iwencai網站實戰
url:http://iwencai.com/unifiedwap/home/index
開啟開發者工具,在搜尋框中隨便輸入關鍵詞,看流量包。
(如果想將開發者工具的位置進行變換的,可以點選三個點進行切換)
只有一條資料包,看看請求資料和響應資料。
請求頭中有一個特殊的Hexin-V,它的值與Cookie中的v的值一樣,這個值很明顯是被加密過的;響應資料包中全是明文。所以我們的目標就是搞清楚Hexin-V的值是怎麼生成的。由於該值會賦值到cookie中,可以採用hook技術,這裡先介紹一個google外掛。
安裝好之後,有以下幾個功能,我們勾選Hook SetCookie,除錯的時候就會停在給cookie賦值的地方。
重新整理頁面(ctrl+shift+r),停在瞭如下處。
但不是給v變數賦值,繼續放,一直放到能看到那串加密的資料。
這時候我們就需要往上找,看這串加密的資料是如何加密的。檢視呼叫棧,一個一個往上找。
還是加密的,繼續向上找。
這裡的n變數是透過rt.update()函式生成的,去看具體程式碼實現。
主要的實現程式碼在O函式里,發現裡面全是在呼叫函式,所以取巧的辦法是可以把相關的js程式碼全部弄下來,這樣就不用理解它的實現邏輯了。
D函式和O函式是同一級別的,看下它們在哪個函式下面。
在一個自執行函式下面,把這個自執行函式的程式碼收一下,就可以看到清晰的邏輯。
變數rt就是自執行函式里的變數n,所以給n賦值也就相當於給rt賦值。從下面這行程式碼也能得到D函式確實是給rt更新賦值的。
將整個自執行函式複製下來,執行一下,報錯了。
e沒定義,往上找。
這四行程式碼也複製下來,又發現上面還有一個更大的自執行函式。
把程式碼收一下,看一下邏輯。
這樣子就可以看到n的值是一個列表,那麼r、e、a三個的值也就是這個了。把作用域最大的這個自執行函式複製下來,到目前位置,js程式碼如下:
點選檢視程式碼
!function (n, t) {
var r, e, a;
r = e = a = n;
var u, c, s;
u = c = s = t;
var rt;
!function (n) {
var t = e[87], o = a[8], i = e[8], f = s[215], l = r[52], p = s[0], d = parseInt(c[216], u[122]), h = e[86],
g = u[217], w = u[123], m = e[165], I = parseInt(t + En, c[122]), y = parseInt(a[79], a[82]), _ = c[218],
C = parseInt(a[193], e[82]), E = parseInt(o + i, r[78]), A = parseInt(u[219], s[122]),
b = parseInt(f + An, s[106]), T = parseInt(r[194], s[106]), B = parseInt(ot(s[220], e[195]), r[82]),
R = parseInt(e[196], u[122]), k = parseInt(e[197], a[78]), S;
function P() {
var n = s[0]
, t = r[88]
, e = parseInt(u[13], c[122])
, a = s[217];
S = new qn([a, a, a, a, n, n, n, e, t, t, t, t, t, t, t, a, t, n]),
S[p] = Jn.serverTimeNow(),
M(),
S[B] = Vn,
S[k] = Un,
S[R] = c[2],
S[h] = Jn.strhash(navigator.userAgent),
S[b] = tt.getBrowserFeature(),
S[g] = tt.getPlatform(),
S[w] = tt.getBrowserIndex(),
S[m] = tt.getPluginNum()
}
function M() {
var n = Qn.getCookie(Fn) || Zn.get(jn);
if (n && n[s[111]] == parseInt(c[221], e[93])) {
var t = zn.decode(n);
if (t && (S.decodeBuffer(t),
S[l] != s[2]))
return
}
S[l] = Jn.random()
}
function O() {
S[R]++,
S[p] = Jn.serverTimeNow(),
S[d] = Jn.timeNow(),
S[B] = Vn,
S[I] = nt.getMouseMove(),
S[y] = nt.getMouseClick(),
S[_] = nt.getMouseWhell(),
S[C] = nt.getKeyDown(),
S[E] = nt.getClickPos().x,
S[A] = nt.getClickPos().y;
var n = S.toBuffer();
return zn.encode(n)
}
n[e[57]] = P;
function D() {
return O()
}
n[v(an, a[198], r[199])] = D
}(rt || (rt = {}));
}(["", 9527, String, Boolean, "eh", "ad", "Bu", "ileds", "1", "\b", Array, "7", "base", "64De", "\u2543\u252b", "etatS", "pa", "e", "FromUrl", "getOrigi", "nFromUrl", "\u255b\u253e", "b?\x18q)", "ic", "k", "sted", "he", "wser", "oNo", "ckw", "ent", "hst", "^And", "RM", "systemL", 5, "\u255f\u0978\u095b\u09f5", "TR8", "!'", "gth", "er", "TP", 83, "r", !0, "v", "v-nixeh", RegExp, "thsi.cn", 'K\x19"]K^xVV', "KXxAPD?\x1b[Y", document, 0, "allow", 1, "; ", "length", "Init", "=", "; domain=", "checkcookie", !1, "eikooCled", "tnemucod", "d", window, "\u2553\u0972\u0959\u09e4\u09bd\u0938\u0980\u09c5\u09b1\u09d1\u09a7\u09dc\u09dd\u09d3\u09c2", "\u2556\u0979\u095e\u09d3\u09b5\u0935\u098f\u09c7\u099d\u09d2\u09b0", 23, "l$P$~", "frames", "ducument", "ydob", "documentElement", "del", "@[\\]^`{|}~]", "base_fileds", "255", 10, "10", 39, "\u2547\u2535\u255a\u252e\u2541\u2535\u254c\u253c\u2559", 8, "4", "3", "de", 3, "11", 2, "203", "22", "111111", "3f", 16, "\x0f", "\u2506\u2537\u2507\u2537", "11111111", "base64Encode", "v\x1d", "ati", "WY", "te", "bo", "rs", "getHost", Date, "{DF", ":", "^{.*}$", "WU<P[C", 52, "1001", "href", "1111101010", "redirect_url", "^\\s*(?:https?:)?\\/{2,}([^\\/\\?\\#\\\\]+)", "i", "\u256c\u252c\u2516\u254b", "@", "ready", "change", "dy", 7, "protocol", "//s.thsi.cn/js/chameleon/time.1", "onerror", "2000", "readyState", null, "^(\\d+\\.)+\\d+$", "^\\s*(?:(https?:))?\\/{2,}([^\\/\\?\\#\\\\]+)", ".", "strToBytes", "isIPAddr", "serverTimeNow", "addEventListener", "th", "wh", "Scro", "mousemove", 55, "evomhcuot", "[[?PVC\x0e", "getMouseMove", '_R"xWB%Po_3YT', "getMouseClick", "ght", "gin", "msD", "ack", "\u2556\u096b\u095f", "Nativ", "^A", "MozSettingsEvent", "safari", "ActiveXObject", "postMessage", "Uint8Array", "WeakMap", "Google Inc.", "vendor", "chrome", "python", "sgAppName", "JX", 6, "me", "LBBROWSER", "w4", "2345Explorer", "TheWorld", "\u2544", 40, "tTr", "\u2506", "navigator", "webdriver", "languages", "taborcA|FDP", "\u2541\u097c\u0949", 95, "1e0", "e Cli", "iso-8859-1", "defaultCharset", "localStorage", "^Win64", "^Linux armv|Android", "^iPhone", "^iPad", "B_{VV", "getPluginNum", "getBrowserFeature", "12", "16", "sE", "10000", "17", "\u2542\u2532\u2556\u2537\u2543\u2526", "\x1cx`R", 2333, "XMLH", "ers", "0", "lo", 57, "ylppa", "error", "target", "click", "unload", "HE9AWT9Y", "\\.", "c?", "$", "/", "fetch", "prototype", "url", "\u2556\u0971\u0956\u09fe\u09a7", "headers", "\u256b\u2554", 79, "?", "^(.*?):[ \\t]*([^\\r\\n]*)\\r?$", "gm", "s", "src", "analysisRst", "\u255e\u0973\u0949\u09f4\u09a2\u0929\u09ac\u09d4\u0992\u09d2\u09b0\u09d4", "appendChild", "Y", "jsonp_ignore", "^", 70, "421", "XH>a", "\u2574\u253c\u257d\u2530\u2575\u2539\u257c\u2533\u257d\u2522\u256e\u2521\u2560\u2524\u2561\u2525", "CHAMELEON_LOADED"], [1, "", 0, "he", "ad", 29, "\x180G\x1f", "?>=<;:\\\\/,+", "ng", "to", "ff", Number, Error, "11", "6", "er", "ro", "code", "co", "_?L", "ed", "@S\x15D*", Object, "len", "gth", "on", "lo", RegExp, "ySta", 13, "eel", "ee", "ouse", "ll", "\u2544\u2530\u2555\u2531", "FCm-", "isTru", "getC", "Pos", "ve", "or", "ae", "^", "On", "Sho", "can", "ont", "roid", "anguage", "\u2502", "ta", "tna", Date, "3", "am", "e", "n+", "f80", "\x1dD", 6, "\u255f\u253a\u2542\u252b\u2545\u2568\u251e", "KCABLLAC_NOELEMAHC", "X-Antispider-Message", 3, ".baidu.", Function, document, !0, "cookie", "; ", "=", 96, "\u255b\u253e\u2550\u2537\u2543\u252b", "\u250c\u252c\u255c\u253d\u2549\u2521\u251c", ";O", "; expires=", "getCookie", "Thu, 01 Jan 1970 00:00:00 GMT", "setCookie", "Z\x18|", "i", "\u255b\u2534\u2557\u2536\u255a\u2509\u257d\u2512\u2560\u2501\u2566\u2503", 52, window, 10, "Init", !1, "set", "v", "eliflmth", '<script>document.w=window<\/script><iframe src="/favicon.icon"></iframe>', "iS.p", "head", "#default#userData", "get", "[!\"#$%&'()*", "g", "^d", "$D", "\u2568\u2537\u2568\u254c\u256a", "]\\P", "___", "le", "th", "prototype", "base_f", 8, "\\R5Z\\R\x14@^Q3G", "ZV%PgQ?Y]S%", 67, "r", "length", "0", 16, "12", "\u2576\u095f\u0979\u09d5\u0995\u091b\u09a9\u09f9\u09bd\u09f7\u0989\u09fd\u09f5\u09f3\u09f9\u0a41\u0a4d\u098f\u0999\u0905\u0975\u09cb\u09a9\u09a9\u099d\u0927\u0933\u0913\u0a6b\u0999\u09a3\u0937\u098b\u09f5\u0933\u0a7b\u091b\u09b1\u0a63\u095f\u09fb\u094d\u0993\u0943\u092b\u0949\u09a3\u09e7\u09cb\u0925\u0993\u09ab\u09f0\u092c\u092c\u0942\u0950\u09c8\u0944\u09c6\u0990\u0944\u09cb\u098e", "i,", "\u2505\u092f", 12, 56, "20", "1000", 2, 5, "11111111", "encode", "\u255b\u0972\u0959", "\u2519", "s", "WY$PYS", "ystate", "1111101000", / /g, ",", "\u250d", '^".*"$', "edoc_sutats", "status_code", "location", "redirect_url", "href", "4294967295", "j", "1200000", "script", "src", "onreadystatechange", "read", "loaded", "readyState", "complete", "interactive", "onload", "undefined", "\\.com\\.cn$|\\.com\\.hk$", ".", "getServerTime", 'YY7YAD?FjD"', "strhash", "random", "getRootDomain", "booleanToDecimal", "timeNow", "\u2559\u253e", "eventBind", "onwh", "\u255b", 46, "DOMM", "cl", "T^5^", "div", "onmousewheel", "mousewheel", 51, "keydown", "clientY", "getKeyDown", "ch", "plu", "\u2543\u252b", "ouc", "art", "^i", "Po", "callPhantom", "max", "Hei", "ActiveXObject", "nd", "yG&Y]\x17\x15ZUG#A]Ez\x15qY5\x1b", "\u2576\u097e\u094e\u09f8\u09a6\u0938\u09b6\u09fe\u0996\u09d7\u09a7\u09d2\u09cc", "Maxthon", "Q", "opr", "chrome", "BIDUBrowser", "QQBro", "[_$ZUR", "UBrowser", "MSGesture", "plugins", "doNotTrack", "ShockwaveFlash.ShockwaveFlash", "]C|\x18", "webgl2", "platform", "name", "^Win32", "^MacIntel", "^Linux [ix]\\d+", "^BlackBerry", "language", "getPlatform", "getBrowserIndex", "1", "10", 4, 9, "1100", "\t\0", "3c", 256, "w", "TTP", "et", "c", "al", "\u255e", "base", "\u2569\u0975\u094e\u09e5\u09a0\u092e\u09d1\u09ed\u09ce", "target", "fh%PTQr", "#", "\u255f\u097c\u0949\u09f9", 97, "rg", "tnemelEcrs", "fn_Ws", "parentNode", "tagName", "A", "submit", "PX%", "me", "host", "\\.?", "d\x19", "Fri, 01 Feb 2050 00:00:00 GMT", "]E%", "toString", "[object Request]", "headers", 83, "&", encodeURIComponent, "open", "getAllResponseHeaders", "4", "tseuqeRpttHLMX", "Window", "\u2564\u095e", "RI", "\u2550\u0953", "(YaZ", "_", "_str", "V587"]);
執行,發現沒定義document。
所以我們得在自執行函式的外面定義一個document,var document = {};
再執行,沒定義window。
那就再補個window的定義。var window = {};。執行,沒定義En。
去前端程式碼中找。
把整個定義變數的語句都複製出來,再執行,沒定義Wn。
執行的時候,只要碰到xxx is not defined只需要找到定義補齊即可。下面出現這種錯誤的地方我就不一一找了,注意,複製出來的程式碼的順序跟前端的程式碼順序一致即可。
到目前位置,程式碼如下:
點選檢視程式碼
var document = {};
var window = {};
var test= this;
!function (n, t) {
!function () {
var r, e, a;
r = e = a = n;
var u, c, s;
u = c = s = t;
function v() {
var n = arguments[s[0]];
if (!n)
return r[0];
for (var t = u[1], o = a[1], i = c[2]; i < n.length; i++) {
var v = n.charCodeAt(i)
, f = v ^ o;
o = v,
t += e[2].fromCharCode(f)
}
return t
}
var f = c[3]
, l = s[4]
, p = Wn(e[3], r[4], s[5])
, d = a[5]
, h = Wn(c[6], s[7])
, g = c[8]
, w = c[9]
, m = r[6]
, I = u[10]
, y = a[7]
, _ = (s[11],
c[12],
s[13])
, C = e[8]
, E = u[14]
, A = ot(e[9], e[10])
, b = a[11]
, T = u[15]
, B = c[16]
, R = r[12]
, k = r[13]
, S = s[17]
, P = u[18]
, M = Wn(s[19], s[20], u[21])
, O = v(s[22], e[14])
, D = s[23]
, x = s[24]
, N = u[25]
, L = u[26]
, W = Wn(s[27], r[15])
, F = u[28]
, Y = r[16]
, j = a[17]
, H = e[18]
, $ = e[19]
, U = r[20]
, V = v(c[29], e[21], e[22])
, X = s[30]
, G = s[31]
, K = s[32]
, Q = s[33]
, Z = r[23]
, q = r[24]
, z = v(u[12], u[34], s[35])
, J = u[36]
, nn = a[25]
, tn = s[37]
, rn = c[38]
, en = r[26]
, an = c[39]
, on = s[40]
, un = a[27]
, cn = u[41]
, sn = ot(s[42], c[43])
, vn = r[28]
, fn = u[8]
, ln = s[44]
, pn = a[29]
, dn = s[45]
, hn = a[30]
, gn = c[46]
, wn = a[31]
, mn = a[32]
, In = s[47]
, yn = r[33]
, _n = a[34]
, Cn = c[48]
, En = a[8]
, An = v(a[35], s[49])
, bn = c[50]
, Tn = c[51]
, Bn = at(r[36], s[52])
, Rn = ot(r[37], e[38])
, kn = e[39]
, Sn = u[53]
, Pn = r[40]
, Mn = s[54]
, On = s[55]
, Dn = Wn(u[56], r[41], r[42])
, xn = r[43]
, Nn = u[57]
, Ln = e[44];
function Wn() {
return arguments[u[0]].split(e[0]).reverse().join(c[1])
}
var Fn = r[45], Yn = Wn(c[58], e[46]), jn = v(s[59], u[60]), Hn = Wn(r[47], s[61]), $n = s[62], Un = s[63], Vn = u[2], Xn = [new u[27](r[48]), new u[27](c[64])], Gn = [new e[47](ot(a[49])), new u[27](ot(a[50], u[65]))], Kn = c[66][f + l] || r[51].getElementsByTagName(p + d)[r[52]], Qn;
var qn = function() {
var n, t, r;
n = t = r = a;
var e, o, i;
e = o = i = s;
var u = o[15]
, c = o[102]
, f = e[103];
function l(r) {
var a = o[102]
, i = e[103];
this[n[76]] = r;
for (var u = t[52], c = r[a + g + i]; u < c; u++)
this[u] = t[52]
}
return l[e[104]][w + m + I + u] = function() {
for (var a = e[105], u = this[a + y], c = [], s = -e[0], v = o[2], f = u[r[56]]; v < f; v++)
for (var l = this[v], p = u[v], d = s += p; c[d] = l & parseInt(t[77], n[78]),
--p != r[52]; )
--d,
l >>= parseInt(n[79], i[106]);
return c
}
,
l[v(t[80], t[81], b)][ot(i[107])] = function(n) {
for (var r = e[8], a = this[ot(e[108], e[109])], o = t[52], u = e[2], s = a[c + r + f]; u < s; u++) {
var v = a[u]
, l = i[2];
do {
l = (l << t[82]) + n[o++]
} while (--v > t[52]);
this[u] = l >>> i[2]
}
}
,
l
}()
var Jn;
!function(n) {
var t = Fn
, o = at(c[126], a[98])
, i = r[99]
, f = v(U, u[127])
, l = s[128]
, p = ot(a[100])
, d = r[5]
, h = r[101]
, g = ot(u[129])
, w = s[130]
, m = r[102]
, C = a[103]
, E = e[104];
function A(n) {
for (var t = (Tn,
I,
[]), e = r[52]; e < n[c[111]]; e++)
t.push(n.charCodeAt(e));
return t
}
function b() {
var n = new e[105];
try {
return time = s[52].now(),
time / parseInt(c[131], a[88]) >>> c[2]
} catch (t) {
return time = n.getTime(),
time / parseInt(s[121], s[84]) >>> r[52]
}
}
function T(n) {
var t = u[8]
, o = {}
, i = function(n, o) {
var i = c[102], f, l, p, d;
for (o = o.replace(s[132], u[1]),
o = o.substring(u[0], o[e[56]] - c[0]),
f = o.split(c[133]),
p = c[2]; p < f[i + t + O]; p++)
if (l = f[p].split(v(r[106], c[134])),
l && !(l[r[56]] < s[122])) {
for (d = r[88]; d < l[r[56]]; d++)
l[r[54]] = l[r[54]] + r[107] + l[d];
l[s[2]] = new r[47](c[135]).test(l[e[52]]) ? l[a[52]].substring(u[0], l[e[52]][D + x] - c[0]) : l[a[52]],
l[r[54]] = new a[47](c[135]).test(l[r[54]]) ? l[e[54]].substring(s[0], l[a[54]][a[56]] - u[0]) : l[s[0]],
n[l[c[2]]] = l[e[54]]
}
return n
};
return new r[47](e[108]).test(n) && (o = i(o, n)),
o
}
function B(n) {
var t, e, a;
t = e = a = c;
var u, s, v;
if (u = s = v = r,
typeof n === ot(s[109], sn) && n[Wn(y, a[136], s[110])])
try {
switch (parseInt(n[e[137]])) {
case parseInt(a[131], t[122]):
break;
case parseInt(v[111], s[78]):
top[e[138]][v[112]] = n[t[139]];
break;
case parseInt(u[113], e[122]):
top[o + i + N][e[140]] = n[s[114]];
break;
default:
break
}
} catch (f) {}
}
function R(n, t, r) {
var e, a, o;
e = a = o = u,
q ? n.addEventListener(t, r) : n.attachEvent(a[25] + t, r)
}
function k() {
return Math.random() * parseInt(u[141], r[78]) >>> r[52]
}
function S(n, t) {
var o = en
, i = new r[47](e[115],a[116]);
o = T;
var s = new u[27](v(p, r[117], m));
if (n) {
var f = n.match(i);
if (f) {
var l = f[u[0]];
return t && s.test(l) && (l = l.split(r[118]).pop().split(r[107])[c[2]]),
l
}
}
}
function P(n) {
var t = mn
, o = c[142]
, i = r[119]
, v = e[120]
, I = a[121];
if (!(n > e[122])) {
n = n || a[52];
var y = parseInt(u[143], e[78])
, _ = a[51].createElement(u[144]);
t = Q,
_[c[145]] = location[r[123]] + a[124] + parseInt((new r[105]).getTime() / y) + (f + o + l),
_[e[125]] = function() {
Vn = u[0],
setTimeout(function() {
P(++n)
}, n * parseInt(e[126], u[84]))
}
,
_[p + L + d] = _[s[146]] = function() {
var n, t, r;
n = t = r = a;
var e, o, u;
e = o = u = c;
var s = e[147];
this[t[127]] && this[i + W] !== o[148] && this[u[149]] !== o[150] && this[s + F + h] !== u[151] || (Vn = n[52],
_[e[152]] = _[g + w + v] = n[128])
}
,
c[66][m + I].appendChild(_)
}
}
function M(n) {
var t, e, a;
t = e = a = r;
var o, i, u;
return o = i = u = s,
new u[27](t[129]).test(n)
}
function X() {
var n = new s[52];
return typeof TOKEN_SERVER_TIME == s[153] ? r[52] : (time = parseInt(TOKEN_SERVER_TIME),
time)
}
function G(n) {
var t, e, a;
t = e = a = s;
var o, i, u;
o = i = u = r;
for (var c = u[52], v = a[2], f = n[o[56]]; v < f; v++)
c = (c << a[123]) - c + n.charCodeAt(v),
c >>>= o[52];
return c
}
function K(n) {
var t = new s[27](e[130],s[80]);
if (n) {
return n.match(t)
}
}
function Z(n) {
var t = new u[27](c[154]);
if (M(n))
return n;
var o = t.test(n) ? -a[86] : -parseInt(r[79], e[88]);
return (tn,
_,
n.split(s[155])).slice(o).join(a[131])
}
n[Y + C + j] = T,
t = En,
n[c[156]] = P,
n[ot(u[157])] = B,
n[r[132]] = A,
n[c[158]] = G,
n[c[159]] = k,
n[r[133]] = M,
n[s[160]] = Z,
n[E + H] = S,
n[$ + U] = K,
n[s[161]] = z,
n[s[162]] = b,
n[r[134]] = X;
var q = !!a[65][a[135]];
function z(n) {
for (var t = v(O, u[163]), a = e[136], o = s[2], i = n[V + t + a] - s[0]; i >= r[52]; i--)
o = o << r[54] | +n[i];
return o
}
n[u[164]] = R
}(Jn || (Jn = {}));
function at() {
var n, t, r;
n = t = r = u;
var a, o, i;
a = o = i = e;
var c = arguments[o[52]];
if (!c)
return t[1];
for (var s = o[0], v = o[1], f = a[52]; f < c.length; f++) {
var l = c.charCodeAt(f)
, p = l ^ v;
v = v * f % n[222] + o[200],
s += i[2].fromCharCode(p)
}
return s
}
function ot() {
var n, t, e;
n = t = e = c;
var a, o, i;
a = o = i = r;
var u = arguments[a[52]];
if (!u)
return o[0];
for (var s = a[0], v = n[267], f = o[200], l = t[2]; l < u.length; l++) {
var p = u.charCodeAt(l);
f = (f + t[0]) % v.length,
p ^= v.charCodeAt(f),
s += i[2].fromCharCode(p)
}
return s
}
var rt;
!function(n) {
var t = e[87], o = a[8], i = e[8], f = s[215], l = r[52], p = s[0], d = parseInt(c[216], u[122]), h = e[86], g = u[217], w = u[123], m = e[165], I = parseInt(t + En, c[122]), y = parseInt(a[79], a[82]), _ = c[218], C = parseInt(a[193], e[82]), E = parseInt(o + i, r[78]), A = parseInt(u[219], s[122]), b = parseInt(f + An, s[106]), T = parseInt(r[194], s[106]), B = parseInt(ot(s[220], e[195]), r[82]), R = parseInt(e[196], u[122]), k = parseInt(e[197], a[78]), S;
function P() {
var n = s[0]
, t = r[88]
, e = parseInt(u[13], c[122])
, a = s[217];
S = new qn([a, a, a, a, n, n, n, e, t, t, t, t, t, t, t, a, t, n]),
S[p] = Jn.serverTimeNow(),
M(),
S[B] = Vn,
S[k] = Un,
S[R] = c[2],
S[h] = Jn.strhash(navigator.userAgent),
S[b] = tt.getBrowserFeature(),
S[g] = tt.getPlatform(),
S[w] = tt.getBrowserIndex(),
S[m] = tt.getPluginNum()
}
function M() {
var n = Qn.getCookie(Fn) || Zn.get(jn);
if (n && n[s[111]] == parseInt(c[221], e[93])) {
var t = zn.decode(n);
if (t && (S.decodeBuffer(t),
S[l] != s[2]))
return
}
S[l] = Jn.random()
}
function O() {
S[R]++,
S[p] = Jn.serverTimeNow(),
S[d] = Jn.timeNow(),
S[B] = Vn,
S[I] = nt.getMouseMove(),
S[y] = nt.getMouseClick(),
S[_] = nt.getMouseWhell(),
S[C] = nt.getKeyDown(),
S[E] = nt.getClickPos().x,
S[A] = nt.getClickPos().y;
var n = S.toBuffer();
return zn.encode(n)
}
P();
function D() {
return O()
}
test.update = D
}(rt || (rt = {}));
}()
}(["", 9527, String, Boolean, "eh", "ad", "Bu", "ileds", "1", "\b", Array, "7", "base", "64De", "\u2543\u252b", "etatS", "pa", "e", "FromUrl", "getOrigi", "nFromUrl", "\u255b\u253e", "b?\x18q)", "ic", "k", "sted", "he", "wser", "oNo", "ckw", "ent", "hst", "^And", "RM", "systemL", 5, "\u255f\u0978\u095b\u09f5", "TR8", "!'", "gth", "er", "TP", 83, "r", !0, "v", "v-nixeh", RegExp, "thsi.cn", 'K\x19"]K^xVV', "KXxAPD?\x1b[Y", document, 0, "allow", 1, "; ", "length", "Init", "=", "; domain=", "checkcookie", !1, "eikooCled", "tnemucod", "d", window, "\u2553\u0972\u0959\u09e4\u09bd\u0938\u0980\u09c5\u09b1\u09d1\u09a7\u09dc\u09dd\u09d3\u09c2", "\u2556\u0979\u095e\u09d3\u09b5\u0935\u098f\u09c7\u099d\u09d2\u09b0", 23, "l$P$~", "frames", "ducument", "ydob", "documentElement", "del", "@[\\]^`{|}~]", "base_fileds", "255", 10, "10", 39, "\u2547\u2535\u255a\u252e\u2541\u2535\u254c\u253c\u2559", 8, "4", "3", "de", 3, "11", 2, "203", "22", "111111", "3f", 16, "\x0f", "\u2506\u2537\u2507\u2537", "11111111", "base64Encode", "v\x1d", "ati", "WY", "te", "bo", "rs", "getHost", Date, "{DF", ":", "^{.*}$", "WU<P[C", 52, "1001", "href", "1111101010", "redirect_url", "^\\s*(?:https?:)?\\/{2,}([^\\/\\?\\#\\\\]+)", "i", "\u256c\u252c\u2516\u254b", "@", "ready", "change", "dy", 7, "protocol", "//s.thsi.cn/js/chameleon/time.1", "onerror", "2000", "readyState", null, "^(\\d+\\.)+\\d+$", "^\\s*(?:(https?:))?\\/{2,}([^\\/\\?\\#\\\\]+)", ".", "strToBytes", "isIPAddr", "serverTimeNow", "addEventListener", "th", "wh", "Scro", "mousemove", 55, "evomhcuot", "[[?PVC\x0e", "getMouseMove", '_R"xWB%Po_3YT', "getMouseClick", "ght", "gin", "msD", "ack", "\u2556\u096b\u095f", "Nativ", "^A", "MozSettingsEvent", "safari", "ActiveXObject", "postMessage", "Uint8Array", "WeakMap", "Google Inc.", "vendor", "chrome", "python", "sgAppName", "JX", 6, "me", "LBBROWSER", "w4", "2345Explorer", "TheWorld", "\u2544", 40, "tTr", "\u2506", "navigator", "webdriver", "languages", "taborcA|FDP", "\u2541\u097c\u0949", 95, "1e0", "e Cli", "iso-8859-1", "defaultCharset", "localStorage", "^Win64", "^Linux armv|Android", "^iPhone", "^iPad", "B_{VV", "getPluginNum", "getBrowserFeature", "12", "16", "sE", "10000", "17", "\u2542\u2532\u2556\u2537\u2543\u2526", "\x1cx`R", 2333, "XMLH", "ers", "0", "lo", 57, "ylppa", "error", "target", "click", "unload", "HE9AWT9Y", "\\.", "c?", "$", "/", "fetch", "prototype", "url", "\u2556\u0971\u0956\u09fe\u09a7", "headers", "\u256b\u2554", 79, "?", "^(.*?):[ \\t]*([^\\r\\n]*)\\r?$", "gm", "s", "src", "analysisRst", "\u255e\u0973\u0949\u09f4\u09a2\u0929\u09ac\u09d4\u0992\u09d2\u09b0\u09d4", "appendChild", "Y", "jsonp_ignore", "^", 70, "421", "XH>a", "\u2574\u253c\u257d\u2530\u2575\u2539\u257c\u2533\u257d\u2522\u256e\u2521\u2560\u2524\u2561\u2525", "CHAMELEON_LOADED"], [1, "", 0, "he", "ad", 29, "\x180G\x1f", "?>=<;:\\\\/,+", "ng", "to", "ff", Number, Error, "11", "6", "er", "ro", "code", "co", "_?L", "ed", "@S\x15D*", Object, "len", "gth", "on", "lo", RegExp, "ySta", 13, "eel", "ee", "ouse", "ll", "\u2544\u2530\u2555\u2531", "FCm-", "isTru", "getC", "Pos", "ve", "or", "ae", "^", "On", "Sho", "can", "ont", "roid", "anguage", "\u2502", "ta", "tna", Date, "3", "am", "e", "n+", "f80", "\x1dD", 6, "\u255f\u253a\u2542\u252b\u2545\u2568\u251e", "KCABLLAC_NOELEMAHC", "X-Antispider-Message", 3, ".baidu.", Function, document, !0, "cookie", "; ", "=", 96, "\u255b\u253e\u2550\u2537\u2543\u252b", "\u250c\u252c\u255c\u253d\u2549\u2521\u251c", ";O", "; expires=", "getCookie", "Thu, 01 Jan 1970 00:00:00 GMT", "setCookie", "Z\x18|", "i", "\u255b\u2534\u2557\u2536\u255a\u2509\u257d\u2512\u2560\u2501\u2566\u2503", 52, window, 10, "Init", !1, "set", "v", "eliflmth", '<script>document.w=window<\/script><iframe src="/favicon.icon"></iframe>', "iS.p", "head", "#default#userData", "get", "[!\"#$%&'()*", "g", "^d", "$D", "\u2568\u2537\u2568\u254c\u256a", "]\\P", "___", "le", "th", "prototype", "base_f", 8, "\\R5Z\\R\x14@^Q3G", "ZV%PgQ?Y]S%", 67, "r", "length", "0", 16, "12", "\u2576\u095f\u0979\u09d5\u0995\u091b\u09a9\u09f9\u09bd\u09f7\u0989\u09fd\u09f5\u09f3\u09f9\u0a41\u0a4d\u098f\u0999\u0905\u0975\u09cb\u09a9\u09a9\u099d\u0927\u0933\u0913\u0a6b\u0999\u09a3\u0937\u098b\u09f5\u0933\u0a7b\u091b\u09b1\u0a63\u095f\u09fb\u094d\u0993\u0943\u092b\u0949\u09a3\u09e7\u09cb\u0925\u0993\u09ab\u09f0\u092c\u092c\u0942\u0950\u09c8\u0944\u09c6\u0990\u0944\u09cb\u098e", "i,", "\u2505\u092f", 12, 56, "20", "1000", 2, 5, "11111111", "encode", "\u255b\u0972\u0959", "\u2519", "s", "WY$PYS", "ystate", "1111101000", / /g, ",", "\u250d", '^".*"$', "edoc_sutats", "status_code", "location", "redirect_url", "href", "4294967295", "j", "1200000", "script", "src", "onreadystatechange", "read", "loaded", "readyState", "complete", "interactive", "onload", "undefined", "\\.com\\.cn$|\\.com\\.hk$", ".", "getServerTime", 'YY7YAD?FjD"', "strhash", "random", "getRootDomain", "booleanToDecimal", "timeNow", "\u2559\u253e", "eventBind", "onwh", "\u255b", 46, "DOMM", "cl", "T^5^", "div", "onmousewheel", "mousewheel", 51, "keydown", "clientY", "getKeyDown", "ch", "plu", "\u2543\u252b", "ouc", "art", "^i", "Po", "callPhantom", "max", "Hei", "ActiveXObject", "nd", "yG&Y]\x17\x15ZUG#A]Ez\x15qY5\x1b", "\u2576\u097e\u094e\u09f8\u09a6\u0938\u09b6\u09fe\u0996\u09d7\u09a7\u09d2\u09cc", "Maxthon", "Q", "opr", "chrome", "BIDUBrowser", "QQBro", "[_$ZUR", "UBrowser", "MSGesture", "plugins", "doNotTrack", "ShockwaveFlash.ShockwaveFlash", "]C|\x18", "webgl2", "platform", "name", "^Win32", "^MacIntel", "^Linux [ix]\\d+", "^BlackBerry", "language", "getPlatform", "getBrowserIndex", "1", "10", 4, 9, "1100", "\t\0", "3c", 256, "w", "TTP", "et", "c", "al", "\u255e", "base", "\u2569\u0975\u094e\u09e5\u09a0\u092e\u09d1\u09ed\u09ce", "target", "fh%PTQr", "#", "\u255f\u097c\u0949\u09f9", 97, "rg", "tnemelEcrs", "fn_Ws", "parentNode", "tagName", "A", "submit", "PX%", "me", "host", "\\.?", "d\x19", "Fri, 01 Feb 2050 00:00:00 GMT", "]E%", "toString", "[object Request]", "headers", 83, "&", encodeURIComponent, "open", "getAllResponseHeaders", "4", "tseuqeRpttHLMX", "Window", "\u2564\u095e", "RI", "\u2550\u0953", "(YaZ", "_", "_str", "V587"]);
console.log(test.update());
執行,出現如下錯誤。
定位到地方,Kn = c[66][f + l] || r[51].getElementsByTagName(p + d)[r[52]],但是在我們的程式碼中根本沒用到Kn這個變數,所以直接把這行程式碼刪除即可。再執行,報瞭如下錯誤。
沒有getCookie函式,看下包含這個函式的地方。
這個函式會先去獲取cookie,如果獲取不到,就會隨機生成一個。既然如此,就讓他直接隨機生成一個就好了,只留下S[l] = Jn.random()即可,其他程式碼可刪除。再執行,報瞭如下錯誤。
navigator沒定義,我們直接去console中輸出一下,如果是個定值,直接替換一下就可以了。
定值,直接替換,下面幾行的也是同樣道理,直接替換即可。
再執行,nt未定義,處理方法跟剛剛navigator的一樣。
再執行,還是變數未定義,繼續找補齊即可。全部補齊後的程式碼如下:
點選檢視程式碼
var document = {};
var window = {};
var test= this;
!function (n, t) {
!function () {
var r, e, a;
r = e = a = n;
var u, c, s;
u = c = s = t;
function v() {
var n = arguments[s[0]];
if (!n)
return r[0];
for (var t = u[1], o = a[1], i = c[2]; i < n.length; i++) {
var v = n.charCodeAt(i)
, f = v ^ o;
o = v,
t += e[2].fromCharCode(f)
}
return t
}
var f = c[3]
, l = s[4]
, p = Wn(e[3], r[4], s[5])
, d = a[5]
, h = Wn(c[6], s[7])
, g = c[8]
, w = c[9]
, m = r[6]
, I = u[10]
, y = a[7]
, _ = (s[11],
c[12],
s[13])
, C = e[8]
, E = u[14]
, A = ot(e[9], e[10])
, b = a[11]
, T = u[15]
, B = c[16]
, R = r[12]
, k = r[13]
, S = s[17]
, P = u[18]
, M = Wn(s[19], s[20], u[21])
, O = v(s[22], e[14])
, D = s[23]
, x = s[24]
, N = u[25]
, L = u[26]
, W = Wn(s[27], r[15])
, F = u[28]
, Y = r[16]
, j = a[17]
, H = e[18]
, $ = e[19]
, U = r[20]
, V = v(c[29], e[21], e[22])
, X = s[30]
, G = s[31]
, K = s[32]
, Q = s[33]
, Z = r[23]
, q = r[24]
, z = v(u[12], u[34], s[35])
, J = u[36]
, nn = a[25]
, tn = s[37]
, rn = c[38]
, en = r[26]
, an = c[39]
, on = s[40]
, un = a[27]
, cn = u[41]
, sn = ot(s[42], c[43])
, vn = r[28]
, fn = u[8]
, ln = s[44]
, pn = a[29]
, dn = s[45]
, hn = a[30]
, gn = c[46]
, wn = a[31]
, mn = a[32]
, In = s[47]
, yn = r[33]
, _n = a[34]
, Cn = c[48]
, En = a[8]
, An = v(a[35], s[49])
, bn = c[50]
, Tn = c[51]
, Bn = at(r[36], s[52])
, Rn = ot(r[37], e[38])
, kn = e[39]
, Sn = u[53]
, Pn = r[40]
, Mn = s[54]
, On = s[55]
, Dn = Wn(u[56], r[41], r[42])
, xn = r[43]
, Nn = u[57]
, Ln = e[44];
function Wn() {
return arguments[u[0]].split(e[0]).reverse().join(c[1])
}
var Fn = r[45], Yn = Wn(c[58], e[46]), jn = v(s[59], u[60]), Hn = Wn(r[47], s[61]), $n = s[62], Un = s[63], Vn = u[2], Xn = [new u[27](r[48]), new u[27](c[64])], Gn = [new e[47](ot(a[49])), new u[27](ot(a[50], u[65]))], Qn;
var qn = function() {
var n, t, r;
n = t = r = a;
var e, o, i;
e = o = i = s;
var u = o[15]
, c = o[102]
, f = e[103];
function l(r) {
var a = o[102]
, i = e[103];
this[n[76]] = r;
for (var u = t[52], c = r[a + g + i]; u < c; u++)
this[u] = t[52]
}
return l[e[104]][w + m + I + u] = function() {
for (var a = e[105], u = this[a + y], c = [], s = -e[0], v = o[2], f = u[r[56]]; v < f; v++)
for (var l = this[v], p = u[v], d = s += p; c[d] = l & parseInt(t[77], n[78]),
--p != r[52]; )
--d,
l >>= parseInt(n[79], i[106]);
return c
}
,
l[v(t[80], t[81], b)][ot(i[107])] = function(n) {
for (var r = e[8], a = this[ot(e[108], e[109])], o = t[52], u = e[2], s = a[c + r + f]; u < s; u++) {
var v = a[u]
, l = i[2];
do {
l = (l << t[82]) + n[o++]
} while (--v > t[52]);
this[u] = l >>> i[2]
}
}
,
l
}()
var Jn;
!function(n) {
var t = Fn
, o = at(c[126], a[98])
, i = r[99]
, f = v(U, u[127])
, l = s[128]
, p = ot(a[100])
, d = r[5]
, h = r[101]
, g = ot(u[129])
, w = s[130]
, m = r[102]
, C = a[103]
, E = e[104];
function A(n) {
for (var t = (Tn,
I,
[]), e = r[52]; e < n[c[111]]; e++)
t.push(n.charCodeAt(e));
return t
}
function b() {
var n = new e[105];
try {
return time = s[52].now(),
time / parseInt(c[131], a[88]) >>> c[2]
} catch (t) {
return time = n.getTime(),
time / parseInt(s[121], s[84]) >>> r[52]
}
}
function T(n) {
var t = u[8]
, o = {}
, i = function(n, o) {
var i = c[102], f, l, p, d;
for (o = o.replace(s[132], u[1]),
o = o.substring(u[0], o[e[56]] - c[0]),
f = o.split(c[133]),
p = c[2]; p < f[i + t + O]; p++)
if (l = f[p].split(v(r[106], c[134])),
l && !(l[r[56]] < s[122])) {
for (d = r[88]; d < l[r[56]]; d++)
l[r[54]] = l[r[54]] + r[107] + l[d];
l[s[2]] = new r[47](c[135]).test(l[e[52]]) ? l[a[52]].substring(u[0], l[e[52]][D + x] - c[0]) : l[a[52]],
l[r[54]] = new a[47](c[135]).test(l[r[54]]) ? l[e[54]].substring(s[0], l[a[54]][a[56]] - u[0]) : l[s[0]],
n[l[c[2]]] = l[e[54]]
}
return n
};
return new r[47](e[108]).test(n) && (o = i(o, n)),
o
}
function B(n) {
var t, e, a;
t = e = a = c;
var u, s, v;
if (u = s = v = r,
typeof n === ot(s[109], sn) && n[Wn(y, a[136], s[110])])
try {
switch (parseInt(n[e[137]])) {
case parseInt(a[131], t[122]):
break;
case parseInt(v[111], s[78]):
top[e[138]][v[112]] = n[t[139]];
break;
case parseInt(u[113], e[122]):
top[o + i + N][e[140]] = n[s[114]];
break;
default:
break
}
} catch (f) {}
}
function R(n, t, r) {
var e, a, o;
e = a = o = u,
q ? n.addEventListener(t, r) : n.attachEvent(a[25] + t, r)
}
function k() {
return Math.random() * parseInt(u[141], r[78]) >>> r[52]
}
function S(n, t) {
var o = en
, i = new r[47](e[115],a[116]);
o = T;
var s = new u[27](v(p, r[117], m));
if (n) {
var f = n.match(i);
if (f) {
var l = f[u[0]];
return t && s.test(l) && (l = l.split(r[118]).pop().split(r[107])[c[2]]),
l
}
}
}
function P(n) {
var t = mn
, o = c[142]
, i = r[119]
, v = e[120]
, I = a[121];
if (!(n > e[122])) {
n = n || a[52];
var y = parseInt(u[143], e[78])
, _ = a[51].createElement(u[144]);
t = Q,
_[c[145]] = location[r[123]] + a[124] + parseInt((new r[105]).getTime() / y) + (f + o + l),
_[e[125]] = function() {
Vn = u[0],
setTimeout(function() {
P(++n)
}, n * parseInt(e[126], u[84]))
}
,
_[p + L + d] = _[s[146]] = function() {
var n, t, r;
n = t = r = a;
var e, o, u;
e = o = u = c;
var s = e[147];
this[t[127]] && this[i + W] !== o[148] && this[u[149]] !== o[150] && this[s + F + h] !== u[151] || (Vn = n[52],
_[e[152]] = _[g + w + v] = n[128])
}
,
c[66][m + I].appendChild(_)
}
}
function M(n) {
var t, e, a;
t = e = a = r;
var o, i, u;
return o = i = u = s,
new u[27](t[129]).test(n)
}
function X() {
var n = new s[52];
return typeof TOKEN_SERVER_TIME == s[153] ? r[52] : (time = parseInt(TOKEN_SERVER_TIME),
time)
}
function G(n) {
var t, e, a;
t = e = a = s;
var o, i, u;
o = i = u = r;
for (var c = u[52], v = a[2], f = n[o[56]]; v < f; v++)
c = (c << a[123]) - c + n.charCodeAt(v),
c >>>= o[52];
return c
}
function K(n) {
var t = new s[27](e[130],s[80]);
if (n) {
return n.match(t)
}
}
function Z(n) {
var t = new u[27](c[154]);
if (M(n))
return n;
var o = t.test(n) ? -a[86] : -parseInt(r[79], e[88]);
return (tn,
_,
n.split(s[155])).slice(o).join(a[131])
}
n[Y + C + j] = T,
t = En,
n[c[156]] = P,
n[ot(u[157])] = B,
n[r[132]] = A,
n[c[158]] = G,
n[c[159]] = k,
n[r[133]] = M,
n[s[160]] = Z,
n[E + H] = S,
n[$ + U] = K,
n[s[161]] = z,
n[s[162]] = b,
n[r[134]] = X;
var q = !!a[65][a[135]];
function z(n) {
for (var t = v(O, u[163]), a = e[136], o = s[2], i = n[V + t + a] - s[0]; i >= r[52]; i--)
o = o << r[54] | +n[i];
return o
}
n[u[164]] = R
}(Jn || (Jn = {}));
var et;
var zn;
!function(n) {
var t = s[13]
, o = c[53]
, i = r[83]
, f = r[84]
, l = s[110]
, d = r[85]
, h = r[86];
function g(n, a, o, i, u) {
for (var c = s[13], v = r[87], f = n[s[111]]; a < f; )
o[i++] = n[a++] ^ u & parseInt(c + v + t + _, r[88]),
u = ~(u * parseInt(e[89], e[82]))
}
function w(n) {
for (var t = c[112], i = r[52], v = n[s[111]], f = []; i < v; ) {
var l = n[i++] << parseInt(C + t, c[113]) | n[i++] << e[82] | n[i++];
f.push(m.charAt(l >> parseInt(e[90], e[82])), m.charAt(l >> parseInt(s[114], e[78]) & parseInt(a[91], r[88])), m.charAt(l >> u[59] & parseInt(E + o, a[78])), m.charAt(l & parseInt(a[92], u[113])))
}
return f.join(e[0])
}
for (var m = at(u[115], s[116]), I = {}, y = u[2]; y < parseInt(i + A, e[93]); y++)
I[m.charAt(y)] = y;
function O(n) {
var t, r, e;
t = r = e = s;
var o, i, u;
o = i = u = a;
for (var c = ot(i[94]), l = e[2], p = n[o[56]], d = []; l < p; ) {
var h = I[n.charAt(l++)] << parseInt(at(t[117]), u[82]) | I[n.charAt(l++)] << parseInt(v(t[118], u[95], e[119]), o[88]) | I[n.charAt(l++)] << t[59] | I[n.charAt(l++)];
d.push(h >> parseInt(e[120], t[106]), h >> parseInt(t[121], r[122]) & parseInt(f + b + c, t[106]), h & parseInt(o[96], u[88]))
}
return d
}
function D(n) {
var t = O(n);
if (rn,
p,
t[r[52]] != h)
return error = T + B + l,
void 0;
var a = t[c[0]]
, o = [];
return g(t, +parseInt(e[79], c[122]), o, +u[2], a),
x(o) == a ? o : void 0
}
function x(n) {
var t = o;
t = Vn;
for (var e = c[2], i = a[52], u = n[c[111]]; i < u; i++)
e = (e << s[123]) - e + n[i];
return e & parseInt(s[124], r[88])
}
function N(n) {
var t = et
, r = x(n)
, e = [h, r];
return g(n, +a[52], e, +a[88], r),
t = P,
w(e)
}
n[e[97]] = w,
n[R + k + S] = O,
n[u[125]] = N,
n[d + P + M] = D
}(zn || (zn = {}));
function at() {
var n, t, r;
n = t = r = u;
var a, o, i;
a = o = i = e;
var c = arguments[o[52]];
if (!c)
return t[1];
for (var s = o[0], v = o[1], f = a[52]; f < c.length; f++) {
var l = c.charCodeAt(f)
, p = l ^ v;
v = v * f % n[222] + o[200],
s += i[2].fromCharCode(p)
}
return s
}
function ot() {
var n, t, e;
n = t = e = c;
var a, o, i;
a = o = i = r;
var u = arguments[a[52]];
if (!u)
return o[0];
for (var s = a[0], v = n[267], f = o[200], l = t[2]; l < u.length; l++) {
var p = u.charCodeAt(l);
f = (f + t[0]) % v.length,
p ^= v.charCodeAt(f),
s += i[2].fromCharCode(p)
}
return s
}
var rt;
!function(n) {
var t = e[87], o = a[8], i = e[8], f = s[215], l = r[52], p = s[0], d = parseInt(c[216], u[122]), h = e[86], g = u[217], w = u[123], m = e[165], I = parseInt(t + En, c[122]), y = parseInt(a[79], a[82]), _ = c[218], C = parseInt(a[193], e[82]), E = parseInt(o + i, r[78]), A = parseInt(u[219], s[122]), b = parseInt(f + An, s[106]), T = parseInt(r[194], s[106]), B = parseInt(ot(s[220], e[195]), r[82]), R = parseInt(e[196], u[122]), k = parseInt(e[197], a[78]), S;
function P() {
var n = s[0]
, t = r[88]
, e = parseInt(u[13], c[122])
, a = s[217];
S = new qn([a, a, a, a, n, n, n, e, t, t, t, t, t, t, t, a, t, n]),
S[p] = Jn.serverTimeNow(),
M(),
S[B] = Vn,
S[k] = Un,
S[R] = c[2],
S[h] = 3962565446,
S[b] = 3748,
S[g] = 1,
S[w] = 10,
S[m] = 5
}
function M() {
S[l] = Jn.random()
}
function O() {
S[R]++,
S[p] = Jn.serverTimeNow(),
S[d] = Jn.timeNow(),
S[B] = Vn,
S[I] = 0,
S[y] = 0,
S[_] = 0,
S[C] = 0,
S[E] = 0,
S[A] = 0;
var n = S.toBuffer();
return zn.encode(n)
}
P();
function D() {
return O()
}
test.update = D
}(rt || (rt = {}));
}()
}(["", 9527, String, Boolean, "eh", "ad", "Bu", "ileds", "1", "\b", Array, "7", "base", "64De", "\u2543\u252b", "etatS", "pa", "e", "FromUrl", "getOrigi", "nFromUrl", "\u255b\u253e", "b?\x18q)", "ic", "k", "sted", "he", "wser", "oNo", "ckw", "ent", "hst", "^And", "RM", "systemL", 5, "\u255f\u0978\u095b\u09f5", "TR8", "!'", "gth", "er", "TP", 83, "r", !0, "v", "v-nixeh", RegExp, "thsi.cn", 'K\x19"]K^xVV', "KXxAPD?\x1b[Y", document, 0, "allow", 1, "; ", "length", "Init", "=", "; domain=", "checkcookie", !1, "eikooCled", "tnemucod", "d", window, "\u2553\u0972\u0959\u09e4\u09bd\u0938\u0980\u09c5\u09b1\u09d1\u09a7\u09dc\u09dd\u09d3\u09c2", "\u2556\u0979\u095e\u09d3\u09b5\u0935\u098f\u09c7\u099d\u09d2\u09b0", 23, "l$P$~", "frames", "ducument", "ydob", "documentElement", "del", "@[\\]^`{|}~]", "base_fileds", "255", 10, "10", 39, "\u2547\u2535\u255a\u252e\u2541\u2535\u254c\u253c\u2559", 8, "4", "3", "de", 3, "11", 2, "203", "22", "111111", "3f", 16, "\x0f", "\u2506\u2537\u2507\u2537", "11111111", "base64Encode", "v\x1d", "ati", "WY", "te", "bo", "rs", "getHost", Date, "{DF", ":", "^{.*}$", "WU<P[C", 52, "1001", "href", "1111101010", "redirect_url", "^\\s*(?:https?:)?\\/{2,}([^\\/\\?\\#\\\\]+)", "i", "\u256c\u252c\u2516\u254b", "@", "ready", "change", "dy", 7, "protocol", "//s.thsi.cn/js/chameleon/time.1", "onerror", "2000", "readyState", null, "^(\\d+\\.)+\\d+$", "^\\s*(?:(https?:))?\\/{2,}([^\\/\\?\\#\\\\]+)", ".", "strToBytes", "isIPAddr", "serverTimeNow", "addEventListener", "th", "wh", "Scro", "mousemove", 55, "evomhcuot", "[[?PVC\x0e", "getMouseMove", '_R"xWB%Po_3YT', "getMouseClick", "ght", "gin", "msD", "ack", "\u2556\u096b\u095f", "Nativ", "^A", "MozSettingsEvent", "safari", "ActiveXObject", "postMessage", "Uint8Array", "WeakMap", "Google Inc.", "vendor", "chrome", "python", "sgAppName", "JX", 6, "me", "LBBROWSER", "w4", "2345Explorer", "TheWorld", "\u2544", 40, "tTr", "\u2506", "navigator", "webdriver", "languages", "taborcA|FDP", "\u2541\u097c\u0949", 95, "1e0", "e Cli", "iso-8859-1", "defaultCharset", "localStorage", "^Win64", "^Linux armv|Android", "^iPhone", "^iPad", "B_{VV", "getPluginNum", "getBrowserFeature", "12", "16", "sE", "10000", "17", "\u2542\u2532\u2556\u2537\u2543\u2526", "\x1cx`R", 2333, "XMLH", "ers", "0", "lo", 57, "ylppa", "error", "target", "click", "unload", "HE9AWT9Y", "\\.", "c?", "$", "/", "fetch", "prototype", "url", "\u2556\u0971\u0956\u09fe\u09a7", "headers", "\u256b\u2554", 79, "?", "^(.*?):[ \\t]*([^\\r\\n]*)\\r?$", "gm", "s", "src", "analysisRst", "\u255e\u0973\u0949\u09f4\u09a2\u0929\u09ac\u09d4\u0992\u09d2\u09b0\u09d4", "appendChild", "Y", "jsonp_ignore", "^", 70, "421", "XH>a", "\u2574\u253c\u257d\u2530\u2575\u2539\u257c\u2533\u257d\u2522\u256e\u2521\u2560\u2524\u2561\u2525", "CHAMELEON_LOADED"], [1, "", 0, "he", "ad", 29, "\x180G\x1f", "?>=<;:\\\\/,+", "ng", "to", "ff", Number, Error, "11", "6", "er", "ro", "code", "co", "_?L", "ed", "@S\x15D*", Object, "len", "gth", "on", "lo", RegExp, "ySta", 13, "eel", "ee", "ouse", "ll", "\u2544\u2530\u2555\u2531", "FCm-", "isTru", "getC", "Pos", "ve", "or", "ae", "^", "On", "Sho", "can", "ont", "roid", "anguage", "\u2502", "ta", "tna", Date, "3", "am", "e", "n+", "f80", "\x1dD", 6, "\u255f\u253a\u2542\u252b\u2545\u2568\u251e", "KCABLLAC_NOELEMAHC", "X-Antispider-Message", 3, ".baidu.", Function, document, !0, "cookie", "; ", "=", 96, "\u255b\u253e\u2550\u2537\u2543\u252b", "\u250c\u252c\u255c\u253d\u2549\u2521\u251c", ";O", "; expires=", "getCookie", "Thu, 01 Jan 1970 00:00:00 GMT", "setCookie", "Z\x18|", "i", "\u255b\u2534\u2557\u2536\u255a\u2509\u257d\u2512\u2560\u2501\u2566\u2503", 52, window, 10, "Init", !1, "set", "v", "eliflmth", '<script>document.w=window<\/script><iframe src="/favicon.icon"></iframe>', "iS.p", "head", "#default#userData", "get", "[!\"#$%&'()*", "g", "^d", "$D", "\u2568\u2537\u2568\u254c\u256a", "]\\P", "___", "le", "th", "prototype", "base_f", 8, "\\R5Z\\R\x14@^Q3G", "ZV%PgQ?Y]S%", 67, "r", "length", "0", 16, "12", "\u2576\u095f\u0979\u09d5\u0995\u091b\u09a9\u09f9\u09bd\u09f7\u0989\u09fd\u09f5\u09f3\u09f9\u0a41\u0a4d\u098f\u0999\u0905\u0975\u09cb\u09a9\u09a9\u099d\u0927\u0933\u0913\u0a6b\u0999\u09a3\u0937\u098b\u09f5\u0933\u0a7b\u091b\u09b1\u0a63\u095f\u09fb\u094d\u0993\u0943\u092b\u0949\u09a3\u09e7\u09cb\u0925\u0993\u09ab\u09f0\u092c\u092c\u0942\u0950\u09c8\u0944\u09c6\u0990\u0944\u09cb\u098e", "i,", "\u2505\u092f", 12, 56, "20", "1000", 2, 5, "11111111", "encode", "\u255b\u0972\u0959", "\u2519", "s", "WY$PYS", "ystate", "1111101000", / /g, ",", "\u250d", '^".*"$', "edoc_sutats", "status_code", "location", "redirect_url", "href", "4294967295", "j", "1200000", "script", "src", "onreadystatechange", "read", "loaded", "readyState", "complete", "interactive", "onload", "undefined", "\\.com\\.cn$|\\.com\\.hk$", ".", "getServerTime", 'YY7YAD?FjD"', "strhash", "random", "getRootDomain", "booleanToDecimal", "timeNow", "\u2559\u253e", "eventBind", "onwh", "\u255b", 46, "DOMM", "cl", "T^5^", "div", "onmousewheel", "mousewheel", 51, "keydown", "clientY", "getKeyDown", "ch", "plu", "\u2543\u252b", "ouc", "art", "^i", "Po", "callPhantom", "max", "Hei", "ActiveXObject", "nd", "yG&Y]\x17\x15ZUG#A]Ez\x15qY5\x1b", "\u2576\u097e\u094e\u09f8\u09a6\u0938\u09b6\u09fe\u0996\u09d7\u09a7\u09d2\u09cc", "Maxthon", "Q", "opr", "chrome", "BIDUBrowser", "QQBro", "[_$ZUR", "UBrowser", "MSGesture", "plugins", "doNotTrack", "ShockwaveFlash.ShockwaveFlash", "]C|\x18", "webgl2", "platform", "name", "^Win32", "^MacIntel", "^Linux [ix]\\d+", "^BlackBerry", "language", "getPlatform", "getBrowserIndex", "1", "10", 4, 9, "1100", "\t\0", "3c", 256, "w", "TTP", "et", "c", "al", "\u255e", "base", "\u2569\u0975\u094e\u09e5\u09a0\u092e\u09d1\u09ed\u09ce", "target", "fh%PTQr", "#", "\u255f\u097c\u0949\u09f9", 97, "rg", "tnemelEcrs", "fn_Ws", "parentNode", "tagName", "A", "submit", "PX%", "me", "host", "\\.?", "d\x19", "Fri, 01 Feb 2050 00:00:00 GMT", "]E%", "toString", "[object Request]", "headers", 83, "&", encodeURIComponent, "open", "getAllResponseHeaders", "4", "tseuqeRpttHLMX", "Window", "\u2564\u095e", "RI", "\u2550\u0953", "(YaZ", "_", "_str", "V587"]);
console.log(test.update());
執行,出現了加密後的字串,並且每一次執行的結果都不一樣,大功告成。
接下來,就可以寫python程式碼去爬網站資料了。
點選檢視程式碼
import json
from functools import partial # 鎖定引數
import subprocess
subprocess.Popen = partial(subprocess.Popen, encoding="utf-8")
import requests
import execjs
f = open("摳js.js", mode="r", encoding="utf-8")
js = execjs.compile(f.read())
f.close()
v = js.call("test.update")
print(v)
session = requests.session()
session.headers = {
"Hexin-V": v,
"Content-Type": "application/json",
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 "
"Safari/537.36",
}
session.cookies['v'] = v
session.cookies['other_uid'] = "Ths_iwencai_Xuangu_wxr7lm3otcxkqteb56hxjfv0la52gv45"
url = "http://iwencai.com/customized/chart/get-robot-data"
data = {
"source": "Ths_iwencai_Xuangu",
"version": "2.0",
"query_area": "",
"block_list": "",
"add_info": "{\"urp\":{\"scene\":1,\"company\":1,\"business\":1},\"contentType\":\"json\",\"searchInfo\":true}",
"question": "20240315漲停",
"perpage": 50,
"page": 1,
"secondary_intent": "stock",
"log_info": "{\"input_type\":\"click\"}",
"rsh": "Ths_iwencai_Xuangu_wxr7lm3otcxkqteb56hxjfv0la52gv45"
}
resp = session.post(url, data=json.dumps(data))
print(resp.text)
執行結果如下:
注:這個網站有時候時間長了,js檔案的檔名會改變,所以得記住js檔案的位置。
