import hashlib
from urllib.parse import urlencode
def get_timestamp():
return int(datetime.datetime.now().timestamp() * 1000)
def get_key():
# 主要是获取key等参数
url = “https://dict.youdao.com/webtranslate/key”
mysticTime = get_timestamp()
tmp_sign = f"client=fanyideskweb&mysticTime={mysticTime}&product=webfanyi&key=asdjnjfenknafdfsdfsd"
sign = hashlib.md5(tmp_sign.encode(“utf8”)).hexdigest()
# 参数
params = {
‘keyid’: ‘webfanyi-key-getter’,
‘sign’: sign,
‘client’: ‘fanyideskweb’,
‘product’: ‘webfanyi’,
‘appVersion’: ‘1.0.0’,
‘vendor’: ‘web’,
‘pointParam’: ‘client,mysticTime,product’,
‘mysticTime’: mysticTime,
‘keyfrom’: ‘fanyi.web’,
‘mid’: 1,
‘screen’: 1,
‘model’: 1,
‘network’: ‘wifi’,
‘abtest’: ‘0’,
‘yduuid’: ‘abcdefg’,
}url_with_params = f"{url}?{urlencode(params)}"
headers = {
'Accept': 'application/json, text/plain, \*/\*',
'Accept-Language': 'zh-CN,zh;q=0.9',
'Cache-Control': 'no-cache',
'Connection': 'keep-alive',
'Origin': 'https://fanyi.youdao.com',
'Pragma': 'no-cache',
'Referer': 'https://fanyi.youdao.com/',
'Sec-Fetch-Dest': 'empty',
'Sec-Fetch-Mode': 'cors',
'Sec-Fetch-Site': 'same-site',
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36',
'Sec-Ch-Ua': '"Chromium";v="122", "Not(A:Brand";v="24", "Google Chrome";v="122"',
'Sec-Ch-Ua-Mobile': '?0',
'Sec-Ch-Ua-Platform': '"Windows"'
}
# 请求
response = requests.get(url_with_params, headers=headers, data={})
json_data = json.loads(response.text)
# 获取 key
key = json_data['data']['secretKey']
return keydef send(chinese):
url = “https://dict.youdao.com/webtranslate”
mysticTime = get_timestamp()
# sign 是 client=fanyideskweb&mysticTime=1711295634744&product=webfanyi&key=fsdsogkndfokasodnaso
tmp_sign = f"client=fanyideskweb&mysticTime={mysticTime}&product=webfanyi&key={get_key()}"
sign = hashlib.md5(tmp_sign.encode(“utf8”)).hexdigest()payload = {
'i': chinese,
'from': 'auto',
'to': '',
'domain': '0',
'dictResult': 'true',
'keyid': 'webfanyi',
'sign': sign,
'client': 'fanyideskweb',
'product': 'webfanyi',
'appVersion': '1.0.0',
'vendor': 'web',
'pointParam': 'client,mysticTime,product',
'mysticTime': mysticTime,
'keyfrom': 'fanyi.web',
'mid': 1,
'screen': 1,
'model': 1,
'network': 'wifi',
'abtest': '0',
'yduuid': 'abcdefg',
}
headers = {
'Accept': 'application/json, text/plain, \*/\*',
'Accept-Language': 'zh-CN,zh;q=0.9',
'Cache-Control': 'no-cache',
'Connection': 'keep-alive',
'Content-Type': 'application/x-www-form-urlencoded',
'Cookie': 'OUTFOX\_SEARCH\_USER\_ID=-1545431425@10.55.164.248; OUTFOX\_SEARCH\_USER\_ID\_NCOO=1617400304.3454392',
'Origin': 'https://fanyi.youdao.com',
'Pragma': 'no-cache',
'Referer': 'https://fanyi.youdao.com/',
'Sec-Fetch-Dest': 'empty',
'Sec-Fetch-Mode': 'cors',
'Sec-Fetch-Site': 'same-site',
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36',
'sec-ch-ua': '"Chromium";v="122", "Not(A:Brand";v="24", "Google Chrome";v="122"',
'sec-ch-ua-mobile': '?0',
'sec-ch-ua-platform': '"Windows"'
}
response = requests.post(url, headers=headers, data=payload)
encode_data = response.text
# 开始解密数据
print(encode_data)#### 解密返回的加密数据
但是通过测试发现,send() 这个方法返回的是加密数据,接下来探索如何解密,通过debug 发现解密在这行代码里面
![在这里插入图片描述]()
观察这个方法,定义了一个变量a,通过调用一个解密方法,把乱码的字符给解密了
![在这里插入图片描述]()
关键代码const a = Po[“a”].decodeData(o, Wo[“a”].state.text.decodeKey, Wo[“a”].state.text.decodeIv)
, n = a ? JSON.parse(a) : {};看下 Po[“a”].decodeData 会跳转到哪个方法里面
![在这里插入图片描述]()
进入这个解密方法,框选的部分好像就是解码过程了
![在这里插入图片描述]()
Debug 看下是怎么解密的
![在这里插入图片描述]()
使用模型分析下这个代码
![在这里插入图片描述]()
原来 y() 这个函数是 md5 加密的方法
![在这里插入图片描述]()
经过采纳考别人的经验,复现出了 python 代码import requests
import datetime
import json
import hashlib
from urllib.parse import urlencode
from Crypto.Cipher import AES
from Crypto.Util.Padding import unpad
import base64def get_timestamp():
return int(datetime.datetime.now().timestamp() * 1000)def init_data():
# 主要是获取key等参数
url = “https://dict.youdao.com/webtranslate/key”
mysticTime = get_timestamp()
tmp_sign = f"client=fanyideskweb&mysticTime={mysticTime}&product=webfanyi&key=asdjnjfenknafdfsdfsd"
sign = hashlib.md5(tmp_sign.encode(“utf8”)).hexdigest()
# 参数
params = {
‘keyid’: ‘webfanyi-key-getter’,
‘sign’: sign,
‘client’: ‘fanyideskweb’,
‘product’: ‘webfanyi’,
‘appVersion’: ‘1.0.0’,
‘vendor’: ‘web’,
‘pointParam’: ‘client,mysticTime,product’,
‘mysticTime’: mysticTime,
‘keyfrom’: ‘fanyi.web’,
‘mid’: 1,
‘screen’: 1,
‘model’: 1,
‘network’: ‘wifi’,
‘abtest’: ‘0’,
‘yduuid’: ‘abcdefg’,
}url_with_params = f"{url}?{urlencode(params)}"
headers = {
'Accept': 'application/json, text/plain, \*/\*',
'Accept-Language': 'zh-CN,zh;q=0.9',
'Cache-Control': 'no-cache',
'Connection': 'keep-alive',
'Origin': 'https://fanyi.youdao.com',
'Pragma': 'no-cache',
'Referer': 'https://fanyi.youdao.com/',
'Sec-Fetch-Dest': 'empty',
'Sec-Fetch-Mode': 'cors',
'Sec-Fetch-Site': 'same-site',
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36',
'Sec-Ch-Ua': '"Chromium";v="122", "Not(A:Brand";v="24", "Google Chrome";v="122"',
'Sec-Ch-Ua-Mobile': '?0',
'Sec-Ch-Ua-Platform': '"Windows"'
}
# 请求
response = requests.get(url_with_params, headers=headers, data={})
json_data = json.loads(response.text)
# 获取 key
return json_data['data']def send(chinese):
url = “https://dict.youdao.com/webtranslate”
mysticTime = get_timestamp()
data = init_data()
aesIv = data[‘aesIv’]
aesKey = data[‘aesKey’]
secretKey = data[‘secretKey’]
# sign 是 client=fanyideskweb&mysticTime=1711295634744&product=webfanyi&key=fsdsogkndfokasodnaso
tmp_sign = f"client=fanyideskweb&mysticTime={mysticTime}&product=webfanyi&key={secretKey}"
sign = hashlib.md5(tmp_sign.encode(“utf8”)).hexdigest()
payload = {
'i': chinese,
'from': 'auto',
'to': '',
'domain': '0',
'dictResult': 'true',
'keyid': 'webfanyi',
'sign': sign,
'client': 'fanyideskweb',
'product': 'webfanyi',
'appVersion': '1.0.0',
'vendor': 'web',
'pointParam': 'client,mysticTime,product',
'mysticTime': mysticTime,
'keyfrom': 'fanyi.web',
'mid': 1,
'screen': 1,
'model': 1,
'network': 'wifi',
'abtest': '0',
'yduuid': 'abcdefg',
}
headers = {
'Accept': 'application/json, text/plain, \*/\*',
'Accept-Language': 'zh-CN,zh;q=0.9',
'Cache-Control': 'no-cache',
'Connection': 'keep-alive',
'Content-Type': 'application/x-www-form-urlencoded',
'Cookie': 'OUTFOX\_SEARCH\_USER\_ID=-1545431425@10.55.164.248; OUTFOX\_SEARCH\_USER\_ID\_NCOO=1617400304.3454392',
'Origin': 'https://fanyi.youdao.com',
'Pragma': 'no-cache',
'Referer': 'https://fanyi.youdao.com/',
'Sec-Fetch-Dest': 'empty',
'Sec-Fetch-Mode': 'cors',
'Sec-Fetch-Site': 'same-site',
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36',
'sec-ch-ua': '"Chromium";v="122", "Not(A:Brand";v="24", "Google Chrome";v="122"',
'sec-ch-ua-mobile': '?0',
'sec-ch-ua-platform': '"Windows"'
}
response = requests.post(url, headers=headers, data=payload)
encode_data = response.text
# 开始解密数据
print("encode\_data:", encode_data)
print("aesIv:", aesIv)
print("aesKey:", aesKey)
decode(encode_data, aesIv, aesKey)