未分類
8 7 月 2020

瑞数的 canvas 指纹和音频指纹代码分析

瑞数的 canvas 指纹和音频指纹代码分析

資深大佬 : spiderGgl 6

声明

你感觉侵权的话,联系我,我想办法删帖

本篇文章转载于公众号”编码天空”

已知条件

1.瑞数所有版本共用一个指纹代码,不然无法做风控,所以猜测指纹代码所有通用。已经验证文书网,药监局,商标局

2.知己知彼,该产品是根据 80T 解密后,将各个特征值分类,部分值(比如指纹)属于高风险的就全部 ban 掉。是否只要我指纹这种理论上唯一的东西改掉就没问题了?已经修改了( canvas+webrtc )

3.实际上指纹也没啥用,我们公司批量装机时指纹高度一致。

4.拓展一下思维,流水线生产出的安卓手机是否指纹也高度一致?

这些代码有啥用

1.假如你们家 web 端产品很多人用,那么你用同样的代码获取到指纹并且保存一份。当你采集某网站遇到了某数,能否注入进去,故意触发反爬呢? A 网站的用户莫名其妙打不开 B 网站,是不是 B 网站会承受一些投诉亦或者影响到自己家付费用户?

2.你也可以做一个反爬产品,只要你混淆的好。

代码如下

canvas 指纹:

function getcanvas(){  try {   var canvasEle = window['document']['createElement']('canvas');   if (canvasEle && canvasEle['getContext']) {    canvasEle['width'] = 200;    canvasEle['height'] = 50;    canvas2d = canvasEle['getContext']('2d');    canvas2d['textBaseline'] = "top";    canvas2d['font'] = "18px 'Arial'";    canvas2d['fillStyle'] = '#f82';    canvas2d['fillRect'](0, 0, 100, 30);    canvas2d['fillStyle'] = '#17e';    canvas2d['fillText']('ActiveXObject', 3, 16);    canvas2d['fillStyle'] = 'rgba(240,110,53,0.4)';    canvas2d['fillText']('ActiveXObject', 5, 18);    imageBase64Str = canvasEle['toDataURL']();    console.log(imageBase64Str);   }  catch (err) {   // TODO 异常操作  } }

音频指纹:

function audioContext(){  try {   var audioArr = [];   shaderSource1 =    'attribute vec2 attrVertex;varying vec2 varyinTexCoordinate;uniform vec2 uniformOffset;void main(){varyinTexCoordinate=attrVertex+uniformOffset;gl_Position=vec4(attrVertex,0,1);}';   shaderSource2 =    'precision mediump float;varying vec2 varyinTexCoordinate;void main() {gl_FragColor=vec4(varyinTexCoordinate,0,1);}';   var canvasEle = window['document']['createElement']('canvas');   var webGLRenderingContext = canvasEle.getContext('webgl');   createBuffer = webGLRenderingContext['createBuffer']();   webGLRenderingContext['bindBuffer'](webGLRenderingContext['ARRAY_BUFFER'], createBuffer);   _$ma = new window['Float32Array']([-.2, -.9, 0, .4, -.26, 0, 0, .813264543, 0]);   webGLRenderingContext['bufferData'](webGLRenderingContext['ARRAY_BUFFER'], _$ma, webGLRenderingContext['STATIC_DRAW']);   createBuffer['itemSize'] = 3;   createBuffer['numItems'] = 3;   createProgram = webGLRenderingContext['createProgram'](), vertex_shader = webGLRenderingContext['createShader'](webGLRenderingContext['VERTEX_SHADER']);   webGLRenderingContext['shaderSource'](vertex_shader, shaderSource1);   webGLRenderingContext['compileShader'](vertex_shader);   fragment_shader = webGLRenderingContext['createShader'](webGLRenderingContext['FRAGMENT_SHADER']);   webGLRenderingContext['shaderSource'](fragment_shader, shaderSource2);   webGLRenderingContext['compileShader'](fragment_shader);   webGLRenderingContext['attachShader'](createProgram, vertex_shader);   webGLRenderingContext['attachShader'](createProgram, fragment_shader);   webGLRenderingContext['linkProgram'](createProgram);   webGLRenderingContext['useProgram'](createProgram);   createProgram['vertexPosAttrib'] = webGLRenderingContext['getAttribLocation'](createProgram, 'attrVertex');   createProgram['offsetUniform'] = webGLRenderingContext['getUniformLocation'](createProgram, 'uniformOffset');   webGLRenderingContext['enableVertexAttribArray'](createProgram['vertexPosArray']);   webGLRenderingContext['vertexAttribPointer'](createProgram['vertexPosAttrib'], createBuffer['itemSize'], webGLRenderingContext['FLOAT'], !1, 0, 0);   webGLRenderingContext['uniform2f'](createProgram['offsetUniform'], 1, 1);   webGLRenderingContext['drawArrays'](webGLRenderingContext['TRIANGLE_STRIP'], 0, createBuffer['numItems']);   if (webGLRenderingContext['canvas'] != null) audioArr.push(webGLRenderingContext.canvas['toDataURL']());   if (webGLRenderingContext['getShaderPrecisionFormat']) {    vertex_shaders = [webGLRenderingContext['VERTEX_SHADER'], webGLRenderingContext['FRAGMENT_SHADER']], high_floats = [webGLRenderingContext['HIGH_FLOAT'], webGLRenderingContext['MEDIUM_FLOAT'],     webGLRenderingContext['LOW_FLOAT'], webGLRenderingContext['HIGH_INT'], webGLRenderingContext['MEDIUM_INT'], webGLRenderingContext['LOW_INT']    ];    for (h = 0; h < vertex_shaders.length; h++) {     for (i = 0; i < high_floats.length; i++) {      _$MO = webGLRenderingContext['getShaderPrecisionFormat'](vertex_shaders[h], high_floats[i]);      audioArr.push(_$MO['rangeMin'], _$MO['rangeMax'], _$MO['precision']);     }    }   }   console.log(audioArr);  } catch (err) {   // TODO 异常操作  } }

大佬有話說 (0)