spider/js_reverse
1
0
Fork 0
mirror of https://github.com/luzhisheng/js_reverse.git synced 2025-04-20 10:25:01 +08:00
Code Issues Packages Projects Releases Wiki Activity

16js加密表情包+sojson6.0-aa混淆-setInterval定时任务

Browse Source
This commit is contained in:
luzhisheng 2023-03-06 13:51:05 +08:00
parent d51d361314
commit 4104e7f231
12 changed files with 126 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
猿人学练习/16js加密表情包+sojson6.0-aa混淆-setInterval定时任务/img/1.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 63 KiB

BIN
猿人学练习/16js加密表情包+sojson6.0-aa混淆-setInterval定时任务/img/10.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 68 KiB

BIN
猿人学练习/16js加密表情包+sojson6.0-aa混淆-setInterval定时任务/img/2.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 40 KiB

BIN
猿人学练习/16js加密表情包+sojson6.0-aa混淆-setInterval定时任务/img/3.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 93 KiB

BIN
猿人学练习/16js加密表情包+sojson6.0-aa混淆-setInterval定时任务/img/4.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 84 KiB

BIN
猿人学练习/16js加密表情包+sojson6.0-aa混淆-setInterval定时任务/img/5.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 33 KiB

BIN
猿人学练习/16js加密表情包+sojson6.0-aa混淆-setInterval定时任务/img/6.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 27 KiB

BIN
猿人学练习/16js加密表情包+sojson6.0-aa混淆-setInterval定时任务/img/7.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 17 KiB

BIN
猿人学练习/16js加密表情包+sojson6.0-aa混淆-setInterval定时任务/img/8.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 30 KiB

BIN
猿人学练习/16js加密表情包+sojson6.0-aa混淆-setInterval定时任务/img/9.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 61 KiB

119
猿人学练习/16js加密表情包+sojson6.0-aa混淆-setInterval定时任务/readme.md
View File

@ -1,7 +1,122 @@
# 知识点: js fuck和CryptoJS
# 知识点: sojson6.0aa混淆setInterval定时任务
## 解题思路
查看请求链接
查看请求链接,`setInterval(function(){ debugger; }, 300)`,定时任务每3毫秒执行一次
同时还存在另外一个`setInterval(function(){ console.log(binb2b64(a+'error')); }, 300)`
![请求](./img/1.png)
这里利用`Tampermonkey`hook函数`setInterval`
![请求](./img/2.png)
// ==UserScript==
// @name debugger
// @namespace http://tampermonkey.net/
// @version 0.1
// @description pass
// @author ayf
// @run-at document-start
// @match *://*.python-spider.com/*
// @grant none
// ==/UserScript==
(function() {
var new_setInterval=setInterval;
window.setInterval=function(a,b){
if(a.toString().indexOf("debugger")!=-1)
{
return null;
}
if(a.toString().indexOf("console.log")!=-1)
{
return null;
}
new_setInterval(a,b);
}
})();
这样就可以顺利的查看请求地址,发现`safe`是加密字段
![请求](./img/3.png)
进入断点就可以发现一断aa混淆复制代码破解解决方法
  1去掉代码最后一个符号 ('_') 后,放到浏览器里面去直接执行就可以看到源码
  2在线调试在 AAEncode 代码第一行下断点然后一步一步执行最终也会在虚拟机VM里看到源码
![请求](./img/4.png)
结合上下文可以发现aa混淆生成了然后又把`token`赋值给了`safe`
token = window.localStorage.getItem('token');
request.setRequestHeader("safe", token);
![请求](./img/5.png)
通过控制可以顺利的打印出加密值
![请求](./img/6.png)
观察加密函数
window.localStorage.setItem('token', window.btoa(a) + ('|') + binb2b64(hex_sha1(window.btoa(core_sha1(a)))) + b64_sha1(a));
这里面
window.btoa(a)是base64
binb2b64(hex_sha1(window.btoa(core_sha1(a))))包含了函数core_sha1hex_sha1binb2b64
b64_sha1(a)是函数b64_sha1
进入函数体内
![请求](./img/7.png)
可以看到这段内容`jsjiami.com.v6`这就是`sojson`加密
![请求](./img/8.png)
用谷歌插件`v_jstools`解密`sojson`
![请求](./img/9.png)
最后赋值js尝试执行
a = '1678067697';
b64_sha1_a = b64_sha1(a);
console.log(b64_sha1_a);
binb2b64_a = binb2b64(hex_sha1(window.btoa(core_sha1(a))));
console.log(binb2b64_a);
btoa_a = window.btoa(a);
console.log(btoa_a);
发现`ReferenceError: window is not defined`报错
binb2b64_a = binb2b64(hex_sha1(window.btoa(core_sha1(a))));
ReferenceError: window is not defined
这里需要补一下环境`window``window.btoa`
window = global;
global.Buffer = global.Buffer || require('buffer').Buffer;
if (typeof btoa === 'undefined') {
global.btoa = function (str) {
return new Buffer.from(str).toString('base64');
};
}
if (typeof atob === 'undefined') {
global.atob = function (b64Encoded) {
return new Buffer.from(b64Encoded, 'base64').toString();
};
}
顺利打印出数据
![请求](./img/10.png)

18
猿人学练习/16js加密表情包+sojson6.0-aa混淆-setInterval定时任务/test.js
View File

@ -195,15 +195,15 @@ function binb2b64(iiiliI) {
}
// a = '1678067697';
// b64_sha1_a = b64_sha1(a);
// console.log(b64_sha1_a);
//
// binb2b64_a = binb2b64(hex_sha1(window.btoa(core_sha1(a))));
// console.log(binb2b64_a);
//
// btoa_a = window.btoa(a);
// console.log(btoa_a);
a = '1678067697';
b64_sha1_a = b64_sha1(a);
console.log(b64_sha1_a);
binb2b64_a = binb2b64(hex_sha1(window.btoa(core_sha1(a))));
console.log(binb2b64_a);
btoa_a = window.btoa(a);
console.log(btoa_a);
function safe(timestamp) {