JS逆向:Webpack打包后的代码怎么搞?猿人学爬虫比赛第十六题详细题解
【摘要】
实战地址
http://match.yuanrenxue.com/match/16
抓包分析
地址栏输入 地址,按下F12并回车,发现数据在这里:
查看cookie,无加密相关的字段。请求的接口倒是有个m的加密参数,看来这题的主要目的就是 看看m参数怎么进行加密的吧。
切换 Initiator,这请求也太明显了,点击下面所示的js文件:
跟进去并美...
实战地址
http://match.yuanrenxue.com/match/16
抓包分析
地址栏输入 地址,按下F12并回车,发现数据在这里:
查看cookie,无加密相关的字段。请求的接口倒是有个m的加密参数,看来这题的主要目的就是 看看m参数怎么进行加密的吧。
切换 Initiator,这请求也太明显了,点击下面所示的js文件:
跟进去并美化后,来到这里:
不用过多分析,m加密在这里:
-
r.m = n[e(528)](btoa, p_s),
-
r.t = p_s;
-
而这个实参 p_s 是由上面的这行代码生成的:
-
p_s = Date[e(496)](new Date)[e(517)]();
-
在 r.m 赋值的这行打上断点,请求第二页,控制台输入 btoa 并回车,双击跟进,来到这里:
看这个混淆,很明显的 obfuscator 混淆,直接将整个 732 copy下来保存到文件,并写出AST插件进行反混淆:
进行反混淆和删除垃圾代码,优化后的btoa函数:
-
function btoa(e) {
-
var f = "U9876543210zyxwvutsrqpomnlkjihgfdecbaZXYWVUTSRQPONABHICESQWK2Fi+9876543210zyxwvutsrqpomnlkjihgfdecbaZXYWVUTSRQPONABHICESQWK2Fi";
-
for (var o, a, s, l = 0, c = []; l < e["length"];) {
-
a = e["charCodeAt"](l), s = l % 6;
-
switch (s) {
-
case 0:
-
c["push"](f["charAt"](a >> 2));
-
break;
-
-
-
case 1:
-
c["push"](f["charAt"]((2 & o) << 3 | a >> 4));
-
break;
-
-
-
case 2:
-
c["push"](f["charAt"]((15 & o) << 2 | a >> 6)), c["push"](f["charAt"](a & 63));
-
break;
-
-
-
case 3:
-
c["push"](f["charAt"](a >> 3));
-
break;
-
-
-
case 4:
-
c["push"](f["charAt"]((o & 4) << 6 | a >> 6));
-
break;
-
-
-
case 5:
-
c["push"](f["charAt"]((o & 15) << 4 | a >> 8)), c["push"](f["charAt"](a & 63));
-
}
-
-
-
o = a, l++;
-
}
-
-
c["push"](f["charAt"]((o & 3) << 4)), c["push"]("FM");
-
-
return d(15) + md5(c["join"]("")) + d(10);
-
}
这里可以看到还有 d 函数 和 md5 函数,分别进行抠取和优化。
优化后的d函数:
-
function d(e) {
-
e = e ||32;
-
var l = "ABCDEFGHJKMNPQRSTWXYZabcdefhijkmnprstwxyz2345678";
-
var s = l["length"];
-
var c = "";
-
for (i = 0; i < e; i++) c += l["charAt"](Math["floor"](Math["random"]() * s));
-
return c;
-
}
优化后的md5函数:
-
function md5(e) {
-
function o(e, n) {
-
e[n >> 5] |= 128 << n % 32;
-
e[(n + 64 >>> 9 << 4) + 14] = n;
-
var b = 1732584193;
-
var x = -271733879;
-
var T = -1732584194;
-
var w = 271733878;
-
-
-
for (var d = 0; d < e["length"]; d += 16) {
-
var m = b;
-
var y = x;
-
var v = T;
-
var g = w;
-
b = s(b, x, T, w, e[d + 0], 7, -680976936);
-
w = s(w, b, x, T, e[d + 1], 12, -389564586);
-
T = s(T, w, b, x, e[d + 2], 17, 606105819);
-
x = s(x, T, w, b, e[d + 3], 22, -1044525330);
-
b = s(b, x, T, w, e[d + 4], 7, -176418897);
-
w = s(w, b, x, T, e[d + 5], 12, 1200080426);
-
T = s(T, w, b, x, e[d + 6], 17, -1473231341);
-
x = s(x, T, w, b, e[d + 7], 22, -45705983);
-
b = s(b, x, T, w, e[d + 8], 7, 1770035416);
-
w = s(w, b, x, T, e[d + 9], 12, -1958414417);
-
T = s(T, w, b, x, e[d + 10], 17, -42063);
-
x = s(x, T, w, b, e[d + 11], 22, -1990404162);
-
b = s(b, x, T, w, e[d + 12], 7, 1804550682);
-
w = s(w, b, x, T, e[d + 13], 12, -40341101);
-
T = s(T, w, b, x, e[d + 14], 17, -1502002290);
-
x = s(x, T, w, b, e[d + 15], 22, 1236531029);
-
b = l(b, x, T, w, e[d + 1], 5, -165796510);
-
w = l(w, b, x, T, e[d + 6], 9, -1069501632);
-
T = l(T, w, b, x, e[d + 11], 14, 643717713);
-
x = l(x, T, w, b, e[d + 0], 20, -373897302);
-
b = l(b, x, T, w, e[d + 5], 5, -701520691);
-
w = l(w, b, x, T, e[d + 10], 9, 38016083);
-
T = l(T, w, b, x, e[d + 15], 14, -660478335);
-
x = l(x, T, w, b, e[d + 4], 20, -405537848);
-
b = l(b, x, T, w, e[d + 9], 5, 568446438);
-
w = l(w, b, x, T, e[d + 14], 9, -1019803690);
-
T = l(T, w, b, x, e[d + 3], 14, -187363961);
-
x = l(x, T, w, b, e[d + 8], 20, 1163531501);
-
b = l(b, x, T, w, e[d + 13], 5, -1444681467);
-
w = l(w, b, x, T, e[d + 2], 9, -51403784);
-
T = l(T, w, b, x, e[d + 7], 14, 1735328473);
-
x = l(x, T, w, b, e[d + 12], 20, -1921207734);
-
b = u(b, x, T, w, e[d + 5], 4, -378558);
-
w = u(w, b, x, T, e[d + 8], 11, -2022574463);
-
T = u(T, w, b, x, e[d + 11], 16, 1839030562);
-
x = u(x, T, w, b, e[d + 14], 23, -35311556);
-
b = u(b, x, T, w, e[d + 1], 4, -1530992060);
-
w = u(w, b, x, T, e[d + 4], 11, 1272893353);
-
T = u(T, w, b, x, e[d + 7], 16, -155497632);
-
x = u(x, T, w, b, e[d + 10], 23, -1094730640);
-
b = u(b, x, T, w, e[d + 13], 4, 681279174);
-
w = u(w, b, x, T, e[d + 0], 11, -358537222);
-
T = u(T, w, b, x, e[d + 3], 16, -722881979);
-
x = u(x, T, w, b, e[d + 6], 23, 76029189);
-
b = u(b, x, T, w, e[d + 9], 4, -640364487);
-
w = u(w, b, x, T, e[d + 12], 11, -421815835);
-
T = u(T, w, b, x, e[d + 15], 16, 530742520);
-
x = u(x, T, w, b, e[d + 2], 23, -995338651);
-
b = c(b, x, T, w, e[d + 0], 6, -198630844);
-
w = c(w, b, x, T, e[d + 7], 10, 11261161415);
-
T = c(T, w, b, x, e[d + 14], 15, -1416354905);
-
x = c(x, T, w, b, e[d + 5], 21, -57434055);
-
b = c(b, x, T, w, e[d + 12], 6, 1700485571);
-
w = c(w, b, x, T, e[d + 3], 10, -1894446606);
-
T = c(T, w, b, x, e[d + 10], 15, -1051523);
-
x = c(x, T, w, b, e[d + 1], 21, -2054922799);
-
b = c(b, x, T, w, e[d + 8], 6, 1873313359);
-
w = c(w, b, x, T, e[d + 15], 10, -30611744);
-
T = c(T, w, b, x, e[d + 6], 15, -1560198380);
-
x = c(x, T, w, b, e[d + 13], 21, 1309151649);
-
b = c(b, x, T, w, e[d + 4], 6, -145523070);
-
w = c(w, b, x, T, e[d + 11], 10, -1120210379);
-
T = c(T, w, b, x, e[d + 2], 15, 718787259);
-
x = c(x, T, w, b, e[d + 9], 21, -343485551);
-
b = f(b, m);
-
x = f(x, y);
-
T = f(T, v);
-
w = f(w, g);
-
}
-
-
-
return Array(b, x, T, w);
-
}
-
-
-
function a(e, n, r, o, a, s) {
-
return f(d(f(f(n, e), f(o, s)), a), r);
-
}
-
-
-
function s(e, n, r, o, s, l, u) {
-
return a(n & r | ~n & o, e, n, s, l, u);
-
}
-
-
-
function l(e, n, r, o, s, l, u) {
-
return a(n & o | r & ~o, e, n, s, l, u);
-
}
-
-
-
function u(e, n, r, o, s, l, u) {
-
return a(n ^ r ^ o, e, n, s, l, u);
-
}
-
-
-
function c(e, n, r, o, s, l, u) {
-
return a(r ^ (n | ~o), e, n, s, l, u);
-
}
-
-
-
function f(e, n) {
-
var o = (65535 & e) + (n & 65535),
-
a = (e >> 16) + (n >> 16) + (o >> 16);
-
return a << 16 | o & 65535;
-
}
-
-
-
function d(e, n) {
-
return e << n | e >>> 32 - n;
-
}
-
-
-
function p(e) {
-
for (var r = Array(), o = 65535, a = 0; a < e["length"] * 16; a += 16) r[a >> 5] |= (e["charCodeAt"](a / 16) & o) << a % 32;
-
-
-
return r;
-
}
-
-
-
function h(e) {
-
for (var r = "0123456789abcdef", o = "", a = 0; a < e["length"] * 4; a++) o += r["charAt"](15 & e[a >> 2] >> a % 4 * 8 + 4) + r["charAt"](15 & e[a >> 2] >> a % 4 * 8);
-
-
-
return o;
-
}
-
-
-
return function (e) {
-
return h(o(p(e), 16 * e["length"]));
-
}(e);
-
}
代码合并后,运行不再报错。很快就写出了 Python代码:
-
# -*- coding: utf-8 -*-
-
import time
-
import execjs
-
import requests
-
-
-
-
-
def main():
-
sums = 0
-
headers = {"User-Agent": "yuanrenxue.project",}
-
-
-
with open("decode_16.js","r",encoding = "utf-8") as fp:
-
jscode = fp.read()
-
-
-
ctx = execjs.compile(jscode)
-
-
for i in range(1, 6):
-
t = str(int(time.time()*1000))
-
-
-
m = ctx.call("btoa",t)
-
-
params = {
-
"m":m,
-
"page":i,
-
"t":t,
-
}
-
response = requests.get(url="http://match.yuanrenxue.com/api/match/16",params = params,headers=headers).json()
-
for each in response["data"]:
-
sums += each["value"]
-
print(sums)
-
# 287383
-
-
-
-
-
if __name__ == "__main__":
-
main()
-
-
对于这个webpack打包的网站来说,基本没啥难度吧,先优化一波,去混淆,删除垃圾代码,再缺啥补啥就好,浏览器相关的都不用补。
当然,webpack也有技巧,不过很少用的,无脑抠就好,然后缺啥补啥。
我也不喜欢一大坨代码搞在一起,简单点,事情简单点,心情或许会好很多。
文章来源: blog.csdn.net,作者:悦来客栈的老板,版权归原作者所有,如需转载,请联系作者。
原文链接:blog.csdn.net/qq523176585/article/details/110153191
【版权声明】本文为华为云社区用户转载文章,如果您发现本社区中有涉嫌抄袭的内容,欢迎发送邮件进行举报,并提供相关证据,一经查实,本社区将立刻删除涉嫌侵权内容,举报邮箱:
cloudbbs@huaweicloud.com
- 点赞
- 收藏
- 关注作者
评论(0)