","alt":"0.0","ssid":"Test5","signal":82,"mac":"7c:e9:d3:23:6e:0c","lat":"0.000000"},{"lng":"0.000000","alt":"0.0","ssid":"ssssssssss","signal":82,"mac":"26:8e:8f:2d:8c:29","lat":"0.000000"},{"lng":"0.000000","alt":"0.0","ssid":"SCP_AP","signal":82,"mac":"50:bd:5f:3d:d7:41","lat":"0.000000"},{"lng":"0.000000","alt":"0.0","ssid":"360鍏嶈垂WiFi-0J","signal":82,"mac":"5e:c5:d4:d3:87:5e","lat":"0.000000"},{"lng":"0.000000","alt":"0.0","ssid":"lei","signal":82,"mac":"a4:db:30:a5:3a:bd","lat":"0.000000"},{"lng":"0.000000","alt":"0.0","ssid":"csh","signal":82,"mac":"18:cf:5e:00:4f:5b","lat":"0.000000"},{"lng":"0.000000","alt":"0.0","ssid":"PC-SYT","signal":82,"mac":"18:cf:5e:00:41:ef","lat":"0.000000"},{"lng":"0.000000","alt":"0.0","ssid":"360鍏嶈垂WiFi-9T","signal":82,"mac":"ea:b1:fc:ac:03:2d","lat":"0.000000"},{"lng":"0.000000","alt":"0.0","ssid":"zhaoritian2015","signal":82,"mac":"b0:75:d5:5f:96:fa","lat":"0.000000"},{"lng":"0.000000","alt":"0.0","ssid":"leijingyu","signal":82,"mac":"0c:82:68:1b:ff:37","lat":"0.000000"},{"lng":"0.000000","alt":"0.0","ssid":"浣犲拫鍝簡","signal":82,"mac":"5e:c5:d4:d4:20:fb","lat":"0.000000"},{"lng":"0.000000","alt":"0.0","ssid":"laomotou","signal":82,"mac":"62:57:18:b0:5c:d4","lat":"0.000000"},{"lng":"0.000000","alt":"0.0","ssid":"c525","signal":82,"mac":"5e:c5:d4:d2:cf:76","lat":"0.000000"},{"lng":"0.000000","alt":"0.0","ssid":"XJDMG","signal":82,"mac":"48:5a:b6:93:7a:57","lat":"0.000000"},{"lng":"0.000000","alt":"0.0","ssid":"KFC-Wlan","signal":82,"mac":"5e:c5:d4:b5:b1:48","lat":"0.000000"},{"lng":"0.000000","alt":"0.0","ssid":"TP-LINK_FFB8","signal":82,"mac":"14:75:90:13:ff:b8","lat":"0.000000"},{"lng":"0.000000","alt":"0.0","ssid":"360鍏嶈垂WiFi-6P","signal":82,"mac":"48:5a:b6:2f:83:21","lat":"0.000000"},{"lng":"0.000000","alt":"0.0","ssid":"TP-LINK_201","signal":82,"mac":"e4:d3:32:1a:b0:e4","lat":"0.000000"}]

使用密钥:565aa7cf07b1d69764a57180c02446f1

及加密算法:DESede/ECB/PKCS5Padding

进行加密,加密后在进行base64编码,加密结果为:

GOCwIOCdjqA55BJF90QtxMrhwO4vK728NIUR6zu/VdzW2QgP+VstsHZOVeyzlKer7dAQkKWt3mW3v2qaI50wLkSLAD9sDgYoNXPotNzcOv4VEzvPhkWxIT/AQoPrUlqyk1EamOh0FAyjyNB5iHdeDG8TQgMT2ZQ3WdK/BRp1J3HW4zYljVux2xPyWFTfxdNkKlsQZjNRqmjL1POfVOtSWQOpmy6E+WK5Y+w1WaTf6Hc4zV3etLpOY9Xt+HxsDHjGOeQSRfdELcQiKuUbbUTZ0jQclMN8nBDPMhS+Bfg11pKEzQuzTRACZxRRyu6kT3Vo8LSU3IvT/veVqP3TaTvHB+3QEJClrd5lt79qmiOdMC7PwDyhTQfslT6cNi/AOKsUThhlkpNc2EA/wEKD61JaspNRGpjodBQMo8jQeYh3XgxvE0IDE9mUN1nSvwUadSdx1uM2JY1bsduw62vDHZXabC2b7xOFn4hw7dAQkKWt3mW3v2qaI50wLkhWf4q11yjN6l6p3DabOAwhTOm4gq1GJD/AQoPrUlqyk1EamOh0FAyjyNB5iHdeDG8TQgMT2ZQ3WdK/BRp1J3HW4zYljVux24NMLI17lI9nU2aEemp/orR28UCTTisPvaaMi+4KDMtk3ihGU3T8v+rpD13JX/kM0O9KwWLGoG9nxSQkanH7/Ol7J8dGg1on8TnkEkX3RC3EyuHA7i8rvbw0hRHrO79V3EHKsyviYOOKsf3g6WyRPDsTTjsOKlYgpTZX8yJkxO25g+u1/KadanOXfN6GCSuumZsxuCHv9iqDwH2PNaSlOGPeslFVsM53qNU199yjAB9eG07WltEVCjCs05BCTKg/wJkxM2ZLpiaiNrG1TvUbKX3aqgWZTs6JC4Z3fiS/hCpcAo77nGvJMC8Ij8zUMtTDFGTwFXE0UmOLr1d61HLZ7z4WUXxlbz5E52XRd8mONCvefFFPN/U/QNnT4A0/eiVZN//tIefzgDTTvqA2tdHjI1wIyP3RPNxKYoFCJrs9nWHQE047DipWIKU2V/MiZMTtuUG1vWm8SAshN/JeZcVrErFOEvQHoeXZfsB9jzWkpThj3rJRVbDOd6jVNffcowAfXhtO1pbRFQowrNOQQkyoP8CZMTNmS6YmoigJcZJii9kZrBBph9gssoRc+46AG8LPMVNmhHpqf6K0dvFAk04rD7145KE90i+1IaE+omL0tQLDQMhxWQNNljPvSsFixqBvZ8UkJGpx+/zpeyfHRoNaJ/E55BJF90QtxMrhwO4vK728NIUR6zu/VdyJ7/8hQAd+cDn/eDzJUz67y9Tzn1TrUln1MJ6pAeYCVLJ6qHIXkzv4SmBSTzE/70LV7fh8bAx4xjnkEkX3RC3EIirlG21E2dI0HJTDfJwQzzIUvgX4NdaShM0Ls00QAmcUUcrupE91aMxZ60GEbeffhJlMsVT80qwo4CNmzpCKk1OLheQjGDp0vv5oakEIeC8yIBuI8loK4O4cAlXUX/yfS+ItZH575BFW8bA/mmKNZpRHrew6BhiZhEDIBc1fqRlMp0R1cfb6sdgi9tKl0uCnOfeVW/tY2U86j9TdcKnqkSjgI2bOkIqTU4uF5CMYOnTXflVV6ufakisfrJePCuE8ySLkuCrHL9JL4i1kfnvkEVbxsD+aYo1mlEet7DoGGJmEQMgFzV+pGUynRHVx9vqx2CL20qXS4Kf40Wmuhkqrd8eS5XZm66dYmb6RrFwDvSRczmnakKVPcqw0krS8B2eVio6RoAqL5fMmTzjM+CnKKYRAyAXNX6kZXzQSRybN6RE/wEKD61JashODjOHDk7psIE1/5iF8r7bPBfhhCW+qVBCUrlLAof1Ohnd+JL+EKlwCjvuca8kwL4nKqKsIapNRZ0yUzxOjLJak8BRYqCrAkxZRfGVvPkTnZdF3yY40K958UU839T9A2dPgDT96JVk3/+0h5/OANNO+oDa10eMjXNb6TqJim5ABxGWv8MwK6uw4UA0tp6LWCllkuGrjjlo9ZhXQ9Z/hAEQePwqoqnADFo769G+m1xGfOzf24luF0PujaISONoScCdPgDT96JVk3IiK4BIZ8RjzAfY81pKU4Y+IZKKoCBJzpvnDURIMs2/N5XxVoAP/J8EsVb06HKsc6WWnEadlQWddTZoR6an+itHbxQJNOKw+99ZcLpfxro/iBT2Qg/wyE4Ro+76qCCbg270rBYsagb2fFJCRqcfv86Xsnx0aDWifxOeQSRfdELcTK4cDuLyu9vDSFEes7v1Xcie//IUAHfnBSFYEyHUTSVseS5XZm66dYmb6RrFwDvSQiYbDTVl2ovWteDX+y6RuMPMo2d0jBaF4mTzjM+CnKKYRAyAXNX6kZXzQSRybN6RE/wEKD61JashODjOHDk7psIE1/5iF8r7bPBfhhCW+qVA+rZ5EXDvVZSahnufK13zyGdZ7aBV66dcvU859U61JZzAqt4djTML0pgDCtb597aVVWVI8nAw3s1e34fGwMeMY55BJF90QtxCIq5RttRNnSNByUw3ycEM8yFL4F+DXWkoTNC7NNEAJnFFHK7qRPdWgPZE5V9XPMARpZcFvtMW22y9Tzn1TrUlkDqZsuhPliuT5LtuxTl7APjX5mNk7vtbDV7fh8bAx4xjnkEkX3RC3EIirlG21E2dI0HJTDfJwQzzIUvgX4NdaShM0Ls00QAmcUUcrupE91aKD6hz010Uq6hnd+JL+EKlwCjvuca8kwL2LmERx+xbAG6GoeeV3n+9/UFpWw/f5n9xZRfGVvPkTnZdF3yY40K958UU839T9A2dPgDT96JVk3/+0h5/OANNO+oDa10eMjXKhfx11wZSUQ6KdBaJYd7n/t0BCQpa3eZbe/apojnTAuv7pll86vG6JvKbS+LiasJCFM6biCrUYkP8BCg+tSWrKTURqY6HQUDKPI0HmId14MbxNCAxPZlDdZ0r8FGnUncdbjNiWNW7HbwtkV+u/4Ztiu6NTicyLRxe3QEJClrd5lt79qmiOdMC7e6SYRRgRd+8V6yU3LdiXuf41wievw2Pg/wEKD61JaspNRGpjodBQMo8jQeYh3XgxvE0IDE9mUN1nSvwUadSdx1uM2JY1bsduPH/CCR3Mf7sGnH5TYq9+CU2aEemp/orR28UCTTisPvRM4SbybbSlHW+FvL7ZRV2BXdXBC1MHAW+9KwWLGoG9nxSQkanH7/Ol7J8dGg1on8TnkEkX3RC3EyuHA7i8rvbw0hRHrO79V3Gq2VecP9/shGWA46QoVnKDoLO/1uTcV9QqZzirP2bpDy9Tzn1TrUlkW/1Gm2M8eoVZjh/y76sTYOvcKkhaYwkHV7fh8bAx4xjnkEkX3RC3EIirlG21E2dI0HJTDfJwQzzIUvgX4NdaShM0Ls00QAmcUUcrupE91aOO4dxiO6/d0CpOFw7h+mLco4CNmzpCKk1OLheQjGDp0xCJZeShp2UA0GIRBMruKfCuWYoHCwI+GS+ItZH575BFnIAxyi/gDKQ==

将其填入parasm字段。

2POST  URL的构造

这是一个已构造好的包

http://api.free.wifi.360.cn/intf.php?check_update_key=&qid=0&devtype=android&nettype=WIFI&manufacturer=HTC&model=HTC+X920e&os=4.1.1&channel=100001&v=234&m2=69ca5da81eb4fcf774d90ecbec93dba2&nance=1438833714091&inviter_qid=0&method=Wifi.password&sign=ad15c262ef5803747c0e0bea454ae284

红色标出部分为可以变内容,其他部分保持一致即可

nance字段是一个时间戳。传入系统当前时间。

Sign字段为数据包的校验字段:

具体计算方法如下:

将构造的包按如下排列后

channel=100001&check_update_key=&devtype=android&inviter_qid=0&m2=69ca5da81eb4fcf774d90ecbec93dba2&manufacturer=HTC&method=Wifi.password&model=HTC%20X920e&nance=1438675105843&nettype=WIFI&os=4.1.1&qid=0&v=234

进行转换,转换后内容为

AhMnAeM=A0M0A1McAeMkAuMdAtM_AeM=AdMvAyMeAaMdAoMdAiMvAtMrAqMdA0MmA=M9AaMdA8MeA4McA7M4A9MeAbMcA3MbA2MmAnMfAcMuAeM=ATM&AeMhAdMWAfM.AaMsAoMdAmMdAlMHACM2AXM2AeMnAnMeA1M3A6M5A0M8A3MnAtMyAeMWAFM&AsM4A1M1AqMdA0MvA2M4

将第1357911 。。。字符分别用AM替换如:

channel=100001替换为AhMnAeM=A0M0A1

算法如下:

int nlen=strlen(data);
for(int i=0;i<nlen;++i)
{
   if(i<<30)
   {
       if(!(i&1))
           data[i]='M';
   }
   else
   {
       data[i]='A';
   }
}

替换之后再在后面添加key (“565aa7cf07b1d69764a57180c02446f1”);

结果为:

AhMnAeM=A0M0A1McAeMkAuMdAtM_AeM=AdMvAyMeAaMdAoMdAiMvAtMrAqMdA0MmA=M9AaMdA8MeA4McA7M4A9MeAbMcA3MbA2MmAnMfAcMuAeM=ATM&AeMhAdMWAfM.AaMsAoMdAmMdAlMHACM2AXM2AeMnAnMeA1M3A6M5A0M8A3MnAtMyAeMWAFM&AsM4A1M1AqMdA0MvA2M4565aa7cf07b1d69764a57180c02446f1

将该字符串进行MD5

结果为:39f08c0f48892929b712b20d24fbd1f7

写入sign字段 sign=39f08c0f48892929b712b20d24fbd1f7

至此POST包,构造完毕。发送试试吧。

3、服务器返回包的解析

对服务器返回的list中内容

先进行base64解码

使用密钥:565aa7cf07b1d69764a57180c02446f1

及加密算法:DESede/ECB/PKCS5Padding

 

{"mac":"9c:d2:1e:fe:24:df","ssid":"CMCC","pwd":"","avgspeed":"0","lat":"39.978874","lng":"116.368395","hot":"0","status":"3","is_safe":0,"display_name":"","display_icon":"","priority":0},{"mac":"64:09:80:44:70:45","ssid":"CMCM_5G","pwd":"","avgspeed":"0","lat":"40.060761","lng":"116.493479","hot":"0","status":"3","is_safe":0,"display_name":"","display_icon":"","priority":0},{"mac":"60:d8:19:c5:09:ad","ssid":"fate_ever","pwd":"","avgspeed":"0","lat":"39.978808","lng":"116.36876436842","hot":"0","status":"3","is_safe":0,"display_name":"","display_icon":"","priority":0},{"mac":"18:cf:5e:00:38:97","ssid":"appstore","pwd":"12345678","avgspeed":"0","lat":"39.978898","lng":"116.368831","hot":"3","status":"0","is_safe":1,"display_name":"","display_icon":"","priority":0},{"mac":"64:09:80:44:70:44","ssid":"CMCM","pwd":"","avgspeed":"0","lat":"39.978869","lng":"116.368771","hot":"0","status":"3","is_safe":0,"display_name":"","display_icon":"","priority":0},{"mac":"26:8e:8f:2d:8c:29","ssid":"ssssssssss","pwd":"","avgspeed":"0","lat":"39.978963","lng":"116.368328","hot":"0","status":"3","is_safe":0,"display_name":"","display_icon":"","priority":0},{"mac":"50:bd:5f:3d:d7:41","ssid":"SCP_AP","pwd":"","avgspeed":"0","lat":"39.968664","lng":"116.389091","hot":"0","status":"3","is_safe":0,"display_name":"","display_icon":"","priority":0},{"mac":"a4:db:30:a5:3a:bd","ssid":"lei","pwd":"","avgspeed":"0","lat":"40.060761","lng":"116.493479","hot":"1","status":"3","is_safe":0,"display_name":"","display_icon":"","priority":0},{"mac":"18:cf:5e:00:4f:5b","ssid":"csh","pwd":"","avgspeed":"0","lat":"39.979181","lng":"116.368491","hot":"0","status":"3","is_safe":0,"display_name":"","display_icon":"","priority":0},{"mac":"18:cf:5e:00:41:ef","ssid":"PC-SYT","pwd":"","avgspeed":"0","lat":"40.060761","lng":"116.493479","hot":"0","status":"3","is_safe":0,"display_name":"","display_icon":"","priority":0},{"mac":"b0:75:d5:5f:96:fa","ssid":"zhaoritian2015","pwd":"","avgspeed":"0","lat":"39.972871","lng":"116.395978","hot":"1","status":"3","is_safe":0,"display_name":"","display_icon":"","priority":0},{"mac":"0c:82:68:1b:ff:37","ssid":"leijingyu","pwd":"","avgspeed":"0","lat":"39.978977","lng":"116.368346","hot":"0","status":"3","is_safe":0,"display_name":"","display_icon":"","priority":0},{"mac":"62:57:18:b0:5c:d4","ssid":"laomotou","pwd":"","avgspeed":"0","lat":"39.978898","lng":"116.368831","hot":"0","status":"3","is_safe":0,"display_name":"","display_icon":"","priority":0},{"mac":"5e:c5:d4:d2:cf:76","ssid":"c525","pwd":"","avgspeed":"0","lat":"39.970746","lng":"116.317119","hot":"0","status":"3","is_safe":0,"display_name":"","display_icon":"","priority":0},{"mac":"48:5a:b6:93:7a:57","ssid":"XJDMG","pwd":"","avgspeed":"0","lat":"39.978807814815","lng":"116.36876781481","hot":"0","status":"3","is_safe":0,"display_name":"","display_icon":"","priority":0},{"mac":"5e:c5:d4:b5:b1:48","ssid":"KFC-Wlan","pwd":"","avgspeed":"0","lat":"39.978963","lng":"116.368328","hot":"0","status":"3","is_safe":0,"display_name":"","display_icon":"","priority":0},{"mac":"14:75:90:13:ff:b8","ssid":"TP-LINK_FFB8","pwd":"","avgspeed":"0","lat":"39.9686296","lng":"116.3901284","hot":"0","status":"3","is_safe":0,"display_name":"","display_icon":"","priority":0}

其中pwd就是我们想要的密码字段,红色部分为查找到的含有密码的wifi信息。


我已经将android代码转为java。可在PC运行,只需构造ssid和mac地址传入即可去360wifi服务器获取wifi信息。




[CTF入门培训]顶尖高校博士及硕士团队亲授《30小时教你玩转CTF》,视频+靶场+题目!助力进入CTF世界

上传的附件:
收藏
点赞1
打赏
分享
最新回复 (10)
雪    币: 238
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
SnowAce 2017-7-6 10:23
2
0
赞一个,学习了
雪    币: 1034
活跃值: (1635)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
wooyunking 2017-7-6 11:24
3
0
这个屌啊,撸主是直接动态分析还静态分析代码的?
雪    币: 2043
活跃值: (2092)
能力值: ( LV3,RANK:30 )
在线值:
发帖
回帖
粉丝
gtict 2017-7-6 11:55
4
0
问下channel的值怎么来的
雪    币: 2859
活跃值: (1016)
能力值: ( LV12,RANK:215 )
在线值:
发帖
回帖
粉丝
scxc 3 2017-7-6 12:01
5
0




wooyunking

这个屌啊,撸主是直接动态分析还静态分析代码的?

静态分析,+抓包

说错了,是抓包+静态分析

雪    币: 2859
活跃值: (1016)
能力值: ( LV12,RANK:215 )
在线值:
发帖
回帖
粉丝
scxc 3 2017-7-6 12:01
6
0
gtict 问下channel的值怎么来的
抓包获取的 
雪    币: 2043
活跃值: (2092)
能力值: ( LV3,RANK:30 )
在线值:
发帖
回帖
粉丝
gtict 2017-7-6 15:51
7
0
scxc 抓包获取的
channel对应的值100001  也是抓包得到的?
雪    币: 2859
活跃值: (1016)
能力值: ( LV12,RANK:215 )
在线值:
发帖
回帖
粉丝
scxc 3 2017-7-6 16:08
8
0
是啊这个值应该不用关心啊
雪    币: 38
活跃值: (31)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
怪兽没有魔法 2017-7-6 16:37
9
0
楼主,我看key是从so里生成的,想问楼主是动态分析得到的还是静态分析的
雪    币: 2859
活跃值: (1016)
能力值: ( LV12,RANK:215 )
在线值:
发帖
回帖
粉丝
scxc 3 2017-7-6 16:39
10
0
怪兽没有魔法 楼主,我看key是从so里生成的,想问楼主是动态分析得到的还是静态分析的
忘记了。。两年前的事了。。
雪    币: 2925
活跃值: (1323)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
MsScotch 2017-7-7 10:47
11
0
好闻  好算法,
游客
登录 | 注册 方可回帖
返回