最新h5st(4.7.2)参数分析与纯算法还原(含算法源码)

文章目录

  • 1. 写在前面
  • 2. 加密分析
  • 3. 算法还原

【🏠作者主页】:吴秋霖
【💼作者介绍】:擅长爬虫与JS加密逆向分析!Python领域优质创作者、CSDN博客专家、阿里云博客专家、华为云享专家。一路走来长期坚守并致力于Python与爬虫领域研究与开发工作!
【🌟作者推荐】:对爬虫领域以及JS逆向分析感兴趣的朋友可以关注《爬虫JS逆向实战》《深耕爬虫领域》
未来作者会持续更新所用到、学到、看到的技术知识!包括但不限于:各类验证码突防、爬虫APP与JS逆向分析、RPA自动化、分布式爬虫、Python领域等相关文章

作者声明:文章仅供学习交流与参考!严禁用于任何商业与非法用途!否则由此产生的一切后果均与作者无关!如有侵权,请联系作者本人进行删除!

1. 写在前面

  又是一个忙碌的周末!其实最新有研究很多新的东西~但一直也没时间去写文章!上次发布的关于h5st参数的文章,是4.2版本的,批量商品价格查询。没几天全部更新到了4.7,现在小版本也是更新不断!不过小版本并不会受到太大的一个影响,本次文章更新的算法分析还原为最新4.7大版本下的4.7.2小版本~~

在这里插入图片描述

2. 加密分析

首先,接口请求的参数啥的就不再过多的去分析,主要看看核心点,目前全部VMP化,先把加密值拿出来,如下所示:

20240602103029809;5gtm6nz5ygggi9i8;f06cc;tk03w83c31b9341lMXgxWV9ScV9T5XO0c4lf3D7C4_8ewrP-y5CbOpQMxXJtPJoRrTYLui0MOiXN6oSSmP8Lwj0A6ghi;41cfe0ef53fa6ef42f0c090e80fac571be52efc6d951c5749036fb8edc892de3;4.7;1717295429809;TKmW3TyExztvDjBvYW30spstXUA9USbfpQA2Z0cZM9L1VhcxddydRM47xpgvr9gF1nxvSbHGC822PZqAj-untQlDF4PnJ0Hf1Ilqo8hI63Ymujt8frJjHYiCZK_VL5qL6uWRqrkdShS9QVb-UatJZSq8fRWDAxec-u0Ix4xN0XCKsQk4deD2JTt97sw4UlkGVqXbTOnXzyEQ-GTGuMi_gO-qtogbuof-tt5aNubxmj2ZcBxUGJOC9AkC1m6rZFKpSRCIob0WfsB6qSaH7fCv0-Ec7AwbiRbE_7C6-dAuo8ua3M8D4UdUNQAep_YCy4xEV_zuUUgKb3noPhz7rTiN1tS03CdM-n9YKsQaAEuJdlXhUQV8fY_p5xIpUsrVxOLCu7nZggE7nDk8PeheJO0dl8zjLad9Prk3hGJ0DQIeqffFGvzEemLTD52YgeDqWQHLXbk3

4.2之前是没有sign签名段的,可以看到整个加密参数的值跟上次的4.2是有区别的!同样经过多块组合拼接而成的 ,不过最新的以分号拆开大约分为8个部分了!

第一部分是一个时间格式的字符串,后续我们可以自行生成

第二部分则是fingerprint指纹,这个是需要算法生成的,第三部分可固定

第四部分tk则拼接多个参数加上指纹通过加密算法生成

第五部分签名Sign参数,通过对Token、fingerprint、时间戳、APPID

第六部分分别是算法的版本号以及时间戳!这个自行填写

第七部分时间戳

最后一部分的大长串则是上面参数经过最终AES加密生成

3. 算法还原

接下来这里作者按上面拆分出来的几部分,附上扣出来的算法并附上粗浅的讲解,第部分的时间戳这里也给一下,主打的就是喂饭,时间参代码实现如下:

function timestampToFormat(timestamp) {const date = new Date(timestamp);const pad = (num, size) => String(num).padStart(size, '0');return `${date.getFullYear()}${pad(date.getMonth() + 1, 2)}${pad(date.getDate(), 2)}${pad(date.getHours(), 2)}${pad(date.getMinutes(), 2)}${pad(date.getSeconds(), 2)}${pad(date.getMilliseconds(), 3)}`;
}

部分我们需要还原的是FP的指纹,加密算法实现如下:

!function () {function t(e) {for (var t = "", r = 0; r < e.length;) {var n = e.charCodeAt(r++);t += n > 63 ? String.fromCharCode(32 ^ n) : 35 == n ? e.charAt(r++) : String.fromCharCode(n)}return t}var r = [t("SIZE"), "num", t("SPLIT"), "", t("DEFAULT"), t("CALL"), t("PUSH"), "pop", t("TOsTRING"), t("JOIN"), t("DEFAULT"), t("CALL"), t("REPLACE"), ""], n = Function.prototype.call,a = [2, 66, 17, 98, 16, 25, 286, 76, 37, 17, 58, 16, 13, 25, -2821, 25, -8150, 68, 25, 10976, 68, 91, 74, 17, 26, 16, 4, 78, 17, 73, 16, 13, 7, 91, 62, 17, 36, 16, 32, 88, 80, 0, 46, 80, 1, 76, 7, 68, 36, 16, 32, 25, -3718, 25, 2322, 68, 25, 1412, 68, 25, 575, 25, 6105, 68, 25, -6675, 68, 3, 88, 3, 25, 6578, 25, -9306, 68, 25, 2729, 68, 3, 80, 0, 46, 80, 1, 76, 68, 88, 68, 5, 17, 48, 70, 2, 52, 3, 76, 54, 17, 63, 17, 60, 93, 4, 40, 72, 76, 70, 5, 72, 25, 8402, 25, -5374, 68, 25, -3028, 68, 25, -8134, 25, -8213, 68, 25, 16362, 68, 65, 71, 17, 63, 17, 60, 93, 4, 40, 72, 76, 70, 5, 72, 25, 6175, 25, 4230, 68, 25, -10390, 68, 91, 79, 17, 67, 0, 33, 17, 30, 45, 95, 70, 6, 25, -5057, 25, 6375, 68, 25, -1283, 68, 63, 17, 49, 93, 4, 40, 87, 70, 7, 4, 25, 3357, 25, -5902, 68, 25, 2581, 68, 91, 3, 70, 8, 25, -8817, 25, 8543, 68, 25, 310, 68, 76, 76, 17, 87, 51, 25, 8755, 25, -8004, 68, 25, -751, 68, 34, 42, -56, 63, 17, 69, 93, 4, 40, 95, 76, 70, 5, 95, 14, 91, 33, 17, 95, 70, 9, 52, 3, 76, 29, 17, 27, 90, 39, 73, -2215, 73, -5180, 68, 73, 7395, 68, 94, 58, 50, 44, 49, 58, 76, 21, 0, 71, 4, 93, 70, 1, 4, 11, 79, 22, 84, 55, 58, 82, 73, -6046, 73, -7717, 68, 73, 13764, 68, 2, 60, 86, 11, 4, 70, 2, 11, 79, 22, 98, 3, 84, 39, 58, 27, 58, 79, 11, 36, 74, 91, -48, 4, 90, 20], o = zk, i = Array.from, c = Symbol, s = eh, u = Array.isArray, l = Og.exports;var generateVisitKey = function () {for (var e, t, o, i, c, s, u, l, p, v, d, _, x = n, S = a, A = [], E = 0; ;)switch (S[E++]) {case 2:A.push(y);break;case 3:_ = A.pop(),A[A.length - 1] -= _;break;case 4:null != A[A.length - 1] ? A[A.length - 2] = x.call(A[A.length - 2], A[A.length - 1]) : (_ = A[A.length - 2],A[A.length - 2] = _()),A.length--;break;case 5:s = A[A.length - 1];break;case 7:A.push(o);break;case 13:A.push(t);break;case 14:A.push(p);break;case 16:A.push(null);break;case 17:A.pop();break;case 25:A.push(S[E++]);break;case 26:A.push(b);break;case 27:A.push(d);break;case 29:d = A[A.length - 1];break;case 30:E += S[E];break;case 32:A.push({});break;case 33:v = A[A.length - 1];break;case 34:_ = A.pop(),A[A.length - 1] = A[A.length - 1] > _;break;case 36:A.push(m);break;case 37:t = A[A.length - 1];break;case 39:return;case 40:A.push(void 0);break;case 42:A.pop() ? E += S[E] : ++E;break;case 46:A.push(c);break;case 48:A.push(s);break;case 49:A.push(h);break;case 51:A[A.length - 1] = A[A.length - 1].length;break;case 52:A.push(r[S[E++]]);break;case 54:u = A[A.length - 1];break;case 58:A.push(k);break;case 60:A.push(f);break;case 62:c = A[A.length - 1];break;case 63:A.push(0);break;case 65:A[A.length - 5] = x.call(A[A.length - 5], A[A.length - 4], A[A.length - 3], A[A.length - 2], A[A.length - 1]),A.length -= 4;break;case 66:e = A[A.length - 1];break;case 67:A.push(new Array(S[E++]));break;case 68:_ = A.pop(),A[A.length - 1] += _;break;case 69:A.push(g);break;case 70:A.push(A[A.length - 1]),A[A.length - 2] = A[A.length - 2][r[S[E++]]];break;case 71:l = A[A.length - 1];break;case 72:A.push(u);break;case 73:A.push(w);break;case 74:o = A[A.length - 1];break;case 76:null != A[A.length - 2] ? (A[A.length - 3] = x.call(A[A.length - 3], A[A.length - 2], A[A.length - 1]),A.length -= 2) : (_ = A[A.length - 3],A[A.length - 3] = _(A[A.length - 1]),A.length -= 2);break;case 78:i = A[A.length - 1];break;case 79:p = A[A.length - 1];break;case 80:A[A.length - 2][r[S[E++]]] = A[A.length - 1],A.length--;break;case 87:A.push(l);break;case 88:A.push(i);break;case 90:return A.pop();case 91:A[A.length - 4] = x.call(A[A.length - 4], A[A.length - 3], A[A.length - 2], A[A.length - 1]),A.length -= 3;break;case 93:A[A.length - 1] = A[A.length - 1][r[S[E++]]];break;case 95:A.push(v);break;case 98:A.push(e)}};var h = l(nm), f = l(zk), g = l(j_), p = l(Rk);function v(e, t) {var r = void 0 !== c && s(e) || e["@@iterator"];if (!r) {if (u(e) || (r = function (e, t) {var r;if (!e)return;if ("string" == typeof e)return d(e, t);var n = o(r = Object.prototype.toString.call(e)).call(r, 8, -1);"Object" === n && e.constructor && (n = e.constructor.name);if ("Map" === n || "Set" === n)return i(e);if ("Arguments" === n || /^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n))return d(e, t)}(e)) || t && e && "number" == typeof e.length) {r && (e = r);var n = 0, a = function () {};return {s: a,n: function () {return n >= e.length ? {done: !0} : {done: !1,value: e[n++]}},e: function (e) {throw e},f: a}}throw new TypeError("Invalid attempt to iterate non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}var l, h = !0, f = !1;return {s: function () {r = r.call(e)},n: function () {var e = r.next();return h = e.done,e},e: function (e) {f = !0,l = e},f: function () {try {h || null == r.return || r.return()} finally {if (f)throw l}}}}function d(e, t) {(null == t || t > e.length) && (t = e.length);for (var r = 0, n = new Array(t); r < t; r++)n[r] = e[r];return n}function b() {return 10 * Math.random() | 0}function y(e, t) {var r = _();return y = function (t, n) {var a = r[t -= 280];if (void 0 === y.RpSzcS) {y.licQQm = function (e) {for (var t, r, n = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=", a = "", o = "", i = 0, c = 0; r = e.charAt(c++); ~r && (t = i % 4 ? 64 * t + r : r,i++ % 4) ? a += String.fromCharCode(255 & t >> (-2 * i & 6)) : 0)r = (0,p.default)(n).call(n, r);for (var s = 0, u = a.length; s < u; s++) {var l;o += "%" + (0,f.default)(l = "00" + a.charCodeAt(s).toString(16)).call(l, -2)}return decodeURIComponent(o)},e = arguments,y.RpSzcS = !0}var o = t + r[0].substring(0, 2), i = e[o];return i ? a = i : (a = y.licQQm(a),e[o] = a),a},y(e, t)}function k(e, t) {var r, n = [], a = e.length, o = v(e);try {for (o.s(); !(r = o.n()).done;) {var i = r.value;if (Math.random() * a < t && (n.push(i),0 == --t))break;a--}} catch (e) {o.e(e)} finally {o.f()}for (var c = "", s = 0; s < n.length; s++) {var u = Math.random() * (n.length - s) | 0;c += n[u],n[u] = n[n.length - s - 1]}return c}function m(e) {for (var t = e.size, r = e.num, n = ""; t--;)n += r[Math.random() * r.length | 0];return n}function w(e, t) {for (var o, i, c, s = n, u = a, l = [], h = 239; ;)switch (u[h++]) {case 2:l[l.length - 1] = -l[l.length - 1];break;case 4:l.push(e);break;case 11:l.push(t);break;case 20:return;case 21:l[l.length - 1] = l[l.length - 1][r[10 + u[h++]]];break;case 22:l[l.length - 2] = l[l.length - 2][l[l.length - 1]],l.length--;break;case 27:l.push(o++);break;case 36:l[l.length - 1] = l[l.length - 1].length;break;case 39:e = l[l.length - 1];break;case 49:l.push(0);break;case 50:h += u[h];break;case 55:i = l[l.length - 1];break;case 58:l.pop();break;case 60:c = l.pop(),l[l.length - 1] = l[l.length - 1] !== c;break;case 68:c = l.pop(),l[l.length - 1] += c;break;case 70:l.push(l[l.length - 1]),l[l.length - 2] = l[l.length - 2][r[10 + u[h++]]];break;case 71:l.push(void 0);break;case 73:l.push(u[h++]);break;case 74:c = l.pop(),l[l.length - 1] = l[l.length - 1] < c;break;case 76:l.push(p);break;case 79:l.push(o);break;case 82:l.push(i);break;case 84:l[l.length - 4] = s.call(l[l.length - 4], l[l.length - 3], l[l.length - 2], l[l.length - 1]),l.length -= 3;break;case 86:l[l.length - 1] ? (++h,--l.length) : h += u[h];break;case 90:return l.pop();case 91:l.pop() ? h += u[h] : ++h;break;case 93:null != l[l.length - 2] ? (l[l.length - 3] = s.call(l[l.length - 3], l[l.length - 2], l[l.length - 1]),l.length -= 2) : (c = l[l.length - 3],l[l.length - 3] = c(l[l.length - 1]),l.length -= 2);break;case 94:o = l[l.length - 1];break;case 98:l.push(r[10 + u[h++]])}}function _() {var e = ["ndqXnZqYofn2uw90Ca", "nJyYmtm3Cvrcvhvc", "mty2ntG2nhrZsg9WtW", "mJjMswjnv0C", "mte5mte0nwP4ugrqAW", "nNHJEvrWva", "odiXmJqXnLf6vKfgvW", "ouPpuNDkDa", "mta0ntK5mgTPwM5TAW", "mMT4AhLiDq", "nZe3nJq4yKHWwunj", "mxvJDdzKmgPOCq", "mZbqBvzVCfu"];return (_ = function () {return e})()}!function (e, t) {for (var r = y, n = e(); ;)try {if (676921 === -(0,h.default)(r(284)) / 1 * ((0,h.default)(r(285)) / 2) + (0,h.default)(r(280)) / 3 * ((0,h.default)(r(290)) / 4) + -(0,h.default)(r(292)) / 5 * ((0,h.default)(r(287)) / 6) + (0,h.default)(r(289)) / 7 + (0,h.default)(r(281)) / 8 * ((0,h.default)(r(282)) / 9) + -(0,h.default)(r(283)) / 10 + -(0,h.default)(r(291)) / 11 * (-(0,h.default)(r(288)) / 12))break;n.push(n.shift())} catch (e) {n.push(n.shift())}}(_)
}();

部分的APPID直接取AID即可,这里不需要过多的分析

接下来就是第部分的Token生成了,加密算法实现如下所示:

var getLocalTK;
!function () {function t(e) {for (var t = "", r = 0; r < e.length;) {var n = e.charCodeAt(r++);t += n > 63 ? String.fromCharCode(53 ^ n) : 35 == n ? e.charAt(r++) : String.fromCharCode(n)}return t}var r = ["tk", t("XTR#iV"), "03", t("CPGF#iZ["), "w", t("EYTASZGX"), "41", t("PME#iGPF"), "l", t("EGZQ@VPG"), t("PMEG"), t("V#iE]PG"), t("TQYPG32"), t("RPAgT[QZX|qeGZ"), t("F#iOP"), t("Q#iVAaLEP"), t("V@FAZXq#iVA"), "", t("QPST@YA"), "C2", t("ETGFP"), t("P[VGLEA"), t("_Z#i["), "iv", t("SGZXwTFP64"), t("FAG#i[R#iSL"), t("V#iE]PGAPMA"), t("QPST@YA"), t("EGZAZALEP"), t("VTYY"), "set", "buf", t("AZfAG#i[R"), t("F@WFAG"), t("V]TGvZQPtA"), t("V]TGvZQPtA"), t("V]TGvZQPtA"), t("SYZZG"), "pow", t("FPA`#i[A32"), t("FPA|[A16"), t("RPAgT[QZX|qeGZ"), t("F#iOP"), t("Q#iVAaLEP"), t("V@FAZXq#iVA"), "1", "2", "3", "+", "x", t("SYZZG"), t("GT[QZX"), "", t("F@WFAG"), t("QPST@YA"), t("ETGFP"), t("FAG#i[R#iSL"), t("SGZXwTFP64")], n = Function.prototype.call,a = [23, 64, 79, 28, 21, 0, 99, 1, 79, 28, 21, 2, 99, 3, 79, 28, 21, 4, 99, 5, 79, 28, 21, 6, 99, 7, 79, 28, 21, 8, 99, 9, 79, 28, 50, 11, 49, 99, 10, 79, 28, 12, 11, 53, 46, 99, 11, 79, 28, 24, 11, 28, 29, 1, 28, 29, 3, 17, 28, 29, 5, 17, 28, 29, 7, 17, 28, 29, 9, 17, 28, 29, 10, 17, 28, 29, 11, 17, 46, 99, 12, 79, 28, 29, 1, 28, 29, 3, 17, 28, 29, 5, 17, 28, 29, 12, 17, 28, 29, 7, 17, 28, 29, 9, 17, 28, 29, 10, 17, 28, 29, 11, 17, 51, 35, 45, 75, 54, 64, 54, 70, 20, 0, 63, 5, 4, 32, 69, 1, 28, 81, 4, 178, 40, 69, 2, 81, 69, 3, 40, 6, 54, 68, 4, 42, 54, 64, 54, 86, 20, 5, 63, 21, 61, 54, 68, 6, 99, 54, 28, 81, 4, 182, 40, 52, 54, 31, 81, 95, 16, 19, 10, 18, 38, 54, 26, 98, 81, 78, 40, 83, 42, 54, 26, 98, 81, 19, 40, 83, 42, 54, 26, 98, 81, 10, 40, 83, 42, 54, 26, 22, 81, 16, 40, 83, 42, 54, 26, 98, 81, 95, 40, 83, 42, 54, 97, 20, 5, 80, 7, 26, 40, 27, 54, 76, 20, 5, 80, 8, 39, 47, 20, 5, 80, 7, 77, 40, 5, 47, 20, 5, 80, 7, 29, 80, 9, 68, 4, 40, 40, 69, 10, 73, 89, 54, 64, 54, 70, 20, 11, 63, 56, 20, 5, 80, 12, 37, 20, 13, 40, 40, 88, 7, 14, 10, 70, 74, 20, 22, 253, 22, -2067, 96, 22, 1830, 96, 60, 52, 70, 17, 70, 98, 51, 0, 20, 97, 51, 1, 53, 25, 2, 75, 73, 19, 70, 65, 15, 49, 53, 91, 70, 74, 20, 22, -1530, 22, 415, 96, 22, 1117, 96, 60, 68, 70, 17, 70, 98, 51, 0, 20, 97, 51, 1, 53, 25, 2, 48, 92, 19, 70, 74, 20, 22, -7373, 22, 4503, 96, 22, 2882, 96, 60, 16, 70, 17, 70, 98, 51, 0, 20, 97, 51, 1, 53, 25, 2, 81, 84, 19, 70, 74, 20, 22, 5169, 22, -9153, 96, 22, 4022, 96, 60, 30, 70, 33, 25, 3, 48, 53, 70, 33, 25, 3, 81, 22, -7348, 22, 4861, 96, 22, 2489, 96, 19, 70, 33, 25, 3, 43, 22, -7830, 22, -2494, 96, 22, 10338, 96, 19, 70, 33, 25, 3, 75, 22, 6556, 22, -649, 96, 22, -5885, 96, 19, 70, 13, 51, 0, 25, 4, 33, 53, 71, 70, 83, 22, 8329, 22, -2927, 96, 22, -5402, 96, 21, 71, 70, 76, 15, 22, 187, 53, 83, 25, 5, 22, -3433, 22, 1157, 96, 22, 2292, 96, 53, 96, 72, 70, 47, 25, 6, 47, 32, 22, -47, 22, -1896, 96, 22, 1951, 96, 86, 53, 89, 57, 79, 77, 67, 12, 0, 77, 56, 62, 4, 30, 23, 45, 87, 9, 0, 45, 15, 62, 95, 16, 2, 51, 30, 44, 0, 51, 4, 24, 1, 7, 69, 24, 64, 5, 42, 77, 78, 0, 98, 77, 78, 1, 65, 6751, 65, -342, 81, 65, -6407, 81, 65, 5336, 65, -6432, 81, 65, 1128, 81, 72, 95, 13, 85, 42, 98, 77, 78, 1, 65, -310, 65, 8475, 81, 65, -8163, 81, 65, 32, 72, 88, 1, 42, 94, 24, 65, 5048, 65, -9090, 81, 65, 4050, 81, 2, 67, 42, 8, 24, 32, 2, 37, 42, 12, 71, 32, 16, 78, 2, 65, -5825, 65, -8303, 81, 65, 14128, 81, 47, 12, 34, 42, 16, 78, 2, 65, -4393, 65, -6070, 81, 65, 10467, 81, 56, 12, 34, 80, 30, 16, 78, 2, 65, -8374, 65, -5679, 81, 65, 14053, 81, 56, 12, 34, 42, 16, 78, 2, 65, 5472, 65, -7245, 81, 65, 1777, 81, 47, 12, 34, 42, 52, 24, 32, 2, 20, 93, 94, 60, 29, 2, 79, 92, 78, 62, 60, 1, 79, 59, 0, 29, -4658, 29, -4430, 87, 29, 9088, 87, 29, 6433, 29, 9036, 87, 29, -15213, 87, 48, 0, 85, 85, 97, 78, 27, 60, 1, 79, 29, 6857, 29, -8577, 87, 29, 1720, 87, 4, 29, -353, 29, -2847, 87, 29, 3456, 87, 42, 37, 99, 2, 7, 71, 62, 71, 30, 63, 0, 29, 12, 35, 32, 93, 1, 18, 8, 35, 178, 48, 93, 2, 8, 93, 3, 48, 85, 71, 36, 3, 62, 53, 4, 17, 92, 53, 5, 17, 35, 2, 53, 6, 17, 24, 71, 36, 2, 62, 53, 7, 17, 92, 53, 8, 17, 27, 71, 35, -1160, 35, -3905, 84, 35, 5067, 84, 21, 45, 9, 21, 45, 10, 14, 35, 5398, 35, 8267, 84, 35, -13661, 84, 78, 48, 84, 81, 71, 53, 11, 83, 71, 35, 6113, 35, -8607, 84, 35, 2494, 84, 22, 71, 41, 63, 61, 59, 21, 45, 9, 21, 45, 10, 14, 35, 4505, 35, -8459, 84, 35, 3957, 84, 78, 48, 31, 84, 83, 71, 3, 49, 35, -7624, 35, 707, 84, 35, 6918, 84, 76, 97, 95, 23, 61, 60, 21, 45, 9, 21, 45, 10, 14, 35, -7093, 35, -9161, 84, 35, 16256, 84, 78, 48, 31, 84, 83, 71, 56, 71, 3, 49, 97, 86, -66, 61, 69, 35, -8937, 35, -657, 84, 35, 9603, 84, 97, 95, 27, 61, 1, 45, 12, 35, -1991, 35, -3690, 84, 35, 5681, 84, 35, 3277, 35, -1882, 84, 35, -1386, 84, 61, 69, 76, 32, 84, 83, 71, 38, 63, 13, 45, 14, 61, 48, 94, 71, 23, 63, 13, 45, 15, 15, 48, 19, 71, 62, 71, 30, 63, 16, 29, 74, 48, 65, 44], o = Og.exports;var genLocalTK = function (e) {for (var t, o, i = n, c = a, s = [], u = 0; ;)switch (c[u++]) {case 11:s.push(null);break;case 12:s.push(x);break;case 17:o = s.pop(),s[s.length - 1] += o;break;case 21:s.push(r[c[u++]]);break;case 23:s.push({});break;case 24:s.push(_);break;case 28:s.push(t);break;case 29:s[s.length - 1] = s[s.length - 1][r[c[u++]]];break;case 35:return;case 46:null != s[s.length - 2] ? (s[s.length - 3] = i.call(s[s.length - 3], s[s.length - 2], s[s.length - 1]),s.length -= 2) : (o = s[s.length - 3],s[s.length - 3] = o(s[s.length - 1]),s.length -= 2);break;case 49:null != s[s.length - 1] ? s[s.length - 2] = i.call(s[s.length - 2], s[s.length - 1]) : (o = s[s.length - 2],s[s.length - 2] = o()),s.length--;break;case 50:s.push(j);break;case 51:return s.pop();case 53:s.push(e);break;case 64:t = s[s.length - 1];break;case 79:s.pop();break;case 99:s[s.length - 2][r[c[u++]]] = s[s.length - 1],s[s.length - 2] = s[s.length - 1],s.length--}};var i = o(nm), c = o(cm), s = o(Rk), u = o(zk), l = o(xm), h = o(Om), f = vx, g = o(eA.exports), p = o(rA.exports), v = o(tA.exports), d = o($S.exports), b = o(yA), y = S;!function (e, t) {for (var r = S, n = e(); ;)try {if (569306 === (0,i.default)(r(173)) / 1 + (0,i.default)(r(175)) / 2 * (-(0,i.default)(r(188)) / 3) + -(0,i.default)(r(179)) / 4 * (-(0,i.default)(r(177)) / 5) + (0,i.default)(r(174)) / 6 * ((0,i.default)(r(184)) / 7) + -(0,i.default)(r(186)) / 8 + -(0,i.default)(r(180)) / 9 * ((0,i.default)(r(183)) / 10) + -(0,i.default)(r(176)) / 11 * ((0,i.default)(r(181)) / 12))break;n.push(n.shift())} catch (e) {n.push(n.shift())}}(w);var k = y(185), m = ["01", "02", "03", "04", "05", "06", "07", "08"];function w() {var e = ["mdaWmdaWmda", "ndK0nZLNr3vswMW", "mta0mZy5owvft0Lhzq", "mta0odjODNngCKO", "ndbvqvzcq1i", "ode3m2DqBxjfta", "mZG3ndyZmhjSvxfsEa", "Bwf4", "nhPZsurozW", "nJCXmJaYovbVwKfNvW", "nJi2nhzjqMnZsq", "sZnYt3fntdbrCsze", "mtbIu0Xbuhi", "mZK2mKrLBwH2zG", "puyPp243qf1prLG2mMjunq", "nJe5nZa3mNjJuK5xrq"];return (w = function () {return e})()}function _(e) {var t = y, r = b.default.str(e);r >>>= 0;var n = t(187) + r.toString(16);return n.substr(n.length - 8)}function S(e, t) {var r = w();return S = function (t, n) {var a = r[t -= 173];if (void 0 === S.zUShtv) {S.CXUmZy = function (e) {for (var t, r, n = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=", a = "", o = "", i = 0, c = 0; r = e.charAt(c++); ~r && (t = i % 4 ? 64 * t + r : r,i++ % 4) ? a += String.fromCharCode(255 & t >> (-2 * i & 6)) : 0)r = (0,s.default)(n).call(n, r);for (var l = 0, h = a.length; l < h; l++) {var f;o += "%" + (0,u.default)(f = "00" + a.charCodeAt(l).toString(16)).call(f, -2)}return decodeURIComponent(o)},e = arguments,S.zUShtv = !0}var o = t + r[0].substring(0, 2), i = e[o];return i ? a = i : (a = S.CXUmZy(a),e[o] = a),a},S(e, t)}function E(e) {return (0,h.default)(Array.prototype).call(e, (function (e) {var t;return (0,u.default)(t = "00" + (255 & e).toString(16)).call(t, -2)})).join("")}function C(e) {var t = new Uint8Array(e.length);return (0,l.default)(Array.prototype).call(t, (function (t, r, n) {n[r] = e.charCodeAt(r)})),E(t)}function O(e) {return E(T(e))}getLocalTK = genLocalTK
}();

直接调用getLocalTK,入参则是上面的get_fingerprint指纹值

部分的Sign签名其实算比较复杂的一部分了,多参数参与了加密,核心算法实现如下:

!function () {function t(e) {for (var t = "", r = 0; r < e.length;) {var n = e.charCodeAt(r++);t += n > 63 ? String.fromCharCode(24 ^ n) : 35 == n ? e.charAt(r++) : String.fromCharCode(n)}return t}var r = ["", t("|}~ymtl"), t("kljqv#gq~a"), t("hyjk}"), t("lwZyk}64"), t("GGhyjk}Lws}v"), t("uyl{p"), t("FC123E(C`+EC123E)+"), t("khtql"), t("G|}~ymtlYt#gwjqlpu"), t("{ytt"), "log", t("G|}zm#g"), "", t("TW[YTGYT_WJQLPUGHJ]^Q@"), "+", "x", t("GGyt#gwjqlpu"), t("|}~ymtl"), t("{ytt"), t("|}~ymtl"), t("{ytt"), t("rwqv"), "&", t("lwKljqv#g"), "log", t("G|}zm#g"), "key", ":", t("nytm}"), "", t("|}~ymtl"), t("~wjuyl"), "07", t("GqkVwjuyt"), t("GG#g}vS}a"), t("Glws}v"), t("G~qv#g}jhjqvl"), t("GyhhQ|"), t("yt#gwk"), t("lwKljqv#g"), t("#g}vTw{ytLS"), t("G|}~ymtlLws}v"), t("GG#g}v#D}~ymtlS}a"), t("GG#g}vKq#gv"), t("{ytt"), t("rwqv"), ",", t("]VNQJWVU]VL"), t("GG#g}vKq#gvHyjyuk"), "log", t("G|}zm#g"), "key", t("kq#gvKlj"), t("Gkls"), t("Gkl}"), t("p5kl"), t("GwvKq#gv"), t("{w|}"), t("u}kky#g}"), t("Gn}jkqwv"), "v", t("GGRKGK][MJQLAGN]JKQWV"), t("kmzGn"), t("}`l}v|"), t("]jj[w|}k"), t("_]V]JYL]GKQ_VYLMJ]G^YQT]#D"), t("LWS]VG]UHLA"), "key", t("}vn[wtt}{l"), t("G~qv#g}jhjqvl"), "fp", t("Gzm{s}l"), t("|}~ymtl"), "log", t("G|}zm#g"), t("}v{jahl"), t("hyjk}"), "01", "02", "03", "04", "05", "06", "07", "08", t("rwqv"), "", "iv", t("}v{w|}"), t("{qhp}jl}`l"), t("|}~ymtl"), t("ojyh"), t("v}`l"), t("hj}n"), 0, 5, 10, 13, "end", t("|}~ymtl"), t("GG{p}{sHyjyuk"), t("yzjmhl"), t("j}lmjv"), t("GGj}im}kl#D}hk"), t("GG{wtt}{l"), t("GGuys}Kq#gv"), "log", t("G|}zm#g"), "ms", t("{yl{p"), "t0", t("GwvKq#gv"), t("]jj[w|}k"), t("MVPYV#DT]#DG]JJWJ"), t("{w|}"), t("u}kky#g}"), t("Gn}jkqwv"), "v", t("GGRKGK][MJQLAGN]JKQWV"), t("kmzGn"), t("}`l}v|"), t("klwh")], n = Function.prototype.call,o = [75, 1, 29, 51, 66, 29, 41, 0, 21, 29, 91, 68, 76, 397, 15, 79, 29, 41, 0, 3, 96, 40, 96, 4, 96, 56, 96, 90, 96, 53, 29, 16, 30, 1, 44, 2, 6, 30, 1, 44, 3, 88, 29, 85, 30, 4, 22, 75, 44, 5, 3, 76, 6038, 76, 6806, 96, 76, -12828, 96, 76, 4468, 76, -656, 96, 76, -3784, 96, 35, 15, 15, 15, 72, 29, 57, 44, 6, 37, 7, 15, 84, 29, 81, 77, 43, 81, 76, 8106, 76, 2295, 96, 76, -10401, 96, 9, 33, 29, 23, 44, 8, 41, 0, 15, 50, 29, 31, 9, 71, 29, 41, 0, 18, 29, 88, 29, 48, 30, 1, 22, 26, 15, 44, 10, 26, 32, 36, 29, 88, 29, 85, 30, 11, 22, 31, 12, 91, 68, 76, 413, 15, 62, 96, 91, 68, 76, 376, 15, 96, 57, 96, 91, 68, 76, 405, 15, 96, 87, 96, 36, 29, 87, 43, 98, 31, 32, 15, 41, 69, 96, 12, 43, 64, 85, 0, 48, 28, 1, 26, 69, 26, 90, 32, 62, 30, 5, 43, 47, 92, 80, 33, 2, 2, 6, 3, 22, 85, 0, 46, 26, 33, 87, 4, 30, 51, 7, 98, 26, 75, 32, 72, 23, 33, 87, 4, 30, 46, 7, 98, 75, 32, 72, 12, 33, 87, 4, 30, 51, 7, 98, 75, 32, 72, 1, 72, 38, 50, 32, 91, 28, 5, 83, 95, 2, 50, 85, 2, 2, 8, 85, 3, 2, 40, 96, 87, 6, 31, 69, 23, 74, 7495, 74, -6716, 26, 74, -779, 26, 59, 68, 3, 69, 65, 32, 53, 62, 47, 35, 25, 35, 93, 98, 0, 53, 34, 75, 50, 1, 34, 14, 72, 50, 2, 8, 3, 75, 95, 35, 25, 35, 96, 98, 0, 53, 85, 88, 72, 50, 4, 58, 98, 0, 75, 4, 35, 25, 35, 69, 98, 5, 53, 73, 6, 91, 2, 26, 399, 75, 85, 80, 91, 2, 26, 414, 75, 80, 28, 80, 72, 35, 28, 10, 52, 76, 7, 0, 61, 1, 65, 76, 7, 2, 65, 75, 16, 93, 98, 84, 92, 0, 37, 84, 19, 84, 22, 26, 1, 67, 4, 91, 84, 19, 84, 14, 26, 2, 67, 38, 18, 76, 63, 406, 65, 90, 11, 84, 35, 92, 3, 53, 83, 84, 74, 4, 16, 24, 42, 36, 5, 74, 6, 74, 7, 20, 74, 8, 74, 9, 17, 36, 10, 4, 95, 3, 92, 0, 37, 82, 26, 42, 19, 84, 29, 26, 11, 67, 74, 7, 65, 25, 12, 84, 42, 36, 13, 74, 12, 74, 7, 20, 74, 8, 88, 37, 84, 69, 5, 84, 57, 16, 136, 42, 36, 14, 57, 45, 90, 21, 84, 19, 84, 3, 26, 1, 67, 45, 65, 36, 15, 45, 8, 90, 36, 16, 92, 17, 65, 2, 84, 40, 26, 18, 12, 84, 42, 36, 19, 62, 38, 35, 34, 88, 41, 84, 19, 84, 59, 26, 20, 67, 74, 21, 18, 76, 63, 375, 65, 19, 84, 27, 26, 1, 67, 69, 57, 32, 22, 62, 32, 23, 33, 32, 24, 52, 32, 25, 54, 32, 26, 76, 63, 1119, 63, -3077, 53, 63, 1960, 53, 58, 53, 90, 84, 69, 33, 32, 24, 52, 32, 25, 54, 32, 26, 5, 84, 42, 36, 27, 69, 19, 32, 28, 18, 76, 63, 394, 65, 32, 29, 69, 74, 30, 32, 31, 40, 26, 32, 32, 33, 32, 34, 65, 84, 86, 39, 82, 76, 74, 6, 95, 3, 74, 12, 16, 34, 42, 36, 27, 69, 31, 26, 35, 26, 36, 32, 28, 18, 76, 63, 373, 65, 32, 29, 69, 74, 30, 32, 31, 40, 26, 32, 32, 33, 32, 34, 65, 82, 32, 42, 36, 27, 69, 31, 26, 35, 26, 37, 32, 28, 18, 76, 63, 381, 65, 32, 29, 69, 74, 30, 32, 31, 40, 26, 32, 32, 33, 32, 34, 65, 84, 86, 39, 1, 24, 61, 0, 40, 41, 41, 52, 8, 61, 8, 89, 92, 0, 44, 45, 5394, 45, 7249, 87, 45, -12642, 87, 15, 39, 8, 69, 27, 1, 95, 2, 8, 69, 11, 83, 45, 415, 15, 27, 3, 3, 8, 69, 11, 83, 45, 368, 15, 19, 11, 83, 45, 365, 15, 69, 11, 83, 45, 368, 15, 19, 11, 83, 45, 365, 15, 19, 45, 6472, 45, -4012, 87, 45, -2460, 87, 24, 40, 12, 45, 9932, 45, -4858, 87, 45, -5073, 87, 67, 51, 14, 69, 11, 83, 45, 368, 15, 19, 11, 83, 45, 365, 15, 19, 3, 8, 61, 8, 46, 92, 4, 44, 69, 83, 45, -8946, 45, 8447, 87, 45, 501, 87, 10, 36, 8, 61, 8, 16, 92, 5, 44, 27, 6, 11, 83, 45, 421, 15, 31, 87, 12, 8, 42, 92, 4, 20, 7, 31, 70, 92, 4, 20, 8, 11, 83, 45, 389, 15, 15, 74, 70, 92, 4, 20, 8, 50, 8, 61, 13, 9, 94, 84, 13, 10, 94, 45, 2, 13, 11, 94, 45, 3, 13, 12, 94, 45, 4, 13, 13, 94, 45, 5, 13, 14, 94, 45, 6, 13, 15, 94, 45, 7, 13, 16, 94, 20, 17, 13, 18, 15, 15, 33, 19, 10, 18, 8, 62, 92, 4, 20, 20, 79, 92, 21, 15, 5, 82, 46, 24, 58, 24, 35, 24, 65, 24, 23, 24, 72, 86, 0, 42, 1, 75, 13, 11, 21, 1, 87, 21, 2, 87, 89, 91, 89, 28, 10, 91, 91, 60, 15, 36, 76, 194, 75, 75, 23, 0, 17, 1, 35, 186, 5, 2, 12, 3, 58, 4, 122, 5, 181, 6, 181, 43, 19, 25, 75, 47, 17, 1, 25, 85, 25, 80, 23, 7, 61, 32, 97, 25, 44, 3, 8, 98, 94, 51, 25, 79, 21, 91, 77, 58, 9, 75, 2, 5, 17, 0, 25, 76, 137, 75, 3, 9, 68, 10, 98, 78, 88, 44, 3, 11, 32, 25, 44, 3, 12, 32, 29, 25, 44, 3, 13, 79, 12, 78, 28, 25, 75, 3, 9, 68, 10, 85, 25, 7, 23, 14, 61, 83, 15, 31, 21, 2, 374, 94, 85, 25, 80, 23, 7, 61, 32, 74, 34, 56, 68, 16, 56, 78, 25, 85, 25, 46, 23, 7, 61, 4, 98, 90, 70, 78, 88, 75, 2, 10, 17, 1, 25, 75, 75, 3, 17, 47, 94, 17, 18, 25, 75, 3, 9, 68, 10, 44, 3, 19, 4, 89, 23, 20, 23, 21, 99, 22, 31, 21, 2, 401, 94, 75, 23, 18, 56, 99, 23, 4, 83, 24, 99, 25, 63, 23, 26, 99, 27, 99, 28, 94, 25, 98, 78, 88, 75, 3, 29, 32, 88, 55, 66, -195, 30], i = a.exports, l = Og.exports;var v = l(Rk), d = l(zk), b = l(nm), y = l(cm), m = l(xm), w = l(Om), O = Lx, R = l($S.exports), z = l(eA.exports), L = l(tA.exports), I = l(rA.exports), B = l(cA.exports), N = l(R_.exports), G = l(sA.exports), F = l(uA.exports), H = l(hA.exports), W = l(fA.exports), U = vx;function Z(e, t) {var r = V();return Z = function (t, n) {var a = r[t -= 339];if (void 0 === Z.kfjFYr) {Z.VsajSZ = function (e) {for (var t, r, n = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=", a = "", o = "", i = 0, c = 0; r = e.charAt(c++); ~r && (t = i % 4 ? 64 * t + r : r,i++ % 4) ? a += String.fromCharCode(255 & t >> (-2 * i & 6)) : 0)r = (0,v.default)(n).call(n, r);for (var s = 0, u = a.length; s < u; s++) {var l;o += "%" + (0,d.default)(l = "00" + a.charCodeAt(s).toString(16)).call(l, -2)}return decodeURIComponent(o)},e = arguments,Z.kfjFYr = !0}var o = t + r[0].substring(0, 2), i = e[o];return i ? a = i : (a = Z.VsajSZ(a),e[o] = a),a},Z(e, t)}function V() {var e = ["x19Yzxf1zxn0rgvWCYb1C2uGy2fJAguGzNaSigzWoG", "x19JB2XSzwn0igvUDKnVBgXLy3q9", "x19Yzxf1zxn0qwXNB3jPDgHTt25Jzq", "x19Yzxf1zxn0qwXNB3jPDgHTihjLCxvLC3qGC3vJy2vZCYeSignOzwnRig1LBw9YEsbMCdO", "x19HBgDVCML0Ag0", "nJuYodqWB0nXwfPp", "x19Yzxf1zxn0rgvWCW", "x19Nzw5tAwDUugfYyw1Z", "CgfYyw1ZigLZig5VDcbHihbSywLUig9IAMvJDa", "x19Yzxf1zxn0rgvWCYbYzxf1zxn0ihrVA2vUigzHAwXLzcWGzxjYB3i6ia", "CMvXDwvZDcb0B2TLBIbMywLSzwqGA2v5oG", "ihrVA2vUoG", "ExL5Eu1nzgq", "Bg9HzcbYywmGANmGzMfPBce", "x19WyxjZzufSz29YAxrOBq", "x19Yzxf1zxn0qwXNB3jPDgHTigvUDKnVBgXLy3q9", "CgfYyw1ZigLZigvTChr5igfMDgvYigv4y2X1zgLUzYaIDw5ZywzLiIbWyxjHBxm", "x19JAgvJA1bHCMfTCW", "nc43", "Bg9JywXFA2v5xZm", "x19Yzxf1zxn0qwXNB3jPDgHTt25JzsbRzxK6", "lcbYzxrYEsbUzxH0ihrPBwuU", "x19Yzxf1zxn0rgvWCYbMCM9TignHy2HLlcbLBMqU", "lcbJAgvJAYbZDg9YywDLigzWoG", "C2v0DgLUz3mUyxbWswqGBxvZDcbIzsbHig5VBI1LBxb0EsbZDhjPBMC", "x19JB2XSzwn0", "C2LNBG", "CxvLCNLtzwXLy3rVCG", "yNuY", "BdfMBa", "lcbZDg9YywDLrNa6", "zxH0zw5K", "Ahr0Chm6lY9ZDg9YywDLlJm2mgj1EwLTzY5JB20VD2vIy29UDgfPBMvYl21HAw4VANmTC2vJDxjPDhKTDJmTCMfJlMPZp3y9", "BwfPBI5ZAwDUi19Fzgv0zwn0Aw5N", "DxnLig5VCM1HBfrVA2vU", "x19Yzxf1zxn0rgvWCYWGx19WyxjZzufSz29YAxrOBsbYzxn1Bhq6", "z2vUzxjHDguGA2v5igzHAwXLza", "C2LNBIbLBgfWC2vKihrPBwuH", "x19TywTLu2LNBIWGCMvZDwX0oG", "lgv4ChjLC3m9", "mtq0mtC3nKjKwLDQwG", "x19WyxjZzvrVA2vU", "x19Yzxf1zxn0rgvWCYbLBMqU", "z2v0vg9Rzw5F", "Dg9Rzw4GAxmGzw1WDhK", "mcfa", "CMv0DxjUia", "lcbHBgDVoG", "lcbFBg9HzgvKx2nHy2HLCZO", "CgfYyw1ZigLZigvTChr5", "x19Yzxf1zxn0qwXNB3jPDgHTigvUzc4", "y3jLyxrLigLUC3rHBMnLihDPDgGGyxbWswq9", "x002wt9KDMzondbwtuzBwa", "CgfYyw1ZignVBNrHAw5ZihjLC2vYDMvKihbHCMfTig5HBwuU", "DgvZDcbLCNi", "ntC5mdG5B0PlCuTl", "x19TywTLu2LNBG", "C3vJy2vZCW", "x19Yzxf1zxn0qwXNB3jPDgHTihn0yxj0lG", "CYnS", "odDUoceT", "nteZode4mNDTwKjxBq", "x19Nzw5tAwDUlcbWyxjHBxntDhi6", "lcbLpq", "Dw5RBM93BIbLCNjVCI4", "x19PBMLdB25MAwC", "nduXmtiWBhHjDKDU", "Bg9HzcbYywmGANmGC3vJy2vZCYe", "lgTLEt0", "ExL5Eu1nzgrOAg1TC3ntu1m", "mtGXnZm0nKrtDKPRwG", "x19Yzxf1zxn0rgvWCYbZDgfYDc4", "x19Nzw5tAwDU", "lcb0B2TLBJO", "lcbMCdO", "mZe0mdGYsuHeC3rs", "x19Nzw5ezwzHDwX0s2v5igLUChv0pq", "lcbZAwDUzwrtDhi6", "yNuX", "x19Nzw5ezwzHDwX0s2v5", "BwfPBI5ZAwDUi19FCMvXDwvZDerLChm", "x19Yzxf1zxn0qwXNB3jPDgHT", "x19Yzxf1zxn0rgvWCYb1C2uGBMv3igzWlcbMCdO"];return (V = function () {return e})()}var X = Z;(function (e, t) {for (var r = Z, n = e(); ;)try {if (296934 === -(0,b.default)(r(392)) / 1 + -(0,b.default)(r(342)) / 2 + -(0,b.default)(r(412)) / 3 + (0,b.default)(r(377)) / 4 + -(0,b.default)(r(403)) / 5 + (0,b.default)(r(407)) / 6 + (0,b.default)(r(398)) / 7)break;n.push(n.shift())} catch (e) {console.log(e)n.push(n.shift())}})(V);var __parseToken = function (e, t, r) {return e ? vk(e).call(e, t, r) : ""}, _defaultAlgorithm = {local_key_1: CryptoJS.MD5,local_key_2: CryptoJS.SHA256,local_key_3: CryptoJS.HmacSHA256}, algos = {MD5: CryptoJS.MD5,SHA256: CryptoJS.SHA256,SHA512: CryptoJS.SHA512,HmacSHA256: CryptoJS.HmacSHA256,HmacSHA512: CryptoJS.HmacSHA512,HmacMD5: CryptoJS.HmacMD5}, __algorithm = function (e, t, r) {var n = X, a = this._defaultAlgorithm[e];return e === 'local_key_3' ? a(t, r).toString(CryptoJS.enc.Hex) : a(t).toString(CryptoJS.enc.Hex)};var _this = {__parseToken: __parseToken,__algorithm: __algorithm,_defaultAlgorithm: _defaultAlgorithm,algos: algos};var genDefaultKey = function (e, t, a, i) {for (var c, s, u, l, h, f, g, p, d, b, y, k, w = n, _ = o, x = [], S = 0; ;)switch (_[S++]) {case 1:c = x[x.length - 1];break;case 3:x.push(e);break;case 4:x.push(a);break;case 6:x.push(R);break;case 9:x[x.length - 2] = x[x.length - 2][x[x.length - 1]],x.length--;break;case 15:null != x[x.length - 2] ? (x[x.length - 3] = w.call(x[x.length - 3], x[x.length - 2], x[x.length - 1]),x.length -= 2) : (k = x[x.length - 3],x[x.length - 3] = k(x[x.length - 1]),x.length -= 2);break;case 16:x.push(L);break;case 18:y = x[x.length - 1];break;case 21:u = x[x.length - 1];break;case 22:x.push(void 0);break;case 23:x.push(p);break;case 26:x.push(d);break;case 29:x.pop();break;case 30:x[x.length - 1] = x[x.length - 1][r[_[S++]]];break;case 31:x.push(_this[r[_[S++]]]);break;case 32:x.push((function (t) {var a, i, s, l, f = n, g = o, p = [], d = 162;e: for (; ;)switch (g[d++]) {case 2:p[p.length - 3][p[p.length - 2]] = p[p.length - 1],p.length -= 2;break;case 5:p[p.length - 2] = p[p.length - 2][p[p.length - 1]],p.length--;break;case 7:p.push(e);break;case 8:p.push(1);break;case 12:p[p.length - 1] = !p[p.length - 1];break;case 15:p.push(isNaN);break;case 23:p[p.length - 4] = f.call(p[p.length - 4], p[p.length - 3], p[p.length - 2], p[p.length - 1]),p.length -= 3;break;case 26:s = p.pop(),p[p.length - 1] += s;break;case 28:p[p.length - 1] = p[p.length - 1][r[13 + g[d++]]];break;case 30:p.push(i);break;case 31:p.push(a);break;case 32:p.pop();break;case 33:p.push(c);break;case 40:a = p[p.length - 1];break;case 41:p.push(null);break;case 43:p.pop() ? ++d : d += g[d];break;case 46:p.push(u);break;case 48:p.push(O);break;case 50:p.push(0);break;case 51:p.push(h);break;case 53:return;case 59:s = p.pop(),p[p.length - 1] = p[p.length - 1] >= s;break;case 62:p.push(b);break;case 65:y = p[p.length - 1];break;case 68:p[p.length - 1] ? (++d,--p.length) : d += g[d];break;case 69:p.push(t);break;case 72:d += g[d];break;case 74:p.push(g[d++]);break;case 75:u = p[p.length - 1];break;case 80:for (s = p.pop(),l = 0; l < g[d + 1]; ++l)if (s === r[13 + g[d + 2 * l + 2]]) {d += g[d + 2 * l + 3];continue e}d += g[d];break;case 83:p.push(void 0);break;case 85:p.push(r[13 + g[d++]]);break;case 87:p.push(p[p.length - 1]),p[p.length - 2] = p[p.length - 2][r[13 + g[d++]]];break;case 90:i = p[p.length - 1];break;case 91:p.push(v);break;case 92:p.push(y);break;case 95:p.push(new Array(g[d++]));break;case 96:null != p[p.length - 2] ? (p[p.length - 3] = f.call(p[p.length - 3], p[p.length - 2], p[p.length - 1]),p.length -= 2) : (s = p[p.length - 3],p[p.length - 3] = s(p[p.length - 1]),p.length -= 2);break;case 98:p[p.length - 5] = f.call(p[p.length - 5], p[p.length - 4], p[p.length - 3], p[p.length - 2], p[p.length - 1]),p.length -= 4}}));break;case 33:p = x[x.length - 1];break;case 35:x[x.length - 5] = w.call(x[x.length - 5], x[x.length - 4], x[x.length - 3], x[x.length - 2], x[x.length - 1]),x.length -= 4;break;case 36:x[x.length - 4] = w.call(x[x.length - 4], x[x.length - 3], x[x.length - 2], x[x.length - 1]),x.length -= 3;break;case 37:x.push(new RegExp(r[_[S++]]));break;case 40:x.push(t);break;case 41:x.push(r[_[S++]]);break;case 43:return x.pop();case 44:x.push(x[x.length - 1]),x[x.length - 2] = x[x.length - 2][r[_[S++]]];break;case 48:x.push(m);break;case 50:d = x[x.length - 1];break;case 51:x.push(X);break;case 53:h = x[x.length - 1];break;case 56:x.push(i);break;case 57:x.push(f);break;case 62:x.push(h);break;case 66:s = x[x.length - 1];break;case 68:x.push(null);break;case 71:b = x[x.length - 1];break;case 72:f = x[x.length - 1];break;case 75:x.push(_this);break;case 76:x.push(_[S++]);break;case 77:x.pop() ? ++S : S += _[S];break;case 79:l = x[x.length - 1];break;case 81:x.push(g);break;case 84:g = x[x.length - 1];break;case 85:x.push(U);break;case 87:x.push(u);break;case 88:x.push(0);break;case 90:x.push(l);break;case 91:x.push(s);break;case 96:k = x.pop(),x[x.length - 1] += k;break;case 98:return}};var genSign = function (e, t) {for (var a, i, c, s, u = n, l = o, h = [], f = 272; ;)switch (l[f++]) {case 2:h.push(null);break;case 4:c = h[h.length - 1];break;case 8:h.push(r[20 + l[f++]]);break;case 10:return h.pop();case 14:h.push((function (e) {for (var t, n = o, a = [], i = 340; ;)switch (n[i++]) {case 7:a[a.length - 1] = a[a.length - 1][r[27 + n[i++]]];break;case 16:return;case 61:a.push(r[27 + n[i++]]);break;case 65:t = a.pop(),a[a.length - 1] += t;break;case 75:return a.pop();case 76:a.push(e)}}));break;case 25:h.push(0);break;case 26:h.push(l[f++]);break;case 28:h.push(c);break;case 34:h.push(t);break;case 35:h.pop();break;case 47:a = h[h.length - 1];break;case 50:h.push(h[h.length - 1]),h[h.length - 2] = h[h.length - 2][r[20 + l[f++]]];break;case 52:return;case 53:h.push(void 0);break;case 58:h.push(z);break;case 62:h.push(X);break;case 69:h.push(U);break;case 72:h[h.length - 4] = u.call(h[h.length - 4], h[h.length - 3], h[h.length - 2], h[h.length - 1]),h.length -= 3;break;case 73:h.push(_this[r[20 + l[f++]]]);break;case 75:null != h[h.length - 2] ? (h[h.length - 3] = u.call(h[h.length - 3], h[h.length - 2], h[h.length - 1]),h.length -= 2) : (s = h[h.length - 3],h[h.length - 3] = s(h[h.length - 1]),h.length -= 2);break;case 80:s = h.pop(),h[h.length - 1] += s;break;case 85:h.push(i);break;case 88:h.push(e);break;case 91:h.push(a);break;case 93:h.push(w);break;case 95:i = h[h.length - 1];break;case 96:h.push(G);break;case 98:h[h.length - 1] = h[h.length - 1][r[20 + l[f++]]]}};

先调用genDefaultKey,入参是四个,分别是上面得到的Token、FP、APPID、时间戳+07拿到值,再调用签名函数getSign,入参数则是genDefaultKey的值加params,如下所示:

params = {"functionId": "mzhprice_getCustomRealPriceInfoForColor","appid": "search-pc-java","client": "pc","clientVersion": "1.0.0","t": str(int(time.time() * 1000)),"body": '{"skuPriceInfoRequestList":[{"skuId":"10105124153052"},{"skuId":"10102973236034"},{"skuId":"10060158269227"},{"skuId":"10085438117915"},{"skuId":"100023408281"},{"skuId":"10034095072591"},{"skuId":"10099066159774"},{"skuId":"10102882832111"},{"skuId":"10081102086006"},{"skuId":"10102882779610"},{"skuId":"10105124220789"},{"skuId":"10102882813512"},{"skuId":"10102882813511"},{"skuId":"10105124218483"},{"skuId":"100114410144"},{"skuId":"10093665009265"},{"skuId":"10039552855611"},{"skuId":"10036842860178"},{"skuId":"11677624998"},{"skuId":"26616715173"}],"area":"19_1659_37260_37346","source":"search_pc","fields":"11101100111001"}',
}

注意!其中body需要经过SHA256加密,实现算法如下所示:

function GEN_SHA256(s) {var chrsz = 8;var hexcase = 0;function safe_add(x, y) {var lsw = (x & 0xFFFF) + (y & 0xFFFF);var msw = (x >> 16) + (y >> 16) + (lsw >> 16);return (msw << 16) | (lsw & 0xFFFF)}function S(X, n) {return (X >>> n) | (X << (32 - n))}function R(X, n) {return (X >>> n)}function Ch(x, y, z) {return ((x & y) ^ ((~x) & z))}function Maj(x, y, z) {return ((x & y) ^ (x & z) ^ (y & z))}function Sigma0256(x) {return (S(x, 2) ^ S(x, 13) ^ S(x, 22))}function Sigma1256(x) {return (S(x, 6) ^ S(x, 11) ^ S(x, 25))}function Gamma0256(x) {return (S(x, 7) ^ S(x, 18) ^ R(x, 3))}function Gamma1256(x) {return (S(x, 17) ^ S(x, 19) ^ R(x, 10))}function core_sha256(m, l) {var K = new Array(0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5, 0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5, 0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3, 0x72BE5D74, 0x80DEB1FE, 0x9BDC06A7, 0xC19BF174, 0xE49B69C1, 0xEFBE4786, 0xFC19DC6, 0x240CA1CC, 0x2DE92C6F, 0x4A7484AA, 0x5CB0A9DC, 0x76F988DA, 0x983E5152, 0xA831C66D, 0xB00327C8, 0xBF597FC7, 0xC6E00BF3, 0xD5A79147, 0x6CA6351, 0x14292967, 0x27B70A85, 0x2E1B2138, 0x4D2C6DFC, 0x53380D13, 0x650A7354, 0x766A0ABB, 0x81C2C92E, 0x92722C85, 0xA2BFE8A1, 0xA81A664B, 0xC24B8B70, 0xC76C51A3, 0xD192E819, 0xD6990624, 0xF40E3585, 0x106AA070, 0x19A4C116, 0x1E376C08, 0x2748774C, 0x34B0BCB5, 0x391C0CB3, 0x4ED8AA4A, 0x5B9CCA4F, 0x682E6FF3, 0x748F82EE, 0x78A5636F, 0x84C87814, 0x8CC70208, 0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2);var HASH = new Array(0x6A09E667, 0xBB67AE85, 0x3C6EF372, 0xA54FF53A, 0x510E527F, 0x9B05688C, 0x1F83D9AB, 0x5BE0CD19);var W = new Array(64);var a, b, c, d, e, f, g, h, i, j;var T1, T2;m[l >> 5] |= 0x80 << (24 - l % 32);m[((l + 64 >> 9) << 4) + 15] = l;for (var i = 0; i < m.length; i += 16) {a = HASH[0];b = HASH[1];c = HASH[2];d = HASH[3];e = HASH[4];f = HASH[5];g = HASH[6];h = HASH[7];for (var j = 0; j < 64; j++) {if (j < 16)W[j] = m[j + i];elseW[j] = safe_add(safe_add(safe_add(Gamma1256(W[j - 2]), W[j - 7]), Gamma0256(W[j - 15])), W[j - 16]);T1 = safe_add(safe_add(safe_add(safe_add(h, Sigma1256(e)), Ch(e, f, g)), K[j]), W[j]);T2 = safe_add(Sigma0256(a), Maj(a, b, c));h = g;g = f;f = e;e = safe_add(d, T1);d = c;c = b;b = a;a = safe_add(T1, T2)}HASH[0] = safe_add(a, HASH[0]);HASH[1] = safe_add(b, HASH[1]);HASH[2] = safe_add(c, HASH[2]);HASH[3] = safe_add(d, HASH[3]);HASH[4] = safe_add(e, HASH[4]);HASH[5] = safe_add(f, HASH[5]);HASH[6] = safe_add(g, HASH[6]);HASH[7] = safe_add(h, HASH[7])}return HASH}function str2binb(str) {var bin = Array();var mask = (1 << chrsz) - 1;for (var i = 0; i < str.length * chrsz; i += chrsz) {bin[i >> 5] |= (str.charCodeAt(i / chrsz) & mask) << (24 - i % 32)}return bin}function Utf8Encode(string) {string = string.replace(/\r\n/g, "\n");var utftext = "";for (var n = 0; n < string.length; n++) {var c = string.charCodeAt(n);if (c < 128) {utftext += String.fromCharCode(c)} else if ((c > 127) && (c < 2048)) {utftext += String.fromCharCode((c >> 6) | 192);utftext += String.fromCharCode((c & 63) | 128)} else {utftext += String.fromCharCode((c >> 12) | 224);utftext += String.fromCharCode(((c >> 6) & 63) | 128);utftext += String.fromCharCode((c & 63) | 128)}}return utftext}function binb2hex(binarray) {var hex_tab = hexcase ? "0123456789ABCDEF" : "0123456789abcdef";var str = "";for (var i = 0; i < binarray.length * 4; i++) {str += hex_tab.charAt((binarray[i >> 2] >> ((3 - i % 4) * 8 + 4)) & 0xF) + hex_tab.charAt((binarray[i >> 2] >> ((3 - i % 4) * 8)) & 0xF)}return str}s = Utf8Encode(s);return binb2hex(core_sha256(str2binb(s), s.length * chrsz))
};

调用GEN_SHA256把body参数拿出来丢进去最后toString一下

接下来的六、七部分当然也就不需要给出思路了,一个版本号一个时间戳,大家自行生成即可!!!

最最最后面的AES,也是重点,话不多说,实现算法如下所示:

function _aesEncrypt(data) {var i = CryptoJS.AES.encrypt(data,CryptoJS.enc.Utf8.parse('_M6Y?dvfN40VMF[X'), // 密钥{iv: CryptoJS.enc.Utf8.parse(["01", "02", "03", "04", "05", "06", "07", "08"].join(""))});return CryptoJS.enc.Base64.encode(i.ciphertext)
}

data是什么?是ENV构造的环境参数,包括版本号、指纹、设备信息的参数,不懂没关系,我贴一个图给你思路,如下所示:

在这里插入图片描述

最后,我们来测试一下校验一下这JS的算法效果,如下所示:

在这里插入图片描述

这里,我们以价格查询接口为示例,编写Python示例调用加密算法,去请求接口,如下所示:
在这里插入图片描述

当前纯算法稳定!无任何601,当然算法不对就是601,也不全是!比如上面的价格接口它是有TLS指纹校验的,请求的时候用三方模块处理一下即可!不然的话也会出现601

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.mzph.cn/bicheng/21016.shtml

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈email:809451989@qq.com,一经查实,立即删除!

相关文章

图解 Python 编程(10) | 错误与异常处理

&#x1f31e;欢迎来到Python的世界 &#x1f308;博客主页&#xff1a;卿云阁 &#x1f48c;欢迎关注&#x1f389;点赞&#x1f44d;收藏⭐️留言&#x1f4dd; &#x1f31f;本文由卿云阁原创&#xff01; &#x1f4c6;首发时间&#xff1a;&#x1f339;2024年6月2日&…

数据结构(C):从初识堆到堆排序的实现

目录 &#x1f31e;0.前言 &#x1f688; 1.堆的概念 &#x1f688; 2.堆的实现 &#x1f69d;2.1堆向下调整算法 &#x1f69d;2.2堆的创建&#xff08;堆向下调整算法&#xff09; ✈️2.2.1 向下调整建堆时间复杂度 &#x1f69d;2.3堆向上调整算法 &#x1f69d;2.…

c++------类和对象(下)包含了this指针、构造函数、析构函数、拷贝构造等

文章目录 前言一、this指针1.1、this指针的引出1.2、 this指针的特性 二、类的默认的六个构造函数2.1、构造函数简述2.2构造函数 三、析构函数3.1、析构函数引出3.2、特点&#xff1a; 四、拷贝构造4.1、引入4.2、特征&#xff1a;4.3、默认拷贝构造函数 总结 前言 在本节中&a…

Compose Multiplatform 1.6.10 发布,解释一些小问题, Jake 大佬的 Hack

虽然一直比较关注跨平台开发&#xff0c;但其实我很少写 Compose Multiplatform 的内容&#xff0c;因为关于 Compose Multiplatform 的使用&#xff0c;其实我并没在实际生产环境上发布过&#xff0c;但是这个版本确实值得一提&#xff0c;因为该版本包含&#xff1a; iOS Bet…

数据库(15)——DQL分页查询

DQL分页查询语法 SELECT 字段列表 FROM 表名 LIMIT 起始索引&#xff0c;查询记录数; 注&#xff1a;起始索引从0开始&#xff0c;起始索引&#xff08;查询页码-1&#xff09;*每页显示记录数。 如果查询的是第一页&#xff0c;可以省略起始索引。 示例&#xff1a;查询第一页…

【考研数学】概率论如何复习?跟谁好?

概率论一定要跟对老师&#xff0c;如果跟对老师&#xff0c;考研基本上能拿满分 概率论在考研试卷中占比并不大&#xff0c;其中&#xff1a; 高等数学&#xff0c;90分&#xff0c;约占比60%; 线性代数&#xff0c;30分&#xff0c;约占比20%; 概率论与数理统计&#xff0…

每日5题Day15 - LeetCode 71 - 75

每一步向前都是向自己的梦想更近一步&#xff0c;坚持不懈&#xff0c;勇往直前&#xff01; 第一题&#xff1a;71. 简化路径 - 力扣&#xff08;LeetCode&#xff09; class Solution {public String simplifyPath(String path) {Deque<String> stack new LinkedList…

mysql的增删查改(进阶)

目录 一. 更复杂的新增 二. 查询 2.1 聚合查询 COUNT SUM AVG MAX MIN 2.1.2 分组查询 group by 子句 2.1.3 HAVING 2.2 联合查询/多表查询 2.2.1 内连接 2.2.2 外连接 2.2.3 全外连接 2.2.4 自连接 2.2.5 子查询 2.2.6 合并查询 一. 更复杂的新增 将从表名查询到…

自动化办公01 smtplib 邮件⾃动发送

目录 一、准备需要发送邮件的邮箱账号 二、发送邮箱的基本步骤 1. 登录邮箱 2. 准备数据 3. 发送邮件 三、特殊内容的发送 1. 发送附件 2. 发送图片 3. 发送超文本内容 4.邮件模板内容 SMTP&#xff08;Simple Mail Transfer Protocol&#xff09;即简单邮件传输协议…

【Qt秘籍】[009]-自定义槽函数/信号

自定义槽函数 在Qt中自定义槽函数是一个直接的过程&#xff0c;槽函数本质上是类的一个成员函数&#xff0c;它可以响应信号。所谓的自定义槽函数&#xff0c;实际上操作过程和定义普通的成员函数相似。以下是如何在Qt中定义一个自定义槽函数的步骤&#xff1a; 步骤 1: 定义槽…

三种字符串的管理方式

NSString的三种实现方式 OC这个语言在不停的升级自己的内存管理&#xff0c;尽量的让自己的 OC的字符串 问题引入 在学习字符串的过程中间会遇到一个因为OC语言更新造成的问题 例如&#xff1a; int main(int argc, const char * argv[]) {autoreleasepool {NSString* str1 …

网络原理——http/https ---http(1)

T04BF &#x1f44b;专栏: 算法|JAVA|MySQL|C语言 &#x1faf5; 今天你敲代码了吗 网络原理 HTTP/HTTPS HTTP,全称为"超文本传输协议" HTTP 诞⽣与1991年. ⽬前已经发展为最主流使⽤的⼀种应⽤层协议. 实际上,HTTP最新已经发展到 3.0 但是当前行业中主要使用的HT…

明日周刊-第12期

以前小时候最期待六一儿童节了&#xff0c;父母总会给你满足一个愿望&#xff0c;也许是一件礼物也许是一次陪伴。然而这个世界上其实还有很多儿童过不上儿童节&#xff0c;比如某些地区的小孩子&#xff0c;他们更担心的是能不能见到明天的太阳。 文章目录 一周热点航天探索火…

LeetCode-77. 组合【回溯】

LeetCode-77. 组合【回溯】 题目描述&#xff1a;解题思路一&#xff1a;回溯背诵版解题思路三&#xff1a;0 题目描述&#xff1a; 给定两个整数 n 和 k&#xff0c;返回范围 [1, n] 中所有可能的 k 个数的组合。 你可以按 任何顺序 返回答案。 示例 1&#xff1a; 输入&a…

算法-对列表元素划分成两个和值最大且相等的子列表

现有私募基金发行一支特殊基金产品&#xff0c;该基金认购人数上限不超过 30 人&#xff0c; 募集总金额不超过 3000W&#xff0c;每个投资人认购金额不定。该基金只能将募集到的钱用于投资两支股票&#xff0c;且要求两支股票投资金额必须相同&#xff0c;且每位投资人的钱只能…

springboot报错:Failed to start bean ‘documentationPluginsBootstrapper‘

项目场景&#xff1a; springboot项目启动时报错 问题描述 具体报错信息&#xff1a; 可能原因分析&#xff1a; 1、SpringFox的版本与Spring Boot的版本不兼容。解决这个问题&#xff0c;你可能需要检查你正在使用的SpringFox和Spring Boot的版本&#xff0c;确保它们是兼容…

【Intro】Heterogeneous Graph Attention Network(HAN)

论文链接&#xff1a;https://arxiv.org/pdf/1903.07293 Abstract 异构性和丰富的语义信息给面向异构图的图形神经网络设计带来了巨大的挑战。 -> 一种基于分层注意的异构图神经网络&#xff0c;包括节点级注意和语义级注意。具体来说&#xff0c;节点级关注旨在学习节点…

GPT4o还没用上?落后一个月!

文章目录 一.Share官方网站&#xff1a;以一半的价格享受官网服务1.1 网址1.2 一些介绍和教学实战&#xff1a;1.3 主界面&#xff08;支持4o)&#xff1a;1.4 GPTS&#xff08;上千个工具箱任你选择&#xff09;&#xff1a;1.5 快速的文件数据分析&#xff08;以数学建模为例…

web前端三大主流框架指的是什么

web前端三大主流框架是什么&#xff1f;前端开发师的岗位职责有哪些&#xff1f;这边整理了相关内容供大家参考了解&#xff0c;请各位小伙伴随小编一起查阅下面的内容。 web前端三大主流框架 web前端三大主流框架是Angular、React、Vue。 1.Angular Angular原名angularJS诞生…

UnityAPI学习之Transform组件基本使用

目录 Transform组件 访问与获取 Transform的位置和旋转信息 Transform局部坐标和旋转信息的获取 Transform的缩放与正方向 缩放&#xff08;Scale&#xff09; 正方向 Transform相关的查找方法 销毁游戏物体 Transform组件 访问与获取 现在创建一个容器放置GrisGO物…