网站分析
目标网站
aHR0cHM6Ly96enh5Lm5lYS5nb3YuY24vZ2F0ZXdheS9pbnF1aXJ5UHVibGljaHR0cDovanojL2dhdGV3YXkvbWVzc2FnZT9jdXJyZW50PTEmc2l6ZT0xMCZ0b3RhbD0xMTUwNzE
请求分析

发现网站更改 响应体加密 需要进行解密操作
下断点
随便怎么下断都能跟过去 我简单说几种 着急的直接搜索 JSON.parse(r["sm2"].doDecrypt(n, s)) 或者直接去看最后解密的代码
常规下断

XHR

DOM断点

选中 节点 直接右键下断
直接搜

然后一个一个打断点看能不能断住吧
**几种方法都能跟过去 直接搜索最简单,其他的因为有很多异步操作记得单步去跟 **
逆向分析

跟到这个位置 发现了关键字gm2 基本确定了加密方式 单步进去确定就是gm2
node执行 祈祷别魔改
使用node库发现最后没有魔改 就是正常的gm2 并且成功拿到结果
完整代码
javascript
// 使用了第三方库 记得安装一下
npm install sm-crypto
javascript
const sm2 = require('sm-crypto').sm2
const privateKey = '密钥'、
const cipherText = '密文'
// 解密操作(假设密文是16进制字符串)
const decrypted = sm2.doDecrypt(
cipherText,
privateKey,
{
inputEncoding: 'hex', // 输入编码(根据实际情况选hex/base64)
outputEncoding: 'utf8' // 输出编码
}
)
console.log('解密结果:', decrypted)
硬抠代码
javascript
function m(t, e) {
p = [
null,
null,
null,
null,
null,
null,
null,
null,
null,
null,
null,
null,
null,
null,
null,
null,
null,
null,
null,
null,
null,
null,
null,
null,
null,
null,
null,
null,
null,
null,
null,
null,
null,
null,
null,
null,
null,
null,
null,
null,
null,
null,
null,
null,
null,
null,
null,
null,
0,
1,
2,
3,
4,
5,
6,
7,
8,
9,
null,
null,
null,
null,
null,
null,
null,
10,
11,
12,
13,
14,
15,
16,
17,
18,
19,
20,
21,
22,
23,
24,
25,
26,
27,
28,
29,
30,
31,
32,
33,
34,
35,
null,
null,
null,
null,
null,
null,
10,
11,
12,
13,
14,
15,
16,
17,
18,
19,
20,
21,
22,
23,
24,
25,
26,
27,
28,
29,
30,
31,
32,
33,
34,
35
]
var n = p[t.charCodeAt(e)];
return null == n ? -1 : n
}
function w() {
var t = this.s & this.DM;
while (this.t > 0 && this[this.t - 1] == t)
--this.t
}
function iii(t, e) {
var n;
if (16 == e)
n = 4;
else if (8 == e)
n = 3;
else if (256 == e)
n = 8;
else if (2 == e)
n = 1;
else if (32 == e)
n = 5;
else {
if (4 != e)
return void this.fromRadix(t, e);
n = 2
}
this.t = 0,
this.s = 0;
DB = 28
var i = t.length
, o = !1
, a = 0;
while (--i >= 0) {
var s = 8 == n ? 255 & t[i] : m(t, i);
s < 0 ? "-" == t.charAt(i) && (o = !0) : (o = !1,
0 == a ? this[this.t++] = s : a + n > DB ? (this[this.t - 1] |= (s & (1 << DB - a) - 1) << a,
this[this.t++] = s >> DB - a) : this[this.t - 1] |= s << a,
a += n,
a >= DB && (a -= DB))
}
8 == n && 0 != (128 & t[0]) && (this.s = -1,
a > 0 && (this[this.t - 1] |= (1 << DB - a) - 1 << a)),
w(),
o && r.ZERO.subTo(this, this)
}
function v(t, e) {
return t.length >= e ? t : new Array(e - t.length + 1).join("0") + t
}
a = {
hexToArray: function (t) {
const e = [];
let n = t.length;
n % 2 !== 0 && (t = v(t, n + 1)),
n = t.length;
for (let i = 0; i < n; i += 2)
e.push(parseInt(t.substr(i, 2), 16));
return e
},
leftPad: function (t, e) {
return t.length >= e ? t : new Array(e - t.length + 1).join("0") + t
},
arrayToHex: function (t) {
return t.map(t => (t = t.toString(16),
1 === t.length ? "0" + t : t)).join("")
},
arrayToUtf8: function (t) {
const e = [];
let n = 0;
for (let r = 0; r < 2 * t.length; r += 2)
e[r >>> 3] |= parseInt(t[n], 10) << 24 - r % 8 * 4,
n++;
try {
const n = [];
for (let i = 0; i < t.length; i++) {
const t = e[i >>> 2] >>> 24 - i % 4 * 8 & 255;
n.push(String.fromCharCode(t))
}
return decodeURIComponent(escape(n.join("")))
} catch (i) {
throw new Error("Malformed UTF-8 data")
}
},
}
function d(t, e, n = 1, {output: r = "string"} = {}) {
e = new iii(e, 16);
h = 0;
let o = t.substr(128, 64)
, l = t.substr(192);
n === h && (o = t.substr(t.length - 64),
l = t.substr(128, t.length - 128 - 64));
const u = a.hexToArray(l)
// , c = a.getGlobalCurve().decodePointHex("04" + t.substr(0, 128))
,c = ec.keyFromPublic("04" + t.substr(0, 128), 'hex').getPublic()
// , f = c.multiply(e)
, f = c.mul(e)
, d = a.hexToArray(a.leftPad(f.getX().toBigInteger().toRadix(16), 64))
, p = a.hexToArray(a.leftPad(f.getY().toBigInteger().toRadix(16), 64));
let v = 1
, m = 0
, g = [];
const y = [].concat(d, p)
, b = () => {
g = s([...y, v >> 24 & 255, v >> 16 & 255, v >> 8 & 255, 255 & v]),
v++,
m = 0
}
;
b();
for (let i = 0, a = u.length; i < a; i++)
m === g.length && b(),
u[i] ^= 255 & g[m++];
const _ = a.arrayToHex(s([].concat(d, u, p)));
return _ === o.toLowerCase() ? "array" === r ? u : a.arrayToUtf8(u) : "array" === r ? [] : ""
}
抠了一大半没抠完,那个a对象 应该去抠一下构造函数的,走了不少弯路,但是已经抠了不少代码出来了 并且上面的代码已经能用了 就没有去弄了