目标地址
ZHkuZmVpZ3VhLmNu
需求
老朋友联系到我,希望能自己做一个方便读取的小工具给公司内部用,承诺绝不外传。但是获取接口数据的最后一步遇到了问题,响应回来的数据做了大量加密,无法识别。
代码分析
该站代码做了大量的Promise异步处理,webpack打包的格式。追踪比较困难,最后花了很大功夫才跟到关键函数。(关于Promise的特性原理可以看我之前写的文章,写的有不对的地方欢迎指出)
// 全是类似于这种格式的函数 中间掺杂了大量的异步方法,根本没法跟进
function T(e, o, t, a) {
var n = C(e);
if (!n)
return "function" == typeof o && o(p),
void 0;
var r = t && t.cdn
, i = t && t.sync
, m = t && t.timeout || 5e3;
if (0 !== n.depends.length)
for (var s = 0; s < n.depends.length; s++) {
var l = n.depends[s];
t && (delete t.sync,
delete t.timeout,
delete t.cdn),
M(l, void 0, t)
}
var c = a || {};
c.module = n,
c.name = e,
c.state = b,
c.callbacks = c.callbacks || [],
c.options = t,
o && c.callbacks.push(o),
c.timeoutTimer = setTimeout(function() {
c.state = g,
W(c, t && t.throwExceptionInCallback)
}, m),
a || u.push(c);
var f = n.sync;
i && (f = i);
var h = d(n.name, r);
S(h, "AWSC_" + n.name, f)
}
结果
最后找到了代码,是一个变种的AES加密+自定义的字符串转码加密,相关逻辑一步步手工复原。中间还有用到jsjiami官网类似的加密逻辑。
ggnsh = '', _0x4aec=['w71Uw6fCsGg=','6L2C5puu5Lqs5Li/5LqF57O/5Yi/w4ou5pKI5L6h44Km','56m96Ze05o646aqX57mjNeKDnm7DmOKjuWvkeKDk1blkqLCuOKBs8Oyw6TopK7lrpTigobDru+8nOS+hOWMl+S+peeaksOww7Av44Oh','w61VwrbDuA==','wqPDr8OcBGHClw==','QjLDk8K7dQ==','wo3CqXZrYWRc','diLDmQ==','B8OgHA==','wrfDpcORD2HCkcO/w4HCuQ==','b8O4XsOCwpXDocOPw4sVI2LDg8KLYw==','5aSG5p6n5oG455iTfsKV6Yej5bSk5aah5Lm8wrQcwq3vvoJlNcOD5qCN56+177+3566q56+35YWW5LiE6Z6swoAxwoPDonbChETDm8OVw5LnmJDkurbnopLvvLXorIjmjoPljJTlhL/mnqzlhrzli5XlrbXjg7fovLvku57ltbnlhYfkuZXogpDliJLlrLQCUnLjgIZFc8Kq566b5qid54i15YaS5a+r','5YmT6Zus54mi5p+w5YyJ77+yZU/kvZ/lroDmno3lv6Pnq44=','w67Dt145VA==','azMQw55U','w6rCrcOPYsKl','w5DCgMOWf8KM','w7F/w73CrGI=','w5LChcK4wonDtsKh','FcOzGm7CvxDChg==','w4g8w6pGOA=='];(function(_0xf49075,_0x43a770){var _0x452f8c=function(_0x38b3d2){while(--_0x38b3d2){_0xf49075['push'](_0xf49075['shift']());}};_0x452f8c(++_0x43a770);}(_0x4aec,0xa9));var _0x3f46=function(_0x14f8df,_0x5b5bda){_0x14f8df=_0x14f8df-0x0;var _0x45b4b0=_0x4aec[_0x14f8df];if(_0x3f46['initialized']===undefined){(function(){var _0x1e077d=typeof window!=='undefined'?window:typeof process==='object'&&typeof require==='function'&&typeof global==='object'?global:this;var _0x2edf07='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';_0x1e077d['atob']||(_0x1e077d['atob']=function(_0x3a4810){var _0x5bf5a1=String(_0x3a4810)['replace'](/=+$/,'');for(var _0x305cfd=0x0,_0x22fa5b,_0x2dea49,_0x381f3f=0x0,_0x1afedf='';_0x2dea49=_0x5bf5a1['charAt'](_0x381f3f++);~_0x2dea49&&(_0x22fa5b=_0x305cfd%0x4?_0x22fa5b*0x40+_0x2dea49:_0x2dea49,_0x305cfd++%0x4)?_0x1afedf+=String['fromCharCode'](0xff&_0x22fa5b>>(-0x2*_0x305cfd&0x6)):0x0){_0x2dea49=_0x2edf07['indexOf'](_0x2dea49);}return _0x1afedf;});}());var _0x8b5ca2=function(_0x1f3132,_0x92107a){var _0x216991=[],_0x1faf0e=0x0,_0x1af4ca,_0x3fb046='',_0x27048e='';_0x1f3132=atob(_0x1f3132);for(var _0x51ad13=0x0,_0x21236d=_0x1f3132['length'];_0x51ad13<_0x21236d;_0x51ad13++){_0x27048e+='%'+('00'+_0x1f3132['charCodeAt'](_0x51ad13)['toString'](0x10))['slice'](-0x2);}_0x1f3132=decodeURIComponent(_0x27048e);for(var _0x53b9f8=0x0;_0x53b9f8<0x100;_0x53b9f8++){_0x216991[_0x53b9f8]=_0x53b9f8;}for(_0x53b9f8=0x0;_0x53b9f8<0x100;_0x53b9f8++){_0x1faf0e=(_0x1faf0e+_0x216991[_0x53b9f8]+_0x92107a['charCodeAt'](_0x53b9f8%_0x92107a['length']))%0x100;_0x1af4ca=_0x216991[_0x53b9f8];_0x216991[_0x53b9f8]=_0x216991[_0x1faf0e];_0x216991[_0x1faf0e]=_0x1af4ca;}_0x53b9f8=0x0;_0x1faf0e=0x0;for(var _0xfdc631=0x0;_0xfdc631<_0x1f3132['length'];_0xfdc631++){_0x53b9f8=(_0x53b9f8+0x1)%0x100;_0x1faf0e=(_0x1faf0e+_0x216991[_0x53b9f8])%0x100;_0x1af4ca=_0x216991[_0x53b9f8];_0x216991[_0x53b9f8]=_0x216991[_0x1faf0e];_0x216991[_0x1faf0e]=_0x1af4ca;_0x3fb046+=String['fromCharCode'](_0x1f3132['charCodeAt'](_0xfdc631)^_0x216991[(_0x216991[_0x53b9f8]+_0x216991[_0x1faf0e])%0x100]);}return _0x3fb046;};_0x3f46['rc4']=_0x8b5ca2;_0x3f46['data']={};_0x3f46['initialized']=!![];}var _0x5b32d9=_0x3f46['data'][_0x14f8df];if(_0x5b32d9===undefined){if(_0x3f46['once']===undefined){_0x3f46['once']=!![];}_0x45b4b0=_0x3f46['rc4'](_0x45b4b0,_0x5b5bda);_0x3f46['data'][_0x14f8df]=_0x45b4b0;}else{_0x45b4b0=_0x5b32d9;}return _0x45b4b0;};var a={},b={};(function(_0x506b2e,_0x58d7e0){var _0x19e8e1={'rRNLz':_0x3f46('0x0','1s0Z'),'BgIBC':_0x3f46('0x1','8!@M')};_0x506b2e[_0x3f46('0x2','w1o8')]=_0x19e8e1['rRNLz'];_0x58d7e0[_0x3f46('0x3','*!GJ')]=_0x19e8e1[_0x3f46('0x4','USRf')];_0x58d7e0[_0x3f46('0x5','U$Z9')]='如果您的JS里嵌套了PHP,JSP标签,等等其他非JavaScript的代码,请提取出来再加密。这个工具不能加密php、jsp等模版内容';}(a,b));;(function(_0x4bdcfe,_0x4fbc37,_0x225d65){var _0xa570a3={'cKiRe':function _0x4524a2(_0x28244c,_0x3e739a){return _0x28244c===_0x3e739a;},'OatFh':_0x3f46('0x6','dutS'),'JiHQK':_0x3f46('0x7','1BqD'),'pDQLb':function _0x21f4e0(_0x1041c5,_0x24bbc1){return _0x1041c5!==_0x24bbc1;},'HmQGk':_0x3f46('0x8','*!GJ'),'pdbgu':_0x3f46('0x9','09i)'),'bdJmK':'版本号,js会定期弹窗,还请支持我们的工作','mwSYx':'站长接高级\x20“JS加密”\x20和\x20“JS解密”\x20,保卫你的\x20js。','noQRJ':_0x3f46('0xa','w1o8'),'nOPqA':_0x3f46('0xb','^WDP')};_0x225d65='al';try{if(_0xa570a3['cKiRe'](_0xa570a3[_0x3f46('0xc','4GGL')],_0xa570a3[_0x3f46('0xd','y]bZ')])){_0x225d65+=_0xa570a3[_0x3f46('0xe','%Li]')];_0x4fbc37=encode_version;if(!(_0xa570a3[_0x3f46('0xf','%Li]')](typeof _0x4fbc37,_0xa570a3['HmQGk'])&&_0xa570a3['cKiRe'](_0x4fbc37,_0xa570a3['pdbgu']))){_0x4bdcfe[_0x225d65]('删除'+_0xa570a3[_0x3f46('0x10','r5C!')]);}}else{_0x4bdcfe['info']='这是一个一系列js操作。';d[_0x3f46('0x11','1H)L')]=_0xa570a3['mwSYx'];d[_0x3f46('0x12','1BqD')]=_0xa570a3[_0x3f46('0x13','w@A#')];}}catch(_0x433f0a){_0x4bdcfe[_0x225d65](_0xa570a3[_0x3f46('0x14','r5C!')]);}}(window));
算法还原后的代码就不贴了,尊重网站作者隐私。需要的可以联系jsjiami官方客服。
