今天搞了一波web端小红书请求头参数X-s的逆向,给大伙分享一下逆向思路。逆向网站:https://www.xiaohongshu.com/explore。界面如下:
这是逆向参数:
通过全局搜索,发现只有一个js文件里面有X-s;
找到位置,打上断点开始调试。
不难发现X-s=u["X-s"],而u=sign(getRealUrl(t, n, o), i),其中getRealUrl(t, n, o)是接口路径"/api/sns/web/v1/homefeed",
i={
"cursor_score": "93509",
"num": 12,
"refresh_type": 3,
"note_index": 33,
"unread_begin_note_id": "",
"unread_end_note_id": "",
"unread_note_count": 0,
"category": "homefeed_recommend"
}
这里不同的路径和不同的i就能得到不同X-s,从而拿到不同的数据。
sign函数传入了这两个参数后u就生成了。所以接下来我们主要分析一下这个sign函数。进入sign函数,在它的返回值处打上断点:
点击继续执行脚本跳到这里。控制台打印,结果正是X-s的值
这里面有个混淆, 在控制台中打印可以发现ur[cr(re, ne)]是函数function(e, t) {return e(t)},ur[cr(oe, ie)]也是function(e, t) {return e(t)},也就是传入的第二个参数是第一个参数(这里的第一个参数是一个函数)的参数。而cr(ue, le)是‘join’
。因此这段代码就简化为了mr(MD5([yr, dr, e, hr ? JSON[cr(ae, se) + "fy"](t) : ""]['join']("")))。另外,这里的MD5是标准的加密,如下:
所以直接导入‘crypto-js’大家如果没安装的话可以通过在终端输入npm install crypto-js安装。安装完后,就const Crypto=require('crypto-js')就可以了。最终变成了mr(Crypto.MD5([yr, dr, e, hr ? JSON[cr(ae, se) + "fy"](t) : ""]['join']("")).toString()),这玩意儿就是加密主体部分了。运行一下我们的sign()函数,缺什么补什么。
当补完后,报了一个奇怪的错误,(cr(...) + cr(...) + cr(...))[cr(...)] is not a function。为什么不是函数啊?
找到出错代码的位置,打上断点在本地调试一下,看看和浏览器的结果是否一样。
果然不错所料,这段代码返回的结果有问题,和浏览器的结果不一样。回头看我们之前的代码。
这返回的结果怎么有点熟悉啊,不就是前面补函数中a0_0x543e中的e中的元素吗!!难道这些元素有问题?不急,接着看。
初步分析,这可能就是问题所在处。
,
可以看到这个是我们补函数过程中的函数,它返回的内容是在r中取的,而r = a0_0x543e(),而且a0_0x543e返回的内容就是e。我们不要a0_0x543e这个函数了,直接在控制台打印r的值:
哈哈,果然有问题,接下来就是把r的内容换了,之前的就不要了。再次运行
,OK,刚才的错误解决了,但又出问题了,回到出问题的地方。发现这是false,所以代码应该执行冒号后面的内容,
也就是(0,esm_typeof.Z)(window),就算这玩意,在咱们报错了,在控制台打印一下看看它是个什么玩意:
原来就是个'object'啊,好说,直接在我们代码中给他换了
接着运行还是报错,原来下面还有一个啊,同样换为‘object’,再次运行就没问题啦。
好了,今天的分享到这里就结束了,拜拜啦!!
js代码如下:
window=this;
const Crypto=require('crypto-js')
function a0_0x4dee00(e, t) {
return a0_0x5c27(t - -312, e)
}
function a0_0x5c27(e, t) {
r=["UyzSw","isArray","eAt","zmtpi","OPQRSTU","7|4|9","0XTdDgM","hasOwnP","lUBwA","iQVWg","getTime","yTjFW","JQFwK","QMclx","zYvVY","Swijz","jIkCA","ble","ctor","SNmAe","pow","q42KWYj","KfTYt","qGTfA","lxWQh","OcXBH","hpdTP","zcTWF","a2r1ZQo","userAge","fDqvJ","LEdWM","zDagP"," Array]","NqdOs","VZAlG","wordsTo","SYlVm","rable","_digest","readFlo","EXcRE","kPrkP","WqGtt","|2|7|1|","ikxhY","charAt","JApEh","XefZY","BVmZI","bin","FTPBq","fCXhO","DTrbr","RIxMF","UJuXg","lxizm","IYqgI","ntwtB","GHzcl","VkIPm","515619okbuSc","cEEwK","rOgfA","UijIk","xNlWe","IFKdN","pdIYK","vGIuz","QamKK","bDqmV","pngG8yJ","kuQZq","yRnhISG","RNCil","HSFDJ","skMPY","random","constru","lPcUs","mfiMp","WNyCI","ZFsux","HIJKLMN","OUXTe","213505TKYkUt","asStrin","jGPhw","ZmserbB","stringT","_hh","rotl","jNjih","ezOMc","12FNdOJJ","encodin","yJKwt","atLE","IpyPj","uvnLy","evgkK","LHJGH","UoxZB","YplIo","2|3|4|1","FlYEl","fromCha","XhOLE","sUGSI","Words","CcWZI","yESQQ","NrAsb","3|6|4|0","vrlUV","bBpCr","okBzj","rRmLn","HiDFY","Hex","ABCDEFG","lECKQ","string","iwjwj","lKcsE","sNYMU","length","test","YdZUX","[object","osyIw","umick","DLqdJ","navigat","slice","x3VT16I"," Object","KbDto","WIPRR","zuvxQ","CNQIo","nt ","A4NjFqY","lUAFM97","vtfIx","_ff","tuAVA","GUXjn","vkHbm","defineP","jGXbA","KOsRk","SNEER","mUkhF","ClBGn","MjzGU","pPKoa","WaFXc","JKodg","zVOvy","cvnJR","uytRs","oBWZm","EaGMZ","lBXvG","feFUP","bXlQI","axfLm","FJlYN","yfqjY","KfnDt","size","AkEzs","45xebJDa","aQyyJ","cnLlO","NJbVq","pYOkL","|0|8|6|","ize","XrZOl","get","LlQOv","pWobk","cdefghi","BLEEu","_isBuff","ABLRO","uyyzO","iyVYR","OArwD","zAgxb","Illegal","equEW","ttIve","zsDDZ","roperty","eqJQh","lPLEl","oBytes","YcAap","IVjmk","biuPu","PKFOs","Fkqjb","231rerpKx","ZcThI","alert","isBuffe","0DSfdik","YUlOM","MuQYv","rCode","ule","ggDLb","ouYkV","rCZaS","NgZdN","nhxOh","Ojazi","__esMod","stringi","iLsmf","undefin","18310JfOQdq","prototy","VDMgA","xyz0123","u5wPHsO","QLnvL","charCod","String","FMbVd","binary","BOxTP","azoqU","floor","YMxdG","jklmnop","uPWLf","exbUE","aqFcP","QHHVj","72VTYrYU","EBUCM","hdBwq","ZoHKz","exports","vyJGG","2|1|3|5","_gg","cVte9UJ","enumera","2738060TYhQqS","push","RyZJx","105762wnLMQn","MLMvF","vZHUx","OUXOv","QYcqT","Bytes","bytesTo","AfphX","ahauZ","|0|5|4|","substr","VrFqQ","SbCkH","split","IJign","replace","utmmN","mEQOt","ntvSG","iFBAC","VsHtM","AAJUd","PnmbA","wOcza/L","endian","qqtiC","seQxp","zWRDt","hECvuRX","sfGbf"," argume","|5|0","Bvk6/7=","indexOf","ejKeS","ZqSNz","nlHfL","ZtWnB","iamspam","VWXYZab","hrtXX","oHQtNP+","toStrin","yQVJs","trZBo","VigAS","lNrTk","MWYyF","555718BnMYMA","QrePf","URHlD","mtrIN","GJYEy","6|7|2|3","anwja","JuPPz","jpJSn","dniCc","RFEXt","lsgpi","ARRXR","FmHfQ","_blocks","nvthD","default","functio","KblCWi+","hewPW","IrUjb","rniTJ","13060498XEGIdo","_ii","LpfE8xz","iUalX","sxyzs","asBytes","bAHys","phugY","yAgFW","ZovIz","vzTOk","reeyR","CfrgZ","OaAcq","RjgER","utf8","configu","call","TgopC","Oyeiu","UmEFi","join","oWysL","mTYNl","gkQpp","ToKTb","UBTfA","qrstuvw","iCeWb","GMJxV","bKgFU","ZCQZb","PBCYU","KIVTH","IWWto","vhLdz","cDgfm","456789+"]
return (a0_0x5c27 = function(e, t) {
return r[e -= 410]
}
)(e, t)
}
function sign(e, t) {
var r=1452,n=1507,o=1589,i=1411,a=1551,s=1533,u=1455,l=1289,c=1334,p=1553,d=1343,f=1265,_=1425,g=1426,h=1256,m=1512,v=1290,y=1230,b=1406,w=1535,T=1572,S=1747,E=1497,x=1587,k=1718,I=1516,A=1509,O=1371,L=1562,C=1627,R=1787,P=1413,N=1510,M=1495,j=1611,D=1687,F=1582,B=1556,U=1627,H=1596,W=1413,$=1421,V=1439,G=1570,z=1640,q=1417,Y=1409,Z=1578,K=1313,X=1491,J=1434,Q=1324,ee=1294,te=1160,re=1284,ne=1180,oe=1284,ie=1326,ae=1505,se=1602,ue=1631,le=1460,ce=884,pe=1019,de=1212,fe=1266,_e=978,ge=1012,he=1123,me=1180,ve=1227,ye=822,be=999,we=1367,Te=898,Se=910,Ee=1195,xe=1341,ke=1158,Ie=1068,Ae=1137,Oe=1118,Le=1109,Ce=1518,Re=1500,Pe=1322,Ne=1316,Me=1255,je=1188,De=1297,Fe=1184,Be=1153,Ue=1331,He=986,We=911,$e=1090,Ve=1016,Ge=1043,ze=1050,qe=863,Ye=338,Ze=485,Ke=1109,Xe=524,Je=489,Qe=595,et=1173,tt=862,rt=874,nt=190,ot=12,it=1587,at=24,st=636,ut=829,lt=921,ct=810,pt=508,dt=646,ft=995,_t=117,gt=1714,ht=846,mt=540,vt=558,yt=697,bt=616,wt=975,Tt=1088,St=324,Et=153,xt=433,kt=172,It=329,At=556,Ot=360,Lt=359,Ct=398,Rt=453,Pt=318,Nt=347,Mt=540,jt=439,Dt=502,Ft=460,Bt=347,Ut=444,Ht=453,Wt=448,$t=258,Vt=427,Gt=347,zt=544,qt=466,Yt=501,Zt=415,Kt=347,Xt=452,Jt=598,Qt=475,er=361,tr=392,rr=189,nr=347,or=451,ir=441,ar=1843,sr=1186
, ur = {
GHzcl: cr(1578, 1465),
hpdTP: function(e, t) {
return e < t
},
kPrkP: function(e, t) {
return e > t
},
RNCil: function(e, t) {
return e < t
},
GJYEy: function(e, t) {
return e >> t
},
zDagP: function(e, t) {
return e | t
},
zVOvy: function(e, t) {
return e & t
},
ntvSG: function(e, t) {
return e & t
},
vGIuz: cr(1388, r) + cr(1571, 1394),
biuPu: function(e, t) {
return e(t)
},
GMJxV: function(e, t) {
return e | t
},
yTjFW: function(e, t) {
return e << t
},
lsgpi: function(e, t) {
return e >> t
},
oWysL: function(e, t) {
return e(t)
},
mTYNl: function(e, t) {
return e + t
},
VDMgA: function(e, t) {
return e + t
},
MuQYv: function(e, t) {
return e === t
},
MjzGU: function(e, t) {
return e === t
},
bKgFU: cr(n, o) + "ed",
MWYyF: function(e, t) {
return e !== t
},
sNYMU: cr(i, a),
UyzSw: function(e, t) {
return e(t)
}
}
, lr = (cr(s, u) + cr(1462, 1388) + cr(l, c))[cr(p, 1691)]("|");
function cr(e, t) {
return a0_0x4dee00(t, e - sr)
}
for (var pr = 0; ; ) {
switch (lr[pr++]) {
case "0":
var dr = ur[cr(d, f)];
continue;
case "1":
var fr = function(e) {
function t(e, t) {
return cr(t - -ar, e)
}
e = e[t(-366, -288)](/\r\n/g, "\n");
for (var r = "", n = 0; n < e[t(-390, -xt)]; n++) {
var o = e[t(-kt, -It) + t(-At, -557)](n);
_r[t(-Ot, -Lt)](o, 128) ? r += String[t(-Ct, -Rt) + t(-Pt, -Nt)](o) : _r[t(-553, -Mt)](o, 127) && _r[t(-jt, -Dt)](o, 2048) ? (r += String[t(-423, -453) + t(-Ft, -Bt)](192 | _r[t(-566, -Ut)](o, 6)),
r += String[t(-411, -Ht) + t(-379, -347)](_r[t(-572, -Wt)](_r[t(-$t, -Vt)](o, 63), 128))) : (r += String[t(-279, -453) + t(-268, -Gt)](_r[t(-zt, -448)](_r[t(-qt, -Yt)](o, 12), 224)),
r += String[t(-Zt, -Ht) + t(-411, -Kt)](_r[t(-482, -Xt)](_r[t(-Jt, -Qt)](_r[t(-309, -er)](o, 6), 63), 128)),
r += String[t(-tr, -453) + t(-rr, -nr)](_r[t(-or, -Xt)](_r[t(-308, -ir)](o, 63), 128)))
}
return r
};
continue;
case "2":
var _r = {
YcAap: function(e, t) {
return ur[(r = -165,
n = -64,
cr(n - -1374, r))](e, t);
var r, n
},
SNmAe: function(e, t) {
var r, n;
return ur[(r = -142,
n = -Et,
cr(r - -1468, n))](e, t)
},
IYqgI: function(e, t) {
return ur[(r = 603,
n = 440,
cr(n - -918, r))](e, t);
var r, n
},
bBpCr: function(e, t) {
var r, n;
return ur[(r = 161,
n = St,
cr(n - -1268, r))](e, t)
},
yESQQ: function(e, t) {
var r, n;
return ur[(r = wt,
n = Tt,
cr(r - -341, n))](e, t)
},
DLqdJ: function(e, t) {
var r, n;
return ur[(r = yt,
n = bt,
cr(n - -827, r))](e, t)
},
ntwtB: function(e, t) {
var r, n;
return ur[(r = mt,
n = vt,
cr(n - -1034, r))](e, t)
},
XhOLE: function(e, t) {
var r, n;
return ur[(r = 959,
n = ht,
cr(n - -470, r))](e, t)
},
OUXTe: function(e, t) {
return ur[(r = -137,
n = -156,
cr(n - -gt, r))](e, t);
var r, n
},
lPLEl: function(e, t) {
return ur[(r = -_t,
n = -34,
cr(n - -1626, r))](e, t);
var r, n
},
HiDFY: function(e, t) {
return ur[(r = ft,
n = 939,
cr(r - -563, n))](e, t);
var r, n
},
KfTYt: ur[cr(1352, _)],
Swijz: function(e, t) {
var r, n;
return ur[(r = pt,
n = dt,
cr(r - -978, n))](e, t)
},
TgopC: function(e, t) {
return ur[(r = ut,
n = lt,
cr(r - -ct, n))](e, t);
var r, n
},
uytRs: function(e, t) {
var r, n;
return ur[(r = -st,
n = -536,
cr(n - -1831, r))](e, t)
},
CNQIo: function(e, t) {
return ur[(r = 140,
n = at,
cr(n - -1534, r))](e, t);
var r, n
},
NrAsb: function(e, t) {
return ur[(r = nt,
n = ot,
cr(n - -it, r))](e, t);
var r, n
},
rniTJ: function(e, t) {
return ur[(r = tt,
n = rt,
cr(n - -725, r))](e, t);
var r, n
},
vZHUx: function(e, t) {
var r, n;
return ur[(r = et,
n = 1085,
cr(r - -385, n))](e, t)
},
trZBo: function(e, t) {
var r, n;
return ur[(r = Je,
n = Qe,
cr(r - -1143, n))](e, t)
},
yAgFW: function(e, t) {
return e + t
},
cvnJR: function(e, t) {
return ur[(r = 1073,
n = Ke,
cr(n - -Xe, r))](e, t);
var r, n
},
ezOMc: function(e, t) {
var r, n;
return ur[(r = Ye,
n = Ze,
cr(n - -1025, r))](e, t)
}
};
continue;
case "3":
var gr = cr(g, h) + cr(m, 1536) + cr(v, y) + cr(1312, b) + cr(w, 1660) + cr(T, S) + cr(1357, E) + cr(1606, x) + cr(1612, k) + "m3";
continue;
case "4":
var hr = ur[cr(1495, I)](Object[cr(A, O) + "pe"][cr(1582, L) + "g"][cr(C, R)](t), cr(P, N) + cr(1420, 1408) + "]") || ur[cr(M, j)](Object[cr(A, D) + "pe"][cr(F, B) + "g"][cr(U, H)](t), cr(W, r) + cr(1317, $));
continue;
case "5":
var mr = function(e) {
var t = 287
, r = _r[n(ce, pe)][n(de, fe)]("|");
function n(e, r) {
return cr(r - -t, e)
}
for (var o = 0; ; ) {
switch (r[o++]) {
case "0":
return i;
case "1":
e = _r[n(_e, ge)](fr, e);
continue;
case "2":
var i = "";
continue;
case "3":
var a, s, u, l, c, p, d;
continue;
case "4":
var f = 0;
continue;
case "5":
for (; f < e[n(1188, he)]; )
a = e[n(me, ve) + n(ye, be)](f++),
s = e[n(we, 1227) + n(Te, 999)](f++),
u = e[n(1359, ve) + n(Se, be)](f++),
l = _r[n(1137, Ee)](a, 2),
c = _r[n(1318, xe)](_r[n(1271, ke)](_r[n(Ie, Ae)](a, 3), 4), _r[n(Oe, Le)](s, 4)),
p = _r[n(Ce, 1341)]((15 & s) << 2, _r[n(Re, Pe)](u, 6)),
d = _r[n(Ne, Me)](u, 63),
_r[n(je, De)](isNaN, s) ? p = d = 64 : _r[n(Fe, 1297)](isNaN, u) && (d = 64),
i = _r[n(Be, Ue)](_r[n(He, 1157)](_r[n(We, $e)](i, gr[n(Ve, Ge)](l)), gr[n(ze, 1043)](c)) + gr[n(qe, 1043)](p), gr[n(874, Ge)](d));
continue
}
break
}
};
continue;
case "6":
var vr = ur[cr(V, 1433)]("undefined" == typeof window ? "undefined" : 'object', ur[cr(1640, M)]) ? window : window;
continue;
case "7":
ur[cr(1587, G)]('object', ur[cr(z, 1531)]) && vr && vr[cr(q, Y) + "or"] && vr[cr(1417, Z) + "or"][cr(K, 1250) + "nt"] && vr[cr(X, J)] && (dr = ur[cr(Y, Q)]);
continue;
case "8":
var yr = (new Date)[cr(ee, te)]();
continue;
case "9":
return {
"X-s": mr(Crypto.MD5([yr, dr, e, hr ? JSON[cr(ae, se) + "fy"](t) : ""]['join']("")).toString()),
"X-t": yr
}
}
break
}
}
i={
"cursor_score": "93077",
"num": 12,
"refresh_type": 3,
"note_index": 32,
"unread_begin_note_id": "",
"unread_end_note_id": "",
"unread_note_count": 0,
"category": "homefeed_recommend"
}
console.log(sign("/api/sns/web/v1/homefeed",i))
View Code
标签:function,逆向,return,小红书,ur,case,源码,var,cr From: https://www.cnblogs.com/wxd501/p/17205656.html