文章來(lái)源--http://jkvast.iteye.com/blog/1175708（如作者不愿被引用，聯(lián)系必刪除，謝謝）

由于58同城在頁(yè)面上抓取二手房信息的時(shí)候，用戶的聯(lián)系電話是圖片的，本人水平關(guān)系無(wú)法進(jìn)行很好的識(shí)別，所以轉(zhuǎn)為抓取其android客戶端比較容易，之前都是好好的，最近發(fā)現(xiàn)其升級(jí)到1.3.0.0后手機(jī)號(hào)碼進(jìn)行了加密，所以直接反編譯其android客戶端，查到其用的是des加密，而且加密的key很容易就拿到，下面貼出解密方法。(des加解密比較簡(jiǎn)單下面貼出來(lái))

Java代碼

1. import java.security.SecureRandom;

2. import javax.crypto.Cipher;

3. import javax.crypto.SecretKey;

4. import javax.crypto.SecretKeyFactory;

5. import javax.crypto.spec.DESKeySpec;

6. public class Decode458 {

7. static byte[] key = null; //這個(gè)key如果有需要請(qǐng)反編譯58客戶端獲取這里不便貼出

8. public static void main(String[] args) throws Exception {

9. System.out.println(new String(Decode458.decode(Decode458.convertHexString("002E674657AE8239982087DCB2E6A99B"))));

10. System.out.println(Decode458.toHexString(Decode458.encode("13219863008".getBytes())));

11. }

12. public static byte[] decode(byte[] paramArrayOfByte) {

13. try {

14. SecureRandom localSecureRandom = new SecureRandom();

15. DESKeySpec localDESKeySpec = new DESKeySpec(key);

16. SecretKey localSecretKey = SecretKeyFactory.getInstance("DES")

17. .generateSecret(localDESKeySpec);

18. Cipher localCipher = Cipher.getInstance("DES");

19. localCipher.init(2, localSecretKey, localSecureRandom);

20. return localCipher.doFinal(paramArrayOfByte);

21. } catch (Exception e) {

22. e.printStackTrace();

23. return null;

24. }

25. }

26. public static byte[] encode(byte[] paramArrayOfByte) {

27. try {

28. SecureRandom localSecureRandom = new SecureRandom();

29. DESKeySpec localDESKeySpec = new DESKeySpec(key);

30. SecretKey localSecretKey = SecretKeyFactory.getInstance("DES")

31. .generateSecret(localDESKeySpec);

32. Cipher localCipher = Cipher.getInstance("DES");

33. localCipher.init(1, localSecretKey, localSecureRandom);

34. return localCipher.doFinal(paramArrayOfByte);

35. } catch (Exception e) {

36. e.printStackTrace();

37. return null;

38. }

39. }

40. public static byte[] convertHexString(String text) {

41. byte digest[] = new byte[text.length() / 2];

42. for (int i = 0; i < digest.length; i++) {

43. String byteString = text.substring(2 * i, 2 * i + 2);

44. int byteValue = Integer.parseInt(byteString, 16);

45. digest[i] = (byte) byteValue;

46. }

47. return digest;

48. }

49. public static String toHexString(byte b[]) {

50. StringBuffer hexString = new StringBuffer();

51. for (int i = 0; i < b.length; i++) {

52. String plainText = Integer.toHexString(0xff & b[i]);

53. if (plainText.length() < 2)

54. plainText = "0" + plainText;

55. hexString.append(plainText);

56. }

57. return hexString.toString();

58. }

59. }

很久沒(méi)寫博，上來(lái)溜溜，我是firstep

補(bǔ)充

時(shí)至今日，58已經(jīng)不在des

58電話接口

通過(guò)app進(jìn)行抓包，可以很清楚看到58app電話接口是沒(méi)有加簽名的，這個(gè)設(shè)計(jì)也許是因?yàn)?8認(rèn)為無(wú)傷大雅，也有可能是歷史原因，app版本強(qiáng)制升級(jí)用戶體驗(yàn)不好了，至于真實(shí)原因無(wú)從得知。