python爬虫 - js逆向之猿人学第二题cookie验证+ob混淆

前言

继续,还是猿人学的,既然之前已经开了篇,那么这个系列就会一直更下去

 

分析

 

开始分析,打开页面:

 

 

 

还是这样的,要翻完5页,然后才能得到结果,老路子,打开浏览器的调试工具翻页看看,刚点击翻页,我去,这cookie有效期有点短啊

 

 

 

 

那重新抓包吧,

又出现这个:

 

 

鼠标放到那一行右键,然后如下:

 

 

继续抓包看看,点xhr:

 

 

 

还是很轻易的就拿到它的接口,然后,第二题标题已经说了,动态cookie,那么看看cookie:

 

 

 

 

相信根据老哥你的经验,Hm开头的都是百度自己生成的无关的cookie,然后我标注出来的m才是这个站点验证的cookie,sessionid只是服务端验证的登录状态,就不多说了

 

那我们着重看这个m,这个值跟第一题很像啊,目测唯一的区别就是后面的时间戳,没有再去掉最后三位数了,竖线还是有那我们搜竖线看看,

 

 

太多了,直接加载都要半天,换个思路

 

直接全局搜前面的值840c49ccdac8e80377c306987e6da346吧,一搜发现这么多都有:

 

 

点击第一个搜索结果:

 

 

第一个出现的是这个2相关的,而它这已经都带上了,那说明在这个2之前就已经在某个地方生成好了,在2之前看看有没有可疑的请求,过滤掉css,js,图片等资源文件以外,也就上面这5个了

 

 

 

 

为什么是五个,一个一个点进去看下,倒数第5个:

 

 

倒数第4个:

 

 

倒数第3个:

 

 

倒数第2和第1个都是如下:

 

补充下,为什么上面4个都是Failed to load response data,正常情况下是只有一个的,多了3个是因为我刚才多刷新了几次,具体刷了几次我也忘了,按理是只有一个Failed to load response data的

 

奇怪,没东西了啊,是吧?真的没有嘛?这个调试工具Failed to load response data的就真的没有东西吗?

 

 

按正常逻辑,这确实没有东西了啊,而出现这个通常是重定向的时候会这样,那么看它这同一个网址,加载多次,确实符合重定向的逻辑,有经验的想到这,估计直接就去找有没有location和reload相关的字眼了,而这里,也就只有这里才有可能有东西了,这可咋整呢?打开抓包工具刷新看看吧:

 

确实只有2个,点开第一个:

 

 

点开第2个:

 

 

对上了是吧,第二个就是实际的html源码,第一个就是一段js,生成cookie的逻辑大概率就在里面了,我们把第一个里的结果复制出来,放到文本文件里

 

 

先把script标签里的内容抠出来,存到js文件里:

 

 

卧槽,全是一堆这种东西,简直头皮发麻,算了,放弃了,今天的分析就到这里吧

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

哈哈哈,开.....开个玩笑,学习为大,分析还是要分析的,那这种东西是啥呀,看到又有\x开头,先去解码看看,还是这个网站:https://tool.lu/js/

 

解完看了下,变量名基本都是_0x开头的,可读性很差,这种咋办呢?

 

 

 

这里就不多说了,就是ob混淆,全名是obfuscator,国外的js混淆天花板的存在,具体就自己研究了,后面有空的话可以针对性的搞一波分析,要想解ob混淆的话,得用AST了,有关AST的我之前更新过一两篇,到现在一直是搁浅状态,因为之前因为一点事耽搁了,后面AST系列也会针对性的出完的。

 

那么我们怎么取解,难道真的要先去学AST吗,暂时不用,先回到网页,点采集分析工具,里面有ob解混淆的

 

 

 

 

 

 

把代码放进去,解析,注意,这里要把原始的js字段放进去解,不要用上面16进制转码过的来解了,不然会接口报错:

 

 

解完复制出来放到一个js文件里:

(function $dbsm_0x44bb38(_0x221bd6) {
  var _0x2dc897 = function () {
    var _0x595b67 = true;
    return function (_0x2908e0, _0x1b056c) {
      var _0x1a6e0d = _0x595b67 ? function () {
        if (_0x1b056c) {
          var _0xbcbd95 = _0x1b056c["apply"](_0x2908e0, arguments);

          _0x1b056c = null;
          return _0xbcbd95;
        }
      } : function () {};

      _0x595b67 = false;
      return _0x1a6e0d;
    };
  }();

  var _0x1c83cc = function () {
    var _0x2dc3eb = true;
    return function (_0x4f5458, _0x5a40a1) {
      var _0x4a969c = _0x2dc3eb ? function () {
        if (_0x5a40a1) {
          var _0x433de8 = _0x5a40a1["apply"](_0x4f5458, arguments);

          _0x5a40a1 = null;
          return _0x433de8;
        }
      } : function () {};

      _0x2dc3eb = false;
      return _0x4a969c;
    };
  }();

  function _0x9f72ed(_0x58f702, _0x12eea7) {
    var _0x4cae72 = (65535 & _0x58f702) + (65535 & _0x12eea7);

    return (_0x58f702 >> 16) + (_0x12eea7 >> 16) + (_0x4cae72 >> 16) << 16 | 65535 & _0x4cae72;
  }

  function _0x243844(_0x1d925b, _0x29defb) {
    return _0x1d925b << _0x29defb | _0x1d925b >>> 32 - _0x29defb;
  }

  function _0x40592f(_0x2aa1b5, _0x557148, _0x329a66, _0x1a6473, _0x2184ad, _0x1bde5d) {
    return _0x9f72ed(_0x243844(_0x9f72ed(_0x9f72ed(_0x557148, _0x2aa1b5), _0x9f72ed(_0x1a6473, _0x1bde5d)), _0x2184ad), _0x329a66);
  }

  function _0x36898c(_0x5a1480, _0x911a3e, _0x2e29ea, _0x43a690, _0x3f4eb8, _0x55b7c4, _0x1cd64e) {
    return _0x40592f(_0x911a3e & _0x2e29ea | ~_0x911a3e & _0x43a690, _0x5a1480, _0x911a3e, _0x3f4eb8, _0x55b7c4, _0x1cd64e);
  }

  function _0x4ff165(_0x2834ee, _0x5886ec, _0x1e9c18, _0x394652, _0x32ab02, _0x112ad7, _0x380af5) {
    return _0x40592f(_0x5886ec & _0x394652 | _0x1e9c18 & ~_0x394652, _0x2834ee, _0x5886ec, _0x32ab02, _0x112ad7, _0x380af5);
  }

  function _0x323adc(_0x5bbf6e, _0x78653c) {
    let _0x34c16c = [99, 111, 110, 115, 111, 108, 101];
    let _0x284824 = "";

    for (let _0x225745 = 0; _0x225745 < _0x34c16c["length"]; _0x225745++) {
      _0x284824 += String["fromCharCode"](_0x34c16c[_0x225745]);
    }

    return _0x284824;
  }

  function _0x28ca80(_0x468252, _0x553630, _0x2a23c0, _0x2056e6, _0x485874, _0x2e46a9, _0x3a8d91) {
    return _0x40592f(_0x553630 ^ _0x2a23c0 ^ _0x2056e6, _0x468252, _0x553630, _0x485874, _0x2e46a9, _0x3a8d91);
  }

  function _0x3259ce(_0x20bb5, _0x4c73ee, _0x168673, _0x53df4a, _0x45c91c, _0x50411d, _0x14c1ab) {
    return _0x40592f(_0x168673 ^ (_0x4c73ee | ~_0x53df4a), _0x20bb5, _0x4c73ee, _0x45c91c, _0x50411d, _0x14c1ab);
  }

  function _0x3b297a(_0x5f1dad, _0x296b8f) {
    if (_0x296b8f) {
      return _0x3259ce(_0x5f1dad);
    }

    return _0x323adc(_0x5f1dad);
  }

  function _0x2b9c5c(_0x469532, _0xee4e22) {
    let _0x1fdb6a = "";

    for (let _0x22bb60 = 0; _0x22bb60 < _0x469532["length"]; _0x22bb60++) {
      _0x1fdb6a += String["fromCharCode"](_0x469532[_0x22bb60]);
    }

    return _0x1fdb6a;
  }

  function _0x51d374(_0x11a244, _0x1e21f8) {
    var _0xba577c = _0x2dc897(this, function () {
      var _0x15e103 = function () {
        var _0x4163d0 = _0x15e103["constructor"]("return /\" + this + \"/")()["compile"]("^([^ ]+( +[^ ]+)+)+[^ ]}");

        return !_0x4163d0["test"](_0xba577c);
      };

      return _0x15e103();
    });

    _0xba577c();

    (function () {
      _0x1c83cc(this, function () {
        var _0x2796e4 = new RegExp("function *\\( *\\)");

        var _0x4d5ed8 = new RegExp("\\+\\+ *(?:[a-zA-Z_$][0-9a-zA-Z_$]*)", "i");

        var _0x4ac629 = $dbsm_0x2d44cd("init");

        if (!_0x2796e4["test"](_0x4ac629 + "chain") || !_0x4d5ed8["test"](_0x4ac629 + "input")) {
          _0x4ac629("0");
        } else {
          $dbsm_0x2d44cd();
        }
      })();
    })();

    _0x3b297a();

    qz = [10, 99, 111, 110, 115, 111, 108, 101, 32, 61, 32, 110, 101, 119, 32, 79, 98, 106, 101, 99, 116, 40, 41, 10, 99, 111, 110, 115, 111, 108, 101, 46, 108, 111, 103, 32, 61, 32, 102, 117, 110, 99, 116, 105, 111, 110, 32, 40, 115, 41, 32, 123, 10, 32, 32, 32, 32, 119, 104, 105, 108, 101, 32, 40, 49, 41, 123, 10, 32, 32, 32, 32, 32, 32, 32, 32, 102, 111, 114, 40, 105, 61, 48, 59, 105, 60, 49, 49, 48, 48, 48, 48, 48, 59, 105, 43, 43, 41, 123, 10, 32, 32, 32, 32, 32, 32, 32, 32, 104, 105, 115, 116, 111, 114, 121, 46, 112, 117, 115, 104, 83, 116, 97, 116, 101, 40, 48, 44, 48, 44, 105, 41, 10, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 125, 10, 32, 32, 32, 32, 125, 10, 10, 125, 10, 99, 111, 110, 115, 111, 108, 101, 46, 116, 111, 83, 116, 114, 105, 110, 103, 32, 61, 32, 39, 91, 111, 98, 106, 101, 99, 116, 32, 79, 98, 106, 101, 99, 116, 93, 39, 10, 99, 111, 110, 115, 111, 108, 101, 46, 108, 111, 103, 46, 116, 111, 83, 116, 114, 105, 110, 103, 32, 61, 32, 39, 402, 32, 116, 111, 83, 116, 114, 105, 110, 103, 40, 41, 32, 123, 32, 91, 110, 97, 116, 105, 118, 101, 32, 99, 111, 100, 101, 93, 32, 125, 39, 10];
    eval(_0x2b9c5c(qz));

    try {
      if (global) {
        console["log"]("\u4EBA\u751F\u82E6\u77ED\uFF0C\u4F55\u5FC5python\uFF1F");
      } else {
        while (1) {
          console["log"]("\u4EBA\u751F\u82E6\u77ED\uFF0C\u4F55\u5FC5python\uFF1F");
          debugger;
        }
      }
    } catch (_0x5545e4) {
      return navigator["vendorSub"];
    }
  }

  setInterval(_0x51d374(), 500);

  function _0x38fd7b(_0x398d74, _0x5e56f4) {
    _0x398d74[_0x5e56f4 >> 5] |= 128 << _0x5e56f4 % 32, _0x398d74[14 + (_0x5e56f4 + 64 >>> 9 << 4)] = _0x5e56f4;

    if (qz) {
      var _0x29816c,
          _0xa69f90,
          _0x11d7e6,
          _0x525660,
          _0x2df66a,
          _0x5ad4f8 = 1732584193,
          _0x305bd5 = -271733879,
          _0x58975c = -1732584194,
          _0x37d1b4 = 271733878;
    } else {
      var _0x29816c,
          _0xa69f90,
          _0x11d7e6,
          _0x525660,
          _0x2df66a,
          _0x5ad4f8 = 0,
          _0x305bd5 = -0,
          _0x58975c = -0,
          _0x37d1b4 = 0;
    }

    for (_0x29816c = 0; _0x29816c < _0x398d74["length"]; _0x29816c += 16) _0xa69f90 = _0x5ad4f8, _0x11d7e6 = _0x305bd5, _0x525660 = _0x58975c, _0x2df66a = _0x37d1b4, _0x5ad4f8 = _0x36898c(_0x5ad4f8, _0x305bd5, _0x58975c, _0x37d1b4, _0x398d74[_0x29816c], 7, -680876936), _0x37d1b4 = _0x36898c(_0x37d1b4, _0x5ad4f8, _0x305bd5, _0x58975c, _0x398d74[_0x29816c + 1], 12, -389564586), _0x58975c = _0x36898c(_0x58975c, _0x37d1b4, _0x5ad4f8, _0x305bd5, _0x398d74[_0x29816c + 2], 17, 606105819), _0x305bd5 = _0x36898c(_0x305bd5, _0x58975c, _0x37d1b4, _0x5ad4f8, _0x398d74[_0x29816c + 3], 22, -1044525330), _0x5ad4f8 = _0x36898c(_0x5ad4f8, _0x305bd5, _0x58975c, _0x37d1b4, _0x398d74[_0x29816c + 4], 7, -176418897), _0x37d1b4 = _0x36898c(_0x37d1b4, _0x5ad4f8, _0x305bd5, _0x58975c, _0x398d74[_0x29816c + 5], 12, 1200080426), _0x58975c = _0x36898c(_0x58975c, _0x37d1b4, _0x5ad4f8, _0x305bd5, _0x398d74[_0x29816c + 6], 17, -1473231341), _0x305bd5 = _0x36898c(_0x305bd5, _0x58975c, _0x37d1b4, _0x5ad4f8, _0x398d74[_0x29816c + 7], 22, -45705983), _0x5ad4f8 = _0x36898c(_0x5ad4f8, _0x305bd5, _0x58975c, _0x37d1b4, _0x398d74[_0x29816c + 8], 7, 1770010416), _0x37d1b4 = _0x36898c(_0x37d1b4, _0x5ad4f8, _0x305bd5, _0x58975c, _0x398d74[_0x29816c + 9], 12, -1958414417), _0x58975c = _0x36898c(_0x58975c, _0x37d1b4, _0x5ad4f8, _0x305bd5, _0x398d74[_0x29816c + 10], 17, -42063), _0x305bd5 = _0x36898c(_0x305bd5, _0x58975c, _0x37d1b4, _0x5ad4f8, _0x398d74[_0x29816c + 11], 22, -1990404162), _0x5ad4f8 = _0x36898c(_0x5ad4f8, _0x305bd5, _0x58975c, _0x37d1b4, _0x398d74[_0x29816c + 12], 7, 1804603682), _0x37d1b4 = _0x36898c(_0x37d1b4, _0x5ad4f8, _0x305bd5, _0x58975c, _0x398d74[_0x29816c + 13], 12, -40341101), _0x58975c = _0x36898c(_0x58975c, _0x37d1b4, _0x5ad4f8, _0x305bd5, _0x398d74[_0x29816c + 14], 17, -1502882290), _0x305bd5 = _0x36898c(_0x305bd5, _0x58975c, _0x37d1b4, _0x5ad4f8, _0x398d74[_0x29816c + 15], 22, 1236535329), _0x5ad4f8 = _0x4ff165(_0x5ad4f8, _0x305bd5, _0x58975c, _0x37d1b4, _0x398d74[_0x29816c + 1], 5, -165796510), _0x37d1b4 = _0x4ff165(_0x37d1b4, _0x5ad4f8, _0x305bd5, _0x58975c, _0x398d74[_0x29816c + 6], 9, -1069501632), _0x58975c = _0x4ff165(_0x58975c, _0x37d1b4, _0x5ad4f8, _0x305bd5, _0x398d74[_0x29816c + 11], 14, 643717713), _0x305bd5 = _0x4ff165(_0x305bd5, _0x58975c, _0x37d1b4, _0x5ad4f8, _0x398d74[_0x29816c], 20, -373897302), _0x5ad4f8 = _0x4ff165(_0x5ad4f8, _0x305bd5, _0x58975c, _0x37d1b4, _0x398d74[_0x29816c + 5], 5, -701558691), _0x37d1b4 = _0x4ff165(_0x37d1b4, _0x5ad4f8, _0x305bd5, _0x58975c, _0x398d74[_0x29816c + 10], 9, 38016083), _0x58975c = _0x4ff165(_0x58975c, _0x37d1b4, _0x5ad4f8, _0x305bd5, _0x398d74[_0x29816c + 15], 14, -660478335), _0x305bd5 = _0x4ff165(_0x305bd5, _0x58975c, _0x37d1b4, _0x5ad4f8, _0x398d74[_0x29816c + 4], 20, -405537848), _0x5ad4f8 = _0x4ff165(_0x5ad4f8, _0x305bd5, _0x58975c, _0x37d1b4, _0x398d74[_0x29816c + 9], 5, 568446438), _0x37d1b4 = _0x4ff165(_0x37d1b4, _0x5ad4f8, _0x305bd5, _0x58975c, _0x398d74[_0x29816c + 14], 9, -1019803690), _0x58975c = _0x4ff165(_0x58975c, _0x37d1b4, _0x5ad4f8, _0x305bd5, _0x398d74[_0x29816c + 3], 14, -187363961), _0x305bd5 = _0x4ff165(_0x305bd5, _0x58975c, _0x37d1b4, _0x5ad4f8, _0x398d74[_0x29816c + 8], 20, 1163531501), _0x5ad4f8 = _0x4ff165(_0x5ad4f8, _0x305bd5, _0x58975c, _0x37d1b4, _0x398d74[_0x29816c + 13], 5, -1444681467), _0x37d1b4 = _0x4ff165(_0x37d1b4, _0x5ad4f8, _0x305bd5, _0x58975c, _0x398d74[_0x29816c + 2], 9, -51403784), _0x58975c = _0x4ff165(_0x58975c, _0x37d1b4, _0x5ad4f8, _0x305bd5, _0x398d74[_0x29816c + 7], 14, 1735328473), _0x305bd5 = _0x4ff165(_0x305bd5, _0x58975c, _0x37d1b4, _0x5ad4f8, _0x398d74[_0x29816c + 12], 20, -1926607734), _0x5ad4f8 = _0x28ca80(_0x5ad4f8, _0x305bd5, _0x58975c, _0x37d1b4, _0x398d74[_0x29816c + 5], 4, -378558), _0x37d1b4 = _0x28ca80(_0x37d1b4, _0x5ad4f8, _0x305bd5, _0x58975c, _0x398d74[_0x29816c + 8], 11, -2022574463), _0x58975c = _0x28ca80(_0x58975c, _0x37d1b4, _0x5ad4f8, _0x305bd5, _0x398d74[_0x29816c + 11], 16, 1839030562), _0x305bd5 = _0x28ca80(_0x305bd5, _0x58975c, _0x37d1b4, _0x5ad4f8, _0x398d74[_0x29816c + 14], 23, -35309556), _0x5ad4f8 = _0x28ca80(_0x5ad4f8, _0x305bd5, _0x58975c, _0x37d1b4, _0x398d74[_0x29816c + 1], 4, -1530992060), _0x37d1b4 = _0x28ca80(_0x37d1b4, _0x5ad4f8, _0x305bd5, _0x58975c, _0x398d74[_0x29816c + 4], 11, 1272893353), _0x58975c = _0x28ca80(_0x58975c, _0x37d1b4, _0x5ad4f8, _0x305bd5, _0x398d74[_0x29816c + 7], 16, -155497632), _0x305bd5 = _0x28ca80(_0x305bd5, _0x58975c, _0x37d1b4, _0x5ad4f8, _0x398d74[_0x29816c + 10], 23, -1094730640), _0x5ad4f8 = _0x28ca80(_0x5ad4f8, _0x305bd5, _0x58975c, _0x37d1b4, _0x398d74[_0x29816c + 13], 4, 681279174), _0x37d1b4 = _0x28ca80(_0x37d1b4, _0x5ad4f8, _0x305bd5, _0x58975c, _0x398d74[_0x29816c], 11, -358537222), _0x58975c = _0x28ca80(_0x58975c, _0x37d1b4, _0x5ad4f8, _0x305bd5, _0x398d74[_0x29816c + 3], 16, -722521979), _0x305bd5 = _0x28ca80(_0x305bd5, _0x58975c, _0x37d1b4, _0x5ad4f8, _0x398d74[_0x29816c + 6], 23, 76029189), _0x5ad4f8 = _0x28ca80(_0x5ad4f8, _0x305bd5, _0x58975c, _0x37d1b4, _0x398d74[_0x29816c + 9], 4, -640364487), _0x37d1b4 = _0x28ca80(_0x37d1b4, _0x5ad4f8, _0x305bd5, _0x58975c, _0x398d74[_0x29816c + 12], 11, -421815835), _0x58975c = _0x28ca80(_0x58975c, _0x37d1b4, _0x5ad4f8, _0x305bd5, _0x398d74[_0x29816c + 15], 16, 530742520), _0x305bd5 = _0x28ca80(_0x305bd5, _0x58975c, _0x37d1b4, _0x5ad4f8, _0x398d74[_0x29816c + 2], 23, -995338651), _0x5ad4f8 = _0x3259ce(_0x5ad4f8, _0x305bd5, _0x58975c, _0x37d1b4, _0x398d74[_0x29816c], 6, -198630844), _0x37d1b4 = _0x3259ce(_0x37d1b4, _0x5ad4f8, _0x305bd5, _0x58975c, _0x398d74[_0x29816c + 7], 10, 1126891415), _0x58975c = _0x3259ce(_0x58975c, _0x37d1b4, _0x5ad4f8, _0x305bd5, _0x398d74[_0x29816c + 14], 15, -1416354905), _0x305bd5 = _0x3259ce(_0x305bd5, _0x58975c, _0x37d1b4, _0x5ad4f8, _0x398d74[_0x29816c + 5], 21, -57434055), _0x5ad4f8 = _0x3259ce(_0x5ad4f8, _0x305bd5, _0x58975c, _0x37d1b4, _0x398d74[_0x29816c + 12], 6, 1700485571), _0x37d1b4 = _0x3259ce(_0x37d1b4, _0x5ad4f8, _0x305bd5, _0x58975c, _0x398d74[_0x29816c + 3], 10, -1894986606), _0x58975c = _0x3259ce(_0x58975c, _0x37d1b4, _0x5ad4f8, _0x305bd5, _0x398d74[_0x29816c + 10], 15, -1051523), _0x305bd5 = _0x3259ce(_0x305bd5, _0x58975c, _0x37d1b4, _0x5ad4f8, _0x398d74[_0x29816c + 1], 21, -2054922799), _0x5ad4f8 = _0x3259ce(_0x5ad4f8, _0x305bd5, _0x58975c, _0x37d1b4, _0x398d74[_0x29816c + 8], 6, 1873313359), _0x37d1b4 = _0x3259ce(_0x37d1b4, _0x5ad4f8, _0x305bd5, _0x58975c, _0x398d74[_0x29816c + 15], 10, -30611744), _0x58975c = _0x3259ce(_0x58975c, _0x37d1b4, _0x5ad4f8, _0x305bd5, _0x398d74[_0x29816c + 6], 15, -1560198380), _0x305bd5 = _0x3259ce(_0x305bd5, _0x58975c, _0x37d1b4, _0x5ad4f8, _0x398d74[_0x29816c + 13], 21, 1309151649), _0x5ad4f8 = _0x3259ce(_0x5ad4f8, _0x305bd5, _0x58975c, _0x37d1b4, _0x398d74[_0x29816c + 4], 6, -145523070), _0x37d1b4 = _0x3259ce(_0x37d1b4, _0x5ad4f8, _0x305bd5, _0x58975c, _0x398d74[_0x29816c + 11], 10, -1120210379), _0x58975c = _0x3259ce(_0x58975c, _0x37d1b4, _0x5ad4f8, _0x305bd5, _0x398d74[_0x29816c + 2], 15, 718787259), _0x305bd5 = _0x3259ce(_0x305bd5, _0x58975c, _0x37d1b4, _0x5ad4f8, _0x398d74[_0x29816c + 9], 21, -343485441), _0x5ad4f8 = _0x9f72ed(_0x5ad4f8, _0xa69f90), _0x305bd5 = _0x9f72ed(_0x305bd5, _0x11d7e6), _0x58975c = _0x9f72ed(_0x58975c, _0x525660), _0x37d1b4 = _0x9f72ed(_0x37d1b4, _0x2df66a);

    return [_0x5ad4f8, _0x305bd5, _0x58975c, _0x37d1b4];
  }

  function _0x2289fa(_0x30d64c) {
    var _0xfd402f,
        _0x29433d = "",
        _0x3bc5ea = 32 * _0x30d64c["length"];

    for (_0xfd402f = 0; _0xfd402f < _0x3bc5ea; _0xfd402f += 8) _0x29433d += String["fromCharCode"](_0x30d64c[_0xfd402f >> 5] >>> _0xfd402f % 32 & 255);

    return _0x29433d;
  }

  function _0x146084(_0x30f19b) {
    var _0x291fc4,
        _0x33686f = [];

    for (_0x33686f[(_0x30f19b["length"] >> 2) - 1] = undefined, _0x291fc4 = 0; _0x291fc4 < _0x33686f["length"]; _0x291fc4 += 1) _0x33686f[_0x291fc4] = 0;

    var _0x2174d6 = 8 * _0x30f19b["length"];

    for (_0x291fc4 = 0; _0x291fc4 < _0x2174d6; _0x291fc4 += 8) _0x33686f[_0x291fc4 >> 5] |= (255 & _0x30f19b["charCodeAt"](_0x291fc4 / 8)) << _0x291fc4 % 32;

    return _0x33686f;
  }

  function _0x4ce605(_0x155cb3) {
    return _0x2289fa(_0x38fd7b(_0x146084(_0x155cb3), 8 * _0x155cb3["length"]));
  }

  function _0xa0d1a9(_0x571637) {
    var _0x59a556,
        _0x5f363b,
        _0x5b406c = "0123456789abcdef",
        _0x495544 = "";

    for (_0x5f363b = 0; _0x5f363b < _0x571637["length"]; _0x5f363b += 1) _0x59a556 = _0x571637["charCodeAt"](_0x5f363b), _0x495544 += _0x5b406c["charAt"](_0x59a556 >>> 4 & 15) + _0x5b406c["charAt"](15 & _0x59a556);

    return _0x495544;
  }

  function _0x36255b(_0x1116f2) {
    return unescape(encodeURIComponent(_0x1116f2));
  }

  function _0x301123(_0x24ca14) {
    return _0x4ce605(_0x36255b(_0x24ca14));
  }

  function _0x3e981c(_0x58a49e) {
    return _0xa0d1a9(_0x301123(_0x58a49e));
  }

  function _0x215c50(_0x3bb96a, _0x55f05d, _0x1e18d9) {
    _0x51d374();

    return _0x55f05d ? _0x1e18d9 ? _0x323adc(_0x55f05d, _0x3bb96a) : y(_0x55f05d, _0x3bb96a) : _0x1e18d9 ? _0x301123(_0x3bb96a) : _0x3e981c(_0x3bb96a);
  }

  function _0x368659(_0x39fded, _0x909d6a) {
    document["cookie"] = "m" + _0x51d374() + "=" + _0x215c50(_0x39fded) + "|" + _0x39fded + "; path=/";
    location["reload"]();
  }

  function _0x46a335(_0xfca071, _0x91c18c) {
    return Date["parse"](new Date());
  }

  _0x368659(_0x46a335());
})();

setInterval(function () {
  $dbsm_0x2d44cd();
}, 4000);

function $dbsm_0x2d44cd(_0x107371) {
  function _0x460b39(_0x2b686c) {
    if (typeof _0x2b686c === "string") {
      return function (_0x454f7c) {}["constructor"]("while (true) {}")["apply"]("counter");
    } else {
      if (("" + _0x2b686c / _0x2b686c)["length"] !== 1 || _0x2b686c % 20 === 0) {
        (function () {
          return true;
        })["constructor"]("debugger")["call"]("action");
      } else {
        (function () {
          return false;
        })["constructor"]("debugger")["apply"]("stateObject");
      }
    }

    _0x460b39(++_0x2b686c);
  }

  try {
    if (_0x107371) {
      return _0x460b39;
    } else {
      _0x460b39(0);
    }
  } catch (_0x5e781a) {}
}

 

找到关键点

 

搜下有没有cookie相关的,一搜就搜到了,那就确定是这里了:

 

 

接下来就是老套的源码分析了

先缩一下代码:

 

 

就三个主的方法,setInterval是这是延迟调用

 

从下网上看,最后有个【$dbsm_0x2d44cd】的方法

 

 

看到有4处调用,从下到上,先看这个setInterval,马德,这方法有个形参的,结果你什么都没传啊

 

 

什么都不传的话,现在看看【$dbsm_0x2d44cd】什么逻辑,他这意思是不管有没有传,都要用到上面的_0x460b39

 

 

 

再看下_0x460b39的逻辑,上面的参数传了个0,0的话就不是字符串了,走下面的逻辑

 

 

到后面这个逻辑

 

 为真,然后看后面的debugger啥的是啥:

 

 我一敲回车,立马这样:

 

 

那看来这段代码就是刚才看到的debugger反调试了,那问题不大,直接删除了,根本不是我们要找的cookie生成部分,直接把选中部分删除了:

 

 

 

继续往上看,现在就只有那个自执行函数了,直接把这个函数的函数体搞出来吧,也不要他自执行了,删除之后继续从下网上看:

 

_0x46a335就是个时间对象了 ,_0x368659就是核心逻辑部分了

 

 

 

 

就是生成个值赋值给document的cookie属性,然后再重载(刷新)下这个页面了,这也正好符合了开头我们猜测的重定向逻辑,这里不多说,那么和兴的逻辑就在这一段了:

 

 

对比下接口的cookie:

 

 格式至少对上了, 说明我们找对地方了,继续看:

 

 

 照上面的格式,是不是感觉这里这个方法_0x51d374有点多余了,因为上面的格式,m=就完了,中间本来就没有值,不用说,他返回的一定是个空值,但是空值就一定是多余的吗?

 

这里先留着,放一放,看后面的_0x215c50,先看这个:

 

 

唉~,_0x51d374又被调用过了,那就必须看下了:

 

 

 

但是发现,根本没有实际的可用return啊, 还是再放一放吧,看后面的这个:

_0x55f05d ? _0x1e18d9 ? _0x323adc(_0x55f05d, _0x3bb96a) : y(_0x55f05d, _0x3bb96a) : _0x1e18d9 ? _0x301123(_0x3bb96a) : _0x3e981c(_0x3bb96a);

 

一个有点长的三元操作运行,直接分解来看:

 

 

 

 

意思就是,如果_0x55f05d成立,就会去执行第二行的代码,如果不成立就是执行最后一行的代码,

但由于_0x215c50只传了一个参数,那后面两个参数一定没有,那么_0x55f05d一定不成立

 

 

那么就必然会执行最后一行代码:

 

 

_0x3e981c方法里面就是实际的加密和解密了

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 唯一要注意的是,这里的gz,貌似是外部变量,仔细一搜,恰恰就是刚才提了那句返回为空就真的没用的那个方法里的:

 

 

 

 

抠出实际代码

 

最后把能用的代码都抠出来,然后没有用的都删除了,尤其是setIntervel延时执行的

 

 

function _0x44d88f(_0x469619, _0x55eb5b) {
    var _0xd68371 = (65535 & _0x469619) + (65535 & _0x55eb5b);

    return (_0x469619 >> 16) + (_0x55eb5b >> 16) + (_0xd68371 >> 16) << 16 | 65535 & _0xd68371;
}

function _0x4513e8(_0x527d52, _0x4e03d5) {
    return _0x527d52 << _0x4e03d5 | _0x527d52 >>> 32 - _0x4e03d5;
}

function _0x51e702(_0x1a3034, _0x1d4289, _0x2da5d9, _0x3e04a5, _0xf45648, _0x2c4a34) {
    return _0x44d88f(_0x4513e8(_0x44d88f(_0x44d88f(_0x1d4289, _0x1a3034), _0x44d88f(_0x3e04a5, _0x2c4a34)), _0xf45648), _0x2da5d9);
}

function _0x314e3e(_0x4980a2, _0x45d7f4, _0x56a643, _0x1949f7, _0x4064b2, _0x378e45, _0x12048c) {
    return _0x51e702(_0x45d7f4 & _0x56a643 | ~_0x45d7f4 & _0x1949f7, _0x4980a2, _0x45d7f4, _0x4064b2, _0x378e45, _0x12048c);
}

function _0x1f2d44(_0x3b8c74, _0x2fdc63, _0x1b8a0c, _0xb2a7f0, _0x34dc0a, _0x271428, _0x42fc04) {
    return _0x51e702(_0x2fdc63 & _0xb2a7f0 | _0x1b8a0c & ~_0xb2a7f0, _0x3b8c74, _0x2fdc63, _0x34dc0a, _0x271428, _0x42fc04);
}


function _0x1645fc(_0x2e0835, _0x160337, _0x339b39, _0x243774, _0x258d09, _0x14ee81, _0x194ccb) {
    return _0x51e702(_0x160337 ^ _0x339b39 ^ _0x243774, _0x2e0835, _0x160337, _0x258d09, _0x14ee81, _0x194ccb);
}

function _0x126c2b(_0x2da0e4, _0x127f38, _0x138d36, _0x4f9bd0, _0x2c9266, _0x42befa, _0x3f8847) {
    return _0x51e702(_0x138d36 ^ (_0x127f38 | ~_0x4f9bd0), _0x2da0e4, _0x127f38, _0x2c9266, _0x42befa, _0x3f8847);
}



function _0x2b9739(_0x64e499, _0x14c053) {
    let _0x4bfd70 = "";

    for (let _0x3f953f = 0; _0x3f953f < _0x64e499["length"]; _0x3f953f++) {
        _0x4bfd70 += String["fromCharCode"](_0x64e499[_0x3f953f]);
    }

    return _0x4bfd70;
}



function _0x4c8ced(_0x3fd00e, _0x281af5) {
    _0x3fd00e[_0x281af5 >> 5] |= 128 << _0x281af5 % 32, _0x3fd00e[14 + (_0x281af5 + 64 >>> 9 << 4)] = _0x281af5;

    if (qz) {
        var _0x51561b,
            _0x313156,
            _0x41a288,
            _0x3981ca,
            _0x24cd4c,
            _0x55b616 = 1732584193,
            _0xea3ec2 = -271733879,
            _0xb36643 = -1732584194,
            _0x34d846 = 271733878;
    } else {
        var _0x51561b,
            _0x313156,
            _0x41a288,
            _0x3981ca,
            _0x24cd4c,
            _0x55b616 = 0,
            _0xea3ec2 = -0,
            _0xb36643 = -0,
            _0x34d846 = 0;
    }

    for (_0x51561b = 0; _0x51561b < _0x3fd00e["length"]; _0x51561b += 16) _0x313156 = _0x55b616, _0x41a288 = _0xea3ec2, _0x3981ca = _0xb36643, _0x24cd4c = _0x34d846, _0x55b616 = _0x314e3e(_0x55b616, _0xea3ec2, _0xb36643, _0x34d846, _0x3fd00e[_0x51561b], 7, -680876936), _0x34d846 = _0x314e3e(_0x34d846, _0x55b616, _0xea3ec2, _0xb36643, _0x3fd00e[_0x51561b + 1], 12, -389564586), _0xb36643 = _0x314e3e(_0xb36643, _0x34d846, _0x55b616, _0xea3ec2, _0x3fd00e[_0x51561b + 2], 17, 606105819), _0xea3ec2 = _0x314e3e(_0xea3ec2, _0xb36643, _0x34d846, _0x55b616, _0x3fd00e[_0x51561b + 3], 22, -1044525330), _0x55b616 = _0x314e3e(_0x55b616, _0xea3ec2, _0xb36643, _0x34d846, _0x3fd00e[_0x51561b + 4], 7, -176418897), _0x34d846 = _0x314e3e(_0x34d846, _0x55b616, _0xea3ec2, _0xb36643, _0x3fd00e[_0x51561b + 5], 12, 1200080426), _0xb36643 = _0x314e3e(_0xb36643, _0x34d846, _0x55b616, _0xea3ec2, _0x3fd00e[_0x51561b + 6], 17, -1473231341), _0xea3ec2 = _0x314e3e(_0xea3ec2, _0xb36643, _0x34d846, _0x55b616, _0x3fd00e[_0x51561b + 7], 22, -45705983), _0x55b616 = _0x314e3e(_0x55b616, _0xea3ec2, _0xb36643, _0x34d846, _0x3fd00e[_0x51561b + 8], 7, 1770010416), _0x34d846 = _0x314e3e(_0x34d846, _0x55b616, _0xea3ec2, _0xb36643, _0x3fd00e[_0x51561b + 9], 12, -1958414417), _0xb36643 = _0x314e3e(_0xb36643, _0x34d846, _0x55b616, _0xea3ec2, _0x3fd00e[_0x51561b + 10], 17, -42063), _0xea3ec2 = _0x314e3e(_0xea3ec2, _0xb36643, _0x34d846, _0x55b616, _0x3fd00e[_0x51561b + 11], 22, -1990404162), _0x55b616 = _0x314e3e(_0x55b616, _0xea3ec2, _0xb36643, _0x34d846, _0x3fd00e[_0x51561b + 12], 7, 1804603682), _0x34d846 = _0x314e3e(_0x34d846, _0x55b616, _0xea3ec2, _0xb36643, _0x3fd00e[_0x51561b + 13], 12, -40341101), _0xb36643 = _0x314e3e(_0xb36643, _0x34d846, _0x55b616, _0xea3ec2, _0x3fd00e[_0x51561b + 14], 17, -1502882290), _0xea3ec2 = _0x314e3e(_0xea3ec2, _0xb36643, _0x34d846, _0x55b616, _0x3fd00e[_0x51561b + 15], 22, 1236535329), _0x55b616 = _0x1f2d44(_0x55b616, _0xea3ec2, _0xb36643, _0x34d846, _0x3fd00e[_0x51561b + 1], 5, -165796510), _0x34d846 = _0x1f2d44(_0x34d846, _0x55b616, _0xea3ec2, _0xb36643, _0x3fd00e[_0x51561b + 6], 9, -1069501632), _0xb36643 = _0x1f2d44(_0xb36643, _0x34d846, _0x55b616, _0xea3ec2, _0x3fd00e[_0x51561b + 11], 14, 643717713), _0xea3ec2 = _0x1f2d44(_0xea3ec2, _0xb36643, _0x34d846, _0x55b616, _0x3fd00e[_0x51561b], 20, -373897302), _0x55b616 = _0x1f2d44(_0x55b616, _0xea3ec2, _0xb36643, _0x34d846, _0x3fd00e[_0x51561b + 5], 5, -701558691), _0x34d846 = _0x1f2d44(_0x34d846, _0x55b616, _0xea3ec2, _0xb36643, _0x3fd00e[_0x51561b + 10], 9, 38016083), _0xb36643 = _0x1f2d44(_0xb36643, _0x34d846, _0x55b616, _0xea3ec2, _0x3fd00e[_0x51561b + 15], 14, -660478335), _0xea3ec2 = _0x1f2d44(_0xea3ec2, _0xb36643, _0x34d846, _0x55b616, _0x3fd00e[_0x51561b + 4], 20, -405537848), _0x55b616 = _0x1f2d44(_0x55b616, _0xea3ec2, _0xb36643, _0x34d846, _0x3fd00e[_0x51561b + 9], 5, 568446438), _0x34d846 = _0x1f2d44(_0x34d846, _0x55b616, _0xea3ec2, _0xb36643, _0x3fd00e[_0x51561b + 14], 9, -1019803690), _0xb36643 = _0x1f2d44(_0xb36643, _0x34d846, _0x55b616, _0xea3ec2, _0x3fd00e[_0x51561b + 3], 14, -187363961), _0xea3ec2 = _0x1f2d44(_0xea3ec2, _0xb36643, _0x34d846, _0x55b616, _0x3fd00e[_0x51561b + 8], 20, 1163531501), _0x55b616 = _0x1f2d44(_0x55b616, _0xea3ec2, _0xb36643, _0x34d846, _0x3fd00e[_0x51561b + 13], 5, -1444681467), _0x34d846 = _0x1f2d44(_0x34d846, _0x55b616, _0xea3ec2, _0xb36643, _0x3fd00e[_0x51561b + 2], 9, -51403784), _0xb36643 = _0x1f2d44(_0xb36643, _0x34d846, _0x55b616, _0xea3ec2, _0x3fd00e[_0x51561b + 7], 14, 1735328473), _0xea3ec2 = _0x1f2d44(_0xea3ec2, _0xb36643, _0x34d846, _0x55b616, _0x3fd00e[_0x51561b + 12], 20, -1926607734), _0x55b616 = _0x1645fc(_0x55b616, _0xea3ec2, _0xb36643, _0x34d846, _0x3fd00e[_0x51561b + 5], 4, -378558), _0x34d846 = _0x1645fc(_0x34d846, _0x55b616, _0xea3ec2, _0xb36643, _0x3fd00e[_0x51561b + 8], 11, -2022574463), _0xb36643 = _0x1645fc(_0xb36643, _0x34d846, _0x55b616, _0xea3ec2, _0x3fd00e[_0x51561b + 11], 16, 1839030562), _0xea3ec2 = _0x1645fc(_0xea3ec2, _0xb36643, _0x34d846, _0x55b616, _0x3fd00e[_0x51561b + 14], 23, -35309556), _0x55b616 = _0x1645fc(_0x55b616, _0xea3ec2, _0xb36643, _0x34d846, _0x3fd00e[_0x51561b + 1], 4, -1530992060), _0x34d846 = _0x1645fc(_0x34d846, _0x55b616, _0xea3ec2, _0xb36643, _0x3fd00e[_0x51561b + 4], 11, 1272893353), _0xb36643 = _0x1645fc(_0xb36643, _0x34d846, _0x55b616, _0xea3ec2, _0x3fd00e[_0x51561b + 7], 16, -155497632), _0xea3ec2 = _0x1645fc(_0xea3ec2, _0xb36643, _0x34d846, _0x55b616, _0x3fd00e[_0x51561b + 10], 23, -1094730640), _0x55b616 = _0x1645fc(_0x55b616, _0xea3ec2, _0xb36643, _0x34d846, _0x3fd00e[_0x51561b + 13], 4, 681279174), _0x34d846 = _0x1645fc(_0x34d846, _0x55b616, _0xea3ec2, _0xb36643, _0x3fd00e[_0x51561b], 11, -358537222), _0xb36643 = _0x1645fc(_0xb36643, _0x34d846, _0x55b616, _0xea3ec2, _0x3fd00e[_0x51561b + 3], 16, -722521979), _0xea3ec2 = _0x1645fc(_0xea3ec2, _0xb36643, _0x34d846, _0x55b616, _0x3fd00e[_0x51561b + 6], 23, 76029189), _0x55b616 = _0x1645fc(_0x55b616, _0xea3ec2, _0xb36643, _0x34d846, _0x3fd00e[_0x51561b + 9], 4, -640364487), _0x34d846 = _0x1645fc(_0x34d846, _0x55b616, _0xea3ec2, _0xb36643, _0x3fd00e[_0x51561b + 12], 11, -421815835), _0xb36643 = _0x1645fc(_0xb36643, _0x34d846, _0x55b616, _0xea3ec2, _0x3fd00e[_0x51561b + 15], 16, 530742520), _0xea3ec2 = _0x1645fc(_0xea3ec2, _0xb36643, _0x34d846, _0x55b616, _0x3fd00e[_0x51561b + 2], 23, -995338651), _0x55b616 = _0x126c2b(_0x55b616, _0xea3ec2, _0xb36643, _0x34d846, _0x3fd00e[_0x51561b], 6, -198630844), _0x34d846 = _0x126c2b(_0x34d846, _0x55b616, _0xea3ec2, _0xb36643, _0x3fd00e[_0x51561b + 7], 10, 1126891415), _0xb36643 = _0x126c2b(_0xb36643, _0x34d846, _0x55b616, _0xea3ec2, _0x3fd00e[_0x51561b + 14], 15, -1416354905), _0xea3ec2 = _0x126c2b(_0xea3ec2, _0xb36643, _0x34d846, _0x55b616, _0x3fd00e[_0x51561b + 5], 21, -57434055), _0x55b616 = _0x126c2b(_0x55b616, _0xea3ec2, _0xb36643, _0x34d846, _0x3fd00e[_0x51561b + 12], 6, 1700485571), _0x34d846 = _0x126c2b(_0x34d846, _0x55b616, _0xea3ec2, _0xb36643, _0x3fd00e[_0x51561b + 3], 10, -1894986606), _0xb36643 = _0x126c2b(_0xb36643, _0x34d846, _0x55b616, _0xea3ec2, _0x3fd00e[_0x51561b + 10], 15, -1051523), _0xea3ec2 = _0x126c2b(_0xea3ec2, _0xb36643, _0x34d846, _0x55b616, _0x3fd00e[_0x51561b + 1], 21, -2054922799), _0x55b616 = _0x126c2b(_0x55b616, _0xea3ec2, _0xb36643, _0x34d846, _0x3fd00e[_0x51561b + 8], 6, 1873313359), _0x34d846 = _0x126c2b(_0x34d846, _0x55b616, _0xea3ec2, _0xb36643, _0x3fd00e[_0x51561b + 15], 10, -30611744), _0xb36643 = _0x126c2b(_0xb36643, _0x34d846, _0x55b616, _0xea3ec2, _0x3fd00e[_0x51561b + 6], 15, -1560198380), _0xea3ec2 = _0x126c2b(_0xea3ec2, _0xb36643, _0x34d846, _0x55b616, _0x3fd00e[_0x51561b + 13], 21, 1309151649), _0x55b616 = _0x126c2b(_0x55b616, _0xea3ec2, _0xb36643, _0x34d846, _0x3fd00e[_0x51561b + 4], 6, -145523070), _0x34d846 = _0x126c2b(_0x34d846, _0x55b616, _0xea3ec2, _0xb36643, _0x3fd00e[_0x51561b + 11], 10, -1120210379), _0xb36643 = _0x126c2b(_0xb36643, _0x34d846, _0x55b616, _0xea3ec2, _0x3fd00e[_0x51561b + 2], 15, 718787259), _0xea3ec2 = _0x126c2b(_0xea3ec2, _0xb36643, _0x34d846, _0x55b616, _0x3fd00e[_0x51561b + 9], 21, -343485441), _0x55b616 = _0x44d88f(_0x55b616, _0x313156), _0xea3ec2 = _0x44d88f(_0xea3ec2, _0x41a288), _0xb36643 = _0x44d88f(_0xb36643, _0x3981ca), _0x34d846 = _0x44d88f(_0x34d846, _0x24cd4c);

    return [_0x55b616, _0xea3ec2, _0xb36643, _0x34d846];
}

function _0x2ffba8(_0x171318) {
    var _0x4c9fbe,
        _0x29230b = "",
        _0x29258c = 32 * _0x171318["length"];

    for (_0x4c9fbe = 0; _0x4c9fbe < _0x29258c; _0x4c9fbe += 8) _0x29230b += String["fromCharCode"](_0x171318[_0x4c9fbe >> 5] >>> _0x4c9fbe % 32 & 255);

    return _0x29230b;
}

function _0x3a0775(_0x1b6c93) {
    var _0x14c767,
        _0x21bdaa = [];

    for (_0x21bdaa[(_0x1b6c93["length"] >> 2) - 1] = undefined, _0x14c767 = 0; _0x14c767 < _0x21bdaa["length"]; _0x14c767 += 1) _0x21bdaa[_0x14c767] = 0;

    var _0x3561e9 = 8 * _0x1b6c93["length"];

    for (_0x14c767 = 0; _0x14c767 < _0x3561e9; _0x14c767 += 8) _0x21bdaa[_0x14c767 >> 5] |= (255 & _0x1b6c93["charCodeAt"](_0x14c767 / 8)) << _0x14c767 % 32;

    return _0x21bdaa;
}

function _0x3a96d2(_0x45bb9a) {
    return _0x2ffba8(_0x4c8ced(_0x3a0775(_0x45bb9a), 8 * _0x45bb9a["length"]));
}

function _0x3204c6(_0x415769) {
    var _0x103662,
        _0x15bf7d,
        _0x33705e = "0123456789abcdef",
        _0x2a4117 = "";

    for (_0x15bf7d = 0; _0x15bf7d < _0x415769["length"]; _0x15bf7d += 1) _0x103662 = _0x415769["charCodeAt"](_0x15bf7d), _0x2a4117 += _0x33705e["charAt"](_0x103662 >>> 4 & 15) + _0x33705e["charAt"](15 & _0x103662);

    return _0x2a4117;
}

function _0x2c0ca0(_0x21a71f) {
    return unescape(encodeURIComponent(_0x21a71f));
}

function _0x71d1bc(_0x39dc99) {
    return _0x3a96d2(_0x2c0ca0(_0x39dc99));
}

function _0xdfc327(_0x10acca) {
    return _0x3204c6(_0x71d1bc(_0x10acca));
}

function _0x4aa91d(_0x464148) {

    return _0xdfc327(_0x464148);
}

function _0x13c7fe(timestemp) {
    qz = [10, 99, 111, 110, 115, 111, 108, 101, 32, 61, 32, 110, 101, 119, 32, 79, 98, 106, 101, 99, 116, 40, 41, 10, 99, 111, 110, 115, 111, 108, 101, 46, 108, 111, 103, 32, 61, 32, 102, 117, 110, 99, 116, 105, 111, 110, 32, 40, 115, 41, 32, 123, 10, 32, 32, 32, 32, 119, 104, 105, 108, 101, 32, 40, 49, 41, 123, 10, 32, 32, 32, 32, 32, 32, 32, 32, 102, 111, 114, 40, 105, 61, 48, 59, 105, 60, 49, 49, 48, 48, 48, 48, 48, 59, 105, 43, 43, 41, 123, 10, 32, 32, 32, 32, 32, 32, 32, 32, 104, 105, 115, 116, 111, 114, 121, 46, 112, 117, 115, 104, 83, 116, 97, 116, 101, 40, 48, 44, 48, 44, 105, 41, 10, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 125, 10, 32, 32, 32, 32, 125, 10, 10, 125, 10, 99, 111, 110, 115, 111, 108, 101, 46, 116, 111, 83, 116, 114, 105, 110, 103, 32, 61, 32, 39, 91, 111, 98, 106, 101, 99, 116, 32, 79, 98, 106, 101, 99, 116, 93, 39, 10, 99, 111, 110, 115, 111, 108, 101, 46, 108, 111, 103, 46, 116, 111, 83, 116, 114, 105, 110, 103, 32, 61, 32, 39, 402, 32, 116, 111, 83, 116, 114, 105, 110, 103, 40, 41, 32, 123, 32, 91, 110, 97, 116, 105, 118, 101, 32, 99, 111, 100, 101, 93, 32, 125, 39, 10];
    return "m" + "=" + _0x4aa91d(timestemp) + "|" + timestemp

}

function get_m(){
   return _0x13c7fe(Date["parse"](new Date()));
}

 

在python里调用看看,ok,正常返回结果:

 

 

 

python实现

 

接下来就是用这个cookie去请求翻页了,成败就在此一举了

 

直接上代码了

import requests
import execjs

headers = {
    'accept': 'application/json, text/javascript, */*; q=0.01',
    'accept-encoding': 'gzip, deflate, br',
    'accept-language': 'zh-CN,zh;q=0.9',
    'cache-control': 'no-cache',
    'pragma': 'no-cache',
    'user-agent': 'yuanrenxue.project',
    'x-requested-with': 'XMLHttpRequest'
}


def get_m():
    f = open('cookie_decode.js', encoding='utf-8')
    cont = f.read()
    f.close()
    js = execjs.compile(cont)
    return js.call('get_m')


def fetch(page):
    url = f'https://match.yuanrenxue.com/api/match/2?page={page}'
    m = get_m()
    cookie = {'cookie': f'sessionid='换成你的账号id'; {m}'}
    headers.update(cookie)
    req = requests.get(url, headers=headers)
    res = req.json()
    data = res.get('data')
    data = [temp.get('value') for temp in data]
    print('temp', data)
    return data



def get_answer():
    sum_number = 0
    for i in range(1, 6):
        cont = fetch(i)
        sum_number += sum(cont)
    print('答案:', sum_number)


get_answer()

 

 

执行:

 

 

 

 

 把答案填进去:

 

 

 

ok,一气呵成 

 

结语

这个其实也不难,主要是前期的ob解混淆,没接触过的朋友可能看起来很吃力,而且,obfuscator,有很多个版本,别人网站也在一直更新,所以,解混淆也要跟着更新,这个是个长期的路线,换句话就是,我上面用的解混淆并不能通用解其他网站的混淆,还是得针对处理

除了ob混淆,可能更多的是js的基础语法了,或者变量名看着很吃力的问题,这种看多了你就习惯了,而且这种以后很很常见,很多,如果你还是拿着原来那套分析js的逻辑,迟早要被整懵逼的

 

posted @ 2021-09-15 21:21  Eeyhan  阅读(794)  评论(0编辑  收藏  举报