Python实战|js逆向空中网

空中网链接:
https://passport.kongzhong.com/

js代码调试阶段

1.查找关键字password,找了半天,只找到了一个被混淆后的js代码
Python实战|js逆向空中网
2.开启浏览器自带反混淆功能
Python实战|js逆向空中网
3.Setting——Preferences——Sources勾选上下图框中内容即可
Python实战|js逆向空中网
4.再次重新搜索一下,VM中就是反混淆后的内容
Python实战|js逆向空中网
5.进来就能看见相关加密函数,此处打上断点并重新点登录按钮,进入该函数内部
Python实战|js逆向空中网
6.经过调试发现,该文件内部包含了所有加密所需要的代码
Python实战|js逆向空中网
7.将里面的代码复制出来进行调试
Python实战|js逆向空中网

爬虫代码编写

kongzhongwang.py

import requests
import time
import json
import execjs
import re

def get_time():
    now_time=str(int(time.time()*1000))
    return now_time
time = get_time()
url = 'https://sso.kongzhong.com/ajaxLogin?j=j&jsonp=j&service=https://passport.kongzhong.com/&_='+ time
headers = {
    'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.20 Safari/537.36',
    'Referer': 'https://passport.kongzhong.com/',
}
res = requests.get(url=url, headers=headers).text
rz = 'KZLoginHandler.jsonpCallbackKongZ\((.*?)\)'
text_py = re.findall(rz, res)[0]
dc = json.loads(text_py)['dc']




#实例化一个对象
node = execjs.get()
ctx = node.compile(open('./kongzhongwang.js').read())
pwd = '123'
funcName = 'getPwd("{0}","{1}")'.format(pwd, dc)
pwd = ctx.eval(funcName)
print(pwd)

kongzhongwang.js

var KZLoginHandler = {
'id': 'kongzhong-login-agent',
'loginServer': 'http://sso.kongzhong.com',
'service': '',
'targetService': '',
'j_data': null,
'f_call_back': null,
'timestamp': 0,
'completed': false,
'renew': false,
'init': function() {
    this.j_data = null;
    this.f_call_back = null;
    this.timestamp = 0;
    this.completed = true;
},
'check': function(call_back) {
    this.init();
    this.f_call_back = call_back;
    var param = "jsonp=j";
    if (this.service != null && jQuery.trim(this.service) != "") {
        param += "&service=" + decodeURIComponent(this.service)
    };
    if (this.targetService != null && jQuery.trim(this.targetService) != "") {
        param += "&targetService=" + decodeURIComponent(this.targetService)
    };
    if (this.renew) {
        param += "&renew=1"
    };
    this.exec_login(param)
},
'exec_login': function(param) {
    if (this.completed == false) {
        return false
    };
    if (this.j_data != null && this.j_data["state"] == "1") {
        var data = {};
        data["user"] = this.j_data["user"];
        data["service"] = this.j_data["service"];
        data["logged"] = true;
        data["dc"] = this.j_data["dc"];
        this.f_call_back(data);
        return false
    };
    var url = this.loginServer + "/ajaxLogin";
    jQuery.ajax({
        async: false,
        url: url,
        type: 'post',
        dataType: 'jsonp',
        jsonp: 'j',
        data: param,
        jsonpCallback: "j",
        timeout: 5000,
        success: function(json) {},
        error: function(xhr) {}
    })
},
'jsonpCallbackKongZ': function(vData) {
    this.j_data = vData;
    this.timestamp = Date.parse(new Date());
    if (this.f_call_back != null) {
        var data = {};
        if (vData["state"] == "0") {
            data["service"] = vData["service"];
            data["logged"] = false;
            data["errors"] = vData["kzmsg"];
            if (vData["requirevcode"] != null && vData["requirevcode"] == "1") {
                data["requirevcode"] = true
            } else {
                data["requirevcode"] = false
            }
        } else if (vData["state"] == "1") {
            data["user"] = vData["user"];
            data["service"] = vData["service"];
            data["logged"] = true
        };
        data["dc"] = this.j_data["dc"];
        this.f_call_back(data)
    };
    this.completed = true
},
'login': function(user, pwd, to_save, vcode, call_back) {
    var tempTime = Date.parse(new Date()) - this.timestamp;
    if ((tempTime / 1000) >= 180) {
        this.j_data = null
    };
    if (this.j_data == null || this.j_data == "") {
        this.check(function(data) {
            this.f_call_back = call_back;
            var param = "";
            param += "&type=1";
            if (this.service != null && jQuery.trim(this.service) != "") {
                param += "&service=" + decodeURIComponent(this.service)
            };
            param += "&username=" + user;
            param += "&password=" + this.encrypt(pwd, data["dc"]);
            param += "&vcode=" + vcode;
            if (to_save) {
                param += "&toSave=1"
            } else {
                param += "&toSave=0"
            };
            if (this.targetService != null && jQuery.trim(this.targetService) != "") {
                param += "&targetService=" + decodeURIComponent(this.targetService)
            };
            if (this.renew) {
                param += "&renew=1"
            };
            this.exec_login(param)
        })
    } else {
        this.f_call_back = call_back;
        var param = "";
        param += "&type=1";
        if (this.service != null && jQuery.trim(this.service) != "") {
            param += "&service=" + decodeURIComponent(this.service)
        };
        param += "&username=" + user;
        param += "&password=" + this.encrypt(pwd, this.j_data["dc"]);
        param += "&vcode=" + vcode;
        if (to_save) {
            param += "&toSave=1"
        } else {
            param += "&toSave=0"
        };
        if (this.targetService != null && jQuery.trim(this.targetService) != "") {
            param += "&targetService=" + decodeURIComponent(this.targetService)
        };
        if (this.renew) {
            param += "&renew=1"
        };
        this.exec_login(param)
    }
},
'login_sms': function(user, smscode, to_save, vcode, call_back) {
    var tempTime = Date.parse(new Date()) - this.timestamp;
    if ((tempTime / 1000) >= 180) {
        this.j_data = null
    };
    if (this.j_data == null || this.j_data == "") {
        this.check(function() {
            this.f_call_back = call_back;
            var param = "";
            param += "&type=2";
            param += "&service=" + this.service;
            param += "&username=" + user;
            param += "&vcode=" + vcode;
            param += "&smscode=" + smscode;
            if (to_save) {
                param += "&toSave=1"
            } else {
                param += "&toSave=0"
            };
            if (this.targetService != null) {
                param += "&targetService=" + decodeURIComponent(this.targetService)
            };
            if (this.renew) {
                param += "&renew=1"
            };
            this.exec_login(param)
        })
    } else {
        this.f_call_back = call_back;
        var param = "";
        param += "&type=2";
        param += "&service=" + this.service;
        param += "&username=" + user;
        param += "&vcode=" + vcode;
        param += "&smscode=" + smscode;
        if (to_save) {
            param += "&toSave=1"
        } else {
            param += "&toSave=0"
        };
        if (this.targetService != null) {
            param += "&targetService=" + decodeURIComponent(this.targetService)
        };
        if (this.renew) {
            param += "&renew=1"
        };
        this.exec_login(param)
    }
},
'login_reg': function(user, pwd, to_save, call_back) {
    var tempTime = Date.parse(new Date()) - this.timestamp;
    if ((tempTime / 1000) >= 180) {
        this.j_data = null
    };
    if (this.j_data == null || this.j_data == "") {
        this.check(function() {
            this.f_call_back = call_back;
            var param = "";
            param += "&type=101";
            param += "&service=" + this.service;
            param += "&username=" + user;
            param += "&password=" + pwd;
            if (to_save) {
                param += "&toSave=1"
            } else {
                param += "&toSave=0"
            };
            if (this.renew) {
                param += "&renew=1"
            };
            this.exec_login(param)
        })
    } else {
        this.f_call_back = call_back;
        var param = "";
        param += "&type=101";
        param += "&service=" + this.service;
        param += "&username=" + user;
        param += "&password=" + pwd;
        if (to_save) {
            param += "&toSave=1"
        } else {
            param += "&toSave=0"
        };
        if (this.renew) {
            param += "&renew=1"
        };
        this.exec_login(param)
    }
},
'encrypt': function(str, pwd) {
    if (pwd == null || pwd.length <= 0) {
        return null
    };
    var prand = "";
    for (var i = 0; i < pwd.length; i++) {
        prand += pwd.charCodeAt(i).toString()
    };
    var sPos = Math.floor(prand.length / 5);
    var mult = parseInt(prand.charAt(sPos) + prand.charAt(sPos * 2) + prand.charAt(sPos * 3) + prand.charAt(sPos * 4) + prand.charAt(sPos * 5));
    var incr = Math.ceil(pwd.length / 2);
    var modu = Math.pow(2, 31) - 1;
    if (mult < 2) {
        return null
    };
    var salt = Math.round(Math.random() * 1000000000) % 100000000;
    prand += salt;
    while (prand.length > 10) {
        var a = prand.substring(0, 1);
        var b = prand.substring(10, prand.length);
        if (b.length > 10) {
            prand = b
        } else {
            prand = (parseInt(a) + parseInt(b)).toString()
        }
    };
    prand = (mult * prand + incr) % modu;
    var enc_chr = "";
    var enc_str = "";
    for (var i = 0; i < str.length; i++) {
        enc_chr = parseInt(str.charCodeAt(i) ^ Math.floor((prand / modu) * 255));
        if (enc_chr < 16) {
            enc_str += "0" + enc_chr.toString(16)
        } else enc_str += enc_chr.toString(16);
        prand = (mult * prand + incr) % modu
    };
    salt = salt.toString(16);
    while (salt.length < 8) salt = "0" + salt;
    enc_str += salt;
    return enc_str
}
};
function getPwd(pwd) {
dc = "C7F9A5AD3594668B6418E9F8FABC1F86";
return KZLoginHandler.encrypt(pwd, dc);
}
上一篇:cpp中vector的使用


下一篇:高精度运算板子