文章目录
- 1. 写在前面
- 2. 接口分析
- 3. 断点分析
- 4. 扣JS代码
【🏠作者主页】:吴秋霖
【💼作者介绍】:擅长爬虫与JS加密逆向分析!Python领域优质创作者、CSDN博客专家、阿里云博客专家、华为云享专家。一路走来长期坚守并致力于Python与爬虫领域研究与开发工作!
【🌟作者推荐】:对爬虫领域以及JS逆向分析感兴趣的朋友可以关注《爬虫JS逆向实战》《深耕爬虫领域》
未来作者会持续更新所用到、学到、看到的技术知识!包括但不限于:各类验证码突防、爬虫APP与JS逆向分析、RPA自动化、分布式爬虫、Python领域等相关文章
作者声明:文章仅供学习交流与参考!严禁用于任何商业与非法用途!否则由此产生的一切后果均与作者无关!如有侵权,请联系作者本人进行删除!
1. 写在前面
H5目前这个参数好像是已经不再做校验了?所以再去分析的话意义并不大了。而且它那个界面真的是巨难用!为此,我单独去注册了一个商家版的!只为还原最真实的场景。目前最新的anti_content是0aq开头的,相比较于早期的老版本不再需要参数去参与加密,纯算法扣出来还原之后可在本地Node环境下直接调用生成,并且算法通用于所有接口…
2. 接口分析
这个商家后台管理,确实功能做的挺丰富,我这边主要是新注册的,然后数据基本都是空的,所以文章中能够直观测试的接口比较少,但是扣出来的算法确实是通用的!因为有朋友跟粉丝一直在做这块,算法也是给他们进行了测试,下面是一位粉丝使用易语言调用的结果,如下所示:
首先,我们找到商品管理下面的商品列表,发个包监听一下请求:
这里如果Anti-Content参数不对或者你不携带,得到的结果均会如下:
{"error_code":54001,"error_msg":"操作太过频繁,请稍后再试!","result":{"verifyAuthToken":"一堆字符"}}
H5就不一样,你不携带现在照样给你数据,压根好像都不做参数检验了~
3. 断点分析
首先我们使用关键词参数全局搜索大法整一下,搜索出来的结果不多,如下:
可以全部下个断,然后重新刷新页面,这里的话我们可以看到anti_content已经生成
往上看在.then的上方,这行代码return !kt.a || s && s(n) ? Promise.resolve(c(t.rawFetch, l).catch((function() {},异步调用?
这里确实是一个异步,是一个Promise的链式调用。调用了c(t.rawFetch, l)函数,这个函数返回的是一个Promise对象,就是一个复合条件表达式,包含了逻辑运算跟Promise异步操作
上面的断点异步调用,难度并不大,稍微调式一下就能够看到核心的加密代码了,那剩下的就是扣代码!!!
4. 扣JS代码
接下来就到了核心阶段,扣取Webpack代码,整个加密逻辑大部分都在一个JS文件内,我们需要花时间去调试分析,梳理清楚模块加载顺序,然后把整个加密算法还原出来
把加密核心JS代码扣取下来,这里你不需要去改,直接拿我这个就可用!!如下所示:
function o(e) {
return (o = "function" == typeof Symbol && "symbol" == typeof Symbol.iterator ? function(e) {
return typeof e
} : function(e) {
return e && "function" == typeof Symbol && e.constructor === Symbol && e !== Symbol.prototype ? "symbol" : typeof e
})(e)
}
为了避免多次调用 typeof、Symbol,我们同样使用自执行函数的方式定义,这样做可以提高代码的性能,因为它避免了重复计算,如下所示:
"3": function(e, t, n) {
"use strict";
(function(e) {
var t, r, a = "function" == typeof Symbol && "symbol" == o(Symbol.iterator) ? function(e) {
return o(e)
} : function(e) {
return e && "function" == typeof Symbol && e.constructor === Symbol && e !== Symbol.prototype ? "symbol" : o(e)
}, i = n(12),
s = n(13).crc32,
d = ["fSohrCk0cG==", "W4FdMmotWRve", "W7bJWQ1CW6C=", "W5K6bCooW6i=", "dSkjW7tdRSoB", "jtxcUfRcRq==", "ALj2WQRdQG==", "W5BdSSkqWOKH", "lK07WPDy", "f8oSW6VcNrq=", "eSowCSkoaa==", "d8oGW7BcPIO=", "m0FcRCkEtq==", "qv3cOuJdVq==", "iMG5W5BcVa==", "W73dVCo6WPD2", "W6VdKmkOWO8w", "zueIB8oz", "CmkhWP0nW5W=", "W7ldLmkSWOfh", "W5FdIqdcJSkO", "aCkBpmoPyG==", "l27dICkgWRK=", "s05AWR7cTa==", "bttcNhdcUW==", "gJldK8kHFW==", "W5Sso8oXW4i=", "FgC0W7hcNmoqwa==", "xmkPhdDl", "e14kWRzQ", "BNFcVxpdPq==", "z1vadK0=", "W7yOiCk2WQ0=", "qLb7lg0=", "t8o6BwhcOq==", "gmk6lYD9WPdcHSoQqG==", "oqldGmkiCq==", "rmo+uKlcSW==", "dSoIWOVdQ8kC", "iXSUsNu=", "W5ipW4S7WRS=", "WPtcTvOCtG==", "A3CcAmoS", "lCotW6lcMba=", "iuGzWPLz", "WQVdPmoKeSkR", "W4ydoCkqWQ4=", "jCobW47cNXC=", "W4tdJCkNWOCJ", "hCo/W7ZcSJ8=", "BNuZW6NcMG==", "b8kFW6hdN8oN", "W4SpoCkXWQK=", "cXddOmkDFa==", "W63dHSoyWQft", "W6ldSmk0WRj4", "A2bHWOtcHeeMyq==", "f3VcSSk/xG==", "qg1u", "ftyivga=", "DCkhpsfe", "WR3cKmo3oMWEw8kK", "yev3", "W4xdMKSejbm=", "W797WOL7W4m=", "W6xdOCkKWQXw", "gcCUye0=", "W7WXkmomb8kT", "c8kIesD0", "WOTpEW==", "ySo3E8oVWPy=", "iNyhW5lcNLNcG8kYWQu=", "W7JdMSkfWRnD", "FfijW5tcHW==", "xCokW54Zzq==", "W77dUsi=", "W5FdHfa6eq==", "E1FcQvVdSG==", "eZ/dNCo4AG==", "CgPmWQZdKa==", "A8oLECoJWPS=", "oCoSW7VcTJC=", "mCoADa==", "W7DXuSouDq==", "ic3dQCo8ua==", "rN3cIa==", "W6/dJ8kPWRGQ", "W4xdLYlcPmkc", "F3JcPvZdLa==", "xCk8iHn4", "qg15", "W5/dL8oOWPr4", "hW41C3C=", "sSoZzwxcPW==", "ywdcUvNdUW==", "t0TzWQpdIG==", "lv7dJSoIjq==", "W5Tzxq==", "W6DnWQK=", "W5mGaCkFWRC=", "W6LmWO5+W6C=", "WR7dQmoJa8k+", "emkFW4ddOmob", "imk8imoNEa==", "W4ZdP8kaWPvc", "F8k4WO40W4e=", "cSoHE8k9cG==", "jw4TW5dcSW==", "wuJcOKRdTa==", "swNcQx/dGG==", "aCkSiCoMEq==", "W6pdS8owWQTH", "WRFdQmonjmkT", "cKBdGCkpWOm=", "oCoWW4VcPIa=", "WQddSSoUjmks", "c8kdW5JdM8oE", "W7b0AGvl", "sCk4WOylW60=", "nXNdSmkXvW==", "W67dRSkjWOqj", "W44EcCohW6O=", "W6ddPmkpWRHN", "W7tdVIVcOSkR", "qg3dVG==", "W7Ofcmofda==", "WRDmW5VcLq==", "CSoRW4W4Aq==", "mmo0WP3dVmkj", "i8omW6ZcPd8=", "CSkaWQyvW4m=", "ACkMWQCLW4q=", "W5pdOCk0WRv3", "W7yDW44SWP8=", "WRP8W5dcNmkd", "ymkNaID5", "cfeTWRT6", "W6WdbmkmWO0=", "eSo3WQldVCkU", "W5flwZrl", "WPVcTe4tWQu=", "DuCPumok", "hLpcKCksqXe=", "g3hdUCkoWRu=", "sL0sW6JcPW==", "lf7dL8oOpG==", "w8k4WPWJW7u=", "i08mW5dcUW==", "kb/dU8klsW==", "WOhcMSoW", "W5LnfG==", "F8kJWQmxW6m=", "W5ldU0CDca==", "eKRdKmkoWPG=", "tmouW60=", "gSkrW7JdVSor", "WPNcP8oc", "DhLAmLW=", "sSo0EfdcQq==", "W6ygW689WQq=", "W6CPimkIWQa=", "WRJdLmoynSkY", "W5iimCkDWRa=", "oMhdN8kPWRHV", "eNqQWQHn", "bmkakSoHW4u=", "W4PxEbvN", "WQhcQxSWyW==", "xCoKEW==", "guBcISk2yG==", "nviRW4BcSq==", "m3tcVmkXCJ9YWQyXd8kuWQfJW71fWPmnWRj+WR1tW6WbW4PDdCkrkLbDs8ozWR4gySoyv20rWO3dJJpdIh9DWPhcGCoctKFcN8kTW6nHvbLRkg9MeKhdHCoP", "W7iZfmolW4q=", "p1JdGSk4WPW=", "ns3cTuhcMSk6u8kj", "q8kmhr5p", "lWCxtKW=", "pmk+hSoYFG==", "bdFdKmkIwa==", "WR/cMSoL", "csCy", "W7BdKCkmWPfO", "tCkeWPyXW70=", "smkVWRK=", "dNFdQSokiq==", "W5OyoCoLW5O=", "W4RcIZ0xW5hdPCkaWPddO0aoE8oCwXVcSgbVtWbqW6u=", "iKNdK8khWRa=", "WQtdQCommSkg", "W6ddU8k1WQ94", "ASoXAMRcHG==", "gMhdKCoBna==", "eCk5mSoEW6K2v8octbK=", "pmo+Fmkfea==", "f3y8WPL0Ex4=", "oSkmm8oczq==", "W7ldK8oWWRnrW6WtqMG0W7/cMxbU", "W7uwdmofbG==", "A8oqyudcPG==", "s8oHt3FcTq==", "a8okBCkAdq==", "W7mvg3OI", "E8kLWR0dW7i=", "W78qhKSF", "W6XMWRHsW6K=", "hCoyzSk7fa==", "WQNcKSoHp1S=", "oCkaiCocW6i=", "bSoEW5ZcVXq=", "W5pdVCkHWRj3", "eehdNSoGhG==", "W4VdTmkhWRO=", "W73dMte=", "bqBcJelcTG==", "WOpcKLXWBa==", "W7uRa0OKnwpdRmoq", "WO3cKSoHW7C4", "WPRcOCofl0i=", "BxvOWPhcSa==", "hwK0W7tcJq==", "BMOjW5lcGq==", "cmouWONdUmk8", "E8k9WQyjW7NdNa==", "WRNcQSoFi0S=", "zLTHWPpcUW==", "WRPjW7BcLCkB", "BLRcLMddLW==", "s8kzWOiiW5m=", "W40mW4uqWP8=", "i13cMCk7Ea==", "WQBcLMupWOu=", "x8o2xmoD", "hCkBcCoLvW==", "FmkEWRShW5q=", "W58ikmo+W7K=", "W4KehmkSWOG=", "WQZcLCod", "WQtcHgXHCa==", "W4ldRbpcSmkY", "r8oKW5ukr0e+gW==", "dSkjW4FdLCoY", "cGa6Ee4=", "W69pymoVuW==", "WQRcSCo7i0i=", "W5RdICoWWQPaW70ode4=", "cfiNWODs", "W7rzWPr/W4u=", "ySkuecz+", "W4qsW70WWOq=", "W5VdS8kmWPXz", "W44jW7W=", "pxRcGW==", "ye5hngpdUa==", "WRRcQfT0va==", "WQxcImouW7CY", "qLRcJKddTa==", "p8o6q8kUdW==", "W4nlWRLvW6W=", "p3hdQ8kzWOe=", "W4eFeCojW5W=", "W43dNCoMWRG=", "nNCqW7lcQW==", "FCoqw3dcUq==", "W4BdGSkKWQ8+", "rmo8q1/cKW==", "D0assmov", "f0eQWODU", "nJXVfCo5W6VcVIniWPKKcCkpWO0fW63dNI4fWPziiSkWEmowWO12AKqNWQvPyCkMmb8aCConW7ddQCkmxs3cG3xdJuuMW7FdJCoqWQndsmk9WQzzW5mgWP/cUHmx", "pCoRymkabCoqta==", "i2xdImk+", "owFdVSkkWOm=", "WPNcK1H+Ca==", "W4FdKJxcICkP", "W4hdNSkuWO4=", "W7Gol8oAW6O=", "W61RWRrOW4y=", "W7qAn8ksWQK=", "WPVcRvWNWOG=", "xmoyrwFcQW==", "WOz7W4hcRSkB", "l1yQW5RcSW==", "zvJcQvZdNa==", "W4hdPSobWPvy", "nWldKCoIvG==", "CeTyh3K=", "pa/cVexcLG==", "cmk0W6JdUSoK", "AwSxW5ZcHq==", "jIpcKfdcOW==", "W5r5WQXpW74=", "n8k1mmoHW4G=", "xe4JW7FcMW==", "hmolw8kViW==", "gfutW6hcSG==", "hflcVSkzrW==", "jZpcRN/cRq==", "W7tdV8kF", "ig0UW7VcLW==", "b03dGCkBWP0=", "nYFcPW==", "W4ueW6StWP0=", "W4BdN8ogWR9D", "qe89qCo3", "W68dgmkSWR4=", "Ae0FsmoD", "pSoVECkojG==", "W6aplSoBfG==", "mq/dR8omya==", "amkMiCojW40=", "xN5GWPVcJa==", "W67dJmk4WQji", "fxRcVCk7yG==", "fSkLoSoLW7a=", "a8oCWPJdP8kt", "e8o0WRxdI8kv", "ChO3W6NcMa==", "awVdPmkGWO0=", "nCk0W6pdMCod", "W4xdP8kOWO5J", "lSowxSk0fW==", "js/cPwVcTW==", "WOJdRmo9amkt", "nsRcULdcUmkH", "gCkIW4FdLmoF", "DmovW7erzG==", "cSoFD8kfeq==", "WRVcH8ouW7aC", "WPvCW6xcKSkr", "W4qRW4arWQW=", "WPpcPgjfFW=="];
t = d, r = 280,
function(e) {
for (; --e;)
t.push(t.shift())
}
(++r);
var u = function e(t, n) {
var r = d[t -= 0];
void 0 === e.dkfVxK && (e.jRRxCS = function(e, t) {
for (var n = [], r = 0, a = void 0, i = "", s = "", o = 0, d = (e = function(e) {
for (var t, n, r = String(e).replace(/=+$/, ""), a = "", i = 0, s = 0; n = r.charAt(s++);~n && (t = i % 4 ? 64 * t + n : n, i++ % 4) ? a += String.fromCharCode(255 & t >> (-2 * i & 6)) : 0)
n = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=".indexOf(n);
return a
}
(e)).length; o < d; o++)
s += "%" + ("00" + e.charCodeAt(o).toString(16)).slice(-2);
e = decodeURIComponent(s);
var u = void 0;
for (u = 0; u < 256; u++)
n[u] = u;
for (u = 0; u < 256; u++)
r = (r + n[u] + t.charCodeAt(u % t.length)) % 256, a = n[u], n[u] = n[r], n[r] = a;
u = 0, r = 0;
for (var l = 0; l < e.length; l++)
r = (r + n[u = (u + 1) % 256]) % 256, a = n[u], n[u] = n[r], n[r] = a, i += String.fromCharCode(e.charCodeAt(l) ^ n[(n[u] + n[r]) % 256]);
return i
}, e.vDRBih = {}, e.dkfVxK = !0);
var a = e.vDRBih[t];
return void 0 === a ? (void 0 === e.EOELbZ && (e.EOELbZ = !0), r = e.jRRxCS(r, n), e.vDRBih[t] = r) : r = a, r
}, l = u("0x105", "T5dY"),
c = u("0x143", "tnRV"),
_ = u("0xf3", "r6cx"),
m = u("0x13e", "r6cx"),
f = u("0xfc", "YD9J"),
h = u("0xce", "0JIq"),
p = u("0xf4", "HaX["),
y = u("0x6a", "bNd#"),
M = u("0x121", "0]JJ"),
L = u("0x126", "w(Dq"),
v = u("0xf2", "iF%V"),
g = u("0xc0", "86I$"),
k = u("0x2a", "D@GR"),
Y = u("0x119", "(k)G"),
b = u("0xdd", "86I$")[_](""),
w = {
"+": "-",
"/": "_",
"=": ""
};
function x(e) {
return e[m](/[+\\/=]/g, function(e) {
return w[e]
})
}
var D = ("undefined" == typeof window ? "undefined" : a(window)) !== u("0x79", "Hof]") && window[M] ? window[M] : parseInt,
W = {
base64: function(e) {
var t = u,
n = {};
n[t("0x83", "4j9@")] = function(e, t) {
return e * t
}, n[t("0x18", "[wyj")] = function(e, t) {
return e(t)
}, n[t("0xb", "v7]k")] = function(e, t) {
return e / t
}, n[t("0x22", "xY%o")] = function(e, t) {
return e < t
}, n[t("0x76", "j&er")] = function(e, t) {
return e + t
}, n[t("0x88", "tnRV")] = function(e, t) {
return e + t
}, n[t("0xba", "HaX[")] = function(e, t) {
return e >>> t
}, n[t("0xfd", "FlMG")] = function(e, t) {
return e & t
}, n[t("0xc3", "49kG")] = function(e, t) {
return e | t
}, n[t("0x9f", "&Wvj")] = function(e, t) {
return e << t
}, n[t("0x3d", "4j9@")] = function(e, t) {
return e << t
}, n[t("0x2f", "y@5u")] = function(e, t) {
return e >>> t
}, n[t("0x140", "1YRP")] = function(e, t) {
return e - t
}, n[t("0x59", "wWU6")] = function(e, t) {
return e === t
}, n[t("0x10b", "pRbw")] = function(e, t) {
return e + t
}, n[t("0x21", "xY%o")] = function(e, t) {
return e & t
}, n[t("0x33", "w(Dq")] = function(e, t) {
return e << t
}, n[t("0x35", "EX&9")] = function(e, t) {
return e + t
}, n[t("0xea", "49kG")] = function(e, t) {
return e + t
}, n[t("0x130", "0JIq")] = function(e, t) {
return e(t)
};
for (var r = n, a = void 0, i = void 0, s = void 0, o = "", d = e[g], l = 0, c = r[t("0x146", "FVER")](r[t("0x30", "uDrd")](D, r[t("0x2d", "r6cx")](d, 3)), 3); r[t("0x102", "4j9@")](l, c);)
a = e[l++], i = e[l++], s = e[l++], o += r[t("0x62", "tnRV")](r[t("0x78", "(k)G")](r[t("0x88", "tnRV")](b[r[t("0xed", "1YRP")](a, 2)], b[r[t("0xb4", "YD9J")](r[t("0xd1", "uDrd")](r[t("0x108", "VdBX")](a, 4), r[t("0xfe", "vqpk")](i, 4)), 63)]), b[r[t("0xbf", "[wyj")](r[t("0x148", "Buip")](r[t("0x27", "r6cx")](i, 2), r[t("0x53", "zrWU")](s, 6)), 63)]), b[r[t("0x29", "rib%")](s, 63)]);
var _ = r[t("0x5a", "uDrd")](d, c);
return r[t("0x124", "CCDE")](_, 1) ? (a = e[l], o += r[t("0xb3", "4j9@")](r[t("0xad", "NZM&")](b[r[t("0xa8", "YD9J")](a, 2)], b[r[t("0x44", "YD9J")](r[t("0x116", "uDrd")](a, 4), 63)]), "==")) : r[t("0x65", "bWtw")](_, 2) && (a = e[l++], i = e[l], o += r[t("0xe3", "Poq&")](r[t("0x107", "D@GR")](r[t("0x2b", "bWtw")](b[r[t("0x1d", "bNd#")](a, 2)], b[r[t("0x0", "Hof]")](r[t("0xb1", "0]JJ")](r[t("0xe", "86I$")](a, 4), r[t("0x3e", "86I$")](i, 4)), 63)]), b[r[t("0x13b", "[wyj")](r[t("0x113", "y@5u")](i, 2), 63)]), "=")), r[t("0x7f", "&Wvj")](x, o)
},
charCode: function(e) {
var t = u,
n = {};
n[t("0x117", "86I$")] = function(e, t) {
return e < t
}, n[t("0xd4", "FVER")] = function(e, t) {
return e >= t
}, n[t("0x81", "&NG^")] = function(e, t) {
return e <= t
}, n[t("0xa0", "Poq&")] = function(e, t) {
return e | t
}, n[t("0x6e", "Zd5Z")] = function(e, t) {
return e & t
}, n[t("0xc6", "uzab")] = function(e, t) {
return e >> t
}, n[t("0xac", "5W0R")] = function(e, t) {
return e | t
}, n[t("0x5b", "g#sj")] = function(e, t) {
return e & t
}, n[t("0x34", "vqpk")] = function(e, t) {
return e >= t
}, n[t("0x1", "&Wvj")] = function(e, t) {
return e <= t
}, n[t("0x10d", "Hof]")] = function(e, t) {
return e >> t
}, n[t("0x127", "HaX[")] = function(e, t) {
return e | t
}, n[t("0xd6", "HaX[")] = function(e, t) {
return e & t
}, n[t("0x38", "&NG^")] = function(e, t) {
return e >> t
};
for (var r = n, a = [], i = 0, s = 0; r[t("0x117", "86I$")](s, e[g]); s += 1) {
var o = e[v](s);
r[t("0x4f", "HaX[")](o, 0) && r[t("0xbb", "FVER")](o, 127) ? (a[Y](o), i += 1) : r[t("0xd", "Hof]")](128, 80) && r[t("0x12", "1YRP")](o, 2047) ? (i += 2, a[Y](r[t("0xb8", "y@5u")](192, r[t("0xdc", "Hof]")](31, r[t("0x1f", "86I$")](o, 6)))), a[Y](r[t("0x61", "4j9@")](128, r[t("0x2c", "0]JJ")](63, o)))) : (r[t("0xfb", "FlMG")](o, 2048) && r[t("0x2e", "0JIq")](o, 55295) || r[t("0xd9", "g#sj")](o, 57344) && r[t("0x99", "Poq&")](o, 65535)) && (i += 3, a[Y](r[t("0x90", "&Wvj")](224, r[t("0x5e", "HaX[")](15, r[t("0xd3", "rib%")](o, 12)))), a[Y](r[t("0x11d", "FVER")](128, r[t("0x115", "YD9J")](63, r[t("0x8b", "Zd5Z")](o, 6)))), a[Y](r[t("0x5", "D@GR")](128, r[t("0x91", "&NG^")](63, o))))
}
for (var d = 0; r[t("0x4c", "EX&9")](d, a[g]); d += 1)
a[d] &= 255;
return r[t("0x16", "[wyj")](i, 255) ? [0, i][k](a) : [r[t("0xb7", "uDrd")](i, 8), r[t("0x36", "bWtw")](i, 255)][k](a)
},
es: function(e) {
var t = u;
e || (e = "");
var n = e[L](0, 255),
r = [],
a = W[t("0x6f", "pRbw")](n)[f](2);
return r[Y](a[g]), r[k](a)
},
en: function(e) {
var t = u,
n = {};
n[t("0xbc", "xY%o")] = function(e, t) {
return e(t)
}, n[t("0x66", "FVER")] = function(e, t) {
return e > t
}, n[t("0xe2", "wWU6")] = function(e, t) {
return e !== t
}, n[t("0xf7", "Dtn]")] = function(e, t) {
return e % t
}, n[t("0xcf", "zrWU")] = function(e, t) {
return e / t
}, n[t("0x3f", "&Wvj")] = function(e, t) {
return e < t
}, n[t("0x41", "w(Dq")] = function(e, t) {
return e * t
}, n[t("0x10f", "xY%o")] = function(e, t) {
return e + t
}, n[t("0x63", "4j9@")] = function(e, t, n) {
return e(t, n)
};
var r = n;
e || (e = 0);
var a = r[t("0x23", "v7]k")](D, e),
i = [];
r[t("0xaf", "Dtn]")](a, 0) ? i[Y](0) : i[Y](1);
for (var s = Math[t("0x13", "D@GR")](a)[y](2)[_](""), o = 0; r[t("0xa6", "bWtw")](r[t("0x111", "pRbw")](s[g], 8), 0); o += 1)
s[p]("0");
s = s[l]("");
for (var d = Math[c](r[t("0xdf", "1YRP")](s[g], 8)), m = 0; r[t("0x145", "vqpk")](m, d); m += 1) {
var f = s[L](r[t("0xe1", "Zd5Z")](m, 8), r[t("0x49", "bNd#")](r[t("0x31", "VdBX")](m, 1), 8));
i[Y](r[t("0xf0", "Buip")](D, f, 2))
}
var h = i[g];
return i[p](h), i
},
sc: function(e) {
var t = u,
n = {};
n[t("0x101", "iF%V")] = function(e, t) {
return e > t
}, e || (e = "");
var r = n[t("0x25", "bWtw")](e[g], 255) ? e[L](0, 255) : e;
return W[t("0xe0", "D@GR")](r)[f](2)
},
nc: function(e) {
var t = u,
n = {};
n[t("0xf5", "Poq&")] = function(e, t) {
return e(t)
}, n[t("0x74", "wWU6")] = function(e, t) {
return e / t
}, n[t("0x8", "D@GR")] = function(e, t, n, r) {
return e(t, n, r)
}, n[t("0x24", "1YRP")] = function(e, t) {
return e * t
}, n[t("0xb6", "T5dY")] = function(e, t) {
return e < t
}, n[t("0xc4", "YD9J")] = function(e, t) {
return e * t
}, n[t("0x67", "uzab")] = function(e, t) {
return e + t
}, n[t("0x9a", "5W0R")] = function(e, t, n) {
return e(t, n)
};
var r = n;
e || (e = 0);
var a = Math[t("0x93", "tM!n")](r[t("0x11c", "EX&9")](D, e))[y](2),
s = Math[c](r[t("0xa3", "1YRP")](a[g], 8));
a = r[t("0x1b", "0I]C")](i, a, r[t("0x42", "tnRV")](s, 8), "0");
for (var o = [], d = 0; r[t("0x10c", "bNd#")](d, s); d += 1) {
var l = a[L](r[t("0xc1", "1YRP")](d, 8), r[t("0x4a", "D@GR")](r[t("0x114", "&Wvj")](d, 1), 8));
o[Y](r[t("0x12a", "uDrd")](D, l, 2))
}
return o
},
va: function(e) {
var t = u,
n = {};
n[t("0x95", "FVER")] = function(e, t) {
return e(t)
}, n[t("0x26", "5W0R")] = function(e, t, n, r) {
return e(t, n, r)
}, n[t("0x13a", "Naa&")] = function(e, t) {
return e * t
}, n[t("0xa5", "rib%")] = function(e, t) {
return e / t
}, n[t("0x4e", "Zd5Z")] = function(e, t) {
return e >= t
}, n[t("0x9e", "&Wvj")] = function(e, t) {
return e - t
}, n[t("0xa2", "rib%")] = function(e, t) {
return e === t
}, n[t("0xeb", "EX&9")] = function(e, t) {
return e & t
}, n[t("0xf8", "Buip")] = function(e, t) {
return e + t
}, n[t("0x50", "&Wvj")] = function(e, t) {
return e >>> t
};
var r = n;
e || (e = 0);
for (var a = Math[t("0x94", "vqpk")](r[t("0x12b", "5W0R")](D, e)), s = a[y](2), o = [], d = (s = r[t("0x98", "bWtw")](i, s, r[t("0xe7", "T5dY")](Math[c](r[t("0xf9", "Buip")](s[g], 7)), 7), "0"))[g]; r[t("0xe4", "uzab")](d, 0); d -= 7) {
var l = s[L](r[t("0xf1", "49kG")](d, 7), d);
if (r[t("0xe8", "YD9J")](r[t("0x123", "wWU6")](a, -128), 0)) {
o[Y](r[t("0x103", "T5dY")]("0", l));
break
}
o[Y](r[t("0x11a", "Poq&")]("1", l)), a = r[t("0x92", "49kG")](a, 7)
}
return o[h](function(e) {
return D(e, 2)
})
},
ek: function(e) {
var t = arguments.length > 1 && void 0 !== arguments[1] ? arguments[1] : "",
n = u,
r = {};
r[n("0x2", "w(Dq")] = function(e, t) {
return e !== t
}, r[n("0xca", "Zu]D")] = function(e, t) {
return e === t
}, r[n("0x57", "Naa&")] = n("0xf6", "w(Dq"), r[n("0x7e", "Zu]D")] = n("0x110", "YD9J"), r[n("0x7a", "T5dY")] = n("0x75", "Dtn]"), r[n("0x128", "vqpk")] = function(e, t) {
return e > t
}, r[n("0x4", "zrWU")] = function(e, t) {
return e <= t
}, r[n("0x56", "uzab")] = function(e, t) {
return e + t
}, r[n("0x141", "VdBX")] = function(e, t, n, r) {
return e(t, n, r)
}, r[n("0xd2", "FVER")] = n("0xda", "j&er"), r[n("0x17", "FVER")] = function(e, t, n) {
return e(t, n)
}, r[n("0x96", "vqpk")] = function(e, t) {
return e - t
}, r[n("0x11f", "VdBX")] = function(e, t) {
return e > t
};
var s = r;
if (!e) return [];
var o = [],
d = 0;
s[n("0x147", "WmWP")](t, "") && (s[n("0x125", "pRbw")](Object[n("0x109", "FlMG")][y][n("0xb0", "y@5u")](t), s[n("0xa4", "4j9@")]) && (d = t[g]), s[n("0x39", "tnRV")](void 0 === t ? "undefined" : a(t), s[n("0xf", "D@GR")]) && (d = (o = W.sc(t))[g]), s[n("0x39", "tnRV")](void 0 === t ? "undefined" : a(t), s[n("0x5f", "rib%")]) && (d = (o = W.nc(t))[g]));
var l = Math[n("0xe5", "pRbw")](e)[y](2),
c = "";
c = s[n("0x9d", "Hof]")](d, 0) && s[n("0x28", "D@GR")](d, 7) ? s[n("0x6", "bWtw")](l, s[n("0x104", "49kG")](i, d[y](2), 3, "0")) : s[n("0xd7", "iF%V")](l, s[n("0xab", "EX&9")]);
var _ = [s[n("0x97", "rib%")](D, c[f](Math[n("0x12c", "uDrd")](s[n("0x15", "w(Dq")](c[g], 8), 0)), 2)];
return s[n("0x82", "(k)G")](d, 7) ? _[k](W.va(d), o) : _[k](o)
},
ecl: function(e) {
var t = u,
n = {};
n[t("0x122", "bWtw")] = function(e, t) {
return e < t
}, n[t("0x131", "&Wvj")] = function(e, t, n) {
return e(t, n)
};
for (var r = n, a = [], i = e[y](2)[_](""), s = 0; r[t("0xd8", "tM!n")](i[g], 16); s += 1)
i[p](0);
return i = i[l](""), a[Y](r[t("0x19", "UcbW")](D, i[L](0, 8), 2), r[t("0xbe", "WmWP")](D, i[L](8, 16), 2)), a
},
pbc: function() {
var e = arguments.length > 0 && void 0 !== arguments[0] ? arguments[0] : "",
t = u,
n = {};
n[t("0x7c", "0]JJ")] = function(e, t) {
return e(t)
}, n[t("0x20", "iF%V")] = function(e, t) {
return e < t
}, n[t("0xaa", "tnRV")] = function(e, t) {
return e - t
};
var r = n,
a = [],
i = W.nc(r[t("0x43", "[wyj")](s, e[m](/\\s/g, "")));
if (r[t("0xcd", "bWtw")](i[g], 4)) for (var o = 0; r[t("0x51", "zrWU")](o, r[t("0x3a", "HaX[")](4, i[g])); o++)
a[Y](0);
return a[k](i)
},
gos: function(e, t) {
var n = u,
r = {};
r[n("0x135", "EX&9")] = function(e, t) {
return e === t
}, r[n("0x8e", "wWU6")] = n("0x136", "w(Dq"), r[n("0x85", "CCDE")] = n("0x13f", "1YRP");
var a = r,
i = Object[a[n("0x86", "0I]C")]](e)[h](function(t) {
var r = n;
return a[r("0xef", "5W0R")](t, a[r("0x9c", "r6cx")]) || a[r("0xb2", "xY%o")](t, "c") ? "" : t + ":" + e[t][y]() + ","
})[l]("");
return n("0x12e", "zrWU") + t + "={" + i + "}"
},
budget: function(e, t) {
var n = u,
r = {};
r[n("0x133", "vqpk")] = function(e, t) {
return e === t
}, r[n("0xd0", "Buip")] = function(e, t) {
return e === t
}, r[n("0x48", "1YRP")] = function(e, t) {
return e >= t
}, r[n("0x13c", "HaX[")] = function(e, t) {
return e + t
};
var a = r;
return a[n("0xa", "iF%V")](e, 64) ? 64 : a[n("0xc2", "v7]k")](e, 63) ? t : a[n("0x46", "NZM&")](e, t) ? a[n("0x129", "Zd5Z")](e, 1) : e
},
encode: function(e, t) {
var n = u,
r = {};
r[n("0x3", "0I]C")] = function(e, t) {
return e < t
}, r[n("0x132", "r6cx")] = n("0x13d", "[wyj"), r[n("0x10e", "v7]k")] = function(e, t) {
return e < t
}, r[n("0x11b", "YD9J")] = n("0x71", "Zu]D"), r[n("0x4b", "uzab")] = function(e, t) {
return e !== t
}, r[n("0x7b", "v7]k")] = n("0x55", "j&er"), r[n("0x137", "Hof]")] = n("0x14", "uDrd"), r[n("0xc", "r6cx")] = function(e, t) {
return e * t
}, r[n("0xdb", "86I$")] = n("0xd5", "1YRP"), r[n("0x45", "5W0R")] = n("0xec", "WmWP"), r[n("0xa9", "uzab")] = function(e, t) {
return e | t
}, r[n("0xcb", "1YRP")] = function(e, t) {
return e << t
}, r[n("0x1a", "Dtn]")] = function(e, t) {
return e & t
}, r[n("0x69", "T5dY")] = function(e, t) {
return e - t
}, r[n("0x5c", "[wyj")] = function(e, t) {
return e >> t
}, r[n("0x138", "Naa&")] = function(e, t) {
return e - t
}, r[n("0x40", "Hof]")] = function(e, t) {
return e & t
}, r[n("0x52", "FVER")] = function(e, t) {
return e >> t
}, r[n("0x100", "pRbw")] = function(e, t) {
return e - t
}, r[n("0x68", "w(Dq")] = function(e, t) {
return e(t)
}, r[n("0x54", "Buip")] = function(e, t, n) {
return e(t, n)
}, r[n("0x80", "0I]C")] = function(e, t, n) {
return e(t, n)
}, r[n("0x1c", "iF%V")] = function(e, t) {
return e | t
}, r[n("0xa1", "w(Dq")] = function(e, t) {
return e << t
}, r[n("0x9b", "YD9J")] = function(e, t) {
return e + t
}, r[n("0x72", "vqpk")] = function(e, t) {
return e + t
}, r[n("0x6d", "wWU6")] = function(e, t) {
return e + t
};
for (var i, s, o, d, l = r, c = {
"_bÇ": e = e,
_bK: 0,
_bf: function() {
var t = n;
return e[v](c[t("0x8c", "bNd#")]++)
}
}, _ = {
"_ê": [],
"_bÌ": -1,
"_á": function(e) {
var t = n;
_[t("0x7d", "T5dY")]++, _["_ê"][_[t("0xc8", "vqpk")]] = e
},
"_bÝ": function() {
var e = n;
return _bÝ [e("0x11e", "WmWP")]--, l[e("0x8d", "w(Dq")](_bÝ [e("0xcc", "Naa&")], 0) && (_bÝ [e("0x106", "tnRV")] = 0), _bÝ ["_ê"][_bÝ [e("0xae", "bNd#")]]
}
}, f = "", h = l[n("0x7", "v7]k")], p = 0; l[n("0x142", "NZM&")](p, h[g]); p++)
_["_á"](h[l[n("0xc5", "Hof]")]](p));
_["_á"]("=");
var y = l[n("0x118", "WmWP")](void 0 === t ? "undefined" : a(t), l[n("0x6b", "86I$")]) ? Math[l[n("0xb5", "YD9J")]](l[n("0x8f", "Buip")](Math[l[n("0xbd", "tM!n")]](), 64)) : -1;
for (p = 0; l[n("0x11", "Hof]")](p, e[g]); p = c[n("0x70", "&NG^")])
for (var M = l[n("0x32", "r6cx")][n("0x37", "D@GR")]("|"), L = 0;;) {
switch (M[L++]) {
case "0":
s = l[n("0xde", "EX&9")](l[n("0x12f", "VdBX")](l[n("0x120", "NZM&")](_["_ê"][l[n("0x5d", "4j9@")](_[n("0x7d", "T5dY")], 2)], 3), 4), l[n("0x139", "tnRV")](_["_ê"][l[n("0x47", "Poq&")](_[n("0x87", "v7]k")], 1)], 4));
continue;
case "1":
d = l[n("0x89", "NZM&")](_["_ê"][_[n("0x84", "4j9@")]], 63);
continue;
case "2":
_["_á"](c[n("0x10", "5W0R")]());
continue;
case "3":
i = l[n("0x52", "FVER")](_["_ê"][l[n("0xc9", "YD9J")](_[n("0xe9", "Zd5Z")], 2)], 2);
continue;
case "4":
l[n("0x3c", "UcbW")](isNaN, _["_ê"][l[n("0x64", "v7]k")](_[n("0x12d", "HaX[")], 1)]) ? o = d = 64 : l[n("0x73", "T5dY")](isNaN, _["_ê"][_[n("0x77", "y@5u")]]) && (d = 64);
continue;
case "5":
_["_á"](c[n("0xc7", "pRbw")]());
continue;
case "6":
l[n("0x8a", "&Wvj")](void 0 === t ? "undefined" : a(t), l[n("0x60", "FVER")]) && (i = l[n("0xee", "rib%")](t, i, y), s = l[n("0x149", "y@5u")](t, s, y), o = l[n("0x9", "vqpk")](t, o, y), d = l[n("0xff", "r6cx")](t, d, y));
continue;
case "7":
o = l[n("0x144", "EX&9")](l[n("0xa7", "tM!n")](l[n("0x58", "xY%o")](_["_ê"][l[n("0xb9", "Zd5Z")](_[n("0xe6", "D@GR")], 1)], 15), 2), l[n("0xfa", "UcbW")](_["_ê"][_[n("0x7d", "T5dY")]], 6));
continue;
case "8":
f = l[n("0x134", "1YRP")](l[n("0x10a", "0JIq")](l[n("0x112", "bNd#")](l[n("0x3b", "4j9@")](f, _["_ê"][i]), _["_ê"][s]), _["_ê"][o]), _["_ê"][d]);
continue;
case "9":
_["_á"](c[n("0x6c", "bNd#")]());
continue;
case "10":
_[n("0x87", "v7]k")] -= 3;
continue
}
break
}
return l[n("0x1e", "T5dY")](f[m](/=/g, ""), h[y] || "")
}
};
e[u("0x4d", "v7]k")] = W
}).call(this, n(1)(e))
}
接下来我们需要创建一个自执行函数,把上面用到的loadCode函数定义一下,并将它添加到window对象上,可以看到t是一个空对象,用来存储模块的导出结果!n函数用于加载模块,所以核心调试也就是需要在commons.fff25be43f7d0482c30c.js文件内把Webpack加载的模块代码全部扣出来,如下所示:
(function(moduleLoader) {
var modules = {};
function loadModule(moduleId) {
if (modules[moduleId]) return modules[moduleId].exports;
var module = modules[moduleId] = {
id: moduleId,
loaded: !1,
exports: {}
};
return moduleLoader[moduleId].call(module.exports, module, module.exports, loadModule), module.loaded = !0, module.exports
}
window.loadModule = loadModule;
loadModule.m = moduleLoader;
loadModule.c = modules;
loadModule.d = function(exports, name, getter) {
loadModule.o(exports, name) || Object.defineProperty(exports, name, {
enumerable: !0,
get: getter
})
};
loadModule.r = function(exports) {
"undefined" != typeof Symbol && Symbol.toStringTag && Object.defineProperty(exports, Symbol.toStringTag, {
value: "Module"
}), Object.defineProperty(exports, "__esModule", {
value: !0
})
};
loadModule.t = function(value, mode) {
if (1 & mode && (value = loadModule(value)), 8 & mode) return value;
if (4 & mode && "object" == typeof value && value && value.__esModule) return value;
var ns = Object.create(null);
if (loadModule.r(ns), Object.defineProperty(ns, "default", {
enumerable: !0,
value: value
}), 2 & mode && "string" != typeof value) for (var name in value) loadModule.d(ns, name, function(name) {
return value[name]
}.bind(null, name));
return ns
};
loadModule.n = function(module) {
var getter = module && module.__esModule ? function() {
return module.default
} : function() {
return module
};
return loadModule.d(getter, "a", getter), getter
};
loadModule.o = function(object, property) {
return Object.prototype.hasOwnProperty.call(object, property)
};
loadModule.p = "";
})(obj__);
var encrypt = window.loadModule("3");
上面重新实现的自执行函数主要功能则是创建了一个模块加载器!这个加载器允许通过给定模块的标识符来动态加载模块,并返回模块的导出内容。通过使用闭包和模块加载器模式,将模块的定义和加载逻辑封装在内部,并提供了一些工具函数来管理模块的加载和导出
简单一句话就是:简易的模块加载器,用于动态加载和管理模块!辅助管理模块的状态和导出
继续往下调试,边调试边补代码,细节很多,直接贴关键部分的代码,如下所示:
稍微改造一下!下面函数的作用主要是生成随机字符,然后从预定义的字符串中索引取值,直到字符串的长度达到指定的长度为止!这操作基本很多网站的加密都有的流程
function l(e) {
e = e || 21;
for (var t = ""; 0 < e--;)
t += "_~varfunctio0125634789bdegjhklmpqswxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"[64 * Math.random() | 0];
return t
}
继续上面函数往下调试,下面的这个方法作用是,将给定的字符串填充到指定长度,并且可以指定填充的字符!一个要填充的字符。如下所示:
稍微改造一下!如下,函数会对参数进行检查,确保它们的类型正确。然后,它会计算需要填充的字符数量,并将填充的字符添加到原始字符串的末尾,直到字符串达到指定的长度为止,代码如下:
function d(e, t, n) {
if ("string" != typeof e)
throw new Error("The string parameter must be a string.");
if (e.length < 1)
throw new Error("The string parameter must be 1 character or longer.");
if ("number" != typeof t)
throw new Error("The length parameter must be a number.");
if ("string" != typeof n && n)
throw new Error("The character parameter must be a string.");
var r = -1;
for (t -= e.length,
n || 0 === n || (n = " "); ++r < t;)
e += n;
return e
}
就把这个Webpack的JS代码全部扣下来,不需要补环境!主打的就是扣JS还原算法,最后测试一下最终还原的算法效果,如下所示:
接下来我们简单的编写一个Demo,调用算法进行一下测试,代码实现如下:
# -*- coding: utf-8 -*-
import json
import execjs
import requests
def get_anti_content():
with open("get_anti_content.js", encoding='utf-8') as f:
ctx = execjs.compile(f.read())
anti_content = ctx.call(
"get_anti_content"
)
return anti_content
def get_mms_pdd():
headers = {
"accept": "*/*",
"accept-language": "en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7",
"cache-control": "no-cache",
"content-type": "application/json",
"origin": "https://mms.pinduoduo.com",
"pragma": "no-cache",
"referer": "https://mms.pinduoduo.com/goods/goods_list",
"sec-ch-ua": "\"Google Chrome\";v=\"123\", \"Not:A-Brand\";v=\"8\", \"Chromium\";v=\"123\"",
"sec-ch-ua-mobile": "?0",
"sec-ch-ua-platform": "\"macOS\"",
"sec-fetch-dest": "empty",
"sec-fetch-mode": "cors",
"sec-fetch-site": "same-origin",
"user-agent": "" # 自行获取
}
cookies = {} #自行获取
headers["anti-content"] = get_anti_content()
url = "https://mms.pinduoduo.com/vodka/v2/mms/query/display/mall/goodsList"
data = {
"pre_sale_type": 4,
"page": 1,
"shipment_time_type": 3,
"is_onsale": 1,
"sold_out": 0,
"size": 10
}
data = json.dumps(data, separators=(',', ':'))
response = requests.post(url, headers=headers, cookies=cookies, data=data)
print(response.json())
if __name__ == '__main__':
get_mms_pdd()
作者这里使用了商品列表的接口跟分类接口进行了一个测试,由于作者这个号是现注册的,没有商品信息所以列表是空。但是!这并不影响算法所展现出来的实力!如下所示:
接下来,作者也是对营销活动板块下的接口进行了测试,如下所示:
最后祝大家假期愉快,以上给大家先卷为敬!文章不够细节,熬夜熬不动了~屁股真的是做麻了!要算法可以找作者获取