一.初始

今天无聊研究京东到家发现数据都有加密

二.开始研究

经过初步研究并且用java还原发现djencrypt 是用了AES/CBC/PKCS5Padding算法加密，用java解密试一试

解密前（部分内容精简了，因为内含隐私数据）:
IJpu5U8gjaurTVnrDv9+UWRjNc+kmtrUCUjEIkxiEJ4nd0ifKufXOwqJqHNB+721YtnVHx4SMN2krqTdf2fTbVCEDzd0D2XZS50quzP7a2ZgpP5sqXKEFAhxTmOQ6m8aqhNgyA6rPaOlqhwIPsl9fiCfdvBxP44lTTEZ0TLW+YB9vZBa5owKAStfg4NpztPhUqWkfuw2qL+jO5beissFM9P6u7Hk00d42bDnAM81ZOj93U59ZNJyMPtZh8HLFlW6KvinYyzcf++10oVxOid1UfNHtDEt87bNNPxfZZaVzDMsC4ECj6vY5GS/zhWr7a2ASL5iggBJx99KFl3tBJAL1QUr7Fnlj0M9sh7EWENoUNLoznYvagDHaODy+kZl7tJTM2VqSZFVKQh1Ykf8+Rd1Ec70rD8o5qFy/JrWS7S5lYnTdP6VUx+Si2o2BGRqmUZavY/N4I5K12UBUQEr/VVjJ1FMjKEiso3K+R6s1qpipO1KBPK/tU2jHFkD1H/Ix1XDEP1GPnWDH1VXpM/go0Dyk11O709KqG6EI7MSYVmigzFSJ/7rwMMsrDlxNpUWEJUP/fIwwtZP2qy48YaEImqtrjJY8ffp+Fjm2cn5s2l6e/OhLyacXKG+51HGE4AhhQyRknD/wuD/HZaN0x5CJ9k6Zo4iSS77u5j/WninTdPNzaqYLnEbF86n5XaiQpAWGScm/nyMvaQ6Lv8p3XK+9pbbKNNTMUboMojPh5xv=
解密后（部分内容精简了，因为内含隐私数据）:
{"platCode":"H5","appName":"paidaojia","channel":"","appVersion":"8.20.0","body":"{\"pageSource\":\"home\",\"ctp\":\"home\",\"refPar\":\"\"}","lng":114,"lat":26,"city_id":1699,"poi":"","jda":"209449046.16526660288431563835861.1652666028.1654775671.1654876047.37","traceId":"H5_DEV_88EBE0AB-964D-4C27-A418-81DC676723D61654912336424","globalPlat":"2","deviceId":"H5_DEV_44EBE0AB-964D-4C27-A418-81DC676723D6","signNeedBody":1,"_jdrandom":1654912336424,"signKeyV1":"88cf26b6244e862c879e45271053572ba603e257a0a6d2bae54a874e35493b33"}

发现有个加密参数signKeyV1

继续研究,signKeyV1长度64位,估计是固定长度的，通过分析发现是SHA256算法

"signKeyV1": "88cf26b6244e862c879e45271053572ba603e257a0a6d2bae54a874e35493b33"

搞完收工，技术交流Q53461569