Dou音滑块日志分析

记得加入我们的学习群:961566389

点击链接加入群聊:[https://h5.qun.qq.com/s/62P0xwrCNO](https://h5.qun.qq.com/s/62P0xwrCNO)

1.插桩-打印日志

image-20240526170308690

获取背景和滑块的图片的接口一看没啥参数需要逆向的

image-20240526170717122

验证的接口body参数需要进行逆向,直接看启动器,找到合适的位置插桩,最终定位到产生body参数的vmp位置:

image-20240526171033626

其次在下面的apply调用的地方都加上日志输出:

image-20240526171140262

直接拖动一下,保留日志到本地进行分析

2.分析日志

这次我是直接从头往后分析,没有逆推,具体情况具体分析。

func:  ƒ (e){var t=n,a=e[t(228)+"h"];s[t(243)+"geLen"+t(204)]+=a,a=[a/4294967296>>>0,a>>>0];for(var f=r.codYh(s["fullM"+t(219)+t(216)+"th"][t(228)+"h"],1);f>=0;--f){s["fullMessag"+t(216)+"th"][f]+=a[1],a[1]=a… 
caleed,two args-> {"algorithm":"sha512","blockLength":128,"digestLength":64,"messageLength":2716,"fullMessageLength":[0,0,0,2716],"messageLengthSize":16,"messageLength128":[0,0,0,2716]} 
["{\"modified_img_width\":340,\"id\":\"e5e6bb223a3eafcfff268cf2b4fdc84475b09731\",\"mode\":\"slide\",\"KSQ\":[{\"x\":0,\"y\":86,\"relative_time\":125},{\"x\":11,\"y\":86,\"relative_time\":160},{\"x\":22,\"y\":86,\"relative_time\":196},{\"x\":31,\"y\":86,\"relative_time\":233},{\"x\":35,\"y\":86,\"relative_time\":271},{\"x\":36,\"y\":86,\"relative_time\":310},{\"x\":37,\"y\":86,\"relative_time\":346},{\"x\":37,\"y\":86,\"relative_time\":384}],\"jg2KgnF\":{\"AJeQfbTvl\":{\"x\":369,\"y\":351,\"time\":1716706984604},\"Ovx9sZrnP\":{\"x\":59,\"y\":327,\"time\":1716707288030},\"tUZ1hw\":[{\"x\":363,\"y\":355,\"time\":1716707287607},{\"x\":192,\"y\":366,\"time\":1716707287643},{\"x\":143,\"y\":369,\"time\":1716707287678},{\"x\":141,\"y\":369,\"time\":1716707287863},{\"x\":127,\"y\":367,\"time\":1716707287900},{\"x\":91,\"y\":355,\"time\":1716707287939},{\"x\":66,\"y\":337,\"time\":1716707287977},{\"x\":59,\"y\":328,\"time\":1716707288015},{\"x\":58,\"y\":326,\"time\":1716707288057},{\"x\":58,\"y\":325,\"time\":1716707288092},{\"x\":57,\"y\":319,\"time\":1716707288138},{\"x\":56,\"y\":314,\"time\":1716707288175},{\"x\":56,\"y\":312,\"time\":1716707288209},{\"x\":56,\"y\":312,\"time\":1716707288399},{\"x\":67,\"y\":312,\"time\":1716707288435},{\"x\":78,\"y\":312,\"time\":1716707288471},{\"x\":87,\"y\":312,\"time\":1716707288507},{\"x\":91,\"y\":312,\"time\":1716707288543},{\"x\":92,\"y\":312,\"time\":1716707288584},{\"x\":93,\"y\":312,\"time\":1716707288620},{\"x\":93,\"y\":312,\"time\":1716707288658}],\"jiLYUQ\":[],\"ugl\":[{\"x\":56,\"y\":312,\"time\":1716707288289,\"t\":0},{\"x\":56,\"y\":312,\"time\":1716707288414,\"t\":0},{\"x\":78,\"y\":312,\"time\":1716707288485,\"t\":0},{\"x\":91,\"y\":312,\"time\":1716707288560,\"t\":0},{\"x\":93,\"y\":312,\"time\":1716707288635,\"t\":0}]},\"env\":{\"canvas_hash\":\"f93ed480ebf91e8b3db9a\\",\"webgl_hash\":\"1f429dbe59a0c1370378ef\",\"font_hash\":\"1ba6bb535aebaf57631321298f5bf6e215d4347f75e15d394f0e3cdcb803ffe445cd942923787a306e3e2d07392e43853b43ad797cb8ab46\",\"audio_hash\":124.047657808103,\"time_offset\":-480,\"time_zone\":\"Asia/Shanghai\",\"languages\":[\"zh-CN\"],\"plugins\":[\"PDF Viewer\",\"Chrome PDF Viewer\",\"Chromium PDF Viewer\",\"Microsoft Edge PDF Viewer\",\"WebKit built-in PDF\"],\"platform\":\"MacIntel\",\"max_touch_points\":0,\"webdriver\":false,\"touch_actions\":[],\"mouse_actions\":[\"1,1\",\"1,1\",\"1,1\",\"1,1\",\"1,1\",\"1,1\",\"1,1\",\"1,1\",\"1,1\",\"1,1\"],\"device\":{\"model\":\"Macintosh\",\"vendor\":\"Apple\"},\"os\":{\"name\":\"Mac OS\",\"version\":\"10.15.7\"},\"browser\":{\"name\":\"Chrome\",\"version\":\"125.0.0.0\"},\"engine\":{\"name\":\"Blink\",\"version\":\"125.0.0.0\"},\"gpu\":{\"vendor\":\"Google Inc. (ATI Technologies Inc.)\",\"renderer\":\"ANGLE (ATI Technologies Inc., AMD Radeon Pro 560X OpenGL Engine, OpenGL 4.1)\"},\"resolution\":\"1680,1050\",\"browser_size\":\"1680,1050\",\"page_size\":\"1680,963\",\"captcha_origin\":\"0,0\",\"captcha_size\":\"380, 384\",\"mask_time\":171669208153662,\"loading_time\":1716692082536,\"ready_time\":1716692083010},\"a\":41}"] 
res-> {"algorithm":"sha512","blockLength":128,"digestLength":64,"messageLength":2716,"fullMessageLength":[0,0,0,2716],"messageLengthSize":16,"messageLength128":[0,0,0,2716]}

定位到js源码处:

image-20240526172251237

是sha512的update函数,传入参数见上日志,包含了轨迹、env信息。

接着:

func:  ƒ (){var t=n,r=new em;r.putBytes(c.bytes());var a=s["fullM"+t(219)+t(216)+"th"][s[t(245)+"essageLength"].length-1]+s["messa"+t(212)+"gthSize"]&s["block"+t(203)+"h"]-1;r.putBytes(eI.substr(0,s[t(195)+t(… caleed,two args-> {"algorithm":"sha512","blockLength":128,"digestLength":64,"messageLength":2716,"fullMessageLength":[0,0,0,2716],"messageLengthSize":16,"messageLength128":[0,0,0,2716]} [] res-> 
{"data":"‡žPŽ\n\u001bªò
òvŒ\u001elÇ!nÅ·ˆ\u0005z\u0017ÿ¦Lf¥\u001580—îvÎ\u0019±õÛ\u0005ç@Ä6±\u0007<&Rô­ë=z\u0016|CD(U€\u001d€.","read":0,"_constructedStringLength":64}

定位到js是digest函数,就是将刚才的数据进行digest操作。

接着:

func:  ƒ (){for(var e=Hg,t="",n=this.read;n<this[e(205)].length;++n){var r=this.data["charC"+e(224)](n);r<16&&(t+="0"),t+=r.toString(16)} return t} caleed,two args-> {"data":"‡žPŽ\n\u001bªò
òvŒ\u001elÇ!nÅ·ˆ\u0005z\u0017ÿ¦Lf¥\u001580—îvÎ\u0019±õÛ\u0005ç@Ä6±\u0007<&Rô­ë=z\u0016|CD(U€\u001d€.","read":0,"_constructedStringLength":64} [] res-> "879e508e0a1baaf285f2768c1e6cc7216ec5b788057a17ffa64c66a515383097ee76ce19b1f5db05e740c436b1073c2652f4adeb3d7a167c43442855801d802e"

定位到原js是tohex().

接着:

func:  
ƒ Wg(e){for(var t=Jg,n="",r=0;r<e[t(494)+"h"];r++){n+=e[t(481)+t(457)](r)["toStr"+t(458)](16)}return n} caleed,two args-> null ["{\"modified_img_width\":340,\"id\":\"e5e6bb223a3eafcfff268cf2b4fdc84475b09731\",\"mode\":\"slide\",\"KSQ\":[{\"x\":0,\"y\":86,\"relative_time\":125},{\"x\":11,\"y\":86,\"relative_time\":160},{\"x\":22,\"y\":86,\"relative_time\":196}.....省略一些] res-> "7b226d6f6469666965645f696d675f7769647468223a3334302c226964223a2265356536626232323361336561666366666632363863663262346664633834343735623039373331222c226d6f6465223a22736c696465222c224b5351223a5b7b2278223a302c2279223a38362c2272656c61746976655f74696d65223a3132357d2c7b2278223a31312c2279223a38362c2272656c61746976655f74696d65223a3136307......省略一些"

定位到js处是将字符串的charcode转成16进制字符串。

image-20240526173306214

接着:

captcha.js:1 func:  ƒ random() { [native code] } caleed,two args-> {} [] res-> 0.11919045665764205
captcha.js:1 t-> 99 p-> 3 m-> [] b-> [null,null,0,0.11919045665764205,null]
captcha.js:1 t-> 102 p-> 4 m-> [] b-> [null,null,0,0.11919045665764205,["0","1","2","3","4","5","6","7","8","9","A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R","S","T","U","V","W","X","Y","Z","a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z"]]
captcha.js:1 t-> 105 p-> 4 m-> [] b-> [null,null,0,0.11919045665764205,62]
captcha.js:1 t-> 106 p-> 3 m-> [] b-> [null,null,0,7.389808312773807,62]
captcha.js:1 t-> 107 p-> 2 m-> [] b-> [null,null,7,7.389808312773807,62]
captcha.js:1 t-> 110 p-> 1 m-> [] b-> [null,null,7,7.389808312773807,62]
captcha.js:1 t-> 113 p-> 2 m-> [] b-> [null,null,["0","1","2","3","4","5","6","7","8","9","A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R","S","T","U","V","W","X","Y","Z","a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z"],7.389808312773807,62]
captcha.js:1 t-> 116 p-> 3 m-> [] b-> [null,null,["0","1","2","3","4","5","6","7","8","9","A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R","S","T","U","V","W","X","Y","Z","a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z"],7,62]
captcha.js:1 t-> 117 p-> 2 m-> [] b-> [null,null,"7",7,62]
captcha.js:1 t-> 120 p-> 3 m-> [] b-> [null,null,"7",["L","2","t","0","s","e","F","q","O","w","K","d","i","2","g","L","B","o","m","5","U","z","f","V","4","b","3","m","2","4"],62]
captcha.js:1 t-> 123 p-> 4 m-> [] b-> [null,null,"7",["L","2","t","0","s","e","F","q","O","w","K","d","i","2","g","L","B","o","m","5","U","z","f","V","4","b","3","m","2","4"],30]
captcha.js:1 t-> 124 p-> 1 m-> [] b-> [null,null,"7",["L","2","t","0","s","e","F","q","O","w","K","d","i","2","g","L","B","o","m","5","U","z","f","V","4","b","3","m","2","4","7"],30]
captcha.js:1 t-> 127 p-> 3 m-> [] b-> [null,null,[[true],true,["0","1","2","3","4","5","6","7","8","9","A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R","S","T","U","V","W","X","Y","Z","a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z"],["L","2","t","0","s","e","F","q","O","w","K","d","i","2","g","L","B","o","m","5","U","z","f","V","4","b","3","m","2","4","7"],30,7],4,30]
captcha.js:1 t-> 128 p-> 2 m-> [] b-> [null,null,30,4,30]
captcha.js:1 t-> 129 p-> 1 m-> [] b-> [null,null,30,4,30]
captcha.js:1 t-> 79 p-> 1 m-> [] b-> [null,null,30,4,30]
captcha.js:1 t-> 82 p-> 2 m-> [] b-> [null,null,31,4,30]
captcha.js:1 t-> 84 p-> 3 m-> [] b-> [null,null,31,32,30]
captcha.js:1 t-> 85 p-> 2 m-> [] b-> [null,null,true,32,30]
captcha.js:1 t-> 88 p-> 1 m-> [] b-> [null,null,true,32,30]
captcha.js:1 t-> 90 p-> 2 m-> [] b-> [null,null,0,32,30]
captcha.js:1 t-> 93 p-> 3 m-> [] b-> [null,null,0,{},30]
captcha.js:1 t-> 94 p-> 4 m-> [] b-> [null,null,0,{},{}]
captcha.js:1 t-> 97 p-> 4 m-> [] b-> [null,null,0,{},null]
captcha.js:1 func function slice() { [native code] } called,args-> 5 5 res-> []
captcha.js:1 func:  ƒ random() { [native code] } caleed,two args-> {} [] res-> 0.4641664592050647
captcha.js:1 t-> 99 p-> 3 m-> [] b-> [null,null,0,0.4641664592050647,null]
captcha.js:1 t-> 102 p-> 4 m-> [] b-> [null,null,0,0.4641664592050647,["0","1","2","3","4","5","6","7","8","9","A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R","S","T","U","V","W","X","Y","Z","a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z"]]
captcha.js:1 t-> 105 p-> 4 m-> [] b-> [null,null,0,0.4641664592050647,62]
captcha.js:1 t-> 106 p-> 3 m-> [] b-> [null,null,0,28.778320470714014,62]
captcha.js:1 t-> 107 p-> 2 m-> [] b-> [null,null,28,28.778320470714014,62]
captcha.js:1 t-> 110 p-> 1 m-> [] b-> [null,null,28,28.778320470714014,62]
captcha.js:1 t-> 113 p-> 2 m-> [] b-> [null,null,["0","1","2","3","4","5","6","7","8","9","A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R","S","T","U","V","W","X","Y","Z","a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z"],28.778320470714014,62]
captcha.js:1 t-> 116 p-> 3 m-> [] b-> [null,null,["0","1","2","3","4","5","6","7","8","9","A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R","S","T","U","V","W","X","Y","Z","a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z"],28,62]
captcha.js:1 t-> 117 p-> 2 m-> [] b-> [null,null,"S",28,62]
captcha.js:1 t-> 120 p-> 3 m-> [] b-> [null,null,"S",["L","2","t","0","s","e","F","q","O","w","K","d","i","2","g","L","B","o","m","5","U","z","f","V","4","b","3","m","2","4","7"],62]
captcha.js:1 t-> 123 p-> 4 m-> [] b-> [null,null,"S",["L","2","t","0","s","e","F","q","O","w","K","d","i","2","g","L","B","o","m","5","U","z","f","V","4","b","3","m","2","4","7"],31]
captcha.js:1 t-> 124 p-> 1 m-> [] b-> [null,null,"S",["L","2","t","0","s","e","F","q","O","w","K","d","i","2","g","L","B","o","m","5","U","z","f","V","4","b","3","m","2","4","7","S"],31]
captcha.js:1 t-> 127 p-> 3 m-> [] b-> [null,null,[[true],true,["0","1","2","3","4","5","6","7","8","9","A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R","S","T","U","V","W","X","Y","Z","a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z"],["L","2","t","0","s","e","F","q","O","w","K","d","i","2","g","L","B","o","m","5","U","z","f","V","4","b","3","m","2","4","7","S"],31,28],4,31]
captcha.js:1 t-> 128 p-> 2 m-> [] b-> [null,null,31,4,31]
captcha.js:1 t-> 129 p-> 1 m-> [] b-> [null,null,31,4,31]
captcha.js:1 t-> 79 p-> 1 m-> [] b-> [null,null,31,4,31]
captcha.js:1 t-> 82 p-> 2 m-> [] b-> [null,null,32,4,31]
captcha.js:1 t-> 84 p-> 3 m-> [] b-> [null,null,32,32,31]
captcha.js:1 t-> 85 p-> 2 m-> [] b-> [null,null,false,32,31]
captcha.js:1 t-> 132 p-> 1 m-> [] b-> [null,null,false,32,31]
captcha.js:1 t-> 135 p-> 2 m-> [] b-> [null,null,["L","2","t","0","s","e","F","q","O","w","K","d","i","2","g","L","B","o","m","5","U","z","f","V","4","b","3","m","2","4","7","S"],32,31]
captcha.js:1 t-> 136 p-> 3 m-> [] b-> [null,null,["L","2","t","0","s","e","F","q","O","w","K","d","i","2","g","L","B","o","m","5","U","z","f","V","4","b","3","m","2","4","7","S"],["L","2","t","0","s","e","F","q","O","w","K","d","i","2","g","L","B","o","m","5","U","z","f","V","4","b","3","m","2","4","7","S"],31]
captcha.js:1 t-> 139 p-> 3 m-> [] b-> [null,null,["L","2","t","0","s","e","F","q","O","w","K","d","i","2","g","L","B","o","m","5","U","z","f","V","4","b","3","m","2","4","7","S"],null,31]
captcha.js:1 t-> 142 p-> 4 m-> [] b-> [null,null,["L","2","t","0","s","e","F","q","O","w","K","d","i","2","g","L","B","o","m","5","U","z","f","V","4","b","3","m","2","4","7","S"],null,""]
captcha.js:1 func function slice() { [native code] } called,args-> 4 5 res-> [""]
captcha.js:1 func:  ƒ join() { [native code] } caleed,two args-> ["L","2","t","0","s","e","F","q","O","w","K","d","i","2","g","L","B","o","m","5","U","z","f","V","4","b","3","m","2","4","7","S"] [""] res-> "L2t0seFqOwKdi2gLBom5UzfV4b3m247S"
captcha.js:1 t-> 144 p-> 2 m-> [] b-> [null,null,"L2t0seFqOwKdi2gLBom5UzfV4b3m247S",null,""]
captcha.js:1 t-> 147 p-> 4 m-> [] b-> [null,null,"L2t0seFqOwKdi2gLBom5UzfV4b3m247S",[[],"5BXnjhnQRpCcczSq4xKfN5kGCOU1CgQs",null,null,null,null],1]
captcha.js:1 t-> 148 p-> 2 m-> [] b-> [null,null,"L2t0seFqOwKdi2gLBom5UzfV4b3m247S",[[],"L2t0seFqOwKdi2gLBom5UzfV4b3m247S",null,null,null,null],1]
captcha.js:1 t-> 149 p-> 1 m-> [] b-> [null,null,"L2t0seFqOwKdi2gLBom5UzfV4b3m247S",[[],"L2t0seFqOwKdi2gLBom5UzfV4b3m247S",null,null,null,null],1]
captcha.js:1 t-> 152 p-> 2 m-> [] b-> [null,null,"L2t0seFqOwKdi2gLBom5UzfV4b3m247S",[[],"L2t0seFqOwKdi2gLBom5UzfV4b3m247S",null,null,null,null],1]
captcha.js:1 t-> 309 p-> 2 m-> [] b-> [null,null,"L2t0seFqOwKdi2gLBom5UzfV4b3m247S",[[],"L2t0seFqOwKdi2gLBom5UzfV4b3m247S",null,null,null,null],1]

产生32位长度的包含大小写数字的字符串。

接着:

func:  
ƒ (e){var t=n,a=e[t(228)+"h"];s[t(243)+"geLen"+t(204)]+=a,a=[a/4294967296>>>0,a>>>0];for(var f=r.codYh(s["fullM"+t(219)+t(216)+"th"][t(228)+"h"],1);f>=0;--f){s["fullMessag"+t(216)+"th"][f]+=a[1],a[1]=a… 
caleed,two args-> {"algorithm":"sha512","blockLength":128,"digestLength":64,"messageLength":32,"fullMessageLength":[0,0,0,32],"messageLengthSize":16,"messageLength128":[0,0,0,32]} ["L2t0seFqOwKdi2gLBom5UzfV4b3m247S"] res-> {"algorithm":"sha512","blockLength":128,"digestLength":64,"messageLength":32,"fullMessageLength":[0,0,0,32],"messageLengthSize":16,"messageLength128":[0,0,0,32]}

这个也是传入32位字符串sha512进行update。

接着也一样进行digest、tohex 操作,的到:

824b10a5e1bc0d5d96d029fc91890ab86e4fa2bc4f6aa8dd89ddd3b1c7e3122facf061db6deb876fe5f224c5c2f8b31e09bb3c88910eba3deda162b5db0387f6

captcha.js:1 t-> 224 p-> 1 m-> [] b-> ["824b10a5e1bc0d5d96d029fc91890ab86e4fa2bc4f6aa8dd89ddd3b1c7e3122facf061db6deb876fe5f224c5c2f8b31e09bb3c88910eba3deda162b5db0387f6","8f5711634f21ac9aa819d1cd6ba7b114e8e12a328280af677364c20e1489df3b972a53b13a24c7897ce426b40856756cbe754f768462a4e...","L2t0seFqOwKdi2gLBom5UzfV4b3m247S",[[],"L2t0seFqOwKdi2gLBom5UzfV4b3m247S",null,null,null,null],1]
captcha.js:1 t-> 225 p-> 0 m-> [] b-> ["824b10a5e1bc0d5d96d029fc91890ab86e4fa2bc4f6aa8dd89ddd3b1c7e3122facf061db6deb876fe5f224c5c2f8b31e09bb3c88910eba3deda162b5db0387f68f5711634f21ac9aa819d1cd6ba7b114e8e12a328280af677364c20e1489df3b972a53b13a24c7897ce426b40856756cbe754f768462a4eec4be6dcdcbfd86e5","8f5711634f21ac9aa819d1cd6ba7b114e8e12a328280af677364c20e1489df3b972a53b13a24c7897ce426b40856756cbe754f768462a4e...","L2t0seFqOwKdi2gLBom5UzfV4b3m247S",[[],"L2t0seFqOwKdi2gLBom5UzfV4b3m247S",null,null,null,null],1]

一看,突然出现了个8f5711634f21ac9aa819d1cd6ba7b114e8e12a328280af677364c20e1489df3b972a53b13a24c7897ce426b40856756cbe754f768462a4eec4be6dcdc...字符串和我们上面产生的824b10....进行了拼接。

这个可能是固定的salt哦,毕竟他是和随机产上的salt进行拼接。

接着:

func:  
ƒ Ug(e){var t=Jg,n="";return e[t(482)](/[\da-f]{2}/gi)[t(471)+"ch"]((function(e){var r=t;if("ZpPAZ"!==r(490)){return _0x1066c5[r(484)+"ing"]()[r(476)+"h"]("(((.+"+r(465)+"+$")[r(484)+"ing"]()[r(448)+r(… 
caleed,
two args-> null ["824b10a5e1bc0d5d96d029fc91890ab86e4fa2bc4f6aa8dd89ddd3b1c7e3122facf061db6deb876fe5f224c5c2f8b31e09bb3c88910eba3deda162b5db0387f68f5711634f21ac9aa819d1cd6ba7b114e8e12a328280af677364c20e1489df3b972a53b13a24c7897ce426b40856756cbe754f768462a4eec4be6dc..."] res-> "‚K\u0010¥á¼\r]–Ð)ü‘‰\n¸nO¢¼Oj¨Ý‰ÝÓ±Çã\u0012/¬ðaÛmë‡oåò$ÅÂø³\u001e\t»<ˆ‘\u000eº=í¡bµÛ\u0003‡öW\u0011cO!¬š¨\u0019ÑÍk§±\u0014èá*2‚€¯gsdÂ\u000e\u0014‰ß;—*S±:$lj|ä&´\bVul¾uOv„b¤îľmÍËý†å"

定位到原文:

    function Ug(e) {var t = Jg, n = "";return e[t(482)](/[\da-f]{2}/gi)[t(471) + "ch"]((function(e) {var r = t;if ("ZpPAZ" !== r(490)) {return _0x1066c5[r(484) + "ing"]()[r(476) + "h"]("(((.+" + r(465) + "+$")[r(484) + "ing"]()[r(448) + r(463) + "r"](_0x59eefd).search("(((.+" + r(465) + "+$")}n += String["fromC" + r(460) + "de"](parseInt(e, 16))})),n}

一看关键的一行:

n += String["fromCode"](parseInt(e, 16))

明显做了hex转string。

接着:

func:  ƒ (e){var t=n,a=e[t(228)+"h"];s[t(243)+"geLen"+t(204)]+=a,a=[a/4294967296>>>0,a>>>0];for(var f=r.codYh(s["fullM"+t(219)+t(216)+"th"][t(228)+"h"],1);f>=0;--f){s["fullMessag"+t(216)+"th"][f]+=a[1],a[1]=a… caleed,two args-> {"algorithm":"sha512","blockLength":128,"digestLength":64,"messageLength":128,"fullMessageLength":[0,0,0,128],"messageLengthSize":16,"messageLength128":[0,0,0,128]} ["‚K\u0010¥á¼\r]–Ð)ü‘‰\n¸nO¢¼Oj¨Ý‰ÝÓ±Çã\u0012/¬ðaÛmë‡oåò$ÅÂø³\u001e\t»<ˆ‘\u000eº=í¡bµÛ\u0003‡öW\u0011cO!¬š¨\u0019ÑÍk§±\u0014èá*2‚€¯gsdÂ\u000e\u0014‰ß;—*S±:$lj|ä&´\bVul¾uOv„b¤îľmÍËý†å"] res-> {"algorithm":"sha512","blockLength":128,"digestLength":64,"messageLength":128,"fullMessageLength":[0,0,0,128],"messageLengthSize":16,"messageLength128":[0,0,0,128]}

这是update。

接着:

func:  ƒ (){var t=n,r=new em;r.putBytes(c.bytes());var a=s["fullM"+t(219)+t(216)+"th"][s[t(245)+"essageLength"].length-1]+s["messa"+t(212)+"gthSize"]&s["block"+t(203)+"h"]-1;r.putBytes(eI.substr(0,s[t(195)+t(… caleed,two args-> {"algorithm":"sha512","blockLength":128,"digestLength":64,"messageLength":128,"fullMessageLength":[0,0,0,128],"messageLengthSize":16,"messageLength128":[0,0,0,128]} [] res-> {"data":"“þ°Œm÷\u0006G\f\u000b»í7ó7́ô\u001a@ƺP:0¡So
_Ǻd›qÎÂ\u0006?\u0015\nÚ¶àù^¤\\£Ž‘©Nµð\u00164¦
Êp","read":0,"_constructedStringLength":64}

这是digest操作

func:  ƒ (){for(var e=Hg,t="",n=this.read;n<this[e(205)].length;++n){var r=this.data["charC"+e(224)](n);r<16&&(t+="0"),t+=r.toString(16)}return t} caleed,two args-> {"data":"“þ°Œm÷\u0006G\f\u000b»í7ó7́ô\u001a@ƺP:0¡So
_Ǻd›qÎÂ\u0006?\u0015\nÚ¶àù^¤\\£Ž‘©Nµð\u00164¦
Êp","read":0,"_constructedStringLength":64} [] res-> "93feb08c6df706470c0bbb7fed37f337cd81f41a40c6ba503a30a1536f855fc7ba649b7f8f71cec2063f150adab6e0f95ea45ca38e91a94eb5f01634a685ca70"

这是tohex操作

接着:

captcha.js:1 func:  ƒ substring() { [native code] } caleed,two args-> "93feb08c6df706470c0bbb7fed37f337cd81f41a40c6ba503a30a1536f855fc7ba649b7f8f71cec2063f150adab6e0f95ea45ca38e91a94eb5f01634a685ca70" [0,64] res-> "93feb08c6df706470c0bbb7fed37f337cd81f41a40c6ba503a30a1536f855fc7"

取[0,64]子串操作。

接着:

captcha.js:1 func:  ƒ substring() { [native code] } caleed,two args-> "93feb08c6df706470c0bbb7fed37f337cd81f41a40c6ba503a30a1536f855fc7ba649b7f8f71cec2063f150adab6e0f95ea45ca38e91a94eb5f01634a685ca70" [64,88] res-> "ba649b7f8f71cec2063f150a"

也是一样的,取[64,68]

接着:

[{"aesKey":"93feb08c6df706470c0bbb7fed37f337cd81f41a40c6ba503a30a1536f855fc7","iv":"ba649b7f8f71cec2063f150a"},"ba649b7f8f71cec2063f150a",64,88,1]

发现得到了重要信息:AES KEY IV

ƒ Yg(e){var t=Jg;return new Uint8Array(e.match(/[\da-f]{2}/gi)[t(468)]((function(e){return parseInt(e,16)})))} caleed,two args->null ["879e508e0a1baaf285f2768c1e6cc7216ec5b788057a17ffa64c66a515383097ee76ce19b1f5db05e740c436b1073c2652f4adeb3d7a167c43442855801d802e7b226d6f6469666965645f696d675f7769647468223a3334302c226964223a2265356536626232323361336561666366666632363863663262346664633834343735623039373331222c226d6f6465223a22736c696465222c224b5351223a5b7b2278223a302c2279223a38362c2272656c61746976655f74696d65223a3132357d2c7b2278223a31312c2279223a38362c2272656c61746976655f74696d65223a3136307d2c7b2278223a32322c2279223a38362c2272656c61746976655f74696d65223a3139367d2c7b2278223a33312c2279223a38362c2272656c61746976655f74696d65223a3233337d2c7b2278223a33352c2279223a38362c2272656c61746976655f74696d65223a3237317d2c7b2278223a33362c2279223a38362c2272656c61746976655f74696d65223a3331307d2c7b2278223a33372c2279223a38362c2272656c61746976655f74696d65223a3334367d2c7b2278..."] res-> {"0":135,"1":158,"2":80,"3":142,"4":10,"5":27,"6":170,"7":242,"8":133,"9":242,"10":118,"11":140,"12":30,"13":108,"14":199,"15":33,"16":110,"17":197,"18":183,"19":136,"20":5,"21":122,"22":23,"23":255,"24":166,"25":76,"26":102,"27":165,"28":21,"29":56,"30":48,"31":151,"32":238,"33":118,"34":206,"35":25,"36":177,"37":245,"38":219,"39":5,"40":231,"41":64,"42":196,"43":54,"44":177,"45":7,"46":60,"47":38,"48":82,"49":244,"50":173,"51":235,"52":61,"53":122,"54":22,"55":124,"56":67,"57":68,"58":40,"59...

定位到原文:

    function Yg(e) {var t = Jg;return new Uint8Array(e.match(/[\da-f]{2}/gi)[t(468)]((function(e) {return parseInt(e, 16)})))}

16进制字符串转整数列表。这里为什么说是列表,是因为,我这里日志用的json.stringify打印出来的,所以看起来像字典,其实不是,是列表。

接着:

captcha.js:1 func function slice() { [native code] } called,args-> 5 6 res-> ["93feb08c6df706470c0bbb7fed37f337cd81f41a40c6ba503a30a1536f855fc7"]captcha.js:1 func:  ƒ Yg(e){var t=Jg;return new Uint8Array(e.match(/[\da-f]{2}/gi)[t(468)]((function(e){return parseInt(e,16)})))} caleed,two args-> null ["93feb08c6df706470c0bbb7fed37f337cd81f41a40c6ba503a30a1536f855fc7"] res-> {"0":147,"1":254,"2":176,"3":140,"4":109,"5":247,"6":6,"7":71,"8":12,"9":11,"10":187,"11":127,"12":237,"13":55,"14":243,"15":55,"16":205,"17":129,"18":244,"19":26,"20":64,"21":198,"22":186,"23":80,"24":58,"25":48,"26":161,"27":83,"28":111,"29":133,"30":95,"31":199}

把我们上面的AES的key转成了int列表。

接着:

captcha.js:1 func function slice() { [native code] } called,args-> 6 7 res-> ["ba649b7f8f71cec2063f150a"]captcha.js:1 func:  ƒ Yg(e){var t=Jg;return new Uint8Array(e.match(/[\da-f]{2}/gi)[t(468)]((function(e){return parseInt(e,16)})))} caleed,two args-> null ["ba649b7f8f71cec2063f150a"] res-> {"0":186,"1":100,"2":155,"3":127,"4":143,"5":113,"6":206,"7":194,"8":6,"9":63,"10":21,"11":10}

这个iv一样

接下来其实离我们最终解密已经不远了,下一篇中继续!!

记得加入我们的学习群:

记得加入我们的学习群:961566389

点击链接加入群聊:https://h5.qun.qq.com/s/62P0xwrCNO

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.mzph.cn/pingmian/16266.shtml

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈email:809451989@qq.com,一经查实,立即删除!

相关文章

浅谈Docker容器的网络通信原理

浅谈Docker容器的网络通信原理

文章目录 1、回顾容器概念2、容器网络3、容器与主机之间的网络连通4、交换机的虚拟实现---虚拟网桥&#xff08;Bridge&#xff09;5、Docker 守护进程daemon管理容器网络 1、回顾容器概念 我们知道容器允许我们在同一台宿主机&#xff08;电脑&#xff09;上运行多个服务&…
阅读更多...
moviepy入门

moviepy入门

1. 简介 由于恶心的工作和没有规划的部门安排&#xff0c;我被排到了算法部门&#xff0c;从事和算法没有半毛钱关系的业务上&#xff0c;也就是。。。搞视频。咋说呢&#xff1f;视频这东西我没有一点基础&#xff0c;还好有前人写好的代码&#xff0c;用的是moviepy和ffmpeg…
阅读更多...
Zoho Campaigns邮件营销怎么发邮件?

Zoho Campaigns邮件营销怎么发邮件?

Zoho Campaigns&#xff0c;作为业界领先的邮件营销平台&#xff0c;以其强大的功能、用户友好的界面以及深度的分析能力&#xff0c;为企业提供了一站式的邮件营销解决方案&#xff0c;助力企业高效地触达目标受众&#xff0c;构建并巩固庞大的客户基础。云衔科技为企业提供Zo…
阅读更多...
数据结构(四)

数据结构(四)

数据结构&#xff08;四&#xff09; 算法算法的特征算法和程序的区别怎么样评判一个算法的好坏 常见的查找算法线性树状哈希查找构建哈希函数的方法质数求余法解决冲突 算法 一堆指令的有序集合 算法的特征 唯一性&#xff1a;每一句话只有一种解释 有穷性&#xff1a;算法能…
阅读更多...
企业活动想找媒体报道宣传怎样联系媒体?

企业活动想找媒体报道宣传怎样联系媒体?

在那遥远的公关江湖里,有一个传说,说的是一位勇士,手持鼠标和键盘,踏上了寻找媒体圣杯的征途。这位勇士,就是我们亲爱的市场部门小李,他的任务是为公司即将举行的一场盛大的企业活动找到媒体的聚光灯。 小李的故事,开始于一张空白的Excel表格,上面列着各大媒体的名称,旁边是一片…
阅读更多...
如何让大模型更聪明

如何让大模型更聪明

目录 如何让大模型更聪明&#xff1f; &#x1f349;算法创新 &#x1f348;新型优化算法 &#x1f34d;案例分析&#xff1a;LAMB优化器 &#x1f348;对比学习 &#x1f34d;应用案例&#xff1a;SimCLR &#x1f348;强化学习 &#x1f34d;案例分析&#xff1a;Alph…
阅读更多...
【30天精通Prometheus:一站式监控实战指南】第4天:node_exporter从入门到实战:安装、配置详解与生产环境搭建指南,超详细

【30天精通Prometheus:一站式监控实战指南】第4天:node_exporter从入门到实战:安装、配置详解与生产环境搭建指南,超详细

亲爱的读者们&#x1f44b;   欢迎加入【30天精通Prometheus】专栏&#xff01;&#x1f4da; 在这里&#xff0c;我们将探索Prometheus的强大功能&#xff0c;并将其应用于实际监控中。这个专栏都将为你提供宝贵的实战经验。&#x1f680;   Prometheus是云原生和DevOps的…
阅读更多...
蓝桥杯-班级活动

蓝桥杯-班级活动

题目描述 小明的老师准备组织一次班级活动。班上一共有 ( n ) 名&#xff08;( n ) 为偶数&#xff09;同学&#xff0c;老师想把所有的同学进行分组&#xff0c;每两名同学一组。为了公平&#xff0c;老师给每名同学随机分配了一个 ( n ) 以内的正整数作为 id&#xff0c;第 …
阅读更多...
C++标准库中string的底层实现方式

C++标准库中string的底层实现方式

对于C中 std::string 的一些基本功能和用法&#xff0c;我们应该都很熟悉。但它底层到底是如何实现的呢? 其实在 std::string 的历史中&#xff0c;出现过几种不同的方式。下面我们来一一揭晓。 我们可以从一个简单的问题来探索&#xff0c;一个 std::string 对象占据的内存空…
阅读更多...
RK3568笔记二十五:RetinaFace人脸检测训练部署

RK3568笔记二十五:RetinaFace人脸检测训练部署

若该文为原创文章&#xff0c;转载请注明原文出处。 一、介绍 Retinaface是来自insightFace的又一力作&#xff0c;基于one-stage的人脸检测网络。RetinaFace是在RetinaNet基础上引申出来的人脸检测框架&#xff0c;所以大致结构和RetinaNet非常像。 官方提供两种主干特征提取网…
阅读更多...
Python 中别再用 ‘+‘ 拼接字符串了!

Python 中别再用 ‘+‘ 拼接字符串了!

当我开始学习 Python 时&#xff0c;使用加号来连接字符串非常直观和容易&#xff0c;就像许多其他编程语言&#xff08;比如Java&#xff09;一样。 然而&#xff0c;很快我意识到许多开发者似乎更喜欢使用.join()方法而不是。 在本文中&#xff0c;我将介绍这两种方法之间的…
阅读更多...
关于数据库和数据表的基础SQL

关于数据库和数据表的基础SQL

目录 一. 数据库的基础SQL 1. 创建数据库 2. 查看当前有哪些数据库 3. 选中数据库 4. 删除数据库 5. 小结 二. 数据表的基础SQL 1. 创建数据表 2. 查看当前数据库中有哪些表 3. 查看指定表的详细情况(查看表的结构) 4. 删除表 5. 小结 一. 数据库的基础SQL 1. 创建…
阅读更多...
python内置函数map/filter/reduce详解

python内置函数map/filter/reduce详解

在Python中&#xff0c;map(), filter(), 和 reduce() 是内置的高级函数(实际是class)&#xff0c;用于处理可迭代对象&#xff08;如列表、元组等&#xff09;的元素。这些函数通常与lambda函数一起使用&#xff0c;以简洁地表达常见的操作。下面我将分别解释这三个函数。 1. …
阅读更多...
xgboost项目实战-保险赔偿额预测与信用卡评分预测001

xgboost项目实战-保险赔偿额预测与信用卡评分预测001

目录 算法代码 原理 算法流程 xgb.train中的参数介绍 params min_child_weight gamma 技巧 算法代码 代码获取方式&#xff1a;链接&#xff1a;https://pan.baidu.com/s/1QV7nMC5ds5wSh-M9kuiwew?pwdx48l 提取码&#xff1a;x48l 特征直方图统计&#xff1a; fig, …
阅读更多...
各大模型厂商API使用:百度、阿里、豆包、kimi、deepseek

各大模型厂商API使用:百度、阿里、豆包、kimi、deepseek

百度ERNIE(支持requests接口) ERNIE Speed、ERNIE Lite免费 免费测试下来模型ernie_speed输出吞吐量计算20-30来个,“{length/cost} tokens/s” 输出总长度/耗时 https://qianfan.cloud.baidu.com/ 文档: https://cloud.baidu.com/doc/WENXINWORKSHOP/s/dltgsna1o a…
阅读更多...
智能进化:深度学习与进化计算的融合艺术

智能进化:深度学习与进化计算的融合艺术

《进化深度学习》这本书深入探索了进化计算&#xff08;EC&#xff09;在深度学习领域的应用&#xff0c;为读者提供了一套丰富而实用的技术工具&#xff0c;这些工具可以贯穿深度学习的整个过程&#xff0c;助力研究者们解决各种复杂的问题。书中不仅详细介绍了遗传算法和进化…
阅读更多...
怎么理解直接程序控制和中断方式?

怎么理解直接程序控制和中断方式?

直接程序控制 看完之后是不是依然一头雾水&#xff1f;来看下面两个例子 无条件传送 假设你正在使用键盘打字。当你敲击键盘上的一个键时&#xff0c;键盘会立即产生一个信号&#xff08;即输入数据&#xff09;&#xff0c;并且这个信号会立即被电脑接收。在这个过程中&…
阅读更多...
比较两列数据

比较两列数据

点其中一个数据 删掉S&#xff0c;回车 大的标红
阅读更多...
v-cloak 用于在 Vue 实例渲染完成之前隐藏绑定的元素

v-cloak 用于在 Vue 实例渲染完成之前隐藏绑定的元素

如果你是后端开发者&#xff08;php&#xff09;&#xff0c;在接触一些vue2开发的后台时&#xff0c;会发现有这段代码&#xff1a; # CDN <script src"https://cdn.jsdelivr.net/npm/vue2/dist/vue.js"></script> # 或 <script src"https://cd…
阅读更多...
三十六计的笔记

三十六计的笔记

系列文章目录 三十六计的笔记 文章目录 系列文章目录1、瞒天过海2、围魏救赵3、借刀杀人4、以逸待劳5、趁火打劫6、声东击西7、无中生有8、暗渡陈仓9、隔岸观火10、笑里藏刀11、李代桃僵12、顺手牵羊13、打草惊蛇14、借尸还魂15、调虎离山16、欲擒故纵17、抛砖引玉18、擒贼擒王…
阅读更多...
推荐文章
最新文章

Copyright @ 2022~2023