首页 > 其他分享 >js逆向实战之某二手平台请求参数加密逻辑

js逆向实战之某二手平台请求参数加密逻辑

时间:2024-11-23 14:57:53浏览次数:10  
标签:function 逆向 加密 js Sec str var return data

声明:本篇文章仅用于知识分享,不得用于其他用途
网址:https://www.goofish.com/

加密逻辑

  1. 随便点击一个模块,看触发的数据包。
    image
    再选择一个模块,看哪些参数会变化。
    image
    image
    比较一下得知tsign的值会变化。请求数据中的machId是根据所选模块变化的。
  2. 主要关注sign的加密逻辑,搜索请求参数中比较独特的一个字段jsv
    image
    总共有4处,在第一处可以看到为jsvtsign赋值的语句。
    image
  3. 打断点,刷新界面。
    image
    关键代码两行:
  • t=j=(new Date).getTime():获取时间戳
  • sign=k=i(d.token + "&" + j + "&" + h + "&" + c.data):
    涉及id.tokenjhc.data
    • d.token:控制台输出一下,是个定值。
      image
      不放心的话,可以重新刷新界面,看是否会变化。
    • j:时间戳
    • h:控制台输出,是个定值。
      image
    • c.data:控制台输出,发现其实是数据包中的请求数据。
      image
    • i:加密函数,定位一下,全部抠出来即可。
      image
  1. 运行一下抠出来的js代码。
    var h = 34839810;
    var j = (new Date).getTime();
    var k = i("a9b974fd6a1d777ca53ee9ac59fab8ed" + "&" + j + "&" + h + "&" + '{"itemId":"","pageSize":30,"pageNumber":1,"machId":"165362_1"}');
    var str = "a9b974fd6a1d777ca53ee9ac59fab8ed" + "&" + j + "&" + h + "&" + '{"itemId":"","pageSize":30,"pageNumber":1,"machId":"165362_1"}';
    console.log(str)
    function i(a) {
    	function b(a, b) {
    		return a << b | a >>> 32 - b
    	}
    
    	function c(a, b) {
    		var c, d, e, f, g;
    		return e = 2147483648 & a,
    			f = 2147483648 & b,
    			c = 1073741824 & a,
    			d = 1073741824 & b,
    			g = (1073741823 & a) + (1073741823 & b),
    			c & d ? 2147483648 ^ g ^ e ^ f : c | d ? 1073741824 & g ? 3221225472 ^ g ^ e ^ f : 1073741824 ^ g ^ e ^ f : g ^ e ^ f
    	}
    
    	function d(a, b, c) {
    		return a & b | ~a & c
    	}
    
    	function e(a, b, c) {
    		return a & c | b & ~c
    	}
    
    	function f(a, b, c) {
    		return a ^ b ^ c
    	}
    
    	function g(a, b, c) {
    		return b ^ (a | ~c)
    	}
    
    	function h(a, e, f, g, h, i, j) {
    		return a = c(a, c(c(d(e, f, g), h), j)),
    			c(b(a, i), e)
    	}
    
    	function i(a, d, f, g, h, i, j) {
    		return a = c(a, c(c(e(d, f, g), h), j)),
    			c(b(a, i), d)
    	}
    
    	function j(a, d, e, g, h, i, j) {
    		return a = c(a, c(c(f(d, e, g), h), j)),
    			c(b(a, i), d)
    	}
    
    	function k(a, d, e, f, h, i, j) {
    		return a = c(a, c(c(g(d, e, f), h), j)),
    			c(b(a, i), d)
    	}
    
    	function l(a) {
    		for (var b, c = a.length, d = c + 8, e = (d - d % 64) / 64, f = 16 * (e + 1), g = new Array(f - 1), h = 0, i = 0; c > i;)
    			b = (i - i % 4) / 4,
    				h = i % 4 * 8,
    				g[b] = g[b] | a.charCodeAt(i) << h,
    				i++;
    		return b = (i - i % 4) / 4,
    			h = i % 4 * 8,
    			g[b] = g[b] | 128 << h,
    			g[f - 2] = c << 3,
    			g[f - 1] = c >>> 29,
    			g
    	}
    
    	function m(a) {
    		var b, c, d = "", e = "";
    		for (c = 0; 3 >= c; c++)
    			b = a >>> 8 * c & 255,
    				e = "0" + b.toString(16),
    				d += e.substr(e.length - 2, 2);
    		return d
    	}
    
    	function n(a) {
    		a = a.replace(/\r\n/g, "\n");
    		for (var b = "", c = 0; c < a.length; c++) {
    			var d = a.charCodeAt(c);
    			128 > d ? b += String.fromCharCode(d) : d > 127 && 2048 > d ? (b += String.fromCharCode(d >> 6 | 192),
    				b += String.fromCharCode(63 & d | 128)) : (b += String.fromCharCode(d >> 12 | 224),
    				b += String.fromCharCode(d >> 6 & 63 | 128),
    				b += String.fromCharCode(63 & d | 128))
    		}
    		return b
    	}
    
    	var o, p, q, r, s, t, u, v, w, x = [], y = 7, z = 12, A = 17, B = 22, C = 5, D = 9, E = 14, F = 20, G = 4, H = 11,
    		I = 16, J = 23, K = 6, L = 10, M = 15, N = 21;
    	for (a = n(a),
    			 x = l(a),
    			 t = 1732584193,
    			 u = 4023233417,
    			 v = 2562383102,
    			 w = 271733878,
    			 o = 0; o < x.length; o += 16)
    		p = t,
    			q = u,
    			r = v,
    			s = w,
    			t = h(t, u, v, w, x[o + 0], y, 3614090360),
    			w = h(w, t, u, v, x[o + 1], z, 3905402710),
    			v = h(v, w, t, u, x[o + 2], A, 606105819),
    			u = h(u, v, w, t, x[o + 3], B, 3250441966),
    			t = h(t, u, v, w, x[o + 4], y, 4118548399),
    			w = h(w, t, u, v, x[o + 5], z, 1200080426),
    			v = h(v, w, t, u, x[o + 6], A, 2821735955),
    			u = h(u, v, w, t, x[o + 7], B, 4249261313),
    			t = h(t, u, v, w, x[o + 8], y, 1770035416),
    			w = h(w, t, u, v, x[o + 9], z, 2336552879),
    			v = h(v, w, t, u, x[o + 10], A, 4294925233),
    			u = h(u, v, w, t, x[o + 11], B, 2304563134),
    			t = h(t, u, v, w, x[o + 12], y, 1804603682),
    			w = h(w, t, u, v, x[o + 13], z, 4254626195),
    			v = h(v, w, t, u, x[o + 14], A, 2792965006),
    			u = h(u, v, w, t, x[o + 15], B, 1236535329),
    			t = i(t, u, v, w, x[o + 1], C, 4129170786),
    			w = i(w, t, u, v, x[o + 6], D, 3225465664),
    			v = i(v, w, t, u, x[o + 11], E, 643717713),
    			u = i(u, v, w, t, x[o + 0], F, 3921069994),
    			t = i(t, u, v, w, x[o + 5], C, 3593408605),
    			w = i(w, t, u, v, x[o + 10], D, 38016083),
    			v = i(v, w, t, u, x[o + 15], E, 3634488961),
    			u = i(u, v, w, t, x[o + 4], F, 3889429448),
    			t = i(t, u, v, w, x[o + 9], C, 568446438),
    			w = i(w, t, u, v, x[o + 14], D, 3275163606),
    			v = i(v, w, t, u, x[o + 3], E, 4107603335),
    			u = i(u, v, w, t, x[o + 8], F, 1163531501),
    			t = i(t, u, v, w, x[o + 13], C, 2850285829),
    			w = i(w, t, u, v, x[o + 2], D, 4243563512),
    			v = i(v, w, t, u, x[o + 7], E, 1735328473),
    			u = i(u, v, w, t, x[o + 12], F, 2368359562),
    			t = j(t, u, v, w, x[o + 5], G, 4294588738),
    			w = j(w, t, u, v, x[o + 8], H, 2272392833),
    			v = j(v, w, t, u, x[o + 11], I, 1839030562),
    			u = j(u, v, w, t, x[o + 14], J, 4259657740),
    			t = j(t, u, v, w, x[o + 1], G, 2763975236),
    			w = j(w, t, u, v, x[o + 4], H, 1272893353),
    			v = j(v, w, t, u, x[o + 7], I, 4139469664),
    			u = j(u, v, w, t, x[o + 10], J, 3200236656),
    			t = j(t, u, v, w, x[o + 13], G, 681279174),
    			w = j(w, t, u, v, x[o + 0], H, 3936430074),
    			v = j(v, w, t, u, x[o + 3], I, 3572445317),
    			u = j(u, v, w, t, x[o + 6], J, 76029189),
    			t = j(t, u, v, w, x[o + 9], G, 3654602809),
    			w = j(w, t, u, v, x[o + 12], H, 3873151461),
    			v = j(v, w, t, u, x[o + 15], I, 530742520),
    			u = j(u, v, w, t, x[o + 2], J, 3299628645),
    			t = k(t, u, v, w, x[o + 0], K, 4096336452),
    			w = k(w, t, u, v, x[o + 7], L, 1126891415),
    			v = k(v, w, t, u, x[o + 14], M, 2878612391),
    			u = k(u, v, w, t, x[o + 5], N, 4237533241),
    			t = k(t, u, v, w, x[o + 12], K, 1700485571),
    			w = k(w, t, u, v, x[o + 3], L, 2399980690),
    			v = k(v, w, t, u, x[o + 10], M, 4293915773),
    			u = k(u, v, w, t, x[o + 1], N, 2240044497),
    			t = k(t, u, v, w, x[o + 8], K, 1873313359),
    			w = k(w, t, u, v, x[o + 15], L, 4264355552),
    			v = k(v, w, t, u, x[o + 6], M, 2734768916),
    			u = k(u, v, w, t, x[o + 13], N, 1309151649),
    			t = k(t, u, v, w, x[o + 4], K, 4149444226),
    			w = k(w, t, u, v, x[o + 11], L, 3174756917),
    			v = k(v, w, t, u, x[o + 2], M, 718787259),
    			u = k(u, v, w, t, x[o + 9], N, 3951481745),
    			t = c(t, p),
    			u = c(u, q),
    			v = c(v, r),
    			w = c(w, s);
    	var O = m(t) + m(u) + m(v) + m(w);
    	return O.toLowerCase()
    }
    
    console.log(k);
    
    运行结果如下:
    image
    与控制台输出的结果一致,说明加密逻辑正确。
    image
  2. 可以编写代码获取数据了。
    from functools import partial  # 锁定参数
    import subprocess
    
    subprocess.Popen = partial(subprocess.Popen, encoding="utf-8")
    
    import requests
    import execjs
    import time
    
    h = 34839810
    data = {
    	  "data": "{\"itemId\":\"\",\"pageSize\":30,\"pageNumber\":1,\"machId\":\"168395_1\"}"
    }
    timestamp = int(time.time()) * 1000
    need_encrypt_str = "a9b974fd6a1d777ca53ee9ac59fab8ed" + "&" + str(timestamp) + "&" + str(h) + "&" + data["data"]
    # need_encrypt_str = 'a9b974fd6a1d777ca53ee9ac59fab8ed&1732339751920&34839810&{"itemId":"","pageSize":30,' \
    #                    '"pageNumber":1,"machId":"165362_1"}'
    # print(need_encrypt_str)
    file = open("test.js", mode='r')
    exec_js = file.read()
    exec_code = execjs.compile(exec_js)
    res = exec_code.call("i", need_encrypt_str)
    # print(res)
    
    url = "https://h5api.m.goofish.com/h5/mtop.taobao.idlehome.home.webpc.feed/1.0/"
    params = {"jsv": "2.7.2", "appKey": "34839810", "t": str(timestamp), "v": "1.0", "type": "originaljson",
    		  "accountSite": "xianyu", "dataType": "json", "timeout": "20000",
    		  "api": "mtop.taobao.idlehome.home.webpc.feed", "sessionOption": "AutoLoginOnly", "spm_cnt": "a21ybx.home.0.0",
    		  "sign": res}
    headers = {
    	  "Accept": "application/json",
    	  "Accept-Encoding": "gzip, deflate, br",
    	  "Accept-Language": "zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6",
    	  "Content-Length": "109",
    	  "Content-Type": "application/x-www-form-urlencoded",
    	  "Origin": "https://www.goofish.com",
    	  "Referer": "https://www.goofish.com/",
    	  'Sec-Ch-Ua': '"Chromium";v="122", "Not(A:Brand";v="24", "Microsoft Edge";v="122"',
    	  "Sec-Ch-Ua-Mobile": "?0",
    	  'Sec-Ch-Ua-Platform': '"Windows"',
    	  "Sec-Fetch-Dest": "empty",
    	  "Sec-Fetch-Mode": "cors",
    	  "Sec-Fetch-Site": "same-site",
    	  "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0"
    }
    cookies = {
    	  "Cookie": "xxxxxxxxx"
    }
    resp = requests.post(url, data=data, headers=headers, params=params, cookies=cookies)
    print(resp.text)
    
    运行结果如下。
    image
    结束!

标签:function,逆向,加密,js,Sec,str,var,return,data
From: https://www.cnblogs.com/sbhglqy/p/18564445

相关文章

  • Vue.js 性能优化指南:掌握 keep-alive 的使用技巧
    前言在现代前端开发中,性能优化和用户体验一直是开发者关注的重点。对于使用Vue.js构建的单页应用(SPA)来说,频繁的组件切换可能带来性能问题和状态丢失等挑战。Vue提供的keep-alive组件为这一问题提供了优雅的解决方案。本文将深入探讨keep-alive的作用及其使用方法,帮......
  • JS中使用new Array()与使用Array.from()方式创建二维数组的性能比较
    比较1,单次创建小额数组:1.通过newArray()方式functiont(){console.time();newArray(100).fill().map(()=>newArray(10));console.timeEnd();} 执行5次耗时:0.078125ms0.050048828125ms0.0380859375ms0.031005859375ms0.093017578125ms2.......
  • Node.js 中 TypeError [ERR_IMPORT_ASSERTION_TYPE_MISSING]
    使用导入断言解决错误“TypeError[ERR_IMPORT_ASSERTION_TYPE_MISSING]:Moduleneedsanimportassertionoftypejson”,例如importmyJsonfrom'./example.json'assert{type:'json'}。此语法指示模块是JSON并且不被执行。这是发生该错误的示例//⛔️TypeError[ERR......
  • js逆向实战之某数据平台响应数解密逻辑
    声明:本篇文章仅用于知识分享,不得用于其他用途网址:https://www.jinglingshuju.com/articles解密逻辑看触发的数据包。data一看就是加密的,全局搜索interceptors。在最后一处可以明显的看到有解密函数。打断点,刷新界面。跟响应数据中一致,找对地方了。关键代码如下。......
  • Java更新数据库报错:Data truncation: Cannot create a JSON value from a string with
    一、现象在Java中,使用mybatis-plus更新实体类对象到mysql,其中一个字段对应数据库中json数据类型,更新时报错:Datatruncation:CannotcreateaJSONvaluefromastringwithCHARACTERSET'binary'.​‍报错信息:Cause:com.mysql.cj.jdbc.exceptions.MysqlDataTruncation:......
  • 基于SpringBoot+MySQL+SSM+Vue.js的宠物猫售卖管理
    获取见最下方名片获取见最下方名片获取见最下方名片演示视频基于SpringBoot+MySQL+SSM+Vue.js的宠物猫售卖管理技术描述开发工具:Idea/Eclipse数据库:MySQLJar包仓库:Maven前端框架:Vue/ElementUI后端框架:Spring+SpringMVC+Mybatis+SpringBoot文字描述基......
  • 10款超好用的CAD图纸加密软件排行揭秘,2024年企业CAD图纸加密强力推荐
    在现代企业中,CAD图纸作为重要的设计资产,涉及大量的敏感信息。确保这些图纸的安全性是每个企业的首要任务。以下是2024年10款好用的图纸加密软件推荐,帮助企业有效保护其CAD图纸的安全。1.域智盾软件域智盾是一款专为企业用户设计的图纸加密软件,支持多种CAD文件格式的加密。......
  • 【最新原创毕设】基于JSP+SSM的民宿预约平台+79197(免费领源码)可做计算机毕业设计JAVA
    目录摘要1绪论1.1选题背景与意义1.2国内外研究现状2系统分析2.1.1技术可行性分析2.1.2 经济可行性分析2.1.3法律可行性分析2.2系统流程分析2.2.1添加信息流程2.2.2修改信息流程2.2.3删除信息流程2.3 系统功能分析2.3.1功能性分析2.3......
  • jspm基于Java web的在线餐饮管理系统的设计和实现(11862)
     有需要的同学,源代码和配套文档领取,加文章最下方的名片哦一、项目演示项目演示视频二、资料介绍完整源代码(前后端源代码+SQL脚本)配套文档(LW+PPT+开题报告)远程调试控屏包运行三、技术介绍Java语言SSM框架SpringBoot框架Vue框架JSP页面Mysql数据库IDEA/Eclipse开发......
  • Vue.js 投票排行榜:从零到完整实现详细教程” “新手友好:使用 Vue.js 构建一个实时投票
    效果图博客教程:使用Vue.js实现投票排行榜页面(详细步骤)在本篇博客教程中,我们将逐步带你实现一个投票排行榜页面,使用的是Vue.js框架。此项目适合前端开发新手,可以帮助你更好地理解Vue的基本功能和组件开发。目录项目介绍搭建项目基础结构实现榜单前3名展示实现倒计时功......