前言
此次对某tap网站的评论进行逆向分析。其中将js算法改写为python类型的算法。
逆向目标-某tap评论
逆向首页:aHR0cHM6Ly93d3cudGFwdGFwLmNuL21vbWVudC80MzM3MjcxMjg5NzA3MjU4MTY=
参数逆向
-
打开调试页面,清空抓包记录 ![某tap评论-算法改写]( "【逆向系列】26-某tap评论-算法改写")
-
打开全局搜索面板 ![某tap评论-算法改写]( "【逆向系列】26-某tap评论-算法改写")
-
全局搜索arg1 ![某tap评论-算法改写]( "【逆向系列】26-某tap评论-算法改写")
-
复制逆向代码
js代码分析
1.环境检测代码
2.以上的所说的代码可以去掉
3.cookie设置代码
4.除去以上的代码其余的代码都是核心代码
5.将其中变量名进行解混淆
6.在_0x4818函数内,任意位置进行debugger,然后刷新网页
7.最终解析出来的代码
function _0x4818(arg1) {
var posList = [15, 35, 29, 24, 33, 16, 1, 38, 10, 9, 19, 31, 40, 27, 22, 23, 25, 13, 6, 11, 39, 18, 20, 8, 14, 21, 32, 26, 2, 30, 7, 4, 17, 5, 3, 28, 34, 37, 12, 36];
var mask = '3000176000856006061501533003690027800375';
var outPutList = [];
var arg2 = "";
var arg3 = "";
for (var i = 0; i < arg1['length']; i++) {
var this_i = arg1[i];
for (var j = 0; j < posList['length']; j++) {
if (posList[j] == i + 1) {
outPutList[j] = this_i
}
}
}
arg2 = outPutList['join']("");
for (var i = 0; i < arg2['length'] && i < mask['length']; i += 2) {
var GxjQsM = '1|4|3|0|2'['split']("|")
, QoWazb = 0;
while (!![]) {
switch (GxjQsM[QoWazb++]) {
case "0":
if (xorChar['length'] == 1) {
xorChar = "0" + xorChar
}
continue;
case "1":
var strChar = parseInt(arg2['slice'](i, i + 2), 16);
continue;
case "2":
arg3 += xorChar;
continue;
case "3":
var xorChar = (strChar ^ maskChar)['toString'](16);
continue;
case "4":
var maskChar = parseInt(mask['slice'](i, i + 2), 16);
continue
}
break
}
}
}
8.其中传入的arg1参数在: aHR0cHM6Ly93d3cudGFwdGFwLmNuL21vbWVudC80MzM3MjcxMjg5NzA3MjU4MTY=正常请求时,如果身份认证错误,则会有:<html><script>nvar arg1='E939729E7C80B456232A816D7674E240DB417F72'
9.测试结果:
js算法改写为python代码
基于js改写的算法
import random
import re
import time
try:
import execjs
except:
pass
import pandas as pd
import requestsclass GetComment:
def __init__(self, referer):
脱敏处理
def get_acw_sc_js(self, arg1):
result = execjs.compile(self.js_code).call("white", arg1)
print("js加密结果>" + result)
return result
def get_acw_sc_py(self, arg1):
posList = [15, 35, 29, 24, 33, 16, 1, 38, 10, 9, 19, 31, 40, 27, 22, 23, 25, 13, 6, 11, 39, 18, 20, 8, 14, 21,
32,
26, 2, 30, 7, 4, 17, 5, 3, 28, 34, 37, 12, 36]
mask = '3000176000856006061501533003690027800375'
outPutList = [None] * len(arg1)
arg3 = ""
for i in range(len(arg1)):
this_i = arg1[i]
for j in range(len(posList)):
if posList[j] == i + 1:
outPutList[j] = this_i
arg2 = "".join(outPutList)
for i in range(0, len(mask), 2):
GxjQsM = '1|4|3|0|2'.split("|")
for QoWazb in range(len(GxjQsM)):
tmp_var = GxjQsM[QoWazb]
if tmp_var == "0":
if len(xorChar) == 1:
xorChar = "0" + xorChar
elif tmp_var == "1":
strChar = int(arg2[i:i + 2], 16)
elif tmp_var == "2":
arg3 += xorChar
elif tmp_var == "3":
xorChar = hex(strChar ^ maskChar)
if len(xorChar) != 4:
xorChar = "0" + xorChar[-1:]
else:
xorChar = xorChar[-2:]
elif tmp_var == "4":
maskChar = int(mask[i:i + 2], 16)
print("py加密结果>" + arg3)
return arg3
def response(self, params):
脱敏处理
def get_comment(self, data):
脱敏处理
def run(self, page):
脱敏处理
if __name__ == '__main__':
referfer = "https://脱敏处理433727128970725816"
page = 21
c = GetComment(referfer)
result = c.run(page)
成功示例图:
相关代码已开源:
https://github.com/puboop/reverse/
原文始发于微信公众号(律图拟项):【逆向系列】26-某tap评论-算法改写
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论