饿了么bxet 分析

声明

本文章中所有内容仅供学习交流使用，不用于其他任何目的，抓包内容、敏感网址、数据接口等均已做脱敏处理，严禁用于商业用途和非法用途，否则由此产生的一切后果均与作者无关！  

大部分补环境代码

//仅供学习使用
window = global
self = window
top=window
window.origin='###'
window.addEventListener = function addEventListener() {
    console.log('window.addEventListener', arguments)
}
document = {}

navigator = {}
window.localStorage = {
    getItem: function (key) {
        return window.localStorage[key] || null;
    },
    setItem: function (key, value) {
        window.localStorage[key] = value.toString();
        this.length = Object.keys(window.localStorage).length;
    },
    removeItem: function (key) {
        delete window.localStorage[key];
        this.length = Object.keys(window.localStorage).length;
    },
    clear: function () {
        window.localStorage = {};
        window.localStorage.length = 0;
    },
    key: function (index) {
        return Object.keys(window.localStorage)[index] || null;
    }
}
location = {
    "ancestorOrigins": {},
    "href": "#####",
    "origin": "##",
    "protocol": "https:",
    "host": "##",
    "hostname": "##",
    "port": "",
    "pathname": "#",
    "search": "#",
    "hash": "",
    toString: function toString() {
        return location.href
    }
}


screen = {}
screen.availWidth = 1536
window.screenTop=0
window.outerWidth = 1536
navigator.getBattery = function getBattery() {
    console.log('navigator.getBattery', arguments)
}
document.hidden = false
HTMLCanvasElement=function HTMLCanvasElement(){}
HTMLMediaElement=function HTMLMediaElement(){}
HTMLCanvasElement.prototype.toDataURL=function toDataURL(){
    throw new TypeError('Illegal invocation')
}


a={href:""}
document.createElement = function createElement(tagName) {
    console.log('createElement', arguments)
    if (tagName === 'canvas') {
        return canvas
    }
    if(tagName==='a'){
        return a
    }
}


window.performance={
    "timeOrigin": 1708407536616.6,
    "timing": {
        "connectStart": 0,
        "navigationStart": 1708407536617,
        "secureConnectionStart": 0,
        "fetchStart": 0,
        "domContentLoadedEventStart": 1708407536619,
        "responseStart": 0,
        "domInteractive": 1708407536619,
        "domainLookupEnd": 0,
        "responseEnd": 1708407536619,
        "redirectStart": 0,
        "requestStart": 0,
        "unloadEventEnd": 0,
        "unloadEventStart": 0,
        "domLoading": 1708407536617,
        "domComplete": 1708407536621,
        "domainLookupStart": 0,
        "loadEventStart": 1708407536621,
        "domContentLoadedEventEnd": 1708407536619,
        "loadEventEnd": 1708407536621,
        "redirectEnd": 0,
        "connectEnd": 0
    },
  
}

navigator.plugins= [
    {name: "PDF Viewer", description: "Portable Document Format", filename: "internal-pdf-viewer"},
    {name: "Chrome PDF Viewer", description: "Portable Document Format", filename: "internal-pdf-viewer"},
    {name: "Chromium PDF Viewer", description: "Portable Document Format", filename: "internal-pdf-viewer"},
    {name: "Microsoft Edge PDF Viewer", description: "Portable Document Format", filename: "internal-pdf-viewer"},
    {name: "WebKit built-in PDF", description: "Portable Document Format", filename: "internal-pdf-viewer"},
]
navigator.mimeTypes= [
    {type: 'application/aliedit', suffixes: '', description: 'npaliedit'},
    {type: 'application/asx', suffixes: '*', description: ''},
    {type: 'application/cenroll.cenroll.version.1', suffixes: '',description: 'CEnroll'},
    {type: 'application/hwepass2001.installepass2001', suffixes: '', description: 'HwEpass2001'},
    {type: 'application/hwpta.itrushwpta', suffixes: '', description: 'hwPTA'},
    {type: 'application/hwwdkey.installwdkey', suffixes: '', description: 'hwWDkey'},
    {type: 'application/itrusenroll.certenroll.version.1', suffixes: '', description: 'IEnroll'},
    {type: 'application/java-deployment-toolkit', suffixes: '', description: ''},
    {type: 'application/pdf', suffixes: 'pdf', description: ''},
    {type: 'application/pta.itruspta.version.1', suffixes: '*', description: 'PTA'},
    {type: 'application/qscall-plugin', suffixes: 'dll', description: 'DLL'},
    {type: 'application/tecent-qqlive-plugin', suffixes: '', description: ''},
    {type: 'application/tecent-qzonemusic-plugin', suffixes: 'rts', description: "This plug-in is transfers of QzoneMusic when opening Qzone in a web page with Firefox."},
    {type: 'application/tencent-qqphotodrawex2-plugin', suffixes: 'rts', description: ''},
    {type: 'application/x-alisecctrl-plugin', suffixes: '*', description: 'npAliSecCtrl.dll'},
    {type: 'application/x-google-chrome-pdf', suffixes: 'pdf', description: 'Portable Document Format'},
    {type: 'application/x-java-applet', suffixes: '', description: 'Java Applet'},
    {type: 'application/x-java-applet;deploy=11.321.2', suffixes: '', description: ''},
    {type: 'application/x-java-applet;javafx=8.0.321', suffixes: '', description: ''},
    {type: 'application/x-java-applet;jpi-version=1.8.0_321', suffixes: '', description: ''},
    {type: 'application/x-java-applet;version=1.1', suffixes: '', description: ''},
]

分析思路过程截图

 思路

阿里一般都是jsvmp直接找哪个文件是jsvmp文件调用的，一般点进去就是加密的了。

总结

1.出于安全考虑,本章未提供完整流程,调试环节省略较多,只提供大致思路,具体细节要你自己还原,相信你也能调试出来。