如何计算摘要/将使用哪种算法?

How to calculate the digest / Which algorithm will be used?

本文关键字：算法何计算计算更新时间：2023-10-16

我发现了一个从Java JNI调用的C++ API。该libcma.so包含将创建摘要的方法Java_com_smule_android_network_core_NetworkUtils_makeDigest- 我认为它MD5.

这是相反的来源：

https://raw.githubusercontent.com/Bizarrus/Sing/master/cma.cpp

这是JNI定义：

https://github.com/Bizarrus/Sing/blob/7ef0e748bae710bde2d07111bd66f1e7fc0810b4/com/smule/android/network/core/NetworkUtils.java#L53

谁能告诉我，将使用哪种Algorithm？

编辑

将进行以下HTTP-Request：

POST http://api-sing.smule.com/v2/login/guest?msgId=1776&appVersion=5.7.5&app=sing_google&appVariant=1&digest=179645edb702ce4a57197141522d848145f8861f HTTP/1.1
User-Agent: com.smule.singandroid/5.7.5 (6.0,F3311,de_DE)
Content-Type:   application/json; charset=UTF-8
Content-Length: 501
Host:   api-sing.smule.com
Connection: Keep-Alive
Accept-Encoding:    gzip
{
"common": {
"advId": "e133b6d9-25b1-4651-b4b8-94d80fa25ed9",
"automaticLogin": true,
"device": {
"carrierCountry": "de",
"country": "DE",
"deviceId": "a:e133b6d9-25b1-4651-b4b8-94d80fa25ed9",
"deviceType": "AND",
"googlePlayServices": "12.6.85 (040306-197041431)",
"hasMail": true,
"lang": "de",
"limitAdTrack": false,
"locale": "de_DE",
"machine": "F3311",
"manufacturer": "Sony",
"os": "6.0",
"product": "F3311",
"screenSize": "normal",
"script": ""
},
"pulp": 17,
"tzOffset": 3600,
"vorgom": true
},
"forceNewPlayer": true,
"lookupAccount": true
}

具有以下Response：

HTTP/1.1 200 OK
Server: nginx/1.11.5
Date:   Sun, 24 Jun 2018 16:27:31 GMT
Content-Type:   application/json; charset=utf-8
Transfer-Encoding:  chunked
X-Smule-Host:   a155.sf.smle.co
X-Smule-Digest: 64dc15893bbf43240798c73ae652bfb80e848f57
Set-Cookie: L=N; Max-Age=172800; Expires=Tue, 26 Jun 2018 16:27:31 GMT; Path=/; Domain=.smule.com; Secure
Cache-Control:  no-cache
Content-Encoding:   gzip
{
"data": {
"loginResult": {
"elControl": {
"npt": false
},
"handleNew": false,
"handlePrefill": true,
"language": "de",
"loginCount": 1,
"playerId": 1762444898,
"playerNew": true,
"playerNewlyRegistered": false,
"playerStat": {
"installDate": 1529857651000
},
"policyUrl": "https://www.smule.com/privacy/embed/20180523",
"policyVersion": "PRIVACY_POLICY_20180523",
"serverTime": 1529857651,
"sessionToken": "g4_10_wma5HOX13kDeho2gvEuIQyf5EnUaAp0Uw3C24O5w9s9xUB1U0JOC0w==",
"sessionTtl": 86400,
"showEmailOpt": true,
"termUrl": "https://www.smule.com/termsofservice/embed/20180523"
},
"settings": {}
},
"status": {
"code": 0,
"message": "ok",
"version": 1
}
}

在POST请求中，Query-Argument**摘要is the哈希of the request. These摘要will be created byJava_com_smule_android_network_core_NetworkUtils_makeDigest(i think). I don't know, which data will be used for the哈希算法- I've tried to reproduce the摘要"，参数如下：

只有所有Query-Parameters，按字母顺序排序，不包括digest-Argument(这些方法将在JavaScript下在网站上使用'
只有内容正文，在 JSON 字符串中(尝试作为漂亮的印刷和组合(
预期的内容正文和查询参数

我已经尝试了一些数据组合来重现digest，但我没有找到解决方案，这些数据重新发送了原始摘要。

从X-Smule-Digest头上的Response将按我上周重新制作的MD5进行哈希处理。这里(PHP(一个工作样本来计算X-Smule-Digest：

$string  = sprintf('%s=%s', 'secret', 'M=|ZUyMu^-qWb}VL^jJd}Mv)8y%bQWXf>IFBDcJ>%4zg2Ci|telj`dVZ@');
$string .= sprintf('&%s=%s', 'path', '/user/json/login'); // sample url-path
$string .= sprintf('&%s=%s', 'csrf', $this->csrf); // from Website, <meta content="([^"]+)" name="csrf-token" or from Header "x-csrf-token"
$string .= sprintf('&%s', http_build_query($this->data)); // POST-Body
$array = explode('&', $string);
sort($array); // Alphabetical sort
$x_smule_digest = md5(implode('&', $array));

1 .您指示的摘要长度为 40 个字符，包含从0到9的数字和从a到f的字母。所以它是 40 个十六进制值。因此，它很可能是使用摘要函数创建的SHA-1。

阿拉伯数字。您指示的C++函数具有以下签名：

int32_t Java_com_smule_android_network_core_NetworkUtils_makeDigest(int32_t * a1, int32_t a2, int32_t a3)

而Java源代码中对应的签名是：

private static native String makeDigest(String str, byte[] bArr);

第一个参数a1可能是 JNI 环境保留的指针。因此，输入a1输入放在一边，该函数接受两个参数：一个字符串和一个字节数组，并返回一个字符串：摘要。C++代码本身太复杂了，我无法深入研究。

3 .此 JNI 函数在您指定的 Java 文件中使用两次。在函数m18107a和m18106a.让我们在源代码中添加一些注释：

// Function that takes three arguments :
//      - a list of pairs of string we will call the "json pairs"
//      - a string we will call the "secret"
//      - an other string we will call the "optional token"
// and return the returned string of makeDigest which may be the digest.
public static String m18107a(List<Pair<String, String>> list, String str, String str2)
{
// Sort the json pairs alphabetically according to the first string of each pairs.
// (Check the source code of C35442 to verify my statement, I may be wrong )
Collections.sort(list, new C35442());
// Create a single string, that concatenate all the json pairs.
// ( I guess { age : 21, name : "bob" } becomes "age21namebob" )
// We will call that the "digest input"
StringBuilder stringBuilder = new StringBuilder();
for (Pair pair : list) {
stringBuilder.append((String) pair.first).append((String) pair.second);
}
// Append the "digest input" just created with the "optional token" if it exists.
if (str2 != null) {
stringBuilder.append(str2);
}
// Send the "secret" string, and the "digest input" as BYTES (may be important)
// Return the digest computed as returned string of the function.
return makeDigest(str, stringBuilder.toString().getBytes());
}

// Function that takes four arguments :
//      - a string str
//      - a number j
//      - a string str2
//      - a string str3 (can be null, as seen later)
// and return the returned string of makeDigest which may be the digest.
public static String m18106a(String str, long j, String str2, String str3)
{
// Create a single string, that concatenate j and str2.
// We will call that the "digest input"
StringBuilder append = new StringBuilder().append("").append(j).append(str2);
// If str3 is null, make it empty.
if (str3 == null) {
str3 = "";
}
// Send the "secret" string, and the "digest input" concatenated with str3, as BYTES (may be important).
// Return the digest computed as returned string of the function.
return makeDigest(str, append.append(str3).toString().getBytes());
}

很难走得更远。尝试挖掘一些东西：

这些函数m18107a和m18106a在哪里调用？您至少可以找到这些输入的内容吗？因此，您可以使用良好的输入。
你能在这些函数周围放置断点吗？跟踪输入和输出并尝试重现？
从所有可疑的输入中，您能找到一种方法来仅修改每个输入一个并检查摘要是否更改吗？消除可疑输入。