共赢金融贷款登录密码加密JS

1.先打断点,然后慢慢调式

2.找出JS加密方法

点击aes_pwd 加密方法

JS加密方法如图

3.LOGIN_KEY是写死的

__LOGIN_KEY="pbEvJJAotWBlVOeLCOIFjhQkAnHifNjBknJDVuGSAZUSlKVMpY"

/**
 * 密码加密传输
 */
function aes_pwd(pwd){
	return des(escape(__LOGIN_KEY+"%u6570%u5b57"+pwd+"%u52a0%u5bc6"));
}

3.把以下JS抠出来

gongying.js

function des(str) {
var c1, c2, c3;
var base64EncodeChars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
var i = 0,
len = str.length,
string = '';

while (i < len) {
    c1 = str.charCodeAt(i++) & 0xff;
    if (i == len) {
        string += base64EncodeChars.charAt(c1 >> 2);
        string += base64EncodeChars.charAt((c1 & 0x3) << 4);
        string += "==";
        break;
    }
    c2 = str.charCodeAt(i++);
    if (i == len) {
        string += base64EncodeChars.charAt(c1 >> 2);
        string += base64EncodeChars.charAt(((c1 & 0x3) << 4) | ((c2 & 0xF0) >> 4));
        string += base64EncodeChars.charAt((c2 & 0xF) << 2);
        string += "=";
        break;
    }
    c3 = str.charCodeAt(i++);
    string += base64EncodeChars.charAt(c1 >> 2);
    string += base64EncodeChars.charAt(((c1 & 0x3) << 4) | ((c2 & 0xF0) >> 4));
    string += base64EncodeChars.charAt(((c2 & 0xF) << 2) | ((c3 & 0xC0) >> 6));
    string += base64EncodeChars.charAt(c3 & 0x3F)
}
return string;
}

/**
 * 密码加密传输
 */
function aes_pwd(pwd) {
__LOGIN_KEY = "pbEvJJAotWBlVOeLCOIFjhQkAnHifNjBknJDVuGSAZUSlKVMpY"
return des(escape(__LOGIN_KEY + "%u6570%u5b57" + pwd + "%u52a0%u5bc6"));
}

get_gongying.py

#!/usr/bin/env python
# -*- coding:utf-8 -*-

import execjs
import js2py
import threading

lock = threading.Lock()

def aes_pwd_jm(pwd) :

    # with open(r"/opt/gh2/app/whole_web_search/common/tmall_sign.js", encoding='utf-8') as f:
    with open(r"D:\myfile\gongying.js", encoding='utf-8') as f:
        cx = f.read()
    # ctx = execjs.compile(cx)
    # sign_str = _m_h5_tk_first + "&" + time_dd + "&" + "12574478" + "&" + data
    # sign = ctx.call("get_sign_demo", sign_str)
    # print("sign : ", sign)
    lock.acquire()  # 枷锁
    context = js2py.EvalJs()
    context.execute(cx)
    # sign_str = _m_h5_tk_first + "&" + time_dd + "&" + "12574478" + "&" + data
    # sign = context.get_sign_demo(sign_str)
    sp = context.aes_pwd(pwd)
    lock.release()  # 解锁

    del context
    del cx
    return sp


if __name__ == '__main__':
    
    pwd = "7741118522"  # 密码
    sp = aes_pwd_jm(pwd)
    print(sp)

运行以上二个文件结果如下图:
user_pwd: cGJFdkpKQW90V0JsVk9lTENPSUZqaFFrQW5IaWZOakJrbkpEVnVHU0FaVVNsS1ZNcFklMjV1NjU3MCUyNXU1YjU3Nzc0MTExODUyMiUyNXU1MmEwJTI1dTViYzY=

完整JS逆向结束

posted @ 2020-05-09 10:47  莫贞俊晗  阅读(357)  评论(0编辑  收藏  举报