某安网别逆向,一不小心就......

admin 2023年5月11日02:22:10评论25 views字数 34429阅读114分45秒阅读模式
这是「进击的Coder」的第 830 篇技术分享
作者:TheWeiJun
来源:逆向与爬虫的故事

阅读本文大概需要 9 分钟。

大家好,我是 TheWeiJun。在现代互联网中,cookie 成为了网站管理的重要工具。某些网站会对 cookie 进行加密,以加强数据的安全性和保密性。然而,逆向加密算法并不是一件简单的事情。本文将探讨如何逆向某安网站的 cookie 加密参数,向读者介绍这一过程中所涉及的技术和工具,并提供详细的步骤和示例代码,以帮助读者更好地理解和掌握 Cookie 加密的原理与实现。
特别声明:本公众号文章只作为学术研究,不作为其他不法用途;如有侵权请联系作者删除。
某安网别逆向,一不小心就......


立即加星标

某安网别逆向,一不小心就......

每月看好文

 目录



一、前言介绍
二、网站分析
三、参数分析
四、算法还原
五、思路总结
某安网别逆向,一不小心就......

趣味模块


小明是一个喜欢在网上冲浪的年轻人,有一天他发现自己的浏览历史被一个神秘网站所掌握。他决定追踪这个网站,最终发现了一个逆向 cookie 的方法。于是小明开始了他的行动——他开始了一场刺激的冒险,试图找出那个神秘的网站,并摧毁他的逆向 cookie 技术。这是一场令人兴奋的旅程,让小明不仅仅是拯救了自己的隐私,还成为了一个网络安全的英雄。(故事情节虚构😂) 小明公众号如下:



一、前言介绍

前言:在现代互联网中,cookie 成为了网站管理的重要工具。某些网站会对 cookie 进行加密,以加强数据的安全性和保密性。然而,逆向加密算法并不是一件简单的事情。本文将探讨如何逆向某安网站的 cookie 加密参数,向读者介绍这一过程中所涉及的技术和工具,并提供详细的步骤和示例代码,以帮助读者更好地理解和掌握 Cookie 加密的原理与实现。




二、网站分析


1、首先打开我们本次分析的网址,通过 curl 复制请求信息,截图如下:

某安网别逆向,一不小心就......

2、将刚刚 Copy as cURL 的信息粘贴到 curl 在线工具中转换为 Python 代码,截图如下:

某安网别逆向,一不小心就......

3、复制上面的代码到 pycharm 工具中,运行代码后,截图如下所示:某安网别逆向,一不小心就......

4、很显然,网站可以正常访问。我们将 cookie 去掉后,再次运行代码,截图如下所示:某安网别逆向,一不小心就......

5、观察上图,我们发现网站不能够正常展示了。紧接着,我们一起分析下 cookie 中的参数都有哪些吧!经过测试,以下参数会影响网站首页正常展示:

  • __jsluid_s

  • __jsl_clearance_s

说明:接下来让我们通过技术手段去分析这些参数如何生成,并能够正常访问该网站吧。


三、参数分析

1、我们将 pycharm 中 cookie 全部清空,再次发送请求包,此刻注意观察接口状态码,截图如下所示:

某安网别逆向,一不小心就......

总结:得到状态码信息后,如果我们想要通过代码去重现浏览器的请求,则需要浏览器清除 cookie 后,捕获网站的请求栈则即可分析出 cookie 中的加密值是如何生成的。


2、接下来,我们使用 EditThisCookie 插件清空该网站 cookie,截图如下所示:

某安网别逆向,一不小心就......

总结:如果不知道插件如何下载的,可以通过公众号后台或者私聊我进行获取。


3、执行清空 cookie 命令后,要确保当前网站 cookie 信息如下图所示即可:

某安网别逆向,一不小心就......

4、接下来我们打开开发者工具,捕获新的请求,重现 cookie 加载获取过程,截图如下所示:

某安网别逆向,一不小心就......

5、观察第一个 521 状态码的请求,分析下 Response、Request 信息,截图如下所示:

某安网别逆向,一不小心就......

总结:我们在第一个 index.html 请求中发现了 __jsluid_s 参数,该参数是通过 Response Headers 中的 SetCookie 返回的。但是我们在第一个 index.html 的 Response 中并没有看到 pycharm 中的那些 js 代码,此刻我比较疑惑;接下来我们一起分析下第二个 521 请求。


6、我们观察第二个 521 状态的请求,分析 Response、Request 信息,截图如下所示:

某安网别逆向,一不小心就......

环节总结:此刻我们发现 Request 请求头中两个参数都已经填充,我们点击 Response 栏目,发现依旧为空,此刻我更加好奇,这些参数是如何自己填充进去的?于是我想到了,想看看正常请求成功后,index.html 的堆栈信息吧。response 体中空数据截图如下:

某安网别逆向,一不小心就......

7、接下来,我们查看 200 状态码的 index.html 的请求信息,截图如下所示:

某安网别逆向,一不小心就......

总结:我们发现 200 状态码的请求和刚刚第二次 521 状态码请求中的 cookie 参数是一致的,哦不对,仔细观察,发现 __jsl_clearance_s 参数还是不一样的。那么 200 状态这次请求,他到底中间进行了哪些运算呢?

8、接下来,我们输出一下该请求堆栈截图,如下所示:

某安网别逆向,一不小心就......

总结:很明显,这个堆栈信息和我们刚刚看到的两个 521 请求、1 个 200 请求刚好对应,可我们观察发现,该堆栈信息都是html页面返回给我们的,而并不像往常一样是通过 js 文件计算生成的。而我们在两次 521 请求的页面中,看不到任何 response 信息,cookie 的参数到底如何计算的呢?接下来,我们进入重要环节。


9、先给浏览器设置代理,然后使用 charles 工具分析该网站,捕获完整请求,我们这么做的目的是怀疑浏览器把 response 的响应内容给提前拦截了,而我们使用 charles,能看到完整的信息,再次捕获请求后,截图如下所示:

某安网别逆向,一不小心就......

总结:哈哈,果然不出我所料,这不就是 pycharm 中,我们执行看到的 response 内容吗?那么我们看看第二个 521 请求的代码内容是什么。截图如下:

某安网别逆向,一不小心就......

总结:经过分析,我们发现第二个 521 请求的 response 内容也是一段 js 代码,总算有点思路了。参数分析环节浪费时间太多了,接下来我们进入算法还原环节去实现 js 代码还原吧。



四、算法还原


1、先把第一个 521 请求的内容粘贴出来,复制到浏览器 Console 界面执行,截图如下所示:

某安网别逆向,一不小心就......

总结:好家伙,这不就是第二个请求的 __jsl_clearance_s 参数么?那么我们接下来编辑下代码,使用 python 发包获取第二次 521 请求的响应内容吧。


2、我们先对第一次 521 请求发包,然后组装请求并进行第二次发包,完整代码如下:

    def get_first_cookies(self) -> Dict[str, str]:        response = self.session.get(url=self.url, headers=self.headers)        pattern = re.compile('<script>document.cookie=(.*?);location', re.S)        js = re.findall(pattern, response.text)[0]        jsl_clearance_s = execjs.eval(js).split(';')[0]        first_cookies = jsl_clearance_s.split("=")        cookies = {            "__jsl_clearance_s": first_cookies[1],            "__jsluid_s": response.cookies.get("__jsluid_s"),        }        return cookies
def get_second_cookies(self, first_cookies: Dict[str, str]): response = requests.get(url=self.url, headers=self.headers, cookies=first_cookies) print(response.text)

3、代码运行后,我们在 pycharm 中查看信息,截图如下:

某安网别逆向,一不小心就......

总结:完美啊,这不就是刚刚 charles 工具中看到的代码么?那么接下来我们将 js 代码整理出来,进行分析并还原吧。


4、复制 response 返回的 js 代码到 Console 界面执行,截图如下所示:

某安网别逆向,一不小心就......

5、代码运行后,我发现network中,index.html请求立马全部重新发了一次包,截图如下:

某安网别逆向,一不小心就......

总结:此刻可以肯定,这段 js 代码有点类似与瑞数类型的网站,我们想要看到网站首页,就要对这段 js 代码进行还原。

6、复制代码并创建 index.js 文件,截图如下所示:

某安网别逆向,一不小心就......

总结:我的第一感觉,这个代码混淆好厉害啊,本来想着使用 AST 解除混淆,但是想想也就 600 多行代码,不用绝招了,直接开干。


7、在 js 代码最后,我发现了一个重要信息,截图如下:

某安网别逆向,一不小心就......

总结:这个 go 函数方法,我们在前面的 index.html 的状态码为 200 请求堆栈中见到过。现在整个流程一下子一目了然了,接下来,我们只需要还原这个 go 方法,然后将获取的 json 数据传递进去进行加密计算就能完成对这个网站的还原。


8、为了还原 js 代码,我们对 js 代码进行补环境,这个过程有点棘手,补环境截图如下:

某安网别逆向,一不小心就......

某安网别逆向,一不小心就......

总结:这里我也没啥技巧,缺啥补啥,环境补完后,运行代码,截图如下图所示:

某安网别逆向,一不小心就......

9、不说废话,直接附上补完环境后的完整JS代码:

window = global;window.navigator = {    "userAgent": 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36'}window.document = {    "referrer": "https://xxx/index.html",
}window.location = { "ancestorOrigins": {}, "href": "https://xxxx/index.html", "origin": "https://xxxx", "protocol": "https:", "host": "xxxxx", "hostname": "xxxx", "port": "", "pathname": "/index.html", "search": "", "hash": ""}var _0x39ca = ['wqwHwq/Dng==', 'wo7Dh8KHw6I=', 'PsK1QjE=', 'w60iwpMJ', 'CsOaw5zCiw==', 'IcOAw5DChQ==', 'VMKzCcOq', 'c8KUw6tu', 'w4psL00=', 'wq4sf8OZ', 'w6bDpCku', 'R8OkIUA=', 'wqlkJ8OQ', 'w6bCj8OTw60=', 'dCBKwqQ=', 'woJQRGY=', 'wo9GMsOB', 'T8Ohbz8=', 'w41cw7PDtQ==', 'KMOOwq1o', 'wp1dw6RJ', 'J8K4w6/Dig==', 'w5NKNsK+', 'w5sEwqF7', 'TXUbWg==', 'wrDDmsK6w4w=', 'woTCm15l', 'w7NbwqoY', 'V8OSLFo=', 'EAHDhcK8', 'J2phKw==', 'wpEjYsO4', 'wqJBe2E=', 'w6hUw6rDnQ==', 'w4UPwp4C', 'ES99wpo=', 'wrkPwqBC', 'wrDDhCDDpQ==', 'wqpXWkU=', 'Lz/Di8KJ', 'csK4ICA=', 'K8Oaw7TChQ==', 'wrfDlsKRw4g=', 'wpUIQhg=', 'w7luJWA=', 'wo4ZwoZQ', 'w7hPJXM=', 'JsKJTMKi', 'w5zDuAoo', 'DMKAwpbCgA==', 'VUZcw5A=', 'OVPDtcKj', 'wogewrlO', 'DMOAwr1i', 'woPDgmM1', 'wpjCvEsO', 'FVLDqMKw', 'AUzDv8Ow', 'J8KRVyU=', 'w7tHOcKT', 'QsKaE8Or', 'w5VnD3Y=', 'w7HDqgvDiA==', 'WsKCDBE=', 'wr7Di8Kuw5g=', 'D0lrwrI=', 'DMKxwpnCjw==', 'wqcTwqXDtg==', 'Yg/CjSk=', 'wr3Dm17Dsw==', 'H8OHw4sh', 'w70wwqlB', 'wrYgwqdZ', 'wq4zwrhg', 'O8KUw7PDhw==', 'wr3Cvnd2', 'w6RPGcKE', 'eW0CZQ==', 'SMKNEsOh', 'wpXCpWHCnw==', 'WkTCv3s=', 'DC3DsMKO', 'YWZ7w5A=', 'w5Baw6RI', 'w5fDojsu', 'CitDwoY=', 'w7/CisO0w6c=', 'w67DhTdk', 'wpdtCMOf', 'QsKwB8Oa', 'wpgAwqXDiA==', 'eMKPBMOm', 'L8OAw5rCjg==', 'wpvDoFMP', 'ZlglUA==', 'RRFOwoE=', 'wq7DqcKQw6o=', 'GijDjcKo', 'w6lTw4TDkA==', 'wrhBVGw=', 'wo4mwo7Dmg==', 'wobDlsKrw4s=', 'wobCsUww', 'QsKIG8O4', 'w6PCvsOZw4A=', 'GDfDlMKq', 'Pk3Do8KJ', 'WsKQEA==', 'wo1sS2w=', 'ZRrCpyY=', 'wrAowqNq', 'ZTvCmRI=', 'wo3DnwvDmA==', 'w5kZwqJ3', 'E8O/w73Cgg==', 'w5ZBwqQH', 'wrjDtnw5', 'CMOVw5DCjQ==', 'woN+LsOL', 'wrjDlyLDrQ==', 'wo3Dh8Kgw7o=', 'wq3Cm0PCsw==', 'wrDCr1hq', 'wpvDgQHDgw==', 'ccO+L0M=', 'H2zDicK4', 'HsKRwrDCqA==', 'J8KVZ8K9', 'w4vClMO8w4c=', 'B8OSD8KV', 'SsKew5FR', 'Pl3DvcKu', 'a2R5w6c=', 'wovCsGEE', 'GsKTwrRl', 'Pytlwr4=', 'w7UHw70M', 'wpvCkH5e', 'fsK/CAI=', 'w5vDuyvDgw==', 'T8KPD8OG', 'w7h6A8Kq', 'OCFGwoM=', 'G8Kzw7TDkQ==', 'bMKww5N6', 'UDDCsAc=', 'w4U/w44K', 'V8OZehw=', 'AUrDv8O0', 'woNgBsOy', 'w6QvwqQm', 'YsKXw4NN', 'PcKZw67DmA==', 'wqU3wrvDuQ==', 'AsKxeA4=', 'IsOPwoNg', 'A2N8LA==', 'djrCqxU=', 'PcKGBcOi', 'YsOow545', 'Pxlpwp0=', 'IsKXwpPCig==', 'fUTCuMK+', 'wpfDucKJw7M=', 'H3tHwqM=', 'Yl0PTw==', 'wopQX1I=', 'wosQwpBb', 'F8KYwrU9', 'C8KIwrpn', 'CsKVwpVp', 'NMKwby8=', 'w6dVAMKH', 'CMKxwrrCiw==', 'wqw1wpXDnQ==', 'w4EBwoc=', 'X8KLw51v', 'wo7CrFAm', 'wocqd8Ov', 'w4nCvcOUw5M=', 'wpvDsFAO', 'wq9zG8O2', 'w7XDvS0B', 'LERvEg==', 'w4YMwoRZ', 'w5YBw6g4', 'w4TCjMOrw5I=', 'YsKBw5pQ', 'fMOXUhY=', 'LsK+w6fDvA==', 'wrDDsTTDlw==', 'wqzDr38W', 'AcOHw6DCgA==', 'wq7DlsK4w6U=', 'w6Zyf8OU', 'aGJWw4A=', 'Z8O7UQ==', 'dll7w6Q=', 'wqxROMO9', 'DQ9pwpg=', 'IiTDp8K2', 'XcKVw75a', 'VMOjPUI=', 'OERz', 'fsKbw5Z2', 'wrLCm0DCtA==', 'NTHDm8Kr', 'wrLDgD7Dsw==', 'e8OOwo3Cnw==', 'CcKYX8KT', 'SsKmw59q', 'woRCeFg=', 'AMKsw4DDtg==', 'wp8fwqLDqg==', 'wrc5Fg4=', 'w5F7IcKO', 'ektTw4U=', 'Oj9dwq4=', 'w67DoScP', 'HlRkwos=', 'w6lSwocI', 'dcKEw6FW', 'wpDCgGwu', 'w7/Dmg0C', 'wpxNTU8=', 'ecOfGkU=', 'c01bw7M=', 'B3Njwr8=', 'wrDDplbCkg==', 'LcKrYCM=', 'w752LsKb', 'I8OpwodV', 'RQVEwrs=', 'Fm/Dg8KE', 'wqvCn302', 'BRRmwoI=', 'KU7DrMKu', 'w7Ysw7oy', 'XMOVfDE=', 'w4fDtxkT', 'w4wxTkY=', 'wpbCgmcA', 'P8KVwr7Cgg==', 'w5HDvTTDkQ==', 'wrsfcSA=', 'BU19Hg==', 'w57DqQBM', 'w7hqwqUp', 'wog7woXDlw==', '6K2H5rGx6amH6K6r', 'wrnDrDgu', 'wqkgwpI=', 'w4Eawql3', 'EcOiE8K7', 'w6zDoynDjw==', 'w7sQwoxo', 'KMOuTFw=', 'w7oHfUw=', 'PMKNVxk=', 'YTFIwpM=', 'Uh3Do34=', 'LMKeRcK8', 'w6skN8KI', 'OcKowrDCiw==', 'ccOOG1w=', 'w6jCvGo3', 'wrnCjMK+wpo=', 'XQNMwpk=', 'wogLwqBK', 'w6EtRk0=', 'wrZnSUU=', 'w4EqQ1o=', 'GMKCwoTChw==', 'w5jDjSnDpw==', 'wrcQwox0', 'wrnCt2Jr', 'woo6X8OW', 'I8OEwqhp', 'QsOyK0s=', 'wo3ChU86', 'wp90HsOQ', 'N8Kdw4nDoA==', 'IcKeX8K5', 'WMK6DsOI', 'LcKawpzCnw==', 'w75NBHg=', 'UsKJw7Fw', 'w7YBwo4P', 'csK+w4ps', 'a8KBw5hw', 'w77Cq1HDnQ==', 'wpbCvEsP', 'woFGNMOf', 'wqU1wpfDmw==', 'w6x/Y8Ox', 'w5FpKcKd', 'XBnCswU=', 'L8OWI8Kd', 'w6scwqxg', 'wrQNfsOL', 'f2w+fw==', 'ER7DrcKj', 'TMKmw797', 'woFLblM=', 'X8KTw4p2', 'WMK2w4Rc', 'VsO2w7bDrw=='];(function (_0x35faff, _0x39ca66) { var _0x348da6 = function (_0x19bbf7) { while (--_0x19bbf7) { _0x35faff['push'](_0x35faff['shift']()); } }; _0x348da6(++_0x39ca66);}(_0x39ca, 0x146));var _0x348d = function (_0x35faff, _0x39ca66) { _0x35faff = _0x35faff - 0x0; var _0x348da6 = _0x39ca[_0x35faff]; if (_0x348d['vXrXzl'] === undefined) { (function () { var _0x599304 = function () { var _0x460dd1; try { _0x460dd1 = Function('returnx20(function()x20' + '{}.constructor(x22returnx20thisx22)(x20)' + ');')(); } catch (_0xebd55) { _0x460dd1 = window; } return _0x460dd1; }; var _0xa30b95 = _0x599304(); var _0x3b85b0 = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/='; _0xa30b95['atob'] || (_0xa30b95['atob'] = function (_0x538592) { var _0x8b27de = String(_0x538592)['replace'](/=+$/, ''); var _0x406019 = ''; for (var _0x42a791 = 0x0, _0x357eae, _0x495e41, _0x13d4a9 = 0x0; _0x495e41 = _0x8b27de['charAt'](_0x13d4a9++); ~_0x495e41 && (_0x357eae = _0x42a791 % 0x4 ? _0x357eae * 0x40 + _0x495e41 : _0x495e41, _0x42a791++ % 0x4) ? _0x406019 += String['fromCharCode'](0xff & _0x357eae >> (-0x2 * _0x42a791 & 0x6)) : 0x0) { _0x495e41 = _0x3b85b0['indexOf'](_0x495e41); } return _0x406019; }); }()); var _0x347c19 = function (_0x1a4caf, _0x39334e) { var _0x513065 = [], _0x3ae5bc = 0x0, _0x30f95a, _0x5a71d6 = '', _0xa0c4d5 = ''; _0x1a4caf = atob(_0x1a4caf); for (var _0xc10171 = 0x0, _0x292b42 = _0x1a4caf['length']; _0xc10171 < _0x292b42; _0xc10171++) { _0xa0c4d5 += '%' + ('00' + _0x1a4caf['charCodeAt'](_0xc10171)['toString'](0x10))['slice'](-0x2); } _0x1a4caf = decodeURIComponent(_0xa0c4d5); var _0x3cbf1d; for (_0x3cbf1d = 0x0; _0x3cbf1d < 0x100; _0x3cbf1d++) { _0x513065[_0x3cbf1d] = _0x3cbf1d; } for (_0x3cbf1d = 0x0; _0x3cbf1d < 0x100; _0x3cbf1d++) { _0x3ae5bc = (_0x3ae5bc + _0x513065[_0x3cbf1d] + _0x39334e['charCodeAt'](_0x3cbf1d % _0x39334e['length'])) % 0x100; _0x30f95a = _0x513065[_0x3cbf1d]; _0x513065[_0x3cbf1d] = _0x513065[_0x3ae5bc]; _0x513065[_0x3ae5bc] = _0x30f95a; } _0x3cbf1d = 0x0; _0x3ae5bc = 0x0; for (var _0x4354b3 = 0x0; _0x4354b3 < _0x1a4caf['length']; _0x4354b3++) { _0x3cbf1d = (_0x3cbf1d + 0x1) % 0x100; _0x3ae5bc = (_0x3ae5bc + _0x513065[_0x3cbf1d]) % 0x100; _0x30f95a = _0x513065[_0x3cbf1d]; _0x513065[_0x3cbf1d] = _0x513065[_0x3ae5bc]; _0x513065[_0x3ae5bc] = _0x30f95a; _0x5a71d6 += String['fromCharCode'](_0x1a4caf['charCodeAt'](_0x4354b3) ^ _0x513065[(_0x513065[_0x3cbf1d] + _0x513065[_0x3ae5bc]) % 0x100]); } return _0x5a71d6; }; _0x348d['TrRvFr'] = _0x347c19; _0x348d['cvxCUg'] = {}; _0x348d['vXrXzl'] = !![]; } var _0x19bbf7 = _0x348d['cvxCUg'][_0x35faff]; if (_0x19bbf7 === undefined) { if (_0x348d['qceoVq'] === undefined) { _0x348d['qceoVq'] = !![]; } _0x348da6 = _0x348d['TrRvFr'](_0x348da6, _0x39ca66); _0x348d['cvxCUg'][_0x35faff] = _0x348da6; } else { _0x348da6 = _0x19bbf7; } return _0x348da6;};
function hash(_0x18974e) { var _0x51ab30 = {}; _0x51ab30[_0x348d('0xac', 'yolJ') + 'f'] = function (_0x5580cb, _0x354d0a) { return _0x5580cb & _0x354d0a; }; _0x51ab30[_0x348d('0x47', 'ENm)') + 'x'] = function (_0x4f5197, _0x140fdd) { return _0x4f5197 & _0x140fdd; }; _0x51ab30[_0x348d('0x10d', '0]K5') + 'P'] = function (_0x22e5c5, _0x176022) { return _0x22e5c5 >> _0x176022; }; _0x51ab30[_0x348d('0x3f', 'U5T%') + 'W'] = function (_0x29d063, _0x528a7b) { return _0x29d063 | _0x528a7b; }; _0x51ab30[_0x348d('0xce', 'kPfA') + 'M'] = function (_0x4f4b70, _0x15bd55) { return _0x4f4b70 & _0x15bd55; }; _0x51ab30[_0x348d('0x17', 'TYI#') + 'f'] = _0x348d('0x1', '@[DX') + _0x348d('0x3d', '$po5') + _0x348d('0x4c', 'U5T%') + _0x348d('0x95', 'ZSd[') + _0x348d('0x32', 'S3^t') + '|3'; _0x51ab30[_0x348d('0x127', '(FPo') + 's'] = function (_0x5bc0e3, _0x2b2643) { return _0x5bc0e3(_0x2b2643); }; _0x51ab30[_0x348d('0x36', 'bxDh') + 'W'] = function (_0x389136, _0x2c174c, _0x4d35b4, _0x3cde50) { return _0x389136(_0x2c174c, _0x4d35b4, _0x3cde50); }; _0x51ab30[_0x348d('0xd6', 'G#nw') + 'z'] = function (_0x2ea63f, _0xea95d8, _0x4e476d) { return _0x2ea63f(_0xea95d8, _0x4e476d); }; _0x51ab30[_0x348d('0x118', 'YMlY') + 'e'] = function (_0xba7891, _0x44055f) { return _0xba7891 - _0x44055f; }; _0x51ab30[_0x348d('0x3', 'nU59') + 'a'] = _0x348d('0x3e', '[HWx') + 'u'; _0x51ab30[_0x348d('0x106', 'zRV7') + 'c'] = function (_0x423f15, _0x1df435) { return _0x423f15 >>> _0x1df435; }; _0x51ab30[_0x348d('0x94', 'bxDh') + 'R'] = function (_0x29604d, _0x18dbaa) { return _0x29604d << _0x18dbaa; }; _0x51ab30[_0x348d('0x23', 'yolJ') + 'H'] = function (_0x3fec90, _0x45852b) { return _0x3fec90 & _0x45852b; }; _0x51ab30[_0x348d('0xd', 'AGXa') + 'u'] = function (_0x454b18, _0x2b7c6f) { return _0x454b18 ^ _0x2b7c6f; }; _0x51ab30[_0x348d('0xe2', 'Rtgy') + 'Y'] = function (_0x43e4d5, _0x312ff2) { return _0x43e4d5 & _0x312ff2; }; _0x51ab30[_0x348d('0x37', 'zRV7') + 'E'] = function (_0x202ada, _0x473fce) { return _0x202ada ^ _0x473fce; }; _0x51ab30[_0x348d('0xc9', 'hqry') + 'i'] = function (_0x4f54c4, _0x1118cb, _0x50b680) { return _0x4f54c4(_0x1118cb, _0x50b680); }; _0x51ab30[_0x348d('0x4e', '[HWx') + 'N'] = function (_0x52d636, _0x4f2c48) { return _0x52d636 ^ _0x4f2c48; }; _0x51ab30[_0x348d('0xb3', 'orhZ') + 'y'] = function (_0x4b896c, _0x429cdd) { return _0x4b896c ^ _0x429cdd; }; _0x51ab30[_0x348d('0x122', 'm%Fh') + 'S'] = function (_0x699e77, _0x454fcf, _0x50b106) { return _0x699e77(_0x454fcf, _0x50b106); }; _0x51ab30[_0x348d('0x12d', '!jdL') + 'g'] = function (_0x43c165, _0x254562, _0x3f242e) { return _0x43c165(_0x254562, _0x3f242e); }; _0x51ab30[_0x348d('0x46', '^J5D') + 'l'] = function (_0x27b453, _0x3f7f8b, _0xee8f32) { return _0x27b453(_0x3f7f8b, _0xee8f32); }; _0x51ab30[_0x348d('0xc7', 'nr&J') + 'K'] = function (_0x123905, _0x51f7a2) { return _0x123905 >> _0x51f7a2; }; _0x51ab30[_0x348d('0x1d', 'nr&J') + 'a'] = function (_0x3dbfe6, _0x156cf8) { return _0x3dbfe6 < _0x156cf8; }; _0x51ab30[_0x348d('0x4f', 'qo6P') + 'i'] = _0x348d('0xc3', '%6S(') + _0x348d('0x10f', '1oFq') + _0x348d('0xf3', 'orhZ') + _0x348d('0xbd', 'w!2h') + _0x348d('0x33', 'NRJ5') + _0x348d('0x8b', 'fe9y') + _0x348d('0x40', '@[DX') + _0x348d('0x81', '[HWx') + _0x348d('0xf6', 'nr&J') + _0x348d('0xd1', '1oFq'); _0x51ab30[_0x348d('0xff', 'bxDh') + 'c'] = _0x348d('0x8f', 'G#nw') + _0x348d('0xe3', 'yolJ') + _0x348d('0x18', 'AGXa') + _0x348d('0x26', '[HWx') + _0x348d('0xf7', '^caq') + '|3'; _0x51ab30[_0x348d('0x52', '^caq') + 'i'] = function (_0x2e3fbc, _0x459a52) { return _0x2e3fbc + _0x459a52; }; _0x51ab30[_0x348d('0x7', 'bgHV') + 'Y'] = function (_0x5b01bd, _0x53e886, _0x42734b) { return _0x5b01bd(_0x53e886, _0x42734b); }; _0x51ab30[_0x348d('0xcb', 'GVpO') + 'Q'] = function (_0x2a2687, _0x481e4e) { return _0x2a2687 - _0x481e4e; }; _0x51ab30[_0x348d('0x2c', 'FnP1') + 'T'] = function (_0x531f1a, _0x457369, _0xe685b1) { return _0x531f1a(_0x457369, _0xe685b1); }; _0x51ab30[_0x348d('0x2d', 'TYI#') + 'E'] = function (_0x5a2557, _0xe02cbf, _0x53ebe7) { return _0x5a2557(_0xe02cbf, _0x53ebe7); }; _0x51ab30[_0x348d('0xae', '^caq') + 'F'] = function (_0xc77f12, _0x5a54b2) { return _0xc77f12(_0x5a54b2); }; _0x51ab30[_0x348d('0xe0', '1oFq') + 'C'] = function (_0x32b68a, _0x23ca71, _0x12013d) { return _0x32b68a(_0x23ca71, _0x12013d); }; _0x51ab30[_0x348d('0x9d', 'NRJ5') + 'I'] = function (_0x2f0545, _0xf3e878) { return _0x2f0545 - _0xf3e878; }; _0x51ab30[_0x348d('0x3c', 'S3^t') + 's'] = function (_0x2ad770, _0x18f93e) { return _0x2ad770 << _0x18f93e; }; _0x51ab30[_0x348d('0x61', 'yolJ') + 'n'] = function (_0x154e20, _0x19ddcd) { return _0x154e20 / _0x19ddcd; }; _0x51ab30[_0x348d('0x111', '3X1r') + 'd'] = function (_0x5e115f, _0x4aea4a) { return _0x5e115f % _0x4aea4a; }; _0x51ab30[_0x348d('0xec', 'jBZD') + 'u'] = function (_0x3904e8, _0x596e42) { return _0x3904e8 < _0x596e42; }; _0x51ab30[_0x348d('0xdc', 'nr&J') + 'o'] = function (_0x8fc0e6, _0x34e21e) { return _0x8fc0e6 > _0x34e21e; }; _0x51ab30[_0x348d('0x116', 'fe9y') + 'j'] = function (_0x15b5ae, _0x4c75c8) { return _0x15b5ae >> _0x4c75c8; }; _0x51ab30[_0x348d('0xef', 'm%Fh') + 'a'] = function (_0x36c10c, _0x4db2b7) { return _0x36c10c | _0x4db2b7; }; _0x51ab30[_0x348d('0x72', 'GVpO') + 'A'] = function (_0x46611e, _0x48b6c5) { return _0x46611e | _0x48b6c5; }; _0x51ab30[_0x348d('0xea', 'fe9y') + 'U'] = function (_0x49ae41, _0x5e8868) { return _0x49ae41 & _0x5e8868; }; _0x51ab30[_0x348d('0x88', 'ZSd[') + 'J'] = _0x348d('0x8c', '(95B') + _0x348d('0xe1', '01z4') + _0x348d('0xd5', 'ylod') + _0x348d('0x43', '!jdL'); _0x51ab30[_0x348d('0x130', '3X1r') + 'K'] = _0x348d('0x44', 'GVpO') + _0x348d('0xed', 'FnP1') + _0x348d('0x131', 'FVwu') + _0x348d('0x103', 'kPfA'); _0x51ab30[_0x348d('0xa7', '!jdL') + 'y'] = function (_0x1a4c99, _0x58fa19) { return _0x1a4c99 - _0x58fa19; }; _0x51ab30[_0x348d('0x10e', 'NRJ5') + 'v'] = function (_0x5de6e5, _0xb380de) { return _0x5de6e5 % _0xb380de; }; _0x51ab30[_0x348d('0x67', 'bgHV') + 'g'] = function (_0x49d76d, _0x342565) { return _0x49d76d >> _0x342565; }; _0x51ab30[_0x348d('0xbf', '(FPo') + 'O'] = function (_0x33b5c5, _0x25f286) { return _0x33b5c5 * _0x25f286; }; _0x51ab30[_0x348d('0x6f', '(FPo') + 'z'] = function (_0x5f4645, _0x257a5c) { return _0x5f4645 - _0x257a5c; }; _0x51ab30[_0x348d('0x114', 'nU59') + 'z'] = function (_0xb9c259, _0x1bdb2d) { return _0xb9c259 % _0x1bdb2d; }; _0x51ab30[_0x348d('0xa9', 'eB[$') + 'Q'] = function (_0x2d2380, _0x119681, _0x341741) { return _0x2d2380(_0x119681, _0x341741); }; _0x51ab30[_0x348d('0x1e', 'EKre') + 'C'] = function (_0x565986, _0x5b6cee) { return _0x565986(_0x5b6cee); }; _0x51ab30[_0x348d('0xb7', 'kPfA') + 't'] = function (_0x31224e, _0x1d109e) { return _0x31224e * _0x1d109e; }; var _0x255a4b = _0x51ab30; var _0xf3f8f4 = 0x8; var _0x44611d = 0x0;
function _0x3a38c9(_0x339416, _0x52ed08) { var _0x1e38c7 = _0x255a4b[_0x348d('0x31', '$po5') + 'f'](_0x339416, 0xffff) + _0x255a4b[_0x348d('0x6a', 'G#nw') + 'x'](_0x52ed08, 0xffff); var _0x31c034 = _0x255a4b[_0x348d('0x5c', '$po5') + 'P'](_0x339416, 0x10) + (_0x52ed08 >> 0x10) + (_0x1e38c7 >> 0x10); return _0x255a4b[_0x348d('0x53', 'GVpO') + 'W'](_0x31c034 << 0x10, _0x255a4b[_0x348d('0xaf', 'hKNx') + 'M'](_0x1e38c7, 0xffff)); }
function _0x533e87(_0x4fa225, _0x36b4cd) { var _0x350bfb = {}; _0x350bfb[_0x348d('0xde', 'GVpO') + 'F'] = _0x255a4b[_0x348d('0xb2', 'U5T%') + 'f']; _0x350bfb[_0x348d('0x83', '4Hrm') + 'z'] = function (_0x50aac9, _0x80e62) { return _0x255a4b[_0x348d('0x1a', 'bxDh') + 's'](_0x50aac9, _0x80e62); }; _0x350bfb[_0x348d('0x7f', '@[DX') + 'i'] = function (_0x240aa7, _0x34c5f6, _0x521d74) { return _0x240aa7(_0x34c5f6, _0x521d74); }; _0x350bfb[_0x348d('0xd7', 'GVpO') + 'r'] = function (_0x3a6e45, _0x57c944, _0x4682f9) { return _0x3a6e45(_0x57c944, _0x4682f9); }; _0x350bfb[_0x348d('0x6d', '!jdL') + 'J'] = function (_0x10bd90, _0x1a4416, _0x4542db, _0x35b6a0) { return _0x255a4b[_0x348d('0xe4', 'hqry') + 'W'](_0x10bd90, _0x1a4416, _0x4542db, _0x35b6a0); }; _0x350bfb[_0x348d('0xa5', 'jBZD') + 'R'] = function (_0x3e6816, _0x34252a) { return _0x3e6816 < _0x34252a; }; _0x350bfb[_0x348d('0x113', 'hKNx') + 'V'] = function (_0x1e3fa9, _0x8151e9) { return _0x1e3fa9 + _0x8151e9; }; _0x350bfb[_0x348d('0x48', '^J5D') + 'i'] = function (_0x30b8c0, _0x3422e7, _0x3fc438) { return _0x255a4b[_0x348d('0xfe', '1oFq') + 'z'](_0x30b8c0, _0x3422e7, _0x3fc438); }; _0x350bfb[_0x348d('0x9e', 'GVpO') + 'f'] = function (_0x33ad9a, _0x5a8cd6) { return _0x33ad9a - _0x5a8cd6; }; _0x350bfb[_0x348d('0x57', 'G#nw') + 'S'] = function (_0x51fc1a, _0xd039ea) { return _0x255a4b[_0x348d('0x85', 'zRV7') + 'e'](_0x51fc1a, _0xd039ea); }; var _0x4e6a4f = _0x350bfb; if (_0x255a4b[_0x348d('0xab', '$)5g') + 'a'] === _0x348d('0x11b', 'NRJ5') + 'W') { var _0x3e5461 = _0x4e6a4f[_0x348d('0x6', 'TYI#') + 'F'][_0x348d('0x12c', 'orhZ') + 't']('|'); var _0x2a707c = 0x0; while (!![]) { switch (_0x3e5461[_0x2a707c++]) { case'0': d = c; continue; case'1': T2 = _0x3a38c9(_0x4e6a4f[_0x348d('0x4b', 'yP5J') + 'z'](_0x1a4bce, a), _0x2b4d2c(a, b, c)); continue; case'2': g = f; continue; case'3': a = _0x4e6a4f[_0x348d('0xd2', 'm%Fh') + 'i'](_0x3a38c9, T1, T2); continue; case'4': b = a; continue; case'5': c = b; continue; case'6': f = e; continue; case'7': T1 = _0x3a38c9(_0x3a38c9(_0x3a38c9(_0x4e6a4f[_0x348d('0x20', 'G#nw') + 'r'](_0x3a38c9, h, _0x4e6a4f[_0x348d('0x80', 'eB[$') + 'z'](_0x167b3f, e)), _0x4e6a4f[_0x348d('0xf4', 'EKre') + 'J'](_0xb393ef, e, f, g)), K[j]), W[j]); continue; case'8': h = g; continue; case'9': e = _0x3a38c9(d, T1); continue; case'10': if (_0x4e6a4f[_0x348d('0x101', 'YMlY') + 'R'](j, 0x10)) W[j] = m[_0x4e6a4f[_0x348d('0x14', '[HWx') + 'V'](j, i)]; else W[j] = _0x4e6a4f[_0x348d('0x65', 'TYI#') + 'r'](_0x3a38c9, _0x4e6a4f[_0x348d('0x74', 'Brcn') + 'i'](_0x3a38c9, _0x4e6a4f[_0x348d('0xfd', 'EKre') + 'i'](_0x3a38c9, _0x4ea376(W[_0x4e6a4f[_0x348d('0xf5', 'kPfA') + 'f'](j, 0x2)]), W[_0x4e6a4f[_0x348d('0x2e', 'ylod') + 'S'](j, 0x7)]), _0x275b5d(W[_0x4e6a4f[_0x348d('0x105', '3X1r') + 'S'](j, 0xf)])), W[j - 0x10]); continue; } break; } } else { return _0x255a4b[_0x348d('0x99', 'nU59') + 'c'](_0x4fa225, _0x36b4cd) | _0x255a4b[_0x348d('0xc1', 'zRV7') + 'R'](_0x4fa225, 0x20 - _0x36b4cd); } }
function _0x1e132e(_0x4970f3, _0x2f9888) { return _0x4970f3 >>> _0x2f9888; }
function _0xb393ef(_0x544eb0, _0x4f8666, _0x1b87a4) { return _0x255a4b[_0x348d('0xcc', 'nr&J') + 'H'](_0x544eb0, _0x4f8666) ^ _0x255a4b[_0x348d('0x4d', '^caq') + 'H'](~_0x544eb0, _0x1b87a4); }
function _0x2b4d2c(_0x49a82a, _0x263c37, _0x53bedb) { return _0x255a4b[_0x348d('0x121', '^caq') + 'u'](_0x255a4b[_0x348d('0x128', '01z4') + 'Y'](_0x49a82a, _0x263c37) ^ _0x255a4b[_0x348d('0x76', 'bgHV') + 'Y'](_0x49a82a, _0x53bedb), _0x263c37 & _0x53bedb); }
function _0x1a4bce(_0x2c5e0d) { return _0x255a4b[_0x348d('0x5b', 'bxDh') + 'E'](_0x255a4b[_0x348d('0x8d', 'Brcn') + 'E'](_0x533e87(_0x2c5e0d, 0x2), _0x533e87(_0x2c5e0d, 0xd)), _0x255a4b[_0x348d('0x78', '1oFq') + 'i'](_0x533e87, _0x2c5e0d, 0x16)); }
function _0x167b3f(_0x28595e) { return _0x255a4b[_0x348d('0x120', 'ENm)') + 'N'](_0x255a4b[_0x348d('0x11e', 'NRJ5') + 'y'](_0x533e87(_0x28595e, 0x6), _0x533e87(_0x28595e, 0xb)), _0x533e87(_0x28595e, 0x19)); }
function _0x275b5d(_0x2c9464) { return _0x255a4b[_0x348d('0x108', '^J5D') + 'y'](_0x255a4b[_0x348d('0x126', '^J5D') + 'S'](_0x533e87, _0x2c9464, 0x7) ^ _0x533e87(_0x2c9464, 0x12), _0x1e132e(_0x2c9464, 0x3)); }
function _0x4ea376(_0x52465c) { return _0x255a4b[_0x348d('0x7e', '$po5') + 'y'](_0x533e87(_0x52465c, 0x11), _0x255a4b[_0x348d('0xda', '@[DX') + 'g'](_0x533e87, _0x52465c, 0x13)) ^ _0x255a4b[_0x348d('0xa4', 'Rtgy') + 'l'](_0x1e132e, _0x52465c, 0xa); }
function _0x433ab7(_0x1e0fb4, _0x5d2f70) { var _0x8cc3f8 = new Array(0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, 0xe49b69c1, 0xefbe4786, 0xfc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x6ca6351, 0x14292967, 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2); var _0x541d06 = new Array(0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19); var _0x295ee3 = new Array(0x40); var _0x34bf1b, _0x53c533, _0x4d7983, _0x10c28f, _0x56e11c, _0x2cf5c7, _0x3f4858, _0x2eb53d, _0x4e51d8, _0x5d53ce; var _0x1e1699, _0x3aa3c1; _0x1e0fb4[_0x255a4b[_0x348d('0x45', '3X1r') + 'K'](_0x5d2f70, 0x5)] |= _0x255a4b[_0x348d('0xc0', 'AGXa') + 'R'](0x80, _0x255a4b[_0x348d('0x8a', '$po5') + 'e'](0x18, _0x5d2f70 % 0x20)); _0x1e0fb4[_0x255a4b[_0x348d('0xa', '[HWx') + 'R'](_0x5d2f70 + 0x40 >> 0x9, 0x4) + 0xf] = _0x5d2f70; for (var _0x4e51d8 = 0x0; _0x255a4b[_0x348d('0x119', 'yP5J') + 'a'](_0x4e51d8, _0x1e0fb4[_0x348d('0x8e', 'EKre') + 'th']); _0x4e51d8 += 0x10) { var _0x48ca56 = _0x255a4b[_0x348d('0x16', 'w!2h') + 'i'][_0x348d('0x2b', '1oFq') + 't']('|'); var _0xa15470 = 0x0; while (!![]) { switch (_0x48ca56[_0xa15470++]) { case'0': _0x541d06[0x4] = _0x3a38c9(_0x56e11c, _0x541d06[0x4]); continue; case'1': _0x541d06[0x3] = _0x3a38c9(_0x10c28f, _0x541d06[0x3]); continue; case'2': _0x541d06[0x6] = _0x255a4b[_0x348d('0xd8', 'Brcn') + 'l'](_0x3a38c9, _0x3f4858, _0x541d06[0x6]); continue; case'3': for (var _0x5d53ce = 0x0; _0x5d53ce < 0x40; _0x5d53ce++) { var _0x5da90d = _0x255a4b[_0x348d('0x7b', 'Brcn') + 'c'][_0x348d('0x4', 'jBZD') + 't']('|'); var _0x3ed8ab = 0x0; while (!![]) { switch (_0x5da90d[_0x3ed8ab++]) { case'0': _0x3f4858 = _0x2cf5c7; continue; case'1': if (_0x5d53ce < 0x10) _0x295ee3[_0x5d53ce] = _0x1e0fb4[_0x255a4b[_0x348d('0x89', 'Rtgy') + 'i'](_0x5d53ce, _0x4e51d8)]; else _0x295ee3[_0x5d53ce] = _0x3a38c9(_0x255a4b[_0x348d('0x5f', 'w!2h') + 'Y'](_0x3a38c9, _0x3a38c9(_0x4ea376(_0x295ee3[_0x255a4b[_0x348d('0x3a', 'yP5J') + 'Q'](_0x5d53ce, 0x2)]), _0x295ee3[_0x255a4b[_0x348d('0xdd', '%6S(') + 'Q'](_0x5d53ce, 0x7)]), _0x255a4b[_0x348d('0x11c', 'AGXa') + 's'](_0x275b5d, _0x295ee3[_0x5d53ce - 0xf])), _0x295ee3[_0x5d53ce - 0x10]); continue; case'2': _0x4d7983 = _0x53c533; continue; case'3': _0x34bf1b = _0x3a38c9(_0x1e1699, _0x3aa3c1); continue; case'4': _0x10c28f = _0x4d7983; continue; case'5': _0x1e1699 = _0x3a38c9(_0x255a4b[_0x348d('0xdb', 'eB[$') + 'Y'](_0x3a38c9, _0x255a4b[_0x348d('0x2a', '01z4') + 'Y'](_0x3a38c9, _0x255a4b[_0x348d('0x28', 'nU59') + 'T'](_0x3a38c9, _0x2eb53d, _0x167b3f(_0x56e11c)), _0xb393ef(_0x56e11c, _0x2cf5c7, _0x3f4858)), _0x8cc3f8[_0x5d53ce]), _0x295ee3[_0x5d53ce]); continue; case'6': _0x3aa3c1 = _0x255a4b[_0x348d('0x132', 'qo6P') + 'E'](_0x3a38c9, _0x255a4b[_0x348d('0x12f', 'AGXa') + 'F'](_0x1a4bce, _0x34bf1b), _0x2b4d2c(_0x34bf1b, _0x53c533, _0x4d7983)); continue; case'7': _0x56e11c = _0x3a38c9(_0x10c28f, _0x1e1699); continue; case'8': _0x2cf5c7 = _0x56e11c; continue; case'9': _0x53c533 = _0x34bf1b; continue; case'10': _0x2eb53d = _0x3f4858; continue; } break; } } continue; case'4': _0x541d06[0x0] = _0x3a38c9(_0x34bf1b, _0x541d06[0x0]); continue; case'5': _0x34bf1b = _0x541d06[0x0]; continue; case'6': _0x541d06[0x2] = _0x255a4b[_0x348d('0x6e', 'fe9y') + 'E'](_0x3a38c9, _0x4d7983, _0x541d06[0x2]); continue; case'7': _0x541d06[0x1] = _0x255a4b[_0x348d('0xbe', 'O0pG') + 'E'](_0x3a38c9, _0x53c533, _0x541d06[0x1]); continue; case'8': _0x2cf5c7 = _0x541d06[0x5]; continue; case'9': _0x2eb53d = _0x541d06[0x7]; continue; case'10': _0x10c28f = _0x541d06[0x3]; continue; case'11': _0x53c533 = _0x541d06[0x1]; continue; case'12': _0x56e11c = _0x541d06[0x4]; continue; case'13': _0x541d06[0x7] = _0x3a38c9(_0x2eb53d, _0x541d06[0x7]); continue; case'14': _0x3f4858 = _0x541d06[0x6]; continue; case'15': _0x541d06[0x5] = _0x255a4b[_0x348d('0x84', '0]K5') + 'C'](_0x3a38c9, _0x2cf5c7, _0x541d06[0x5]); continue; case'16': _0x4d7983 = _0x541d06[0x2]; continue; } break; } } return _0x541d06; }
function _0x2ecdbe(_0x581fc6) { var _0x31c6c5 = Array(); var _0x9816b5 = _0x255a4b[_0x348d('0x9d', 'NRJ5') + 'I'](0x1 << _0xf3f8f4, 0x1); for (var _0x1dfe33 = 0x0; _0x255a4b[_0x348d('0xad', 'w!2h') + 'a'](_0x1dfe33, _0x581fc6[_0x348d('0x11a', '[HWx') + 'th'] * _0xf3f8f4); _0x1dfe33 += _0xf3f8f4) { _0x31c6c5[_0x1dfe33 >> 0x5] |= _0x255a4b[_0x348d('0xc2', 'ENm)') + 's'](_0x581fc6[_0x348d('0x9f', 'YMlY') + _0x348d('0xfc', '%6S(') + 'At'](_0x255a4b[_0x348d('0x6b', 'EKre') + 'n'](_0x1dfe33, _0xf3f8f4)) & _0x9816b5, 0x18 - _0x255a4b[_0x348d('0x30', 'ENm)') + 'd'](_0x1dfe33, 0x20)); } return _0x31c6c5; }
function _0x5ebc0f(_0x4a3744) { var _0x17ff73 = new RegExp('x0a', 'g'); _0x4a3744 = _0x4a3744[_0x348d('0x70', 'G#nw') + _0x348d('0xb1', 'eB[$')](_0x17ff73, 'x0a'); var _0x5aae16 = ''; for (var _0x218d22 = 0x0; _0x255a4b[_0x348d('0xc6', 'Brcn') + 'u'](_0x218d22, _0x4a3744[_0x348d('0xc4', 'nU59') + 'th']); _0x218d22++) { var _0x337590 = _0x4a3744[_0x348d('0x38', 'bgHV') + _0x348d('0x10c', '4Hrm') + 'At'](_0x218d22); if (_0x337590 < 0x80) { _0x5aae16 += String[_0x348d('0x64', '$)5g') + _0x348d('0x98', 'FVwu') + _0x348d('0xe5', 'ENm)')](_0x337590); } else if (_0x255a4b[_0x348d('0x5d', '$)5g') + 'o'](_0x337590, 0x7f) && _0x337590 < 0x800) { _0x5aae16 += String[_0x348d('0x60', 'hqry') + _0x348d('0x8', 'hqry') + _0x348d('0x0', 'ZSd[')](_0x255a4b[_0x348d('0x86', 'ENm)') + 'j'](_0x337590, 0x6) | 0xc0); _0x5aae16 += String[_0x348d('0x64', '$)5g') + _0x348d('0x117', 'jBZD') + _0x348d('0x13', 'AGXa')](_0x255a4b[_0x348d('0x10', 'Brcn') + 'a'](_0x255a4b[_0x348d('0x12e', 'py]l') + 'Y'](_0x337590, 0x3f), 0x80)); } else { _0x5aae16 += String[_0x348d('0x12b', 'kPfA') + _0x348d('0xd3', 'nU59') + _0x348d('0x41', 'nr&J')](_0x255a4b[_0x348d('0x92', 'yP5J') + 'A'](_0x255a4b[_0x348d('0xca', '(FPo') + 'j'](_0x337590, 0xc), 0xe0)); _0x5aae16 += String[_0x348d('0x3b', '^J5D') + _0x348d('0xc5', 'U5T%') + _0x348d('0x5a', '$po5')](_0x255a4b[_0x348d('0xf0', 'py]l') + 'U'](_0x255a4b[_0x348d('0x11d', '0]K5') + 'j'](_0x337590, 0x6), 0x3f) | 0x80); _0x5aae16 += String[_0x348d('0x49', 'w!2h') + _0x348d('0xaa', 'zRV7') + _0x348d('0x13', 'AGXa')](_0x255a4b[_0x348d('0x34', 'jBZD') + 'A'](_0x337590 & 0x3f, 0x80)); } } return _0x5aae16; }
function _0x4ec834(_0x267d4a) { var _0x39a464 = _0x44611d ? _0x255a4b[_0x348d('0x10b', '(FPo') + 'J'] : _0x255a4b[_0x348d('0x91', 'ylod') + 'K']; var _0x32460f = ''; for (var _0x1babeb = 0x0; _0x1babeb < _0x267d4a[_0x348d('0xf8', 'py]l') + 'th'] * 0x4; _0x1babeb++) { _0x32460f += _0x255a4b[_0x348d('0x124', 'w!2h') + 'i'](_0x39a464[_0x348d('0x27', 'm%Fh') + 'At'](_0x267d4a[_0x255a4b[_0x348d('0x15', 'FnP1') + 'j'](_0x1babeb, 0x2)] >> _0x255a4b[_0x348d('0xee', '%6S(') + 'y'](0x3, _0x255a4b[_0x348d('0x51', 'ENm)') + 'v'](_0x1babeb, 0x4)) * 0x8 + 0x4 & 0xf), _0x39a464[_0x348d('0x109', 'EKre') + 'At'](_0x255a4b[_0x348d('0xea', 'fe9y') + 'U'](_0x267d4a[_0x255a4b[_0x348d('0xeb', '1oFq') + 'g'](_0x1babeb, 0x2)] >> _0x255a4b[_0x348d('0xb0', 'U5T%') + 'O'](_0x255a4b[_0x348d('0x50', 'AGXa') + 'z'](0x3, _0x255a4b[_0x348d('0x54', '^J5D') + 'z'](_0x1babeb, 0x4)), 0x8), 0xf))); } return _0x32460f; }
_0x18974e = _0x5ebc0f(_0x18974e); return _0x4ec834(_0x255a4b[_0x348d('0xd0', 'ylod') + 'Q'](_0x433ab7, _0x255a4b[_0x348d('0xa2', '3X1r') + 'C'](_0x2ecdbe, _0x18974e), _0x255a4b[_0x348d('0xcd', 'AGXa') + 't'](_0x18974e[_0x348d('0xb6', '0]K5') + 'th'], _0xf3f8f4)));};
function go(_0x5cea20) { var _0x19ceb1 = {}; _0x19ceb1[_0x348d('0x59', 'AGXa') + 'R'] = _0x348d('0x9a', 'EKre') + 'i'; _0x19ceb1[_0x348d('0x75', '@[DX') + 'm'] = function (_0x241cf8, _0xd2c906) { return _0x241cf8 < _0xd2c906; }; _0x19ceb1[_0x348d('0xdf', 'EKre') + 'H'] = function (_0x5b0ba5, _0x2799b7) { return _0x5b0ba5 != _0x2799b7; }; _0x19ceb1[_0x348d('0x71', 'U5T%') + 'h'] = function (_0x370d9d, _0x11a897) { return _0x370d9d !== _0x11a897; }; _0x19ceb1[_0x348d('0x2f', 'EKre') + 'K'] = _0x348d('0x104', 'GVpO') + 'A'; _0x19ceb1[_0x348d('0x19', '01z4') + 'l'] = function (_0x44efce, _0x6a1f54) { return _0x44efce < _0x6a1f54; }; _0x19ceb1[_0x348d('0x115', '$po5') + 'V'] = function (_0x109193, _0x5e7c21) { return _0x109193 + _0x5e7c21; }; _0x19ceb1[_0x348d('0xbb', '[HWx') + 'f'] = function (_0xb576bc, _0x24c17c) { return _0xb576bc >>> _0x24c17c; }; _0x19ceb1[_0x348d('0x123', '4Hrm') + 'B'] = function (_0x1be6ab, _0x6821d3) { return _0x1be6ab << _0x6821d3; }; _0x19ceb1[_0x348d('0xcf', 'U5T%') + 'g'] = function (_0x19f152, _0x5ebfb1) { return _0x19f152 - _0x5ebfb1; }; _0x19ceb1[_0x348d('0x87', 'm%Fh') + 'r'] = function (_0x4bc5cd, _0xca45e4) { return _0x4bc5cd + _0xca45e4; }; _0x19ceb1[_0x348d('0x7a', 'nU59') + 'q'] = _0x348d('0x11f', 'zRV7') + _0x348d('0xf1', '$po5') + 'x20/'; _0x19ceb1[_0x348d('0x56', '[HWx') + 'h'] = _0x348d('0x79', '^J5D') + 'A'; _0x19ceb1[_0x348d('0x39', 'nU59') + 'U'] = function (_0x1d5ecb, _0x2045f0) { return _0x1d5ecb(_0x2045f0); }; _0x19ceb1[_0x348d('0xd4', 'ZSd[') + 'b'] = _0x348d('0x5e', 'jBZD') + 'q'; var _0x92a453 = _0x19ceb1;
function _0x32e6e3() { if (_0x348d('0x6c', 'O0pG') + 'j' === _0x92a453[_0x348d('0xb4', 'Brcn') + 'R']) { return; } else { var _0x5afd8f = window[_0x348d('0x82', '3X1r') + _0x348d('0x9b', 'ENm)') + 'r'][_0x348d('0xa0', '!jdL') + _0x348d('0x62', 'w!2h') + 't'], _0x39bd45 = [_0x348d('0xb9', 'NRJ5') + _0x348d('0x9c', '4Hrm')]; for (var _0x1a5e00 = 0x0; _0x92a453[_0x348d('0x25', 'G#nw') + 'm'](_0x1a5e00, _0x39bd45[_0x348d('0x1f', 'U5T%') + 'th']); _0x1a5e00++) { if (_0x92a453[_0x348d('0x10a', '01z4') + 'H'](_0x5afd8f[_0x348d('0xe9', 'jBZD') + _0x348d('0xb8', 'Rtgy')](_0x39bd45[_0x1a5e00]), -0x1)) { return !![]; } } if (window[_0x348d('0xf2', 'O0pG') + _0x348d('0x69', 'kPfA') + _0x348d('0x58', '^J5D')] || window[_0x348d('0x55', '!jdL') + _0x348d('0x21', 'bxDh')] || window[_0x348d('0x102', 'ZSd[') + _0x348d('0xbc', '$)5g')] || window[_0x348d('0x107', 'O0pG') + _0x348d('0xb', 'Rtgy') + 'r'][_0x348d('0x1b', '01z4') + _0x348d('0x12a', 'nr&J') + 'r'] || window[_0x348d('0x112', 'ENm)') + _0x348d('0x100', 'bgHV') + 'r'][_0x348d('0xb5', '[HWx') + _0x348d('0x1c', 'O0pG') + _0x348d('0x11', 'bxDh') + _0x348d('0x66', 'S3^t') + 'e'] || window[_0x348d('0xf9', 'bxDh') + _0x348d('0x22', 'ZSd[') + 'r'][_0x348d('0xfb', 'AGXa') + _0x348d('0x77', 'FnP1') + _0x348d('0x7c', 'zRV7') + _0x348d('0xd9', 'G#nw') + _0x348d('0xc', 'YMlY')]) { return !![]; } } }; if (_0x32e6e3()) { return; } var _0x5ec855 = new Date();
function _0x4a5800(_0x487efe, _0x389ac6) { var _0x246487 = _0x5cea20[_0x348d('0x93', 'AGXa') + 's'][_0x348d('0x29', '^J5D') + 'th']; for (var _0xcf6732 = 0x0; _0x92a453[_0x348d('0x63', 'orhZ') + 'm'](_0xcf6732, _0x246487); _0xcf6732++) { if (_0x92a453[_0x348d('0x90', '^caq') + 'h'](_0x348d('0xa8', '0]K5') + 'A', _0x92a453[_0x348d('0x7d', 'NRJ5') + 'K'])) { return !![]; } else { for (var _0x5aad4f = 0x0; _0x92a453[_0x348d('0x9', 'kPfA') + 'l'](_0x5aad4f, _0x246487); _0x5aad4f++) { var _0x4ddf38 = _0x92a453[_0x348d('0xa6', '@[DX') + 'V'](_0x389ac6[0x0], _0x5cea20[_0x348d('0xfa', '%6S(') + 's'][_0x348d('0x4a', 'yolJ') + 'tr'](_0xcf6732, 0x1)) + _0x5cea20[_0x348d('0xc8', 'ylod') + 's'][_0x348d('0xba', 'S3^t') + 'tr'](_0x5aad4f, 0x1) + _0x389ac6[0x1]; if (hash(_0x4ddf38) == _0x487efe) { return _0x4ddf38; } } } } }; var _0x7ef8a3 = _0x4a5800(_0x5cea20['ct'], _0x5cea20[_0x348d('0xe8', 'ENm)')]); return _0x7ef8a3;};
const data = { "bts": ["1680689291.03|0|wOcr", "3TzkKwfJAARP6mGt0%2FYOQ%3D"], "chars": "FbrIrYPARG11IQIDgBSMuI", "ct": "d1559831de206f2384083e9f0a4f391778996e6607e50b0c08ca11d098336b64", "ha": "md5", "tn": "__jsl_clearance_s", "vt": "3600", "wt": "1500"};
function getCookies(_0x238288) { var __jsl_clearance_s = go(_0x238288) return {'__jsl_clearance_s': __jsl_clearance_s};};cookies = getCookies(data);console.log(cookies);

10、接下来编辑 python 代码,调用刚刚写好的 js 代码,输出截图如下:

某安网别逆向,一不小心就......

总结:此刻首页截图完美输出内容,就在我以为本次逆向已经结束的时刻,我再发送多次请求,结果翻车了,有的请求还是返回如下截图:

某安网别逆向,一不小心就......

11、经过分析后,我定位到了问题,每次 521 第二次请求返回的 json 数据中,会携带当前参数执行 sha1、md5、sha256 等方式的加密标记,截图如下:

某安网别逆向,一不小心就......

12、问题定位后,我们只需要将所有的加密方法实现一下即可,最后完整 js 加密部分代码如下图所示:(可以在上面 js 代码中替换这块加密即可)

某安网别逆向,一不小心就......

13、最后附上 python 完整代码,相关敏感参数已经过滤:

# -*- coding: utf-8 -*-# --------------------------------------# @author : 逆向与爬虫的故事# @time   : 2023.04.05 19:49:44# --------------------------------------import jsonimport refrom typing import Dict
import execjsimport requestsfrom requests import Sessionfrom parsel import Selector

class GovSpider(object):
def __init__(self): self.url: str = "https://xxxx/index.html" self.headers: Dict[str, str] = { 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7', 'Accept-Language': 'zh-CN,zh;q=0.9', 'Cache-Control': 'no-cache', 'Connection': 'keep-alive', 'Pragma': 'no-cache', 'Sec-Fetch-Dest': 'document', 'Sec-Fetch-Mode': 'navigate', 'Sec-Fetch-Site': 'none', 'Sec-Fetch-User': '?1', 'Upgrade-Insecure-Requests': '1', 'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36', 'sec-ch-ua': '"Google Chrome";v="111", "Not(A:Brand";v="8", "Chromium";v="111"', 'sec-ch-ua-mobile': '?0', 'sec-ch-ua-platform': '"macOS"', } self.session: Session = requests.Session() self.js = self.js_load()
def js_load(self): with open('encrypt.js', 'r', encoding='utf-8') as f: jsl_js = f.read() result = execjs.compile(jsl_js) return result
def get_cookies(self) -> Dict[str, str]: first_cookies = self.get_first_cookies() cookies = self.get_second_cookies(first_cookies) return cookies
def get_first_cookies(self) -> Dict[str, str]: response = self.session.get(url=self.url, headers=self.headers) pattern = re.compile('<script>document.cookie=(.*?);location', re.S) js = re.findall(pattern, response.text)[0] jsl_clearance_s = execjs.eval(js).split(';')[0] first_cookies = jsl_clearance_s.split("=") cookies = { "__jsl_clearance_s": first_cookies[1], "__jsluid_s": response.cookies.get("__jsluid_s"), } return cookies
def get_second_cookies(self, first_cookies: Dict[str, str]): response = requests.get(url=self.url, headers=self.headers, cookies=first_cookies) data_str = re.findall(';go((.*?))</script>', response.text)[0] data = json.loads(data_str) cookies = self.js.call('getCookies', data) cookies['__jsluid_s'] = first_cookies['__jsluid_s'] return cookies
def start_requests(self): cookies = self.get_cookies() res = self.session.get(url=self.url, headers=self.headers, cookies=cookies) res.encoding = 'utf-8' response = Selector(res.text) print(response.xpath("//text()").extract())

if __name__ == '__main__': cs = GovSpider() cs.start_requests()

总结:本篇文章分析到这里就结束了,我们已经能够还原该网站 cookie 加密参数了,小明遇到的难题我们已经完美解决,整篇文章字数有点多,感谢大家耐心观看❤️



五、思路总结


回顾整个分析流程,本次难点主要概括为以下几点:


  • 如何快速确定加密参数
  • 合理使用各种分析工具
  • Js 代码补环境及运行成功
  • Python 代码流程输出
  • 对混淆的 Js 代码还原分析
  • 熟练掌握加密方法及运算

本篇分享到这里就结束了,欢迎大家关注下期,我们不见不散☀️☀️😊

某安网别逆向,一不小心就......

欢迎大家加入我的知识星球「ChatGPT&AI变现圈」(详情请戳:知识星球:ChatGPT&AI 变现圈,正式上线!):

某安网别逆向,一不小心就......


某安网别逆向,一不小心就......

END

某安网别逆向,一不小心就......

作者简介

我是TheWeiJun有着执着的追求,信奉终身成长,不定义自己,热爱技术但不拘泥于技术,爱好分享,喜欢读书和乐于结交朋友,欢迎加我微信与我交朋友。
分享日常学习中关于爬虫、逆向和分析的一些思路,文中若有错误的地方,欢迎大家多多交流指正☀️
某安网别逆向,一不小心就......

某安网别逆向,一不小心就......

点分享

某安网别逆向,一不小心就......

点收藏

某安网别逆向,一不小心就......

点点赞

某安网别逆向,一不小心就......

点在看

  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2023年5月11日02:22:10
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   某安网别逆向,一不小心就......https://cn-sec.com/archives/1725328.html

发表评论

匿名网友 填写信息