地址:https://match.yuanrenxue.cn/
题目1:抓取所有(5页)机票的价格,并计算所有机票价格的平均值,填入答案。
考察方向在题目上有提示,文章中不再提出。
思路分析
首先,进入到第一题的页面后打开开发者工具进行分析。其页面如下所示:
目标为计算出所有机票价格的平均值,从页面结构很明显地能够看出共有5个页面(本站基本上都是5个页面),所以一共是需要对5页的数据进行采集。
找目标数据
目标数据就是每一页的机票价格,按照固定的模式进行分析,先看是否是位于HTML文本中,如果没有再去考虑异步加载,此处数据为异步加载的,所以定位到XHR中去分析包。
这里明显的数据位于箭头指向的数据包,要确定下来只需要进行翻页或者刷新即可,本身加载的数据包是比较少的,所以确定目标数据包比较容易,不再详述过程。然后结合其请求头开始构造出初步的代码,当然也可以先分析完网站后再去构造代码,此处由于涉及的参数较少,所以我们直接一边构造代码一边分析网站。请求头基本信息如下所示:
根据headers初步编写Python代码,url中有一个params参数,所以构造的时候可以先提出参数,只留下访问地址(因为这个参数一看就是动态变化的,可能需要我们进行逆向,就算不是也可以构造成params参数后避免url过长导致代码不够整洁,而且除了参数m之外还存在page参数控制页数):
import requests
headers = {
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36",
"Cookie": "sessionid=z6vaj6efnn6k38udtl8gf74z36zfq6qr"
}
params = {
"page": "",
"m": ""
}
url = "https://match.yuanrenxue.cn/api/match/1"
for i in range(1, 6):
response = requests.get(url, params=params, headers=headers)
print(response.json())
至此,代码初步结构就出来了,但是执行会发现输出的结果为{'error': 'token failed'},经多次请求其实不难发现m的值在动态发生变化,所以是能够判定下来m就是我们需要构造的目标参数的!!!
参数生成逻辑分析
接下来的目标就是要找出这个m的生成算法,首先进行全局的搜索,根据往常的方法可以搜索参数名,但是参数名只有一个m,因此不难想象搜索出来的结果是非常多的,该方法直接排除使用,其次是特殊符号搜索,在这个参数中有一个特殊符号丨,所以也可以对该符号进行搜索,但是尝试的话是搜索不到任何内容的(因为源代码是混淆乱码的,所以搜到的可能性为0),那么就要考虑直接去查看这个包的堆栈了。来到initiator中,如下:
由于params参数是封装到请求体中发到服务器的,所以,参数m的生成必然是在请求前,因此可以直接来到请求时的这个栈中进行查看调试。
过来后可以看到代码是进行混淆了的,不过好在这里的逻辑比较简单,慢慢梳理的话也花费不了多少时间,更何况在这里还有一个非常耀眼的十六进制符号码'\u4e28',就算大家不认识那么在硬刚这段代码的时候也是需要将这些unicode码转换还原的,而还原过来后这个'\u4e28'就是一个丨符号,所以后面的我们就不用去管太多了,先把目标暂时放在这个位置,打上断点再去考虑其他,而从这里不难发现变量_0x57feae和变量_0x2268f9的生成逻辑就是在上方代码中紧挨着。接下来就是要看看这两个变量是否能够满足参数m的结构,满足的话那这里就必然是该参数的逻辑了。打上断点开始分析吧。
两个变量的值如上图控制台中所示(动态变化的,每次请求会有所不同,所以不要看到与文章中不同就认为不是),到这里的话其实就不难分析了。
_0x2268f9分析
先来看_0x2268f9这个变量,其生成的逻辑为:Date['\x70\x61\x72\x73\x65'](new Date()) + (16798545 + -72936737 + 156138192),将\x70\x61\x72\x73\x65进行还原如下图:
可知:_0x2268f9=Date['parse'](new Date()) + (16798545 + -72936737 + 156138192),那么答案就呼之欲出了,这明显就是一个不太常用的时间戳获取方法,精确度在毫秒位被转换为000,同时加上(16798545 + -72936737 + 156138192)构成了最终的值。
_0x57feae分析
在_0x57feae赋值处打上断点然后重新请求,这里可以看到该参数是由函数oo0O0调用后生成,将参数还原后可知其为oo0O0(_0x2268f9['toString']()) + window['f'];
跟栈过去查看oo0O0函数的逻辑。
可以看到该函数是位于script标签中所以需要对其进行简单处理,这里我们可以把这一行的代码完全扣下来进行反复的格式化来进行提取。提取出来的代码如下:
function oo0O0(mw) {
window.b = '';
for (var i = 0, len = window.a.length; i < len; i++) {
console.log(window.a[i]);
window.b += String[document.e + document.g](window.a[i][document.f + document.h]() - i - window.c)
}
var U = ['W5r5W6VdIHZcT8kU', 'WQ8CWRaxWQirAW=='];
var J = function (o, E) {
o = o - 0x0;
var N = U[o];
if (J['bSSGte'] === undefined) {
var Y = function (w) {
var m = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=',
T = String(w)['replace'](/=+$/, '');
var A = '';
for (var C = 0x0, b, W, l = 0x0; W = T['charAt'](l++); ~W && (b = C % 0x4 ? b * 0x40 + W : W, C++ % 0x4) ? A += String['fromCharCode'](0xff & b >> (-0x2 * C & 0x6)) : 0x0) {
W = m['indexOf'](W)
}
return A
};
var t = function (w, m) {
var T = [], A = 0x0, C, b = '', W = '';
w = Y(w);
for (var R = 0x0, v = w['length']; R < v; R++) {
W += '%' + ('00' + w['charCodeAt'](R)['toString'](0x10))['slice'](-0x2)
}
w = decodeURIComponent(W);
var l;
for (l = 0x0; l < 0x100; l++) {
T[l] = l
}
for (l = 0x0; l < 0x100; l++) {
A = (A + T[l] + m['charCodeAt'](l % m['length'])) % 0x100, C = T[l], T[l] = T[A], T[A] = C
}
l = 0x0, A = 0x0;
for (var L = 0x0; L < w['length']; L++) {
l = (l + 0x1) % 0x100, A = (A + T[l]) % 0x100, C = T[l], T[l] = T[A], T[A] = C, b += String['fromCharCode'](w['charCodeAt'](L) ^ T[(T[l] + T[A]) % 0x100])
}
return b
};
J['luAabU'] = t, J['qlVPZg'] = {}, J['bSSGte'] = !![]
}
var H = J['qlVPZg'][o];
return H === undefined ? (J['TUDBIJ'] === undefined && (J['TUDBIJ'] = !![]), N = J['luAabU'](N, E), J['qlVPZg'][o] = N) : N = H, N
};
eval(atob(window['b'])[J('0x0', ']dQW')](J('0x1', 'GTu!'), '\x27' + mw + '\x27'));
return ''
}
调用函数,其中mw的值为从入口处可以知道为_0x2268f9也就是一个时间戳,所以传进去调用如下:
那么接下来就是补环境了,缺什么就补什么。补完后代码如下:
window = global;
window.a = 'isM\x81RQsxrU]xtDhMbZ\x8BJrrd\x83v\x88xP\x84ii\x8Fuyp\x91x]\x85\x94\x90\x97q\x9A\x92z}®\x9A g°\x87¤¯©¡\x95tª¥\x89¯º§¯\x89·£¢³²¯¥ \x81\x9C\x99\x98ĺ\x89¡Ä½¢±Õ¿Ç¡É¹\x98ײÓÏÔÎÓÖÏ¡¹Üɤ¤ßÃÉßòÝÂÄõÖëëõãÅëìÐÙÿðÕ÷ăøïûóÀòÕăþöÞáĒþăĆČăõùÑăďñÔĆýàĝòñôÞûôèĤċöĈģĎĉģïĜħđìġĖĉĵĊĉčĴħijľŁĢĴĤüĘĕĝņĴĿĩĺķĭĨĉĤĢĩČŀňĩʼnłĹĘŗİĭĬŘĵıİšŏĵŅťŋĥŅţŀţŅŧŜŨʼnIJňőūĹśŰřŹŞĹřŸūļĿųŰŁšƉũńńſţũſƀŤŲƏƕŷŶűőƄƏŗƋžƓƓƝƋŮŵƦƑŶŸƟƊŤŬƭƏƌŰƬƓžƐƫƠűƑƹƎƯƍƴƧƳƾƷƢƝƶƿƦơƄǃƫƩƈǂƹƝƾljƲƌǃǕǀƑǎǐƬƺƔǑljƽƜǒǍƱǗǢǏǗƱǟNjNJǛǚǖƽƨǠǒƫƴǰǗǂǔǯǚǕǻǭǐǞǻȁǣǢǝƽǰǻǃǷǪǿǿȉǷǚǡȇdzDzȂȋǶǐǘșǻǸǜȓȇǽǭȒȁǜǜȗǻȁȗȘǽǹǼȤȀȎǨȥȝȑǰȦȡȅȫȶȣȫȅȭȓȰșȮȪȑǼȴȦǿȈɄȫȖȨɃȮȩɏɁȤȲɏɕȷȶȱȑɄɏȗɋȾɓɓɝɋȮȵɕȻɘɀɟɊȤȬɭɏɌȰɧɛɑɁɦɕȰȰɫɏɕɫɬɑɍɐɸɔɢȼɹɱɥɄɺɵəɿʊɷɿəʒɽɢɥʂɾɥɐʈɺɓɜʘɿɪɼʗʂɽʣʕɸʆʣʩʋʊʅɥʘʣɫʟʒʧʧʱʟʂʉʺʥʊʌʳʞɸʀˁʣʠʄʻʯʥʕʺʩʄʄʿʣʩʿˀʥʡʤˌʨʶʐˍ˅ʹʘˎˉʭ˓˞ˋ˓ʭˠˇʲ˅˖˕˟ʤ˚˙ʽˍ˲˝ʽˢˬˢʱˉˬ˥ˊ˙˽˧˯ˉ˷ˣˢ˳˲˯˥ˠˁ˜˕˝˼ˮ̃ˤ́ˤˮˋ˕˦̗̈̊ˮ˦˨˕˲˪̒˜˶˜˹̗˺̘̝̜́̊˵̢̟̠̃˪̆ˬ̔˯̗̂̈˴̛̖̈˷̸̟̰̪́̒˼̵̷̵̵̛̹̱̥̺̙̙̻̥͈̯̱̭͚͎̝̭͎͎̣͈̤̬̼̄̿͊̿͂̍̐̐͋͋͛ͨ̿͊͘ͅͱ͈̾Ͳ̴͈́ͧͲ͕͌͘;͒ͯͲ̿ͬ͐;ͻ͑͘ͷ͜Όͬ̈́ͪ͋̓ͩ͠΄ΆΌͭ͢Ζ͐ͬ͵ΖΜͳͬ͗͡ΊΤΟ͞ΆΆΗΓάͣάΰ΄α·ΎͬΊΒΪκΐ͵ΝάΨίΉνΙΝͻυΛψΔΞόΠΈΣϐςΏνχΡϕΦΥΏΙέζΨΗβϠΰΙθήμϤμςπΧϕϟιϭξνϮαφϤϞϴϋϸόϺϐφϦθϔθϡϾϬϳϳξϦϦϘϷϫЌσЋϤψϺϐϼϝϐЏϷϵϔЎЅϩЊϛϿПКϡ϶ϾЄМВϡЉИДЛϵХЅЍϯϯНЧЁеІЅЦϹУЬз϶ООАЯУдϼрМЁЩидлЕрХЭюЏлєЌѐзТецлямѓчџџѝебЛџябѧѧшФіѦтмЧѫчѳѲѰыѨѦѷѐіѦжєњєкєўѿѿѝѥрѻџѨьҁѯѿѿҋѥѡѓҏѿ҇җҔѭѪѥ҆ѿҟҚҠҁѽҢҤѺҗҦҤѾҬҚѩ҃ҊҐѨ҇ҎҢѮ҈ҒҳҴґҙѴүғҜҀҵңҳҳӀҙҕӆӃҳӋӋӉҡҞҙҺҳӓӎӕҵұӖӘүӛӚҖҲҪӀӠҶҮӀҠҺӂӚӠӀҤҧҭӗӍӈҩӑҬӕөӈӅҳӳӣӕӻӷӑӍҿӻӬӐӿӺӘԈӝӴӝӖӜԍӡәӇԐӦӞӬӌӫӲӨӑӮԜӰԛӰӺԛԞӹԁӜԗӻԄӨԝԋԛԛԪԁӽӫԫԛԍԳԯԉԆԁԢԛԻԶӴԝԙԾӻԕԍӻՄԛՈԨԀԞԦԺԈԤԪԺՈԨԌՒԕԿԵԑԹԔԽՑԭ՞՛ՋգգաԹԵԟգՔԸէբՀհՍ՜ՅԾՀյՉՂՄչՎՆՄջՔՊՈԸՖմդռ՜ՀԿՉճթդՅխՈձօդաՋ֏տա֖֗խթ֗ֈլ֛֖մ֤օչղմգսյգ֬փպֲ֚ֆ֤ֈִ֊ַָָֹ֖֕֝ոֳ֗֠քַַֹ֧ׅ֝֙փַׇ֥֢֙֝־ַחגֵֹ֓ךםֲמלַ֮׀ֲֺ֥֟ׄ׀ֶ׀פֱׄ֨֯כב֭וְיֻקׯובװהל،סך؋צתענؚׯ״׳؏ؒן؋לؠ؇ײؖ؋؟،أؗدخׯد؟ؑططؘ״ئضؔػؖ؞ؔؿؙآؔ؟ئغآتب؈ئخؾٌجؐ؏ؙكعشؕؽؘفٕشر؛ُٟر٧٦ؽعا٧٘ؼ٫٦لٴـٳّٕٶٸُٻٺٸٓيِٿٗٴ٘ټٜـكىٳ٩٤م٭وٱڅ٤١ُڏٿٱڗړ٭٩ٛڗڈ٬ڛږٴڤٰڤڅځڦکپڛڪڨڂڊڢ٭چپڌڳڋڂڄٲڎګڮٻڧۀٸڼڣڎڡڲڧڻڨڿڳۋۋۉڡڝڇۋڻڝۓۓڴڐۂےڮڶڭۈڱڪۊۛڶھےۣڻڲۈڢھڶیڨۂ۟ۢگۛھڬ۰ۗۂەۦۛۯۜ۳ۧۉۿ۾ەۑڿۿۯۡ܇܇ۨۄ۶܆۪ۢۥۼۥ۞۠ܕ۩ۡۏېۮۦ۰۔۲ۺ۬ܟ۶۽ܖۣ܂۠ܤ܋۶܉ܚܣܐܧܛ܍ܳܯ܉܅۷ܳܣܫܻܻܜ۸ܪܺܖܞܝܰܙܒܔ܃ܝܕ܃ܣܪܘݑܦܞܜݕܪ݈݊ݗܬܶݗݙܵܽܘݓܷ݀ܤݙ݇ݗݗݥܹܽܣݧݗܹݯݮ݂݅ܽݞݗݷݲݸݏݘܳݷݒݰݐݻݖݞݔކݛݸݤފݟݦݠލݤݩނݏݻޔސݷݢݵކݻݔކޓއޟޟޝݵݱݛޟޏݱާާވݤޖަނތݧޫއލްފޒޘݱޏޮݶޓޚތޔޞޝޥހޟިތ߂ޯߏߋޥޡޓߏ߇ߗߔޭުޥ߆ߟߚޚ߁ߢޡޱޟߨߌީ߃ߊ߰߇ߤ߈ߵ߈ߒ߳ߴߑߙ߯ߓߜ߀߶ߣࠃ߳ࠀߙߕࠆࠃ߳ࠋࠋࠉߡߞߙߺ߳ࠓࠎࠔߪߴߏࠓ߮߶ߴࠗ߳ࠐ߸ࠢ߷ࠤ߰ߟࠨߴࠪࠆࠧࠩࠅࠍߨࠣࠇࠐߴࠪࠗ࠷ࠧ࠵ࠍࠉ߳࠷ࠧࠉ࠾ࠕࠒࠍࠧࡇࡂࡇࠩࠥࡊࡍࠢ࠙ࡎࡌࠦࡔ࠾ࡖࠬࠢࡊࠓࠤ࠰࠺࡛࡞࠹ࡁࠜࡗ࠻ࡄࠨ࡞ࡋ࡛ࡪࡁ࠽࡛ࠫࡍࡳࡉࡆࡁࡢ࡛ࡻࡶ࠵࡙ࡾ࠹ࡕࡍ࠻࡚ࡒࡔࡁࡦࡺࡆࡤࡪ࢈ࡨࡌࡕࡿࡵࡰࡑࡹࡔࢇࡰ࢛࢞ࢋࢣࢣࢡࡹࡵࢣࡸࢧࢢࢀࢰࡼࢯࢍࢲࡱࢉࢂࢌࡴࢎࢆ࢈ࡶࢊࢮࣂ࢞ࢿࣀ࢝ࢥࢀࢻ࢟ࢨࢌࣂࢯ࣏ࢿ࣌ࢥࢡ࣒࣏ࢿࣗࣗࣕࢭࢪࢥࣆࢿࣟࣚ࣠ࢷࣀ࢛ࣟࢺࣂࣀࣣࢽࣆ࣌ࢦࣂࢺࣈࢫࣈࢾࣈࣶ࣑࣋࣪ࢷࣣ࣬ࢴ࣮ࣣࣸࣟ࣊ࣝࢼ࣮࣯ࣻࣷइऄࣝࣙऊइࣷएएएࣰ࣌ࣾऎ࣏࣫ࣤओ࣮ऌࣤगࣱࣺࣸटࣷࣾऀदࣻनख࣠ऀࣵञ࣫गरࣨबओࣾऑढगࣰढयणऻऻहऑऍࣷऻफऍृृतऀलूठनःेणऩॎउधॄूऌफढसऐमड़ॊ॔ऴघफ़डोु़झॅठ॓फ़़ह४१ॗ९९७ॅुफ९ॠॄॳ८ौॼैऴढ़ख़ॾऽॕ्ऻग़॒॔ॅॠॖ॔ॣঀংএ।८এঐ७ॵॐঋ९ॸड़ॿটএজॵॱঢটএধধথॽॺॵখএযপললঋঁশখপॷীঠূঘঞতৄঘঢৃডিণবঐৃথএৃথমৃৣঠু০৩া৪৬ূ৲েৎৈ৴োী৸ৌ৷৺ঢ়স৳ৗৠৄ৺১ਇ৷ਆঢ়েਇ৷৩ਏৢঢ়৾৷ਗਘ৮ਗ৳৹ਞਜ৶৾ৼড়৻৲ਈ৾ਆ০ਃਯਢ৯ਛ৾৬ਰਗਂਕਦਛ৴ਦਲ਼ਧਉਿਾਕਿਯਡੇੇਨਸ਼ਢੂਇੋਨਭਫਲਤਐਮਦਰਗਪਸਸਜਛਥੀਡਤੀਧ੫ਜ਼ੳੲਲ਼ੳੈੲ੫੬਼ਖ਼ਫ਼ઌ੨ੈ੧ઔ੨ઌ੬ਖ਼ઃੴઋખੴੱટએઁધણ੫ધઘફદવકઑશહઅસચલુખઞઔૃછૈલટકાઋષૐઈૌળઞૂાથૃભગોભૣૣૄઠૢિૈણ૧ૃહ૮૬રોૌસૠૄૻ૮ଃોଇ૿ଏଌૢ૾ଗૹଚଜૹଞଜଔ૬ଥૺଘૣ૿૦ଂଯଢ૯ଛ૬ରଗଂକଦଢଉପଳଧଙିକଃିଯଷେେନଶଢପଝ଼ଥଞଠଢତଔମଡ଼ଲୠନଙଷଡ଼଼ଠଣୄଥ୍ନୟ୧ୄୁଯ୯ୟ୷୳୍୷୨ୌ୶଼ୡஆஉஊஈୢஐ୬ஒ୦ஆ୍୫୲ஐ୰ଢ଼இଡ଼ஓ୵୧ணஓநமஜயபஈஸஅதஆஔஷசஜேடஔதஈறவஐேனௗேவறௐழ௬ு௰ாீ௵ோ௸ைழௐௐ௸௯ு௩ఃேఋఓఒ௩ఓఄ௨గఒ௰ఠఋఌ௵௮௰௹௱నఆఈఄఊచ௪ఆఴఄబఌ௰௳௹ణఙఔ௵ఝ௸యషఔియడేృఝఙఋేసజోెతఠవఱౖౙమౚౘలనఝషమ౦లైఠావఫన౬ాౢ౦౯ౣ౻౻౹్ష౻౫్ಃಃీಂ౦ౡ౸ౡౚ౨ಋ౧಄ಂಔ౪ಈಂౕ౮ಆ౺ಛಛ౹ಁಗ౻಄౨ಟಒಛಧಁ౽౯ಫಛಣಳರಉಆಁಢಛಶಝಙಾೀಖಝೂೀಚೈತ಄ಟದಠಇಢೀಠತಮಭವಐೋಯಸಜೆವಱೢ೧೧ಽವೖ೯೪ೲ್ೲೋ೧ೌೊ೮ഀೞ೮ುೢഃഅೡ೩ೄೣ೬ഇೝഃ೩ഓഃഛചೱ೮೩ഊഃണഞೞഅഁദഩഫപ೧ഃഠറഈഎഀഌപണ഼സടഊഝമപല഻യേേഝങഃേഷങ൏൏രഌാൎബഴഏയഥ൚൘ളസൟശൄജ഻ലൖണ഼െ൧൧്നൣേഴ൫൞ു൧൳്഻൷൧൯ൿർൕ്൮൧ඇංඈ൞ൾൃඇൢ൪൜උ൮൬ඕ൪൲ආ൯൶ඊඞ൳൹ඒൟඋൾ൜චඇ൲අඖඒ൹කඣඉදණඅඁ൳දඟටභභ൴ඦබඒකඝඬඕඎඐൾඒඤ්ඞඖබජවඬෑඦඝෆඓඐුරඦඹ්ෆතීඹඵ෦ී෫෫෫ඨේ෪ෆ෦ණ෯්෨ෳූ෮ඹීේුขෘලේෳฌහจ෯ේ෭ฆซททต෭෩ීทง෩ฟฟොฎพ෴ෟรปสศขชย෬งฤจำฌขฐฌถืืตฝำทภคฮมืใฝนซ็ื฿๏์ลยฝื๗๒ณูี๚าษึิพฺโิยๆไใ้ฯ๛๎ฬ๗โ๕๙๙๕๑ใງງไຆํ๏ຘ๖ຠ๘ຂຣລກຉຟຌຨບຍຣັຉຳຣົ຺ຑຎຉສຣໃລມໆ້ພລ໊່ຣສ຺ຈ໔ຬ໓ຫາິ໐ະດປຝຽຸນແຜ໗ໜຸີວ໓ແຽໜເ່ໄ໙໕ຶ໑໊໌ົ໖໎໌ຼໜ໒ແໟ༌໘༄່༎໑ໍ໐་༐༚༗༇༟༟༝༟༐༣༞༬༁༘༁༯༅༴༌༂༪༏༆༔༓༰༈༔༞༿ཀ༝༥ༀ༻༟༨༌ང༶༩༿ཌ༥༡དྷཏ༿བྷབྷཕ༭༪༥ཆ༿ཟཚའ༶༰༛ཟ༺གངལ༽ཆ༸ཫགྷཊ༼༩ཆཤཬཌ༰༳༹ལཙཔ༵ཝ༸ཱིླྀཔད༿ཿཡ྇ྃཝཙཋ྇ླྀཛྷྋ྆ཤྔཡྀཀྵརཨཥནྜྷིཪོམླྀཾུྥཻྨྚཥོ྆ྦྷྪ྅ྍཨྣ྇ྐུྫྷྞྑྦྷྶྍྉཷྷྦྷྙ྿ྻྕྒྍྮྦྷ࿇࿂྄ྩྥ࿊྆ྡྚྜྌྦྷ࿔ྨ࿖ྪྲྫྷ࿚ྯྶ࿎࿔ྴྡ࿋࿁ྼྜྷ࿅ྠྼྐྵ࿗࿅࿁ྫ࿄࿌࿈ྵ࿙က࿖ဂက࿚ဈ࿐࿂࿘࿇࿚ဈ࿌࿋࿕࿑࿔ဏန࿗ရဋဣဢဣနဧဢကူထလစကဉခးဏဖလျဒယဲဖ၄ဲ၃ဘဢ၃၅အဩငဿဣာတ၈်ိ၃ၑဩဥဏၓ၃ဥၛၚေီဩ၊၃ၣၞၤ်ဟဟၣှၜးၧ၂၊၄ၯ၈၎၀ိ၊ၒၘူၐၕၮျၧႀးၼၣ၎ၡၲၮၥၺၿၳႋႋႉၡၝ၇ႋၻၝ႓႓ၴၐႂ႒ၯၨၓ႗ၳႏ႞ႜၶၾၼၝၻႂၸႪၾၶ႖ႫႀႊႫႫႉ႑ၬႧႋ႔ၸႰႢ႕ႫႷ႑ႍၿႻႫႳჃჀ႙႖႑ႲႫႢႬႇႦႮႜႩႲႤიႮႤოႲႺႨტႷფზნႼႠ႟ႩდჄႥჍႨუშჄჁႫჯჟჁჷჶჍႷჷშ჻ჶეᄄვჰკგეჁოზჶᄌფლჺყᄔფჍწჱᄊთᄃᄌეᄘჿცჽᄎᄊᄁᄖᄛᄏᄗᄧᄤჽჹᄪᄧᄗᄯᄯᄯᄐწᄞᄮᄌᄔჯᄳᄎᄬᄈᄷᄑᄚᄔჸᄖᅄᄜᄀᄛᄢᄤᄁᄞᄥᄾᄋᄷᅐᄈᅒᄲᄱᄵᅈᄵᄐᄥᅋᄻᄥᅋᅚᄱᄭᅖᅘᄸᄜᄟᄥᅐᄠᄵᅝᅋᅈᄬᅜᅏᄽᅈᅧᅛᅣᅳᅫᅈᅒᅳᅴᅑᅚᅑᅬᅟᅳᅝᅮᅢᅡᅝᅷᅘᅕᄿᆃᅫᅻᅾᅋᅷᅚᅈᆒᅲᅱᅵᆈᅵᅐᅥᆋᅻᅥᆋᆗᅱᅭᅼᆘᆏᆂᅵᆘᆑᅶᆅᆩᆓᆛᅵᅶᆘᆤᆁᆠᆞᆍᆣᆲᆉᆅᅳᆳᆣᆕᆻᆷᆐᆞᅸᆵᆭᆡᆀᆶᆱᆕᆻᇆᆳᆻᆕᇈᆯᆚᆭᆾᆲᆌᆌᇑᆨᆥᇆᇓᆻᆵᇛᇏᆱᆭᆴᇛᇃᇣᇣᇙᆸᇆᇣᇩᇋᇊᇅᆥᇘᇣᆫᇟᇜᆬᇁᇩᇗᇔᆸᇨᇛᇉᇔᇳᇞᇳᇳᆸᇡᆽᇕሂᇯᇑᇷሊᇪᇩᇭሀᇭᇈᇝሃᇳᇝሃሖᇶᇵᇹሌᇹᇔᇩሏᇿᇩሏሔᇵᇱሒሜᇹᇶᇽመላሟሉሚሎልሉሣሄሁለሯሗሧሪሰልሉሦሴሑልመሸሯሡሥᇽሯሻምሀሲሩሌሞምለቃሧሰሔሷቇቇርሩሼቆስሱቀቁቧሼቊቧቭሩቜቧሯባቕቐሱሴቑቸቧቯቮቷባታብቾቘቦኆቿቜቚቈኁበቩቱቤቭናኊቩብቸናቻትኛኔቱቭኘኁኅቝኛችበኒቬኩቾችቨኣኇነቴኪኗኧኮኍኜኦኹንኑአኮኡኜኪውኯኮኩኼዃኵኰኑኹኔዘዏዎዃዓዅዝኸዦዟዒያዌዣዛዣዦየዄውዳዪዉዅዘዳዛዕዻዴዑውዮዸዯዡዥኽዯዻዝዀዲዩዌጉዞዝወጃዧደዔጋዾዡጇጎይዩዼጆጟጟጙድዱጀጟጎጁጧጟዼጊጧጭጏጎጉዩጜጧዯጣጟጕጐዱጙዴጸጧጯጯጵጡጷጿጱጮጷፇጾጝጙጬፇጯጩፏፈጥጡፂፌፃጵጹፃፏጱጔፆጽጠ፝ጲጱጜፗጻፄጨ፠ፒፅ።ፁጽፐ፫ፚ፳፳፭ፉፅፔ፳።ፕ፻፳ፐ፞፻ᎁ፣።፝ጽ፰፻ፃ፷፳፩፤ፅ፭ፈ፥ᎌ፻ᎃᎃᎎ፵ᎇᎇᎍᎇ፥ᎋፏᎆᎏ᎒᎘፵፱ᎎᎇ᎗Ꭷ፹Ꭷ᎖፹Ꭳ፱᎓Ꭸ᎑Ꮁ᎖፱᎑ᎰᎣ፴፷Ꭻ፸ᎀᏁᎣᎠᎄᎻᎯᎥ᎕ᎺᎩᎄᎄᎿᎣᎩᎿᏂᎥᎡᎴᏌᏂ᎑ᎹᏈᏄᏋᎥᏐᎵᎾᎵ᎘ᏌᏔᎵᏕᏎᏅᎤᏣᎼᎹᏀᏤᏄᎨᏣᏥᏄᏁᏐᏱᏟᏅᏕᏵᏛᎵᏕᏳᏕᏰᏌᎺᏔᏢᏸᏝᏥᏝᐆᏴᏩᏺᏭᏨᏉᏤᏡᏰᐏᐗᏔᐓᏻᏹᏘᐒᐉᏭᐎᐙᐂᏜᐓᐥᐐᏡᐞᐠᐗᐊᐍᐜᐘᐟᏹᐠᐉᐏᐁᐵᐠᐫᐅᏵᐌᐆᐈᐐᐙᐿᐳᐙᐟᐑᑅᐰᐻᐕᐅᐜᐖᐘᐆᐠᐪᑋᑅᐻᐍᐤᑋᑁᑋᐥᑙᐪᐩᐬᐝᐲᐪᑛᑑᐹᐮᐰᐞᐼᐠᐸᑢᐼᑫᑟᐫᑎᑌᑫᑡᑑᑎᐬᑨᑔᐰᑉᑤᑙᑬᑮᑻᑔᑚᑜᒁᑖᑴᑜᑀᑛᑸᒃᑻᑨᑄᑝᑸᑥᑭᑭᑺᑲᒆᑌᒁᑪᑲᑴᑐᑰᑶᑸᑕᑳᒐᒎᒡᑸᑲᑜᑞᒆᒆᑸᒗᒋᒬᑤᒞᒗᑩᒁᒤᒑᑬᑬᒧᒋᒑᒧᒨᒍᒯᒑᒺᒧᒳᒕᒰᒭᒍᒳᓆᒱᒖᒘᓉᒪᒿᒿᓉᒷᒙᒿᓅᒤᒭᓆᓏᒫᒲᒤᓙᒬᒔᒼᓙᓇᒭᒽᓝᓃᒝᒽᓛᒸᓛᒽᓟᓔᓠᓁᒪᓀᓊᓫᓱᓓᓒᓍᒭᓠᓫᒳᓧᓚᒴᒼᓽᓟᓜᓀᓼᓣᓎᓠᓻᓧᓑᓄᓺᓳᓄᓈᓾᓮᓮᓨᔇᓳᔓᔆᔏᓫᓲᓤᔙᓬᔜᓨᔝᓴᓩᔓᓡᔃᔘᔁᔡᔆᓡᔁᔠᔓᓤᓧᔛᔘᓨᓽᔥᔓᔐᓴᔤᔗᔅᔐᔯᔚᔕᔻᔯᔐᔞᔻᓺᔢᔢᔔᔳᔦᕈᓿᔿᔪᔥᔬᔆᔣᔪᔬᕒᔧᔭᕆᕎᔨᔥᔰᕍᔯᕌᔸᔕᔲᕠᔼᕘᔸᔝᕅᕔᕐᕗᔱᕙᕁᕅᕛᕜᕅᕠᔫᕰᕇᕣᕦᕮᕈᕅᕐᔫᕑᕬᕈᔶᕐᕙᕺᕷᕢᖄᔿᔷᕚᕢᕨᖀᕠᕅᕝᖀᕹᕞᕭᖑᕻᖃᖃᖅᕭᕢᖖᖘᕯᖋᖏᕜᕰᕭᕴᖕᕷᖔᖀᕝᕺᖨᖄᖠᖗᖉᖍᕥᖗᖣᖅᕨᖚᖑᕴᖱᖆᖅᖉᖰᖥᖈᕼᖽᖧᕸᖾᖷᖢᖝᗃᖵᖘᖦᗃᗉᖫᖪᖥᖅᖸᗃᖋᗇᖲᖮᗒᖔᖶᗇᗋᖘᖬᖩᖨᖏᖵᗐᖛᗗᖶᗤᖴᗠᗆᗗᗚᗠᗗᗉᗍᖥᗗᗣᗅᖨᗚᗑᖴᗱᗆᗆᗍᖰᗤᗬᗍᗭᗦᗝᖼᗻᗔᗑᗜᗼᗲᗁᗩᗸᗴᗻᗕᗾᗥᗫᗝᘑᗼᘇᗡᗑᗨᗡᘊᗗᘅᘏᗩᘝᗮᗭᗬᗡᗴᗮᗰᗤᗽᗵᗽᘟᘔᘠᘁᗪᘀᘉᗧᘰᘈᗬᘕᘲᘠᘧᘧᗲᘚᘚᘌᘫᘞᘰᗷᘿᘘᗼᘔᘄᘧᘑᘄᙃᘫᘩᘈᙂᘹᘝᘾᙉᘲᘌᙃᙕᙀᘑᙎᘗᘺᙋᙖᘝᘾᘘᙏᙡᙌᘝᙚᙜᙒᘠᘽᙒᙊᙜᘧᘟᙃᙌᘨᘰᙉᙍᙣᙧᙉᙫᙍᙯᙚᙚᙍᙈᙧᘸᙙᙴᙚᙢᙜᙻᙦᙷᙈᙺᙲᙚᙝᚎᙺᙿᚂᚅᙲ᙭ᚆᙔ᙭ᙡᚇᚉᙫᙶᙰᙰᙾᙘᚡᚃᚂᙽᙝᚐ᚛ᙣᚗᚊᙥᙤᚡᚙᚍᙬᚢᚁᚧᚲᚧᚁᚩᚢᚙᙸᚷᚒᚴᚕᙸᚬᚳᚳᚶᚘᚦᛃᚂᚪᚪ᚜ᚻᚯᚚᚇᛁᚢᛄᛏᚎᚶᚶᚨᛇᚺᚶᚓᛓᚲᚺᛞᚠᛂ᚜ᛓᛥᛐᚡᛞᛠᚽᛆᚸᚫᛏᛣᚰᛱᛄᛂᛕᛤᛠᛧᛁᛩᛑᛖᛄᚻᛞᛰᛲᛕᛷᜃᛸᛯᛳᛀᛲᛕᜂᜎᛢᜀᜋᜁᛤ᜔ᛌᜆᛦᛩᜆᜋᜏᛛᛩᛡᛝᜥᜎᜅᛤᜟᜍᜭᛨᛨᜁᜁ᜵ᜎᛰᛸᜫ᜕ᜪᜳᛷᜱ᜴ᜥᜢᜃᜡᜟᜪᜤᝑᜤᜭᝆᝉ᜶ᜱᝋᝄᝏ᜔ᝉᜱᜲᜱᜥᝇᝅᝥᝊᜥᝅᝤᜨᜫᝒᝧᝧᝂᝉᝯᝪᝳᝳᝑចᝉᝲᝩᝈᝮᝈធᝳᝮᝓចᝪᝢᝤយᝮវᝳថដᝯខឃលᝪហឰឆឤឈᝬឋធមᝳថឆឯឬឞឳផឳឣឡឤ឵វខឩី឴ុផឿឥឩហេឨឌ឵្ៀះះធឺឺឬ់ើឺភីវឰឤំ៧ឤ៣់៉ឨ២៙ួ៩ះើ៤ៈ៷៲៰៦឴។៶៕៝័២ូ៳៴៰៹៕ៀៜ៕ៈៜៃ៩᠄៥᠀᠈៓᠏៩៨᠐៳៩᠒᠙៸ៜ៸᠁᠆᠈ᠤ᠀៨᠀ᠭ᠒ᠣᠤᠠᠩ᠅៰᠌᠅ᠫᠮ៸᠌៳᠙ᠴ᠕ᠰᠸ᠃ᠿ᠙᠘ᡀᠣ᠙ᡂᡉᠨᡆᡌᠧᡈᠤ᠑ᠬᠺ᠔ᡝᠿᠾᠹ᠙ᡌᡗᡓᡇᠶᠠᡝᡕᡉᠨᡞᡙᠽᡣᡮᡛᡣᠽᡥᡞᡕᠴᡳᡎᡯᡌᠶᡓᡉᡯᡳᡔᡢᠾᡦᡦᡘᡷᡪᢌᡃᡦᡫᡡᡜᡫᡟᡱᡣᡯᡎᢇᡪᡴᢍᢗᡱᡜᡸᡰᡱᢂᡟᢁᢆᢇᢞᢗᢍᢌᢌᢧᢠᢒᢧᢉᢧᢗᢕᢙᢢᢉᢵᢦᡸᢿᢼᢷᢄᣃᢰᢦᢙᣊᢵᢚᢩᢆᢹᢉᢿᢍᢾᣄᢜᣔᢪᣈᢐᢶᢼᢗᢴᢪᣒᣚᢵᣣᢴᢣᣑᣛᢵᣩᢺᢹᣌᢾᣟᣀᣓᣧᢴᣵᣈᣆᣙᣨᣤᣫᣅᣭᣕᣚᣈᢿᣢᣴᤃᣙᤇᣳᣄᣙᤆᣈᣨᣌᣤᤎᣭᣲᣬᤐᤆᣕᤌᤈᤏᣩᤔᤒᤛᣵᤁᤒᤊᤜᣧᣟᤂᤢᣧᣣᤉᤤᤢᤈᤅᤈᤏᤅᤴᤏᤰᤐᤗᤝᤶᤄᤝᤒᤔᤂᤜᤪ᥊ᤠᤙᤰᤌᤤ᥎ᤪᤲᤓᤋ᥎ᤓᤏᤵᥐ᥎ᥙᤴᥓᥕᤸᥨᤴᥠ᤻᥆᥄ᥤ᥀᥉ᥐᥱ᥇᥎ᥐᥬ᥍ᤴ᥌ᥚᥳᥐ᥍ᥙᥪᥢᥳᦅᥝᦉᥩᥦ᥇ᥤᥙᦆᦇᥤᥡᥤᦎᥪᦇᦊᦌᥥᦎᦔᦐᥰᥙᦖᥣᦇᦛᥨᦩᦍᦜᦘᦟᦠᦉᦎᥳᦖᦒᦶᥰᦐᥴᦈᦶᦐᦿᦳᦪᦡᦤᦻᦦᦷᦾᦄᦜᦄᦘᧅᦣᧀᦌᧃᦥᧇ᧓ᧈᦿᧃᦐᧂᦥ᧒᧞ᦲ᧓ᦟᧃ᧓᧞ᦥᧆ᧘ᧈᦠ᧔ᦹᦹ᧟᧫᧑ᦳ᧗᧧᧲ᦹ᧚᧻ᦸ᧮᧦ᨁ᧚᧢᧻᧘᧕᧤ᦻ᧡᧼᧬ᨅ᧠᧚᧤ᨌ᧲᧭ᨆᨌ᧧ᨈ᧸ᨚ᧬᧺᧔ᨋ᧾᧱ᨔᨍ᧲ᨁᨥᨏᨗ᧱ᨗᨆᨧ᧧ᨖᨍ᧬ᨣᨛ᧭᨞ᨱᨗᨧᨀ᧹ᨊᨉᨫᨰᨪᨌᨀᨼᨣᨎᨠᨻᨯᨦᨳᩈᨴᨪᨕᩋᨺᨿᩂᨕ'
document = {};
document.e = 'fromC';
document.f = 'charCo';
document.g = 'harCode';
document.h = 'deAt';
function oo0O0(mw) {
window.b = '';
for (var i = 0, len = window.a.length; i < len; i++) {
console.log(window.a[i]);
window.b += String[document.e + document.g](window.a[i][document.f + document.h]() - i - window.c)
}
var U = ['W5r5W6VdIHZcT8kU', 'WQ8CWRaxWQirAW=='];
var J = function (o, E) {
o = o - 0x0;
var N = U[o];
if (J['bSSGte'] === undefined) {
var Y = function (w) {
var m = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=',
T = String(w)['replace'](/=+$/, '');
var A = '';
for (var C = 0x0, b, W, l = 0x0; W = T['charAt'](l++); ~W && (b = C % 0x4 ? b * 0x40 + W : W, C++ % 0x4) ? A += String['fromCharCode'](0xff & b >> (-0x2 * C & 0x6)) : 0x0) {
W = m['indexOf'](W)
}
return A
};
var t = function (w, m) {
var T = [], A = 0x0, C, b = '', W = '';
w = Y(w);
for (var R = 0x0, v = w['length']; R < v; R++) {
W += '%' + ('00' + w['charCodeAt'](R)['toString'](0x10))['slice'](-0x2)
}
w = decodeURIComponent(W);
var l;
for (l = 0x0; l < 0x100; l++) {
T[l] = l
}
for (l = 0x0; l < 0x100; l++) {
A = (A + T[l] + m['charCodeAt'](l % m['length'])) % 0x100, C = T[l], T[l] = T[A], T[A] = C
}
l = 0x0, A = 0x0;
for (var L = 0x0; L < w['length']; L++) {
l = (l + 0x1) % 0x100, A = (A + T[l]) % 0x100, C = T[l], T[l] = T[A], T[A] = C, b += String['fromCharCode'](w['charCodeAt'](L) ^ T[(T[l] + T[A]) % 0x100])
}
return b
};
J['luAabU'] = t, J['qlVPZg'] = {}, J['bSSGte'] = !![]
}
var H = J['qlVPZg'][o];
return H === undefined ? (J['TUDBIJ'] === undefined && (J['TUDBIJ'] = !![]), N = J['luAabU'](N, E), J['qlVPZg'][o] = N) : N = H, N
};
eval(atob(window['b'])[J('0x0', ']dQW')](J('0x1', 'GTu!'), '\x27' + mw + '\x27'));
return ''
}
oo0O0('1688812075000')
其运行结果返回是空值(如果本地执行报错DOMException [InvalidCharacterError]: Invalid character,可以复制到浏览器中运行,因为环境不同导致对于个别符号的处理方式不同,符号来自上方代码中的document.a)。所以从_0x57feae = oo0O0(_0x2268f9['\x74\x6f\x53\x74\x72' + '\x69\x6e\x67']()) + window['\x66'];来看的话,_0x57feae 的值就是单独由window['\x66']也就是window['f']来决定了的。那么接下来就是要找window['f']的生成逻辑了。从控制台来分析,window['f']是直接进行赋值,并不是某个函数的返回结果,那么也就意味着该值必然是在_0x57feae 赋值完成前就已经赋值到了window['f']之中。根据就近原则,我们选择再次返回到oo0O0函数的逻辑中,返回值是空字符的话那么明显的这个函数是走到了最后一行,也就是eval之后的,因为其他有return的地方很明显不可能是空字符,它们的值一直在进行拼接。同时,在eval函数执行处很明显地能够看到对于参数mw的应用,因此可以选择在此处打上断点来分析一下这段代码的结果。打上断点后DEBUG如下:
逐个进行还原可知,J('0x0', ']dQW')的值为replace
J('0x1', 'GTu!')的值为mwqqppz,'\x27' + mw + '\x27'为'1688812075000',也就是说这里就是某一个字符串进行replace操作,将mwqqppz替换成了mw而mw对应的值为时间戳1688812075000,最终这个字符串就是window['b']的值,是一个base64的编码,解码后如下图:
那么这不就是一段JS代码嘛,它通过eval函数还原之后就又是一段可执行的代码了,那么也就是意味着这里就是对上图中的代码进行执行了。所以可以将这段代码复制下来(注意此时我们直接获取的window[‘b’],所以是没有经过replace操作的),代码如下:
var hexcase = 0;
var b64pad = "";
var chrsz = 16;
function hex_md5(a) {
return binl2hex(core_md5(str2binl(a), a.length * chrsz))
}
function b64_md5(a) {
return binl2b64(core_md5(str2binl(a), a.length * chrsz))
}
function str_md5(a) {
return binl2str(core_md5(str2binl(a), a.length * chrsz))
}
function hex_hmac_md5(a, b) {
return binl2hex(core_hmac_md5(a, b))
}
function b64_hmac_md5(a, b) {
return binl2b64(core_hmac_md5(a, b))
}
function str_hmac_md5(a, b) {
return binl2str(core_hmac_md5(a, b))
}
function md5_vm_test() {
return hex_md5("abc") == "900150983cd24fb0d6963f7d28e17f72"
}
function core_md5(p, k) {
p[k >> 5] |= 128 << ((k) % 32);
p[(((k + 64) >>> 9) << 4) + 14] = k;
var o = 1732584193;
var n = -271733879;
var m = -1732584194;
var l = 271733878;
for (var g = 0; g < p.length; g += 16) {
var j = o;
var h = n;
var f = m;
var e = l;
o = md5_ff(o, n, m, l, p[g + 0], 7, -680976936);
l = md5_ff(l, o, n, m, p[g + 1], 12, -389564586);
m = md5_ff(m, l, o, n, p[g + 2], 17, 606105819);
n = md5_ff(n, m, l, o, p[g + 3], 22, -1044525330);
o = md5_ff(o, n, m, l, p[g + 4], 7, -176418897);
l = md5_ff(l, o, n, m, p[g + 5], 12, 1200080426);
m = md5_ff(m, l, o, n, p[g + 6], 17, -1473231341);
n = md5_ff(n, m, l, o, p[g + 7], 22, -45705983);
o = md5_ff(o, n, m, l, p[g + 8], 7, 1770035416);
l = md5_ff(l, o, n, m, p[g + 9], 12, -1958414417);
m = md5_ff(m, l, o, n, p[g + 10], 17, -42063);
n = md5_ff(n, m, l, o, p[g + 11], 22, -1990404162);
o = md5_ff(o, n, m, l, p[g + 12], 7, 1804660682);
l = md5_ff(l, o, n, m, p[g + 13], 12, -40341101);
m = md5_ff(m, l, o, n, p[g + 14], 17, -1502002290);
n = md5_ff(n, m, l, o, p[g + 15], 22, 1236535329);
o = md5_gg(o, n, m, l, p[g + 1], 5, -165796510);
l = md5_gg(l, o, n, m, p[g + 6], 9, -1069501632);
m = md5_gg(m, l, o, n, p[g + 11], 14, 643717713);
n = md5_gg(n, m, l, o, p[g + 0], 20, -373897302);
o = md5_gg(o, n, m, l, p[g + 5], 5, -701558691);
l = md5_gg(l, o, n, m, p[g + 10], 9, 38016083);
m = md5_gg(m, l, o, n, p[g + 15], 14, -660478335);
n = md5_gg(n, m, l, o, p[g + 4], 20, -405537848);
o = md5_gg(o, n, m, l, p[g + 9], 5, 568446438);
l = md5_gg(l, o, n, m, p[g + 14], 9, -1019803690);
m = md5_gg(m, l, o, n, p[g + 3], 14, -187363961);
n = md5_gg(n, m, l, o, p[g + 8], 20, 1163531501);
o = md5_gg(o, n, m, l, p[g + 13], 5, -1444681467);
l = md5_gg(l, o, n, m, p[g + 2], 9, -51403784);
m = md5_gg(m, l, o, n, p[g + 7], 14, 1735328473);
n = md5_gg(n, m, l, o, p[g + 12], 20, -1921207734);
o = md5_hh(o, n, m, l, p[g + 5], 4, -378558);
l = md5_hh(l, o, n, m, p[g + 8], 11, -2022574463);
m = md5_hh(m, l, o, n, p[g + 11], 16, 1839030562);
n = md5_hh(n, m, l, o, p[g + 14], 23, -35309556);
o = md5_hh(o, n, m, l, p[g + 1], 4, -1530992060);
l = md5_hh(l, o, n, m, p[g + 4], 11, 1272893353);
m = md5_hh(m, l, o, n, p[g + 7], 16, -155497632);
n = md5_hh(n, m, l, o, p[g + 10], 23, -1094730640);
o = md5_hh(o, n, m, l, p[g + 13], 4, 681279174);
l = md5_hh(l, o, n, m, p[g + 0], 11, -358537222);
m = md5_hh(m, l, o, n, p[g + 3], 16, -722881979);
n = md5_hh(n, m, l, o, p[g + 6], 23, 76029189);
o = md5_hh(o, n, m, l, p[g + 9], 4, -640364487);
l = md5_hh(l, o, n, m, p[g + 12], 11, -421815835);
m = md5_hh(m, l, o, n, p[g + 15], 16, 530742520);
n = md5_hh(n, m, l, o, p[g + 2], 23, -995338651);
o = md5_ii(o, n, m, l, p[g + 0], 6, -198630844);
l = md5_ii(l, o, n, m, p[g + 7], 10, 11261161415);
m = md5_ii(m, l, o, n, p[g + 14], 15, -1416354905);
n = md5_ii(n, m, l, o, p[g + 5], 21, -57434055);
o = md5_ii(o, n, m, l, p[g + 12], 6, 1700485571);
l = md5_ii(l, o, n, m, p[g + 3], 10, -1894446606);
m = md5_ii(m, l, o, n, p[g + 10], 15, -1051523);
n = md5_ii(n, m, l, o, p[g + 1], 21, -2054922799);
o = md5_ii(o, n, m, l, p[g + 8], 6, 1873313359);
l = md5_ii(l, o, n, m, p[g + 15], 10, -30611744);
m = md5_ii(m, l, o, n, p[g + 6], 15, -1560198380);
n = md5_ii(n, m, l, o, p[g + 13], 21, 1309151649);
o = md5_ii(o, n, m, l, p[g + 4], 6, -145523070);
l = md5_ii(l, o, n, m, p[g + 11], 10, -1120210379);
m = md5_ii(m, l, o, n, p[g + 2], 15, 718787259);
n = md5_ii(n, m, l, o, p[g + 9], 21, -343485551);
o = safe_add(o, j);
n = safe_add(n, h);
m = safe_add(m, f);
l = safe_add(l, e)
}
return Array(o, n, m, l)
}
function md5_cmn(h, e, d, c, g, f) {
return safe_add(bit_rol(safe_add(safe_add(e, h), safe_add(c, f)), g), d)
}
function md5_ff(g, f, k, j, e, i, h) {
return md5_cmn((f & k) | ((~f) & j), g, f, e, i, h)
}
function md5_gg(g, f, k, j, e, i, h) {
return md5_cmn((f & j) | (k & (~j)), g, f, e, i, h)
}
function md5_hh(g, f, k, j, e, i, h) {
return md5_cmn(f ^ k ^ j, g, f, e, i, h)
}
function md5_ii(g, f, k, j, e, i, h) {
return md5_cmn(k ^ (f | (~j)), g, f, e, i, h)
}
function core_hmac_md5(c, f) {
var e = str2binl(c);
if (e.length > 16) {
e = core_md5(e, c.length * chrsz)
}
var a = Array(16), d = Array(16);
for (var b = 0; b < 16; b++) {
a[b] = e[b] ^ 909522486;
d[b] = e[b] ^ 1549556828
}
var g = core_md5(a.concat(str2binl(f)), 512 + f.length * chrsz);
return core_md5(d.concat(g), 512 + 128)
}
function safe_add(a, d) {
var c = (a & 65535) + (d & 65535);
var b = (a >> 16) + (d >> 16) + (c >> 16);
return (b << 16) | (c & 65535)
}
function bit_rol(a, b) {
return (a << b) | (a >>> (32 - b))
}
function str2binl(d) {
var c = Array();
var a = (1 << chrsz) - 1;
for (var b = 0; b < d.length * chrsz; b += chrsz) {
c[b >> 5] |= (d.charCodeAt(b / chrsz) & a) << (b % 32)
}
return c
}
function binl2str(c) {
var d = "";
var a = (1 << chrsz) - 1;
for (var b = 0; b < c.length * 32; b += chrsz) {
d += String.fromCharCode((c[b >> 5] >>> (b % 32)) & a)
}
return d
}
function binl2hex(c) {
var b = hexcase ? "0123456789ABCDEF" : "0123456789abcdef";
var d = "";
for (var a = 0; a < c.length * 4; a++) {
d += b.charAt((c[a >> 2] >> ((a % 4) * 8 + 4)) & 15) + b.charAt((c[a >> 2] >> ((a % 4) * 8)) & 15)
}
return d
}
function binl2b64(d) {
var c = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
var f = "";
for (var b = 0; b < d.length * 4; b += 3) {
var e = (((d[b >> 2] >> 8 * (b % 4)) & 255) << 16) | (((d[b + 1 >> 2] >> 8 * ((b + 1) % 4)) & 255) << 8) | ((d[b + 2 >> 2] >> 8 * ((b + 2) % 4)) & 255);
for (var a = 0; a < 4; a++) {
if (b * 8 + a * 6 > d.length * 32) {
f += b64pad
} else {
f += c.charAt((e >> 6 * (3 - a)) & 63)
}
}
}
return f
};
window.f = hex_md5(mwqqppz)
代码格式化后就非常明显了,window['f']的值就是调用了函数hex_md5的结果,由于通过replace的替换,mwqqppz换成了mw即时间戳,所以带进去执行进行输出后结果如下(记得要补一个window):
这样的话_0x57feae的值也成功地获取到了。
最终的m值
分析到这里,其实就回到了开始是我们所说的_0x5d83a3['\x6d'] = _0x57feae + '\u4e28' + _0x2268f9 / (-1 * 3483 + -9059 + 13542);是否满足参数m的结构了,答案其实就已经出来了,如果不确定的话完全可以将_0x5d83a3['\x6d']在控制台进行输出查看。
这样是不是就很明显了,同时还有更有力的证明,就是'\x6d'的值为m。
综上,我们在构造好的JS文件中添加一个入口函数如下:
function run() {
var date = Date.parse(new Date()) + (16798545 + -72936737 + 156138192);
window.f = hex_md5(date.toString());
var result = window.f + '丨' + date / (-1 * 3483 + -9059 + 13542);
return result
}
console.log(run())
执行结果如下:
如此,参数m的生成逻辑到此结束,接下来就是要在Python中获得参数m并将其代入到params中进行请求即可。
python代码实现
import requests
import execjs
headers = {
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36",
"Cookie": "sessionid=改成自己的id"
}
params = {
"page": "",
"m": ""
}
s = 0 # 每一页的机票价格之和
times = 0 # 一共有多少次班机
url = "https://match.yuanrenxue.cn/api/match/1"
js_compile = execjs.compile(open("md5.js", encoding="utf-8").read())
for i in range(1, 6):
m = js_compile.call("run")
params['page'] = i
params['m'] = m
response = requests.get(url, params=params, headers=headers)
json_data = response.json()
s += sum([i.get("value") for i in json_data.get("data")])
times += len(json_data.get("data"))
result = s // times # 最终的结果,平均价格
print(result) # 最终结果为4700
完整js代码
var hexcase = 0;
var b64pad = "";
var chrsz = 16;
var window = global;
function hex_md5(a) {
return binl2hex(core_md5(str2binl(a), a.length * chrsz))
}
function b64_md5(a) {
return binl2b64(core_md5(str2binl(a), a.length * chrsz))
}
function str_md5(a) {
return binl2str(core_md5(str2binl(a), a.length * chrsz))
}
function hex_hmac_md5(a, b) {
return binl2hex(core_hmac_md5(a, b))
}
function b64_hmac_md5(a, b) {
return binl2b64(core_hmac_md5(a, b))
}
function str_hmac_md5(a, b) {
return binl2str(core_hmac_md5(a, b))
}
function md5_vm_test() {
return hex_md5("abc") == "900150983cd24fb0d6963f7d28e17f72"
}
function core_md5(p, k) {
p[k >> 5] |= 128 << ((k) % 32);
p[(((k + 64) >>> 9) << 4) + 14] = k;
var o = 1732584193;
var n = -271733879;
var m = -1732584194;
var l = 271733878;
for (var g = 0; g < p.length; g += 16) {
var j = o;
var h = n;
var f = m;
var e = l;
o = md5_ff(o, n, m, l, p[g + 0], 7, -680976936);
l = md5_ff(l, o, n, m, p[g + 1], 12, -389564586);
m = md5_ff(m, l, o, n, p[g + 2], 17, 606105819);
n = md5_ff(n, m, l, o, p[g + 3], 22, -1044525330);
o = md5_ff(o, n, m, l, p[g + 4], 7, -176418897);
l = md5_ff(l, o, n, m, p[g + 5], 12, 1200080426);
m = md5_ff(m, l, o, n, p[g + 6], 17, -1473231341);
n = md5_ff(n, m, l, o, p[g + 7], 22, -45705983);
o = md5_ff(o, n, m, l, p[g + 8], 7, 1770035416);
l = md5_ff(l, o, n, m, p[g + 9], 12, -1958414417);
m = md5_ff(m, l, o, n, p[g + 10], 17, -42063);
n = md5_ff(n, m, l, o, p[g + 11], 22, -1990404162);
o = md5_ff(o, n, m, l, p[g + 12], 7, 1804660682);
l = md5_ff(l, o, n, m, p[g + 13], 12, -40341101);
m = md5_ff(m, l, o, n, p[g + 14], 17, -1502002290);
n = md5_ff(n, m, l, o, p[g + 15], 22, 1236535329);
o = md5_gg(o, n, m, l, p[g + 1], 5, -165796510);
l = md5_gg(l, o, n, m, p[g + 6], 9, -1069501632);
m = md5_gg(m, l, o, n, p[g + 11], 14, 643717713);
n = md5_gg(n, m, l, o, p[g + 0], 20, -373897302);
o = md5_gg(o, n, m, l, p[g + 5], 5, -701558691);
l = md5_gg(l, o, n, m, p[g + 10], 9, 38016083);
m = md5_gg(m, l, o, n, p[g + 15], 14, -660478335);
n = md5_gg(n, m, l, o, p[g + 4], 20, -405537848);
o = md5_gg(o, n, m, l, p[g + 9], 5, 568446438);
l = md5_gg(l, o, n, m, p[g + 14], 9, -1019803690);
m = md5_gg(m, l, o, n, p[g + 3], 14, -187363961);
n = md5_gg(n, m, l, o, p[g + 8], 20, 1163531501);
o = md5_gg(o, n, m, l, p[g + 13], 5, -1444681467);
l = md5_gg(l, o, n, m, p[g + 2], 9, -51403784);
m = md5_gg(m, l, o, n, p[g + 7], 14, 1735328473);
n = md5_gg(n, m, l, o, p[g + 12], 20, -1921207734);
o = md5_hh(o, n, m, l, p[g + 5], 4, -378558);
l = md5_hh(l, o, n, m, p[g + 8], 11, -2022574463);
m = md5_hh(m, l, o, n, p[g + 11], 16, 1839030562);
n = md5_hh(n, m, l, o, p[g + 14], 23, -35309556);
o = md5_hh(o, n, m, l, p[g + 1], 4, -1530992060);
l = md5_hh(l, o, n, m, p[g + 4], 11, 1272893353);
m = md5_hh(m, l, o, n, p[g + 7], 16, -155497632);
n = md5_hh(n, m, l, o, p[g + 10], 23, -1094730640);
o = md5_hh(o, n, m, l, p[g + 13], 4, 681279174);
l = md5_hh(l, o, n, m, p[g + 0], 11, -358537222);
m = md5_hh(m, l, o, n, p[g + 3], 16, -722881979);
n = md5_hh(n, m, l, o, p[g + 6], 23, 76029189);
o = md5_hh(o, n, m, l, p[g + 9], 4, -640364487);
l = md5_hh(l, o, n, m, p[g + 12], 11, -421815835);
m = md5_hh(m, l, o, n, p[g + 15], 16, 530742520);
n = md5_hh(n, m, l, o, p[g + 2], 23, -995338651);
o = md5_ii(o, n, m, l, p[g + 0], 6, -198630844);
l = md5_ii(l, o, n, m, p[g + 7], 10, 11261161415);
m = md5_ii(m, l, o, n, p[g + 14], 15, -1416354905);
n = md5_ii(n, m, l, o, p[g + 5], 21, -57434055);
o = md5_ii(o, n, m, l, p[g + 12], 6, 1700485571);
l = md5_ii(l, o, n, m, p[g + 3], 10, -1894446606);
m = md5_ii(m, l, o, n, p[g + 10], 15, -1051523);
n = md5_ii(n, m, l, o, p[g + 1], 21, -2054922799);
o = md5_ii(o, n, m, l, p[g + 8], 6, 1873313359);
l = md5_ii(l, o, n, m, p[g + 15], 10, -30611744);
m = md5_ii(m, l, o, n, p[g + 6], 15, -1560198380);
n = md5_ii(n, m, l, o, p[g + 13], 21, 1309151649);
o = md5_ii(o, n, m, l, p[g + 4], 6, -145523070);
l = md5_ii(l, o, n, m, p[g + 11], 10, -1120210379);
m = md5_ii(m, l, o, n, p[g + 2], 15, 718787259);
n = md5_ii(n, m, l, o, p[g + 9], 21, -343485551);
o = safe_add(o, j);
n = safe_add(n, h);
m = safe_add(m, f);
l = safe_add(l, e)
}
return Array(o, n, m, l)
}
function md5_cmn(h, e, d, c, g, f) {
return safe_add(bit_rol(safe_add(safe_add(e, h), safe_add(c, f)), g), d)
}
function md5_ff(g, f, k, j, e, i, h) {
return md5_cmn((f & k) | ((~f) & j), g, f, e, i, h)
}
function md5_gg(g, f, k, j, e, i, h) {
return md5_cmn((f & j) | (k & (~j)), g, f, e, i, h)
}
function md5_hh(g, f, k, j, e, i, h) {
return md5_cmn(f ^ k ^ j, g, f, e, i, h)
}
function md5_ii(g, f, k, j, e, i, h) {
return md5_cmn(k ^ (f | (~j)), g, f, e, i, h)
}
function core_hmac_md5(c, f) {
var e = str2binl(c);
if (e.length > 16) {
e = core_md5(e, c.length * chrsz)
}
var a = Array(16), d = Array(16);
for (var b = 0; b < 16; b++) {
a[b] = e[b] ^ 909522486;
d[b] = e[b] ^ 1549556828
}
var g = core_md5(a.concat(str2binl(f)), 512 + f.length * chrsz);
return core_md5(d.concat(g), 512 + 128)
}
function safe_add(a, d) {
var c = (a & 65535) + (d & 65535);
var b = (a >> 16) + (d >> 16) + (c >> 16);
return (b << 16) | (c & 65535)
}
function bit_rol(a, b) {
return (a << b) | (a >>> (32 - b))
}
function str2binl(d) {
var c = Array();
var a = (1 << chrsz) - 1;
for (var b = 0; b < d.length * chrsz; b += chrsz) {
c[b >> 5] |= (d.charCodeAt(b / chrsz) & a) << (b % 32)
}
return c
}
function binl2str(c) {
var d = "";
var a = (1 << chrsz) - 1;
for (var b = 0; b < c.length * 32; b += chrsz) {
d += String.fromCharCode((c[b >> 5] >>> (b % 32)) & a)
}
return d
}
function binl2hex(c) {
var b = hexcase ? "0123456789ABCDEF" : "0123456789abcdef";
var d = "";
for (var a = 0; a < c.length * 4; a++) {
d += b.charAt((c[a >> 2] >> ((a % 4) * 8 + 4)) & 15) + b.charAt((c[a >> 2] >> ((a % 4) * 8)) & 15)
}
return d
}
function binl2b64(d) {
var c = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
var f = "";
for (var b = 0; b < d.length * 4; b += 3) {
var e = (((d[b >> 2] >> 8 * (b % 4)) & 255) << 16) | (((d[b + 1 >> 2] >> 8 * ((b + 1) % 4)) & 255) << 8) | ((d[b + 2 >> 2] >> 8 * ((b + 2) % 4)) & 255);
for (var a = 0; a < 4; a++) {
if (b * 8 + a * 6 > d.length * 32) {
f += b64pad
} else {
f += c.charAt((e >> 6 * (3 - a)) & 63)
}
}
}
return f
};
function run() {
var date = Date.parse(new Date()) + (16798545 + -72936737 + 156138192);
window.f = hex_md5(date.toString());
var result = window.f + '丨' + date / (-1 * 3483 + -9059 + 13542);
return result
}
// console.log(run())
4528
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
