猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】

 发布文章内容,只为自己自学逆向分析做一个记录,方便以后加以巩固学习逆向分析。
本人为逆向学习小白,所以发布的内容都是简单的逆向分析。大佬请高抬贵手!

目标网址

https://match.yuanrenxue.com/match/2
猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】

逆向题目

提取全部5页发布日热度的值,计算所有值的加和,并提交答案
猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】

猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】


开始分析

 

1、打开chrome浏览器后,打开开发者工具,然后在开始之前,先清空一下缓存
猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】

猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】

2、重新刷新网页,发现网站开始进入 debugger;
猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】

 猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】

3、这个的反调试相对的比较简单,我们先按照最简单的方式来一下,在debugger;进行下断点

并且编辑断点为false;然后然后让代码继续走;
猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】

 猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】

 

4、然后就直接跳转到了 网页源代码上,并且在浏览器中也正常的可以看到热度值!
猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】

 猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】

 

5、并且在network 面板中 也可以看到 热度值的 api 
猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】

猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】

 猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】

6、好像没有什么可以发现的需要分析的东西,然后在点击展示页中的第二页的时候,发现cookie失效了
猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】

 猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】

 

7、并且在点击确认弹窗的按钮后,页面进行了重载刷新,但是注意到一个细节,就是这次的刷新没有被debugger到,一切都是这么的丝滑。

那么这个点可能出现在了请求的cookie上面了!
猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】

猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】

8、发现了 在开始请求页面的时候 有过一次重载 ,

并且第一次请求页面的时候,并没有cookie值产生

返回的是一串js代码

在第二次请求相同页面的时候才传递了一个cookie值

并且这个cookie值很熟悉,对,很像第一题中的 m 值


猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】

 猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】

并且可以看到一点,就是在请求热度值的数据的时候,cookie也是携带了m 值的

在加上上面的cookie失效的问题来讲,大致的可以分析出来

应该是第一次请求页面的时候,就在开始计算m 值,然后把这个m值添加到cookie中去

然后通过携带的这个m值的cookie在重新的请求一次页面 和 请求热度值获取数据
猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】

 猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】

那么我们可以把 第一次请求页面的 返回js 代码进行分析一下 看看是怎么获取到m值的
猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】

 

又是一大坨ob的混淆,看的头痛。

那么这个如何下手嘞。。。

作为菜鸟的我想到了 两种方式


第一种就是 直接通过官网提供的OB反混淆工具 进行代码清洗

然后去 慢慢看 代码的执行流程 找到关键cookie生成m 值的地方


第二种就是 通过hook的方式 去hook cookie 的m 值 生成的时候的流程在哪里

然后开始扒需要用到的函数




猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】

OB反混淆

还是简单一点,直接把 代码拖到官网的 ob反混淆工具中

猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】

(function $dbsm_0x102ce0(_0x1c3497) {
    var _0x5a292f = function () {
      var _0x43e406 = true;
      return function (_0x2f7e34, _0x3732c2) {
        var _0xe8d469 = _0x43e406 ? function () {
          if (_0x3732c2) {
            var _0x3342b1 = _0x3732c2["apply"](_0x2f7e34, arguments);
  
            _0x3732c2 = null;
            return _0x3342b1;
          }
        } : function () {};
  
        _0x43e406 = false;
        return _0xe8d469;
      };
    }();
  
    var _0x2b85c5 = function () {
      var _0x5df4b2 = true;
      return function (_0x426194, _0x5adab4) {
        var _0x587073 = _0x5df4b2 ? function () {
          if (_0x5adab4) {
            var _0x4ddedc = _0x5adab4["apply"](_0x426194, arguments);
  
            _0x5adab4 = null;
            return _0x4ddedc;
          }
        } : function () {};
  
        _0x5df4b2 = false;
        return _0x587073;
      };
    }();
  
    function _0x3cd85f(_0x55da45, _0x245c09) {
      var _0x57967a = (65535 & _0x55da45) + (65535 & _0x245c09);
  
      return (_0x55da45 >> 16) + (_0x245c09 >> 16) + (_0x57967a >> 16) << 16 | 65535 & _0x57967a;
    }
  
    function _0x523d8f(_0x2c2cab, _0x51c62b) {
      return _0x2c2cab << _0x51c62b | _0x2c2cab >>> 32 - _0x51c62b;
    }
  
    function _0x260e1a(_0x30feae, _0x3f4975, _0x3a5c8e, _0x545ff3, _0x4ffdf9, _0x45c8d8) {
      return _0x3cd85f(_0x523d8f(_0x3cd85f(_0x3cd85f(_0x3f4975, _0x30feae), _0x3cd85f(_0x545ff3, _0x45c8d8)), _0x4ffdf9), _0x3a5c8e);
    }
  
    function _0x27b659(_0xdff166, _0x44dd4f, _0x2aa179, _0x12539d, _0x31410b, _0x590de8, _0xf385a3) {
      return _0x260e1a(_0x44dd4f & _0x2aa179 | ~_0x44dd4f & _0x12539d, _0xdff166, _0x44dd4f, _0x31410b, _0x590de8, _0xf385a3);
    }
  
    function _0x3c97e0(_0x1b0edf, _0x186f86, _0x23de9e, _0x5cdff6, _0xa62582, _0x3be53d, _0x1dadef) {
      return _0x260e1a(_0x186f86 & _0x5cdff6 | _0x23de9e & ~_0x5cdff6, _0x1b0edf, _0x186f86, _0xa62582, _0x3be53d, _0x1dadef);
    }
  
    function _0x44e90c(_0xdc8568, _0x2ed253) {
      let _0x331cd9 = [99, 111, 110, 115, 111, 108, 101];
      let _0x3decb0 = "";
  
      for (let _0x209b90 = 0; _0x209b90 < _0x331cd9["length"]; _0x209b90++) {
        _0x3decb0 += String["fromCharCode"](_0x331cd9[_0x209b90]);
      }
  
      return _0x3decb0;
    }
  
    function _0x83c42b(_0x1bb2a5, _0x3e8295, _0x2d0621, _0x21d587, _0x2d0ee2, _0x1944ba, _0x4c5f2c) {
      return _0x260e1a(_0x3e8295 ^ _0x2d0621 ^ _0x21d587, _0x1bb2a5, _0x3e8295, _0x2d0ee2, _0x1944ba, _0x4c5f2c);
    }
  
    function _0x339190(_0x6658ad, _0x810ec7, _0x6b9957, _0x446fdf, _0xd83027, _0x45257f, _0x542c6b) {
      return _0x260e1a(_0x6b9957 ^ (_0x810ec7 | ~_0x446fdf), _0x6658ad, _0x810ec7, _0xd83027, _0x45257f, _0x542c6b);
    }
  
    function _0x4c4af4(_0x351757, _0xb6bc34) {
      if (_0xb6bc34) {
        return _0x339190(_0x351757);
      }
  
      return _0x44e90c(_0x351757);
    }
  
    function _0x2c1617(_0xd1cbdf, _0x78adee) {
      let _0x227258 = "";
  
      for (let _0x3f9a1 = 0; _0x3f9a1 < _0xd1cbdf["length"]; _0x3f9a1++) {
        _0x227258 += String["fromCharCode"](_0xd1cbdf[_0x3f9a1]);
      }
  
      return _0x227258;
    }
  
    function _0x3f0df6(_0x21a240, _0x2e646d) {
      var _0x81db3b = _0x5a292f(this, function () {
        var _0x7eb303 = function () {
          var _0x47fa48 = _0x7eb303["constructor"]("return /\" + this + \"/")()["compile"]("^([^ ]+( +[^ ]+)+)+[^ ]}");
  
          return !_0x47fa48["test"](_0x81db3b);
        };
  
        return _0x7eb303();
      });
  
      _0x81db3b();
  
      (function () {
        _0x2b85c5(this, function () {
          var _0x5990ee = new RegExp("function *\\( *\\)");
  
          var _0x1a3ab8 = new RegExp("\\+\\+ *(?:[a-zA-Z_$][0-9a-zA-Z_$]*)", "i");
  
          var _0x1e0f27 = $dbsm_0x20fca2("init");
  
          if (!_0x5990ee["test"](_0x1e0f27 + "chain") || !_0x1a3ab8["test"](_0x1e0f27 + "input")) {
            _0x1e0f27("0");
          } else {
            $dbsm_0x20fca2();
          }
        })();
      })();
  
      _0x4c4af4();
  
      qz = [10, 99, 111, 110, 115, 111, 108, 101, 32, 61, 32, 110, 101, 119, 32, 79, 98, 106, 101, 99, 116, 40, 41, 10, 99, 111, 110, 115, 111, 108, 101, 46, 108, 111, 103, 32, 61, 32, 102, 117, 110, 99, 116, 105, 111, 110, 32, 40, 115, 41, 32, 123, 10, 32, 32, 32, 32, 119, 104, 105, 108, 101, 32, 40, 49, 41, 123, 10, 32, 32, 32, 32, 32, 32, 32, 32, 102, 111, 114, 40, 105, 61, 48, 59, 105, 60, 49, 49, 48, 48, 48, 48, 48, 59, 105, 43, 43, 41, 123, 10, 32, 32, 32, 32, 32, 32, 32, 32, 104, 105, 115, 116, 111, 114, 121, 46, 112, 117, 115, 104, 83, 116, 97, 116, 101, 40, 48, 44, 48, 44, 105, 41, 10, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 125, 10, 32, 32, 32, 32, 125, 10, 10, 125, 10, 99, 111, 110, 115, 111, 108, 101, 46, 116, 111, 83, 116, 114, 105, 110, 103, 32, 61, 32, 39, 91, 111, 98, 106, 101, 99, 116, 32, 79, 98, 106, 101, 99, 116, 93, 39, 10, 99, 111, 110, 115, 111, 108, 101, 46, 108, 111, 103, 46, 116, 111, 83, 116, 114, 105, 110, 103, 32, 61, 32, 39, 402, 32, 116, 111, 83, 116, 114, 105, 110, 103, 40, 41, 32, 123, 32, 91, 110, 97, 116, 105, 118, 101, 32, 99, 111, 100, 101, 93, 32, 125, 39, 10];
      eval(_0x2c1617(qz));
  
      try {
        if (global) {
          console["log"]("\u4EBA\u751F\u82E6\u77ED\uFF0C\u4F55\u5FC5python\uFF1F");
        } else {
          while (1) {
            console["log"]("\u4EBA\u751F\u82E6\u77ED\uFF0C\u4F55\u5FC5python\uFF1F");
            debugger;
          }
        }
      } catch (_0x29d779) {
        return navigator["vendorSub"];
      }
    }
  
    setInterval(_0x3f0df6(), 500);
  
    function _0x51170e(_0x42e7e7, _0x15d64c) {
      _0x42e7e7[_0x15d64c >> 5] |= 128 << _0x15d64c % 32, _0x42e7e7[14 + (_0x15d64c + 64 >>> 9 << 4)] = _0x15d64c;
  
      if (qz) {
        var _0x1f6af0,
            _0x1cdbd9,
            _0x1cd5f8,
            _0x1ff8a2,
            _0x9a5629,
            _0x4c9fb6 = 1732584193,
            _0x462b82 = -271733879,
            _0x3b7106 = -1732584194,
            _0x5e29eb = 271733878;
      } else {
        var _0x1f6af0,
            _0x1cdbd9,
            _0x1cd5f8,
            _0x1ff8a2,
            _0x9a5629,
            _0x4c9fb6 = 0,
            _0x462b82 = -0,
            _0x3b7106 = -0,
            _0x5e29eb = 0;
      }
  
      for (_0x1f6af0 = 0; _0x1f6af0 < _0x42e7e7["length"]; _0x1f6af0 += 16) _0x1cdbd9 = _0x4c9fb6, _0x1cd5f8 = _0x462b82, _0x1ff8a2 = _0x3b7106, _0x9a5629 = _0x5e29eb, _0x4c9fb6 = _0x27b659(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0], 7, -680876936), _0x5e29eb = _0x27b659(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 1], 12, -389564586), _0x3b7106 = _0x27b659(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 2], 17, 606105819), _0x462b82 = _0x27b659(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 3], 22, -1044525330), _0x4c9fb6 = _0x27b659(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 4], 7, -176418897), _0x5e29eb = _0x27b659(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 5], 12, 1200080426), _0x3b7106 = _0x27b659(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 6], 17, -1473231341), _0x462b82 = _0x27b659(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 7], 22, -45705983), _0x4c9fb6 = _0x27b659(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 8], 7, 1770010416), _0x5e29eb = _0x27b659(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 9], 12, -1958414417), _0x3b7106 = _0x27b659(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 10], 17, -42063), _0x462b82 = _0x27b659(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 11], 22, -1990404162), _0x4c9fb6 = _0x27b659(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 12], 7, 1804603682), _0x5e29eb = _0x27b659(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 13], 12, -40341101), _0x3b7106 = _0x27b659(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 14], 17, -1502882290), _0x462b82 = _0x27b659(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 15], 22, 1236535329), _0x4c9fb6 = _0x3c97e0(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 1], 5, -165796510), _0x5e29eb = _0x3c97e0(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 6], 9, -1069501632), _0x3b7106 = _0x3c97e0(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 11], 14, 643717713), _0x462b82 = _0x3c97e0(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0], 20, -373897302), _0x4c9fb6 = _0x3c97e0(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 5], 5, -701558691), _0x5e29eb = _0x3c97e0(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 10], 9, 38016083), _0x3b7106 = _0x3c97e0(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 15], 14, -660478335), _0x462b82 = _0x3c97e0(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 4], 20, -405537848), _0x4c9fb6 = _0x3c97e0(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 9], 5, 568446438), _0x5e29eb = _0x3c97e0(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 14], 9, -1019803690), _0x3b7106 = _0x3c97e0(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 3], 14, -187363961), _0x462b82 = _0x3c97e0(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 8], 20, 1163531501), _0x4c9fb6 = _0x3c97e0(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 13], 5, -1444681467), _0x5e29eb = _0x3c97e0(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 2], 9, -51403784), _0x3b7106 = _0x3c97e0(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 7], 14, 1735328473), _0x462b82 = _0x3c97e0(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 12], 20, -1926607734), _0x4c9fb6 = _0x83c42b(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 5], 4, -378558), _0x5e29eb = _0x83c42b(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 8], 11, -2022574463), _0x3b7106 = _0x83c42b(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 11], 16, 1839030562), _0x462b82 = _0x83c42b(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 14], 23, -35309556), _0x4c9fb6 = _0x83c42b(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 1], 4, -1530992060), _0x5e29eb = _0x83c42b(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 4], 11, 1272893353), _0x3b7106 = _0x83c42b(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 7], 16, -155497632), _0x462b82 = _0x83c42b(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 10], 23, -1094730640), _0x4c9fb6 = _0x83c42b(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 13], 4, 681279174), _0x5e29eb = _0x83c42b(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0], 11, -358537222), _0x3b7106 = _0x83c42b(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 3], 16, -722521979), _0x462b82 = _0x83c42b(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 6], 23, 76029189), _0x4c9fb6 = _0x83c42b(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 9], 4, -640364487), _0x5e29eb = _0x83c42b(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 12], 11, -421815835), _0x3b7106 = _0x83c42b(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 15], 16, 530742520), _0x462b82 = _0x83c42b(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 2], 23, -995338651), _0x4c9fb6 = _0x339190(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0], 6, -198630844), _0x5e29eb = _0x339190(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 7], 10, 1126891415), _0x3b7106 = _0x339190(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 14], 15, -1416354905), _0x462b82 = _0x339190(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 5], 21, -57434055), _0x4c9fb6 = _0x339190(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 12], 6, 1700485571), _0x5e29eb = _0x339190(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 3], 10, -1894986606), _0x3b7106 = _0x339190(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 10], 15, -1051523), _0x462b82 = _0x339190(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 1], 21, -2054922799), _0x4c9fb6 = _0x339190(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 8], 6, 1873313359), _0x5e29eb = _0x339190(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 15], 10, -30611744), _0x3b7106 = _0x339190(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 6], 15, -1560198380), _0x462b82 = _0x339190(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 13], 21, 1309151649), _0x4c9fb6 = _0x339190(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 4], 6, -145523070), _0x5e29eb = _0x339190(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 11], 10, -1120210379), _0x3b7106 = _0x339190(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 2], 15, 718787259), _0x462b82 = _0x339190(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 9], 21, -343485441), _0x4c9fb6 = _0x3cd85f(_0x4c9fb6, _0x1cdbd9), _0x462b82 = _0x3cd85f(_0x462b82, _0x1cd5f8), _0x3b7106 = _0x3cd85f(_0x3b7106, _0x1ff8a2), _0x5e29eb = _0x3cd85f(_0x5e29eb, _0x9a5629);
  
      return [_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb];
    }
  
    function _0x40b065(_0x5d19ae) {
      var _0x1d46aa,
          _0x40c9ef = "",
          _0x1d2ea = 32 * _0x5d19ae["length"];
  
      for (_0x1d46aa = 0; _0x1d46aa < _0x1d2ea; _0x1d46aa += 8) _0x40c9ef += String["fromCharCode"](_0x5d19ae[_0x1d46aa >> 5] >>> _0x1d46aa % 32 & 255);
  
      return _0x40c9ef;
    }
  
    function _0x39c209(_0x5d376f) {
      var _0x302a1b,
          _0xf9cd0e = [];
  
      for (_0xf9cd0e[(_0x5d376f["length"] >> 2) - 1] = undefined, _0x302a1b = 0; _0x302a1b < _0xf9cd0e["length"]; _0x302a1b += 1) _0xf9cd0e[_0x302a1b] = 0;
  
      var _0x52bbbc = 8 * _0x5d376f["length"];
  
      for (_0x302a1b = 0; _0x302a1b < _0x52bbbc; _0x302a1b += 8) _0xf9cd0e[_0x302a1b >> 5] |= (255 & _0x5d376f["charCodeAt"](_0x302a1b / 8)) << _0x302a1b % 32;
  
      return _0xf9cd0e;
    }
  
    function _0x4c5ea3(_0x25c0f4) {
      return _0x40b065(_0x51170e(_0x39c209(_0x25c0f4), 8 * _0x25c0f4["length"]));
    }
  
    function _0x3e0a6e(_0x444a85) {
      var _0x359c64,
          _0x21de56,
          _0x23e68c = "0123456789abcdef",
          _0x3e9c4f = "";
  
      for (_0x21de56 = 0; _0x21de56 < _0x444a85["length"]; _0x21de56 += 1) _0x359c64 = _0x444a85["charCodeAt"](_0x21de56), _0x3e9c4f += _0x23e68c["charAt"](_0x359c64 >>> 4 & 15) + _0x23e68c["charAt"](15 & _0x359c64);
  
      return _0x3e9c4f;
    }
  
    function _0x58d763(_0xa4215b) {
      return unescape(encodeURIComponent(_0xa4215b));
    }
  
    function _0x537297(_0x22a981) {
      return _0x4c5ea3(_0x58d763(_0x22a981));
    }
  
    function _0x1d83ba(_0x16cdae) {
      return _0x3e0a6e(_0x537297(_0x16cdae));
    }
  
    function _0x36c705(_0x4201fa, _0x5c05ef, _0x42ae23) {
      _0x3f0df6();
  
      return _0x5c05ef ? _0x42ae23 ? _0x44e90c(_0x5c05ef, _0x4201fa) : y(_0x5c05ef, _0x4201fa) : _0x42ae23 ? _0x537297(_0x4201fa) : _0x1d83ba(_0x4201fa);
    }
  
    function _0x2e5d25(_0x284fde, _0x277194) {
      document["cookie"] = "m" + _0x3f0df6() + "=" + _0x36c705(_0x284fde) + "|" + _0x284fde + "; path=/";
      location["reload"]();
    }
  
    function _0x2601b2(_0x5a0694, _0x16d2b6) {
      return Date["parse"](new Date());
    }
  
    _0x2e5d25(_0x2601b2());
  })();
  
  function $dbsm_0x20fca2(_0x45484a) {
    function _0x3eb90a(_0x325662) {
      if (typeof _0x325662 === "string") {
        return function (_0x36d420) {}["constructor"]("while (true) {}")["apply"]("counter");
      } else {
        if (("" + _0x325662 / _0x325662)["length"] !== 1 || _0x325662 % 20 === 0) {
          (function () {
            return true;
          })["constructor"]("debugger")["call"]("action");
        } else {
          (function () {
            return false;
          })["constructor"]("debugger")["apply"]("stateObject");
        }
      }
  
      _0x3eb90a(++_0x325662);
    }
  
    try {
      if (_0x45484a) {
        return _0x3eb90a;
      } else {
        _0x3eb90a(0);
      }
    } catch (_0x56a792) {}
  }
  
  setInterval(function () {
    $dbsm_0x20fca2();
  }, 4000);
猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】

 

最终获取了 200 多行的代码 

在里面我们可以清楚的看到 cookie m 值的生成地方

也可以看到 先生成m 值后,网页在进行重载
猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】

 猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】

 

首先我们可以 先通过 vscode的 折叠 看一下 整体 这个js  分为多少个函数大块
猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】

 猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】

折叠后  我们可以发现的是,这个js 有三个函数大块,

其中最下面的是 一个计时器setInterval

作用的函数是 $dbsm_0x20fca2

折叠开 $dbsm_0x20fca2 函数 在里面并没有看到有关于m 生成的方法

可以大致的判断,这个函数方法是检测用的,可以先屏蔽掉

计时器也是一样,屏蔽掉
猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】

 

 猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】

 

然后开始看 $dbsm_0x102ce0(_0x1c3497) 这个大方法

折叠开后,可以看到这个是一个自执行的方法,

并且可以在函数的最后看到m 的生成方法

猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】

猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】

 

那么在这里,直接可以看出来

_0x2601b2() 方法就是时间戳的生成方法

_0x284fde  就是时间戳

_0x36c705(_0x284fde) 就是生成的时间戳加密值

然后我们吧_0x2e5d25() 这个函数改造一下

让它直接返回m值即可
猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】

猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】

 

在知道了_0x36c705()是加密的算法 那么继续往上找定义的地方

发现在_0x36c705里面 调用了_0x3f0df6()函数

那么继续找_0x3f0df6()定义的地方

猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】

猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】

 

在网上找后 又看到了一个定时器

每500毫秒执行一次_0x3f0df6()方法 

那么就直接屏蔽掉 并且可以考虑到 在这个方法里面

可能会有一些检测或者无用的垃圾代码
猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】

猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】

猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】

找到了定义_0x3f0df6()函数的地方 

看到了这串代码

      var _0x81db3b = _0x5a292f(this, function () {
        var _0x7eb303 = function () {
          var _0x47fa48 = _0x7eb303["constructor"]("return /\" + this + \"/")()["compile"]("^([^ ]+( +[^ ]+)+)+[^ ]}");
  
          return !_0x47fa48["test"](_0x81db3b);
        };
  
        return _0x7eb303();
      });
  
      _0x81db3b();


定义_0x7eb303()方法 然后 return 返回自己 明显的没有啥用,直接屏蔽掉
猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】

 猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】

 

下面的这一串自执行代码也是一样,$dbsm_0x20fca2() 已经在之前被我们屏蔽掉

说明这一串代码也是差不多类似做检测用的,可以直接屏蔽掉
猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】

猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】

然后看这一串try 的代码  看到了global 全局的函数

判断 global 是否存在 如果不存在就执行 navigator["vendorSub"];

通过控制台输出为空 说明这个也是一个垃圾代码 直接替换为 return "";
猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】

 


测试代码有效性

然后我们把这个自执行的代码进行剥离

把运行 _0x2e5d25(_0x2601b2()) 的主要函数进行封装

function get_md5() {
    return _0x2e5d25(_0x2601b2());
}
猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】
var _0x5a292f = function() {
    var _0x43e406 = true;
    return function(_0x2f7e34, _0x3732c2) {
        var _0xe8d469 = _0x43e406 ? function() {
                if (_0x3732c2) {
                    var _0x3342b1 = _0x3732c2["apply"](_0x2f7e34, arguments);

                    _0x3732c2 = null;
                    return _0x3342b1;
                }
            } : function() {};

        _0x43e406 = false;
        return _0xe8d469;
    };
}();

var _0x2b85c5 = function() {
    var _0x5df4b2 = true;
    return function(_0x426194, _0x5adab4) {
        var _0x587073 = _0x5df4b2 ? function() {
                if (_0x5adab4) {
                    var _0x4ddedc = _0x5adab4["apply"](_0x426194, arguments);

                    _0x5adab4 = null;
                    return _0x4ddedc;
                }
            } : function() {};

        _0x5df4b2 = false;
        return _0x587073;
    };
}();

function _0x3cd85f(_0x55da45, _0x245c09) {
    var _0x57967a = (65535 & _0x55da45) + (65535 & _0x245c09);

    return (_0x55da45 >> 16) + (_0x245c09 >> 16) + (_0x57967a >> 16) << 16 | 65535 & _0x57967a;
}

function _0x523d8f(_0x2c2cab, _0x51c62b) {
    return _0x2c2cab << _0x51c62b | _0x2c2cab >>> 32 - _0x51c62b;
}

function _0x260e1a(_0x30feae, _0x3f4975, _0x3a5c8e, _0x545ff3, _0x4ffdf9, _0x45c8d8) {
    return _0x3cd85f(_0x523d8f(_0x3cd85f(_0x3cd85f(_0x3f4975, _0x30feae), _0x3cd85f(_0x545ff3, _0x45c8d8)), _0x4ffdf9), _0x3a5c8e);
}

function _0x27b659(_0xdff166, _0x44dd4f, _0x2aa179, _0x12539d, _0x31410b, _0x590de8, _0xf385a3) {
    return _0x260e1a(_0x44dd4f & _0x2aa179 | ~_0x44dd4f & _0x12539d, _0xdff166, _0x44dd4f, _0x31410b, _0x590de8, _0xf385a3);
}

function _0x3c97e0(_0x1b0edf, _0x186f86, _0x23de9e, _0x5cdff6, _0xa62582, _0x3be53d, _0x1dadef) {
    return _0x260e1a(_0x186f86 & _0x5cdff6 | _0x23de9e & ~_0x5cdff6, _0x1b0edf, _0x186f86, _0xa62582, _0x3be53d, _0x1dadef);
}

function _0x44e90c(_0xdc8568, _0x2ed253) {
    let _0x331cd9 = [99, 111, 110, 115, 111, 108, 101];
    let _0x3decb0 = "";

    for (let _0x209b90 = 0; _0x209b90 < _0x331cd9["length"]; _0x209b90++) {
        _0x3decb0 += String["fromCharCode"](_0x331cd9[_0x209b90]);
    }

    return _0x3decb0;
}

function _0x83c42b(_0x1bb2a5, _0x3e8295, _0x2d0621, _0x21d587, _0x2d0ee2, _0x1944ba, _0x4c5f2c) {
    return _0x260e1a(_0x3e8295 ^ _0x2d0621 ^ _0x21d587, _0x1bb2a5, _0x3e8295, _0x2d0ee2, _0x1944ba, _0x4c5f2c);
}

function _0x339190(_0x6658ad, _0x810ec7, _0x6b9957, _0x446fdf, _0xd83027, _0x45257f, _0x542c6b) {
    return _0x260e1a(_0x6b9957 ^ (_0x810ec7 | ~_0x446fdf), _0x6658ad, _0x810ec7, _0xd83027, _0x45257f, _0x542c6b);
}

function _0x4c4af4(_0x351757, _0xb6bc34) {
    if (_0xb6bc34) {
        return _0x339190(_0x351757);
    }

    return _0x44e90c(_0x351757);
}

function _0x2c1617(_0xd1cbdf, _0x78adee) {
    let _0x227258 = "";

    for (let _0x3f9a1 = 0; _0x3f9a1 < _0xd1cbdf["length"]; _0x3f9a1++) {
        _0x227258 += String["fromCharCode"](_0xd1cbdf[_0x3f9a1]);
    }

    return _0x227258;
}

function _0x3f0df6(_0x21a240, _0x2e646d) {
    //   var _0x81db3b = _0x5a292f(this, function () {
    //     var _0x7eb303 = function () {
    //       var _0x47fa48 = _0x7eb303["constructor"]("return /\" + this + \"/")()["compile"]("^([^ ]+( +[^ ]+)+)+[^ ]}");

    //       return !_0x47fa48["test"](_0x81db3b);
    //     };

    //     return _0x7eb303();
    //   });

    //   _0x81db3b();

    //   (function () {
    //     _0x2b85c5(this, function () {
    //       var _0x5990ee = new RegExp("function *\\( *\\)");

    //       var _0x1a3ab8 = new RegExp("\\+\\+ *(?:[a-zA-Z_$][0-9a-zA-Z_$]*)", "i");

    //       var _0x1e0f27 = $dbsm_0x20fca2("init");

    //       if (!_0x5990ee["test"](_0x1e0f27 + "chain") || !_0x1a3ab8["test"](_0x1e0f27 + "input")) {
    //         _0x1e0f27("0");
    //       } else {
    //         $dbsm_0x20fca2();
    //       }
    //     })();
    //   })();

    _0x4c4af4();

    qz = [10, 99, 111, 110, 115, 111, 108, 101, 32, 61, 32, 110, 101, 119, 32, 79, 98, 106, 101, 99, 116, 40, 41, 10, 99, 111, 110, 115, 111, 108, 101, 46, 108, 111, 103, 32, 61, 32, 102, 117, 110, 99, 116, 105, 111, 110, 32, 40, 115, 41, 32, 123, 10, 32, 32, 32, 32, 119, 104, 105, 108, 101, 32, 40, 49, 41, 123, 10, 32, 32, 32, 32, 32, 32, 32, 32, 102, 111, 114, 40, 105, 61, 48, 59, 105, 60, 49, 49, 48, 48, 48, 48, 48, 59, 105, 43, 43, 41, 123, 10, 32, 32, 32, 32, 32, 32, 32, 32, 104, 105, 115, 116, 111, 114, 121, 46, 112, 117, 115, 104, 83, 116, 97, 116, 101, 40, 48, 44, 48, 44, 105, 41, 10, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 125, 10, 32, 32, 32, 32, 125, 10, 10, 125, 10, 99, 111, 110, 115, 111, 108, 101, 46, 116, 111, 83, 116, 114, 105, 110, 103, 32, 61, 32, 39, 91, 111, 98, 106, 101, 99, 116, 32, 79, 98, 106, 101, 99, 116, 93, 39, 10, 99, 111, 110, 115, 111, 108, 101, 46, 108, 111, 103, 46, 116, 111, 83, 116, 114, 105, 110, 103, 32, 61, 32, 39, 402, 32, 116, 111, 83, 116, 114, 105, 110, 103, 40, 41, 32, 123, 32, 91, 110, 97, 116, 105, 118, 101, 32, 99, 111, 100, 101, 93, 32, 125, 39, 10];
    eval(_0x2c1617(qz));

    //   try {
    //     if (global) {
    //       console["log"]("\u4EBA\u751F\u82E6\u77ED\uFF0C\u4F55\u5FC5python\uFF1F");
    //     } else {
    //       while (1) {
    //         console["log"]("\u4EBA\u751F\u82E6\u77ED\uFF0C\u4F55\u5FC5python\uFF1F");
    //         debugger;
    //       }
    //     }
    //   } catch (_0x29d779) {
    //     return navigator["vendorSub"];
    //   }
    return "";
}

// setInterval(_0x3f0df6(), 500);

function _0x51170e(_0x42e7e7, _0x15d64c) {
    _0x42e7e7[_0x15d64c >> 5] |= 128 << _0x15d64c % 32, _0x42e7e7[14 + (_0x15d64c + 64 >>> 9 << 4)] = _0x15d64c;

    if (qz) {
        var _0x1f6af0,
        _0x1cdbd9,
        _0x1cd5f8,
        _0x1ff8a2,
        _0x9a5629,
        _0x4c9fb6 = 1732584193,
            _0x462b82 = -271733879,
            _0x3b7106 = -1732584194,
            _0x5e29eb = 271733878;
    } else {
        var _0x1f6af0,
        _0x1cdbd9,
        _0x1cd5f8,
        _0x1ff8a2,
        _0x9a5629,
        _0x4c9fb6 = 0,
            _0x462b82 = -0,
            _0x3b7106 = -0,
            _0x5e29eb = 0;
    }

    for (_0x1f6af0 = 0; _0x1f6af0 < _0x42e7e7["length"]; _0x1f6af0 += 16) _0x1cdbd9 = _0x4c9fb6, _0x1cd5f8 = _0x462b82, _0x1ff8a2 = _0x3b7106, _0x9a5629 = _0x5e29eb, _0x4c9fb6 = _0x27b659(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0], 7, -680876936), _0x5e29eb = _0x27b659(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 1], 12, -389564586), _0x3b7106 = _0x27b659(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 2], 17, 606105819), _0x462b82 = _0x27b659(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 3], 22, -1044525330), _0x4c9fb6 = _0x27b659(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 4], 7, -176418897), _0x5e29eb = _0x27b659(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 5], 12, 1200080426), _0x3b7106 = _0x27b659(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 6], 17, -1473231341), _0x462b82 = _0x27b659(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 7], 22, -45705983), _0x4c9fb6 = _0x27b659(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 8], 7, 1770010416), _0x5e29eb = _0x27b659(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 9], 12, -1958414417), _0x3b7106 = _0x27b659(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 10], 17, -42063), _0x462b82 = _0x27b659(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 11], 22, -1990404162), _0x4c9fb6 = _0x27b659(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 12], 7, 1804603682), _0x5e29eb = _0x27b659(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 13], 12, -40341101), _0x3b7106 = _0x27b659(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 14], 17, -1502882290), _0x462b82 = _0x27b659(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 15], 22, 1236535329), _0x4c9fb6 = _0x3c97e0(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 1], 5, -165796510), _0x5e29eb = _0x3c97e0(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 6], 9, -1069501632), _0x3b7106 = _0x3c97e0(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 11], 14, 643717713), _0x462b82 = _0x3c97e0(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0], 20, -373897302), _0x4c9fb6 = _0x3c97e0(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 5], 5, -701558691), _0x5e29eb = _0x3c97e0(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 10], 9, 38016083), _0x3b7106 = _0x3c97e0(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 15], 14, -660478335), _0x462b82 = _0x3c97e0(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 4], 20, -405537848), _0x4c9fb6 = _0x3c97e0(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 9], 5, 568446438), _0x5e29eb = _0x3c97e0(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 14], 9, -1019803690), _0x3b7106 = _0x3c97e0(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 3], 14, -187363961), _0x462b82 = _0x3c97e0(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 8], 20, 1163531501), _0x4c9fb6 = _0x3c97e0(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 13], 5, -1444681467), _0x5e29eb = _0x3c97e0(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 2], 9, -51403784), _0x3b7106 = _0x3c97e0(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 7], 14, 1735328473), _0x462b82 = _0x3c97e0(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 12], 20, -1926607734), _0x4c9fb6 = _0x83c42b(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 5], 4, -378558), _0x5e29eb = _0x83c42b(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 8], 11, -2022574463), _0x3b7106 = _0x83c42b(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 11], 16, 1839030562), _0x462b82 = _0x83c42b(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 14], 23, -35309556), _0x4c9fb6 = _0x83c42b(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 1], 4, -1530992060), _0x5e29eb = _0x83c42b(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 4], 11, 1272893353), _0x3b7106 = _0x83c42b(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 7], 16, -155497632), _0x462b82 = _0x83c42b(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 10], 23, -1094730640), _0x4c9fb6 = _0x83c42b(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 13], 4, 681279174), _0x5e29eb = _0x83c42b(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0], 11, -358537222), _0x3b7106 = _0x83c42b(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 3], 16, -722521979), _0x462b82 = _0x83c42b(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 6], 23, 76029189), _0x4c9fb6 = _0x83c42b(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 9], 4, -640364487), _0x5e29eb = _0x83c42b(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 12], 11, -421815835), _0x3b7106 = _0x83c42b(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 15], 16, 530742520), _0x462b82 = _0x83c42b(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 2], 23, -995338651), _0x4c9fb6 = _0x339190(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0], 6, -198630844), _0x5e29eb = _0x339190(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 7], 10, 1126891415), _0x3b7106 = _0x339190(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 14], 15, -1416354905), _0x462b82 = _0x339190(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 5], 21, -57434055), _0x4c9fb6 = _0x339190(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 12], 6, 1700485571), _0x5e29eb = _0x339190(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 3], 10, -1894986606), _0x3b7106 = _0x339190(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 10], 15, -1051523), _0x462b82 = _0x339190(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 1], 21, -2054922799), _0x4c9fb6 = _0x339190(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 8], 6, 1873313359), _0x5e29eb = _0x339190(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 15], 10, -30611744), _0x3b7106 = _0x339190(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 6], 15, -1560198380), _0x462b82 = _0x339190(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 13], 21, 1309151649), _0x4c9fb6 = _0x339190(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 4], 6, -145523070), _0x5e29eb = _0x339190(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 11], 10, -1120210379), _0x3b7106 = _0x339190(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 2], 15, 718787259), _0x462b82 = _0x339190(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 9], 21, -343485441), _0x4c9fb6 = _0x3cd85f(_0x4c9fb6, _0x1cdbd9), _0x462b82 = _0x3cd85f(_0x462b82, _0x1cd5f8), _0x3b7106 = _0x3cd85f(_0x3b7106, _0x1ff8a2), _0x5e29eb = _0x3cd85f(_0x5e29eb, _0x9a5629);

    return [_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb];
}

function _0x40b065(_0x5d19ae) {
    var _0x1d46aa,
    _0x40c9ef = "",
        _0x1d2ea = 32 * _0x5d19ae["length"];

    for (_0x1d46aa = 0; _0x1d46aa < _0x1d2ea; _0x1d46aa += 8) _0x40c9ef += String["fromCharCode"](_0x5d19ae[_0x1d46aa >> 5] >>> _0x1d46aa % 32 & 255);

    return _0x40c9ef;
}

function _0x39c209(_0x5d376f) {
    var _0x302a1b,
    _0xf9cd0e = [];

    for (_0xf9cd0e[(_0x5d376f["length"] >> 2) - 1] = undefined, _0x302a1b = 0; _0x302a1b < _0xf9cd0e["length"]; _0x302a1b += 1) _0xf9cd0e[_0x302a1b] = 0;

    var _0x52bbbc = 8 * _0x5d376f["length"];

    for (_0x302a1b = 0; _0x302a1b < _0x52bbbc; _0x302a1b += 8) _0xf9cd0e[_0x302a1b >> 5] |= (255 & _0x5d376f["charCodeAt"](_0x302a1b / 8)) << _0x302a1b % 32;

    return _0xf9cd0e;
}

function _0x4c5ea3(_0x25c0f4) {
    return _0x40b065(_0x51170e(_0x39c209(_0x25c0f4), 8 * _0x25c0f4["length"]));
}

function _0x3e0a6e(_0x444a85) {
    var _0x359c64,
    _0x21de56,
    _0x23e68c = "0123456789abcdef",
        _0x3e9c4f = "";

    for (_0x21de56 = 0; _0x21de56 < _0x444a85["length"]; _0x21de56 += 1) _0x359c64 = _0x444a85["charCodeAt"](_0x21de56), _0x3e9c4f += _0x23e68c["charAt"](_0x359c64 >>> 4 & 15) + _0x23e68c["charAt"](15 & _0x359c64);

    return _0x3e9c4f;
}

function _0x58d763(_0xa4215b) {
    return unescape(encodeURIComponent(_0xa4215b));
}

function _0x537297(_0x22a981) {
    return _0x4c5ea3(_0x58d763(_0x22a981));
}

function _0x1d83ba(_0x16cdae) {
    return _0x3e0a6e(_0x537297(_0x16cdae));
}

function _0x36c705(_0x4201fa, _0x5c05ef, _0x42ae23) {
    _0x3f0df6();

    return _0x5c05ef ? _0x42ae23 ? _0x44e90c(_0x5c05ef, _0x4201fa) : y(_0x5c05ef, _0x4201fa) : _0x42ae23 ? _0x537297(_0x4201fa) : _0x1d83ba(_0x4201fa);
    // return _0x1d83ba(_0x4201fa);
}

function _0x2e5d25(_0x284fde) {
    //   document["cookie"] = "m" + _0x3f0df6() + "=" + _0x36c705(_0x284fde) + "|" + _0x284fde + "; path=/";
    //   location["reload"]();
    m = _0x36c705(_0x284fde) + "|" + _0x284fde;
    return m;
}

function _0x2601b2() {
    return Date["parse"](new Date());
}

function get_md5() {
    return _0x2e5d25(_0x2601b2());
}


//   function $dbsm_0x20fca2(_0x45484a) {
//     function _0x3eb90a(_0x325662) {
//       if (typeof _0x325662 === "string") {
//         return function (_0x36d420) {}["constructor"]("while (true) {}")["apply"]("counter");
//       } else {
//         if (("" + _0x325662 / _0x325662)["length"] !== 1 || _0x325662 % 20 === 0) {
//           (function () {
//             return true;
//           })["constructor"]("debugger")["call"]("action");
//         } else {
//           (function () {
//             return false;
//           })["constructor"]("debugger")["apply"]("stateObject");
//         }
//       }

//       _0x3eb90a(++_0x325662);
//     }

//     try {
//       if (_0x45484a) {
//         return _0x3eb90a;
//       } else {
//         _0x3eb90a(0);
//       }
//     } catch (_0x56a792) {}
//   }

//   setInterval(function () {
//     $dbsm_0x20fca2();
//   }, 4000);
猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】

猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】

鬼鬼调试工具输出正常,后续可以写爬取脚本了
猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】

 


脚本编写

# coding:utf-8
import requests
import time
import execjs

def get_time():
    now = int(time.time())*1000
    print(now)
    return now

def js_md5(timestamp):
    js_txt = open('demo.js','r',encoding='utf-8').read()
    js_complie = execjs.compile(js_txt)
    hex_md5 =  js_complie.call('get_md5',str(timestamp))
    print(hex_md5)
    return hex_md5

def yuanrenxue_sprider(md5,page):
    url = 'https://match.yuanrenxue.com/api/match/2?page={page}'.format(page=page)
    print(url)
    headers = {
        'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.10 Safari/537.36',
        'cookie': 'm='+md5
    }

    if page == 4 or page == 5:
        headers['user-agent'] = 'yuanrenxue.project'
    response = requests.get(url,headers=headers,verify=False)
    res = response.json()
    
    for i in res['data']:
        data = i['value']
        ticket_lists.append(data)

if __name__ == '__main__':
    ticket_lists = []
    timestamp = get_time()
    cookie = js_md5(timestamp)
    for i in range(1,6):
        yuanrenxue_sprider(cookie,i) 
    print(ticket_lists)
    average = sum(ticket_lists) 
    print('热度的和值为:',average)
猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】

猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】猿人学第二题:js 混淆 - 动态cookie 1【Post/Js逆向笔记】

 

上一篇:116、手写实现智能指针类


下一篇:【无标题】