jy验证码协议加密分析学习记录

流程参考

免责声明:

  • 本文章主要用于技术交流学习,作者不承担任何滥用技术所产生的法律责任。如有侵权,请联系作者删除!

分析请求与加密参数

register请求获取challenge和gt

# 访问 https://www.geetest.com/demo/gt/register-slide?t=1709175113777 获取 challenge和gt值
# 响应 {"success":1,"challenge":"a79e7880ec16af4ce333dfe7ed28bd55","gt":"019924a82c70bb123aae90d483087f94","new_captcha":true}

第一次W值分析

# https://apiv6.geetest.com/get.php 请求 貌似是环境检测  
# 访问 https://apiv6.geetest.com/get.php?gt=019924a82c70bb123aae90d483087f94&challenge=a79e7880ec16af4ce333dfe7ed28bd55&lang=zh-cn&pt=0&client_type=web&w=HISc8dMZkg4fOglJaKf6YGocjaLzlZ8jcIUbiqHJfZFOgzO3IiRHcSyKcjmc83qvJlNe(DGab9kz8TqenODEfSg6xDTvup)RosG3y8RFE6CCeEVntKnzAD3B7nwoWlfg3hwxWOtjZ)3FrKXfrtXndgpRA4)Rcf)185u23OXbKoouWxH7qq5)8D16d6u(1fzHgUypBOy5ny36DzhRsIn9FoNF1fFQhzRQYiHfNmFO8rq2YJbVjWqq44EQ7uaOpXz4fJXEnQd05DBpipE)tHPsk98NQyryLV(c42DlZn1aQ2ufCbkgJO9qXi2mJ)5V0sE3ZwYzQ(GiBUt9q2VOKldyCnwZ0)JQqHhBknacnJijG7b6aFrVhiXAcQPjpPyB6wUtWbHpjFP(vAhQs9R31xXfGgCQ014UNuMxOKs0gv)eZPIv73gdY8WSZ49jYWvT)lW0rXGAyzi3TG(uy2syGvJAbbqKJL4FsHN2ZtqG(21lRKqX4JV13qJcEdTyw7Y8qiWMgGjxR3T6wKEj184rM6uPpWQUlGpz3mcFbUAUJVMwK7je2hArl9FFjPudAEFAZ84PefyQyzIeRMa4E19RMjIasO1sdXUgMpasF4jelvdWLBILU0pHXQ0ujSxTfU5ytVj6WDsFIYYkk4fPp2b3GDsXxu9syQKt0cdak(yy8khFY(8bP6MUF5PnDFgL7KTK(98KIoL01RGOFMnzofU(lDk2d)PJ)b8QtotjcyVQ9QkGo2IEl5DQpOPefyH71ccRYrT3SInyVTg(oNkBSMLUUu6U60SuhleAV9DCXa4I8Nxh66nN1hdRTwkh23QU6Lq9WgDMueMfi0OLdWn6ZNle98NSYSpZ6B9Zro0ehzFRoxBKBDZWl2IVHg4ySEaNMhUc1Rjmry8PGFxUH9mRcVmcvaCwklmFoEGxCn0oONituL6xIM49fCdVlIi0(WxS)XrOjfXW1iAub9(6(4NFSmZnlPJLdmyyPn2ZISHzXrY(l7VC0DWbBOM(ny0SgbKgs6KdMAKvZ2fdUS)6ZZZ1CIW3Hj3cllzMtTzu)1XvPdcx)XLf0lu)sSBF5f)MGC0kwIR7q3XibUsvGQTKbaINuKCDf20oDaFN7gVn5xDVkLE9B2RlrHmVbgftiXSlnS)yNP(mlNnJ)MP73pZ6dcNq(ffeK689UKLaVLh3oTHBzdXZtSOW74N3awnFPqEbSLDHkKH9r3hmNfkk2MEm9J9ZDIvL9Ws58yqI2f05ZTsA4TkqSLHk)SU.4a3ebc24b0a51c0882e1b2ec8229b010251970c2d88e70858ac6e2629f9c1bbc0471493b4a284431c1104b62397aa6ea680c901053f0052395210c35487320944de7e0ae142dbae9423f38581e389bb1ee1dc01d90e6519e780991b11464351ea1f2e164953cca8e1fbf8401f2f9a7c970451905f4d1c2e62ae5facf3d3bedc7&callback=geetest_1709175116733

url = "https://apiv6.geetest.com/get.php"
params = {
    "gt": "019924a82c70bb123aae90d483087f94",
    "challenge": "a79e7880ec16af4ce333dfe7ed28bd55",
    "lang": "zh-cn",
    "pt": "0",
    "client_type": "web",
    "w": "HISc8dMZkg4fOglJaKf6YGocjaLzlZ8jcIUbiqHJfZFOgzO3IiRHcSyKcjmc83qvJlNe(DGab9kz8TqenODEfSg6xDTvup)RosG3y8RFE6CCeEVntKnzAD3B7nwoWlfg3hwxWOtjZ)3FrKXfrtXndgpRA4)Rcf)185u23OXbKoouWxH7qq5)8D16d6u(1fzHgUypBOy5ny36DzhRsIn9FoNF1fFQhzRQYiHfNmFO8rq2YJbVjWqq44EQ7uaOpXz4fJXEnQd05DBpipE)tHPsk98NQyryLV(c42DlZn1aQ2ufCbkgJO9qXi2mJ)5V0sE3ZwYzQ(GiBUt9q2VOKldyCnwZ0)JQqHhBknacnJijG7b6aFrVhiXAcQPjpPyB6wUtWbHpjFP(vAhQs9R31xXfGgCQ014UNuMxOKs0gv)eZPIv73gdY8WSZ49jYWvT)lW0rXGAyzi3TG(uy2syGvJAbbqKJL4FsHN2ZtqG(21lRKqX4JV13qJcEdTyw7Y8qiWMgGjxR3T6wKEj184rM6uPpWQUlGpz3mcFbUAUJVMwK7je2hArl9FFjPudAEFAZ84PefyQyzIeRMa4E19RMjIasO1sdXUgMpasF4jelvdWLBILU0pHXQ0ujSxTfU5ytVj6WDsFIYYkk4fPp2b3GDsXxu9syQKt0cdak(yy8khFY(8bP6MUF5PnDFgL7KTK(98KIoL01RGOFMnzofU(lDk2d)PJ)b8QtotjcyVQ9QkGo2IEl5DQpOPefyH71ccRYrT3SInyVTg(oNkBSMLUUu6U60SuhleAV9DCXa4I8Nxh66nN1hdRTwkh23QU6Lq9WgDMueMfi0OLdWn6ZNle98NSYSpZ6B9Zro0ehzFRoxBKBDZWl2IVHg4ySEaNMhUc1Rjmry8PGFxUH9mRcVmcvaCwklmFoEGxCn0oONituL6xIM49fCdVlIi0(WxS)XrOjfXW1iAub9(6(4NFSmZnlPJLdmyyPn2ZISHzXrY(l7VC0DWbBOM(ny0SgbKgs6KdMAKvZ2fdUS)6ZZZ1CIW3Hj3cllzMtTzu)1XvPdcx)XLf0lu)sSBF5f)MGC0kwIR7q3XibUsvGQTKbaINuKCDf20oDaFN7gVn5xDVkLE9B2RlrHmVbgftiXSlnS)yNP(mlNnJ)MP73pZ6dcNq(ffeK689UKLaVLh3oTHBzdXZtSOW74N3awnFPqEbSLDHkKH9r3hmNfkk2MEm9J9ZDIvL9Ws58yqI2f05ZTsA4TkqSLHk)SU.4a3ebc24b0a51c0882e1b2ec8229b010251970c2d88e70858ac6e2629f9c1bbc0471493b4a284431c1104b62397aa6ea680c901053f0052395210c35487320944de7e0ae142dbae9423f38581e389bb1ee1dc01d90e6519e780991b11464351ea1f2e164953cca8e1fbf8401f2f9a7c970451905f4d1c2e62ae5facf3d3bedc7",
    "callback": "geetest_1709175116733"
}

# 响应 geetest_1709175116733({"status": "success", "data": {"theme": "wind", "theme_version": "1.5.8", "static_servers": ["static.geetest.com", "static.geevisit.com"], "api_server": "api.geetest.com", "logo": true, "feedback": "https://www.geetest.com/contact#report", "c": [12, 58, 98, 36, 43, 95, 62, 15, 12], "s": "62795a67", "i18n_labels": {"copyright": "\u7531\u6781\u9a8c\u63d0\u4f9b\u6280\u672f\u652f\u6301", "error": "\u7f51\u7edc\u4e0d\u7ed9\u529b", "error_content": "\u8bf7\u70b9\u51fb\u6b64\u5904\u91cd\u8bd5", "error_title": "\u7f51\u7edc\u8d85\u65f6", "fullpage": "\u667a\u80fd\u68c0\u6d4b\u4e2d", "goto_cancel": "\u53d6\u6d88", "goto_confirm": "\u524d\u5f80", "goto_homepage": "\u662f\u5426\u524d\u5f80\u9a8c\u8bc1\u670d\u52a1Geetest\u5b98\u7f51", "loading_content": "\u667a\u80fd\u9a8c\u8bc1\u68c0\u6d4b\u4e2d", "next": "\u6b63\u5728\u52a0\u8f7d\u9a8c\u8bc1", "next_ready": "\u8bf7\u5b8c\u6210\u9a8c\u8bc1", "read_reversed": false, "ready": "\u70b9\u51fb\u6309\u94ae\u8fdb\u884c\u9a8c\u8bc1", "refresh_page": "\u9875\u9762\u51fa\u73b0\u9519\u8bef\u5566\uff01\u8981\u7ee7\u7eed\u64cd\u4f5c\uff0c\u8bf7\u5237\u65b0\u6b64\u9875\u9762", "reset": "\u8bf7\u70b9\u51fb\u91cd\u8bd5", "success": "\u9a8c\u8bc1\u6210\u529f", "success_title": "\u901a\u8fc7\u9a8c\u8bc1"}}})

geetest_1709175116733({"status": "success", "data": {"theme": "wind", "theme_version": "1.5.8", "static_servers": ["static.geetest.com", "static.geevisit.com"], "api_server": "api.geetest.com", "logo": true, "feedback": "https://www.geetest.com/contact#report", "c": [12, 58, 98, 36, 43, 95, 62, 15, 12], "s": "62795a67", "i18n_labels": {"copyright": "由极验提供技术支持", "error": "网络不给力", "error_content": "请点击此处重试", "error_title": "网络超时", "fullpage": "智能检测中", "goto_cancel": "取消", "goto_confirm": "前往", "goto_homepage": "是否前往验证服务Geetest官网", "loading_content": "智能验证检测中", "next": "正在加载验证", "next_ready": "请完成验证", "read_reversed": false, "ready": "点击按钮进行验证", "refresh_page": "页面出现错误啦!要继续操作,请刷新此页面", "reset": "请点击重试", "success": "验证成功", "success_title": "通过验证"}}})

# 主要是w值需要解决 应该是包含了浏览器的环境信息





  • 跟一下s值




var e = t[$_CEGEy(1069)][$_CEGEy(1024)]();
t[$_CEGDt(1169)] = e,
t[$_CEGDt(369)][$_CEGEy(1034)] = n[$_CEGDt(1034)],
t[$_CEGDt(369)][$_CEGEy(1102)] = n[$_CEGDt(864)],
t[$_CEGDt(369)][$_CEGEy(467)] = e;
var r = t[$_CEGDt(1159)]()
, o = $_BFo()[$_CEGDt(1108)](de[$_CEGEy(459)](t[$_CEGEy(369)]), t[$_CEGDt(1196)]())
, i = p[$_CEGDt(1184)](o)
, s = {
    "\u0067\u0074": t[$_CEGEy(369)][$_CEGEy(383)],
    "\u0063\u0068\u0061\u006c\u006c\u0065\u006e\u0067\u0065": t[$_CEGDt(369)][$_CEGEy(312)],
    "\u006c\u0061\u006e\u0067": n[$_CEGDt(275)],
    "\u0070\u0074": t[$_CEGDt(1055)],
    "\u0063\u006c\u0069\u0065\u006e\u0074\u005f\u0074\u0079\u0070\u0065": t[$_CEGEy(1053)],
    "\u0077": i + r
};

// 手动替换一下
var e = t['$_BJDB']['$_BIBg']();
t['$_CCFY'] = e,
t['$_EJV']['cc'] = n['cc'],
t['$_EJV']['ww'] = n['supportWorker'],
t['$_EJV']['i'] = e;
var r = t['$_CCGw']()
, o = $_BFo()['encrypt1'](de['stringify'](t['$_EJV']), t['$_CCHU']())
, i = p['$_HEt'](o)
, s = {
    "\u0067\u0074": t['$_EJV']['gt'],
    "\u0063\u0068\u0061\u006c\u006c\u0065\u006e\u0067\u0065": t['$_EJV']['challenge'],
    "\u006c\u0061\u006e\u0067": n['lang'],
    "\u0070\u0074": t['$_BJHU'],
    "\u0063\u006c\u0069\u0065\u006e\u0074\u005f\u0074\u0079\u0070\u0065": t['$_BJIl'],
    "w": i + r
};
// 需要找到  i + r 两个值怎么来的

i = p['$_HEt'](o) 
r = t['$_CCGw']()

i 值为(固定)'m00QhM0rGPAH3EzLkrv6gv3EmWowBFu)e8r88fZBKqw4eToVlVT8AAiSAo0wDS32Gu0KA6b6xxY8aNRMJSXaLd4mTaPkZodNZN0GSIFat5GI7GniW5jUk6QdOXOKkxl9tJpURZHzkVM2ERcmRTd7Sl6G8XK)ShEdVilDKJ2deh9EMeSiYD9YdO6iYZ5LLgm230QhHX36KfqHScraBQJyizHNF(WpIrCI7lIRgB4ZNSTcUy7jJGSKezUmCdUN9X0B4HbprVBuofnJdA6ODeZynPK5bAiiFnIEtC5zDmBKP3YGdiCgPhm8eYHtHYzB5Haqa3U0BvyXZWCsUolKZCoyBjFkMn6C(kEGxoQ9yIJd7at8QXIgwrQ3FkPSPVyt36vYKdR2rxDW6xbVT8h)1akk(V932jgFqByrZv0toF6tP4Ph4M(FikSaylrz7VbD5bGCcFdT0NEePKUpWtF3jzHv39F7B)6z7eAVSm8(L1NKVp)rqiVuWpkNHxBkApD)SCSSuKpao3lo62V5BUcHTpcWNPj1oedXpJq1kxVQS2P22lEq6uH(4nUu2etenhKM9lDCaJSMVzfbBnD)omTLHFao0xJm1xx2kItbdeENimwoznGZEIHlo8Fdp04cnbe6ID8HvIBLUUVqXf96YAUqFLjrij8x9DOL56xBJ2xcioKkTuXZrd4NAnvNa1LFOJFRtZEPTMVR)aAgZFSMmq3kFel0pWjTqbUIktbvekNO4PwPNogWhZVPqqZ5U60NoKFTWv6KGHrj0LyAPPM23ZGP8Mk144GL8yP2cQOq39OuhGF)tOrCkNrMM8KLsfIsqvyGcAdi3a8goBOZL6osZoeOyxL2Z8PWH5N9khEwKEV2X548pCTA4BTKNv6HtTxwQ9uBOhUOzcdoNc2NRoBlos6XvM9XflPEDatz4lKkRs(2rxAWA)MUJxSpis3mDHIsfKUuEAYBnUOFBYio1ksZl4cfhbibz8sprPl1lenPKBdLKXWge6PjOSH(Sd6TQdkWHHAHdW61cm41yDtFyLK34QcrCbQzeFYpD(oz860d5wM8pk4LqMK(9l1E1ggPi4A9qhvm(7u9tWTKvyNgGUXlWHv8VBh1RUTtJl5l(0qHEo4N8Ww7B(4WWmguS)QbbKcYK1FyeiALfAKxzeCB9mWa91hwqtTRyVVz426rNt5Jv8bQxJXreIPcAciiNGfvG3l0hY)JaBdO6PpOxXRdVFZ0tfmNve4Ieb9ySuPrSo8iKEssXzQ7Ymw.' 
r 值为(变值)  t['$_CCGw']()
'7af36d5592ce012433745c177a76bc00f91d52a6dccf164f87767b5e45f35a29c63fc9a1946a680bd956a7af3d6b688cf94e82a3249e3afe58f03a7122ee34608b0eb3ade3670795252dc605b2041d60231963864c26940410709c6e4b2f5a7b744bbbd4204a8cb5ccebb93f203f83ac98f50a7fe2e7223040fd4343fb2c8ed4'
 t['$_CCGw']()
'5b7e8332d2855e477f1d09582f23487b88fe4de6b9a5cf8fcd298e7d19162945a19321a489af669ca3bcf7641c429f602dc6a99d7b3c18522cb91e232fa4f6913f320c529dcc7e3e7440cbe0de6a5d56d9aaed54a2998f975c7ca82fda8197fd57dc2648ae648e2897a7bc928e2874ef1547ca2cd624928e62d26ada321f1113'
  • 首先分析r



 var t = new X()[$_CGEDO(71)](this[$_CGEDO(1196)](e)); //这里就出值了
 var t = new X()['encrypt'](this['$_CCHU'](e))  // 手动替换一下 
 // 发现 t 值为 一个加密算法 传入 一个 16为的字符 127a35106705ca9e 好像每次都不一样



// 是个随机值
function getRandomHexStrings() {
    let hexStrings = [];
    for (let i = 0; i < 4; i++) {
        const randomValue = 65536 * (1 + Math.random()) | 0;
        const hexString = randomValue.toString(16).substring(1);
        hexStrings.push(hexString);
    }
    return hexStrings.join('');
}
console.log(getRandomHexStrings());
-> d9e71f5ade224350
// 把这个代码生成的值替d9e71f5ade224350换上 启用本地js替换 试试网页还能不能正常过验证码



  • 接下来分析new X()['encrypt']加密算法是如何实现的


# 根据以上特征值可以肯定是非对称加密,在结合网上的文章 可以确定是rsa加密
公钥 '00C1E3934D1614465B33053E7F48EE4EC87B14B95EF88947713D25EECBFF7E74C7977D02DC1D9451F79DD5D1C10C29ACB6A9B4D6FB7D0A0279B6719E1772565F09AF627715919221AEF91899CAE08C0D686D748B20A3603BE2318CA6BC2B59706592A9219D0BF05C9F65023A21D2330807252AE0066D59CEEFA5F2748EA80BAB81'

# 发现特征值 encrypt1 encrypt w i + r doPublic  encrypt setPublic
  • 接下来分析i
i = p['$_HEt'](o)
先分析o值怎么来的

$_BFo()['encrypt1']('{"gt":"019924a82c70bb123aae90d483087f94","challenge":"f7a97fddf617636e491c7bee76590290","offline":false,"new_captcha":true,"product":"float","width":"300px","https":true,"api_server":"apiv6.geetest.com","protocol":"https://","type":"fullpage","static_servers":["static.geetest.com/","static.geevisit.com/"],"beeline":"/static/js/beeline.1.0.1.js","voice":"/static/js/voice.1.2.4.js","click":"/static/js/click.3.1.0.js","fullpage":"/static/js/fullpage.9.1.9-r8k4eq.js","slide":"/static/js/slide.7.9.2.js","geetest":"/static/js/geetest.6.0.9.js","aspect_radio":{"slide":103,"click":128,"voice":128,"beeline":50},"cc":12,"ww":true,"i":"-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1"}',"d9e71f5ade224350")






// 根据这些特征值可以发现 o的值应该是某种对称加密的加密值 
// 加密明文 '{"gt":"019924a82c70bb123aae90d483087f94","challenge":"f7a97fddf617636e491c7bee76590290","offline":false,"new_captcha":true,"product":"float","width":"300px","https":true,"api_server":"apiv6.geetest.com","protocol":"https://","type":"fullpage","static_servers":["static.geetest.com/","static.geevisit.com/"],"beeline":"/static/js/beeline.1.0.1.js","voice":"/static/js/voice.1.2.4.js","click":"/static/js/click.3.1.0.js","fullpage":"/static/js/fullpage.9.1.9-r8k4eq.js","slide":"/static/js/slide.7.9.2.js","geetest":"/static/js/geetest.6.0.9.js","aspect_radio":{"slide":103,"click":128,"voice":128,"beeline":50},"cc":12,"ww":true,"i":"-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1"}'
// 加密 key "d9e71f5ade224350"  也同样是rsa加密的明文

// 具体是AES CBC Pks7 做了一些小修改 如何确定没有调试出来 





# 根据网上文章,知道是自写的base64编码 https://www.52pojie.cn/thread-1162951-1-1.html

w的值我们就是的了是啥
w = 自写base64算法(res加密(json格式数据 , 16为的随机key)) + rsa(16为的随机key)

现在算法有了,再把加密明文分析出来,就可以自己生成w值了

{
	"gt": "019924a82c70bb123aae90d483087f94",
	"challenge": "f7a97fddf617636e491c7bee76590290",
	"offline": false,
	"new_captcha": true,
	"product": "float",
	"width": "300px",
	"https": true,
	"api_server": "apiv6.geetest.com",
	"protocol": "https://",
	"type": "fullpage",
	"static_servers": ["static.geetest.com/", "static.geevisit.com/"],
	"beeline": "/static/js/beeline.1.0.1.js",
	"voice": "/static/js/voice.1.2.4.js",
	"click": "/static/js/click.3.1.0.js",
	"fullpage": "/static/js/fullpage.9.1.9-r8k4eq.js",
	"slide": "/static/js/slide.7.9.2.js",
	"geetest": "/static/js/geetest.6.0.9.js",
	"aspect_radio": {
		"slide": 103,
		"click": 128,
		"voice": 128,
		"beeline": 50
	},
	"cc": 12, # 需要找一下含义 看看是不是可以写死
	"ww": true,  # 需要找一下含义 看看是不是可以写死
	"i": "-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1"  #  需要找一下含义 看看是不是可以写死
}
# 剩下的参数有些事之前请求响应回来的,有些应该可以写死
# 调试分析发现 cc ww i 应该是都可以写死

发先本次的w值并没有携带环境信息

第二次提交W分析

第二次的w值应是点击验证发送的,然后加载了验证码,应该是携带了环境信息,请求后返回了geetest_1709175123193({"status": "success", "data": {"result": "slide"}}) status是success应该表示环境通过验证,data['result']是slide表示需要通过滑块验证










第二次W明文值分析

// 第二次w res加密明文值
'{"lang":"zh-cn","type":"fullpage","tt":"M1G8Pjp8Pjp8ON9U)N(((.Abe5((b9,(gb((e(,,,,5(b(()*A9NjVURj-:(MQ0M9ODM9OE/1K)O2K2NkMENkW2KDMENkK,C*,-9MENkKDS0M9OE-1KDRj/1Rj/1R9j31Rj51S*O0ODM9OSRkKDRc.j-*2eM/O(FE,(e5(55(bb(,,,((5b((55((((b(e,nbq:h-NM9(9/)()ME(I/*5A1n--Bn/.F.@))@4)(:WEWHM9WeHM9NAM91)2,BY-0X)*nXYa2W5-2Bn-,1c1?-N1@0*(P-d0)(db96,b9@)(n-*8)(@0)(Y1)M9)qqqM(qqqqqqqM-Z,5b,5(8b,b,5b(((en,5b5,(7A25-*8-M?bb-M55/*0)(M5)4)(EA(MM-N11/)NM(N1n/)4)(@b9-*-)(N(?b9-Y-)b94)(?-Y-)4)(?b9-N,)M9-5-)(9/)(0qPqqqqn","light":"DIV_0","s":"c7c3e21112fe4f741921cb3e4ff9f7cb","h":"321f9af1e098233dbd03f250fd2b5e21","hh":"39bd9cad9e425c3a8f51610fd506e3b3","hi":"09eb21b3ae9542a9bc1e8b63b3d9a467","vip_order":-1,"ct":-1,"ep":{"v":"9.1.9-r8k4eq","te":false,"$_BBp":true,"ven":"Google Inc. (Intel)","ren":"ANGLE (Intel, Intel(R) UHD 5_0 ps_5_0, D3D11)","fp":["move",1142,148,1709810925226,"pointermove"],"lp":["up",874,38,1709810927098,"pointerup"],"em":{"ph":0,"cp":0,"ek":"11","wd":1,"nt":0,"si":0,"sc":0},"tm":{"a":1709810922883,"b":1709810923002,"c":1709810923002,"d":0,"e":0,"f":1709810922884,"g":1709810922884,"h":1709810922884,"i":1709810922884,"j":1709810922884,"k":0,"l":1709810922930,"m":1709810922999,"n":1709810923001,"o":1709810923004,"p":1709810923089,"q":1709810923089,"r":1709810923090,"s":1709810923091,"t":1709810923091,"u":1709810923091},"dnf":"dnf","by":0},"passtime":124158,"rp":"8ec8dd0be5abd11a51919a0d2bb7f068","captcha_token":"494964810","otpj":"jm4jwcx7"}'

{
	"lang": "zh-cn",     // 国内应该是 固定值
	"type": "fullpage",  // 滑块类型 之前请求返回信息 
	"tt": "M1G8Pjp8Pjp8ON9U)N(((.Abe5((b9,(gb((e(,,,,5(b(()*A9NjVURj-:(MQ0M9ODM9OE/1K)O2K2NkMENkW2KDMENkK,C*,-9MENkKDS0M9OE-1KDRj/1Rj/1R9j31Rj51S*O0ODM9OSRkKDRc.j-*2eM/O(FE,(e5(55(bb(,,,((5b((55((((b(e,nbq:h-NM9(9/)()ME(I/*5A1n--Bn/.F.@))@4)(:WEWHM9WeHM9NAM91)2,BY-0X)*nXYa2W5-2Bn-,1c1?-N1@0*(P-d0)(db96,b9@)(n-*8)(@0)(Y1)M9)qqqM(qqqqqqqM-Z,5b,5(8b,b,5b(((en,5b5,(7A25-*8-M?bb-M55/*0)(M5)4)(EA(MM-N11/)NM(N1n/)4)(@b9-*-)(N(?b9-Y-)b94)(?-Y-)4)(?b9-N,)M9-5-)(9/)(0qPqqqqn", // 需要分析 好像是鼠标轨迹的加密值
	"light": "DIV_0", // 固定? 
	"s": "c7c3e21112fe4f741921cb3e4ff9f7cb",   // 需要分析 
	"h": "321f9af1e098233dbd03f250fd2b5e21",   // 需要分析 
	"hh": "39bd9cad9e425c3a8f51610fd506e3b3",   // 需要分析 
	"hi": "09eb21b3ae9542a9bc1e8b63b3d9a467",   // 需要分析 
	"vip_order": -1,  // 固定? 
	"ct": -1,  // 固定? 
	"ep": {
		"v": "9.1.9-r8k4eq",  // fullpage.9.1.9-r8k4eq.js   这个js的后缀
		"te": false,        // 固定? 
		"$_BBp": true,      // 固定? 
		"ven": "Google Inc. (Intel)",   // 浏览器的供应商 基于Intel架构运行
		"ren": "ANGLE (Intel, Intel(R) UHD Graphics 630 (0x00009BC8) Direct3D11 vs_5_0 ps_5_0, D3D11)", // 电脑显卡信息?
		"fp": ["move", 1142, 148, 1709810925226, "pointermove"],   //鼠标轨迹信息
		"lp": ["up", 874, 38, 1709810927098, "pointerup"],  //鼠标轨迹信息
		"em": {
			"ph": 0,
			"cp": 0,
			"ek": "11",
			"wd": 1,
			"nt": 0,
			"si": 0,
			"sc": 0
		},  // 需要分析 
		"tm": {
			"a": 1709810922883,
			"b": 1709810923002,
			"c": 1709810923002,
			"d": 0,
			"e": 0,
			"f": 1709810922884,
			"g": 1709810922884,
			"h": 1709810922884,
			"i": 1709810922884,
			"j": 1709810922884,
			"k": 0,
			"l": 1709810922930,
			"m": 1709810922999,
			"n": 1709810923001,
			"o": 1709810923004,
			"p": 1709810923089,
			"q": 1709810923089,
			"r": 1709810923090,
			"s": 1709810923091,
			"t": 1709810923091,
			"u": 1709810923091
		}, // 时间间隔?
		"dnf": "dnf",  // 固定?  
		"by": 0  // 固定? 
	},
	"passtime": 124158,  // 时间信息
	"rp": "8ec8dd0be5abd11a51919a0d2bb7f068",  // 需要分析  
	"captcha_token": "494964810",// 需要分析 
	"otpj": "jm4jwcx7"// 需要分析 
}

r = $_CFHIS(781) + i[$_CFHIS(1121)] + $_CFHJL(1194) + n(o[$_CFHJL(45)]() + n(n[$_CFHJL(45)]()) + n(e[$_CFHJL(45)]())) + $_CFHJL(1117);

手动解一下混淆
r = $_CFHIS(781) + i[$_CFHIS(1121)] + $_CFHJL(1194) + n(o[$_CFHJL(45)]() + n(n[$_CFHJL(45)]()) + n(e[$_CFHJL(45)]())) + $_CFHJL(1117);
r = '{' + 
    '"lang":"zh-cn","type":"fullpage","tt":"M,p8Pjp/9A3(1bb((bng5)9-LJ)jA1RkKDRj51Rj11-)Rj71Rj5*.kI9M9MMO)-)/)(3K(2X((((((5,e(ee8ob9S-6,-P-R60?SOI-/J/b98-(9b9-),*M9bM/)()MU)qqqq(-eSE(()vS)jELS0dS*)0N(2E5*9Qm2M9MA*(,(M)(5*(EE*:j1*9E1,(M/,(RMM2)Mb5*Q(8qqb","light":"DIV_0","s":"c7c3e21112fe4f741921cb3e4ff9f7cb","h":"321f9af1e098233dbd03f250fd2b5e21","hh":"39bd9cad9e425c3a8f51610fd506e3b3","hi":"09eb21b3ae9542a9bc1e8b63b3d9a467","vip_order":-1,"ct":-1,"ep":{"v":"9.1.9-r8k4eq","te":false,"$_BBp":true,"ven":"Google Inc. (Intel)","ren":"ANGLE (Intel, Intel(R) UHD Graphics 630 (0x00009BC8) Direct3D11 vs_5_0 ps_5_0, D3D11)","fp":["move",1021,148,1709887627256,"pointermove"],"lp":["up",860,85,1709887628023,"pointerup"],"em":{"ph":0,"cp":0,"ek":"11","wd":1,"nt":0,"si":0,"sc":0},"tm":{"a":1709887621271,"b":1709887621428,"c":1709887621428,"d":0,"e":0,"f":1709887621271,"g":1709887621300,"h":1709887621300,"i":1709887621300,"j":1709887621341,"k":1709887621321,"l":1709887621342,"m":1709887621408,"n":1709887621426,"o":1709887621431,"p":1709887621608,"q":1709887621608,"r":1709887621609,"s":1709887621610,"t":1709887621610,"u":1709887621610},"dnf":"dnf","by":0},"passtime":10483,"rp":"22dcaea14d01bf9e4ab63dd737b841ab",'+ 
    '"captcha_token":"' + 
    n("function o(e, t) {\n            var $_CFHIS = yCtOu.$_CT,\n                $_CFHHv = ['$_CFIBZ'].concat($_CFHIS),\n                $_CFHJL = $_CFHHv[1];\n            $_CFHHv.shift();\n            var $_CFIAt = $_CFHHv[0];\n\n            function n(e) {\n              var $_DDHGx = yCtOu.$_Dm()[6][14];\n\n              for (; $_DDHGx !== yCtOu.$_Dm()[12][11];) {\n                switch ($_DDHGx) {\n                  case yCtOu.$_Dm()[4][14]:\n                    var t = 5381,\n                        n = e[$_CFHJL(41)],\n                        r = 0;\n                    $_DDHGx = yCtOu.$_Dm()[0][13];\n                    break;\n\n                  case yCtOu.$_Dm()[6][13]:\n                    while (n--) {\n                      t = (t << 5) + t + e[$_CFHJL(51)](r++);\n                    }\n\n                    $_DDHGx = yCtOu.$_Dm()[8][12];\n                    break;\n\n                  case yCtOu.$_Dm()[0][12]:\n                    return t &= ~(1 << 31);\n                    break;\n                }\n              }\n            }\n\n            100 < new Date()[$_CFHJL(228)]() - t[$_CFHIS(228)]() && (e = $_CFHIS(1192));\n            r = $_CFHIS(781) + i[$_CFHIS(1121)] + $_CFHJL(1194) + n(o[$_CFHJL(45)]() + n(n[$_CFHJL(45)]()) + n(e[$_CFHJL(45)]())) + $_CFHJL(1117);\n          }"
      +  1423470204 +  2090104881) 
    + '","otpj":"jm4jwcx7"}'

n("function o(e, t) {\n            var $_CFHIS = yCtOu.$_CT,\n                $_CFHHv = ['$_CFIBZ'].concat($_CFHIS),\n                $_CFHJL = $_CFHHv[1];\n            $_CFHHv.shift();\n            var $_CFIAt = $_CFHHv[0];\n\n            function n(e) {\n              var $_DDHGx = yCtOu.$_Dm()[6][14];\n\n              for (; $_DDHGx !== yCtOu.$_Dm()[12][11];) {\n                switch ($_DDHGx) {\n                  case yCtOu.$_Dm()[4][14]:\n                    var t = 5381,\n                        n = e[$_CFHJL(41)],\n                        r = 0;\n                    $_DDHGx = yCtOu.$_Dm()[0][13];\n                    break;\n\n                  case yCtOu.$_Dm()[6][13]:\n                    while (n--) {\n                      t = (t << 5) + t + e[$_CFHJL(51)](r++);\n                    }\n\n                    $_DDHGx = yCtOu.$_Dm()[8][12];\n                    break;\n\n                  case yCtOu.$_Dm()[0][12]:\n                    return t &= ~(1 << 31);\n                    break;\n                }\n              }\n            }\n\n            100 < new Date()[$_CFHJL(228)]() - t[$_CFHIS(228)]() && (e = $_CFHIS(1192));\n            r = $_CFHIS(781) + i[$_CFHIS(1121)] + $_CFHJL(1194) + n(o[$_CFHJL(45)]() + n(n[$_CFHJL(45)]()) + n(e[$_CFHJL(45)]())) + $_CFHJL(1117);\n          }"
      +  1423470204 +  2090104881) -> 494964810

结果为:'{"lang":"zh-cn","type":"fullpage","tt":"M,p8Pjp/9A3(1bb((bng5)9-LJ)jA1RkKDRj51Rj11-)Rj71Rj5*.kI9M9MMO)-)/)(3K(2X((((((5,e(ee8ob9S-6,-P-R60?SOI-/J/b98-(9b9-),*M9bM/)()MU)qqqq(-eSE(()vS)jELS0dS*)0N(2E5*9Qm2M9MA*(,(M)(5*(EE*:j1*9E1,(M/,(RMM2)Mb5*Q(8qqb","light":"DIV_0","s":"c7c3e21112fe4f741921cb3e4ff9f7cb","h":"321f9af1e098233dbd03f250fd2b5e21","hh":"39bd9cad9e425c3a8f51610fd506e3b3","hi":"09eb21b3ae9542a9bc1e8b63b3d9a467","vip_order":-1,"ct":-1,"ep":{"v":"9.1.9-r8k4eq","te":false,"$_BBp":true,"ven":"Google Inc. (Intel)","ren":"ANGLE (Intel, Intel(R) UHD Graphics 630 (0x00009BC8) Direct3D11 vs_5_0 ps_5_0, D3D11)","fp":["move",1021,148,1709887627256,"pointermove"],"lp":["up",860,85,1709887628023,"pointerup"],"em":{"ph":0,"cp":0,"ek":"11","wd":1,"nt":0,"si":0,"sc":0},"tm":{"a":1709887621271,"b":1709887621428,"c":1709887621428,"d":0,"e":0,"f":1709887621271,"g":1709887621300,"h":1709887621300,"i":1709887621300,"j":1709887621341,"k":1709887621321,"l":1709887621342,"m":1709887621408,"n":1709887621426,"o":1709887621431,"p":1709887621608,"q":1709887621608,"r":1709887621609,"s":1709887621610,"t":1709887621610,"u":1709887621610},"dnf":"dnf","by":0},"passtime":10483,"rp":"22dcaea14d01bf9e4ab63dd737b841ab","captcha_token":"494964810","otpj":"jm4jwcx7"}'

// 分析加密使用的明文 tt值







// 分析 s,h,hh,hi,rp值 

{
	"lang": "zh-cn",
	"type": "fullpage",
	"tt": "M,p8Pjp/9A3(1bb((bng5)9-LJ)jA1RkKDRj51Rj11-)Rj71Rj5*.kI9M9MMO)-)/)(3K(2X((((((5,e(ee8ob9S-6,-P-R60?SOI-/J/b98-(9b9-),*M9bM/)()MU)qqqq(-eSE(()vS)jELS0dS*)0N(2E5*9Qm2M9MA*(,(M)(5*(EE*:j1*9E1,(M/,(RMM2)Mb5*Q(8qqb",
	"light": "DIV_0",
	"s": "c7c3e21112fe4f741921cb3e4ff9f7cb",
	"h": "321f9af1e098233dbd03f250fd2b5e21",
	"hh": "39bd9cad9e425c3a8f51610fd506e3b3",
	"hi": "09eb21b3ae9542a9bc1e8b63b3d9a467",
	"vip_order": -1,
	"ct": -1,
	"ep": {
		"v": "9.1.9-r8k4eq",
		"te": false,
		"$_BBp": true,
		"ven": "Google Inc. (Intel)",
		"ren": "ANGLE (Intel, Intel(R) UHD Graphics 630 (0x00009BC8) Direct3D11 vs_5_0 ps_5_0, D3D11)",
		"fp": ["move", 1021, 148, 1709887627256, "pointermove"],
		"lp": ["up", 860, 85, 1709887628023, "pointerup"],
		"em": {
			"ph": 0,
			"cp": 0,
			"ek": "11",
			"wd": 1,
			"nt": 0,
			"si": 0,
			"sc": 0
		},
		"tm": {
			"a": 1709887621271,
			"b": 1709887621428,
			"c": 1709887621428,
			"d": 0,
			"e": 0,
			"f": 1709887621271,
			"g": 1709887621300,
			"h": 1709887621300,
			"i": 1709887621300,
			"j": 1709887621341,
			"k": 1709887621321,
			"l": 1709887621342,
			"m": 1709887621408,
			"n": 1709887621426,
			"o": 1709887621431,
			"p": 1709887621608,
			"q": 1709887621608,
			"r": 1709887621609,
			"s": 1709887621610,
			"t": 1709887621610,
			"u": 1709887621610
		},
		"dnf": "dnf",
		"by": 0
	},
	"passtime": 10483,
	"rp": "22dcaea14d01bf9e4ab63dd737b841ab",
	"captcha_token": "494964810",
	"otpj": "jm4jwcx7"
}


// s 值为  "M(*((1((M((" -> 经过处理 -> "tEQOYESJYERVYEQ." -> md5算法小写 -> c7c3e21112fe4f741921cb3e4ff9f7cb

// h 值为 -1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1 -> 经过处理 -> "dGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGFdxFsdzEBYxHgZdGE."  md5算法小写 -> 321f9af1e098233dbd03f250fd2b5e21

// hh值为 "-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1magic data-1" md5算法小写 -> 39bd9cad9e425c3a8f51610fd506e3b3

// hi值为   "-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1"  md5算法小写 -> 39bd9cad9e425c3a8f51610fd506e3b3

// vip_order ct 可以为固定值

// ep值为  时间戳部分可能要修改一下
{
    "v": "9.1.9-r8k4eq",
    "te": false,
    "$_BBp": true,
    "ven": "Google Inc. (Intel)",
    "ren": "ANGLE (Intel, Intel(R) UHD Graphics 630 (0x00009BC8) Direct3D11 vs_5_0 ps_5_0, D3D11)",
    "fp": [
        "move",
        688,
        148,
        1710313804689,
        "pointermove"
    ],
    "lp": [
        "up",
        873,
        159,
        1710313805276,
        "pointerup"
    ],
    "em": {
        "ph": 0,
        "cp": 0,
        "ek": "11",
        "wd": 1,
        "nt": 0,
        "si": 0,
        "sc": 0
    },
    "tm": {
        "a": 1710313804061,
        "b": 1710313804212,
        "c": 1710313804213,
        "d": 0,
        "e": 0,
        "f": 1710313804062,
        "g": 1710313804087,
        "h": 1710313804087,
        "i": 1710313804087,
        "j": 1710313804136,
        "k": 1710313804111,
        "l": 1710313804136,
        "m": 1710313804209,
        "n": 1710313804211,
        "o": 1710313804214,
        "p": 1710313804323,
        "q": 1710313804323,
        "r": 1710313804325,
        "s": 1710313804325,
        "t": 1710313804325,
        "u": 1710313804325
    },
    "dnf": "dnf",
    "by": 0
}

// passtime 间隔时间 可以随机 注意 rp值加密要用到

// rp值为 "gt" + "challenge" +  passtime ->md5小写算法
// 注意第二次的w值 只做了aes+base64加密

// 接下来请求验证码图片  并且还原缺口图 识别距离


// 还原底图的算法是固定的

// 识别算法参考网上文章使用 cv2或ddddocr

// 分析第三个w

第三个W值分析


{
    "lang": "zh-cn",
    "userresponse": "aeeeaaaee8c", // 需要分析  缺口位置距离 +  "challenge"
    "passtime": 511,   // 需要分析
    "imgload": 55,   // 35 68 图片加载时间 应该可以随机
    "aa": "O(!!OssstsytttstttsstssssssXts(!!(81111201111111J11Md$)8$)DH0:EE$)L1", // 轨迹加密值
    "ep": {
        "v": "7.9.2",
        "$_BIE": false,
        "me": true,
        "tm": {
            "a": 1710323151052,
            "b": 1710323151287,
            "c": 1710323151288,
            "d": 0,
            "e": 0,
            "f": 1710323151053,
            "g": 1710323151081,
            "h": 1710323151081,
            "i": 1710323151081,
            "j": 1710323151129,
            "k": 1710323151104,
            "l": 1710323151129,
            "m": 1710323151283,
            "n": 1710323151285,
            "o": 1710323151290,
            "p": 1710323151459,
            "q": 1710323151459,
            "r": 1710323151460,
            "s": 1710323151460,
            "t": 1710323151460,
            "u": 1710323151460
        },
        "td": -1
    },
    "h9s9": "1816378497",  // 需要分析
    "rp": "7a29ba17514c6b2ac0a39b43d77b9ab5" // 和第二个w值一样  "gt" + "challenge" +  passtime ->md5小写算法
}

// 分析aa



// aa就是轨迹的加密值
// userresponse": "aeeeaaaee8c", //   缺口位置距离 +  "challenge" 做一些特殊处理




// passtime 为轨迹耗时时间

// h9s9 应该可以写死 对响应的js代码做了.toString 在用Rbfk函数做了计算得出来的值 


验证

score 为打分,好像是值越小越可信

小坑

# 第三次w值的 提交参数challenge=65d0b76bf75b5332c8ccf39b01bb5b40fj 会多两位,是返回图片响应的,但是w加密中使用的还是32位的challenge

# 每次w值生成后随机等待一下再提交

# 轨迹最好随机,指纹可固定,也可以多采集一些

# error=runtime error 为加密明文格式问题 正常明文为json格式

posted @ 2024-04-14 17:41  郭楷丰  阅读(258)  评论(0编辑  收藏  举报
Live2D