操作流程分析
1.获取滑块图片
id 固定值 1a623022803d4cbc86fa157ec267bb36
fp 方法 _0x25827b() 调用va resul = getGdxidpyhxdE(); ---注意需要URL编码
cb 方法 _0x25827b() 调用getCb() ---注意需要URL编码
2.识别图片,获取到三个坐标值
3.校验滑块
请求地址 https://c.dun.163.com/api/v2/check 注意这不是一个xhr请求,无法使用xhr断点
referer: 固定值
zoneId: 固定值
id: 固定值
token: https://c.dun.163.com/api/v2/get 返回值
acToken: 调用getActoken 多次测试发现这个参数为空也是可以通过的
data:
d 固定值""
m 轨迹加密 调用getM
p 点击坐标加密 调用getP
ext 调用getExt
width: 固定值
type: 固定值
version: 固定值
cb: 调用getCb()
extraData: 固定值
bf: 固定值
runEnv: 固定值
callback: 调用getCallback()
分析:
每次点击单个文字调用addPoint,然后调用shouldVerifyCaptcha判断点击次数,如果是3则会组装数据发送校验请求
traceData 通过鼠标移动事件记录鼠标移动的值
pointsStack 这个是滑块图片三次点击的坐标值
其中的核心代码都在core.js中,如下
'trackMoving': function(_0x5b070d) { var _0x4674e5 = _0x18f765; if (this['beginTime']) { var _0x2282a6 = this[_0x4674e5(0x1dc)][_0x4674e5(0x8fd)]() , _0x1e64e2 = _0x2282a6[_0x4674e5(0x34c)] , _0x5a3800 = _0x2282a6[_0x4674e5(0x9b2)] , _0x97c4d2 = _0x58b7ab(this[_0x4674e5(0xaeb)][_0x4674e5(0x2a7)][_0x4674e5(0x760)], [Math[_0x4674e5(0x75b)](_0x5b070d[_0x4674e5(0x882)] - _0x1e64e2), Math['round'](_0x5b070d['clientY'] - _0x5a3800), _0x2e5429[_0x4674e5(0x8b4)]() - this['beginTime']] + ''); this['traceData'][_0x4674e5(0x5a4)](_0x97c4d2); } }, 'addPoint': function(_0x1bc3cd) { var _0x5ccf9a = _0x18f765 , _0x572c35 = _0x1bc3cd[_0x5ccf9a(0x34c)] , _0x53e97d = _0x1bc3cd[_0x5ccf9a(0x9b2)]; this[_0x5ccf9a(0x2de)][_0x5ccf9a(0x1b1)] || this[_0x5ccf9a(0x512)][_0x5ccf9a(0x1b7)]({ 'timeout': 0x3e8 }); var _0x5b5014 = this[_0x5ccf9a(0x2de)]['length'] + 0x1; if (!(_0x5b5014 > this['MAX_POINTS'])) { var _0x477409 = document[_0x5ccf9a(0xacf)]('div'); _0x477409[_0x5ccf9a(0x186)] = 'yidun_icon-point\x20yidun_point-' + _0x5b5014, _0x16d5b2['css'](_0x477409, _0x5ccf9a(0x7ec) + (_0x572c35 - 0xa) + 'px;\x20top:\x20' + (_0x53e97d - 0x19) + _0x5ccf9a(0x640)), this[_0x5ccf9a(0x1dc)][_0x5ccf9a(0x1e0)](_0x477409), this['pointsStack'][_0x5ccf9a(0x5a4)]({ 'el': _0x477409, 'coord': _0x58b7ab(this['$store'][_0x5ccf9a(0x2a7)]['token'], [Math[_0x5ccf9a(0x75b)](_0x572c35), Math[_0x5ccf9a(0x75b)](_0x53e97d), _0x2e5429[_0x5ccf9a(0x8b4)]() - this[_0x5ccf9a(0x421)]] + '') }), this[_0x5ccf9a(0x707)](); } }, 'shouldVerifyCaptcha': function() { var _0x1d279d = _0x18f765 , _0x25cfef = this[_0x1d279d(0x2de)]; if (_0x25cfef[_0x1d279d(0x1b1)] === this[_0x1d279d(0x6cd)]) { var _0x364721 = _0x25cfef[_0x1d279d(0x11b)](function(_0x409359) { return _0x409359['coord']; }) , _0x8d5de7 = this['traceData']; this['onVerifyCaptcha']({ 'data': JSON[_0x1d279d(0x9b1)]({ 'd': '', 'm': _0x396715(_0x2e5429[_0x1d279d(0x8c1)](_0x8d5de7, _0x2d4583)['join'](':')), 'p': _0x396715(_0x364721[_0x1d279d(0x395)](':')), 'ext': _0x396715(_0x58b7ab(this[_0x1d279d(0xaeb)]['state']['token'], this[_0x1d279d(0x2e9)] + ',' + _0x8d5de7[_0x1d279d(0x1b1)])) }) }); } }, |
对易盾点选验证码进行了简单的流程分析,目前识别用的python,JS逆向这块封装用的nodejs,没有用模拟浏览器,目前通过率在85到95之间。js逆向图片识别交流群715395643