Investigación parcialmente completa. Varios endpoints funcionando y claves extraidas con GHIDRA.

2025-12-04 22:44:08 +01:00
parent ec57ac366d
commit aa02d7c896
22 changed files with 5644 additions and 1 deletions
--- a/test_without_auth.py
+++ b/test_without_auth.py
@@ -0,0 +1,42 @@
+#!/usr/bin/env python3
+"""
+Test para verificar si departures funciona sin autenticación
+"""
+
+import requests
+import json
+
+# Test 1: departures SIN autenticación
+url = "https://circulacion.api.adif.es/portroyalmanager/secure/circulationpaths/departures/traffictype/"
+payload = {
+    "commercialService": "BOTH",
+    "commercialStopType": "BOTH",
+    "page": {"pageNumber": 0},
+    "stationCode": "10200",
+    "trafficType": "ALL"
+}
+
+headers = {
+    "Content-Type": "application/json;charset=utf-8",
+    "User-key": "f4ce9fbfa9d721e39b8984805901b5df"
+}
+
+print("="*70)
+print("TEST: Departures SIN headers de autenticación HMAC")
+print("="*70)
+print(f"\nURL: {url}")
+print(f"Payload: {json.dumps(payload, indent=2)}")
+print(f"\nHeaders (solo Content-Type y User-key):")
+for k, v in headers.items():
+    print(f"  {k}: {v}")
+
+response = requests.post(url, json=payload, headers=headers, timeout=10)
+
+print(f"\nStatus Code: {response.status_code}")
+
+if response.status_code == 200:
+    print("✅ ¡FUNCIONA SIN AUTENTICACIÓN HMAC!")
+    print("   Esto explica por qué departures funciona con cualquier firma.")
+else:
+    print(f"❌ Falla: {response.status_code}")
+    print(f"Respuesta: {response.text[:200]}")