Tips: When you see this prompt, it indicates that the current article has been migrated from the original emlog blog system. The publication date of the article is quite old, and the formatting and content may not be complete. Thank you for your understanding.
China Telecom Login RSA Algorithm + Analysis
Date: 2016-9-30 A Jue Tutorial Views: 2727 Comments: 9
No more nonsense!
1. Tools Used
1. IE browser (version 9 and above)
2. HttpWatch (available in both Chinese and English)
3. JS Debugging Tool
Target website:
http://xz.189.cn/sso/LoginServlet
Telecom 189 Login
2. Packet Capture:
1. Clear the website's cookies and cache before capturing packets
2. Start the packet capture tool before the page opens (otherwise, you won't capture the encrypted JS)
3. Determine which one is our login submission packet
1. Here we will use the F12 Developer Tools in IE
2. Find our password keyword: password passWord
3. Continue to trace the function called for encryption: encryptedString
4. We also need to know what the two parameters of the encryptedString function are. Continue to search for the key.
5. Now I have enough parameters for encryption, and the next step is debugging. Some may ask, aren't there two parameters? What about the other s? Through the function, we know that s is the encrypted password pwd. Through the function call if judgment, we can see that pwd is our password passWord.
6. Next, copy the calling function and debug it in the developer tools. It requires the key and s parameters.
7. Debugging in IE is fine, so let's debug in the JS debugging tool next.
8. Copy the three confidential RSA JS and key, call the bodyRSA() function with the password as the parameter. We find that it is an object and cannot be called directly. If we continue to call it, it will cause the tool to crash.
9. This is the difficulty of RSA, it needs to be rewritten, otherwise our easy language cannot call it.
10. Copy the rewritten function into the debugging tool just like before, still calling the bodyrsa() function.
Finally, we found that we succeeded.
Because I don't have a Telecom phone number, I can't write a complete cookie operation login. Looking forward to the next issue!
User Comments:
Zhong Ju 5 years ago (2016-10-06)
My friend, try logging in with a Telecom number.
Sui Yuan Sui Yi 5 years ago (2016-10-02)
http://login.189.cn/login Is this the login for 189?
A Jue 5 years ago (2016-10-03)
I wrote the address I captured above, it's not this one.
It can only be in Tibet. Changing regions doesn't work [tears]
My Telecom phone number, broadband number, and landline number can log in at LOGIN.189.CN/LOGIN. The packet capture analysis is the same as this encryption.
My friend, I have a Telecom phone number, add me on QQ71***38. I'm exploring this thing and want to log in with POST.
Click the link below the website to contact me.
Can't find the link.