唯品会搜索接口逆向

使用小黄鸟电脑版配合手机抓包

![image-20240229111942491](/Users/king/Library/Application Support/typora-user-images/image-20240229111942491.png)

搜索之前会有个设备注册的动作

image-20240229112709847

搜索接口为https://mapi.appvipshop.com/vips-mobile/rest/shopping/search/product/list/v1

上述参数为中keyword 为洗面奶 更改洗面奶关键词 函数签名不正常,无法正常返回响应,这里考虑逆向

设备注册

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
import requests


headers = {
    "User-Agent": "okhttp/4.9.1",
    "Accept-Encoding": "gzip",
    "authorization": "OAuth api_sign=a47258d0f2ba0045f0c16bb1b9089ee3f857f58f",
    "x-vip-host": "mp.appvipshop.com"
}
url = "https://mp.appvipshop.com/apns/device_reg"
params = {
    "app_name": "achievo_ad",
    "app_version": "7.83.3",
    "device_token": "ed0f0e40-4788-324b-8000-79a11b44f6ee",
    "status": "1",
    "warehouse": "VIP_SH",
    "manufacturer": "Google",
    "device": "Pixel 4 XL",
    "os_version": "29",
    "channel": "oziq7dxw:::",
    "vipruid": "",
    "regPlat": "0",
    "regid": "null",
    "rom": "Dalvik/2.1.0 (Linux; U; Android 10; Pixel 4 XL Build/QQ3A.200805.001)",
    "skey": "6692c461c3810ab150c9a980d0c275ec"
}
response = requests.get(url, headers=headers, params=params)

print(response.text)
print(response)

其他参数都是可以根据有意义的,只有 device_token 是变动的,这里逆向APP

image-20230404185007842

image-20230404185025328

image-20230404185053382

image-20230404185109244

image-20230404185203390

image-20230404185214860

image-20230404185244195

所以,直接就是UUID

1
2
import uuid
device_token = str(uuid.uuid4())

设备注册逆向

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36

import requests
import uuid

device_token = str(uuid.uuid4())

# device_token="ed0f0e40-4788-324b-8000-79a11b44f6ee"

headers = {
    "User-Agent": "okhttp/4.9.1",
    "Accept-Encoding": "gzip",
    "authorization": "OAuth api_sign=a47258d0f2ba0045f0c16bb1b9089ee3f857f58f",
    "x-vip-host": "mp.appvipshop.com"
}
url = "https://mp.appvipshop.com/apns/device_reg"
params = {
    "app_name": "achievo_ad",
    "app_version": "7.83.3",
    "device_token": device_token,
    "status": "1",
    "warehouse": "VIP_SH",
    "manufacturer": "Google",
    "device": "Pixel 4 XL",
    "os_version": "29",
    "channel": "oziq7dxw:::",
    "vipruid": "",
    "regPlat": "0",
    "regid": "null",
    "rom": "Dalvik/2.1.0 (Linux; U; Android 10; Pixel 4 XL Build/QQ3A.200805.001)",
    "skey": "6692c461c3810ab150c9a980d0c275ec"
}
response = requests.get(url, headers=headers, params=params)

print(response.text)
# {"result":"ok","msg":"注册成功"}

搜索接口逆向

1
curl -X POST 'https://mapi.appvipshop.com/vips-mobile/rest/shopping/search/product/list/v1' -H 'User-Agent: okhttp/4.9.1' -H 'Accept-Encoding: gzip' -H 'Content-Type: application/x-www-form-urlencoded' -H 'authorization: OAuth api_sign=c551d27c3ec7a539d030b835ab29007706fd9672' -H 'x-vip-host: mapi.appvipshop.com' --data-urlencode 'api_key=23e7f28019e8407b98b84cd05b5aef2c' --data-urlencode 'app_name=shop_android' --data-urlencode 'app_version=7.83.3' --data-urlencode 'bigSaleTagIds=' --data-urlencode 'brandIds=' --data-urlencode 'brandStoreSns=' --data-urlencode 'categoryId=' --data-urlencode 'channelId=1' --data-urlencode 'channel_flag=0_1' --data-urlencode 'client=android' --data-urlencode 'client_type=android' --data-urlencode 'darkmode=0' --data-urlencode 'deeplink_cps=' --data-urlencode 'device_model=Google Pixel 4 XL' --data-urlencode 'did=0.0.8210935aac88ed2c795168a927fbc377.b54cd1' --data-urlencode 'elder=0' --data-urlencode 'extParams={"priceVer":"2","mclabel":"1","cmpStyle":"1","statusVer":"2","ic2label":"1","video":"2","uiVer":"2","preheatTipsVer":"4","floatwin":"1","superHot":"1","exclusivePrice":"1","router":"1","coupons":"1","needVideoExplain":"1","rank":"2","needVideoGive":"1","bigBrand":"1","couponVer":"v2","videoExplainUrl":"1","live":"1","sellpoint":"1","reco":"1","vreimg":"1","search_tag":"2","tpl":"1","stdSizeVids":"","labelVer":"2"}' --data-urlencode 'fdc_area_id=103101101113' --data-urlencode 'functions=RTRecomm,flagshipInfo,feedback,otdAds,zoneCode,slotOp,survey,hasTabs,floaterParams' --data-urlencode 'harmony_app=0' --data-urlencode 'harmony_os=0' --data-urlencode 'headTabType=all' --data-urlencode 'height=2984' --data-urlencode 'isMultiTab=0' --data-urlencode 'keyword=洗面奶' --data-urlencode 'lastPageProperty={"isBgToFront":"0","suggest_text":"洗面奶","scene_entry_id":"-99","refer_page_id":"page_te_globle_classify_search_1709112203190","text":"洗面奶","tag":"1","module_name":"com.achievo.vipshop.search","type":"all","typename":"全部","is_back_page":"0"}' --data-urlencode 'maker=GOOGLE' --data-urlencode 'mars_cid=ed0f0e40-4788-324b-8000-79a11b44f6ee' --data-urlencode 'mobile_channel=oziq7dxw:::' --data-urlencode 'mobile_platform=3' --data-urlencode 'net=WIFI' --data-urlencode 'operator=45406' --data-urlencode 'os=Android' --data-urlencode 'osv=10' --data-urlencode 'otddid=' --data-urlencode 'other_cps=' --data-urlencode 'page_id=page_te_commodity_search_1709112205099' --data-urlencode 'phone_model=pixel 4 xl' --data-urlencode 'priceMax=' --data-urlencode 'priceMin=' --data-urlencode 'props=' --data-urlencode 'province_id=103101' --data-urlencode 'referer=com.achievo.vipshop.search.activity.TabSearchProductListActivity' --data-urlencode 'rom=Dalvik/2.1.0 (Linux; U; Android 10; Pixel 4 XL Build/QQ3A.200805.001)' --data-urlencode 'sd_tuijian=0' --data-urlencode 'service_provider=45406' --data-urlencode 'session_id=ed0f0e40-4788-324b-8000-79a11b44f6ee_shop_android_1709111748547' --data-urlencode 'skey=6692c461c3810ab150c9a980d0c275ec' --data-urlencode 'sort=0' --data-urlencode 'source=app' --data-urlencode 'source_app=android' --data-urlencode 'standby_id=oziq7dxw:::' --data-urlencode 'sys_version=29' --data-urlencode 'timestamp=1709112205' --data-urlencode 'union_mark=blank&_&blank&_&oziq7dxw:::&_&blank&_&blank' --data-urlencode 'vipService=' --data-urlencode 'warehouse=VIP_SH' --data-urlencode 'width=1440'
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
import requests

headers = {
    'User-Agent': 'okhttp/4.9.1',
    # 'Accept-Encoding': 'gzip',
    'Content-Type': 'application/x-www-form-urlencoded',
    'authorization': 'OAuth api_sign=c551d27c3ec7a539d030b835ab29007706fd9672',
    'x-vip-host': 'mapi.appvipshop.com',
}

data = {
    'api_key': '23e7f28019e8407b98b84cd05b5aef2c',
    'app_name': 'shop_android',
    'app_version': '7.83.3',
    'bigSaleTagIds': '',
    'brandIds': '',
    'brandStoreSns': '',
    'categoryId': '',
    'channelId': '1',
    'channel_flag': '0_1',
    'client': 'android',
    'client_type': 'android',
    'darkmode': '0',
    'deeplink_cps': '',
    'device_model': 'Google Pixel 4 XL',
    'did': '0.0.8210935aac88ed2c795168a927fbc377.b54cd1',
    'elder': '0',
    'extParams': '{"priceVer":"2","mclabel":"1","cmpStyle":"1","statusVer":"2","ic2label":"1","video":"2","uiVer":"2","preheatTipsVer":"4","floatwin":"1","superHot":"1","exclusivePrice":"1","router":"1","coupons":"1","needVideoExplain":"1","rank":"2","needVideoGive":"1","bigBrand":"1","couponVer":"v2","videoExplainUrl":"1","live":"1","sellpoint":"1","reco":"1","vreimg":"1","search_tag":"2","tpl":"1","stdSizeVids":"","labelVer":"2"}',
    'fdc_area_id': '103101101113',
    'functions': 'RTRecomm,flagshipInfo,feedback,otdAds,zoneCode,slotOp,survey,hasTabs,floaterParams',
    'harmony_app': '0',
    'harmony_os': '0',
    'headTabType': 'all',
    'height': '2984',
    'isMultiTab': '0',
    'keyword': '洗面奶',
    'lastPageProperty': '{"isBgToFront":"0","suggest_text":"洗面奶","scene_entry_id":"-99","refer_page_id":"page_te_globle_classify_search_1709112203190","text":"洗面奶","tag":"1","module_name":"com.achievo.vipshop.search","type":"all","typename":"全部","is_back_page":"0"}',
    'maker': 'GOOGLE',
    'mars_cid': 'ed0f0e40-4788-324b-8000-79a11b44f6ee',
    'mobile_channel': 'oziq7dxw:::',
    'mobile_platform': '3',
    'net': 'WIFI',
    'operator': '45406',
    'os': 'Android',
    'osv': '10',
    'otddid': '',
    'other_cps': '',
    'page_id': 'page_te_commodity_search_1709112205099',
    'phone_model': 'pixel 4 xl',
    'priceMax': '',
    'priceMin': '',
    'props': '',
    'province_id': '103101',
    'referer': 'com.achievo.vipshop.search.activity.TabSearchProductListActivity',
    'rom': 'Dalvik/2.1.0 (Linux; U; Android 10; Pixel 4 XL Build/QQ3A.200805.001)',
    'sd_tuijian': '0',
    'service_provider': '45406',
    'session_id': 'ed0f0e40-4788-324b-8000-79a11b44f6ee_shop_android_1709111748547',
    'skey': '6692c461c3810ab150c9a980d0c275ec',
    'sort': '0',
    'source': 'app',
    'source_app': 'android',
    'standby_id': 'oziq7dxw:::',
    'sys_version': '29',
    'timestamp': '1709112205',
    'union_mark': 'blank&_&blank&_&oziq7dxw:::&_&blank&_&blank',
    'vipService': '',
    'warehouse': 'VIP_SH',
    'width': '1440',
}

response = requests.post(
    'https://mapi.appvipshop.com/vips-mobile/rest/shopping/search/product/list/v1',
    headers=headers,
    data=data,
)

print(response.json())

先逆向请求头中的authorization 参数,因为这个参数是对请求体中data 的加密,我们只有把这个hash 算法搞定了之后,才能定向修改data 中的值尝试修改

image-20240229151036566

image-20240229151123147

image-20240229151215912

image-20240229151314277

image-20240229151455144

image-20240229151550668

这里这个反射可以看到是属于 clazzkeyinfo 的实例 gs 也就是keyinfo 类中的gs

image-20240229152036882

可以看到这里是一个nativate 方法

尝试去hook 改函数的时候APP直接闪退

image-20240229154532494

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
import os

import frida
import sys

os.system("adb forward tcp:27042 tcp:27042")
os.system("adb forward tcp:27043 tcp:27043")

package_name = 'com.achievo.vipshop'
rdev = frida.get_remote_device()
pid = rdev.spawn([package_name, ])
session = rdev.attach(pid)

scr = """
Java.perform(function () {

    var dlopen = Module.findExportByName(null, "dlopen");
    var android_dlopen_ext = Module.findExportByName(null, "android_dlopen_ext");

    Interceptor.attach(dlopen, {
        onEnter: function (args) {
            var path_ptr = args[0];
            var path = ptr(path_ptr).readCString();
            console.log("[dlopen:]", path);
        },
        onLeave: function (retval) {

        }
    });

    Interceptor.attach(android_dlopen_ext, {
        onEnter: function (args) {
            var path_ptr = args[0];
            var path = ptr(path_ptr).readCString();
            console.log("[dlopen_ext:]", path);
        },
        onLeave: function (retval) {

        }
    });


});
"""
script = session.create_script(scr)


def on_message(message, data):
    print(message, data)


script.on("message", on_message)
script.load()
rdev.resume(pid)
sys.stdin.read()
1
2
3
4
5
6
7
[dlopen_ext:] /vendor/lib/hw/gralloc.msmnile.so
[dlopen:] libEGL_adreno.so
[dlopen:] libGLESv2_adreno.so
[dlopen:] libGLESv1_CM_adreno.so
[dlopen_ext:] /data/app/com.achievo.vipshop-0huhC8wq2vbEuvlIGGxkLQ==/lib/arm/libmsaoaidsec.so
[dlopen_ext:] /vendor/lib/hw/android.hardware.graphics.mapper@3.0-impl-qti-display.so

可以看到加载了几个so 文件之后直接闪退,有很大可能frida 检测的代码就在上面几个库中

1

关于frida 检测绕过还有好多思路这里直接选择删除这个so 文件,其他可以参考

【Android 逆向】frida 检测绕过 - 明月照江江 - 博客园
绕过bili frida反调试

1
2
3
4
adb shell rm -rf /data/app/com.achievo.vipshop-0huhC8wq2vbEuvlIGGxkLQ==/lib/arm/libmsaoaidsec.so

frida -U -f com.achievo.vipshop -l /Users/king/code/reverse_engine/reapp/vip/hook.js --no-pause

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
//hook.js 
function hook() {
    Java.perform(function () {
        let KeyInfo = Java.use("com.vip.vcsp.KeyInfo");
        KeyInfo["gs"].implementation = function (context, map, str, z10) {
            var TreeMap = Java.use('java.util.TreeMap');
            console.log("map:" + Java.cast(map, TreeMap).toString());
            console.log(`KeyInfo.gs is called str=${str}, z10=${z10}`);
            let result = this["gs"](context, map, str, z10);
            console.log(`KeyInfo.gs result=${result}`);

            return result;
        };
    })
}

setImmediate(hook);

image-20240229160529575

image-20240229161831805

根据ida 函数点击跳转看到是使用了sha1 哈希算法

这里尝试使用hook 内存来查看机密的参数是多少

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

var addr = Module.findExportByName("libkeyinfo.so", "getByteHash");
console.log(addr); //0xb696387d



Interceptor.attach(addr,{
    onEnter:function (args){
        this.args_2 = args[2];
    },
    onLeave:function(retval) {
        console.log("--------------------")
        console.log("args_2 is " + Memory.readCString(this.args_2));
        console.log("retval is " + Memory.readCString(retval));
    }

})

// frida -UF -l hook_memory.js
1
2
3
4
5
6
args_2 is aee4c425dbb2288b80c71347cc37d04bapi_key=23e7f28019e8407b98b84cd05b5aef2c&app_name=shop_android&app_version=7.83.3&channel_flag=0_1&client=android&client_type=android&darkmode=0&deeplink_cps=&did=0.0.8210935aac88ed2c795168a927fbc377.b54cd1&elder=0&fdc_area_id=103101101113&harmony_app=0&harmony_os=0&mars_cid=ed0f0e40-4788-324b-8000-79a11b44f6ee&mobile_channel=oziq7dxw:::&mobile_platform=3&newcustomer=1&other_cps=&page_id=page_channel_1709195210228&phone_model=pixel 4 xl&province_id=103101&referer=com.achievo.vipshop.homepage.activity.MainActivity&rom=Dalvik/2.1.0 (Linux; U; Android 10; Pixel 4 XL Build/QQ3A.200805.001)&sd_tuijian=0&session_id=ed0f0e40-4788-324b-8000-79a11b44f6ee_shop_android_1709195544425&skey=6692c461c3810ab150c9a980d0c275ec&source_app=android&standby_id=oziq7dxw:::&sys_version=29&timestamp=1709195216&union_mark=blank&_&blank&_&oziq7dxw:::&_&blank&_&blank&warehouse=VIP_SH
retval is 25af90f18ad599d8826d8e9c3df2b469d95ba290
--------------------
args_2 is aee4c425dbb2288b80c71347cc37d04b25af90f18ad599d8826d8e9c3df2b469d95ba290
retval is 0606bdac18eabcb5d8680dbe3828f02b61eef32d

参数应该是有两次加盐的sha1加密搞出来的

使用算法还原

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
import hashlib

data_string = "aee4c425dbb2288b80c71347cc37d04bapi_key=23e7f28019e8407b98b84cd05b5aef2c&app_name=shop_android&app_version=7.83.3&channel_flag=0_1&client=android&client_type=android&darkmode=0&deeplink_cps=&did=0.0.8210935aac88ed2c795168a927fbc377.b54cd1&elder=0&fdc_area_id=103101101113&harmony_app=0&harmony_os=0&mars_cid=ed0f0e40-4788-324b-8000-79a11b44f6ee&mobile_channel=oziq7dxw:::&mobile_platform=3&newcustomer=1&other_cps=&page_id=page_channel_1709195210228&phone_model=pixel 4 xl&province_id=103101&referer=com.achievo.vipshop.homepage.activity.MainActivity&rom=Dalvik/2.1.0 (Linux; U; Android 10; Pixel 4 XL Build/QQ3A.200805.001)&sd_tuijian=0&session_id=ed0f0e40-4788-324b-8000-79a11b44f6ee_shop_android_1709195544425&skey=6692c461c3810ab150c9a980d0c275ec&source_app=android&standby_id=oziq7dxw:::&sys_version=29&timestamp=1709195216&union_mark=blank&_&blank&_&oziq7dxw:::&_&blank&_&blank&warehouse=VIP_SH"
# sha1加密
hash_object = hashlib.sha1()
hash_object.update(data_string.encode('utf-8'))
arg7 = hash_object.hexdigest()
print(arg7)

x = "aee4c425dbb2288b80c71347cc37d04b"+arg7
# sha1加密
hash_object = hashlib.sha1()
hash_object.update(x.encode('utf-8'))
arg7 = hash_object.hexdigest()
print(arg7)

此时注册设备接口应该是是

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
import requests
import uuid

import hashlib


def sha1(data_string):
    # sha1加密
    hash_object = hashlib.sha1()
    hash_object.update(data_string.encode('utf-8'))
    arg7 = hash_object.hexdigest()
    return arg7


device_token = str(uuid.uuid4())
url = "https://mp.appvipshop.com/apns/device_reg"
params = {
    "app_name": "achievo_ad",
    "app_version": "7.83.3",
    "device_token": "ed0f0e40-4788-324b-8000-79a11b44f6ee",
    "status": "1",
    "warehouse": "VIP_SH",
    "manufacturer": "Google",
    "device": "Pixel 4 XL",
    "os_version": "29",
    "channel": "oziq7dxw:::",
    "vipruid": "",
    "regPlat": "0",
    "regid": "null",
    "rom": "Dalvik/2.1.0 (Linux; U; Android 10; Pixel 4 XL Build/QQ3A.200805.001)",
    "skey": "6692c461c3810ab150c9a980d0c275ec"
}

ordered_string = "&".join(["{}={}".format(key, params[key]) for key in sorted(params.keys())])

salt = "aee4c425dbb2288b80c71347cc37d04b"
tmp = sha1(f"{salt}{ordered_string}")
api_sign = sha1(f"{salt}{tmp}")

res = requests.get(
    url=url,
    params=params,
    headers={
        "Authorization": "OAuth api_sign={}".format(api_sign)
    }
)
print(res.text)

搜索接口最后结果

更改keyword 就可以更改要搜索的结果

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
import hashlib

import requests

headers = {
    'User-Agent': 'okhttp/4.9.1',
    # 'Accept-Encoding': 'gzip',
    'Content-Type': 'application/x-www-form-urlencoded',
    'authorization': 'OAuth api_sign=c551d27c3ec7a539d030b835ab29007706fd9672',
    'x-vip-host': 'mapi.appvipshop.com',
}


def sha1(data_string):
    # sha1加密
    hash_object = hashlib.sha1()
    hash_object.update(data_string.encode('utf-8'))
    arg7 = hash_object.hexdigest()
    return arg7


data = {
    'api_key': '23e7f28019e8407b98b84cd05b5aef2c',
    'app_name': 'shop_android',
    'app_version': '7.83.3',
    'bigSaleTagIds': '',
    'brandIds': '',
    'brandStoreSns': '',
    'categoryId': '',
    'channelId': '1',
    'channel_flag': '0_1',
    'client': 'android',
    'client_type': 'android',
    'darkmode': '0',
    'deeplink_cps': '',
    'device_model': 'Google Pixel 4 XL',
    # 'did': '0.0.8210935aac88ed2c795168a927fbc377.b54cd1',
    'elder': '0',
    'extParams': '{"priceVer":"2","mclabel":"1","cmpStyle":"1","statusVer":"2","ic2label":"1","video":"2","uiVer":"2","preheatTipsVer":"4","floatwin":"1","superHot":"1","exclusivePrice":"1","router":"1","coupons":"1","needVideoExplain":"1","rank":"2","needVideoGive":"1","bigBrand":"1","couponVer":"v2","videoExplainUrl":"1","live":"1","sellpoint":"1","reco":"1","vreimg":"1","search_tag":"2","tpl":"1","stdSizeVids":"","labelVer":"2"}',
    'fdc_area_id': '103101101113',
    'functions': 'RTRecomm,flagshipInfo,feedback,otdAds,zoneCode,slotOp,survey,hasTabs,floaterParams',
    'harmony_app': '0',
    'harmony_os': '0',
    'headTabType': 'all',
    'height': '2984',
    'isMultiTab': '0',
    'keyword': '玩具',
    # 'lastPageProperty': '{"isBgToFront":"0","suggest_text":"洗面奶","scene_entry_id":"-99","refer_page_id":"page_te_globle_classify_search_1709112203190","text":"洗面奶","tag":"1","module_name":"com.achievo.vipshop.search","type":"all","typename":"全部","is_back_page":"0"}',
    # 'maker': 'GOOGLE',
    'mars_cid': '1b82eaf8-0357-48d3-9956-882b38de39b8',
    'mobile_channel': 'oziq7dxw:::',
    'mobile_platform': '3',
    'net': 'WIFI',
    'operator': '45406',
    'os': 'Android',
    'osv': '10',
    'otddid': '',
    'other_cps': '',
    'page_id': 'page_te_commodity_search_1709112205099',
    # 'phone_model': 'pixel 4 xl',
    # 'priceMax': '',
    # 'priceMin': '',
    # 'props': '',
    # 'province_id': '103101',
    'referer': 'com.achievo.vipshop.search.activity.TabSearchProductListActivity',
    'rom': 'Dalvik/2.1.0 (Linux; U; Android 10; Pixel 4 XL Build/QQ3A.200805.001)',
    'sd_tuijian': '0',
    'service_provider': '45406',
    'session_id': 'ed0f0e40-4788-324b-8000-79a11b44f6ee_shop_android_1709111748547',
    'skey': '6692c461c3810ab150c9a980d0c275ec',
    'sort': '0',
    'source': 'app',
    'source_app': 'android',
    'standby_id': 'oziq7dxw:::',
    'sys_version': '29',
    'timestamp': '1709112205',
    'union_mark': 'blank&_&blank&_&oziq7dxw:::&_&blank&_&blank',
    'vipService': '',
    'warehouse': 'VIP_SH',
    'width': '1440',
}
def get_api_signe(data:dict):
    ordered_string = "&".join(["{}={}".format(key, data[key]) for key in sorted(data.keys())])
    salt = "aee4c425dbb2288b80c71347cc37d04b"
    tmp = sha1(f"{salt}{ordered_string}")
    api_sign = sha1(f"{salt}{tmp}")
    return api_sign

response = requests.post(
    'https://mapi.appvipshop.com/vips-mobile/rest/shopping/search/product/list/v1',
    data=data,
    headers={
        "Authorization": "OAuth api_sign={}".format(get_api_signe(data))
    }
)

print(response.json())

尝试过随机生成的uuid,没有注册设备放在搜索参数里面,发现可以使用,猜测风控应该不严的,而且设备也没有登录,具体校验哪些参数需要使用

#安卓逆向
唯品会搜索接口逆向
https://kingjem.github.io/2024/10/14/唯品会搜索接口逆向/
作者
Ruhai
发布于
2024年10月14日
许可协议