暗号:aHR0cHM6Ly9tYXNoYW5ncGEuY29tL3Byb2JsZW0tZGV0YWlsLzEwLw==
题目:
先分析端口,只有参数中的t是加密的:
所以在发起程序的第一个堆栈下一个断点,然后观察作用域,查找t的生成位置:
但是所有堆栈都找了,也没看到明显的生成位置,在ajax堆栈加密值都还在,但是load堆栈里面就不存在了,所以仔细查看ajax堆栈里面的代码:
这里v的值里面包含加密值,但是v又没有明显的赋值代码,所以在ajax堆栈的开始下一个断点,然后一次往下一步一步运行,会发现,在执行下面的if前,v都包含加密值,但是执行完以后v就有加密值了:
所以在控制台里面一步一步执行if里面的代码,查看是什么代码让v出现加密值的,会发现执行完Wt(Ot, v, t, T)后,v就包含加密值了:
以同样的方式检查Wt函数里面的代码,会发现return里面的代码执行完以后i才会带有加密值:
以同样方式检查这行代码,会发现执行完l('*')后,i才会带有加密值:
再检查l函数里面的代码,看不到什么明显的加密逻辑,所以断在l函数里面后,一直单击下一步:
会进入到一个很可疑的地方,里面全都是混淆代码:
继续点击下一步,会找到这里:
这里的_pa就是t的加密逻辑
所以现在需要扣代码还原_pa的生成逻辑,逐步解析这行代码,会得到其实就是使用oooo函数对一个字符串进行加密:
总体来说扣代码还是比较简单的,但是这题还考混淆还原,这里推荐使用网站(https://obf-io.deobfuscate.io/)进行还原
还原后在pycharm中打开,将函数折叠起来,直接全扣,然后删除掉部分就行了:
快完成的时候会报错sha256没有找到:
这里的sha256我们仅需在本地模拟他的生成代码即可,因为经过验证并没有魔改过,验证过程如下:
然后编写python代码就能正确获取到数据了:
附上python代码(已经删除headers和cookie):
import requests
import execjs
page = 3
cjs =execjs.compile(open("1.js", encoding="utf-8").read()).call('result',page)
headers = {}
cookies = {}
url = "https://mashangpa.com/api/problem-detail/10/data/"
params = {
"page": str(page),
"t": cjs
}
response = requests.get(url, headers=headers, cookies=cookies, params=params).json()
print( response)完整JS代码:
window = global;
const CryptoJS = require('crypto-js');
const sha256 = function (input) {
// 直接调用 CryptoJS.SHA256
return CryptoJS.SHA256(input).toString(CryptoJS.enc.Hex);
};
function h(_0x26b5cf, _0x41a4dc) {
var _0x27bd6f;
var _0x56c5bf;
var _0x1d88bb;
var _0x1629f5;
var _0x5ad387;
_0x1d88bb = _0x26b5cf & 0x80000000;
_0x1629f5 = _0x41a4dc & 0x80000000;
_0x27bd6f = _0x26b5cf & 0x40000000;
_0x56c5bf = _0x41a4dc & 0x40000000;
_0x5ad387 = (_0x26b5cf & 0x3fffffff) + (_0x41a4dc & 0x3fffffff);
return _0x27bd6f & _0x56c5bf ? _0x5ad387 ^ 0x80000000 ^ _0x1d88bb ^ _0x1629f5 : _0x27bd6f | _0x56c5bf ? _0x5ad387 & 0x40000000 ? _0x5ad387 ^ 0xc0000000 ^ _0x1d88bb ^ _0x1629f5 : _0x5ad387 ^ 0x40000000 ^ _0x1d88bb ^ _0x1629f5 : _0x5ad387 ^ _0x1d88bb ^ _0x1629f5;
}
function k(_0x1f8a75, _0x4a3bd3, _0x5a3070, _0x25f36f, _0x4a9473, _0x451bed, _0x437fcb) {
_0x1f8a75 = h(_0x1f8a75, h(h(_0x4a3bd3 & _0x5a3070 | ~_0x4a3bd3 & _0x25f36f, _0x4a9473), _0x437fcb));
return h(_0x1f8a75 << _0x451bed | _0x1f8a75 >>> 0x20 - _0x451bed, _0x4a3bd3);
}
function l(_0x4fcfd0, _0x791862, _0x545c62, _0x492884, _0x1b9409, _0x4f627e, _0x4c98ec) {
_0x4fcfd0 = h(_0x4fcfd0, h(h(_0x791862 & _0x492884 | _0x545c62 & ~_0x492884, _0x1b9409), _0x4c98ec));
return h(_0x4fcfd0 << _0x4f627e | _0x4fcfd0 >>> 0x20 - _0x4f627e, _0x791862);
}
function m(_0x130849, _0x4b0430, _0x4ba0ed, _0x4e52aa, _0x25e079, _0x56e69f, _0x40ef4c) {
_0x130849 = h(_0x130849, h(h(_0x4b0430 ^ _0x4ba0ed ^ _0x4e52aa, _0x25e079), _0x40ef4c));
return h(_0x130849 << _0x56e69f | _0x130849 >>> 0x20 - _0x56e69f, _0x4b0430);
}
function xxx(_0x402b75, _0x7693de, _0x30a4aa, _0x55058c, _0x17b86b, _0xceb272, _0x3040ce) {
const _0x2c9cc3 = ["var1", "var2", "var3", "var4", "var5"];
const _0x147546 = ["+", "-", "*", "/"];
let _0x2ce2fa = '';
for (let _0x2095d5 = 0x0; _0x2095d5 < 0x5; _0x2095d5++) {
const _0x3d40f3 = _0x2c9cc3[Math.floor(Math.random() * _0x2c9cc3.length)];
const _0x204c3f = _0x2c9cc3[Math.floor(Math.random() * _0x2c9cc3.length)];
const _0x21fda8 = _0x147546[Math.floor(Math.random() * _0x147546.length)];
_0x2ce2fa += "let " + _0x3d40f3 + " = " + _0x204c3f + " " + _0x21fda8 + " " + Math.floor(Math.random() * 0xa) + ";\n";
}
console.log(_0x2ce2fa);
let _0x329f5c = _0x402b75 + _0x7693de + _0x30a4aa + _0x55058c + _0x17b86b + _0xceb272 + _0x3040ce;
for (let _0x557d7d = 0x0; _0x557d7d < 0x5; _0x557d7d++) {
const _0x53d8ca = _0x2c9cc3[_0x557d7d];
if (typeof window[_0x53d8ca] !== "undefined") {
_0x329f5c += window[_0x53d8ca];
}
}
return _0x329f5c;
}
function n(_0x4968e1, _0x1093ec, _0x4c5f59, _0x474b35, _0x353c24, _0xc168b9, _0x46b192) {
_0x4968e1 = h(_0x4968e1, h(h(_0x4c5f59 ^ (_0x1093ec | ~_0x474b35), _0x353c24), _0x46b192));
return h(_0x4968e1 << _0xc168b9 | _0x4968e1 >>> 0x20 - _0xc168b9, _0x1093ec);
}
function xooo(_0xbece56) {
function _0x50a213(_0x47e4e0) {
var _0x4a8091 = '';
var _0x32f23e = '';
var _0x1a2975;
for (_0x1a2975 = 0x0; 0x3 >= _0x1a2975; _0x1a2975++) {
_0x32f23e = _0x47e4e0 >>> 0x8 * _0x1a2975 & 0xff;
_0x32f23e = "0" + _0x32f23e.toString(0x10);
_0x4a8091 += _0x32f23e.substr(_0x32f23e.length - 0x2, 0x2);
}
return _0x4a8091;
}
var _0x1b8333 = [];
var _0x28207d;
var _0x383438;
var _0x11fccf;
var _0x3ce4d1;
var _0x452f67;
var _0x20d302;
var _0x3a8a59;
var _0x58cff2;
_0xbece56 = function (_0x1a1913) {
_0x1a1913 = _0x1a1913.replace(/\\r\\n/g, "\\n");
var _0x34d0f0 = '';
for (var _0x52db02 = 0x0; _0x52db02 < _0x1a1913.length; _0x52db02++) {
var _0x23313b = _0x1a1913.charCodeAt(_0x52db02);
if (0x80 > _0x23313b) {
_0x34d0f0 += String.fromCharCode(_0x23313b);
} else {
if (0x7f < _0x23313b && 0x800 > _0x23313b) {
_0x34d0f0 += String.fromCharCode(_0x23313b >> 0x6 | 0xc0);
} else {
_0x34d0f0 += String.fromCharCode(_0x23313b >> 0xc | 0xe0);
_0x34d0f0 += String.fromCharCode(_0x23313b >> 0x6 & 0x3f | 0x80);
}
_0x34d0f0 += String.fromCharCode(_0x23313b & 0x3f | 0x80);
}
}
return _0x34d0f0;
}(_0xbece56);
_0x1b8333 = function (_0x857796) {
var _0x1608a4;
var _0x7de62 = _0x857796.length;
_0x1608a4 = _0x7de62 + 0x8;
var _0x1b0bcd = 0x10 * ((_0x1608a4 - _0x1608a4 % 0x40) / 0x40 + 0x1);
var _0x26393 = Array(_0x1b0bcd - 0x1);
var _0x5e2c4a = 0x0;
for (var _0x5038ff = 0x0; _0x5038ff < _0x7de62;) {
_0x1608a4 = (_0x5038ff - _0x5038ff % 0x4) / 0x4;
_0x5e2c4a = _0x5038ff % 0x4 * 0x8;
_0x26393[_0x1608a4] |= _0x857796.charCodeAt(_0x5038ff) << _0x5e2c4a;
_0x5038ff++;
}
_0x1608a4 = (_0x5038ff - _0x5038ff % 0x4) / 0x4;
_0x26393[_0x1608a4] |= 0x80 << _0x5038ff % 0x4 * 0x8;
_0x26393[_0x1b0bcd - 0x2] = _0x7de62 << 0x3;
_0x26393[_0x1b0bcd - 0x1] = _0x7de62 >>> 0x1d;
return _0x26393;
}(_0xbece56);
_0x452f67 = 0x10325476;
_0x20d302 = 0x98badcfe;
_0x3a8a59 = 0xefcdab89;
_0x58cff2 = 0x67452301;
for (_0xbece56 = 0x0; _0xbece56 < _0x1b8333.length; _0xbece56 += 0x10) {
_0x28207d = _0x452f67;
_0x383438 = _0x20d302;
_0x11fccf = _0x3a8a59;
_0x3ce4d1 = _0x58cff2;
_0x452f67 = k(_0x452f67, _0x20d302, _0x3a8a59, _0x58cff2, _0x1b8333[_0xbece56 + 0x0], 0x7, 0xd76aa478);
_0x58cff2 = k(_0x58cff2, _0x452f67, _0x20d302, _0x3a8a59, _0x1b8333[_0xbece56 + 0x1], 0xc, 0xe8c7b756);
_0x3a8a59 = k(_0x3a8a59, _0x58cff2, _0x452f67, _0x20d302, _0x1b8333[_0xbece56 + 0x2], 0x11, 0x242070db);
_0x20d302 = k(_0x20d302, _0x3a8a59, _0x58cff2, _0x452f67, _0x1b8333[_0xbece56 + 0x3], 0x16, 0xc1bdceee);
_0x452f67 = k(_0x452f67, _0x20d302, _0x3a8a59, _0x58cff2, _0x1b8333[_0xbece56 + 0x4], 0x7, 0xf57c0faf);
_0x58cff2 = k(_0x58cff2, _0x452f67, _0x20d302, _0x3a8a59, _0x1b8333[_0xbece56 + 0x5], 0xc, 0x4787c62a);
_0x3a8a59 = k(_0x3a8a59, _0x58cff2, _0x452f67, _0x20d302, _0x1b8333[_0xbece56 + 0x6], 0x11, 0xa8304613);
_0x20d302 = k(_0x20d302, _0x3a8a59, _0x58cff2, _0x452f67, _0x1b8333[_0xbece56 + 0x7], 0x16, 0xfd469501);
_0x452f67 = k(_0x452f67, _0x20d302, _0x3a8a59, _0x58cff2, _0x1b8333[_0xbece56 + 0x8], 0x7, 0x698098d8);
_0x58cff2 = k(_0x58cff2, _0x452f67, _0x20d302, _0x3a8a59, _0x1b8333[_0xbece56 + 0x9], 0xc, 0x8b44f7af);
_0x3a8a59 = k(_0x3a8a59, _0x58cff2, _0x452f67, _0x20d302, _0x1b8333[_0xbece56 + 0xa], 0x11, 0xffff5bb1);
_0x20d302 = k(_0x20d302, _0x3a8a59, _0x58cff2, _0x452f67, _0x1b8333[_0xbece56 + 0xb], 0x16, 0x895cd7be);
_0x452f67 = k(_0x452f67, _0x20d302, _0x3a8a59, _0x58cff2, _0x1b8333[_0xbece56 + 0xc], 0x7, 0x6b901122);
_0x58cff2 = k(_0x58cff2, _0x452f67, _0x20d302, _0x3a8a59, _0x1b8333[_0xbece56 + 0xd], 0xc, 0xfd987193);
_0x3a8a59 = k(_0x3a8a59, _0x58cff2, _0x452f67, _0x20d302, _0x1b8333[_0xbece56 + 0xe], 0x11, 0xa679438e);
_0x20d302 = k(_0x20d302, _0x3a8a59, _0x58cff2, _0x452f67, _0x1b8333[_0xbece56 + 0xf], 0x16, 0x49b40821);
_0x452f67 = l(_0x452f67, _0x20d302, _0x3a8a59, _0x58cff2, _0x1b8333[_0xbece56 + 0x1], 0x5, 0xf61e2562);
_0x58cff2 = l(_0x58cff2, _0x452f67, _0x20d302, _0x3a8a59, _0x1b8333[_0xbece56 + 0x6], 0x9, 0xc040b340);
_0x3a8a59 = l(_0x3a8a59, _0x58cff2, _0x452f67, _0x20d302, _0x1b8333[_0xbece56 + 0xb], 0xe, 0x265e5a51);
_0x20d302 = l(_0x20d302, _0x3a8a59, _0x58cff2, _0x452f67, _0x1b8333[_0xbece56 + 0x0], 0x14, 0xe9b6c7aa);
_0x452f67 = l(_0x452f67, _0x20d302, _0x3a8a59, _0x58cff2, _0x1b8333[_0xbece56 + 0x5], 0x5, 0xd62f105d);
_0x58cff2 = l(_0x58cff2, _0x452f67, _0x20d302, _0x3a8a59, _0x1b8333[_0xbece56 + 0xa], 0x9, 0x2441453);
_0x3a8a59 = l(_0x3a8a59, _0x58cff2, _0x452f67, _0x20d302, _0x1b8333[_0xbece56 + 0xf], 0xe, 0xd8a1e681);
_0x20d302 = l(_0x20d302, _0x3a8a59, _0x58cff2, _0x452f67, _0x1b8333[_0xbece56 + 0x4], 0x14, 0xe7d3fbc8);
_0x452f67 = l(_0x452f67, _0x20d302, _0x3a8a59, _0x58cff2, _0x1b8333[_0xbece56 + 0x9], 0x5, 0x21e1cde6);
_0x58cff2 = l(_0x58cff2, _0x452f67, _0x20d302, _0x3a8a59, _0x1b8333[_0xbece56 + 0xe], 0x9, 0xc33707d6);
_0x3a8a59 = l(_0x3a8a59, _0x58cff2, _0x452f67, _0x20d302, _0x1b8333[_0xbece56 + 0x3], 0xe, 0xf4d50d87);
_0x20d302 = l(_0x20d302, _0x3a8a59, _0x58cff2, _0x452f67, _0x1b8333[_0xbece56 + 0x8], 0x14, 0x455a14ed);
_0x452f67 = l(_0x452f67, _0x20d302, _0x3a8a59, _0x58cff2, _0x1b8333[_0xbece56 + 0xd], 0x5, 0xa9e3e905);
_0x58cff2 = l(_0x58cff2, _0x452f67, _0x20d302, _0x3a8a59, _0x1b8333[_0xbece56 + 0x2], 0x9, 0xfcefa3f8);
_0x3a8a59 = l(_0x3a8a59, _0x58cff2, _0x452f67, _0x20d302, _0x1b8333[_0xbece56 + 0x7], 0xe, 0x676f02d9);
_0x20d302 = l(_0x20d302, _0x3a8a59, _0x58cff2, _0x452f67, _0x1b8333[_0xbece56 + 0xc], 0x14, 0x8d2a4c8a);
_0x452f67 = m(_0x452f67, _0x20d302, _0x3a8a59, _0x58cff2, _0x1b8333[_0xbece56 + 0x5], 0x4, 0xfffa3942);
_0x58cff2 = m(_0x58cff2, _0x452f67, _0x20d302, _0x3a8a59, _0x1b8333[_0xbece56 + 0x8], 0xb, 0x8771f681);
_0x3a8a59 = m(_0x3a8a59, _0x58cff2, _0x452f67, _0x20d302, _0x1b8333[_0xbece56 + 0xb], 0x10, 0x6d9d6122);
_0x20d302 = m(_0x20d302, _0x3a8a59, _0x58cff2, _0x452f67, _0x1b8333[_0xbece56 + 0xe], 0x17, 0xfde5380c);
_0x452f67 = m(_0x452f67, _0x20d302, _0x3a8a59, _0x58cff2, _0x1b8333[_0xbece56 + 0x1], 0x4, 0xa4beea44);
_0x58cff2 = m(_0x58cff2, _0x452f67, _0x20d302, _0x3a8a59, _0x1b8333[_0xbece56 + 0x4], 0xb, 0x4bdecfa9);
_0x3a8a59 = m(_0x3a8a59, _0x58cff2, _0x452f67, _0x20d302, _0x1b8333[_0xbece56 + 0x7], 0x10, 0xf6bb4b60);
_0x20d302 = m(_0x20d302, _0x3a8a59, _0x58cff2, _0x452f67, _0x1b8333[_0xbece56 + 0xa], 0x17, 0xbebfbc70);
_0x452f67 = m(_0x452f67, _0x20d302, _0x3a8a59, _0x58cff2, _0x1b8333[_0xbece56 + 0xd], 0x4, 0x289b7ec6);
_0x58cff2 = m(_0x58cff2, _0x452f67, _0x20d302, _0x3a8a59, _0x1b8333[_0xbece56 + 0x0], 0xb, 0xeaa127fa);
_0x3a8a59 = m(_0x3a8a59, _0x58cff2, _0x452f67, _0x20d302, _0x1b8333[_0xbece56 + 0x3], 0x10, 0xd4ef3085);
_0x20d302 = m(_0x20d302, _0x3a8a59, _0x58cff2, _0x452f67, _0x1b8333[_0xbece56 + 0x6], 0x17, 0x4881d05);
_0x452f67 = m(_0x452f67, _0x20d302, _0x3a8a59, _0x58cff2, _0x1b8333[_0xbece56 + 0x9], 0x4, 0xd9d4d039);
_0x58cff2 = m(_0x58cff2, _0x452f67, _0x20d302, _0x3a8a59, _0x1b8333[_0xbece56 + 0xc], 0xb, 0xe6db99e5);
_0x3a8a59 = m(_0x3a8a59, _0x58cff2, _0x452f67, _0x20d302, _0x1b8333[_0xbece56 + 0xf], 0x10, 0x1fa27cf8);
_0x20d302 = m(_0x20d302, _0x3a8a59, _0x58cff2, _0x452f67, _0x1b8333[_0xbece56 + 0x2], 0x17, 0xc4ac5665);
_0x452f67 = n(_0x452f67, _0x20d302, _0x3a8a59, _0x58cff2, _0x1b8333[_0xbece56 + 0x0], 0x6, 0xf4292244);
_0x58cff2 = n(_0x58cff2, _0x452f67, _0x20d302, _0x3a8a59, _0x1b8333[_0xbece56 + 0x7], 0xa, 0x432aff97);
_0x3a8a59 = n(_0x3a8a59, _0x58cff2, _0x452f67, _0x20d302, _0x1b8333[_0xbece56 + 0xe], 0xf, 0xab9423a7);
_0x20d302 = n(_0x20d302, _0x3a8a59, _0x58cff2, _0x452f67, _0x1b8333[_0xbece56 + 0x5], 0x15, 0xfc93a039);
_0x452f67 = n(_0x452f67, _0x20d302, _0x3a8a59, _0x58cff2, _0x1b8333[_0xbece56 + 0xc], 0x6, 0x655b59c3);
_0x58cff2 = n(_0x58cff2, _0x452f67, _0x20d302, _0x3a8a59, _0x1b8333[_0xbece56 + 0x3], 0xa, 0x8f0ccc92);
_0x3a8a59 = n(_0x3a8a59, _0x58cff2, _0x452f67, _0x20d302, _0x1b8333[_0xbece56 + 0xa], 0xf, 0xffeff47d);
_0x20d302 = n(_0x20d302, _0x3a8a59, _0x58cff2, _0x452f67, _0x1b8333[_0xbece56 + 0x1], 0x15, 0x85845dd1);
_0x452f67 = n(_0x452f67, _0x20d302, _0x3a8a59, _0x58cff2, _0x1b8333[_0xbece56 + 0x8], 0x6, 0x6fa87e4f);
_0x58cff2 = n(_0x58cff2, _0x452f67, _0x20d302, _0x3a8a59, _0x1b8333[_0xbece56 + 0xf], 0xa, 0xfe2ce6e0);
_0x3a8a59 = n(_0x3a8a59, _0x58cff2, _0x452f67, _0x20d302, _0x1b8333[_0xbece56 + 0x6], 0xf, 0xa3014314);
_0x20d302 = n(_0x20d302, _0x3a8a59, _0x58cff2, _0x452f67, _0x1b8333[_0xbece56 + 0xd], 0x15, 0x4e0811a1);
_0x452f67 = n(_0x452f67, _0x20d302, _0x3a8a59, _0x58cff2, _0x1b8333[_0xbece56 + 0x4], 0x6, 0xf7537e82);
_0x58cff2 = n(_0x58cff2, _0x452f67, _0x20d302, _0x3a8a59, _0x1b8333[_0xbece56 + 0xb], 0xa, 0xbd3af235);
_0x3a8a59 = n(_0x3a8a59, _0x58cff2, _0x452f67, _0x20d302, _0x1b8333[_0xbece56 + 0x2], 0xf, 0x2ad7d2bb);
_0x20d302 = n(_0x20d302, _0x3a8a59, _0x58cff2, _0x452f67, _0x1b8333[_0xbece56 + 0x9], 0x15, 0xeb86d391);
_0x452f67 = h(_0x452f67, _0x28207d);
_0x20d302 = h(_0x20d302, _0x383438);
_0x3a8a59 = h(_0x3a8a59, _0x11fccf);
_0x58cff2 = h(_0x58cff2, _0x3ce4d1);
}
return (_0x50a213(_0x452f67) + _0x50a213(_0x20d302) + _0x50a213(_0x3a8a59) + _0x50a213(_0x58cff2)).toLowerCase();
}
;
function hoo(_0xc82e03, _0x164dc2) {
return sha256(_0xc82e03);
}
function OOXX(_0x1d2b77, _0x414680, _0x3c906f, _0x3dc595, _0xe29e0c) {
let _0x57722c = [0x62, 0x73, 0x62, 0x73, 0x62, 0x73, 0x62, 0x73, 0x62, 0x6c];
let _0x315d43 = [];
for (let _0x512ce5 = 0x0; _0x512ce5 < _0x57722c.length; _0x512ce5++) {
_0x315d43.push(String.fromCharCode(_0x57722c[_0x512ce5]));
}
return _0x315d43.join("|");
}
function xoo(_0x6672e7, _0xba1572) {
return sha256(_0x6672e7(_0xba1572));
}
function xo(_0x272163, _0x47ff07) {
return _0x272163 + _0x47ff07;
}
function OOxx() {}
function OOOO(_0x58d4b1, _0x19e7b0, _0x19c60c, _0x21036e, _0x19a1bf) {
let _0x418c3c = OOXX();
return sha256(xooo(_0x58d4b1 + _0x418c3c));
}
function result(page){
t = OOOO('/api/problem-detail/10/data/?page='+ page)
console.log(t)
return t
}
console.log(result(4))