本文仅供学习交流使用,若有侵权,请联系博主删除。
前言: 目前epub站点经常改版,会修改一些环境校验的地方,又新加了相关轨迹的校验,接下来带大家解以下ck看看:
以这一组cookie为例子,解ck需要cd值以及cd相对应的cookie
1. 解码cookie
步骤1: 解码cookie >> [168,37,73,173,218,254,212,50,221,142,151,93,111,179,98,209,41,201,69,132,172,154,72,182,60,199,96,102,17,162,204,25,14,134,4,192,253,125,51,187,53,114,197,149,184,26,3,92,137,201,40,210,226,84,237,179,235,251,192,197,178,121,196,211,27,116,210,97,208,38,137,202,180,39,66,239,131,114,25,217,6,51,50,6,159,89,152,123,116,186,78,231,104,104,224,87,180,25,23,39,179,253,254,139,98,22,158,137,120,30,103,22,215,88,227,14,73,174,164,188,134,44,78,86,248,34,22,156,26,40,197,189,72,25,246,10,166,10,156,112,94,23,38,72,53,24,184,104,109,30,36,49,175,23,232,204,179,40,69,110,222,171,159,177,27,124,19,1,146,252,38,190,5,19,136,201,101,76,103,197,223,180,95,170,102,113,135,46,108,199,17]将cookie值进行转换为数组,进行观察
2. 解码cd
步骤2: 解码cd值 >> key1: [27,76,220,167,246,252,33,153,28,75,248,42,101,93,208,74], key2: [113,216,230,27,87,191,132,8,1,159,2,0,5,2,6,7]
[2821015981,3674133554,3717109597,1874027217]
解码cd 后获取到两个key和一个解码iv
3. 通过key解码cookie的数组
步骤3: 通过key1[[27,76,220,167,246,252,33,153,28,75,248,42,101,93,208,74]]解密cookie数组 >> [37,22,249,53,2,8,102,143,148,129,102,143,160,237,32,139,32,225,114,203,203,49,95,28,233,201,156,140,231,125,58,182,112,84,208,185,4879,165,206,44,14,131,61,117,112,76,174,190,4,18,177,76,49,208,28,91,50,148,79,174,18,12,236,180,243,73,38,30,50,10,10,62,70,4,200,211,85,118,182,207,224,65,168,185,117,1,122,220,230,147,20,121,107,76,20,181,133,0,168,225,35,231,187,19,233,100,53,35,146,36,24,97,97,17,63,56,104,0,37,60,0,148,128,91,75,164,83,177,246,156,92,138,244,98,238,61,143,215,124,250,70,77,253,119,85,42,28,102,249,242,129,91,114,241,147,38,127]
4.
步骤4: 取解密后数组前4位[37,22,249,53] >> 结果: 622262581, 原始结果: 622262581
5.
步骤5: 去除特征数字2 特征长度8 开头的时间戳数组(末尾为0)[102,143,148,129,102,143,160,237] >> 合并还原 fakeTime: 1720685697, firstTime: 1720688877 尾端数字 undefined 原始cd数组中假时间戳为:1720685697
6.
步骤6: 特征长度32开头的异或数组[139,32,225,114,203,203,49,95,28,233,201,156,140,231,125,58,182,112,84,208,185,48,52,17,179,165,206,44,14,131,61,117] >> 原始arr32:[139,32,225,114,203,203,49,95,28,233,201,156,140,231,,208,185,48,52,17,179,165,206,44,14,131,61,117]
7.
步骤7: 数组特征长度小于127 长度为112 去除长度后数组为: [76,174,190,4,18,177,76,49,208,28,91,50,148,79,174,18,12,236,180,243,73,38,30,50,10,10,62,70,4,200,211,85,118,182,207,224,65,168,185,117,1,122,220,230,147,20,121,107,76,35,231,187,19,233,100,53,35,146,36,24,97,97,17,63,56,104,0,37,60,0,148,128,91,75,164,83,177,246,156,92,138,244,98,238,61,143,215,124,250,70,77,253,119,85,42,28,102,249,242,129,91,114,241,147,38,127]
8.
步骤8: 通过key2解密数组 >> [48,106,61,27,72,125,131,104,149,2,110,151,45,50,138,64,118,178,65,244,89,237,113,182,219
9,107,131,235,35,187,188,93,145,222,219,109,181,140,117,197,167,116,40,60,225,129,124,176,75,90,245,235,198,45,192,94,174
4,246,86,247,27,109,182,139,140,153,8,215,26,235,23,113,182,215,21,116,234,18,255,174,237,198,208,87,55,126,233,47,73,190
0,194,230,207,90,92,104,171,59,34,105,158,180,207,135,208,73]
9.
步骤9: 还原与arr3x[2] 前16位异或前的数组 >> [187,74,220,105,131,182,178,55,137,235,167,11,161,213,247,122,118,178,65,244
4,89,237,113,182,219,107,131,235,35,187,188,93,145,222,219,109,181,140,117,197,167,116,40,60,225,129,124,176,75,90,245,23
35,198,45,192,94,174,246,86,247,27,109,182,139,140,153,8,215,26,235,23,113,182,215,21,116,234,18,255,174,237,198,208,87,5
55,126,233,47,73,190,194,230,207,90,92,104,171,59,34,105,158,180,207,135,208,73]
10.
步骤10: 解压缩还原原始环境数组 >> [3,46,1,0,33,128,176,120,193,35,5,87,105,110,51,50,0,0,7,218,49,8,0,0,1,0,0,0,0,0,0,0,
,1,131,7,128,4,16,7,128,0,0,0,0,0,0,0,0,10,19,1,13,102,143,148,129,185,228,117,167,0,14,108,244,161,12,154,191,4,7,12,1,0
0,0,0,0,0,0,0,16,21,34,145,0,1,0,6,16,1,0,0,0,0,1,240,252,233,44,63,102,1,0,0,23,2,4,102,126,103,180,9,2,8,0,13,1,0,15,8,
,7,123,34,107,34,58,49,125]
解ck完成,接下来看一下变化
当前特征标记: 3 长度: 46 值: [1,0,33,128,176,120,193,35,5,87,105,110,51,50,0,0,7,218,49,8,0,0,1,0,0,0,0,0,0,0,1,131,7,1
128,4,16,7,128,0,0,0,0,0,0,0,0]
固定检测环境数组 [1,0,33,128]
userAgent crc32数组 [176,120,193,35] 还原值为 2960703779
platform 长度 5 数组 [87,105,110,51,50], 还原后字符串 Win32
设备运行效率 [0,0,7,218] 还原后运行时间为 2010
平均数 49, 方差 8
push固定数一般是0 ==> 0
push固定数一般是0 ==> 0
固定数字 数组 [1,0,0,0], 还原为 16777216
固定检测是否[0,0,0,0] ==> 0,0,0,0
屏幕信息 数组 [1,131], 还原为 387
屏幕信息 数组 [7,128], 还原为 1920
屏幕信息 数组 [4,16], 还原为 1040
屏幕信息 数组 [7,128], 还原为 1920
固定检测 数组 [0,0,0,0,0,0,0,0]
当前特征标记: 10 长度: 19 值: [1,13,102,143,148,129,185,228,117,167,0,14,108,244,161,12,154,191,4]
开头两位 1,13
耗时(一般为假的时间戳 + 一点值) 数组值为 102,143,148,129 merge后 1720685697; 与假的时间戳对照 1720685697
arr3x[19] 数组值为 185,228,117,167 merge后 3118757287 与arr3x[19]对照3118757287
{合并长数字: [Math.floor(Math.random() * 1048575)]运算结果 945396, [(Date.now() & 4294967295) >>> 0]运算结果 2701957823}
长数字 值为 0,14,108,244,161,12,154,191 merge后 4060447603727039
arr3x[24] 数组值为4 与arr3x[24]对照 4
当前特征标记: 7 长度: 12 值: [1,0,0,0,0,0,0,0,16,21,34,145]
固定数字 数组 [1,0,0,0], 还原为 16777216
split4数字 数组 [0,0,0,0], 还原为 0
specialVal 数组 [16,21], 还原为 4117
函数的crc32 index:30 数组 [34,145], 还原为 8849
境还原
当前特征标记: 0 长度: 1 值: [0]
指纹数组 值[0]
境还原
当前特征标记: 6 长度: 16 值: [1,0,0,0,0,1,240,252,233,44,63,102,1,0,0,23]
前面6位环境 结果 [1,0,0,0,0,1]
ywut arr8 结果 [240,252,233,44,63,102,1,0]
末尾两位 结果 [0,23], merge后 23
境还原
当前特征标记: 2 长度: 4 值: [102,126,103,180]
20取4 结果 [102,126,103,180]
境还原
当前特征标记: 9 长度: 2 值: [8,0]
9号为固定即可 结果 [8,0]
当前特征标记: 13 长度: 1 值: [0]
13号为固定即可 结果 [0]
环境还原
当前特征标记: 15 长度: 8 值: [7,123,34,107,34,58,49,125]
15号为固定即可 结果 [7,123,34,107,34,58,49,125]
其中 15为新增校验数组,对应环境。
至此,瑞数纯算校验点全部完成~
瑞数系列完结撒花~
已完成瑞数纯算通杀系列,以及解ck查看改版信息系列脚本,有需求可以联系博主
let v = huaqu0727瑞数4,5补环境成品代码已在星球开源,有兴趣的朋友可以支持一下QAQ
后续会更新6,vmp补环境,纯算等,以及各大平台验证码,某直聘相关,
新人星球,感谢大家支持!
扫一扫
5534
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
