ofo协议分析

ofo不能自动开锁，只能用app下订单，然后返回一个结果。订单接口

http://order2.api.ofo.com/ofo/Api/v2/carno

X-Tingyun-Id: p35OnrDoP8k;c=2;r=126507277;u=3c080ca28e15d36f2cc5a2b5ef90f31cb9f8512fbd573d0f6ab6e0eea17255ec0b8fbc93e03497e35a0af6b3210a9f9b::9E947366945F51E9
Content-Type: application/x-www-form-urlencoded
Content-Length: 530
Host: order2.api.ofo.com
Connection: Keep-Alive
Accept-Encoding: gzip



lat=31.37029&lng=121.43496&carno=12111×tamp=1527324430912&smart=0&continue=0&bleOpened=1&source-version=15895&appVersion=3.1.0&cuid=fdf3c737c34a87978041f0b3ebfacfff&source=2&location=[31.370290756225586,121.4349594116211,0,1527324363875,0,100,0,2]&sourceVersion=15895&source-system=6.0.1&source-locale=zh_CN&source-model=SM-C5000&token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1Mjc3MzUzMzYsImEiOjIxODc4MDQyNjAsImIiOjI4MDA3NzIxNzgzMjExNjYwOTQsImMiOjI1NjEyMTYyNjcxMDMwNjM4MjJ9.h5A3HwQrN0-6758MXUZW0TmUY6VlVyP82a32KJ3PMhs


{"errorCode":200,"msg":"创建订单成功","values":{"info":{"carno":"12111","pwd":"1b96ccafe97343061465ace664ea760f","pwdRegx":"^[0-9]{4}$","orderno":"1683762378","second":0,"repairTime":120,"egt":0,"notice":"","isRedPacketArea":0,"model":2,"isGsmLock":0,"lockRefreshTime":60,"isLast":-1,"lock":{"type":1,"info":{"name":"","cryptKey":"","version":""},"unlockType":[1]},"unlouckStatus":1,"createTime":"2018-05-26T09:12:45.976Z","orderStatus":10,"ordernum":"1683762378"},"notice":""}}


解密结果3478

我们反编译一下ofo可以看到，解密方法在so.ofo.labofo.mvp.a.c中

paramAnonymousUnlockResult.info.pwd = Crypt.苹果(paramAnonymousUnlockResult.info.carno, 
paramAnonymousUnlockResult.info.pwd, paramUnlock_v2.timestamp.longValue(), com.ofo.login.ui.a.苹果().香蕉());

String pwd = Crypt.苹果("12111", "1b96ccafe97343061465ace664ea760f", timestamp, 

"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1Mjc3MzUzMzYsImEiOjIxODc4MDQyNjAsImIiOjI4MDA3NzIxNzgzMjExNjYwOTQsImMiOjI1NjEyMTYyNjcxMDMwNjM4MjJ9.h5A3HwQrN0-6758MXUZW0TmUY6VlVyP82a32KJ3PMhs");

第一个参数是***，第二个是加密密码，第三个和第四个

lat=31.37029&lng=121.43496&carno=12111×tamp=1527324430912&smart=0&continue=0&bleOpened=1&source-version=15895&appVersion=3.1.0&cuid=fdf3c737c34a87978041f0b3ebfacfff&source=2&location=[31.370290756225586,121.4349594116211,0,1527324363875,0,100,0,2]&sourceVersion=15895&source-system=6.0.1&source-locale=zh_CN&source-model=SM-C5000&token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1Mjc3MzUzMzYsImEiOjIxODc4MDQyNjAsImIiOjI4MDA3NzIxNzgzMjExNjYwOTQsImMiOjI1NjEyMTYyNjcxMDMwNjM4MjJ9.h5A3HwQrN0-6758MXUZW0TmUY6VlVyP82a32KJ3PMhs

时间戳和授权码

可以看到解密结果：