猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】
2021/10/3 6:10:17
本文主要是介绍猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】,对大家解决编程问题具有一定的参考价值,需要的程序猿们随着小编来一起学习吧!
发布文章内容,只为自己自学逆向分析做一个记录,方便以后加以巩固学习逆向分析。
本人为逆向学习小白,所以发布的内容都是简单的逆向分析。大佬请高抬贵手!
目标网址
https://match.yuanrenxue.com/match/2
逆向题目
提取全部5页发布日热度的值,计算所有值的加和,并提交答案
开始分析
1、打开chrome浏览器后,打开开发者工具,然后在开始之前,先清空一下缓存
2、重新刷新网页,发现网站开始进入 debugger;
3、这个的反调试相对的比较简单,我们先按照最简单的方式来一下,在debugger;进行下断点 并且编辑断点为false;然后然后让代码继续走;
4、然后就直接跳转到了 网页源代码上,并且在浏览器中也正常的可以看到热度值!
5、并且在network 面板中 也可以看到 热度值的 api
6、好像没有什么可以发现的需要分析的东西,然后在点击展示页中的第二页的时候,发现cookie失效了
7、并且在点击确认弹窗的按钮后,页面进行了重载刷新,但是注意到一个细节,就是这次的刷新没有被debugger到,一切都是这么的丝滑。 那么这个点可能出现在了请求的cookie上面了!
8、发现了 在开始请求页面的时候 有过一次重载 , 并且第一次请求页面的时候,并没有cookie值产生 返回的是一串js代码 在第二次请求相同页面的时候才传递了一个cookie值 并且这个cookie值很熟悉,对,很像第一题中的 m 值
并且可以看到一点,就是在请求热度值的数据的时候,cookie也是携带了m 值的 在加上上面的cookie失效的问题来讲,大致的可以分析出来 应该是第一次请求页面的时候,就在开始计算m 值,然后把这个m值添加到cookie中去 然后通过携带的这个m值的cookie在重新的请求一次页面 和 请求热度值获取数据
那么我们可以把 第一次请求页面的 返回js 代码进行分析一下 看看是怎么获取到m值的
又是一大坨ob的混淆,看的头痛。 那么这个如何下手嘞。。。 作为菜鸟的我想到了 两种方式 第一种就是 直接通过官网提供的OB反混淆工具 进行代码清洗 然后去 慢慢看 代码的执行流程 找到关键cookie生成m 值的地方 第二种就是 通过hook的方式 去hook cookie 的m 值 生成的时候的流程在哪里 然后开始扒需要用到的函数
OB反混淆
还是简单一点,直接把 代码拖到官网的 ob反混淆工具中
(function $dbsm_0x102ce0(_0x1c3497) { var _0x5a292f = function () { var _0x43e406 = true; return function (_0x2f7e34, _0x3732c2) { var _0xe8d469 = _0x43e406 ? function () { if (_0x3732c2) { var _0x3342b1 = _0x3732c2["apply"](_0x2f7e34, arguments); _0x3732c2 = null; return _0x3342b1; } } : function () {}; _0x43e406 = false; return _0xe8d469; }; }(); var _0x2b85c5 = function () { var _0x5df4b2 = true; return function (_0x426194, _0x5adab4) { var _0x587073 = _0x5df4b2 ? function () { if (_0x5adab4) { var _0x4ddedc = _0x5adab4["apply"](_0x426194, arguments); _0x5adab4 = null; return _0x4ddedc; } } : function () {}; _0x5df4b2 = false; return _0x587073; }; }(); function _0x3cd85f(_0x55da45, _0x245c09) { var _0x57967a = (65535 & _0x55da45) + (65535 & _0x245c09); return (_0x55da45 >> 16) + (_0x245c09 >> 16) + (_0x57967a >> 16) << 16 | 65535 & _0x57967a; } function _0x523d8f(_0x2c2cab, _0x51c62b) { return _0x2c2cab << _0x51c62b | _0x2c2cab >>> 32 - _0x51c62b; } function _0x260e1a(_0x30feae, _0x3f4975, _0x3a5c8e, _0x545ff3, _0x4ffdf9, _0x45c8d8) { return _0x3cd85f(_0x523d8f(_0x3cd85f(_0x3cd85f(_0x3f4975, _0x30feae), _0x3cd85f(_0x545ff3, _0x45c8d8)), _0x4ffdf9), _0x3a5c8e); } function _0x27b659(_0xdff166, _0x44dd4f, _0x2aa179, _0x12539d, _0x31410b, _0x590de8, _0xf385a3) { return _0x260e1a(_0x44dd4f & _0x2aa179 | ~_0x44dd4f & _0x12539d, _0xdff166, _0x44dd4f, _0x31410b, _0x590de8, _0xf385a3); } function _0x3c97e0(_0x1b0edf, _0x186f86, _0x23de9e, _0x5cdff6, _0xa62582, _0x3be53d, _0x1dadef) { return _0x260e1a(_0x186f86 & _0x5cdff6 | _0x23de9e & ~_0x5cdff6, _0x1b0edf, _0x186f86, _0xa62582, _0x3be53d, _0x1dadef); } function _0x44e90c(_0xdc8568, _0x2ed253) { let _0x331cd9 = [99, 111, 110, 115, 111, 108, 101]; let _0x3decb0 = ""; for (let _0x209b90 = 0; _0x209b90 < _0x331cd9["length"]; _0x209b90++) { _0x3decb0 += String["fromCharCode"](_0x331cd9[_0x209b90]); } return _0x3decb0; } function _0x83c42b(_0x1bb2a5, _0x3e8295, _0x2d0621, _0x21d587, _0x2d0ee2, _0x1944ba, _0x4c5f2c) { return _0x260e1a(_0x3e8295 ^ _0x2d0621 ^ _0x21d587, _0x1bb2a5, _0x3e8295, _0x2d0ee2, _0x1944ba, _0x4c5f2c); } function _0x339190(_0x6658ad, _0x810ec7, _0x6b9957, _0x446fdf, _0xd83027, _0x45257f, _0x542c6b) { return _0x260e1a(_0x6b9957 ^ (_0x810ec7 | ~_0x446fdf), _0x6658ad, _0x810ec7, _0xd83027, _0x45257f, _0x542c6b); } function _0x4c4af4(_0x351757, _0xb6bc34) { if (_0xb6bc34) { return _0x339190(_0x351757); } return _0x44e90c(_0x351757); } function _0x2c1617(_0xd1cbdf, _0x78adee) { let _0x227258 = ""; for (let _0x3f9a1 = 0; _0x3f9a1 < _0xd1cbdf["length"]; _0x3f9a1++) { _0x227258 += String["fromCharCode"](_0xd1cbdf[_0x3f9a1]); } return _0x227258; } function _0x3f0df6(_0x21a240, _0x2e646d) { var _0x81db3b = _0x5a292f(this, function () { var _0x7eb303 = function () { var _0x47fa48 = _0x7eb303["constructor"]("return /\" + this + \"/")()["compile"]("^([^ ]+( +[^ ]+)+)+[^ ]}"); return !_0x47fa48["test"](_0x81db3b); }; return _0x7eb303(); }); _0x81db3b(); (function () { _0x2b85c5(this, function () { var _0x5990ee = new RegExp("function *\\( *\\)"); var _0x1a3ab8 = new RegExp("\\+\\+ *(?:[a-zA-Z_$][0-9a-zA-Z_$]*)", "i"); var _0x1e0f27 = $dbsm_0x20fca2("init"); if (!_0x5990ee["test"](_0x1e0f27 + "chain") || !_0x1a3ab8["test"](_0x1e0f27 + "input")) { _0x1e0f27("0"); } else { $dbsm_0x20fca2(); } })(); })(); _0x4c4af4(); qz = [10, 99, 111, 110, 115, 111, 108, 101, 32, 61, 32, 110, 101, 119, 32, 79, 98, 106, 101, 99, 116, 40, 41, 10, 99, 111, 110, 115, 111, 108, 101, 46, 108, 111, 103, 32, 61, 32, 102, 117, 110, 99, 116, 105, 111, 110, 32, 40, 115, 41, 32, 123, 10, 32, 32, 32, 32, 119, 104, 105, 108, 101, 32, 40, 49, 41, 123, 10, 32, 32, 32, 32, 32, 32, 32, 32, 102, 111, 114, 40, 105, 61, 48, 59, 105, 60, 49, 49, 48, 48, 48, 48, 48, 59, 105, 43, 43, 41, 123, 10, 32, 32, 32, 32, 32, 32, 32, 32, 104, 105, 115, 116, 111, 114, 121, 46, 112, 117, 115, 104, 83, 116, 97, 116, 101, 40, 48, 44, 48, 44, 105, 41, 10, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 125, 10, 32, 32, 32, 32, 125, 10, 10, 125, 10, 99, 111, 110, 115, 111, 108, 101, 46, 116, 111, 83, 116, 114, 105, 110, 103, 32, 61, 32, 39, 91, 111, 98, 106, 101, 99, 116, 32, 79, 98, 106, 101, 99, 116, 93, 39, 10, 99, 111, 110, 115, 111, 108, 101, 46, 108, 111, 103, 46, 116, 111, 83, 116, 114, 105, 110, 103, 32, 61, 32, 39, 402, 32, 116, 111, 83, 116, 114, 105, 110, 103, 40, 41, 32, 123, 32, 91, 110, 97, 116, 105, 118, 101, 32, 99, 111, 100, 101, 93, 32, 125, 39, 10]; eval(_0x2c1617(qz)); try { if (global) { console["log"]("\u4EBA\u751F\u82E6\u77ED\uFF0C\u4F55\u5FC5python\uFF1F"); } else { while (1) { console["log"]("\u4EBA\u751F\u82E6\u77ED\uFF0C\u4F55\u5FC5python\uFF1F"); debugger; } } } catch (_0x29d779) { return navigator["vendorSub"]; } } setInterval(_0x3f0df6(), 500); function _0x51170e(_0x42e7e7, _0x15d64c) { _0x42e7e7[_0x15d64c >> 5] |= 128 << _0x15d64c % 32, _0x42e7e7[14 + (_0x15d64c + 64 >>> 9 << 4)] = _0x15d64c; if (qz) { var _0x1f6af0, _0x1cdbd9, _0x1cd5f8, _0x1ff8a2, _0x9a5629, _0x4c9fb6 = 1732584193, _0x462b82 = -271733879, _0x3b7106 = -1732584194, _0x5e29eb = 271733878; } else { var _0x1f6af0, _0x1cdbd9, _0x1cd5f8, _0x1ff8a2, _0x9a5629, _0x4c9fb6 = 0, _0x462b82 = -0, _0x3b7106 = -0, _0x5e29eb = 0; } for (_0x1f6af0 = 0; _0x1f6af0 < _0x42e7e7["length"]; _0x1f6af0 += 16) _0x1cdbd9 = _0x4c9fb6, _0x1cd5f8 = _0x462b82, _0x1ff8a2 = _0x3b7106, _0x9a5629 = _0x5e29eb, _0x4c9fb6 = _0x27b659(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0], 7, -680876936), _0x5e29eb = _0x27b659(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 1], 12, -389564586), _0x3b7106 = _0x27b659(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 2], 17, 606105819), _0x462b82 = _0x27b659(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 3], 22, -1044525330), _0x4c9fb6 = _0x27b659(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 4], 7, -176418897), _0x5e29eb = _0x27b659(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 5], 12, 1200080426), _0x3b7106 = _0x27b659(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 6], 17, -1473231341), _0x462b82 = _0x27b659(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 7], 22, -45705983), _0x4c9fb6 = _0x27b659(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 8], 7, 1770010416), _0x5e29eb = _0x27b659(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 9], 12, -1958414417), _0x3b7106 = _0x27b659(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 10], 17, -42063), _0x462b82 = _0x27b659(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 11], 22, -1990404162), _0x4c9fb6 = _0x27b659(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 12], 7, 1804603682), _0x5e29eb = _0x27b659(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 13], 12, -40341101), _0x3b7106 = _0x27b659(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 14], 17, -1502882290), _0x462b82 = _0x27b659(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 15], 22, 1236535329), _0x4c9fb6 = _0x3c97e0(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 1], 5, -165796510), _0x5e29eb = _0x3c97e0(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 6], 9, -1069501632), _0x3b7106 = _0x3c97e0(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 11], 14, 643717713), _0x462b82 = _0x3c97e0(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0], 20, -373897302), _0x4c9fb6 = _0x3c97e0(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 5], 5, -701558691), _0x5e29eb = _0x3c97e0(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 10], 9, 38016083), _0x3b7106 = _0x3c97e0(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 15], 14, -660478335), _0x462b82 = _0x3c97e0(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 4], 20, -405537848), _0x4c9fb6 = _0x3c97e0(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 9], 5, 568446438), _0x5e29eb = _0x3c97e0(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 14], 9, -1019803690), _0x3b7106 = _0x3c97e0(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 3], 14, -187363961), _0x462b82 = _0x3c97e0(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 8], 20, 1163531501), _0x4c9fb6 = _0x3c97e0(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 13], 5, -1444681467), _0x5e29eb = _0x3c97e0(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 2], 9, -51403784), _0x3b7106 = _0x3c97e0(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 7], 14, 1735328473), _0x462b82 = _0x3c97e0(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 12], 20, -1926607734), _0x4c9fb6 = _0x83c42b(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 5], 4, -378558), _0x5e29eb = _0x83c42b(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 8], 11, -2022574463), _0x3b7106 = _0x83c42b(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 11], 16, 1839030562), _0x462b82 = _0x83c42b(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 14], 23, -35309556), _0x4c9fb6 = _0x83c42b(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 1], 4, -1530992060), _0x5e29eb = _0x83c42b(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 4], 11, 1272893353), _0x3b7106 = _0x83c42b(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 7], 16, -155497632), _0x462b82 = _0x83c42b(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 10], 23, -1094730640), _0x4c9fb6 = _0x83c42b(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 13], 4, 681279174), _0x5e29eb = _0x83c42b(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0], 11, -358537222), _0x3b7106 = _0x83c42b(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 3], 16, -722521979), _0x462b82 = _0x83c42b(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 6], 23, 76029189), _0x4c9fb6 = _0x83c42b(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 9], 4, -640364487), _0x5e29eb = _0x83c42b(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 12], 11, -421815835), _0x3b7106 = _0x83c42b(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 15], 16, 530742520), _0x462b82 = _0x83c42b(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 2], 23, -995338651), _0x4c9fb6 = _0x339190(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0], 6, -198630844), _0x5e29eb = _0x339190(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 7], 10, 1126891415), _0x3b7106 = _0x339190(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 14], 15, -1416354905), _0x462b82 = _0x339190(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 5], 21, -57434055), _0x4c9fb6 = _0x339190(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 12], 6, 1700485571), _0x5e29eb = _0x339190(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 3], 10, -1894986606), _0x3b7106 = _0x339190(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 10], 15, -1051523), _0x462b82 = _0x339190(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 1], 21, -2054922799), _0x4c9fb6 = _0x339190(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 8], 6, 1873313359), _0x5e29eb = _0x339190(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 15], 10, -30611744), _0x3b7106 = _0x339190(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 6], 15, -1560198380), _0x462b82 = _0x339190(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 13], 21, 1309151649), _0x4c9fb6 = _0x339190(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 4], 6, -145523070), _0x5e29eb = _0x339190(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 11], 10, -1120210379), _0x3b7106 = _0x339190(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 2], 15, 718787259), _0x462b82 = _0x339190(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 9], 21, -343485441), _0x4c9fb6 = _0x3cd85f(_0x4c9fb6, _0x1cdbd9), _0x462b82 = _0x3cd85f(_0x462b82, _0x1cd5f8), _0x3b7106 = _0x3cd85f(_0x3b7106, _0x1ff8a2), _0x5e29eb = _0x3cd85f(_0x5e29eb, _0x9a5629); return [_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb]; } function _0x40b065(_0x5d19ae) { var _0x1d46aa, _0x40c9ef = "", _0x1d2ea = 32 * _0x5d19ae["length"]; for (_0x1d46aa = 0; _0x1d46aa < _0x1d2ea; _0x1d46aa += 8) _0x40c9ef += String["fromCharCode"](_0x5d19ae[_0x1d46aa >> 5] >>> _0x1d46aa % 32 & 255); return _0x40c9ef; } function _0x39c209(_0x5d376f) { var _0x302a1b, _0xf9cd0e = []; for (_0xf9cd0e[(_0x5d376f["length"] >> 2) - 1] = undefined, _0x302a1b = 0; _0x302a1b < _0xf9cd0e["length"]; _0x302a1b += 1) _0xf9cd0e[_0x302a1b] = 0; var _0x52bbbc = 8 * _0x5d376f["length"]; for (_0x302a1b = 0; _0x302a1b < _0x52bbbc; _0x302a1b += 8) _0xf9cd0e[_0x302a1b >> 5] |= (255 & _0x5d376f["charCodeAt"](_0x302a1b / 8)) << _0x302a1b % 32; return _0xf9cd0e; } function _0x4c5ea3(_0x25c0f4) { return _0x40b065(_0x51170e(_0x39c209(_0x25c0f4), 8 * _0x25c0f4["length"])); } function _0x3e0a6e(_0x444a85) { var _0x359c64, _0x21de56, _0x23e68c = "0123456789abcdef", _0x3e9c4f = ""; for (_0x21de56 = 0; _0x21de56 < _0x444a85["length"]; _0x21de56 += 1) _0x359c64 = _0x444a85["charCodeAt"](_0x21de56), _0x3e9c4f += _0x23e68c["charAt"](_0x359c64 >>> 4 & 15) + _0x23e68c["charAt"](15 & _0x359c64); return _0x3e9c4f; } function _0x58d763(_0xa4215b) { return unescape(encodeURIComponent(_0xa4215b)); } function _0x537297(_0x22a981) { return _0x4c5ea3(_0x58d763(_0x22a981)); } function _0x1d83ba(_0x16cdae) { return _0x3e0a6e(_0x537297(_0x16cdae)); } function _0x36c705(_0x4201fa, _0x5c05ef, _0x42ae23) { _0x3f0df6(); return _0x5c05ef ? _0x42ae23 ? _0x44e90c(_0x5c05ef, _0x4201fa) : y(_0x5c05ef, _0x4201fa) : _0x42ae23 ? _0x537297(_0x4201fa) : _0x1d83ba(_0x4201fa); } function _0x2e5d25(_0x284fde, _0x277194) { document["cookie"] = "m" + _0x3f0df6() + "=" + _0x36c705(_0x284fde) + "|" + _0x284fde + "; path=/"; location["reload"](); } function _0x2601b2(_0x5a0694, _0x16d2b6) { return Date["parse"](new Date()); } _0x2e5d25(_0x2601b2()); })(); function $dbsm_0x20fca2(_0x45484a) { function _0x3eb90a(_0x325662) { if (typeof _0x325662 === "string") { return function (_0x36d420) {}["constructor"]("while (true) {}")["apply"]("counter"); } else { if (("" + _0x325662 / _0x325662)["length"] !== 1 || _0x325662 % 20 === 0) { (function () { return true; })["constructor"]("debugger")["call"]("action"); } else { (function () { return false; })["constructor"]("debugger")["apply"]("stateObject"); } } _0x3eb90a(++_0x325662); } try { if (_0x45484a) { return _0x3eb90a; } else { _0x3eb90a(0); } } catch (_0x56a792) {} } setInterval(function () { $dbsm_0x20fca2(); }, 4000);
最终获取了 200 多行的代码 在里面我们可以清楚的看到 cookie m 值的生成地方 也可以看到 先生成m 值后,网页在进行重载
首先我们可以 先通过 vscode的 折叠 看一下 整体 这个js 分为多少个函数大块
折叠后 我们可以发现的是,这个js 有三个函数大块, 其中最下面的是 一个计时器setInterval 作用的函数是 $dbsm_0x20fca2 折叠开 $dbsm_0x20fca2 函数 在里面并没有看到有关于m 生成的方法 可以大致的判断,这个函数方法是检测用的,可以先屏蔽掉 计时器也是一样,屏蔽掉
然后开始看 $dbsm_0x102ce0(_0x1c3497) 这个大方法 折叠开后,可以看到这个是一个自执行的方法, 并且可以在函数的最后看到m 的生成方法
那么在这里,直接可以看出来 _0x2601b2() 方法就是时间戳的生成方法 _0x284fde 就是时间戳 _0x36c705(_0x284fde) 就是生成的时间戳加密值 然后我们吧_0x2e5d25() 这个函数改造一下 让它直接返回m值即可
在知道了_0x36c705()是加密的算法 那么继续往上找定义的地方 发现在_0x36c705里面 调用了_0x3f0df6()函数 那么继续找_0x3f0df6()定义的地方
在网上找后 又看到了一个定时器 每500毫秒执行一次_0x3f0df6()方法 那么就直接屏蔽掉 并且可以考虑到 在这个方法里面 可能会有一些检测或者无用的垃圾代码
找到了定义_0x3f0df6()函数的地方 看到了这串代码 var _0x81db3b = _0x5a292f(this, function () { var _0x7eb303 = function () { var _0x47fa48 = _0x7eb303["constructor"]("return /\" + this + \"/")()["compile"]("^([^ ]+( +[^ ]+)+)+[^ ]}"); return !_0x47fa48["test"](_0x81db3b); }; return _0x7eb303(); }); _0x81db3b(); 定义_0x7eb303()方法 然后 return 返回自己 明显的没有啥用,直接屏蔽掉
下面的这一串自执行代码也是一样,$dbsm_0x20fca2() 已经在之前被我们屏蔽掉 说明这一串代码也是差不多类似做检测用的,可以直接屏蔽掉
然后看这一串try 的代码 看到了global 全局的函数 判断 global 是否存在 如果不存在就执行 navigator["vendorSub"]; 通过控制台输出为空 说明这个也是一个垃圾代码 直接替换为 return "";
测试代码有效性
然后我们把这个自执行的代码进行剥离 把运行 _0x2e5d25(_0x2601b2()) 的主要函数进行封装 function get_md5() { return _0x2e5d25(_0x2601b2()); }
var _0x5a292f = function() { var _0x43e406 = true; return function(_0x2f7e34, _0x3732c2) { var _0xe8d469 = _0x43e406 ? function() { if (_0x3732c2) { var _0x3342b1 = _0x3732c2["apply"](_0x2f7e34, arguments); _0x3732c2 = null; return _0x3342b1; } } : function() {}; _0x43e406 = false; return _0xe8d469; }; }(); var _0x2b85c5 = function() { var _0x5df4b2 = true; return function(_0x426194, _0x5adab4) { var _0x587073 = _0x5df4b2 ? function() { if (_0x5adab4) { var _0x4ddedc = _0x5adab4["apply"](_0x426194, arguments); _0x5adab4 = null; return _0x4ddedc; } } : function() {}; _0x5df4b2 = false; return _0x587073; }; }(); function _0x3cd85f(_0x55da45, _0x245c09) { var _0x57967a = (65535 & _0x55da45) + (65535 & _0x245c09); return (_0x55da45 >> 16) + (_0x245c09 >> 16) + (_0x57967a >> 16) << 16 | 65535 & _0x57967a; } function _0x523d8f(_0x2c2cab, _0x51c62b) { return _0x2c2cab << _0x51c62b | _0x2c2cab >>> 32 - _0x51c62b; } function _0x260e1a(_0x30feae, _0x3f4975, _0x3a5c8e, _0x545ff3, _0x4ffdf9, _0x45c8d8) { return _0x3cd85f(_0x523d8f(_0x3cd85f(_0x3cd85f(_0x3f4975, _0x30feae), _0x3cd85f(_0x545ff3, _0x45c8d8)), _0x4ffdf9), _0x3a5c8e); } function _0x27b659(_0xdff166, _0x44dd4f, _0x2aa179, _0x12539d, _0x31410b, _0x590de8, _0xf385a3) { return _0x260e1a(_0x44dd4f & _0x2aa179 | ~_0x44dd4f & _0x12539d, _0xdff166, _0x44dd4f, _0x31410b, _0x590de8, _0xf385a3); } function _0x3c97e0(_0x1b0edf, _0x186f86, _0x23de9e, _0x5cdff6, _0xa62582, _0x3be53d, _0x1dadef) { return _0x260e1a(_0x186f86 & _0x5cdff6 | _0x23de9e & ~_0x5cdff6, _0x1b0edf, _0x186f86, _0xa62582, _0x3be53d, _0x1dadef); } function _0x44e90c(_0xdc8568, _0x2ed253) { let _0x331cd9 = [99, 111, 110, 115, 111, 108, 101]; let _0x3decb0 = ""; for (let _0x209b90 = 0; _0x209b90 < _0x331cd9["length"]; _0x209b90++) { _0x3decb0 += String["fromCharCode"](_0x331cd9[_0x209b90]); } return _0x3decb0; } function _0x83c42b(_0x1bb2a5, _0x3e8295, _0x2d0621, _0x21d587, _0x2d0ee2, _0x1944ba, _0x4c5f2c) { return _0x260e1a(_0x3e8295 ^ _0x2d0621 ^ _0x21d587, _0x1bb2a5, _0x3e8295, _0x2d0ee2, _0x1944ba, _0x4c5f2c); } function _0x339190(_0x6658ad, _0x810ec7, _0x6b9957, _0x446fdf, _0xd83027, _0x45257f, _0x542c6b) { return _0x260e1a(_0x6b9957 ^ (_0x810ec7 | ~_0x446fdf), _0x6658ad, _0x810ec7, _0xd83027, _0x45257f, _0x542c6b); } function _0x4c4af4(_0x351757, _0xb6bc34) { if (_0xb6bc34) { return _0x339190(_0x351757); } return _0x44e90c(_0x351757); } function _0x2c1617(_0xd1cbdf, _0x78adee) { let _0x227258 = ""; for (let _0x3f9a1 = 0; _0x3f9a1 < _0xd1cbdf["length"]; _0x3f9a1++) { _0x227258 += String["fromCharCode"](_0xd1cbdf[_0x3f9a1]); } return _0x227258; } function _0x3f0df6(_0x21a240, _0x2e646d) { // var _0x81db3b = _0x5a292f(this, function () { // var _0x7eb303 = function () { // var _0x47fa48 = _0x7eb303["constructor"]("return /\" + this + \"/")()["compile"]("^([^ ]+( +[^ ]+)+)+[^ ]}"); // return !_0x47fa48["test"](_0x81db3b); // }; // return _0x7eb303(); // }); // _0x81db3b(); // (function () { // _0x2b85c5(this, function () { // var _0x5990ee = new RegExp("function *\\( *\\)"); // var _0x1a3ab8 = new RegExp("\\+\\+ *(?:[a-zA-Z_$][0-9a-zA-Z_$]*)", "i"); // var _0x1e0f27 = $dbsm_0x20fca2("init"); // if (!_0x5990ee["test"](_0x1e0f27 + "chain") || !_0x1a3ab8["test"](_0x1e0f27 + "input")) { // _0x1e0f27("0"); // } else { // $dbsm_0x20fca2(); // } // })(); // })(); _0x4c4af4(); qz = [10, 99, 111, 110, 115, 111, 108, 101, 32, 61, 32, 110, 101, 119, 32, 79, 98, 106, 101, 99, 116, 40, 41, 10, 99, 111, 110, 115, 111, 108, 101, 46, 108, 111, 103, 32, 61, 32, 102, 117, 110, 99, 116, 105, 111, 110, 32, 40, 115, 41, 32, 123, 10, 32, 32, 32, 32, 119, 104, 105, 108, 101, 32, 40, 49, 41, 123, 10, 32, 32, 32, 32, 32, 32, 32, 32, 102, 111, 114, 40, 105, 61, 48, 59, 105, 60, 49, 49, 48, 48, 48, 48, 48, 59, 105, 43, 43, 41, 123, 10, 32, 32, 32, 32, 32, 32, 32, 32, 104, 105, 115, 116, 111, 114, 121, 46, 112, 117, 115, 104, 83, 116, 97, 116, 101, 40, 48, 44, 48, 44, 105, 41, 10, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 125, 10, 32, 32, 32, 32, 125, 10, 10, 125, 10, 99, 111, 110, 115, 111, 108, 101, 46, 116, 111, 83, 116, 114, 105, 110, 103, 32, 61, 32, 39, 91, 111, 98, 106, 101, 99, 116, 32, 79, 98, 106, 101, 99, 116, 93, 39, 10, 99, 111, 110, 115, 111, 108, 101, 46, 108, 111, 103, 46, 116, 111, 83, 116, 114, 105, 110, 103, 32, 61, 32, 39, 402, 32, 116, 111, 83, 116, 114, 105, 110, 103, 40, 41, 32, 123, 32, 91, 110, 97, 116, 105, 118, 101, 32, 99, 111, 100, 101, 93, 32, 125, 39, 10]; eval(_0x2c1617(qz)); // try { // if (global) { // console["log"]("\u4EBA\u751F\u82E6\u77ED\uFF0C\u4F55\u5FC5python\uFF1F"); // } else { // while (1) { // console["log"]("\u4EBA\u751F\u82E6\u77ED\uFF0C\u4F55\u5FC5python\uFF1F"); // debugger; // } // } // } catch (_0x29d779) { // return navigator["vendorSub"]; // } return ""; } // setInterval(_0x3f0df6(), 500); function _0x51170e(_0x42e7e7, _0x15d64c) { _0x42e7e7[_0x15d64c >> 5] |= 128 << _0x15d64c % 32, _0x42e7e7[14 + (_0x15d64c + 64 >>> 9 << 4)] = _0x15d64c; if (qz) { var _0x1f6af0, _0x1cdbd9, _0x1cd5f8, _0x1ff8a2, _0x9a5629, _0x4c9fb6 = 1732584193, _0x462b82 = -271733879, _0x3b7106 = -1732584194, _0x5e29eb = 271733878; } else { var _0x1f6af0, _0x1cdbd9, _0x1cd5f8, _0x1ff8a2, _0x9a5629, _0x4c9fb6 = 0, _0x462b82 = -0, _0x3b7106 = -0, _0x5e29eb = 0; } for (_0x1f6af0 = 0; _0x1f6af0 < _0x42e7e7["length"]; _0x1f6af0 += 16) _0x1cdbd9 = _0x4c9fb6, _0x1cd5f8 = _0x462b82, _0x1ff8a2 = _0x3b7106, _0x9a5629 = _0x5e29eb, _0x4c9fb6 = _0x27b659(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0], 7, -680876936), _0x5e29eb = _0x27b659(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 1], 12, -389564586), _0x3b7106 = _0x27b659(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 2], 17, 606105819), _0x462b82 = _0x27b659(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 3], 22, -1044525330), _0x4c9fb6 = _0x27b659(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 4], 7, -176418897), _0x5e29eb = _0x27b659(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 5], 12, 1200080426), _0x3b7106 = _0x27b659(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 6], 17, -1473231341), _0x462b82 = _0x27b659(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 7], 22, -45705983), _0x4c9fb6 = _0x27b659(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 8], 7, 1770010416), _0x5e29eb = _0x27b659(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 9], 12, -1958414417), _0x3b7106 = _0x27b659(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 10], 17, -42063), _0x462b82 = _0x27b659(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 11], 22, -1990404162), _0x4c9fb6 = _0x27b659(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 12], 7, 1804603682), _0x5e29eb = _0x27b659(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 13], 12, -40341101), _0x3b7106 = _0x27b659(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 14], 17, -1502882290), _0x462b82 = _0x27b659(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 15], 22, 1236535329), _0x4c9fb6 = _0x3c97e0(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 1], 5, -165796510), _0x5e29eb = _0x3c97e0(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 6], 9, -1069501632), _0x3b7106 = _0x3c97e0(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 11], 14, 643717713), _0x462b82 = _0x3c97e0(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0], 20, -373897302), _0x4c9fb6 = _0x3c97e0(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 5], 5, -701558691), _0x5e29eb = _0x3c97e0(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 10], 9, 38016083), _0x3b7106 = _0x3c97e0(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 15], 14, -660478335), _0x462b82 = _0x3c97e0(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 4], 20, -405537848), _0x4c9fb6 = _0x3c97e0(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 9], 5, 568446438), _0x5e29eb = _0x3c97e0(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 14], 9, -1019803690), _0x3b7106 = _0x3c97e0(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 3], 14, -187363961), _0x462b82 = _0x3c97e0(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 8], 20, 1163531501), _0x4c9fb6 = _0x3c97e0(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 13], 5, -1444681467), _0x5e29eb = _0x3c97e0(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 2], 9, -51403784), _0x3b7106 = _0x3c97e0(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 7], 14, 1735328473), _0x462b82 = _0x3c97e0(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 12], 20, -1926607734), _0x4c9fb6 = _0x83c42b(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 5], 4, -378558), _0x5e29eb = _0x83c42b(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 8], 11, -2022574463), _0x3b7106 = _0x83c42b(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 11], 16, 1839030562), _0x462b82 = _0x83c42b(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 14], 23, -35309556), _0x4c9fb6 = _0x83c42b(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 1], 4, -1530992060), _0x5e29eb = _0x83c42b(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 4], 11, 1272893353), _0x3b7106 = _0x83c42b(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 7], 16, -155497632), _0x462b82 = _0x83c42b(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 10], 23, -1094730640), _0x4c9fb6 = _0x83c42b(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 13], 4, 681279174), _0x5e29eb = _0x83c42b(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0], 11, -358537222), _0x3b7106 = _0x83c42b(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 3], 16, -722521979), _0x462b82 = _0x83c42b(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 6], 23, 76029189), _0x4c9fb6 = _0x83c42b(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 9], 4, -640364487), _0x5e29eb = _0x83c42b(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 12], 11, -421815835), _0x3b7106 = _0x83c42b(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 15], 16, 530742520), _0x462b82 = _0x83c42b(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 2], 23, -995338651), _0x4c9fb6 = _0x339190(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0], 6, -198630844), _0x5e29eb = _0x339190(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 7], 10, 1126891415), _0x3b7106 = _0x339190(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 14], 15, -1416354905), _0x462b82 = _0x339190(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 5], 21, -57434055), _0x4c9fb6 = _0x339190(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 12], 6, 1700485571), _0x5e29eb = _0x339190(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 3], 10, -1894986606), _0x3b7106 = _0x339190(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 10], 15, -1051523), _0x462b82 = _0x339190(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 1], 21, -2054922799), _0x4c9fb6 = _0x339190(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 8], 6, 1873313359), _0x5e29eb = _0x339190(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 15], 10, -30611744), _0x3b7106 = _0x339190(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 6], 15, -1560198380), _0x462b82 = _0x339190(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 13], 21, 1309151649), _0x4c9fb6 = _0x339190(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 4], 6, -145523070), _0x5e29eb = _0x339190(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 11], 10, -1120210379), _0x3b7106 = _0x339190(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 2], 15, 718787259), _0x462b82 = _0x339190(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 9], 21, -343485441), _0x4c9fb6 = _0x3cd85f(_0x4c9fb6, _0x1cdbd9), _0x462b82 = _0x3cd85f(_0x462b82, _0x1cd5f8), _0x3b7106 = _0x3cd85f(_0x3b7106, _0x1ff8a2), _0x5e29eb = _0x3cd85f(_0x5e29eb, _0x9a5629); return [_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb]; } function _0x40b065(_0x5d19ae) { var _0x1d46aa, _0x40c9ef = "", _0x1d2ea = 32 * _0x5d19ae["length"]; for (_0x1d46aa = 0; _0x1d46aa < _0x1d2ea; _0x1d46aa += 8) _0x40c9ef += String["fromCharCode"](_0x5d19ae[_0x1d46aa >> 5] >>> _0x1d46aa % 32 & 255); return _0x40c9ef; } function _0x39c209(_0x5d376f) { var _0x302a1b, _0xf9cd0e = []; for (_0xf9cd0e[(_0x5d376f["length"] >> 2) - 1] = undefined, _0x302a1b = 0; _0x302a1b < _0xf9cd0e["length"]; _0x302a1b += 1) _0xf9cd0e[_0x302a1b] = 0; var _0x52bbbc = 8 * _0x5d376f["length"]; for (_0x302a1b = 0; _0x302a1b < _0x52bbbc; _0x302a1b += 8) _0xf9cd0e[_0x302a1b >> 5] |= (255 & _0x5d376f["charCodeAt"](_0x302a1b / 8)) << _0x302a1b % 32; return _0xf9cd0e; } function _0x4c5ea3(_0x25c0f4) { return _0x40b065(_0x51170e(_0x39c209(_0x25c0f4), 8 * _0x25c0f4["length"])); } function _0x3e0a6e(_0x444a85) { var _0x359c64, _0x21de56, _0x23e68c = "0123456789abcdef", _0x3e9c4f = ""; for (_0x21de56 = 0; _0x21de56 < _0x444a85["length"]; _0x21de56 += 1) _0x359c64 = _0x444a85["charCodeAt"](_0x21de56), _0x3e9c4f += _0x23e68c["charAt"](_0x359c64 >>> 4 & 15) + _0x23e68c["charAt"](15 & _0x359c64); return _0x3e9c4f; } function _0x58d763(_0xa4215b) { return unescape(encodeURIComponent(_0xa4215b)); } function _0x537297(_0x22a981) { return _0x4c5ea3(_0x58d763(_0x22a981)); } function _0x1d83ba(_0x16cdae) { return _0x3e0a6e(_0x537297(_0x16cdae)); } function _0x36c705(_0x4201fa, _0x5c05ef, _0x42ae23) { _0x3f0df6(); return _0x5c05ef ? _0x42ae23 ? _0x44e90c(_0x5c05ef, _0x4201fa) : y(_0x5c05ef, _0x4201fa) : _0x42ae23 ? _0x537297(_0x4201fa) : _0x1d83ba(_0x4201fa); // return _0x1d83ba(_0x4201fa); } function _0x2e5d25(_0x284fde) { // document["cookie"] = "m" + _0x3f0df6() + "=" + _0x36c705(_0x284fde) + "|" + _0x284fde + "; path=/"; // location["reload"](); m = _0x36c705(_0x284fde) + "|" + _0x284fde; return m; } function _0x2601b2() { return Date["parse"](new Date()); } function get_md5() { return _0x2e5d25(_0x2601b2()); } // function $dbsm_0x20fca2(_0x45484a) { // function _0x3eb90a(_0x325662) { // if (typeof _0x325662 === "string") { // return function (_0x36d420) {}["constructor"]("while (true) {}")["apply"]("counter"); // } else { // if (("" + _0x325662 / _0x325662)["length"] !== 1 || _0x325662 % 20 === 0) { // (function () { // return true; // })["constructor"]("debugger")["call"]("action"); // } else { // (function () { // return false; // })["constructor"]("debugger")["apply"]("stateObject"); // } // } // _0x3eb90a(++_0x325662); // } // try { // if (_0x45484a) { // return _0x3eb90a; // } else { // _0x3eb90a(0); // } // } catch (_0x56a792) {} // } // setInterval(function () { // $dbsm_0x20fca2(); // }, 4000);
鬼鬼调试工具输出正常,后续可以写爬取脚本了
脚本编写
# coding:utf-8 import requests import time import execjs def get_time(): now = int(time.time())*1000 print(now) return now def js_md5(timestamp): js_txt = open('demo.js','r',encoding='utf-8').read() js_complie = execjs.compile(js_txt) hex_md5 = js_complie.call('get_md5',str(timestamp)) print(hex_md5) return hex_md5 def yuanrenxue_sprider(md5,page): url = 'https://match.yuanrenxue.com/api/match/2?page={page}'.format(page=page) print(url) headers = { 'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.10 Safari/537.36', 'cookie': 'm='+md5 } if page == 4 or page == 5: headers['user-agent'] = 'yuanrenxue.project' response = requests.get(url,headers=headers,verify=False) res = response.json() for i in res['data']: data = i['value'] ticket_lists.append(data) if __name__ == '__main__': ticket_lists = [] timestamp = get_time() cookie = js_md5(timestamp) for i in range(1,6): yuanrenxue_sprider(cookie,i) print(ticket_lists) average = sum(ticket_lists) print('热度的和值为:',average)
这篇关于猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】的文章就介绍到这儿,希望我们推荐的文章对大家有所帮助,也希望大家多多支持为之网!
- 2024-12-23【JS逆向百例】爱疯官网登录逆向分析
- 2024-12-21Vue3教程:新手入门到实践应用
- 2024-12-21VueRouter4教程:从入门到实践
- 2024-12-20Vue3项目实战:从入门到上手
- 2024-12-20Vue3项目实战:新手入门教程
- 2024-12-20VueRouter4项目实战:新手入门教程
- 2024-12-20如何实现JDBC和jsp的关系?-icode9专业技术文章分享
- 2024-12-20Vue项目中实现TagsView标签栏导航的简单教程
- 2024-12-20Vue3入门教程:从零开始搭建你的第一个Vue3项目
- 2024-12-20从零开始学习vueRouter4:基础教程