淘宝sign参数生成算法

通过断点分析得出,计算函数在https://g.alicdn.com/mtb/lib-mtop/2.3.16/mtop.js中,通过搜索得出计算公式为:

j = h(d.token + “&” + i + “&” + g + “&” + c.data)

具体函数为

if (d.H5Request === !0) {
var
f = "//" + (d.prefix ? d.prefix + "." : "") + (d.subDomain ? d.subDomain + "." : "") + d.mainDomain + "/h5/" + c.api.toLowerCase() + "/" + c.v.toLowerCase() + "/", g = c.appKey || ("waptest" === d.subDomain ? "4272" : "12574478"), i = (new
    Date).getTime(), j = h(d.token + "&" + i + "&" + g + "&" + c.data), k = { jsv: x, appKey: g, t: i, sign: j }, l = { data: c.data, ua: c.ua }; Object.keys(c).forEach(function (a) {
    "undefined" == typeof
        k[a] && "undefined" == typeof
        l[a] && (k[a] = c[a])
    }), d.getJSONP ? k.type = "jsonp" : d.getOriginalJSONP ? k.type = "originaljsonp" : (d.getJSON || d.postJSON) && (k.type = "originaljson"), d.querystring = k, d.postdata = l, d.path = f
    }

进一步调试得知,h函数是计算md5值,因此可得知计算公式为:

md5Hex(token&t&appKey&data)

用python代码实现如下:

def get_sign(token, t, data):
    pre_sign = token + '&' + t + '&' + appKey + '&' + data
    sign = hashlib.md5(pre_sign.encode(encoding='UTF-8')).hexdigest()
    return sign