破解韵达快递验证码

  首先这个东西应该是提供接口的,但是这东西肯定也不是免费的,分析快递查询页面,可以看到这样的地址:
    http://qz.yundasys.com:18090/ws/ykjcx/cxend.jsp?wen=36666fede765176f6353a0274c
  并且地址始终保持一致,刷新或退出浏览器地址不改变,所以是可逆加密,简单分析发现,订单13位,密文26位,一半干扰码,多看几个,发现干扰码为:366ee61665a24
  这样一来,如此简单的加密,穷举法搞定,写个脚本去获取。

<?php
$l = array(0,1,2,3,4,5,6,7,8,9,'a','b','c','d','e','f');
$slat = "366ee61665a24";
$key = "6eef50575044f";
if(isset($_GET['key'])){
    $key = $_GET['key'];
}
//echo do_str($key,$slat),"\n";
$m = 0;
$arr = array();
$n=0;
$n = $_GET['n'];
foreach($l as $v){
    $m++;
    $key{$n} = $v;
    $k = do_str($key,$slat);
    $s = file_get_contents("http://qz.yundasys.com:18090/ws/ykjcx/cxend.jsp?wen=".$k);
   
    if(strpos($s,'<script language=javascript>alert(')!==false){
        //echo $m,"验证码错误\n";
    }else{
        $j = strpos($s,'<td width="54%" align="center" valign="middle" bgcolor="#ffffff" class="STYLE1">');
        $sub = substr($s,$j+strlen('<td width="54%" align="center" valign="middle" bgcolor="#ffffff" class="STYLE1">'),13);
        //echo $m,"\n",$key,"\n",$sub,"\n\n";
        $arr[$sub{$n}] = $key{$n};
    }
}
$arrt = array();
foreach($arr as $id => $value){
    array_push($arrt,"'$id' => '$value'");
}
$con = file_get_contents("t.txt");
file_put_contents("t.txt",$con."$n => array(".implode(", ", $arrt).'),'."\n");
$n++;
echo "<a href="?n=$n">$n</a>"; 
function do_str($key,$slat){
    $s = "";
    for($i=0;$i<strlen($key);$i++){
        $s.=($slat{$i}.$key{$i});
    }
    return $s;
}
?>

  页面依次重0执行到12后,取得文本中的内容,如果一次全部获取,估计查询页面会挂掉,毕竟一次16个都挂掉了。可以得到这样一个数组:

0 => array('7' => '0', '6' => '1', '5' => '2', '4' => '3', '3' => '4', '2' => '5', '1' => '6', '0' => '7', '9' => 'e', '8' => 'f'),
1 => array('7' => '0', '6' => '1', '5' => '2', '4' => '3', '3' => '4', '2' => '5', '1' => '6', '0' => '7', '9' => 'e', '8' => 'f'),
2 => array('8' => '6', '9' => '7', '6' => '8', '7' => '9', '4' => 'a', '5' => 'b', '2' => 'c', '3' => 'd', '0' => 'e', '1' => 'f'),
3 => array('8' => '4', '9' => '5', '4' => '8', '5' => '9', '6' => 'a', '7' => 'b', '0' => 'c', '1' => 'd', '2' => 'e', '3' => 'f'),
4 => array('6' => '0', '7' => '1', '4' => '2', '5' => '3', '2' => '4', '3' => '5', '0' => '6', '1' => '7', '8' => 'e', '9' => 'f'),
5 => array('4' => '0', '5' => '1', '6' => '2', '7' => '3', '0' => '4', '1' => '5', '2' => '6', '3' => '7', '8' => 'c', '9' => 'd'),
6 => array('6' => '0', '7' => '1', '4' => '2', '5' => '3', '2' => '4', '3' => '5', '0' => '6', '1' => '7', '8' => 'e', '9' => 'f'),
7 => array('8' => '6', '9' => '7', '6' => '8', '7' => '9', '4' => 'a', '5' => 'b', '2' => 'c', '3' => 'd', '0' => 'e', '1' => 'f'),
8 => array('2' => '0', '3' => '1', '0' => '2', '1' => '3', '6' => '4', '7' => '5', '4' => '6', '5' => '7', '8' => 'a', '9' => 'b'),
9 => array('2' => '0', '3' => '1', '0' => '2', '1' => '3', '6' => '4', '7' => '5', '4' => '6', '5' => '7', '8' => 'a', '9' => 'b'),
10 => array('1' => '0', '0' => '1', '3' => '2', '2' => '3', '5' => '4', '4' => '5', '7' => '6', '6' => '7', '9' => '8', '8' => '9'),
11 => array('6' => '0', '7' => '1', '4' => '2', '5' => '3', '2' => '4', '3' => '5', '0' => '6', '1' => '7', '8' => 'e', '9' => 'f'),
12 => array('9' => '4', '8' => '5', '5' => '8', '4' => '9', '7' => 'a', '6' => 'b', '1' => 'c', '0' => 'd', '3' => 'e', '2' => 'f'),

  获取到对应的值了,接下来要做的就是做个查询页面:

<?php
header("Content-Type: text/html; charset=utf-8");
$list = array(
    0 => array('7' => '0', '6' => '1', '5' => '2', '4' => '3', '3' => '4', '2' => '5', '1' => '6', '0' => '7', '9' => 'e', '8' => 'f'),
    1 => array('7' => '0', '6' => '1', '5' => '2', '4' => '3', '3' => '4', '2' => '5', '1' => '6', '0' => '7', '9' => 'e', '8' => 'f'),
    2 => array('8' => '6', '9' => '7', '6' => '8', '7' => '9', '4' => 'a', '5' => 'b', '2' => 'c', '3' => 'd', '0' => 'e', '1' => 'f'),
    3 => array('8' => '4', '9' => '5', '4' => '8', '5' => '9', '6' => 'a', '7' => 'b', '0' => 'c', '1' => 'd', '2' => 'e', '3' => 'f'),
    4 => array('6' => '0', '7' => '1', '4' => '2', '5' => '3', '2' => '4', '3' => '5', '0' => '6', '1' => '7', '8' => 'e', '9' => 'f'),
    5 => array('4' => '0', '5' => '1', '6' => '2', '7' => '3', '0' => '4', '1' => '5', '2' => '6', '3' => '7', '8' => 'c', '9' => 'd'),
    6 => array('6' => '0', '7' => '1', '4' => '2', '5' => '3', '2' => '4', '3' => '5', '0' => '6', '1' => '7', '8' => 'e', '9' => 'f'),
    7 => array('8' => '6', '9' => '7', '6' => '8', '7' => '9', '4' => 'a', '5' => 'b', '2' => 'c', '3' => 'd', '0' => 'e', '1' => 'f'),
    8 => array('2' => '0', '3' => '1', '0' => '2', '1' => '3', '6' => '4', '7' => '5', '4' => '6', '5' => '7', '8' => 'a', '9' => 'b'),
    9 => array('2' => '0', '3' => '1', '0' => '2', '1' => '3', '6' => '4', '7' => '5', '4' => '6', '5' => '7', '8' => 'a', '9' => 'b'),
    10 => array('1' => '0', '0' => '1', '3' => '2', '2' => '3', '5' => '4', '4' => '5', '7' => '6', '6' => '7', '9' => '8', '8' => '9'),
    11 => array('6' => '0', '7' => '1', '4' => '2', '5' => '3', '2' => '4', '3' => '5', '0' => '6', '1' => '7', '8' => 'e', '9' => 'f'),
    12 => array('9' => '4', '8' => '5', '5' => '8', '4' => '9', '7' => 'a', '6' => 'b', '1' => 'c', '0' => 'd', '3' => 'e', '2' => 'f')
);
$salt = "366ee61665a24";
function check($order){
    if(strlen($order)!=13)return false;
    for($i=0;$i<13;$i++){
        $n = ord($order{$i});
        if($n>57 || $n<48)return false;
    }
    return true;
}
function get_id($order,$salt,$list){
    $s = "";
    for($i=0;$i<13;$i++){
        $s.=($salt{$i}.$list[$i][$order{$i}]);
    }
    return $s;
}
$order = '';
if(isset($_GET['order'])){
    $order = $_GET['order'];
}
?>
<!DOCTYPE html>
<html>
<head>
    <title>韵达订单查询</title>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<style type="text/css">
*{
    padding:0;
    margin:0;
}
#form_id{
    position:absolute;
    left:20px;
    top:10px;
    background-color:#DDD;
    padding:10px;
}
#iframe_id{
    border:none;
    width:100%;
}
</style>
</head>
<body>
<div>
<div id="form_id">
    <form action="" method="GET">
        <label>订单号:<input name="order" value="<?=$order?>" type="input" /></label>
        <button type="submit">查询</button>
    </form>
</div>
<div>
<?php
if($order != ''){
    if(check($order)){
        echo '<iframe id="iframe_id"  onload="this.height=document.body.scrollHeight-5;"  src="http://qz.yundasys.com:18090/ws/ykjcx/cxend.jsp?wen=',get_id($order,$salt,$list),'">查询页面</iframe>';
    }else{
        echo '<p style="color:red;">订单编号不合法</p>';
    }
}
?>
</div>
</div>
</body>
</html>

  可以查看一下效果图还不错,如果手动解析一下HTML页面更好,但没这样做:
韵达快递截图

评论被关闭!