浙大表单鉴权流程(2025/11版)

发表于 更新于 阅读次数:

水一篇blog。

浙大表单拿到ticket后的鉴权,是访问https://form.zju.edu.cn/dfi/validateLogin?ticket=[Redacted]&service=https%3A%2F%2Fform.zju.edu.cn%2F%23%2Fv2%2FhomePage用ticket换token,ticket之前是直接传的,现在改了。

查阅代码找到:

1
2
var r = Object(u["a"])("encode", e, "zntb666666666666")
  , i = "/dfi/validateLogin?ticket=" + r + "&service=" + t

在watch处加一个u["a"]看到这个函数来自

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
"Oh/x": function(e, t, a) {
    "use strict";
    a.d(t, "a", (function() {
        return c
    }
    ));
    var n = a("aqBw")
      , r = a.n(n)
      , i = a("NFKh")
      , o = a.n(i);
    function s(e, t) {
        var a = o.a.AES.decrypt(e, o.a.MD5(t), {
            iv: [],
            mode: o.a.mode.ECB,
            padding: o.a.pad.Pkcs7
        })
          , n = a.toString(o.a.enc.Utf8);
        return n.toString()
    }
    function l(e, t) {
        var a = o.a.enc.Utf8.parse(e)
          , n = o.a.AES.encrypt(a, o.a.MD5(t), {
            iv: [],
            mode: o.a.mode.ECB,
            padding: o.a.pad.Pkcs7
        });
        return n.toString()
    }
    function c(e, t, a) {
        return t = "encode" == e ? r.a.encode(l(t, a)) : s(r.a.decode(t), a),
        t
    } // <---- HERE
},

也就是Base64(AES_enc(ticket, MD5("zntb666666666666")))