百度登录算法分析和实现（下 - 实现篇）

最新推荐文章于 2022-08-11 20:46:33 发布

原创最新推荐文章于 2022-08-11 20:46:33 发布 · 2.5k 阅读

2 ·

CC 4.0 BY-SA版权

文章标签：

#RSA #百度 #C++ #登录

协议分析专栏收录该内容

3 篇文章

订阅专栏

本文详细解析了百度登录的具体步骤，包括获取Cookies、Token及RSA密钥等关键环节，并通过示例代码展示了整个登录过程。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

直接上代码了，具体分析请看前面的两篇文章：

用的我自己封装的libcurl和一个js调用库。

这部分主要是打开百度主页获取一些Cookies，然后获取 token, 我这里就不做验证码的判断了，直接下一步：

string sRet( "" );
	CBnsnHttp http;
	http.bnsn_setCookieFile( "bdCookies.txt" );

	http.bnsn_cleanHeader();
	http.bnsn_appendHeader( "Accept: text/html, application/xhtml+xml, */*" );
	http.bnsn_appendHeader( "Accept-Language: zh-CN" );
	http.bnsn_appendHeader( "User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)" );
	http.bnsn_appendHeader( "Accept-Encoding: gzip, deflate" );
	http.bnsn_appendHeader( "Connection: Keep-Alive" );
	if ( http.bnsn_get( "http://www.baidu.com/", sRet ) != CURLE_OK )
	{
		printf( "Load http://www.baidu.com/ failed... \r\n" );
		return 0;
	}

	http.bnsn_cleanHeader();
	http.bnsn_appendHeader( "Accept: application/javascript, */*;q=0.8" );
	http.bnsn_appendHeader( "Referer: https://www.baidu.com/" );
	http.bnsn_appendHeader( "Accept-Language: zh-CN" );
	http.bnsn_appendHeader( "User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)" );
	http.bnsn_appendHeader( "Accept-Encoding: gzip, deflate" );
	http.bnsn_appendHeader( "Connection: Keep-Alive" );
	string sUrl = string("https://passport.baidu.com/v2/api/?getapi&tpl=mn&apiver=v3&tt=") + CBnsnHttp::bnsn_getTimeStamp() + string("&class=login&gid=") + s_guid + string("&logintype=dialogLogin&callback=bd__cbs__jcbr21");
	if ( http.bnsn_get( sUrl.c_str(), sRet ) != CURLE_OK )
	{
		printf( "Get token failed... \r\n" );
		return 0;
	}

	string sToken;
	CBnsnHttp::bnsn_getMidString( sRet, sToken, "token\" : \"", "\"", 0 );
	if ( sToken.empty() )
	{
		printf( "Get token failed... \r\n" );
		return 0;
	}

注意下面这段的最后两句，因为获取下来的 RSA key和 public key 是JS的，我们需要替换一些转义字符，这一步就是获取RSA的key了用于本地加密。

http.bnsn_cleanHeader();
	http.bnsn_appendHeader( "Accept: application/javascript, */*;q=0.8" );
	http.bnsn_appendHeader( "Referer: https://www.baidu.com/" );
	http.bnsn_appendHeader( "Accept-Language: zh-CN" );
	http.bnsn_appendHeader( "User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)" );
	http.bnsn_appendHeader( "Accept-Encoding: gzip, deflate" );
	http.bnsn_appendHeader( "Connection: Keep-Alive" );
	sUrl = string("https://passport.baidu.com/v2/getpublickey?token=") + sToken + string("&tpl=mn&apiver=v3&tt=") + CBnsnHttp::bnsn_getTimeStamp() + string("&gid=") + s_guid + string("&callback=bd__cbs__tpdrlq");
	if ( http.bnsn_get( sUrl.c_str(), sRet ) != CURLE_OK )
	{
		printf( "Get publickey failed... \r\n" );
		return 0;
	}

	string sRsaKey;
	string sPubKey;
	int nEnd = CBnsnHttp::bnsn_getMidString( sRet, sPubKey, "pubkey\":'", "',\"", 0 );
	CBnsnHttp::bnsn_getMidString( sRet, sRsaKey, "key\":'", "'", nEnd );
	if ( sPubKey.empty() || sRsaKey.empty() )
	{
		printf( "Get publickey failed... \r\n" );
		return 0;
	}
	
	CBnsnHttp::bnsn_replace( sPubKey, "\\n", "\n" );
	CBnsnHttp::bnsn_replace( sPubKey, "\\/", "/" );

我们调用原方法生成一个guid

CJsEngine jse;
	if ( !jse.bnsn_navigate( L"E:\\Vs2008Make\\baidu\\baidu\\res\\encrypt.html", false ) )
	{
		printf( "Load encrypt page failed... \r\n" );
		return 0;
	}
	
	CComVariant vRet;
	if ( !jse.bnsn_callJScript( "guid_random", NULL, 0, vRet ) )
	{
		printf( "Call guid_random failed... \r\n" );
		return 0;
	}
	
	string  s_guid = (_bstr_t)vRet.bstrVal;

	if ( !jse.bnsn_callJScript( "rsv_did", NULL, 0, vRet ) )
	{
		printf( "Call rsv_did failed... \r\n" );
		return 0;
	}

	string  s_rsv_did = (_bstr_t)vRet.bstrVal;

这一步就是调用RSA算法加密密码了

  char * sParam[2] = {0};
	sParam[0] = (char*)sPubKey.c_str();
	sParam[1] = (char*)sPassWord.c_str();
	if ( !jse.bnsn_callJScript( "rsa_encrypt", sParam, 2, vRet ) )
	{
		printf( "Call rsv_did failed... \r\n" );
		return 0;
	}

	sPassWord = (_bstr_t)vRet.bstrVal;

参数都已经齐了，就直接登录吧，err_no=18 是登录成功。。接下来就是访问一些地址生成Cookies，当然是不是必须我也不知道，没做后续的测试了，这几个链接都会生成Cookies

http.bnsn_cleanHeader();
	http.bnsn_appendHeader( "Accept: text/html, application/xhtml+xml, */*" );
	http.bnsn_appendHeader( "Referer: https://www.baidu.com/" );
	http.bnsn_appendHeader( "Accept-Language: zh-CN" );
	http.bnsn_appendHeader( "User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)" );
	http.bnsn_appendHeader( "Accept-Encoding: gzip, deflate" );
	http.bnsn_appendHeader( "Content-Type: application/x-www-form-urlencoded" );
	http.bnsn_appendHeader( "Connection: Keep-Alive" );
	http.bnsn_appendHeader( "Cache-Control: no-cache" );
	string sData = string("staticpage=https%3A%2F%2Fwww.baidu.com%2Fcache%2Fuser%2Fhtml%2Fv3Jump.html&charset=utf-8&token=") + sToken + string("&tpl=mn&subpro=&apiver=v3&tt=") + CBnsnHttp::bnsn_getTimeStamp() + string("&codestring=&safeflg=0&u=https%3A%2F%2Fwww.baidu.com%2F%3Ftn%3D97681290_hao_pg&isPhone=&detect=1&gid=") + s_guid + string("&quick_user=0&logintype=dialogLogin&logLoginType=pc_loginDialog&idc=&loginmerge=true&splogin=rate&username=") + sUserName + string("&password=") + sPassWord + string("&verifycode=&mem_pass=on&rsakey=") + sRsaKey + string("&crypttype=12&ppui_logintime=16314&countrycode=&callback=parent.bd__pcbs__yg5c3s");
	sUrl = string("https://passport.baidu.com/v2/getpublickey?token=") + sToken + string("&tpl=mn&apiver=v3&tt=") + CBnsnHttp::bnsn_getTimeStamp() + string("&gid=") + s_guid + string("&callback=bd__cbs__tpdrlq");
	if ( http.bnsn_post( "https://passport.baidu.com/v2/api/?login", sData.c_str(), sRet ) != CURLE_OK )
	{
		printf( "Get rsa key failed... \r\n" );
		return 0;
	}

	if ( sRet.find( "err_no=18" ) == string::npos )
	{
		printf( "Login failed... \r\n" );
		return 0;
	}

得到 portraitId ，访问下贴吧就能得到你关注的贴吧信息了。

string sTmp("");
	CBnsnHttp::bnsn_getMidString( sRet, sTmp, "err_no=", "\"+accounts;", 0 );
	sUrl = "https://www.baidu.com/cache/user/html/v3Jump.html?err_no=" + sTmp + "&accounts=";

	http.bnsn_cleanHeader();
	http.bnsn_appendHeader( "Accept: text/html, application/xhtml+xml, */*" );
	http.bnsn_appendHeader( "Accept-Language: zh-CN" );
	http.bnsn_appendHeader( "Referer: https://passport.baidu.com/v2/api/?login" );
	http.bnsn_appendHeader( "User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)" );
	http.bnsn_appendHeader( "Accept-Encoding: gzip, deflate" );
	http.bnsn_appendHeader( "Connection: Keep-Alive" );
	if ( http.bnsn_get( sUrl.c_str(), sRet ) != CURLE_OK )
	{
		printf( "Load v3Jump.html failed... \r\n" );
		return 0;
	}

	sUrl = "https://passport.baidu.com/v2/?realnamewidget-init&v=" + CBnsnHttp::bnsn_getTimeStamp() + "&apiver=v3&tt=" + CBnsnHttp::bnsn_getTimeStamp() + "&callback=bd__cbs__prh4bb";
	http.bnsn_cleanHeader();
	http.bnsn_appendHeader( "Accept: application/javascript, */*;q=0.8" );
	http.bnsn_appendHeader( "Accept-Language: zh-CN" );
	http.bnsn_appendHeader( "Referer: https://passport.baidu.com/v2/api/?login" );
	http.bnsn_appendHeader( "User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)" );
	http.bnsn_appendHeader( "Accept-Encoding: gzip, deflate" );
	http.bnsn_appendHeader( "Connection: Keep-Alive" );
	if ( http.bnsn_get( sUrl.c_str(), sRet ) != CURLE_OK )
	{
		printf( "Load v3Jump.html failed... \r\n" );
		return 0;
	}
	
	string  bdstoken;
	string  authsid;
	nEnd = CBnsnHttp::bnsn_getMidString( sRet, bdstoken, "bdstoken\":\"", "\"", 0 );
	CBnsnHttp::bnsn_getMidString( sRet, authsid, "authsid\":\"", "\"", 0 );
	if ( bdstoken.empty() || authsid.empty() )
	{
		printf( "Get bdtoken authsid failed... \r\n" );
		return 0;
	}


	http.bnsn_cleanHeader();
	http.bnsn_appendHeader( "Accept: text/html, application/xhtml+xml, */*" );
	http.bnsn_appendHeader( "Accept-Language: zh-CN" );
	http.bnsn_appendHeader( "User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)" );
	http.bnsn_appendHeader( "Accept-Encoding: gzip, deflate" );
	http.bnsn_appendHeader( "Connection: Keep-Alive" );
	if ( http.bnsn_get( "http://www.baidu.com/", sRet ) != CURLE_OK )
	{
		printf( "Load http://www.baidu.com/ failed... \r\n" );
		return 0;
	}

	CBnsnHttp::bnsn_utf8ToAnsi( sRet );
	string  portraitId;
	CBnsnHttp::bnsn_getMidString( sRet, portraitId, "portrait\":\"", "\"", 0 );
	if ( portraitId.empty() )
	{
		printf( "Get portraitId failed... \r\n" );
		return 0;
	}

	printf( "your portraitId: %s \r\n", portraitId.c_str() );

	sUrl = "http://tieba.baidu.com/home/main?id=" + portraitId;
	http.bnsn_cleanHeader();
	http.bnsn_appendHeader( "Accept: text/html, application/xhtml+xml, */*" );
	http.bnsn_appendHeader( "Accept-Language: zh-CN" );
	http.bnsn_appendHeader( "User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)" );
	http.bnsn_appendHeader( "Accept-Encoding: gzip, deflate" );
	http.bnsn_appendHeader( "Connection: Keep-Alive" );
	if ( http.bnsn_get( sUrl.c_str(), sRet ) != CURLE_OK )
	{
		printf( "Load tieba.baidu.com failed... \r\n" );
		return 0;
	}

	CBnsnHttp::bnsn_utf8ToAnsi( sRet );

好了，关于百度的登录我就分析到这儿了，其实分析完了之后你就会觉得并不难，重要的分析过程，思路。对于我来说只是用来练手，并没有什么实质用处。