{
"a1": "1.2", # 加密版本
"a2": new Date().valueOf() - serverTimeDiff, # 加密过程中用到的时间戳. 这次服主变坏了, 时间戳需要减去一个 serverTimeDiff(见a3) !
"a3": "这是把xxx信息加密后提交给服务器, 服主校验成功后返回的一个dfpId", # dfpId. 服务器返回的dfpId数据包里, 有一个serverTimestamp字段. serverTimeDiff = serverTimestamp - Date.now()
"a4": "一个长48位的加密结果", # a5, a2以及一小段jsvmp运行后, 输出a4
"a5": "一个长320位的加密结果", # a2, a6, 以及下面的Ln, 计算后输出a5
"a6": "w1.2xxxxx这一段长512xxxxxxx", # w1.2 + 客户端环境的加密结果
"a7": wx["getAccountInfoSync"]().miniProgram.appId, # 小程序id
"x0": 3, # 源代码写死
"d1": md5ToHex(j) # a1, a2, a3, a4, a7以及上面加密过程中出现的一些数组, 经过运算后, 输出d1
}
Ln = {
"b1": {appId: "小程序id", envVersion: "release", version: "微信版本号"},
"b2": "一个url",
"b6": "微信的openId", # 这个玩意儿可以考虑置空
"b7": Math.floor(Date.now() / 1e3),
"b8": "17" # 不重要, 1-20给个随机值就行
}
基于某评微信小程序的guard.js文件, 且文件经过简单的ast脱混淆.
下面展示一些 内联代码片。
Ne = {
DFP: ["app", "dfpid", "filetime", "fpv", "localid", "system", "timestamp", "ext", "sessionId"],
system: ["accelerometer", "albumAuthorized", "BatteryInfo", "batteryLevel", "Beacons", "benchmarkLevel", "bluetoothEnabled", "brand", "brightness", "cameraAuthorized", "compass", "deviceOrientation", "devicePixelRatio", "enableDebug", "errMsg", "fontSizeSetting", "language", "LaunchOptionsSync", "locationAuthorized", "locationEnabled", "locationReducedAccuracy", "microphoneAuthorized", "model", "networkType", "notificationAlertAuthorized", "notificationAuthorized", "notificationBadgeAuthorized", "notificationSoundAuthorized", "pixelRatio", "platform", "safeArea", "screenHeight", "screenTop", "screenWidth", "SDKVersion", "statusBarHeight", "system", "version", "wifiEnabled", "WifiInfo", "windowHeight", "windowWidth"],
BatteryInfo: ["errMsg", "isCharging", "level"],
safeArea: ["left", "right", "top", "bottom", "width", "height"],
WifiInfo: ["SSID", "BSSID", "autoJoined", "signalStrength", "justJoined", "secure", "frequency"]
}
环境加密逻辑(a6). 主要是找到收集了哪些环境, 以及环境对应的值.
2472
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
