猿人学web端爬虫攻防大赛赛题第16题——js逆向 - window蜜罐
题目网址:https://match.yuanrenxue.cn/match/16
解题步骤
- 看触发数据包。
- 明显
m
是经过特殊处理的,需要知道它的加密逻辑。看Initiator
模块的window.request
。
m
和t
的赋值就在上面,打断点。先分析t
。
r.t = p_s = Date[e(496)](new Date)[e(517)]()
将其中跟e
相关的进行还原后,r.t = p_s = Date["parse"](new Date)["toString"]()
,就是一个简单的获取时间戳。- 分析
m
变量的生成。
r.m = n[e(528)](btoa, p_s)
,还原后为r.m = n["WcFTW"](btoa, p_s)
。
看下n["WcFTW"]
是什么,就是把第二个参数叫给第一个参数运行。
简化一下就是r.m = btoa(p_s)
,p_s
就是时间戳,关键就是btoa
函数,定位一下。
一长串,直接开始抠代码。
运行报错,提示function btoa(e) { var t = u , r = {}; r.TGmSp = t(244) + "ARACTER_ERR", r[t(238)] = t(224) + t(250) + "/", r[t(205)] = "^([^ ]+( +" + t(230) + t(259), r.aYkvo = function (e) { return e() } , r[t(254)] = function (e, t) { return e % t } , r.evetF = function (e, t) { return e >> t } , r.GfTek = t(196), r[t(260)] = function (e, t) { return e << t } , r[t(229)] = function (e, t) { return e | t } , r[t(242)] = function (e, t) { return e << t } , r[t(228)] = function (e, t) { return e & t } , r[t(207)] = function (e, t) { return e << t } , r[t(202)] = function (e, t) { return e & t } , r.jdwcO = function (e, t) { return e === t } , r.kPdGe = t(231), r[t(195)] = t(213), r[t(201)] = function (e, t) { return e & t } , r[t(206)] = function (e, t) { return e == t } , r[t(219)] = function (e, t) { return e + t } , r[t(220)] = function (e, t) { return e(t) } ; var i = r; if (/([^\u0000-\u00ff])/.test(e)) throw new Error(i.TGmSp); for (var o, a, s, l = 0, c = []; l < e[t(261)];) { switch (a = e[t(237)](l), s = i.kukBH(l, 6)) { case 0: delete window, delete document, c[t(246)](f[t(245)](i[t(212)](a, 2))); break; case 1: try { "WhHMm" === i[t(198)] || n.g && c[t(246)](f[t(245)](i.pHtmC(2 & o, 3) | i.evetF(a, 4))) } catch (e) { c[t(246)](f[t(245)](i[t(229)](i.cVCcp(3 & o, 4), a >> 4))) } break; case 2: c[t(246)](f[t(245)](i[t(229)](i[t(242)](15 & o, 2), i.evetF(a, 6)))), c[t(246)](f[t(245)](i[t(228)](a, 63))); break; case 3: c[t(246)](f[t(245)](i[t(212)](a, 3))); break; case 4: c.push(f[t(245)](i[t(229)](i[t(207)](i.OWUOc(o, 4), 6), i[t(212)](a, 6)))); break; case 5: c[t(246)](f[t(245)](i[t(229)](i[t(207)](i[t(202)](o, 15), 4), a >> 8))), c.push(f.charAt(i[t(202)](a, 63))) } o = a, l++ } return 0 == s ? i[t(226)](i[t(241)], i[t(195)]) || (c[t(246)](f[t(245)](i[t(201)](o, 3) << 4)), c.push("FM")) : i.eMnqD(s, 1) && (c[t(246)](f[t(245)]((15 & o) << 2)), c[t(246)]("K")), i[t(219)](i.aQCDK(d(15), window.md5(c[t(234)](""))), i[t(220)](d, 10)) } let p_s = Date["parse"](new Date)["toString"](); console.log(btoa(p_s));
u
未定义。
找到u
的定位处,补上代码。
再次运行,提示_0x34e7
未定义。
再去找,补全代码。
再次运行,提示我们i.eMnqD
不是一个方法。
在页面输出一下,是一个判断变量是否相等的函数。
在我们自己的代码里输出一下,发现i.eMnqD
未定义。
往上看到i
等于r
,看来是r
变量出了问题。
输出一下r
。
发现页面的r
和我们得到的r
的值不一样,r
的赋值跟t
相关也就是u
函数相关。
随便输出一个t(244)
,我们自己得到的也跟页面不一致。
看来是跟_0x34e7
有关系了,再输出一下_0x34e7
。
发现顺序完全不一致,看来根源就在_0x34e7
这里,将其重新赋值为页面输出的值,再运行,提示f
未定义。
去找f
的定义,直接在代码中加上f
的值即可。
再运行,提示d
未定义。
再去找,直接添加上关于d
的代码。
再运行,提示window
未定义。
这个问题,直接关注window.md5(c[t(234)](""))
即可,尽量不要有window
。c[t(234)
的值为join
函数。
关注window.md5
的值,找其定义。
补全代码,再次运行,尽量将window.md5
换一个名字,我这里换成了md5
。再运行,提示n
未定义。
找定义,补全。
再运行,提示_0x4c28
未定义。
直接在控制台输出,补全。
再次运行,终于得到结果了。
- 开始写代码爬取页面数据了。
test.js
test.pyvar _0x34e7 = [ "split", "ABHICESQWK", "FKByN", "U987654321", "lmHcG", "dICfr", "Szksx", "Bgrij", "iwnNJ", "jihgfdecba", "GfTek", "gfdecbaZXY", "constructo", "QIoXW", "jLRMs", "AqLWq", "0zyxwvutsr", "TKgNw", "eMnqD", "thjIz", "btoa", "MNPQRSTWXY", "oPsqh", "niIlq", "evetF", "LVZVH", "fYWEX", "kmnprstwxy", "aYkvo", "tsrqpomnlk", "HfLqY", "aQCDK", "lGBLj", "test", "3210zyxwvu", "QWK2Fi", "return /\" ", "hsJtK", "jdwcO", "SlFsj", "OWUOc", "LCaAn", "[^ ]+)+)+[", "FAVYf", "2Fi+987654", "floor", "join", "EuwBW", "OXYrZ", "charCodeAt", "SkkHG", "iYuJr", "GwoYF", "kPdGe", "cVCcp", "INQRH", "INVALID_CH", "charAt", "push", "apply", "lalCJ", "kTcRS", "+ this + \"", "ykpOn", "gLnjm", "gmBaq", "kukBH", "dvEWE", "SFKLi", "^([^ ]+( +", "qpomnlkjih", "^ ]}", "pHtmC", "length" ]; var u = function (e, t) { return _0x34e7[e -= 188] }; function d(e) { var t = u , n = {}; n[t(214)] = function (e, t) { return e || t } , n.bWcgB = function (e, t) { return e * t } , n[t(227)] = "ABCDEFGHJK" + t(209) + "Zabcdefhij" + t(215) + "z2345678"; for (var r = n, o = "1|3|0|4|2|5"[t(188)]("|"), a = 0; ;) { switch (o[a++]) { case "0": var s = l[t(261)]; continue; case "1": e = r[t(214)](e, 32); continue; case "2": for (i = 0; i < e; i++) c += l[t(245)](Math[t(233)](r.bWcgB(Math.random(), s))); continue; case "3": var l = r[t(227)]; continue; case "4": var c = ""; continue; case "5": return c } break } } var _0x4c28 = [ "Rtsed", "SUrST", "nsaps", "vyNVU", "2|29|23|64", "0|43|57|4|", "NNXUu", "nCrbn", "wQPIq", "XBcOb", "39|40|47|6", "ljkOt", "yMPhx", "TXzzv", "0123456789", "fmdcS", "iXQwu", "grCxb", "3|6|1|4|7|", "wKeAM", "Iekey", "opqrstuvwx", "|7|17", "BQgZQ", "BtzmV", "jZUAt", "HYhpy", "Yvoqt", "VyzBI", "NNVLf", "dbmfK", "0|58|16|32", "UAFHv", "WNIsZ", "2|1|4|3|5|", "JFqRJ", "zObVA", "d24fb0d696", "XfWkD", "MFmWH", "lZISZ", "WzbFA", "kaQlD", "3f7d28e17f", "eSwEi", "YpeFX", "kZhzK", "KxKIe", "LAIPf", "LjyKQ", "YLwOK", "iqfMz", "51|8|0|65|", "JRihE", "nqEyg", "|37|22|27|", "ZXsFi", "goEwl", "|31|63|48|", "wvVCN", "wnDlW", "Myvqp", "UlhBp", "fwCDC", "charAt", "Lmhlz", "WQCAS", "UXeVn", "KIXRL", "HiEZt", "WNzfT", "lNWda", "tsNzQ", "18|38|15|2", "ucisR", "wWwRM", "LzcOo", "yWGcu", "PlAEw", "ihcci", "hBKtU", "rvloG", "xcQTI", "uhJgH", "vRqUp", "EQEzR", "abc", "QgSUn", "0|45|44|19", "WMqBp", "koePJ", "jGSEC", "IKbhW", "wEOgn", "|49|71|11|", "xgzfr", "ABCDEF", "DdHPB", "aFxRD", "sFtiw", "concat", "YhaCC", "YVBwM", "abYok", "2|28|6|36|", "NLOsy", "bRLIN", "xGAWc", "length", "zYRlD", "14|67|61|3", "bolvy", "pagBT", "mdsJQ", "4|69|41|26", "kaXPV", "IWxBE", "pviAr", "5|0|2", "lvwPz", "YcDFe", "yGmJD", "FcYqi", "AAZoR", "|46|5|3|50", "PnITs", "ABCDEFGHIJ", "charCodeAt", "KLMNOPQRST", "prrXX", "FDiNG", "split", "oBesn", "9|24|10|56", "VaXsK", "fromCharCo", "FDfcp", "rrdPR", "HHkBN", "89+/", "mfuQZ", "PbrnX", "FcXlo", "rNapo", "fEXNi", "qtIDJ", "60|53|21|5" ]; var n = function (e, t) { return _0x4c28[e -= 0] }; md5 = function (e) { var t = n , r = { fEXNi: function (e, t) { return e(t) }, LzcOo: function (e, t, n) { return e(t, n) } }; r[t(3)] = function (e, t) { return e(t) } , r.wEOgn = function (e, t, n) { return e(t, n) } , r[t(120)] = function (e, t, n) { return e(t, n) } , r[t(69)] = function (e, t) { return e == t } , r[t(109)] = function (e, t) { return e(t) } , r[t(112)] = t(86), r.oBesn = "900150983c" + t(37) + t(43) + "72", r[t(70)] = t(18) + t(118), r[t(16)] = function (e, t) { return e < t } , r[t(2)] = t(110) + t(5) + t(133) + "|55|13|12|" + t(146) + t(114) + t(94) + "35|68|33|4" + t(104) + t(52) + t(73) + t(88) + t(55) + "25|34|1|2|" + t(10) + t(4) + t(124) + t(58) + "52|59|66|7" + t(31) + t(22), r[t(53)] = function (e, t, n, r, i, o, a, s) { return e(t, n, r, i, o, a, s) } , r[t(35)] = function (e, t) { return e + t } , r[t(141)] = function (e, t, n, r, i, o, a, s) { return e(t, n, r, i, o, a, s) } , r[t(91)] = function (e, t, n, r, i, o, a, s) { return e(t, n, r, i, o, a, s) } , r[t(65)] = function (e, t) { return e + t } , r[t(38)] = function (e, t, n, r, i, o, a, s) { return e(t, n, r, i, o, a, s) } , r[t(19)] = function (e, t) { return e + t } , r[t(117)] = function (e, t, n) { return e(t, n) } , r[t(92)] = function (e, t) { return e + t } , r[t(82)] = function (e, t) { return e + t } , r[t(111)] = function (e, t, n) { return e(t, n) } , r[t(78)] = function (e, t) { return e + t } , r.lZISZ = function (e, t, n, r, i, o, a, s) { return e(t, n, r, i, o, a, s) } , r.Iekey = function (e, t, n, r, i, o, a, s) { return e(t, n, r, i, o, a, s) } , r.AAZoR = function (e, t) { return e + t } , r[t(67)] = function (e, t, n, r, i, o, a, s) { return e(t, n, r, i, o, a, s) } , r.UlhBp = function (e, t) { return e + t } , r.yMPhx = function (e, t, n, r, i, o, a, s) { return e(t, n, r, i, o, a, s) } , r[t(138)] = function (e, t) { return e + t } , r[t(121)] = function (e, t) { return e + t } , r[t(98)] = function (e, t, n) { return e(t, n) } , r.kHuTw = function (e, t, n, r, i, o, a, s) { return e(t, n, r, i, o, a, s) } , r[t(50)] = function (e, t, n, r, i, o, a, s) { return e(t, n, r, i, o, a, s) } , r[t(142)] = function (e, t, n, r, i, o, a, s) { return e(t, n, r, i, o, a, s) } , r[t(87)] = function (e, t) { return e + t } , r[t(90)] = function (e, t) { return e + t } , r[t(59)] = function (e, t, n, r, i, o, a, s) { return e(t, n, r, i, o, a, s) } , r[t(28)] = function (e, t) { return e + t } , r[t(119)] = function (e, t) { return e + t } , r.YpeFX = function (e, t) { return e + t } , r[t(7)] = function (e, t, n, r, i, o, a, s) { return e(t, n, r, i, o, a, s) } , r.prrXX = function (e, t) { return e + t } , r.kaQlD = function (e, t) { return e + t } , r.qtIDJ = function (e, t, n, r, i, o, a, s) { return e(t, n, r, i, o, a, s) } , r.xGAWc = function (e, t) { return e + t } , r[t(134)] = function (e, t, n, r, i, o, a, s) { return e(t, n, r, i, o, a, s) } , r[t(89)] = function (e, t) { return e + t } , r[t(15)] = function (e, t, n, r, i, o, a, s) { return e(t, n, r, i, o, a, s) } , r[t(9)] = function (e, t) { return e + t } , r[t(56)] = function (e, t) { return e + t } , r[t(6)] = function (e, t, n, r, i, o, a, s) { return e(t, n, r, i, o, a, s) } , r[t(32)] = function (e, t) { return e + t } , r[t(99)] = function (e, t, n, r, i, o, a, s) { return e(t, n, r, i, o, a, s) } , r[t(39)] = function (e, t) { return e + t } , r[t(113)] = function (e, t, n, r, i, o, a, s) { return e(t, n, r, i, o, a, s) } , r[t(106)] = function (e, t, n, r, i, o, a, s) { return e(t, n, r, i, o, a, s) } , r[t(66)] = function (e, t, n, r, i, o, a, s) { return e(t, n, r, i, o, a, s) } , r.TXzzv = function (e, t) { return e + t } , r.NNVLf = function (e, t, n, r, i, o, a, s) { return e(t, n, r, i, o, a, s) } , r[t(79)] = function (e, t) { return e + t } , r[t(1)] = function (e, t, n, r, i, o, a, s) { return e(t, n, r, i, o, a, s) } , r[t(81)] = function (e, t) { return e + t } , r.MXnIN = function (e, t) { return e >> t } , r[t(23)] = function (e, t) { return e << t } , r.nqEyg = function (e, t) { return e % t } , r.kaXPV = function (e, t) { return e >>> t } , r[t(24)] = function (e, t, n) { return e(t, n) } , r[t(44)] = function (e, t, n) { return e(t, n) } , r[t(30)] = function (e, t, n) { return e(t, n) } , r[t(143)] = function (e, t) { return e | t } , r[t(101)] = function (e, t) { return e & t } , r[t(122)] = function (e, t, n, r, i, o, a) { return e(t, n, r, i, o, a) } , r.ZpUiH = function (e, t) { return e & t } , r[t(72)] = function (e, t) { return e ^ t } , r[t(130)] = function (e, t) { return e ^ t } , r[t(41)] = function (e, t) { return e | t } , r[t(116)] = function (e, t) { return e > t } , r[t(80)] = function (e, t) { return e(t) } , r[t(33)] = function (e, t, n) { return e(t, n) } , r[t(83)] = function (e, t) { return e(t) } , r[t(60)] = function (e, t) { return e + t } , r.FDfcp = function (e, t) { return e * t } , r[t(95)] = function (e, t) { return e + t } , r[t(51)] = function (e, t) { return e & t } , r.DdHPB = function (e, t) { return e >> t } , r.abYok = function (e, t) { return e | t } , r[t(84)] = function (e, t) { return e << t } , r[t(105)] = function (e, t) { return e & t } , r[t(8)] = function (e, t) { return e - t } , r[t(137)] = function (e) { return e() } , r.YVBwM = function (e, t) { return e << t } , r[t(27)] = function (e, t) { return e & t } , r[t(26)] = function (e, t) { return e / t } , r[t(74)] = function (e, t) { return e * t } , r[t(49)] = t(14) + "abcdef", r[t(36)] = function (e, t) { return e >> t } , r[t(46)] = function (e, t) { return e + t } , r[t(75)] = function (e, t) { return e >> t } , r[t(47)] = function (e, t) { return e * t } , r[t(11)] = t(126) + t(128) + "UVWXYZabcdefghijklmn" + t(21) + "yz01234567" + t(139), r[t(63)] = function (e, t) { return e * t } , r.KIXRL = function (e, t) { return e << t } , r[t(57)] = function (e, t) { return e % t } , r[t(77)] = function (e, t) { return e << t } , r[t(71)] = function (e, t) { return e >> t } , r.jZUAt = function (e, t) { return e >> t } , r[t(48)] = function (e, t) { return e + t } , r[t(17)] = function (e, t) { return e % t } , r[t(85)] = function (e, t) { return e * t } , r[t(61)] = function (e, t) { return e < t } , r.mfuQZ = function (e, t) { return e + t } , r[t(125)] = function (e, t) { return e * t } , r[t(0)] = function (e, t) { return e(t) } ; var i = r; function o(e, n) { for (var r = t, o = i.WNzfT[r(131)]("|"), a = 0; ;) { switch (o[a++]) { case "0": for (var d = 0; i.iXQwu(d, e.length); d += 16) for (var p = i[r(2)][r(131)]("|"), h = 0; ;) { switch (p[h++]) { case "0": w = i[r(53)](l, w, b, x, T, e[d + 2], 9, -51403784); continue; case "1": x = u(x, T, w, b, e[d + 6], 23, 76029189); continue; case "2": b = i[r(53)](u, b, x, T, w, e[i.JFqRJ(d, 9)], 4, -640364487); continue; case "3": T = i[r(141)](c, T, w, b, x, e[d + 10], 15, -1051523); continue; case "4": T = s(T, w, b, x, e[i.JFqRJ(d, 2)], 17, 606105819); continue; case "5": w = i[r(91)](c, w, b, x, T, e[i[r(65)](d, 3)], 10, -1894446606); continue; case "6": w = i.XfWkD(l, w, b, x, T, e[i.wKeAM(d, 14)], 9, -1019803690); continue; case "7": T = i.pviAr(f, T, v); continue; case "8": b = i.XfWkD(l, b, x, T, w, e[i[r(92)](d, 13)], 5, -1444681467); continue; case "9": x = i[r(38)](s, x, T, w, b, e[i[r(82)](d, 3)], 22, -1044525330); continue; case "10": w = s(w, b, x, T, e[i[r(82)](d, 5)], 12, 1200080426); continue; case "11": x = i[r(38)](l, x, T, w, b, e[i[r(82)](d, 0)], 20, -373897302); continue; case "12": w = i[r(38)](s, w, b, x, T, e[i[r(82)](d, 9)], 12, -1958435417); continue; case "13": b = i.XfWkD(s, b, x, T, w, e[i.xcQTI(d, 8)], 7, 1770035416); continue; case "14": var m = b; continue; case "15": w = i[r(38)](u, w, b, x, T, e[i.xcQTI(d, 8)], 11, -2022574463); continue; case "16": b = f(b, m); continue; case "17": w = i[r(111)](f, w, g); continue; case "18": x = l(x, T, w, b, e[i[r(78)](d, 12)], 20, -1921207734); continue; case "19": w = i[r(40)](u, w, b, x, T, e[d + 4], 11, 1272893353); continue; case "20": T = i[r(20)](u, T, w, b, x, e[i.PlAEw(d, 11)], 16, 1839030562); continue; case "21": b = s(b, x, T, w, e[i[r(123)](d, 12)], 7, 1804550682); continue; case "22": x = u(x, T, w, b, e[i[r(123)](d, 10)], 23, -1094730640); continue; case "23": T = i[r(67)](c, T, w, b, x, e[d + 14], 15, -1416354905); continue; case "24": b = s(b, x, T, w, e[i[r(123)](d, 4)], 7, -176418897); continue; case "25": w = i.UXeVn(u, w, b, x, T, e[d + 0], 11, -358537222); continue; case "26": b = i.UXeVn(l, b, x, T, w, e[i[r(62)](d, 1)], 5, -165796510); continue; case "27": b = i.UXeVn(u, b, x, T, w, e[i[r(62)](d, 13)], 4, 681279174); continue; case "28": b = i[r(12)](l, b, x, T, w, e[i[r(138)](d, 9)], 5, 568446438); continue; case "29": w = i.yMPhx(c, w, b, x, T, e[d + 7], 10, 11261161415); continue; case "30": var g = w; continue; case "31": b = c(b, x, T, w, e[i.yGmJD(d, 8)], 6, 1873313359); continue; case "32": x = i.aFxRD(f, x, y); continue; case "33": T = i[r(12)](l, T, w, b, x, e[i[r(121)](d, 15)], 14, -660478335); continue; case "34": T = i.kHuTw(u, T, w, b, x, e[d + 3], 16, -722881979); continue; case "35": b = i[r(50)](l, b, x, T, w, e[i[r(121)](d, 5)], 5, -701520691); continue; case "36": T = l(T, w, b, x, e[i[r(121)](d, 3)], 14, -187363961); continue; case "37": T = i[r(142)](u, T, w, b, x, e[i.QgSUn(d, 7)], 16, -155497632); continue; case "38": b = i.FcXlo(u, b, x, T, w, e[i.koePJ(d, 5)], 4, -378558); continue; case "39": w = i[r(142)](u, w, b, x, T, e[i[r(90)](d, 12)], 11, -421815835); continue; case "40": T = i[r(59)](u, T, w, b, x, e[i[r(28)](d, 15)], 16, 530742520); continue; case "41": x = i.wvVCN(s, x, T, w, b, e[d + 15], 22, 1236531029); continue; case "42": x = i[r(59)](l, x, T, w, b, e[i[r(119)](d, 4)], 20, -405537848); continue; case "43": b = i[r(59)](s, b, x, T, w, e[i.lvwPz(d, 0)], 7, -680976936); continue; case "44": b = i[r(59)](u, b, x, T, w, e[i[r(45)](d, 1)], 4, -1530992060); continue; case "45": x = i.nCrbn(u, x, T, w, b, e[i[r(129)](d, 14)], 23, -35311556); continue; case "46": b = c(b, x, T, w, e[i[r(42)](d, 12)], 6, 1700485571); continue; case "47": x = i[r(7)](u, x, T, w, b, e[i.kaQlD(d, 2)], 23, -995338651); continue; case "48": T = c(T, w, b, x, e[d + 6], 15, -1560198380); continue; case "49": w = i[r(145)](l, w, b, x, T, e[i[r(107)](d, 6)], 9, -1069501632); continue; case "50": x = i[r(134)](c, x, T, w, b, e[i[r(89)](d, 1)], 21, -2054922799); continue; case "51": x = i.fmdcS(l, x, T, w, b, e[d + 8], 20, 1163531501); continue; case "52": x = i[r(15)](c, x, T, w, b, e[i[r(9)](d, 13)], 21, 1309151649); continue; case "53": x = i[r(15)](s, x, T, w, b, e[i[r(56)](d, 11)], 22, -1990404162); continue; case "54": w = i[r(6)](s, w, b, x, T, e[i[r(32)](d, 13)], 12, -40341101); continue; case "55": x = i.sFtiw(s, x, T, w, b, e[i.UAFHv(d, 7)], 22, -45705983); continue; case "56": T = i.sFtiw(s, T, w, b, x, e[i.MFmWH(d, 6)], 17, -1473231341); continue; case "57": w = i[r(99)](s, w, b, x, T, e[i.MFmWH(d, 1)], 12, -389564586); continue; case "58": x = c(x, T, w, b, e[i[r(39)](d, 9)], 21, -343485551); continue; case "59": b = i[r(113)](c, b, x, T, w, e[i[r(39)](d, 4)], 6, -145523070); continue; case "60": T = i.bRLIN(s, T, w, b, x, e[i[r(39)](d, 10)], 17, -42063); continue; case "61": var v = T; continue; case "62": b = i[r(66)](c, b, x, T, w, e[d + 0], 6, -198630844); continue; case "63": w = i[r(66)](c, w, b, x, T, e[i[r(13)](d, 15)], 10, -30611744); continue; case "64": x = c(x, T, w, b, e[d + 5], 21, -57434055); continue; case "65": T = i[r(29)](l, T, w, b, x, e[i[r(13)](d, 7)], 14, 1735328473); continue; case "66": w = i[r(29)](c, w, b, x, T, e[i[r(79)](d, 11)], 10, -1120210379); continue; case "67": var y = x; continue; case "68": w = i[r(1)](l, w, b, x, T, e[d + 10], 9, 38016083); continue; case "69": T = i[r(1)](s, T, w, b, x, e[i[r(79)](d, 14)], 17, -1502002290); continue; case "70": T = i.SUrST(c, T, w, b, x, e[i[r(79)](d, 2)], 15, 718787259); continue; case "71": T = l(T, w, b, x, e[i[r(81)](d, 11)], 14, 643717713); continue } break } continue; case "1": var b = 1732584193; continue; case "2": return Array(b, x, T, w); case "3": e[i.MXnIN(n, 5)] |= i[r(23)](128, i[r(54)](n, 32)); continue; case "4": var x = -271733879; continue; case "5": var w = 271733878; continue; case "6": e[i.BQgZQ(i[r(115)](n + 64, 9), 4) + 14] = n; continue; case "7": var T = -1732584194; continue } break } } function a(e, n, r, o, a, s) { var l = t; return f(i.BtzmV(d, i[l(44)](f, i.dbmfK(f, n, e), i[l(30)](f, o, s)), a), r) } function s(e, n, r, o, s, l, u) { var c = t; return a(i[c(143)](i[c(101)](n, r), i[c(101)](~n, o)), e, n, s, l, u) } function l(e, n, r, o, s, l, u) { var c = t; return i[c(122)](a, i[c(143)](i.ZpUiH(n, o), i.ZpUiH(r, ~o)), e, n, s, l, u) } function u(e, n, r, o, s, l, u) { return i[t(122)](a, i.tsNzQ(n ^ r, o), e, n, s, l, u) } function c(e, n, r, o, s, l, u) { var c = t; return i[c(122)](a, i[c(130)](r, i[c(41)](n, ~o)), e, n, s, l, u) } function f(e, n) { var r = t , o = i[r(95)](65535 & e, i.iqfMz(n, 65535)) , a = i[r(95)](e >> 16, i[r(97)](n, 16)) + i[r(97)](o, 16); return i[r(103)](i[r(84)](a, 16), i[r(105)](o, 65535)) } function d(e, n) { var r = t; return i.abYok(e << n, e >>> i[r(8)](32, n)) } function p(e) { for (var n = t, r = i[n(137)](Array), o = i[n(8)](i.vRqUp(1, 16), 1), a = 0; a < i.FDfcp(e[n(108)], 16); a += 16) r[i[n(97)](a, 5)] |= i[n(102)](i[n(27)](e[n(127)](i[n(26)](a, 16)), o), i[n(54)](a, 32)); return r } function h(e) { for (var n = t, r = i[n(49)], o = "", a = 0; i.iXQwu(a, i[n(74)](e[n(108)], 4)); a++) o += i.xgzfr(r[n(64)](15 & i[n(36)](e[i[n(36)](a, 2)], i[n(46)](i[n(74)](a % 4, 8), 4))), r[n(64)](15 & i.wWwRM(e[a >> 2], i[n(47)](a % 4, 8)))); return o } return i[t(0)]((function (e) { var n = t; return i[n(144)](h, i[n(76)](o, i.vyNVU(p, e), 16 * e[n(108)])) } ), e) } function btoa_change(e) { var t = u , r = {}; // console.log(t(244)); r.TGmSp = t(244) + "ARACTER_ERR", r[t(238)] = t(224) + t(250) + "/", r[t(205)] = "^([^ ]+( +" + t(230) + t(259), r.aYkvo = function (e) { return e() } , r[t(254)] = function (e, t) { return e % t } , r.evetF = function (e, t) { return e >> t } , r.GfTek = t(196), r[t(260)] = function (e, t) { return e << t } , r[t(229)] = function (e, t) { return e | t } , r[t(242)] = function (e, t) { return e << t } , r[t(228)] = function (e, t) { return e & t } , r[t(207)] = function (e, t) { return e << t } , r[t(202)] = function (e, t) { return e & t } , r.jdwcO = function (e, t) { return e === t } , r.kPdGe = t(231), r[t(195)] = t(213), r[t(201)] = function (e, t) { return e & t } , r[t(206)] = function (e, t) { return e == t } , r[t(219)] = function (e, t) { return e + t } , r[t(220)] = function (e, t) { return e(t) } ; var i = r; var f = "U9876543210zyxwvutsrqpomnlkjihgfdecbaZXYWVUTSRQPONABHICESQWK2Fi+9876543210zyxwvutsrqpomnlkjihgfdecbaZXYWVUTSRQPONABHICESQWK2Fi"; // console.log(i); if (/([^\u0000-\u00ff])/.test(e)) throw new Error(i.TGmSp); for (var o, a, s, l = 0, c = []; l < e[t(261)];) { switch (a = e[t(237)](l), s = i.kukBH(l, 6)) { case 0: // console.log(f[t(245)]); delete window, delete document, c[t(246)](f[t(245)](i[t(212)](a, 2))); break; case 1: try { console.log(n.g); "WhHMm" === i[t(198)] || n.g && c[t(246)](f[t(245)](i.pHtmC(2 & o, 3) | i.evetF(a, 4))) } catch (e) { c[t(246)](f[t(245)](i[t(229)](i.cVCcp(3 & o, 4), a >> 4))) } break; case 2: c[t(246)](f[t(245)](i[t(229)](i[t(242)](15 & o, 2), i.evetF(a, 6)))), c[t(246)](f[t(245)](i[t(228)](a, 63))); break; case 3: c[t(246)](f[t(245)](i[t(212)](a, 3))); break; case 4: c.push(f[t(245)](i[t(229)](i[t(207)](i.OWUOc(o, 4), 6), i[t(212)](a, 6)))); break; case 5: c[t(246)](f[t(245)](i[t(229)](i[t(207)](i[t(202)](o, 15), 4), a >> 8))), c.push(f.charAt(i[t(202)](a, 63))) } o = a, l++ } return 0 == s ? i[t(226)](i[t(241)], i[t(195)]) || (c[t(246)](f[t(245)](i[t(201)](o, 3) << 4)), c.push("FM")) : i.eMnqD(s, 1) && (c[t(246)](f[t(245)]((15 & o) << 2)), c[t(246)]("K")), i[t(219)](i.aQCDK(d(15), md5(c[t(234)](""))), i[t(220)](d, 10)) } function btoa(){ let p_s = Date["parse"](new Date)["toString"](); return [p_s, btoa_change(p_s)]; } // btoa(); // let p_s = Date["parse"](new Date)["toString"](); // // console.log(p_s); // let m = btoa_change(1730510924000); // console.log(m);
运行,却提示我们不期待的token或者是验证错误。import requests import execjs file = open("test.js", 'r') exec_js = file.read() exec_code = execjs.compile(exec_js) res = exec_code.call("btoa") url = "https://match.yuanrenxue.cn/api/match/16?page=1&m={}&t={}".format(res[1], res[0]) headers = { 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36', } cookies = { "sessionid": "xxxxx", } resp = requests.get(url, headers=headers, cookies=cookies) print(resp.text)
- 尝试了多次,发现还是报这个问题。经过多次debug,终于发现了问题。
页面中的n.g
是有值的,不会进入catch
语句。
而代码中n.g
是未定义的,导致我们的代码会进入catch语句报错
所以我们这里直接将n.g
改为true即可,再次运行就可获得页面上的数字了。
- 编写完整代码获取所有页面数字之和。
test.py
运行得到结果。import requests import execjs import re pattern = '{"value": (.*?)}' res_sum = 0 for i in range(1, 6): file = open("test.js", 'r') exec_js = file.read() exec_code = execjs.compile(exec_js) res = exec_code.call("btoa") url = "https://match.yuanrenxue.cn/api/match/16?page={}&m={}&t={}".format(i, res[1], res[0]) headers = { 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36', } cookies = {"sessionid": "xxxxx", } resp = requests.get(url, headers=headers, cookies=cookies) string = resp.text findall = re.findall(pattern, string) for item in findall: res_sum += int(item) print(res_sum)
- 提交结果,成功通过。