镀金天空-js逆向1

最新推荐文章于 2023-03-23 16:03:53 发布

LuoJunJunJunJun

最新推荐文章于 2023-03-23 16:03:53 发布

阅读量339

点赞数 1

分类专栏：爬虫镀金天空文章标签：爬虫 python

本文链接：https://blog.csdn.net/weixin_43971225/article/details/115527731

版权

爬虫同时被 2 个专栏收录

8 篇文章 1 订阅

订阅专栏

镀金天空

4 篇文章 0 订阅

订阅专栏

前言：

①仅作学习所用，不可非法利用

②网页结构的变化较多，代码的可用周期较短，仅作学习分享思路

③如有侵权，请联系我删除！！谢谢

正文：

今天来讲一下glidedsky的不知道第几题 js加密1，这道题比起猿人学的js加密简直是…一言难尽，最近我也是被猿人学折磨的死去活来，不过也学到了很多新的知识，eval加密，ob混淆，js-hook编写，等镀金天空系列写完了我就把这些总结一下和大家分享。

打开待爬取页面依旧是熟悉的1000页数字，我们的目标是把这1000页数字加起来。往后翻几页很容易就找到了返回数据的接口

http://glidedsky.com/api/level/web/crawler-javascript-obfuscation-1/items?page=5&t=1615191685&sign=b14b48d0a259abd37a391e0c3326c648a6a56932

//一共三个参数：page、t、sign

page是页码，t一看就是是时间戳，加密的签名参数就是sign。打开调用栈，第一眼就看见了这个eval加密…无语的很

打个断点看是不是这个地方加密的

然后真的是…

无语的很，全部代码如下：

let p = $('main .container').attr('p');
let t = Math.floor(($('main .container').attr('t') - 99) / 99);
let sign = sha1('Xr0Z-javascript-obfuscation-1' + t);
$.get('/api/level/web/crawler-javascript-obfuscation-1/items?page=' + p + '&t=' + t + '&sign=' + sign, function (data) {
    const list = JSON.parse(data).items;
    $('.col-md-1').each(function (index) {
        if (list && index < list.length) {
            $('.col-md-1').eq(index).text(list[index])
        }
    })
})
// sha1加密 参数为'Xr0Z-javascript-obfuscation-1' + t
//t倒是蛮有意思是document中main.container的t属性 具体如下图

啊这就很。。。一般网站不会把源码就这么暴露给你他们要么酒吧eval中执行的语句掩盖了(比如通过函数生成放入变量中)，因此eval加密我们很难通过全局search定位到准确的地址，加密方式也不会像这道题一样写的这么明白，所以我一般都是扣js代码传入参数执行之后获取加密后的参数。但是这道题已经把加密参数写明了所以我们可以调用python的sha1加密库，但是为了加深技术，我还是建议扣代码改造。

JS代码：

const jsdom = require("jsdom");
const {JSDOM} = jsdom;
const dom = new JSDOM(`<!DOCTYPE html><p>Hello world</p>`);
window = dom.window;
document = window.document;
XMLHttpRequest = window.XMLHttpRequest;


function t(t) {
    t ? (f[0] = f[16] = f[1] = f[2] = f[3] = f[4] = f[5] = f[6] = f[7] = f[8] = f[9] = f[10] = f[11] = f[12] = f[13] = f[14] = f[15] = 0,
        this.blocks = f) : this.blocks = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0],
        this.h0 = 1732584193,
        this.h1 = 4023233417,
        this.h2 = 2562383102,
        this.h3 = 271733878,
        this.h4 = 3285377520,
        this.block = this.start = this.bytes = this.hBytes = 0,
        this.finalized = this.hashed = !1,
        this.first = !0
}

var h = "object" == typeof window ? window : {}
    , s = !h.JS_SHA1_NO_NODE_JS && "object" == typeof process && process.versions && process.versions.node;
s && (h = global);
var i = !h.JS_SHA1_NO_COMMON_JS && "object" == typeof module && module.exports
    , e = "function" == typeof define && define.amd
    , r = "0123456789abcdef".split("")
    , o = [-2147483648, 8388608, 32768, 128]
    , n = [24, 16, 8, 0]
    , a = ["hex", "array", "digest", "arrayBuffer"]
    , f = []
    , u = function (h) {
    return function (s) {
        return new t(!0).update(s)[h]()
    }
}
    , c = function () {
    var h = u("hex");
    s && (h = p(h)),
        h.create = function () {
            return new t
        }
        ,
        h.update = function (t) {
            return h.create().update(t)
        }
    ;
    for (var i = 0; i < a.length; ++i) {
        var e = a[i];
        h[e] = u(e)
    }
    return h
}
    , p = function (t) {
    var h = eval("require('crypto')")
        , s = eval("require('buffer').Buffer")
        , i = function (i) {
        if ("string" == typeof i)
            return h.createHash("sha1").update(i, "utf8").digest("hex");
        if (i.constructor === ArrayBuffer)
            i = new Uint8Array(i);
        else if (void 0 === i.length)
            return t(i);
        return h.createHash("sha1").update(new s(i)).digest("hex")
    };
    return i
};
t.prototype.update = function (t) {
    if (!this.finalized) {
        var s = "string" != typeof t;
        s && t.constructor === h.ArrayBuffer && (t = new Uint8Array(t));
        for (var i, e, r = 0, o = t.length || 0, a = this.blocks; r < o;) {
            if (this.hashed && (this.hashed = !1,
                a[0] = this.block,
                a[16] = a[1] = a[2] = a[3] = a[4] = a[5] = a[6] = a[7] = a[8] = a[9] = a[10] = a[11] = a[12] = a[13] = a[14] = a[15] = 0),
                s)
                for (e = this.start; r < o && e < 64; ++r)
                    a[e >> 2] |= t[r] << n[3 & e++];
            else
                for (e = this.start; r < o && e < 64; ++r)
                    (i = t.charCodeAt(r)) < 128 ? a[e >> 2] |= i << n[3 & e++] : i < 2048 ? (a[e >> 2] |= (192 | i >> 6) << n[3 & e++],
                        a[e >> 2] |= (128 | 63 & i) << n[3 & e++]) : i < 55296 || i >= 57344 ? (a[e >> 2] |= (224 | i >> 12) << n[3 & e++],
                        a[e >> 2] |= (128 | i >> 6 & 63) << n[3 & e++],
                        a[e >> 2] |= (128 | 63 & i) << n[3 & e++]) : (i = 65536 + ((1023 & i) << 10 | 1023 & t.charCodeAt(++r)),
                        a[e >> 2] |= (240 | i >> 18) << n[3 & e++],
                        a[e >> 2] |= (128 | i >> 12 & 63) << n[3 & e++],
                        a[e >> 2] |= (128 | i >> 6 & 63) << n[3 & e++],
                        a[e >> 2] |= (128 | 63 & i) << n[3 & e++]);
            this.lastByteIndex = e,
                this.bytes += e - this.start,
                e >= 64 ? (this.block = a[16],
                    this.start = e - 64,
                    this.hash(),
                    this.hashed = !0) : this.start = e
        }
        return this.bytes > 4294967295 && (this.hBytes += this.bytes / 4294967296 << 0,
            this.bytes = this.bytes % 4294967296),
            this
    }
}
    ,
    t.prototype.finalize = function () {
        if (!this.finalized) {
            this.finalized = !0;
            var t = this.blocks
                , h = this.lastByteIndex;
            t[16] = this.block,
                t[h >> 2] |= o[3 & h],
                this.block = t[16],
            h >= 56 && (this.hashed || this.hash(),
                t[0] = this.block,
                t[16] = t[1] = t[2] = t[3] = t[4] = t[5] = t[6] = t[7] = t[8] = t[9] = t[10] = t[11] = t[12] = t[13] = t[14] = t[15] = 0),
                t[14] = this.hBytes << 3 | this.bytes >>> 29,
                t[15] = this.bytes << 3,
                this.hash()
        }
    }
    ,
    t.prototype.hash = function () {
        var t, h, s = this.h0, i = this.h1, e = this.h2, r = this.h3, o = this.h4, n = this.blocks;
        for (t = 16; t < 80; ++t)
            h = n[t - 3] ^ n[t - 8] ^ n[t - 14] ^ n[t - 16],
                n[t] = h << 1 | h >>> 31;
        for (t = 0; t < 20; t += 5)
            s = (h = (i = (h = (e = (h = (r = (h = (o = (h = s << 5 | s >>> 27) + (i & e | ~i & r) + o + 1518500249 + n[t] << 0) << 5 | o >>> 27) + (s & (i = i << 30 | i >>> 2) | ~s & e) + r + 1518500249 + n[t + 1] << 0) << 5 | r >>> 27) + (o & (s = s << 30 | s >>> 2) | ~o & i) + e + 1518500249 + n[t + 2] << 0) << 5 | e >>> 27) + (r & (o = o << 30 | o >>> 2) | ~r & s) + i + 1518500249 + n[t + 3] << 0) << 5 | i >>> 27) + (e & (r = r << 30 | r >>> 2) | ~e & o) + s + 1518500249 + n[t + 4] << 0,
                e = e << 30 | e >>> 2;
        for (; t < 40; t += 5)
            s = (h = (i = (h = (e = (h = (r = (h = (o = (h = s << 5 | s >>> 27) + (i ^ e ^ r) + o + 1859775393 + n[t] << 0) << 5 | o >>> 27) + (s ^ (i = i << 30 | i >>> 2) ^ e) + r + 1859775393 + n[t + 1] << 0) << 5 | r >>> 27) + (o ^ (s = s << 30 | s >>> 2) ^ i) + e + 1859775393 + n[t + 2] << 0) << 5 | e >>> 27) + (r ^ (o = o << 30 | o >>> 2) ^ s) + i + 1859775393 + n[t + 3] << 0) << 5 | i >>> 27) + (e ^ (r = r << 30 | r >>> 2) ^ o) + s + 1859775393 + n[t + 4] << 0,
                e = e << 30 | e >>> 2;
        for (; t < 60; t += 5)
            s = (h = (i = (h = (e = (h = (r = (h = (o = (h = s << 5 | s >>> 27) + (i & e | i & r | e & r) + o - 1894007588 + n[t] << 0) << 5 | o >>> 27) + (s & (i = i << 30 | i >>> 2) | s & e | i & e) + r - 1894007588 + n[t + 1] << 0) << 5 | r >>> 27) + (o & (s = s << 30 | s >>> 2) | o & i | s & i) + e - 1894007588 + n[t + 2] << 0) << 5 | e >>> 27) + (r & (o = o << 30 | o >>> 2) | r & s | o & s) + i - 1894007588 + n[t + 3] << 0) << 5 | i >>> 27) + (e & (r = r << 30 | r >>> 2) | e & o | r & o) + s - 1894007588 + n[t + 4] << 0,
                e = e << 30 | e >>> 2;
        for (; t < 80; t += 5)
            s = (h = (i = (h = (e = (h = (r = (h = (o = (h = s << 5 | s >>> 27) + (i ^ e ^ r) + o - 899497514 + n[t] << 0) << 5 | o >>> 27) + (s ^ (i = i << 30 | i >>> 2) ^ e) + r - 899497514 + n[t + 1] << 0) << 5 | r >>> 27) + (o ^ (s = s << 30 | s >>> 2) ^ i) + e - 899497514 + n[t + 2] << 0) << 5 | e >>> 27) + (r ^ (o = o << 30 | o >>> 2) ^ s) + i - 899497514 + n[t + 3] << 0) << 5 | i >>> 27) + (e ^ (r = r << 30 | r >>> 2) ^ o) + s - 899497514 + n[t + 4] << 0,
                e = e << 30 | e >>> 2;
        this.h0 = this.h0 + s << 0,
            this.h1 = this.h1 + i << 0,
            this.h2 = this.h2 + e << 0,
            this.h3 = this.h3 + r << 0,
            this.h4 = this.h4 + o << 0
    }
    ,
    t.prototype.hex = function () {
        this.finalize();
        var t = this.h0
            , h = this.h1
            , s = this.h2
            , i = this.h3
            , e = this.h4;
        return r[t >> 28 & 15] + r[t >> 24 & 15] + r[t >> 20 & 15] + r[t >> 16 & 15] + r[t >> 12 & 15] + r[t >> 8 & 15] + r[t >> 4 & 15] + r[15 & t] + r[h >> 28 & 15] + r[h >> 24 & 15] + r[h >> 20 & 15] + r[h >> 16 & 15] + r[h >> 12 & 15] + r[h >> 8 & 15] + r[h >> 4 & 15] + r[15 & h] + r[s >> 28 & 15] + r[s >> 24 & 15] + r[s >> 20 & 15] + r[s >> 16 & 15] + r[s >> 12 & 15] + r[s >> 8 & 15] + r[s >> 4 & 15] + r[15 & s] + r[i >> 28 & 15] + r[i >> 24 & 15] + r[i >> 20 & 15] + r[i >> 16 & 15] + r[i >> 12 & 15] + r[i >> 8 & 15] + r[i >> 4 & 15] + r[15 & i] + r[e >> 28 & 15] + r[e >> 24 & 15] + r[e >> 20 & 15] + r[e >> 16 & 15] + r[e >> 12 & 15] + r[e >> 8 & 15] + r[e >> 4 & 15] + r[15 & e]
    }
    ,
    t.prototype.toString = t.prototype.hex,
    t.prototype.digest = function () {
        this.finalize();
        var t = this.h0
            , h = this.h1
            , s = this.h2
            , i = this.h3
            , e = this.h4;
        return [t >> 24 & 255, t >> 16 & 255, t >> 8 & 255, 255 & t, h >> 24 & 255, h >> 16 & 255, h >> 8 & 255, 255 & h, s >> 24 & 255, s >> 16 & 255, s >> 8 & 255, 255 & s, i >> 24 & 255, i >> 16 & 255, i >> 8 & 255, 255 & i, e >> 24 & 255, e >> 16 & 255, e >> 8 & 255, 255 & e]
    }
    ,
    t.prototype.array = t.prototype.digest,
    t.prototype.arrayBuffer = function () {
        this.finalize();
        var t = new ArrayBuffer(20)
            , h = new DataView(t);
        return h.setUint32(0, this.h0),
            h.setUint32(4, this.h1),
            h.setUint32(8, this.h2),
            h.setUint32(12, this.h3),
            h.setUint32(16, this.h4),
            t
    }
;
var y = c();
i ? module.exports = y : (h.sha1 = y,
e && define(function () {
    return y
}))

//调用 Luo函数 传入参数text就好 example：Luo("Xr0Z-javascript-obfuscation-11615192757")
function Luo(text) {
    return y(text)
}

Python代码：

import hashlib

def sha1(res):
    """
    使用sha1加密算法，返回str加密后的字符串
    """
    sha = hashlib.sha1(res.encode('utf-8'))
    encrypts = sha.hexdigest()
    return encrypts

后记

JavaScript的解法中可以不引用jsdom 我是偷懒不行多写了,在那堆代码中 h 是window我懒得扣了就引用了jsdom

镀金天空的js逆向很简单，可以去猿人学的平台继续搞，我做了一段时间头皮发麻…

LuoJunJunJunJun

关注

1
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
镀金天空-js逆向1

前言：①仅作学习所用，不可非法利用②网页结构的变化较多，代码的可用周期较短，仅作学习分享思路③如有侵权，请联系我删除！！谢谢正文：今天来讲一下glidedsky的不知道第几题 js加密1，这道题比起猿人学的js加密简直是…一言难尽，最近我也是被猿人学折磨的死去活来，不过也学到了很多新的知识，eval加密，ob混淆，js-hook编写，等镀金天空系列写完了我就把这些总结一下和大家分享。打开待爬取页面依旧是熟悉的1000页数字，我们的目标是把这1000页数字加起来。往后翻几页很容易就找到
复制链接

扫一扫