js逆向案例 | 加速乐反爬逆向

前言

加速乐作为一种常见的反爬虫技术,在网络上已有大量详尽深入的教程可供参考。然而,对于那些初次接触的人来说,直接面对它可能仍会感到困惑。

声明

本文仅用于学习交流,学习探讨逆向知识,欢迎私信共享学习心得。如有侵权,联系博主删除。请勿商用,否则后果自负。

什么是加速乐?

加速乐采用了一系列的高级反爬虫技术,包括OB混淆、动态加密算法和多层Cookie获取,以确保整体校验的严密性。关键校验字段位于Cookie中的__jsl_clearance_s。其验证过程通常涉及三次关键的请求

  1. 首次请求:当用户首次尝试访问目标网站时,服务器会返回一个特殊的521状态码,其响应数据通过AAEncode技术进行混淆处理,以初步筛选访问者。

  2. 二次请求:紧接着的第二次请求中,如果服务器继续检测到可疑行为,它会再次返回521状态码,但这次响应数据将采用更为复杂的OB混淆,进一步验证访问者的身份。

  3. 三次请求:只有在前两次请求成功通过验证后,第三次请求才能成功访问网站,此时服务器将返回正常的状态码200,并提供用户所需的内容。

通过这一连串精心设计的步骤,加速乐确保了只有合法的访问者能够顺利获取网站数据,从而有效抵御恶意爬虫的侵扰,我们要做的就是模拟这些操作,获取想要的数据。

今日网站

目标URL: aHR0cHM6Ly93d3cuY252ZC5vcmcuY24vZmxhdy90eXBlbGlzdD90eXBlSWQ9Mjc=

流程分析-浏览器

按照常规做法,我们首先进行网络抓包分析。

第一次请求

  • 发送:未携带 Cookie
  • 响应:状态码521,Cookie 中的__jsluid_s值和js代码

第二次请求

  • 发送:Cookie 携带__jsluid_s__jsl_clearance_s
  • 响应:状态码521,新的js代码

第三次请求

  • 发送:Cookie 携带原始__jsluid_s值,新的__jsl_clearance_s
  • 响应:状态码200,正文内容

观察结果揭示了对同一页面共发起了三次HTTP请求:前两次请求均遭遇了521状态码的响应,而最后一次请求成功收到了200状态码。这种模式正是加速乐反爬虫机制的显著特征。

流程分析-抓包工具

浏览器上我们没能看到具体的响应,我们借助抓包工具试试,这里使用的Fiddler

第一次请求

第二次请求

第三次请求

同样,看到了三次请求的过程,并且向我们展示了具体的响应。

逆向分析

获取第一个__jsl_clearance_s

通过Fiddler或使用python模拟请求,得到下面这样一段JS代码:

<script>document.cookie=('_')+('_')+('j')+('s')+('l')+('_')+('c')+('l')+('e')+('a')+('r')+('a')+('n')+('c')+('e')+('_')+('s')+('=')+(+!+[]+'')+(3+4+'')+(-~false+'')+(2+7+'')+(4+'')+(1+6+'')+(2+'')+((2<<1)+'')+((2)*[2]+'')+(([2]+0>>2)+'')+('.')+(-~1+'')+((2^1)+'')+((1+[2])/[2]+'')+('|')+('-')+((+true)+'')+('|')+('L')+('w')+('j')+(1+2+'')+('u')+('T')+('F')+('n')+(-~{}+'')+('j')+('j')+(~~''+'')+('E')+('t')+(~~false+'')+('g')+('I')+(-~1+'')+('J')+('g')+('i')+('K')+('m')+((1+[2])/[2]+'')+('N')+('f')+((1<<2)+'')+('%')+((1+[2]>>2)+'')+('D')+(';')+(' ')+('M')+('a')+('x')+('-')+('a')+('g')+('e')+('=')+(-~[2]+'')+(-~[5]+'')+((+false)+'')+(~~{}+'')+(';')+(' ')+('P')+('a')+('t')+('h')+('=')+('/')+(';')+(' ')+('S')+('a')+('m')+('e')+('S')+('i')+('t')+('e')+('=')+('N')+('o')+('n')+('e')+(';')+(' ')+('S')+('e')+('c')+('u')+('r')+('e');location.href=location.pathname+location.search</script>

复制到浏览器执行下来看看:

得到了__jsl_clearance_s=1719472445.236|-1|Lwj3uTFn1jj0Et0gI2JgiKm6Nf4%3D; Max-age=3600; Path=/; SameSite=None; Secure

__jsl_clearance_s正是第二次请求需要带上的Cookie之一。

真的老登。为了使代码难以阅读和分析,还进行了AAEncode加密混淆。

获取第二个__jsl_clearance_s

使用第一个请求后得到的 Cookies 继续发起第二段请求得到新的 JS 代码:

代码被压缩了,不是很好看,使用在线 JS 美化(https://spidertools.cn/#/formatJS)后:

<script>
var _0x4f9d = ['HnJu', 'w4Jow5Ak', 'CCrDq8KX', 'KMOVZMOX', 'MCDDjzg=', 'w553w5PDpw==', 'CsOXbcOX', 'woXChMOAwq0=', 'JsOPXcO+', 'wplFw6JY', 'bX8pwpU=', 'w6fDjkzCmw==', 'woB0wrrDkg==', 'w6HCmMOiZA==', 'GRbCklw=', 'dw03Kw==', 'w47DqcO7Tg==', 'D8ORfwI=', 'GsOCSsOt', 'TjUePw==', 'wpXCnHRJ', 'w4xRw7bDrQ==', 'ScKdwqDDuQ==', 'M1hDwrQ=', 'woLCusOhwos=', 'eFZBw70=', 'w7XDocKsdA==', 'CDfDjkM=', 'w6czWcK8', 'X1gqwrc=', 'wr/DoDvDig==', 'flHDuAg=', 'HBbDjMKL', 'QFLCpcOi', 'I8OBccOM', 'w6Amw4nClQ==', 'PEHCoDg=', 'w5RYworDrg==', 'w4Z/wqHDnQ==', 'OifDgDc=', 'HWxlwpk=', 'aX7DnQU=', 'w73DtcOnwoQ=', 'YmHCncOD', 'WXw5wp0=', 'P1bCosKl', 'wpzCj8OrwrQ=', 'w4QGw6nDsQ==', 'a8KswrvDkw==', 'ACzDmH0=', 'wonDl8OtwrM=', 'JWVbwq0=', 'Z3YdwpQ=', 'CGjCgsKx', 'w5MaPMO3', 'w5sgLMOT', 'IlPCtX4=', 'w6rDl8OUUA==', 'w4TDksODWw==', 'wqLDuCLDlA==', 'w6LDksOOVg==', 'Vxcwwp0=', 'w5rCv8KcKw==', 'ccKSCsK7', 'am5Xw5c=', 'w78Jw6nDpQ==', 'KUPCqsKQ', 'w53CjcKHAA==', 'w7HCncK4NA==', 'wrnCt8OZwoQ=', 'wpMfwpXCjQ==', 'w5AIBsOT', 'w5fDs1jCjw==', 'w5RDw7Mz', 'wrwkwqbCqg==', 'w4V6wrXDhw==', 'GCrDvA==', 'wqfDkMOWw4U=', 'Gx3DksKo', 'w6c6bcKE', 'EwDDuwk=', 'ehvCh20=', 'w6tUw5TCkw==', 'w4tHw6/Dhg==', 'GMKZw7HDsg==', 'w5MCAMO3', 'w7hSw6nDgA==', 'w7TDlcOLwqI=', 'w602a8K6', 'w7p9w7wu', 'wrkuw6w4', 'w6tJw5PCmw==', 'fljDpBs=', 'w6DDq8KYSg==', 'LGHCv8Kd', 'enbCtXQ=', '6K2i5rGm6aia6K6c', 'w4gCAsO7', 'PsOrYgI=', 'cDIrNA==', 'w7PCghEU', 'wrsTw5XClQ==', 'wpQKw4Yq', 'DQDDiRI=', 'w67DtMOmwrU=', 'DmjCiMKk', 'XcKBwpnDow==', 'wqk0HMO0', 'w4Y7w6XDsw==', 'wrjDtCDDhA==', 'woDDoQvDgg==', 'wo06wrjCvA==', 'w5JewoHDiQ==', 'NkLCpcK6', 'wrLCuHpi', 'YHo6wpo=', 'w7vCosK+w7c=', 'w4NMw5sw', 'wpY1woXCiQ==', 'wqsMwoTCoA==', 'w5dMwpzDtQ==', 'w4J1w4vCqw==', 'w4HCoMOVVA==', 'w7zCo8Kww50=', 'wp/CmURc', 'w7dKw7IW', 'w7IbwqI=', 'wrDCjMOYwqs=', 'al3CicOl', 'w5LCosOcQg==', 'J8OIZMOR', 'w4HDssKjfQ==', 'w5ZJworDiA==', 'w4wBacKd', 'JBzDnBA=', 'wohaw6zDgg==', 'w6VAw7oT', 'w5zCpMKdw6c=', 'aBUWPg==', 'w5zDsMOfVQ==', 'w7dtwofDjQ==', 'wrvDphrDoA==', 'wqYnwqpC', 'OzzDnyw=', 'w7LCnsK7wr4=', 'w70pw77DiA==', 'wq98w5xQ', 'Ah3Cl1w=', 'wrZ4w73DgQ==', 'IsOjX8Ou', 'enFMw7o=', 'w53DpcKPYg==', 'w7J9wq3DlQ==', 'E8OMf8OC', 'aR4hwpY=', 'NTLDiTA=', 'BMOvbCA=', 'Z20pwoE=', 'wpZxw5BY', 'YFjDoSA=', 'w43DosOpfw==', 'w7xJw4c6', 'wrjCn1J4', 'wrPCs21R', 'w5dfw6fCmg==', 'bcKwwoXDjw==', 'B3FowpY=', 'WWdaw5I=', 'wq14w4Re', 'KFnCucKe', 'w6M4fcKm', 'dH9pw5A=', 'woLDjMOiw5g=', 'J0bCug==', 'E17CqMK8', 'w4FWw4fDhw==', 'FxDDhj0=', 'w4vDr8OgwqU=', 'w4JNwrjDoA==', 'wqgQAMOj', 'w6l3wqnDlw==', 'wowfRcOi', 'JTPChG4=', 'w5PDosOrwro=', 'wqIwBsO8', 'CSbDrEg=', 'enQh', 'O8KwLsOX', 'w4pTw4/Ckw==', 'wozDu8OYw78=', 'ASTCgG4=', 'w6sLO8Oz', 'w7vCrSwy', 'FVrCqMK9', 'w5R4w4TCtw==', 'IsOPacOw', 'w5HDh8O0WA==', 'woUbwp/Djw==', 'wpIcw5wZ', 'BcOybcOO', 'E8KVw4DDmA==', 'cBQpwr0=', 'wqzCh8OlwqU=', 'V2JMw7I=', 'w5Bjw643', 'w6ciw73Cjw==', 'LMOFcsOH', 'XMK2wpfDjw==', 'fEjDnj0=', 'AMOZQ8OI', 'MwHDgcKB', 'w6NzwpnDnA==', 'LzHDgcKW', 'I8OaSzE=', 'wqADw5DCpA==', 'wofDnsOjw70=', 'wqDCnFhW', 'w5rDrMONXA==', 'w4FQw5g8', 'w4tTw6LDog==', 'w6JEw4rDjg==', 'w4hcwo3DtQ==', 'QmbCpMO+', 'QxYQwqI=', 'cEdFw70=', 'AHHCgMKp', 'J8OPasOI', 'PQfDisKg', 'UsKwwpzDrg==', 'KGjCokI=', 'cMK3wpbCkQ==', 'wos+McOC', 'QWFPw60=', 'w7fDjV7CnQ==', 'w77Dk8KeSQ==', 'C8OQSMOh', 'w6PCtTkN', 'w6MWX8KP', 'EsOMZMOM', 'CBrDuz0=', 'w7vCk8K9w78=', 'K8OedsOl', 'w4jDssOQwpw=', 'wqrCgMOewoU=', 'woVRw4Vg', 'w6gJw4/Dow==', 'NgXDocKq', 'wqjCusODwro=']; (function(_0x19121c, _0x4f9dfd) {var _0x242e7e = function(_0x1234f2) {while (--_0x1234f2) {_0x19121c['push'](_0x19121c['shift']());}};_0x242e7e(++_0x4f9dfd);
} (_0x4f9d, 0xcd));
var _0x242e = function(_0x19121c, _0x4f9dfd) {_0x19121c = _0x19121c - 0x0;var _0x242e7e = _0x4f9d[_0x19121c];if (_0x242e['pWhajf'] === undefined) { (function() {var _0x374e37 = function() {var _0xc24bb1;try {_0xc24bb1 = Function('return\x20(function()\x20' + '{}.constructor(\x22return\x20this\x22)(\x20)' + ');')();} catch(_0x35be13) {_0xc24bb1 = window;}return _0xc24bb1;};var _0x2bf576 = _0x374e37();var _0x111317 = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';_0x2bf576['atob'] || (_0x2bf576['atob'] = function(_0x5dde13) {var _0x5c7399 = String(_0x5dde13)['replace'](/=+$/, '');var _0x35f834 = '';for (var _0xe67248 = 0x0,_0x1996e0, _0x168349, _0xa49425 = 0x0; _0x168349 = _0x5c7399['charAt'](_0xa49425++);~_0x168349 && (_0x1996e0 = _0xe67248 % 0x4 ? _0x1996e0 * 0x40 + _0x168349: _0x168349, _0xe67248++%0x4) ? _0x35f834 += String['fromCharCode'](0xff & _0x1996e0 >> ( - 0x2 * _0xe67248 & 0x6)) : 0x0) {_0x168349 = _0x111317['indexOf'](_0x168349);}return _0x35f834;});} ());var _0x14331d = function(_0x26a509, _0x5f3346) {var _0x158793 = [],_0x2049e9 = 0x0,_0x34a13f,_0xaa79eb = '',_0x47bb36 = '';_0x26a509 = atob(_0x26a509);for (var _0x3e208d = 0x0,_0x538c1c = _0x26a509['length']; _0x3e208d < _0x538c1c; _0x3e208d++) {_0x47bb36 += '%' + ('00' + _0x26a509['charCodeAt'](_0x3e208d)['toString'](0x10))['slice']( - 0x2);}_0x26a509 = decodeURIComponent(_0x47bb36);var _0x120653;for (_0x120653 = 0x0; _0x120653 < 0x100; _0x120653++) {_0x158793[_0x120653] = _0x120653;}for (_0x120653 = 0x0; _0x120653 < 0x100; _0x120653++) {_0x2049e9 = (_0x2049e9 + _0x158793[_0x120653] + _0x5f3346['charCodeAt'](_0x120653 % _0x5f3346['length'])) % 0x100;_0x34a13f = _0x158793[_0x120653];_0x158793[_0x120653] = _0x158793[_0x2049e9];_0x158793[_0x2049e9] = _0x34a13f;}_0x120653 = 0x0;_0x2049e9 = 0x0;for (var _0x1e954f = 0x0; _0x1e954f < _0x26a509['length']; _0x1e954f++) {_0x120653 = (_0x120653 + 0x1) % 0x100;_0x2049e9 = (_0x2049e9 + _0x158793[_0x120653]) % 0x100;_0x34a13f = _0x158793[_0x120653];_0x158793[_0x120653] = _0x158793[_0x2049e9];_0x158793[_0x2049e9] = _0x34a13f;_0xaa79eb += String['fromCharCode'](_0x26a509['charCodeAt'](_0x1e954f) ^ _0x158793[(_0x158793[_0x120653] + _0x158793[_0x2049e9]) % 0x100]);}return _0xaa79eb;};_0x242e['lzYmSp'] = _0x14331d;_0x242e['NOKXUN'] = {};_0x242e['pWhajf'] = !![];}var _0x1234f2 = _0x242e['NOKXUN'][_0x19121c];if (_0x1234f2 === undefined) {if (_0x242e['aAdNqk'] === undefined) {_0x242e['aAdNqk'] = !![];}_0x242e7e = _0x242e['lzYmSp'](_0x242e7e, _0x4f9dfd);_0x242e['NOKXUN'][_0x19121c] = _0x242e7e;} else {_0x242e7e = _0x1234f2;}return _0x242e7e;
};
function hash(_0x9060ec) {var _0x56d93e = {};_0x56d93e[_0x242e('0x88', '[dwE') + 'B'] = function(_0x56d31c, _0x4684c2) {return _0x56d31c ^ _0x4684c2;};_0x56d93e[_0x242e('0x98', 'KLsb') + 'K'] = function(_0x5d1cb4, _0x4fec97) {return _0x5d1cb4 + _0x4fec97;};_0x56d93e[_0x242e('0xc9', 'RdUn') + 'Q'] = function(_0x2830f5, _0x3115ee) {return _0x2830f5 & _0x3115ee;};_0x56d93e[_0x242e('0x1a', 'wJXr') + 'C'] = _0x242e('0x37', '7MeK') + _0x242e('0x6a', 'WiN!') + _0x242e('0x59', '44!c') + _0x242e('0x35', '2kzu');_0x56d93e[_0x242e('0x27', 'RdUn') + 'E'] = function(_0x1c9897, _0x45d164) {return _0x1c9897 >= _0x45d164;};_0x56d93e[_0x242e('0xb7', 'jz(8') + 'T'] = function(_0x421f06, _0xd55dd2) {return _0x421f06 & _0xd55dd2;};_0x56d93e[_0x242e('0x6e', 'DKxx') + 'u'] = function(_0x5f14e3, _0xaa1ce0) {return _0x5f14e3 >> _0xaa1ce0;};_0x56d93e[_0x242e('0x5f', '2kzu') + 'W'] = function(_0x1ee44a, _0x35783f) {return _0x1ee44a * _0x35783f;};_0x56d93e[_0x242e('0x34', 'RdUn') + 'a'] = function(_0x46b7f1, _0x4a20e5) {return _0x46b7f1 < _0x4a20e5;};_0x56d93e[_0x242e('0x73', '[qVg') + 'h'] = function(_0x14dcd2, _0x4d9d4d) {return _0x14dcd2 !== _0x4d9d4d;};_0x56d93e[_0x242e('0x7a', 'Yn#o') + 'd'] = _0x242e('0x65', '39wR') + 'o';_0x56d93e[_0x242e('0xca', 'rz@b') + 'g'] = _0x242e('0x2a', 'AddD') + 'K';_0x56d93e[_0x242e('0xcf', '!N%0') + 'j'] = function(_0x48605d, _0x1898d3) {return _0x48605d - _0x1898d3;};_0x56d93e[_0x242e('0xa4', '!N%0') + 'F'] = function(_0x4f09e6, _0x375fb6) {return _0x4f09e6 - _0x375fb6;};_0x56d93e[_0x242e('0xc6', 'eW8B') + 'o'] = function(_0x34eb93, _0x375f04) {return _0x34eb93 * _0x375f04;};_0x56d93e[_0x242e('0x36', '[qVg') + 'c'] = function(_0xc255e4, _0x218981) {return _0xc255e4 * _0x218981;};_0x56d93e[_0x242e('0xe8', 'H^(H') + 'q'] = function(_0x9d26e0, _0x2d6674) {return _0x9d26e0 | _0x2d6674;};_0x56d93e[_0x242e('0xd', 'hT&#') + 'E'] = function(_0x4cbd01, _0x9c0bce) {return _0x4cbd01 << _0x9c0bce;};_0x56d93e[_0x242e('0x75', ')XYN') + 'x'] = function(_0x3ca860, _0x5ee768) {return _0x3ca860 | _0x5ee768;};_0x56d93e[_0x242e('0x53', '1PiT') + 'G'] = function(_0x4b0507, _0x3f9adb) {return _0x4b0507 & _0x3f9adb;};_0x56d93e[_0x242e('0x16', 'Pp)R') + 'k'] = function(_0x3c8b1e, _0x4fbeaf) {return _0x3c8b1e & _0x4fbeaf;};_0x56d93e[_0x242e('0x72', 'j6$e') + 'l'] = function(_0x3ec1c7, _0x33dc54) {return _0x3ec1c7 ^ _0x33dc54;};_0x56d93e[_0x242e('0xab', 'qXw7') + 'j'] = function(_0x1089f8, _0x5c87d7) {return _0x1089f8 < _0x5c87d7;};_0x56d93e[_0x242e('0xcd', ']jDr') + 'C'] = _0x242e('0x4f', 'rz@b') + _0x242e('0xbb', 'AddD') + _0x242e('0xe0', 'j6$e') + '5';_0x56d93e[_0x242e('0xb3', 'hT&#') + 'd'] = function(_0x5d7b90, _0x5a425c) {return _0x5d7b90 + _0x5a425c;};_0x56d93e[_0x242e('0x95', 'VSWp') + 'P'] = function(_0x4ecbb1, _0x53410a) {return _0x4ecbb1 - _0x53410a;};_0x56d93e[_0x242e('0x71', ')XYN') + 'N'] = function(_0x52aafa, _0x29ddaa, _0x27522a) {return _0x52aafa(_0x29ddaa, _0x27522a);};_0x56d93e[_0x242e('0xda', 'PS*t') + 'k'] = function(_0x7809d0, _0x5470e7, _0x3312f0, _0x4a0ff2, _0x34e1b9) {return _0x7809d0(_0x5470e7, _0x3312f0, _0x4a0ff2, _0x34e1b9);};_0x56d93e[_0x242e('0x0', '7MeK') + 'l'] = function(_0x58f83b, _0x500050, _0x1a3df5) {return _0x58f83b(_0x500050, _0x1a3df5);};_0x56d93e[_0x242e('0xbc', '3QwA') + 'C'] = function(_0x237547, _0x4808d4) {return _0x237547(_0x4808d4);};_0x56d93e[_0x242e('0x31', 'aHP2') + 'K'] = function(_0x31c20b, _0x3f038b) {return _0x31c20b + _0x3f038b;};_0x56d93e[_0x242e('0xa8', 'hT&#') + 'm'] = function(_0x34b50e, _0x1f9c07) {return _0x34b50e + _0x1f9c07;};_0x56d93e[_0x242e('0xdb', 'eW8B') + 'a'] = function(_0xe4008c, _0x52ab0f) {return _0xe4008c + _0x52ab0f;};_0x56d93e[_0x242e('0x9', 'MDGM') + 'O'] = function(_0x1ac25e, _0x58fd99) {return _0x1ac25e(_0x58fd99);};_0x56d93e[_0x242e('0x25', '44!c') + 't'] = function(_0x18d6d6, _0xef41e4) {return _0x18d6d6(_0xef41e4);};var _0x5aa388 = _0x56d93e;function _0x4f2105(_0x548e11, _0xd6f7ee) {return _0x5aa388[_0x242e('0xd9', 'i!)c') + 'B'](_0x5aa388[_0x242e('0x61', 'j6$e') + 'K'](_0x548e11 & 0x7fffffff, _0x5aa388[_0x242e('0xc4', 'r^7h') + 'Q'](_0xd6f7ee, 0x7fffffff)), _0x548e11 & 0x80000000) ^ _0xd6f7ee & 0x80000000;}function _0x47bf39(_0x1f2dca) {var _0x3be7c6 = _0x5aa388[_0x242e('0x78', 'H^(H') + 'C'];var _0x403cd2 = '';for (var _0x49d9bb = 0x7; _0x5aa388[_0x242e('0x9d', ']jDr') + 'E'](_0x49d9bb, 0x0); _0x49d9bb--) {_0x403cd2 += _0x3be7c6[_0x242e('0x3f', ']jDr') + 'At'](_0x5aa388[_0x242e('0x8d', '411^') + 'T'](_0x1f2dca >> _0x49d9bb * 0x4, 0xf));}return _0x403cd2;}function _0x374691(_0x3431f4) {var _0x2277fb = _0x5aa388[_0x242e('0x24', 'WiN!') + 'K'](_0x5aa388[_0x242e('0x89', 'i!)c') + 'u'](_0x3431f4[_0x242e('0xf5', 'AddD') + 'th'] + 0x8, 0x6), 0x1),_0x4c0e2f = new Array(_0x5aa388[_0x242e('0x49', 'KLsb') + 'W'](_0x2277fb, 0x10));for (var _0x30af97 = 0x0; _0x5aa388[_0x242e('0x42', '1PiT') + 'a'](_0x30af97, _0x5aa388[_0x242e('0xcc', 'hT&#') + 'W'](_0x2277fb, 0x10)); _0x30af97++) {if (_0x5aa388[_0x242e('0x6c', '3QwA') + 'h'](_0x5aa388[_0x242e('0x6', 'jz(8') + 'd'], _0x5aa388[_0x242e('0x1', 'r^7h') + 'g'])) {_0x4c0e2f[_0x30af97] = 0x0;} else {return;}}for (_0x30af97 = 0x0; _0x30af97 < _0x3431f4[_0x242e('0xf5', 'AddD') + 'th']; _0x30af97++) {_0x4c0e2f[_0x30af97 >> 0x2] |= _0x3431f4[_0x242e('0x33', 'WiN!') + _0x242e('0x2', 'VSWp') + 'At'](_0x30af97) << _0x5aa388[_0x242e('0x8e', '43s2') + 'j'](0x18, (_0x30af97 & 0x3) * 0x8);}_0x4c0e2f[_0x5aa388[_0x242e('0x18', ')rVG') + 'u'](_0x30af97, 0x2)] |= 0x80 << _0x5aa388[_0x242e('0xee', 'aHP2') + 'F'](0x18, _0x5aa388[_0x242e('0xa7', ']jDr') + 'W'](_0x30af97 & 0x3, 0x8));_0x4c0e2f[_0x5aa388[_0x242e('0x83', 'Yn#o') + 'o'](_0x2277fb, 0x10) - 0x1] = _0x5aa388[_0x242e('0x91', 'nRBj') + 'c'](_0x3431f4[_0x242e('0x96', 'wJXr') + 'th'], 0x8);return _0x4c0e2f;}function _0x4b3f91(_0x5b9026, _0x3ad37a) {return _0x5aa388[_0x242e('0x8f', '55Fp') + 'q'](_0x5aa388[_0x242e('0xef', '39wR') + 'E'](_0x5b9026, _0x3ad37a), _0x5b9026 >>> 0x20 - _0x3ad37a);}function _0x1a51fe(_0x146005, _0x208eab, _0x37ebce, _0x2300eb) {if (_0x146005 < 0x14) return _0x5aa388[_0x242e('0xd6', 'PA1n') + 'x'](_0x5aa388[_0x242e('0x7f', 'D7Ie') + 'T'](_0x208eab, _0x37ebce), _0x5aa388[_0x242e('0xed', '!N%0') + 'T'](~_0x208eab, _0x2300eb));if (_0x5aa388[_0x242e('0xf3', 'D7Ie') + 'a'](_0x146005, 0x28)) return _0x5aa388[_0x242e('0x21', 'r^7h') + 'B'](_0x208eab ^ _0x37ebce, _0x2300eb);if (_0x5aa388[_0x242e('0xac', 'yL5p') + 'a'](_0x146005, 0x3c)) return _0x5aa388[_0x242e('0x29', 'Pp)R') + 'x'](_0x208eab & _0x37ebce | _0x5aa388[_0x242e('0x4a', 'rz@b') + 'G'](_0x208eab, _0x2300eb), _0x5aa388[_0x242e('0x17', 'VSWp') + 'k'](_0x37ebce, _0x2300eb));return _0x5aa388[_0x242e('0x99', 'KLsb') + 'B'](_0x5aa388[_0x242e('0xd4', 'i!)c') + 'l'](_0x208eab, _0x37ebce), _0x2300eb);}function _0x5657a6(_0x2b076a) {return _0x2b076a < 0x14 ? 0x5a827999: _0x2b076a < 0x28 ? 0x6ed9eba1: _0x5aa388[_0x242e('0x3b', '39wR') + 'j'](_0x2b076a, 0x3c) ? -0x70e44324: -0x359d3e2a;}var _0x433d77 = _0x374691(_0x9060ec);var _0x1520f3 = new Array(0x50);var _0x236556 = 0x67452301;var _0x126bca = -0x10325477;var _0x3ca08c = -0x67452302;var _0x1ad745 = 0x10325476;var _0x3d4ab1 = -0x3c2d1e10;for (var _0x52e4f0 = 0x0; _0x52e4f0 < _0x433d77[_0x242e('0xf5', 'AddD') + 'th']; _0x52e4f0 += 0x10) {var _0x5d6482 = _0x236556;var _0x1bdba3 = _0x126bca;var _0x256655 = _0x3ca08c;var _0xaf9465 = _0x1ad745;var _0x35abf5 = _0x3d4ab1;for (var _0x57665f = 0x0; _0x5aa388[_0x242e('0xa5', 'yL5p') + 'j'](_0x57665f, 0x50); _0x57665f++) {var _0x286672 = _0x5aa388[_0x242e('0xcd', ']jDr') + 'C'][_0x242e('0x9c', 'i!)c') + 't']('|');var _0x5a7dcc = 0x0;while ( !! []) {switch (_0x286672[_0x5a7dcc++]) {case '0':_0x1ad745 = _0x3ca08c;continue;case '1':_0x3ca08c = _0x4b3f91(_0x126bca, 0x1e);continue;case '2':_0x3d4ab1 = _0x1ad745;continue;case '3':_0x126bca = _0x236556;continue;case '4':if (_0x5aa388[_0x242e('0x94', 'i!)c') + 'j'](_0x57665f, 0x10)) {_0x1520f3[_0x57665f] = _0x433d77[_0x5aa388[_0x242e('0xf4', '0Q5u') + 'd'](_0x52e4f0, _0x57665f)];} else {_0x1520f3[_0x57665f] = _0x4b3f91(_0x5aa388[_0x242e('0xb8', 'KLsb') + 'l'](_0x5aa388[_0x242e('0xeb', '55Fp') + 'l'](_0x1520f3[_0x5aa388[_0x242e('0x43', 'AddD') + 'P'](_0x57665f, 0x3)], _0x1520f3[_0x57665f - 0x8]), _0x1520f3[_0x57665f - 0xe]) ^ _0x1520f3[_0x57665f - 0x10], 0x1);}continue;case '5':_0x236556 = t;continue;case '6':t = _0x5aa388[_0x242e('0xc7', '411^') + 'N'](_0x4f2105, _0x4f2105(_0x4b3f91(_0x236556, 0x5), _0x5aa388[_0x242e('0xdd', 'jz(8') + 'k'](_0x1a51fe, _0x57665f, _0x126bca, _0x3ca08c, _0x1ad745)), _0x5aa388[_0x242e('0x0', '7MeK') + 'l'](_0x4f2105, _0x4f2105(_0x3d4ab1, _0x1520f3[_0x57665f]), _0x5aa388[_0x242e('0x6b', 'PA1n') + 'C'](_0x5657a6, _0x57665f)));continue;}break;}}_0x236556 = _0x4f2105(_0x236556, _0x5d6482);_0x126bca = _0x5aa388[_0x242e('0x68', '0Q5u') + 'l'](_0x4f2105, _0x126bca, _0x1bdba3);_0x3ca08c = _0x5aa388[_0x242e('0x57', '2kzu') + 'l'](_0x4f2105, _0x3ca08c, _0x256655);_0x1ad745 = _0x4f2105(_0x1ad745, _0xaf9465);_0x3d4ab1 = _0x4f2105(_0x3d4ab1, _0x35abf5);}return _0x5aa388[_0x242e('0xa6', 'Tycz') + 'd'](_0x5aa388[_0x242e('0xde', 'wJXr') + 'K'](_0x5aa388[_0x242e('0x3c', '411^') + 'm'](_0x5aa388[_0x242e('0x64', '39wR') + 'a'](_0x47bf39(_0x236556), _0x47bf39(_0x126bca)), _0x5aa388[_0x242e('0x52', 'eW8B') + 'O'](_0x47bf39, _0x3ca08c)), _0x5aa388[_0x242e('0x13', 'PA1n') + 'O'](_0x47bf39, _0x1ad745)), _0x5aa388[_0x242e('0x25', '44!c') + 't'](_0x47bf39, _0x3d4ab1));
}
function go(_0x184054) {var _0x31f079 = {};_0x31f079[_0x242e('0x1d', '[dwE') + 'P'] = function(_0x452ac7, _0x2c31df) {return _0x452ac7 & _0x2c31df;};_0x31f079[_0x242e('0xae', '[dwE') + 'E'] = _0x242e('0xec', 'i!)c') + _0x242e('0xe5', '2kzu');_0x31f079[_0x242e('0x6f', 'DKxx') + 'X'] = _0x242e('0xbe', 'Gy!E') + 't';_0x31f079[_0x242e('0x2d', 'Pp)R') + 'X'] = function(_0x1e7715, _0x42f94d) {return _0x1e7715 != _0x42f94d;};_0x31f079[_0x242e('0x39', 'Gy!E') + 'p'] = function(_0x5237c4, _0x34490d) {return _0x5237c4 < _0x34490d;};_0x31f079[_0x242e('0xe2', '44!c') + 'c'] = function(_0x4de569, _0x5e1676) {return _0x4de569 + _0x5e1676;};_0x31f079[_0x242e('0x8', '411^') + 'B'] = function(_0x5c9ddf, _0x3be927) {return _0x5c9ddf == _0x3be927;};_0x31f079[_0x242e('0xa0', 'hT&#') + 'a'] = function(_0x2644c1, _0x2c9288) {return _0x2644c1(_0x2c9288);};_0x31f079[_0x242e('0x45', '[dwE') + 'H'] = function(_0x5c261e, _0x201d18) {return _0x5c261e - _0x201d18;};_0x31f079[_0x242e('0xe9', 'Gy!E') + 'P'] = function(_0xe00d2c, _0x12168d) {return _0xe00d2c >> _0x12168d;};_0x31f079[_0x242e('0x26', 'AddD') + 'W'] = function(_0x51377a, _0x231f39) {return _0x51377a << _0x231f39;};_0x31f079[_0x242e('0xf7', 'hT&#') + 'g'] = function(_0x42b60a, _0x253e51) {return _0x42b60a * _0x253e51;};_0x31f079[_0x242e('0xd5', 'Yn#o') + 'i'] = function(_0x31a3e5, _0x2453b2) {return _0x31a3e5 * _0x2453b2;};_0x31f079[_0x242e('0x1c', '[qVg') + 'w'] = function(_0x446dcd, _0x289ed3) {return _0x446dcd * _0x289ed3;};_0x31f079[_0x242e('0xe1', 'Gy!E') + 'D'] = function(_0x1e9d73, _0x21471f) {return _0x1e9d73 < _0x21471f;};_0x31f079[_0x242e('0xc2', '[dwE') + 'x'] = function(_0x304ebb, _0x13e93d) {return _0x304ebb + _0x13e93d;};_0x31f079[_0x242e('0x6d', 'i!)c') + 'j'] = function(_0x378d98, _0x30258d, _0xda91dd) {return _0x378d98(_0x30258d, _0xda91dd);};_0x31f079[_0x242e('0x84', 'hT&#') + 'K'] = function(_0x4145d0, _0x3bcedc) {return _0x4145d0 ^ _0x3bcedc;};_0x31f079[_0x242e('0x4b', 'Pp)R') + 'G'] = function(_0x3173fc, _0x2c1292, _0x527db0, _0xf67ba3, _0x1f1fd9) {return _0x3173fc(_0x2c1292, _0x527db0, _0xf67ba3, _0x1f1fd9);};_0x31f079[_0x242e('0x79', 'Pp)R') + 'q'] = function(_0x25b14e, _0x93a26d, _0xaa31ce) {return _0x25b14e(_0x93a26d, _0xaa31ce);};_0x31f079[_0x242e('0x85', 'nRBj') + 'X'] = _0x242e('0xc3', 'jz(8') + 'O';_0x31f079[_0x242e('0x44', 'PA1n') + 'L'] = function(_0x57cac9, _0x165c8b) {return _0x57cac9 + _0x165c8b;};_0x31f079[_0x242e('0xf', 'PS*t') + 'd'] = function(_0x1548f1, _0x29409c) {return _0x1548f1 + _0x29409c;};_0x31f079[_0x242e('0xbf', 'Ix8t') + 'e'] = _0x242e('0x8a', ')rVG') + _0x242e('0x5d', '44!c') + '=';_0x31f079[_0x242e('0x48', '2kzu') + 'O'] = _0x242e('0x7c', ')rVG') + _0x242e('0x92', 'SYI1') + _0x242e('0xa1', 'MDGM') + _0x242e('0x19', 'VSWp') + _0x242e('0xb9', 'J5v&') + _0x242e('0x2b', '1PiT');_0x31f079[_0x242e('0x28', '3QwA') + 'd'] = function(_0x138877) {return _0x138877();};_0x31f079[_0x242e('0x4c', 'qXw7') + 'o'] = function(_0x25fafc, _0x24a0eb) {return _0x25fafc > _0x24a0eb;};_0x31f079[_0x242e('0x22', 'eW8B') + 'o'] = function(_0x49f4b8, _0x249bd5) {return _0x49f4b8(_0x249bd5);};_0x31f079[_0x242e('0x90', 'MDGM') + 'R'] = _0x242e('0x54', 'rz@b') + 'W';_0x31f079[_0x242e('0x70', 'AddD') + 'e'] = function(_0x2d86b3, _0x3fd9f5, _0x2a10b1) {return _0x2d86b3(_0x3fd9f5, _0x2a10b1);};var _0x4fc376 = _0x31f079;function _0x1ec4b0() {var _0x5eddfd = {};_0x5eddfd[_0x242e('0xc0', 'r^7h') + 'B'] = function(_0x22bb38, _0x4f7790) {return _0x22bb38 < _0x4f7790;};_0x5eddfd[_0x242e('0x4', 'r^7h') + 'i'] = function(_0x25e576, _0x5b83ab) {return _0x25e576 | _0x5b83ab;};_0x5eddfd[_0x242e('0x2c', 'hT&#') + 'G'] = function(_0x3b5665, _0x21aca2) {return _0x4fc376[_0x242e('0x2f', 'eW8B') + 'P'](_0x3b5665, _0x21aca2);};_0x5eddfd[_0x242e('0x3', 'rz@b') + 'V'] = function(_0x2ba1d4, _0x3147c5) {return _0x2ba1d4 ^ _0x3147c5;};var _0x2b2de4 = _0x5eddfd;var _0x3646eb = window[_0x242e('0xbd', 'RdUn') + _0x242e('0x4d', 'r^7h') + 'r'][_0x242e('0x1f', '55Fp') + _0x242e('0x74', 'hT&#') + 't'],_0x5e1c0f = [_0x4fc376[_0x242e('0x9a', ')XYN') + 'E']];for (var _0x29f991 = 0x0; _0x29f991 < _0x5e1c0f[_0x242e('0xf5', 'AddD') + 'th']; _0x29f991++) {if (_0x4fc376[_0x242e('0x14', 'i!)c') + 'X'] === _0x242e('0xbe', 'Gy!E') + 't') {if (_0x4fc376[_0x242e('0x51', 'ZMon') + 'X'](_0x3646eb[_0x242e('0xc5', '0Q5u') + _0x242e('0x77', 'SYI1')](_0x5e1c0f[_0x29f991]), -0x1)) {return !! [];}} else {if (_0x2b2de4[_0x242e('0x62', 'j6$e') + 'B'](_0x4e5f24, 0x14)) return _0x2b2de4[_0x242e('0xb1', 'SYI1') + 'i'](b & c, _0x2b2de4[_0x242e('0x3a', '43s2') + 'G'](~b, d));if (_0x4e5f24 < 0x28) return b ^ c ^ d;if (_0x4e5f24 < 0x3c) return b & c | b & d | _0x2b2de4[_0x242e('0xdf', 'ZMon') + 'G'](c, d);return _0x2b2de4[_0x242e('0x5b', 'VSWp') + 'V'](_0x2b2de4[_0x242e('0x66', 'KLsb') + 'V'](b, c), d);}}if (window[_0x242e('0x11', 'qXw7') + _0x242e('0xec', 'i!)c') + _0x242e('0xa9', 'J5v&')] || window[_0x242e('0x81', 'PS*t') + _0x242e('0x3e', '43s2')] || window[_0x242e('0xc1', 'PA1n') + _0x242e('0x10', 'jz(8')] || window[_0x242e('0xa', 'H^(H') + _0x242e('0xb2', 'Ix8t') + 'r'][_0x242e('0x9f', 'Tycz') + _0x242e('0xd0', 'VSWp') + 'r'] || window[_0x242e('0x80', 'j6$e') + _0x242e('0xe3', 'wJXr') + 'r'][_0x242e('0x7', 'Pp)R') + _0x242e('0xc8', '2kzu') + _0x242e('0x3d', 'WiN!') + _0x242e('0x2e', 'r^7h') + 'e'] || window[_0x242e('0x9e', '2kzu') + _0x242e('0x67', '39wR') + 'r'][_0x242e('0xc', '39wR') + _0x242e('0xf2', 'aHP2') + _0x242e('0x87', 'rz@b') + _0x242e('0xf6', 'PA1n') + _0x242e('0x8c', 'j6$e')]) {return !! [];}};if (_0x4fc376[_0x242e('0x60', 'i!)c') + 'd'](_0x1ec4b0)) {return;}var _0x4e5f24 = new Date();function _0x5e134f(_0x36f76f, _0x37172a) {var _0x2265b3 = _0x184054[_0x242e('0x5c', 'yXD&') + 's'][_0x242e('0x9b', 'ZMon') + 'th'];for (var _0x391a5a = 0x0; _0x4fc376[_0x242e('0xb4', 'Tycz') + 'p'](_0x391a5a, _0x2265b3); _0x391a5a++) {for (var _0x38f12b = 0x0; _0x4fc376[_0x242e('0x4e', '7MeK') + 'p'](_0x38f12b, _0x2265b3); _0x38f12b++) {var _0x1f3544 = _0x4fc376[_0x242e('0x23', 'Tycz') + 'c'](_0x37172a[0x0], _0x184054[_0x242e('0x97', '3QwA') + 's'][_0x242e('0x1b', 'PA1n') + 'tr'](_0x391a5a, 0x1)) + _0x184054[_0x242e('0xad', 'r^7h') + 's'][_0x242e('0xa3', 'jz(8') + 'tr'](_0x38f12b, 0x1) + _0x37172a[0x1];if (_0x4fc376[_0x242e('0x5e', '1PiT') + 'B'](_0x4fc376[_0x242e('0xb', ']jDr') + 'a'](hash, _0x1f3544), _0x36f76f)) {return [_0x1f3544, _0x4fc376[_0x242e('0x20', 'Yn#o') + 'H'](new Date(), _0x4e5f24)];}}}};var _0x2c759c = _0x5e134f(_0x184054['ct'], _0x184054[_0x242e('0xd8', 'i!)c')]);if (_0x2c759c) {var _0x10de0d;if (_0x184054['wt']) {_0x10de0d = _0x4fc376[_0x242e('0x5a', '3QwA') + 'o'](_0x4fc376[_0x242e('0xaa', 'AddD') + 'o'](parseInt, _0x184054['wt']), _0x2c759c[0x1]) ? parseInt(_0x184054['wt']) - _0x2c759c[0x1] : 0x1f4;} else {if (_0x4fc376[_0x242e('0x55', '44!c') + 'R'] !== _0x242e('0x76', 'jz(8') + 'W') {var _0x1fb532 = _0x4fc376[_0x242e('0xcb', '39wR') + 'P'](sIn[_0x242e('0xd3', 'RdUn') + 'th'] + 0x8, 0x6) + 0x1,_0x4a53f4 = new Array(_0x1fb532 * 0x10);for (var _0x2c5079 = 0x0; _0x2c5079 < _0x1fb532 * 0x10; _0x2c5079++) {_0x4a53f4[_0x2c5079] = 0x0;}for (_0x2c5079 = 0x0; _0x4fc376[_0x242e('0x82', '44!c') + 'p'](_0x2c5079, sIn[_0x242e('0x86', '!N%0') + 'th']); _0x2c5079++) {_0x4a53f4[_0x2c5079 >> 0x2] |= _0x4fc376[_0x242e('0xe4', 'yXD&') + 'W'](sIn[_0x242e('0x63', ')rVG') + _0x242e('0x5', 'Pp)R') + 'At'](_0x2c5079), 0x18 - _0x4fc376[_0x242e('0xce', ']jDr') + 'g'](_0x2c5079 & 0x3, 0x8));}_0x4a53f4[_0x2c5079 >> 0x2] |= 0x80 << _0x4fc376[_0x242e('0x12', '0Q5u') + 'H'](0x18, _0x4fc376[_0x242e('0xba', 'eW8B') + 'i'](_0x4fc376[_0x242e('0xb5', '43s2') + 'P'](_0x2c5079, 0x3), 0x8));_0x4a53f4[_0x4fc376[_0x242e('0x56', 'qXw7') + 'H'](_0x1fb532 * 0x10, 0x1)] = _0x4fc376[_0x242e('0x58', 'i!)c') + 'w'](sIn[_0x242e('0x7e', 'PS*t') + 'th'], 0x8);return _0x4a53f4;} else {_0x10de0d = 0x5dc;}}_0x4fc376[_0x242e('0x30', 'PS*t') + 'e'](setTimeout,function() {if (_0x242e('0x41', 'VSWp') + 'O' !== _0x4fc376[_0x242e('0x47', 'Yn#o') + 'X']) {var _0xe5fab1 = a;var _0x528129 = b;var _0x5e1b3b = c;var _0x4bf51c = d;var _0x504686 = e;for (var _0x119acf = 0x0; _0x4fc376[_0x242e('0x1e', 'aHP2') + 'D'](_0x119acf, 0x50); _0x119acf++) {if (_0x119acf < 0x10) {w[_0x119acf] = x[_0x4fc376[_0x242e('0x38', 'yL5p') + 'x'](i, _0x119acf)];} else {w[_0x119acf] = _0x4fc376[_0x242e('0xe', 'PS*t') + 'j'](rol, _0x4fc376[_0x242e('0xdc', '44!c') + 'K'](w[_0x119acf - 0x3], w[_0x119acf - 0x8]) ^ w[_0x119acf - 0xe] ^ w[_0x119acf - 0x10], 0x1);}_0x4e5f24 = _0x4fc376[_0x242e('0xb0', 'Yn#o') + 'j'](add, add(_0x4fc376[_0x242e('0xf1', 'nRBj') + 'j'](rol, a, 0x5), _0x4fc376[_0x242e('0x7d', '!N%0') + 'G'](ft, _0x119acf, b, c, d)), _0x4fc376[_0x242e('0x6d', 'i!)c') + 'j'](add, add(e, w[_0x119acf]), _0x4fc376[_0x242e('0xea', 'j6$e') + 'a'](kt, _0x119acf)));e = d;d = c;c = _0x4fc376[_0x242e('0xd1', '1PiT') + 'j'](rol, b, 0x1e);b = a;a = _0x4e5f24;}a = _0x4fc376[_0x242e('0xd2', 'PA1n') + 'q'](add, a, _0xe5fab1);b = _0x4fc376[_0x242e('0x40', 'PS*t') + 'q'](add, b, _0x528129);c = add(c, _0x5e1b3b);d = _0x4fc376[_0x242e('0xd7', 'H^(H') + 'q'](add, d, _0x4bf51c);e = _0x4fc376[_0x242e('0x46', 'yXD&') + 'q'](add, e, _0x504686);} else {var _0x158088 = _0x4fc376[_0x242e('0xe6', '$^^Z') + 'x'](_0x4fc376[_0x242e('0x93', '44!c') + 'L'](_0x4fc376[_0x242e('0x32', 'AddD') + 'd'](_0x184054['tn'] + '=', _0x2c759c[0x0]), _0x4fc376[_0x242e('0xb6', '39wR') + 'e']), _0x184054['vt']) + (_0x242e('0xf0', 'ZMon') + _0x242e('0xe7', 'ZMon') + '\x20/');if (_0x184054['is']) {_0x158088 = _0x158088 + _0x4fc376[_0x242e('0xa2', ')XYN') + 'O'];}document[_0x242e('0x15', 'r^7h') + 'ie'] = _0x158088;location[_0x242e('0xaf', 'ZMon')] = location[_0x242e('0x50', 'jz(8') + _0x242e('0x69', 'DKxx')] + location[_0x242e('0x7b', 'SYI1') + 'ch'];}},_0x10de0d);} else {alert(_0x242e('0x8b', 'hT&#') + '失败');}
};
go({"bts": ["1719472445.601|0|j3A", "LtZQTMBXOgbV%2FXe2COV%2BT0%3D"],"chars": "tbXoPOcGKMZFhHtkAwtyWm","ct": "a87d9a030228c2462949c94a29ac05300528f760","ha": "sha1","is": true,"tn": "__jsl_clearance_s","vt": "3600","wt": "1500"
}) </script>

其中有明显的特征,我们能判断出这是一个OB混淆加密:

  1. 一般由一个大数组或者含有大数组的函数、一个自执行函数、解密函数和加密后的函数四部分组成;
  2. 函数名和变量名通常以_0x或者0x开头,后接1~6位数字或字母组合;
  3. 自执行函数,进行移位操作,有明显的push、shift关键字;

使用(decode_obfuscator)反混淆工具还原代码后,整体的结构就清晰了很多。

function hash(_0x9060ec) {function _0x4f2105(_0x548e11, _0xd6f7ee) {return (_0x548e11 & 2147483647) + (_0xd6f7ee & 2147483647) ^ _0x548e11 & 2147483648 ^ _0xd6f7ee & 2147483648;}function _0x47bf39(_0x1f2dca) {var _0x3be7c6 = "0123456789abcdef";var _0x403cd2 = "";for (var _0x49d9bb = 7; _0x49d9bb >= 0; _0x49d9bb--) {_0x403cd2 += _0x3be7c6["charAt"](_0x1f2dca >> _0x49d9bb * 4 & 15);}return _0x403cd2;}function _0x374691(_0x3431f4) {var _0x2277fb = (_0x3431f4["length"] + 8 >> 6) + 1,_0x4c0e2f = new Array(_0x2277fb * 16);for (var _0x30af97 = 0; _0x30af97 < _0x2277fb * 16; _0x30af97++) {_0x4c0e2f[_0x30af97] = 0;}for (_0x30af97 = 0; _0x30af97 < _0x3431f4["length"]; _0x30af97++) {_0x4c0e2f[_0x30af97 >> 2] |= _0x3431f4["charCodeAt"](_0x30af97) << 24 - (_0x30af97 & 3) * 8;}_0x4c0e2f[_0x30af97 >> 2] |= 128 << 24 - (_0x30af97 & 3) * 8;_0x4c0e2f[_0x2277fb * 16 - 1] = _0x3431f4["length"] * 8;return _0x4c0e2f;}function _0x4b3f91(_0x5b9026, _0x3ad37a) {return _0x5b9026 << _0x3ad37a | _0x5b9026 >>> 32 - _0x3ad37a;}function _0x1a51fe(_0x146005, _0x208eab, _0x37ebce, _0x2300eb) {if (_0x146005 < 20) {return _0x208eab & _0x37ebce | ~_0x208eab & _0x2300eb;}if (_0x146005 < 40) {return _0x208eab ^ _0x37ebce ^ _0x2300eb;}if (_0x146005 < 60) {return _0x208eab & _0x37ebce | _0x208eab & _0x2300eb | _0x37ebce & _0x2300eb;}return _0x208eab ^ _0x37ebce ^ _0x2300eb;}function _0x5657a6(_0x2b076a) {return _0x2b076a < 20 ? 1518500249 : _0x2b076a < 40 ? 1859775393 : _0x2b076a < 60 ? -1894007588 : -899497514;}var _0x433d77 = _0x374691(_0x9060ec);var _0x1520f3 = new Array(80);var _0x236556 = 1732584193;var _0x126bca = -271733879;var _0x3ca08c = -1732584194;var _0x1ad745 = 271733878;var _0x3d4ab1 = -1009589776;for (var _0x52e4f0 = 0; _0x52e4f0 < _0x433d77["length"]; _0x52e4f0 += 16) {var _0x5d6482 = _0x236556;var _0x1bdba3 = _0x126bca;var _0x256655 = _0x3ca08c;var _0xaf9465 = _0x1ad745;var _0x35abf5 = _0x3d4ab1;for (var _0x57665f = 0; _0x57665f < 80; _0x57665f++) {if (_0x57665f < 16) {_0x1520f3[_0x57665f] = _0x433d77[_0x52e4f0 + _0x57665f];} else {_0x1520f3[_0x57665f] = _0x4b3f91(_0x1520f3[_0x57665f - 3] ^ _0x1520f3[_0x57665f - 8] ^ _0x1520f3[_0x57665f - 14] ^ _0x1520f3[_0x57665f - 16], 1);}t = _0x4f2105(_0x4f2105(_0x4b3f91(_0x236556, 5), _0x1a51fe(_0x57665f, _0x126bca, _0x3ca08c, _0x1ad745)), _0x4f2105(_0x4f2105(_0x3d4ab1, _0x1520f3[_0x57665f]), _0x5657a6(_0x57665f)));_0x3d4ab1 = _0x1ad745;_0x1ad745 = _0x3ca08c;_0x3ca08c = _0x4b3f91(_0x126bca, 30);_0x126bca = _0x236556;_0x236556 = t;}_0x236556 = _0x4f2105(_0x236556, _0x5d6482);_0x126bca = _0x4f2105(_0x126bca, _0x1bdba3);_0x3ca08c = _0x4f2105(_0x3ca08c, _0x256655);_0x1ad745 = _0x4f2105(_0x1ad745, _0xaf9465);_0x3d4ab1 = _0x4f2105(_0x3d4ab1, _0x35abf5);}return _0x47bf39(_0x236556) + _0x47bf39(_0x126bca) + _0x47bf39(_0x3ca08c) + _0x47bf39(_0x1ad745) + _0x47bf39(_0x3d4ab1);
}function go(_0x184054) {function _0x1ec4b0() {var _0x3646eb = window["navigator"]["userAgent"],_0x5e1c0f = ["Phantom"];for (var _0x29f991 = 0; _0x29f991 < _0x5e1c0f["length"]; _0x29f991++) {if (_0x3646eb["indexOf"](_0x5e1c0f[_0x29f991]) != -1) {return true;}}if (window["callPhantom"] || window["_phantom"] || window["Headless"] || window["navigator"]["webdriver"] || window["navigator"]["__driver_evaluate"] || window["navigator"]["__webdriver_evaluate"]) {return true;}}if (_0x1ec4b0()) {return;}var _0x4e5f24 = new Date();function _0x5e134f(_0x36f76f, _0x37172a) {var _0x2265b3 = _0x184054["chars"]["length"];for (var _0x391a5a = 0; _0x391a5a < _0x2265b3; _0x391a5a++) {for (var _0x38f12b = 0; _0x38f12b < _0x2265b3; _0x38f12b++) {var _0x1f3544 = _0x37172a[0] + _0x184054["chars"]["substr"](_0x391a5a, 1) + _0x184054["chars"]["substr"](_0x38f12b, 1) + _0x37172a[1];if (hash(_0x1f3544) == _0x36f76f) {console.log(_0x1f3544)return [_0x1f3544, new Date() - _0x4e5f24];}}}}var _0x2c759c = _0x5e134f(_0x184054["ct"], _0x184054["bts"]);if (_0x2c759c) {var _0x10de0d;if (_0x184054["wt"]) {_0x10de0d = parseInt(_0x184054["wt"]) > _0x2c759c[1] ? parseInt(_0x184054["wt"]) - _0x2c759c[1] : 500;} else {_0x10de0d = 1500;}// setTimeout(function () {//   var _0x158088 = _0x184054["tn"] + "=" + _0x2c759c[0] + ";Max-age=" + _0x184054["vt"] + "; path = /";////   if (_0x184054["is"]) {//     _0x158088 = _0x158088 + "; SameSite=None; Secure";//   }////   document["cookie"] = _0x158088;//   location["href"] = location["pathname"] + location["search"];// }, _0x10de0d);var _0x158088 = _0x184054["tn"] + "=" + _0x2c759c[0] + ";Max-age=" + _0x184054["vt"] + "; path = /";if (_0x184054["is"]) {_0x158088 = _0x158088 + "; SameSite=None; Secure";}document["cookie"] = _0x158088;location["href"] = location["pathname"] + location["search"];console.log(_0x158088)return _0x158088} else {alert("请求验证失败");}
}go({"bts": ["1719472445.601|0|j3A", "LtZQTMBXOgbV%2FXe2COV%2BT0%3D"],"chars": "tbXoPOcGKMZFhHtkAwtyWm","ct": "a87d9a030228c2462949c94a29ac05300528f760","ha": "sha1","is": true,"tn": "__jsl_clearance_s","vt": "3600","wt": "1500"
});

setTimeout函数是异步执行的,它不会立即返回值,做一下处理,并让go函数返回cookies

OB反混淆工具有很多(你们常用哪些,欢迎评论区告诉我,让我涨涨脑子):

  • https://tool.yuanrenxue.cn/decode_obfuscator
  • https://de4js.kshift.me/https://www.dejs.vip/2obfuscator
  • 浏览器插件v_tools

然后,我们迫不及待的运行:

node.exe .\final.js

回应我们的就是ReferenceError: window is not defined等报错,依次补上:

window = {}
window.navigator={
'userAgent':'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36'
}
document = global
location = {}

再次运行得到:

(haige-py3.10) > node.exe .\final.js
1719472445.601|0|j3AZtLtZQTMBXOgbV%2FXe2COV%2BT0%3D
__jsl_clearance_s=1719472445.601|0|j3AZtLtZQTMBXOgbV%2FXe2COV%2BT0%3D;Max-age=3600; path = /; SameSite=None; Secure

拿去和抓包得到的cookie进行比较,结果一致。

Pycharm调试时,我们注意到:

我们注意到:条件成立时_0x1f35441719472445.601|0|j3AZtLtZQTMBXOgbV%2FXe2COV%2BT0%3D,正好是__jsl_clearance_s的值。


尝试着全局搜索参数里的sha1

发现只有参数里带了,所以不难推断:

再找个在线网址验证下sha1也即这里的hash方法是否为魔改过的:

至此,我们其实已经概率性拿到一些数据了(??)。

#! -*-conding=: UTF-8 -*-
# @Author  : 海哥python
# @Software: PyCharmimport re
import json
import sysimport execjs
import requests
from loguru import logger
from fake_useragent import UserAgentsession = requests.session()
ua = UserAgent()def get_first_cookie(url: str, headers) -> dict:cookies = {}response = session.get(url, headers=headers)cookies.update(response.cookies)aa_encode_text = re.search('document.cookie=(.*?);location', response.text).group(1)__jsl_clearance_s = execjs.eval(aa_encode_text).split(";")[0]cookies["__jsl_clearance_s"] = __jsl_clearance_s.split("=")[1]logger.info(f"get_first_cookie: {cookies}")return cookiesdef get_second_cookie_go_params(url, headers: dict, cookies: dict):response = session.get(url, headers=headers, cookies=cookies)go_params = re.findall(r';go\((.*?)\)</script>', response.text)[0]return json.loads(go_params)def get_response_data(url, headers, cookies):response = session.get(url=url, params={"max": 20, "offset": 20},headers=headers, cookies=cookies)response.encoding = "utf-8"logger.success(response.text)def get_second_cookies(cookies, go_params):__jsl_clearance_s = execjs.compile(open("final.js", "r", encoding="utf-8").read()).call("go", go_params)logger.info(go_params)cookies["__jsl_clearance_s"] = __jsl_clearance_slogger.debug(f"cookies: {cookies}")return cookiesdef main():url = 'https://www.xxxx.xxx.cn/flaw/typelist?typeId=27'headers = {'User-Agent': ua.random}cookies = get_first_cookie(url, headers)go_params = get_second_cookie_go_params(url, headers, cookies)cookies = get_second_cookies(cookies, go_params)logger.info(go_params)get_response_data(url, headers, cookies)if __name__ == '__main__':main()

然鹅~~并不是每次都能得到我们要的数据!


多试几次,发现只有获取cookie的参数的hasha1时,使用之前抓包的js才能获得正确的__jsl_clearance_s

通过尝试(抓包),发现加密函数共有sha256sha1md5三种情况。

因此,我们完全可以按照之前的步骤分别得到sha256sha1md5三种情况下的js代码,并根据第二次请求时返回的js中的ha调用对应的js得到最终的__jsl_clearance_s

又因sha256sha1md5的实现并未被魔改,因此完全可以使用Javascriptnpm install crypto-js)或python进行简化改写。

其它调试方式

其它调试方式还有很多,比较推荐的有:

Hook Cookie值:使用油猴断一下set cookie位置


(function () {'use strict';var org = document.cookie.__lookupSetter__('cookie');document.__defineSetter__('cookie', function (cookie) {if (cookie.indexOf('__jsl_clearance_s') != -1) {debugger;}org = cookie;});document.__defineGetter__('cookie', function () {return org;});
})();

清除 cookie 重新刷新页面,页面被成功断住:

然后就可以尝试调试了,这里不做过多介绍。


文件替换:利用 Fiddler 的自动响应

将第二次请求获取的js代码保存下来,可以手动复制,也可以向下面这样:

对响应内容进行js美化(https://spidertools.cn/#/formatJS

清除cookie刷新,也能进行调试了:


文件替换:利用 Chrome 的文件替换

同上,将js代码美化后保存在本地,可能需要一些微调,例如:首尾Script标签前后会多出空格以及脚本最后可能多出/等。补上debuuger;即可进行替换调试:

然后将文件内容替换为上面美化处理后的js代码,清除 cookies 并刷新页面即可调试。

结果验证

根据上面的分析,我们拿到了每次请求所需要的cookie,发起请求就是很简单的事了。

#! -*-conding=: UTF-8 -*-
# @Author  : 海哥python
# @Software: PyCharmimport hashlib
import re
import json
import execjs
import requests
from loguru import logger
from fake_useragent import UserAgentsession = requests.session()
ua = UserAgent()def get_first_cookie(url: str, headers) -> dict:cookies = {}response = session.get(url, headers=headers)cookies.update(response.cookies)aa_encode_text = re.search('document.cookie=(.*?);location', response.text).group(1)__jsl_clearance_s = execjs.eval(aa_encode_text).split(";")[0]cookies["__jsl_clearance_s"] = __jsl_clearance_s.split("=")[1]logger.info(f"get_first_cookie: {cookies}")return cookiesdef get_second_cookie_go_params(url, headers: dict, cookies: dict):response = session.get(url, headers=headers, cookies=cookies)go_params = re.findall(r';go\((.*?)\)</script>', response.text)[0]return json.loads(go_params)def get_final_jsl_clearance(data: dict):chars = len(data['chars'])for i in range(chars):for j in range(chars):clearance = data['bts'][0] + data['chars'][i] + data['chars'][j] + data['bts'][1]encrypt = Noneif data['ha'] == 'md5':encrypt = hashlib.md5()elif data['ha'] == 'sha1':encrypt = hashlib.sha1()elif data['ha'] == 'sha256':encrypt = hashlib.sha256()encrypt.update(clearance.encode())result = encrypt.hexdigest()if result == data['ct']:return clearancedef get_response_data(url, headers, cookies):response = session.post(url=url, params={"max": 20, "offset": 20},headers=headers, cookies=cookies)response.encoding = "utf-8"logger.success(response.text)def get_second_cookies(cookies, go_params):# 方法一:原始js, 这里只有sha1的,所以md5和sha256时会拿不到数据,请按照教程自己分析__jsl_clearance_s = execjs.compile(open("final.js", "r", encoding="utf-8").read()).call("go", go_params)logger.info(go_params)# 方法二: js改写# __jsl_clearance_s = execjs.compile(open("__jsl_clearance_s.js", "r", encoding="utf-8").read()).call(# "get__jsl_clearance_s", go_params)# 方法三:python改写# __jsl_clearance_s = get_final_jsl_clearance(go_params)  # 通过python脚本获取到jsl_clearance_scookies["__jsl_clearance_s"] = __jsl_clearance_slogger.debug(f"cookies: {cookies}")return cookiesdef main():url = 'https://www.xxxx.xxx.cn/flaw/typelist?typeId=27'headers = {'User-Agent': ua.random}cookies = get_first_cookie(url, headers)go_params = get_second_cookie_go_params(url, headers, cookies)cookies = get_second_cookies(cookies, go_params)logger.info(go_params)get_response_data(url, headers, cookies)if __name__ == '__main__':main()

小结

遵循文章的指导逆向操作整个解密流程,您会发现这一过程相对简单。关键在于熟练掌握三次请求的顺序及其各自的特征,一旦熟悉这些要点,整个过程将无甚难度。

最后

如果你觉得文章还不错,请大家点赞、关注、分享、在看下,因为这将是我持续输出更多优质文章的最强动力!

欢迎随时与我联系,我期待与大家交流心得,共同学习,共同进步。

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.mzph.cn/web/41739.shtml

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈email:809451989@qq.com,一经查实,立即删除!

相关文章

【YOLOv5/v7改进系列】改进池化层为RFB

一、导言 论文 "Receptive Field Block Net for Accurate and Fast Object Detection" 中提出的 RFB (Receptive Field Block) 模块旨在模仿人类视觉系统中的感受野结构&#xff0c;以增强深度学习模型对不同尺度和位置的目标检测能力。下面总结了RFB模块的主要优点…

AIGC时代程序员的跃迁——编程高手的密码武器

&#x1f49d;&#x1f49d;&#x1f49d;欢迎来到我的博客&#xff0c;很高兴能够在这里和您见面&#xff01;希望您在这里可以感受到一份轻松愉快的氛围&#xff0c;不仅可以获得有趣的内容和知识&#xff0c;也可以畅所欲言、分享您的想法和见解。 推荐:kwan 的首页,持续学…

一、redis-万字长文读懂redis

高性能分布式缓存Redis `第一篇章`1.1缓存发展史&缓存分类1.1.1 大型网站中缓存的使用带来的问题1.1.2 常见缓存的分类及对比与memcache对比1.2 数据类型选择&应用场景1.2.1 string1.2.2 hash1.2.3 链表1.2.4 set1.2.5 sortedset有序集合类型1.2.6 总结1.3 Redis高级应…

[数仓]三、离线数仓(Hive数仓系统)

第1章 数仓分层 1.1 为什么要分层 DIM&#xff1a;dimensionality 维度 1.2 数据集市与数据仓库概念 1.3 数仓命名规范 1.3.1 表命名 ODS层命名为ods_表名DIM层命名为dim_表名DWD层命名为dwd_表名DWS层命名为dws_表名 DWT层命名为dwt_表名ADS层命名为ads_表名临时表命名为…

昇思25天训练营Day11 - 基于 MindSpore 实现 BERT 对话情绪识别

模型简介 BERT全称是来自变换器的双向编码器表征量&#xff08;Bidirectional Encoder Representations from Transformers&#xff09;&#xff0c;它是Google于2018年末开发并发布的一种新型语言模型。与BERT模型相似的预训练语言模型例如问答、命名实体识别、自然语言推理、…

56、最近邻向量量化(LVQ) 网络训练对输入向量进行分类

1、LVQ 网络训练对输入向量进行分类简介 1&#xff09;简介 LVQ&#xff08;最近邻向量量化&#xff09;是一种简单而有效的神经网络模型&#xff0c;用于对输入向量进行分类。LVQ网络通过学习一组原型向量&#xff08;也称为代码矢量或参考向量&#xff09;&#xff0c;来表…

SAP Build4-office 操作

1. 邮件操作 1.1 前期准备 商店中找到outlook的sdk&#xff0c;添加到build中 在process中添加outlook的SDK 电脑上装了outlook的邮箱并且已经登录 我用个人foxmail邮箱向outlook发了一封带附件的销售订单邮件&#xff0c;就以此作为例子 1.2 搜索邮件 搜索有两层&…

计算机视觉、目标检测、视频分析的过去和未来:目标检测从入门到精通 ------ YOLOv8 到 多模态大模型处理视觉基础任务

文章大纲 计算机视觉项目的关键步骤计算机视觉项目核心内容概述步骤1: 确定项目目标步骤2:数据收集和数据标注步骤3:数据增强和拆分数据集步骤4:模型训练步骤5:模型评估和模型微调步骤6:模型测试步骤7:模型部署常见问题目标检测入门什么是目标检测目标检测算法的分类一阶…

CSS实现图片裁剪居中(只截取剪裁图片中间部分,图片不变形)

1.第一种方式&#xff1a;&#xff08;直接给图片设置&#xff1a;object-fit:cover;&#xff09; .imgbox{width: 100%;height:200px;overflow: hidden;position: relative;img{width: 100%;height: 100%; //图片要设置高度display: block;position: absolute;left: 0;right…

基于Java+SpringMvc+Vue技术的在线学习交流平台的设计与实现---60页论文参考

博主介绍&#xff1a;硕士研究生&#xff0c;专注于Java技术领域开发与管理&#xff0c;以及毕业项目实战✌ 从事基于java BS架构、CS架构、c/c 编程工作近16年&#xff0c;拥有近12年的管理工作经验&#xff0c;拥有较丰富的技术架构思想、较扎实的技术功底和资深的项目管理经…

AI+若依框架(低代码开发)

提前说明&#xff1a; 文章是实时更新&#xff0c;写了就会更。 文章是黑马视频的笔记&#xff0c;如果要自己学可以点及下面的链接&#xff1a; https://www.bilibili.com/video/BV1pf421B71v/一、若依介绍 1.版本介绍 若依为满足多样化的开发需求&#xff0c;提供了多个版本…

基于jeecgboot-vue3的Flowable流程-集成仿钉钉流程(一)图标svgicon的使用

因为这个项目license问题无法开源&#xff0c;更多技术支持与服务请加入我的知识星球。 1、lowflow这里使用了tsx的动态图标&#xff0c;如下&#xff1a; import ./index.scss import type { CSSProperties, PropType } from vue import { computed, defineComponent, resolv…

MATLAB基础应用精讲-【数模应用】 岭回归(Ridge)(附MATLAB、python和R语言代码实现)

目录 前言 算法原理 数学模型 Ridge 回归的估计量 Ridge 回归与标准多元线性回归的比较 3. Ridge 参数的选择 算法步骤 SPSSPRO 1、作用 2、输入输出描述 3、案例示例 4、案例数据 5、案例操作 6、输出结果分析 7、注意事项 8、模型理论 SPSSAU 岭回归分析案…

支付宝沙箱对接(GO语言)

支付宝沙箱对接 1.1 官网1.2 秘钥生成&#xff08;系统默认&#xff09;1.3 秘钥生成&#xff08;软件生成&#xff09;1.4 golan 安装 SDK1.5 GoLand 代码1.6 前端代码 1.1 官网 沙箱官网: https://open.alipay.com/develop/sandbox/app 秘钥用具下载&#xff1a; https://ope…

并行处理百万个文件的解析和追加

处理和解析大量文件&#xff0c;尤其是百万级别的文件&#xff0c;是一个复杂且资源密集的任务。为实现高效并行处理&#xff0c;可以使用Python中的多种并行和并发编程工具&#xff0c;比如multiprocessing、concurrent.futures模块以及分布式计算框架如Dask和Apache Spark。这…

Mysql系列-Binlog主从同步

原文链接&#xff1a;https://zhuanlan.zhihu.com/p/669450627 一、主从同步概述 mysql主从同步&#xff0c;即MySQL Replication,可以实现将数据从一台数据库服务器同步到多台数据库服务器。MySQL数据库自带主 从同步功能&#xff0c;经过配置&#xff0c;可以实现基于库、表…

B端设计:任何不顾及用户体验的设计,都是在装样子,花架子

B端设计是指面向企业客户的设计&#xff0c;通常涉及产品、服务或系统的界面和功能设计。与C端设计不同&#xff0c;B端设计更注重实用性和专业性&#xff0c;因为它直接影响企业的效率和利益。 在B端设计中&#xff0c;用户体验同样至关重要。不顾及用户体验的设计只是空洞的表…

经典的layui框架,还有人用吗?令人惋惜。

自从layui官网宣布关闭之后&#xff0c;layui框架的用户飞速下滑&#xff0c;以至于到现在贝格前端工场承接的项目中&#xff0c;鲜有要求使用layui框架的&#xff0c;那么个框架还有人用吗&#xff1f; 一、layui没落是不是jquery惹的祸 layui的没落与jQuery无关。layui框架…

Hi3861 OpenHarmony嵌入式应用入门--UDP Server

本篇使用的是lwip编写udp服务端。需要提前准备好一个PARAM_HOTSPOT_SSID宏定义的热点&#xff0c;并且密码为PARAM_HOTSPOT_PSK。 修改网络参数 在Hi3861开发板上运行上述四个测试程序之前&#xff0c;需要根据你的无线路由、Linux系统IP修改 net_params.h文件的相关代码&…

起底:Three.js和Cesium.js,二者异同点,好比全科和专科.

Three.js和Cesium.js是两个常用的webGL引擎&#xff0c;很多小伙伴容易把它们搞混淆了&#xff0c;今天威斯数据来详细介绍一下&#xff0c;他们的起源、不同点和共同点&#xff0c;阅读后你就发现二者就像全科医院和专科医院的关系&#xff0c;很好识别。 一、二者的起源 Th…