说明:
本文只针对新手入门了解,高手绕道。
只做技术性研究,请勿用于非法渠道。
目标
https://www.ctyun.cn/h5/auth/
前言
1、首先准备Chrome内核浏览器,我用的360极速版浏览器。
2、打开目标网址,按F12或者网页空白处右键审查元素(有的浏览器叫检查),打开开发者调试工具。
抓包分析
1、惯例全局搜索,password
搜索结果5个JS找一下也很容易找到,我偷懒又去搜索了下loginType,其实POST提交这几个参数一般都在一起,平时逆向搜不到这个搜那个嘛。
可以看到这几个参数都在这里了,当然我也是偷懒搜了好几个,也直接搜索过password看了半天,最终还是选择走捷径。
var t = encodeURIComponent(c["c"].Des.encrypt(this.form.email, this.form.pwd))
, e = {
id: this.form.email,
loginType: "password",
password: t, //password=t
loginCode: this.form.code,
loginFree: this.states.longstay
};
return !e.loginCode && delete e.loginCode,
直接打断点:重新跑到这里个位置看看:
encrypt函数传入两个参数,鼠标复选this.form.pwd,可以看到正是我们输入的密码,另外一个是用户名。:
鼠标复选:c[“c”].Des.encrypt(this.form.email, this.form.pwd) 可以看到返回是加密后的内容,可以确定了
2、进入函数体(鼠标复选函数名,提示函数入口点击):
代码直接几万行,这次不能全部复制了(经验),抠代码。
先看调用
c["c"].Des.encrypt()
可以看到encrypt是Des点出来的那么我们先找到Des。
全局搜索:Des 这里注意用的之前提过的技巧,带冒号,等于号 var new 等方式搜索,效率会高一点。
我也是眼瞎,这就在encrypt下面,搜索了半天。
搜索到了看来上层也没有什么就是赋值给c[‘c’].Des。Des等于Y然后Y又登录U。
那么可以开始正式抠代码了。
正式抠代码
首先看U = {}; 主要U前面不是var,是逗号,说明var 声明变量函数不止定义了一个,一次多个。
一般情况下一次声明的函数基本都是需要用到的。如下图,encrypt 一开始就用到了上面定义的W函数。
那么往上翻找到申明地方。从var z = V开始抠,其实如果熟悉的话应该知道这个V又是需要抠的。
但是新手可以一步一步来,先抠var z = V 一直到到 , Y = U;
复制到调试工具,如下图,提示大V没有定义,抓紧去代码里面找。
如果眼神不好,可以在搜索栏中搜索大V 看着提示,网上翻一番就找到了,其实就在上面。实在找不到就在调用V的地方下个断点,复选V根据提示入口跟进去。
好了赶紧把这个V函数赋值到刚才抠的代码上方加载试试。
此时已经不报错了。现在写个调用函数。
好的,报错了,不要着急,看看错误信息,报错自动跳转到错误所在行。
"undefined" === typeof i[r] ? n += "=" : n += B(i[r])
代码看不懂没关系,可以看到这里调用B函数,这个我们刚才没有赋值,去源代码看看,就在V函数下面复制过来测试下。
测试成功,没有报错,全部代码如下:
function B(e) {
return e < 26 ? String.fromCharCode(e + "A".charCodeAt(0)) : e < 52 ? String.fromCharCode(e - 26 + "a".charCodeAt(0)) : e < 62 ? String.fromCharCode(e - 52 + "0".charCodeAt(0)) : 62 === e ? "+" : 63 === e ? "/" : void 0
}
function V(e) {
var t;
for (e = "".concat(e),
t = 0; t < e.length; t++)
if (e.charCodeAt(t) > 255)
return null;
var n = "";
for (t = 0; t < e.length; t += 3) {
var i = [void 0, void 0, void 0, void 0];
i[0] = e.charCodeAt(t) >> 2,
i[1] = (3 & e.charCodeAt(t)) << 4,
e.length > t + 1 && (i[1] |= e.charCodeAt(t + 1) >> 4,
i[2] = (15 & e.charCodeAt(t + 1)) << 2),
e.length > t + 2 && (i[2] |= e.charCodeAt(t + 2) >> 6,
i[3] = 63 & e.charCodeAt(t + 2));
for (var r = 0; r < i.length; r++)
"undefined" === typeof i[r] ? n += "=" : n += B(i[r])
}
return n
}
var z = V
, R = function(e, t, n, i, r, o) {
n && (t = unescape(encodeURIComponent(t)));
var a, s, l, c, u, d, h, f, p, m, v, g, b, y, _ = new Array(16843776,0,65536,16843780,16842756,66564,4,65536,1024,16843776,16843780,1024,16778244,16842756,16777216,4,1028,16778240,16778240,66560,66560,16842752,16842752,16778244,65540,16777220,16777220,65540,0,1028,66564,16777216,65536,16843780,4,16842752,16843776,16777216,16777216,1024,16842756,65536,66560,16777220,1024,4,16778244,66564,16843780,65540,16842752,16778244,16777220,1028,66564,16843776,1028,16778240,16778240,0,65540,66560,0,16842756), x = new Array(-2146402272,-2147450880,32768,1081376,1048576,32,-2146435040,-2147450848,-2147483616,-2146402272,-2146402304,-2147483648,-2147450880,1048576,32,-2146435040,1081344,1048608,-2147450848,0,-2147483648,32768,1081376,-2146435072,1048608,-2147483616,0,1081344,32800,-2146402304,-2146435072,32800,0,1081376,-2146435040,1048576,-2147450848,-2146435072,-2146402304,32768,-2146435072,-2147450880,32,-2146402272,1081376,32,32768,-2147483648,32800,-2146402304,1048576,-2147483616,1048608,-2147450848,-2147483616,1048608,1081344,0,-2147450880,32800,-2147483648,-2146435040,-2146402272,1081344), w = new Array(520,134349312,0,134348808,134218240,0,131592,134218240,131080,134217736,134217736,131072,134349320,131080,134348800,520,134217728,8,134349312,512,131584,134348800,134348808,131592,134218248,131584,131072,134218248,8,134349320,512,134217728,134349312,134217728,131080,520,131072,134349312,134218240,0,512,131080,134349320,134218240,134217736,512,0,134348808,134218248,131072,134217728,134349320,8,131592,131584,134217736,134348800,134218248,520,134348800,131592,8,134348808,131584), C = new Array(8396801,8321,8321,128,8396928,8388737,8388609,8193,0,8396800,8396800,8396929,129,0,8388736,8388609,1,8192,8388608,8396801,128,8388608,8193,8320,8388737,1,8320,8388736,8192,8396928,8396929,129,8388736,8388609,8396800,8396929,129,0,0,8396800,8320,8388736,8388737,1,8396801,8321,8321,128,8396929,129,1,8192,8388609,8193,8396928,8388737,8193,8320,8388608,8396801,128,8388608,8192,8396928), k = new Array(256,34078976,34078720,1107296512,524288,256,1073741824,34078720,1074266368,524288,33554688,1074266368,1107296512,1107820544,524544,1073741824,33554432,1074266112,1074266112,0,1073742080,1107820800,1107820800,33554688,1107820544,1073742080,0,1107296256,34078976,33554432,1107296256,524544,524288,1107296512,256,33554432,1073741824,34078720,1107296512,1074266368,33554688,1073741824,1107820544,34078976,1074266368,256,33554432,1107820544,1107820800,524544,1107296256,1107820800,34078720,0,1074266112,1107296256,524544,33554688,1073742080,524288,0,1074266112,34078976,1073742080), S = new Array(536870928,541065216,16384,541081616,541065216,16,541081616,4194304,536887296,4210704,4194304,536870928,4194320,536887296,536870912,16400,0,4194320,536887312,16384,4210688,536887312,16,541065232,541065232,0,4210704,541081600,16400,4210688,541081600,536870912,536887296,16,541065232,4210688,541081616,4194304,16400,536870928,4194304,536887296,536870912,16400,536870928,541081616,4210688,541065216,4210704,541081600,0,541065232,16,16384,541065216,4210704,16384,4194320,536887312,0,541081600,536870912,4194320,536887312), O = new Array(2097152,69206018,67110914,0,2048,67110914,2099202,69208064,69208066,2097152,0,67108866,2,67108864,69206018,2050,67110912,2099202,2097154,67110912,67108866,69206016,69208064,2097154,69206016,2048,2050,69208066,2099200,2,67108864,2099200,67108864,2099200,2097152,67110914,67110914,69206018,69206018,2,2097154,67108864,67110912,2097152,69208064,2050,2099202,69208064,2050,67108866,69208066,69206016,2099200,0,2,69208066,0,2099202,69206016,2048,67108866,67110912,2048,2097154), E = new Array(268439616,4096,262144,268701760,268435456,268439616,64,268435456,262208,268697600,268701760,266240,268701696,266304,4096,64,268697600,268435520,268439552,4160,266240,262208,268697664,268701696,4160,0,0,268697664,268435520,268439552,266304,262144,266304,262144,268701696,4096,64,268697664,4096,266304,268439552,64,268435520,268697600,268697664,268435456,262144,268439616,0,268701760,262208,268435520,268697600,268439552,268439616,0,268701760,266240,266240,4160,4160,262208,268435456,268701696), D = H(e), $ = 0, T = t.length, P = 0, M = 32 == D.length ? 3 : 9;
f = 3 == M ? n ? new Array(0,32,2) : new Array(30,-2,-2) : n ? new Array(0,32,2,62,30,-2,64,96,2) : new Array(94,62,-2,32,64,2,30,-2,-2),
2 == o ? t += " " : 1 == o ? n && (l = 8 - T % 8,
t += String.fromCharCode(l, l, l, l, l, l, l, l),
8 === l && (T += 8)) : o || (t += "\0\0\0\0\0\0\0\0");
var N = ""
, I = "";
1 == i && (p = r.charCodeAt($++) << 24 | r.charCodeAt($++) << 16 | r.charCodeAt($++) << 8 | r.charCodeAt($++),
v = r.charCodeAt($++) << 24 | r.charCodeAt($++) << 16 | r.charCodeAt($++) << 8 | r.charCodeAt($++),
$ = 0);
while ($ < T) {
for (d = t.charCodeAt($++) << 24 | t.charCodeAt($++) << 16 | t.charCodeAt($++) << 8 | t.charCodeAt($++),
h = t.charCodeAt($++) << 24 | t.charCodeAt($++) << 16 | t.charCodeAt($++) << 8 | t.charCodeAt($++),
1 == i && (n ? (d ^= p,
h ^= v) : (m = p,
g = v,
p = d,
v = h)),
l = 252645135 & (d >>> 4 ^ h),
h ^= l,
d ^= l << 4,
l = 65535 & (d >>> 16 ^ h),
h ^= l,
d ^= l << 16,
l = 858993459 & (h >>> 2 ^ d),
d ^= l,
h ^= l << 2,
l = 16711935 & (h >>> 8 ^ d),
d ^= l,
h ^= l << 8,
l = 1431655765 & (d >>> 1 ^ h),
h ^= l,
d ^= l << 1,
d = d << 1 | d >>> 31,
h = h << 1 | h >>> 31,
s = 0; s < M; s += 3) {
for (b = f[s + 1],
y = f[s + 2],
a = f[s]; a != b; a += y)
c = h ^ D[a],
u = (h >>> 4 | h << 28) ^ D[a + 1],
l = d,
d = h,
h = l ^ (x[c >>> 24 & 63] | C[c >>> 16 & 63] | S[c >>> 8 & 63] | E[63 & c] | _[u >>> 24 & 63] | w[u >>> 16 & 63] | k[u >>> 8 & 63] | O[63 & u]);
l = d,
d = h,
h = l
}
d = d >>> 1 | d << 31,
h = h >>> 1 | h << 31,
l = 1431655765 & (d >>> 1 ^ h),
h ^= l,
d ^= l << 1,
l = 16711935 & (h >>> 8 ^ d),
d ^= l,
h ^= l << 8,
l = 858993459 & (h >>> 2 ^ d),
d ^= l,
h ^= l << 2,
l = 65535 & (d >>> 16 ^ h),
h ^= l,
d ^= l << 16,
l = 252645135 & (d >>> 4 ^ h),
h ^= l,
d ^= l << 4,
1 == i && (n ? (p = d,
v = h) : (d ^= m,
h ^= g)),
I += String.fromCharCode(d >>> 24, d >>> 16 & 255, d >>> 8 & 255, 255 & d, h >>> 24, h >>> 16 & 255, h >>> 8 & 255, 255 & h),
P += 8,
512 == P && (N += I,
I = "",
P = 0)
}
if (N += I,
!n) {
if (1 === o) {
var j = N.length
, A = 0;
j && (A = N.charCodeAt(j - 1)),
A <= 8 && (N = N.substring(0, j - A))
}
N = decodeURIComponent(escape(N))
}
return N
}
, H = function(e) {
for (var t, n, i, r = new Array(0,4,536870912,536870916,65536,65540,536936448,536936452,512,516,536871424,536871428,66048,66052,536936960,536936964), o = new Array(0,1,1048576,1048577,67108864,67108865,68157440,68157441,256,257,1048832,1048833,67109120,67109121,68157696,68157697), a = new Array(0,8,2048,2056,16777216,16777224,16779264,16779272,0,8,2048,2056,16777216,16777224,16779264,16779272), s = new Array(0,2097152,134217728,136314880,8192,2105344,134225920,136323072,131072,2228224,134348800,136445952,139264,2236416,134356992,136454144), l = new Array(0,262144,16,262160,0,262144,16,262160,4096,266240,4112,266256,4096,266240,4112,266256), c = new Array(0,1024,32,1056,0,1024,32,1056,33554432,33555456,33554464,33555488,33554432,33555456,33554464,33555488), u = new Array(0,268435456,524288,268959744,2,268435458,524290,268959746,0,268435456,524288,268959744,2,268435458,524290,268959746), d = new Array(0,65536,2048,67584,536870912,536936448,536872960,536938496,131072,196608,133120,198656,537001984,537067520,537004032,537069568), h = new Array(0,262144,0,262144,2,262146,2,262146,33554432,33816576,33554432,33816576,33554434,33816578,33554434,33816578), f = new Array(0,268435456,8,268435464,0,268435456,8,268435464,1024,268436480,1032,268436488,1024,268436480,1032,268436488), p = new Array(0,32,0,32,1048576,1048608,1048576,1048608,8192,8224,8192,8224,1056768,1056800,1056768,1056800), m = new Array(0,16777216,512,16777728,2097152,18874368,2097664,18874880,67108864,83886080,67109376,83886592,69206016,85983232,69206528,85983744), v = new Array(0,4096,134217728,134221824,524288,528384,134742016,134746112,16,4112,134217744,134221840,524304,528400,134742032,134746128), g = new Array(0,4,256,260,0,4,256,260,1,5,257,261,1,5,257,261), b = e.length > 8 ? 3 : 1, y = new Array(32 * b), _ = new Array(0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0), x = 0, w = 0, C = 0; C < b; C++) {
var k = e.charCodeAt(x++) << 24 | e.charCodeAt(x++) << 16 | e.charCodeAt(x++) << 8 | e.charCodeAt(x++)
, S = e.charCodeAt(x++) << 24 | e.charCodeAt(x++) << 16 | e.charCodeAt(x++) << 8 | e.charCodeAt(x++);
i = 252645135 & (k >>> 4 ^ S),
S ^= i,
k ^= i << 4,
i = 65535 & (S >>> -16 ^ k),
k ^= i,
S ^= i << -16,
i = 858993459 & (k >>> 2 ^ S),
S ^= i,
k ^= i << 2,
i = 65535 & (S >>> -16 ^ k),
k ^= i,
S ^= i << -16,
i = 1431655765 & (k >>> 1 ^ S),
S ^= i,
k ^= i << 1,
i = 16711935 & (S >>> 8 ^ k),
k ^= i,
S ^= i << 8,
i = 1431655765 & (k >>> 1 ^ S),
S ^= i,
k ^= i << 1,
i = k << 8 | S >>> 20 & 240,
k = S << 24 | S << 8 & 16711680 | S >>> 8 & 65280 | S >>> 24 & 240,
S = i;
for (var O = 0; O < _.length; O++)
_[O] ? (k = k << 2 | k >>> 26,
S = S << 2 | S >>> 26) : (k = k << 1 | k >>> 27,
S = S << 1 | S >>> 27),
k &= -15,
S &= -15,
t = r[k >>> 28] | o[k >>> 24 & 15] | a[k >>> 20 & 15] | s[k >>> 16 & 15] | l[k >>> 12 & 15] | c[k >>> 8 & 15] | u[k >>> 4 & 15],
n = d[S >>> 28] | h[S >>> 24 & 15] | f[S >>> 20 & 15] | p[S >>> 16 & 15] | m[S >>> 12 & 15] | v[S >>> 8 & 15] | g[S >>> 4 & 15],
i = 65535 & (n >>> 16 ^ t),
y[w++] = t ^ i,
y[w++] = n ^ i << 16
}
return y
}
, W = function(e, t, n) {
return {
key: q(e.slice(t, n)),
vector: 1
}
}
, q = function(e) {
for (var t = e.length; t < 24; t++)
e += "0";
return e
}
, U = {
encrypt: function(e, t) {
var n = W(e, 0, 24);
return z(R(n.key, t, 1, 0, 0, 1))
},
decrypt: function(e, t) {
var n = W(e, 0, 24);
return R(n.key, L(t), 0, 0, 0, 1)
}
}
, Y = U;
function test(e,t){
var x = Y.encrypt(e,t);
return x
};