JS逆向之Webpack(二)
难度: ⭐️
网址如下
https://synconhub.coscoshipping.com/
需要逆向的值:
登录请求的password
找到加密的位置
看起来想RSA,所以试着搜搜以下关键词
setPublicKey(
encrypt(
password
username
比如搜password,73个,直接放弃~
setPublicKey(,这个少,就这个了
xhr断点也打一个
可以看到已经是加密的
翻翻方法栈,找到个很可疑的,也加个断点
再提交一下
我们进入s.w这个方法再下个断点
好了找到密码加密的地方了,就是调用o.a((t),其中t就是明文
然后我们发现o是在这里定义的,很显然就是通过webpack装载器装载的了
寻找装载器
我们在o这里下一个断点,刷新下页面,然后跳过去,发现到这里了,还不给格式化
那我们就复制到webstrom里面格式化一下
可以看到f是导出函数
那我们把f导出来
window = this;
var _f;
!function (c) {
// ...
function f(n) {
if (h[n]) return h[n].exports;
var u = h[n] = {i: n, l: !1, exports: {}};
return c[n].call(u.exports, u, u.exports, f), u.l = !0, u.exports;
}
// ...
_f = f;
}({
});
然后我们测试一下看看好不好用,发现没有问题
到此我们装载器就找到了
寻找装载模块
由于上一步需要o,而o又依赖MuMZ模块,那么我们接下来就要去找MuMZ模块
把它扒下来可以看到又需要这个
但是这里我们会发现这个模块依赖一万个模块,这时候一个一个扒就显得很笨了,我们随便找几个看看发现都在这一份文件里,那么我就就直接扒整一份文件,放到一个新的js文件里,然后引用它
然后我们测试一下,发现不报错,那就没问题了
构造自执行方法
由于我们知道,e是明文密码,返回的结果就是加密后的字符串,那么我们就需要调用这个方法,这里给出几个方法
方法一
它怎么调用我们就怎么调用
但在这里给我报了个错,说是找不到这个方法,nodejs不支持使用atob和btoa 进行字符串base64转换,转换方法如下:
// 转为base64
var strToBase64 = new Buffer().from('aaabbbccc').toString('base64');
// base64反解析为字符串
var base64ToStr = new Buffer(str , 'base64').toString();
发现就可以了
方法二
直接定义成window,简单粗暴
源代码
window = this;
require("./1.js")
var _f;
!function (c) {
function n(n) {
for (var h, e, f = n[0], b = n[1], d = n[2], t = 0, o = []; t < f.length; t++) e = f[t], Object.prototype.hasOwnProperty.call(k, e) && k[e] && o.push(k[e][0]), k[e] = 0;
for (h in b) Object.prototype.hasOwnProperty.call(b, h) && (c[h] = b[h]);
for (r && r(n); o.length;) o.shift()();
return a.push.apply(a, d || []), u();
}
function u() {
for (var c, n = 0; n < a.length; n++) {
for (var u = a[n], h = !0, e = 1; e < u.length; e++) {
var b = u[e];
0 !== k[b] && (h = !1);
}
h && (a.splice(n--, 1), c = f(f.s = u[0]));
}
return c;
}
var h = {}, e = {runtime: 0}, k = {runtime: 0}, a = [];
function f(n) {
if (h[n]) return h[n].exports;
var u = h[n] = {i: n, l: !1, exports: {}};
return c[n].call(u.exports, u, u.exports, f), u.l = !0, u.exports;
}
f.e = function (c) {
var n = [];
e[c] ? n.push(e[c]) : 0 !== e[c] && {
"chunk-00fd": 1,
"chunk-05d7": 1,
"chunk-0e20": 1,
"chunk-387f": 1,
"chunk-0c25": 1,
"chunk-656e": 1,
"chunk-57a6": 1,
"chunk-7f42": 1,
"chunk-98a0": 1,
"chunk-bd49": 1,
"chunk-1633": 1,
"chunk-16f7": 1,
"chunk-17fe": 1,
"chunk-a0e4": 1,
"chunk-0d0d": 1,
"chunk-1b3d": 1,
"chunk-1a09": 1,
"chunk-3786": 1,
"chunk-57f0": 1,
"chunk-11cb": 1,
"chunk-2bb3": 1,
"chunk-3902": 1,
"chunk-8f7e": 1,
"chunk-5b88": 1,
"chunk-2df6": 1,
"chunk-c327": 1,
"chunk-5a62": 1,
"chunk-3eb9": 1,
"chunk-45a6": 1,
"chunk-4771": 1,
"chunk-493d": 1,
"chunk-625a": 1,
"chunk-63cb": 1,
"chunk-6b48": 1,
"chunk-7dae": 1,
"chunk-7ebe": 1,
"chunk-7f18": 1,
"chunk-6ba4": 1,
"chunk-0073": 1,
"chunk-92f6": 1,
"chunk-9823": 1,
"chunk-b3d0": 1,
"chunk-b1ff": 1,
"chunk-b234": 1,
"chunk-b739": 1,
"chunk-commons": 1,
"chunk-2288": 1,
"chunk-92ef": 1,
"chunk-13d8": 1,
"chunk-a190": 1,
"chunk-ce8b": 1,
"chunk-07fc": 1,
"chunk-05b2": 1,
"chunk-3928": 1,
"chunk-0abf": 1,
"chunk-3f23": 1,
"chunk-7586": 1,
"chunk-71f2": 1,
"chunk-1849": 1,
"chunk-05ee": 1,
"chunk-08ac": 1,
"chunk-0b59": 1,
"chunk-a6a1": 1,
"chunk-0cab": 1,
"chunk-142b": 1,
"chunk-1809": 1,
"chunk-5305": 1,
"chunk-579c": 1,
"chunk-1899": 1,
"chunk-18e5": 1,
"chunk-a375": 1,
"chunk-19a9": 1,
"chunk-0bf9": 1,
"chunk-6a8c": 1,
"chunk-1caf": 1,
"chunk-1d1c": 1,
"chunk-212a": 1,
"chunk-25f6": 1,
"chunk-284d": 1,
"chunk-4640": 1,
"chunk-29d1": 1,
"chunk-2dc2": 1,
"chunk-02ab": 1,
"chunk-3313": 1,
"chunk-da22": 1,
"chunk-5e57": 1,
"chunk-41f1": 1,
"chunk-4d0f": 1,
"chunk-a0e5": 1,
"chunk-18b2": 1,
"chunk-4795": 1,
"chunk-24ed": 1,
"chunk-5770": 1,
"chunk-59e9": 1,
"chunk-00e2": 1,
"chunk-7e16": 1,
"chunk-8004": 1,
"chunk-0c67": 1,
"chunk-18bb": 1,
"chunk-0f99": 1,
"chunk-f180": 1,
"chunk-13fb": 1,
"chunk-9ea6": 1,
"chunk-5335": 1,
"chunk-c642": 1,
"chunk-73e5": 1,
"chunk-c48d": 1,
"chunk-d0b5": 1,
"chunk-d101": 1,
"chunk-6bf2": 1,
"chunk-7a39": 1,
"chunk-1b49": 1,
"chunk-ece0": 1,
"chunk-f8b5": 1,
"chunk-dbea": 1
}[c] && n.push(e[c] = new Promise(function (n, u) {
for (var h = "static/css/" + ({"chunk-commons": "chunk-commons"}[c] || c) + "." + {
"chunk-00fd": "73d4b7dc",
"chunk-05d7": "a5fd5fb5",
"chunk-0e20": "056ffc37",
"chunk-387f": "69c6087f",
"chunk-0c25": "d330a4a9",
"chunk-656e": "0bf32cac",
"chunk-57a6": "222599bd",
"chunk-7f42": "9d88b47f",
"chunk-98a0": "6891600b",
"chunk-bd49": "8bdaa219",
"chunk-1633": "cf2fc27f",
"chunk-16f7": "6f35be62",
"chunk-17fe": "be265371",
"chunk-a0e4": "fb491143",
"chunk-0d0d": "b21a0817",
"chunk-1b3d": "2559a8d7",
"chunk-1a09": "95b419a9",
"chunk-3786": "1d38b3d0",
"chunk-560b": "31d6cfe0",
"chunk-57f0": "a0a0ec76",
"chunk-11cb": "f13efed8",
"chunk-1c26": "31d6cfe0",
"chunk-2bb3": "0e6eae88",
"chunk-3902": "c6168fff",
"chunk-8f7e": "6618d4e4",
"chunk-5b88": "30a4323d",
"chunk-2df6": "8decb663",
"chunk-c327": "e52fe088",
"chunk-5a62": "e9a3eb1d",
"chunk-3eb9": "0d794c82",
"chunk-45a6": "0f443e42",
"chunk-4771": "465490bd",
"chunk-493d": "1007effe",
"chunk-625a": "971916ca",
"chunk-63cb": "37a735a7",
"chunk-6b48": "4c2e35de",
"chunk-7dae": "eddb9452",
"chunk-7ebe": "ed4c5895",
"chunk-7f18": "c7e93905",
"chunk-8839": "31d6cfe0",
"chunk-6ba4": "36a3f36a",
"chunk-0073": "92566329",
"chunk-92f6": "57044a6e",
"chunk-9823": "af50b152",
"chunk-b3d0": "a86f18a8",
"chunk-b1ff": "2490affe",
"chunk-b234": "782405bf",
"chunk-b739": "b4d2666d",
"chunk-commons": "8682bec0",
MT78: "31d6cfe0",
"chunk-861b": "31d6cfe0",
"chunk-2288": "7bfa5327",
"chunk-87e6": "31d6cfe0",
"chunk-92ef": "80f4d0ed",
"chunk-13d8": "ed087bd2",
"chunk-a190": "e0c28151",
"chunk-ce8b": "401c511c",
"chunk-07fc": "28af2653",
"chunk-05b2": "0ded6f14",
"chunk-3928": "95c2e923",
"chunk-0abf": "f2a36cb8",
"chunk-3f23": "3be45966",
"chunk-7586": "650c0b92",
"chunk-71f2": "a06e33ef",
"chunk-1849": "c2aca790",
"chunk-05ee": "1d6cc3af",
"chunk-08ac": "375e2023",
"chunk-0b59": "95f70d9e",
"chunk-a6a1": "d1964722",
"chunk-0cab": "98d9157a",
"chunk-142b": "810c543b",
"chunk-1809": "124e2bb6",
"chunk-5305": "2f24375f",
"chunk-579c": "1f0d9166",
"chunk-1899": "3feba867",
"chunk-18e5": "89275e60",
"chunk-a375": "c031c2ad",
"chunk-19a9": "80b43b16",
"chunk-0bf9": "3c606dea",
"chunk-6a8c": "5b25ad00",
"chunk-1caf": "77121e01",
"chunk-1d1c": "c4b42726",
"chunk-212a": "8dbe1292",
"chunk-25f6": "02a87050",
"chunk-284d": "aa7c5f28",
"chunk-4640": "f2d4d62a",
"chunk-29d1": "4a1f8f63",
"chunk-2dc2": "c966ef86",
"chunk-02ab": "f266d050",
"chunk-3313": "e6fe76e1",
"chunk-da22": "8537b265",
"chunk-5e57": "4aaf2da1",
"chunk-41f1": "fac7106f",
"chunk-4d0f": "266fcd96",
"chunk-a0e5": "94886e6a",
"chunk-18b2": "48b47420",
"chunk-4795": "9b0f6b62",
"chunk-24ed": "ea6b69ab",
"chunk-5770": "107fcd92",
"chunk-59e9": "28f9d183",
"chunk-00e2": "5bd64565",
"chunk-7e16": "e242f100",
"chunk-8004": "c390e4cb",
"chunk-0c67": "f7d0a9ea",
"chunk-18bb": "28567f89",
"chunk-0f99": "6e9c501d",
"chunk-f180": "e67e850a",
"chunk-13fb": "b5ad8473",
"chunk-9ea6": "4b170c1e",
"chunk-5335": "6e4a4981",
"chunk-c642": "6c81982f",
"chunk-73e5": "714b8ddb",
"chunk-c48d": "d80c7929",
"chunk-d0b5": "ec0640e4",
"chunk-d101": "eaf50437",
"chunk-6bf2": "e8ed40d0",
"chunk-7a39": "06d9d25e",
"chunk-1b49": "3b68ad58",
"chunk-ece0": "8f67abce",
"chunk-f8b5": "0f3bc03a",
"chunk-dbea": "d8a414a8"
}[c] + ".css", e = f.p + h, k = document.getElementsByTagName("link"), a = 0; a < k.length; a++) {
var b = (t = k[a]).getAttribute("data-href") || t.getAttribute("href");
if ("stylesheet" === t.rel && (b === h || b === e)) return n();
}
var d = document.getElementsByTagName("style");
for (a = 0; a < d.length; a++) {
var t;
if ((b = (t = d[a]).getAttribute("data-href")) === h || b === e) return n();
}
var r = document.createElement("link");
r.rel = "stylesheet", r.type = "text/css", r.onload = n, r.onerror = function (n) {
var h = n && n.target && n.target.src || e,
k = new Error("Loading CSS chunk " + c + " failed.\n(" + h + ")");
k.request = h, u(k);
}, r.href = e, document.getElementsByTagName("head")[0].appendChild(r);
}).then(function () {
e[c] = 0;
}));
var u = k[c];
if (0 !== u) if (u) n.push(u[2]); else {
var h = new Promise(function (n, h) {
u = k[c] = [n, h];
});
n.push(u[2] = h);
var a, b = document.createElement("script");
b.charset = "utf-8", b.timeout = 120, f.nc && b.setAttribute("nonce", f.nc), b.src = function (c) {
return f.p + "static/js/" + ({"chunk-commons": "chunk-commons"}[c] || c) + "." + {
"chunk-00fd": "86fa6ae3",
"chunk-05d7": "0729b6f1",
"chunk-0e20": "01e0a3b8",
"chunk-387f": "5fe45f98",
"chunk-0c25": "60165979",
"chunk-656e": "b6f469c8",
"chunk-57a6": "b252fcf2",
"chunk-7f42": "5f11f361",
"chunk-98a0": "eb1ebe48",
"chunk-bd49": "926b542b",
"chunk-1633": "4de8ef07",
"chunk-16f7": "3a52f3a1",
"chunk-17fe": "7a3559d4",
"chunk-a0e4": "1cf79aa6",
"chunk-0d0d": "f0e528b4",
"chunk-1b3d": "67843a2d",
"chunk-1a09": "17508027",
"chunk-3786": "a85d05b6",
"chunk-560b": "cb030c2d",
"chunk-57f0": "4d1b832a",
"chunk-11cb": "7d9fcb45",
"chunk-1c26": "e1c4e81e",
"chunk-2bb3": "ab9156ef",
"chunk-3902": "58743f15",
"chunk-8f7e": "e09dd42e",
"chunk-5b88": "d8e893cc",
"chunk-2df6": "a2a49393",
"chunk-c327": "31467e03",
"chunk-5a62": "7edaf54a",
"chunk-3eb9": "33977d7a",
"chunk-45a6": "b025c332",
"chunk-4771": "59a1d883",
"chunk-493d": "a8bfa792",
"chunk-625a": "20ccb243",
"chunk-63cb": "c3ef22b9",
"chunk-6b48": "c89f8181",
"chunk-7dae": "4b6e40db",
"chunk-7ebe": "aa8b57f3",
"chunk-7f18": "b1bb61d9",
"chunk-8839": "2bb965a5",
"chunk-6ba4": "594c7e33",
"chunk-0073": "9534dcea",
"chunk-92f6": "3b1610fb",
"chunk-9823": "b68076db",
"chunk-b3d0": "4b5601b7",
"chunk-b1ff": "4da68f60",
"chunk-b234": "9f831eda",
"chunk-b739": "9b9ad820",
"chunk-commons": "0a4885d6",
MT78: "c636f2f7",
"chunk-861b": "81626570",
"chunk-2288": "f9477a5c",
"chunk-87e6": "9dc6ad71",
"chunk-92ef": "93578a7d",
"chunk-13d8": "01575c02",
"chunk-a190": "c50ce069",
"chunk-ce8b": "e921a1f5",
"chunk-07fc": "a7f52270",
"chunk-05b2": "556a3136",
"chunk-3928": "d76855a8",
"chunk-0abf": "36b65692",
"chunk-3f23": "5863114c",
"chunk-7586": "798c55db",
"chunk-71f2": "0ea12c41",
"chunk-1849": "aa21bcaa",
"chunk-05ee": "daebf2bb",
"chunk-08ac": "a9c4d921",
"chunk-0b59": "084be3cf",
"chunk-a6a1": "a3e8fc98",
"chunk-0cab": "6930ed23",
"chunk-142b": "5cbeed1a",
"chunk-1809": "7862d7b0",
"chunk-5305": "a8e6db36",
"chunk-579c": "ff887f87",
"chunk-1899": "1f49254c",
"chunk-18e5": "622bc6fc",
"chunk-a375": "2a450719",
"chunk-19a9": "5d1b7ede",
"chunk-0bf9": "4f0a819a",
"chunk-6a8c": "735ce0d0",
"chunk-1caf": "ce5734f5",
"chunk-1d1c": "ad08bab5",
"chunk-212a": "f6919d9b",
"chunk-25f6": "edce9dde",
"chunk-284d": "617fa996",
"chunk-4640": "ee16c1d1",
"chunk-29d1": "4db66a99",
"chunk-2dc2": "033a02ff",
"chunk-02ab": "d843d76e",
"chunk-3313": "870690be",
"chunk-da22": "68841070",
"chunk-5e57": "2dd69f67",
"chunk-41f1": "37ac4588",
"chunk-4d0f": "e94cdb6f",
"chunk-a0e5": "e703c015",
"chunk-18b2": "be4fcbec",
"chunk-4795": "15021ddd",
"chunk-24ed": "63c73da1",
"chunk-5770": "1ce2bc4f",
"chunk-59e9": "7860f300",
"chunk-00e2": "1fac061d",
"chunk-7e16": "68268622",
"chunk-8004": "7bd47013",
"chunk-0c67": "8561f652",
"chunk-18bb": "02e9359a",
"chunk-0f99": "0ff8c5b7",
"chunk-f180": "e5b2e73a",
"chunk-13fb": "4c0d6af2",
"chunk-9ea6": "2ac273cf",
"chunk-5335": "906da7dd",
"chunk-c642": "b83d7042",
"chunk-73e5": "6d3ccbf3",
"chunk-c48d": "6f74bb6a",
"chunk-d0b5": "23e18133",
"chunk-d101": "38e3f9b3",
"chunk-6bf2": "56b614e7",
"chunk-7a39": "ac185dbc",
"chunk-1b49": "594fbbdd",
"chunk-ece0": "09407ba7",
"chunk-f8b5": "938821d6",
"chunk-dbea": "ae187449"
}[c] + ".js";
}(c);
var d = new Error;
a = function (n) {
b.onerror = b.onload = null, clearTimeout(t);
var u = k[c];
if (0 !== u) {
if (u) {
var h = n && ("load" === n.type ? "missing" : n.type), e = n && n.target && n.target.src;
d.message = "Loading chunk " + c + " failed.\n(" + h + ": " + e + ")", d.name = "ChunkLoadError", d.type = h, d.request = e, u[1](d);
}
k[c] = void 0;
}
};
var t = setTimeout(function () {
a({type: "timeout", target: b});
}, 12e4);
b.onerror = b.onload = a, document.head.appendChild(b);
}
return Promise.all(n);
}, f.m = c, f.c = h, f.d = function (c, n, u) {
f.o(c, n) || Object.defineProperty(c, n, {enumerable: !0, get: u});
}, f.r = function (c) {
"undefined" != typeof Symbol && Symbol.toStringTag && Object.defineProperty(c, Symbol.toStringTag, {value: "Module"}), Object.defineProperty(c, "__esModule", {value: !0});
}, f.t = function (c, n) {
if (1 & n && (c = f(c)), 8 & n) return c;
if (4 & n && "object" == typeof c && c && c.__esModule) return c;
var u = Object.create(null);
if (f.r(u), Object.defineProperty(u, "default", {
enumerable: !0,
value: c
}), 2 & n && "string" != typeof c) for (var h in c) f.d(u, h, function (n) {
return c[n];
}.bind(null, h));
return u;
}, f.n = function (c) {
var n = c && c.__esModule ? function () {
return c.default;
} : function () {
return c;
};
return f.d(n, "a", n), n;
}, f.o = function (c, n) {
return Object.prototype.hasOwnProperty.call(c, n);
}, f.p = "/", f.oe = function (c) {
throw c;
};
var b = window.webpackJsonp = window.webpackJsonp || [], d = b.push.bind(b);
b.push = n, b = b.slice();
for (var t = 0; t < b.length; t++) n(b[t]);
var r = d;
_f = f;
}({
MuMZ: function(e, t, n) {
"use strict";
n.d(t, "a", function() {
return o
}),
n.d(t, "b", function() {
return a
});
var r = n("XBrZ");
function o(e) {
var t = r.pki.publicKeyFromPem("-----BEGIN PUBLIC KEY-----\n MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsy4xppPDUT2eAOR5h0cyydzxtKB9O80A\n GjUT6FmDgg6CwelpnE0C2h2JQyP1gCveJs6GDwSDn20RVVpD67f//YPYErjaH/CBOxNG3k5IkW1o\n Qx04uqFNMtWvjzk0aFh2eJLsBi7Ha4elw3WySg00B8oZCL4VBay4ML9kyOAjjCj5jHCX8a2yxIMJ\n IF+EjW3kBR68IMwBvuDL45Qa0oB24vTffaSEs+hGjMTQvoCciOfti3pmEAlVc438/cBgAhK5cIMf\n IMElxYAVvmsDy0I7RCUTrajetKjX94Q+JuQUxnIHNC3IVtYsl1x0lNRtb93IhlRCkZ9djOu350eq\n hZIOXQIDAQAB\n -----END PUBLIC KEY-----")
.encrypt(window.password, "RSA-OAEP", {
md: r.md.sha256.create(),
mgf1: {
md: r.md.sha1.create()
}
});
// return window.btoa(t)
window.encrypt_password = new Buffer.from(t).toString('base64');
return window.encrypt_password;
}
function a(e) {
var t = r.md.md5.create();
return t.update(e),
t.digest().toHex()
}
window.o = o;
},
});
// 方式一
// o = _f("MuMZ");
// console.log(o.a("123456"));
// 方式二
_f("MuMZ");
window.password = "123456"
window.o(window.password);
console.log(window.encrypt_password);
注意的点
我们需要注意下window.btoa()有没有被改写,没改写才能替换
可以看到没有被改写