注:本文章仅供学习使用,请勿用做其他商业用途,如有侵权,请联系本人。
地址:aHR0cHM6Ly93d3cubmZ0Y24uY29tLmNuL3BjLyMvbG9naW4
这个js文件15w行,ob混淆,没必要还原,不过参数搜一下就搜到了。
nftcnapitimestamp:时间戳
nftcnapinonce:随机数
function SJS(){//随机数
for (var _0x25f242 = "0123456789", _0x3316f6 = '', _0x345db1 = 0x0; _0x345db1 < 0x15; _0x345db1++)
_0x3316f6 += _0x25f242['charAt'](Math['floor'](Math['random']() * _0x25f242['length']));
return _0x3316f6;
}
nftcnapiappsecret:MD5("nftcn-app-web"+nftcnapinonce)到大写
_0x107902 = _0x375956()(_0x431e4e + _0x409b0f)[_0x3008ef(0x745)]()
nftcnapisignature:SHA256withRSA
私钥:-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCKHlfkGGiITVyjeE/ITClJhEnsOZif+Xds1sFOsVh2kgvDQKN2Ftuld7BRCnDrXmuZz/jk+6RymFCV1wAW8vE2iWh5Adq1OCUZy8ENOk7Xnn/OhN2GmSiuDPa/rYOyVfD4EUndA0zEPW3lRpzYHosYT/kkxngsVGUmvp9ZCGAKGBwOBlNh//kbNDj5iriENpW+3mq+gdpPcgO5/fE95R6uNn3CgG7WTqL/w/2p2I1fQvgiLtYWhTJUlf4w63CErXMPaeCogZNkiX48D3PKeCEAsei2sF7M3zdny8HOm5gsjipXpA4RYOGQj2VOAfh8l8t4UMCxaz8WZ86Rwz2lr7xVAgMBAAECggEAPCS+bQrb6g6V+nEXfMb9a4/5iK4D8hV1laVmg9fiB6/NA3cQNwn5F3KpCoEbbsKs5EuVvFB/6Y69+KGo3lVoCDGJlrfh/uu17Ce3pwTu9CGG0e01cbkb576pbAoowO1/guY0XdNkCEgfpKk8/zc9ppacjREHn3YYneiABwsIlxwICIA1tzG+xaB+0yigy71tja6ML/os5cJ+/1lt4YOZdTj4HCqxtZISKqjbnAzqiiwwb9Py7grwny5Pi3ZfsoZJtcrz+Ps0MMnDAaG6WexAXisjF8fuonqY1+OUXnF4efKAyB2u0buz0u86G+nTKeG5jNWqaVi3jadBoMfc8lBjuQKBgQDO4FSkEg0ZKa/xuareEpdGBDEKwSVqZEdDZmpP7lG2NfDdhzkDz25XMJsoV6pONS4inp5ilp2Cw/6NfaIM56dWYYiJ09JkCqlwK96dR9RcgKPYheCNRWeRSE6HUnlG2MRpMZR5ufSPPPN2RS0Gu/C40Dd1nAljgWg7WjRLSNQfpwKBgQCq6ldnX9A7JKMdZXKhAuykuUJN5oTZswRi+xsXbQWKOjXTbMn1NLw8skPr+Otkr+olnsuT7+A7/OSZEdGIa5QhfJcjKU0prooHnCRQtaP68oXco1HnpY+yKDRnVlDdxkvyGqVuooBiMtt9QqyV3IZjtYH8WXC0bnQuFVTfys5jowKBgQDNG8uvdBo6dYN1BWFslkAXcjZxdDg1eMDTCWqkXyPypR5vdQ9JQNMkbROYdvpqWf2o410jYDNAoDP0crhFVTQqx77I8BPrjkqZ5VTs2XeqUvyfw3R0fHiHqYn6TwHhBTAPH9IWshDQJ103SLSwtYugoQgreg4w8u+10OSCM+3khwKBgDLMD0okCelqDCiyfA0qp1aV0QUCHD3vnMAmTXj66AibIGBEFwoPsFqByPobMyrrtbWUqoC/bG+ny/FKgHIBNzd0ph7HKa3XuCJm38w1EBWHew2GZNNqO3kBxgFogARJ6Ux9aumk1m9ZGi7yYATyU+bSjV2I35xgr5r6sA0LY6ftAoGAE/HYo6wY+u2MXPLNsEMOOXjO3dvZH46USrs1jmdphcwISLSB2EeOf9hLp6flSYIZMXpBVGaMaSmzJOTk0eCco57LmbTtlQAyUx5j1jxySN4ph2IcO8qb9rJXJ1w1tGW1qSCe5ELJbMrYJH386r4qkD74QWSY6P9M1SgCtJ6vaLM=
-----END PRIVATE KEY-----
RSA加密参数为:nftcnApiAppId=nftcn-app-web&nftcnApiAppSecret=08E560C0075266072E5F8CC265220C09&nftcnApiNonce=280003642339887232799&nftcnApiTimestamp=1651414136704&password=ewqe123213&username=18888888888
至于算法,你可以尝试还原混淆,把代码抠出来,我这里使用node的库,jsrsasign。
const {KJUR, hextob64} = require('jsrsasign')
const HashMap = {
SHA256withRSA: 'SHA256withRSA',
SHA1withRSA: 'SHA1withRSA'
}
结果