猿人学第9题js混淆-动态cookie2

猿人学Web端爬虫攻防刷题平台/猿人学第9题js混淆-动态cookie2/README.md

@@ -78,6 +78,8 @@ console.log(document);
 
 `JSEncrypt`是通过_0x4b4d2c生成的
 
+为了方便调试用本地文件替换线上`udc.js`
+
 ## 去除格式化检测代码
 
 第一处
@@ -147,24 +149,30 @@ _0x569c5b.prototype.checkState = function() {
     return this.runState(_0x225f13.test(this.newState.toString()) ? --this.states[1] : --this.states[0]);
 }
 ```
-再次运行报错`Maximum call stack size exceeded`
+再次运行报错`Maximum call stack size exceeded`，调试发现出现死循环
 
-## AST还原简单的`CallExpression`类型
+![debugger](./img/8.png)
+
+删除多余代码如下：
 
-如何将下面的代码:
 ```javascript
-var Xor = function (p,q)
+var _0x2672a2 = function(_0x10d09f) {};
-{
+var _0x1f3cb9 = function(_0x50974d) {};
-  return p ^ q;
-}
-let a = Xor(111,222);
 ```
-转变成下面的:
+
+再次运行断点到了 `debugger`
 ```javascript
-var Xor = function (p,q)
+if (_0x41a2bf[_0x56ae("0xe73", "XiWX")](("" + _0x457d14 / _0x457d14)[_0x41a2bf[_0x56ae("0xe74", "j3cf")]], 1) || _0x41a2bf[_0x56ae("0xe75", "Q(dc")](_0x41a2bf[_0x56ae("0xe76", "gfNe")](_0x457d14, 20), 0)) {
-{
+    debugger
-  return p ^ q;
+} else {
+    debugger
+}
+```
+修改后
+```javascript
+if (_0x41a2bf['LRGDx'](("" + _0x457d14 / _0x457d14)['length'], 1) || (_0x457d14 % 20) === 0) {
+
+} else {
+
 }
-let a = 111 ^ 222;
 ```
-分析:上面的转变其实就是将  Xor(111,222) 变成 111 ^ 222

猿人学Web端爬虫攻防刷题平台/猿人学第9题js混淆-动态cookie2/ast_1.js

@@ -1,27 +0,0 @@
-const fs = require('fs');
-const parser = require("@babel/parser");
-const traverse = require("@babel/traverse").default;
-const types = require("@babel/types");
-const generator = require("@babel/generator").default;
-
-// 元代码
-process.argv.length > 2 ? encodeFile = process.argv[2] : encodeFile = "./encode.js";
-// 被重新编译后的代码
-process.argv.length > 3 ? decodeFile = process.argv[3] : decodeFile = "./decodeResult.js";
-
-let sourceCode = fs.readFileSync(encodeFile, {encoding: "utf-8"});
-let ast = parser.parse(sourceCode);
-
-const callToLiteral =
-    {
-        Call2Expression(path) {
-            console.log(path)
-        }
-    };
-
-traverse(ast, callToLiteral);
-
-let {code} = generator(ast, opts = {jsescOption: {"minimal": true}});
-
-fs.writeFile(decodeFile, code, (err) => {
-});

猿人学Web端爬虫攻防刷题平台/猿人学第9题js混淆-动态cookie2/encode.js

@@ -1,86 +0,0 @@
-function _0x184bd2(_0x4f976f) {
-    var _0x41a2bf = {
-        "LRGDx": function _0x17a630(_0x190aa1, _0x1f8758) {
-            return _0x190aa1 !== _0x1f8758;
-        },
-        "NSsFO": "cbw",
-        "UzmaB": "wxB",
-        "ekRCg": function _0x45c01c(_0x4293e8, _0x24cfaf) {
-            return _0x4293e8(_0x24cfaf);
-        },
-        "jYRHp": "string",
-        "hbXpz": function _0x381ab5(_0x3b1045) {
-            return _0x3b1045();
-        },
-        "PfThc": "length",
-        "EcSQr": function _0x55b3e6(_0x3f01cf, _0x40dc84) {
-            return _0x3f01cf === _0x40dc84;
-        },
-        "kZLvt": function _0x556d21(_0x3814ca, _0x220142) {
-            return _0x3814ca % _0x220142;
-        },
-        "TiCcI": "Bid",
-        "bIyMJ": function _0x27ba58(_0x256eba, _0x372d41) {
-            return _0x256eba(_0x372d41);
-        },
-        "gYloM": function _0x3ce901(_0x43b320, _0x518d51) {
-            return _0x43b320 === _0x518d51;
-        },
-        "tiSqo": "HGN",
-        "Urvfz": function _0xfd138d(_0x4d5ac5, _0x329f6a) {
-            return _0x4d5ac5 != _0x329f6a;
-        }
-    };
-
-    function _0x419117(_0x457d14) {
-        var _0x18e593 = {
-            "pkfIu": function _0x1f6317(_0x2df6c8, _0x5450f0) {
-                return _0x41a2bf["LRGDx"](_0x2df6c8, _0x5450f0);
-            },
-            "OYMvO": _0x41a2bf["NSsFO"],
-            "uFsHH": _0x41a2bf.UzmaB,
-            "Oyjwa": function _0x2ff96c(_0x2b3e9e, _0x4c5c9d) {
-                return _0x41a2bf["ekRCg"](_0x2b3e9e, _0x4c5c9d);
-            }
-        };
-        if (typeof _0x457d14 === _0x41a2bf.jYRHp) {
-            var _0x9ae773 = function () {
-                while (!![]) {
-                    if (_0x18e593["pkfIu"](_0x18e593.OYMvO, _0x18e593.uFsHH)) {
-                    } else {
-                        return this.getKey()["verify"](t, _0x18e593["Oyjwa"](f, e), i);
-                    }
-                }
-            };
-            return _0x41a2bf["hbXpz"](_0x9ae773);
-        } else {
-            if (_0x41a2bf["LRGDx"](("" + _0x457d14 / _0x457d14)[_0x41a2bf["PfThc"]], 1) || _0x41a2bf["EcSQr"](_0x41a2bf["kZLvt"](_0x457d14, 20), 0)) {
-                debugger;
-            } else {
-                debugger;
-            }
-        }
-        _0x41a2bf.ekRCg(_0x419117, ++_0x457d14);
-    }
-
-    try {
-        if (_0x4f976f) {
-            if ("Bid" !== _0x41a2bf.TiCcI) {
-                for (var _0x53fbac = 0; _0x53fbac < t.length; ++_0x53fbac)
-                    t[_0x53fbac] = _0x41a2bf["hbXpz"](Y);
-            } else {
-                return _0x419117;
-            }
-        } else {
-            _0x41a2bf.bIyMJ(_0x419117, 0);
-        }
-    } catch (_0x474e5a) {
-        console.log(_0x474e5a);
-        if (_0x41a2bf["gYloM"](_0x41a2bf["tiSqo"], _0x41a2bf["tiSqo"])) {
-        } else {
-            if (_0x41a2bf["Urvfz"](4, i))
-                return void this.fromRadix(e, i);
-            r = 2;
-        }
-    }
-}

猿人学Web端爬虫攻防刷题平台/猿人学第9题js混淆-动态cookie2/main.py

@@ -1,42 +1,55 @@
+import re
+
+import requests
+import time
 import json
 
-from rsa_encrypt import RsaUtil
-import requests
 
+class 实例1(object):
 
-def decrypt_res(response_json):
+    def __init__(self):
-    rsa = RsaUtil()
+        self.sign_url = "http://127.0.0.1:4001/get_sign"
-    decrypt_result = rsa.decrypt_by_private_key(response_json.get('result'))
+        self.sum_value = 0
-    print(decrypt_result)
-    return decrypt_result
 
+    def get_decrypt(self):
+        url = "https://match.yuanrenxue.cn/match/9"
+        payload = {}
+        headers = {
+            'Cookie': 'sessionid=t9dlfwn9s4ed4z1w1sktxg3k55dc3ko6'
+        }
+        response = requests.request("GET", url, headers=headers, data=payload)
+        time_str = re.findall(r'decrypt.*?([0-9]{10})', response.text)[0]
+        return time_str
 
-def challenge56(page):
+    def get_sign(self, date_time):
-    url = "https://www.python-spider.com/api/challenge56"
+        data = {
-    payload = f"page={page}"
+            'sign': str(date_time)
-    session = requests.session()
+        }
-    headers = {
+        req = requests.post(self.sign_url, data=data)
-        'content-type': 'application/x-www-form-urlencoded; charset=UTF-8'
+        sign = req.text
-    }
+        return sign
-    session.headers = headers
-    response = session.request("POST", url, data=payload)
-    return response.json()
 
+    def get_task(self, i, time_str):
+        cookie = self.get_sign(time_str)
+        print(cookie)
+        url = f"https://match.yuanrenxue.cn/api/match/9?page={i}"
+        Headers = {
+            "User-Agent": "yuanrenxue.project",
+            "cookie": cookie
+        }
+        req = requests.get(url, headers=Headers)
+        return req.text
 
-def run():
+    def run(self):
-    data_num = 0
+        time_str = self.get_decrypt()
-    for page in range(1, 101):
+        for i in range(2, 6):
-        response_json = challenge56(page)
+            res_dict = json.loads(self.get_task(i, time_str))
-        decrypt_result = decrypt_res(response_json)
+            print(res_dict)
-        data_list = json.loads(decrypt_result).get('data')
+            for j in res_dict.get('data'):
-        data_list_num = []
+                self.sum_value += j.get('value')
-        for data in data_list:
+        print(self.sum_value)
-            data_list_num.append(int(data.get('value')))
-            data_num += int(data.get('value'))
-        print(data_list_num, page)
-        print(data_num)
-    print(data_num)
 
 
 if __name__ == '__main__':
-    run()
+    a = 实例1()
+    a.run()

猿人学Web端爬虫攻防刷题平台/猿人学第9题js混淆-动态cookie2/server9.js

@@ -0,0 +1,18 @@
+const express = require('express');
+const app = express();
+const encryption = require("./9");
+var bodyParser = require('body-parser');
+app.use(bodyParser());
+
+
+app.post('/get_sign', function (req, res) {
+    let result = req.body;
+    let sign = result.sign;
+    console.log(sign);
+    result = encryption.get_m(sign);
+    res.send(result.toString());
+});
+
+app.listen(4001, () => {
+    console.log("开启服务，端口 4001")
+});

猿人学Web端爬虫攻防刷题平台/猿人学第9题js混淆-动态cookie2/vm_run.js

@@ -1,8 +0,0 @@
-var fs = require('fs');
-const {VM, VMScript} = require('vm2');
-const vm = new VM();
-const code_file = `${__dirname}/9.js`;
-const script = new VMScript(fs.readFileSync(code_file), `${__dirname}/调试.js`);
-debugger
-vm.run(script);
-debugger