前言
要想爬专栏,先得爬用户。要想爬用户,三个header参数挡住了去路:x-zst-81,x-zse-93,x-zse-96,经过搜索x-zse-96,定位到设置该字段的位置:
这个t2是固定的值,t0来自于ed()函数的返回:
function ed(tt, te, tr, ti) {
var ta = tr.zse93,
tu = tr.dc0,
tc = tr.xZst81,
tf = t4(tt),
td = t6(te),
tp = [
ta,
tf,
tu,
t7(td) &&
td,
tc
].filter(Boolean).join('+');
return {
source: tp,
signature: (0, tJ(ti).encrypt) (ty() (tp))
}
}
可以看出,源字符串由多个字段用加号连接而成。目前有值的就三个字段:一个固定值,一个uri值,一个dc0值,dc0值和cookie的d_c0字段一致。经过比对,发现ty()函数其实就是md5作用一下。所以核心的加密算法隐藏在encrypt()方法内。
调用了tJ()函数的encrypt方法,继续跟踪:
看到tv.ZP()函数为加密函数,进去:
通过比对,判断出加密过程是source先md5然后调用了上述的D()函数加密。
在控制台测试D()函数,随意输入几个字符串,发现对于同一字符串,每次返回结果不一样。
通过抠代码,将D()函数提取了出来:
const jsdom = require('jsdom');
const { JSDOM } = jsdom;
const dom = new JSDOM('<!DOCTYPE html><p>Test</p>');
// eslint-disable-next-line no-undef
var window = dom.window;
var document = window.document;
XMLHttpRequest = window.XMLHttpRequest;
var x = function (tt) {
return C(tt) ||
s(tt) ||
t()
},
C = function (tt) {
if (Array.isArray(tt)) {
for (var te = 0, tr = Array(tt.length); te < tt.length; te++) tr[te] = tt[te];
return tr
}
},
s = function (tt) {
if (
Symbol.A in Object(tt) ||
'[object Arguments]' === Object.prototype.toString.call(tt)
) return Array.from(tt)
},
t = function () {
throw TypeError('Invalid attempt to spread non-iterable instance')
},
i = function (tt, te, tr) {
te[tr] = 255 & tt >>> 24,
te[tr + 1] = 255 & tt >>> 16,
te[tr + 2] = 255 & tt >>> 8,
te[tr + 3] = 255 & tt
},
B = function (tt, te) {
return (255 & tt[te]) << 24 | (255 & tt[te + 1]) << 16 | (255 & tt[te + 2]) << 8 | 255 & tt[te + 3]
},
Q = function (tt, te) {
return (4294967295 & tt) << te | tt >>> 32 - te
},
G = function (tt) {
var te = [
,
,
,
,
],
tr = [
,
,
,
,
];
i(tt, te, 0),
tr[0] = h.zb[255 & te[0]],
tr[1] = h.zb[255 & te[1]],
tr[2] = h.zb[255 & te[2]],
tr[3] = h.zb[255 & te[3]];
var ti = B(tr, 0);
return ti ^ Q(ti, 2) ^ Q(ti, 10) ^ Q(ti, 18) ^ Q(ti, 24)
},
l = function () {
this.C = [
0,
0,
0,
0
],
this.s = 0,
this.t = [],
this.S = [],
this.h = [],
this.i = [],
this.B = [],
this.Q = !1,
this.G = [],
this.D = [],
this.w = 1024,
this.g = null,
this.a = Date.now(),
this.e = 0,
this.T = 255,
this.V = null,
this.U = Date.now,
this.M = Array(32)
};
// function t(e) {
// return (t = 'function' == typeof Symbol && 'symbol' == typeof Symbol.A ? function(e) {
// return typeof e;
// }
// : function(e) {
// return e && 'function' == typeof Symbol && e.constructor === Symbol && e !== Symbol.prototype ? 'symbol' : typeof e;
// }
// )(e);
// }
function o(tt) {
return (
o = 'function' == typeof Symbol &&
'symbol' == typeof Symbol.A ? function (tt) {
return void 0 === tt ? 'undefined' : typeof tt
}
: function (tt) {
return tt &&
'function' == typeof Symbol &&
tt.constructor === Symbol &&
tt !== Symbol.prototype ? 'symbol' : void 0 === tt ? 'undefined' : typeof tt
}
) (tt)
}
var
h,
A = '3.0',
S = 'undefined' != typeof window ? window : {
},
__g = {
x: function (tt, te) {
for (var tr = [], ti = tt.length, ta = 0; 0 < ti; ti -= 16) {
for (var tu = tt.slice(16 * ta, 16 * (ta + 1)), tc = Array(16), tf = 0; tf < 16; tf++) tc[tf] = tu[tf] ^ te[tf];
te = __g.r(tc),
tr = tr.concat(te),
ta++
}
return tr
},
r: function (tt) {
var te = Array(16),
tr = Array(36);
tr[0] = B(tt, 0),
tr[1] = B(tt, 4),
tr[2] = B(tt, 8),
tr[3] = B(tt, 12);
for (var ti = 0; ti < 32; ti++) {
var ta = G(tr[ti + 1] ^ tr[ti + 2] ^ tr[ti + 3] ^ h.zk[ti]);
tr[ti + 4] = tr[ti] ^ ta
}
return i(tr[35], te, 0),
i(tr[34], te, 4),
i(tr[33], te, 8),
i(tr[32], te, 12),
te
}
};
l.prototype.O = function (A, C, s) {
for (var t, S, h, i, B, Q, G, D, w, g, a, e, E, T, r, V, U, M, O, c, I; this.T < this.w; ) try {
switch (this.T) {
case 27:
this.C[this.c] = this.C[this.I] >> this.C[this.F],
this.M[12] = 35,
this.T = this.T * (this.C.length + (this.M[13] ? 3 : 9)) + 1;
break;
case 34:
this.C[this.c] = this.C[this.I] & this.C[this.F],
this.T = this.T * (this.M[15] - 6) + 12;
break;
case 41:
this.C[this.c] = this.C[this.I] <= this.C[this.F],
this.T = 8 * this.T + 27;
break;
case 48:
this.C[this.c] = !this.C[this.I],
this.T = 7 * this.T + 16;
break;
case 50:
this.C[this.c] = this.C[this.I] | this.C[this.F],
this.T = 6 * this.T + 52;
break;
case 57:
this.C[this.c] = this.C[this.I] >>> this.C[this.F],
this.T = 7 * this.T - 47;
break;
case 64:
this.C[this.c] = this.C[this.I] << this.C[this.F],
this.T = 5 * this.T + 32;
break;
case 71:
this.C[this.c] = this.C[this.I] ^ this.C[this.F],
this.T = 6 * this.T - 74;
break;
case 78:
this.C[this.c] = this.C[this.I] & this.C[this.F],
this.T = 4 * this.T + 40;
break;
case 80:
this.C[this.c] = this.C[this.I] < this.C[this.F],
this.T = 5 * this.T - 48;
break;
case 87:
this.C[this.c] = - this.C[this.I],
this.T = 3 * this.T + 91;
break;
case 94:
this.C[this.c] = this.C[this.I] > this.C[this.F],
this.T = 4 * this.T - 24;
break;
case 101:
this.C[this.c] = this.C[this.I] in this.C[this.F],
this.T = 3 * this.T + 49;
break;
case 108:
this.C[this.c] = o(this.C[this.I]),
this.T = 2 * this.T + 136;
break;
case 110:
this.C[this.c] = this.C[this.I] !== this.C[this.F],
this.T += 242;
break;
case 117:
this.C[this.c] = this.C[this.I] &&
this.C[this.F],
this.T = 3 * this.T + 1;
break;
case 124:
this.C[this.c] = this.C[this.I] ||
this.C[this.F],
this.T += 228;
break;
case 131:
this.C[this.c] = this.C[this.I] >= this.C[this.F],
this.T = 3 * this.T - 41;
break;
case 138:
this.C[this.c] = this.C[this.I] == this.C[this.F],
this.T = 2 * this.T + 76;
break;
case 140:
this.C[this.c] = this.C[this.I] % this.C[this.F],
this.T += 212;
break;
case 147:
this.C[this.c] = this.C[this.I] / this.C[this.F],
this.T += 205;
break;
case 154:
this.C[this.c] = this.C[this.I] * this.C[this.F],
this.T += 198;
break;
case 161:
this.C[this.c] = this.C[this.I] - this.C[this.F],
this.T += 191;
break;
case 168:
this.C[this.c] = this.C[this.I] + this.C[this.F],
this.T = 2 * this.T + 16;
break;
case 254:
this.C[this.c] = eval(i),
this.T += 20 < this.M[11] ? 98 : 89;
break;
case 255:
this.s = C ||
0,
this.M[26] = 52,
this.T += this.M[13] ? 8 : 6;
break;
case 258:
g = {};
for (var F = 0; F < this.k; F++) e = this.i.pop(),
a = this.i.pop(),
g[a] = e;
this.C[this.W] = g,
this.T += 94;
break;
case 261:
this.D = s ||
[],
this.M[11] = 68,
this.T += this.M[26] ? 3 : 5;
break;
case 264:
this.M[15] = 16,
this.T = 'string' == typeof A ? 331 : 336;
break;
case 266:
this.C[this.I][i] = this.i.pop(),
this.T += 86;
break;
case 278:
this.C[this.c] = this.C[this.I][i],
this.T += this.M[22] ? 63 : 74;
break;
case 283:
this.C[this.c] = eval(String.fromCharCode(this.C[this.I]));
break;
case 300:
S = this.U(),
this.M[0] = 66,
this.T += this.M[11];
break;
case 331:
D = atob(A),
w = D.charCodeAt(0) << 16 | D.charCodeAt(1) << 8 | D.charCodeAt(2);
for (var k = 3; k < w + 3; k += 3) this.G.push(D.charCodeAt(k) << 16 | D.charCodeAt(k + 1) << 8 | D.charCodeAt(k + 2));
for (V = w + 3; V < D.length; ) E = D.charCodeAt(V) << 8 | D.charCodeAt(V + 1),
T = D.slice(V + 2, V + 2 + E),
this.D.push(T),
V += E + 2;
this.M[21] = 8,
this.T += 1000 < V ? 21 : 35;
break;
case 336:
this.G = A,
this.D = s,
this.M[18] = 134,
this.T += this.M[15];
break;
case 344:
this.T = 3 * this.T - 8;
break;
case 350:
U = 66,
M = [],
I = this.D[this.k];
for (var W = 0; W < I.length; W++) M.push(String.fromCharCode(24 ^ I.charCodeAt(W) ^ U)),
U = 24 ^ I.charCodeAt(W) ^ U;
r = parseInt(M.join('').split('|') [1]),
this.C[this.W] = this.i.slice(this.i.length - r),
this.i = this.i.slice(0, this.i.length - r),
this.T += 2;
break;
case 352:
this.e = this.G[this.s++],
this.T -= this.M[26];
break;
case 360:
this.a = S,
this.T += this.M[0];
break;
case 368:
this.T -= 500 < S - this.a ? 24 : 8;
break;
case 380:
this.i.push(16383 & this.e),
this.T -= 28;
break;
case 400:
this.i.push(this.S[16383 & this.e]),
this.T -= 48;
break;
case 408:
this.T -= 64;
break;
case 413:
this.C[this.e >> 15 & 7] = (this.e >> 18 & 1) == 0 ? 32767 & this.e : this.S[32767 & this.e],
this.T -= 61;
break;
case 418:
this.S[65535 & this.e] = this.C[this.e >> 16 & 7],
this.T -= this.e >> 16 < 20 ? 66 : 80;
break;
case 423:
this.c = this.e >> 16 & 7,
this.I = this.e >> 13 & 7,
this.F = this.e >> 10 & 7,
this.J = 1023 & this.e,
this.T -= 255 + 6 * this.J + this.J % 5;
break;
case 426:
this.T += 5 * (this.e >> 19) - 18;
break;
case 428:
this.W = this.e >> 16 & 7,
this.k = 65535 & this.e,
this.t.push(this.s),
this.h.push(this.S),
this.s = this.C[this.W],
this.S = [];
for (var J = 0; J < this.k; J++) this.S.unshift(this.i.pop());
this.B.push(this.i),
this.i = [],
this.T -= 76;
break;
case 433:
this.s = this.t.pop(),
this.S = this.h.pop(),
this.i = this.B.pop(),
this.T -= 81;
break;
case 438:
this.Q = this.C[this.e >> 16 & 7],
this.T -= 86;
break;
case 440:
U = 66,
M = [],
I = this.D[16383 & this.e];
for (var b = 0; b < I.length; b++) M.push(String.fromCharCode(24 ^ I.charCodeAt(b) ^ U)),
U = 24 ^ I.charCodeAt(b) ^ U;
M = M.join('').split('|'),
O = parseInt(M.shift()),
this.i.push(
0 === O ? M.join('|') : 1 === O ? - 1 !== M.join().indexOf('.') ? parseInt(M.join()) : parseFloat(M.join()) : 2 === O ? eval(M.join()) : 3 === O ? null : void 0
),
this.T -= 88;
break;
case 443:
this.b = this.e >> 2 & 65535,
this.J = 3 & this.e,
0 === this.J ? this.s = this.b : 1 === this.J ? this.Q &&
(this.s = this.b) : 2 === this.J &&
this.Q ||
(this.s = this.b),
this.g = null,
this.T -= 91;
break;
case 445:
this.i.push(this.C[this.e >> 14 & 7]),
this.T -= 93;
break;
case 448:
this.W = this.e >> 16 & 7,
this.k = this.e >> 2 & 4095,
this.J = 3 & this.e,
Q = 1 === this.J &&
this.i.pop(),
G = this.i.slice(this.i.length - this.k, this.i.length),
this.i = this.i.slice(0, this.i.length - this.k),
c = 2 < G.length ? 3 : G.length,
this.T += 6 * this.J + 1 + 10 * c;
break;
case 449:
this.C[3] = this.C[this.W](),
this.T -= 97 - G.length;
break;
case 455:
this.C[3] = this.C[this.W][Q](),
this.T -= 103 + G.length;
break;
case 453:
B = this.e >> 17 & 3,
this.T = 0 === B ? 445 : 1 === B ? 380 : 2 === B ? 400 : 440;
break;
case 458:
this.J = this.e >> 17 & 3,
this.c = this.e >> 14 & 7,
this.I = this.e >> 11 & 7,
i = this.i.pop(),
this.T -= 12 * this.J + 180;
break;
case 459:
this.C[3] = this.C[this.W](G[0]),
this.T -= 100 + 7 * G.length;
break;
case 461:
this.C[3] = new this.C[this.W],
this.T -= 109 - G.length;
break;
case 463:
U = 66,
M = [],
I = this.D[65535 & this.e];
for (var n = 0; n < I.length; n++) M.push(String.fromCharCode(24 ^ I.charCodeAt(n) ^ U)),
U = 24 ^ I.charCodeAt(n) ^ U;
M = M.join('').split('|'),
O = parseInt(M.shift()),
this.T += 10 * O + 3;
break;
case 465:
this.C[3] = this.C[this.W][Q](G[0]),
this.T -= 13 * G.length + 100;
break;
case 466:
this.C[this.e >> 16 & 7] = M.join('|'),
this.T -= 114 * M.length;
break;
case 468:
this.g = 65535 & this.e,
this.T -= 116;
break;
case 469:
this.C[3] = this.C[this.W](G[0], G[1]),
this.T -= 119 - G.length;
break;
case 471:
this.C[3] = new this.C[this.W](G[0]),
this.T -= 118 + G.length;
break;
case 473:
throw this.C[this.e >> 16 & 7];
case 475:
this.C[3] = this.C[this.W][Q](G[0], G[1]),
this.T -= 123;
break;
case 476:
this.C[this.e >> 16 & 7] = - 1 !== M.join().indexOf('.') ? parseInt(M.join()) : parseFloat(M.join()),
this.T -= this.M[21] < 10 ? 124 : 126;
break;
case 478:
t = [
0
].concat(x(this.S)),
this.V = 65535 & this.e,
h = this,
this.C[3] = function (tt) {
var te = new l;
return te.S = t,
te.S[0] = tt,
te.O(h.G, h.V, h.D),
te.C[3]
},
this.T -= 50 < this.M[3] ? 120 : 126;
break;
case 479:
this.C[3] = this.C[this.W].apply(null, G),
this.M[3] = 168,
this.T -= this.M[9] ? 127 : 128;
break;
case 481:
this.C[3] = new this.C[this.W](G[0], G[1]),
this.T -= 10 * G.length + 109;
break;
case 483:
this.J = this.e >> 15 & 15,
this.W = this.e >> 12 & 7,
this.k = 4095 & this.e,
this.T = 0 === this.J ? 258 : 350;
break;
case 485:
this.C[3] = this.C[this.W][Q].apply(null, G),
this.T -= this.M[15] % 2 == 1 ? 143 : 133;
break;
case 486:
this.C[this.e >> 16 & 7] = eval(M.join()),
this.T -= this.M[18];
break;
case 491:
this.C[3] = new this.C[this.W].apply(null, G),
this.T -= this.M[8] / this.M[1] < 10 ? 139 : 130;
break;
case 496:
this.C[this.e >> 16 & 7] = null,
this.T -= 10 < this.M[5] - this.M[3] ? 160 : 144;
break;
case 506:
this.C[this.e >> 16 & 7] = void 0,
this.T -= this.M[18] % this.M[12] == 1 ? 154 : 145;
break;
default:
this.T = this.w
}
} catch (A) {
this.g &&
(this.s = this.g),
this.T -= 114
}
},
'undefined' != typeof window &&
(
S.__ZH__ = S.__ZH__ ||
{
},
h = S.__ZH__.zse = S.__ZH__.zse ||
{
},
(new l).O(
'ABt7CAAUSAAACADfSAAACAD1SAAACAAHSAAACAD4SAAACAACSAAACADCSAAACADRSAAACABXSAAACAAGSAAACADjSAAACAD9SAAACADwSAAACACASAAACADeSAAACABbSAAACADtSAAACAAJSAAACAB9SAAACACdSAAACADmSAAACABdSAAACAD8SAAACADNSAAACABaSAAACABPSAAACACQSAAACADHSAAACACfSAAACADFSAAACAC6SAAACACnSAAACAAnSAAACAAlSAAACACcSAAACADGSAAACAAmSAAACAAqSAAACAArSAAACACoSAAACADZSAAACACZSAAACAAPSAAACABnSAAACABQSAAACAC9SAAACABHSAAACAC/SAAACABhSAAACABUSAAACAD3SAAACABfSAAACAAkSAAACABFSAAACAAOSAAACAAjSAAACAAMSAAACACrSAAACAAcSAAACABySAAACACySAAACACUSAAACABWSAAACAC2SAAACAAgSAAACABTSAAACACeSAAACABtSAAACAAWSAAACAD/SAAACABeSAAACADuSAAACACXSAAACABVSAAACABNSAAACAB8SAAACAD+SAAACAASSAAACAAESAAACAAaSAAACAB7SAAACACwSAAACADoSAAACADBSAAACACDSAAACACsSAAACACPSAAACACOSAAACACWSAAACAAeSAAACAAKSAAACACSSAAACACiSAAACAA+SAAACADgSAAACADaSAAACADESAAACADlSAAACAABSAAACADASAAACADVSAAACAAbSAAACABuSAAACAA4SAAACADnSAAACAC0SAAACACKSAAACABrSAAACADySAAACAC7SAAACAA2SAAACAB4SAAACAATSAAACAAsSAAACAB1SAAACADkSAAACADXSAAACADLSAAACAA1SAAACADvSAAACAD7SAAACAB/SAAACABRSAAACAALSAAACACFSAAACABgSAAACADMSAAACACESAAACAApSAAACABzSAAACABJSAAACAA3SAAACAD5SAAACACTSAAACABmSAAACAAwSAAACAB6SAAACACRSAAACABqSAAACAB2SAAACABKSAAACAC+SAAACAAdSAAACAAQSAAACACuSAAACAAFSAAACACxSAAACACBSAAACAA/SAAACABxSAAACABjSAAACAAfSAAACAChSAAACABMSAAACAD2SAAACAAiSAAACADTSAAACAANSAAACAA8SAAACABESAAACADPSAAACACgSAAACABBSAAACABvSAAACABSSAAACAClSAAACABDSAAACACpSAAACADhSAAACAA5SAAACABwSAAACAD0SAAACACbSAAACAAzSAAACADsSAAACADISAAACADpSAAACAA6SAAACAA9SAAACAAvSAAACABkSAAACACJSAAACAC5SAAACABASAAACAARSAAACABGSAAACADqSAAACACjSAAACADbSAAACABsSAAACACqSAAACACmSAAACAA7SAAACACVSAAACAA0SAAACABpSAAACAAYSAAACADUSAAACABOSAAACACtSAAACAAtSAAACAAASAAACAB0SAAACADiSAAACAB3SAAACACISAAACADOSAAACACHSAAACACvSAAACADDSAAACAAZSAAACABcSAAACAB5SAAACADQSAAACAB+SAAACACLSAAACAADSAAACABLSAAACACNSAAACAAVSAAACACCSAAACABiSAAACADxSAAACAAoSAAACACaSAAACABCSAAACAC4SAAACAAxSAAACAC1SAAACAAuSAAACADzSAAACABYSAAACABlSAAACAC3SAAACAAISAAACAAXSAAACABISAAACAC8SAAACABoSAAACACzSAAACADSSAAACACGSAAACAD6SAAACADJSAAACACkSAAACABZSAAACADYSAAACADKSAAACADcSAAACAAySAAACADdSAAACACYSAAACACMSAAACAAhSAAACADrSAAACADWSAAAeIAAEAAACAB4SAAACAAySAAACABiSAAACABlSAAACABjSAAACABiSAAACAB3SAAACABkSAAACABnSAAACABrSAAACABjSAAACAB3SAAACABhSAAACABjSAAACABuSAAACABvSAAAeIABEAABCABkSAAACAAzSAAACABkSAAACAAySAAACABlSAAACAA3SAAACAAySAAACAA2SAAACABmSAAACAA1SAAACAAwSAAACABkSAAACAA0SAAACAAxSAAACAAwSAAACAAxSAAAeIABEAACCAAgSAAATgACVAAAQAAGEwADDAADSAAADAACSAAADAAASAAACANcIAADDAADSAAASAAATgADVAAATgAEUAAATgAFUAAATgAGUgAADAAASAAASAAATgADVAAATgAEUAAATgAFUAAATgAHUgAADAABSAAASAAATgADVAAATgAEUAAATgAFUAAATgAIUgAAcAgUSMAATgAJVAAATgAKUgAAAAAADAABSAAADAAAUAAACID/GwQPCAAYG2AREwAGDAABCIABGwQASMAADAAAUAAACID/GwQPCAAQG2AREwAHDAABCIACGwQASMAADAAAUAAACID/GwQPCAAIG2AREwAIDAABCIADGwQASMAADAAAUAAACID/GwQPEwAJDYAGDAAHG2ATDAAIG2ATDAAJG2ATKAAACAD/DIAACQAYGygSGwwPSMAASMAADAACSAAADAABUgAACAD/DIAACQAQGygSGwwPSMAASMAADAACCIABGwQASMAADAABUgAACAD/DIAACQAIGygSGwwPSMAASMAADAACCIACGwQASMAADAABUgAACAD/DIAAGwQPSMAASMAADAACCIADGwQASMAADAABUgAAKAAACAAgDIABGwQBEwANDAAAWQALGwQPDAABG2AREwAODAAODIAADQANGygSGwwTEwAPDYAPKAAACAAESAAATgACVAAAQAAGEwAQCAAESAAATgACVAAAQAAGEwAFDAAASAAADAAQSAAACAAASAAACAKsIAADCAAASAAADAAQUAAACID/GwQPSMAADAABUAAASAAASAAACAAASAAADAAFUgAACAABSAAADAAQUAAACID/GwQPSMAADAABUAAASAAASAAACAABSAAADAAFUgAACAACSAAADAAQUAAACID/GwQPSMAADAABUAAASAAASAAACAACSAAADAAFUgAACAADSAAADAAQUAAACID/GwQPSMAADAABUAAASAAASAAACAADSAAADAAFUgAADAAFSAAACAAASAAACAJ8IAACEwARDAARSAAACAANSAAACALdIAACEwASDAARSAAACAAXSAAACALdIAACEwATDAARDIASGwQQDAATG2AQEwAUDYAUKAAAWAAMSAAAWAANSAAAWAAOSAAAWAAPSAAAWAAQSAAAWAARSAAAWAASSAAAWAATSAAAWAAUSAAAWAAVSAAAWAAWSAAAWAAXSAAAWAAYSAAAWAAZSAAAWAAaSAAAWAAbSAAAWAAcSAAAWAAdSAAAWAAeSAAAWAAfSAAAWAAgSAAAWAAhSAAAWAAiSAAAWAAjSAAAWAAkSAAAWAAlSAAAWAAmSAAAWAAnSAAAWAAoSAAAWAApSAAAWAAqSAAAWAArSAAAeIAsEAAXWAAtSAAAWAAuSAAAWAAvSAAAWAAwSAAAeIAxEAAYCAAESAAATgACVAAAQAAGEwAZCAAkSAAATgACVAAAQAAGEwAaDAABSAAACAAASAAACAJ8IAACSMAASMAACAAASAAADAAZUgAADAABSAAACAAESAAACAJ8IAACSMAASMAACAABSAAADAAZUgAADAABSAAACAAISAAACAJ8IAACSMAASMAACAACSAAADAAZUgAADAABSAAACAAMSAAACAJ8IAACSMAASMAACAADSAAADAAZUgAACAAASAAADAAZUAAACIAASEAADIAYUEgAGwQQSMAASMAACAAASAAADAAaUgAACAABSAAADAAZUAAACIABSEAADIAYUEgAGwQQSMAASMAACAABSAAADAAaUgAACAACSAAADAAZUAAACIACSEAADIAYUEgAGwQQSMAASMAACAACSAAADAAaUgAACAADSAAADAAZUAAACIADSEAADIAYUEgAGwQQSMAASMAACAADSAAADAAaUgAACAAAEAAJDAAJCIAgGwQOMwAGOBG2DAAJCIABGwQASMAADAAaUAAAEAAbDAAJCIACGwQASMAADAAaUAAAEAAcDAAJCIADGwQASMAADAAaUAAAEAAdDAAbDIAcGwQQDAAdG2AQDAAJSAAADAAXUAAAG2AQEwAeDAAeSAAADAACSAAACALvIAACEwAfDAAJSAAADAAaUAAADIAfGwQQSMAASMAADAAJCIAEGwQASMAADAAaUgAADAAJCIAEGwQASMAADAAaUAAASAAASAAADAAJSAAADAAAUgAADAAJCIABGQQAEQAJOBCIKAAADAABTgAyUAAACIAQGwQEEwAVCAAQDIAVGwQBEwAKCAAAEAAhDAAhDIAKGwQOMwAGOBImDAAKSAAADAABTgAzQAAFDAAhCIABGQQAEQAhOBHoCAAASAAACAAQSAAADAABTgA0QAAJEwAiCAAQSAAATgACVAAAQAAGEwAjCAAAEAALDAALCIAQGwQOMwAGOBLSDAALSAAADAAiUAAADIALSEAADIAAUEgAGwQQCAAqG2AQSMAASMAADAALSAAADAAjUgAADAALCIABGQQAEQALOBJkDAAjSAAATgAJVAAATgA1QAAFEwAkDAAkTgA0QAABEwAlCAAQSAAADAABTgAyUAAASAAADAABTgA0QAAJEwAmDAAmSAAADAAkSAAATgAJVAAATgA2QAAJEwAnDAAnSAAADAAlTgA3QAAFSMAAEwAlDYAlKAAAeIA4EAApDAAATgAyUAAAEAAqCAAAEAAMDAAMDIAqGwQOMwAGOBPqDAAMSAAADAAATgA5QAAFEwArDAArCID/GwQPSMAADAApTgAzQAAFDAAMCIABGQQAEQAMOBOMDYApKAAAEwAsTgADVAAAGAAKWQA6GwQFMwAGOBQeCAABSAAAEAAsOCBJTgA7VAAAGAAKWQA6GwQFMwAGOBRKCAACSAAAEAAsOCBJTgA8VAAAGAAKWQA6GwQFMwAGOBR2CAADSAAAEAAsOCBJTgA9VAAAGAAKWQA6GwQFMwAGOBSiCAAESAAAEAAsOCBJTgA+VAAAGAAKWQA6GwQFMwAGOBTOCAAFSAAAEAAsOCBJTgA/VAAAGAAKWQA6GwQFMwAGOBT6CAAGSAAAEAAsOCBJTgA8VAAATgBAUAAAGAAKWQA6GwQFMwAGOBUuCAAHSAAAEAAsOCBJTgADVAAATgBBUAAAWQBCGwQFMwAGOBVeCAAISAAAEAAsOCBJWABDSAAATgA7VAAATgBEQAABTgBFQwAFCAABGAANG2AFMwAGOBWiCAAKSAAAEAAsOCBJWABGSAAATgA8VAAATgBEQAABTgBFQwAFCAABGAANG2AFMwAGOBXmCAALSAAAEAAsOCBJWABHSAAATgA9VAAATgBEQAABTgBFQwAFCAABGAANG2AFMwAGOBYqCAAMSAAAEAAsOCBJWABISAAATgA+VAAATgBEQAABTgBFQwAFCAABGAANG2AFMwAGOBZuCAANSAAAEAAsOCBJWABJSAAATgA/VAAATgBEQAABTgBFQwAFCAABGAANG2AFMwAGOBayCAAOSAAAEAAsOCBJWABKSAAATgA8VAAATgBAUAAATgBLQAABTgBFQwAFCAABGAANG2AJMwAGOBb+CAAPSAAAEAAsOCBJTgBMVAAATgBNUAAAEAAtWABOSAAADAAtTgBEQAABTgBFQwAFCAABGAANG2AFMwAGOBdSCAAQSAAAEAAsOCBJTgA7VAAATgBPUAAAGAAKWQA6GwQFMwAGOBeGCAARSAAAEAAsOCBJWABQSAAAWABRSAAAWABSSAAATgA7VAAATgBPQAAFTgBTQwAFTgBEQwABTgBFQwAFCAABGAANG2AFMwAGOBfqCAAWSAAAEAAsOCBJTgADVAAATgBUUAAAGAAKWQA6GwQJMwAGOBgeCAAYSAAAEAAsOCBJTgADVAAATgBVUAAAGAAKWQA6GwQJMwAGOBhSCAAZSAAAEAAsOCBJTgADVAAATgBWUAAAGAAKWQA6GwQJMwAGOBiGCAAaSAAAEAAsOCBJTgADVAAATgBXUAAAGAAKWQA6GwQJMwAGOBi6CAAbSAAAEAAsOCBJTgADVAAATgBYUAAAGAAKWQA6GwQJMwAGOBjuCAAcSAAAEAAsOCBJTgADVAAATgBZUAAAGAAKWQA6GwQJMwAGOBkiCAAdSAAAEAAsOCBJTgADVAAATgBaUAAAGAAKWQA6GwQJMwAGOBlWCAAeSAAAEAAsOCBJTgADVAAATgBbUAAAGAAKWQA6GwQJMwAGOBmKCAAfSAAAEAAsOCBJTgADVAAATgBcUAAAGAAKWQA6GwQJMwAGOBm+CAAgSAAAEAAsOCBJTgADVAAATgBdUAAAGAAKWQA6GwQJMwAGOBnyCAAhSAAAEAAsOCBJTgADVAAATgBeUAAAGAAKWQA6GwQJMwAGOBomCAAiSAAAEAAsOCBJTgADVAAATgBfUAAAGAAKWQA6GwQJMwAGOBpaCAAjSAAAEAAsOCBJTgADVAAATgBgUAAAGAAKWQA6GwQJMwAGOBqOCAAkSAAAEAAsOCBJTgA7VAAATgBhUAAAGAAKWQA6GwQJMwAGOBrCCAAlSAAAEAAsOCBJTgA8VAAATgBiUAAAWQBjGwQFMwAGOBryCAAmSAAAEAAsOCBJTgA7VAAATgBkUAAAGAAKWQA6GwQJMwAGOBsmCAAnSAAAEAAsOCBJTgADVAAATgBlUAAAGAAKWQA6GwQJMwAGOBtaCAAoSAAAEAAsOCBJTgADVAAATgBmUAAAGAAKWQA6GwQJMwAGOBuOCAApSAAAEAAsOCBJTgADVAAATgBnUAAAGAAKWQA6GwQJMwAGOBvCCAAqSAAAEAAsOCBJTgBoVAAASAAATgBMVAAATgBpQAAFG2AKWABqG2AJMwAGOBwCCAArSAAAEAAsOCBJTgA7VAAATgBrUAAAGAAKWQA6GwQFMwAGOBw2CAAsSAAAEAAsOCBJTgA7VAAATgBrUAAASAAATgBMVAAATgBpQAAFG2AKWABqG2AJMwAGOBx+CAAtSAAAEAAsOCBJTgA7VAAATgBsUAAAGAAKWQA6GwQFMwAGOByyCAAuSAAAEAAsOCBJWABtSAAATgADVAAATgBuUAAATgBvUAAATgBEQAABTgBFQwAFCAABGAANG2AFMwAGOB0GCAAwSAAAEAAsOCBJTgADVAAATgBwUAAAGAAKWQA6GwQJMwAGOB06CAAxSAAAEAAsOCBJWABxSAAATgByVAAAQAACTgBzUNgATgBFQwAFCAABGAANG2AJMwAGOB2CCAAySAAAEAAsOCBJWAB0SAAATgByVAAAQAACTgBzUNgATgBFQwAFCAABGAANG2AJMwAGOB3KCAAzSAAAEAAsOCBJWAB1SAAATgA8VAAATgBAUAAATgBLQAABTgBFQwAFCAABGAANG2AJMwAGOB4WCAA0SAAAEAAsOCBJWAB2SAAATgA8VAAATgBAUAAATgBLQAABTgBFQwAFCAABGAANG2AJMwAGOB5iCAA1SAAAEAAsOCBJWABxSAAATgA9VAAATgB3UAAATgBFQAAFCAABGAANG2AJMwAGOB6mCAA2SAAAEAAsOCBJTgADVAAATgB4UAAAMAAGOB7OCAA4SAAAEAAsOCBJTgADVAAATgB5UAAAGAAKWQA6GwQJMwAGOB8CCAA5SAAAEAAsOCBJTgADVAAATgB6UAAAGAAKWQA6GwQJMwAGOB82CAA6SAAAEAAsOCBJTgADVAAATgB7UAAAGAAKWQA6GwQJMwAGOB9qCAA7SAAAEAAsOCBJTgADVAAATgB8UAAAGAAKWQA6GwQJMwAGOB+eCAA8SAAAEAAsOCBJTgADVAAATgB9UAAAGAAKWQA6GwQJMwAGOB/SCAA9SAAAEAAsOCBJTgADVAAATgB+UAAAGAAKWQA6GwQJMwAGOCAGCAA+SAAAEAAsOCBJTgADVAAATgB/UAAAGAAKWQA6GwQJMwAGOCA6CAA/SAAAEAAsOCBJCAAASAAAEAAsDYAsKAAATgCAVAAATgCBQAABEwAvCAAwSAAACAA1SAAACAA5SAAACAAwSAAACAA1SAAACAAzSAAACABmSAAACAA3SAAACABkSAAACAAxSAAACAA1SAAACABlSAAACAAwSAAACAAxSAAACABkSAAACAA3SAAAeIABEAAwCAT8IAAAEwAxDAAASAAACATbIAABEwAyTgCAVAAATgCBQAABDAAvG2ABEwAzDAAzWQCCGwQMMwAGOCFKCAB+SAAAEAAxOCFNTgCDVAAATgCEQAABCAB/G2ACSMAATgCDVAAATgCFQAAFEwA0DAAxSAAADAAyTgCGQAAFDAA0SAAADAAyTgCGQAAFDAAwSAAADAAySAAACARuIAACEwA1DAA1TgAyUAAACIADGwQEEwA2DAA2CIABGwQFMwAGOCIWWACHSAAADAA1TgAzQAAFWACHSAAADAA1TgAzQAAFOCIZDAA2CIACGwQFMwAGOCJCWACHSAAADAA1TgAzQAAFOCJFWACIWQCJGwQAWACKG2AAWACLG2AAWACMG2AAEwA3CAAAEAA4WACNEAA5DAA1TgAyUAAACIABGwQBEwANDAANCIAAGwQGMwAGOCSeCAAIDIA4CQABGigAEgA4CQAEGygEGwwCEwA6DAANSAAADAA1UAAACIA6DQA6GygSCID/G2QPGwwQEwA7CAAIDIA4CQABGigAEgA4CQAEGygEGwwCSMAAEwA6DAA7DIANCQABGygBSMAADIA1UEgACQA6DYA6G0wSCQD/G2gPGywQCIAIG2QRGQwTEQA7CAAIDIA4CQABGigAEgA4CQAEGygEGwwCSMAAEwA6DAA7DIANCQACGygBSMAADIA1UEgACQA6DYA6G0wSCQD/G2gPGywQCIAQG2QRGQwTEQA7DAA5DIA7CQA/GygPSMAADIA3TgCOQQAFGQwAEQA5DAA5DIA7CQAGGygSCIA/G2QPSMAADIA3TgCOQQAFGQwAEQA5DAA5DIA7CQAMGygSCIA/G2QPSMAADIA3TgCOQQAFGQwAEQA5DAA5DIA7CQASGygSCIA/G2QPSMAADIA3TgCOQQAFGQwAEQA5DAANCIADGQQBEQANOCKUDYA5KAAAAAVrVVYfGwAEa1VVHwAHalQlKxgLAAAIalQTBh8SEwAACGpUOxgdCg8YAAVqVB4RDgAEalQeCQAEalQeAAAEalQeDwAFalQ7GCAACmpUOyITFQkTERwADGtVUB4TFRUXGR0TFAAIa1VQGhwZHhoAC2tVUBsdGh4YGB4RAAtrVV0VHx0ZHxAWHwAMa1VVHR0cHx0aHBgaAAxrVVURGBYWFxYSHRsADGtVVhkeFRQUEx0fHgAMa1VWEhMbGBAXFxYXAAxrVVcYGxkfFxMbGxsADGtVVxwYHBkTFx0cHAAMa1VQHhgSEB0aGR8eAAtrVVAcHBoXFRkaHAALa1VcFxkcExkYEh8ADGtVVRofGxYRGxsfGAAMa1VVEREQFB0fHBkTAAxrVVYYExAYGBgcFREADGtVVh0ZHB0eHBUTGAAMa1VXGRkfHxkaGBAVAAxrVVccHx0UEx4fGBwADGtVUB0eGBsaHB0WFgALa1VXGBwcGRgfHhwAC2tVXBAQGRMcGRcZAAxrVVUbEhAdHhoZHB0ADGtVVR4aHxsaHh8TEgAMa1VWGBgZHBwSFBkZAAxrVVYcFxQeHx8cFhYADGtVVxofGBcVFBAcFQAMa1VXHR0TFRgfGRsZAAxrVVAdGBkYEREfGR8AC2tVVhwXGBQdHR0ZAAtrVVMbHRwYGRsaHgAMa1VVGxsaGhwUERgdAAxrVVUfFhQbGR0ZHxoABGtVVxkADGtVVh0bGh0YGBMZFQAMa1VVHRkeEhgVFBMZAAxrVVUeHB0cEhIfHBAADGtVVhMYEh0XEh8cHAADa1VQAAhqVAgRExELBAAGalQUHR4DAAdqVBcHHRIeAANqVBYAA2pUHAAIalQHFBkVGg0AA2tVVAAMalQHExELKTQTGTwtAAtqVBEDEhkbFx8TGQAKalQAExQOABATAgALalQKFw8HFh4NAwUACmpUCBsUGg0FHhkACWpUDBkCHwMFEwAIalQXCAkPGBMAC2pUER4ODys+GhMCAAZqVAoXFBAACGpUChkTGRcBAA5qVCwEARkQMxQOABATAgAKalQQAyQ/HgMfEQAJalQNHxIZBS8xAAtqVCo3DwcWHg0DBQAGalQMBBgcAAlqVCw5Ah8DBRMACGpUNygJDxgTAApqVAwVHB0QEQ4YAA1qVBADOzsACg8pOgoOAAhqVCs1EBceDwAaalQDGgkjIAEmOgUHDQ8eFSU5DggJAwEcAwUADWpUChcNBQcLXVsUExkAD2pUBwkPHA0JODEREBATAgAIalQnOhcADwoABGpUVk4ACGpUBxoXAA8KAAxqVAMaCS80GQIJBRQACGpUBg8LGBsPAAZqVAEQHAUADWpUBxoVGCQgERcCAxoADWpUOxg3ABEXAgMaFAoACmpUOzcAERcCAxoACWpUMyofKikeGgANalQCBgQOAwcLDzUuFQAWalQ7GCEGBA4DBwsPNTIDAR0LCRgNGQAPalQAExo0LBkDGhQNBR4ZAAZqVBEPFQMADWpUJzoKGw0PLy8YBQUACGpUBxoKGw0PAA5qVBQJDQ8TIi8MHAQDDwAealRAXx8fJCYKDxYUEhUKHhkDBw4WBg0hDjkWHRIrAAtqVBMKHx4OAwcLDwAGaFYQHh8IABdqVDsYMAofHg4DBwsPNTQICQMBHDMhEAARalQ7NQ8OBAIfCR4xOxYdGQ8AEWpUOzQODhgCHhk+OQIfAwUTAAhqVAMTGxUbFQAHalQFFREPHgAQalQDGgk8OgUDAwMVEQ0yMQAKalQCCwMVDwUeGQAQalQDGgkpMREQEBMCLiMoNQAYalQDGgkpMREQEBMCHykjIjcVChglNxQQAA9qVD8tFw0FBwtdWxQTGSAAC2pUOxg3GgUDAygYAA1qVAcUGQUfHh8ODwMFAA1qVDsYKR8WFwQBFAsPAAtqVAgbFBoVHB8EHwAHalQhLxgFBQAHalQXHw0aEAALalQUHR0YDQkJGA8AC2pUFAARFwIDGh8BAApqVAERER4PHgUZAAZqVAwCDxsAB2pUFxsJDgEAGGpUOxQuERETHwQAKg4VGQIVLx4UBQ4ZDwALalQ7NA4RERMfBAAAFmpUOxgwCh8eDgMHCw81IgsPFQEMDQkAFWpUOxg0DhEREx8EACoiCw8VAQwNCQAdalQ7GDAKHx4OAwcLDzU0CAkDARwzIQsDFQ8FHhkAFWpUOxghBgQOAwcLDzUiCw8VAQwNCQAUalQ7GCMOAwcLDzUyAwEdCwkYDRkABmpUID0NCQAFalQKGQAAB2tVVRkYGBgABmpUKTQNBAAIalQWCxcSExoAB2pUAhIbGAUACWpUEQMFAxkXCgADalRkAAdqVFJIDiQGAAtqVBUjHW9telRIQQAJalQKLzkmNSYbABdqVCdvdgsWbht5IjltEFteRS0EPQM1DQAZalQwPx4aWH4sCQ4xNxMnMSA1X1s+b1MNOgACalQACGpUBxMRCyst'
)
);
var D = function (tt) {
return __g._encrypt(encodeURIComponent(tt))
};
原来这个_encrypt()函数是封装到上面那串长长的字符串里的。把一段encode过的代码做base64解码,再用eval()作用一下,就能现出原形。
参考文献
目前来说有以下三个参数:x-zst-81,x-zse-93,x-zse-96,其中81参数主要是在用户使用浏览器或selenium模拟滑动时才会出现的,而如果直接请求接口则不需要输入这个参数。93这个参数是相对固定的,应该是一个类似于版本信息的东西,所以主要就是x-zse-96这个参数,这个参数通过全局搜索,在js里找到了这样一段代码
try {
var g = z()
, y = function(e, t, n) {
var r = n.zse93
, i = n.dc0
, o = n.xZst81
, c = U(e)
, u = M(t)
, s = [r, c, i, B(u) && u, o].filter(Boolean).join("+");
return {
source: s,
signature: a()(l()(s))
}
}(t, u.body, {
zse93: b,
dc0: g,
xZst81: v
})
, E = y.signature;
O = y.source,
v && h.set("x-zst-81", v),
h.set("x-zse-93", b),
h.set("x-zse-96", "2.0_" + E)
其中可看出96这个参数主要是来自于signature: a()(l()(s))这个变量,而这个变量所使用的函数一共有两个,第一个是l()(s),这个函数本身是一个md5加密,而参数s经输出后发现是x-zse-93+api_url+cookie[“d_c0”]三者相加,然后就是最重要的a()函数了,这个函数我通过chrome的js单步调试,找到了一个函数转发器:
o.n = function(e) {
var t = e && e.__esModule ? function() {
return e.default
}
: function() {
return e
}
;
return o.d(t, "a", t),
t
}
然后通过传入的参数e,找到了该转发器在转发a()函数时调用的e函数所对应的真实函数:
spider_collection/zhihuAnswerSpider/spider/g_encrypt.js
Lines 445 to 447 in 2a58ec2
var b = function (e) {
return __g._encrypt(encodeURIComponent(e))
};
然后通过上述函数中的__g的声明位置找到了加密函数所对应的完整的大function,并将该function作为js代码作为js文件复制进自己代码中,并使用jsdom这个库【主要作用就是创建一下虚拟的dom文件和窗口配合函数调用】配合execjs这个库【真正调用js代码的python库】成功运行。此时我只需要在python代码中将x-zse-93,api_url,cookie[“d_c0”]三者进行拼串,同时调用md5加密得到基础的加密信息,然后将这个加密信息放到js文件中的b函数中即可完成最终加密。
值得一提的是,其中cookie[“d_c0”]这个属性,其实很奇妙,用户不用登陆的时候如果通过question直接检索到相应的问答也可以直接浏览,此时查看cookie就会发现d_c0这个属性依然存在,所以本质上来说,知乎是不用登陆即可爬取的,这也就意味着不用建立相应的cookie池【因为并没有标识单个用户的用户特征用在了这次加密中】。
最后就是,此次js逆向是我第一次做相对复杂的js逆向,所以在网络上参考了很多前辈们的工作,这里尤其感谢csdn的一位大佬,
参考链接
- 2021年6月知乎指定问题信息爬取 & x-zse-96 2.0版本加密破解分析 爬虫破解反扒思路
- 某乎x-zse-96(补环境详解)
![2023年中国火焰切割机分类、产业链及市场规模分析[图]](https://img-blog.csdnimg.cn/img_convert/9b19e3bb56ecbfe0a02e94ae14245eb7.png)
![2023年中国轮胎模具需求量、竞争格局及行业市场规模分析[图]](https://img-blog.csdnimg.cn/img_convert/c07c2d1a809d79680f23831441b90477.png)
![2023年中国工业空气加热器市场规模及存在问题分析[图]](https://img-blog.csdnimg.cn/img_convert/52c223704fb82100a8f9a8b37bf15a03.png)
