title: 猿人学第五题js混淆-乱码加强
date: 2023-08-20 13:54:28
tags:
©©©©直通网址。
第五题需要请求到5页直播间数据,然后计算排行前5名的热度之和,这里需要看清楚题目,当时自己写的时候粗心,以为是算全部热度之和。
分析网站
©©分析网站发现请求参数有m和f,感觉像是时间戳,之后在看请求头,发现cookies中存在m与RM4hZBv0dDon443M值是变化的,可能就是需要你要逆向的加密参数。
hookcookies中的m
hook代码如下:
(function () {
var val = "";
Object.defineProperty(document, "cookie", {
set(v) {
debugger;
val = v;
}, get() {
return val;
}
})
})();
首先点击application,删除当前网站上保存的cookies信息,然后打开script脚本选项,将网站在发送请求的时候能够停在第一句js代码,之后将hook代码注入,取消script,点击暂停键,hook到m的值,如图,在调用站中点击前一个调用站,拿到生成m的加密入口,调试停在了_0x474032函数上,,m的加密方法就可以扣js代码来实现。
hookcookies中的m
使用同样是方法hook-RM4hZBv0dDon443M的值,找到加密位置,如图
发现是将window对象中_KaTeX parse error: Expected group after '_' at position 20: …进行加密,然后再当前页面中搜索_̲ss,发现只有加密入口这一个位置存在,当时自己写的时候,也疑惑了一会,甚至在看代码,直到看到了如下代码,感觉有点不一样,最后尝试输出了’_KaTeX parse error: Expected group after '_' at position 5: ' + _̲UH[0x348][0x1] + _KaTeX parse error: Expected group after '_' at position 24: …][0x1]后发现拼接之后就是_̲ss值,给自己了一个提醒,如果找不到对象的时候可以试着分开来辨别。
然后就是分析这段代码,使用控制台还原代码,结果如下:
_$Ww = _$Tk["enc"]["Utf8"]["parse"](_0x4e96b4['_$pr']["toString"]()),
_0x4e96b4['_$qF'] = _$Tk['enc']['Utf8']["parse"](btoa(_0x4e96b4['_$is'])['slice'](0x0, 0x10));
_0x29dd83 = _$Tk['AES']["encrypt"](_$Ww, _0x4e96b4["_$qF"], {
'mode': _$Tk["mode"]["ECB"],
'padding': _$Tk["pad"]["Pkcs7"]
}),
RM4hZBv0dDon443M = _0x29dd83["toString"]();
很容易的看出RM4hZBv0dDon443M的加密方法是AES加密,秘钥是_0x4e96b4[‘_KaTeX parse error: Expected group after '_' at position 38: …字符串是_0x4e96b4['_̲pr’]对象转换成字符串之后的结果,0x4e96b4['KaTeX parse error: Expected group after '_' at position 37: …面中搜索_0x4e96b4['_̲pr’]几个结果都是当前对象使用的push方法,大胆猜测这是一个列表,对搜索到的位置添加断点,发现在1717代码位置执行了4次,最后跳到
868代码位置执行了次,那么,0x4e96b4['KaTeX parse error: Expected group after '_' at position 50: …使用的是_0x4e96b4['_̲is’],所以m的加密结果与_0x4e96b4[‘_$pr’]最后一个值应该是一样的。
加密部分分析之后,还有请求参数需要解决,猿人学网站的习惯是将参数的设置直接写到html中,这样就直接在调用站的面板上找到requests,然后点击,在源面板中ctrl+f搜索m或者是f,发现m是window对象的_KaTeX parse error: Expected group after '_' at position 56: …样一句 _0x4e96b4['_̲is’] = _$yw;
而_
y
w
的值加密之后赋值给了
m
,
f
的值是
w
i
n
d
o
w
.
yw的值加密之后赋值给了m,f的值是window.
yw的值加密之后赋值给了m,f的值是window._zw[23],这就需要分析这个值是来的,在搜索框中搜索$_zw,结果如图所示
,有很多push代码,然后设置断点找到下表为23的push位置,发现通过添加$_t1实现,而$_t1是时间戳。
总结加密逻辑
定义一个列表用于存储5次加密数据,前四次加密方发都是通过创建时间对象,使用Date.parse()方法将描述去掉,使用_0x474032函数实现加密之后添加到列表中,然后再创建一个时间戳,这个时间戳就是window._$is的值,使用_0x474032加密之后赋值给m,在添加到列表中的,最后使用AES对列表形成的字符串完成最后的加密操作。
代码实现
py代码
import requests,execjs
def get_json(url, params,data):
headers = {"User-Agent": "yuanrenxue.project"}
cookie = {"sessionid": "fegp0c1soa41kquu0jiizqebncogd8l3",
"m": data['cookies_m'],
"RM4hZBv0dDon443M": data["RM4hZBv0dDon443M"]}
res = requests.get(url, headers=headers, params=params, cookies=cookie)
print(res)
values = res.json()['data']
return values
val = []
js = execjs.compile(open('test.js', 'r', encoding='utf-8').read())
data = js.call('main')
for page in range(1,6):
params = {'page': page,
"m": data['can_m'],
"f": data['f']}
url = 'https://match.yuanrenxue.cn/api/match/5'
values = get_json(url, params, data)
for j in values:
val.append(j['value'])
val.sort(reverse=True)
sum = 0
for i in val[:5]:
sum += i
print(sum)
js代码
var _0x4e96b4 = global;
function _0x32032f(_0x520fdf, _0x13921d, _0x1af9d5, _0x4a2311, _0xb6d40a, _0x1d58da, _0x361df0) {
return _0xaaef84(_0x13921d ^ _0x1af9d5 ^ _0x4a2311, _0x520fdf, _0x13921d, _0xb6d40a, _0x1d58da, _0x361df0);
}
function _0x3180ec(_0x401705, _0x240e6a, _0x56b131, _0x5a5c20, _0x1f2a72, _0x2bfc1, _0x19741a) {
return _0xaaef84(_0x240e6a & _0x5a5c20 | _0x56b131 & ~_0x5a5c20, _0x401705, _0x240e6a, _0x1f2a72, _0x2bfc1, _0x19741a);
}
function _0x12e4a8(_0x7542c8, _0x5eada0) {
var _0x41f81f = (0xffff & _0x7542c8) + (0xffff & _0x5eada0);
return (_0x7542c8 >> 0x10) + (_0x5eada0 >> 0x10) + (_0x41f81f >> 0x10) << 0x10 | 0xffff & _0x41f81f;
}
function _0x4b459d(_0x8d8f2a, _0x406d34, _0x53e7d7, _0x26c827, _0xec41ea, _0x52dead, _0x3f66e7) {
return _0xaaef84(_0x53e7d7 ^ (_0x406d34 | ~_0x26c827), _0x8d8f2a, _0x406d34, _0xec41ea, _0x52dead, _0x3f66e7);
}
function _0x3634fc(_0x5803ba, _0x1ce5b2) {
return _0x5803ba << _0x1ce5b2 | _0x5803ba >>> 0x20 - _0x1ce5b2;
}
function _0xaaef84(_0xaf3112, _0x2a165a, _0x532fb4, _0x10aa40, _0x41c4e7, _0x1cb4da) {
return _0x12e4a8(_0x3634fc(_0x12e4a8(_0x12e4a8(_0x2a165a, _0xaf3112), _0x12e4a8(_0x10aa40, _0x1cb4da)), _0x41c4e7), _0x532fb4);
}
function _0x48d200(_0x4b706e, _0x3c3a85, _0x111154, _0x311f9f, _0x5439cf, _0x38cac7, _0x26bd2e) {
return _0xaaef84(_0x3c3a85 & _0x111154 | ~_0x3c3a85 & _0x311f9f, _0x4b706e, _0x3c3a85, _0x5439cf, _0x38cac7, _0x26bd2e);
}
function _0x12b47d(_0x149183) {
var _0xabbcb3, _0x1145c3 = '', _0x4fce58 = 0x20 * _0x149183["length"];
for (_0xabbcb3 = 0x0; _0xabbcb3 < _0x4fce58; _0xabbcb3 += 0x8)
_0x1145c3 += String["fromCharCode"](_0x149183[_0xabbcb3 >> 0x5] >>> _0xabbcb3 % 0x20 & 0xff);
return _0x1145c3;
}
function _0x35f5f2(_0x243853) {
var _0x139b8b, _0xa791a1 = [];
for (_0xa791a1[(_0x243853["length"] >> 0x2) - 0x1] = void 0x0,
_0x139b8b = 0x0; _0x139b8b < _0xa791a1["length"]; _0x139b8b += 0x1)
_0xa791a1[_0x139b8b] = 0x0;
var _0x41a533 = 0x8 * _0x243853["length"];
for (_0x139b8b = 0x0; _0x139b8b < _0x41a533; _0x139b8b += 0x8)
_0xa791a1[_0x139b8b >> 0x5] |= (0xff & _0x243853["charCodeAt"](_0x139b8b / 0x8)) << _0x139b8b % 0x20;
return _0xa791a1;
}
var _0x1171c8 = 0x67452301;
var _0x4dae05 = -0x10325477;
var _0x183a1d = -0x67452302;
var _0xcfa373 = 0x10325476;
function _0x11a7a2(_0x193f00, _0x1cfe89) {
_0x193f00[_0x1cfe89 >> 0x5] |= 0x80 << _0x1cfe89 % 0x20,
_0x193f00[0xe + (_0x1cfe89 + 0x40 >>> 0x9 << 0x4)] = _0x1cfe89;
var _0x42fb36 = 16;
op = 27;
b64pad = 1;
var _0x1badc3, _0x38ca59, _0x431764, _0x43f1b4, _0x5722c0, _0x3e0c38 = _0x1171c8, _0xdb4d2c = _0x4dae05,
_0x1724c5 = _0x183a1d, _0x257ec6 = _0xcfa373;
_0x4e96b4['_$6_'] = -389564586;
_0x4e96b4['_$Jy'] = -405537848;
_0x4e96b4['_$tT'] = -660478335;
for (_0x1badc3 = 0x0; _0x1badc3 < _0x193f00['length']; _0x1badc3 += _0x42fb36)
_0x38ca59 = _0x3e0c38,
_0x431764 = _0xdb4d2c,
_0x43f1b4 = _0x1724c5,
_0x5722c0 = _0x257ec6,
_0x3e0c38 = _0x48d200(_0x3e0c38, _0xdb4d2c, _0x1724c5, _0x257ec6, _0x193f00[_0x1badc3], 0x7, 0x7d60c),
_0x257ec6 = _0x48d200(_0x257ec6, _0x3e0c38, _0xdb4d2c, _0x1724c5, _0x193f00[_0x1badc3 + 0x1], 0xc, _0x4e96b4['_$6_']),
_0x1724c5 = _0x48d200(_0x1724c5, _0x257ec6, _0x3e0c38, _0xdb4d2c, _0x193f00[_0x1badc3 + 0x2], 0x11, 0x242070db),
_0xdb4d2c = _0x48d200(_0xdb4d2c, _0x1724c5, _0x257ec6, _0x3e0c38, _0x193f00[_0x1badc3 + 0x3], 0x16, -0x3e423112),
_0x3e0c38 = _0x48d200(_0x3e0c38, _0xdb4d2c, _0x1724c5, _0x257ec6, _0x193f00[_0x1badc3 + 0x4], 0x7, -0xa83f051),
_0x257ec6 = _0x48d200(_0x257ec6, _0x3e0c38, _0xdb4d2c, _0x1724c5, _0x193f00[_0x1badc3 + 0x5], 0xc, 0x4787c62a),
_0x1724c5 = _0x48d200(_0x1724c5, _0x257ec6, _0x3e0c38, _0xdb4d2c, _0x193f00[_0x1badc3 + 0x6], 0x11, -0x57cfb9ed),
_0xdb4d2c = _0x48d200(_0xdb4d2c, _0x1724c5, _0x257ec6, _0x3e0c38, _0x193f00[_0x1badc3 + 0x7], 0x16, -0x2b96aff),
_0x3e0c38 = _0x48d200(_0x3e0c38, _0xdb4d2c, _0x1724c5, _0x257ec6, _0x193f00[_0x1badc3 + 0x8], 0x7, 0x698098d8),
_0x257ec6 = _0x48d200(_0x257ec6, _0x3e0c38, _0xdb4d2c, _0x1724c5, _0x193f00[_0x1badc3 + 0x9], 0xc, -0x74bb0851),
_0x1724c5 = _0x48d200(_0x1724c5, _0x257ec6, _0x3e0c38, _0xdb4d2c, _0x193f00[_0x1badc3 + 0xa], 0x11, -0xa44f),
_0xdb4d2c = _0x48d200(_0xdb4d2c, _0x1724c5, _0x257ec6, _0x3e0c38, _0x193f00[_0x1badc3 + 0xb], 0x16, -0x76a32842),
_0x3e0c38 = _0x48d200(_0x3e0c38, _0xdb4d2c, _0x1724c5, _0x257ec6, _0x193f00[_0x1badc3 + 0xc], 0x7, 0x6b901122),
_0x257ec6 = _0x48d200(_0x257ec6, _0x3e0c38, _0xdb4d2c, _0x1724c5, _0x193f00[_0x1badc3 + 0xd], 0xc, -0x2678e6d),
_0x1724c5 = _0x48d200(_0x1724c5, _0x257ec6, _0x3e0c38, _0xdb4d2c, _0x193f00[_0x1badc3 + 0xe], 0x11, -0x5986bc72),
_0xdb4d2c = _0x48d200(_0xdb4d2c, _0x1724c5, _0x257ec6, _0x3e0c38, _0x193f00[_0x1badc3 + 0xf], 0x16, 0x49b40821),
_0x3e0c38 = _0x3180ec(_0x3e0c38, _0xdb4d2c, _0x1724c5, _0x257ec6, _0x193f00[_0x1badc3 + 0x1], 0x5, -0x9e1da9e),
_0x257ec6 = _0x3180ec(_0x257ec6, _0x3e0c38, _0xdb4d2c, _0x1724c5, _0x193f00[_0x1badc3 + 0x6], 0x9, -0x3fbf4cc0),
_0x1724c5 = _0x3180ec(_0x1724c5, _0x257ec6, _0x3e0c38, _0xdb4d2c, _0x193f00[_0x1badc3 + 0xb], 0xe, 0x265e5a51),
_0xdb4d2c = _0x3180ec(_0xdb4d2c, _0x1724c5, _0x257ec6, _0x3e0c38, _0x193f00[_0x1badc3], 0x14, -0x16493856),
_0x3e0c38 = _0x3180ec(_0x3e0c38, _0xdb4d2c, _0x1724c5, _0x257ec6, _0x193f00[_0x1badc3 + 0x5], 0x5, -0x29d0efa3),
_0x257ec6 = _0x3180ec(_0x257ec6, _0x3e0c38, _0xdb4d2c, _0x1724c5, _0x193f00[_0x1badc3 + 0xa], 0x9, 0x2441453),
_0x1724c5 = _0x3180ec(_0x1724c5, _0x257ec6, _0x3e0c38, _0xdb4d2c, _0x193f00[_0x1badc3 + 0xf], 0xe, _0x4e96b4['_$tT']),
_0xdb4d2c = _0x3180ec(_0xdb4d2c, _0x1724c5, _0x257ec6, _0x3e0c38, _0x193f00[_0x1badc3 + 0x4], 0x14, _0x4e96b4['_$Jy']),
_0x3e0c38 = _0x3180ec(_0x3e0c38, _0xdb4d2c, _0x1724c5, _0x257ec6, _0x193f00[_0x1badc3 + 0x9], 0x5, 0x21e1cde6),
_0x257ec6 = _0x3180ec(_0x257ec6, _0x3e0c38, _0xdb4d2c, _0x1724c5, _0x193f00[_0x1badc3 + 0xe], 0x9, -0x3cc8aa0a),
_0x1724c5 = _0x3180ec(_0x1724c5, _0x257ec6, _0x3e0c38, _0xdb4d2c, _0x193f00[_0x1badc3 + 0x3], 0xe, -0xb2af279),
_0xdb4d2c = _0x3180ec(_0xdb4d2c, _0x1724c5, _0x257ec6, _0x3e0c38, _0x193f00[_0x1badc3 + 0x8], 0x14, 0x455a14ed),
_0x3e0c38 = _0x3180ec(_0x3e0c38, _0xdb4d2c, _0x1724c5, _0x257ec6, _0x193f00[_0x1badc3 + 0xd], 0x5, -0x5caa8e7b),
_0x257ec6 = _0x3180ec(_0x257ec6, _0x3e0c38, _0xdb4d2c, _0x1724c5, _0x193f00[_0x1badc3 + 0x2], 0x9, -0x3105c08),
_0x1724c5 = _0x3180ec(_0x1724c5, _0x257ec6, _0x3e0c38, _0xdb4d2c, _0x193f00[_0x1badc3 + 0x7], 0xe, 0x676f02d9),
_0xdb4d2c = _0x3180ec(_0xdb4d2c, _0x1724c5, _0x257ec6, _0x3e0c38, _0x193f00[_0x1badc3 + 0xc], 0x14, -0x72d5b376),
_0x3e0c38 = _0x32032f(_0x3e0c38, _0xdb4d2c, _0x1724c5, _0x257ec6, _0x193f00[_0x1badc3 + 0x5], 0x4, -0x241282e),
_0x257ec6 = _0x32032f(_0x257ec6, _0x3e0c38, _0xdb4d2c, _0x1724c5, _0x193f00[_0x1badc3 + 0x8], 0xb, -0x788e097f),
_0x1724c5 = _0x32032f(_0x1724c5, _0x257ec6, _0x3e0c38, _0xdb4d2c, _0x193f00[_0x1badc3 + 0xb], 0x10, 0x6d9d6122),
_0xdb4d2c = _0x32032f(_0xdb4d2c, _0x1724c5, _0x257ec6, _0x3e0c38, _0x193f00[_0x1badc3 + 0xe], 0x17, -0x21ac7f4),
_0x3e0c38 = _0x32032f(_0x3e0c38, _0xdb4d2c, _0x1724c5, _0x257ec6, _0x193f00[_0x1badc3 + 0x1], 0x4, -0x5b4115bc * b64pad),
_0x257ec6 = _0x32032f(_0x257ec6, _0x3e0c38, _0xdb4d2c, _0x1724c5, _0x193f00[_0x1badc3 + 0x4], 0xb, 0x4bdecfa9),
_0x1724c5 = _0x32032f(_0x1724c5, _0x257ec6, _0x3e0c38, _0xdb4d2c, _0x193f00[_0x1badc3 + 0x7], 0x10, -0x944b4a0),
_0xdb4d2c = _0x32032f(_0xdb4d2c, _0x1724c5, _0x257ec6, _0x3e0c38, _0x193f00[_0x1badc3 + 0xa], 0x17, -0x41404390),
_0x3e0c38 = _0x32032f(_0x3e0c38, _0xdb4d2c, _0x1724c5, _0x257ec6, _0x193f00[_0x1badc3 + 0xd], 0x4, 0x289b7ec6),
_0x257ec6 = _0x32032f(_0x257ec6, _0x3e0c38, _0xdb4d2c, _0x1724c5, _0x193f00[_0x1badc3], 0xb, -0x155ed806),
_0x1724c5 = _0x32032f(_0x1724c5, _0x257ec6, _0x3e0c38, _0xdb4d2c, _0x193f00[_0x1badc3 + 0x3], 0x10, -0x2b10cf7b),
_0xdb4d2c = _0x32032f(_0xdb4d2c, _0x1724c5, _0x257ec6, _0x3e0c38, _0x193f00[_0x1badc3 + 0x6], 0x17, 0x2d511fd9),
_0x3e0c38 = _0x32032f(_0x3e0c38, _0xdb4d2c, _0x1724c5, _0x257ec6, _0x193f00[_0x1badc3 + 0x9], 0x4, -0x3d12017),
_0x257ec6 = _0x32032f(_0x257ec6, _0x3e0c38, _0xdb4d2c, _0x1724c5, _0x193f00[_0x1badc3 + 0xc], 0xb, -0x1924661b),
_0x1724c5 = _0x32032f(_0x1724c5, _0x257ec6, _0x3e0c38, _0xdb4d2c, _0x193f00[_0x1badc3 + 0xf], 0x10, 0x1fa27cf8),
_0xdb4d2c = _0x32032f(_0xdb4d2c, _0x1724c5, _0x257ec6, _0x3e0c38, _0x193f00[_0x1badc3 + 0x2], 0x17, -0x3b53a99b),
_0x3e0c38 = _0x4b459d(_0x3e0c38, _0xdb4d2c, _0x1724c5, _0x257ec6, _0x193f00[_0x1badc3], 0x6, -0xbd6ddbc),
_0x257ec6 = _0x4b459d(_0x257ec6, _0x3e0c38, _0xdb4d2c, _0x1724c5, _0x193f00[_0x1badc3 + 0x7], 0xa, 0x432aff97),
_0x1724c5 = _0x4b459d(_0x1724c5, _0x257ec6, _0x3e0c38, _0xdb4d2c, _0x193f00[_0x1badc3 + 0xe], 0xf, -0x546bdc59),
_0xdb4d2c = _0x4b459d(_0xdb4d2c, _0x1724c5, _0x257ec6, _0x3e0c38, _0x193f00[_0x1badc3 + 0x5], 0x15, -0x36c5fc7),
_0x3e0c38 = _0x4b459d(_0x3e0c38, _0xdb4d2c, _0x1724c5, _0x257ec6, _0x193f00[_0x1badc3 + 0xc], 0x6, 0x655b59c3),
_0x257ec6 = _0x4b459d(_0x257ec6, _0x3e0c38, _0xdb4d2c, _0x1724c5, _0x193f00[_0x1badc3 + 0x3], 0xa, -0x70ef89ee),
_0x1724c5 = _0x4b459d(_0x1724c5, _0x257ec6, _0x3e0c38, _0xdb4d2c, _0x193f00[_0x1badc3 + 0xa], 0xf, -0x644f153),
_0xdb4d2c = _0x4b459d(_0xdb4d2c, _0x1724c5, _0x257ec6, _0x3e0c38, _0x193f00[_0x1badc3 + 0x1], 0x15, -0x7a7ba22f),
_0x3e0c38 = _0x4b459d(_0x3e0c38, _0xdb4d2c, _0x1724c5, _0x257ec6, _0x193f00[_0x1badc3 + 0x8], 0x6, 0x6fa87e4f),
_0x257ec6 = _0x4b459d(_0x257ec6, _0x3e0c38, _0xdb4d2c, _0x1724c5, _0x193f00[_0x1badc3 + 0xf], 0xa, -0x1d31920),
_0x1724c5 = _0x4b459d(_0x1724c5, _0x257ec6, _0x3e0c38, _0xdb4d2c, _0x193f00[_0x1badc3 + 0x6], 0xf, -0x5cfebcec),
_0xdb4d2c = _0x4b459d(_0xdb4d2c, _0x1724c5, _0x257ec6, _0x3e0c38, _0x193f00[_0x1badc3 + 0xd], 0x15, 0x4e0811a1),
_0x3e0c38 = _0x4b459d(_0x3e0c38, _0xdb4d2c, _0x1724c5, _0x257ec6, _0x193f00[_0x1badc3 + 0x4], 0x6, -0x8ac817e),
_0x257ec6 = _0x4b459d(_0x257ec6, _0x3e0c38, _0xdb4d2c, _0x1724c5, _0x193f00[_0x1badc3 + 0xb], 0xa, -1120211379),
_0x1724c5 = _0x4b459d(_0x1724c5, _0x257ec6, _0x3e0c38, _0xdb4d2c, _0x193f00[_0x1badc3 + 0x2], 0xf, 0x2ad7d2bb),
_0xdb4d2c = _0x4b459d(_0xdb4d2c, _0x1724c5, _0x257ec6, _0x3e0c38, _0x193f00[_0x1badc3 + 0x9], 0x15, -0x14792c01),
_0x3e0c38 = _0x12e4a8(_0x3e0c38, _0x38ca59),
_0xdb4d2c = _0x12e4a8(_0xdb4d2c, _0x431764),
_0x1724c5 = _0x12e4a8(_0x1724c5, _0x43f1b4),
_0x257ec6 = _0x12e4a8(_0x257ec6, _0x5722c0);
return [_0x3e0c38, _0xdb4d2c, _0x1724c5, _0x257ec6];
}
function _0x1ee7ec(_0x206333) {
return _0x12b47d(_0x11a7a2(_0x35f5f2(_0x206333), 0x8 * _0x206333["length"]));
}
console.log(_0x11a7a2(_0x35f5f2(1692499226472), 0x8 * 1692499226472["length"]))
function _0x2b8a17(_0x36f847) {
return unescape(encodeURIComponent(_0x36f847));
}
function _0x41873d(_0x5a6962) {
return _0x1ee7ec(_0x2b8a17(_0x5a6962));
}
function _0x499969(_0x82fe7e) {
var _0x5bdda4, _0x322a73, _0xd0b5cd = '0123456789abcdef', _0x21f411 = '';
for (_0x322a73 = 0x0; _0x322a73 < _0x82fe7e["length"]; _0x322a73 += 0x1)
_0x5bdda4 = _0x82fe7e["charCodeAt"](_0x322a73),
_0x21f411 += _0xd0b5cd['charAt'](_0x5bdda4 >>> 0x4 & 0xf) + _0xd0b5cd['charAt'](0xf & _0x5bdda4);
return _0x21f411;
}
function _0x37614a(_0x32e7c1) {
return _0x499969(_0x41873d(_0x32e7c1));
}
function _0x474032(_0x233f82, _0xe2ed33, _0x3229f9) {
return _0xe2ed33 ? _0x3229f9 ? v(_0xe2ed33, _0x233f82) : y(_0xe2ed33, _0x233f82) : _0x3229f9 ? _0x41873d(_0x233f82) : _0x37614a(_0x233f82);
}
function _0x2d5f5b() {
return new Date()['valueOf']();
}
function _0x12eaf3() {
return Date['parse'](new Date());
}
var _$Tk = require('crypto-js')
function main(){
var m,f = Date.parse(new Date()),t;
_0x4e96b4['_$pr'] = [];
for (var i=0;i<4;i++){
t = _0x12eaf3();
_0x4e96b4['_$pr']['push'](_0x474032(t));
}
var _$yw = _0x2d5f5b()["toString"]();//参数m
m = _0x474032(_$yw);//加密后的参数吗作为cookies中吗的值
_0x4e96b4['_$is'] = _$yw;
_0x4e96b4['_$pr']['push'](m);//最后一个参数与cookies中的吗值一样
_$Ww = _$Tk["enc"]["Utf8"]["parse"](_0x4e96b4['_$pr']["toString"]()),
_0x4e96b4['_$qF'] = _$Tk['enc']['Utf8']["parse"](btoa(_0x4e96b4['_$is'])['slice'](0x0, 0x10));
_0x29dd83 = _$Tk['AES']["encrypt"](_$Ww, _0x4e96b4["_$qF"], {
'mode': _$Tk["mode"]["ECB"],
'padding': _$Tk["pad"]["Pkcs7"]
}),
RM4hZBv0dDon443M = _0x29dd83["toString"]();
return {"can_m": _$yw,
"f": f.toString(),
"cookies_m": m,
"RM4hZBv0dDon443M": RM4hZBv0dDon443M}
}
//console.log(main())
// 前4个来自_$Wa = _0x12eaf3();
// _0x3d0f3f[_$Fe] = 'm=' + _0x474032(_$Wa) + ';\x20path=/';
// _0x4e96b4['_$pr']['push'](_0x474032(_$Wa));
// 第5个来自是m的加密参数也是最后一个 _$yw = _0x2d5f5b()[_$UH[0x1f]]();
// _0x3d0f3f[_$Fe] = 'm=' + _0x474032(_$yw) + ';\x20path=/';
// _0x4e96b4['_$is'] = _$yw;
//
// _0x4e96b4['_$pr']['push'](_0x474032(_$yw));