专业编程基础技术教程

网站首页 > 基础教程 正文

“JS逆向 | Python爬虫 | 动态cookie如何破~”

ccvgpt 2024-11-26 00:49:13 基础教程 1 ℃

案例目标

目标网址:aHR0cHMlM0EvL21hdGNoLnl1YW5yZW54dWUuY29tL21hdGNoLzI=

本题目标:提取全部 5 页发布日热度的值,计算所有值的加和,并提交答案

“JS逆向 | Python爬虫 | 动态cookie如何破~”

常规 JavaScript 逆向思路

JavaScript 逆向工程通常分为以下三步:

  1. 寻找入口:逆向工程的核心在于找出加密参数的生成方式。关键逻辑可能隐藏在某个方法或变量中。一个网站可能加载了大量 JavaScript 文件,关键在于从这些文件中找到核心代码的位置。
  2. 调试分析:找到入口后,定位到可能执行关键参数的方法。接着,分析内部逻辑,了解使用了哪些加密算法和变量赋值变换。通过整理整体思路,利用断点或反混淆工具进行详细调试分析。
  3. 模拟执行:通过调试分析,掌握了逻辑后,需要复现加密过程,以获取最终所需的数据。

开始分析

1、打开chrome浏览器后,打开开发者工具,然后在开始之前,先清空一下缓存

2、重新刷新网页,发现网站开始进入 debugger;

解决的办法有以下几种:

1.禁用此处断点,在 debugger 行数单击鼠标右键,选择【never paush here】然后刷新页面h或点击下一步断点(F8)即可。
2.添加条件断点,同样,在行数单击右键,选择【add conditional breakpoint】然后输入 false,回车后再刷新页面
...

1.禁用此处断点,在 debugger 行数单击鼠标右键,选择【never paush here】然后刷新页面h或点击下一步断点(F8)即可。 2.添加条件断点,同样,在行数单击右键,选择【add conditional breakpoint】然后输入 false,回车后再刷新页面 ...

3、 在 Network 中可以看到热度值的 api 数据接口为2,响应预览中可以看到当前页面各手机型号发布日热度值:

4、查看这个接口,好像也没什么特殊的地方

5、点击到第二页的时候有概率会提示:cookie 失效,正在重置页面:

6、点击确定,对比请求头,再结合题目,判定问题就出在这个动态cookie上,而且就是 m :

7、看下 m 的具体属性,并非服务器直接设置:

cookie 中的 m 参数的样式如下:

2df979fcd34a0bfe193d10c45cae4632|1717209153000

8、(右键)清除 m 值重新加载页面

可以看到两个一样的请求,但是一个cookie 没有 m,看不到响应,且响应头没有 setcookie,另一个请求的 cookie 带有 m 值。由此猜测,cookie 中的 m 值是第一次请求后由 js 生成出来的。

9、既然第一个请求这么奇怪,我们使用 requests 看下它到底作了什么妖0*0。

用 fidder 抓包或者 python 请求可以发现其返回的是一个混淆的 js 代码:

#!usr/bin/env python

# -*- coding:utf-8 _*-

import requests

cookies = {

'tk': '-5621756640779912732',

'sessionid': 'qdlnifuic3h3iygdq3rcaoxpyrdo9c82',

'qpfccr': 'true',

'no-alert3': 'true',

}

headers = {

'accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7',

'accept-language': 'zh',

'cache-control': 'no-cache',

# 'cookie': 'tk=-5621756640779912732; sessionid=qdlnifuic3h3iygdq3rcaoxpyrdo9c82; qpfccr=true; no-alert3=true',

'pragma': 'no-cache',

'priority': 'u=0, i',

'referer': 'https://match.yuanrenxue.cn/match/2',

'sec-ch-ua': '"Google Chrome";v="125", "Chromium";v="125", "Not.A/Brand";v="24"',

'sec-ch-ua-mobile': '?0',

'sec-ch-ua-platform': '"Windows"',

'sec-fetch-dest': 'document',

'sec-fetch-mode': 'navigate',

'sec-fetch-site': 'same-origin',

'sec-fetch-user': '?1',

'upgrade-insecure-requests': '1',

'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36',

}

response = requests.get('https://match.yuanrenxue.cn/match/2', cookies=cookies, headers=headers)

print(response.text)

发现返回了一堆 js 代码,进一步验证了 cookie 是由 js 生成的猜想:

浏览器调试

知道了大概位置,就可以开始找具体代码了。

在源代码选项卡中找到事件监听断点,勾选脚本,这样在遇到js时会自动断下,清除浏览器中保存的 cookie,刷新界面

这里 hook 下 cookie:

(function () {
    Object.defineProperty(document, 'cookie', {
        set: function (val) {
            debugger;
            return val;
        },
    });
})();

hook 好以后 让网页继续运行,成功断在 cookie 生成位置:

此时的 m 已经生成出来了,不过可以通过调用堆栈往前找到生成的位置。

_0x36f9ed[$dbsm_0x2d28('\x30\x78\x34\x63\x31', '\x51\x6e\x61\x7a') + '\x79\x68'](_0x36f9ed['\x4c\x4b\x61' + '\x79\x68'](_0x36f9ed[$dbsm_0x2d28('\x30\x78\x34\x39\x33', '\x34\x33\x55\x36') + '\x63\x4a'](_0x36f9ed[$dbsm_0x2d28('\x30\x78\x31\x36\x66', '\x7a\x6f\x74\x26') + '\x63\x7a'](_0x36f9ed[$dbsm_0x2d28('\x30\x78\x31\x64\x35', '\x65\x38\x34\x67') + '\x43\x44'](_0x36f9ed['\x54\x65\x61' + '\x43\x44']('\x6d', _0x36f9ed[$dbsm_0x2d28('\x30\x78\x33\x32\x37', '\x40\x6e\x71\x49') + '\x46\x4b'](_0x49aa7c)), '\x3d'), _0x36f9ed['\x57\x58\x6b' + '\x66\x77'](_0x5d6009, _0x26b6ca)), '\x7c'), _0x26b6ca), _0x36f9ed['\x41\x73\x54' + '\x75\x6d']);
                location[$dbsm_0x2d28('\x30\x78\x63\x34', '\x57\x6f\x5b\x4f') + $dbsm_0x2d28('\x30\x78\x34\x64\x36', '\x72\x50\x50\x79')]();

再来看下_0x36f9ed:

这个_0x36f9ed里面包含了很多字符串和函数,也就是说上面的代码都是在调用它里面的函数。

稍加整理:

_0x36f9ed['LKayh'](
_0x36f9ed['LKayh'](
_0x36f9ed['yYtcJ'](
_0x36f9ed['TCacz'](
_0x36f9ed['TeaCD'](
_0x36f9ed['TeaCD']('m', 
_0x36f9ed["TZmFK"](_0x49aa7c)), '='), 
_0x36f9ed['WXkfw'](_0x5d6009, _0x26b6ca)), '|'), _0x26b6ca),
 _0x36f9ed['AsTum']);

这是个大套娃函数,逐一验证:

也就是最后只要计算:

_0x36f9ed['WXkfw'](_0x5d6009, _0x26b6ca) + '|' + _0x26b6ca

剩下的就是补环境了。

用猿人学的采集工具解混淆(tool.yuanrenxue.cn/decode_obfu…

解混淆之后的代码如下:

setInterval(function () {
  $dbsm_0x2cce85();
}, 4000);

(function $dbsm_0x5bf942(_0x31e196) {
  var _0x39cca0 = function () {
    var _0x13d1a6 = true;
    return function (_0x4cd36a, _0x4e4df1) {
      var _0x51fcc5 = _0x13d1a6 ? function () {
        if (_0x4e4df1) {
          var _0x174e7c = _0x4e4df1["apply"](_0x4cd36a, arguments);

          _0x4e4df1 = null;
          return _0x174e7c;
        }
      } : function () {};

      _0x13d1a6 = false;
      return _0x51fcc5;
    };
  }();

  var _0x5a13d7 = function () {
    var _0x1aa8c9 = true;
    return function (_0xdbfd1d, _0x5bfa4e) {
      var _0x1409db = _0x1aa8c9 ? function () {
        if (_0x5bfa4e) {
          var _0x2f8d9f = _0x5bfa4e["apply"](_0xdbfd1d, arguments);

          _0x5bfa4e = null;
          return _0x2f8d9f;
        }
      } : function () {};

      _0x1aa8c9 = false;
      return _0x1409db;
    };
  }();

  function _0x7d37cb(_0x47959e, _0x3bc00b) {
    var _0x11ade0 = (65535 & _0x47959e) + (65535 & _0x3bc00b);

    return (_0x47959e >> 16) + (_0x3bc00b >> 16) + (_0x11ade0 >> 16) << 16 | 65535 & _0x11ade0;
  }

  function _0x142d6a(_0x1bbddf, _0x3f144b) {
    return _0x1bbddf << _0x3f144b | _0x1bbddf >>> 32 - _0x3f144b;
  }

  function _0x3649fb(_0x21be27, _0xe6370b, _0x5eeffe, _0x11f158, _0x40461a, _0x2ee259) {
    return _0x7d37cb(_0x142d6a(_0x7d37cb(_0x7d37cb(_0xe6370b, _0x21be27), _0x7d37cb(_0x11f158, _0x2ee259)), _0x40461a), _0x5eeffe);
  }

  function _0x106504(_0x3f4fd4, _0x3c217b, _0x277540, _0x4ef3b1, _0x3be99b, _0x2d706f, _0x180aad) {
    return _0x3649fb(_0x3c217b & _0x277540 | ~_0x3c217b & _0x4ef3b1, _0x3f4fd4, _0x3c217b, _0x3be99b, _0x2d706f, _0x180aad);
  }

  function _0x569d9f(_0x3a1a35, _0x4e6ac2, _0x5a49a9, _0x312136, _0xd2eee1, _0x156125, _0x396c4c) {
    return _0x3649fb(_0x4e6ac2 & _0x312136 | _0x5a49a9 & ~_0x312136, _0x3a1a35, _0x4e6ac2, _0xd2eee1, _0x156125, _0x396c4c);
  }

  function _0x25e694(_0x2a8b77, _0x6278a0) {
    let _0x124cc7 = [99, 111, 110, 115, 111, 108, 101];
    let _0x23a395 = "";

    for (let _0x29cf05 = 0; _0x29cf05 < _0x124cc7["length"]; _0x29cf05++) {
      _0x23a395 += String["fromCharCode"](_0x124cc7[_0x29cf05]);
    }

    return _0x23a395;
  }

  function _0x573502(_0x21e7a6, _0x87331, _0xb0313, _0x3c93cc, _0x2b42ca, _0x490f6b, _0x18e811) {
    return _0x3649fb(_0x87331 ^ _0xb0313 ^ _0x3c93cc, _0x21e7a6, _0x87331, _0x2b42ca, _0x490f6b, _0x18e811);
  }

  function _0xc20d2b(_0x130de7, _0x243ab5, _0x5c559a, _0x4eb361, _0x178d6a, _0x3871a0, _0x325335) {
    return _0x3649fb(_0x5c559a ^ (_0x243ab5 | ~_0x4eb361), _0x130de7, _0x243ab5, _0x178d6a, _0x3871a0, _0x325335);
  }

  function _0x116551(_0x1dbd19, _0x3eb31e) {
    if (_0x3eb31e) {
      return _0xc20d2b(_0x1dbd19);
    }

    return _0x25e694(_0x1dbd19);
  }

  function _0x118b69(_0x118b98, _0x4dc3aa) {
    let _0x5350c = "";

    for (let _0x51d6de = 0; _0x51d6de < _0x118b98["length"]; _0x51d6de++) {
      _0x5350c += String["fromCharCode"](_0x118b98[_0x51d6de]);
    }

    return _0x5350c;
  }

  function _0x7c9cae(_0x218784, _0x102f11) {
    var _0x4a24af = _0x39cca0(this, function () {
      var _0x58b618 = function () {
        var _0x4e2deb = _0x58b618["constructor"]("return /\" + this + \"/")()["compile"]("^([^ ]+( +[^ ]+)+)+[^ ]}");

        return !_0x4e2deb["test"](_0x4a24af);
      };

      return _0x58b618();
    });

    _0x4a24af();

    (function () {
      _0x5a13d7(this, function () {
        var _0x22c2f7 = new RegExp("function *\\( *\\)");

        var _0x1449c8 = new RegExp("\\+\\+ *(?:[a-zA-Z_$][0-9a-zA-Z_$]*)", "i");

        var _0x543b10 = $dbsm_0x2cce85("init");

        if (!_0x22c2f7["test"](_0x543b10 + "chain") || !_0x1449c8["test"](_0x543b10 + "input")) {
          _0x543b10("0");
        } else {
          $dbsm_0x2cce85();
        }
      })();
    })();

    _0x116551();

    qz = [10, 99, 111, 110, 115, 111, 108, 101, 32, 61, 32, 110, 101, 119, 32, 79, 98, 106, 101, 99, 116, 40, 41, 10, 99, 111, 110, 115, 111, 108, 101, 46, 108, 111, 103, 32, 61, 32, 102, 117, 110, 99, 116, 105, 111, 110, 32, 40, 115, 41, 32, 123, 10, 32, 32, 32, 32, 119, 104, 105, 108, 101, 32, 40, 49, 41, 123, 10, 32, 32, 32, 32, 32, 32, 32, 32, 102, 111, 114, 40, 105, 61, 48, 59, 105, 60, 49, 49, 48, 48, 48, 48, 48, 59, 105, 43, 43, 41, 123, 10, 32, 32, 32, 32, 32, 32, 32, 32, 104, 105, 115, 116, 111, 114, 121, 46, 112, 117, 115, 104, 83, 116, 97, 116, 101, 40, 48, 44, 48, 44, 105, 41, 10, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 125, 10, 32, 32, 32, 32, 125, 10, 10, 125, 10, 99, 111, 110, 115, 111, 108, 101, 46, 116, 111, 83, 116, 114, 105, 110, 103, 32, 61, 32, 39, 91, 111, 98, 106, 101, 99, 116, 32, 79, 98, 106, 101, 99, 116, 93, 39, 10, 99, 111, 110, 115, 111, 108, 101, 46, 108, 111, 103, 46, 116, 111, 83, 116, 114, 105, 110, 103, 32, 61, 32, 39, 402, 32, 116, 111, 83, 116, 114, 105, 110, 103, 40, 41, 32, 123, 32, 91, 110, 97, 116, 105, 118, 101, 32, 99, 111, 100, 101, 93, 32, 125, 39, 10];
    eval(_0x118b69(qz));

    try {
      if (global) {
        console["log"]("人生苦短,何必python?");
      } else {
        while (1) {
          console["log"]("人生苦短,何必python?");
          debugger;
        }
      }
    } catch (_0x5709da) {
      return navigator["vendorSub"];
    }
  }

  setInterval(_0x7c9cae(), 500);

  function _0x8d8432(_0x12522f, _0x52357b) {
    _0x12522f[_0x52357b >> 5] |= 128 << _0x52357b % 32, _0x12522f[14 + (_0x52357b + 64 >>> 9 << 4)] = _0x52357b;

    if (qz) {
      var _0x2dd6a2,
          _0x9afb13,
          _0x597da2,
          _0xf510a0,
          _0x500042,
          _0x5805e5 = 1732584193,
          _0x480c88 = -271733879,
          _0x1943ed = -1732584194,
          _0x5d4ef3 = 271733878;
    } else {
      var _0x2dd6a2,
          _0x9afb13,
          _0x597da2,
          _0xf510a0,
          _0x500042,
          _0x5805e5 = 0,
          _0x480c88 = -0,
          _0x1943ed = -0,
          _0x5d4ef3 = 0;
    }

    for (_0x2dd6a2 = 0; _0x2dd6a2 < _0x12522f["length"]; _0x2dd6a2 += 16) _0x9afb13 = _0x5805e5, _0x597da2 = _0x480c88, _0xf510a0 = _0x1943ed, _0x500042 = _0x5d4ef3, _0x5805e5 = _0x106504(_0x5805e5, _0x480c88, _0x1943ed, _0x5d4ef3, _0x12522f[_0x2dd6a2], 7, -680876936), _0x5d4ef3 = _0x106504(_0x5d4ef3, _0x5805e5, _0x480c88, _0x1943ed, _0x12522f[_0x2dd6a2 + 1], 12, -389564586), _0x1943ed = _0x106504(_0x1943ed, _0x5d4ef3, _0x5805e5, _0x480c88, _0x12522f[_0x2dd6a2 + 2], 17, 606105819), _0x480c88 = _0x106504(_0x480c88, _0x1943ed, _0x5d4ef3, _0x5805e5, _0x12522f[_0x2dd6a2 + 3], 22, -1044525330), _0x5805e5 = _0x106504(_0x5805e5, _0x480c88, _0x1943ed, _0x5d4ef3, _0x12522f[_0x2dd6a2 + 4], 7, -176418897), _0x5d4ef3 = _0x106504(_0x5d4ef3, _0x5805e5, _0x480c88, _0x1943ed, _0x12522f[_0x2dd6a2 + 5], 12, 1200080426), _0x1943ed = _0x106504(_0x1943ed, _0x5d4ef3, _0x5805e5, _0x480c88, _0x12522f[_0x2dd6a2 + 6], 17, -1473231341), _0x480c88 = _0x106504(_0x480c88, _0x1943ed, _0x5d4ef3, _0x5805e5, _0x12522f[_0x2dd6a2 + 7], 22, -45705983), _0x5805e5 = _0x106504(_0x5805e5, _0x480c88, _0x1943ed, _0x5d4ef3, _0x12522f[_0x2dd6a2 + 8], 7, 1770010416), _0x5d4ef3 = _0x106504(_0x5d4ef3, _0x5805e5, _0x480c88, _0x1943ed, _0x12522f[_0x2dd6a2 + 9], 12, -1958414417), _0x1943ed = _0x106504(_0x1943ed, _0x5d4ef3, _0x5805e5, _0x480c88, _0x12522f[_0x2dd6a2 + 10], 17, -42063), _0x480c88 = _0x106504(_0x480c88, _0x1943ed, _0x5d4ef3, _0x5805e5, _0x12522f[_0x2dd6a2 + 11], 22, -1990404162), _0x5805e5 = _0x106504(_0x5805e5, _0x480c88, _0x1943ed, _0x5d4ef3, _0x12522f[_0x2dd6a2 + 12], 7, 1804603682), _0x5d4ef3 = _0x106504(_0x5d4ef3, _0x5805e5, _0x480c88, _0x1943ed, _0x12522f[_0x2dd6a2 + 13], 12, -40341101), _0x1943ed = _0x106504(_0x1943ed, _0x5d4ef3, _0x5805e5, _0x480c88, _0x12522f[_0x2dd6a2 + 14], 17, -1502882290), _0x480c88 = _0x106504(_0x480c88, _0x1943ed, _0x5d4ef3, _0x5805e5, _0x12522f[_0x2dd6a2 + 15], 22, 1236535329), _0x5805e5 = _0x569d9f(_0x5805e5, _0x480c88, _0x1943ed, _0x5d4ef3, _0x12522f[_0x2dd6a2 + 1], 5, -165796510), _0x5d4ef3 = _0x569d9f(_0x5d4ef3, _0x5805e5, _0x480c88, _0x1943ed, _0x12522f[_0x2dd6a2 + 6], 9, -1069501632), _0x1943ed = _0x569d9f(_0x1943ed, _0x5d4ef3, _0x5805e5, _0x480c88, _0x12522f[_0x2dd6a2 + 11], 14, 643717713), _0x480c88 = _0x569d9f(_0x480c88, _0x1943ed, _0x5d4ef3, _0x5805e5, _0x12522f[_0x2dd6a2], 20, -373897302), _0x5805e5 = _0x569d9f(_0x5805e5, _0x480c88, _0x1943ed, _0x5d4ef3, _0x12522f[_0x2dd6a2 + 5], 5, -701558691), _0x5d4ef3 = _0x569d9f(_0x5d4ef3, _0x5805e5, _0x480c88, _0x1943ed, _0x12522f[_0x2dd6a2 + 10], 9, 38016083), _0x1943ed = _0x569d9f(_0x1943ed, _0x5d4ef3, _0x5805e5, _0x480c88, _0x12522f[_0x2dd6a2 + 15], 14, -660478335), _0x480c88 = _0x569d9f(_0x480c88, _0x1943ed, _0x5d4ef3, _0x5805e5, _0x12522f[_0x2dd6a2 + 4], 20, -405537848), _0x5805e5 = _0x569d9f(_0x5805e5, _0x480c88, _0x1943ed, _0x5d4ef3, _0x12522f[_0x2dd6a2 + 9], 5, 568446438), _0x5d4ef3 = _0x569d9f(_0x5d4ef3, _0x5805e5, _0x480c88, _0x1943ed, _0x12522f[_0x2dd6a2 + 14], 9, -1019803690), _0x1943ed = _0x569d9f(_0x1943ed, _0x5d4ef3, _0x5805e5, _0x480c88, _0x12522f[_0x2dd6a2 + 3], 14, -187363961), _0x480c88 = _0x569d9f(_0x480c88, _0x1943ed, _0x5d4ef3, _0x5805e5, _0x12522f[_0x2dd6a2 + 8], 20, 1163531501), _0x5805e5 = _0x569d9f(_0x5805e5, _0x480c88, _0x1943ed, _0x5d4ef3, _0x12522f[_0x2dd6a2 + 13], 5, -1444681467), _0x5d4ef3 = _0x569d9f(_0x5d4ef3, _0x5805e5, _0x480c88, _0x1943ed, _0x12522f[_0x2dd6a2 + 2], 9, -51403784), _0x1943ed = _0x569d9f(_0x1943ed, _0x5d4ef3, _0x5805e5, _0x480c88, _0x12522f[_0x2dd6a2 + 7], 14, 1735328473), _0x480c88 = _0x569d9f(_0x480c88, _0x1943ed, _0x5d4ef3, _0x5805e5, _0x12522f[_0x2dd6a2 + 12], 20, -1926607734), _0x5805e5 = _0x573502(_0x5805e5, _0x480c88, _0x1943ed, _0x5d4ef3, _0x12522f[_0x2dd6a2 + 5], 4, -378558), _0x5d4ef3 = _0x573502(_0x5d4ef3, _0x5805e5, _0x480c88, _0x1943ed, _0x12522f[_0x2dd6a2 + 8], 11, -2022574463), _0x1943ed = _0x573502(_0x1943ed, _0x5d4ef3, _0x5805e5, _0x480c88, _0x12522f[_0x2dd6a2 + 11], 16, 1839030562), _0x480c88 = _0x573502(_0x480c88, _0x1943ed, _0x5d4ef3, _0x5805e5, _0x12522f[_0x2dd6a2 + 14], 23, -35309556), _0x5805e5 = _0x573502(_0x5805e5, _0x480c88, _0x1943ed, _0x5d4ef3, _0x12522f[_0x2dd6a2 + 1], 4, -1530992060), _0x5d4ef3 = _0x573502(_0x5d4ef3, _0x5805e5, _0x480c88, _0x1943ed, _0x12522f[_0x2dd6a2 + 4], 11, 1272893353), _0x1943ed = _0x573502(_0x1943ed, _0x5d4ef3, _0x5805e5, _0x480c88, _0x12522f[_0x2dd6a2 + 7], 16, -155497632), _0x480c88 = _0x573502(_0x480c88, _0x1943ed, _0x5d4ef3, _0x5805e5, _0x12522f[_0x2dd6a2 + 10], 23, -1094730640), _0x5805e5 = _0x573502(_0x5805e5, _0x480c88, _0x1943ed, _0x5d4ef3, _0x12522f[_0x2dd6a2 + 13], 4, 681279174), _0x5d4ef3 = _0x573502(_0x5d4ef3, _0x5805e5, _0x480c88, _0x1943ed, _0x12522f[_0x2dd6a2], 11, -358537222), _0x1943ed = _0x573502(_0x1943ed, _0x5d4ef3, _0x5805e5, _0x480c88, _0x12522f[_0x2dd6a2 + 3], 16, -722521979), _0x480c88 = _0x573502(_0x480c88, _0x1943ed, _0x5d4ef3, _0x5805e5, _0x12522f[_0x2dd6a2 + 6], 23, 76029189), _0x5805e5 = _0x573502(_0x5805e5, _0x480c88, _0x1943ed, _0x5d4ef3, _0x12522f[_0x2dd6a2 + 9], 4, -640364487), _0x5d4ef3 = _0x573502(_0x5d4ef3, _0x5805e5, _0x480c88, _0x1943ed, _0x12522f[_0x2dd6a2 + 12], 11, -421815835), _0x1943ed = _0x573502(_0x1943ed, _0x5d4ef3, _0x5805e5, _0x480c88, _0x12522f[_0x2dd6a2 + 15], 16, 530742520), _0x480c88 = _0x573502(_0x480c88, _0x1943ed, _0x5d4ef3, _0x5805e5, _0x12522f[_0x2dd6a2 + 2], 23, -995338651), _0x5805e5 = _0xc20d2b(_0x5805e5, _0x480c88, _0x1943ed, _0x5d4ef3, _0x12522f[_0x2dd6a2], 6, -198630844), _0x5d4ef3 = _0xc20d2b(_0x5d4ef3, _0x5805e5, _0x480c88, _0x1943ed, _0x12522f[_0x2dd6a2 + 7], 10, 1126891415), _0x1943ed = _0xc20d2b(_0x1943ed, _0x5d4ef3, _0x5805e5, _0x480c88, _0x12522f[_0x2dd6a2 + 14], 15, -1416354905), _0x480c88 = _0xc20d2b(_0x480c88, _0x1943ed, _0x5d4ef3, _0x5805e5, _0x12522f[_0x2dd6a2 + 5], 21, -57434055), _0x5805e5 = _0xc20d2b(_0x5805e5, _0x480c88, _0x1943ed, _0x5d4ef3, _0x12522f[_0x2dd6a2 + 12], 6, 1700485571), _0x5d4ef3 = _0xc20d2b(_0x5d4ef3, _0x5805e5, _0x480c88, _0x1943ed, _0x12522f[_0x2dd6a2 + 3], 10, -1894986606), _0x1943ed = _0xc20d2b(_0x1943ed, _0x5d4ef3, _0x5805e5, _0x480c88, _0x12522f[_0x2dd6a2 + 10], 15, -1051523), _0x480c88 = _0xc20d2b(_0x480c88, _0x1943ed, _0x5d4ef3, _0x5805e5, _0x12522f[_0x2dd6a2 + 1], 21, -2054922799), _0x5805e5 = _0xc20d2b(_0x5805e5, _0x480c88, _0x1943ed, _0x5d4ef3, _0x12522f[_0x2dd6a2 + 8], 6, 1873313359), _0x5d4ef3 = _0xc20d2b(_0x5d4ef3, _0x5805e5, _0x480c88, _0x1943ed, _0x12522f[_0x2dd6a2 + 15], 10, -30611744), _0x1943ed = _0xc20d2b(_0x1943ed, _0x5d4ef3, _0x5805e5, _0x480c88, _0x12522f[_0x2dd6a2 + 6], 15, -1560198380), _0x480c88 = _0xc20d2b(_0x480c88, _0x1943ed, _0x5d4ef3, _0x5805e5, _0x12522f[_0x2dd6a2 + 13], 21, 1309151649), _0x5805e5 = _0xc20d2b(_0x5805e5, _0x480c88, _0x1943ed, _0x5d4ef3, _0x12522f[_0x2dd6a2 + 4], 6, -145523070), _0x5d4ef3 = _0xc20d2b(_0x5d4ef3, _0x5805e5, _0x480c88, _0x1943ed, _0x12522f[_0x2dd6a2 + 11], 10, -1120210379), _0x1943ed = _0xc20d2b(_0x1943ed, _0x5d4ef3, _0x5805e5, _0x480c88, _0x12522f[_0x2dd6a2 + 2], 15, 718787259), _0x480c88 = _0xc20d2b(_0x480c88, _0x1943ed, _0x5d4ef3, _0x5805e5, _0x12522f[_0x2dd6a2 + 9], 21, -343485441), _0x5805e5 = _0x7d37cb(_0x5805e5, _0x9afb13), _0x480c88 = _0x7d37cb(_0x480c88, _0x597da2), _0x1943ed = _0x7d37cb(_0x1943ed, _0xf510a0), _0x5d4ef3 = _0x7d37cb(_0x5d4ef3, _0x500042);

    return [_0x5805e5, _0x480c88, _0x1943ed, _0x5d4ef3];
  }

  function _0x288e8c(_0x5e1f58) {
    var _0x40d6a1,
        _0x7cf452 = "",
        _0x3a1a6f = 32 * _0x5e1f58["length"];

    for (_0x40d6a1 = 0; _0x40d6a1 < _0x3a1a6f; _0x40d6a1 += 8) _0x7cf452 += String["fromCharCode"](_0x5e1f58[_0x40d6a1 >> 5] >>> _0x40d6a1 % 32 & 255);

    return _0x7cf452;
  }

  function _0x148161(_0x54c23b) {
    var _0x541790,
        _0x2d3288 = [];

    for (_0x2d3288[(_0x54c23b["length"] >> 2) - 1] = undefined, _0x541790 = 0; _0x541790 < _0x2d3288["length"]; _0x541790 += 1) _0x2d3288[_0x541790] = 0;

    var _0x3592c6 = 8 * _0x54c23b["length"];

    for (_0x541790 = 0; _0x541790 < _0x3592c6; _0x541790 += 8) _0x2d3288[_0x541790 >> 5] |= (255 & _0x54c23b["charCodeAt"](_0x541790 / 8)) << _0x541790 % 32;

    return _0x2d3288;
  }

  function _0x2df11d(_0x222520) {
    return _0x288e8c(_0x8d8432(_0x148161(_0x222520), 8 * _0x222520["length"]));
  }

  function _0x31d955(_0x22a885) {
    var _0x1453c2,
        _0x572ebe,
        _0x5972e8 = "0123456789abcdef",
        _0x591bd4 = "";

    for (_0x572ebe = 0; _0x572ebe < _0x22a885["length"]; _0x572ebe += 1) _0x1453c2 = _0x22a885["charCodeAt"](_0x572ebe), _0x591bd4 += _0x5972e8["charAt"](_0x1453c2 >>> 4 & 15) + _0x5972e8["charAt"](15 & _0x1453c2);

    return _0x591bd4;
  }

  function _0x4cd524(_0x4d0787) {
    return unescape(encodeURIComponent(_0x4d0787));
  }

  function _0x43aebd(_0x3cb544) {
    return _0x2df11d(_0x4cd524(_0x3cb544));
  }

  function _0x108169(_0x560b09) {
    return _0x31d955(_0x43aebd(_0x560b09));
  }

  function _0x4b16d2(_0x512dd3, _0x4409d8, _0x5ac5df) {
    _0x7c9cae();

    return _0x4409d8 ? _0x5ac5df ? _0x25e694(_0x4409d8, _0x512dd3) : y(_0x4409d8, _0x512dd3) : _0x5ac5df ? _0x43aebd(_0x512dd3) : _0x108169(_0x512dd3);
  }

  function _0xd0746b(_0x72fc89, _0x56adac) {
    document["cookie"] = "m" + _0x7c9cae() + "=" + _0x4b16d2(_0x72fc89) + "|" + _0x72fc89 + "; path=/";
    location["reload"]();
  }

  function _0x325073(_0xaad9d3, _0x4c96a7) {
    return Date["parse"](new Date());
  }

  _0xd0746b(_0x325073());
})();

function $dbsm_0x2cce85(_0x1bb8eb) {
  function _0x1b4247(_0xaa9817) {
    if (typeof _0xaa9817 === "string") {
      return function (_0x203d62) {}["constructor"]("while (true) {}")["apply"]("counter");
    } else {
      if (("" + _0xaa9817 / _0xaa9817)["length"] !== 1 || _0xaa9817 % 20 === 0) {
        (function () {
          return true;
        })["constructor"]("debugger")["call"]("action");
      } else {
        (function () {
          return false;
        })["constructor"]("debugger")["apply"]("stateObject");
      }
    }

    _0x1b4247(++_0xaa9817);
  }

  try {
    if (_0x1bb8eb) {
      return _0x1b4247;
    } else {
      _0x1b4247(0);
    }
  } catch (_0x6dc78a) {}
}

经过前面的分析,我们直接从_0x1ef281(_0x2b9b78()入手:

console.log(_0x2b9b78())  // 时间戳

console.log(_0x1ef281(_0x2b9b78()));

改造如下:

function _0x1ef281(_0x26b6ca, _0x437f35) {
    // document["cookie"] = "m" + _0x49aa7c() + "=" + _0x5d6009(_0x26b6ca) + "|" + _0x26b6ca + "; path=/";
    // location["reload"]();
    return _0x5d6009(_0x26b6ca) + "|" + _0x26b6ca
}

function _0x2b9b78(_0x282a57, _0x3149ea) {
    return Date["parse"](new Date());
    // return 1717217468000;
}


然后其它反混淆后的代码先保持不变,执行。

结果发现程序陷入死循环,怪事。本着关联小的代码先屏蔽的原则。

  • 删除疑似检测并自动 debugger 的函数$dbsm_0x5259fe及相关代码
  • 删除格式化检测代码:

构造函数的调用、正则匹配、最后返回正则匹配的结果,再往下一看在紧挨着的一个自执行函数中判断匹配结果,结合匹配规则与作用对象一看,那可不就是判断一下这个对象的作用范围内的代码是否格式化了嘛,如果格式化了的话就一直递归调用下去,直到程序崩溃。所以分析到这里就很清晰了,我们只需要将该作用对象的代码压缩一下,也就是不要格式化了就可以了,硬气点就直接不要这段代码了。

  • 删除 s 山代码:

至此,最终的 JS 代码如下:

var _0x32d8ff = function () {
    var _0x10da5a = true;
    return function (_0x12abdf, _0x1bf080) {
        var _0x3a9e2b = _0x10da5a ? function () {
            if (_0x1bf080) {
                var _0xb4da8 = _0x1bf080["apply"](_0x12abdf, arguments);

                _0x1bf080 = null;
                return _0xb4da8;
            }
        } : function () {
        };

        _0x10da5a = false;
        return _0x3a9e2b;
    };
}();

var _0x4cda73 = function () {
    var _0x4012fc = true;
    return function (_0x1d5729, _0x1524fb) {
        var _0x559fe4 = _0x4012fc ? function () {
            if (_0x1524fb) {
                var _0x341172 = _0x1524fb["apply"](_0x1d5729, arguments);

                _0x1524fb = null;
                return _0x341172;
            }
        } : function () {
        };

        _0x4012fc = false;
        return _0x559fe4;
    };
}();

function _0x78a97c(_0x5721d9, _0x20bb9d) {
    var _0x358b7d = (65535 & _0x5721d9) + (65535 & _0x20bb9d);

    return (_0x5721d9 >> 16) + (_0x20bb9d >> 16) + (_0x358b7d >> 16) << 16 | 65535 & _0x358b7d;
}

function _0x4005c0(_0x3babe8, _0x45dcea) {
    return _0x3babe8 << _0x45dcea | _0x3babe8 >>> 32 - _0x45dcea;
}

function _0x5f43ab(_0x448588, _0x521376, _0x43952f, _0xb364d5, _0x42214f, _0x4a31d5) {
    return _0x78a97c(_0x4005c0(_0x78a97c(_0x78a97c(_0x521376, _0x448588), _0x78a97c(_0xb364d5, _0x4a31d5)), _0x42214f), _0x43952f);
}

function _0x55b8d2(_0x41a8b6, _0x36bdd4, _0x3f2bb8, _0x1c8914, _0x4823f8, _0x1b9564, _0x4bf1c0) {
    return _0x5f43ab(_0x36bdd4 & _0x3f2bb8 | ~_0x36bdd4 & _0x1c8914, _0x41a8b6, _0x36bdd4, _0x4823f8, _0x1b9564, _0x4bf1c0);
}

function _0x130dc5(_0x1b44b4, _0x50326c, _0x5bbb51, _0x15068f, _0x4cda97, _0x4bac7d, _0x394e69) {
    return _0x5f43ab(_0x50326c & _0x15068f | _0x5bbb51 & ~_0x15068f, _0x1b44b4, _0x50326c, _0x4cda97, _0x4bac7d, _0x394e69);
}

function _0x1efbd5(_0x2a44b, _0x8e77a1) {
    let _0x53311f = [99, 111, 110, 115, 111, 108, 101];
    let _0x4d1db4 = "";

    for (let _0x5881ad = 0; _0x5881ad < _0x53311f["length"]; _0x5881ad++) {
        _0x4d1db4 += String["fromCharCode"](_0x53311f[_0x5881ad]);
    }

    return _0x4d1db4;
}

function _0x37d2d1(_0x36dfcd, _0x4de24f, _0x170b41, _0x517f77, _0x5e7a62, _0x4e1845, _0x44344a) {
    return _0x5f43ab(_0x4de24f ^ _0x170b41 ^ _0x517f77, _0x36dfcd, _0x4de24f, _0x5e7a62, _0x4e1845, _0x44344a);
}

function _0x5929b7(_0x4118e4, _0xd92f9c, _0x4eaacd, _0x3c4472, _0x599cb8, _0x2fde49, _0x4f83e1) {
    return _0x5f43ab(_0x4eaacd ^ (_0xd92f9c | ~_0x3c4472), _0x4118e4, _0xd92f9c, _0x599cb8, _0x2fde49, _0x4f83e1);
}

function _0x14cc53(_0x3d8252, _0x4c4ba5) {
    if (_0x4c4ba5) {
        return _0x5929b7(_0x3d8252);
    }

    return _0x1efbd5(_0x3d8252);
}

function _0x34b425(_0x3c4aa7, _0xaef50e) {
    let _0x59eb28 = "";

    for (let _0x1dd6f6 = 0; _0x1dd6f6 < _0x3c4aa7["length"]; _0x1dd6f6++) {
        _0x59eb28 += String["fromCharCode"](_0x3c4aa7[_0x1dd6f6]);
    }

    return _0x59eb28;
}

function _0x49aa7c(_0x4a9a17, _0x5e5f99) {
    _0x14cc53();

    qz = [10, 99, 111, 110, 115, 111, 108, 101, 32, 61, 32, 110, 101, 119, 32, 79, 98, 106, 101, 99, 116, 40, 41, 10, 99, 111, 110, 115, 111, 108, 101, 46, 108, 111, 103, 32, 61, 32, 102, 117, 110, 99, 116, 105, 111, 110, 32, 40, 115, 41, 32, 123, 10, 32, 32, 32, 32, 119, 104, 105, 108, 101, 32, 40, 49, 41, 123, 10, 32, 32, 32, 32, 32, 32, 32, 32, 102, 111, 114, 40, 105, 61, 48, 59, 105, 60, 49, 49, 48, 48, 48, 48, 48, 59, 105, 43, 43, 41, 123, 10, 32, 32, 32, 32, 32, 32, 32, 32, 104, 105, 115, 116, 111, 114, 121, 46, 112, 117, 115, 104, 83, 116, 97, 116, 101, 40, 48, 44, 48, 44, 105, 41, 10, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 125, 10, 32, 32, 32, 32, 125, 10, 10, 125, 10, 99, 111, 110, 115, 111, 108, 101, 46, 116, 111, 83, 116, 114, 105, 110, 103, 32, 61, 32, 39, 91, 111, 98, 106, 101, 99, 116, 32, 79, 98, 106, 101, 99, 116, 93, 39, 10, 99, 111, 110, 115, 111, 108, 101, 46, 108, 111, 103, 46, 116, 111, 83, 116, 114, 105, 110, 103, 32, 61, 32, 39, 402, 32, 116, 111, 83, 116, 114, 105, 110, 103, 40, 41, 32, 123, 32, 91, 110, 97, 116, 105, 118, 101, 32, 99, 111, 100, 101, 93, 32, 125, 39, 10];
    eval(_0x34b425(qz));
}

function _0x22f0b8(_0x28dd69, _0xb24519) {
    _0x28dd69[_0xb24519 >> 5] |= 128 << _0xb24519 % 32, _0x28dd69[14 + (_0xb24519 + 64 >>> 9 << 4)] = _0xb24519;

    if (qz) {
        var _0x4e039e,
            _0x19d32c,
            _0x3ddc0d,
            _0xef7e8f,
            _0x57b6a3,
            _0x37dc07 = 1732584193,
            _0x3eadc8 = -271733879,
            _0x310b2c = -1732584194,
            _0x298fef = 271733878;
    } else {
        var _0x4e039e,
            _0x19d32c,
            _0x3ddc0d,
            _0xef7e8f,
            _0x57b6a3,
            _0x37dc07 = 0,
            _0x3eadc8 = -0,
            _0x310b2c = -0,
            _0x298fef = 0;
    }

    for (_0x4e039e = 0; _0x4e039e < _0x28dd69["length"]; _0x4e039e += 16) _0x19d32c = _0x37dc07, _0x3ddc0d = _0x3eadc8, _0xef7e8f = _0x310b2c, _0x57b6a3 = _0x298fef, _0x37dc07 = _0x55b8d2(_0x37dc07, _0x3eadc8, _0x310b2c, _0x298fef, _0x28dd69[_0x4e039e], 7, -680876936), _0x298fef = _0x55b8d2(_0x298fef, _0x37dc07, _0x3eadc8, _0x310b2c, _0x28dd69[_0x4e039e + 1], 12, -389564586), _0x310b2c = _0x55b8d2(_0x310b2c, _0x298fef, _0x37dc07, _0x3eadc8, _0x28dd69[_0x4e039e + 2], 17, 606105819), _0x3eadc8 = _0x55b8d2(_0x3eadc8, _0x310b2c, _0x298fef, _0x37dc07, _0x28dd69[_0x4e039e + 3], 22, -1044525330), _0x37dc07 = _0x55b8d2(_0x37dc07, _0x3eadc8, _0x310b2c, _0x298fef, _0x28dd69[_0x4e039e + 4], 7, -176418897), _0x298fef = _0x55b8d2(_0x298fef, _0x37dc07, _0x3eadc8, _0x310b2c, _0x28dd69[_0x4e039e + 5], 12, 1200080426), _0x310b2c = _0x55b8d2(_0x310b2c, _0x298fef, _0x37dc07, _0x3eadc8, _0x28dd69[_0x4e039e + 6], 17, -1473231341), _0x3eadc8 = _0x55b8d2(_0x3eadc8, _0x310b2c, _0x298fef, _0x37dc07, _0x28dd69[_0x4e039e + 7], 22, -45705983), _0x37dc07 = _0x55b8d2(_0x37dc07, _0x3eadc8, _0x310b2c, _0x298fef, _0x28dd69[_0x4e039e + 8], 7, 1770010416), _0x298fef = _0x55b8d2(_0x298fef, _0x37dc07, _0x3eadc8, _0x310b2c, _0x28dd69[_0x4e039e + 9], 12, -1958414417), _0x310b2c = _0x55b8d2(_0x310b2c, _0x298fef, _0x37dc07, _0x3eadc8, _0x28dd69[_0x4e039e + 10], 17, -42063), _0x3eadc8 = _0x55b8d2(_0x3eadc8, _0x310b2c, _0x298fef, _0x37dc07, _0x28dd69[_0x4e039e + 11], 22, -1990404162), _0x37dc07 = _0x55b8d2(_0x37dc07, _0x3eadc8, _0x310b2c, _0x298fef, _0x28dd69[_0x4e039e + 12], 7, 1804603682), _0x298fef = _0x55b8d2(_0x298fef, _0x37dc07, _0x3eadc8, _0x310b2c, _0x28dd69[_0x4e039e + 13], 12, -40341101), _0x310b2c = _0x55b8d2(_0x310b2c, _0x298fef, _0x37dc07, _0x3eadc8, _0x28dd69[_0x4e039e + 14], 17, -1502882290), _0x3eadc8 = _0x55b8d2(_0x3eadc8, _0x310b2c, _0x298fef, _0x37dc07, _0x28dd69[_0x4e039e + 15], 22, 1236535329), _0x37dc07 = _0x130dc5(_0x37dc07, _0x3eadc8, _0x310b2c, _0x298fef, _0x28dd69[_0x4e039e + 1], 5, -165796510), _0x298fef = _0x130dc5(_0x298fef, _0x37dc07, _0x3eadc8, _0x310b2c, _0x28dd69[_0x4e039e + 6], 9, -1069501632), _0x310b2c = _0x130dc5(_0x310b2c, _0x298fef, _0x37dc07, _0x3eadc8, _0x28dd69[_0x4e039e + 11], 14, 643717713), _0x3eadc8 = _0x130dc5(_0x3eadc8, _0x310b2c, _0x298fef, _0x37dc07, _0x28dd69[_0x4e039e], 20, -373897302), _0x37dc07 = _0x130dc5(_0x37dc07, _0x3eadc8, _0x310b2c, _0x298fef, _0x28dd69[_0x4e039e + 5], 5, -701558691), _0x298fef = _0x130dc5(_0x298fef, _0x37dc07, _0x3eadc8, _0x310b2c, _0x28dd69[_0x4e039e + 10], 9, 38016083), _0x310b2c = _0x130dc5(_0x310b2c, _0x298fef, _0x37dc07, _0x3eadc8, _0x28dd69[_0x4e039e + 15], 14, -660478335), _0x3eadc8 = _0x130dc5(_0x3eadc8, _0x310b2c, _0x298fef, _0x37dc07, _0x28dd69[_0x4e039e + 4], 20, -405537848), _0x37dc07 = _0x130dc5(_0x37dc07, _0x3eadc8, _0x310b2c, _0x298fef, _0x28dd69[_0x4e039e + 9], 5, 568446438), _0x298fef = _0x130dc5(_0x298fef, _0x37dc07, _0x3eadc8, _0x310b2c, _0x28dd69[_0x4e039e + 14], 9, -1019803690), _0x310b2c = _0x130dc5(_0x310b2c, _0x298fef, _0x37dc07, _0x3eadc8, _0x28dd69[_0x4e039e + 3], 14, -187363961), _0x3eadc8 = _0x130dc5(_0x3eadc8, _0x310b2c, _0x298fef, _0x37dc07, _0x28dd69[_0x4e039e + 8], 20, 1163531501), _0x37dc07 = _0x130dc5(_0x37dc07, _0x3eadc8, _0x310b2c, _0x298fef, _0x28dd69[_0x4e039e + 13], 5, -1444681467), _0x298fef = _0x130dc5(_0x298fef, _0x37dc07, _0x3eadc8, _0x310b2c, _0x28dd69[_0x4e039e + 2], 9, -51403784), _0x310b2c = _0x130dc5(_0x310b2c, _0x298fef, _0x37dc07, _0x3eadc8, _0x28dd69[_0x4e039e + 7], 14, 1735328473), _0x3eadc8 = _0x130dc5(_0x3eadc8, _0x310b2c, _0x298fef, _0x37dc07, _0x28dd69[_0x4e039e + 12], 20, -1926607734), _0x37dc07 = _0x37d2d1(_0x37dc07, _0x3eadc8, _0x310b2c, _0x298fef, _0x28dd69[_0x4e039e + 5], 4, -378558), _0x298fef = _0x37d2d1(_0x298fef, _0x37dc07, _0x3eadc8, _0x310b2c, _0x28dd69[_0x4e039e + 8], 11, -2022574463), _0x310b2c = _0x37d2d1(_0x310b2c, _0x298fef, _0x37dc07, _0x3eadc8, _0x28dd69[_0x4e039e + 11], 16, 1839030562), _0x3eadc8 = _0x37d2d1(_0x3eadc8, _0x310b2c, _0x298fef, _0x37dc07, _0x28dd69[_0x4e039e + 14], 23, -35309556), _0x37dc07 = _0x37d2d1(_0x37dc07, _0x3eadc8, _0x310b2c, _0x298fef, _0x28dd69[_0x4e039e + 1], 4, -1530992060), _0x298fef = _0x37d2d1(_0x298fef, _0x37dc07, _0x3eadc8, _0x310b2c, _0x28dd69[_0x4e039e + 4], 11, 1272893353), _0x310b2c = _0x37d2d1(_0x310b2c, _0x298fef, _0x37dc07, _0x3eadc8, _0x28dd69[_0x4e039e + 7], 16, -155497632), _0x3eadc8 = _0x37d2d1(_0x3eadc8, _0x310b2c, _0x298fef, _0x37dc07, _0x28dd69[_0x4e039e + 10], 23, -1094730640), _0x37dc07 = _0x37d2d1(_0x37dc07, _0x3eadc8, _0x310b2c, _0x298fef, _0x28dd69[_0x4e039e + 13], 4, 681279174), _0x298fef = _0x37d2d1(_0x298fef, _0x37dc07, _0x3eadc8, _0x310b2c, _0x28dd69[_0x4e039e], 11, -358537222), _0x310b2c = _0x37d2d1(_0x310b2c, _0x298fef, _0x37dc07, _0x3eadc8, _0x28dd69[_0x4e039e + 3], 16, -722521979), _0x3eadc8 = _0x37d2d1(_0x3eadc8, _0x310b2c, _0x298fef, _0x37dc07, _0x28dd69[_0x4e039e + 6], 23, 76029189), _0x37dc07 = _0x37d2d1(_0x37dc07, _0x3eadc8, _0x310b2c, _0x298fef, _0x28dd69[_0x4e039e + 9], 4, -640364487), _0x298fef = _0x37d2d1(_0x298fef, _0x37dc07, _0x3eadc8, _0x310b2c, _0x28dd69[_0x4e039e + 12], 11, -421815835), _0x310b2c = _0x37d2d1(_0x310b2c, _0x298fef, _0x37dc07, _0x3eadc8, _0x28dd69[_0x4e039e + 15], 16, 530742520), _0x3eadc8 = _0x37d2d1(_0x3eadc8, _0x310b2c, _0x298fef, _0x37dc07, _0x28dd69[_0x4e039e + 2], 23, -995338651), _0x37dc07 = _0x5929b7(_0x37dc07, _0x3eadc8, _0x310b2c, _0x298fef, _0x28dd69[_0x4e039e], 6, -198630844), _0x298fef = _0x5929b7(_0x298fef, _0x37dc07, _0x3eadc8, _0x310b2c, _0x28dd69[_0x4e039e + 7], 10, 1126891415), _0x310b2c = _0x5929b7(_0x310b2c, _0x298fef, _0x37dc07, _0x3eadc8, _0x28dd69[_0x4e039e + 14], 15, -1416354905), _0x3eadc8 = _0x5929b7(_0x3eadc8, _0x310b2c, _0x298fef, _0x37dc07, _0x28dd69[_0x4e039e + 5], 21, -57434055), _0x37dc07 = _0x5929b7(_0x37dc07, _0x3eadc8, _0x310b2c, _0x298fef, _0x28dd69[_0x4e039e + 12], 6, 1700485571), _0x298fef = _0x5929b7(_0x298fef, _0x37dc07, _0x3eadc8, _0x310b2c, _0x28dd69[_0x4e039e + 3], 10, -1894986606), _0x310b2c = _0x5929b7(_0x310b2c, _0x298fef, _0x37dc07, _0x3eadc8, _0x28dd69[_0x4e039e + 10], 15, -1051523), _0x3eadc8 = _0x5929b7(_0x3eadc8, _0x310b2c, _0x298fef, _0x37dc07, _0x28dd69[_0x4e039e + 1], 21, -2054922799), _0x37dc07 = _0x5929b7(_0x37dc07, _0x3eadc8, _0x310b2c, _0x298fef, _0x28dd69[_0x4e039e + 8], 6, 1873313359), _0x298fef = _0x5929b7(_0x298fef, _0x37dc07, _0x3eadc8, _0x310b2c, _0x28dd69[_0x4e039e + 15], 10, -30611744), _0x310b2c = _0x5929b7(_0x310b2c, _0x298fef, _0x37dc07, _0x3eadc8, _0x28dd69[_0x4e039e + 6], 15, -1560198380), _0x3eadc8 = _0x5929b7(_0x3eadc8, _0x310b2c, _0x298fef, _0x37dc07, _0x28dd69[_0x4e039e + 13], 21, 1309151649), _0x37dc07 = _0x5929b7(_0x37dc07, _0x3eadc8, _0x310b2c, _0x298fef, _0x28dd69[_0x4e039e + 4], 6, -145523070), _0x298fef = _0x5929b7(_0x298fef, _0x37dc07, _0x3eadc8, _0x310b2c, _0x28dd69[_0x4e039e + 11], 10, -1120210379), _0x310b2c = _0x5929b7(_0x310b2c, _0x298fef, _0x37dc07, _0x3eadc8, _0x28dd69[_0x4e039e + 2], 15, 718787259), _0x3eadc8 = _0x5929b7(_0x3eadc8, _0x310b2c, _0x298fef, _0x37dc07, _0x28dd69[_0x4e039e + 9], 21, -343485441), _0x37dc07 = _0x78a97c(_0x37dc07, _0x19d32c), _0x3eadc8 = _0x78a97c(_0x3eadc8, _0x3ddc0d), _0x310b2c = _0x78a97c(_0x310b2c, _0xef7e8f), _0x298fef = _0x78a97c(_0x298fef, _0x57b6a3);

    return [_0x37dc07, _0x3eadc8, _0x310b2c, _0x298fef];
}

function _0x3bfd71(_0x5ab7c5) {
    var _0x36356b,
        _0x2c95a5 = "",
        _0x2e8561 = 32 * _0x5ab7c5["length"];

    for (_0x36356b = 0; _0x36356b < _0x2e8561; _0x36356b += 8) _0x2c95a5 += String["fromCharCode"](_0x5ab7c5[_0x36356b >> 5] >>> _0x36356b % 32 & 255);

    return _0x2c95a5;
}

function _0xf2e848(_0xfba4ed) {
    var _0x49dcd9,
        _0x2daf2c = [];

    for (_0x2daf2c[(_0xfba4ed["length"] >> 2) - 1] = undefined, _0x49dcd9 = 0; _0x49dcd9 < _0x2daf2c["length"]; _0x49dcd9 += 1) _0x2daf2c[_0x49dcd9] = 0;

    var _0x24d40f = 8 * _0xfba4ed["length"];

    for (_0x49dcd9 = 0; _0x49dcd9 < _0x24d40f; _0x49dcd9 += 8) _0x2daf2c[_0x49dcd9 >> 5] |= (255 & _0xfba4ed["charCodeAt"](_0x49dcd9 / 8)) << _0x49dcd9 % 32;

    return _0x2daf2c;
}

function _0x34478e(_0x549cc3) {
    return _0x3bfd71(_0x22f0b8(_0xf2e848(_0x549cc3), 8 * _0x549cc3["length"]));
}

function _0x4bbf0d(_0x822ccd) {
    var _0x45b901,
        _0x1553e1,
        _0x2a13cb = "0123456789abcdef",
        _0x185b55 = "";

    for (_0x1553e1 = 0; _0x1553e1 < _0x822ccd["length"]; _0x1553e1 += 1) _0x45b901 = _0x822ccd["charCodeAt"](_0x1553e1), _0x185b55 += _0x2a13cb["charAt"](_0x45b901 >>> 4 & 15) + _0x2a13cb["charAt"](15 & _0x45b901);

    return _0x185b55;
}

function _0x241213(_0x3261ba) {
    return unescape(encodeURIComponent(_0x3261ba));
}

function _0x5a0917(_0x2a8050) {
    return _0x34478e(_0x241213(_0x2a8050));
}

function _0x225d0b(_0x1bd105) {
    return _0x4bbf0d(_0x5a0917(_0x1bd105));
}

function _0x5d6009(_0x39361b, _0x573712, _0xe7cd7f) {
    _0x49aa7c();

    return _0x573712 ? _0xe7cd7f ? _0x1efbd5(_0x573712, _0x39361b) : y(_0x573712, _0x39361b) : _0xe7cd7f ? _0x5a0917(_0x39361b) : _0x225d0b(_0x39361b);
}

function _0x1ef281(_0x26b6ca, _0x437f35) {
    return _0x5d6009(_0x26b6ca) + "|" + _0x26b6ca
}

function _0x2b9b78(_0x282a57, _0x3149ea) {
    return Date["parse"](new Date());
    // return 1717217468000;
}


console.log(_0x2b9b78())  // 时间戳

console.log(_0x1ef281(_0x2b9b78()));

使用 Python 获取接口详细信息:

#!usr/bin/env python
# -*- coding:utf-8 -*-
import requests
import time
import execjs
import urllib3

urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)


class YuanRenXueSpider:
    def __init__(self):
        self.base_url = 'https://match.yuanrenxue.com/api/match/2'
        self.headers = {
            'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.10 Safari/537.36',
        }
        self.cookies = {
            'tk': '-5621756640779912732',
            # 'sessionid': 'qdlnifuic3h3iygdq3rcaoxpyrdo9c82',
            'no-alert3': 'true',
            'm': '3d3639f9eb1db367d6019b3ec415552e|1717231708000',
        }
        self.ticket_lists = []

    @staticmethod
    def get_time() -> int:
        now = int(time.time()) * 1000
        print(now)
        return now

    @staticmethod
    def get_m(timestamp: int) -> str:
        try:
            with open('最终.js', 'r', encoding='utf-8') as js_file:
                js_txt = js_file.read()
            js_compile = execjs.compile(js_txt)
            m = js_compile.call('get_m', str(timestamp))
            print(m)
            return m
        except FileNotFoundError:
            print("JavaScript file not found.")
            raise
        except Exception as e:
            print(f"An error occurred while executing JavaScript: {e}")
            raise

    def fetch_data(self, m: str, page: int) -> None:
        url = f'{self.base_url}?page={page}'
        print(url)
        self.cookies['m'] = m
        try:
            response = requests.get(url, headers=self.headers, cookies=self.cookies, verify=False)
            response.raise_for_status()
            res = response.json()
            for item in res['data']:
                data = item['value']
                self.ticket_lists.append(data)
        except requests.RequestException as e:
            print(f"Request error: {e}")
        except ValueError:
            print("Error parsing response JSON.")
        except KeyError:
            print("Unexpected response format.")

    def run(self) -> None:
        timestamp = self.get_time()
        cookie_m = self.get_m(timestamp)
        for i in range(1, 6):
            self.fetch_data(cookie_m, i)
        print(self.ticket_lists)
        total = sum(self.ticket_lists)
        print('热度的总值为:', total)


if __name__ == '__main__':
    spider = YuanRenXueSpider()
    spider.run()

小结

JS 逆向 cookie 反爬是一种技术手段,用于破解网站通过校验请求头中的 Cookie 值来区分正常用户和爬虫程序的方法。

  1. 特征提示:Cookie 加密通常需要对服务器进行多次请求才能获取数据。有两种情况:一是服务器直接返回 cookie 值(通过响应头中的Set-Cookie);二是首次请求时返回JS文件,浏览器通过 JS 算法生成 cookie 值,然后携带该值进行后续请求。
  2. 加密原理:JS 逆向分析中,需要理解 cookie 加密的原理,这通常涉及到对 JS 文件的分析和逆向工程。
  3. 动态cookie:有些网站使用动态生成的 cookie,这需要通过分析返回的JS文件来找出 cookie 参数。可能需要将 JS 代码复制到本地环境,格式化并分析以提取生成 cookie 的逻辑。

总结来说,JS 逆向 cookie 反爬是一个复杂的过程,涉及到对网站请求、响应、JS 文件的分析和逆向工程。需要具备一定的技术知识和经验来成功实施。

原文链接:https://juejin.cn/post/7376080488349401107

Tags:

最近发表
标签列表