AES encryption analysis

Pay attention to wechat public number: K brother reptile, QQ exchange group: 808574309, continue to share crawler advanced, JS/ Android reverse technology and other goods!

The statement

All content in this article is only for learning and communication, packet capture content, sensitive website, data interface have been desensitized processing, strictly prohibited for commercial use and illegal use, otherwise all the consequences are unrelated to the author, if there is infringement, please contact me immediately delete!

Reverse the target

• Objective: CNKI Academic translation AES encryption
• Home page:aHR0cHM6Ly9kaWN0LmNua2kubmV0L2luZGV4
• Interface:aHR0cHM6Ly9kaWN0LmNua2kubmV0L2Z5enMtZnJvbnQtYXBpL3RyYW5zbGF0ZS9saXRlcmFsdHJhbnNsYXRpb24=
• Reverse parameter: Request Payload:words: "kufhG_UJw_k3Sfr3j0BLAA=="

The reverse process

This period’s reverse material comes from the help of a group friend in the CRAWler exchange group of Brother K. The goal is CNKI academic translation. Fans want to achieve two functions: 1. 2. Reverse encryption process.

When you go to the translation home page, you capture the packet and locate it on the translation interface. You can see the Request Payload, and the text to be translated will be encrypted, as shown in the following figure:

If you search for the keyword words, you’ll find a lot of results, and it’s not very easy to find them. If you notice that there is also a translateType in the Payload parameter, you can search for the translateType directly, because these two parameters are usually next to each other. Encrypto, encrypto, XHR, XHR, XHR, XHR, XHR, XHR, XHR, XHR

(0, h.encrypto)(this.inputword)

N = “4e87183cfd3a45fe”, n is the key, mode ECB, fills Pkcs7, and finally does some string substitution, as shown in the picture below:

Know the encryption algorithm, key and other key parameters, then directly reference the crypto-JS module to achieve OK, JavaScript code is as follows:

// Reference the crypto-js encryption module
var CryptoJS = require('crypto-js')

function s(t) {
    var n = "4e87183cfd3a45fe"
    var e = {
        mode: CryptoJS.mode.ECB,
        padding: CryptoJS.pad.Pkcs7
    }
      , i = CryptoJS.enc.Utf8.parse(n)
      , s = CryptoJS.AES.encrypt(t, i, e)
      , r = s.toString().replace(/\//g."_");
    return r = r.replace(/\+/g."-"),
    r
}

console.log(s("Test"))

// kufhG_UJw_k3Sfr3j0BLAA==
Copy the code

A small demo using Python translation:

# = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
# --*-- coding: utf-8 --*--
# @Time : 2021-11-05
# @author: wechat public number: K brother crawler
# @FileName: cnki.py
# @Software: PyCharm
# = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


import execjs
import requests


token_url = "https://dict.cnki.net/fyzs-front-api/getToken"
translation_api = "https://dict.cnki.net/fyzs-front-api/translate/literaltranslation"
UA = "Mozilla / 5.0 (Windows NT 10.0; Win64; X64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36"

session = requests.session()


def get_token() :
    headers = {"User-Agent": UA}
    response = session.get(url=token_url, headers=headers).json()
    token = response["data"]
    return token


def get_encrypted_word(word) :
    with open('cnki_encrypt.js'.'r', encoding='utf-8') as f:
        cnki_js = f.read()
    encrypted_word = execjs.compile(cnki_js).call('s', word)
    return encrypted_word


def get_translation_result(encrypted_word, token) :
    payload = {
        "translateType": None."words": encrypted_word
    }
    headers = {
        "Token": token,
        "User-Agent": UA
    }
    response = session.post(url=translation_api, headers=headers, json=payload).json()
    result = response["data"] ["mResult"]
    return result


def main() :
    word = input("Please enter string to be translated:")
    token = get_token()
    encrypted_word = get_encrypted_word(word)
    result = get_translation_result(encrypted_word, token)
    print(The translation result is:, result)


if __name__ == "__main__":
    main()
Copy the code

Fans also have a question about the limit of characters. Let’s see if we can break through the limit of 1000 characters in English and 500 characters in Chinese, as shown below:

This limitation is not just a really big probability the limitation of the front-end, the service side should also have limitations, we can carry more than 500 characters in Chinese to ask once, the character is in front of “1”, the three characters is “2”, now has more than 500 characters, we see the results of translation does not appear the Test 2, So if you want to translate a lot of strings, you have to split them up and process them.