合抱之木,生于毫末;九层之台,起于累土;千里之行,始于足下。 -- 老子《道德经》
📇 前言
特别声明,本文所提供的逆向思路及代码仅供学习参考使用,请勿使用 爬虫脚本 对网站进行 高频率 以及 高并发 数据抓取操作,若对网站造成损失的,后果自负!!!
✉ 网址
aHR0cHM6Ly94dWVxaXUuY29tLw==
📄 正文
>_ 前置说明
加密的参数:
堆栈 分析:
这一栈已经出现了加密值,说明在上一层:
上一层 作用域:
可以看到,这里 md5__1038 的值还未生成,可以在这里打上断点,但是当我断点触发时,发现此时也生成了:
可以看到,参数值在 this 对象中:
可以在这个 this 的位置打个断点。
看的出来,这里的 this 已经被添加 加密值 了,那就在其它的 this 位置打上断点:
这里的 this 没有被赋值,说明 this 在经过 hZ 方法加工后才有了加密值,那重点就是 hZ 里面到底做了什么事情。
很明显,这个 mX 是我们想要的值,它的定义为:
主要看一下 h[XG(h0.k)] 这个方法:
转移对象为 mm 方法:
这里的值表示 控制流 执行的顺序:先case '12',按顺序到最后case '6'。
为了后续更好的逆向,我先把 混淆解密 函数写出来了:
function hx_jm(V){
var Q = ["D5p+YotnI4IDsL","YkJS7oO","wk7hgoA","D57NVou","uG7WYoRwIM","VFHCUpU","gGYExwrkXJm+9L","aFpwJiN","UPLEVMu","g2HlRLZPUXsaBL","uPa3U7+","wFLZx8KXH4Yb4p","YWIhx3A","u2L0uV5","u2IJYXEQdgq","gGYExwrqdILr","D2JIq8ZwI4h","kKfnkVN","UDHiVp+","DKJwaX3","kmseuo+","wDHoVVM","UN7/uo1","JWfIwiN","xkT9aVk","7WmPwo5","22f+a+rJXIYC9T","aWpYw7A","oDIwkt","DkHJDTk","gGYExwrJooT43p","YDLVJV1","uKJwqpDDgBT0t7","VDIHwLA","RaaSU3trhsI99p","7yLKVVr4W9IRKp","1u4U1v04IUTBpvc","JmssVMG","UyaHgL1","uxvfoSN","aWJ2wo5","f1XU1sAjNES","uKeWU7A","UyveaX3","RPYVapA","uyY/w6C","wysMUVM","fujRfs+hovTU4BSYd1","0m7wxwN","UG7WYoRwIM","7ycv7TN","7mptUoC","oFvSDTN","gGT1a8KXdIy","7yYou31","WcSfRpOE+9paM7","u2LKD7A","UG7J7XC","uxmbJSG","V2Iwx9","DDeYVnC","w5aLxnC","D5HWD60qh4IE47","0PLPuV3","uWfWxpk","aDc+xpiGIw","D2JhDXn7NES","uNHWJ+w","YHT0q81","D27Ok7U","k5swx667dJ7Lsp","0kTgU8O","u5f7Jp+","R2fbqwN","xyaPg8M","kDIL7+N","JFcEqStnIpf947","0WY878A","oFHVJ+G","VWIfY8z","wyeYa8C","xGTRY70XT4Jipp","u5HSUJRbIUT+57","0FfskMd","V2sE76M","gHeGRs6mnXXm8L","f1sy2Iz","uKJ2DT27Z4Y84L","acI4q7+","kFQHxotwT4I4zT","J5suJM1","uFJwgStaIsLS6p","02QBqLDYdJo","JHmsYwd","x2JHxTnq","wGICgpU","kmT+aXA","kGHnapn7fsQ84L","U5p0U3G","DDvnD7+","Z1qUgXrLhsYv","D5JHaTnYdIBsMT","VmHOwnk","ZOg71MiYTRavMT","JxaeVn3","oNYXaT1","05JrU3d","0WQJkSk","7xQ7U6O","7mIBgSG","aKHCqXO","oKa9V6k","11hJfI+T7ooQLL","oDJHxTw","gcQHk8ZqTvc4MT","R5TZ7oz","0NpXDn3","u2QJqt","kmINa7G","oW7eY7G","kxLoqM+","72IAY83","am7hV8U","xDpIkn+","VGs976d","u2Iwkt","ZNS00vEWoglB3p","JWJ6wVG","DDaXkSt0EIQP4T","RyL+xLd","aWHSg7+","uWpUYVd","w5YIDMG","a2Igkt","0DYuxn1","xcJ2VSU","o5JKwSO","0NsBJ6u","oKpSDXz","7xetg8+","RWsU7wu","am7BDik","7PpJuo3","VkYZY7u","D2JFHLz","gclUfSkEoSY8LL","02s2xp0XhscvP7","kPYLDXd","uNHWqSrXn4f8","uDvTu33","U5J7UVd","0WJgJwG","aD7AYoEVE4eD","RKH4JXO","1KfnfI1","VPfNuo+","oDL7VnU","VyJ3","uFJEYo0q","0KLwY8u","k5pfqTG","kFQWkXt7Xda5zL","UWJBuiO","Uyvnw++","RDlgJ6ZUEtapMT","YamLJok","xFYRqiA","YmT2kM3","YPmKq+U","uNHWqSrUdIl","R2cpYXG","02Q5DTZ7XUT4M7","q1IkfTMh+Sg","uNJgkt","RkJHUS1","YDcRqTd","U2IZDiM","wPcBgw3","kFIND3VqhsvL47","YkPUfskd7Sx3i7","1NSR0vDW7Blt","UmYQDSk","0HIZVX+","DxvpVX5","DHQ+fsdd7SoviL","xDoVR+C","xGmtDX3","DDcVD8EEhsIm9L","UyIhxi+","wKQmk3k","w5mbgiU","D2Qhq897dgq","D5soao3","RmaZko5","7kfOg7d","okY5a6N","wDLBJ8C","1GSU0vEWoglB8p","kKLnxt","027AD7w","JWY6Dn+","oxp3JLw","xKQo","VKYMuid","RKp6kiM","7DYYULG","wkaQw8z","DWv0wp3","xmmBY6U","D2Q27pEXdIc46p","gGJHqTDJXBf89p","UDH3aTw","VKcVx65","UFffV3u","Uca878KYdsHL9L","gGYExwrRISe99L","Vys6J3N","D2jVxJk","02f1","kDLZaXixIhI89T","o2mRx8+","uGJIYTnEEsv6","N27na7EwIIaAL7","VkJ8JMA","VyejqSA","aKQZDR","YkYNDSz","0FfJJpk","aDcUqp+","Vmmvgww","1CWJfvkfhsqvi7","VxJKVnd","0WmCxVU","uDvQo+3","kKQ+u9","kDsHVi1","RWQIu7G","uFLZaXd","0FJIxLDYTJaA","wxH4oiEifdejeT","oGTCg8M","aWmwU6M","1uHkfsRW7hlQ8p","oxQUJT+","YNIponC","75sYaoO","oD7UJXG","RHYMVi3","05aAwo3","xDIwaX3","xyf5V6G","oaImxSA","kyHpJiC","a5f7YX+","UKJXopih","wPQ5an5","YaTsknM","oNfho6z","VKIVuSk","DKsJYTnAEvmm9p","xDIU","RPYXJ6d","umf4qiA","a2QgqSKJdsx","xyHou6O","RFsJ7+w","0PQCuV3","uc7uqLd","uKIHxSra","kFIhkSE5","VypmapN","kKLWaJG","oGf0US+","0Ffoup1","DDchDXn7H9IjC7","72poD6k","x2QhapnYdIB","xFvUDXK7dgq","1OWw76/fId7O","xxLsgoG","aNp3x8+","uWepo6u","DFJw","oFmbqSG","VWJXq71","o2s2kp+","YkIPkL3","uGH9V8M","kyJTo7w","uDswDLG","Y5H1gnd","VP71uLU","VGH2J8k","7F7jwVC","gNelRL0PWEyCm7","uG7EaXO","0WstJVG","DmaVY+d","DmsiYpN","7Waguo3","7PaH7V+","wkmraT+","0DJgqt","DWQHkSM","aaIBDLk","DFJw7pnXXJmz6L","oxH1kMd","JPYYuo3","akThkpnfNES","7mfPVR","DmYIw7d","kxmHx+d","YkfUYiC","0x7/Y7U","aFJ0YE","Rap/YoN","oFYmJ6z","VPv2DTk","gcQTuSnEE4J8MT","j2haZBrJww","ZCqRfv3jfE75K44J","UyYbYX5","uFJHxiDkIBP","DcImo+A","YKcNoMG","kFINDt","DafbqnU","uKJTxpDEI4h","xDJwkSro","u2Qo","2cB1fBA1","uKJTxpD5N+","uGTEqX5","oxLTx85","RHfoqiN","xKI2x9","kaHeVLA","xmYuk+G","Y2sjJVU","uNfuqMd","VPaewo1","UcawoSA","0kJNYT+","umQgaTDYXBYD9T","D2JIq81","oFHfx80X","DDchDXn7NES","wxH4oiEi","u2IwkSKJdsx","xKJMo73","7KmsgT+","a2Qgqt","RaaQUoA","DxffYnC","o2Jjw8M","kPL+u7w","Vms9q+d","YNI1god","7Pf3a6O","kDIfg8d","DkpnaE","uG7Jk8KwEsJl","Dcf3kTu","kk797nd","wKQXwTu","DFJwgStaIM","YkJOqi1","JapQVT1","w5JTxoEE","DFJwwpn7dM","a2JExt","uKQ0x6N","7aY6ULk","kFQHYTnETsTL47","1uWgjsDJXtaeMhs","UDv+onC","7WIIqTd","kDc+DXzqRpf/Ap","Z5Sw","D2JhDXn7H9IjC7","xHagJ6k","kaYwoSd","uKJwqpDDgBYesL","ayYokV+","JccGxvFBN9Qz","oFIWULk","x2IgqpnkXvJe6T","Y2IHY+d","aDQH","75mAuiG","VFcNqV3","VHTTxTG","uKJUDSRUIM","u2pED7nkdM","JPcsu6A","RPe8u8u","aNHnxR","02Jgqt","DDvZqt","UKL7xV5","oWHuD31","Y2IWoL1","U5TOD6U","RKvIVnC","UPf1u8O","uGpSqnz","UcfwVT1","DKLWDTk","kGH1oXu","1Ox7jJV8fAQqmhv","UHpLDwA","DDcw","kDfoRT0UNELppL","aDcHxpDlHAcH","1GSR0vnWoglv","JWLpuik","UWsMu33","oG7iqL3","gGYExwrJVSJp9T","D2JTk8K7WBIKMp","aKsvVT1","xWcEx+N","DKsNqSEE","D2s7","uGfiDpG","7yeUoM3","0NsUxMr5","15Sg0vnWo4lv","xKJuqitoN+","02s2xMr5","UG7Jk8Kw","ucJUDnC","x2aWaMG","uG73DnO","kFQHYXrxIM","gGYExwrEIsQKzL","DKevoSC","0cfe7pw","uGTNkp+","aDcZqt","D5YEYnu","JPaXwiU","RFQ4V+d","aGYCJnU","7kHuDMd","0xQ0Vnu","gG7nYTnydIT44p","xKI7k8ZJTvLA","uFsXaXix","aPsYqnz","oF75awG","RWp+qpw","xGHZooEXhIb","xxLIgTA","1uWRjsi/ddTY6Ee","kDLZupEDNh749T","7Gm/uVz","DKQJo8RUE3","a5IwUok","kFpEYVRX","JxYJDnC","D2Qhq897dgYX4p","0yQ4YpG","U2c5u3+","JWv5wLnXXtI8ML","UxfVx73","UksnDT3","DGa0DTu","Rympu3+","kFQHaXRX","uGJIYTnE","DFvRD61","aFcjuLA","0yH9UwU","D2p5xX+","uG7EaX/8XJH99L","gHfFNw6H","D2c8gXG","oGIvqod","x2Qha86zTvLAzL","0asXq+d","0DcnYX0JXvx","gF70JXtw","0WeUqSO","oHI4J3G","oFvZk71","umY+V8+","kFpEYV0kIvah6p","ZCWVww0xEJ78","uyfXJL3","DWcggi5","Ucp2kww","DHsfgwd","VDfbqMu","f1gofv1XZd7jzEbP","02QiYLV7XUT4M7","xWmjJMN","ky71g8d","a2IgVTZDWBIKMp","75aRuS+","VcTVD65","1NSo0vDW74lB8p","kCqofR","gcQox8DoXJm39L","7FQWgLG","uFJwwpn7dM","1uTkfTMj+SJcip","0x79USO","xGTnDVREIhX","7kmCk+U","ZkSg0vRWoBlL8p","RDsHqvivXgI4pL","7Na3ooO","kcm5D80VdtS","JxfXk7d","xFHfx80X","0NHVx9","D2IwasG","UWYRqXk","0PI9gwG","DkHwu9"];
var V = V - (-0x38 * 0x3e + -0xd66 + 0x1b9c);
var i = Q[V];
var l = {"0":320,"320D5p+YotnI4IDsL":"671088GWnTSz","515D5p+YotnI4IDsL":"object","382D5p+YotnI4IDsL":"return thi","455D5p+YotnI4IDsL":"aliyun_waf","446D5p+YotnI4IDsL":"_testLocal","49D5p+YotnI4IDsL":"Storage","222D5p+YotnI4IDsL":" debugger;","32D5p+YotnI4IDsL":"return s['","487D5p+YotnI4IDsL":"charCodeAt","330D5p+YotnI4IDsL":"'](0);","16D5p+YotnI4IDsL":"debugger","294D5p+YotnI4IDsL":"\{[\s\S]*[","55D5p+YotnI4IDsL":"/\*]{2}[\s","476D5p+YotnI4IDsL":"\S]*\}","9D5p+YotnI4IDsL":"\b[\w\/:\-","85D5p+YotnI4IDsL":"\[\]<]{3,}","384D5p+YotnI4IDsL":"[^\d:@]\b","145D5p+YotnI4IDsL":"__00b204e9","41D5p+YotnI4IDsL":"800998__","101D5p+YotnI4IDsL":"function r","377D5p+YotnI4IDsL":"andom() { ","76D5p+YotnI4IDsL":"[native co","144D5p+YotnI4IDsL":"de] }","510D5p+YotnI4IDsL":"5|3|1|0|4|","423D5p+YotnI4IDsL":"div","319D5p+YotnI4IDsL":"<a></a>","427D5p+YotnI4IDsL":"2|3|4|1|0","517D5p+YotnI4IDsL":"data:","271D5p+YotnI4IDsL":"blob:","197D5p+YotnI4IDsL":"3|0|5|2|1|","378D5p+YotnI4IDsL":"6|4","180D5p+YotnI4IDsL":"0|1|2|4|3","501D5p+YotnI4IDsL":"0|7|2|5|1|","506D5p+YotnI4IDsL":"10|3|8|6|4","26D5p+YotnI4IDsL":"$cdc_asdjf","386D5p+YotnI4IDsL":"lasutopfhv","513D5p+YotnI4IDsL":"cZLmcfl_","152D5p+YotnI4IDsL":"idPrefix_","269D5p+YotnI4IDsL":"cache_","428D5p+YotnI4IDsL":"nextId_","238D5p+YotnI4IDsL":"webdriver","295D5p+YotnI4IDsL":"stack","414D5p+YotnI4IDsL":"3|1|4|2|0","412D5p+YotnI4IDsL":"acw_sc__dy","448D5p+YotnI4IDsL":"sigchl","242D5p+YotnI4IDsL":"12|11|7|8|","126D5p+YotnI4IDsL":"4|9|5|2|10","172D5p+YotnI4IDsL":"|1|3|0|6","230D5p+YotnI4IDsL":"222029ad07","282D5p+YotnI4IDsL":"get","370D5p+YotnI4IDsL":"head","157D5p+YotnI4IDsL":"GET","215D5p+YotnI4IDsL":"_waf_bd8ce","154D5p+YotnI4IDsL":"2ce37","418D5p+YotnI4IDsL":"_waf_a86df","217D5p+YotnI4IDsL":"dc5f2","482D5p+YotnI4IDsL":"_dySig","516D5p+YotnI4IDsL":"true","30D5p+YotnI4IDsL":"_waf_a23a0","502D5p+YotnI4IDsL":"b772","239D5p+YotnI4IDsL":"ABCDEFGHIJ","35D5p+YotnI4IDsL":"KLMNOPQRST","34D5p+YotnI4IDsL":"UVWXYZabcd","128D5p+YotnI4IDsL":"efghijklmn","81D5p+YotnI4IDsL":"opqrstuvwx","179D5p+YotnI4IDsL":"yz01234567","86D5p+YotnI4IDsL":"89_/=","112D5p+YotnI4IDsL":"0123456789","347D5p+YotnI4IDsL":"ABCDEF","426D5p+YotnI4IDsL":"type__","331D5p+YotnI4IDsL":"refer__","308D5p+YotnI4IDsL":"ipcity__","185D5p+YotnI4IDsL":"md5__","66D5p+YotnI4IDsL":"decode__","346D5p+YotnI4IDsL":"encode__","429D5p+YotnI4IDsL":"time__","146D5p+YotnI4IDsL":"timestamp_","64D5p+YotnI4IDsL":"pCoer","359D5p+YotnI4IDsL":"aajUe","148D5p+YotnI4IDsL":"prototype","505D5p+YotnI4IDsL":"setItem","369D5p+YotnI4IDsL":"getItem","87D5p+YotnI4IDsL":"removeItem","28D5p+YotnI4IDsL":"Math","268D5p+YotnI4IDsL":"random","309D5p+YotnI4IDsL":"JSON","361D5p+YotnI4IDsL":"stringify","385D5p+YotnI4IDsL":"OaoXr","438D5p+YotnI4IDsL":"split","191D5p+YotnI4IDsL":"document","96D5p+YotnI4IDsL":"bPdci","416D5p+YotnI4IDsL":"PIDxX","504D5p+YotnI4IDsL":"KooTz","220D5p+YotnI4IDsL":"Ljqed","297D5p+YotnI4IDsL":"fVusU","88D5p+YotnI4IDsL":"kQCvt","129D5p+YotnI4IDsL":"WLddu","279D5p+YotnI4IDsL":"mLBVj","342D5p+YotnI4IDsL":"uulst","262D5p+YotnI4IDsL":"rSCtI","430D5p+YotnI4IDsL":"String","62D5p+YotnI4IDsL":"fromCharCo","274D5p+YotnI4IDsL":"encodeURIC","277D5p+YotnI4IDsL":"omponent","350D5p+YotnI4IDsL":"JjBWt","94D5p+YotnI4IDsL":"length","383D5p+YotnI4IDsL":"kGwjD","92D5p+YotnI4IDsL":"toString","495D5p+YotnI4IDsL":"toUpperCas","77D5p+YotnI4IDsL":"tGGAi","246D5p+YotnI4IDsL":"MdpSj","82D5p+YotnI4IDsL":"rrWZ1XfCFS","435D5p+YotnI4IDsL":"_waf_reloa","184D5p+YotnI4IDsL":"d_d1534705","142D5p+YotnI4IDsL":"JHrzh","493D5p+YotnI4IDsL":"EcKuS","194D5p+YotnI4IDsL":"IsXVu","475D5p+YotnI4IDsL":"stackTrace","285D5p+YotnI4IDsL":"Limit","214D5p+YotnI4IDsL":"SVGAnimate","480D5p+YotnI4IDsL":"uYgwU","507D5p+YotnI4IDsL":"uDAXk","335D5p+YotnI4IDsL":"name","254D5p+YotnI4IDsL":"RegExp","139D5p+YotnI4IDsL":"IKQUd","249D5p+YotnI4IDsL":"match","422D5p+YotnI4IDsL":"filter","486D5p+YotnI4IDsL":"rWdMd","65D5p+YotnI4IDsL":"indexOf","315D5p+YotnI4IDsL":"UXYrf","260D5p+YotnI4IDsL":"map","306D5p+YotnI4IDsL":"MBhiU","224D5p+YotnI4IDsL":"GKkti","356D5p+YotnI4IDsL":"FYAwU","235D5p+YotnI4IDsL":"ainLG","485D5p+YotnI4IDsL":"Omijw","196D5p+YotnI4IDsL":"AlSQo","373D5p+YotnI4IDsL":"constructo","39D5p+YotnI4IDsL":"qMjDf","310D5p+YotnI4IDsL":"fWbJu","165D5p+YotnI4IDsL":"yZVRb","69D5p+YotnI4IDsL":"ddXjq","43D5p+YotnI4IDsL":"SMJch","397D5p+YotnI4IDsL":"test","33D5p+YotnI4IDsL":"EanHy","381D5p+YotnI4IDsL":"aWtDe","75D5p+YotnI4IDsL":"aaVCV","225D5p+YotnI4IDsL":"join","390D5p+YotnI4IDsL":"GnlvH","193D5p+YotnI4IDsL":"VVijn","449D5p+YotnI4IDsL":"jIzwM","401D5p+YotnI4IDsL":"xaoDw","317D5p+YotnI4IDsL":"FMmor","399D5p+YotnI4IDsL":"RlvfN","483D5p+YotnI4IDsL":"tKptk","287D5p+YotnI4IDsL":"srAMl","231D5p+YotnI4IDsL":"EEMOE","323D5p+YotnI4IDsL":"gQNGY","236D5p+YotnI4IDsL":"TObzz","253D5p+YotnI4IDsL":"jsvsd","283D5p+YotnI4IDsL":"OjKtj","407D5p+YotnI4IDsL":"floor","95D5p+YotnI4IDsL":"CqHUq","445D5p+YotnI4IDsL":"uOyOC","357D5p+YotnI4IDsL":"xqhVe","153D5p+YotnI4IDsL":"VbCSk","270D5p+YotnI4IDsL":"GHNav","134D5p+YotnI4IDsL":"ugxgG","74D5p+YotnI4IDsL":"oFOUl","499D5p+YotnI4IDsL":"Jvqxd","138D5p+YotnI4IDsL":"NhWom","201D5p+YotnI4IDsL":"MHTPp","207D5p+YotnI4IDsL":"dMyIx","167D5p+YotnI4IDsL":"zPmiX","471D5p+YotnI4IDsL":"gmqmG","200D5p+YotnI4IDsL":"XGEoD","60D5p+YotnI4IDsL":"ekzOO","186D5p+YotnI4IDsL":"ozQoh","123D5p+YotnI4IDsL":"mhbkD","303D5p+YotnI4IDsL":"dOnhl","479D5p+YotnI4IDsL":"localStora","59D5p+YotnI4IDsL":"Date","365D5p+YotnI4IDsL":"getTime","14D5p+YotnI4IDsL":"parseInt","379D5p+YotnI4IDsL":"decodeURIC","183D5p+YotnI4IDsL":"eMFOn","162D5p+YotnI4IDsL":"PESxK","37D5p+YotnI4IDsL":"ZYBMZ","508D5p+YotnI4IDsL":"openArgs","464D5p+YotnI4IDsL":"XMLHttpReq","302D5p+YotnI4IDsL":"uest","15D5p+YotnI4IDsL":"_waf_hook","50D5p+YotnI4IDsL":"KNRCv","322D5p+YotnI4IDsL":"sendBody","367D5p+YotnI4IDsL":"YXZOw","171D5p+YotnI4IDsL":"toLowerCas","257D5p+YotnI4IDsL":"LscEM","500D5p+YotnI4IDsL":"GPumN","240D5p+YotnI4IDsL":"OpHUl","460D5p+YotnI4IDsL":"YGroO","519D5p+YotnI4IDsL":"vAAVZ","473D5p+YotnI4IDsL":"wBAZQ","489D5p+YotnI4IDsL":"sCgPx","176D5p+YotnI4IDsL":"PailL","48D5p+YotnI4IDsL":"vTtfV","97D5p+YotnI4IDsL":"createElem","411D5p+YotnI4IDsL":"ent","189D5p+YotnI4IDsL":"BoNhR","413D5p+YotnI4IDsL":"innerHTML","456D5p+YotnI4IDsL":"KzYzM","259D5p+YotnI4IDsL":"firstChild","396D5p+YotnI4IDsL":"href","169D5p+YotnI4IDsL":"protocol","351D5p+YotnI4IDsL":"host","263D5p+YotnI4IDsL":"hostname","117D5p+YotnI4IDsL":"port","436D5p+YotnI4IDsL":"fkRDo","348D5p+YotnI4IDsL":"pathname","470D5p+YotnI4IDsL":"substr","158D5p+YotnI4IDsL":"search","133D5p+YotnI4IDsL":"hash","63D5p+YotnI4IDsL":"vLOzH","290D5p+YotnI4IDsL":"zrhWE","410D5p+YotnI4IDsL":"PXVnY","56D5p+YotnI4IDsL":"plMny","395D5p+YotnI4IDsL":"VKGyc","110D5p+YotnI4IDsL":"jbHwk","24D5p+YotnI4IDsL":"mpAbB","433D5p+YotnI4IDsL":"stToK","372D5p+YotnI4IDsL":"IWEXr","160D5p+YotnI4IDsL":"bxjwz","3D5p+YotnI4IDsL":"ftlNc","450D5p+YotnI4IDsL":"OdLbZ","288D5p+YotnI4IDsL":"cEfFp","250D5p+YotnI4IDsL":"oCLMJ","453D5p+YotnI4IDsL":"mLbWy","205D5p+YotnI4IDsL":"IgzXz","511D5p+YotnI4IDsL":"Uint8Array","203D5p+YotnI4IDsL":"FgDxE","440D5p+YotnI4IDsL":"fwasC","202D5p+YotnI4IDsL":"now","481D5p+YotnI4IDsL":"unescape","192D5p+YotnI4IDsL":"fywbh","280D5p+YotnI4IDsL":"hxTed","252D5p+YotnI4IDsL":"cBFPO","57D5p+YotnI4IDsL":"StrCo","291D5p+YotnI4IDsL":"FDhxq","54D5p+YotnI4IDsL":"KGwxW","44D5p+YotnI4IDsL":"VGuay","31D5p+YotnI4IDsL":"yluRG","22D5p+YotnI4IDsL":"PtYzg","10D5p+YotnI4IDsL":"rFTZt","371D5p+YotnI4IDsL":"royeF","107D5p+YotnI4IDsL":"tOrhb","229D5p+YotnI4IDsL":"FZRVP","120D5p+YotnI4IDsL":"aLwuT","298D5p+YotnI4IDsL":"fYUqv","264D5p+YotnI4IDsL":"oBwyK","443D5p+YotnI4IDsL":"kwHSA","338D5p+YotnI4IDsL":"xikRA","143D5p+YotnI4IDsL":"Ewirs","267D5p+YotnI4IDsL":"sTxtu","458D5p+YotnI4IDsL":"jqtZb","491D5p+YotnI4IDsL":"SXmjP","23D5p+YotnI4IDsL":"XCbHF","149D5p+YotnI4IDsL":"qmfxX","232D5p+YotnI4IDsL":"tJHfA","109D5p+YotnI4IDsL":"JQSTj","79D5p+YotnI4IDsL":"DAjqm","115D5p+YotnI4IDsL":"VpiBm","333D5p+YotnI4IDsL":"MLfen","311D5p+YotnI4IDsL":"aJngU","93D5p+YotnI4IDsL":"XZBrU","216D5p+YotnI4IDsL":"GIEPV","352D5p+YotnI4IDsL":"UVZZi","51D5p+YotnI4IDsL":"JXQZo","394D5p+YotnI4IDsL":"ZNByI","206D5p+YotnI4IDsL":"AvZIm","182D5p+YotnI4IDsL":"tQiOd","106D5p+YotnI4IDsL":"vuIXU","292D5p+YotnI4IDsL":"GrmQb","405D5p+YotnI4IDsL":"sxWwM","78D5p+YotnI4IDsL":"ObuSZ","13D5p+YotnI4IDsL":"plyzN","159D5p+YotnI4IDsL":"vltqc","364D5p+YotnI4IDsL":"BogKs","118D5p+YotnI4IDsL":"bQlbz","299D5p+YotnI4IDsL":"HFszh","441D5p+YotnI4IDsL":"ZFgHA","188D5p+YotnI4IDsL":"SAcdD","425D5p+YotnI4IDsL":"KKpEX","478D5p+YotnI4IDsL":"OqRve","174D5p+YotnI4IDsL":"UunXg","376D5p+YotnI4IDsL":"HAbwu","122D5p+YotnI4IDsL":"jTcMa","380D5p+YotnI4IDsL":"lVsQB","408D5p+YotnI4IDsL":"crhGc","199D5p+YotnI4IDsL":"tdPnp","119D5p+YotnI4IDsL":"LDJrz","5D5p+YotnI4IDsL":"GbHYq","241D5p+YotnI4IDsL":"hJtYL","289D5p+YotnI4IDsL":"qitlz","127D5p+YotnI4IDsL":"XEEJJ","354D5p+YotnI4IDsL":"LekIl","233D5p+YotnI4IDsL":"qmZGX","316D5p+YotnI4IDsL":"OgNQM","46D5p+YotnI4IDsL":"CIDZL","265D5p+YotnI4IDsL":"WirCP","25D5p+YotnI4IDsL":"HJOJn","90D5p+YotnI4IDsL":"ZyxQW","136D5p+YotnI4IDsL":"NuMHk","170D5p+YotnI4IDsL":"TnFsj","463D5p+YotnI4IDsL":"PnLxT","27D5p+YotnI4IDsL":"hHzJy","173D5p+YotnI4IDsL":"push","514D5p+YotnI4IDsL":"YCgju","20D5p+YotnI4IDsL":"bYJzd","358D5p+YotnI4IDsL":"JCTaK","340D5p+YotnI4IDsL":"FFJJg","83D5p+YotnI4IDsL":"wcBiU","406D5p+YotnI4IDsL":"SStOw","442D5p+YotnI4IDsL":"WoCOU","339D5p+YotnI4IDsL":"psxuU","421D5p+YotnI4IDsL":"lNagV","163D5p+YotnI4IDsL":"SMeKT","258D5p+YotnI4IDsL":"Fauxb","124D5p+YotnI4IDsL":"GyAAE","168D5p+YotnI4IDsL":"zJMwQ","226D5p+YotnI4IDsL":"ywllm","389D5p+YotnI4IDsL":"JzPxJ","244D5p+YotnI4IDsL":"xqFGO","461D5p+YotnI4IDsL":"documentEl","99D5p+YotnI4IDsL":"ement","305D5p+YotnI4IDsL":"getAttribu","71D5p+YotnI4IDsL":"upsYk","498D5p+YotnI4IDsL":"hasOwnProp","520D5p+YotnI4IDsL":"erty","345D5p+YotnI4IDsL":"Object","314D5p+YotnI4IDsL":"keys","457D5p+YotnI4IDsL":"forEach","366D5p+YotnI4IDsL":"yuXtG","102D5p+YotnI4IDsL":"FRXKB","403D5p+YotnI4IDsL":"VmbOO","8D5p+YotnI4IDsL":"RLaMS","434D5p+YotnI4IDsL":"console","344D5p+YotnI4IDsL":"debug","89D5p+YotnI4IDsL":"configurab","187D5p+YotnI4IDsL":"enumerable","419D5p+YotnI4IDsL":"defineProp","281D5p+YotnI4IDsL":"pKFEC","447D5p+YotnI4IDsL":"navigator","53D5p+YotnI4IDsL":"_phantom","178D5p+YotnI4IDsL":"callPhanto","393D5p+YotnI4IDsL":"phantom","332D5p+YotnI4IDsL":"spawn","398D5p+YotnI4IDsL":"emit","368D5p+YotnI4IDsL":"Buffer","209D5p+YotnI4IDsL":"domAutomat","388D5p+YotnI4IDsL":"ion","503D5p+YotnI4IDsL":"__webdrive","343D5p+YotnI4IDsL":"r_script_f","0D5p+YotnI4IDsL":"fxdriver_i","318D5p+YotnI4IDsL":"__fxdriver","210D5p+YotnI4IDsL":"_unwrapped","11D5p+YotnI4IDsL":"ClientUtil","114D5p+YotnI4IDsL":"__nightmar","135D5p+YotnI4IDsL":"oUmLa","237D5p+YotnI4IDsL":"slice","353D5p+YotnI4IDsL":"eCjsO","431D5p+YotnI4IDsL":"sUpoO","313D5p+YotnI4IDsL":"uDYrq","137D5p+YotnI4IDsL":"tySQC","469D5p+YotnI4IDsL":"concat","312D5p+YotnI4IDsL":"ysppO","251D5p+YotnI4IDsL":"MQNdi","72D5p+YotnI4IDsL":"rsvQt","400D5p+YotnI4IDsL":"LBxlW","131D5p+YotnI4IDsL":"pHprE","38D5p+YotnI4IDsL":"SFnTw","466D5p+YotnI4IDsL":"Qyeox","245D5p+YotnI4IDsL":"Jyzbk","324D5p+YotnI4IDsL":"znlEZ","98D5p+YotnI4IDsL":"RxyXZ","304D5p+YotnI4IDsL":"iQSlr","459D5p+YotnI4IDsL":"charAt","325D5p+YotnI4IDsL":"call","337D5p+YotnI4IDsL":"nWxkZ","512D5p+YotnI4IDsL":"HvTFk","1D5p+YotnI4IDsL":"yuWBk","243D5p+YotnI4IDsL":"MOpSt","272D5p+YotnI4IDsL":"OsyXd","391D5p+YotnI4IDsL":"DPfgz","156D5p+YotnI4IDsL":"MlvOA","211D5p+YotnI4IDsL":"QbTcp","334D5p+YotnI4IDsL":"TSwtF","177D5p+YotnI4IDsL":"BNSVX","150D5p+YotnI4IDsL":"RuvZE","286D5p+YotnI4IDsL":"yqOhx","444D5p+YotnI4IDsL":"IrxmU","247D5p+YotnI4IDsL":"TWDLH","329D5p+YotnI4IDsL":"pow","18D5p+YotnI4IDsL":"QbUMt","116D5p+YotnI4IDsL":"txgoH","349D5p+YotnI4IDsL":"neDFx","474D5p+YotnI4IDsL":"dhLgd","113D5p+YotnI4IDsL":"Mengp","175D5p+YotnI4IDsL":"ynqwu","68D5p+YotnI4IDsL":"xPyug","132D5p+YotnI4IDsL":"BwbmZ","255D5p+YotnI4IDsL":"BOLcN","108D5p+YotnI4IDsL":"IOvYK","465D5p+YotnI4IDsL":"QCufx","284D5p+YotnI4IDsL":"DEgvw","155D5p+YotnI4IDsL":"FClzd","73D5p+YotnI4IDsL":"TcKvV","223D5p+YotnI4IDsL":"EuGQY","301D5p+YotnI4IDsL":"AzIct","52D5p+YotnI4IDsL":"OmWov","424D5p+YotnI4IDsL":"ssUmz","355D5p+YotnI4IDsL":"bLdzp","336D5p+YotnI4IDsL":"aRJLy","518D5p+YotnI4IDsL":"PGqwb","468D5p+YotnI4IDsL":"WJFxT","490D5p+YotnI4IDsL":"dNsTN","12D5p+YotnI4IDsL":"xAcdY","477D5p+YotnI4IDsL":"dnGWj","275D5p+YotnI4IDsL":"HhwmB","121D5p+YotnI4IDsL":"HaPqh","227D5p+YotnI4IDsL":"wcrQr","432D5p+YotnI4IDsL":"lfoaZ","256D5p+YotnI4IDsL":"yPBkL","67D5p+YotnI4IDsL":"proSP","341D5p+YotnI4IDsL":"SVtDi","17D5p+YotnI4IDsL":"bcejF","111D5p+YotnI4IDsL":"NfAMB","472D5p+YotnI4IDsL":"knkxy","266D5p+YotnI4IDsL":"vOHzH","190D5p+YotnI4IDsL":"BzKTA","2D5p+YotnI4IDsL":"AtcVi","130D5p+YotnI4IDsL":"hBWVt","204D5p+YotnI4IDsL":"VhEhL","105D5p+YotnI4IDsL":"Lwgcw","437D5p+YotnI4IDsL":"wSJAp","496D5p+YotnI4IDsL":"lJkQV","509D5p+YotnI4IDsL":"IzHkQ","492D5p+YotnI4IDsL":"dYjVU"};
var U = Q[0x1602 + 0x416 + -0x1a18]
, P = V + U
, J = l[P];
return !J ? (i = N['kcwJbe'](i),
l[P] = i) : i = J,
i;
}
后续只要用到解密的,直接替代为 hx_jm 即可。
因为是 控制流 ,看得不是很清楚,调试也不方便,所以我采取一步一步还原的办法,确保每一个步骤所生成的值在我们的预期之中。在这里直接说前置条件,因为这个案例中的 JS 代码存在 控制流 、try-catch 垃圾代码,先说几个注意点。
- 首先是
混淆数组可以提前复制到本地,免得后面需要补的时候一个个复制比较麻烦,在浏览器中找到如下数组(这些数组都是挨在一块,需要全部复制下来。)
- 当看见扣下来的代码中存在以下代码段时,直接删掉,不影响逻辑:
这是一定要删的,不然很影响后续的 代码调试 。
>_ 逐步分析
| case 12 |
前置的准备好了,现在分析代码,从控制流的语句可以看到,首先执行的是 case 12,于是断到 12 的位置:
可以看到,具体逻辑是给变量 md 复制为 浏览器 全局对象,在 node 中没有这个对象,可以暂时声明为 globalThis :
可以加个 代理 ,方便后续查看调用情况:
| case 11 |
接下来看 case 11 :
主要对 mX 进行赋值操作,而且一看就是固定值:get 。
| case 7 |
接着 case 7 :
主要有四个 变量 参与赋值操作:mi 、mn 、mU =mP ,下面是它们的具体值:
mi:
mn:
mU&&mP:
前两个只是简单地对 参数 做了截取和拼接的操作,主要是 mU (mP)是陌生的,需要分析:
主要方法是内置的的方法,字符串进行 url 编码的,需要补充的点是 md 下的 _waf_bd8ce2ce37 :
这个是接口的返回值:
可以暂时固定:
| case 8 |
接下来是 case 8 :
因为判断永假,所以不会任何赋值操作,可以跳过。
| case 4 |
case 4 的主要逻辑是对 Math.random 进行重写的操作,这里需要补充的是 g 函数和 L ,其中 L 是固定值: 2576372154 ,g 的话就是扣代码的常规操作了。
| case 9 |
主要也是扣方法 m2 。
| case 5 |
mc 在上一步生成,这一步的话主要是将 mc 的值赋给 mh 。
| case 3 |
其它都是大差不差,不断扣代码就行,到 case 3 时值就已经生成了。
>_ 注意要点
在代码补充的过程中,你可能会遇到如下问题:
window下的_waf_a86dfdc5f2找不到:同样的,是接口返回值。
localStorage下的__00b204e9800998__未定义:经过不断刷新测试,好像是固定值。
localStorage下的getItem未定义:简单补充即可。
- 其它固定值有
hN、O。
>_ 生成结果
更多有趣内容,可关注wx公众号“小恰学逆向”,分享一些爬虫JS逆向技术以及有趣的工具。(●´ω`●)ゞ
