spider/js_reverse
1
0
Fork 0
mirror of https://github.com/luzhisheng/js_reverse.git synced 2025-04-20 01:34:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

23综合离谱的protobuf与jsvmp

Browse Source
This commit is contained in:
aiyingfeng 2023-06-30 19:43:48 +08:00
parent 6954f71b70
commit 393a0fead5
10 changed files with 1122 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

697
猿人学练习/23综合离谱的protobuf与jsvmp/23.html Normal file
View File

File diff suppressed because one or more lines are too long

363
猿人学练习/23综合离谱的protobuf与jsvmp/23.js Normal file
View File

File diff suppressed because one or more lines are too long

62
猿人学练习/23综合离谱的protobuf与jsvmp/README.md Normal file
View File

@ -0,0 +1,62 @@
# 知识点hook match函数、main.wasm加密、protobuf对象数据、jsvmp混淆
## 解题思路
首先查看请求地址内容,发现是请求数据和返回数据都是二进制数据
![请求](./img/1.png)
跟栈进入js调试发现是蝌蚪纹变量名称完全看不明白尝试用`V_jstools`解码。
![请求](./img/2.png)
通过`V_jstools`解码后,就可以清楚的看到变量名称
![请求](./img/3.png)
浏览器启用本地替换的方式
![请求](./img/4.png)
发现报错,数据直接不现实了,这里我猜测是代码格式化检测或者是蝌蚪纹检测
![请求](./img/5.png)
花了几个小时搞不定,没办法了,**搜索内部群的聊天记录**,找到如下答案,`hook match`,这就大概明白了代码检测是通过`match`正则匹配的方式。
![请求](./img/6.png)
利用油猴插件编写hook补丁
```javascript
// ==UserScript==
// @name hook match
// @namespace http://tampermonkey.net/
// @version 0.1
// @description pass
// @author ayf
// @run-at document-start
// @match *://www.python-spider.com/*
// @grant none
// ==/UserScript==
(function () {
// 备份原函数,并添加至原型链
String.prototype.match_ = String.prototype.match;
// hook split 方法
String.prototype.match = function(val){
var str = this.toString();
console.log(str);
debugger;
return str.match_(val);
}
// 过检测
String.prototype.match.toString = function (){
return "function split() [native code] ";
}
})();
```
看看发现了什么内容,
![请求](./img/7.png)

BIN
猿人学练习/23综合离谱的protobuf与jsvmp/img/1.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 49 KiB

BIN
猿人学练习/23综合离谱的protobuf与jsvmp/img/2.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 46 KiB

BIN
猿人学练习/23综合离谱的protobuf与jsvmp/img/3.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 138 KiB

BIN
猿人学练习/23综合离谱的protobuf与jsvmp/img/4.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 25 KiB

BIN
猿人学练习/23综合离谱的protobuf与jsvmp/img/5.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 22 KiB

BIN
猿人学练习/23综合离谱的protobuf与jsvmp/img/6.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 161 KiB

BIN
猿人学练习/23综合离谱的protobuf与jsvmp/img/7.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 162 KiB