案例目标 目标网址:aHR0cHMlM0EvL21hdGNoLnl1YW5yZW54dWUuY29tL21hdGNoLzI=
本题目标:提取全部 5 页发布日热度的值,计算所有值的加和,并提交答案
常规 JavaScript 逆向思路 JavaScript 逆向工程通常分为以下三步:
寻找入口 :逆向工程的核心在于找出加密参数的生成方式。关键逻辑可能隐藏在某个方法或变量中。一个网站可能加载了大量 JavaScript 文件,关键在于从这些文件中找到核心代码的位置。
调试分析 :找到入口后,定位到可能执行关键参数的方法。接着,分析内部逻辑,了解使用了哪些加密算法和变量赋值变换。通过整理整体思路,利用断点或反混淆工具进行详细调试分析。
模拟执行 :通过调试分析,掌握了逻辑后,需要复现加密过程,以获取最终所需的数据。
开始分析 1、打开chrome浏览器后,打开开发者工具,然后在开始之前,先清空一下缓存
2、重新刷新网页,发现网站开始进入 debugger;
解决的办法有以下几种:
1.禁用此处断点,在 debugger 行数单击鼠标右键,选择【never paush here】然后刷新页面h或点击下一步断点(F8)即可。3、 在 Network 中可以看到热度值的 api 数据接口为2,响应预览中可以看到当前页面各手机型号发布日热度值:
4、查看这个接口,好像也没什么特殊的地方
5、点击到第二页的时候有概率会提示:cookie 失效,正在重置页面:
6、点击确定,对比请求头,再结合题目,判定问题就出在这个动态cookie上,而且就是 m :
7、看下 m 的具体属性,并非服务器直接设置:
cookie 中的 m 参数的样式如下:
2df979fcd34a0bfe193d10c45cae4632|17172091530008、(右键)清除 m 值重新加载页面
可以看到两个一样的请求,但是一个cookie 没有 m,看不到响应,且响应头没有 setcookie,另一个请求的 cookie 带有 m 值。由此猜测,cookie 中的 m 值是第一次请求后由 js 生成出来的。
9、既然第一个请求这么奇怪,我们使用 requests 看下它到底作了什么妖0*0。
用 fidder 抓包或者 python 请求可以发现其返回的是一个混淆的 js 代码:
#!usr/bin/env python # -*- coding:utf-8 _*- import requests'tk' : '-5621756640779912732' ,'sessionid' : 'qdlnifuic3h3iygdq3rcaoxpyrdo9c82' ,'qpfccr' : 'true' ,'no-alert3' : 'true' ,'accept' : 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7' ,'accept-language' : 'zh' ,'cache-control' : 'no-cache' ,# 'cookie': 'tk=-5621756640779912732; sessionid=qdlnifuic3h3iygdq3rcaoxpyrdo9c82; qpfccr=true; no-alert3=true', 'pragma' : 'no-cache' ,'priority' : 'u=0, i' ,'referer' : 'https://match.yuanrenxue.cn/match/2' ,'sec-ch-ua' : '"Google Chrome";v="125", "Chromium";v="125", "Not.A/Brand";v="24"' ,'sec-ch-ua-mobile' : '?0' ,'sec-ch-ua-platform' : '"Windows"' ,'sec-fetch-dest' : 'document' ,'sec-fetch-mode' : 'navigate' ,'sec-fetch-site' : 'same-origin' ,'sec-fetch-user' : '?1' ,'upgrade-insecure-requests' : '1' ,'user-agent' : 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36' ,'https://match.yuanrenxue.cn/match/2' , cookies=cookies, headers=headers)发现返回了一堆 js 代码,进一步验证了 cookie 是由 js 生成的猜想:
浏览器调试 知道了大概位置,就可以开始找具体代码了。
在源代码选项卡中找到事件监听断点,勾选脚本,这样在遇到js时会自动断下,清除浏览器中保存的 cookie,刷新界面
'cookie' , {return val;hook 好以后 让网页继续运行,成功断在 cookie 生成位置:
此时的 m 已经生成出来了,不过可以通过调用堆栈往前找到生成的位置。
_0x36f9ed[$dbsm_0x2d28('\x30\x78\x34\x63\x31' , '\x51\x6e\x61\x7a' ) + '\x79\x68' ](_0x36f9ed['\x4c\x4b\x61' + '\x79\x68' ](_0x36f9ed[$dbsm_0x2d28('\x30\x78\x34\x39\x33' , '\x34\x33\x55\x36' ) + '\x63\x4a' ](_0x36f9ed[$dbsm_0x2d28('\x30\x78\x31\x36\x66' , '\x7a\x6f\x74\x26' ) + '\x63\x7a' ](_0x36f9ed[$dbsm_0x2d28('\x30\x78\x31\x64\x35' , '\x65\x38\x34\x67' ) + '\x43\x44' ](_0x36f9ed['\x54\x65\x61' + '\x43\x44' ]('\x6d' , _0x36f9ed[$dbsm_0x2d28('\x30\x78\x33\x32\x37' , '\x40\x6e\x71\x49' ) + '\x46\x4b' ](_0x49aa7c)), '\x3d' ), _0x36f9ed['\x57\x58\x6b' + '\x66\x77' ](_0x5d6009, _0x26b6ca)), '\x7c' ), _0x26b6ca), _0x36f9ed['\x41\x73\x54' + '\x75\x6d' ]);'\x30\x78\x63\x34' , '\x57\x6f\x5b\x4f' ) + $dbsm_0x2d28('\x30\x78\x34\x64\x36' , '\x72\x50\x50\x79' )]();再来看下_0x36f9ed:
这个_0x36f9ed里面包含了很多字符串和函数,也就是说上面的代码都是在调用它里面的函数。
稍加整理:
_0x36f9ed['LKayh' ]('LKayh' ]('yYtcJ' ]('TCacz' ]('TeaCD' ]('TeaCD' ]('m' , "TZmFK" ](_0x49aa7c)), '=' ), 'WXkfw' ](_0x5d6009, _0x26b6ca)), '|' ), _0x26b6ca),'AsTum' ]);
也就是最后只要计算:
_0x36f9ed['WXkfw' ](_0x5d6009, _0x26b6ca) + '|' + _0x26b6ca剩下的就是补环境了。
用猿人学的采集工具解混淆(https://tool.yuanrenxue.cn/decode_obfuscator)看看,简单的读下代码。
解混淆之后的代码如下:
setInterval(function (4000 );function $dbsm_0x5bf942 (_0x31e196 ) var _0x39cca0 = function (var _0x13d1a6 = true ;return function (_0x4cd36a, _0x4e4df1 ) var _0x51fcc5 = _0x13d1a6 ? function (if (_0x4e4df1) {var _0x174e7c = _0x4e4df1["apply" ](_0x4cd36a, arguments );null ;return _0x174e7c;function (false ;return _0x51fcc5;var _0x5a13d7 = function (var _0x1aa8c9 = true ;return function (_0xdbfd1d, _0x5bfa4e ) var _0x1409db = _0x1aa8c9 ? function (if (_0x5bfa4e) {var _0x2f8d9f = _0x5bfa4e["apply" ](_0xdbfd1d, arguments );null ;return _0x2f8d9f;function (false ;return _0x1409db;function _0x7d37cb (_0x47959e, _0x3bc00b ) var _0x11ade0 = (65535 & _0x47959e) + (65535 & _0x3bc00b);return (_0x47959e >> 16 ) + (_0x3bc00b >> 16 ) + (_0x11ade0 >> 16 ) <16 | 65535 & _0x11ade0;function _0x142d6a (_0x1bbddf, _0x3f144b ) return _0x1bbddf <>> 32 - _0x3f144b;function _0x3649fb (_0x21be27, _0xe6370b, _0x5eeffe, _0x11f158, _0x40461a, _0x2ee259 ) return _0x7d37cb(_0x142d6a(_0x7d37cb(_0x7d37cb(_0xe6370b, _0x21be27), _0x7d37cb(_0x11f158, _0x2ee259)), _0x40461a), _0x5eeffe);function _0x106504 (_0x3f4fd4, _0x3c217b, _0x277540, _0x4ef3b1, _0x3be99b, _0x2d706f, _0x180aad ) return _0x3649fb(_0x3c217b & _0x277540 | ~_0x3c217b & _0x4ef3b1, _0x3f4fd4, _0x3c217b, _0x3be99b, _0x2d706f, _0x180aad);function _0x569d9f (_0x3a1a35, _0x4e6ac2, _0x5a49a9, _0x312136, _0xd2eee1, _0x156125, _0x396c4c )
_0x3649fb(_0x4e6ac2 & _0x312136 | _0x5a49a9 & ~_0x312136, _0x3a1a35, _0x4e6ac2, _0xd2eee1, _0x156125, _0x396c4c);function _0x25e694 (_0x2a8b77, _0x6278a0 ) let _0x124cc7 = [99 , 111 , 110 , 115 , 111 , 108 , 101 ];let _0x23a395 = "" ;for (let _0x29cf05 = 0 ; _0x29cf05 "length"]; _0x29cf05++) {String ["fromCharCode" ](_0x124cc7[_0x29cf05]);return _0x23a395;function _0x573502 (_0x21e7a6, _0x87331, _0xb0313, _0x3c93cc, _0x2b42ca, _0x490f6b, _0x18e811 ) return _0x3649fb(_0x87331 ^ _0xb0313 ^ _0x3c93cc, _0x21e7a6, _0x87331, _0x2b42ca, _0x490f6b, _0x18e811);function _0xc20d2b (_0x130de7, _0x243ab5, _0x5c559a, _0x4eb361, _0x178d6a, _0x3871a0, _0x325335 ) return _0x3649fb(_0x5c559a ^ (_0x243ab5 | ~_0x4eb361), _0x130de7, _0x243ab5, _0x178d6a, _0x3871a0, _0x325335);function _0x116551 (_0x1dbd19, _0x3eb31e ) if (_0x3eb31e) {return _0xc20d2b(_0x1dbd19);return _0x25e694(_0x1dbd19);function _0x118b69 (_0x118b98, _0x4dc3aa ) let _0x5350c = "" ;for (let _0x51d6de = 0 ; _0x51d6de "length"]; _0x51d6de++) {String ["fromCharCode" ](_0x118b98[_0x51d6de]);return _0x5350c;function _0x7c9cae (_0x218784, _0x102f11 ) var _0x4a24af = _0x39cca0(this , function (var _0x58b618 = function (var _0x4e2deb = _0x58b618["constructor" ]("return /\" + this + \"/" )()["compile" ]("^([^ ]+( +[^ ]+)+)+[^ ]}" );return !_0x4e2deb["test" ](_0x4a24af);return _0x58b618();function (this , function (var _0x22c2f7 = new RegExp ("function *\\( *\\)" );var _0x1449c8 = new RegExp ("\\+\\+ *(?:[a-zA-Z_$][0-9a-zA-Z_$]*)" , "i" );var _0x543b10 = $dbsm_0x2cce85("init" );if (!_0x22c2f7["test" ](_0x543b10 + "chain" ) || !_0x1449c8["test" ](_0x543b10 + "input" )) {"0" );else {10 , 99 , 111 , 110 , 115 , 111 , 108 , 101 , 32 , 61 , 32 , 110 , 101 , 119 , 32 , 79 , 98 , 106 , 101 , 99 , 116 , 40 , 41 , 10 , 99 , 111 , 110 , 115 , 111 , 108 , 101 , 46 , 108 , 111 , 103 , 32 , 61 , 32 , 102 , 117 , 110 , 99 , 116 , 105 , 111 , 110 ,
, 40 , 115 , 41 , 32 , 123 , 10 , 32 , 32 , 32 , 32 , 119 , 104 , 105 , 108 , 101 , 32 , 40 , 49 , 41 , 123 , 10 , 32 , 32 , 32 , 32 , 32 , 32 , 32 , 32 , 102 , 111 , 114 , 40 , 105 , 61 , 48 , 59 , 105 , 60 , 49 , 49 , 48 , 48 , 48 , 48 , 48 , 59 , 105 , 43 , 43 , 41 , 123 , 10 , 32 , 32 , 32 , 32 , 32 , 32 , 32 , 32 , 104 , 105 , 115 , 116 , 111 , 114 , 121 , 46 , 112 , 117 , 115 , 104 , 83 , 116 , 97 , 116 , 101 , 40 , 48 , 44 , 48 , 44 , 105 , 41 , 10 , 32 , 32 , 32 , 32 , 32 , 32 , 32 , 32 , 32 , 32 , 32 , 32 , 125 , 10 , 32 , 32 , 32 , 32 , 125 , 10 , 10 , 125 , 10 , 99 , 111 , 110 , 115 , 111 , 108 , 101 , 46 , 116 , 111 , 83 , 116 , 114 , 105 , 110 , 103 , 32 , 61 , 32 , 39 , 91 , 111 , 98 , 106 , 101 , 99 , 116 , 32 , 79 , 98 , 106 , 101 , 99 , 116 , 93 , 39 , 10 , 99 , 111 , 110 , 115 , 111 , 108 , 101 , 46 , 108 , 111 , 103 , 46 , 116 , 111 , 83 , 116 , 114 , 105 , 110 , 103 , 32 , 61
32 , 39 , 402 , 32 , 116 , 111 , 83 , 116 , 114 , 105 , 110 , 103 , 40 , 41 , 32 , 123 , 32 , 91 , 110 , 97 , 116 , 105 , 118 , 101 , 32 , 99 , 111 , 100 , 101 , 93 , 32 , 125 , 39 , 10 ];eval (_0x118b69(qz));try {if (global) {console ["log" ]("人生苦短,何必python?" );else {while (1 ) {console ["log" ]("人生苦短,何必python?" );debugger ;catch (_0x5709da) {return navigator["vendorSub" ];500 );function _0x8d8432 (_0x12522f, _0x52357b ) 5 ] |= 128 <32, _0x12522f[14 + (_0x52357b + 64 >>> 9 <4)] = _0x52357b;if (qz) {var _0x2dd6a2,1732584193 ,-271733879 ,-1732584194 ,271733878 ;else {var _0x2dd6a2,0 ,-0 ,-0 ,0 ;for (_0x2dd6a2 = 0 ; _0x2dd6a2 "length"]; _0x2dd6a2 += 16 ) _0x9afb13 = _0x5805e5, _0x597da2 = _0x480c88, _0xf510a0 = _0x1943ed, _0x500042 = _0x5d4ef3, _0x5805e5 = _0x106504(_0x5805e5, _0x480c88, _0x1943ed, _0x5d4ef3, _0x12522f[_0x2dd6a2], 7 , -680876936 ), _0x5d4ef3 = _0x106504(_0x5d4ef3, _0x5805e5, _0x480c88, _0x1943ed, _0x12522f[_0x2dd6a2 + 1 ], 12 , -389564586 ), _0x1943ed = _0x106504(_0x1943ed, _0x5d4ef3, _0x5805e5, _0x480c88, _0x12522f[_0x2dd6a2 + 2 ], 17 , 606105819 ), _0x480c88 = _0x106504(_0x480c88, _0x1943ed, _0x5d4ef3, _0x5805e5, _0x12522f[_0x2dd6a2 + 3 ], 22 , -1044525330 ), _0x5805e5 = _0x106504(_0x5805e5, _0x480c88, _0x1943ed, _0x5d4ef3, _0x12522f[_0x2dd6a2 + 4 ], 7 , -176418897 ), _0x5d4ef3 = _0x106504(_0x5d4ef3, _0x5805e5, _0x480c88, _0x1943ed, _0x12522f[_0x2dd6a2 + 5 ], 12 , 1200080426 ), _0x1943ed = _0x106504(_0x1943ed, _0x5d4ef3, _0x5805e5, _0x480c88, _0x12522f[_0x2dd6a2 + 6 ], 17 , -1473231341 ), _0x480c88 = _0x106504(_0x480c88, _0x1943ed, _0x5d4ef3, _0x5805e5, _0x12522f[_0x2dd6a2 + 7 ], 22 , -45705983 ), _0x5805e5 = _0x106504(_0x5805e5, _0x480c88, _0x1943ed, _0x5d4ef3, _0x12522f[_0x2dd6a2 + 8 ], 7 , 1770010416 ), _0x5d4ef3 = _0x106504(_0x5d4ef3, _0x5805e5, _0x480c88, _0x1943ed, _0x12522f[_0x2dd6a2 + 9 ], 12 , -1958414417 ), _0x1943ed = _0x106504(_0x1943ed, _0x5d4ef3, _0x5805e5, _0x480c88, _0x12522f[_0x2dd6a2 + 10 ], 17 , -42063 ), _0x480c88 = _0x106504(_0x480c88, _0x1943ed, _0x5d4ef3, _0x5805e5, _0x12522f[_0x2dd6a2 + 11 ], 22 , -1990404162 ), _0x5805e5 = _0x106504(_0x5805e5, _0x480c88, _0x1943ed, _0x5d4ef3, _0x12522f[_0x2dd6a2 + 12 ], 7 , 1804603682 ), _0x5d4ef3 = _0x106504(_0x5d4ef3, _0x5805e5, _0x480c88, _0x1943ed, _0x12522f[_0x2dd6a2 + 13 ], 12 , -40341101 ), _0x1943ed = _0x106504(_0x1943ed, _0x5d4ef3, _0x5805e5, _0x480c88, _0x12522f[_0x2dd6a2 + 14 ], 17 , -1502882290 ), _0x480c88 = _0x106504(_0x480c88, _0x1943ed, _0x5d4ef3, _0x5805e5, _0x12522f[_0x2dd6a2 + 15 ], 22 , 1236535329 ), _0x5805e5 = _0x569d9f(_0x5805e5, _0x480c88, _0x1943ed, _0x5d4ef3, _0x12522f[_0x2dd6a2 + 1
5 , -165796510 ), _0x5d4ef3 = _0x569d9f(_0x5d4ef3, _0x5805e5, _0x480c88, _0x1943ed, _0x12522f[_0x2dd6a2 + 6 ], 9 , -1069501632 ), _0x1943ed = _0x569d9f(_0x1943ed, _0x5d4ef3, _0x5805e5, _0x480c88, _0x12522f[_0x2dd6a2 + 11 ], 14 , 643717713 ), _0x480c88 = _0x569d9f(_0x480c88, _0x1943ed, _0x5d4ef3, _0x5805e5, _0x12522f[_0x2dd6a2], 20 , -373897302 ), _0x5805e5 = _0x569d9f(_0x5805e5, _0x480c88, _0x1943ed, _0x5d4ef3, _0x12522f[_0x2dd6a2 + 5 ], 5 , -701558691 ), _0x5d4ef3 = _0x569d9f(_0x5d4ef3, _0x5805e5, _0x480c88, _0x1943ed, _0x12522f[_0x2dd6a2 + 10 ], 9 , 38016083 ), _0x1943ed = _0x569d9f(_0x1943ed, _0x5d4ef3, _0x5805e5, _0x480c88, _0x12522f[_0x2dd6a2 + 15 ], 14 , -660478335 ), _0x480c88 = _0x569d9f(_0x480c88, _0x1943ed, _0x5d4ef3, _0x5805e5, _0x12522f[_0x2dd6a2 + 4 ], 20 , -405537848 ), _0x5805e5 = _0x569d9f(_0x5805e5, _0x480c88, _0x1943ed, _0x5d4ef3, _0x12522f[_0x2dd6a2 + 9 ], 5 , 568446438 ), _0x5d4ef3 = _0x569d9f(_0x5d4ef3, _0x5805e5, _0x480c88, _0x1943ed, _0x12522f[_0x2dd6a2 + 14 ], 9 , -1019803690 ), _0x1943ed = _0x569d9f(_0x1943ed, _0x5d4ef3, _0x5805e5, _0x480c88, _0x12522f[_0x2dd6a2 + 3 ], 14 , -187363961 ), _0x480c88 = _0x569d9f(_0x480c88, _0x1943ed, _0x5d4ef3, _0x5805e5, _0x12522f[_0x2dd6a2 + 8 ], 20 , 1163531501 ), _0x5805e5 = _0x569d9f(_0x5805e5, _0x480c88, _0x1943ed, _0x5d4ef3, _0x12522f[_0x2dd6a2 + 13 ], 5 , -1444681467 ), _0x5d4ef3 = _0x569d9f(_0x5d4ef3, _0x5805e5, _0x480c88, _0x1943ed, _0x12522f[_0x2dd6a2 + 2 ], 9 , -51403784 ), _0x1943ed = _0x569d9f(_0x1943ed, _0x5d4ef3, _0x5805e5, _0x480c88, _0x12522f[_0x2dd6a2 + 7 ], 14 , 1735328473 ), _0x480c88 = _0x569d9f(_0x480c88, _0x1943ed, _0x5d4ef3, _0x5805e5, _0x12522f[_0x2dd6a2 + 12 ], 20 , -1926607734 ), _0x5805e5 = _0x573502(_0x5805e5, _0x480c88, _0x1943ed, _0x5d4ef3, _0x12522f[_0x2dd6a2 + 5 ], 4 , -378558 ), _0x5d4ef3 = _0x573502(_0x5d4ef3, _0x5805e5, _0x480c88, _0x1943ed, _0x12522f[_0x2dd6a2 + 8 ], 11 , -2022574463 ), _0x1943ed = _0x573502(_0x1943ed, _0x5d4ef3, _0x5805e5, _0x480c88, _0x12522f[_0x2dd6a2 + 11 ], 16 , 1839030562 ), _0x480c88 = _0x573502(_0x480c88, _0x1943ed, _0x5d4ef3, _0x5805e5, _0x12522f[_0x2dd6a2 + 14 ], 23 , -35309556 ), _0x5805e5 = _0x573502(_0x5805e5, _0x480c88, _0x1943ed, _0x5d4ef3, _0x12522f[_0x2dd6a2 + 1 ], 4 , -1530992060 ), _0x5d4ef3 = _0x573502(_0x5d4ef3, _0x5805e5, _0x480c88, _0x1943ed, _0x12522f[_0x2dd6a2 + 4 ], 11 , 1272893353 ), _0x1943ed = _0x573502(_0x1943ed, _0x5d4ef3, _0x5805e5, _0x480c88, _0x12522f[_0x2dd6a2 + 7 ], 16 , -155497632 ), _0x480c88 = _0x573502(_0x480c88, _0x1943ed, _0x5d4ef3, _0x5805e5, _0x12522f[_0x2dd6a2 + 10 ], 23 , -1094730640 ), _0x5805e5 = _0x573502(_0x5805e5, _0x480c88, _0x1943ed, _0x5d4ef3, _0x12522f[_0x2dd6a2 + 13 ], 4 , 681279174 ), _0x5d4ef3 = _0x573502(_0x5d4ef3, _0x5805e5, _0x480c88, _0x1943ed, _0x12522f[_0x2dd6a2], 11 , -358537222 ), _0x1943ed = _0x573502(_0x1943ed, _0x5d4ef3, _0x5805e5, _0x480c88, _0x12522f[_0x2dd6a2 + 3 ], 16 , -722521979 ), _0x480c88 = _0x573502(_0x480c88, _0x1943ed, _0x5d4ef3, _0x5805e5, _0x12522f[_0x2dd6a2 + 6 ], 23 , 76029189 ), _0x5805e5 = _0x573502(_0x5805e5, _0x480c88, _0x1943ed, _0x5d4ef3, _0x12522f[_0x2dd6a2 + 9 ], 4 , -640364487 ), _0x5d4ef3 = _0x573502(_0x5d4ef3, _0x5805e5, _0x480c88, _0x1943ed, _0x12522f[_0x2dd6a2 + 12 ], 11 , -421815835 ), _0x1943ed = _0x573502(_0x1943ed, _0x5d4ef3, _0x5805e5, _0x480c88, _0x12522f[_0x2dd6a2 + 15 ], 16 , 530742520 ), _0x480c88 = _0x573502(_0x480c88, _0x1943ed, _0x5d4ef3, _0x5805e5, _0x12522f[_0x2dd6a2 + 2 ], 23 , -995338651 ), _0x5805e5 = _0xc20d2b(_0x5805e5, _0x480c88, _0x1943ed, _0x5d4ef3, _0x12522f[_0x2dd6a2], 6 , -198630844 ), _0x5d4ef3 = _0xc20d2b(_0x5d4ef3, _0x5805e5, _0x480c88, _0x1943ed, _0x12522f[_0x2dd6a2 + 7 ], 10 , 1126891415 ), _0x1943ed = _0xc20d2b(_0x1943ed, _0x5d4ef3, _0x5805e5, _0x480c88, _0x12522f[_0x2dd6a2 + 14 ], 15 , -1416354905 ), _0x480c88 = _0xc20d2b(_0x480c88, _0x1943ed, _0x5d4ef3, _0x5805e5, _0x12522f[_0x2dd6a2 + 5 ], 21 , -57434055 ), _0x5805e5 = _0xc20d2b(_0x5805e5, _0x480c88, _0x1943ed, _0x5d4ef3, _0x12522f[_0x2dd6a2 + 12 ], 6 , 1700485571 ), _0x5d4ef3 = _0xc20d2b(_0x5d4ef3, _0x5805e5, _0x480c88, _0x1943ed, _0x12522f[_0x2dd6a2 + 3 ], 10
-1894986606 ), _0x1943ed = _0xc20d2b(_0x1943ed, _0x5d4ef3, _0x5805e5, _0x480c88, _0x12522f[_0x2dd6a2 + 10 ], 15 , -1051523 ), _0x480c88 = _0xc20d2b(_0x480c88, _0x1943ed, _0x5d4ef3, _0x5805e5, _0x12522f[_0x2dd6a2 + 1 ], 21 , -2054922799 ), _0x5805e5 = _0xc20d2b(_0x5805e5, _0x480c88, _0x1943ed, _0x5d4ef3, _0x12522f[_0x2dd6a2 + 8 ], 6 , 1873313359 ), _0x5d4ef3 = _0xc20d2b(_0x5d4ef3, _0x5805e5, _0x480c88, _0x1943ed, _0x12522f[_0x2dd6a2 + 15 ], 10 , -30611744 ), _0x1943ed = _0xc20d2b(_0x1943ed, _0x5d4ef3, _0x5805e5, _0x480c88, _0x12522f[_0x2dd6a2 + 6 ], 15 , -1560198380 ), _0x480c88 = _0xc20d2b(_0x480c88, _0x1943ed, _0x5d4ef3, _0x5805e5, _0x12522f[_0x2dd6a2 + 13 ], 21 , 1309151649 ), _0x5805e5 = _0xc20d2b(_0x5805e5, _0x480c88, _0x1943ed, _0x5d4ef3, _0x12522f[_0x2dd6a2 + 4 ], 6 , -145523070 ), _0x5d4ef3 = _0xc20d2b(_0x5d4ef3, _0x5805e5, _0x480c88, _0x1943ed, _0x12522f[_0x2dd6a2 + 11 ], 10 , -1120210379 ), _0x1943ed = _0xc20d2b(_0x1943ed, _0x5d4ef3, _0x5805e5, _0x480c88, _0x12522f[_0x2dd6a2 + 2 ], 15 , 718787259 ), _0x480c88 = _0xc20d2b(_0x480c88, _0x1943ed, _0x5d4ef3, _0x5805e5, _0x12522f[_0x2dd6a2 + 9 ], 21 , -343485441 ), _0x5805e5 = _0x7d37cb(_0x5805e5, _0x9afb13), _0x480c88 = _0x7d37cb(_0x480c88, _0x597da2), _0x1943ed = _0x7d37cb(_0x1943ed, _0xf510a0), _0x5d4ef3 = _0x7d37cb(_0x5d4ef3, _0x500042);return [_0x5805e5, _0x480c88, _0x1943ed, _0x5d4ef3];function _0x288e8c (_0x5e1f58 ) var _0x40d6a1,"" ,32 * _0x5e1f58["length" ];for (_0x40d6a1 = 0 ; _0x40d6a1 8) _0x7cf452 += String ["fromCharCode" ](_0x5e1f58[_0x40d6a1 >> 5 ] >>> _0x40d6a1 % 32 & 255 );return _0x7cf452;function _0x148161 (_0x54c23b ) var _0x541790,for (_0x2d3288[(_0x54c23b["length" ] >> 2 ) - 1 ] = undefined , _0x541790 = 0 ; _0x541790 "length"]; _0x541790 += 1 ) _0x2d3288[_0x541790] = 0 ;var _0x3592c6 = 8 * _0x54c23b["length" ];for (_0x541790 = 0 ; _0x541790 8) _0x2d3288[_0x541790 >> 5 ] |= (255 & _0x54c23b["charCodeAt" ](_0x541790 / 8 )) <32;return _0x2d3288;function _0x2df11d (_0x222520 ) return _0x288e8c(_0x8d8432(_0x148161(_0x222520), 8 * _0x222520["length" ]));function _0x31d955 (_0x22a885 ) var _0x1453c2,"0123456789abcdef" ,"" ;for (_0x572ebe = 0 ; _0x572ebe "length"]; _0x572ebe += 1 ) _0x1453c2 = _0x22a885["charCodeAt" ](_0x572ebe), _0x591bd4 += _0x5972e8["charAt" ](_0x1453c2 >>> 4 & 15 ) + _0x5972e8["charAt" ](15 & _0x1453c2);return _0x591bd4;function _0x4cd524 (_0x4d0787 ) return unescape (encodeURIComponent (_0x4d0787));function _0x43aebd (_0x3cb544 ) return _0x2df11d(_0x4cd524(_0x3cb544));function _0x108169 (_0x560b09 ) return _0x31d955(_0x43aebd(_0x560b09));function _0x4b16d2 (_0x512dd3, _0x4409d8, _0x5ac5df ) return _0x4409d8 ? _0x5ac5df ? _0x25e694(_0x4409d8, _0x512dd3) : y(_0x4409d8, _0x512dd3) : _0x5ac5df ? _0x43aebd(_0x512dd3) : _0x108169(_0x512dd3);function _0xd0746b (_0x72fc89, _0x56adac ) document ["cookie" ] = "m" + _0x7c9cae() + "="
"|" + _0x72fc89 + "; path=/" ;"reload" ]();function _0x325073 (_0xaad9d3, _0x4c96a7 ) return Date ["parse" ](new Date ());function $dbsm_0x2cce85 (_0x1bb8eb ) function _0x1b4247 (_0xaa9817 ) if (typeof _0xaa9817 === "string" ) {return function (_0x203d62 ) "constructor" ]("while (true) {}" )["apply" ]("counter" );else {if (("" + _0xaa9817 / _0xaa9817)["length" ] !== 1 || _0xaa9817 % 20 === 0 ) {function (return true ;"constructor" ]("debugger" )["call" ]("action" );else {function (return false ;"constructor" ]("debugger" )["apply" ]("stateObject" );try {if (_0x1bb8eb) {return _0x1b4247;else {0 );catch (_0x6dc78a) {}经过前面的分析,我们直接从_0x1ef281(_0x2b9b78()入手:
console .log(_0x2b9b78()) // 时间戳 console .log(_0x1ef281(_0x2b9b78()));改造如下:
function _0x1ef281 (_0x26b6ca, _0x437f35 ) // document["cookie"] = "m" + _0x49aa7c() + "=" + _0x5d6009(_0x26b6ca) + "|" + _0x26b6ca + "; path=/"; // location["reload"](); return _0x5d6009(_0x26b6ca) + "|" + _0x26b6cafunction _0x2b9b78 (_0x282a57, _0x3149ea ) return Date ["parse" ](new Date ());// return 1717217468000; 然后其它反混淆后的代码先保持不变,执行。
结果发现程序陷入死循环,怪事。本着关联小的代码先屏蔽的原则。
删除疑似检测并自动 debugger 的函数$dbsm_0x5259fe及相关代码 构造函数的调用、正则匹配、最后返回正则匹配的结果,再往下一看在紧挨着的一个自执行函数中判断匹配结果,结合匹配规则与作用对象一看,那可不就是判断一下这个对象的作用范围内的代码是否格式化了嘛,如果格式化了的话就一直递归调用下去,直到程序崩溃。所以分析到这里就很清晰了,我们只需要将该作用对象的代码压缩一下,也就是不要格式化了就可以了,硬气点就直接不要这段代码了。
至此,最终的 JS 代码如下:
var _0x32d8ff = function (var _0x10da5a = true ;return function (_0x12abdf, _0x1bf080 ) var _0x3a9e2b = _0x10da5a ? function (if (_0x1bf080) {var _0xb4da8 = _0x1bf080["apply" ](_0x12abdf, arguments );null ;return _0xb4da8;function (false ;return _0x3a9e2b;var _0x4cda73 = function (var _0x4012fc = true ;return function (_0x1d5729, _0x1524fb ) var _0x559fe4 = _0x4012fc ? function (if (_0x1524fb) {var _0x341172 = _0x1524fb["apply" ](_0x1d5729, arguments );null ;return _0x341172;function (false ;return _0x559fe4;function _0x78a97c (_0x5721d9, _0x20bb9d ) var _0x358b7d = (65535 & _0x5721d9) + (65535 & _0x20bb9d);return (_0x5721d9 >> 16 ) + (_0x20bb9d >> 16 ) + (_0x358b7d >> 16 ) <16 | 65535 & _0x358b7d;function _0x4005c0 (_0x3babe8, _0x45dcea ) return _0x3babe8 <>> 32 - _0x45dcea;function _0x5f43ab (_0x448588, _0x521376, _0x43952f, _0xb364d5, _0x42214f, _0x4a31d5 ) return _0x78a97c(_0x4005c0(_0x78a97c(_0x78a97c(_0x521376, _0x448588), _0x78a97c(_0xb364d5, _0x4a31d5)), _0x42214f), _0x43952f);function _0x55b8d2 (_0x41a8b6, _0x36bdd4, _0x3f2bb8, _0x1c8914, _0x4823f8, _0x1b9564, _0x4bf1c0 ) return _0x5f43ab(_0x36bdd4 & _0x3f2bb8 | ~_0x36bdd4 & _0x1c8914, _0x41a8b6, _0x36bdd4, _0x4823f8, _0x1b9564, _0x4bf1c0);function _0x130dc5 (_0x1b44b4, _0x50326c, _0x5bbb51, _0x15068f, _0x4cda97, _0x4bac7d, _0x394e69 ) return _0x5f43ab(_0x50326c & _0x15068f | _0x5bbb51 & ~_0x15068f, _0x1b44b4, _0x50326c, _0x4cda97, _0x4bac7d, _0x394e69);function _0x1efbd5 (_0x2a44b, _0x8e77a1 ) let _0x53311f = [99 , 111 , 110
115 , 111 , 108 , 101 ];let _0x4d1db4 = "" ;for (let _0x5881ad = 0 ; _0x5881ad "length"]; _0x5881ad++) {String ["fromCharCode" ](_0x53311f[_0x5881ad]);return _0x4d1db4;function _0x37d2d1 (_0x36dfcd, _0x4de24f, _0x170b41, _0x517f77, _0x5e7a62, _0x4e1845, _0x44344a ) return _0x5f43ab(_0x4de24f ^ _0x170b41 ^ _0x517f77, _0x36dfcd, _0x4de24f, _0x5e7a62, _0x4e1845, _0x44344a);function _0x5929b7 (_0x4118e4, _0xd92f9c, _0x4eaacd, _0x3c4472, _0x599cb8, _0x2fde49, _0x4f83e1 ) return _0x5f43ab(_0x4eaacd ^ (_0xd92f9c | ~_0x3c4472), _0x4118e4, _0xd92f9c, _0x599cb8, _0x2fde49, _0x4f83e1);function _0x14cc53 (_0x3d8252, _0x4c4ba5 ) if (_0x4c4ba5) {return _0x5929b7(_0x3d8252);return _0x1efbd5(_0x3d8252);function _0x34b425 (_0x3c4aa7, _0xaef50e ) let _0x59eb28 = "" ;for (let _0x1dd6f6 = 0 ; _0x1dd6f6 "length"]; _0x1dd6f6++) {String ["fromCharCode" ](_0x3c4aa7[_0x1dd6f6]);return _0x59eb28;function _0x49aa7c (_0x4a9a17, _0x5e5f99 ) 10 , 99 , 111 , 110 , 115 , 111 , 108 , 101 , 32 , 61 , 32 , 110 , 101 , 119 , 32 , 79 , 98 , 106 , 101 , 99 , 116 , 40 , 41 , 10 , 99 , 111 , 110 , 115 , 111 , 108 , 101 , 46 , 108 , 111 , 103 , 32 , 61 , 32 , 102 , 117 , 110 , 99 , 116 , 105 , 111 , 110 , 32 , 40 , 115 , 41 , 32 , 123 , 10 , 32 , 32 , 32 , 32 , 119 , 104 , 105 , 108 , 101 , 32 , 40 , 49 , 41 , 123 , 10 , 32 , 32 , 32 , 32 , 32 , 32 , 32 , 32 , 102 , 111 , 114 , 40 , 105 , 61 , 48 , 59 , 105 , 60 , 49 , 49 , 48 , 48 , 48 , 48 , 48 , 59 , 105 , 43 , 43 , 41 , 123 , 10 , 32 , 32 , 32 , 32 , 32 , 32 , 32 , 32 , 104
105 , 115 , 116 , 111 , 114 , 121 , 46 , 112 , 117 , 115 , 104 , 83 , 116 , 97 , 116 , 101 , 40 , 48 , 44 , 48 , 44 , 105 , 41 , 10 , 32 , 32 , 32 , 32 , 32 , 32 , 32 , 32 , 32 , 32 , 32 , 32 , 125 , 10 , 32 , 32 , 32 , 32 , 125 , 10 , 10 , 125 , 10 , 99 , 111 , 110 , 115 , 111 , 108 , 101 , 46 , 116 , 111 , 83 , 116 , 114 , 105 , 110 , 103 , 32 , 61 , 32 , 39 , 91 , 111 , 98 , 106 , 101 , 99 , 116 , 32 , 79 , 98 , 106 , 101 , 99 , 116 , 93 , 39 , 10 , 99 , 111 , 110 , 115 , 111 , 108 , 101 , 46 , 108 , 111 , 103 , 46 , 116 , 111 , 83 , 116 , 114 , 105 , 110 , 103 , 32 , 61 , 32 , 39 , 402 , 32 , 116 , 111 , 83 , 116 , 114 , 105 , 110 , 103 , 40 , 41 , 32 , 123 , 32 , 91 , 110 , 97 , 116 , 105 , 118 , 101 , 32 , 99 , 111 , 100 , 101 , 93 , 32 , 125 , 39 , 10 ];eval (_0x34b425(qz));function _0x22f0b8 (_0x28dd69, _0xb24519 ) 5 ] |= 128 <32, _0x28dd69[14 + (_0xb24519 + 64 >>> 9 <4)] = _0xb24519;if (qz) {var _0x4e039e,1732584193 ,-271733879 ,-1732584194 ,271733878 ;else {var _0x4e039e,0 ,-0 ,-0 ,0 ;for (_0x4e039e = 0 ; _0x4e039e "length"]; _0x4e039e += 16 ) _0x19d32c = _0x37dc07, _0x3ddc0d = _0x3eadc8, _0xef7e8f = _0x310b2c, _0x57b6a3 = _0x298fef, _0x37dc07 = _0x55b8d2(_0x37dc07, _0x3eadc8, _0x310b2c, _0x298fef, _0x28dd69[_0x4e039e], 7 , -680876936 ), _0x298fef = _0x55b8d2(_0x298fef, _0x37dc07, _0x3eadc8, _0x310b2c, _0x28dd69[_0x4e039e + 1 ], 12 , -389564586 ), _0x310b2c = _0x55b8d2(_0x310b2c, _0x298fef, _0x37dc07, _0x3eadc8, _0x28dd69[_0x4e039e + 2 ], 17 , 606105819 ), _0x3eadc8 = _0x55b8d2(_0x3eadc8, _0x310b2c, _0x298fef, _0x37dc07, _0x28dd69[_0x4e039e + 3 ], 22 , -1044525330 ), _0x37dc07 = _0x55b8d2(_0x37dc07, _0x3eadc8, _0x310b2c, _0x298fef, _0x28dd69[_0x4e039e + 4 ], 7 , -176418897 ), _0x298fef = _0x55b8d2(_0x298fef, _0x37dc07, _0x3eadc8, _0x310b2c, _0x28dd69[_0x4e039e + 5 ], 12 , 1200080426 ), _0x310b2c = _0x55b8d2(_0x310b2c, _0x298fef, _0x37dc07, _0x3eadc8, _0x28dd69[_0x4e039e + 6 ], 17 , -1473231341 ), _0x3eadc8 = _0x55b8d2(_0x3eadc8, _0x310b2c, _0x298fef, _0x37dc07, _0x28dd69[_0x4e039e + 7 ], 22 , -45705983 ), _0x37dc07 = _0x55b8d2(_0x37dc07, _0x3eadc8, _0x310b2c, _0x298fef, _0x28dd69[_0x4e039e + 8 ], 7 , 1770010416 ), _0x298fef = _0x55b8d2(_0x298fef, _0x37dc07, _0x3eadc8, _0x310b2c, _0x28dd69[_0x4e039e + 9 ], 12 , -1958414417 ), _0x310b2c = _0x55b8d2(_0x310b2c, _0x298fef, _0x37dc07, _0x3eadc8, _0x28dd69[_0x4e039e + 10 ], 17 , -42063 ), _0x3eadc8 = _0x55b8d2(_0x3eadc8, _0x310b2c, _0x298fef, _0x37dc07, _0x28dd69[_0x4e039e + 11 ], 22 , -1990404162 ), _0x37dc07 = _0x55b8d2(_0x37dc07, _0x3eadc8, _0x310b2c, _0x298fef, _0x28dd69[_0x4e039e + 12 ], 7 , 1804603682 ), _0x298fef = _0x55b8d2(_0x298fef, _0x37dc07, _0x3eadc8, _0x310b2c, _0x28dd69[_0x4e039e + 13 ], 12 , -40341101 ), _0x310b2c = _0x55b8d2(_0x310b2c, _0x298fef, _0x37dc07, _0x3eadc8, _0x28dd69[_0x4e039e + 14 ], 17 , -1502882290 ), _0x3eadc8 = _0x55b8d2(_0x3eadc8, _0x310b2c, _0x298fef, _0x37dc07, _0x28dd69[_0x4e039e + 15 ], 22 , 1236535329 ), _0x37dc07 = _0x130dc5(_0x37dc07, _0x3eadc8, _0x310b2c, _0x298fef, _0x28dd69[_0x4e039e + 1 ], 5 , -165796510 ), _0x298fef = _0x130dc5(_0x298fef, _0x37dc07, _0x3eadc8, _0x310b2c, _0x28dd69[_0x4e039e + 6 ], 9 , -1069501632 ), _0x310b2c = _0x130dc5(_0x310b2c, _0x298fef, _0x37dc07, _0x3eadc8, _0x28dd69[_0x4e039e + 11 ], 14 , 643717713 ), _0x3eadc8 = _0x130dc5(_0x3eadc8, _0x310b2c, _0x298fef, _0x37dc07, _0x28dd69[_0x4e039e], 20 , -373897302 ), _0x37dc07 = _0x130dc5(_0x37dc07, _0x3eadc8, _0x310b2c, _0x298fef, _0x28dd69[_0x4e039e + 5 ], 5 , -701558691 ), _0x298fef = _0x130dc5(_0x298fef, _0x37dc07, _0x3eadc8, _0x310b2c, _0x28dd69[_0x4e039e + 10 ], 9 , 38016083 ), _0x310b2c = _0x130dc5(_0x310b2c, _0x298fef, _0x37dc07, _0x3eadc8, _0x28dd69[_0x4e039e + 15 ], 14 , -660478335 ), _0x3eadc8 = _0x130dc5(_0x3eadc8, _0x310b2c, _0x298fef, _0x37dc07, _0x28dd69[_0x4e039e + 4 ], 20 , -405537848 ), _0x37dc07 = _0x130dc5(_0x37dc07, _0x3eadc8, _0x310b2c, _0x298fef, _0x28dd69[_0x4e039e + 9 ], 5 , 568446438 ), _0x298fef = _0x130dc5(_0x298fef, _0x37dc07, _0x3eadc8, _0x310b2c, _0x28dd69[_0x4e039e + 14 ], 9 , -1019803690 ), _0x310b2c = _0x130dc5(_0x310b2c, _0x298fef, _0x37dc07, _0x3eadc8, _0x28dd69[_0x4e039e + 3 ], 14 , -187363961 ), _0x3eadc8 = _0x130dc5(_0x3eadc8, _0x310b2c, _0x298fef, _0x37dc07, _0x28dd69[_0x4e039e + 8 ], 20 , 1163531501 ), _0x37dc07 = _0x130dc5(_0x37dc07, _0x3eadc8, _0x310b2c, _0x298fef, _0x28dd69[_0x4e039e + 13 ], 5 , -1444681467 ), _0x298fef = _0x130dc5(_0x298fef, _0x37dc07, _0x3eadc8, _0x310b2c, _0x28dd69[_0x4e039e + 2 ], 9 , -51403784 ), _0x310b2c = _0x130dc5(_0x310b2c, _0x298fef, _0x37dc07, _0x3eadc8, _0x28dd69[_0x4e039e + 7 ], 14 , 1735328473 ), _0x3eadc8 = _0x130dc5(_0x3eadc8, _0x310b2c, _0x298fef, _0x37dc07, _0x28dd69[_0x4e039e + 12 ], 20 , -1926607734 ), _0x37dc07 = _0x37d2d1(_0x37dc07, _0x3eadc8, _0x310b2c, _0x298fef, _0x28dd69[_0x4e039e + 5 ], 4 , -378558 ), _0x298fef = _0x37d2d1(_0x298fef, _0x37dc07, _0x3eadc8, _0x310b2c, _0x28dd69[_0x4e039e + 8 ], 11 , -2022574463 ), _0x310b2c = _0x37d2d1(_0x310b2c, _0x298fef, _0x37dc07, _0x3eadc8, _0x28dd69[_0x4e039e + 11
16 , 1839030562 ), _0x3eadc8 = _0x37d2d1(_0x3eadc8, _0x310b2c, _0x298fef, _0x37dc07, _0x28dd69[_0x4e039e + 14 ], 23 , -35309556 ), _0x37dc07 = _0x37d2d1(_0x37dc07, _0x3eadc8, _0x310b2c, _0x298fef, _0x28dd69[_0x4e039e + 1 ], 4 , -1530992060 ), _0x298fef = _0x37d2d1(_0x298fef, _0x37dc07, _0x3eadc8, _0x310b2c, _0x28dd69[_0x4e039e + 4 ], 11 , 1272893353 ), _0x310b2c = _0x37d2d1(_0x310b2c, _0x298fef, _0x37dc07, _0x3eadc8, _0x28dd69[_0x4e039e + 7 ], 16 , -155497632 ), _0x3eadc8 = _0x37d2d1(_0x3eadc8, _0x310b2c, _0x298fef, _0x37dc07, _0x28dd69[_0x4e039e + 10 ], 23 , -1094730640 ), _0x37dc07 = _0x37d2d1(_0x37dc07, _0x3eadc8, _0x310b2c, _0x298fef, _0x28dd69[_0x4e039e + 13 ], 4 , 681279174 ), _0x298fef = _0x37d2d1(_0x298fef, _0x37dc07, _0x3eadc8, _0x310b2c, _0x28dd69[_0x4e039e], 11 , -358537222 ), _0x310b2c = _0x37d2d1(_0x310b2c, _0x298fef, _0x37dc07, _0x3eadc8, _0x28dd69[_0x4e039e + 3 ], 16 , -722521979 ), _0x3eadc8 = _0x37d2d1(_0x3eadc8, _0x310b2c, _0x298fef, _0x37dc07, _0x28dd69[_0x4e039e + 6 ], 23 , 76029189 ), _0x37dc07 = _0x37d2d1(_0x37dc07, _0x3eadc8, _0x310b2c, _0x298fef, _0x28dd69[_0x4e039e + 9 ], 4 , -640364487 ), _0x298fef = _0x37d2d1(_0x298fef, _0x37dc07, _0x3eadc8, _0x310b2c, _0x28dd69[_0x4e039e + 12 ], 11 , -421815835 ), _0x310b2c = _0x37d2d1(_0x310b2c, _0x298fef, _0x37dc07, _0x3eadc8, _0x28dd69[_0x4e039e + 15 ], 16 , 530742520 ), _0x3eadc8 = _0x37d2d1(_0x3eadc8, _0x310b2c, _0x298fef, _0x37dc07, _0x28dd69[_0x4e039e + 2 ], 23 , -995338651 ), _0x37dc07 = _0x5929b7(_0x37dc07, _0x3eadc8, _0x310b2c, _0x298fef, _0x28dd69[_0x4e039e], 6 , -198630844 ), _0x298fef = _0x5929b7(_0x298fef, _0x37dc07, _0x3eadc8, _0x310b2c, _0x28dd69[_0x4e039e + 7 ], 10 , 1126891415 ), _0x310b2c = _0x5929b7(_0x310b2c, _0x298fef, _0x37dc07, _0x3eadc8, _0x28dd69[_0x4e039e + 14 ], 15 , -1416354905 ), _0x3eadc8 = _0x5929b7(_0x3eadc8, _0x310b2c, _0x298fef, _0x37dc07, _0x28dd69[_0x4e039e + 5 ], 21 , -57434055 ), _0x37dc07 = _0x5929b7(_0x37dc07, _0x3eadc8, _0x310b2c, _0x298fef, _0x28dd69[_0x4e039e + 12 ], 6 , 1700485571 ), _0x298fef = _0x5929b7(_0x298fef, _0x37dc07, _0x3eadc8, _0x310b2c, _0x28dd69[_0x4e039e + 3 ], 10 , -1894986606 ), _0x310b2c = _0x5929b7(_0x310b2c, _0x298fef, _0x37dc07, _0x3eadc8, _0x28dd69[_0x4e039e + 10 ], 15 , -1051523 ), _0x3eadc8 = _0x5929b7(_0x3eadc8, _0x310b2c, _0x298fef, _0x37dc07, _0x28dd69[_0x4e039e + 1 ], 21 , -2054922799 ), _0x37dc07 = _0x5929b7(_0x37dc07, _0x3eadc8, _0x310b2c, _0x298fef, _0x28dd69[_0x4e039e + 8 ], 6 , 1873313359 ), _0x298fef = _0x5929b7(_0x298fef, _0x37dc07, _0x3eadc8, _0x310b2c, _0x28dd69[_0x4e039e + 15 ], 10 , -30611744 ), _0x310b2c = _0x5929b7(_0x310b2c, _0x298fef, _0x37dc07, _0x3eadc8, _0x28dd69[_0x4e039e + 6 ], 15 , -1560198380 ), _0x3eadc8 = _0x5929b7(_0x3eadc8, _0x310b2c, _0x298fef, _0x37dc07, _0x28dd69[_0x4e039e + 13 ], 21 , 1309151649 ), _0x37dc07 = _0x5929b7(_0x37dc07, _0x3eadc8, _0x310b2c, _0x298fef, _0x28dd69[_0x4e039e + 4 ], 6 , -145523070 ), _0x298fef = _0x5929b7(_0x298fef, _0x37dc07, _0x3eadc8, _0x310b2c, _0x28dd69[_0x4e039e + 11 ], 10 , -1120210379 ), _0x310b2c = _0x5929b7(_0x310b2c, _0x298fef, _0x37dc07, _0x3eadc8, _0x28dd69[_0x4e039e + 2 ], 15 , 718787259 ), _0x3eadc8 = _0x5929b7(_0x3eadc8, _0x310b2c, _0x298fef, _0x37dc07, _0x28dd69[_0x4e039e + 9 ], 21 , -343485441 ), _0x37dc07 = _0x78a97c(_0x37dc07, _0x19d32c), _0x3eadc8 = _0x78a97c(_0x3eadc8, _0x3ddc0d), _0x310b2c = _0x78a97c(_0x310b2c, _0xef7e8f), _0x298fef = _0x78a97c(_0x298fef, _0x57b6a3);return [_0x37dc07, _0x3eadc8, _0x310b2c, _0x298fef];function _0x3bfd71 (_0x5ab7c5 ) var _0x36356b,"" ,32 * _0x5ab7c5["length" ];for (_0x36356b = 0 ; _0x36356b 8) _0x2c95a5 += String ["fromCharCode" ](_0x5ab7c5[_0x36356b >> 5 ] >>> _0x36356b % 32 & 255 );return _0x2c95a5;function _0xf2e848 (_0xfba4ed ) var _0x49dcd9,for (_0x2daf2c[(_0xfba4ed["length" ] >> 2 ) -
] = undefined , _0x49dcd9 = 0 ; _0x49dcd9 "length"]; _0x49dcd9 += 1 ) _0x2daf2c[_0x49dcd9] = 0 ;var _0x24d40f = 8 * _0xfba4ed["length" ];for (_0x49dcd9 = 0 ; _0x49dcd9 8) _0x2daf2c[_0x49dcd9 >> 5 ] |= (255 & _0xfba4ed["charCodeAt" ](_0x49dcd9 / 8 )) <32;return _0x2daf2c;function _0x34478e (_0x549cc3 ) return _0x3bfd71(_0x22f0b8(_0xf2e848(_0x549cc3), 8 * _0x549cc3["length" ]));function _0x4bbf0d (_0x822ccd ) var _0x45b901,"0123456789abcdef" ,"" ;for (_0x1553e1 = 0 ; _0x1553e1 "length"]; _0x1553e1 += 1 ) _0x45b901 = _0x822ccd["charCodeAt" ](_0x1553e1), _0x185b55 += _0x2a13cb["charAt" ](_0x45b901 >>> 4 & 15 ) + _0x2a13cb["charAt" ](15 & _0x45b901);return _0x185b55;function _0x241213 (_0x3261ba ) return unescape (encodeURIComponent (_0x3261ba));function _0x5a0917 (_0x2a8050 ) return _0x34478e(_0x241213(_0x2a8050));function _0x225d0b (_0x1bd105 ) return _0x4bbf0d(_0x5a0917(_0x1bd105));function _0x5d6009 (_0x39361b, _0x573712, _0xe7cd7f ) return _0x573712 ? _0xe7cd7f ? _0x1efbd5(_0x573712, _0x39361b) : y(_0x573712, _0x39361b) : _0xe7cd7f ? _0x5a0917(_0x39361b) : _0x225d0b(_0x39361b);function _0x1ef281 (_0x26b6ca, _0x437f35 ) return _0x5d6009(_0x26b6ca) + "|" + _0x26b6cafunction _0x2b9b78 (_0x282a57, _0x3149ea ) return Date ["parse" ](new Date ());// return 1717217468000; console .log(_0x2b9b78()) // 时间戳 console .log(_0x1ef281(_0x2b9b78()));使用 Python 获取接口详细信息:
#!usr/bin/env python # -*- coding:utf-8 -*- import requestsimport timeimport execjsimport urllib3class YuanRenXueSpider :def __init__ (self) :'https://match.yuanrenxue.com/api/match/2' 'User-Agent' : 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.10 Safari/537.36' ,'tk' : '-5621756640779912732' ,# 'sessionid': 'qdlnifuic3h3iygdq3rcaoxpyrdo9c82', 'no-alert3' : 'true' ,'m' : '3d3639f9eb1db367d6019b3ec415552e|1717231708000' , @staticmethod def get_time () -> int:1000 return now @staticmethod def get_m (timestamp: int) -> str:try :with open('最终.js' , 'r' , encoding='utf-8' ) as js_file:'get_m' , str(timestamp))return mexcept FileNotFoundError:"JavaScript file not found." )raise except Exception as e:f"An error occurred while executing JavaScript: {e} " )raise def fetch_data (self, m: str, page: int) -> None :f'{self.base_url} ?page={page} ' 'm' ] = mtry :False )for item in res['data' ]:'value' ]except requests.RequestException as e:f"Request error: {e} " )except ValueError:"Error parsing response JSON." )except KeyError:"Unexpected response format." )def run (self) -> None :for i in range(1 , 6 ):'热度的总值为:' , total)if __name__ == '__main__' :小结 JS 逆向 cookie 反爬是一种技术手段,用于破解网站通过校验请求头中的 Cookie 值来区分正常用户和爬虫程序的方法。
特征提示 :Cookie 加密通常需要对服务器进行多次请求才能获取数据。有两种情况:一是服务器直接返回 cookie 值(通过响应头中的Set-Cookie);二是首次请求时返回JS文件,浏览器通过 JS 算法生成 cookie 值,然后携带该值进行后续请求。
加密原理 :JS 逆向分析中,需要理解 cookie 加密的原理,这通常涉及到对 JS 文件的分析和逆向工程。
动态cookie :有些网站使用动态生成的 cookie,这需要通过分析返回的JS文件来找出 cookie 参数。可能需要将 JS 代码复制到本地环境,格式化并分析以提取生成 cookie 的逻辑。
总结来说,JS 逆向 cookie 反爬是一个复杂的过程,涉及到对网站请求、响应、JS 文件的分析和逆向工程。需要具备一定的技术知识和经验来成功实施。
更多每日开发小技巧
尽在 未闻 Code Telegram Channel !
未闻 Code·知识星球开放啦!
一对一答疑爬虫相关问题
职业生涯咨询
面试经验分享
每周直播分享
......
未闻 Code·知识星球期待与你相见~
一二线大厂在职员工
十多年码龄的编程老鸟
国内外高校在读学生
中小学刚刚入门的新人
在“未闻 Code技术交流群” 等你来!
入群方式:添加微信“mekingname”,备注“粉丝群”(谢绝广告党,非诚勿扰!)
