网络安全与逆向工程
📑 📑在当今数字化的世界中,我们的大部分活动都与互联网有关,而互联网的基础是计算机编程。不论是网页浏览、移动应用、社交媒体还是在线购物,它们都依赖于软件和代码来运行。了解和理解这些代码的内部机制对于保护自己的数据和网络安全至关重要。
网络安全与逆向工程的详细探讨
📑 📑逆向工程是一种通过分析软件代码和运行行为来深入理解程序的内部工作方式的技术。这种技术不仅可以用于网络安全,还可以用于破解、修复漏洞、改善性能,以及学习和理解其他人编写的代码。
以下是网络安全与逆向工程的详细探讨:
- 逆向工程的基本原理
📑 📑逆向工程的基本原理是通过分析代码和运行行为来理解程序的内部机制。这包括了查找函数、变量、算法和数据流等。逆向工程通常包括以下步骤:
1)获取代码:可以使用工具来获取程序的源代码或字节码。
2)分析代码:使用代码编辑器、调试器或其他工具来分析代码,包括查找关键功能、漏洞和安全问题。
3)调试代码:使用调试工具来检查程序的运行行为,包括变量的值、函数的调用和异常的处理。
4)破解代码:通过分析代码来破解加密、混淆或漏洞,以获取程序的逻辑和数据。
- 逆向工程的应用场景
逆向工程可以应用于以下场景:
1)网络安全:逆向工程可以帮助网络安全专家识别和修复漏洞,以保护系统和数据的安全性。
2)软件开发:开发人员可以使用逆向工程来理解其他人编写的代码,学习新的技术和算法。
3)性能优化:逆向工程可以帮助优化软件的性能,提高响应速度和效率。
4)学习和研究:逆向工程是一种有用的学习工具,可以帮助人们深入了解软件和编程。
- 逆向工程的注意事项
在进行逆向工程时,需要注意以下事项:
1)遵守法律法规:逆向工程可能涉及法律问题,需要遵守相关法律法规。
2)尊重知识产权:在逆向工程过程中,需要尊重知识产权,不得滥用他人的知识产权。
3)保护安全性:逆向工程时需要保护程序的安全性,不得泄露敏感信息或漏洞。
4)持续学习:逆向工程是一项复杂的技术,需要不断学习和研究,以提高自己的技能和知识水平。
实践是学习的最佳方式,下面我们将进行实际演示,以帮助您更好地理解学习内容。
我们用到的工具PythonCharm、Python 3.10.3 谷歌web
百度翻译
1.我们直接上手先打开网站,并且打开F12进行页面检查
2.我们来看一下抓包,XHR 抓包的信息,当我们点击搜索的时候抓到了3个包 开始分析
3.我们现在开始分析这3个包
langdetect : 可以直接排除
v2transapi?from=zh&to=en : 这个是我们想要的包
abdr?_o=https%3A%2F%2Ffanyi.baidu.com : 是一个加密后的内容
4.我们现在去分析v2transapi?from=zh&to=en
我们现在拿到了请求参数,但是我们需要知道那些值是会变的,那些值是不变的,变动的值我们需要去获取他的加密js
通过我们上面的对比分析我们得到了一个结论如下:
from | N |
to | / |
query | / |
transtype | N |
simple_means_flag | N |
sign | Y |
token | N |
domain | N |
ts | Y |
这样我们只需要分析2个参数 sign 和 ts 。 ts 目测是一个时间戳那我们只需要处理sign即可。
5.我们现在现在通过包的启动器来看一下堆栈的信息,Send 有两个 VM的我们就先不考虑, 我们点击后面的链接可以调到send 的js代码段
Send是发包函数,因为不止一次发包我们需要判断是否是自己的需要的包法的内容
这次是我们的包内容 我们接着往下分析
然后我们分析一下堆栈
我们可以逐步的往内去分析,看每次传入的数和返回的参数**这是逆向最重要的一点(过程就是一步步的往里找) 我们现在看到了组包,还得继续往内找, 发生事 this.paramData 来接受的请求参数 我们接着去找paramData
我们接下来调到异步,我们发现代码在debug的时候是无法调到异步代码的,我们需要先点到异步的代码段然后再重新点击页面翻译触发事件
继续分析代码,应该是快到了加密位置了,我们还需要往内寻找加密位置
果然再往内走几步我们看到了sign加密的位置
w = {
from: _.fromLang,
to: _.toLang,
query: e,
transtype: i,
simple_means_flag: 3,
sign: b(e), //通过我们的分析观察发现b() 传入的参数e 是翻译之后的中文,那我们只要拿到b()的代码即可
token: window.common.token,
domain: k.getCurDomain(),
ts: +new Date
}
控制台可以输出一下作为验证
加密代码如下, 我们现在需要把这段代码扣到我们本地跑一下看看缺什么环境
好的我们js分析结束,接下来我们直接撸代码
//我们直接撸代码吧, demo.js
/**
* @author 神荼
* @date 2023-09-07 20:30
* @desciption:
*/
window = {};
window['common'] = {
token: '3a0585c226d59a94650b71d4ffb53fa7',
systime: '1692546103353',
logid: '',
langList: {
'zh': '中文','jp': '日语','jpka': '日语假名','th': '泰语','fra': '法语','en': '英语','spa': '西班牙语','kor': '韩语','tr': '土耳其语','vie': '越南语','ms': '马来语','de': '德语','ru': '俄语','ir': '伊朗语','ara': '阿拉伯语','est': '爱沙尼亚语','be': '白俄罗斯语','bul': '保加利亚语','hi': '印地语','is': '冰岛语','pl': '波兰语','fa': '波斯语','dan': '丹麦语','tl': '菲律宾语','fin': '芬兰语','nl': '荷兰语','ca': '加泰罗尼亚语','cs': '捷克语','hr': '克罗地亚语','lv': '拉脱维亚语','lt': '立陶宛语','rom': '罗马尼亚语','af': '南非语','no': '挪威语','pt_BR': '巴西语','pt': '葡萄牙语','swe': '瑞典语','sr': '塞尔维亚语','eo': '世界语','sk': '斯洛伐克语','slo': '斯洛文尼亚语','sw': '斯瓦希里语','uk': '乌克兰语','iw': '希伯来语','el': '希腊语','hu': '匈牙利语','hy': '亚美尼亚语','it': '意大利语','id': '印尼语','sq': '阿尔巴尼亚语','am': '阿姆哈拉语','as': '阿萨姆语','az': '阿塞拜疆语','eu': '巴斯克语','bn': '孟加拉语','bs': '波斯尼亚语','gl': '加利西亚语','ka': '格鲁吉亚语','gu': '古吉拉特语','ha': '豪萨语','ig': '伊博语','iu': '因纽特语','ga': '爱尔兰语','zu': '祖鲁语','kn': '卡纳达语','kk': '哈萨克语','ky': '吉尔吉斯语','lb': '卢森堡语','mk': '马其顿语','mt': '马耳他语','mi': '毛利语','mr': '马拉提语','ne': '尼泊尔语','or': '奥利亚语','pa': '旁遮普语','qu': '凯楚亚语','tn': '塞茨瓦纳语','si': '僧加罗语','ta': '泰米尔语','tt': '塔塔尔语','te': '泰卢固语','ur': '乌尔都语','uz': '乌兹别克语','cy': '威尔士语','yo': '约鲁巴语','yue': '粤语','wyw': '文言文','cht': '中文繁体' },
account: {
is_login: '',
user_name: '',
add_name:false },
sid: '0',
locale: 'zh',
remote: {
query: '',
lang: '',
expand: ''
},
rtSwitch: 'on',
//
rtl: [
'ara' ],
langMap: {
'zh': ['en','ara','est','bul','pl','dan','de','ru','fra','fin','kor','nl','cs','rom','pt','jp','swe','slo','th','wyw','spa','el','hu','it','yue','cht','zh','vie'],'en': ['zh','ara','est','bul','pl','dan','de','ru','fra','fin','kor','nl','cs','rom','pt','jp','swe','slo','th','wyw','spa','el','hu','it','yue','cht','vie'],'ara': ['zh','en','est','bul','pl','dan','de','ru','fra','fin','kor','nl','cs','rom','pt','jp','swe','slo','th','wyw','spa','el','hu','it','yue','cht','vie'],'est': ['zh','en','ara','bul','pl','dan','de','ru','fra','fin','kor','nl','cs','rom','pt','jp','swe','slo','th','wyw','spa','el','hu','it','yue','cht','vie'],'bul': ['zh','en','ara','est','pl','dan','de','ru','fra','fin','kor','nl','cs','rom','pt','jp','swe','slo','th','wyw','spa','el','hu','it','yue','cht','vie'],'pl': ['zh','en','ara','est','bul','dan','de','ru','fra','fin','kor','nl','cs','rom','pt','jp','swe','slo','th','wyw','spa','el','hu','it','yue','cht','vie'],'dan': ['zh','en','ara','est','bul','pl','de','ru','fra','fin','kor','nl','cs','rom','pt','jp','swe','slo','th','wyw','spa','el','hu','it','yue','cht','vie'],'de': ['zh','en','ara','est','bul','pl','dan','ru','fra','fin','kor','nl','cs','rom','pt','jp','swe','slo','th','wyw','spa','el','hu','it','yue','cht','vie'],'ru': ['zh','en','ara','est','bul','pl','dan','de','fra','fin','kor','nl','cs','rom','pt','jp','swe','slo','th','wyw','spa','el','hu','it','yue','cht','vie'],'fra': ['zh','en','ara','est','bul','pl','dan','de','ru','fin','kor','nl','cs','rom','pt','jp','swe','slo','th','wyw','spa','el','hu','it','yue','cht','vie'],'fin': ['zh','en','ara','est','bul','pl','dan','de','ru','fra','kor','nl','cs','rom','pt','jp','swe','slo','th','wyw','spa','el','hu','it','yue','cht','vie'],'kor': ['zh','en','ara','est','bul','pl','dan','de','ru','fra','fin','nl','cs','rom','pt','jp','swe','slo','th','wyw','spa','el','hu','it','yue','cht','vie'],'nl': ['zh','en','ara','est','bul','pl','dan','de','ru','fra','fin','kor','cs','rom','pt','jp','swe','slo','th','wyw','spa','el','hu','it','yue','cht','vie'],'cs': ['zh','en','ara','est','bul','pl','dan','de','ru','fra','fin','kor','nl','rom','pt','jp','swe','slo','th','wyw','spa','el','hu','it','yue','cht','vie'],'rom': ['zh','en','ara','est','bul','pl','dan','de','ru','fra','fin','kor','nl','cs','pt','jp','swe','slo','th','wyw','spa','el','hu','it','yue','cht','vie'],'pt': ['zh','en','ara','est','bul','pl','dan','de','ru','fra','fin','kor','nl','cs','rom','jp','swe','slo','th','wyw','spa','el','hu','it','yue','cht','vie'],'jp': ['zh','en','ara','est','bul','pl','dan','de','ru','fra','fin','kor','nl','cs','rom','pt','swe','slo','th','wyw','spa','el','hu','it','yue','cht','jpka','vie'],'swe': ['zh','en','ara','est','bul','pl','dan','de','ru','fra','fin','kor','nl','cs','rom','pt','jp','slo','th','wyw','spa','el','hu','it','yue','cht','vie'],'slo': ['zh','en','ara','est','bul','pl','dan','de','ru','fra','fin','kor','nl','cs','rom','pt','jp','swe','th','wyw','spa','el','hu','it','yue','cht','vie'],'th': ['zh','en','ara','est','bul','pl','dan','de','ru','fra','fin','kor','nl','cs','rom','pt','jp','swe','slo','wyw','spa','el','hu','it','yue','cht','vie'],'wyw': ['zh','en','ara','est','bul','pl','dan','de','ru','fra','fin','kor','nl','cs','rom','pt','jp','swe','slo','th','spa','el','hu','it','yue','cht','vie'],'spa': ['zh','en','ara','est','bul','pl','dan','de','ru','fra','fin','kor','nl','cs','rom','pt','jp','swe','slo','th','wyw','el','hu','it','yue','cht','vie'],'el': ['zh','en','ara','est','bul','pl','dan','de','ru','fra','fin','kor','nl','cs','rom','pt','jp','swe','slo','th','wyw','spa','hu','it','yue','cht','vie'],'hu': ['zh','en','ara','est','bul','pl','dan','de','ru','fra','fin','kor','nl','cs','rom','pt','jp','swe','slo','th','wyw','spa','el','it','yue','cht','vie'],'it': ['zh','en','ara','est','bul','pl','dan','de','ru','fra','fin','kor','nl','cs','rom','pt','jp','swe','slo','th','wyw','spa','el','hu','yue','cht','vie'],'yue': ['zh','en','ara','est','bul','pl','dan','de','ru','fra','fin','kor','nl','cs','rom','pt','jp','swe','slo','th','wyw','spa','el','hu','it','cht','vie'],'cht': ['zh','en','ara','est','bul','pl','dan','de','ru','fra','fin','kor','nl','cs','rom','pt','jp','swe','slo','th','wyw','spa','el','hu','it','yue','vie'],'vie': ['zh','en','ara','est','bul','pl','dan','de','ru','fra','fin','kor','nl','cs','rom','pt','jp','swe','slo','th','wyw','spa','el','hu','it','yue','cht'] },
// 图片翻译小流量
ocrHit: '1',
aiDomainHit: '0',
// 文档 翻译小流量
docHit: true,
docLangHit: '0' === '1' ? true : false,
domainHit: '0' === '1' ? true : false,
docSid: '',
docTransWithoutLogin: '0' === '1' ? true : false,
pdfHit: true,
defaultNavList: '[2,16,1,0,3,4,6,5,7,10,8,13,14,11,12,15,9]',
ownerNavList: '[]',
transPageUrl: encodeURI(''),
headerHit: (('1' === '1') || (localStorage.getItem('header') === '1')) ? true : false,
guideInfo: '[]',
};
/**
*
* @param t 查询内容
* @returns {*}
*/
function getSign(t){
// // token为空表示第一次访问百度网站服务器端没有收到baiduid cookie,会导致翻译接口校验不通过,通过刷新解决
// if (!window.common.token) {
// location.reload();
// }
// window.bdstoken = "";window.gtk = "320305.131321201";
// </script>
// </body>
// xpath = /html/body/script[5]/text()
for (var d = 'gtk', h = [320305,131321201], f = 320305, g = [], y = 0, v = 0; v < t.length; v++) {
var _ = t.charCodeAt(v);
_ < 128 ? g[y++] = _ : (_ < 2048 ? g[y++] = _ >> 6 | 192 : (55296 == (64512 & _) && v + 1 < t.length && 56320 == (64512 & t.charCodeAt(v + 1)) ? (_ = 65536 + ((1023 & _) << 10) + (1023 & t.charCodeAt(++v)),
g[y++] = _ >> 18 | 240,
g[y++] = _ >> 12 & 63 | 128) : g[y++] = _ >> 12 | 224,
g[y++] = _ >> 6 & 63 | 128),
g[y++] = 63 & _ | 128)
}
function n(t, e) {
for (var n = 0; n < e.length - 2; n += 3) {
var r = e.charAt(n + 2);
r = "a" <= r ? r.charCodeAt(0) - 87 : Number(r),
r = "+" === e.charAt(n + 1) ? t >>> r : t << r,
t = "+" === e.charAt(n) ? t + r & 4294967295 : t ^ r
}
return t
}
for (var b = f, w = '+-a^+6', k = '+-3^+b+-f', x = 0; x < g.length; x++)
b = n(b += g[x], w);
return b = n(b, k),
(b ^= h[1]) < 0 && (b = 2147483648 + (2147483647 & b)),
"".concat((b %= 1e6).toString(), ".").concat(b ^ f)
}
/**
*
* @returns {{swe: string, tt: string, de: string, hi: string, pt: string, est: string, lt: string, fin: string, hr: string, lv: string, pt_BR: string, hu: string, kor: string, dan: string, hy: string, vie: string, fra: string, uk: string, yo: string, id: string, mi: string, ur: string, ig: string, mk: string, qu: string, spa: string, af: string, mr: string, uz: string, ms: string, el: string, mt: string, en: string, ir: string, is: string, eo: string, it: string, am: string, iu: string, jpka: string, zh: string, iw: string, cht: string, eu: string, as: string, slo: string, ne: string, az: string, fa: string, zu: string, nl: string, no: string, ru: string, be: string, jp: string, yue: string, bn: string, ara: string, rom: string, bs: string, wyw: string, ka: string, si: string, sk: string, ga: string, ca: string, sq: string, sr: string, kk: string, kn: string, or: string, sw: string, gl: string, ta: string, gu: string, ky: string, cs: string, pa: string, te: string, th: string, lb: string, cy: string, bul: string, tl: string, ha: string, tn: string, pl: string, tr: string}}
*/
function getLangList(){
return window['common'].langList;
}
function getToken(){
return window['common'].token;
}
#!/user/bin/env python3
# -*- coding: utf-8 -*-
# @Time : 2023-09-07 23:43
# @Author : 神荼
# @FileName: demo.py
# @Software: PyCharm
import requests
import execjs
import time
# 表单数据
# from: en
# to: zh
# query: my name is boy
# transtype: realtime
# simple_means_flag: 3
# sign: 274939.53962
# token: 3a0585c226d59a94650b71d4ffb53fa7
# domain: common
# ts: 1692546112860
# url https://fanyi.baidu.com/v2transapi?from=en&to=zh POST
url = 'https://fanyi.baidu.com/v2transapi?from=en&to=zh'
with open('baidufanyi.js','r',encoding='utf-8') as f:
jscode = f.read()
f.close()
resultCode = execjs.compile(jscode)
# 发送请求
def translate():
data ={
'from' : 'en',
'to' : 'zh',
'query': user_input,
'transtype': 'realtime',
'simple_means_flag': 3,
'sign': resultCode.call("getSign",user_input),
'token': resultCode.call("getToken"),
'domain': 'common',
'ts': int(time.time() * 1000)
}
# cookie 处理在js中!
headers = {
"Referer": "https://fanyi.baidu.com/?aldtype=16047",
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36",
"Content-Type": "application/x-www-form-urlencoded; charset=UTF-8",
"Cookie": "BAIDUID=CD8C185DDF3ABB443D7DD7FED7881565:FG=1; BAIDUID_BFESS=CD8C185DDF3ABB443D7DD7FED7881565:FG=1; REALTIME_TRANS_SWITCH=1; FANYI_WORD_SWITCH=1; HISTORY_SWITCH=1; SOUND_SPD_SWITCH=1; SOUND_PREFER_SWITCH=1; PSTM=1692347187; BIDUPSID=339F455E11068F738B25D80BA8768B86; ZFY=Gp6FBHx9fsNuCx32jkd6B30TcZAiTNWocTzhEFXRKH4:C; delPer=0; PSINO=3; H_PS_PSSID=36544_39226_39217_39223_38879_39038_39198_26350_39138_39224_39137_39100; BA_HECTOR=2h0gaka0842520a10l85218c1ie40gf1p; BDORZ=B490B5EBF6F3CD402E515D22BCDA1598; BCLID=10978452763884940911; BCLID_BFESS=10978452763884940911; BDSFRCVID=HnAOJexroG0ZmSbfIC4BwxYqk_weG7bTDYrEOwXPsp3LGJLVFakFEG0Pts1-dEu-S2OOogKKKgOTH6KF_2uxOjjg8UtVJeC6EG0Ptf8g0M5; BDSFRCVID_BFESS=HnAOJexroG0ZmSbfIC4BwxYqk_weG7bTDYrEOwXPsp3LGJLVFakFEG0Pts1-dEu-S2OOogKKKgOTH6KF_2uxOjjg8UtVJeC6EG0Ptf8g0M5; H_BDCLCKID_SF=tRAOoC_-tDvDqTrP-trf5DCShUFsBP6CB2Q-XPoO3KJADfOPbxrTjMDW2brDahRf5mkf3fbgy4op8P3y0bb2DUA1y4vp0toW3eTxoUJ2-KDVeh5Gqq-KXU4ebPRiB-b9Qg-qahQ7tt5W8ncFbT7l5hKpbt-q0x-jLTnhVn0MBCK0HPonHj_Bej3L3j; H_BDCLCKID_SF_BFESS=tRAOoC_-tDvDqTrP-trf5DCShUFsBP6CB2Q-XPoO3KJADfOPbxrTjMDW2brDahRf5mkf3fbgy4op8P3y0bb2DUA1y4vp0toW3eTxoUJ2-KDVeh5Gqq-KXU4ebPRiB-b9Qg-qahQ7tt5W8ncFbT7l5hKpbt-q0x-jLTnhVn0MBCK0HPonHj_Bej3L3j; Hm_lvt_64ecd82404c51e03dc91cb9e8c025574=1692342528,1692533266; Hm_lpvt_64ecd82404c51e03dc91cb9e8c025574=1692546105; ab_sr=1.0.1_OWI5NjZiOGQ1N2E0YTc2Yjg1ZDE2YzZmMmQzZjM4ZDI0NjgyZDg2ZjEzMTViMTJlMzg1NzI0ZDA3N2Y2YTQ2ZmFlOWI1ZGU4NjcxZGQwYjc1YzVjYTUyNmNjYmUwNTlkOWFlYTI1MDVjNjE2MjNjZmIwOGE4YWRlODcwOTdiNzMwMzM4MzcwMDMyM2Q2Y2ZjZDFjOGFiZmRiZTY2OTgwOQ==",
}
resp = requests.post(url,data=data,headers=headers)
trans_result = resp.json()["trans_result"]
print(trans_result)
# 循环处理需要翻译的内容
while True:
user_input = input("请输入需要翻译的内容(输入'exit'退出): ")
if user_input == 'exit':
print("程序已退出。")
break
try:
translate()
except ValueError:
print("输入'exit'退出。")
最后我们来看一下代码执行效果
大功告成~~~