一,看变化值,动态sign值//
二,跟栈找到生成位置,是页数加时间戳进行加密-----而且看起来像md5,应该是加盐了
三,进栈,看看怎么加密--标准的wasm
四,wasm传入流程一般都是通过指针,方式下载文件----加载文件-----创建内存--初始化设置---加载完成,其中初始化特征有env,module
五,看传入的参数,,其中len0是长度
设置内存长度
六,进入方法--进去发现是汇编的代码-----WAT
七,改写原理
八,跟栈-call传入了三个参数,利用wasm也要获取值的方法getUint8Memory0().subarray(ptr, ptr + len),获取值
九,对应明文的字节集,看返回值
发现并没有返回值,继续往下跟栈
返回值还是一样,继续跟进call里面看看
十,一直跟下去,发现先对window做了设置,然后又md5
解一下看看
得到盐,进行验证
结果一致,搞定
下面是python代码
import time
import execjs
import requests
from datetime import datetime
# 获取当前时间戳(以毫秒为单位),并将最后三位设为0
i =1
z =0
for i in range(1,6):
x = 0
with open('20.js', encoding='utf-8') as f:
js = f.read()
jscode = execjs.compile(js)
sign = jscode.call('MD5_Encrypt',i)
timestamp_milliseconds = int(time.time() * 1000)
timestamp_milliseconds -= timestamp_milliseconds % 1000
headers = {
"authority": "match.yuanrenxue.cn",
"accept": "application/json, text/javascript, */*; q=0.01",
"accept-language": "zh-CN,zh;q=0.9",
"cache-control": "no-cache",
"pragma": "no-cache",
"referer": "https://match.yuanrenxue.cn/match/20",
"sec-ch-ua": "\"Google Chrome\";v=\"119\", \"Chromium\";v=\"119\", \"Not?A_Brand\";v=\"24\"",
"sec-ch-ua-mobile": "?0",
"sec-ch-ua-platform": "\"Windows\"",
"sec-fetch-dest": "empty",
"sec-fetch-mode": "cors",
"sec-fetch-site": "same-origin",
"user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36",
"x-requested-with": "XMLHttpRequest"
}
cookies = {
"Hm_lvt_c99546cf032aaa5a679230de9a95c7db": "1702194275",
"qpfccr": "true",
"no-alert3": "true",
"tk": "8639483119022528324",
"sessionid": "lrl7agnmi4trs20gy9luyu5a787ndd33",
"Hm_lvt_9bcbda9cbf86757998a2339a0437208e": "1702194543",
"Hm_lpvt_9bcbda9cbf86757998a2339a0437208e": "1702194543",
"Hm_lpvt_c99546cf032aaa5a679230de9a95c7db": "1702194568"
}
url = "https://match.yuanrenxue.cn/api/match/20"
params = {
"page": i,
"sign": sign,
"t": timestamp_milliseconds
}
response = requests.get(url, headers=headers, cookies=cookies, params=params).json()
resp = response['data']
for value in resp:
zhi = value['value']
x+=zhi
z +=x
i+=1
print(z)
注意时间取的是最后三位是零