js逆向的题目,11-15

###

 


 

###

第14题

发现在请求参数里面加了一个uc,

var list = {
"page": String(num),
"uc": window.a,
};

这个

window.a是加密在了jsfuck里面了,

我们破解了之后是这样的,

(function anonymous(
) {
window.s = window.a(window.t + '|' + window.num);window.a = window.s;
})

直接上python代码:

import requests
import urllib3
import execjs

urllib3.disable_warnings()

js_text = """


function SDK_14(n){
window = this;
num = n
// import CryptoJS from "crypto-js";
var CryptoJS = require("crypto-js");

window.num = num;
window.k = 'wdf2ff*TG@*(F4)*YH)g430HWR(*)' + 'wse';
window.t = Date.parse(new Date())/1000;
window.m = CryptoJS.enc.Utf8.parse(window.k);
window.a = function(word){
        var srcs = CryptoJS.enc.Utf8.parse(word);
        var encrypted = CryptoJS.AES.encrypt(srcs, window.m, {
            mode: CryptoJS.mode.ECB,
            padding: CryptoJS.pad.Pkcs7
        });
        return encrypted.toString();
        };

window.s = window.a(window.t + '|' + window.num);

window.a = window.s;
//
//     (function anonymous(
// ) {
// window.s = window.a(window.t + '|' + window.num);window.a = window.s;
// })

// console.log(window.a)

return window.a  
}

"""

url = "https://www.python-spider.com/api/challenge14"




cookies = "vaptchaNetway=cn; Hm_lvt_337e99a01a907a08d00bed4a1a52e35d=1628248083,1629106799;" \
          " sessionid=a7ckvdtsz5p6i1udfggnkn5tk6je3dgr; _i=MTYyOTI2NDQ3M35ZV2xrYVc1blgzZHBiakUyTWpreU5qUTBOek16TXpR" \
          "PXw1MmRkNzJhMDk4NDNkNGRmNz$wNDM1Zj$xYjhiOTBlYQ; " \
          "_v=TVRZeU9USTJORFEzTTM1WlYyeHJZVmMxYmxnelpIQmlha1V5VFdwcmVVNX" \
          "FVVEJPZWsxNlRYcFJQWHcxTW1Sa056SmhNRGs0TkROa05HUm1OeiR3TkRNMVpqJHhZamhpT1R$bFlR; " \
          "sign=1629264618748~ca1c4ad08c0e246bfc23632a09b1ef64; Hm_lpvt_337e99a01a907a08d00bed4a1a52e35d=1629264744"

cookies_dict = {cookie.split("=")[0].strip(): cookie.split("=")[1].strip() for cookie in cookies.split(";")}


all_sum = []
import time

for i in range(1, 101):
    # time.sleep(1)
    print("page = ",i)
    js = execjs.compile(js_text)
    uc = js.call("SDK_14", i)
    # print(uc)

    data = {
        "page": i,
        "uc": uc
    }
    res = requests.post(url, verify=False, data=data,cookies=cookies_dict)

    print(res.text)

    page_sum = sum([int(item_dict["value"]) for item_dict in res.json()["data"]])

    all_sum.append(page_sum)

print("all_sum =",sum(all_sum))

 

 

####

上一篇:微信小程序使用 Crypto-js MD5加密


下一篇:基于RSA+AES实现前后端(VUE+PHP)参数加密传输