spider/js_reverse
1
0
Fork 0
mirror of https://github.com/luzhisheng/js_reverse.git synced 2025-04-16 16:07:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

猿人学第9题js混淆-动态cookie2

Browse Source
This commit is contained in:
luzhisheng 2023-08-29 14:47:48 +08:00
parent 1e2578601c
commit a0d7a65c96
10 changed files with 11677 additions and 8749 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11593
猿人学Web端爬虫攻防刷题平台/猿人学第9题js混淆-动态cookie2/9.js Normal file
View File

File diff suppressed because one or more lines are too long

36
猿人学Web端爬虫攻防刷题平台/猿人学第9题js混淆-动态cookie2/README.md
View File

@ -78,6 +78,8 @@ console.log(document);
`JSEncrypt`是通过_0x4b4d2c生成的
为了方便调试用本地文件替换线上`udc.js`
## 去除格式化检测代码
第一处
@ -147,24 +149,30 @@ _0x569c5b.prototype.checkState = function() {
return this.runState(_0x225f13.test(this.newState.toString()) ? --this.states[1] : --this.states[0]);
}
```
再次运行报错`Maximum call stack size exceeded`
再次运行报错`Maximum call stack size exceeded`,调试发现出现死循环
## AST还原简单的`CallExpression`类型
![debugger](./img/8.png)
删除多余代码如下:
如何将下面的代码:
```javascript
var Xor = function (p,q)
{
return p ^ q;
}
let a = Xor(111,222);
var _0x2672a2 = function(_0x10d09f) {};
var _0x1f3cb9 = function(_0x50974d) {};
```
转变成下面的:
再次运行断点到了 `debugger`
```javascript
var Xor = function (p,q)
{
return p ^ q;
if (_0x41a2bf[_0x56ae("0xe73", "XiWX")](("" + _0x457d14 / _0x457d14)[_0x41a2bf[_0x56ae("0xe74", "j3cf")]], 1) || _0x41a2bf[_0x56ae("0xe75", "Q(dc")](_0x41a2bf[_0x56ae("0xe76", "gfNe")](_0x457d14, 20), 0)) {
debugger
} else {
debugger
}
```
修改后
```javascript
if (_0x41a2bf['LRGDx'](("" + _0x457d14 / _0x457d14)['length'], 1) || (_0x457d14 % 20) === 0) {
} else {
}
let a = 111 ^ 222;
```
分析:上面的转变其实就是将 Xor(111,222) 变成 111 ^ 222

3890
猿人学Web端爬虫攻防刷题平台/猿人学第9题js混淆-动态cookie2/ast.js
View File

File diff suppressed because it is too large Load Diff

27
猿人学Web端爬虫攻防刷题平台/猿人学第9题js混淆-动态cookie2/ast_1.js
View File

@ -1,27 +0,0 @@
const fs = require('fs');
const parser = require("@babel/parser");
const traverse = require("@babel/traverse").default;
const types = require("@babel/types");
const generator = require("@babel/generator").default;
// 元代码
process.argv.length > 2 ? encodeFile = process.argv[2] : encodeFile = "./encode.js";
// 被重新编译后的代码
process.argv.length > 3 ? decodeFile = process.argv[3] : decodeFile = "./decodeResult.js";
let sourceCode = fs.readFileSync(encodeFile, {encoding: "utf-8"});
let ast = parser.parse(sourceCode);
const callToLiteral =
{
Call2Expression(path) {
console.log(path)
}
};
traverse(ast, callToLiteral);
let {code} = generator(ast, opts = {jsescOption: {"minimal": true}});
fs.writeFile(decodeFile, code, (err) => {
});

1
猿人学Web端爬虫攻防刷题平台/猿人学第9题js混淆-动态cookie2/decodeResult.js
View File

File diff suppressed because one or more lines are too long

86
猿人学Web端爬虫攻防刷题平台/猿人学第9题js混淆-动态cookie2/encode.js
View File

@ -1,86 +0,0 @@
function _0x184bd2(_0x4f976f) {
var _0x41a2bf = {
"LRGDx": function _0x17a630(_0x190aa1, _0x1f8758) {
return _0x190aa1 !== _0x1f8758;
},
"NSsFO": "cbw",
"UzmaB": "wxB",
"ekRCg": function _0x45c01c(_0x4293e8, _0x24cfaf) {
return _0x4293e8(_0x24cfaf);
},
"jYRHp": "string",
"hbXpz": function _0x381ab5(_0x3b1045) {
return _0x3b1045();
},
"PfThc": "length",
"EcSQr": function _0x55b3e6(_0x3f01cf, _0x40dc84) {
return _0x3f01cf === _0x40dc84;
},
"kZLvt": function _0x556d21(_0x3814ca, _0x220142) {
return _0x3814ca % _0x220142;
},
"TiCcI": "Bid",
"bIyMJ": function _0x27ba58(_0x256eba, _0x372d41) {
return _0x256eba(_0x372d41);
},
"gYloM": function _0x3ce901(_0x43b320, _0x518d51) {
return _0x43b320 === _0x518d51;
},
"tiSqo": "HGN",
"Urvfz": function _0xfd138d(_0x4d5ac5, _0x329f6a) {
return _0x4d5ac5 != _0x329f6a;
}
};
function _0x419117(_0x457d14) {
var _0x18e593 = {
"pkfIu": function _0x1f6317(_0x2df6c8, _0x5450f0) {
return _0x41a2bf["LRGDx"](_0x2df6c8, _0x5450f0);
},
"OYMvO": _0x41a2bf["NSsFO"],
"uFsHH": _0x41a2bf.UzmaB,
"Oyjwa": function _0x2ff96c(_0x2b3e9e, _0x4c5c9d) {
return _0x41a2bf["ekRCg"](_0x2b3e9e, _0x4c5c9d);
}
};
if (typeof _0x457d14 === _0x41a2bf.jYRHp) {
var _0x9ae773 = function () {
while (!![]) {
if (_0x18e593["pkfIu"](_0x18e593.OYMvO, _0x18e593.uFsHH)) {
} else {
return this.getKey()["verify"](t, _0x18e593["Oyjwa"](f, e), i);
}
}
};
return _0x41a2bf["hbXpz"](_0x9ae773);
} else {
if (_0x41a2bf["LRGDx"](("" + _0x457d14 / _0x457d14)[_0x41a2bf["PfThc"]], 1) || _0x41a2bf["EcSQr"](_0x41a2bf["kZLvt"](_0x457d14, 20), 0)) {
debugger;
} else {
debugger;
}
}
_0x41a2bf.ekRCg(_0x419117, ++_0x457d14);
}
try {
if (_0x4f976f) {
if ("Bid" !== _0x41a2bf.TiCcI) {
for (var _0x53fbac = 0; _0x53fbac < t.length; ++_0x53fbac)
t[_0x53fbac] = _0x41a2bf["hbXpz"](Y);
} else {
return _0x419117;
}
} else {
_0x41a2bf.bIyMJ(_0x419117, 0);
}
} catch (_0x474e5a) {
console.log(_0x474e5a);
if (_0x41a2bf["gYloM"](_0x41a2bf["tiSqo"], _0x41a2bf["tiSqo"])) {
} else {
if (_0x41a2bf["Urvfz"](4, i))
return void this.fromRadix(e, i);
r = 2;
}
}
}

75
猿人学Web端爬虫攻防刷题平台/猿人学第9题js混淆-动态cookie2/main.py
View File

@ -1,42 +1,55 @@
import re
import requests
import time
import json
from rsa_encrypt import RsaUtil
import requests
class 实例1(object):
def decrypt_res(response_json):
rsa = RsaUtil()
decrypt_result = rsa.decrypt_by_private_key(response_json.get('result'))
print(decrypt_result)
return decrypt_result
def __init__(self):
self.sign_url = "http://127.0.0.1:4001/get_sign"
self.sum_value = 0
def get_decrypt(self):
url = "https://match.yuanrenxue.cn/match/9"
payload = {}
headers = {
'Cookie': 'sessionid=t9dlfwn9s4ed4z1w1sktxg3k55dc3ko6'
}
response = requests.request("GET", url, headers=headers, data=payload)
time_str = re.findall(r'decrypt.*?([0-9]{10})', response.text)[0]
return time_str
def challenge56(page):
url = "https://www.python-spider.com/api/challenge56"
payload = f"page={page}"
session = requests.session()
headers = {
'content-type': 'application/x-www-form-urlencoded; charset=UTF-8'
}
session.headers = headers
response = session.request("POST", url, data=payload)
return response.json()
def get_sign(self, date_time):
data = {
'sign': str(date_time)
}
req = requests.post(self.sign_url, data=data)
sign = req.text
return sign
def get_task(self, i, time_str):
cookie = self.get_sign(time_str)
print(cookie)
url = f"https://match.yuanrenxue.cn/api/match/9?page={i}"
Headers = {
"User-Agent": "yuanrenxue.project",
"cookie": cookie
}
req = requests.get(url, headers=Headers)
return req.text
def run():
data_num = 0
for page in range(1, 101):
response_json = challenge56(page)
decrypt_result = decrypt_res(response_json)
data_list = json.loads(decrypt_result).get('data')
data_list_num = []
for data in data_list:
data_list_num.append(int(data.get('value')))
data_num += int(data.get('value'))
print(data_list_num, page)
print(data_num)
print(data_num)
def run(self):
time_str = self.get_decrypt()
for i in range(2, 6):
res_dict = json.loads(self.get_task(i, time_str))
print(res_dict)
for j in res_dict.get('data'):
self.sum_value += j.get('value')
print(self.sum_value)
if __name__ == '__main__':
run()
a = 实例1()
a.run()

18
猿人学Web端爬虫攻防刷题平台/猿人学第9题js混淆-动态cookie2/server9.js Normal file
View File

@ -0,0 +1,18 @@
const express = require('express');
const app = express();
const encryption = require("./9");
var bodyParser = require('body-parser');
app.use(bodyParser());
app.post('/get_sign', function (req, res) {
let result = req.body;
let sign = result.sign;
console.log(sign);
result = encryption.get_m(sign);
res.send(result.toString());
});
app.listen(4001, () => {
console.log("开启服务,端口 4001")
});

4692
猿人学Web端爬虫攻防刷题平台/猿人学第9题js混淆-动态cookie2/test.js
View File

File diff suppressed because it is too large Load Diff

8
猿人学Web端爬虫攻防刷题平台/猿人学第9题js混淆-动态cookie2/vm_run.js
View File

@ -1,8 +0,0 @@
var fs = require('fs');
const {VM, VMScript} = require('vm2');
const vm = new VM();
const code_file = `${__dirname}/9.js`;
const script = new VMScript(fs.readFileSync(code_file), `${__dirname}/调试.js`);
debugger
vm.run(script);
debugger