Dou音滑块日志分析

最新推荐文章于 2024-08-03 00:21:57 发布
最新推荐文章于 2024-08-03 00:21:57 发布
阅读量745 收藏 11
点赞数 6
文章标签: 爬虫 算法
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_36780279/article/details/139218403
版权

记得加入我们的学习群:961566389

点击链接加入群聊:[https://h5.qun.qq.com/s/62P0xwrCNO](https://h5.qun.qq.com/s/62P0xwrCNO)

1.插桩-打印日志

image-20240526170308690

获取背景和滑块的图片的接口一看没啥参数需要逆向的

image-20240526170717122

验证的接口body参数需要进行逆向,直接看启动器,找到合适的位置插桩,最终定位到产生body参数的vmp位置:

image-20240526171033626

其次在下面的apply调用的地方都加上日志输出:

image-20240526171140262

直接拖动一下,保留日志到本地进行分析

2.分析日志

这次我是直接从头往后分析,没有逆推,具体情况具体分析。

func:  ƒ (e){var t=n,a=e[t(228)+"h"];s[t(243)+"geLen"+t(204)]+=a,a=[a/4294967296>>>0,a>>>0];for(var f=r.codYh(s["fullM"+t(219)+t(216)+"th"][t(228)+"h"],1);f>=0;--f){s["fullMessag"+t(216)+"th"][f]+=a[1],a[1]=a… 
caleed,two args-> {"algorithm":"sha512","blockLength":128,"digestLength":64,"messageLength":2716,"fullMessageLength":[0,0,0,2716],"messageLengthSize":16,"messageLength128":[0,0,0,2716]} 
["{\"modified_img_width\":340,\"id\":\"e5e6bb223a3eafcfff268cf2b4fdc84475b09731\",\"mode\":\"slide\",\"KSQ\":[{\"x\":0,\"y\":86,\"relative_time\":125},{\"x\":11,\"y\":86,\"relative_time\":160},{\"x\":22,\"y\":86,\"relative_time\":196},{\"x\":31,\"y\":86,\"relative_time\":233},{\"x\":35,\"y\":86,\"relative_time\":271},{\"x\":36,\"y\":86,\"relative_time\":310},{\"x\":37,\"y\":86,\"relative_time\":346},{\"x\":37,\"y\":86,\"relative_time\":384}],\"jg2KgnF\":{\"AJeQfbTvl\":{\"x\":369,\"y\":351,\"time\":1716706984604},\"Ovx9sZrnP\":{\"x\":59,\"y\":327,\"time\":1716707288030},\"tUZ1hw\":[{\"x\":363,\"y\":355,\"time\":1716707287607},{\"x\":192,\"y\":366,\"time\":1716707287643},{\"x\":143,\"y\":369,\"time\":1716707287678},{\"x\":141,\"y\":369,\"time\":1716707287863},{\"x\":127,\"y\":367,\"time\":1716707287900},{\"x\":91,\"y\":355,\"time\":1716707287939},{\"x\":66,\"y\":337,\"time\":1716707287977},{\"x\":59,\"y\":328,\"time\":1716707288015},{\"x\":58,\"y\":326,\"time\":1716707288057},{\"x\":58,\"y\":325,\"time\":1716707288092},{\"x\":57,\"y\":319,\"time\":1716707288138},{\"x\":56,\"y\":314,\"time\":1716707288175},{\"x\":56,\"y\":312,\"time\":1716707288209},{\"x\":56,\"y\":312,\"time\":1716707288399},{\"x\":67,\"y\":312,\"time\":1716707288435},{\"x\":78,\"y\":312,\"time\":1716707288471},{\"x\":87,\"y\":312,\"time\":1716707288507},{\"x\":91,\"y\":312,\"time\":1716707288543},{\"x\":92,\"y\":312,\"time\":1716707288584},{\"x\":93,\"y\":312,\"time\":1716707288620},{\"x\":93,\"y\":312,\"time\":1716707288658}],\"jiLYUQ\":[],\"ugl\":[{\"x\":56,\"y\":312,\"time\":1716707288289,\"t\":0},{\"x\":56,\"y\":312,\"time\":1716707288414,\"t\":0},{\"x\":78,\"y\":312,\"time\":1716707288485,\"t\":0},{\"x\":91,\"y\":312,\"time\":1716707288560,\"t\":0},{\"x\":93,\"y\":312,\"time\":1716707288635,\"t\":0}]},\"env\":{\"canvas_hash\":\"f93ed480ebf91e8b3db9a\\",\"webgl_hash\":\"1f429dbe59a0c1370378ef\",\"font_hash\":\"1ba6bb535aebaf57631321298f5bf6e215d4347f75e15d394f0e3cdcb803ffe445cd942923787a306e3e2d07392e43853b43ad797cb8ab46\",\"audio_hash\":124.047657808103,\"time_offset\":-480,\"time_zone\":\"Asia/Shanghai\",\"languages\":[\"zh-CN\"],\"plugins\":[\"PDF Viewer\",\"Chrome PDF Viewer\",\"Chromium PDF Viewer\",\"Microsoft Edge PDF Viewer\",\"WebKit built-in PDF\"],\"platform\":\"MacIntel\",\"max_touch_points\":0,\"webdriver\":false,\"touch_actions\":[],\"mouse_actions\":[\"1,1\",\"1,1\",\"1,1\",\"1,1\",\"1,1\",\"1,1\",\"1,1\",\"1,1\",\"1,1\",\"1,1\"],\"device\":{\"model\":\"Macintosh\",\"vendor\":\"Apple\"},\"os\":{\"name\":\"Mac OS\",\"version\":\"10.15.7\"},\"browser\":{\"name\":\"Chrome\",\"version\":\"125.0.0.0\"},\"engine\":{\"name\":\"Blink\",\"version\":\"125.0.0.0\"},\"gpu\":{\"vendor\":\"Google Inc. (ATI Technologies Inc.)\",\"renderer\":\"ANGLE (ATI Technologies Inc., AMD Radeon Pro 560X OpenGL Engine, OpenGL 4.1)\"},\"resolution\":\"1680,1050\",\"browser_size\":\"1680,1050\",\"page_size\":\"1680,963\",\"captcha_origin\":\"0,0\",\"captcha_size\":\"380, 384\",\"mask_time\":171669208153662,\"loading_time\":1716692082536,\"ready_time\":1716692083010},\"a\":41}"] 
res-> {"algorithm":"sha512","blockLength":128,"digestLength":64,"messageLength":2716,"fullMessageLength":[0,0,0,2716],"messageLengthSize":16,"messageLength128":[0,0,0,2716]}

定位到js源码处:

image-20240526172251237

是sha512的update函数,传入参数见上日志,包含了轨迹、env信息。

接着:

func:  

ƒ (){var t=n,r=new em;r.putBytes(c.bytes());var a=s["fullM"+t(219)+t(216)+"th"][s[t(245)+"essageLength"].length-1]+s["messa"+t(212)+"gthSize"]&s["block"+t(203)+"h"]-1;r.putBytes(eI.substr(0,s[t(195)+t(… caleed,

two args-> 

{"algorithm":"sha512","blockLength":128,"digestLength":64,"messageLength":2716,"fullMessageLength":[0,0,0,2716],"messageLengthSize":16,"messageLength128":[0,0,0,2716]} 

[] 

res-> 
{"data":"‡žPŽ\n\u001bªò
òvŒ\u001elÇ!nÅ·ˆ\u0005z\u0017ÿ¦Lf¥\u001580—îvÎ\u0019±õÛ\u0005ç@Ä6±\u0007<&Rô­ë=z\u0016|CD(U€\u001d€.","read":0,"_constructedStringLength":64}

定位到js是digest函数,就是将刚才的数据进行digest操作。

接着:

func:  

ƒ (){for(var e=Hg,t="",n=this.read;n<this[e(205)].length;++n){var r=this.data["charC"+e(224)](n);r<16&&(t+="0"),t+=r.toString(16)} return t} caleed,

two args-> 

{"data":"‡žPŽ\n\u001bªò
òvŒ\u001elÇ!nÅ·ˆ\u0005z\u0017ÿ¦Lf¥\u001580—îvÎ\u0019±õÛ\u0005ç@Ä6±\u0007<&Rô­ë=z\u0016|CD(U€\u001d€.","read":0,"_constructedStringLength":64} 

[] 

res-> "879e508e0a1baaf285f2768c1e6cc7216ec5b788057a17ffa64c66a515383097ee76ce19b1f5db05e740c436b1073c2652f4adeb3d7a167c43442855801d802e"

定位到原js是tohex().

接着:

func:  
ƒ Wg(e){for(var t=Jg,n="",r=0;r<e[t(494)+"h"];r++){n+=e[t(481)+t(457)](r)["toStr"+t(458)](16)}return n} caleed,

two args-> 

null 

["{\"modified_img_width\":340,\"id\":\"e5e6bb223a3eafcfff268cf2b4fdc84475b09731\",\"mode\":\"slide\",\"KSQ\":[{\"x\":0,\"y\":86,\"relative_time\":125},{\"x\":11,\"y\":86,\"relative_time\":160},{\"x\":22,\"y\":86,\"relative_time\":196}.....省略一些] 

res-> "7b226d6f6469666965645f696d675f7769647468223a3334302c226964223a2265356536626232323361336561666366666632363863663262346664633834343735623039373331222c226d6f6465223a22736c696465222c224b5351223a5b7b2278223a302c2279223a38362c2272656c61746976655f74696d65223a3132357d2c7b2278223a31312c2279223a38362c2272656c61746976655f74696d65223a3136307......省略一些"

定位到js处是将字符串的charcode转成16进制字符串。

image-20240526173306214

接着:

captcha.js:1 func:  ƒ random() { [native code] } caleed,two args-> {} [] res-> 0.11919045665764205
captcha.js:1 t-> 99 p-> 3 m-> [] b-> [null,null,0,0.11919045665764205,null]
captcha.js:1 t-> 102 p-> 4 m-> [] b-> [null,null,0,0.11919045665764205,["0","1","2","3","4","5","6","7","8","9","A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R","S","T","U","V","W","X","Y","Z","a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z"]]
captcha.js:1 t-> 105 p-> 4 m-> [] b-> [null,null,0,0.11919045665764205,62]
captcha.js:1 t-> 106 p-> 3 m-> [] b-> [null,null,0,7.389808312773807,62]
captcha.js:1 t-> 107 p-> 2 m-> [] b-> [null,null,7,7.389808312773807,62]
captcha.js:1 t-> 110 p-> 1 m-> [] b-> [null,null,7,7.389808312773807,62]
captcha.js:1 t-> 113 p-> 2 m-> [] b-> [null,null,["0","1","2","3","4","5","6","7","8","9","A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R","S","T","U","V","W","X","Y","Z","a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z"],7.389808312773807,62]
captcha.js:1 t-> 116 p-> 3 m-> [] b-> [null,null,["0","1","2","3","4","5","6","7","8","9","A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R","S","T","U","V","W","X","Y","Z","a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z"],7,62]
captcha.js:1 t-> 117 p-> 2 m-> [] b-> [null,null,"7",7,62]
captcha.js:1 t-> 120 p-> 3 m-> [] b-> [null,null,"7",["L","2","t","0","s","e","F","q","O","w","K","d","i","2","g","L","B","o","m","5","U","z","f","V","4","b","3","m","2","4"],62]
captcha.js:1 t-> 123 p-> 4 m-> [] b-> [null,null,"7",["L","2","t","0","s","e","F","q","O","w","K","d","i","2","g","L","B","o","m","5","U","z","f","V","4","b","3","m","2","4"],30]
captcha.js:1 t-> 124 p-> 1 m-> [] b-> [null,null,"7",["L","2","t","0","s","e","F","q","O","w","K","d","i","2","g","L","B","o","m","5","U","z","f","V","4","b","3","m","2","4","7"],30]
captcha.js:1 t-> 127 p-> 3 m-> [] b-> [null,null,[[true],true,["0","1","2","3","4","5","6","7","8","9","A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R","S","T","U","V","W","X","Y","Z","a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z"],["L","2","t","0","s","e","F","q","O","w","K","d","i","2","g","L","B","o","m","5","U","z","f","V","4","b","3","m","2","4","7"],30,7],4,30]
captcha.js:1 t-> 128 p-> 2 m-> [] b-> [null,null,30,4,30]
captcha.js:1 t-> 129 p-> 1 m-> [] b-> [null,null,30,4,30]
captcha.js:1 t-> 79 p-> 1 m-> [] b-> [null,null,30,4,30]
captcha.js:1 t-> 82 p-> 2 m-> [] b-> [null,null,31,4,30]
captcha.js:1 t-> 84 p-> 3 m-> [] b-> [null,null,31,32,30]
captcha.js:1 t-> 85 p-> 2 m-> [] b-> [null,null,true,32,30]
captcha.js:1 t-> 88 p-> 1 m-> [] b-> [null,null,true,32,30]
captcha.js:1 t-> 90 p-> 2 m-> [] b-> [null,null,0,32,30]
captcha.js:1 t-> 93 p-> 3 m-> [] b-> [null,null,0,{},30]
captcha.js:1 t-> 94 p-> 4 m-> [] b-> [null,null,0,{},{}]
captcha.js:1 t-> 97 p-> 4 m-> [] b-> [null,null,0,{},null]
captcha.js:1 func function slice() { [native code] } called,args-> 5 5 res-> []
captcha.js:1 func:  ƒ random() { [native code] } caleed,two args-> {} [] res-> 0.4641664592050647
captcha.js:1 t-> 99 p-> 3 m-> [] b-> [null,null,0,0.4641664592050647,null]
captcha.js:1 t-> 102 p-> 4 m-> [] b-> [null,null,0,0.4641664592050647,["0","1","2","3","4","5","6","7","8","9","A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R","S","T","U","V","W","X","Y","Z","a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z"]]
captcha.js:1 t-> 105 p-> 4 m-> [] b-> [null,null,0,0.4641664592050647,62]
captcha.js:1 t-> 106 p-> 3 m-> [] b-> [null,null,0,28.778320470714014,62]
captcha.js:1 t-> 107 p-> 2 m-> [] b-> [null,null,28,28.778320470714014,62]
captcha.js:1 t-> 110 p-> 1 m-> [] b-> [null,null,28,28.778320470714014,62]
captcha.js:1 t-> 113 p-> 2 m-> [] b-> [null,null,["0","1","2","3","4","5","6","7","8","9","A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R","S","T","U","V","W","X","Y","Z","a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z"],28.778320470714014,62]
captcha.js:1 t-> 116 p-> 3 m-> [] b-> [null,null,["0","1","2","3","4","5","6","7","8","9","A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R","S","T","U","V","W","X","Y","Z","a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z"],28,62]
captcha.js:1 t-> 117 p-> 2 m-> [] b-> [null,null,"S",28,62]
captcha.js:1 t-> 120 p-> 3 m-> [] b-> [null,null,"S",["L","2","t","0","s","e","F","q","O","w","K","d","i","2","g","L","B","o","m","5","U","z","f","V","4","b","3","m","2","4","7"],62]
captcha.js:1 t-> 123 p-> 4 m-> [] b-> [null,null,"S",["L","2","t","0","s","e","F","q","O","w","K","d","i","2","g","L","B","o","m","5","U","z","f","V","4","b","3","m","2","4","7"],31]
captcha.js:1 t-> 124 p-> 1 m-> [] b-> [null,null,"S",["L","2","t","0","s","e","F","q","O","w","K","d","i","2","g","L","B","o","m","5","U","z","f","V","4","b","3","m","2","4","7","S"],31]
captcha.js:1 t-> 127 p-> 3 m-> [] b-> [null,null,[[true],true,["0","1","2","3","4","5","6","7","8","9","A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R","S","T","U","V","W","X","Y","Z","a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z"],["L","2","t","0","s","e","F","q","O","w","K","d","i","2","g","L","B","o","m","5","U","z","f","V","4","b","3","m","2","4","7","S"],31,28],4,31]
captcha.js:1 t-> 128 p-> 2 m-> [] b-> [null,null,31,4,31]
captcha.js:1 t-> 129 p-> 1 m-> [] b-> [null,null,31,4,31]
captcha.js:1 t-> 79 p-> 1 m-> [] b-> [null,null,31,4,31]
captcha.js:1 t-> 82 p-> 2 m-> [] b-> [null,null,32,4,31]
captcha.js:1 t-> 84 p-> 3 m-> [] b-> [null,null,32,32,31]
captcha.js:1 t-> 85 p-> 2 m-> [] b-> [null,null,false,32,31]
captcha.js:1 t-> 132 p-> 1 m-> [] b-> [null,null,false,32,31]
captcha.js:1 t-> 135 p-> 2 m-> [] b-> [null,null,["L","2","t","0","s","e","F","q","O","w","K","d","i","2","g","L","B","o","m","5","U","z","f","V","4","b","3","m","2","4","7","S"],32,31]
captcha.js:1 t-> 136 p-> 3 m-> [] b-> [null,null,["L","2","t","0","s","e","F","q","O","w","K","d","i","2","g","L","B","o","m","5","U","z","f","V","4","b","3","m","2","4","7","S"],["L","2","t","0","s","e","F","q","O","w","K","d","i","2","g","L","B","o","m","5","U","z","f","V","4","b","3","m","2","4","7","S"],31]
captcha.js:1 t-> 139 p-> 3 m-> [] b-> [null,null,["L","2","t","0","s","e","F","q","O","w","K","d","i","2","g","L","B","o","m","5","U","z","f","V","4","b","3","m","2","4","7","S"],null,31]
captcha.js:1 t-> 142 p-> 4 m-> [] b-> [null,null,["L","2","t","0","s","e","F","q","O","w","K","d","i","2","g","L","B","o","m","5","U","z","f","V","4","b","3","m","2","4","7","S"],null,""]
captcha.js:1 func function slice() { [native code] } called,args-> 4 5 res-> [""]
captcha.js:1 func:  ƒ join() { [native code] } caleed,two args-> ["L","2","t","0","s","e","F","q","O","w","K","d","i","2","g","L","B","o","m","5","U","z","f","V","4","b","3","m","2","4","7","S"] [""] res-> "L2t0seFqOwKdi2gLBom5UzfV4b3m247S"
captcha.js:1 t-> 144 p-> 2 m-> [] b-> [null,null,"L2t0seFqOwKdi2gLBom5UzfV4b3m247S",null,""]
captcha.js:1 t-> 147 p-> 4 m-> [] b-> [null,null,"L2t0seFqOwKdi2gLBom5UzfV4b3m247S",[[],"5BXnjhnQRpCcczSq4xKfN5kGCOU1CgQs",null,null,null,null],1]
captcha.js:1 t-> 148 p-> 2 m-> [] b-> [null,null,"L2t0seFqOwKdi2gLBom5UzfV4b3m247S",[[],"L2t0seFqOwKdi2gLBom5UzfV4b3m247S",null,null,null,null],1]
captcha.js:1 t-> 149 p-> 1 m-> [] b-> [null,null,"L2t0seFqOwKdi2gLBom5UzfV4b3m247S",[[],"L2t0seFqOwKdi2gLBom5UzfV4b3m247S",null,null,null,null],1]
captcha.js:1 t-> 152 p-> 2 m-> [] b-> [null,null,"L2t0seFqOwKdi2gLBom5UzfV4b3m247S",[[],"L2t0seFqOwKdi2gLBom5UzfV4b3m247S",null,null,null,null],1]
captcha.js:1 t-> 309 p-> 2 m-> [] b-> [null,null,"L2t0seFqOwKdi2gLBom5UzfV4b3m247S",[[],"L2t0seFqOwKdi2gLBom5UzfV4b3m247S",null,null,null,null],1]

产生32位长度的包含大小写数字的字符串。

接着:

func:  
ƒ (e){var t=n,a=e[t(228)+"h"];s[t(243)+"geLen"+t(204)]+=a,a=[a/4294967296>>>0,a>>>0];for(var f=r.codYh(s["fullM"+t(219)+t(216)+"th"][t(228)+"h"],1);f>=0;--f){s["fullMessag"+t(216)+"th"][f]+=a[1],a[1]=a… 
caleed,

two args-> 

{"algorithm":"sha512","blockLength":128,"digestLength":64,"messageLength":32,"fullMessageLength":[0,0,0,32],"messageLengthSize":16,"messageLength128":[0,0,0,32]} 

["L2t0seFqOwKdi2gLBom5UzfV4b3m247S"] 

res-> {"algorithm":"sha512","blockLength":128,"digestLength":64,"messageLength":32,"fullMessageLength":[0,0,0,32],"messageLengthSize":16,"messageLength128":[0,0,0,32]}

这个也是传入32位字符串sha512进行update。

接着也一样进行digest、tohex 操作,的到:

824b10a5e1bc0d5d96d029fc91890ab86e4fa2bc4f6aa8dd89ddd3b1c7e3122facf061db6deb876fe5f224c5c2f8b31e09bb3c88910eba3deda162b5db0387f6

captcha.js:1 t-> 224 p-> 1 m-> [] b-> ["824b10a5e1bc0d5d96d029fc91890ab86e4fa2bc4f6aa8dd89ddd3b1c7e3122facf061db6deb876fe5f224c5c2f8b31e09bb3c88910eba3deda162b5db0387f6","8f5711634f21ac9aa819d1cd6ba7b114e8e12a328280af677364c20e1489df3b972a53b13a24c7897ce426b40856756cbe754f768462a4e...","L2t0seFqOwKdi2gLBom5UzfV4b3m247S",[[],"L2t0seFqOwKdi2gLBom5UzfV4b3m247S",null,null,null,null],1]
captcha.js:1 t-> 225 p-> 0 m-> [] b-> ["824b10a5e1bc0d5d96d029fc91890ab86e4fa2bc4f6aa8dd89ddd3b1c7e3122facf061db6deb876fe5f224c5c2f8b31e09bb3c88910eba3deda162b5db0387f68f5711634f21ac9aa819d1cd6ba7b114e8e12a328280af677364c20e1489df3b972a53b13a24c7897ce426b40856756cbe754f768462a4eec4be6dcdcbfd86e5","8f5711634f21ac9aa819d1cd6ba7b114e8e12a328280af677364c20e1489df3b972a53b13a24c7897ce426b40856756cbe754f768462a4e...","L2t0seFqOwKdi2gLBom5UzfV4b3m247S",[[],"L2t0seFqOwKdi2gLBom5UzfV4b3m247S",null,null,null,null],1]

一看,突然出现了个8f5711634f21ac9aa819d1cd6ba7b114e8e12a328280af677364c20e1489df3b972a53b13a24c7897ce426b40856756cbe754f768462a4eec4be6dcdc...字符串和我们上面产生的824b10....进行了拼接。

这个可能是固定的salt哦,毕竟他是和随机产上的salt进行拼接。

接着:

func:  
ƒ Ug(e){var t=Jg,n="";return e[t(482)](/[\da-f]{2}/gi)[t(471)+"ch"]((function(e){var r=t;if("ZpPAZ"!==r(490)){return _0x1066c5[r(484)+"ing"]()[r(476)+"h"]("(((.+"+r(465)+"+$")[r(484)+"ing"]()[r(448)+r(… 
caleed,
two args-> 

null 

["824b10a5e1bc0d5d96d029fc91890ab86e4fa2bc4f6aa8dd89ddd3b1c7e3122facf061db6deb876fe5f224c5c2f8b31e09bb3c88910eba3deda162b5db0387f68f5711634f21ac9aa819d1cd6ba7b114e8e12a328280af677364c20e1489df3b972a53b13a24c7897ce426b40856756cbe754f768462a4eec4be6dc..."] 


res-> "‚K\u0010¥á¼\r]–Ð)ü‘‰\n¸nO¢¼Oj¨Ý‰ÝÓ±Çã\u0012/¬ðaÛmë‡oåò$ÅÂø³\u001e\t»<ˆ‘\u000eº=í¡bµÛ\u0003‡öW\u0011cO!¬š¨\u0019ÑÍk§±\u0014èá*2‚€¯gsdÂ\u000e\u0014‰ß;—*S±:$lj|ä&´\bVul¾uOv„b¤îľmÍËý†å"

定位到原文:

    function Ug(e) {
        var t = Jg
          , n = "";
        return e[t(482)](/[\da-f]{2}/gi)[t(471) + "ch"]((function(e) {
            var r = t;
            if ("ZpPAZ" !== r(490)) {
                return _0x1066c5[r(484) + "ing"]()[r(476) + "h"]("(((.+" + r(465) + "+$")[r(484) + "ing"]()[r(448) + r(463) + "r"](_0x59eefd).search("(((.+" + r(465) + "+$")
            }
            n += String["fromC" + r(460) + "de"](parseInt(e, 16))
        }
        )),
        n
    }

一看关键的一行:

n += String["fromCode"](parseInt(e, 16))

明显做了hex转string。

接着:

func:  ƒ (e){var t=n,a=e[t(228)+"h"];s[t(243)+"geLen"+t(204)]+=a,a=[a/4294967296>>>0,a>>>0];for(var f=r.codYh(s["fullM"+t(219)+t(216)+"th"][t(228)+"h"],1);f>=0;--f){s["fullMessag"+t(216)+"th"][f]+=a[1],a[1]=a… 

caleed,two args-> 

{"algorithm":"sha512","blockLength":128,"digestLength":64,"messageLength":128,"fullMessageLength":[0,0,0,128],"messageLengthSize":16,"messageLength128":[0,0,0,128]} 

["‚K\u0010¥á¼\r]–Ð)ü‘‰\n¸nO¢¼Oj¨Ý‰ÝÓ±Çã\u0012/¬ðaÛmë‡oåò$ÅÂø³\u001e\t»<ˆ‘\u000eº=í¡bµÛ\u0003‡öW\u0011cO!¬š¨\u0019ÑÍk§±\u0014èá*2‚€¯gsdÂ\u000e\u0014‰ß;—*S±:$lj|ä&´\bVul¾uOv„b¤îľmÍËý†å"] 

res-> {"algorithm":"sha512","blockLength":128,"digestLength":64,"messageLength":128,"fullMessageLength":[0,0,0,128],"messageLengthSize":16,"messageLength128":[0,0,0,128]}

这是update。

接着:

func:  ƒ (){var t=n,r=new em;r.putBytes(c.bytes());var a=s["fullM"+t(219)+t(216)+"th"][s[t(245)+"essageLength"].length-1]+s["messa"+t(212)+"gthSize"]&s["block"+t(203)+"h"]-1;r.putBytes(eI.substr(0,s[t(195)+t(… caleed,

two args-> 

{"algorithm":"sha512","blockLength":128,"digestLength":64,"messageLength":128,"fullMessageLength":[0,0,0,128],"messageLengthSize":16,"messageLength128":[0,0,0,128]} 

[] 


res-> {"data":"“þ°Œm÷\u0006G\f\u000b»í7ó7́ô\u001a@ƺP:0¡So
_Ǻd›qÎÂ\u0006?\u0015\nÚ¶àù^¤\\£Ž‘©Nµð\u00164¦
Êp","read":0,"_constructedStringLength":64}

这是digest操作

func:  ƒ (){for(var e=Hg,t="",n=this.read;n<this[e(205)].length;++n){var r=this.data["charC"+e(224)](n);r<16&&(t+="0"),t+=r.toString(16)}return t} caleed,two args-> {"data":"“þ°Œm÷\u0006G\f\u000b»í7ó7́ô\u001a@ƺP:0¡So
_Ǻd›qÎÂ\u0006?\u0015\nÚ¶àù^¤\\£Ž‘©Nµð\u00164¦
Êp","read":0,"_constructedStringLength":64} [] res-> "93feb08c6df706470c0bbb7fed37f337cd81f41a40c6ba503a30a1536f855fc7ba649b7f8f71cec2063f150adab6e0f95ea45ca38e91a94eb5f01634a685ca70"

这是tohex操作

接着:

captcha.js:1 func:  ƒ substring() { [native code] } caleed,two args-> "93feb08c6df706470c0bbb7fed37f337cd81f41a40c6ba503a30a1536f855fc7ba649b7f8f71cec2063f150adab6e0f95ea45ca38e91a94eb5f01634a685ca70" [0,64] res-> "93feb08c6df706470c0bbb7fed37f337cd81f41a40c6ba503a30a1536f855fc7"

取[0,64]子串操作。

接着:

captcha.js:1 func:  ƒ substring() { [native code] } caleed,two args-> "93feb08c6df706470c0bbb7fed37f337cd81f41a40c6ba503a30a1536f855fc7ba649b7f8f71cec2063f150adab6e0f95ea45ca38e91a94eb5f01634a685ca70" [64,88] res-> "ba649b7f8f71cec2063f150a"

也是一样的,取[64,68]

接着:

[{"aesKey":"93feb08c6df706470c0bbb7fed37f337cd81f41a40c6ba503a30a1536f855fc7","iv":"ba649b7f8f71cec2063f150a"},"ba649b7f8f71cec2063f150a",64,88,1]

发现得到了重要信息:AES KEY IV

ƒ Yg(e){var t=Jg;return new Uint8Array(e.match(/[\da-f]{2}/gi)[t(468)]((function(e){return parseInt(e,16)})))} caleed,

two args->

null 

["879e508e0a1baaf285f2768c1e6cc7216ec5b788057a17ffa64c66a515383097ee76ce19b1f5db05e740c436b1073c2652f4adeb3d7a167c43442855801d802e7b226d6f6469666965645f696d675f7769647468223a3334302c226964223a2265356536626232323361336561666366666632363863663262346664633834343735623039373331222c226d6f6465223a22736c696465222c224b5351223a5b7b2278223a302c2279223a38362c2272656c61746976655f74696d65223a3132357d2c7b2278223a31312c2279223a38362c2272656c61746976655f74696d65223a3136307d2c7b2278223a32322c2279223a38362c2272656c61746976655f74696d65223a3139367d2c7b2278223a33312c2279223a38362c2272656c61746976655f74696d65223a3233337d2c7b2278223a33352c2279223a38362c2272656c61746976655f74696d65223a3237317d2c7b2278223a33362c2279223a38362c2272656c61746976655f74696d65223a3331307d2c7b2278223a33372c2279223a38362c2272656c61746976655f74696d65223a3334367d2c7b2278..."] 


res-> {"0":135,"1":158,"2":80,"3":142,"4":10,"5":27,"6":170,"7":242,"8":133,"9":242,"10":118,"11":140,"12":30,"13":108,"14":199,"15":33,"16":110,"17":197,"18":183,"19":136,"20":5,"21":122,"22":23,"23":255,"24":166,"25":76,"26":102,"27":165,"28":21,"29":56,"30":48,"31":151,"32":238,"33":118,"34":206,"35":25,"36":177,"37":245,"38":219,"39":5,"40":231,"41":64,"42":196,"43":54,"44":177,"45":7,"46":60,"47":38,"48":82,"49":244,"50":173,"51":235,"52":61,"53":122,"54":22,"55":124,"56":67,"57":68,"58":40,"59...

定位到原文:

    function Yg(e) {
        var t = Jg;
        return new Uint8Array(e.match(/[\da-f]{2}/gi)[t(468)]((function(e) {
            return parseInt(e, 16)
        }
        )))
    }

16进制字符串转整数列表。这里为什么说是列表,是因为,我这里日志用的json.stringify打印出来的,所以看起来像字典,其实不是,是列表。

接着:

captcha.js:1 func function slice() { [native code] } called,args-> 5 6 res-> ["93feb08c6df706470c0bbb7fed37f337cd81f41a40c6ba503a30a1536f855fc7"]

captcha.js:1 

func:  ƒ Yg(e){var t=Jg;return new Uint8Array(e.match(/[\da-f]{2}/gi)[t(468)]((function(e){return parseInt(e,16)})))} caleed,

two args-> 

null 

["93feb08c6df706470c0bbb7fed37f337cd81f41a40c6ba503a30a1536f855fc7"] 


res-> {"0":147,"1":254,"2":176,"3":140,"4":109,"5":247,"6":6,"7":71,"8":12,"9":11,"10":187,"11":127,"12":237,"13":55,"14":243,"15":55,"16":205,"17":129,"18":244,"19":26,"20":64,"21":198,"22":186,"23":80,"24":58,"25":48,"26":161,"27":83,"28":111,"29":133,"30":95,"31":199}

把我们上面的AES的key转成了int列表。

接着:

captcha.js:1 func function slice() { [native code] } called,args-> 6 7 res-> ["ba649b7f8f71cec2063f150a"]


captcha.js:1 

func:  ƒ Yg(e){var t=Jg;return new Uint8Array(e.match(/[\da-f]{2}/gi)[t(468)]((function(e){return parseInt(e,16)})))} caleed,

two args-> 

null 

["ba649b7f8f71cec2063f150a"] 

res-> {"0":186,"1":100,"2":155,"3":127,"4":143,"5":113,"6":206,"7":194,"8":6,"9":63,"10":21,"11":10}

这个iv一样

接下来其实离我们最终解密已经不远了,下一篇中继续!!

记得加入我们的学习群:

记得加入我们的学习群:961566389

点击链接加入群聊:https://h5.qun.qq.com/s/62P0xwrCNO

星云牛马
关注
抖音竖向滑动列表控件
玩火猴子
04-22 1153
两年没写博客了。 记录个控件,省的自己去找 竖向滑动的RecyclerView,已经在项目中用了一年半,没啥问题 1、支持预加载回调,2、position变动回调 没用androidx的重新导下包就行了 import android.content.Context; import android.util.AttributeSet; import android.view.View;...
mustaqimCaptcha:滑块验证码
03-27
滑块Captcha引导程序4 英语 用户通过拖动滑块以支持PC和移动终端来完成验证。 可以将用户拖动行为的时间,准确性和滑动轨迹信息发送到服务器,然后可以进行后台算法验证。 截屏 快速开始 依存关系 字体很棒 CSS < link href =" https://cdn.bootcss.com/font-awesome/5.7.2/css/all.min.css " > < link href =" ./disk/mustaqimcaptcha.css " > 将样式表<link>复制粘贴到您的<head>然后再粘贴所有其他样式表以加载我们CSS。 JS < script src =" ./disk/mustaqimcaptcha.min.js " > </ script > 将以下[removed]放在页面结尾附近,紧靠</body>标记之前,以启用它们。 用法 < div id
dy滑块验证码分析
python_zhu的博客
05-15 813
这个时候我们再去分析那个大数组是怎么来的,继续向上找,断点,可以看出来他是把m里面的值给拿过来的直接然后就是拼接,从右边的作用域也能看出来,是把三个数组拼接起来的,那么我们就得把m也打印放在一起分析了,[116,99,6,16,0,0]是第一个数组,是不变的,然后再加上9和7的数组组成的,那么我们就只要分析9,7数组是怎么来的就行。我们要想知道大数组转成我们最终的参数是怎么转换的,我们就得在生成大数组的地方断住,然后逐步分析。目前是3.5.48版本,滑块的图标也更改了,用OpenCV就可以识别。
【Python 逆向滑块】(实战四)逆向滑块,并实现用Python+Node.js 生成滑块、识别滑块、验证滑块、发送短信
最新发布
₰₯₮ 的博客
08-03 1252
用Python+Node.js 实现 请求网易易盾生成滑块、识别滑块、验证滑块、发送短信等操作
抖音、云图、星图、巨量等滑块验证(python+selenium)
m0_47213847的博客
03-21 1718
python+selenium滑块验证
抖音滑块笔记
m0_65303862的博客
05-12 4474
抖音滑块笔记
抖音滑块更新了
qq_53593099的博客
01-09 2409
大概几周前,抖音滑块更新了,用原本的算法会出现verifymodelerr的问题,我一开始还以为他是更新了算法,但我断点调试的时候发现他加密算法还是没变,然后就继续看其他的检测点,最后发现是检测轨迹跟detail的次数变严格一些了,主要是对滑动轨迹的检测,改了之后就可以验证通过了,但同一个detail请求多次就会出现频繁,网络错误的字样
抖音滑块python还原算法抖音轨迹生成
weixin_49630569的博客
08-12 3591
抖音滑块纯python还原算法
DOU用户画像分析.png
05-07
DOU用户画像分析.png
DOU用户群体分析.png
05-07
DOU用户群体分析.png
DOU运营及盈利模式分析.png
05-07
DOU运营及盈利模式分析.png
内容创作--DOU案例分析及话题分作.png
05-07
内容创作--DOU案例分析及话题分作
dou0粉开播获取推流码易语言.rar
01-04
标题中的“dou0粉开播获取推流码易语言.rar”暗示了这是一个关于使用易语言编程实现从抖音dou)平台无粉丝(0粉)状态下开启直播并获取推流码的教程或代码资源。推流码是直播过程中非常关键的一个元素,它允许...
抖音滑块笔记(一些让我觉得很坑的点)
qq_38977435的博客
02-24 2319
抖音滑块笔记
抖音滑块验证
热门推荐
骑毛驴的猴的博客
07-27 1万+
声明:本文只作学习研究,禁止用于非法用途,否则后果自负,如有侵权,请告知删除,谢谢! 文章目录前言分析总结 前言 目标网址:aHR0cHM6Ly9lLm9jZWFuZW5naW5lLmNvbS9hY2NvdW50L3BhZ2Uvc2VydmljZS9sb2dpbj9mcm9tPWh0dHBzJTNBJTJGJTJGd3d3Lm9jZWFuZW5naW5lLmNvbSUyRiZwbGF0Zm9ybT1QQyZzb3VyY2U9YmFpZHU=(dy系滑块,与dy-web登入一样) 分析 水着先,有空再详
抖音最新滑块缺口识别代码分享
Dxy1239310216的博客
05-16 1947
抖音在昨天偷偷的更新了验证码。从以前的单缺口,变成了现在的双缺口验证码。而且缺口的形状也变得多种多样,从以前的拼图缺口,变成了现在的月亮、三角形、心形等缺口。经过我们日夜奋斗,终于完成了这款新验证码的标记、训练、测试工作。经过测试,正确率在98%左右。批量测试效果如下图(点击查看大图识别红线)本次验证码需要截图。截图必须包含左边的滑块。因为要识别形状,然后找到对应的缺口。如有需要请大家使用25号模型。
一行代码解决selenium进入抖音出现验证滑块
asdfadafd的博客
03-06 3429
我正常从浏览器进入抖音是不出现验证滑块的,然后用selenium进入抖音网站发现会出现滑块验证 如下如这是原代码: 运行代码后就会发现浏览器出现验证滑块,这是是因为网站识别出你是使用selenium 这个时候在原代码中加入一行代码: options.add_argument(’–disable-blink-features=AutomationControlled’) 就解决了。 ...
App滑块分析(一)
weixin_43971225的博客
03-18 1938
遇到不懂的就查资料,在做web端逆向时可以在https://developer.mozilla.org/zh-CN/docs/Web/API查询,安卓端和web端一样可以在https://developer.android.com/reference/android/webkit/WebView中查询函数的意义。也很简单,确认一个该模块中唯有的字符串,将模块所在的列表取出来进行遍历,将模块tostring,判断字符串是否在该模块中,如果在则输出索引和该模块的str。
JS逆向之某滑块逆向分析
weixin_47115747的博客
12-16 4506
数美滑块分析
python抖音滑块
07-30
Python抖音滑块是指使用Python编程语言实现对抖音滑块验证码的自动化处理。 抖音滑块验证码通常出现在用户登录、注册等场景中,用于验证用户的真实性。由于滑块验证码需要用户手动滑动滑块,以模拟人类的行为,所以对于大规模的操作或需要频繁验证的场景来说,手动处理滑块验证码非常麻烦且效率低下。 Python抖音滑块解决方案可以通过某些开源的Python库和工具来实现自动滑动滑块,其中常用的是selenium和PIL(Python Imaging Library)库。使用selenium库可以模拟浏览器的操作,包括打开网页、填写表单和点击元素等,而PIL库则提供了图像处理的功能。 实现抖音滑块验证码的自动处理步骤大致如下: 1. 使用selenium库打开包含滑块验证码的抖音登录或注册页面; 2. 使用selenium库获取滑块验证码的背景图和滑块图,并下载保存; 3. 使用PIL库读取保存的背景图和滑块图,并对其进行图像处理,如灰度化、二值化等; 4. 使用图像处理技术找到滑块图在背景图上的位置,得到滑块需要滑动的距离; 5. 使用selenium库模拟鼠标拖动滑块,滑动距离即为上一步得到的距离; 6. 使用selenium库模拟点击登录或注册按钮,完成操作。 通过以上步骤,可以实现对抖音滑块验证码的自动化处理,提高效率和便捷性。同时需要注意的是,为了避免被抖音识别为机器行为,可以加入一些随机因素,如模拟人的操作速度和滑动轨迹等,以增加自动化处理的真实性。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

星云牛马

帮到您的话,可否请我喝杯咖啡

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值