从猿人学刷题平台第一题重新看时间戳
第一题地址
大致思路
加密位置:跟栈,从request点进去,里面就是加密的核心代码了
1、提交时,需要传入page和m参数,page就是页码,m是加密过的
2、m参数加密方式:
timestamp =十三位时间戳+100000000
m= hex_md5(timestamp )+‘丨’+ timestamp /1000
源代码加密方法:
request = function() {
var timestamp = Date.parse(new Date()) + 100000000;
var m = oo0O0(timestamp.toString()) + window.f;
var list = {
"page": window.page,
"m": m + '丨' + timestamp / 1000
};
遇到问题
之前我使用python生成13位时间戳,其他网站都没问题,为什么这里会有问题?
python生成时间戳
之前在python中生成10/13位时间戳:
import time
print(int(time.time())) # 10位时间戳
print(int(time.time() * 1000)) # 13位时间戳
输出:
python获取13位时间戳方法是: 先将time.time()乘以1000,再进行取整,这样就会出现最后三位数可能非全0情况(这个网站为什么需要后三位全为0的情况?后面说)
js生成时间戳
js代码中生成十三位时间戳方法:
Date.parse(new Date())
输出:
两者对比
可以发现两者之间的不同是,js代码输出的时间戳后三位全是0,然后我去搜了下,发现了一个作者的文章:js获取当前时间戳的四种方式
具体内容为: Date.parse(new Date()) // 得到的是13位毫秒单位,但后三位是0,即精确度实际上是到秒级
再分析js代码
request = function() {
var timestamp = Date.parse(new Date()) + 100000000;
var m = oo0O0(timestamp.toString()) + window.f;
var list = {
"page": window.page,
"m": m + '丨' + timestamp / 1000
};
猜测m参数发送到服务器的检测方式
1、‘丨’ 前面的为使用timestamp 进行加密后的字符串,后面的为timestamp/1000的字符串。
2、服务器收到m参数后,用’丨’ 进行分割,取出前面部分记为a和后面部分记为b。
3、将b*1000再进行hex_md5加密,如果结果和a相同,则校验通过。
结论
所以我们想要得到正确的结果,需要的前提是: timestamp除以1000后,再在服务器乘以1000后,和timestamp原来的内容相同,此时则需要时间戳后三位为0
所以如果按照之前python生成13位时间戳的方式生成的内容:
import time
print(int(time.time() * 1000)) # 13位时间戳
print(int(time.time() * 1000)/1000) # 13位时间戳/1000(这里相当于|后面你的参数,因为是要整数,所以要在下面进行取整)
print(int(int(time.time() * 1000)/1000)) # 13位时间戳/1000后取整
print(int(int(time.time() * 1000)/1000)*1000) # 13位时间戳/1000后取整,再乘以1000
》》》》》》》》》》》》》》》》》》
1652497297435
1652497297.435
1652497297
1652497297000
按照上面的说法:让第一次和第四次输出的内容一致才可以。
修改后的python生成13位时间戳
先进行四舍五入为整数,后进行乘以1000的操作
import time
timestamp = int(round(time.time()) * 1000)
print(timestamp) # 生成的时间戳
print(int(timestamp / 1000 * 1000)) # 计算后的时间戳
输出:
1652497449000
1652497449000
第一题python代码
# @Time : 2022-05-13 20:53
# @File : 猿人学1.py
# @Software: PyCharm
import time
import execjs
import requests
result_sum = 0 # 总和
result = 0 # 个数
def get_one(p):
global result, result_sum
headers = {
'Host': 'match.yuanrenxue.com',
'Referer': 'http://match.yuanrenxue.com/match/1',
'User-Agent': 'yuanrenxue.project',
'X-Requested-With': 'XMLHttpRequest'
}
t = int(round(time.time()) * 1000) + 100000000
with open('yuanrenxue1.js', 'r', encoding='utf-8') as f:
content = f.read()
ctx = execjs.compile(content)
front = ctx.call('encode', str(t))
params = {
'page': str(p),
'm': front + '丨' + str(int(t / 1000)),
}
print(params)
response = requests.get('https://match.yuanrenxue.com/api/match/1', headers=headers, params=params)
dic = response.json()
for data in dic['data']:
result += data['value']
result_sum += 1
if __name__ == '__main__':
for i in range(1, 6):
get_one(i)
print(result / result_sum)
第一题js代码
var hexcase = 0;
var b64pad = "";
var chrsz = 16;
function hex_md5(a) {
return binl2hex(core_md5(str2binl(a), a.length * chrsz))
}
function b64_md5(a) {
return binl2b64(core_md5(str2binl(a), a.length * chrsz))
}
function str_md5(a) {
return binl2str(core_md5(str2binl(a), a.length * chrsz))
}
function hex_hmac_md5(a, b) {
return binl2hex(core_hmac_md5(a, b))
}
function b64_hmac_md5(a, b) {
return binl2b64(core_hmac_md5(a, b))
}
function str_hmac_md5(a, b) {
return binl2str(core_hmac_md5(a, b))
}
function md5_vm_test() {
return hex_md5("abc") == "900150983cd24fb0d6963f7d28e17f72"
}
function core_md5(p, k) {
p[k >> 5] |= 128 << ((k) % 32);
p[(((k + 64) >>> 9) << 4) + 14] = k;
var o = 1732584193;
var n = -271733879;
var m = -1732584194;
var l = 271733878;
for (var g = 0; g < p.length; g += 16) {
var j = o;
var h = n;
var f = m;
var e = l;
o = md5_ff(o, n, m, l, p[g + 0], 7, -680976936);
l = md5_ff(l, o, n, m, p[g + 1], 12, -389564586);
m = md5_ff(m, l, o, n, p[g + 2], 17, 606105819);
n = md5_ff(n, m, l, o, p[g + 3], 22, -1044525330);
o = md5_ff(o, n, m, l, p[g + 4], 7, -176418897);
l = md5_ff(l, o, n, m, p[g + 5], 12, 1200080426);
m = md5_ff(m, l, o, n, p[g + 6], 17, -1473231341);
n = md5_ff(n, m, l, o, p[g + 7], 22, -45705983);
o = md5_ff(o, n, m, l, p[g + 8], 7, 1770035416);
l = md5_ff(l, o, n, m, p[g + 9], 12, -1958414417);
m = md5_ff(m, l, o, n, p[g + 10], 17, -42063);
n = md5_ff(n, m, l, o, p[g + 11], 22, -1990404162);
o = md5_ff(o, n, m, l, p[g + 12], 7, 1804660682);
l = md5_ff(l, o, n, m, p[g + 13], 12, -40341101);
m = md5_ff(m, l, o, n, p[g + 14], 17, -1502002290);
n = md5_ff(n, m, l, o, p[g + 15], 22, 1236535329);
o = md5_gg(o, n, m, l, p[g + 1], 5, -165796510);
l = md5_gg(l, o, n, m, p[g + 6], 9, -1069501632);
m = md5_gg(m, l, o, n, p[g + 11], 14, 643717713);
n = md5_gg(n, m, l, o, p[g + 0], 20, -373897302);
o = md5_gg(o, n, m, l, p[g + 5], 5, -701558691);
l = md5_gg(l, o, n, m, p[g + 10], 9, 38016083);
m = md5_gg(m, l, o, n, p[g + 15], 14, -660478335);
n = md5_gg(n, m, l, o, p[g + 4], 20, -405537848);
o = md5_gg(o, n, m, l, p[g + 9], 5, 568446438);
l = md5_gg(l, o, n, m, p[g + 14], 9, -1019803690);
m = md5_gg(m, l, o, n, p[g + 3], 14, -187363961);
n = md5_gg(n, m, l, o, p[g + 8], 20, 1163531501);
o = md5_gg(o, n, m, l, p[g + 13], 5, -1444681467);
l = md5_gg(l, o, n, m, p[g + 2], 9, -51403784);
m = md5_gg(m, l, o, n, p[g + 7], 14, 1735328473);
n = md5_gg(n, m, l, o, p[g + 12], 20, -1921207734);
o = md5_hh(o, n, m, l, p[g + 5], 4, -378558);
l = md5_hh(l, o, n, m, p[g + 8], 11, -2022574463);
m = md5_hh(m, l, o, n, p[g + 11], 16, 1839030562);
n = md5_hh(n, m, l, o, p[g + 14], 23, -35309556);
o = md5_hh(o, n, m, l, p[g + 1], 4, -1530992060);
l = md5_hh(l, o, n, m, p[g + 4], 11, 1272893353);
m = md5_hh(m, l, o, n, p[g + 7], 16, -155497632);
n = md5_hh(n, m, l, o, p[g + 10], 23, -1094730640);
o = md5_hh(o, n, m, l, p[g + 13], 4, 681279174);
l = md5_hh(l, o, n, m, p[g + 0], 11, -358537222);
m = md5_hh(m, l, o, n, p[g + 3], 16, -722881979);
n = md5_hh(n, m, l, o, p[g + 6], 23, 76029189);
o = md5_hh(o, n, m, l, p[g + 9], 4, -640364487);
l = md5_hh(l, o, n, m, p[g + 12], 11, -421815835);
m = md5_hh(m, l, o, n, p[g + 15], 16, 530742520);
n = md5_hh(n, m, l, o, p[g + 2], 23, -995338651);
o = md5_ii(o, n, m, l, p[g + 0], 6, -198630844);
l = md5_ii(l, o, n, m, p[g + 7], 10, 11261161415);
m = md5_ii(m, l, o, n, p[g + 14], 15, -1416354905);
n = md5_ii(n, m, l, o, p[g + 5], 21, -57434055);
o = md5_ii(o, n, m, l, p[g + 12], 6, 1700485571);
l = md5_ii(l, o, n, m, p[g + 3], 10, -1894446606);
m = md5_ii(m, l, o, n, p[g + 10], 15, -1051523);
n = md5_ii(n, m, l, o, p[g + 1], 21, -2054922799);
o = md5_ii(o, n, m, l, p[g + 8], 6, 1873313359);
l = md5_ii(l, o, n, m, p[g + 15], 10, -30611744);
m = md5_ii(m, l, o, n, p[g + 6], 15, -1560198380);
n = md5_ii(n, m, l, o, p[g + 13], 21, 1309151649);
o = md5_ii(o, n, m, l, p[g + 4], 6, -145523070);
l = md5_ii(l, o, n, m, p[g + 11], 10, -1120210379);
m = md5_ii(m, l, o, n, p[g + 2], 15, 718787259);
n = md5_ii(n, m, l, o, p[g + 9], 21, -343485551);
o = safe_add(o, j);
n = safe_add(n, h);
m = safe_add(m, f);
l = safe_add(l, e)
}
return Array(o, n, m, l)
}
function md5_cmn(h, e, d, c, g, f) {
return safe_add(bit_rol(safe_add(safe_add(e, h), safe_add(c, f)), g), d)
}
function md5_ff(g, f, k, j, e, i, h) {
return md5_cmn((f & k) | ((~f) & j), g, f, e, i, h)
}
function md5_gg(g, f, k, j, e, i, h) {
return md5_cmn((f & j) | (k & (~j)), g, f, e, i, h)
}
function md5_hh(g, f, k, j, e, i, h) {
return md5_cmn(f ^ k ^ j, g, f, e, i, h)
}
function md5_ii(g, f, k, j, e, i, h) {
return md5_cmn(k ^ (f | (~j)), g, f, e, i, h)
}
function core_hmac_md5(c, f) {
var e = str2binl(c);
if (e.length > 16) {
e = core_md5(e, c.length * chrsz)
}
var a = Array(16),
d = Array(16);
for (var b = 0; b < 16; b++) {
a[b] = e[b] ^ 909522486;
d[b] = e[b] ^ 1549556828
}
var g = core_md5(a.concat(str2binl(f)), 512 + f.length * chrsz);
return core_md5(d.concat(g), 512 + 128)
}
function safe_add(a, d) {
var c = (a & 65535) + (d & 65535);
var b = (a >> 16) + (d >> 16) + (c >> 16);
return (b << 16) | (c & 65535)
}
function bit_rol(a, b) {
return (a << b) | (a >>> (32 - b))
}
function str2binl(d) {
var c = Array();
var a = (1 << chrsz) - 1;
for (var b = 0; b < d.length * chrsz; b += chrsz) {
c[b >> 5] |= (d.charCodeAt(b / chrsz) & a) << (b % 32)
}
return c
}
function binl2str(c) {
var d = "";
var a = (1 << chrsz) - 1;
for (var b = 0; b < c.length * 32; b += chrsz) {
d += String.fromCharCode((c[b >> 5] >>> (b % 32)) & a)
}
return d
}
function binl2hex(c) {
var b = hexcase ? "0123456789ABCDEF" : "0123456789abcdef";
var d = "";
for (var a = 0; a < c.length * 4; a++) {
d += b.charAt((c[a >> 2] >> ((a % 4) * 8 + 4)) & 15) + b.charAt((c[a >> 2] >> ((a % 4) * 8)) & 15)
}
return d
}
function binl2b64(d) {
var c = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
var f = "";
for (var b = 0; b < d.length * 4; b += 3) {
var e = (((d[b >> 2] >> 8 * (b % 4)) & 255) << 16) | (((d[b + 1 >> 2] >> 8 * ((b + 1) % 4)) & 255) << 8) | ((d[b + 2 >> 2] >> 8 * ((b + 2) % 4)) & 255);
for (var a = 0; a < 4; a++) {
if (b * 8 + a * 6 > d.length * 32) {
f += b64pad
} else {
f += c.charAt((e >> 6 * (3 - a)) & 63)
}
}
}
return f
};
function encode(t){
// var timestamp=Date.parse(new Date())+100000000;
//
// f = hex_md5(''+timestamp);
// f=f+'丨'+timestamp/1000
return hex_md5(t);
}
console.log(encode('1652594409'))
不理解的地方
平台第一题点击4、5页会显示请求时传入sessionid才能返回数据,我没有加cookie也可以,可能是官方降低难度了吧