发布文章内容,只为自己自学逆向分析做一个记录,方便以后加以巩固学习逆向分析。
本人为逆向学习小白,所以发布的内容都是简单的逆向分析。大佬请高抬贵手!
目标网址
https://match.yuanrenxue.com/match/2逆向题目
提取全部5页发布日热度的值,计算所有值的加和,并提交答案
开始分析
1、打开chrome浏览器后,打开开发者工具,然后在开始之前,先清空一下缓存
2、重新刷新网页,发现网站开始进入 debugger;
3、这个的反调试相对的比较简单,我们先按照最简单的方式来一下,在debugger;进行下断点
并且编辑断点为false;然后然后让代码继续走;
4、然后就直接跳转到了 网页源代码上,并且在浏览器中也正常的可以看到热度值!
5、并且在network 面板中 也可以看到 热度值的 api
6、好像没有什么可以发现的需要分析的东西,然后在点击展示页中的第二页的时候,发现cookie失效了
7、并且在点击确认弹窗的按钮后,页面进行了重载刷新,但是注意到一个细节,就是这次的刷新没有被debugger到,一切都是这么的丝滑。
那么这个点可能出现在了请求的cookie上面了!
8、发现了 在开始请求页面的时候 有过一次重载 ,
并且第一次请求页面的时候,并没有cookie值产生
返回的是一串js代码
在第二次请求相同页面的时候才传递了一个cookie值
并且这个cookie值很熟悉,对,很像第一题中的 m 值
并且可以看到一点,就是在请求热度值的数据的时候,cookie也是携带了m 值的
在加上上面的cookie失效的问题来讲,大致的可以分析出来
应该是第一次请求页面的时候,就在开始计算m 值,然后把这个m值添加到cookie中去
然后通过携带的这个m值的cookie在重新的请求一次页面 和 请求热度值获取数据
那么我们可以把 第一次请求页面的 返回js 代码进行分析一下 看看是怎么获取到m值的
又是一大坨ob的混淆,看的头痛。
那么这个如何下手嘞。。。
作为菜鸟的我想到了 两种方式
第一种就是 直接通过官网提供的OB反混淆工具 进行代码清洗
然后去 慢慢看 代码的执行流程 找到关键cookie生成m 值的地方
第二种就是 通过hook的方式 去hook cookie 的m 值 生成的时候的流程在哪里
然后开始扒需要用到的函数
OB反混淆
还是简单一点,直接把 代码拖到官网的 ob反混淆工具中
(function $dbsm_0x102ce0(_0x1c3497) {
var _0x5a292f = function () {
var _0x43e406 = true;
return function (_0x2f7e34, _0x3732c2) {
var _0xe8d469 = _0x43e406 ? function () {
if (_0x3732c2) {
var _0x3342b1 = _0x3732c2["apply"](_0x2f7e34, arguments);
_0x3732c2 = null;
return _0x3342b1;
}
} : function () {};
_0x43e406 = false;
return _0xe8d469;
};
}();
var _0x2b85c5 = function () {
var _0x5df4b2 = true;
return function (_0x426194, _0x5adab4) {
var _0x587073 = _0x5df4b2 ? function () {
if (_0x5adab4) {
var _0x4ddedc = _0x5adab4["apply"](_0x426194, arguments);
_0x5adab4 = null;
return _0x4ddedc;
}
} : function () {};
_0x5df4b2 = false;
return _0x587073;
};
}();
function _0x3cd85f(_0x55da45, _0x245c09) {
var _0x57967a = (65535 & _0x55da45) + (65535 & _0x245c09);
return (_0x55da45 >> 16) + (_0x245c09 >> 16) + (_0x57967a >> 16) << 16 | 65535 & _0x57967a;
}
function _0x523d8f(_0x2c2cab, _0x51c62b) {
return _0x2c2cab << _0x51c62b | _0x2c2cab >>> 32 - _0x51c62b;
}
function _0x260e1a(_0x30feae, _0x3f4975, _0x3a5c8e, _0x545ff3, _0x4ffdf9, _0x45c8d8) {
return _0x3cd85f(_0x523d8f(_0x3cd85f(_0x3cd85f(_0x3f4975, _0x30feae), _0x3cd85f(_0x545ff3, _0x45c8d8)), _0x4ffdf9), _0x3a5c8e);
}
function _0x27b659(_0xdff166, _0x44dd4f, _0x2aa179, _0x12539d, _0x31410b, _0x590de8, _0xf385a3) {
return _0x260e1a(_0x44dd4f & _0x2aa179 | ~_0x44dd4f & _0x12539d, _0xdff166, _0x44dd4f, _0x31410b, _0x590de8, _0xf385a3);
}
function _0x3c97e0(_0x1b0edf, _0x186f86, _0x23de9e, _0x5cdff6, _0xa62582, _0x3be53d, _0x1dadef) {
return _0x260e1a(_0x186f86 & _0x5cdff6 | _0x23de9e & ~_0x5cdff6, _0x1b0edf, _0x186f86, _0xa62582, _0x3be53d, _0x1dadef);
}
function _0x44e90c(_0xdc8568, _0x2ed253) {
let _0x331cd9 = [99, 111, 110, 115, 111, 108, 101];
let _0x3decb0 = "";
for (let _0x209b90 = 0; _0x209b90 < _0x331cd9["length"]; _0x209b90++) {
_0x3decb0 += String["fromCharCode"](_0x331cd9[_0x209b90]);
}
return _0x3decb0;
}
function _0x83c42b(_0x1bb2a5, _0x3e8295, _0x2d0621, _0x21d587, _0x2d0ee2, _0x1944ba, _0x4c5f2c) {
return _0x260e1a(_0x3e8295 ^ _0x2d0621 ^ _0x21d587, _0x1bb2a5, _0x3e8295, _0x2d0ee2, _0x1944ba, _0x4c5f2c);
}
function _0x339190(_0x6658ad, _0x810ec7, _0x6b9957, _0x446fdf, _0xd83027, _0x45257f, _0x542c6b) {
return _0x260e1a(_0x6b9957 ^ (_0x810ec7 | ~_0x446fdf), _0x6658ad, _0x810ec7, _0xd83027, _0x45257f, _0x542c6b);
}
function _0x4c4af4(_0x351757, _0xb6bc34) {
if (_0xb6bc34) {
return _0x339190(_0x351757);
}
return _0x44e90c(_0x351757);
}
function _0x2c1617(_0xd1cbdf, _0x78adee) {
let _0x227258 = "";
for (let _0x3f9a1 = 0; _0x3f9a1 < _0xd1cbdf["length"]; _0x3f9a1++) {
_0x227258 += String["fromCharCode"](_0xd1cbdf[_0x3f9a1]);
}
return _0x227258;
}
function _0x3f0df6(_0x21a240, _0x2e646d) {
var _0x81db3b = _0x5a292f(this, function () {
var _0x7eb303 = function () {
var _0x47fa48 = _0x7eb303["constructor"]("return /\" + this + \"/")()["compile"]("^([^ ]+( +[^ ]+)+)+[^ ]}");
return !_0x47fa48["test"](_0x81db3b);
};
return _0x7eb303();
});
_0x81db3b();
(function () {
_0x2b85c5(this, function () {
var _0x5990ee = new RegExp("function *\\( *\\)");
var _0x1a3ab8 = new RegExp("\\+\\+ *(?:[a-zA-Z_$][0-9a-zA-Z_$]*)", "i");
var _0x1e0f27 = $dbsm_0x20fca2("init");
if (!_0x5990ee["test"](_0x1e0f27 + "chain") || !_0x1a3ab8["test"](_0x1e0f27 + "input")) {
_0x1e0f27("0");
} else {
$dbsm_0x20fca2();
}
})();
})();
_0x4c4af4();
qz = [10, 99, 111, 110, 115, 111, 108, 101, 32, 61, 32, 110, 101, 119, 32, 79, 98, 106, 101, 99, 116, 40, 41, 10, 99, 111, 110, 115, 111, 108, 101, 46, 108, 111, 103, 32, 61, 32, 102, 117, 110, 99, 116, 105, 111, 110, 32, 40, 115, 41, 32, 123, 10, 32, 32, 32, 32, 119, 104, 105, 108, 101, 32, 40, 49, 41, 123, 10, 32, 32, 32, 32, 32, 32, 32, 32, 102, 111, 114, 40, 105, 61, 48, 59, 105, 60, 49, 49, 48, 48, 48, 48, 48, 59, 105, 43, 43, 41, 123, 10, 32, 32, 32, 32, 32, 32, 32, 32, 104, 105, 115, 116, 111, 114, 121, 46, 112, 117, 115, 104, 83, 116, 97, 116, 101, 40, 48, 44, 48, 44, 105, 41, 10, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 125, 10, 32, 32, 32, 32, 125, 10, 10, 125, 10, 99, 111, 110, 115, 111, 108, 101, 46, 116, 111, 83, 116, 114, 105, 110, 103, 32, 61, 32, 39, 91, 111, 98, 106, 101, 99, 116, 32, 79, 98, 106, 101, 99, 116, 93, 39, 10, 99, 111, 110, 115, 111, 108, 101, 46, 108, 111, 103, 46, 116, 111, 83, 116, 114, 105, 110, 103, 32, 61, 32, 39, 402, 32, 116, 111, 83, 116, 114, 105, 110, 103, 40, 41, 32, 123, 32, 91, 110, 97, 116, 105, 118, 101, 32, 99, 111, 100, 101, 93, 32, 125, 39, 10];
eval(_0x2c1617(qz));
try {
if (global) {
console["log"]("\u4EBA\u751F\u82E6\u77ED\uFF0C\u4F55\u5FC5python\uFF1F");
} else {
while (1) {
console["log"]("\u4EBA\u751F\u82E6\u77ED\uFF0C\u4F55\u5FC5python\uFF1F");
debugger;
}
}
} catch (_0x29d779) {
return navigator["vendorSub"];
}
}
setInterval(_0x3f0df6(), 500);
function _0x51170e(_0x42e7e7, _0x15d64c) {
_0x42e7e7[_0x15d64c >> 5] |= 128 << _0x15d64c % 32, _0x42e7e7[14 + (_0x15d64c + 64 >>> 9 << 4)] = _0x15d64c;
if (qz) {
var _0x1f6af0,
_0x1cdbd9,
_0x1cd5f8,
_0x1ff8a2,
_0x9a5629,
_0x4c9fb6 = 1732584193,
_0x462b82 = -271733879,
_0x3b7106 = -1732584194,
_0x5e29eb = 271733878;
} else {
var _0x1f6af0,
_0x1cdbd9,
_0x1cd5f8,
_0x1ff8a2,
_0x9a5629,
_0x4c9fb6 = 0,
_0x462b82 = -0,
_0x3b7106 = -0,
_0x5e29eb = 0;
}
for (_0x1f6af0 = 0; _0x1f6af0 < _0x42e7e7["length"]; _0x1f6af0 += 16) _0x1cdbd9 = _0x4c9fb6, _0x1cd5f8 = _0x462b82, _0x1ff8a2 = _0x3b7106, _0x9a5629 = _0x5e29eb, _0x4c9fb6 = _0x27b659(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0], 7, -680876936), _0x5e29eb = _0x27b659(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 1], 12, -389564586), _0x3b7106 = _0x27b659(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 2], 17, 606105819), _0x462b82 = _0x27b659(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 3], 22, -1044525330), _0x4c9fb6 = _0x27b659(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 4], 7, -176418897), _0x5e29eb = _0x27b659(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 5], 12, 1200080426), _0x3b7106 = _0x27b659(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 6], 17, -1473231341), _0x462b82 = _0x27b659(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 7], 22, -45705983), _0x4c9fb6 = _0x27b659(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 8], 7, 1770010416), _0x5e29eb = _0x27b659(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 9], 12, -1958414417), _0x3b7106 = _0x27b659(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 10], 17, -42063), _0x462b82 = _0x27b659(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 11], 22, -1990404162), _0x4c9fb6 = _0x27b659(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 12], 7, 1804603682), _0x5e29eb = _0x27b659(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 13], 12, -40341101), _0x3b7106 = _0x27b659(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 14], 17, -1502882290), _0x462b82 = _0x27b659(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 15], 22, 1236535329), _0x4c9fb6 = _0x3c97e0(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 1], 5, -165796510), _0x5e29eb = _0x3c97e0(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 6], 9, -1069501632), _0x3b7106 = _0x3c97e0(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 11], 14, 643717713), _0x462b82 = _0x3c97e0(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0], 20, -373897302), _0x4c9fb6 = _0x3c97e0(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 5], 5, -701558691), _0x5e29eb = _0x3c97e0(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 10], 9, 38016083), _0x3b7106 = _0x3c97e0(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 15], 14, -660478335), _0x462b82 = _0x3c97e0(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 4], 20, -405537848), _0x4c9fb6 = _0x3c97e0(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 9], 5, 568446438), _0x5e29eb = _0x3c97e0(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 14], 9, -1019803690), _0x3b7106 = _0x3c97e0(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 3], 14, -187363961), _0x462b82 = _0x3c97e0(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 8], 20, 1163531501), _0x4c9fb6 = _0x3c97e0(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 13], 5, -1444681467), _0x5e29eb = _0x3c97e0(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 2], 9, -51403784), _0x3b7106 = _0x3c97e0(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 7], 14, 1735328473), _0x462b82 = _0x3c97e0(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 12], 20, -1926607734), _0x4c9fb6 = _0x83c42b(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 5], 4, -378558), _0x5e29eb = _0x83c42b(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 8], 11, -2022574463), _0x3b7106 = _0x83c42b(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 11], 16, 1839030562), _0x462b82 = _0x83c42b(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 14], 23, -35309556), _0x4c9fb6 = _0x83c42b(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 1], 4, -1530992060), _0x5e29eb = _0x83c42b(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 4], 11, 1272893353), _0x3b7106 = _0x83c42b(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 7], 16, -155497632), _0x462b82 = _0x83c42b(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 10], 23, -1094730640), _0x4c9fb6 = _0x83c42b(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 13], 4, 681279174), _0x5e29eb = _0x83c42b(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0], 11, -358537222), _0x3b7106 = _0x83c42b(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 3], 16, -722521979), _0x462b82 = _0x83c42b(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 6], 23, 76029189), _0x4c9fb6 = _0x83c42b(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 9], 4, -640364487), _0x5e29eb = _0x83c42b(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 12], 11, -421815835), _0x3b7106 = _0x83c42b(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 15], 16, 530742520), _0x462b82 = _0x83c42b(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 2], 23, -995338651), _0x4c9fb6 = _0x339190(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0], 6, -198630844), _0x5e29eb = _0x339190(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 7], 10, 1126891415), _0x3b7106 = _0x339190(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 14], 15, -1416354905), _0x462b82 = _0x339190(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 5], 21, -57434055), _0x4c9fb6 = _0x339190(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 12], 6, 1700485571), _0x5e29eb = _0x339190(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 3], 10, -1894986606), _0x3b7106 = _0x339190(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 10], 15, -1051523), _0x462b82 = _0x339190(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 1], 21, -2054922799), _0x4c9fb6 = _0x339190(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 8], 6, 1873313359), _0x5e29eb = _0x339190(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 15], 10, -30611744), _0x3b7106 = _0x339190(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 6], 15, -1560198380), _0x462b82 = _0x339190(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 13], 21, 1309151649), _0x4c9fb6 = _0x339190(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 4], 6, -145523070), _0x5e29eb = _0x339190(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 11], 10, -1120210379), _0x3b7106 = _0x339190(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 2], 15, 718787259), _0x462b82 = _0x339190(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 9], 21, -343485441), _0x4c9fb6 = _0x3cd85f(_0x4c9fb6, _0x1cdbd9), _0x462b82 = _0x3cd85f(_0x462b82, _0x1cd5f8), _0x3b7106 = _0x3cd85f(_0x3b7106, _0x1ff8a2), _0x5e29eb = _0x3cd85f(_0x5e29eb, _0x9a5629);
return [_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb];
}
function _0x40b065(_0x5d19ae) {
var _0x1d46aa,
_0x40c9ef = "",
_0x1d2ea = 32 * _0x5d19ae["length"];
for (_0x1d46aa = 0; _0x1d46aa < _0x1d2ea; _0x1d46aa += 8) _0x40c9ef += String["fromCharCode"](_0x5d19ae[_0x1d46aa >> 5] >>> _0x1d46aa % 32 & 255);
return _0x40c9ef;
}
function _0x39c209(_0x5d376f) {
var _0x302a1b,
_0xf9cd0e = [];
for (_0xf9cd0e[(_0x5d376f["length"] >> 2) - 1] = undefined, _0x302a1b = 0; _0x302a1b < _0xf9cd0e["length"]; _0x302a1b += 1) _0xf9cd0e[_0x302a1b] = 0;
var _0x52bbbc = 8 * _0x5d376f["length"];
for (_0x302a1b = 0; _0x302a1b < _0x52bbbc; _0x302a1b += 8) _0xf9cd0e[_0x302a1b >> 5] |= (255 & _0x5d376f["charCodeAt"](_0x302a1b / 8)) << _0x302a1b % 32;
return _0xf9cd0e;
}
function _0x4c5ea3(_0x25c0f4) {
return _0x40b065(_0x51170e(_0x39c209(_0x25c0f4), 8 * _0x25c0f4["length"]));
}
function _0x3e0a6e(_0x444a85) {
var _0x359c64,
_0x21de56,
_0x23e68c = "0123456789abcdef",
_0x3e9c4f = "";
for (_0x21de56 = 0; _0x21de56 < _0x444a85["length"]; _0x21de56 += 1) _0x359c64 = _0x444a85["charCodeAt"](_0x21de56), _0x3e9c4f += _0x23e68c["charAt"](_0x359c64 >>> 4 & 15) + _0x23e68c["charAt"](15 & _0x359c64);
return _0x3e9c4f;
}
function _0x58d763(_0xa4215b) {
return unescape(encodeURIComponent(_0xa4215b));
}
function _0x537297(_0x22a981) {
return _0x4c5ea3(_0x58d763(_0x22a981));
}
function _0x1d83ba(_0x16cdae) {
return _0x3e0a6e(_0x537297(_0x16cdae));
}
function _0x36c705(_0x4201fa, _0x5c05ef, _0x42ae23) {
_0x3f0df6();
return _0x5c05ef ? _0x42ae23 ? _0x44e90c(_0x5c05ef, _0x4201fa) : y(_0x5c05ef, _0x4201fa) : _0x42ae23 ? _0x537297(_0x4201fa) : _0x1d83ba(_0x4201fa);
}
function _0x2e5d25(_0x284fde, _0x277194) {
document["cookie"] = "m" + _0x3f0df6() + "=" + _0x36c705(_0x284fde) + "|" + _0x284fde + "; path=/";
location["reload"]();
}
function _0x2601b2(_0x5a0694, _0x16d2b6) {
return Date["parse"](new Date());
}
_0x2e5d25(_0x2601b2());
})();
function $dbsm_0x20fca2(_0x45484a) {
function _0x3eb90a(_0x325662) {
if (typeof _0x325662 === "string") {
return function (_0x36d420) {}["constructor"]("while (true) {}")["apply"]("counter");
} else {
if (("" + _0x325662 / _0x325662)["length"] !== 1 || _0x325662 % 20 === 0) {
(function () {
return true;
})["constructor"]("debugger")["call"]("action");
} else {
(function () {
return false;
})["constructor"]("debugger")["apply"]("stateObject");
}
}
_0x3eb90a(++_0x325662);
}
try {
if (_0x45484a) {
return _0x3eb90a;
} else {
_0x3eb90a(0);
}
} catch (_0x56a792) {}
}
setInterval(function () {
$dbsm_0x20fca2();
}, 4000);
最终获取了 200 多行的代码
在里面我们可以清楚的看到 cookie m 值的生成地方
也可以看到 先生成m 值后,网页在进行重载
首先我们可以 先通过 vscode的 折叠 看一下 整体 这个js 分为多少个函数大块
折叠后 我们可以发现的是,这个js 有三个函数大块,
其中最下面的是 一个计时器setInterval
作用的函数是 $dbsm_0x20fca2
折叠开 $dbsm_0x20fca2 函数 在里面并没有看到有关于m 生成的方法
可以大致的判断,这个函数方法是检测用的,可以先屏蔽掉
计时器也是一样,屏蔽掉
然后开始看 $dbsm_0x102ce0(_0x1c3497) 这个大方法
折叠开后,可以看到这个是一个自执行的方法,
并且可以在函数的最后看到m 的生成方法
那么在这里,直接可以看出来
_0x2601b2() 方法就是时间戳的生成方法
_0x284fde 就是时间戳
_0x36c705(_0x284fde) 就是生成的时间戳加密值
然后我们吧_0x2e5d25() 这个函数改造一下
让它直接返回m值即可
在知道了_0x36c705()是加密的算法 那么继续往上找定义的地方
发现在_0x36c705里面 调用了_0x3f0df6()函数
那么继续找_0x3f0df6()定义的地方
在网上找后 又看到了一个定时器
每500毫秒执行一次_0x3f0df6()方法
那么就直接屏蔽掉 并且可以考虑到 在这个方法里面
可能会有一些检测或者无用的垃圾代码
找到了定义_0x3f0df6()函数的地方
看到了这串代码
var _0x81db3b = _0x5a292f(this, function () {
var _0x7eb303 = function () {
var _0x47fa48 = _0x7eb303["constructor"]("return /\" + this + \"/")()["compile"]("^([^ ]+( +[^ ]+)+)+[^ ]}");
return !_0x47fa48["test"](_0x81db3b);
};
return _0x7eb303();
});
_0x81db3b();
定义_0x7eb303()方法 然后 return 返回自己 明显的没有啥用,直接屏蔽掉
下面的这一串自执行代码也是一样,$dbsm_0x20fca2() 已经在之前被我们屏蔽掉
说明这一串代码也是差不多类似做检测用的,可以直接屏蔽掉
然后看这一串try 的代码 看到了global 全局的函数
判断 global 是否存在 如果不存在就执行 navigator["vendorSub"];
通过控制台输出为空 说明这个也是一个垃圾代码 直接替换为 return "";
测试代码有效性
然后我们把这个自执行的代码进行剥离
把运行 _0x2e5d25(_0x2601b2()) 的主要函数进行封装
function get_md5() {
return _0x2e5d25(_0x2601b2());
}var _0x5a292f = function() {
var _0x43e406 = true;
return function(_0x2f7e34, _0x3732c2) {
var _0xe8d469 = _0x43e406 ? function() {
if (_0x3732c2) {
var _0x3342b1 = _0x3732c2["apply"](_0x2f7e34, arguments);
_0x3732c2 = null;
return _0x3342b1;
}
} : function() {};
_0x43e406 = false;
return _0xe8d469;
};
}();
var _0x2b85c5 = function() {
var _0x5df4b2 = true;
return function(_0x426194, _0x5adab4) {
var _0x587073 = _0x5df4b2 ? function() {
if (_0x5adab4) {
var _0x4ddedc = _0x5adab4["apply"](_0x426194, arguments);
_0x5adab4 = null;
return _0x4ddedc;
}
} : function() {};
_0x5df4b2 = false;
return _0x587073;
};
}();
function _0x3cd85f(_0x55da45, _0x245c09) {
var _0x57967a = (65535 & _0x55da45) + (65535 & _0x245c09);
return (_0x55da45 >> 16) + (_0x245c09 >> 16) + (_0x57967a >> 16) << 16 | 65535 & _0x57967a;
}
function _0x523d8f(_0x2c2cab, _0x51c62b) {
return _0x2c2cab << _0x51c62b | _0x2c2cab >>> 32 - _0x51c62b;
}
function _0x260e1a(_0x30feae, _0x3f4975, _0x3a5c8e, _0x545ff3, _0x4ffdf9, _0x45c8d8) {
return _0x3cd85f(_0x523d8f(_0x3cd85f(_0x3cd85f(_0x3f4975, _0x30feae), _0x3cd85f(_0x545ff3, _0x45c8d8)), _0x4ffdf9), _0x3a5c8e);
}
function _0x27b659(_0xdff166, _0x44dd4f, _0x2aa179, _0x12539d, _0x31410b, _0x590de8, _0xf385a3) {
return _0x260e1a(_0x44dd4f & _0x2aa179 | ~_0x44dd4f & _0x12539d, _0xdff166, _0x44dd4f, _0x31410b, _0x590de8, _0xf385a3);
}
function _0x3c97e0(_0x1b0edf, _0x186f86, _0x23de9e, _0x5cdff6, _0xa62582, _0x3be53d, _0x1dadef) {
return _0x260e1a(_0x186f86 & _0x5cdff6 | _0x23de9e & ~_0x5cdff6, _0x1b0edf, _0x186f86, _0xa62582, _0x3be53d, _0x1dadef);
}
function _0x44e90c(_0xdc8568, _0x2ed253) {
let _0x331cd9 = [99, 111, 110, 115, 111, 108, 101];
let _0x3decb0 = "";
for (let _0x209b90 = 0; _0x209b90 < _0x331cd9["length"]; _0x209b90++) {
_0x3decb0 += String["fromCharCode"](_0x331cd9[_0x209b90]);
}
return _0x3decb0;
}
function _0x83c42b(_0x1bb2a5, _0x3e8295, _0x2d0621, _0x21d587, _0x2d0ee2, _0x1944ba, _0x4c5f2c) {
return _0x260e1a(_0x3e8295 ^ _0x2d0621 ^ _0x21d587, _0x1bb2a5, _0x3e8295, _0x2d0ee2, _0x1944ba, _0x4c5f2c);
}
function _0x339190(_0x6658ad, _0x810ec7, _0x6b9957, _0x446fdf, _0xd83027, _0x45257f, _0x542c6b) {
return _0x260e1a(_0x6b9957 ^ (_0x810ec7 | ~_0x446fdf), _0x6658ad, _0x810ec7, _0xd83027, _0x45257f, _0x542c6b);
}
function _0x4c4af4(_0x351757, _0xb6bc34) {
if (_0xb6bc34) {
return _0x339190(_0x351757);
}
return _0x44e90c(_0x351757);
}
function _0x2c1617(_0xd1cbdf, _0x78adee) {
let _0x227258 = "";
for (let _0x3f9a1 = 0; _0x3f9a1 < _0xd1cbdf["length"]; _0x3f9a1++) {
_0x227258 += String["fromCharCode"](_0xd1cbdf[_0x3f9a1]);
}
return _0x227258;
}
function _0x3f0df6(_0x21a240, _0x2e646d) {
// var _0x81db3b = _0x5a292f(this, function () {
// var _0x7eb303 = function () {
// var _0x47fa48 = _0x7eb303["constructor"]("return /\" + this + \"/")()["compile"]("^([^ ]+( +[^ ]+)+)+[^ ]}");
// return !_0x47fa48["test"](_0x81db3b);
// };
// return _0x7eb303();
// });
// _0x81db3b();
// (function () {
// _0x2b85c5(this, function () {
// var _0x5990ee = new RegExp("function *\\( *\\)");
// var _0x1a3ab8 = new RegExp("\\+\\+ *(?:[a-zA-Z_$][0-9a-zA-Z_$]*)", "i");
// var _0x1e0f27 = $dbsm_0x20fca2("init");
// if (!_0x5990ee["test"](_0x1e0f27 + "chain") || !_0x1a3ab8["test"](_0x1e0f27 + "input")) {
// _0x1e0f27("0");
// } else {
// $dbsm_0x20fca2();
// }
// })();
// })();
_0x4c4af4();
qz = [10, 99, 111, 110, 115, 111, 108, 101, 32, 61, 32, 110, 101, 119, 32, 79, 98, 106, 101, 99, 116, 40, 41, 10, 99, 111, 110, 115, 111, 108, 101, 46, 108, 111, 103, 32, 61, 32, 102, 117, 110, 99, 116, 105, 111, 110, 32, 40, 115, 41, 32, 123, 10, 32, 32, 32, 32, 119, 104, 105, 108, 101, 32, 40, 49, 41, 123, 10, 32, 32, 32, 32, 32, 32, 32, 32, 102, 111, 114, 40, 105, 61, 48, 59, 105, 60, 49, 49, 48, 48, 48, 48, 48, 59, 105, 43, 43, 41, 123, 10, 32, 32, 32, 32, 32, 32, 32, 32, 104, 105, 115, 116, 111, 114, 121, 46, 112, 117, 115, 104, 83, 116, 97, 116, 101, 40, 48, 44, 48, 44, 105, 41, 10, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 125, 10, 32, 32, 32, 32, 125, 10, 10, 125, 10, 99, 111, 110, 115, 111, 108, 101, 46, 116, 111, 83, 116, 114, 105, 110, 103, 32, 61, 32, 39, 91, 111, 98, 106, 101, 99, 116, 32, 79, 98, 106, 101, 99, 116, 93, 39, 10, 99, 111, 110, 115, 111, 108, 101, 46, 108, 111, 103, 46, 116, 111, 83, 116, 114, 105, 110, 103, 32, 61, 32, 39, 402, 32, 116, 111, 83, 116, 114, 105, 110, 103, 40, 41, 32, 123, 32, 91, 110, 97, 116, 105, 118, 101, 32, 99, 111, 100, 101, 93, 32, 125, 39, 10];
eval(_0x2c1617(qz));
// try {
// if (global) {
// console["log"]("\u4EBA\u751F\u82E6\u77ED\uFF0C\u4F55\u5FC5python\uFF1F");
// } else {
// while (1) {
// console["log"]("\u4EBA\u751F\u82E6\u77ED\uFF0C\u4F55\u5FC5python\uFF1F");
// debugger;
// }
// }
// } catch (_0x29d779) {
// return navigator["vendorSub"];
// }
return "";
}
// setInterval(_0x3f0df6(), 500);
function _0x51170e(_0x42e7e7, _0x15d64c) {
_0x42e7e7[_0x15d64c >> 5] |= 128 << _0x15d64c % 32, _0x42e7e7[14 + (_0x15d64c + 64 >>> 9 << 4)] = _0x15d64c;
if (qz) {
var _0x1f6af0,
_0x1cdbd9,
_0x1cd5f8,
_0x1ff8a2,
_0x9a5629,
_0x4c9fb6 = 1732584193,
_0x462b82 = -271733879,
_0x3b7106 = -1732584194,
_0x5e29eb = 271733878;
} else {
var _0x1f6af0,
_0x1cdbd9,
_0x1cd5f8,
_0x1ff8a2,
_0x9a5629,
_0x4c9fb6 = 0,
_0x462b82 = -0,
_0x3b7106 = -0,
_0x5e29eb = 0;
}
for (_0x1f6af0 = 0; _0x1f6af0 < _0x42e7e7["length"]; _0x1f6af0 += 16) _0x1cdbd9 = _0x4c9fb6, _0x1cd5f8 = _0x462b82, _0x1ff8a2 = _0x3b7106, _0x9a5629 = _0x5e29eb, _0x4c9fb6 = _0x27b659(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0], 7, -680876936), _0x5e29eb = _0x27b659(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 1], 12, -389564586), _0x3b7106 = _0x27b659(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 2], 17, 606105819), _0x462b82 = _0x27b659(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 3], 22, -1044525330), _0x4c9fb6 = _0x27b659(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 4], 7, -176418897), _0x5e29eb = _0x27b659(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 5], 12, 1200080426), _0x3b7106 = _0x27b659(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 6], 17, -1473231341), _0x462b82 = _0x27b659(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 7], 22, -45705983), _0x4c9fb6 = _0x27b659(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 8], 7, 1770010416), _0x5e29eb = _0x27b659(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 9], 12, -1958414417), _0x3b7106 = _0x27b659(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 10], 17, -42063), _0x462b82 = _0x27b659(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 11], 22, -1990404162), _0x4c9fb6 = _0x27b659(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 12], 7, 1804603682), _0x5e29eb = _0x27b659(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 13], 12, -40341101), _0x3b7106 = _0x27b659(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 14], 17, -1502882290), _0x462b82 = _0x27b659(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 15], 22, 1236535329), _0x4c9fb6 = _0x3c97e0(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 1], 5, -165796510), _0x5e29eb = _0x3c97e0(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 6], 9, -1069501632), _0x3b7106 = _0x3c97e0(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 11], 14, 643717713), _0x462b82 = _0x3c97e0(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0], 20, -373897302), _0x4c9fb6 = _0x3c97e0(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 5], 5, -701558691), _0x5e29eb = _0x3c97e0(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 10], 9, 38016083), _0x3b7106 = _0x3c97e0(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 15], 14, -660478335), _0x462b82 = _0x3c97e0(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 4], 20, -405537848), _0x4c9fb6 = _0x3c97e0(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 9], 5, 568446438), _0x5e29eb = _0x3c97e0(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 14], 9, -1019803690), _0x3b7106 = _0x3c97e0(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 3], 14, -187363961), _0x462b82 = _0x3c97e0(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 8], 20, 1163531501), _0x4c9fb6 = _0x3c97e0(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 13], 5, -1444681467), _0x5e29eb = _0x3c97e0(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 2], 9, -51403784), _0x3b7106 = _0x3c97e0(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 7], 14, 1735328473), _0x462b82 = _0x3c97e0(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 12], 20, -1926607734), _0x4c9fb6 = _0x83c42b(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 5], 4, -378558), _0x5e29eb = _0x83c42b(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 8], 11, -2022574463), _0x3b7106 = _0x83c42b(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 11], 16, 1839030562), _0x462b82 = _0x83c42b(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 14], 23, -35309556), _0x4c9fb6 = _0x83c42b(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 1], 4, -1530992060), _0x5e29eb = _0x83c42b(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 4], 11, 1272893353), _0x3b7106 = _0x83c42b(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 7], 16, -155497632), _0x462b82 = _0x83c42b(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 10], 23, -1094730640), _0x4c9fb6 = _0x83c42b(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 13], 4, 681279174), _0x5e29eb = _0x83c42b(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0], 11, -358537222), _0x3b7106 = _0x83c42b(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 3], 16, -722521979), _0x462b82 = _0x83c42b(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 6], 23, 76029189), _0x4c9fb6 = _0x83c42b(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 9], 4, -640364487), _0x5e29eb = _0x83c42b(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 12], 11, -421815835), _0x3b7106 = _0x83c42b(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 15], 16, 530742520), _0x462b82 = _0x83c42b(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 2], 23, -995338651), _0x4c9fb6 = _0x339190(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0], 6, -198630844), _0x5e29eb = _0x339190(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 7], 10, 1126891415), _0x3b7106 = _0x339190(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 14], 15, -1416354905), _0x462b82 = _0x339190(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 5], 21, -57434055), _0x4c9fb6 = _0x339190(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 12], 6, 1700485571), _0x5e29eb = _0x339190(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 3], 10, -1894986606), _0x3b7106 = _0x339190(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 10], 15, -1051523), _0x462b82 = _0x339190(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 1], 21, -2054922799), _0x4c9fb6 = _0x339190(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 8], 6, 1873313359), _0x5e29eb = _0x339190(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 15], 10, -30611744), _0x3b7106 = _0x339190(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 6], 15, -1560198380), _0x462b82 = _0x339190(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 13], 21, 1309151649), _0x4c9fb6 = _0x339190(_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb, _0x42e7e7[_0x1f6af0 + 4], 6, -145523070), _0x5e29eb = _0x339190(_0x5e29eb, _0x4c9fb6, _0x462b82, _0x3b7106, _0x42e7e7[_0x1f6af0 + 11], 10, -1120210379), _0x3b7106 = _0x339190(_0x3b7106, _0x5e29eb, _0x4c9fb6, _0x462b82, _0x42e7e7[_0x1f6af0 + 2], 15, 718787259), _0x462b82 = _0x339190(_0x462b82, _0x3b7106, _0x5e29eb, _0x4c9fb6, _0x42e7e7[_0x1f6af0 + 9], 21, -343485441), _0x4c9fb6 = _0x3cd85f(_0x4c9fb6, _0x1cdbd9), _0x462b82 = _0x3cd85f(_0x462b82, _0x1cd5f8), _0x3b7106 = _0x3cd85f(_0x3b7106, _0x1ff8a2), _0x5e29eb = _0x3cd85f(_0x5e29eb, _0x9a5629);
return [_0x4c9fb6, _0x462b82, _0x3b7106, _0x5e29eb];
}
function _0x40b065(_0x5d19ae) {
var _0x1d46aa,
_0x40c9ef = "",
_0x1d2ea = 32 * _0x5d19ae["length"];
for (_0x1d46aa = 0; _0x1d46aa < _0x1d2ea; _0x1d46aa += 8) _0x40c9ef += String["fromCharCode"](_0x5d19ae[_0x1d46aa >> 5] >>> _0x1d46aa % 32 & 255);
return _0x40c9ef;
}
function _0x39c209(_0x5d376f) {
var _0x302a1b,
_0xf9cd0e = [];
for (_0xf9cd0e[(_0x5d376f["length"] >> 2) - 1] = undefined, _0x302a1b = 0; _0x302a1b < _0xf9cd0e["length"]; _0x302a1b += 1) _0xf9cd0e[_0x302a1b] = 0;
var _0x52bbbc = 8 * _0x5d376f["length"];
for (_0x302a1b = 0; _0x302a1b < _0x52bbbc; _0x302a1b += 8) _0xf9cd0e[_0x302a1b >> 5] |= (255 & _0x5d376f["charCodeAt"](_0x302a1b / 8)) << _0x302a1b % 32;
return _0xf9cd0e;
}
function _0x4c5ea3(_0x25c0f4) {
return _0x40b065(_0x51170e(_0x39c209(_0x25c0f4), 8 * _0x25c0f4["length"]));
}
function _0x3e0a6e(_0x444a85) {
var _0x359c64,
_0x21de56,
_0x23e68c = "0123456789abcdef",
_0x3e9c4f = "";
for (_0x21de56 = 0; _0x21de56 < _0x444a85["length"]; _0x21de56 += 1) _0x359c64 = _0x444a85["charCodeAt"](_0x21de56), _0x3e9c4f += _0x23e68c["charAt"](_0x359c64 >>> 4 & 15) + _0x23e68c["charAt"](15 & _0x359c64);
return _0x3e9c4f;
}
function _0x58d763(_0xa4215b) {
return unescape(encodeURIComponent(_0xa4215b));
}
function _0x537297(_0x22a981) {
return _0x4c5ea3(_0x58d763(_0x22a981));
}
function _0x1d83ba(_0x16cdae) {
return _0x3e0a6e(_0x537297(_0x16cdae));
}
function _0x36c705(_0x4201fa, _0x5c05ef, _0x42ae23) {
_0x3f0df6();
return _0x5c05ef ? _0x42ae23 ? _0x44e90c(_0x5c05ef, _0x4201fa) : y(_0x5c05ef, _0x4201fa) : _0x42ae23 ? _0x537297(_0x4201fa) : _0x1d83ba(_0x4201fa);
// return _0x1d83ba(_0x4201fa);
}
function _0x2e5d25(_0x284fde) {
// document["cookie"] = "m" + _0x3f0df6() + "=" + _0x36c705(_0x284fde) + "|" + _0x284fde + "; path=/";
// location["reload"]();
m = _0x36c705(_0x284fde) + "|" + _0x284fde;
return m;
}
function _0x2601b2() {
return Date["parse"](new Date());
}
function get_md5() {
return _0x2e5d25(_0x2601b2());
}
// function $dbsm_0x20fca2(_0x45484a) {
// function _0x3eb90a(_0x325662) {
// if (typeof _0x325662 === "string") {
// return function (_0x36d420) {}["constructor"]("while (true) {}")["apply"]("counter");
// } else {
// if (("" + _0x325662 / _0x325662)["length"] !== 1 || _0x325662 % 20 === 0) {
// (function () {
// return true;
// })["constructor"]("debugger")["call"]("action");
// } else {
// (function () {
// return false;
// })["constructor"]("debugger")["apply"]("stateObject");
// }
// }
// _0x3eb90a(++_0x325662);
// }
// try {
// if (_0x45484a) {
// return _0x3eb90a;
// } else {
// _0x3eb90a(0);
// }
// } catch (_0x56a792) {}
// }
// setInterval(function () {
// $dbsm_0x20fca2();
// }, 4000);
鬼鬼调试工具输出正常,后续可以写爬取脚本了
脚本编写
# coding:utf-8
import requests
import time
import execjs
def get_time():
now = int(time.time())*1000
print(now)
return now
def js_md5(timestamp):
js_txt = open('demo.js','r',encoding='utf-8').read()
js_complie = execjs.compile(js_txt)
hex_md5 = js_complie.call('get_md5',str(timestamp))
print(hex_md5)
return hex_md5
def yuanrenxue_sprider(md5,page):
url = 'https://match.yuanrenxue.com/api/match/2?page={page}'.format(page=page)
print(url)
headers = {
'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.10 Safari/537.36',
'cookie': 'm='+md5
}
if page == 4 or page == 5:
headers['user-agent'] = 'yuanrenxue.project'
response = requests.get(url,headers=headers,verify=False)
res = response.json()
for i in res['data']:
data = i['value']
ticket_lists.append(data)
if __name__ == '__main__':
ticket_lists = []
timestamp = get_time()
cookie = js_md5(timestamp)
for i in range(1,6):
yuanrenxue_sprider(cookie,i)
print(ticket_lists)
average = sum(ticket_lists)
print('热度的和值为:',average)
