声明:本篇文章仅用于知识交流分享,不用于其他用途
练习网站:https://jzsc.mohurd.gov.cn/data/company
解密过程分析
- 访问网站,随便选择一个区域,点击查询,看触发哪些数据包。
只有一个数据包,且其响应数据一看就是经过加密的。 - 有经验的人就会条件反射是拦截器,全局搜索interceptors。
总共有7处,拦截器分为请求拦截器和响应拦截器,这里只需关注响应拦截器即可,有2处。
第二处相当于压栈的操作,所以这处就不用管了,重点看第一处。 - 打上断点,重新查询让其触发断点。
- 看到传进来的
t
变量的data
属性值就是流量包中的响应数据,这段代码中跟t.data
相关的代码只有一行var e = JSON.parse(b(t.data));
,涉及到b
函数,定位到b
函数,打断点,让代码运行。
- 可以很明显的看到
AES
字样了,说明数据是经过AES加解密的,接下来我们只要搞清楚iv
、mode
和padding
就可以解密了。一步一步往下执行,看每一行代码什么意思。
var e = d.a.enc.Hex.parse(t)
:将t解析为一个WordArray对象
n = d.a.enc.Base64.stringify(e)
:对上一步得到的e进行base64编码
关键代码:n是需要解密的字符串,f是密钥,iv是偏移量、mode是aes解密的模式,padding是填充的方式,看看其对应的值分别是什么。a = d.a.AES.decrypt(n, f, { iv: m, mode: d.a.mode.CBC, padding: d.a.pad.Pkcs7 })
f = d.a.enc.Utf8.parse("jo8j9wGw%6HbxfFn")
是个定值
m = d.a.enc.Utf8.parse("0123456789ABCDEF");
是个定值
mode
是CBC,padding
是默认的Pkcs7,知道这些,那整个解密逻辑也就清楚了。 - 编写js代码。
var CryptoJS = require("crypto-js");
function decrypt(t) {
var e = CryptoJS.enc.Hex.parse(t)
, n = CryptoJS.enc.Base64.stringify(e)
, a = CryptoJS.AES.decrypt(n, f, {
iv: m,
mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.Pkcs7
}),
r = a.toString(CryptoJS.enc.Utf8);
return r.toString()
}
f = {
"words": [
1148467306,
964118391,
624314466,
2019968622
],
"sigBytes": 16
};
m = {
"words": [
808530483,
875902519,
943276354,
1128547654
],
"sigBytes": 16
};
var t = "5588a9e126c91a28cc2f6813e3793369c25469a35a79a5541917e64a1f6f6af3885cc96257769955a28e76675a669d56d331e511f04a8db2d744a0588de3c6fb883f574213b54143731c7a6f5a1213100b4bde27a8d3dc0f9324089e46f32c3354e118d27e4cd94cc3364b1119d5541146d97a6f4cf06d1b932f7f63600facbb8627982ddaad4e9848b879829f1a4667165177d70bbd41096720a012ebc3a496bc9088fd57829608d8a2e6c670584a733d58f3eaf6ef5205d8aa125cbfa48499a3b6d6905987a870824250d01ee87515c7c867793bbf08f62b9ef35a4a5ce01109972d27b49c8d63bfc1affcc1f7a6f72422cd73a94717c1d5f1f9b35cc2249f1ef31df6472329acb106c729792b9dd83f730b7f3bb320894e4ac8cf802d54c7d2c78492c0036d7de4df178e8ac61624f4493e982edb085b9e7cf343bb6f413fb985122f505bfa5e5d44d9a9d7c2f6e7afc12024598232ac233522213ba270f4a0b86d8f523246e6bd159b991ddee49c44f64579b6241161a2e2d079da0fe36452953e4b5ae7c8d9ede9f78fc1a4ebfb159d1422f887f4b115fa7fdf11d6613ed80615a16d9ab3e29d49165d111a5114e989968b114cb6853561047f6e3816554f218ccd32fda341e1d78381955beaf11ccdb60594bb2d7ae04763876f2a51ddb23d29f47501aa497b6fa52107e1bfaf2c3195ea20be05ba75d6d85ef260e4530e230b1d0dbd195cdeb8377a90c165894b008ccbf710f00af3b9038cb3be4c82035a85096f686fde28f6c5917c6ee555a80d57b949c390fe40159d9174cf03c9e2dbbc2261a8e504d23943692c5ba4a455e410cf626abd835d7bfbfa1f17a5f2835906f657f76bccc1cde8397a59a9704be076d547070b2a335ae5731c5e96d144ce9bcb969876364c4f4067e77c9c0c25603500dd5229d06fc10f1c0c40ab696c0e6d6cfae3e7a6c8b8934a54c46e1b20ef611a77a6fc6c819bf078d8bcdb0900dad2ff565f4586996fb66ae190bc0efc95711b9736e1ca1e384cf03402aad362936a250842232bf5816f0a208e3a90bb4cd4a32e2d16006c23f3919ce933467890c8bdd42fe5844e43f1ec649d67c3c6078bef55c05b5932528ca1df7f383fb90f4a2a18a37f3a3f9f3ad7a23098362dfd710781423e0b27ff02092978762d202edf50bb84ad353ecb25b3f099e65bf7b5d2831aa1f3e6a55720353be1b3108717668405daa51c20efe2fbc72e6d2d4529914f06cebac2cb24380aed14388abe0db255bfcc6746d07bd801c02682decc0427877a0036b87d3370d616aad46498f3123a3324dce48120496faecc593cccb25de4e6c671c111212a7c4674889945aa4675a461cfd25068e94fa1324df2c8af586e3ca8b7d2f9aa1d6cdd6af2cf688d743dd7d077cdbf0520441de2910f481cb92c281ba74f5b5f6bb9f061d63c0ba85f43f855e00a240647faef4b43cb54fb6818a8a62455ed0b85aa4d8e1795180610c1a7747dea2e34df4fa239168b2c44b9ffd87d5b985d5c5a330659c2b942102ca95bcbcea9736fdbadf72bdf048a182f7f47f3f36f712f24f24aab21622a3ecbcd958459057412127349a6313d751eec6619a60d8f61c7b9fed491fd70bdd4178413aa329c0784d20c2e5d10d2ec331837baa6a247249230bc5e725dbadd9a0b98f8efe86a8c63d1830a38e2c5b3895d302d0fe8a3cb0cdaa7997f462f2b03a8ffc2a3b15a5af32f0f9968e57dce95333554af39525b3c74202cb06527ba7d81c35261953571387b2d333f5de08d698fc48c03f02d6936cd48b2e42731780a9922dacb57996e4ee945993ff9fc1b7a82278c83626860a3a3af2be0c02b874ea968d9a91158724bab23791050ea3503b16b3c71dfa63f6155270bac56f54fe653af57c592c24f255686208ccfe59b221e8584ab7993725b83f02070102d31941b8b977dd5066ae29d266a5d6dabedb2865b057666c5f10d6f6415aa21587115ade161b42c296b370c141925de29467f1e175d053f8e7d5d06e402822e9524793a5ec6f0b038f6b6978b12be50411b0ef2aee9eb29915c07e58d4d011ef417caffd006ee979f8b95963a013ebdd2a3c1ccf1164b30d72ef1cd62679520a94316dd644e9a8d550bb6cb4a56f3e3c7e7e0fb42ec371bd26177c8319348a9b13e6d22f0ea2b209bf94a7a57cf4989cbf0a49b09483d24e4b7acc4978e6a9f412c27559fd9ec7521fdfa2c0d832cc46101d48d7342932fee73bcdf1f65704cba6b586eabf63cc78e9b21053dd53b57f5654748df8858d09ece8266fd1b81f75f9269aad6012e7d1c56eedf2b95fa9733fc698926429c44496e35ca8e5b37218be30e68fa0d05964a05835d07755bbf8e48565ff8210e6ede906593ab2c1b1ad66800acbea3bd55af3ceaadf1f43c263da92ba9e4f41962dee68a176180fe3e6de2493d64570bda0d6b0c41d589a6dfe8fd17ca848e075e96cb571df8d19f7d7714b775d994357471ce0d42406e0b7e35116913fda6cc9d36ebb26349e7a76de82c72924314c56f6ad3b8f7b9d416e257279cf6d4f2448f39df7980191c66daca0f4dbb358dfaa7af2f56710a460dcee738a13b8e05830da6d78dd6e6acc997fafd824fa84ffba910243db91c3270d4c9f7ace66715af7eb150270f743f2cfdd906216680876ebec63c35e758160fae78ede370b22448f7fa3657bdd9c487844f0a57cc1532bdfb56484e2193bf07becb744d86e8cf261fe57e2b0248ea1dc1e8241ef1d63fc5ed0977b44c8fd3a5ea3ff5cb923f9850199a9896431d5ca6c0fa7d740abfbe96d394662ae76c63f4b25aae5cc369abeac334c0dc21c5804b46ce3e9ef29a364364c6315cdeaa9ef93c4adbe5d0acf94ee54f25ef0b737b260bc1f1c3accb569721250b9497f28dca88cf3a1b28898b31d71b9fdfc900b95615f7bb0ef33ea45a0ee119a73d9aaad8dd11ae0395895060bc176475580c3d7eb5a21d7ff078a7cbd9b5ec6783d794734425401350e0abf0ebcf1d5ede58f56a1b78b8b1c9c5b7bd0ac88f4e7cb90944d570a1f96289fd9f9c84229805a80b15b1e8c12f533b174c4de2dcf2565cd9500ed124a60b55eae7532277bc2618b3f5fc9bd030ef2e1fb14eac888159a8c2c5159429204e4bdd052572d7f361264c40775e6f96d97c2e5bcd9a673503f444cf8f26b24390f236a5e41753de6178d14c19b20ee46d59b5fbb1e449b9d32bd5c441e7c9e5dc007ee4ad717b06336647d2ed4c83dd638ff4be9748bf93f268b44640172bf5d7d3a25c7d090eba5e2a13f6fa71b5700c8e2e18639d2273efff39dc873f41604f90d0acd4d871e769602a5cd0b73507cb6b173ec31dbb23d68650003a2aa7b8ef07df994d613c8d4bc4570cac471dc9d62521e689f146a80e6ebd590b4a2089c30992547a014ba147d28da889f95e275fca5909720be296374de4943032aa2c4123e820f171aabe1dd0d25556257ef5c4b2203b2aa3f8afeea63b8d7a1def05b5f1ccd10b6f858f5d17aeb26d8a37be2023b559cb252bdcfcf14d7f372003e72763443dc88d18f799d7e838d21fd5de743bd322bf6e8b0251115014d56aca159dca5d0dac4c55db5a0e2b6f0c40cf27b8306a715ffd49535a812a4c4acb3273428dbdb58c8a58c21546921bb3aceb4baaf36f5af3f832e0fd3dad217419659621480f07c2b1a4319e7ff41245d1b3ad1e74c072d037cc19beb6840832f6c9a54df705b0f2eeff275f41783eeaf64bf4b9856be525d59bf7c5b9abec223230294bb43a4ef30d13f4d30c4433fba78fb18d31930ceab3daee9d05432e603b91784ace708d1959540d9557b1be474e5e630f7f27415a643e206a07be01fdcda5924ec4b0808075db504b43f8fccbe1dbd720dc94c1fbc0717059e2d121588c1acc2c34431822301b19c454c187e4597b95cb0118583ddb6ea6bdd6c9a5d64b50abb47bde1f22a204a3ac2c400f4b3cf4616bf26c0f91c65337e4cdcffe4ef1800e4b91b216e6c427c235e6a4ecbe96b372f349299f070978a9f97175ae6aee0a3773a39fa5e1cf85ef50fe31efbdf9720b7490d61913cd8c34aec6c4594ee8c878a21dc56113ded0376bb01934af30ffaabffe527866ee6ef089e19641a8b0c82d291496d54923e436500d32ee0b33024133b85f107b311c7e43ca65e98782704ad3a20ad580ad80464fd6b0eaa837d326c3acd25175166bb9423f7478ac3e6220ad90f6c0808d284d7cc1aa77622c9c4a7bd9012d5bb50a18eb43a1c6c8b6477099ac9c9b787f154313debcc359f61f26c22574072e1e566b470504155a57c026a958592abeae93f6bede1cbe2c4d35c576b544f3b178b063015c48681c3a9a3f454460c84d8b2b775e78f96dec76528e1c7e06b716b9ba063aab9d0f2bfdb219e5b77b930275f4e95a6e23f5a956d8dc7c50191362cb209ab682a0f055401dc75598f1b23e6485e9df4caace320cb00175828d9d03724fc3ffbe90d5b99791f6475e5b141d32898236b86a3105c478ab4d401bae7511ad6c16b598b200c08cd81d47367cf63dee534e130a735ebc6017c099bfa1dfb3c2728d0f0001c0dfea7ebd03f8aa03e04b083d151ca81651f4240fab2412fddd2e68e3a7760d7252071edabdc432280202029be3c710f99c32c7959effe10d64b693e6189512ba6f200137e8d417886a85cb6bcd979e73f0a62b45858bb5ee5267b30d3a2b0a29d02fe4aee627ee97bf92cf27e3655f665cea3cf4fe0f65eba91e5aac668050eec3c4d61ad86a7be4f1a1974d3d6697fd85dcec6326234af2f6f379fa4f0c32d7d984720f57f8783df1d77b3d541ca0218e34aa73831a6fd6e4700002c6b6b1e035190b3ff7fc20f4211d324e02fcd9d773e03aa8f74d90a0eb9cbbb31d43279aaed6c5a6b76dd83369ae389cd65d134c7dc608e72d6e6afe339ea22c1b16afdd1c756080e923a95afec3c1381e83974ba601aac427f681db5489e5d7d9779731d840dbb32252b85e66306e5ec23e718bfea67cdbb482f094aa74daea553e995e716ddf749ff0bd6283ab7c6acc09ccfc42870d23513d76154f6de0f54917eb60749b0cf3e2b602ddcc9113ec6165514f384ce5830f09bae6435f535a869fcec057f355f20b5e976b8f955e7f235b6b0afb61d5a60f61e31669c2c7cc83d4dacaff0056373e9804926651b4245db4e3ea52f17713926ae391c84f121c65e209116a1ac0ed0072fb5b1e7eaa73316613017fb88034045a08d9c34377c0d2f262ace3942855ec55efa5c81a3d797bc6053c607433b3a59ce55509da6819209972f188d3756f546e290f67fb7ceb93d75e7667d371145e6c0443640af5b1b02e40686039eedba238237d4a562fd0d2dd3cdbe6c1e71b8293e298cc4ca5fcb27f812f1ce6b451e1248aefc272f1a3687c19f6b29b49945a4e8c4ddf39eb35def47bcb9318d88b2a20b9b984799a5a7652f77eb144520d3fe5a4c4a6264e8374dfb3180dcc9a4a468ef69faf480824e435cb2fd48dcf0eb2fef3c5aac456c6fe547b6dafdf45100e52b3fdb74ecd99d1e89cad646a39eb3a88b25be64c5586b3982ca2da4973ebeca827fb79de27bcc3c9b8c59661fe0abf4f5aa9b91800217c378da21642b7d211c59da50cee8fd98873e468f7eab21193cfbf114a195d1688a7e0c34c9daa77569d27e995e53e820322cace742a75a74826769b65279a6cb4af07bae3e8de3893611de188dc543450ba46e9d65959944d4ef24607ef91629fcd81cbaa7790827f29d1df896667d2bed1954763bf69593cd2a30eda2dcf99ce81129447be05385655a344318627331b23ab9e6ebe3b3e0d65db0a8e77c16a59ee2bacb96e7d37d65a2bb03be59304110d3655eebc53146281538cc36d3a69e03a3f558bc0ab3592da8c416826b486d2444f9b447014e206bfa2c07abc610d612655d8d6998e5ef80ad0d77f2b56fbae57c921c5c99763c329dbf30056943e25d04cb0537bf9de24b52269ce5b3491791217d850cf8f7f76a4d0abcd2b431bd2b63cacf6e851807deb96eecf1b3bb1bed1fe5dc687cf3863a8873cc5ee80b96a97b96b55";
console.log(decrypt(t));
运行结果如下:
这里有一点很奇怪,当我把f和m的值换成如下代码的时候就会一直报utf8编码错误的问题,不知该如何解决,希望有大佬能够解答。
代码如下:
function decrypt(t) {
var e = CryptoJS.enc.Hex.parse(t)
, f = CryptoJS.enc.Utf8.parse("jo8j9wGw%6HbxfFn")
, m = CryptoJS.enc.Utf8.parse("0123456789ABCDEF")
, n = CryptoJS.enc.Base64.stringify(e)
, a = CryptoJS.AES.decrypt(n, f, {
iv: m,
mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.Pkcs7
}),
r = a.toString(CryptoJS.enc.Utf8);
return r.toString()
}
运行结果如下:
7. 编写python代码调用js代码实现数据的爬虫。
from functools import partial # 锁定参数
import subprocess
subprocess.Popen = partial(subprocess.Popen, encoding="utf-8")
import requests
import execjs
url = "https://jzsc.mohurd.gov.cn/APi/webApi/dataservice/query/comp/list?qy_region=210200"
params = {"pg": 0, "pgsz": 15, "total": 0, }
headers = {"user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) "
"Chrome/130.0.0.0 Safari/537.36", "referer": "https://jzsc.mohurd.gov.cn/data/company",
"accept": "application/json, text/plain, */*", "v": "231012"}
resp = requests.get(url, params=params, headers=headers)
file = open("decrypt.js", mode='r')
exec_js = file.read()
exec_code = execjs.compile(exec_js)
ming = exec_code.call("decrypt", resp.text)
print(ming)
运行结果如下:
与界面一致。
写完收工。