Objects
- cebiesign
<object id="cebiesign" name="cebiesign" classid="clsid:f3e92562-1b4d-4bfa-b2d4-e9bcabe3b5a8" codebase="js/cebiesign.ocx#version=2,0,0,4" border="0"> </object>
- powercommit
<object id="powercommit" codebase="js/PowerEnter.CAB#version=1,0,0,72" classid="clsid:BEEE2807-1709-4184-A05D-1B2DE01EE4CF" style="width:0px;height:0px" height="0" width="0"> <param name="width" value="0"> <param name="height" value="0"> <param name="frameName" value="mainFrame"> </object>
- powerpassword
<object id="powerpassword" codebase="js/PowerEnter.CAB#version=1,0,0,72" classid="clsid:614E58F9-74D0-4D7B-90E3-64A0F2AA73B4" style="width:186pxpx;height:23pxpx" height="23px" width="186px"> <param name="width" value="186px"> <param name="height" value="23px"> <param name="maxLength" value="20"> <param name="minLength" value="0"> <param name="maskChar" value="*"> <param name="backColor" value="#FFFFFF"> <param name="textColor" value="#000000"> <param name="borderColor" value="#7f9db9"> <param name="accepts" value="*"> <param name="msgBox" value="false"> <param name="fieldName" value="Password"> </object>
Commit Code
var blob ="BgIAAACkAABSU0ExAAQAAAEAAQAfFsbhRXwKJMLpsGExRSNaUxLZhaHvMp9ZJEgO2sa30lj6jc2BkNrF/35TKQuLphYVYwDLADdbRj23ChSzVWVmQwAs9CXrqR3tcYavKGsRBEeHEFctULIt6QFn/1Gz6F11k61K8G9yMXy9AGgN+pHum2X3EODpRJBFH9/w1VC+1w==";
function doLogin() {
var ran = "<random value>";
if(ran != null && ran !="") {
var random = parseFloat(ran)+1;
document.form1.ran.value = random;
} else {
document.form1.ran.value = 0;
}
var powercommit = document.getElementById("powercommit");
var powerpassword = document.getElementById("powerpassword");
powercommit.reset();
powerpassword.publicKeyBlob(blob);
powerpassword.commit("powercommit");
powercommit.submit("form1");
}
Form Params
<form name="form1" action="perlogin1.do" method="post">
<input type="hidden" name="_viewReferer" value="login/login01" />
<input type="hidden" name="_locale" value="zh_CN" />
<input type="hidden" name="version" value="20140529" />
<input type="hidden" name="Password" />
<input type="hidden" name="ran" value="063319703" />
<input type="hidden" name="TransName" value="" />
<input type="hidden" name="Plain" value="" />
<input type="hidden" name="Signature" value="" />
<input type="hidden" name="MerName" value="" />
<input type="hidden" name="TransType" value="" />
<input type="hidden" name="OperationNo" value="" />
<input type="hidden" name="MerDCFlag" value="" />
<input type="hidden" name="checkloginflag" value="" />
<input type="hidden" name="_tokenName" value="1jjihb5u" />
<div class="box">
<!--头部-->
<div class=" head"><table cellpadding="0" cellspacing="0" border="0" style="margin:10px 0;"><tr><td align="left" ><img src="images/public/login_2.gif" /></td>
</tr>
</table>
</div>
<!--头部结束-->
<!--内容-->
<div class="content">
<table cellpadding="0" cellspacing="0" border="0">
<tr>
<td class="conback" valign="top" >
</td>
<td class="conback2" valign="top" align="center">
<!--登录区-->
<table cellpadding="0" cellspacing="0" border="0" class="login" width="433">
<tr><td valign="top" class="title line01" align="left"><img src="images/public/yhdl.gif" width="120" height="22" />
<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" width="1" height="1" id="flash" align="middle">
<param name="allowScriptAccess" value="sameDomain"/>
<param name="movie" value="/per/bharosa_web/flash/bharosa.swf"/>
<param name="quality" value="low"/>
<param name="bgcolor" value="#ffffff"/>
<param name=FlashVars value="dcUrl=/dc?s=true&"/>
<embed src="/per/bharosa_web/flash/bharosa.swf" quality="low" bgcolor="#ffffff" FlashVars="dcUrl=/dc?s=true&" width="1" height="1"name="flash" align="middle" allowScriptAccess="sameDomain" type="application/x-shockwave-flash"/>
</object>
</td></tr>
<tr><td height="35" align="center">
</td></tr>
<tr><td align="left">
<table cellpadding="0" cellspacing="3" border="0" width="100%">
<tr>
<td class="size01 txt02" align="right" width="120">登录名或账号: </td>
<td align="left" height="32" width="190"><input name="LoginName" id="skey" value="" class="input_out3"
onfocus="this.className='input_on3';this.onmouseout=''" onblur="this.className='input_off3';this.onmouseout=function(){this.className='input_out3'};" type="text" size="16" /></td>
<td width="100"> </td>
</tr>
<tr>
<td class="size01 txt02" align="right" width="120">登录密码:<img src="images/public/wen.gif" alt="请输入您设置的8~14位网银登录密码"/></td>
<td align="left" height="32">
<script type="text/javascript">writePassObject("powerpassword",{"fieldName":"Password","maxLength":"20","minLength":"0","width":"186px","height":"23px","msgBox":"false","maskChar":"*","borderColor":"#7f9db9"});</script>
</td>
<td align="left">
<a href="####" class="txt_line txt07" onclick="MM_openBrWindow('pwdHelp.do','个人网上银行常见问题解答','width=640,height=420')">密码输入帮助</a>
<img id="image1" src="tokenImage.xx?_timesShowToken=2&ran=063319703" style="display:none"/>
</td>
</tr>
<tr><td colspan="3" height="10"></td></tr>
<tr><td colspan="3" align="center">
<img src="images/public/denglu_1.gif" onclick="doLogin();" style="cursor: hand"/>
</td></tr>
</table>
</td></tr>
<tr><td height="23"></td></tr>
<tr><td class="txt08" align="center"><a href="FP320501.do" class="txt07 txt_line">找回登录名</a> | <a href="FP320301.do" class="txt07 txt_line">忘记登录密码</a> | <a href="FP990101.do?ident=gr&idper=ds" class="txt07 txt_line">我要开通网银</a> </td></tr>
</table>
<!--登录区结束-->
</td>
</tr>
</table>
</form>
Sample Form
- username = 11111111
- password = 22222222
<entry method="POST" url="https://www.cebbank.com/per/perlogin1.do">
<timestart>2014-06-19T06:00:43.594Z</timestart>
<timeend>2014-06-19T06:00:44.064Z</timeend>
<duration>0.470 s</duration>
<processname>C:\Program Files\Internet Explorer\iexplore.exe</processname>
<result>200 OK</result>
<size>0</size>
<stage>REQUEST_CLOSE</stage>
<mimetype>text/html</mimetype>
<redirecturl/>
<requestCamefromCache>False</requestCamefromCache>
<responseCamefromCache>False</responseCamefromCache>
<requestobjectname>/per/perlogin1.do</requestobjectname>
<winet_sr_result>True</winet_sr_result>
<winet_sr_errormessage/>
<bodySize>9333</bodySize>
<Web_PageID>0</Web_PageID>
<PageTitle/>
<Socket_SendSize>0</Socket_SendSize>
<Socket_RecvSize>0</Socket_RecvSize>
<Starred>False</Starred>
<Comment/>
<headers>
<requestheaders>
<header>POST /per/perlogin1.do HTTP/1.1</header>
<header>Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, */*</header>
<header>Referer: https://www.cebbank.com/per/prePerlogin.do?_locale=zh_CN</header>
<header>Accept-Language: en-us</header>
<header>User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)</header>
<header>Content-Type: application/x-www-form-urlencoded</header>
<header>Accept-Encoding: gzip, deflate</header>
<header>Host: www.cebbank.com</header>
<header>Connection: Keep-Alive</header>
<header>Cache-Control: no-cache</header>
<header>Cookie: WT_FPC=id=2b3fd12fcdda9131eb91403212946597:lv=1403212951284:ss=1403212946597; cebmemberbranchcode=3550; cebmemberbranchname=%u5317%u4EAC%u5206%u884C; PERJSESSIONID=t6m9Tv0cW5s9jN7JhXFLBhvsbwnG9h4gLn0pyqKgDp97tnNPxdpC!-2124310495; BIGipServerpool_eb_8005=2366482624.17695.0000</header>
<header>Content-Length: 388</header>
</requestheaders>
<responseheaders>
<header>HTTP/1.1 200 OK</header>
<header>Server: Sun-Java-System-Web-Server/7.0</header>
<header>Date: Thu, 19 Jun 2014 10:01:06 GMT</header>
<header>Cache-Control: no-cache</header>
<header>Date: Thu, 19 Jun 2014 09:59:58 GMT</header>
<header>Pragma: No-cache</header>
<header>Content-type: text/html; charset=gbk</header>
<header>Expires: Thu, 01 Jan 1970 00:00:00 GMT</header>
<header>Content-Language: zh-CN</header>
<header>X-Powered-By: Servlet/2.5 JSP/2.1</header>
<header>Connection: Keep-alive</header>
<header>Via: 1.1 AN-0001544151441131</header>
<header>Content-Length: 9333</header>
</responseheaders>
</headers>
<content>
<contentLength>9333</contentLength>
<mimetype>text/html</mimetype>
</content>
<cookies>
<sent>
<cookie name=" WT_FPC">id=2b3fd12fcdda9131eb91403212946597:lv=1403212951284:ss=1403212946597</cookie>
<cookie name=" cebmemberbranchcode">3550</cookie>
<cookie name=" cebmemberbranchname">±±¾©·ÖÐÐ</cookie>
<cookie name=" PERJSESSIONID">t6m9Tv0cW5s9jN7JhXFLBhvsbwnG9h4gLn0pyqKgDp97tnNPxdpC!-2124310495</cookie>
<cookie name=" BIGipServerpool_eb_8005">2366482624.17695.0000</cookie>
</sent>
<received/>
</cookies>
<cache>
<BeforeRequest>
<UrlInCache>False</UrlInCache>
</BeforeRequest>
<AfterRequest>
<UrlInCache>False</UrlInCache>
</AfterRequest>
</cache>
<QueryString/>
<PostData>
<mimetype>application/x-www-form-urlencoded</mimetype>
<size>388</size>
<params>
<param name="_viewReferer">login/login01</param>
<param name="_locale">zh_CN</param>
<param name="version">20140529</param>
<param name="Password">XQn0aqYKjJeFutYuXaooFuDF7cAU7jAYd4lpIff/qaZOd1gElxbw/ChRmY1mipjeUlpO0lO8FHO13VaeEyaQf54np25wFo6X2t0LlAKKpruupbDHEWas3pVuajAXsuUqsyqSeDqNlsXpckRWdFBopnzoKuggcgkaMLXsyJtGLU8=</param>
<param name="ran">55924190</param>
<param name="TransName"/>
<param name="Plain"/>
<param name="Signature"/>
<param name="MerName"/>
<param name="TransType"/>
<param name="OperationNo"/>
<param name="MerDCFlag"/>
<param name="checkloginflag"/>
<param name="_tokenName">z90qww5h</param>
<param name="LoginName">11111111</param>
</params>
</entry>
API Calls
CryptImportKey(blob) CryptEncrypt(NULL, 8) -> 128 (128 bytes required) CryptEncrypt(password, 8) -> encrypted pw encrypted pw: 0x03310BD0 D3 5F 47 03 22 A3 0D FA 0C DC 3D BE 06 43 E8 06 ._G.".....=..C.. 0x03310BE0 AF 4D E3 85 80 04 6F 38 46 80 AC F7 E5 79 23 6C .M....o8F....y#l 0x03310BF0 87 E0 D9 81 2B E7 EC 2B AE B7 BB 19 9B A4 13 68 ....+..+.......h 0x03310C00 E9 2B B3 64 80 DE E4 66 66 10 BF D5 56 2A 4E BC .+.d...ff...V*N. 0x03310C10 56 E4 47 66 7E 16 D7 DB 66 B7 05 43 BC AF D6 95 V.Gf~...f..C.... 0x03310C20 AA AD 37 31 0D DE E7 37 7E 71 D2 43 CE 65 1B EB ..71...7~q.C.e.. 0x03310C30 A4 03 03 D7 77 C7 7B A7 41 EA 51 B4 65 70 AD 08 ....w.{.A.Q.ep.. 0x03310C40 63 B3 63 21 84 05 37 F8 6D 2E 74 3C 1A 6A E0 C8 c.c!..7.m.t<.j..
0x03332BA0 EC 3D A5 ED 3E B1 D7 59 60 9D 36 BA AC CB 22 EA .=..>..Y`.6...". 0x03332BB0 87 15 9A BB 73 D4 39 82 DB 07 3D 66 E7 28 E5 BF ....s.9...=f.(.. 0x03332BC0 6B 2E 0F C9 5E 23 9D 34 DC D2 D7 F3 99 20 A5 1E k...^#.4..... .. 0x03332BD0 56 41 97 F9 38 94 60 A4 7B 36 90 CF 78 99 EA 87 VA..8.`.{6..x... 0x03332BE0 4F 7E 3E 61 68 D8 C4 8E FD ED D3 DF FD 82 38 A1 O~>ah.........8. 0x03332BF0 0B 18 29 14 41 D6 FC C5 3C 3B 6A D1 61 97 17 57 ..).A...<;j.a..W 0x03332C00 E2 D2 F9 0E 11 57 4A AB 16 60 0F 3C 2D 4F DD 07 .....WJ..`.<-O.. 0x03332C10 2B 57 5A 49 3C D2 F4 DF F8 A0 E1 2D 4A DB BF 25 +WZI<......-J..% CryptCreateHash() CryptHashData(key1, 21) key1: 0x035092F8 63 73 69 69 5F 70 6F 77 65 72 65 6E 74 65 72 5F csii_powerenter_ 0x03509308 6A 61 73 6F 6E jason CryptEncrypt(key2, 16) -> encrypted key2 key2: 0x009AAC78 79 4B 52 6E 49 4E 7A 76 72 65 39 72 65 51 3D 3D yKRnINzvre9reQ== 0x0330FD70 30 66 6B 2B 63 39 7A 47 37 50 5A 48 59 41 3D 3D 0fk+c9zG7PZHYA==
decoded key2: 00000000 c8 a4 67 20 dc ef ad ef 6b 79 |..g ....ky| 00000000 d1 f9 3e 73 dc c6 ec f6 47 60 |..>s....G`|
encrypted key2: 0x009AAC78 D2 5B D6 88 DA F1 04 C6 97 0B 46 48 5F 07 84 D6 .[........FH_...
0x0330FD70 9B 76 EF CD F0 86 04 F7 D2 3E 25 72 63 17 84 D6 .v.......>%rc... CryptHashData(key1, 21)
submit pw: Jb/bSi3hoPjf9NI8SVpXKwfdTy08D2AWq0pXEQ750uJXF5dh0Wo7PMX81kEUKRgLoTiC/d/T7f2OxNhoYT5+T4fqmXjPkDZ7pGCUOPmXQVYepSCZ89fS3DSdI17JDy5rv+Uo52Y9B9uCOdRzu5oVh+oiy6y6Np1gWdexPu2lPew= ran: 75915681 token: k1ssjcn1
