python爬虫 - js逆向之猿人学第二题cookie验证+ob混淆
前言
继续,还是猿人学的,既然之前已经开了篇,那么这个系列就会一直更下去
分析
开始分析,打开页面:
还是这样的,要翻完5页,然后才能得到结果,老路子,打开浏览器的调试工具翻页看看,刚点击翻页,我去,这cookie有效期有点短啊
那重新抓包吧,
又出现这个:
鼠标放到那一行右键,然后如下:
继续抓包看看,点xhr:
还是很轻易的就拿到它的接口,然后,第二题标题已经说了,动态cookie,那么看看cookie:
相信根据老哥你的经验,Hm开头的都是百度自己生成的无关的cookie,然后我标注出来的m才是这个站点验证的cookie,sessionid只是服务端验证的登录状态,就不多说了
那我们着重看这个m,这个值跟第一题很像啊,目测唯一的区别就是后面的时间戳,没有再去掉最后三位数了,竖线还是有那我们搜竖线看看,
太多了,直接加载都要半天,换个思路
直接全局搜前面的值840c49ccdac8e80377c306987e6da346吧,一搜发现这么多都有:
点击第一个搜索结果:
第一个出现的是这个2相关的,而它这已经都带上了,那说明在这个2之前就已经在某个地方生成好了,在2之前看看有没有可疑的请求,过滤掉css,js,图片等资源文件以外,也就上面这5个了
为什么是五个,一个一个点进去看下,倒数第5个:
倒数第4个:
倒数第3个:
倒数第2和第1个都是如下:
补充下,为什么上面4个都是Failed to load response data,正常情况下是只有一个的,多了3个是因为我刚才多刷新了几次,具体刷了几次我也忘了,按理是只有一个Failed to load response data的
奇怪,没东西了啊,是吧?真的没有嘛?这个调试工具Failed to load response data的就真的没有东西吗?
按正常逻辑,这确实没有东西了啊,而出现这个通常是重定向的时候会这样,那么看它这同一个网址,加载多次,确实符合重定向的逻辑,有经验的想到这,估计直接就去找有没有location和reload相关的字眼了,而这里,也就只有这里才有可能有东西了,这可咋整呢?打开抓包工具刷新看看吧:
确实只有2个,点开第一个:
点开第2个:
对上了是吧,第二个就是实际的html源码,第一个就是一段js,生成cookie的逻辑大概率就在里面了,我们把第一个里的结果复制出来,放到文本文件里
先把script标签里的内容抠出来,存到js文件里:
卧槽,全是一堆这种东西,简直头皮发麻,算了,放弃了,今天的分析就到这里吧
。
。
。
哈哈哈,开.....开个玩笑,学习为大,分析还是要分析的,那这种东西是啥呀,看到又有\x开头,先去解码看看,还是这个网站:https://tool.lu/js/
解完看了下,变量名基本都是_0x开头的,可读性很差,这种咋办呢?
这里就不多说了,就是ob混淆,全名是obfuscator,国外的js混淆天花板的存在,具体就自己研究了,后面有空的话可以针对性的搞一波分析,要想解ob混淆的话,得用AST了,有关AST的我之前更新过一两篇,到现在一直是搁浅状态,因为之前因为一点事耽搁了,后面AST系列也会针对性的出完的。
那么我们怎么取解,难道真的要先去学AST吗,暂时不用,先回到网页,点采集分析工具,里面有ob解混淆的
把代码放进去,解析,注意,这里要把原始的js字段放进去解,不要用上面16进制转码过的来解了,不然会接口报错:
解完复制出来放到一个js文件里:
(function $dbsm_0x44bb38(_0x221bd6) { var _0x2dc897 = function () { var _0x595b67 = true; return function (_0x2908e0, _0x1b056c) { var _0x1a6e0d = _0x595b67 ? function () { if (_0x1b056c) { var _0xbcbd95 = _0x1b056c["apply"](_0x2908e0, arguments); _0x1b056c = null; return _0xbcbd95; } } : function () {}; _0x595b67 = false; return _0x1a6e0d; }; }(); var _0x1c83cc = function () { var _0x2dc3eb = true; return function (_0x4f5458, _0x5a40a1) { var _0x4a969c = _0x2dc3eb ? function () { if (_0x5a40a1) { var _0x433de8 = _0x5a40a1["apply"](_0x4f5458, arguments); _0x5a40a1 = null; return _0x433de8; } } : function () {}; _0x2dc3eb = false; return _0x4a969c; }; }(); function _0x9f72ed(_0x58f702, _0x12eea7) { var _0x4cae72 = (65535 & _0x58f702) + (65535 & _0x12eea7); return (_0x58f702 >> 16) + (_0x12eea7 >> 16) + (_0x4cae72 >> 16) << 16 | 65535 & _0x4cae72; } function _0x243844(_0x1d925b, _0x29defb) { return _0x1d925b << _0x29defb | _0x1d925b >>> 32 - _0x29defb; } function _0x40592f(_0x2aa1b5, _0x557148, _0x329a66, _0x1a6473, _0x2184ad, _0x1bde5d) { return _0x9f72ed(_0x243844(_0x9f72ed(_0x9f72ed(_0x557148, _0x2aa1b5), _0x9f72ed(_0x1a6473, _0x1bde5d)), _0x2184ad), _0x329a66); } function _0x36898c(_0x5a1480, _0x911a3e, _0x2e29ea, _0x43a690, _0x3f4eb8, _0x55b7c4, _0x1cd64e) { return _0x40592f(_0x911a3e & _0x2e29ea | ~_0x911a3e & _0x43a690, _0x5a1480, _0x911a3e, _0x3f4eb8, _0x55b7c4, _0x1cd64e); } function _0x4ff165(_0x2834ee, _0x5886ec, _0x1e9c18, _0x394652, _0x32ab02, _0x112ad7, _0x380af5) { return _0x40592f(_0x5886ec & _0x394652 | _0x1e9c18 & ~_0x394652, _0x2834ee, _0x5886ec, _0x32ab02, _0x112ad7, _0x380af5); } function _0x323adc(_0x5bbf6e, _0x78653c) { let _0x34c16c = [99, 111, 110, 115, 111, 108, 101]; let _0x284824 = ""; for (let _0x225745 = 0; _0x225745 < _0x34c16c["length"]; _0x225745++) { _0x284824 += String["fromCharCode"](_0x34c16c[_0x225745]); } return _0x284824; } function _0x28ca80(_0x468252, _0x553630, _0x2a23c0, _0x2056e6, _0x485874, _0x2e46a9, _0x3a8d91) { return _0x40592f(_0x553630 ^ _0x2a23c0 ^ _0x2056e6, _0x468252, _0x553630, _0x485874, _0x2e46a9, _0x3a8d91); } function _0x3259ce(_0x20bb5, _0x4c73ee, _0x168673, _0x53df4a, _0x45c91c, _0x50411d, _0x14c1ab) { return _0x40592f(_0x168673 ^ (_0x4c73ee | ~_0x53df4a), _0x20bb5, _0x4c73ee, _0x45c91c, _0x50411d, _0x14c1ab); } function _0x3b297a(_0x5f1dad, _0x296b8f) { if (_0x296b8f) { return _0x3259ce(_0x5f1dad); } return _0x323adc(_0x5f1dad); } function _0x2b9c5c(_0x469532, _0xee4e22) { let _0x1fdb6a = ""; for (let _0x22bb60 = 0; _0x22bb60 < _0x469532["length"]; _0x22bb60++) { _0x1fdb6a += String["fromCharCode"](_0x469532[_0x22bb60]); } return _0x1fdb6a; } function _0x51d374(_0x11a244, _0x1e21f8) { var _0xba577c = _0x2dc897(this, function () { var _0x15e103 = function () { var _0x4163d0 = _0x15e103["constructor"]("return /\" + this + \"/")()["compile"]("^([^ ]+( +[^ ]+)+)+[^ ]}"); return !_0x4163d0["test"](_0xba577c); }; return _0x15e103(); }); _0xba577c(); (function () { _0x1c83cc(this, function () { var _0x2796e4 = new RegExp("function *\\( *\\)"); var _0x4d5ed8 = new RegExp("\\+\\+ *(?:[a-zA-Z_$][0-9a-zA-Z_$]*)", "i"); var _0x4ac629 = $dbsm_0x2d44cd("init"); if (!_0x2796e4["test"](_0x4ac629 + "chain") || !_0x4d5ed8["test"](_0x4ac629 + "input")) { _0x4ac629("0"); } else { $dbsm_0x2d44cd(); } })(); })(); _0x3b297a(); qz = [10, 99, 111, 110, 115, 111, 108, 101, 32, 61, 32, 110, 101, 119, 32, 79, 98, 106, 101, 99, 116, 40, 41, 10, 99, 111, 110, 115, 111, 108, 101, 46, 108, 111, 103, 32, 61, 32, 102, 117, 110, 99, 116, 105, 111, 110, 32, 40, 115, 41, 32, 123, 10, 32, 32, 32, 32, 119, 104, 105, 108, 101, 32, 40, 49, 41, 123, 10, 32, 32, 32, 32, 32, 32, 32, 32, 102, 111, 114, 40, 105, 61, 48, 59, 105, 60, 49, 49, 48, 48, 48, 48, 48, 59, 105, 43, 43, 41, 123, 10, 32, 32, 32, 32, 32, 32, 32, 32, 104, 105, 115, 116, 111, 114, 121, 46, 112, 117, 115, 104, 83, 116, 97, 116, 101, 40, 48, 44, 48, 44, 105, 41, 10, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 125, 10, 32, 32, 32, 32, 125, 10, 10, 125, 10, 99, 111, 110, 115, 111, 108, 101, 46, 116, 111, 83, 116, 114, 105, 110, 103, 32, 61, 32, 39, 91, 111, 98, 106, 101, 99, 116, 32, 79, 98, 106, 101, 99, 116, 93, 39, 10, 99, 111, 110, 115, 111, 108, 101, 46, 108, 111, 103, 46, 116, 111, 83, 116, 114, 105, 110, 103, 32, 61, 32, 39, 402, 32, 116, 111, 83, 116, 114, 105, 110, 103, 40, 41, 32, 123, 32, 91, 110, 97, 116, 105, 118, 101, 32, 99, 111, 100, 101, 93, 32, 125, 39, 10]; eval(_0x2b9c5c(qz)); try { if (global) { console["log"]("\u4EBA\u751F\u82E6\u77ED\uFF0C\u4F55\u5FC5python\uFF1F"); } else { while (1) { console["log"]("\u4EBA\u751F\u82E6\u77ED\uFF0C\u4F55\u5FC5python\uFF1F"); debugger; } } } catch (_0x5545e4) { return navigator["vendorSub"]; } } setInterval(_0x51d374(), 500); function _0x38fd7b(_0x398d74, _0x5e56f4) { _0x398d74[_0x5e56f4 >> 5] |= 128 << _0x5e56f4 % 32, _0x398d74[14 + (_0x5e56f4 + 64 >>> 9 << 4)] = _0x5e56f4; if (qz) { var _0x29816c, _0xa69f90, _0x11d7e6, _0x525660, _0x2df66a, _0x5ad4f8 = 1732584193, _0x305bd5 = -271733879, _0x58975c = -1732584194, _0x37d1b4 = 271733878; } else { var _0x29816c, _0xa69f90, _0x11d7e6, _0x525660, _0x2df66a, _0x5ad4f8 = 0, _0x305bd5 = -0, _0x58975c = -0, _0x37d1b4 = 0; } for (_0x29816c = 0; _0x29816c < _0x398d74["length"]; _0x29816c += 16) _0xa69f90 = _0x5ad4f8, _0x11d7e6 = _0x305bd5, _0x525660 = _0x58975c, _0x2df66a = _0x37d1b4, _0x5ad4f8 = _0x36898c(_0x5ad4f8, _0x305bd5, _0x58975c, _0x37d1b4, _0x398d74[_0x29816c], 7, -680876936), _0x37d1b4 = _0x36898c(_0x37d1b4, _0x5ad4f8, _0x305bd5, _0x58975c, _0x398d74[_0x29816c + 1], 12, -389564586), _0x58975c = _0x36898c(_0x58975c, _0x37d1b4, _0x5ad4f8, _0x305bd5, _0x398d74[_0x29816c + 2], 17, 606105819), _0x305bd5 = _0x36898c(_0x305bd5, _0x58975c, _0x37d1b4, _0x5ad4f8, _0x398d74[_0x29816c + 3], 22, -1044525330), _0x5ad4f8 = _0x36898c(_0x5ad4f8, _0x305bd5, _0x58975c, _0x37d1b4, _0x398d74[_0x29816c + 4], 7, -176418897), _0x37d1b4 = _0x36898c(_0x37d1b4, _0x5ad4f8, _0x305bd5, _0x58975c, _0x398d74[_0x29816c + 5], 12, 1200080426), _0x58975c = _0x36898c(_0x58975c, _0x37d1b4, _0x5ad4f8, _0x305bd5, _0x398d74[_0x29816c + 6], 17, -1473231341), _0x305bd5 = _0x36898c(_0x305bd5, _0x58975c, _0x37d1b4, _0x5ad4f8, _0x398d74[_0x29816c + 7], 22, -45705983), _0x5ad4f8 = _0x36898c(_0x5ad4f8, _0x305bd5, _0x58975c, _0x37d1b4, _0x398d74[_0x29816c + 8], 7, 1770010416), _0x37d1b4 = _0x36898c(_0x37d1b4, _0x5ad4f8, _0x305bd5, _0x58975c, _0x398d74[_0x29816c + 9], 12, -1958414417), _0x58975c = _0x36898c(_0x58975c, _0x37d1b4, _0x5ad4f8, _0x305bd5, _0x398d74[_0x29816c + 10], 17, -42063), _0x305bd5 = _0x36898c(_0x305bd5, _0x58975c, _0x37d1b4, _0x5ad4f8, _0x398d74[_0x29816c + 11], 22, -1990404162), _0x5ad4f8 = _0x36898c(_0x5ad4f8, _0x305bd5, _0x58975c, _0x37d1b4, _0x398d74[_0x29816c + 12], 7, 1804603682), _0x37d1b4 = _0x36898c(_0x37d1b4, _0x5ad4f8, _0x305bd5, _0x58975c, _0x398d74[_0x29816c + 13], 12, -40341101), _0x58975c = _0x36898c(_0x58975c, _0x37d1b4, _0x5ad4f8, _0x305bd5, _0x398d74[_0x29816c + 14], 17, -1502882290), _0x305bd5 = _0x36898c(_0x305bd5, _0x58975c, _0x37d1b4, _0x5ad4f8, _0x398d74[_0x29816c + 15], 22, 1236535329), _0x5ad4f8 = _0x4ff165(_0x5ad4f8, _0x305bd5, _0x58975c, _0x37d1b4, _0x398d74[_0x29816c + 1], 5, -165796510), _0x37d1b4 = _0x4ff165(_0x37d1b4, _0x5ad4f8, _0x305bd5, _0x58975c, _0x398d74[_0x29816c + 6], 9, -1069501632), _0x58975c = _0x4ff165(_0x58975c, _0x37d1b4, _0x5ad4f8, _0x305bd5, _0x398d74[_0x29816c + 11], 14, 643717713), _0x305bd5 = _0x4ff165(_0x305bd5, _0x58975c, _0x37d1b4, _0x5ad4f8, _0x398d74[_0x29816c], 20, -373897302), _0x5ad4f8 = _0x4ff165(_0x5ad4f8, _0x305bd5, _0x58975c, _0x37d1b4, _0x398d74[_0x29816c + 5], 5, -701558691), _0x37d1b4 = _0x4ff165(_0x37d1b4, _0x5ad4f8, _0x305bd5, _0x58975c, _0x398d74[_0x29816c + 10], 9, 38016083), _0x58975c = _0x4ff165(_0x58975c, _0x37d1b4, _0x5ad4f8, _0x305bd5, _0x398d74[_0x29816c + 15], 14, -660478335), _0x305bd5 = _0x4ff165(_0x305bd5, _0x58975c, _0x37d1b4, _0x5ad4f8, _0x398d74[_0x29816c + 4], 20, -405537848), _0x5ad4f8 = _0x4ff165(_0x5ad4f8, _0x305bd5, _0x58975c, _0x37d1b4, _0x398d74[_0x29816c + 9], 5, 568446438), _0x37d1b4 = _0x4ff165(_0x37d1b4, _0x5ad4f8, _0x305bd5, _0x58975c, _0x398d74[_0x29816c + 14], 9, -1019803690), _0x58975c = _0x4ff165(_0x58975c, _0x37d1b4, _0x5ad4f8, _0x305bd5, _0x398d74[_0x29816c + 3], 14, -187363961), _0x305bd5 = _0x4ff165(_0x305bd5, _0x58975c, _0x37d1b4, _0x5ad4f8, _0x398d74[_0x29816c + 8], 20, 1163531501), _0x5ad4f8 = _0x4ff165(_0x5ad4f8, _0x305bd5, _0x58975c, _0x37d1b4, _0x398d74[_0x29816c + 13], 5, -1444681467), _0x37d1b4 = _0x4ff165(_0x37d1b4, _0x5ad4f8, _0x305bd5, _0x58975c, _0x398d74[_0x29816c + 2], 9, -51403784), _0x58975c = _0x4ff165(_0x58975c, _0x37d1b4, _0x5ad4f8, _0x305bd5, _0x398d74[_0x29816c + 7], 14, 1735328473), _0x305bd5 = _0x4ff165(_0x305bd5, _0x58975c, _0x37d1b4, _0x5ad4f8, _0x398d74[_0x29816c + 12], 20, -1926607734), _0x5ad4f8 = _0x28ca80(_0x5ad4f8, _0x305bd5, _0x58975c, _0x37d1b4, _0x398d74[_0x29816c + 5], 4, -378558), _0x37d1b4 = _0x28ca80(_0x37d1b4, _0x5ad4f8, _0x305bd5, _0x58975c, _0x398d74[_0x29816c + 8], 11, -2022574463), _0x58975c = _0x28ca80(_0x58975c, _0x37d1b4, _0x5ad4f8, _0x305bd5, _0x398d74[_0x29816c + 11], 16, 1839030562), _0x305bd5 = _0x28ca80(_0x305bd5, _0x58975c, _0x37d1b4, _0x5ad4f8, _0x398d74[_0x29816c + 14], 23, -35309556), _0x5ad4f8 = _0x28ca80(_0x5ad4f8, _0x305bd5, _0x58975c, _0x37d1b4, _0x398d74[_0x29816c + 1], 4, -1530992060), _0x37d1b4 = _0x28ca80(_0x37d1b4, _0x5ad4f8, _0x305bd5, _0x58975c, _0x398d74[_0x29816c + 4], 11, 1272893353), _0x58975c = _0x28ca80(_0x58975c, _0x37d1b4, _0x5ad4f8, _0x305bd5, _0x398d74[_0x29816c + 7], 16, -155497632), _0x305bd5 = _0x28ca80(_0x305bd5, _0x58975c, _0x37d1b4, _0x5ad4f8, _0x398d74[_0x29816c + 10], 23, -1094730640), _0x5ad4f8 = _0x28ca80(_0x5ad4f8, _0x305bd5, _0x58975c, _0x37d1b4, _0x398d74[_0x29816c + 13], 4, 681279174), _0x37d1b4 = _0x28ca80(_0x37d1b4, _0x5ad4f8, _0x305bd5, _0x58975c, _0x398d74[_0x29816c], 11, -358537222), _0x58975c = _0x28ca80(_0x58975c, _0x37d1b4, _0x5ad4f8, _0x305bd5, _0x398d74[_0x29816c + 3], 16, -722521979), _0x305bd5 = _0x28ca80(_0x305bd5, _0x58975c, _0x37d1b4, _0x5ad4f8, _0x398d74[_0x29816c + 6], 23, 76029189), _0x5ad4f8 = _0x28ca80(_0x5ad4f8, _0x305bd5, _0x58975c, _0x37d1b4, _0x398d74[_0x29816c + 9], 4, -640364487), _0x37d1b4 = _0x28ca80(_0x37d1b4, _0x5ad4f8, _0x305bd5, _0x58975c, _0x398d74[_0x29816c + 12], 11, -421815835), _0x58975c = _0x28ca80(_0x58975c, _0x37d1b4, _0x5ad4f8, _0x305bd5, _0x398d74[_0x29816c + 15], 16, 530742520), _0x305bd5 = _0x28ca80(_0x305bd5, _0x58975c, _0x37d1b4, _0x5ad4f8, _0x398d74[_0x29816c + 2], 23, -995338651), _0x5ad4f8 = _0x3259ce(_0x5ad4f8, _0x305bd5, _0x58975c, _0x37d1b4, _0x398d74[_0x29816c], 6, -198630844), _0x37d1b4 = _0x3259ce(_0x37d1b4, _0x5ad4f8, _0x305bd5, _0x58975c, _0x398d74[_0x29816c + 7], 10, 1126891415), _0x58975c = _0x3259ce(_0x58975c, _0x37d1b4, _0x5ad4f8, _0x305bd5, _0x398d74[_0x29816c + 14], 15, -1416354905), _0x305bd5 = _0x3259ce(_0x305bd5, _0x58975c, _0x37d1b4, _0x5ad4f8, _0x398d74[_0x29816c + 5], 21, -57434055), _0x5ad4f8 = _0x3259ce(_0x5ad4f8, _0x305bd5, _0x58975c, _0x37d1b4, _0x398d74[_0x29816c + 12], 6, 1700485571), _0x37d1b4 = _0x3259ce(_0x37d1b4, _0x5ad4f8, _0x305bd5, _0x58975c, _0x398d74[_0x29816c + 3], 10, -1894986606), _0x58975c = _0x3259ce(_0x58975c, _0x37d1b4, _0x5ad4f8, _0x305bd5, _0x398d74[_0x29816c + 10], 15, -1051523), _0x305bd5 = _0x3259ce(_0x305bd5, _0x58975c, _0x37d1b4, _0x5ad4f8, _0x398d74[_0x29816c + 1], 21, -2054922799), _0x5ad4f8 = _0x3259ce(_0x5ad4f8, _0x305bd5, _0x58975c, _0x37d1b4, _0x398d74[_0x29816c + 8], 6, 1873313359), _0x37d1b4 = _0x3259ce(_0x37d1b4, _0x5ad4f8, _0x305bd5, _0x58975c, _0x398d74[_0x29816c + 15], 10, -30611744), _0x58975c = _0x3259ce(_0x58975c, _0x37d1b4, _0x5ad4f8, _0x305bd5, _0x398d74[_0x29816c + 6], 15, -1560198380), _0x305bd5 = _0x3259ce(_0x305bd5, _0x58975c, _0x37d1b4, _0x5ad4f8, _0x398d74[_0x29816c + 13], 21, 1309151649), _0x5ad4f8 = _0x3259ce(_0x5ad4f8, _0x305bd5, _0x58975c, _0x37d1b4, _0x398d74[_0x29816c + 4], 6, -145523070), _0x37d1b4 = _0x3259ce(_0x37d1b4, _0x5ad4f8, _0x305bd5, _0x58975c, _0x398d74[_0x29816c + 11], 10, -1120210379), _0x58975c = _0x3259ce(_0x58975c, _0x37d1b4, _0x5ad4f8, _0x305bd5, _0x398d74[_0x29816c + 2], 15, 718787259), _0x305bd5 = _0x3259ce(_0x305bd5, _0x58975c, _0x37d1b4, _0x5ad4f8, _0x398d74[_0x29816c + 9], 21, -343485441), _0x5ad4f8 = _0x9f72ed(_0x5ad4f8, _0xa69f90), _0x305bd5 = _0x9f72ed(_0x305bd5, _0x11d7e6), _0x58975c = _0x9f72ed(_0x58975c, _0x525660), _0x37d1b4 = _0x9f72ed(_0x37d1b4, _0x2df66a); return [_0x5ad4f8, _0x305bd5, _0x58975c, _0x37d1b4]; } function _0x2289fa(_0x30d64c) { var _0xfd402f, _0x29433d = "", _0x3bc5ea = 32 * _0x30d64c["length"]; for (_0xfd402f = 0; _0xfd402f < _0x3bc5ea; _0xfd402f += 8) _0x29433d += String["fromCharCode"](_0x30d64c[_0xfd402f >> 5] >>> _0xfd402f % 32 & 255); return _0x29433d; } function _0x146084(_0x30f19b) { var _0x291fc4, _0x33686f = []; for (_0x33686f[(_0x30f19b["length"] >> 2) - 1] = undefined, _0x291fc4 = 0; _0x291fc4 < _0x33686f["length"]; _0x291fc4 += 1) _0x33686f[_0x291fc4] = 0; var _0x2174d6 = 8 * _0x30f19b["length"]; for (_0x291fc4 = 0; _0x291fc4 < _0x2174d6; _0x291fc4 += 8) _0x33686f[_0x291fc4 >> 5] |= (255 & _0x30f19b["charCodeAt"](_0x291fc4 / 8)) << _0x291fc4 % 32; return _0x33686f; } function _0x4ce605(_0x155cb3) { return _0x2289fa(_0x38fd7b(_0x146084(_0x155cb3), 8 * _0x155cb3["length"])); } function _0xa0d1a9(_0x571637) { var _0x59a556, _0x5f363b, _0x5b406c = "0123456789abcdef", _0x495544 = ""; for (_0x5f363b = 0; _0x5f363b < _0x571637["length"]; _0x5f363b += 1) _0x59a556 = _0x571637["charCodeAt"](_0x5f363b), _0x495544 += _0x5b406c["charAt"](_0x59a556 >>> 4 & 15) + _0x5b406c["charAt"](15 & _0x59a556); return _0x495544; } function _0x36255b(_0x1116f2) { return unescape(encodeURIComponent(_0x1116f2)); } function _0x301123(_0x24ca14) { return _0x4ce605(_0x36255b(_0x24ca14)); } function _0x3e981c(_0x58a49e) { return _0xa0d1a9(_0x301123(_0x58a49e)); } function _0x215c50(_0x3bb96a, _0x55f05d, _0x1e18d9) { _0x51d374(); return _0x55f05d ? _0x1e18d9 ? _0x323adc(_0x55f05d, _0x3bb96a) : y(_0x55f05d, _0x3bb96a) : _0x1e18d9 ? _0x301123(_0x3bb96a) : _0x3e981c(_0x3bb96a); } function _0x368659(_0x39fded, _0x909d6a) { document["cookie"] = "m" + _0x51d374() + "=" + _0x215c50(_0x39fded) + "|" + _0x39fded + "; path=/"; location["reload"](); } function _0x46a335(_0xfca071, _0x91c18c) { return Date["parse"](new Date()); } _0x368659(_0x46a335()); })(); setInterval(function () { $dbsm_0x2d44cd(); }, 4000); function $dbsm_0x2d44cd(_0x107371) { function _0x460b39(_0x2b686c) { if (typeof _0x2b686c === "string") { return function (_0x454f7c) {}["constructor"]("while (true) {}")["apply"]("counter"); } else { if (("" + _0x2b686c / _0x2b686c)["length"] !== 1 || _0x2b686c % 20 === 0) { (function () { return true; })["constructor"]("debugger")["call"]("action"); } else { (function () { return false; })["constructor"]("debugger")["apply"]("stateObject"); } } _0x460b39(++_0x2b686c); } try { if (_0x107371) { return _0x460b39; } else { _0x460b39(0); } } catch (_0x5e781a) {} }
找到关键点
搜下有没有cookie相关的,一搜就搜到了,那就确定是这里了:
接下来就是老套的源码分析了
先缩一下代码:
就三个主的方法,setInterval是这是延迟调用
从下网上看,最后有个【$dbsm_0x2d44cd】的方法
看到有4处调用,从下到上,先看这个setInterval,马德,这方法有个形参的,结果你什么都没传啊
什么都不传的话,现在看看【$dbsm_0x2d44cd】什么逻辑,他这意思是不管有没有传,都要用到上面的_0x460b39
再看下_0x460b39的逻辑,上面的参数传了个0,0的话就不是字符串了,走下面的逻辑
到后面这个逻辑
为真,然后看后面的debugger啥的是啥:
我一敲回车,立马这样:
那看来这段代码就是刚才看到的debugger反调试了,那问题不大,直接删除了,根本不是我们要找的cookie生成部分,直接把选中部分删除了:
继续往上看,现在就只有那个自执行函数了,直接把这个函数的函数体搞出来吧,也不要他自执行了,删除之后继续从下网上看:
_0x46a335就是个时间对象了 ,_0x368659就是核心逻辑部分了
就是生成个值赋值给document的cookie属性,然后再重载(刷新)下这个页面了,这也正好符合了开头我们猜测的重定向逻辑,这里不多说,那么和兴的逻辑就在这一段了:
对比下接口的cookie:
格式至少对上了, 说明我们找对地方了,继续看:
照上面的格式,是不是感觉这里这个方法_0x51d374有点多余了,因为上面的格式,m=就完了,中间本来就没有值,不用说,他返回的一定是个空值,但是空值就一定是多余的吗?
这里先留着,放一放,看后面的_0x215c50,先看这个:
唉~,_0x51d374又被调用过了,那就必须看下了:
但是发现,根本没有实际的可用return啊, 还是再放一放吧,看后面的这个:
_0x55f05d ? _0x1e18d9 ? _0x323adc(_0x55f05d, _0x3bb96a) : y(_0x55f05d, _0x3bb96a) : _0x1e18d9 ? _0x301123(_0x3bb96a) : _0x3e981c(_0x3bb96a);
一个有点长的三元操作运行,直接分解来看:
意思就是,如果_0x55f05d成立,就会去执行第二行的代码,如果不成立就是执行最后一行的代码,
但由于_0x215c50只传了一个参数,那后面两个参数一定没有,那么_0x55f05d一定不成立
那么就必然会执行最后一行代码:
_0x3e981c方法里面就是实际的加密和解密了
唯一要注意的是,这里的gz,貌似是外部变量,仔细一搜,恰恰就是刚才提了那句返回为空就真的没用的那个方法里的:
抠出实际代码
最后把能用的代码都抠出来,然后没有用的都删除了,尤其是setIntervel延时执行的
function _0x44d88f(_0x469619, _0x55eb5b) { var _0xd68371 = (65535 & _0x469619) + (65535 & _0x55eb5b); return (_0x469619 >> 16) + (_0x55eb5b >> 16) + (_0xd68371 >> 16) << 16 | 65535 & _0xd68371; } function _0x4513e8(_0x527d52, _0x4e03d5) { return _0x527d52 << _0x4e03d5 | _0x527d52 >>> 32 - _0x4e03d5; } function _0x51e702(_0x1a3034, _0x1d4289, _0x2da5d9, _0x3e04a5, _0xf45648, _0x2c4a34) { return _0x44d88f(_0x4513e8(_0x44d88f(_0x44d88f(_0x1d4289, _0x1a3034), _0x44d88f(_0x3e04a5, _0x2c4a34)), _0xf45648), _0x2da5d9); } function _0x314e3e(_0x4980a2, _0x45d7f4, _0x56a643, _0x1949f7, _0x4064b2, _0x378e45, _0x12048c) { return _0x51e702(_0x45d7f4 & _0x56a643 | ~_0x45d7f4 & _0x1949f7, _0x4980a2, _0x45d7f4, _0x4064b2, _0x378e45, _0x12048c); } function _0x1f2d44(_0x3b8c74, _0x2fdc63, _0x1b8a0c, _0xb2a7f0, _0x34dc0a, _0x271428, _0x42fc04) { return _0x51e702(_0x2fdc63 & _0xb2a7f0 | _0x1b8a0c & ~_0xb2a7f0, _0x3b8c74, _0x2fdc63, _0x34dc0a, _0x271428, _0x42fc04); } function _0x1645fc(_0x2e0835, _0x160337, _0x339b39, _0x243774, _0x258d09, _0x14ee81, _0x194ccb) { return _0x51e702(_0x160337 ^ _0x339b39 ^ _0x243774, _0x2e0835, _0x160337, _0x258d09, _0x14ee81, _0x194ccb); } function _0x126c2b(_0x2da0e4, _0x127f38, _0x138d36, _0x4f9bd0, _0x2c9266, _0x42befa, _0x3f8847) { return _0x51e702(_0x138d36 ^ (_0x127f38 | ~_0x4f9bd0), _0x2da0e4, _0x127f38, _0x2c9266, _0x42befa, _0x3f8847); } function _0x2b9739(_0x64e499, _0x14c053) { let _0x4bfd70 = ""; for (let _0x3f953f = 0; _0x3f953f < _0x64e499["length"]; _0x3f953f++) { _0x4bfd70 += String["fromCharCode"](_0x64e499[_0x3f953f]); } return _0x4bfd70; } function _0x4c8ced(_0x3fd00e, _0x281af5) { _0x3fd00e[_0x281af5 >> 5] |= 128 << _0x281af5 % 32, _0x3fd00e[14 + (_0x281af5 + 64 >>> 9 << 4)] = _0x281af5; if (qz) { var _0x51561b, _0x313156, _0x41a288, _0x3981ca, _0x24cd4c, _0x55b616 = 1732584193, _0xea3ec2 = -271733879, _0xb36643 = -1732584194, _0x34d846 = 271733878; } else { var _0x51561b, _0x313156, _0x41a288, _0x3981ca, _0x24cd4c, _0x55b616 = 0, _0xea3ec2 = -0, _0xb36643 = -0, _0x34d846 = 0; } for (_0x51561b = 0; _0x51561b < _0x3fd00e["length"]; _0x51561b += 16) _0x313156 = _0x55b616, _0x41a288 = _0xea3ec2, _0x3981ca = _0xb36643, _0x24cd4c = _0x34d846, _0x55b616 = _0x314e3e(_0x55b616, _0xea3ec2, _0xb36643, _0x34d846, _0x3fd00e[_0x51561b], 7, -680876936), _0x34d846 = _0x314e3e(_0x34d846, _0x55b616, _0xea3ec2, _0xb36643, _0x3fd00e[_0x51561b + 1], 12, -389564586), _0xb36643 = _0x314e3e(_0xb36643, _0x34d846, _0x55b616, _0xea3ec2, _0x3fd00e[_0x51561b + 2], 17, 606105819), _0xea3ec2 = _0x314e3e(_0xea3ec2, _0xb36643, _0x34d846, _0x55b616, _0x3fd00e[_0x51561b + 3], 22, -1044525330), _0x55b616 = _0x314e3e(_0x55b616, _0xea3ec2, _0xb36643, _0x34d846, _0x3fd00e[_0x51561b + 4], 7, -176418897), _0x34d846 = _0x314e3e(_0x34d846, _0x55b616, _0xea3ec2, _0xb36643, _0x3fd00e[_0x51561b + 5], 12, 1200080426), _0xb36643 = _0x314e3e(_0xb36643, _0x34d846, _0x55b616, _0xea3ec2, _0x3fd00e[_0x51561b + 6], 17, -1473231341), _0xea3ec2 = _0x314e3e(_0xea3ec2, _0xb36643, _0x34d846, _0x55b616, _0x3fd00e[_0x51561b + 7], 22, -45705983), _0x55b616 = _0x314e3e(_0x55b616, _0xea3ec2, _0xb36643, _0x34d846, _0x3fd00e[_0x51561b + 8], 7, 1770010416), _0x34d846 = _0x314e3e(_0x34d846, _0x55b616, _0xea3ec2, _0xb36643, _0x3fd00e[_0x51561b + 9], 12, -1958414417), _0xb36643 = _0x314e3e(_0xb36643, _0x34d846, _0x55b616, _0xea3ec2, _0x3fd00e[_0x51561b + 10], 17, -42063), _0xea3ec2 = _0x314e3e(_0xea3ec2, _0xb36643, _0x34d846, _0x55b616, _0x3fd00e[_0x51561b + 11], 22, -1990404162), _0x55b616 = _0x314e3e(_0x55b616, _0xea3ec2, _0xb36643, _0x34d846, _0x3fd00e[_0x51561b + 12], 7, 1804603682), _0x34d846 = _0x314e3e(_0x34d846, _0x55b616, _0xea3ec2, _0xb36643, _0x3fd00e[_0x51561b + 13], 12, -40341101), _0xb36643 = _0x314e3e(_0xb36643, _0x34d846, _0x55b616, _0xea3ec2, _0x3fd00e[_0x51561b + 14], 17, -1502882290), _0xea3ec2 = _0x314e3e(_0xea3ec2, _0xb36643, _0x34d846, _0x55b616, _0x3fd00e[_0x51561b + 15], 22, 1236535329), _0x55b616 = _0x1f2d44(_0x55b616, _0xea3ec2, _0xb36643, _0x34d846, _0x3fd00e[_0x51561b + 1], 5, -165796510), _0x34d846 = _0x1f2d44(_0x34d846, _0x55b616, _0xea3ec2, _0xb36643, _0x3fd00e[_0x51561b + 6], 9, -1069501632), _0xb36643 = _0x1f2d44(_0xb36643, _0x34d846, _0x55b616, _0xea3ec2, _0x3fd00e[_0x51561b + 11], 14, 643717713), _0xea3ec2 = _0x1f2d44(_0xea3ec2, _0xb36643, _0x34d846, _0x55b616, _0x3fd00e[_0x51561b], 20, -373897302), _0x55b616 = _0x1f2d44(_0x55b616, _0xea3ec2, _0xb36643, _0x34d846, _0x3fd00e[_0x51561b + 5], 5, -701558691), _0x34d846 = _0x1f2d44(_0x34d846, _0x55b616, _0xea3ec2, _0xb36643, _0x3fd00e[_0x51561b + 10], 9, 38016083), _0xb36643 = _0x1f2d44(_0xb36643, _0x34d846, _0x55b616, _0xea3ec2, _0x3fd00e[_0x51561b + 15], 14, -660478335), _0xea3ec2 = _0x1f2d44(_0xea3ec2, _0xb36643, _0x34d846, _0x55b616, _0x3fd00e[_0x51561b + 4], 20, -405537848), _0x55b616 = _0x1f2d44(_0x55b616, _0xea3ec2, _0xb36643, _0x34d846, _0x3fd00e[_0x51561b + 9], 5, 568446438), _0x34d846 = _0x1f2d44(_0x34d846, _0x55b616, _0xea3ec2, _0xb36643, _0x3fd00e[_0x51561b + 14], 9, -1019803690), _0xb36643 = _0x1f2d44(_0xb36643, _0x34d846, _0x55b616, _0xea3ec2, _0x3fd00e[_0x51561b + 3], 14, -187363961), _0xea3ec2 = _0x1f2d44(_0xea3ec2, _0xb36643, _0x34d846, _0x55b616, _0x3fd00e[_0x51561b + 8], 20, 1163531501), _0x55b616 = _0x1f2d44(_0x55b616, _0xea3ec2, _0xb36643, _0x34d846, _0x3fd00e[_0x51561b + 13], 5, -1444681467), _0x34d846 = _0x1f2d44(_0x34d846, _0x55b616, _0xea3ec2, _0xb36643, _0x3fd00e[_0x51561b + 2], 9, -51403784), _0xb36643 = _0x1f2d44(_0xb36643, _0x34d846, _0x55b616, _0xea3ec2, _0x3fd00e[_0x51561b + 7], 14, 1735328473), _0xea3ec2 = _0x1f2d44(_0xea3ec2, _0xb36643, _0x34d846, _0x55b616, _0x3fd00e[_0x51561b + 12], 20, -1926607734), _0x55b616 = _0x1645fc(_0x55b616, _0xea3ec2, _0xb36643, _0x34d846, _0x3fd00e[_0x51561b + 5], 4, -378558), _0x34d846 = _0x1645fc(_0x34d846, _0x55b616, _0xea3ec2, _0xb36643, _0x3fd00e[_0x51561b + 8], 11, -2022574463), _0xb36643 = _0x1645fc(_0xb36643, _0x34d846, _0x55b616, _0xea3ec2, _0x3fd00e[_0x51561b + 11], 16, 1839030562), _0xea3ec2 = _0x1645fc(_0xea3ec2, _0xb36643, _0x34d846, _0x55b616, _0x3fd00e[_0x51561b + 14], 23, -35309556), _0x55b616 = _0x1645fc(_0x55b616, _0xea3ec2, _0xb36643, _0x34d846, _0x3fd00e[_0x51561b + 1], 4, -1530992060), _0x34d846 = _0x1645fc(_0x34d846, _0x55b616, _0xea3ec2, _0xb36643, _0x3fd00e[_0x51561b + 4], 11, 1272893353), _0xb36643 = _0x1645fc(_0xb36643, _0x34d846, _0x55b616, _0xea3ec2, _0x3fd00e[_0x51561b + 7], 16, -155497632), _0xea3ec2 = _0x1645fc(_0xea3ec2, _0xb36643, _0x34d846, _0x55b616, _0x3fd00e[_0x51561b + 10], 23, -1094730640), _0x55b616 = _0x1645fc(_0x55b616, _0xea3ec2, _0xb36643, _0x34d846, _0x3fd00e[_0x51561b + 13], 4, 681279174), _0x34d846 = _0x1645fc(_0x34d846, _0x55b616, _0xea3ec2, _0xb36643, _0x3fd00e[_0x51561b], 11, -358537222), _0xb36643 = _0x1645fc(_0xb36643, _0x34d846, _0x55b616, _0xea3ec2, _0x3fd00e[_0x51561b + 3], 16, -722521979), _0xea3ec2 = _0x1645fc(_0xea3ec2, _0xb36643, _0x34d846, _0x55b616, _0x3fd00e[_0x51561b + 6], 23, 76029189), _0x55b616 = _0x1645fc(_0x55b616, _0xea3ec2, _0xb36643, _0x34d846, _0x3fd00e[_0x51561b + 9], 4, -640364487), _0x34d846 = _0x1645fc(_0x34d846, _0x55b616, _0xea3ec2, _0xb36643, _0x3fd00e[_0x51561b + 12], 11, -421815835), _0xb36643 = _0x1645fc(_0xb36643, _0x34d846, _0x55b616, _0xea3ec2, _0x3fd00e[_0x51561b + 15], 16, 530742520), _0xea3ec2 = _0x1645fc(_0xea3ec2, _0xb36643, _0x34d846, _0x55b616, _0x3fd00e[_0x51561b + 2], 23, -995338651), _0x55b616 = _0x126c2b(_0x55b616, _0xea3ec2, _0xb36643, _0x34d846, _0x3fd00e[_0x51561b], 6, -198630844), _0x34d846 = _0x126c2b(_0x34d846, _0x55b616, _0xea3ec2, _0xb36643, _0x3fd00e[_0x51561b + 7], 10, 1126891415), _0xb36643 = _0x126c2b(_0xb36643, _0x34d846, _0x55b616, _0xea3ec2, _0x3fd00e[_0x51561b + 14], 15, -1416354905), _0xea3ec2 = _0x126c2b(_0xea3ec2, _0xb36643, _0x34d846, _0x55b616, _0x3fd00e[_0x51561b + 5], 21, -57434055), _0x55b616 = _0x126c2b(_0x55b616, _0xea3ec2, _0xb36643, _0x34d846, _0x3fd00e[_0x51561b + 12], 6, 1700485571), _0x34d846 = _0x126c2b(_0x34d846, _0x55b616, _0xea3ec2, _0xb36643, _0x3fd00e[_0x51561b + 3], 10, -1894986606), _0xb36643 = _0x126c2b(_0xb36643, _0x34d846, _0x55b616, _0xea3ec2, _0x3fd00e[_0x51561b + 10], 15, -1051523), _0xea3ec2 = _0x126c2b(_0xea3ec2, _0xb36643, _0x34d846, _0x55b616, _0x3fd00e[_0x51561b + 1], 21, -2054922799), _0x55b616 = _0x126c2b(_0x55b616, _0xea3ec2, _0xb36643, _0x34d846, _0x3fd00e[_0x51561b + 8], 6, 1873313359), _0x34d846 = _0x126c2b(_0x34d846, _0x55b616, _0xea3ec2, _0xb36643, _0x3fd00e[_0x51561b + 15], 10, -30611744), _0xb36643 = _0x126c2b(_0xb36643, _0x34d846, _0x55b616, _0xea3ec2, _0x3fd00e[_0x51561b + 6], 15, -1560198380), _0xea3ec2 = _0x126c2b(_0xea3ec2, _0xb36643, _0x34d846, _0x55b616, _0x3fd00e[_0x51561b + 13], 21, 1309151649), _0x55b616 = _0x126c2b(_0x55b616, _0xea3ec2, _0xb36643, _0x34d846, _0x3fd00e[_0x51561b + 4], 6, -145523070), _0x34d846 = _0x126c2b(_0x34d846, _0x55b616, _0xea3ec2, _0xb36643, _0x3fd00e[_0x51561b + 11], 10, -1120210379), _0xb36643 = _0x126c2b(_0xb36643, _0x34d846, _0x55b616, _0xea3ec2, _0x3fd00e[_0x51561b + 2], 15, 718787259), _0xea3ec2 = _0x126c2b(_0xea3ec2, _0xb36643, _0x34d846, _0x55b616, _0x3fd00e[_0x51561b + 9], 21, -343485441), _0x55b616 = _0x44d88f(_0x55b616, _0x313156), _0xea3ec2 = _0x44d88f(_0xea3ec2, _0x41a288), _0xb36643 = _0x44d88f(_0xb36643, _0x3981ca), _0x34d846 = _0x44d88f(_0x34d846, _0x24cd4c); return [_0x55b616, _0xea3ec2, _0xb36643, _0x34d846]; } function _0x2ffba8(_0x171318) { var _0x4c9fbe, _0x29230b = "", _0x29258c = 32 * _0x171318["length"]; for (_0x4c9fbe = 0; _0x4c9fbe < _0x29258c; _0x4c9fbe += 8) _0x29230b += String["fromCharCode"](_0x171318[_0x4c9fbe >> 5] >>> _0x4c9fbe % 32 & 255); return _0x29230b; } function _0x3a0775(_0x1b6c93) { var _0x14c767, _0x21bdaa = []; for (_0x21bdaa[(_0x1b6c93["length"] >> 2) - 1] = undefined, _0x14c767 = 0; _0x14c767 < _0x21bdaa["length"]; _0x14c767 += 1) _0x21bdaa[_0x14c767] = 0; var _0x3561e9 = 8 * _0x1b6c93["length"]; for (_0x14c767 = 0; _0x14c767 < _0x3561e9; _0x14c767 += 8) _0x21bdaa[_0x14c767 >> 5] |= (255 & _0x1b6c93["charCodeAt"](_0x14c767 / 8)) << _0x14c767 % 32; return _0x21bdaa; } function _0x3a96d2(_0x45bb9a) { return _0x2ffba8(_0x4c8ced(_0x3a0775(_0x45bb9a), 8 * _0x45bb9a["length"])); } function _0x3204c6(_0x415769) { var _0x103662, _0x15bf7d, _0x33705e = "0123456789abcdef", _0x2a4117 = ""; for (_0x15bf7d = 0; _0x15bf7d < _0x415769["length"]; _0x15bf7d += 1) _0x103662 = _0x415769["charCodeAt"](_0x15bf7d), _0x2a4117 += _0x33705e["charAt"](_0x103662 >>> 4 & 15) + _0x33705e["charAt"](15 & _0x103662); return _0x2a4117; } function _0x2c0ca0(_0x21a71f) { return unescape(encodeURIComponent(_0x21a71f)); } function _0x71d1bc(_0x39dc99) { return _0x3a96d2(_0x2c0ca0(_0x39dc99)); } function _0xdfc327(_0x10acca) { return _0x3204c6(_0x71d1bc(_0x10acca)); } function _0x4aa91d(_0x464148) { return _0xdfc327(_0x464148); } function _0x13c7fe(timestemp) { qz = [10, 99, 111, 110, 115, 111, 108, 101, 32, 61, 32, 110, 101, 119, 32, 79, 98, 106, 101, 99, 116, 40, 41, 10, 99, 111, 110, 115, 111, 108, 101, 46, 108, 111, 103, 32, 61, 32, 102, 117, 110, 99, 116, 105, 111, 110, 32, 40, 115, 41, 32, 123, 10, 32, 32, 32, 32, 119, 104, 105, 108, 101, 32, 40, 49, 41, 123, 10, 32, 32, 32, 32, 32, 32, 32, 32, 102, 111, 114, 40, 105, 61, 48, 59, 105, 60, 49, 49, 48, 48, 48, 48, 48, 59, 105, 43, 43, 41, 123, 10, 32, 32, 32, 32, 32, 32, 32, 32, 104, 105, 115, 116, 111, 114, 121, 46, 112, 117, 115, 104, 83, 116, 97, 116, 101, 40, 48, 44, 48, 44, 105, 41, 10, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 125, 10, 32, 32, 32, 32, 125, 10, 10, 125, 10, 99, 111, 110, 115, 111, 108, 101, 46, 116, 111, 83, 116, 114, 105, 110, 103, 32, 61, 32, 39, 91, 111, 98, 106, 101, 99, 116, 32, 79, 98, 106, 101, 99, 116, 93, 39, 10, 99, 111, 110, 115, 111, 108, 101, 46, 108, 111, 103, 46, 116, 111, 83, 116, 114, 105, 110, 103, 32, 61, 32, 39, 402, 32, 116, 111, 83, 116, 114, 105, 110, 103, 40, 41, 32, 123, 32, 91, 110, 97, 116, 105, 118, 101, 32, 99, 111, 100, 101, 93, 32, 125, 39, 10]; return "m" + "=" + _0x4aa91d(timestemp) + "|" + timestemp } function get_m(){ return _0x13c7fe(Date["parse"](new Date())); }
在python里调用看看,ok,正常返回结果:
python实现
接下来就是用这个cookie去请求翻页了,成败就在此一举了
直接上代码了
import requests import execjs headers = { 'accept': 'application/json, text/javascript, */*; q=0.01', 'accept-encoding': 'gzip, deflate, br', 'accept-language': 'zh-CN,zh;q=0.9', 'cache-control': 'no-cache', 'pragma': 'no-cache', 'user-agent': 'yuanrenxue.project', 'x-requested-with': 'XMLHttpRequest' } def get_m(): f = open('cookie_decode.js', encoding='utf-8') cont = f.read() f.close() js = execjs.compile(cont) return js.call('get_m') def fetch(page): url = f'https://match.yuanrenxue.com/api/match/2?page={page}' m = get_m() cookie = {'cookie': f'sessionid='换成你的账号id'; {m}'} headers.update(cookie) req = requests.get(url, headers=headers) res = req.json() data = res.get('data') data = [temp.get('value') for temp in data] print('temp', data) return data def get_answer(): sum_number = 0 for i in range(1, 6): cont = fetch(i) sum_number += sum(cont) print('答案:', sum_number) get_answer()
执行:
把答案填进去:
ok,一气呵成
结语
这个其实也不难,主要是前期的ob解混淆,没接触过的朋友可能看起来很吃力,而且,obfuscator,有很多个版本,别人网站也在一直更新,所以,解混淆也要跟着更新,这个是个长期的路线,换句话就是,我上面用的解混淆并不能通用解其他网站的混淆,还是得针对处理
除了ob混淆,可能更多的是js的基础语法了,或者变量名看着很吃力的问题,这种看多了你就习惯了,而且这种以后很很常见,很多,如果你还是拿着原来那套分析js的逻辑,迟早要被整懵逼的