最新某宝x-sign参数生成原理

淘宝x-sign算法解密分析

我在上一篇博客中给大家介绍了淘宝接口如何抓取，今天我来给大家介绍一下淘宝中校验参数x-sign的生成了，现在大家都知道只要有了x-sign基本上所有事情都可以干，包括但不仅限于商品信息，商品评价，秒杀活动等等
本文将演示如何获取淘宝商品评价信息，以iphone11为例 https://detail.tmall.com/item.htm?id=602659642364

抓包分析

通过charles手机抓包分析得出评价获取参数为如下几个：
url：http://guide-acs.m.taobao.com/gw/mtop.taobao.rate.detaillist.get/4.0
参数：data={“rateType”:"",“hasPic”:“1”,“foldFlag”:“0”,“pageNo”:“1”,“pageSize”:“10”,“auctionNumId”:“602659642364”}
头信息：有好多头信息，最重要的x-sign

签名接口调用

先放一个postman的图片 [外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-pUVSS7Nl-1588948458935)(https://github.com/Colinlyj210/x-sign/raw/master/w2.png?raw=true)]

使用说明：

图片中的请求地址并不是真实的请求地址，需要联系qq获取
发请求的时候必须是post json格式，可能需要协议头Content-Type:application/json
token是接口校验参数，需要联系qq获取
获取签名的时候参数值都不需要转义，发请求抓数据的时候可能需要转义
所有参数必须使用""包起来，必须是字符串

参数说明

data：就是参数data，为了避免出现编码问题，使用base64编码再传给我。编码前的data不要使用 urlencode.
appKey：默认"21646297"，淘宝的appKey这个值是固定，如果是淘宝系其他app，这个值不一样
pv：默认"6.3"，可选"6.2"或者"6.3"
useMiniWua：默认"0" 需要x-mini-wua的时候，设置为"1"，当pv="6.3"的时候，都是带x-mini-wua返回值的
useWua：默认"0" 需要wua的时候，设置为"1"
`如有其他疑问，或者需要帮助的请联系qq: 946420414

返回值说明

返回值有x-sign，x-mini-wua，wua等需要自己发请求测试，此处不再说明

python 版本demo

运行条件: python3 + requests 库

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143

#!/usr/bin/env python
# coding:utf8

import os
import json
import requests
from urllib.parse import quote
from urllib.parse import quote_plus
from pprint import pprint
import base64
import time

def gwMtopApi(api, v, data, uid="0", sid="0", method='GET'):
utdid = "XLWkskakX5EDAEAuXveJ2YJy"
appKey = "21646297"
timestamp = time.time()
t = int(timestamp)
lat = "31.23238"
lng = "121.477733"
ttid = '701186@taobao_android_9.1.0'
deviceId = "Akuvfv2rDaTsFg2EJoAi5vGWE8wGLLTOVgrx3XMZ2a_M"
features = "27"
pageId = "https://market.m.taobao.com/app/tmall-wireless/group-card-618/pages/cc-shareItem?wh_ttid=native"
pageName = "market.m.taobao.com/app/tmall-wireless/group-card-618/pages/cc-shareItem"
# 数据使用base64做下编码
b64Data = base64.b64encode(data.encode("utf-8"))
pprint(b64Data)
postData = {

"utdid": utdid,
"uid": uid,
# 设备id
"deviceId": deviceId,
"appKey": appKey,
"x-features": features,
"ttid": ttid,
"location": lng + ',' + lat,
"v": v,
"sid": sid,
# 时间戳 10位数
"t": t,
"api": api,
"useWua": "1",
"data": b64Data,
"pageId": pageId,
"pageName": pageName
}
pprint(postData)
result = getTaobaoSigns(postData)

jobj = json.loads(result)
dataJobj = jobj["data"]

pprint(dataJobj['x-mini-wua'])
body = "data=" + quote_plus(data)
requestUrl = "https://guide-acs.m.taobao.com/gw/{0}/{1}/".format(api, v)
proxies = None

headers = {
"x-appkey": appKey,
"x-devid": deviceId,
"x-ttid": quote_plus(ttid),
"x-sign": quote_plus(dataJobj['x-sign']),
"x-umt": quote_plus(dataJobj['x-umt']),
"x-mini-wua": quote_plus(dataJobj['x-mini-wua']),
"x-sgext": dataJobj['x-sgext'],
"x-t": str(t),
"x-location": quote_plus("{0},{1}".format(lng, lat)),
"x-app-ver": "9.1.0",
"f-refer": "mtop",
"x-nq": "WIFI",
"x-nettype": "WIFI",
"x-region-channel": "CN",
"f-refer": "mtop",
"content-type": "application/x-www-form-urlencoded;charset=UTF-8",
"A-SLIDER-Q": "appKey%3D21646297%26ver%3D0",

"x-bx-version": "6.4.11",
"x-page-url": quote_plus(pageId),
"a-orange-q": "appKey=21646297&appVersion=9.1.0&clientAppIndexVersion=1120191120160145573&clientVersionIndexVersion=0",
"x-page-name": pageName,

"x-pv": "6.3",
"x-c-traceid": "XLWkskakX5EDAEAuXveJ2YJy1574237572826005219386",
"x-features": features,
"x-app-conf-v": str(19),
"x-utdid": utdid,

"c-lauch-info": "0,0,1574237572825,1574233432783,3",
"User-Agent": "MTOPSDK%2F3.1.1.7+%28Android%3B8.1.0%3BHuawei%3BNexus+6P%29",
"Connection": "Keep-Alive",
"Accept-Encoding": "gzip",
"x-bx-version": "6.4.11"
}

if uid != "":
headers["x-uid"] = uid
headers["x-sid"] = sid

if method == 'GET':
requestUrl = "https://guide-acs.m.taobao.com/gw/{0}/{1}/?{2}".format(api, v, body)
pprint(requestUrl)
result = requests.get(requestUrl, timeout=20, headers=headers, proxies=proxies, verify=False)

else:
result = requests.post(requestUrl, data=body, headers=headers, timeout=20, proxies=proxies, verify=False)

pprint(result)
if result.status_code == requests.codes.ok:
pprint(result.text)

def getTaobaoSigns(arr):
pprint(arr)
requestURL = "http://127.0.0.1:8080/fakeTbParam"

headers = {
"allow_access": "true",
"Content-Type": "application/x-www-form-urlencoded"
}

result = requests.post(requestURL, data=arr, timeout=20, headers=headers)
pprint(result.text)
dataStr = ""
if result.status_code == requests.codes.ok:
dataStr = result.text
pprint(dataStr)
return dataStr

def getTaobaoDetail():
data = '''{"LBS":"{\"SG_TMCS_1H_DS\":\"{\\\\\"stores\\\\\":[]}\",\"SG_TMCS_FRESH_MARKET\":\"{\\\\\"stores\\\\\":[]}\",\"TB\":\"{\\\\\"stores\\\\\":[{\\\\\"code\\\\\":\\\\\"185784179\\\\\",\\\\\"bizType\\\\\":\\\\\"2\\\\\",\\\\\"type\\\\\":\\\\\"1\\\\\"}]}\",\"TMALL_MARKET_B2C\":\"{\\\\\"stores\\\\\":[{\\\\\"code\\\\\":\\\\\"105\\\\\",\\\\\"bizType\\\\\":\\\\\"REGION_TYPE_CITY\\\\\",\\\\\"addrId\\\\\":\\\\\"8813741971\\\\\",\\\\\"type\\\\\":\\\\\"CHOOSE_ADDR\\\\\"},{\\\\\"code\\\\\":\\\\\"107\\\\\",\\\\\"bizType\\\\\":\\\\\"REGION_TYPE_REGION\\\\\",\\\\\"addrId\\\\\":\\\\\"8813741971\\\\\",\\\\\"type\\\\\":\\\\\"CHOOSE_ADDR\\\\\"}]}\",\"TMALL_MARKET_O2O\":\"{\\\\\"stores\\\\\":[{\\\\\"code\\\\\":\\\\\"233930143\\\\\",\\\\\"bizType\\\\\":\\\\\"DELIVERY_TIME_ONE_HOUR\\\\\",\\\\\"addrId\\\\\":\\\\\"8813741971\\\\\",\\\\\"type\\\\\":\\\\\"CHOOSE_ADDR\\\\\"}]}\"}","URL_REFERER_ORIGIN":"https://s.m.taobao.com/h5entry?utparam=%7B%22ranger_buckets_native%22%3A%22tsp2189_21618_normaluser01%22%7D&spm=a2141.1.searchbar.searchbox&scm=1007.home_topbar.searchbox.d&_navigation_params=%7B%22needdismiss%22%3A%220%22%2C%22animated%22%3A%220%22%2C%22needpoptoroot%22%3A%220%22%7D","_navigation_params":"{\"needdismiss\":\"0\",\"animated\":\"0\",\"needpoptoroot\":\"0\"}","ad_type":"1.0","apptimestamp":"1575125141","areaCode":"CN","brand":"google","canP4pVideoPlay":"true","countryNum":"156","device":"Nexus 6P","editionCode":"CN","filterEmpty":"true","filterUnused":"true","from":"suggest_all-query","homePageVersion":"v6","imei":"867686023424128","imsi":"09647Nexus617c3","info":"wifi","isBeta":"false","itemfields":"commentCount,newDsr","layeredSrp":"true","n":"10","needTabs":"true","network":"wifi","new_shopstar":"true","page":"2","pos":"0_0","q":"iphone11","rainbow":"14071,14070,12994,14154","referrer":"com.taobao.taobao","schemaType":"all","scm":"1007.home_topbar.searchbox.d","searchFramework":"true","search_action":"initiative","search_wap_mall":"false","setting_on":"imgBanners,userdoc,tbcode,pricerange,localshop,smartTips,firstCat,dropbox,realsale,insertTexts,tabs","showspu":"true","sort":"_sale","spm":"a2141.1.searchbar.searchbox","sputips":"on","style":"list","subtype":"text","sugg":"iphone11_0_0","suggest_rn":"bucketid_1-rn_9ce4a9df-e0c0-418d-80a2-df54040958ed","sversion":"8.3","taoxianda":"true","ttid":"701186@taobao_android_9.2.0","utd_id":"XLWkskakX5EDAEAuXveJ2YJy","utparam":"{\"ranger_buckets_native\":\"tsp2189_21618_normaluser01\"}","vm":"nw"}'''

api = "mtop.taobao.wsearch.appsearch"
v = "1.0"
gwMtopApi(api, v, data, uid="60348168", sid="96d58db05c3654c6015572075f9e41ea")

if __name__ == '__main__':
getTaobaoDetail()

技术支持

感谢大家在百忙中阅读我的博客。
如有技术问题请联系qq: 946420414