AES encryption analysis of CNKI academic translation

Reverse target

• The goal is ：cnki Academic translation AES encryption
• Home page ：aHR0cHM6Ly9kaWN0LmNua2kubmV0L2luZGV4
• Interface ：aHR0cHM6Ly9kaWN0LmNua2kubmV0L2Z5enMtZnJvbnQtYXBpL3RyYW5zbGF0ZS9saXRlcmFsdHJhbnNsYXRpb24=
• Inverse parameter ：Request Payload：words: "kufhG_UJw_k3Sfr3j0BLAA=="

Reverse process

The reverse material of this issue comes from K The elder brother crawler exchanges the help of a group friend in the group , The goal is cnki Academic translation , Fans want to achieve two functions ：1、 Breakthrough English 1000 The limit of characters ;2、 Reverse encryption process .

Come to the translation home page , Locate the packet capture to the translation interface , You can see Request Payload in , The text to be translated will be encrypted , As shown in the figure below ：

Here, if you search for keywords directly words, You'll find a lot of results , It's not easy to find , be aware Payload There is another parameter in the parameter translateType, Then you can search directly translateType, Because these two parameters are usually next to each other , You can also use it XHR Breakpoints to find , It's just a little bit of trouble , The search results are app.9fb42bb0.js in , Notice in the last result encrypto, Encryption means , It's basically the place for encryption ：

Print it on the console (0, h.encrypto)(this.inputWord), It is the result of encryption ：

Follow up h.encrypto, The obvious AES encryption ,n = "4e87183cfd3a45fe",n Namely key, Pattern ECB, fill Pkcs7, Finally, some string replacement processing is done , As shown in the figure below ：

I know the encryption algorithm ,key And so on , Then directly quote crypto-js Module to achieve OK 了 ,JavaScript The code is as follows ：

//  quote  crypto-js  Encryption module 
var CryptoJS = require('crypto-js')

function s(t) {
    var n = "4e87183cfd3a45fe"
    var e = {
        mode: CryptoJS.mode.ECB,
        padding: CryptoJS.pad.Pkcs7
    }
      , i = CryptoJS.enc.Utf8.parse(n)
      , s = CryptoJS.AES.encrypt(t, i, e)
      , r = s.toString().replace(/\//g, "_");
    return r = r.replace(/\+/g, "-"),
    r
}

console.log(s(" test "))

// kufhG_UJw_k3Sfr3j0BLAA==

Use Python A small translation demo：

# ==================================
# --*-- coding: utf-8 --*--
# @Time    : 2021-11-05
# @Author  :  WeChat official account ：K Brother reptile 
# @FileName: cnki.py
# @Software: PyCharm
# ==================================


import execjs
import requests


token_url = "https://dict.cnki.net/fyzs-front-api/getToken"
translation_api = "https://dict.cnki.net/fyzs-front-api/translate/literaltranslation"
UA = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36"

session = requests.session()


def get_token():
    headers = {"User-Agent": UA}
    response = session.get(url=token_url, headers=headers).json()
    token = response["data"]
    return token


def get_encrypted_word(word):
    with open('cnki_encrypt.js', 'r', encoding='utf-8') as f:
        cnki_js = f.read()
    encrypted_word = execjs.compile(cnki_js).call('s', word)
    return encrypted_word


def get_translation_result(encrypted_word, token):
    payload = {
        "translateType": None,
        "words": encrypted_word
    }
    headers = {
        "Token": token,
        "User-Agent": UA
    }
    response = session.post(url=translation_api, headers=headers, json=payload).json()
    result = response["data"]["mResult"]
    return result


def main():
    word = input(" Please enter the string to be translated : ")
    token = get_token()
    encrypted_word = get_encrypted_word(word)
    result = get_translation_result(encrypted_word, token)
    print(" The translation result is : ", result)


if __name__ == "__main__":
    main()

Another problem for fans is the character limit , See if you can break through , Actual English limit 1000 character , Chinese restrictions 500 character , As shown in the figure below ：

In fact, the probability of this restriction is not just the limitation of the front end , The server should also have restrictions , We can carry more than 500 Chinese characters to request , The preceding character is “ test 1”, The last three characters are “ test 2”, At this time, it has exceeded 500 Characters , We see that there is no... In the translation results Test 2, So I want to translate a lot of strings , It can only be divided into several parts to deal with .