最新PDD商家端Anti-Content参数逆向分析与纯算法还原

【💼作者介绍】:擅长爬虫与JS加密逆向分析!Python领域优质创作者、CSDN博客专家、阿里云博客专家、华为云享专家。一路走来长期坚守并致力于Python与爬虫领域研究与开发工作!
作者声明:文章仅供学习交流与参考!严禁用于任何商业与非法用途!否则由此产生的一切后果均与作者无关!如有侵权,请联系作者本人进行删除!

1. 写在前面

H5目前这个参数好像是已经不再做校验了?所以再去分析的话意义并不大了。而且它那个界面真的是巨难用!为此,我单独去注册了一个商家版的!只为还原最真实的场景。目前最新的anti_content0aq开头的,相比较于早期的老版本不再需要参数去参与加密,纯算法扣出来还原之后可在本地Node环境下直接调用生成,并且算法通用于所有接口...

2. 接口分析

这个商家后台管理,确实功能做的挺丰富,我这边主要是新注册的,然后数据基本都是空的,所以文章中能够直观测试的接口比较少,但是扣出来的算法确实是通用的!因为有朋友跟粉丝一直在做这块,算法也是给他们进行了测试,下面是一位粉丝使用易语言调用的结果,如下所示:

首先,我们找到商品管理下面的商品列表,发个包监听一下请求:

这里如果Anti-Content参数不对或者你不携带,得到的结果均会如下:

python 复制代码
{"error_code":54001,"error_msg":"操作太过频繁,请稍后再试!","result":{"verifyAuthToken":"一堆字符"}}

H5就不一样,你不携带现在照样给你数据,压根好像都不做参数检验了~

3. 断点分析

首先我们使用关键词参数全局搜索大法整一下,搜索出来的结果不多,如下:

可以全部下个断,然后重新刷新页面,这里的话我们可以看到anti_content已经生成

往上看在**.then** 的上方,这行代码return !kt.a || s && s(n) ? Promise.resolve(c(t.rawFetch, l).catch((function() {},异步调用?

这里确实是一个异步,是一个Promise的链式调用。调用了**c(t.rawFetch, l)**函数,这个函数返回的是一个Promise对象,就是一个复合条件表达式,包含了逻辑运算跟Promise异步操作

上面的断点异步调用,难度并不大,稍微调式一下就能够看到核心的加密代码了,那剩下的就是扣代码!!!

4. 扣JS代码

接下来就到了核心阶段,扣取Webpack代码,整个加密逻辑大部分都在一个JS文件内,我们需要花时间去调试分析,梳理清楚模块加载顺序,然后把整个加密算法还原出来

把加密核心JS代码扣取下来,这里你不需要去改,直接拿我这个就可用!!如下所示:

javascript 复制代码
function o(e) {
    return (o = "function" == typeof Symbol && "symbol" == typeof Symbol.iterator ? function(e) {
        return typeof e
    } : function(e) {
        return e && "function" == typeof Symbol && e.constructor === Symbol && e !== Symbol.prototype ? "symbol" : typeof e
    })(e)
}

为了避免多次调用 typeof、Symbol,我们同样使用自执行函数的方式定义,这样做可以提高代码的性能,因为它避免了重复计算,如下所示:

javascript 复制代码
"3": function(e, t, n) {
  "use strict";
  (function(e) {
      var t, r, a = "function" == typeof Symbol && "symbol" == o(Symbol.iterator) ? function(e) {
              return o(e)
          } : function(e) {
              return e && "function" == typeof Symbol && e.constructor === Symbol && e !== Symbol.prototype ? "symbol" : o(e)
          }, i = n(12),
          s = n(13).crc32,
          d = ["fSohrCk0cG==", "W4FdMmotWRve", "W7bJWQ1CW6C=", "W5K6bCooW6i=", "dSkjW7tdRSoB", "jtxcUfRcRq==", "ALj2WQRdQG==", "W5BdSSkqWOKH", "lK07WPDy", "f8oSW6VcNrq=", "eSowCSkoaa==", "d8oGW7BcPIO=", "m0FcRCkEtq==", "qv3cOuJdVq==", "iMG5W5BcVa==", "W73dVCo6WPD2", "W6VdKmkOWO8w", "zueIB8oz", "CmkhWP0nW5W=", "W7ldLmkSWOfh", "W5FdIqdcJSkO", "aCkBpmoPyG==", "l27dICkgWRK=", "s05AWR7cTa==", "bttcNhdcUW==", "gJldK8kHFW==", "W5Sso8oXW4i=", "FgC0W7hcNmoqwa==", "xmkPhdDl", "e14kWRzQ", "BNFcVxpdPq==", "z1vadK0=", "W7yOiCk2WQ0=", "qLb7lg0=", "t8o6BwhcOq==", "gmk6lYD9WPdcHSoQqG==", "oqldGmkiCq==", "rmo+uKlcSW==", "dSoIWOVdQ8kC", "iXSUsNu=", "W5ipW4S7WRS=", "WPtcTvOCtG==", "A3CcAmoS", "lCotW6lcMba=", "iuGzWPLz", "WQVdPmoKeSkR", "W4ydoCkqWQ4=", "jCobW47cNXC=", "W4tdJCkNWOCJ", "hCo/W7ZcSJ8=", "BNuZW6NcMG==", "b8kFW6hdN8oN", "W4SpoCkXWQK=", "cXddOmkDFa==", "W63dHSoyWQft", "W6ldSmk0WRj4", "A2bHWOtcHeeMyq==", "f3VcSSk/xG==", "qg1u", "ftyivga=", "DCkhpsfe", "WR3cKmo3oMWEw8kK", "yev3", "W4xdMKSejbm=", "W797WOL7W4m=", "W6xdOCkKWQXw", "gcCUye0=", "W7WXkmomb8kT", "c8kIesD0", "WOTpEW==", "ySo3E8oVWPy=", "iNyhW5lcNLNcG8kYWQu=", "W7JdMSkfWRnD", "FfijW5tcHW==", "xCokW54Zzq==", "W77dUsi=", "W5FdHfa6eq==", "E1FcQvVdSG==", "eZ/dNCo4AG==", "CgPmWQZdKa==", "A8oLECoJWPS=", "oCoSW7VcTJC=", "mCoADa==", "W7DXuSouDq==", "ic3dQCo8ua==", "rN3cIa==", "W6/dJ8kPWRGQ", "W4xdLYlcPmkc", "F3JcPvZdLa==", "xCk8iHn4", "qg15", "W5/dL8oOWPr4", "hW41C3C=", "sSoZzwxcPW==", "ywdcUvNdUW==", "t0TzWQpdIG==", "lv7dJSoIjq==", "W5Tzxq==", "W6DnWQK=", "W5mGaCkFWRC=", "W6LmWO5+W6C=", "WR7dQmoJa8k+", "emkFW4ddOmob", "imk8imoNEa==", "W4ZdP8kaWPvc", "F8k4WO40W4e=", "cSoHE8k9cG==", "jw4TW5dcSW==", "wuJcOKRdTa==", "swNcQx/dGG==", "aCkSiCoMEq==", "W6pdS8owWQTH", "WRFdQmonjmkT", "cKBdGCkpWOm=", "oCoWW4VcPIa=", "WQddSSoUjmks", "c8kdW5JdM8oE", "W7b0AGvl", "sCk4WOylW60=", "nXNdSmkXvW==", "W67dRSkjWOqj", "W44EcCohW6O=", "W6ddPmkpWRHN", "W7tdVIVcOSkR", "qg3dVG==", "W7Ofcmofda==", "WRDmW5VcLq==", "CSoRW4W4Aq==", "mmo0WP3dVmkj", "i8omW6ZcPd8=", "CSkaWQyvW4m=", "ACkMWQCLW4q=", "W5pdOCk0WRv3", "W7yDW44SWP8=", "WRP8W5dcNmkd", "ymkNaID5", "cfeTWRT6", "W6WdbmkmWO0=", "eSo3WQldVCkU", "W5flwZrl", "WPVcTe4tWQu=", "DuCPumok", "hLpcKCksqXe=", "g3hdUCkoWRu=", "sL0sW6JcPW==", "lf7dL8oOpG==", "w8k4WPWJW7u=", "i08mW5dcUW==", "kb/dU8klsW==", "WOhcMSoW", "W5LnfG==", "F8kJWQmxW6m=", "W5ldU0CDca==", "eKRdKmkoWPG=", "tmouW60=", "gSkrW7JdVSor", "WPNcP8oc", "DhLAmLW=", "sSo0EfdcQq==", "W6ygW689WQq=", "W6CPimkIWQa=", "WRJdLmoynSkY", "W5iimCkDWRa=", "oMhdN8kPWRHV", "eNqQWQHn", "bmkakSoHW4u=", "W4PxEbvN", "WQhcQxSWyW==", "xCoKEW==", "guBcISk2yG==", "nviRW4BcSq==", "m3tcVmkXCJ9YWQyXd8kuWQfJW71fWPmnWRj+WR1tW6WbW4PDdCkrkLbDs8ozWR4gySoyv20rWO3dJJpdIh9DWPhcGCoctKFcN8kTW6nHvbLRkg9MeKhdHCoP", "W7iZfmolW4q=", "p1JdGSk4WPW=", "ns3cTuhcMSk6u8kj", "q8kmhr5p", "lWCxtKW=", "pmk+hSoYFG==", "bdFdKmkIwa==", "WR/cMSoL", "csCy", "W7BdKCkmWPfO", "tCkeWPyXW70=", "smkVWRK=", "dNFdQSokiq==", "W5OyoCoLW5O=", "W4RcIZ0xW5hdPCkaWPddO0aoE8oCwXVcSgbVtWbqW6u=", "iKNdK8khWRa=", "WQtdQCommSkg", "W6ddU8k1WQ94", "ASoXAMRcHG==", "gMhdKCoBna==", "eCk5mSoEW6K2v8octbK=", "pmo+Fmkfea==", "f3y8WPL0Ex4=", "oSkmm8oczq==", "W7ldK8oWWRnrW6WtqMG0W7/cMxbU", "W7uwdmofbG==", "A8oqyudcPG==", "s8oHt3FcTq==", "a8okBCkAdq==", "W7mvg3OI", "E8kLWR0dW7i=", "W78qhKSF", "W6XMWRHsW6K=", "hCoyzSk7fa==", "WQNcKSoHp1S=", "oCkaiCocW6i=", "bSoEW5ZcVXq=", "W5pdVCkHWRj3", "eehdNSoGhG==", "W4VdTmkhWRO=", "W73dMte=", "bqBcJelcTG==", "WOpcKLXWBa==", "W7uRa0OKnwpdRmoq", "WO3cKSoHW7C4", "WPRcOCofl0i=", "BxvOWPhcSa==", "hwK0W7tcJq==", "BMOjW5lcGq==", "cmouWONdUmk8", "E8k9WQyjW7NdNa==", "WRNcQSoFi0S=", "zLTHWPpcUW==", "WRPjW7BcLCkB", "BLRcLMddLW==", "s8kzWOiiW5m=", "W40mW4uqWP8=", "i13cMCk7Ea==", "WQBcLMupWOu=", "x8o2xmoD", "hCkBcCoLvW==", "FmkEWRShW5q=", "W58ikmo+W7K=", "W4KehmkSWOG=", "WQZcLCod", "WQtcHgXHCa==", "W4ldRbpcSmkY", "r8oKW5ukr0e+gW==", "dSkjW4FdLCoY", "cGa6Ee4=", "W69pymoVuW==", "WQRcSCo7i0i=", "W5RdICoWWQPaW70ode4=", "cfiNWODs", "W7rzWPr/W4u=", "ySkuecz+", "W4qsW70WWOq=", "W5VdS8kmWPXz", "W44jW7W=", "pxRcGW==", "ye5hngpdUa==", "WRRcQfT0va==", "WQxcImouW7CY", "qLRcJKddTa==", "p8o6q8kUdW==", "W4nlWRLvW6W=", "p3hdQ8kzWOe=", "W4eFeCojW5W=", "W43dNCoMWRG=", "nNCqW7lcQW==", "FCoqw3dcUq==", "W4BdGSkKWQ8+", "rmo8q1/cKW==", "D0assmov", "f0eQWODU", "nJXVfCo5W6VcVIniWPKKcCkpWO0fW63dNI4fWPziiSkWEmowWO12AKqNWQvPyCkMmb8aCConW7ddQCkmxs3cG3xdJuuMW7FdJCoqWQndsmk9WQzzW5mgWP/cUHmx", "pCoRymkabCoqta==", "i2xdImk+", "owFdVSkkWOm=", "WPNcK1H+Ca==", "W4FdKJxcICkP", "W4hdNSkuWO4=", "W7Gol8oAW6O=", "W61RWRrOW4y=", "W7qAn8ksWQK=", "WPVcRvWNWOG=", "xmoyrwFcQW==", "WOz7W4hcRSkB", "l1yQW5RcSW==", "zvJcQvZdNa==", "W4hdPSobWPvy", "nWldKCoIvG==", "CeTyh3K=", "pa/cVexcLG==", "cmk0W6JdUSoK", "AwSxW5ZcHq==", "jIpcKfdcOW==", "W5r5WQXpW74=", "n8k1mmoHW4G=", "xe4JW7FcMW==", "hmolw8kViW==", "gfutW6hcSG==", "hflcVSkzrW==", "jZpcRN/cRq==", "W7tdV8kF", "ig0UW7VcLW==", "b03dGCkBWP0=", "nYFcPW==", "W4ueW6StWP0=", "W4BdN8ogWR9D", "qe89qCo3", "W68dgmkSWR4=", "Ae0FsmoD", "pSoVECkojG==", "W6aplSoBfG==", "mq/dR8omya==", "amkMiCojW40=", "xN5GWPVcJa==", "W67dJmk4WQji", "fxRcVCk7yG==", "fSkLoSoLW7a=", "a8oCWPJdP8kt", "e8o0WRxdI8kv", "ChO3W6NcMa==", "awVdPmkGWO0=", "nCk0W6pdMCod", "W4xdP8kOWO5J", "lSowxSk0fW==", "js/cPwVcTW==", "WOJdRmo9amkt", "nsRcULdcUmkH", "gCkIW4FdLmoF", "DmovW7erzG==", "cSoFD8kfeq==", "WRVcH8ouW7aC", "WPvCW6xcKSkr", "W4qRW4arWQW=", "WPpcPgjfFW=="];
      t = d, r = 280,

      function(e) {
          for (; --e;)
          t.push(t.shift())
      }
      (++r);
      var u = function e(t, n) {
          var r = d[t -= 0];
          void 0 === e.dkfVxK && (e.jRRxCS = function(e, t) {
              for (var n = [], r = 0, a = void 0, i = "", s = "", o = 0, d = (e = function(e) {
                  for (var t, n, r = String(e).replace(/=+$/, ""), a = "", i = 0, s = 0; n = r.charAt(s++);~n && (t = i % 4 ? 64 * t + n : n, i++ % 4) ? a += String.fromCharCode(255 & t >> (-2 * i & 6)) : 0)
                  n = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=".indexOf(n);
                  return a
              }
              (e)).length; o < d; o++)
              s += "%" + ("00" + e.charCodeAt(o).toString(16)).slice(-2);
              e = decodeURIComponent(s);
              var u = void 0;
              for (u = 0; u < 256; u++)
              n[u] = u;
              for (u = 0; u < 256; u++)
              r = (r + n[u] + t.charCodeAt(u % t.length)) % 256, a = n[u], n[u] = n[r], n[r] = a;
              u = 0, r = 0;
              for (var l = 0; l < e.length; l++)
              r = (r + n[u = (u + 1) % 256]) % 256, a = n[u], n[u] = n[r], n[r] = a, i += String.fromCharCode(e.charCodeAt(l) ^ n[(n[u] + n[r]) % 256]);
              return i
          }, e.vDRBih = {}, e.dkfVxK = !0);
          var a = e.vDRBih[t];
          return void 0 === a ? (void 0 === e.EOELbZ && (e.EOELbZ = !0), r = e.jRRxCS(r, n), e.vDRBih[t] = r) : r = a, r
      }, l = u("0x105", "T5dY"),
          c = u("0x143", "tnRV"),
          _ = u("0xf3", "r6cx"),
          m = u("0x13e", "r6cx"),
          f = u("0xfc", "YD9J"),
          h = u("0xce", "0JIq"),
          p = u("0xf4", "HaX["),
          y = u("0x6a", "bNd#"),
          M = u("0x121", "0]JJ"),
          L = u("0x126", "w(Dq"),
          v = u("0xf2", "iF%V"),
          g = u("0xc0", "86I$"),
          k = u("0x2a", "D@GR"),
          Y = u("0x119", "(k)G"),
          b = u("0xdd", "86I$")[_](""),
          w = {
              "+": "-",
              "/": "_",
              "=": ""
          };

      function x(e) {
          return e[m](/[+\\/=]/g, function(e) {
              return w[e]
          })
      }
      var D = ("undefined" == typeof window ? "undefined" : a(window)) !== u("0x79", "Hof]") && window[M] ? window[M] : parseInt,
          W = {
              base64: function(e) {
                  var t = u,
                      n = {};
                  n[t("0x83", "4j9@")] = function(e, t) {
                      return e * t
                  }, n[t("0x18", "[wyj")] = function(e, t) {
                      return e(t)
                  }, n[t("0xb", "v7]k")] = function(e, t) {
                      return e / t
                  }, n[t("0x22", "xY%o")] = function(e, t) {
                      return e < t
                  }, n[t("0x76", "j&er")] = function(e, t) {
                      return e + t
                  }, n[t("0x88", "tnRV")] = function(e, t) {
                      return e + t
                  }, n[t("0xba", "HaX[")] = function(e, t) {
                      return e >>> t
                  }, n[t("0xfd", "FlMG")] = function(e, t) {
                      return e & t
                  }, n[t("0xc3", "49kG")] = function(e, t) {
                      return e | t
                  }, n[t("0x9f", "&Wvj")] = function(e, t) {
                      return e << t
                  }, n[t("0x3d", "4j9@")] = function(e, t) {
                      return e << t
                  }, n[t("0x2f", "y@5u")] = function(e, t) {
                      return e >>> t
                  }, n[t("0x140", "1YRP")] = function(e, t) {
                      return e - t
                  }, n[t("0x59", "wWU6")] = function(e, t) {
                      return e === t
                  }, n[t("0x10b", "pRbw")] = function(e, t) {
                      return e + t
                  }, n[t("0x21", "xY%o")] = function(e, t) {
                      return e & t
                  }, n[t("0x33", "w(Dq")] = function(e, t) {
                      return e << t
                  }, n[t("0x35", "EX&9")] = function(e, t) {
                      return e + t
                  }, n[t("0xea", "49kG")] = function(e, t) {
                      return e + t
                  }, n[t("0x130", "0JIq")] = function(e, t) {
                      return e(t)
                  };
                  for (var r = n, a = void 0, i = void 0, s = void 0, o = "", d = e[g], l = 0, c = r[t("0x146", "FVER")](r[t("0x30", "uDrd")](D, r[t("0x2d", "r6cx")](d, 3)), 3); r[t("0x102", "4j9@")](l, c);)
                  a = e[l++], i = e[l++], s = e[l++], o += r[t("0x62", "tnRV")](r[t("0x78", "(k)G")](r[t("0x88", "tnRV")](b[r[t("0xed", "1YRP")](a, 2)], b[r[t("0xb4", "YD9J")](r[t("0xd1", "uDrd")](r[t("0x108", "VdBX")](a, 4), r[t("0xfe", "vqpk")](i, 4)), 63)]), b[r[t("0xbf", "[wyj")](r[t("0x148", "Buip")](r[t("0x27", "r6cx")](i, 2), r[t("0x53", "zrWU")](s, 6)), 63)]), b[r[t("0x29", "rib%")](s, 63)]);
                  var _ = r[t("0x5a", "uDrd")](d, c);
                  return r[t("0x124", "CCDE")](_, 1) ? (a = e[l], o += r[t("0xb3", "4j9@")](r[t("0xad", "NZM&")](b[r[t("0xa8", "YD9J")](a, 2)], b[r[t("0x44", "YD9J")](r[t("0x116", "uDrd")](a, 4), 63)]), "==")) : r[t("0x65", "bWtw")](_, 2) && (a = e[l++], i = e[l], o += r[t("0xe3", "Poq&")](r[t("0x107", "D@GR")](r[t("0x2b", "bWtw")](b[r[t("0x1d", "bNd#")](a, 2)], b[r[t("0x0", "Hof]")](r[t("0xb1", "0]JJ")](r[t("0xe", "86I$")](a, 4), r[t("0x3e", "86I$")](i, 4)), 63)]), b[r[t("0x13b", "[wyj")](r[t("0x113", "y@5u")](i, 2), 63)]), "=")), r[t("0x7f", "&Wvj")](x, o)
              },
              charCode: function(e) {
                  var t = u,
                      n = {};
                  n[t("0x117", "86I$")] = function(e, t) {
                      return e < t
                  }, n[t("0xd4", "FVER")] = function(e, t) {
                      return e >= t
                  }, n[t("0x81", "&NG^")] = function(e, t) {
                      return e <= t
                  }, n[t("0xa0", "Poq&")] = function(e, t) {
                      return e | t
                  }, n[t("0x6e", "Zd5Z")] = function(e, t) {
                      return e & t
                  }, n[t("0xc6", "uzab")] = function(e, t) {
                      return e >> t
                  }, n[t("0xac", "5W0R")] = function(e, t) {
                      return e | t
                  }, n[t("0x5b", "g#sj")] = function(e, t) {
                      return e & t
                  }, n[t("0x34", "vqpk")] = function(e, t) {
                      return e >= t
                  }, n[t("0x1", "&Wvj")] = function(e, t) {
                      return e <= t
                  }, n[t("0x10d", "Hof]")] = function(e, t) {
                      return e >> t
                  }, n[t("0x127", "HaX[")] = function(e, t) {
                      return e | t
                  }, n[t("0xd6", "HaX[")] = function(e, t) {
                      return e & t
                  }, n[t("0x38", "&NG^")] = function(e, t) {
                      return e >> t
                  };
                  for (var r = n, a = [], i = 0, s = 0; r[t("0x117", "86I$")](s, e[g]); s += 1) {
                      var o = e[v](s);
                      r[t("0x4f", "HaX[")](o, 0) && r[t("0xbb", "FVER")](o, 127) ? (a[Y](o), i += 1) : r[t("0xd", "Hof]")](128, 80) && r[t("0x12", "1YRP")](o, 2047) ? (i += 2, a[Y](r[t("0xb8", "y@5u")](192, r[t("0xdc", "Hof]")](31, r[t("0x1f", "86I$")](o, 6)))), a[Y](r[t("0x61", "4j9@")](128, r[t("0x2c", "0]JJ")](63, o)))) : (r[t("0xfb", "FlMG")](o, 2048) && r[t("0x2e", "0JIq")](o, 55295) || r[t("0xd9", "g#sj")](o, 57344) && r[t("0x99", "Poq&")](o, 65535)) && (i += 3, a[Y](r[t("0x90", "&Wvj")](224, r[t("0x5e", "HaX[")](15, r[t("0xd3", "rib%")](o, 12)))), a[Y](r[t("0x11d", "FVER")](128, r[t("0x115", "YD9J")](63, r[t("0x8b", "Zd5Z")](o, 6)))), a[Y](r[t("0x5", "D@GR")](128, r[t("0x91", "&NG^")](63, o))))
                  }
                  for (var d = 0; r[t("0x4c", "EX&9")](d, a[g]); d += 1)
                  a[d] &= 255;
                  return r[t("0x16", "[wyj")](i, 255) ? [0, i][k](a) : [r[t("0xb7", "uDrd")](i, 8), r[t("0x36", "bWtw")](i, 255)][k](a)
              },
              es: function(e) {
                  var t = u;
                  e || (e = "");
                  var n = e[L](0, 255),
                      r = [],
                      a = W[t("0x6f", "pRbw")](n)[f](2);
                  return r[Y](a[g]), r[k](a)
              },
              en: function(e) {
                  var t = u,
                      n = {};
                  n[t("0xbc", "xY%o")] = function(e, t) {
                      return e(t)
                  }, n[t("0x66", "FVER")] = function(e, t) {
                      return e > t
                  }, n[t("0xe2", "wWU6")] = function(e, t) {
                      return e !== t
                  }, n[t("0xf7", "Dtn]")] = function(e, t) {
                      return e % t
                  }, n[t("0xcf", "zrWU")] = function(e, t) {
                      return e / t
                  }, n[t("0x3f", "&Wvj")] = function(e, t) {
                      return e < t
                  }, n[t("0x41", "w(Dq")] = function(e, t) {
                      return e * t
                  }, n[t("0x10f", "xY%o")] = function(e, t) {
                      return e + t
                  }, n[t("0x63", "4j9@")] = function(e, t, n) {
                      return e(t, n)
                  };
                  var r = n;
                  e || (e = 0);
                  var a = r[t("0x23", "v7]k")](D, e),
                      i = [];
                  r[t("0xaf", "Dtn]")](a, 0) ? i[Y](0) : i[Y](1);
                  for (var s = Math[t("0x13", "D@GR")](a)[y](2)[_](""), o = 0; r[t("0xa6", "bWtw")](r[t("0x111", "pRbw")](s[g], 8), 0); o += 1)
                  s[p]("0");
                  s = s[l]("");
                  for (var d = Math[c](r[t("0xdf", "1YRP")](s[g], 8)), m = 0; r[t("0x145", "vqpk")](m, d); m += 1) {
                      var f = s[L](r[t("0xe1", "Zd5Z")](m, 8), r[t("0x49", "bNd#")](r[t("0x31", "VdBX")](m, 1), 8));
                      i[Y](r[t("0xf0", "Buip")](D, f, 2))
                  }
                  var h = i[g];
                  return i[p](h), i
              },
              sc: function(e) {
                  var t = u,
                      n = {};
                  n[t("0x101", "iF%V")] = function(e, t) {
                      return e > t
                  }, e || (e = "");
                  var r = n[t("0x25", "bWtw")](e[g], 255) ? e[L](0, 255) : e;
                  return W[t("0xe0", "D@GR")](r)[f](2)
              },
              nc: function(e) {
                  var t = u,
                      n = {};
                  n[t("0xf5", "Poq&")] = function(e, t) {
                      return e(t)
                  }, n[t("0x74", "wWU6")] = function(e, t) {
                      return e / t
                  }, n[t("0x8", "D@GR")] = function(e, t, n, r) {
                      return e(t, n, r)
                  }, n[t("0x24", "1YRP")] = function(e, t) {
                      return e * t
                  }, n[t("0xb6", "T5dY")] = function(e, t) {
                      return e < t
                  }, n[t("0xc4", "YD9J")] = function(e, t) {
                      return e * t
                  }, n[t("0x67", "uzab")] = function(e, t) {
                      return e + t
                  }, n[t("0x9a", "5W0R")] = function(e, t, n) {
                      return e(t, n)
                  };
                  var r = n;
                  e || (e = 0);
                  var a = Math[t("0x93", "tM!n")](r[t("0x11c", "EX&9")](D, e))[y](2),
                      s = Math[c](r[t("0xa3", "1YRP")](a[g], 8));
                  a = r[t("0x1b", "0I]C")](i, a, r[t("0x42", "tnRV")](s, 8), "0");
                  for (var o = [], d = 0; r[t("0x10c", "bNd#")](d, s); d += 1) {
                      var l = a[L](r[t("0xc1", "1YRP")](d, 8), r[t("0x4a", "D@GR")](r[t("0x114", "&Wvj")](d, 1), 8));
                      o[Y](r[t("0x12a", "uDrd")](D, l, 2))
                  }
                  return o
              },
              va: function(e) {
                  var t = u,
                      n = {};
                  n[t("0x95", "FVER")] = function(e, t) {
                      return e(t)
                  }, n[t("0x26", "5W0R")] = function(e, t, n, r) {
                      return e(t, n, r)
                  }, n[t("0x13a", "Naa&")] = function(e, t) {
                      return e * t
                  }, n[t("0xa5", "rib%")] = function(e, t) {
                      return e / t
                  }, n[t("0x4e", "Zd5Z")] = function(e, t) {
                      return e >= t
                  }, n[t("0x9e", "&Wvj")] = function(e, t) {
                      return e - t
                  }, n[t("0xa2", "rib%")] = function(e, t) {
                      return e === t
                  }, n[t("0xeb", "EX&9")] = function(e, t) {
                      return e & t
                  }, n[t("0xf8", "Buip")] = function(e, t) {
                      return e + t
                  }, n[t("0x50", "&Wvj")] = function(e, t) {
                      return e >>> t
                  };
                  var r = n;
                  e || (e = 0);
                  for (var a = Math[t("0x94", "vqpk")](r[t("0x12b", "5W0R")](D, e)), s = a[y](2), o = [], d = (s = r[t("0x98", "bWtw")](i, s, r[t("0xe7", "T5dY")](Math[c](r[t("0xf9", "Buip")](s[g], 7)), 7), "0"))[g]; r[t("0xe4", "uzab")](d, 0); d -= 7) {
                      var l = s[L](r[t("0xf1", "49kG")](d, 7), d);
                      if (r[t("0xe8", "YD9J")](r[t("0x123", "wWU6")](a, -128), 0)) {
                          o[Y](r[t("0x103", "T5dY")]("0", l));
                          break
                      }
                      o[Y](r[t("0x11a", "Poq&")]("1", l)), a = r[t("0x92", "49kG")](a, 7)
                  }
                  return o[h](function(e) {
                      return D(e, 2)
                  })
              },
              ek: function(e) {
                  var t = arguments.length > 1 && void 0 !== arguments[1] ? arguments[1] : "",
                      n = u,
                      r = {};
                  r[n("0x2", "w(Dq")] = function(e, t) {
                      return e !== t
                  }, r[n("0xca", "Zu]D")] = function(e, t) {
                      return e === t
                  }, r[n("0x57", "Naa&")] = n("0xf6", "w(Dq"), r[n("0x7e", "Zu]D")] = n("0x110", "YD9J"), r[n("0x7a", "T5dY")] = n("0x75", "Dtn]"), r[n("0x128", "vqpk")] = function(e, t) {
                      return e > t
                  }, r[n("0x4", "zrWU")] = function(e, t) {
                      return e <= t
                  }, r[n("0x56", "uzab")] = function(e, t) {
                      return e + t
                  }, r[n("0x141", "VdBX")] = function(e, t, n, r) {
                      return e(t, n, r)
                  }, r[n("0xd2", "FVER")] = n("0xda", "j&er"), r[n("0x17", "FVER")] = function(e, t, n) {
                      return e(t, n)
                  }, r[n("0x96", "vqpk")] = function(e, t) {
                      return e - t
                  }, r[n("0x11f", "VdBX")] = function(e, t) {
                      return e > t
                  };
                  var s = r;
                  if (!e) return [];
                  var o = [],
                      d = 0;
                  s[n("0x147", "WmWP")](t, "") && (s[n("0x125", "pRbw")](Object[n("0x109", "FlMG")][y][n("0xb0", "y@5u")](t), s[n("0xa4", "4j9@")]) && (d = t[g]), s[n("0x39", "tnRV")](void 0 === t ? "undefined" : a(t), s[n("0xf", "D@GR")]) && (d = (o = W.sc(t))[g]), s[n("0x39", "tnRV")](void 0 === t ? "undefined" : a(t), s[n("0x5f", "rib%")]) && (d = (o = W.nc(t))[g]));
                  var l = Math[n("0xe5", "pRbw")](e)[y](2),
                      c = "";
                  c = s[n("0x9d", "Hof]")](d, 0) && s[n("0x28", "D@GR")](d, 7) ? s[n("0x6", "bWtw")](l, s[n("0x104", "49kG")](i, d[y](2), 3, "0")) : s[n("0xd7", "iF%V")](l, s[n("0xab", "EX&9")]);
                  var _ = [s[n("0x97", "rib%")](D, c[f](Math[n("0x12c", "uDrd")](s[n("0x15", "w(Dq")](c[g], 8), 0)), 2)];
                  return s[n("0x82", "(k)G")](d, 7) ? _[k](W.va(d), o) : _[k](o)
              },
              ecl: function(e) {
                  var t = u,
                      n = {};
                  n[t("0x122", "bWtw")] = function(e, t) {
                      return e < t
                  }, n[t("0x131", "&Wvj")] = function(e, t, n) {
                      return e(t, n)
                  };
                  for (var r = n, a = [], i = e[y](2)[_](""), s = 0; r[t("0xd8", "tM!n")](i[g], 16); s += 1)
                  i[p](0);
                  return i = i[l](""), a[Y](r[t("0x19", "UcbW")](D, i[L](0, 8), 2), r[t("0xbe", "WmWP")](D, i[L](8, 16), 2)), a
              },
              pbc: function() {
                  var e = arguments.length > 0 && void 0 !== arguments[0] ? arguments[0] : "",
                      t = u,
                      n = {};
                  n[t("0x7c", "0]JJ")] = function(e, t) {
                      return e(t)
                  }, n[t("0x20", "iF%V")] = function(e, t) {
                      return e < t
                  }, n[t("0xaa", "tnRV")] = function(e, t) {
                      return e - t
                  };
                  var r = n,
                      a = [],
                      i = W.nc(r[t("0x43", "[wyj")](s, e[m](/\\s/g, "")));
                  if (r[t("0xcd", "bWtw")](i[g], 4)) for (var o = 0; r[t("0x51", "zrWU")](o, r[t("0x3a", "HaX[")](4, i[g])); o++)
                  a[Y](0);
                  return a[k](i)
              },
              gos: function(e, t) {
                  var n = u,
                      r = {};
                  r[n("0x135", "EX&9")] = function(e, t) {
                      return e === t
                  }, r[n("0x8e", "wWU6")] = n("0x136", "w(Dq"), r[n("0x85", "CCDE")] = n("0x13f", "1YRP");
                  var a = r,
                      i = Object[a[n("0x86", "0I]C")]](e)[h](function(t) {
                          var r = n;
                          return a[r("0xef", "5W0R")](t, a[r("0x9c", "r6cx")]) || a[r("0xb2", "xY%o")](t, "c") ? "" : t + ":" + e[t][y]() + ","
                      })[l]("");
                  return n("0x12e", "zrWU") + t + "={" + i + "}"
              },
              budget: function(e, t) {
                  var n = u,
                      r = {};
                  r[n("0x133", "vqpk")] = function(e, t) {
                      return e === t
                  }, r[n("0xd0", "Buip")] = function(e, t) {
                      return e === t
                  }, r[n("0x48", "1YRP")] = function(e, t) {
                      return e >= t
                  }, r[n("0x13c", "HaX[")] = function(e, t) {
                      return e + t
                  };
                  var a = r;
                  return a[n("0xa", "iF%V")](e, 64) ? 64 : a[n("0xc2", "v7]k")](e, 63) ? t : a[n("0x46", "NZM&")](e, t) ? a[n("0x129", "Zd5Z")](e, 1) : e
              },
              encode: function(e, t) {
                  var n = u,
                      r = {};
                  r[n("0x3", "0I]C")] = function(e, t) {
                      return e < t
                  }, r[n("0x132", "r6cx")] = n("0x13d", "[wyj"), r[n("0x10e", "v7]k")] = function(e, t) {
                      return e < t
                  }, r[n("0x11b", "YD9J")] = n("0x71", "Zu]D"), r[n("0x4b", "uzab")] = function(e, t) {
                      return e !== t
                  }, r[n("0x7b", "v7]k")] = n("0x55", "j&er"), r[n("0x137", "Hof]")] = n("0x14", "uDrd"), r[n("0xc", "r6cx")] = function(e, t) {
                      return e * t
                  }, r[n("0xdb", "86I$")] = n("0xd5", "1YRP"), r[n("0x45", "5W0R")] = n("0xec", "WmWP"), r[n("0xa9", "uzab")] = function(e, t) {
                      return e | t
                  }, r[n("0xcb", "1YRP")] = function(e, t) {
                      return e << t
                  }, r[n("0x1a", "Dtn]")] = function(e, t) {
                      return e & t
                  }, r[n("0x69", "T5dY")] = function(e, t) {
                      return e - t
                  }, r[n("0x5c", "[wyj")] = function(e, t) {
                      return e >> t
                  }, r[n("0x138", "Naa&")] = function(e, t) {
                      return e - t
                  }, r[n("0x40", "Hof]")] = function(e, t) {
                      return e & t
                  }, r[n("0x52", "FVER")] = function(e, t) {
                      return e >> t
                  }, r[n("0x100", "pRbw")] = function(e, t) {
                      return e - t
                  }, r[n("0x68", "w(Dq")] = function(e, t) {
                      return e(t)
                  }, r[n("0x54", "Buip")] = function(e, t, n) {
                      return e(t, n)
                  }, r[n("0x80", "0I]C")] = function(e, t, n) {
                      return e(t, n)
                  }, r[n("0x1c", "iF%V")] = function(e, t) {
                      return e | t
                  }, r[n("0xa1", "w(Dq")] = function(e, t) {
                      return e << t
                  }, r[n("0x9b", "YD9J")] = function(e, t) {
                      return e + t
                  }, r[n("0x72", "vqpk")] = function(e, t) {
                      return e + t
                  }, r[n("0x6d", "wWU6")] = function(e, t) {
                      return e + t
                  };
                  for (var i, s, o, d, l = r, c = {
                      "_bÇ": e = e,
                      _bK: 0,
                      _bf: function() {
                          var t = n;
                          return e[v](c[t("0x8c", "bNd#")]++)
                      }
                  }, _ = {
                      "_ê": [],
                      "_bÌ": -1,
                      "_á": function(e) {
                          var t = n;
                          _[t("0x7d", "T5dY")]++, _["_ê"][_[t("0xc8", "vqpk")]] = e
                      },
                      "_bÝ": function() {
                          var e = n;
                          return _bÝ [e("0x11e", "WmWP")]--, l[e("0x8d", "w(Dq")](_bÝ [e("0xcc", "Naa&")], 0) && (_bÝ [e("0x106", "tnRV")] = 0), _bÝ ["_ê"][_bÝ [e("0xae", "bNd#")]]
                      }
                  }, f = "", h = l[n("0x7", "v7]k")], p = 0; l[n("0x142", "NZM&")](p, h[g]); p++)
                  _["_á"](h[l[n("0xc5", "Hof]")]](p));
                  _["_á"]("=");
                  var y = l[n("0x118", "WmWP")](void 0 === t ? "undefined" : a(t), l[n("0x6b", "86I$")]) ? Math[l[n("0xb5", "YD9J")]](l[n("0x8f", "Buip")](Math[l[n("0xbd", "tM!n")]](), 64)) : -1;
                  for (p = 0; l[n("0x11", "Hof]")](p, e[g]); p = c[n("0x70", "&NG^")])
                  for (var M = l[n("0x32", "r6cx")][n("0x37", "D@GR")]("|"), L = 0;;) {
                      switch (M[L++]) {
                          case "0":
                              s = l[n("0xde", "EX&9")](l[n("0x12f", "VdBX")](l[n("0x120", "NZM&")](_["_ê"][l[n("0x5d", "4j9@")](_[n("0x7d", "T5dY")], 2)], 3), 4), l[n("0x139", "tnRV")](_["_ê"][l[n("0x47", "Poq&")](_[n("0x87", "v7]k")], 1)], 4));
                              continue;
                          case "1":
                              d = l[n("0x89", "NZM&")](_["_ê"][_[n("0x84", "4j9@")]], 63);
                              continue;
                          case "2":
                              _["_á"](c[n("0x10", "5W0R")]());
                              continue;
                          case "3":
                              i = l[n("0x52", "FVER")](_["_ê"][l[n("0xc9", "YD9J")](_[n("0xe9", "Zd5Z")], 2)], 2);
                              continue;
                          case "4":
                              l[n("0x3c", "UcbW")](isNaN, _["_ê"][l[n("0x64", "v7]k")](_[n("0x12d", "HaX[")], 1)]) ? o = d = 64 : l[n("0x73", "T5dY")](isNaN, _["_ê"][_[n("0x77", "y@5u")]]) && (d = 64);
                              continue;
                          case "5":
                              _["_á"](c[n("0xc7", "pRbw")]());
                              continue;
                          case "6":
                              l[n("0x8a", "&Wvj")](void 0 === t ? "undefined" : a(t), l[n("0x60", "FVER")]) && (i = l[n("0xee", "rib%")](t, i, y), s = l[n("0x149", "y@5u")](t, s, y), o = l[n("0x9", "vqpk")](t, o, y), d = l[n("0xff", "r6cx")](t, d, y));
                              continue;
                          case "7":
                              o = l[n("0x144", "EX&9")](l[n("0xa7", "tM!n")](l[n("0x58", "xY%o")](_["_ê"][l[n("0xb9", "Zd5Z")](_[n("0xe6", "D@GR")], 1)], 15), 2), l[n("0xfa", "UcbW")](_["_ê"][_[n("0x7d", "T5dY")]], 6));
                              continue;
                          case "8":
                              f = l[n("0x134", "1YRP")](l[n("0x10a", "0JIq")](l[n("0x112", "bNd#")](l[n("0x3b", "4j9@")](f, _["_ê"][i]), _["_ê"][s]), _["_ê"][o]), _["_ê"][d]);
                              continue;
                          case "9":
                              _["_á"](c[n("0x6c", "bNd#")]());
                              continue;
                          case "10":
                              _[n("0x87", "v7]k")] -= 3;
                              continue
                      }
                      break
                  }
                  return l[n("0x1e", "T5dY")](f[m](/=/g, ""), h[y] || "")
              }
          };
      e[u("0x4d", "v7]k")] = W
  }).call(this, n(1)(e))
}

接下来我们需要创建一个自执行函数,把上面用到的loadCode 函数定义一下,并将它添加到window 对象上,可以看到t 是一个空对象,用来存储模块的导出结果!n 函数用于加载模块,所以核心调试也就是需要在commons.fff25be43f7d0482c30c.js文件内把Webpack加载的模块代码全部扣出来,如下所示:

javascript 复制代码
(function(moduleLoader) {
    var modules = {};

    function loadModule(moduleId) {
        if (modules[moduleId]) return modules[moduleId].exports;
        var module = modules[moduleId] = {
            id: moduleId,
            loaded: !1,
            exports: {}
        };
        return moduleLoader[moduleId].call(module.exports, module, module.exports, loadModule), module.loaded = !0, module.exports
    }

    window.loadModule = loadModule;

    loadModule.m = moduleLoader;
    loadModule.c = modules;

    loadModule.d = function(exports, name, getter) {
        loadModule.o(exports, name) || Object.defineProperty(exports, name, {
            enumerable: !0,
            get: getter
        })
    };

    loadModule.r = function(exports) {
        "undefined" != typeof Symbol && Symbol.toStringTag && Object.defineProperty(exports, Symbol.toStringTag, {
            value: "Module"
        }), Object.defineProperty(exports, "__esModule", {
            value: !0
        })
    };

    loadModule.t = function(value, mode) {
        if (1 & mode && (value = loadModule(value)), 8 & mode) return value;
        if (4 & mode && "object" == typeof value && value && value.__esModule) return value;
        var ns = Object.create(null);
        if (loadModule.r(ns), Object.defineProperty(ns, "default", {
            enumerable: !0,
            value: value
        }), 2 & mode && "string" != typeof value) for (var name in value) loadModule.d(ns, name, function(name) {
            return value[name]
        }.bind(null, name));
        return ns
    };

    loadModule.n = function(module) {
        var getter = module && module.__esModule ? function() {
            return module.default
        } : function() {
            return module
        };
        return loadModule.d(getter, "a", getter), getter
    };

    loadModule.o = function(object, property) {
        return Object.prototype.hasOwnProperty.call(object, property)
    };

    loadModule.p = "";
})(obj__);

var encrypt = window.loadModule("3");

上面重新实现的自执行函数主要功能则是创建了一个模块加载器!这个加载器允许通过给定模块的标识符来动态加载模块,并返回模块的导出内容。通过使用闭包和模块加载器模式,将模块的定义和加载逻辑封装在内部,并提供了一些工具函数来管理模块的加载和导出

简单一句话就是:简易的模块加载器,用于动态加载和管理模块!辅助管理模块的状态和导出

继续往下调试,边调试边补代码,细节很多,直接贴关键部分的代码,如下所示:

稍微改造一下!下面函数的作用主要是生成随机字符,然后从预定义的字符串中索引取值,直到字符串的长度达到指定的长度为止!这操作基本很多网站的加密都有的流程

javascript 复制代码
function l(e) {
    e = e || 21;
    for (var t = ""; 0 < e--;)
        t += "_~varfunctio0125634789bdegjhklmpqswxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"[64 * Math.random() | 0];
    return t
}

继续上面函数往下调试,下面的这个方法作用是,将给定的字符串填充到指定长度,并且可以指定填充的字符!一个要填充的字符。如下所示:

稍微改造一下!如下,函数会对参数进行检查,确保它们的类型正确。然后,它会计算需要填充的字符数量,并将填充的字符添加到原始字符串的末尾,直到字符串达到指定的长度为止,代码如下:

javascript 复制代码
function d(e, t, n) {
    if ("string" != typeof e)
        throw new Error("The string parameter must be a string.");
    if (e.length < 1)
        throw new Error("The string parameter must be 1 character or longer.");
    if ("number" != typeof t)
        throw new Error("The length parameter must be a number.");
    if ("string" != typeof n && n)
        throw new Error("The character parameter must be a string.");
    var r = -1;
    for (t -= e.length,
        n || 0 === n || (n = " "); ++r < t;)
        e += n;
    return e

}

就把这个Webpack的JS代码全部扣下来,不需要补环境!主打的就是扣JS还原算法,最后测试一下最终还原的算法效果,如下所示:

接下来我们简单的编写一个Demo,调用算法进行一下测试,代码实现如下:

python 复制代码
# -*- coding: utf-8 -*-

import json
import execjs
import requests

def get_anti_content():
    with open("get_anti_content.js", encoding='utf-8') as f:
        ctx = execjs.compile(f.read())
    anti_content = ctx.call(
        "get_anti_content"
    )
    return anti_content

def get_mms_pdd():

    headers = {
        "accept": "*/*",
        "accept-language": "en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7",
        "cache-control": "no-cache",
        "content-type": "application/json",
        "origin": "https://mms.pinduoduo.com",
        "pragma": "no-cache",
        "referer": "https://mms.pinduoduo.com/goods/goods_list",
        "sec-ch-ua": "\"Google Chrome\";v=\"123\", \"Not:A-Brand\";v=\"8\", \"Chromium\";v=\"123\"",
        "sec-ch-ua-mobile": "?0",
        "sec-ch-ua-platform": "\"macOS\"",
        "sec-fetch-dest": "empty",
        "sec-fetch-mode": "cors",
        "sec-fetch-site": "same-origin",
        "user-agent": "" # 自行获取
    }
    cookies = {} #自行获取

    headers["anti-content"] = get_anti_content()

    url = "https://mms.pinduoduo.com/vodka/v2/mms/query/display/mall/goodsList"
    data = {
        "pre_sale_type": 4,
        "page": 1,
        "shipment_time_type": 3,
        "is_onsale": 1,
        "sold_out": 0,
        "size": 10
    }
    data = json.dumps(data, separators=(',', ':'))
    response = requests.post(url, headers=headers, cookies=cookies, data=data)

    print(response.json())

if __name__ == '__main__':
    get_mms_pdd()

作者这里使用了商品列表的接口跟分类接口进行了一个测试,由于作者这个号是现注册的,没有商品信息所以列表是空。但是!这并不影响验证算法的效果!如下所示:

相关推荐
学不会•1 小时前
css数据不固定情况下,循环加不同背景颜色
前端·javascript·html
网易独家音乐人Mike Zhou3 小时前
【卡尔曼滤波】数据预测Prediction观测器的理论推导及应用 C语言、Python实现(Kalman Filter)
c语言·python·单片机·物联网·算法·嵌入式·iot
活宝小娜4 小时前
vue不刷新浏览器更新页面的方法
前端·javascript·vue.js
程序视点4 小时前
【Vue3新工具】Pinia.js:提升开发效率,更轻量、更高效的状态管理方案!
前端·javascript·vue.js·typescript·vue·ecmascript
coldriversnow4 小时前
在Vue中,vue document.onkeydown 无效
前端·javascript·vue.js
我开心就好o4 小时前
uniapp点左上角返回键, 重复来回跳转的问题 解决方案
前端·javascript·uni-app
开心工作室_kaic5 小时前
ssm161基于web的资源共享平台的共享与开发+jsp(论文+源码)_kaic
java·开发语言·前端
刚刚好ā5 小时前
js作用域超全介绍--全局作用域、局部作用、块级作用域
前端·javascript·vue.js·vue
沉默璇年6 小时前
react中useMemo的使用场景
前端·react.js·前端框架
yqcoder6 小时前
reactflow 中 useNodesState 模块作用
开发语言·前端·javascript