文章目录
- 前言
- 1. 加密方法
- 1.1 加密寻找准备
- 1.1.2 抓包分析
- 1.1.3 调用堆栈
- 前期试验理解
- 中期操作
- 1.2 加密内容
- 2. 代码实现
- 2.1 完整版代码
- 2.2 python函数总结
- 2.3 注意
前言
对js的基础一窍不通,最近才开始看。所以本文只是复现,别人的操作的逻辑。
如果一个案例看不懂,那就两个,三个,四个,,,
总会学会的。
题目链接:猿人学第一题
1. 加密方法
1.1 加密寻找准备
问题:F12直接打开,傻眼。
对无限debug有比较深入理解的文章
https://blog.csdn.net/qq_21567385/article/details/110793049?
总结:无限debug劝退小白。
解决:直接在无限debug处,右键输入FALSE。(搞不明的,自行百度)
小贴士:在行号上右键,修改断点。
1.1.2 抓包分析
咱只要知道m是咋来的就行
1.1.3 调用堆栈
前期试验理解
这不好几个js生成文件,咱就只看request。 为什么直接看request,因为是带加密头的请求来的数据,直接看就行。
打开一看,这是啥
加密的过于明显,就是不想你看到源码,进行破解。
接下来,解混淆。
解混淆的网站,本来猿人学的工具里面有,但是现在木有了。
工具是蔡老板写的,我这边分享不出来。需要的话,找蔡老板。
window.url = "/api/match/1";request = function () {var _0x2268f9 = Date.parse(new Date()) + 100000000; //时间戳这里来的 _0x2268f9var _0x57feae = oo0O0(_0x2268f9["toString"]()) + window.f;// _0x57feae 是window.fconst _0x5d83a3 = {};_0x5d83a3.page = window.page;_0x5d83a3.m = _0x57feae + "丨" + _0x2268f9/ 1000; //m 出现了,_0x2268f9 这是一个时间戳 var _0xb89747 = _0x5d83a3;
中期操作
点击进入send,打断点。
点击request
点击下一步,下一步,感受js顺序执行的过程,直到以下这个页面出现。
复制这行代码,并用鬼鬼调试工具,来进行测试。没有鬼鬼调试工具,去淘宝看看。
function oo0O0(mw) {
window.b = '';
for (var i = 0,
len = window.a.length; i < len; i++) {console.log(window.a[i]);window.b += String[document.e + document.g](window.a[i][document.f + document.h]() - i - window.c)
}
var U = ['W5r5W6VdIHZcT8kU', 'WQ8CWRaxWQirAW=='];
var J = function(o, E) {o = o - 0x0;var N = U[o];if (J['bSSGte'] === undefined) {var Y = function(w) {var m = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=',T = String(w)['replace'](/=+$/, '');var A = '';for (var C = 0x0,b, W, l = 0x0; W = T['charAt'](l++);~W && (b = C % 0x4 ? b * 0x40 + W: W, C++%0x4) ? A += String['fromCharCode'](0xff & b >> ( - 0x2 * C & 0x6)) : 0x0) {W = m['indexOf'](W)}return A};var t = function(w, m) {var T = [],A = 0x0,C,b = '',W = '';w = Y(w);for (var R = 0x0,v = w['length']; R < v; R++) {W += '%' + ('00' + w['charCodeAt'](R)['toString'](0x10))['slice']( - 0x2)}w = decodeURIComponent(W);var l;for (l = 0x0; l < 0x100; l++) {T[l] = l}for (l = 0x0; l < 0x100; l++) {A = (A + T[l] + m['charCodeAt'](l % m['length'])) % 0x100,C = T[l],T[l] = T[A],T[A] = C}l = 0x0,A = 0x0;for (var L = 0x0; L < w['length']; L++) {l = (l + 0x1) % 0x100,A = (A + T[l]) % 0x100,C = T[l],T[l] = T[A],T[A] = C,b += String['fromCharCode'](w['charCodeAt'](L) ^ T[(T[l] + T[A]) % 0x100])}return b};J['luAabU'] = t,J['qlVPZg'] = {},J['bSSGte'] = !![]}var H = J['qlVPZg'][o];return H === undefined ? (J['TUDBIJ'] === undefined && (J['TUDBIJ'] = !![]), N = J['luAabU'](N, E), J['qlVPZg'][o] = N) : N = H,N
};
eval(atob(window['b'])[J('0x0', ']dQW')](J('0x1', 'GTu!'), '\x27' + mw + '\x27'));
// atob(window['b'])拿下来看看,找到window.f
return ''
}
1.2 加密内容
找到 window.f 啦
var hexcase = 0;
var b64pad = "";
var chrsz = 16;
function hex_md5(a) {
return binl2hex(core_md5(str2binl(a), a.length * chrsz))
}
function b64_md5(a) {
return binl2b64(core_md5(str2binl(a), a.length * chrsz))
}
function str_md5(a) {
return binl2str(core_md5(str2binl(a), a.length * chrsz))
}
function hex_hmac_md5(a, b) {
return binl2hex(core_hmac_md5(a, b))
}
function b64_hmac_md5(a, b) {
return binl2b64(core_hmac_md5(a, b))
}
function str_hmac_md5(a, b) {
return binl2str(core_hmac_md5(a, b))
}
function md5_vm_test() {
return hex_md5("abc") == "900150983cd24fb0d6963f7d28e17f72"
}
function core_md5(p, k) {
p[k >> 5] |= 128 << ((k) % 32);
p[(((k + 64) >>> 9) << 4) + 14] = k;
var o = 1732584193;
var n = -271733879;
var m = -1732584194;
var l = 271733878;
for (var g = 0; g < p.length; g += 16) {var j = o;var h = n;var f = m;var e = l;o = md5_ff(o, n, m, l, p[g + 0], 7, -680976936);l = md5_ff(l, o, n, m, p[g + 1], 12, -389564586);m = md5_ff(m, l, o, n, p[g + 2], 17, 606105819);n = md5_ff(n, m, l, o, p[g + 3], 22, -1044525330);o = md5_ff(o, n, m, l, p[g + 4], 7, -176418897);l = md5_ff(l, o, n, m, p[g + 5], 12, 1200080426);m = md5_ff(m, l, o, n, p[g + 6], 17, -1473231341);n = md5_ff(n, m, l, o, p[g + 7], 22, -45705983);o = md5_ff(o, n, m, l, p[g + 8], 7, 1770035416);l = md5_ff(l, o, n, m, p[g + 9], 12, -1958414417);m = md5_ff(m, l, o, n, p[g + 10], 17, -42063);n = md5_ff(n, m, l, o, p[g + 11], 22, -1990404162);o = md5_ff(o, n, m, l, p[g + 12], 7, 1804660682);l = md5_ff(l, o, n, m, p[g + 13], 12, -40341101);m = md5_ff(m, l, o, n, p[g + 14], 17, -1502002290);n = md5_ff(n, m, l, o, p[g + 15], 22, 1236535329);o = md5_gg(o, n, m, l, p[g + 1], 5, -165796510);l = md5_gg(l, o, n, m, p[g + 6], 9, -1069501632);m = md5_gg(m, l, o, n, p[g + 11], 14, 643717713);n = md5_gg(n, m, l, o, p[g + 0], 20, -373897302);o = md5_gg(o, n, m, l, p[g + 5], 5, -701558691);l = md5_gg(l, o, n, m, p[g + 10], 9, 38016083);m = md5_gg(m, l, o, n, p[g + 15], 14, -660478335);n = md5_gg(n, m, l, o, p[g + 4], 20, -405537848);o = md5_gg(o, n, m, l, p[g + 9], 5, 568446438);l = md5_gg(l, o, n, m, p[g + 14], 9, -1019803690);m = md5_gg(m, l, o, n, p[g + 3], 14, -187363961);n = md5_gg(n, m, l, o, p[g + 8], 20, 1163531501);o = md5_gg(o, n, m, l, p[g + 13], 5, -1444681467);l = md5_gg(l, o, n, m, p[g + 2], 9, -51403784);m = md5_gg(m, l, o, n, p[g + 7], 14, 1735328473);n = md5_gg(n, m, l, o, p[g + 12], 20, -1921207734);o = md5_hh(o, n, m, l, p[g + 5], 4, -378558);l = md5_hh(l, o, n, m, p[g + 8], 11, -2022574463);m = md5_hh(m, l, o, n, p[g + 11], 16, 1839030562);n = md5_hh(n, m, l, o, p[g + 14], 23, -35309556);o = md5_hh(o, n, m, l, p[g + 1], 4, -1530992060);l = md5_hh(l, o, n, m, p[g + 4], 11, 1272893353);m = md5_hh(m, l, o, n, p[g + 7], 16, -155497632);n = md5_hh(n, m, l, o, p[g + 10], 23, -1094730640);o = md5_hh(o, n, m, l, p[g + 13], 4, 681279174);l = md5_hh(l, o, n, m, p[g + 0], 11, -358537222);m = md5_hh(m, l, o, n, p[g + 3], 16, -722881979);n = md5_hh(n, m, l, o, p[g + 6], 23, 76029189);o = md5_hh(o, n, m, l, p[g + 9], 4, -640364487);l = md5_hh(l, o, n, m, p[g + 12], 11, -421815835);m = md5_hh(m, l, o, n, p[g + 15], 16, 530742520);n = md5_hh(n, m, l, o, p[g + 2], 23, -995338651);o = md5_ii(o, n, m, l, p[g + 0], 6, -198630844);l = md5_ii(l, o, n, m, p[g + 7], 10, 11261161415);m = md5_ii(m, l, o, n, p[g + 14], 15, -1416354905);n = md5_ii(n, m, l, o, p[g + 5], 21, -57434055);o = md5_ii(o, n, m, l, p[g + 12], 6, 1700485571);l = md5_ii(l, o, n, m, p[g + 3], 10, -1894446606);m = md5_ii(m, l, o, n, p[g + 10], 15, -1051523);n = md5_ii(n, m, l, o, p[g + 1], 21, -2054922799);o = md5_ii(o, n, m, l, p[g + 8], 6, 1873313359);l = md5_ii(l, o, n, m, p[g + 15], 10, -30611744);m = md5_ii(m, l, o, n, p[g + 6], 15, -1560198380);n = md5_ii(n, m, l, o, p[g + 13], 21, 1309151649);o = md5_ii(o, n, m, l, p[g + 4], 6, -145523070);l = md5_ii(l, o, n, m, p[g + 11], 10, -1120210379);m = md5_ii(m, l, o, n, p[g + 2], 15, 718787259);n = md5_ii(n, m, l, o, p[g + 9], 21, -343485551);o = safe_add(o, j);n = safe_add(n, h);m = safe_add(m, f);l = safe_add(l, e)
}
return Array(o, n, m, l)
}
function md5_cmn(h, e, d, c, g, f) {
return safe_add(bit_rol(safe_add(safe_add(e, h), safe_add(c, f)), g), d)
}
function md5_ff(g, f, k, j, e, i, h) {
return md5_cmn((f & k) | ((~f) & j), g, f, e, i, h)
}
function md5_gg(g, f, k, j, e, i, h) {
return md5_cmn((f & j) | (k & (~j)), g, f, e, i, h)
}
function md5_hh(g, f, k, j, e, i, h) {
return md5_cmn(f ^ k ^ j, g, f, e, i, h)
}
function md5_ii(g, f, k, j, e, i, h) {
return md5_cmn(k ^ (f | (~j)), g, f, e, i, h)
}
function core_hmac_md5(c, f) {
var e = str2binl(c);
if (e.length > 16) {e = core_md5(e, c.length * chrsz)
}
var a = Array(16),
d = Array(16);
for (var b = 0; b < 16; b++) {a[b] = e[b] ^ 909522486;d[b] = e[b] ^ 1549556828
}
var g = core_md5(a.concat(str2binl(f)), 512 + f.length * chrsz);
return core_md5(d.concat(g), 512 + 128)
}
function safe_add(a, d) {
var c = (a & 65535) + (d & 65535);
var b = (a >> 16) + (d >> 16) + (c >> 16);
return (b << 16) | (c & 65535)
}
function bit_rol(a, b) {
return (a << b) | (a >>> (32 - b))
}
function str2binl(d) {
var c = Array();
var a = (1 << chrsz) - 1;
for (var b = 0; b < d.length * chrsz; b += chrsz) {c[b >> 5] |= (d.charCodeAt(b / chrsz) & a) << (b % 32)
}
return c
}
function binl2str(c) {
var d = "";
var a = (1 << chrsz) - 1;
for (var b = 0; b < c.length * 32; b += chrsz) {d += String.fromCharCode((c[b >> 5] >>> (b % 32)) & a)
}
return d
}
function binl2hex(c) {
var b = hexcase ? "0123456789ABCDEF": "0123456789abcdef";
var d = "";
for (var a = 0; a < c.length * 4; a++) {d += b.charAt((c[a >> 2] >> ((a % 4) * 8 + 4)) & 15) + b.charAt((c[a >> 2] >> ((a % 4) * 8)) & 15)
}
return d
}
function binl2b64(d) {
var c = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
var f = "";
for (var b = 0; b < d.length * 4; b += 3) {var e = (((d[b >> 2] >> 8 * (b % 4)) & 255) << 16) | (((d[b + 1 >> 2] >> 8 * ((b + 1) % 4)) & 255) << 8) | ((d[b + 2 >> 2] >> 8 * ((b + 2) % 4)) & 255);for (var a = 0; a < 4; a++) {if (b * 8 + a * 6 > d.length * 32) {f += b64pad} else {f += c.charAt((e >> 6 * (3 - a)) & 63)}}
}
return f // 这不就是f 嘛。
};function getM() { // 这里直接把m构造出来,直接写。
var timestamp= Date.parse(new Date()) + 100000000;
var f = hex_md5(timestamp.toString())
var m = f + " | " + timestamp / 1000
return m
}
2. 代码实现
两个文件,一个js文件(1.2加密内容),一个请求文件。
2.1 完整版代码
# js引入模块
import execjs, json
# 请求模块
import requests
# 日志模块
from loguru import loggerwith open(r'yuanrenxue1.js', encoding='utf-8', mode='r') as f:JsData = f.read()
psd = execjs.compile(JsData).call('getM')
m = psd.replace('|', '%E4%B8%A8')
m1 = m.replace(' ', "")
print(m1)
lst = []
for i in range(1, 6):base_url = 'http://match.yuanrenxue.com/api/match/1?page={}&m={}'.format(i, m1)headers = {'user-agent': 'yuanrenxue.project','x-requested-with': 'XMLHttpRequest','cookie': '#', // 自己加自己的}response = requests.get(base_url, headers=headers)json_data = response.json()['data']for data in json_data:lst.append(data['value'])
sum = 0
for i in lst:sum += int(i)
print(sum / len(lst))2.2 python函数总结
我的代码写的比较潦草,不如别的博主正规,人家用类来写请求,大家借鉴人家吧。
2.3 注意
整个过程,自己多想想,每次点击下一步时,页面跳转的结果,来反推参数生成的逻辑。
我在接触这个题目时候,一点js基础没有。导致一开始看这个题目,完全懵逼。
现在回头看看,每一步都少不了。
如果有相同经历的虫友,建议去看看js基础,没事自己搭建一个前端。多多接触,就会容易很多。
![JAVA保姆级教学(一)[安装及使用]](https://img-blog.csdnimg.cn/eaa44059d9a248e9b1355a3dfeb2d06e.jpg?x-oss-process=image/watermark,type_d3F5LXplbmhlaQ,shadow_50,text_Q1NETiBA54y_6a2ULU0=,size_20,color_FFFFFF,t_70,g_se,x_16)
