Reverse Engineering the Sign Parameter: An MD5‑Based Encryption Analysis for a Web API

1. Problem identification – The author begins by examining a URL and its request parameters, noting that the t field is a 13‑digit timestamp and the sign field is an encrypted value that changes with each request.

2. Parameter extraction – By inspecting the request payload, the following key‑value pairs are extracted:

jsv: 2.5.1
appKey: 12574478
t: 1588565848273
sign: 804fd2bd86b737702133e7d5f677de33
api: ***********************
v: 1.0
type: jsonp
dataType: jsonp
callback: mtopjsonp1
data: {"smAreaId":330100,"csaInfo":"0_0_0_0_0_0_0_0_0_0_0","csa":"0_0_0_0_0_0_0_0_0_0_0","logical":"HD"}

The analysis shows that sign and t are the only frequently changing parameters.

3. Discovering the encryption algorithm – By setting breakpoints and tracing the execution flow, the author locates a function (referred to as p) that processes several parameters and produces the sign. Testing reveals that this function behaves like an MD5 hash.

4. Re‑creating the sign – The sign is generated by concatenating four parameters (including appKey, t, and others) into a string and applying MD5. Replacing the original p function with a direct MD5 call reproduces the correct sign.

5. Handling token and cookies – The o.token value is read directly from a cookie. When the cookie expires, the server returns a set‑cookie response, updating the m_h5_tk and m_h5_tk_enc parameters, which are then used to rebuild o.token.

6. Summary of findings

Sign is an MD5 hash of four specific parameters. o.token is extracted from the cookie.

When the cookie expires, a new set‑cookie response updates the required token values.

The provided JavaScript code and the described reverse‑engineering steps serve as a practical guide for analyzing similar web API authentication mechanisms.