spider/rs-reverse
1
0
Fork 0
mirror of https://github.com/pysunday/rs-reverse.git synced 2025-04-12 11:56:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat: key component function extraction

Browse Source
This commit is contained in:
rnet 2023-12-30 02:07:15 +08:00
parent 852a6478b5
commit 0b38130533
16 changed files with 379 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/handler/globalVarible.js
View File

@ -8,6 +8,9 @@ class GlobalVarible {
get bignum() {
return cache.bignum;
}
get cfgnum() {
return cache.cfgnum;
}
get utils() {
return cache.utils;
}

44
src/handler/parser/bignum.js
View File

@ -1,6 +1,41 @@
const gv = require('@src/handler/globalVarible');
exports.init = function() {
function makeCfgnum() {
const arr1 = [[], [], [], [], []];
const arr2 = [[], [], [], [], []];
const arr1_4 = arr1[4];
const arr2_4 = arr2[4];
const one = [];
const two = [];
let i, j, temp;
for (i = 0; i < gv.cp2[30]; i++) {
two[(one[i] = i << 1 ^ (i >> gv.cp2[23]) * gv.cp2[93]) ^ i] = i;
}
for (i = j = 0; !arr1_4[i]; i ^= one[i] || 1, j = two[j] || 1) {
temp = j ^ j << 1 ^ j << gv.cp2[56] ^ j << gv.cp2[58] ^ j << gv.cp2[19];
temp = temp >> gv.cp2[52] ^ temp & gv.cp2[34] ^ gv.cp2[143];
arr1_4[i] = temp;
arr2_4[temp] = i;
}
for (i = 0; i < gv.cp2[30]; i++) {
arr2_4[arr1_4[i]] = i;
}
for (i = 0; i < gv.cp2[30]; i++) {
let ele1 = one[one[one[i]]] * gv.cp2[158] ^ one[one[i]] * gv.cp2[177] ^ one[i] * gv.cp2[111] ^ i * gv.cp2[64];
let ele2 = one[arr1_4[i]] * gv.cp2[111] ^ arr1_4[i] * gv.cp2[64];
for (j = 0; j < gv.cp2[19]; j++) {
arr1[j][i] = ele2 = ele2 << gv.cp2[4] ^ ele2 >>> gv.cp2[52];
arr2[j][arr1_4[i]] = ele1 = ele1 << gv.cp2[4] ^ ele1 >>> gv.cp2[52];
}
}
for (i = 0; i < gv.cp2[29]; i++) {
arr1[i] = arr1[i].slice(0);
arr2[i] = arr2[i].slice(0);
}
return [arr1, arr2]
}
function makeBignum() {
const arr = [];
for (let i = 0; i < gv.cp2[30]; i++) {
let item = i;
@ -9,5 +44,10 @@ exports.init = function() {
}
arr[i] = item;
}
gv.setAttr('bignum', arr);
return arr;
}
exports.init = function() {
gv.setAttr('bignum', makeBignum());
gv.setAttr('cfgnum', makeCfgnum());
}

4
src/handler/parser/common/temp.js → src/handler/parser/common/ascii2string.js
View File

@ -1,9 +1,9 @@
// 用于将ascii码数组转字符后拼接
const gv = require('../globalVarible');
const gv = require('@src/handler/globalVarible');
module.exports = function (numarr, start = 0, end = numarr.length) {
const arr = new Array(Math.ceil(numarr.length / gv.cp2[120]));
const idx = 0;
let idx = 0;
while (start < end - gv.cp2[120]) {
arr[idx++] = String.fromCharCode(...numarr.slice(start, start += gv.cp2[120]));
}

2
src/handler/parser/common/encrypt.js → src/handler/parser/common/bitwiseTwoNumarr.js
View File

@ -1,4 +1,4 @@
// 加密两个数组生成新数组
// 将两个数组经过位运算后生成新的数组
const combine4 = require('./combine4');
const gv = require('@src/handler/globalVarible');

91
src/handler/parser/common/getFixedNumber.js Normal file
View File

@ -0,0 +1,91 @@
// 这个文件方法将数据复杂化该方法在cp2不变时返回固定值
const gv = require('@src/handler/globalVarible');
function nummod(num) {
return Math.abs(num) % gv.cp2[52];
}
function one(arr) {
if (arr[nummod(3, 8)]) {
if (6) {
arr[nummod(5, 8)] = 3;
}
}
arr[nummod(4 - 2, 8)] = 1;
arr[0] = 6;
arr[4] = 3 + 1;
}
function two(arr) {
if (3 + 1) {
arr[4] = 2;
}
arr[4] = arr[nummod(3, 8)];
if (arr[nummod(7, 8)]) {
if (2) {
arr[0] = 6;
}
}
arr[4] = arr[nummod(3, 8)];
if (7 + 5) {
arr[0] = 6;
}
arr[0] = arr[nummod(7, 8)];
}
function three(arr) {
arr[nummod(3, 8)] = arr[nummod(6, 8)];
arr[4] = 2;
arr[0] = 6;
}
function four(arr) {
if (2) {
arr[0] = 6;
}
arr[0] = 6;
arr[4] = arr[nummod(3, 8)];
if (7 + 5) {
arr[0] = 6;
}
arr[0] = 7 + 5;
arr[0] = 6;
}
function five(arr) {
if (arr[nummod(3, 8)]) {
if (6) {
arr[nummod(5, 8)] = 3;
}
}
arr[4] = 2;
arr[0] = 7 + 5;
arr[0] = 6;
arr[4] = arr[nummod(3, 8)];
if (7 + 5) {
arr[0] = 6;
}
}
function six(arr) {
if (arr[nummod(7, 8)]) {
if (2) {
arr[nummod(1, 8)] = 7;
}
}
arr[nummod(0 - 6, 8)] = arr[nummod(2, 8)];
arr[0] = 7 + 5;
arr[0] = 6;
arr[4] = 3 + 1;
arr[4] = 3 + 1;
}
module.exports = () => {
const arr = [0, 1, gv.cp2[56], gv.cp2[58], gv.cp2[19], gv.cp2[29], gv.cp2[55], gv.cp2[23]];
[one, two, three, four, five, six].forEach(func => func(arr));
const sum = arr.reduce((ans, it, idx) => {
ans[idx % 2] += it;
return ans;
}, [0, 0]);
return sum[0] & gv.cp2[34] | (sum[1] & gv.cp2[34]) << gv.cp2[52];
}

12
src/handler/parser/common/index.js
View File

@ -1,11 +1,21 @@
const { execRandomByNumber, execNumberByTime } = require('./random');
exports.execNumberByTime = execNumberByTime;
exports.execRandomByNumber = execRandomByNumber;
exports.main = require('./main');
exports.swap = require('./swap');
exports.hexnum = require('./hexnum');
exports.combine4 = require('./combine4');
exports.encrypt = require('./encrypt');
exports.bitwiseTwoNumarr = require('./bitwiseTwoNumarr');
exports.decrypt = require('./decrypt');
exports.extrace = require('./extrace');
exports.decode = require('./decode');
exports.uuid = require('./uuid');
exports.numToNumarr2 = require('./numToNumarr2');
exports.numToNumarr4 = require('./numToNumarr4');
exports.numToNumarr8 = require('./numToNumarr8');
exports.string2ascii = require('./string2ascii');
exports.ascii2string = require('./ascii2string');
exports.getFixedNumber = require('./getFixedNumber');
exports.numarrAddTime = require('./numarrAddTime');
exports.stringEncrypt = require('./stringEncrypt');

14
src/handler/parser/common/numToNumarr2.js Normal file
View File

@ -0,0 +1,14 @@
// 将数字转换为2位数字数组
const gv = require('@src/handler/globalVarible');
module.exports = function (num) {
if (typeof num !== 'number' || num < 0) {
num = 0;
} else if (num > gv.cp2[25]) {
num = gv.cp2[25];
}
return [
num >> gv.cp2[52],
num & gv.cp2[34]
]
}

4
src/handler/parser/common/numToNumarr4.js
View File

@ -10,3 +10,7 @@ module.exports = function (num) {
num & gv.cp2[34]
];
}
module.exports.reverse = function (numarr) {
return (numarr[0] << gv.cp2[4] | numarr[1] << gv.cp2[2] | numarr[2] << gv.cp2[52] | numarr[3]) >>> 0;
}

18
src/handler/parser/common/numToNumarr8.js Normal file
View File

@ -0,0 +1,18 @@
// 将数字转换为8位数字数组
const gv = require('@src/handler/globalVarible');
module.exports = function (num) {
if (typeof num !== 'number' || num < 0) num = 0;
const one = num / gv.cp2[16];
const two = num % gv.cp2[16];
return [
one >> gv.cp2[4] & gv.cp2[34],
one >> gv.cp2[2] & gv.cp2[34],
one >> gv.cp2[52] & gv.cp2[34],
one & gv.cp2[34],
two >> gv.cp2[4] & gv.cp2[34],
two >> gv.cp2[2] & gv.cp2[34],
two >> gv.cp2[52] & gv.cp2[34],
two & gv.cp2[34],
]
}

20
src/handler/parser/common/numarrAddTime.js Normal file
View File

@ -0,0 +1,20 @@
// 数字数组拼接日期后用随机数加密
const gv = require('@src/handler/globalVarible');
const numToNumarr4 = require('./numToNumarr4');
module.exports = function(numarr) {
const ele = Math.ceil(Math.random() * gv.cp2[30]);
const now = Math.floor(new Date().getTime() / 1000);
const arr = [...numarr, ...numToNumarr4(now)].map(it => it ^ ele);
arr.push(ele);
return [arr, now];
}
module.exports.reverse = function(numarr) {
const numarr_new = numarr.slice(0);
const ele = numarr_new.pop();
const arr = numarr_new.map(it => it ^ ele);
const data = arr.slice(0, arr.length - 4);
const time = numToNumarr4.reverse(arr.slice(arr.length - 4));
return [data, time];
}

24
src/handler/parser/common/random.js Normal file
View File

@ -0,0 +1,24 @@
const gv = require('@src/handler/globalVarible');
const _sum = require('lodash/sum');
exports.execNumberByTime = function (times = gv.cp2[58]) {
// 指定时间内的代码循环次数,相比于浏览器瑞数环境删减代码较多, 因此浏览器环境与nodejs环境执行存在较大偏差该方法不建议使用预估返回值为600-1000
if (typeof times !== 'number') return;
const start = new Date();
let i = 0;
while(new Date() - start < times) i++;
return i;
}
exports.execRandomByNumber = function (nums = gv.cp2[108], arr = []) {
// 指定次数的随机数取平均值后四舍五入
if (typeof nums !== 'number') return;
if (arr.length === 0) {
for (let i = 0; i < nums; i++) arr.push(Math.random());
}
const avg = _sum(arr) / nums;
return [
avg * gv.cp2[28],
_sum(arr.map(it => Math.pow(it - avg, gv.cp2[56]))) / nums * gv.cp2[28],
].map(it => Math.round(it));
}

3
src/handler/parser/common/string2ascii.js Normal file
View File

@ -0,0 +1,3 @@
module.exports = (str) => {
return str.split('').map(it => it.charCodeAt());
}

87
src/handler/parser/common/stringEncrypt.js Normal file
View File

@ -0,0 +1,87 @@
const gv = require('@src/handler/globalVarible');
const numarrAddTime = require('./numarrAddTime');
const combine4 = require('./combine4');
const numToNumarr4 = require('./numToNumarr4');
const _zip = require('lodash/zip');
const decrypt = require('./decrypt');
function encode(cfg, val, idx, cfgnum) {
const list = cfg[idx];
const arr = [0, 0, 0, 0];
let one = val[0] ^ list[0]
, two = val[idx ? gv.cp2[58] : 1] ^ list[1]
, three = val[2] ^ list[2]
, four = val[idx ? 1 : gv.cp2[58]] ^ list[3]
, cursor = gv.cp2[19];
for (let i = 0; i < list.length / gv.cp2[19] - gv.cp2[56]; i++) {
const none = cfgnum[0][one >>> gv.cp2[4]] ^ cfgnum[1][two >> gv.cp2[2] & gv.cp2[34]] ^ cfgnum[2][three >> gv.cp2[52] & gv.cp2[34]] ^ cfgnum[3][four & gv.cp2[34]] ^ list[cursor];
const ntwo = cfgnum[0][two >>> gv.cp2[4]] ^ cfgnum[1][three >> gv.cp2[2] & gv.cp2[34]] ^ cfgnum[2][four >> gv.cp2[52] & gv.cp2[34]] ^ cfgnum[3][one & gv.cp2[34]] ^ list[cursor + 1];
const nthree = cfgnum[0][three >>> gv.cp2[4]] ^ cfgnum[1][four >> gv.cp2[2] & gv.cp2[34]] ^ cfgnum[2][one >> gv.cp2[52] & gv.cp2[34]] ^ cfgnum[3][two & gv.cp2[34]] ^ list[cursor + gv.cp2[56]];
four = cfgnum[0][four >>> gv.cp2[4]] ^ cfgnum[1][one >> gv.cp2[2] & gv.cp2[34]] ^ cfgnum[2][two >> gv.cp2[52] & gv.cp2[34]] ^ cfgnum[3][three & gv.cp2[34]] ^ list[cursor + gv.cp2[58]];
cursor += gv.cp2[19];
[one, two, three] = [none, ntwo, nthree]
}
for (let i = 0; i < gv.cp2[19]; i++) {
arr[idx ? gv.cp2[58] & -i : i] = cfgnum[4][one >>> gv.cp2[4]] << gv.cp2[4] ^ cfgnum[4][two >> gv.cp2[2] & gv.cp2[34]] << gv.cp2[2] ^ cfgnum[4][three >> gv.cp2[52] & gv.cp2[34]] << gv.cp2[52] ^ cfgnum[4][four & gv.cp2[34]] ^ list[cursor++];
[one, two, three, four] = [two, three, four, one];
}
return arr;
}
function getCfg(numarr) {
const ret = combine4(numarr.length % gv.cp2[2] !== 0 ? numarrAddTime.reverse(numarr)[0] : numarr);
const cfgnum_0_4 = gv.cfgnum[0][4];
const len = ret.length;
const arr = [];
let i, j, temp;
for (i = len, j = 1; i < gv.cp2[19] * len + gv.cp2[68]; i++) {
temp = ret[i - 1];
if (i % len === 0 || len === gv.cp2[52] && i % len === gv.cp2[19]) {
temp = cfgnum_0_4[temp >>> gv.cp2[4]] << gv.cp2[4] ^ cfgnum_0_4[temp >> gv.cp2[2] & gv.cp2[34]] << gv.cp2[2] ^ cfgnum_0_4[temp >> gv.cp2[52] & gv.cp2[34]] << gv.cp2[52] ^ cfgnum_0_4[temp & gv.cp2[34]];
if (i % len === 0) {
temp = temp << gv.cp2[52] ^ temp >>> gv.cp2[4] ^ j << gv.cp2[4];
j = j << 1 ^ (j >> gv.cp2[23]) * gv.cp2[93];
}
}
ret[i] = ret[i - len] ^ temp;
}
for (j = 0; i; j++, i--) {
temp = ret[j & gv.cp2[58] ? i : i - gv.cp2[19]];
if (i <= gv.cp2[19] || j < gv.cp2[19]) {
arr[j] = temp;
} else {
arr[j] = gv.cfgnum[1][0][cfgnum_0_4[temp >>> gv.cp2[4]]] ^ gv.cfgnum[1][1][cfgnum_0_4[temp >> gv.cp2[2] & gv.cp2[34]]] ^ gv.cfgnum[1][2][cfgnum_0_4[temp >> gv.cp2[52] & gv.cp2[34]]] ^ gv.cfgnum[1][3][cfgnum_0_4[temp & gv.cp2[34]]];
}
}
return [ret, arr];
}
function init(valarr) {
const cfg = getCfg(valarr);
return (namearr, flag) => {
const arr = [];
let arrcom = combine4(namearr);
let arrsub = [];
if (flag) {
arrsub = arrcom.slice(0, gv.cp2[19]);
arrcom = arrcom.slice(gv.cp2[19]);
}
for (let i = 0; i < arrcom.length / gv.cp2[19]; ) {
const next = arrcom.slice(i << gv.cp2[56], ++i << gv.cp2[56]);
let val = encode(cfg, next, 1, gv.cfgnum[1]);
if (arrsub.length) {
val = _zip(val, arrsub).map(([a, b]) => a ^ b);
}
for (let j = 0; j < val.length; j++) {
arr.push(val[j]);
}
arrsub = next;
}
const ret = arr.reduce((ans, it) => ([...ans, ...numToNumarr4(it)]), []);
return ret.slice(0, ret.length - ret[ret.length - 1]);
}
}
module.exports = function (text, valarr, idx = 1) {
return init(valarr)(decrypt(text), idx);
}

1
test/cp0_96.test.js
View File

@ -27,6 +27,7 @@ const valueMap = {
'11.678': hexnum(gv.cp0_96(7, 17)),
'1.234': swap(gv.cp0_96(8, 36)),
'captureStackTrace': main(gv.cp0_96(7, 63))[0],
'16777216': hexnum(gv.cp0_96(6, 76)),
}
test('test cp0_96', () => {

42
test/parser.test.js
View File

@ -7,11 +7,16 @@ const {
hexnum,
combine4,
decrypt,
encrypt,
bitwiseTwoNumarr,
extrace,
decode,
uuid,
numToNumarr4,
numToNumarr8,
execRandomByNumber,
getFixedNumber,
numarrAddTime,
stringEncrypt,
} = require('../src/handler/parser/');
const tsFullPath = paths.exampleResolve('codes', '1-$_ts-full.json');
init(JSON.parse(fs.readFileSync(tsFullPath, 'utf8')));
@ -33,21 +38,44 @@ describe('test parser common', () => {
test('test decrypt', () => {
expect(decrypt('GGZGPQnkMJBUeWs2sLstGIr6oLYDI3AX')).toEqual([130, 15, 32, 137, 204, 131, 108, 219, 215, 244, 196, 229, 78, 132, 202, 129, 240, 119, 30, 133, 70, 125, 132, 46]);
});
test('test encrypt', () => {
expect(encrypt(decrypt('GGZGPQnkMJBUeWs2sLstGIr6oLYDI3AX'), gv.keys[17])).toEqual([7, 0, 0, 6, 47, 115, 103, 116, 109, 105, 0, 0, 0, 0]);
test('test bitwiseTwoNumarr', () => {
expect(bitwiseTwoNumarr(decrypt('GGZGPQnkMJBUeWs2sLstGIr6oLYDI3AX'), gv.keys[17])).toEqual([7, 0, 0, 6, 47, 115, 103, 116, 109, 105, 0, 0, 0, 0]);
});
test('test extrace', () => {
const arr = encrypt(decrypt('GGZGPQnkMJBUeWs2sLstGIr6oLYDI3AX'), gv.keys[17]);
const arr = bitwiseTwoNumarr(decrypt('GGZGPQnkMJBUeWs2sLstGIr6oLYDI3AX'), gv.keys[17]);
expect(extrace(arr)).toEqual([[], [], [47, 115, 103, 116, 109, 105], [], [], [], []]);
});
test('test decode', () => {
const arr = extrace(encrypt(decrypt('GGZGPQnkMJBUeWs2sLstGIr6oLYDI3AX'), gv.keys[17]));
const arr = extrace(bitwiseTwoNumarr(decrypt('GGZGPQnkMJBUeWs2sLstGIr6oLYDI3AX'), gv.keys[17]));
expect(decode(arr[2])).toBe('/sgtmi');
});
test('test uuid', () => {
expect(uuid("Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36")).toBe(2290443310);
});
test('test uuid', () => {
expect(numToNumarr4(uuid("Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36"))).toEqual([136, 133, 100, 46]);
test('test numToNumarr4', () => {
const ua = uuid("Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36");
const numarr = numToNumarr4(ua);
expect(numarr).toEqual([136, 133, 100, 46]);
expect(numToNumarr4.reverse(numarr)).toBe(ua);
});
test('test execRandomByNumber', () => {
const randoms = [0.37630721305483794,0.2049460014355331,0.03410129090487546,0.2559079515317211,0.8377333429169194,0.619292978894294,0.4764635791178553,0.11004709981352878,0.8170060761966771,0.8912536097378767,0.3429872257409361,0.5367431913317162,0.1448222378776065,0.13721258163260086,0.4481790608416749,0.04311100885930985,0.6479884219882253,0.9273382739877349,0.3772136159635484,0.7717630008212142,0.42930838879719513,0.9985907486817889,0.5120853266504071,0.6329456412698085,0.38321486257144755,0.5695697450388872,0.3465729558019228,0.8778743938498155,0.024480669878132133,0.9070571729910759,0.8364410662648827,0.9669481262609505,0.07964482428249209,0.5297012796809408,0.21707900074248832,0.9188445039067206,0.8891992862516525,0.5850359934249489,0.527957313371116,0.37782459814806235,0.9753371617969784,0.9583194759953719,0.20562520266687168,0.6543535471216768,0.9183569514304248,0.6891275630046727,0.15242546632122167,0.4310357539068497,0.3027770541955994,0.13451123317248914,0.6203119685550011,0.6827551212241167,0.3073104017788997,0.9338556600045314,0.3722074026925808,0.43574057511654285,0.5384535459384472,0.3337761997946602,0.19885586866091054,0.3508775524265033,0.5119992383579299,0.36780327787218337,0.42221833899684724,0.11657126994371492,0.9298990516926506,0.0321849565507113,0.32944413386321036,0.14344209098548966,0.46021855121620003,0.8499248665702428,0.3368607733729687,0.2841884826356751,0.2750956232497943,0.06926311510145133,0.6381030029388948,0.05110415814304714,0.08773716922264008,0.021305098235796294,0.4359464033542948,0.6969103629361093,0.7713124866246208,0.5982446587781842,0.19015508004688697,0.5934645228072788,0.99154595778769,0.6112663700541248,0.4665216313510534,0.6221792047459951,0.8294207139375269,0.9589407138679342,0.11675372570297649,0.007631410573399888,0.40959542468137955,0.41510808627149975,0.5123086579716352,0.7497877285646639,0.10999323473542444,0.9814640696203702];
expect(execRandomByNumber(undefined, randoms)).toEqual([49, 9]);
})
test('test numToNumarr8', () => {
expect(numToNumarr8(3127628117497590)).toEqual([0, 11, 28, 143, 170, 238, 214, 246]);
});
test('test getFixedNumber', () => {
expect(getFixedNumber()).toBe(5900);
});
test('test numarrAddTime', () => {
const [arr, time] = numarrAddTime([1, 2, 3, 4]);
const [rarr, rtime] = numarrAddTime.reverse(arr);
expect(time).toBe(rtime);
expect(rarr).toEqual([1, 2, 3, 4]);
});
test('test stringEncrypt', () => {
const arr = numarrAddTime(gv.keys[gv.cp2[2]])[0];
expect(stringEncrypt('LjFNq_oZCsth6KJ9xHOin6RRhL4fQt7Vsn8YCz9dRjl', arr)).toEqual([166, 66, 100, 55, 95, 100, 1, 0]);
});
});

23
test/r2mka.test.js Normal file
View File

@ -0,0 +1,23 @@
const paths = require('@utils/paths');
const fs = require('fs');
const {
init,
ascii2string,
} = require('../src/handler/parser/');
const tsFullPath = paths.exampleResolve('codes', '1-$_ts-full.json');
init(JSON.parse(fs.readFileSync(tsFullPath, 'utf8')));
const gv = require('@src/handler/globalVarible');
const valueMap = {
'1698026159': ascii2string(gv.keys[gv.cp2[101]]),
'2098631147': ascii2string(gv.keys[gv.cp2[15]]),
'4': ascii2string(gv.keys[gv.cp2[4]]),
'47': ascii2string(gv.keys[gv.cp2[35]]),
'52': ascii2string(gv.keys[gv.cp2[81]]),
}
test('test r2mka', () => {
Object.entries(valueMap).forEach(([tb, ex]) => {
expect(tb).toBe(ex);
})
});