keyiflerolsun · September 26, 2023 06:53
diff --git a/nays_xtoken.py b/nays_xtoken.py
 # Bu araç @keyiflerolsun tarafından | @KekikAkademi için yazılmıştır.

 # ? ««--------------------- [ApiFactory & CryptographyHelper & Cryptography & RemoteConfig] ---------------------
 # ! URL            : https://apigateway-nextcx-dmz-platform.isbank.com.tr/sym/customer-citizen-info-v3
 # ! Timestamp      : 1695076755128
 # ! Text           : /customer-citizen-info-v3{"birthDay":31,"birthMonth":1,"birthYear":1990,"citizenId":"11111111111","customerName":"merhaba","customerSurname":"dünya","explicitConsentSigned":true}1695076755128
 # ! defaultKey     : +KbPdSgVkYp3s6v9y=B&E)H@McQfThWm
 # ! applicationKey : y3o2R7UZg13nVqFAg+B9IVj61M62CLJSw0kPoy3RBJ9kISt0MSU9BBDy7SBUL7MK
 # ! getKey         : F1NFK1+aXeIeSckpeA/dU4c+M6SGhf2X
 # ! Hash           : EygcmEIe3aU0TWIubaQTuBwbrqpY7HFcNDajlSKCT5c=
 # ? ----------------------- [ApiFactory & CryptographyHelper & Cryptography & RemoteConfig] ---------------------»»

 from httpx               import Client as Session
 from uuid                import uuid4
 from Crypto.Cipher       import AES
 from Crypto.Util.Padding import pad, unpad
 from hmac                import new as hmac
 from hashlib             import sha256
 from base64              import b64decode, b64encode
 from json                import dumps

 class NaysReverse:
    def __init__(self) -> None:
        # HTTP isteklerinde kullanılacak oturumu oluştur
        self.oturum = Session()
        self.oturum.headers.update({
            "Language"          : "tr",
            "OperatingSystem"   : "Android",
            "AppVersion"        : "1.3.8",
            "DeviceUniqueId"    : f"{uuid4()}",
            "ColorPalette"      : "light",
            "HasGoogleServices" : True,
            "Agent"             : "Nays/1.3.8 (Google AOSP on IA Emulator; Android 34 API 1453)",
            "Host"              : "apigateway-nextcx-dmz-platform.isbank.com.tr",
            "Accept-Encoding"   : "gzip",
            "User-Agent"        : "okhttp/4.11.0"
        })

        # Varsayılan ve uygulama anahtarlarını tanımla
        self.remote_config   = self.__get_remote_config()
        self.default_key     = self.remote_config.get("applicationKey2") # ! +KbPdSgVkYp3s6v9y=B&E)H@McQfThWm
        self.application_key = self.remote_config.get("applicationKey")  # ! y3o2R7UZg13nVqFAg+B9IVj61M62CLJSw0kPoy3RBJ9kISt0MSU9BBDy7SBUL7MK

        # HMAC için kullanılacak anahtarı deşifrele
        self.hmac_key = self.decrypt_aes_cbc_pkcs7(                      # ! F1NFK1+aXeIeSckpeA/dU4c+M6SGhf2X
            encrypted_text = self.application_key,
            secret_key     = self.default_key
        )

    def __get_remote_config(self) -> dict:
        # Uygulama anahtarlarını al
        istek = self.oturum.get(
            url     = "https://apigateway-nextcx-dmz-platform.isbank.com.tr/sym/content-parameter",
            params  = {
                "application" : "nextcx"
            }
        )
        veri  = istek.json()
        return {veri["key"]: veri["value"] for veri in veri["data"]["detail"]}

    def decrypt_aes_cbc_pkcs7(self, encrypted_text:str, secret_key:str) -> str:
        # Şifrelenmiş metni ve anahtarı bayt dizisine çevir
        encrypted_text_bytes = b64decode(encrypted_text.encode("utf-8"))
        key_bytes            = secret_key.encode("utf-8")

        # İlk vektörü (IV) ve şifre çözücüyü (cipher) oluştur
        iv     = key_bytes[:16]
        cipher = AES.new(key_bytes, AES.MODE_CBC, iv)

        # Metni deşifre et
        decrypted_bytes = unpad(cipher.decrypt(encrypted_text_bytes), AES.block_size)
        return decrypted_bytes.decode("utf-8")

    def encrypt_aes_cbc_pkcs7(self, text:str, secret_key:str) -> str:
        # Metni ve anahtarı bayt dizisine çevir
        text_byte = text.encode("utf-8")
        key_bytes = secret_key.encode("utf-8")

        # İlk vektörü (IV) ve şifreleyiciyi (cipher) oluştur
        iv     = key_bytes[:16]
        cipher = AES.new(key_bytes, AES.MODE_CBC, iv)

        # Metni şifrele
        encrypted_byte = cipher.encrypt(pad(text_byte, AES.block_size))
        return b64encode(encrypted_byte).decode("utf-8")

    def generate_hash_with_hmac256(self, msg:str):
        # Verilen mesaj için HMAC-SHA256 hash oluştur
        hmac256_hash = hmac(
            key       = self.hmac_key.encode("utf-8"), 
            msg       = msg.encode("utf-8"),
            digestmod = sha256
        )

        return b64encode(hmac256_hash.digest()).decode("utf-8")

    def xtoken_ver(self, endpoint:str, payload:dict, timestamp:int) -> str:
        # API isteği için "xtoken" oluştur
        return self.generate_hash_with_hmac256(
            f"{endpoint}{dumps(payload, ensure_ascii=False, sort_keys=False)}{timestamp}".replace(" ", "")
        )

 nays = NaysReverse()

 print(nays.xtoken_ver(
    timestamp = 1695076755128,
    endpoint  = "/customer-citizen-info-v3",
    payload   = {
        "birthDay"              : 31,
        "birthMonth"            : 1,
        "birthYear"             : 1990,
        "citizenId"             : "11111111111",
        "customerName"          : "merhaba",
        "customerSurname"       : "dünya",
        "explicitConsentSigned" : True
    },
 ))
 # ! EygcmEIe3aU0TWIubaQTuBwbrqpY7HFcNDajlSKCT5c=
	# Bu araç @keyiflerolsun tarafından \| @KekikAkademi için yazılmıştır.

	# ? ««--------------------- [ApiFactory & CryptographyHelper & Cryptography & RemoteConfig] ---------------------
	# ! URL : https://apigateway-nextcx-dmz-platform.isbank.com.tr/sym/customer-citizen-info-v3
	# ! Timestamp : 1695076755128
	# ! Text : /customer-citizen-info-v3{"birthDay":31,"birthMonth":1,"birthYear":1990,"citizenId":"11111111111","customerName":"merhaba","customerSurname":"dünya","explicitConsentSigned":true}1695076755128
	# ! defaultKey : +KbPdSgVkYp3s6v9y=B&E)H@McQfThWm
	# ! applicationKey : y3o2R7UZg13nVqFAg+B9IVj61M62CLJSw0kPoy3RBJ9kISt0MSU9BBDy7SBUL7MK
	# ! getKey : F1NFK1+aXeIeSckpeA/dU4c+M6SGhf2X
	# ! Hash : EygcmEIe3aU0TWIubaQTuBwbrqpY7HFcNDajlSKCT5c=
	# ? ----------------------- [ApiFactory & CryptographyHelper & Cryptography & RemoteConfig] ---------------------»»

	from httpx import Client as Session
	from uuid import uuid4
	from Crypto.Cipher import AES
	from Crypto.Util.Padding import pad, unpad
	from hmac import new as hmac
	from hashlib import sha256
	from base64 import b64decode, b64encode
	from json import dumps

	class NaysReverse:
	def __init__(self) -> None:
	# HTTP isteklerinde kullanılacak oturumu oluştur
	self.oturum = Session()
	self.oturum.headers.update({
	"Language" : "tr",
	"OperatingSystem" : "Android",
	"AppVersion" : "1.3.8",
	"DeviceUniqueId" : f"{uuid4()}",
	"ColorPalette" : "light",
	"HasGoogleServices" : True,
	"Agent" : "Nays/1.3.8 (Google AOSP on IA Emulator; Android 34 API 1453)",
	"Host" : "apigateway-nextcx-dmz-platform.isbank.com.tr",
	"Accept-Encoding" : "gzip",
	"User-Agent" : "okhttp/4.11.0"
	})

	# Varsayılan ve uygulama anahtarlarını tanımla
	self.remote_config = self.__get_remote_config()
	self.default_key = self.remote_config.get("applicationKey2") # ! +KbPdSgVkYp3s6v9y=B&E)H@McQfThWm
	self.application_key = self.remote_config.get("applicationKey") # ! y3o2R7UZg13nVqFAg+B9IVj61M62CLJSw0kPoy3RBJ9kISt0MSU9BBDy7SBUL7MK

	# HMAC için kullanılacak anahtarı deşifrele
	self.hmac_key = self.decrypt_aes_cbc_pkcs7( # ! F1NFK1+aXeIeSckpeA/dU4c+M6SGhf2X
	encrypted_text = self.application_key,
	secret_key = self.default_key
	)

	def __get_remote_config(self) -> dict:
	# Uygulama anahtarlarını al
	istek = self.oturum.get(
	url = "https://apigateway-nextcx-dmz-platform.isbank.com.tr/sym/content-parameter",
	params = {
	"application" : "nextcx"
	}
	)
	veri = istek.json()
	return {veri["key"]: veri["value"] for veri in veri["data"]["detail"]}

	def decrypt_aes_cbc_pkcs7(self, encrypted_text:str, secret_key:str) -> str:
	# Şifrelenmiş metni ve anahtarı bayt dizisine çevir
	encrypted_text_bytes = b64decode(encrypted_text.encode("utf-8"))
	key_bytes = secret_key.encode("utf-8")

	# İlk vektörü (IV) ve şifre çözücüyü (cipher) oluştur
	iv = key_bytes[:16]
	cipher = AES.new(key_bytes, AES.MODE_CBC, iv)

	# Metni deşifre et
	decrypted_bytes = unpad(cipher.decrypt(encrypted_text_bytes), AES.block_size)
	return decrypted_bytes.decode("utf-8")

	def encrypt_aes_cbc_pkcs7(self, text:str, secret_key:str) -> str:
	# Metni ve anahtarı bayt dizisine çevir
	text_byte = text.encode("utf-8")
	key_bytes = secret_key.encode("utf-8")

	# İlk vektörü (IV) ve şifreleyiciyi (cipher) oluştur
	iv = key_bytes[:16]
	cipher = AES.new(key_bytes, AES.MODE_CBC, iv)

	# Metni şifrele
	encrypted_byte = cipher.encrypt(pad(text_byte, AES.block_size))
	return b64encode(encrypted_byte).decode("utf-8")

	def generate_hash_with_hmac256(self, msg:str):
	# Verilen mesaj için HMAC-SHA256 hash oluştur
	hmac256_hash = hmac(
	key = self.hmac_key.encode("utf-8"),
	msg = msg.encode("utf-8"),
	digestmod = sha256
	)

	return b64encode(hmac256_hash.digest()).decode("utf-8")

	def xtoken_ver(self, endpoint:str, payload:dict, timestamp:int) -> str:
	# API isteği için "xtoken" oluştur
	return self.generate_hash_with_hmac256(
	f"{endpoint}{dumps(payload, ensure_ascii=False, sort_keys=False)}{timestamp}".replace(" ", "")
	)

	nays = NaysReverse()

	print(nays.xtoken_ver(
	timestamp = 1695076755128,
	endpoint = "/customer-citizen-info-v3",
	payload = {
	"birthDay" : 31,
	"birthMonth" : 1,
	"birthYear" : 1990,
	"citizenId" : "11111111111",
	"customerName" : "merhaba",
	"customerSurname" : "dünya",
	"explicitConsentSigned" : True
	},
	))
	# ! EygcmEIe3aU0TWIubaQTuBwbrqpY7HFcNDajlSKCT5c=