spider/js_reverse
1
0
Fork 0
mirror of https://github.com/luzhisheng/js_reverse.git synced 2025-04-22 02:05:24 +08:00
Code Issues Packages Projects Releases Wiki Activity

猿人学第5题-js 混淆-乱码增强-补环境-atob

Browse Source
This commit is contained in:
luzhisheng 2023-03-09 11:47:03 +08:00
parent 883e2168da
commit 400ce9a374
1 changed files with 6 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
猿人学第5题-js 混淆-乱码增强-补环境-atob/readme.md
View File

@ -1,16 +1,14 @@
## 知识点 atob魔改的md5环境指纹crypto-jshook cookie ## 知识点 atob魔改的md5环境指纹crypto-jshook cookie
### 解题 网上有2篇介绍的文章但最最关键的点都没有写出来直接说明了主要破解cookie中的`RM4hZBv0dDon443M=`
网上有2篇介绍的文章但最最关键的点都没有写出来 ### 解题一RM4hZBv0dDon443M的值是怎么来的
直接说明了主要破解cookie中的`m=``RM4hZBv0dDon443M=` ![图片](./img/2.png)
![图片](./img/1.png)
油猴插件`hook cookie` 油猴插件`hook cookie`
![图片](./img/2.png) ![图片](./img/1.png)
很容易就找到`RM4hZBv0dDon443M=`加密点 很容易就找到`RM4hZBv0dDon443M=`加密点
@ -24,7 +22,7 @@
![图片](./img/5.png) ![图片](./img/5.png)
仔细观察这断代码是不`crypto-js`加密mode是`ECB`padding是`Pkcs7` 仔细观察这断代码发现`crypto-js`加密mode是`ECB`padding是`Pkcs7`
_$Ww = _$Tk[_$UH[0x2db]][_$UH[0x2dc]][_$UH[0xff]](_0x4e96b4['_$pr'][_$UH[0x1f]]()), _$Ww = _$Tk[_$UH[0x2db]][_$UH[0x2dc]][_$UH[0xff]](_0x4e96b4['_$pr'][_$UH[0x1f]]()),
_0x29dd83 = _$Tk['A' + _$UH[0x32d]][_$UH[0x337] + _$UH[0x336]](_$Ww, _0x4e96b4[_0xc77418('0x6', 'OCbs')], { _0x29dd83 = _$Tk['A' + _$UH[0x32d]][_$UH[0x337] + _$UH[0x336]](_$Ww, _0x4e96b4[_0xc77418('0x6', 'OCbs')], {
@ -59,12 +57,4 @@
![图片](./img/8.png) ![图片](./img/8.png)
pr = [ ### 解题二_0x4e96b4['_$pr']生成
"b2148c31fb09c98f90ce78424d6cdd58",
"3be88c860ec6fc7e4e33fe7a167d02dd",
"0be14faf5221bbdefdede418b077ca60",
"9c2b5781ba44e92f5e4b3f4d7951b899",
"08aca52cf82f1e26cc1f4dd35db9795e"
];
dada_time = "1678253268764";