//sendAction(o.url, o.data, o.cb, o.err, o.cmdErr) e.prototype.sendAction = function(e, t, n, i, a, o) { -1 == e.search("basic/login") && -1 == e.search("roller/roll") && MainUIView.getInstance().showView(new ui.LoadingUIView, ui.LoadingUIMediator.NAME, !0, Const.HighestLayer), FormPostRequest._cb = n, FormPostRequest._err = i, FormPostRequest._cmdErr = a; // s = t&isWxGame=true&t=123123 var r = moment().unix(), s = t + "&isWxGame=" + InitMark.isWxgame + "&t=" + r, u = Func.getSign(s); o && (u = Func.getSignWithMap(o, r)), s += "&sign=" + u, this.urlRequest.url = e, this.urlRequest.method = egret.URLRequestMethod.POST, this.urlRequest.data = new egret.URLVariables(s), this.urlLoader.load(this.urlRequest) } e.getSign = function(e) { e += "&secret=" + InitMark.secret; var t = "", n = e.split("&"); n.sort(); for (var i = 0; i < n.length; i++) t += n[i]; 1e4 == InitMark.uid && console.log("data = " + t); var a = new md5; return t = a.hex_md5(t) } , e.getSignWithMap = function(e, t) { e.secret = InitMark.secret, e.t = t, e.isWxGame = InitMark.isWxgame; var n = "", i = []; for (var a in e) i.push(a + "=" + e[a]); i.sort(); for (var o = 0; o < i.length; o++) n += i[o]; var r = new md5; return n = r.hex_md5(n) } // 根據code函數自動生成sign,需要傳入uid,secret. // 返回用戶sign function getSign(uid,secret) { var time = moment().unix(); var postData = "uid=" + this.uid + "&isWxGame=true&t=" + time + "&secret=" + this.secret; var t = "", n = postData.split("&"); n.sort(); for (var i = 0; i < n.length; i++) t += n[i]; var md5 = new md5(); var sign = md5.md5(t); return sign; }
微信里一款比較火的游戲,陪妹子玩,作為安全從業者,看看代碼是怎么實現的,能不能重放(不斷的重復請求此接口和post的數據)
post data 如下:
uid=139812485&isWxGame=true&t=1528095788&sign=0c262679702d7dafec77c30577697c36
但是在測試過程中發現不能重放,因為sign參數無法控制,sign可能存放到redis中了,再次請求就會無效
於是看看 sign 代碼是怎么生成的,JS代碼如上,那么我們就可以根據生成的算法來自己生成sign,這樣每個參數都是合法的,t為unix時間戳,因為sign根據時間戳來計算出來的,所以每次就會不一樣,請求也是合法的有效的。
有了sign就可以做什么想做的事情了。
