web爬虫逆向笔记：js逆向案例三 有道翻译（MD5加密、AES解密）_有道翻译js逆向最新

// c.a为crypto加密模块，直接导包替换就好
function j(e) {
return c.a.createHash(“md5”).update(e.toString()).digest(“hex”)
}
function k(e, t) {
return j(client=${u}&mysticTime=${e}&product=${d}&key=${t})
}
const o = (new Date).getTime();
let e = ‘fsdsogkndfokasodnaso’
// sign值生成
// e为固定值
// o为时间戳
sign = k(o, e)

###### 2、整合封装代码

const Crypto = require(“crypto”);

const u = “fanyideskweb”,
d = “webfanyi”,
m = “client,mysticTime,product”,
p = “1.0.0”,
g = “web”,
b = “fanyi.web”,
A = 1,
h = 1,
f = 1,
v = “wifi”,
O = 0;
function j(e) {
return Crypto.createHash(“md5”).update(e.toString()).digest(“hex”)
}
function k(e, t) {
return j(client=${u}&mysticTime=${e}&product=${d}&key=${t})
}

function set_post_data(txt) {
const o = (new Date).getTime();
let e = ‘fsdsogkndfokasodnaso’
return {
i: txt,
from: ‘auto’,
to: ‘’,
dictResult: ‘true’,
keyid: ‘webfanyi’,
sign: k(o, e),
client: u,
product: d,
appVersion: p,
vendor: g,
pointParam: m,
mysticTime: o,
keyfrom: b,
mid: A,
screen: h,
model: f,
network: v,
abtest: O,
yduuid: “abcdefg”
}
}

###### 3、使用python调用验证请求

import requests
import execjs

cookies = {…}
headers = {
‘Accept’: ‘application/json, text/plain, */*’,
‘Accept-Language’: ‘zh-CN,zh;q=0.9’,
‘Cache-Control’: ‘no-cache’,
‘Connection’: ‘keep-alive’,
‘Content-Type’: ‘application/x-www-form-urlencoded’,
‘Origin’: ‘https://fanyi.youdao.com’,
‘Pragma’: ‘no-cache’,
‘Referer’: ‘https://fanyi.youdao.com/’,
‘Sec-Fetch-Dest’: ‘empty’,
‘Sec-Fetch-Mode’: ‘cors’,
‘Sec-Fetch-Site’: ‘same-site’,
‘User-Agent’: ‘Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36’,
‘sec-ch-ua’: ‘“Chromium”;v=“122”, “Not(A:Brand”;v=“24”, “Google Chrome”;v=“122”’,
‘sec-ch-ua-mobile’: ‘?0’,
‘sec-ch-ua-platform’: ‘“Windows”’,
}
with open(‘./set_post_data.js’, ‘r’, encoding=‘utf-8’) as f:
set_post_data_code = f.read()
data = execjs.compile(set_post_data_code).call(‘set_post_data’, txt)
response = requests.post(‘https://dict.youdao.com/webtranslate’, headers=headers, cookies=cookies, data=data)
print(response.text)

![在这里插入图片描述](https://img-blog.csdnimg.cn/direct/f9a3b517745e443b8bf05a665952f04e.png#pic_center)


##### 三、数据解密


![在这里插入图片描述](https://img-blog.csdnimg.cn/direct/45450f447d7d4afbb0c4bd61f2fdb269.png#pic_center)


![在这里插入图片描述](https://img-blog.csdnimg.cn/direct/151badecfa614ca997f88aba999dfd38.png#pic_center)


###### 1、解密js分析

//解密分析
// c.a为crypto加密模块，直接导包替换就好
function y(e) {
return c.a.createHash(“md5”).update(e).digest()
}
R = (t,o,n)=>{
if (!t)
return null;
const a = e.alloc(16, y(o))
, i = e.alloc(16, y(n))
, r = c.a.createDecipheriv(“aes-128-cbc”, a, i);
let s = r.update(t, “base64”, “utf-8”);
return s += r.final(“utf-8”),
s
}
// t为加密数据data
// o为key值
// n为iv值
// 固定值可写死
let o = “ydsecret://query/key/B*RGygVywfNBwpmBaZg*WT7SIOUP2T0C9WHMZN39j^DAdaZhAnxvGcCY6VYFwnHl”;
// 固定值可写死
let n = “ydsecret://query/iv/C@lZe2YzHtZ2CYgaXKSVfsb7Y4QWHjITPPZ0nQp87fBeJ!Iv6v^6fvi2WN@bYpJ4”;

###### 2、整合封装代码

const Crypto = require(“crypto”);

function y(e) {
// 使用 md5 算法创建一个哈希对象
return Crypto.createHash(“md5”)
// 更新哈希对象的内容为参数 e
.update(e)
// 获取哈希值并返回
.digest()
}

function get_data(data){
// 定义变量o，存储密钥
let o = “ydsecret://query/key/B*RGygVywfNBwpmBaZg*WT7SIOUP2T0C9WHMZN39j^DAdaZhAnxvGcCY6VYFwnHl”;
// 定义变量n，存储初始化向量
let n = “ydsecret://query/iv/C@lZe2YzHtZ2CYgaXKSVfsb7Y4QWHjITPPZ0nQp87fBeJ!Iv6v^6fvi2WN@bYpJ4”;

// 调用函数y，传入密钥o，将返回值赋给变量a
const a = y(o)
// 调用函数y，传入初始化向量n，将返回值赋给变量i
, i = y(n)
// 创建解密器r，使用AES-128-CBC算法，密钥为a，初始化向量为i
, r = Crypto.createDecipheriv(“aes-128-cbc”, a, i);

// 使用解密器r对传入的base64编码的数据data进行解密，结果以utf-8编码
let s = r.update(data, “base64”, “utf-8”);

// 将解密器r的最终结果以utf-8编码添加到s中，并返回s
return s += r.final(“utf-8”),
s
}

**网上学习资料一大堆，但如果学到的知识不成体系，遇到问题时只是浅尝辄止，不再深入研究，那么很难做到真正的技术提升。**

**[需要这份系统化学习资料的朋友，可以戳这里无偿获取](https://bbs.csdn.net/topics/618317507)**

**一个人可以走的很快，但一群人才能走的更远！不论你是正从事IT行业的老鸟或是对IT行业感兴趣的新人，都欢迎加入我们的的圈子（技术交流、学习资源、职场吐槽、大厂内推、面试辅导），让我们一起学习成长！**