request登录kingosoft高校智慧校园教学管理平台
简单的花一小时写了一个登录获取token
剩下的根据token都能实现
import re
import requests
import base64
import hashlib
class KingoDES:
"""JS自定义DES加密(核心逻辑精准还原)"""
def __init__(self):
# DES S盒(与JS完全一致)
self.sbox = [
[[14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7], [0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8], [4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0], [15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13]],
[[15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10], [3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5], [0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15], [13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9]],
[[10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8], [13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1], [13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7], [1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12]],
[[7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15], [13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9], [10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4], [3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14]],
[[2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9], [14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6], [4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14], [11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3]],
[[12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11], [10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8], [9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6], [4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13]],
[[4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1], [13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6], [1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2], [6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12]],
[[13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7], [1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2], [7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8], [2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11]]
]
self.loop = [1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1] # 轮移位次数
def str_to_bt(self, s):
"""字符串→64位比特数组"""
bt = [0] * 64
for i in range(min(len(s), 4)):
k = ord(s[i])
for j in range(16):
bt[16 * i + j] = (k // (2 ** (15 - j))) % 2
return bt
def enc(self, data_byte, key_byte):
"""单块DES加密(核心逻辑)"""
# 生成子密钥
key = [0] * 56
for i in range(7):
for j in range(8):
key[i * 8 + j] = key_byte[8 * (7 - j) + i]
keys = []
for i in range(16):
# 循环左移
for _ in range(self.loop[i]):
temp_l, temp_r = key[0], key[28]
key[:27] = key[1:28]
key[27] = temp_l
key[28:55] = key[29:56]
key[55] = temp_r
# 压缩置换
keys.append([
key[13], key[16], key[10], key[23], key[0], key[4], key[2], key[27],
key[14], key[5], key[20], key[9], key[22], key[18], key[11], key[3],
key[25], key[7], key[15], key[6], key[26], key[19], key[12], key[1],
key[40], key[51], key[30], key[36], key[46], key[54], key[29], key[39],
key[50], key[44], key[32], key[47], key[43], key[48], key[38], key[55],
key[33], key[52], key[45], key[41], key[49], key[35], key[28], key[31]
])
# 初始置换
ip = [0] * 64
for i in range(4):
m, n = 1 + 2 * i, 0 + 2 * i
for j in range(8):
k = 7 - j
ip[i * 8 + j] = data_byte[k * 8 + m]
ip[i * 8 + j + 32] = data_byte[k * 8 + n]
ip_l, ip_r = ip[:32], ip[32:]
# 16轮迭代
for i in range(16):
temp_l = ip_l.copy()
ip_l = ip_r.copy()
# 扩展置换
ep = [0] * 48
for j in range(8):
ep[j * 6] = ip_r[31] if j == 0 else ip_r[j * 4 - 1]
ep[j * 6 + 1:j * 6 + 5] = ip_r[j * 4:j * 4 + 4]
ep[j * 6 + 5] = ip_r[0] if j == 7 else ip_r[j * 4 + 4]
# 异或+S盒+P盒
xor1 = [a ^ b for a, b in zip(ep, keys[i])]
sbox_byte = [0] * 32
for j in range(8):
block = xor1[j * 6:j * 6 + 6]
row = block[0] * 2 + block[5]
col = block[1] * 8 + block[2] * 4 + block[3] * 2 + block[4]
val = self.sbox[j][row][col]
for k in range(4):
sbox_byte[j * 4 + 3 - k] = val % 2
val //= 2
# P盒置换
p = [15, 6, 19, 20, 28, 11, 27, 16, 0, 14, 22, 25, 4, 17, 30, 9,
1, 7, 23, 13, 31, 26, 2, 8, 18, 12, 29, 5, 21, 10, 3, 24]
pbox = [sbox_byte[k] for k in p]
ip_r = [a ^ b for a, b in zip(pbox, temp_l)]
# 最终置换
fp = [39, 7, 47, 15, 55, 23, 63, 31, 38, 6, 46, 14, 54, 22, 62, 30,
37, 5, 45, 13, 53, 21, 61, 29, 36, 4, 44, 12, 52, 20, 60, 28,
35, 3, 43, 11, 51, 19, 59, 27, 34, 2, 42, 10, 50, 18, 58, 26,
33, 1, 41, 9, 49, 17, 57, 25, 32, 0, 40, 8, 48, 16, 56, 24]
final_data = ip_r + ip_l
return [final_data[k] for k in fp]
def des_enc(self, data, key):
"""完整DES加密(分块处理)"""
# 密钥分块
key_bytes = []
for i in range(0, len(key), 4):
key_bytes.append(self.str_to_bt(key[i:i + 4]))
# 数据分块加密
enc_data = ""
hex_tab = "0123456789ABCDEF"
for i in range(0, len(data), 4):
temp_byte = self.str_to_bt(data[i:i + 4])
for kb in key_bytes:
temp_byte = self.enc(temp_byte, kb)
# 比特数组转十六进制
hex_str = ""
for j in range(16):
bt = ''.join([str(temp_byte[j * 4 + k]) for k in range(4)])
hex_str += hex_tab[int(bt, 2)]
enc_data += hex_str
return enc_data
class KingoLogin:
def __init__(self):
self.session = requests.Session()
self.urls = {
"encrypt": "http://你的学校域名/custom/js/SetKingoEncypt.jsp",
"login": "http://你的学校域名/cas/logon.action"
}
self.headers = {
'Host': "124.89.76.198:8002",
'User-Agent': "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 Chrome/57.0.2987.98 Safari/537.36",
'Referer': "http://你的学校域名/cas/login.action",
'Content-Type': "application/x-www-form-urlencoded; charset=UTF-8"
}
self.des = KingoDES()
self.deskey = self.nowtime = self.ssessionid = ""
def get_dynamic_params(self):
"""提取动态密钥/时间戳/SessionID"""
try:
res = self.session.get(self.urls["encrypt"], headers=self.headers, timeout=10)
self.deskey = re.search(r'_deskey\s*=\s*["\'](.*?)["\'];', res.text).group(1)
self.nowtime = re.search(r'_nowtime\s*=\s*["\'](.*?)["\'];', res.text).group(1)
self.ssessionid = re.search(r'_ssessionid\s*=\s*["\'](.*?)["\'];', res.text).group(1)
return True
except Exception as e:
print(f"提取参数失败: {e}")
return False
def encrypt_data(self, username, password, rand=""):
"""生成登录加密参数(1次Base64)"""
# 1. 用户名加密:1次Base64 + 1次拼接
user_enc = base64.b64encode(f"{username};;{self.ssessionid}".encode()).decode()
user_enc = f"{user_enc};;{self.ssessionid}"
# 2. 密码加密:MD5嵌套
md5_pwd = hashlib.md5(password.encode()).hexdigest()
md5_rand = hashlib.md5(rand.lower().encode()).hexdigest() if rand else hashlib.md5(b"").hexdigest()
pwd_enc = hashlib.md5((md5_pwd + md5_rand).encode()).hexdigest()
# 3. 拼接初始参数 + DES+Base64加密
initial_params = (
f"_u={user_enc}&_p={pwd_enc}&randnumber={rand}&isPasswordPolicy=1"
f"&txt_mm_expression=12&txt_mm_length={len(password)}&txt_mm_userzh=0"
f"&hid_flag=1&hidlag=1&hid_dxyzm=0"
)
# 4. 生成token + 最终参数
md5_params = hashlib.md5(initial_params.encode()).hexdigest()
token = hashlib.md5((md5_params + hashlib.md5(self.nowtime.encode()).hexdigest()).encode()).hexdigest()
des_enc = self.des.des_enc(initial_params, self.deskey)
# 模拟JS的utf16to8 + Base64
def utf16to8(s):
out = []
for c in s:
cc = ord(c)
if cc <= 0x7F:
out.append(cc)
elif cc <= 0x7FF:
out.extend([0xC0 | ((cc >> 6) & 0x1F), 0x80 | (cc & 0x3F)])
else:
out.extend([0xE0 | ((cc >> 12) & 0x0F), 0x80 | ((cc >> 6) & 0x3F), 0x80 | (cc & 0x3F)])
return bytes(out)
b64_enc = base64.b64encode(utf16to8(des_enc)).decode()
return f"params={b64_enc}&token={token}×tamp={self.nowtime}&deskey={self.deskey}&ssessionid={self.ssessionid}"
def login(self, username, password, rand=""):
"""执行登录"""
if not self.get_dynamic_params():
return False
try:
login_data = self.encrypt_data(username, password, rand)
res = self.session.post(self.urls["login"], headers=self.headers, data=login_data, timeout=10)
print(f"响应码: {res.status_code}\n响应内容: {res.text}")
# 尝试解析JSON
try:
result = res.json()
if result.get("status") == "200":
print(f"登录成功!跳转地址: {result.get('result')}")
return True
except:
print("响应非JSON格式")
return False
except Exception as e:
print(f"登录失败: {e}")
return False
if __name__ == "__main__":
# 替换为实际账号密码
KingoLogin().login("你的账号", "你的密码", "")
评论 (0)