前言
随手记 1
本文章仅作学习参考使用,不做其他使用。
网站:aHR0cHM6Ly9tcC53ZWl4aW4ucXEuY29tLw==
输入密码,分析抓包信息,如下:
可以初步判断是一个md5的密文数据,
使用全局搜索Search定位到加密位置下断点调试;并得到了已经加密后的密文, 我们如果想知道是怎么加密的,首先要拿到明文数据;
这时我们需要思考,明文密码在哪?它是在哪开始加密的?
我们首先在断点处一个一个值去看,发现n.pwd.substr(0, 16) 是明文密码,f()就是加密方法,那我们直接在断点位置选中f,跟到加密方法“f”里去; 或者在底部控制台输入f,也可以直接跟进去(注意:前提是必须在断点断住的情况下才能使用)
进入加密函数后,在当前位置下断点,并在下图右上角标记处点击(执行下一个函数),这样我们就能得到加密位置是n.exports; 那我们现在就需要找到n.exports的定义位置,看它是不是在一个方法里,最终定位到开始的位置;
在找代码的过程中,发现了如下图标记的位置,出现了“ }({ ” 这种类型的,可以判断这个加密方式是一个webpack类型的。
由于代码太多,我这里没有把代码复制到本地进行处理,所以显示不全。
既然知道了是webpack,那必定会有一个模块加载器,首先就要把模块加载器找到,并扒出来,为后面改写代码使用;如图:
!function(c) {
function e(e) {
for (var t, n, o = e[0], r = e[1], i = e[2], s = 0, a = []; s < o.length; s++)
n = o[s],
Object.prototype.hasOwnProperty.call(d, n) && d[n] && a.push(d[n][0]),
d[n] = 0;
for (t in r)
Object.prototype.hasOwnProperty.call(r, t) && (c[t] = r[t]);
for (l && l(e); a.length; )
a.shift()();
return p.push.apply(p, i || []),
u()
}
function u() {
for (var e, t = 0; t < p.length; t++) {
for (var n = p[t], o = !0, r = 1; r < n.length; r++) {
var i = n[r];
0 !== d[i] && (o = !1)
}
o && (p.splice(t--, 1),
e = s(s.s = n[0]))
}
return e
}
var n = {}
, d = {
"login/loginpage/loginpage": 0
}
, p = [];
function s(e) {
if (n[e])
return n[e].exports;
var t = n[e] = {
i: e,
l: !1,
exports: {}
};
return c[e].call(t.exports, t, t.exports, s),
t.l = !0,
t.exports
}
s.m = c,
s.c = n,
s.d = function(e, t, n) {
s.o(e, t) || Object.defineProperty(e, t, {
enumerable: !0,
get: n
})
}
,
s.r = function(e) {
"undefined" != typeof Symbol && Symbol.toStringTag && Object.defineProperty(e, Symbol.toStringTag, {
value: "Module"
}),
Object.defineProperty(e, "__esModule", {
value: !0
})
}
,
s.t = function(t, e) {
if (1 & e && (t = s(t)),
8 & e)
return t;
if (4 & e && "object" == typeof t && t && t.__esModule)
return t;
var n = Object.create(null);
if (s.r(n),
Object.defineProperty(n, "default", {
enumerable: !0,
value: t
}),
2 & e && "string" != typeof t)
for (var o in t)
s.d(n, o, function(e) {
return t[e]
}
.bind(null, o));
return n
}
,
s.n = function(e) {
var t = e && e.__esModule ? function() {
return e.default
}
: function() {
return e
}
;
return s.d(t, "a", t),
t
}
,
s.o = function(e, t) {
return Object.prototype.hasOwnProperty.call(e, t)
}
,
s.p = "/mpres/zh_CN/htmledition/";
var r = (t = window.webpackJsonp = window.webpackJsonp || []).push.bind(t);
t.push = e;
for (var t = t.slice(), o = 0; o < t.length; o++)
e(t[o]);
var l = r;
}({
然后再找到加密代码,扣取出来(一定要扣全,从方法开始的位置),这里建议把代码全部复制到本地进行处理,比较方便。我这里就没有扣全(没有保存到本地)扣取后的代码如下:
"./src/3rd/md5/md5.js": function(e, t, n) {
"use strict";
n = function(e, t, n) {
function p(e, t) {
var n = (65535 & e) + (65535 & t);
return (e >> 16) + (t >> 16) + (n >> 16) << 16 | 65535 & n
}
function a(e, t, n, o, r, i) {
return p((t = p(p(t, e), p(o, i))) << r | t >>> 32 - r, n)
}
function l(e, t, n, o, r, i, s) {
return a(t & n | ~t & o, e, t, r, i, s)
}
function m(e, t, n, o, r, i, s) {
return a(t & o | n & ~o, e, t, r, i, s)
}
function f(e, t, n, o, r, i, s) {
return a(t ^ n ^ o, e, t, r, i, s)
}
function g(e, t, n, o, r, i, s) {
return a(n ^ (t | ~o), e, t, r, i, s)
}
function s(e, t) {
e[t >> 5] |= 128 << t % 32,
e[14 + (t + 64 >>> 9 << 4)] = t;
for (var n, o, r, d, i = 1732584193, s = -271733879, a = -1732584194, c = 271733878, u = 0; u < e.length; u += 16)
i = l(n = i, o = s, r = a, d = c, e[u], 7, -680876936),
c = l(c, i, s, a, e[u + 1], 12, -389564586),
a = l(a, c, i, s, e[u + 2], 17, 606105819),
s = l(s, a, c, i, e[u + 3], 22, -1044525330),
i = l(i, s, a, c, e[u + 4], 7, -176418897),
c = l(c, i, s, a, e[u + 5], 12, 1200080426),
a = l(a, c, i, s, e[u + 6], 17, -1473231341),
s = l(s, a, c, i, e[u + 7], 22, -45705983),
i = l(i, s, a, c, e[u + 8], 7, 1770035416),
c = l(c, i, s, a, e[u + 9], 12, -1958414417),
a = l(a, c, i, s, e[u + 10], 17, -42063),
s = l(s, a, c, i, e[u + 11], 22, -1990404162),
i = l(i, s, a, c, e[u + 12], 7, 1804603682),
c = l(c, i, s, a, e[u + 13], 12, -40341101),
a = l(a, c, i, s, e[u + 14], 17, -1502002290),
i = m(i, s = l(s, a, c, i, e[u + 15], 22, 1236535329), a, c, e[u + 1], 5, -165796510),
c = m(c, i, s, a, e[u + 6], 9, -1069501632),
a = m(a, c, i, s, e[u + 11], 14, 643717713),
s = m(s, a, c, i, e[u], 20, -373897302),
i = m(i, s, a, c, e[u + 5], 5, -701558691),
c = m(c, i, s, a, e[u + 10], 9, 38016083),
a = m(a, c, i, s, e[u + 15], 14, -660478335),
s = m(s, a, c, i, e[u + 4], 20, -405537848),
i = m(i, s, a, c, e[u + 9], 5, 568446438),
c = m(c, i, s, a, e[u + 14], 9, -1019803690),
a = m(a, c, i, s, e[u + 3], 14, -187363961),
s = m(s, a, c, i, e[u + 8], 20, 1163531501),
i = m(i, s, a, c, e[u + 13], 5, -1444681467),
c = m(c, i, s, a, e[u + 2], 9, -51403784),
a = m(a, c, i, s, e[u + 7], 14, 1735328473),
i = f(i, s = m(s, a, c, i, e[u + 12], 20, -1926607734), a, c, e[u + 5], 4, -378558),
c = f(c, i, s, a, e[u + 8], 11, -2022574463),
a = f(a, c, i, s, e[u + 11], 16, 1839030562),
s = f(s, a, c, i, e[u + 14], 23, -35309556),
i = f(i, s, a, c, e[u + 1], 4, -1530992060),
c = f(c, i, s, a, e[u + 4], 11, 1272893353),
a = f(a, c, i, s, e[u + 7], 16, -155497632),
s = f(s, a, c, i, e[u + 10], 23, -1094730640),
i = f(i, s, a, c, e[u + 13], 4, 681279174),
c = f(c, i, s, a, e[u], 11, -358537222),
a = f(a, c, i, s, e[u + 3], 16, -722521979),
s = f(s, a, c, i, e[u + 6], 23, 76029189),
i = f(i, s, a, c, e[u + 9], 4, -640364487),
c = f(c, i, s, a, e[u + 12], 11, -421815835),
a = f(a, c, i, s, e[u + 15], 16, 530742520),
i = g(i, s = f(s, a, c, i, e[u + 2], 23, -995338651), a, c, e[u], 6, -198630844),
c = g(c, i, s, a, e[u + 7], 10, 1126891415),
a = g(a, c, i, s, e[u + 14], 15, -1416354905),
s = g(s, a, c, i, e[u + 5], 21, -57434055),
i = g(i, s, a, c, e[u + 12], 6, 1700485571),
c = g(c, i, s, a, e[u + 3], 10, -1894986606),
a = g(a, c, i, s, e[u + 10], 15, -1051523),
s = g(s, a, c, i, e[u + 1], 21, -2054922799),
i = g(i, s, a, c, e[u + 8], 6, 1873313359),
c = g(c, i, s, a, e[u + 15], 10, -30611744),
a = g(a, c, i, s, e[u + 6], 15, -1560198380),
s = g(s, a, c, i, e[u + 13], 21, 1309151649),
i = g(i, s, a, c, e[u + 4], 6, -145523070),
c = g(c, i, s, a, e[u + 11], 10, -1120210379),
a = g(a, c, i, s, e[u + 2], 15, 718787259),
s = g(s, a, c, i, e[u + 9], 21, -343485551),
i = p(i, n),
s = p(s, o),
a = p(a, r),
c = p(c, d);
return [i, s, a, c]
}
function c(e) {
for (var t = "", n = 0; n < 32 * e.length; n += 8)
t += String.fromCharCode(e[n >> 5] >>> n % 32 & 255);
return t
}
function u(e) {
var t, n = [];
for (n[(e.length >> 2) - 1] = void 0,
t = 0; t < n.length; t += 1)
n[t] = 0;
for (t = 0; t < 8 * e.length; t += 8)
n[t >> 5] |= (255 & e.charCodeAt(t / 8)) << t % 32;
return n
}
function o(e) {
for (var t, n = "0123456789abcdef", o = "", r = 0; r < e.length; r += 1)
t = e.charCodeAt(r),
o += n.charAt(t >>> 4 & 15) + n.charAt(15 & t);
return o
}
function d(e) {
return unescape(encodeURIComponent(e))
}
function r(e) {
return c(s(u(e = d(e)), 8 * e.length))
}
function i(e, t) {
var n, e = d(e), t = d(t), o = u(e), r = [], i = [];
for (r[15] = i[15] = void 0,
16 < o.length && (o = s(o, 8 * e.length)),
n = 0; n < 16; n += 1)
r[n] = 909522486 ^ o[n],
i[n] = 1549556828 ^ o[n];
return e = s(r.concat(u(t)), 512 + 8 * t.length),
c(s(i.concat(e), 640))
}
n.exports = function(e, t, n) {
return t ? n ? i(t, e) : o(i(t, e)) : n ? r(e) : o(r(e))
}
}
.call(t, n, t, e);
void 0 === n || (e.exports = n)
},
使用前需要把加载器先定义变量导出才能使用,再修改下代码,
如图,我们是需要使用function s(e){},在s方法定义结束后直接导出,最后补一个调用方法,再运行代码,可以出结果
第一次扒webpack,如有不对的地方,还请大佬指点一二。
以下是全部代码:
!function(c) {
function e(e) {
for (var t, n, o = e[0], r = e[1], i = e[2], s = 0, a = []; s < o.length; s++)
n = o[s],
Object.prototype.hasOwnProperty.call(d, n) && d[n] && a.push(d[n][0]),
d[n] = 0;
for (t in r)
Object.prototype.hasOwnProperty.call(r, t) && (c[t] = r[t]);
for (l && l(e); a.length; )
a.shift()();
return p.push.apply(p, i || []),
u()
}
function u() {
for (var e, t = 0; t < p.length; t++) {
for (var n = p[t], o = !0, r = 1; r < n.length; r++) {
var i = n[r];
0 !== d[i] && (o = !1)
}
o && (p.splice(t--, 1),
e = s(s.s = n[0]))
}
return e
}
var n = {}
, d = {
"login/loginpage/loginpage": 0
}
, p = [];
function s(e) {
if (n[e])
return n[e].exports;
var t = n[e] = {
i: e,
l: !1,
exports: {}
};
return c[e].call(t.exports, t, t.exports, s),
t.l = !0,
t.exports
}
s.m = c,
s.c = n,
s.d = function(e, t, n) {
s.o(e, t) || Object.defineProperty(e, t, {
enumerable: !0,
get: n
})
},
//先要把加载器导出,我们才能使用
window.jiami = s;
s.r = function(e) {
"undefined" != typeof Symbol && Symbol.toStringTag && Object.defineProperty(e, Symbol.toStringTag, {
value: "Module"
}),
Object.defineProperty(e, "__esModule", {
value: !0
})
}
,
s.t = function(t, e) {
if (1 & e && (t = s(t)),
8 & e)
return t;
if (4 & e && "object" == typeof t && t && t.__esModule)
return t;
var n = Object.create(null);
if (s.r(n),
Object.defineProperty(n, "default", {
enumerable: !0,
value: t
}),
2 & e && "string" != typeof t)
for (var o in t)
s.d(n, o, function(e) {
return t[e]
}
.bind(null, o));
return n
}
,
s.n = function(e) {
var t = e && e.__esModule ? function() {
return e.default
}
: function() {
return e
}
;
return s.d(t, "a", t),
t
}
,
s.o = function(e, t) {
return Object.prototype.hasOwnProperty.call(e, t)
}
,
s.p = "/mpres/zh_CN/htmledition/";
var r = (t = window.webpackJsonp = window.webpackJsonp || []).push.bind(t);
t.push = e;
for (var t = t.slice(), o = 0; o < t.length; o++)
e(t[o]);
var l = r;
}({
"./src/3rd/md5/md5.js": function(e, t, n) {
"use strict";
n = function(e, t, n) {
function p(e, t) {
var n = (65535 & e) + (65535 & t);
return (e >> 16) + (t >> 16) + (n >> 16) << 16 | 65535 & n
}
function a(e, t, n, o, r, i) {
return p((t = p(p(t, e), p(o, i))) << r | t >>> 32 - r, n)
}
function l(e, t, n, o, r, i, s) {
return a(t & n | ~t & o, e, t, r, i, s)
}
function m(e, t, n, o, r, i, s) {
return a(t & o | n & ~o, e, t, r, i, s)
}
function f(e, t, n, o, r, i, s) {
return a(t ^ n ^ o, e, t, r, i, s)
}
function g(e, t, n, o, r, i, s) {
return a(n ^ (t | ~o), e, t, r, i, s)
}
function s(e, t) {
e[t >> 5] |= 128 << t % 32,
e[14 + (t + 64 >>> 9 << 4)] = t;
for (var n, o, r, d, i = 1732584193, s = -271733879, a = -1732584194, c = 271733878, u = 0; u < e.length; u += 16)
i = l(n = i, o = s, r = a, d = c, e[u], 7, -680876936),
c = l(c, i, s, a, e[u + 1], 12, -389564586),
a = l(a, c, i, s, e[u + 2], 17, 606105819),
s = l(s, a, c, i, e[u + 3], 22, -1044525330),
i = l(i, s, a, c, e[u + 4], 7, -176418897),
c = l(c, i, s, a, e[u + 5], 12, 1200080426),
a = l(a, c, i, s, e[u + 6], 17, -1473231341),
s = l(s, a, c, i, e[u + 7], 22, -45705983),
i = l(i, s, a, c, e[u + 8], 7, 1770035416),
c = l(c, i, s, a, e[u + 9], 12, -1958414417),
a = l(a, c, i, s, e[u + 10], 17, -42063),
s = l(s, a, c, i, e[u + 11], 22, -1990404162),
i = l(i, s, a, c, e[u + 12], 7, 1804603682),
c = l(c, i, s, a, e[u + 13], 12, -40341101),
a = l(a, c, i, s, e[u + 14], 17, -1502002290),
i = m(i, s = l(s, a, c, i, e[u + 15], 22, 1236535329), a, c, e[u + 1], 5, -165796510),
c = m(c, i, s, a, e[u + 6], 9, -1069501632),
a = m(a, c, i, s, e[u + 11], 14, 643717713),
s = m(s, a, c, i, e[u], 20, -373897302),
i = m(i, s, a, c, e[u + 5], 5, -701558691),
c = m(c, i, s, a, e[u + 10], 9, 38016083),
a = m(a, c, i, s, e[u + 15], 14, -660478335),
s = m(s, a, c, i, e[u + 4], 20, -405537848),
i = m(i, s, a, c, e[u + 9], 5, 568446438),
c = m(c, i, s, a, e[u + 14], 9, -1019803690),
a = m(a, c, i, s, e[u + 3], 14, -187363961),
s = m(s, a, c, i, e[u + 8], 20, 1163531501),
i = m(i, s, a, c, e[u + 13], 5, -1444681467),
c = m(c, i, s, a, e[u + 2], 9, -51403784),
a = m(a, c, i, s, e[u + 7], 14, 1735328473),
i = f(i, s = m(s, a, c, i, e[u + 12], 20, -1926607734), a, c, e[u + 5], 4, -378558),
c = f(c, i, s, a, e[u + 8], 11, -2022574463),
a = f(a, c, i, s, e[u + 11], 16, 1839030562),
s = f(s, a, c, i, e[u + 14], 23, -35309556),
i = f(i, s, a, c, e[u + 1], 4, -1530992060),
c = f(c, i, s, a, e[u + 4], 11, 1272893353),
a = f(a, c, i, s, e[u + 7], 16, -155497632),
s = f(s, a, c, i, e[u + 10], 23, -1094730640),
i = f(i, s, a, c, e[u + 13], 4, 681279174),
c = f(c, i, s, a, e[u], 11, -358537222),
a = f(a, c, i, s, e[u + 3], 16, -722521979),
s = f(s, a, c, i, e[u + 6], 23, 76029189),
i = f(i, s, a, c, e[u + 9], 4, -640364487),
c = f(c, i, s, a, e[u + 12], 11, -421815835),
a = f(a, c, i, s, e[u + 15], 16, 530742520),
i = g(i, s = f(s, a, c, i, e[u + 2], 23, -995338651), a, c, e[u], 6, -198630844),
c = g(c, i, s, a, e[u + 7], 10, 1126891415),
a = g(a, c, i, s, e[u + 14], 15, -1416354905),
s = g(s, a, c, i, e[u + 5], 21, -57434055),
i = g(i, s, a, c, e[u + 12], 6, 1700485571),
c = g(c, i, s, a, e[u + 3], 10, -1894986606),
a = g(a, c, i, s, e[u + 10], 15, -1051523),
s = g(s, a, c, i, e[u + 1], 21, -2054922799),
i = g(i, s, a, c, e[u + 8], 6, 1873313359),
c = g(c, i, s, a, e[u + 15], 10, -30611744),
a = g(a, c, i, s, e[u + 6], 15, -1560198380),
s = g(s, a, c, i, e[u + 13], 21, 1309151649),
i = g(i, s, a, c, e[u + 4], 6, -145523070),
c = g(c, i, s, a, e[u + 11], 10, -1120210379),
a = g(a, c, i, s, e[u + 2], 15, 718787259),
s = g(s, a, c, i, e[u + 9], 21, -343485551),
i = p(i, n),
s = p(s, o),
a = p(a, r),
c = p(c, d);
return [i, s, a, c]
}
function c(e) {
for (var t = "", n = 0; n < 32 * e.length; n += 8)
t += String.fromCharCode(e[n >> 5] >>> n % 32 & 255);
return t
}
function u(e) {
var t, n = [];
for (n[(e.length >> 2) - 1] = void 0,
t = 0; t < n.length; t += 1)
n[t] = 0;
for (t = 0; t < 8 * e.length; t += 8)
n[t >> 5] |= (255 & e.charCodeAt(t / 8)) << t % 32;
return n
}
function o(e) {
for (var t, n = "0123456789abcdef", o = "", r = 0; r < e.length; r += 1)
t = e.charCodeAt(r),
o += n.charAt(t >>> 4 & 15) + n.charAt(15 & t);
return o
}
function d(e) {
return unescape(encodeURIComponent(e))
}
function r(e) {
return c(s(u(e = d(e)), 8 * e.length))
}
function i(e, t) {
var n, e = d(e), t = d(t), o = u(e), r = [], i = [];
for (r[15] = i[15] = void 0,
16 < o.length && (o = s(o, 8 * e.length)),
n = 0; n < 16; n += 1)
r[n] = 909522486 ^ o[n],
i[n] = 1549556828 ^ o[n];
return e = s(r.concat(u(t)), 512 + 8 * t.length),
c(s(i.concat(e), 640))
}
n.exports = function(e, t, n) {
return t ? n ? i(t, e) : o(i(t, e)) : n ? r(e) : o(r(e))
}
}
.call(t, n, t, e);
void 0 === n || (e.exports = n)
},
});
function get_pwd(_md5){
var _md5 = new window.jiami("./src/3rd/md5/md5.js");
return _md5
};
总结
2000多行的源代码,扒完后修改成200多行,应该是有问题的吧。希望大佬们能给出宝贵的意见和建议,感谢