Python实战|js逆向空中网
2021/12/9 1:17:24
本文主要是介绍Python实战|js逆向空中网,对大家解决编程问题具有一定的参考价值,需要的程序猿们随着小编来一起学习吧!
空中网链接:
https://passport.kongzhong.com/
js代码调试阶段
1.查找关键字password,找了半天,只找到了一个被混淆后的js代码
2.开启浏览器自带反混淆功能
3.Setting——Preferences——Sources勾选上下图框中内容即可
4.再次重新搜索一下,VM中就是反混淆后的内容
5.进来就能看见相关加密函数,此处打上断点并重新点登录按钮,进入该函数内部
6.经过调试发现,该文件内部包含了所有加密所需要的代码
7.将里面的代码复制出来进行调试
爬虫代码编写
kongzhongwang.py
import requests import time import json import execjs import re def get_time(): now_time=str(int(time.time()*1000)) return now_time time = get_time() url = 'https://sso.kongzhong.com/ajaxLogin?j=j&jsonp=j&service=https://passport.kongzhong.com/&_='+ time headers = { 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.20 Safari/537.36', 'Referer': 'https://passport.kongzhong.com/', } res = requests.get(url=url, headers=headers).text rz = 'KZLoginHandler.jsonpCallbackKongZ\((.*?)\)' text_py = re.findall(rz, res)[0] dc = json.loads(text_py)['dc'] #实例化一个对象 node = execjs.get() ctx = node.compile(open('./kongzhongwang.js').read()) pwd = '123' funcName = 'getPwd("{0}","{1}")'.format(pwd, dc) pwd = ctx.eval(funcName) print(pwd)
kongzhongwang.js
var KZLoginHandler = { 'id': 'kongzhong-login-agent', 'loginServer': 'http://sso.kongzhong.com', 'service': '', 'targetService': '', 'j_data': null, 'f_call_back': null, 'timestamp': 0, 'completed': false, 'renew': false, 'init': function() { this.j_data = null; this.f_call_back = null; this.timestamp = 0; this.completed = true; }, 'check': function(call_back) { this.init(); this.f_call_back = call_back; var param = "jsonp=j"; if (this.service != null && jQuery.trim(this.service) != "") { param += "&service=" + decodeURIComponent(this.service) }; if (this.targetService != null && jQuery.trim(this.targetService) != "") { param += "&targetService=" + decodeURIComponent(this.targetService) }; if (this.renew) { param += "&renew=1" }; this.exec_login(param) }, 'exec_login': function(param) { if (this.completed == false) { return false }; if (this.j_data != null && this.j_data["state"] == "1") { var data = {}; data["user"] = this.j_data["user"]; data["service"] = this.j_data["service"]; data["logged"] = true; data["dc"] = this.j_data["dc"]; this.f_call_back(data); return false }; var url = this.loginServer + "/ajaxLogin"; jQuery.ajax({ async: false, url: url, type: 'post', dataType: 'jsonp', jsonp: 'j', data: param, jsonpCallback: "j", timeout: 5000, success: function(json) {}, error: function(xhr) {} }) }, 'jsonpCallbackKongZ': function(vData) { this.j_data = vData; this.timestamp = Date.parse(new Date()); if (this.f_call_back != null) { var data = {}; if (vData["state"] == "0") { data["service"] = vData["service"]; data["logged"] = false; data["errors"] = vData["kzmsg"]; if (vData["requirevcode"] != null && vData["requirevcode"] == "1") { data["requirevcode"] = true } else { data["requirevcode"] = false } } else if (vData["state"] == "1") { data["user"] = vData["user"]; data["service"] = vData["service"]; data["logged"] = true }; data["dc"] = this.j_data["dc"]; this.f_call_back(data) }; this.completed = true }, 'login': function(user, pwd, to_save, vcode, call_back) { var tempTime = Date.parse(new Date()) - this.timestamp; if ((tempTime / 1000) >= 180) { this.j_data = null }; if (this.j_data == null || this.j_data == "") { this.check(function(data) { this.f_call_back = call_back; var param = ""; param += "&type=1"; if (this.service != null && jQuery.trim(this.service) != "") { param += "&service=" + decodeURIComponent(this.service) }; param += "&username=" + user; param += "&password=" + this.encrypt(pwd, data["dc"]); param += "&vcode=" + vcode; if (to_save) { param += "&toSave=1" } else { param += "&toSave=0" }; if (this.targetService != null && jQuery.trim(this.targetService) != "") { param += "&targetService=" + decodeURIComponent(this.targetService) }; if (this.renew) { param += "&renew=1" }; this.exec_login(param) }) } else { this.f_call_back = call_back; var param = ""; param += "&type=1"; if (this.service != null && jQuery.trim(this.service) != "") { param += "&service=" + decodeURIComponent(this.service) }; param += "&username=" + user; param += "&password=" + this.encrypt(pwd, this.j_data["dc"]); param += "&vcode=" + vcode; if (to_save) { param += "&toSave=1" } else { param += "&toSave=0" }; if (this.targetService != null && jQuery.trim(this.targetService) != "") { param += "&targetService=" + decodeURIComponent(this.targetService) }; if (this.renew) { param += "&renew=1" }; this.exec_login(param) } }, 'login_sms': function(user, smscode, to_save, vcode, call_back) { var tempTime = Date.parse(new Date()) - this.timestamp; if ((tempTime / 1000) >= 180) { this.j_data = null }; if (this.j_data == null || this.j_data == "") { this.check(function() { this.f_call_back = call_back; var param = ""; param += "&type=2"; param += "&service=" + this.service; param += "&username=" + user; param += "&vcode=" + vcode; param += "&smscode=" + smscode; if (to_save) { param += "&toSave=1" } else { param += "&toSave=0" }; if (this.targetService != null) { param += "&targetService=" + decodeURIComponent(this.targetService) }; if (this.renew) { param += "&renew=1" }; this.exec_login(param) }) } else { this.f_call_back = call_back; var param = ""; param += "&type=2"; param += "&service=" + this.service; param += "&username=" + user; param += "&vcode=" + vcode; param += "&smscode=" + smscode; if (to_save) { param += "&toSave=1" } else { param += "&toSave=0" }; if (this.targetService != null) { param += "&targetService=" + decodeURIComponent(this.targetService) }; if (this.renew) { param += "&renew=1" }; this.exec_login(param) } }, 'login_reg': function(user, pwd, to_save, call_back) { var tempTime = Date.parse(new Date()) - this.timestamp; if ((tempTime / 1000) >= 180) { this.j_data = null }; if (this.j_data == null || this.j_data == "") { this.check(function() { this.f_call_back = call_back; var param = ""; param += "&type=101"; param += "&service=" + this.service; param += "&username=" + user; param += "&password=" + pwd; if (to_save) { param += "&toSave=1" } else { param += "&toSave=0" }; if (this.renew) { param += "&renew=1" }; this.exec_login(param) }) } else { this.f_call_back = call_back; var param = ""; param += "&type=101"; param += "&service=" + this.service; param += "&username=" + user; param += "&password=" + pwd; if (to_save) { param += "&toSave=1" } else { param += "&toSave=0" }; if (this.renew) { param += "&renew=1" }; this.exec_login(param) } }, 'encrypt': function(str, pwd) { if (pwd == null || pwd.length <= 0) { return null }; var prand = ""; for (var i = 0; i < pwd.length; i++) { prand += pwd.charCodeAt(i).toString() }; var sPos = Math.floor(prand.length / 5); var mult = parseInt(prand.charAt(sPos) + prand.charAt(sPos * 2) + prand.charAt(sPos * 3) + prand.charAt(sPos * 4) + prand.charAt(sPos * 5)); var incr = Math.ceil(pwd.length / 2); var modu = Math.pow(2, 31) - 1; if (mult < 2) { return null }; var salt = Math.round(Math.random() * 1000000000) % 100000000; prand += salt; while (prand.length > 10) { var a = prand.substring(0, 1); var b = prand.substring(10, prand.length); if (b.length > 10) { prand = b } else { prand = (parseInt(a) + parseInt(b)).toString() } }; prand = (mult * prand + incr) % modu; var enc_chr = ""; var enc_str = ""; for (var i = 0; i < str.length; i++) { enc_chr = parseInt(str.charCodeAt(i) ^ Math.floor((prand / modu) * 255)); if (enc_chr < 16) { enc_str += "0" + enc_chr.toString(16) } else enc_str += enc_chr.toString(16); prand = (mult * prand + incr) % modu }; salt = salt.toString(16); while (salt.length < 8) salt = "0" + salt; enc_str += salt; return enc_str } }; function getPwd(pwd) { dc = "C7F9A5AD3594668B6418E9F8FABC1F86"; return KZLoginHandler.encrypt(pwd, dc); }
这篇关于Python实战|js逆向空中网的文章就介绍到这儿,希望我们推荐的文章对大家有所帮助,也希望大家多多支持为之网!
- 2024-12-27Vue2面试真题详解与实战教程
- 2024-12-27Vue3面试真题详解与实战攻略
- 2024-12-27JS大厂面试真题解析与实战指南
- 2024-12-27JS 大厂面试真题详解与实战指南
- 2024-12-27React 大厂面试真题详解及应对策略
- 2024-12-27Vue2 大厂面试真题详解及实战演练
- 2024-12-27Vue3 大厂面试真题详解及实战指南
- 2024-12-27Vue3大厂面试真题详解与实战攻略
- 2024-12-26React入门教程:从零开始搭建你的第一个React应用
- 2024-12-25Vue2入门教程:轻松掌握前端开发基础