題目網址:https://match.yuanrenxue.cn/match/1
解題步驟
- 點選頁面,看觸發的流量包。
- 只有一條,非常好確定,但是url中
m引數的值看著比較奇怪,是一串加密的字串加上“|”加上看著像是時間戳的東西。
- 去找其加密的邏輯。直接搜url中的關鍵詞,但是沒有結果。
- 如果要搜變數名
m的話就不明智了,肯定會搜出很多符合條件的。所以這裡就換種思路,檢視流量包的Initiator模組。
Initiator相當於一個呼叫棧,越靠下的函式是越早呼叫的,這裡可以看到有個request函式,點進去看一下。
- 看起來像是一串亂碼,這是經過程式碼混淆的,比較難看,需要將其還原。裡面就涉及到兩個知識點,一個是16進位制,一個是unicode碼,可以透過編寫python程式碼來進行還原。
執行得到的結果如下。file = open("1.txt") # 1.txt中的內容就是亂碼 res_str = "" string = file.read() flag = False index = 0 temp = "" while index < len(string): if string[index] != "\\": res_str += string[index] index += 1 else: # 碰到了反斜槓,說明後面要麼是十六進位制要麼是unicode if string[index + 1] == "x": # 如果是十六進位制 res_str += bytes.fromhex(string[index + 2:index + 4]).decode("utf-8") index += 4 elif string[index + 1] == "u": # 如果是unicode編碼 res_str += string[index:index + 6].encode("utf-8").decode("unicode_escape") index += 6 print(res_str)window['url'] = '/api/' + 'match' + '/1', request = function() { var _0x2268f9 = Date['parse'](new Date()) + (16798545 + -72936737 + 156138192) , _0x57feae = oo0O0(_0x2268f9['toStr' + 'ing']()) + window['f']; const _0x5d83a3 = {}; _0x5d83a3['page'] = window['page'], _0x5d83a3['m'] = _0x57feae + '丨' + _0x2268f9 / (-1 * 3483 + -9059 + 13542); var _0xb89747 = _0x5d83a3; $['ajax']({ 'url': window['url'], 'dataType': 'json', 'async': ![], 'data': _0xb89747, 'type': 'GET', 'beforeSend': function(_0x4c488e) {}, 'success': function(_0x131e59) { _0x131e59 = _0x131e59['data']; let _0x354583 = '' , _0x1b89ba = '<div ' + 'class' + '="b-a' + 'irfly' + '"><di' + 'v cla' + 'ss="e' + '-airf' + 'ly"da' + 'ta-re' + 'actid' + '=".1.' + '3.3.2' + '.0.$K' + 'N5911' + '.0"><' + 'div c' + 'lass=' + '"col-' + 'trip"' + 'data-' + 'react' + 'id=".' + '1.3.3' + '.2.0.' + '$KN59' + '11.0.' + '0"><d' + 'iv cl' + 'ass="' + 's-tri' + 'p"dat' + 'a-rea' + 'ctid=' + '".1.3' + '.3.2.' + '0.$KN' + '5911.' + '0.0.0' + '"><di' + 'v cla' + 'ss="c' + 'ol-ai' + 'rline' + '"data' + '-reac' + 'tid="' + '.1.3.' + '3.2.0' + '.$KN5' + '911.0' + '.0.0.' + '0"><d' + 'iv cl' + 'ass="' + 'd-air' + '"data' + '-reac' + 'tid="' + '.1.3.' + '3.2.0' + '.$KN5' + '911.0' + '.0.0.' + '0.0:$' + '0"><d' + 'iv cl' + 'ass="' + 'air"d' + 'ata-r' + 'eacti' + 'd=".1' + '.3.3.' + '2.0.$' + 'KN591' + '1.0.0' + '.0.0.' + '0:$0.' + '0"><s' + 'pan d' + 'ata-r' + 'eacti' + 'd=".1' + '.3.3.' + '2.0.$' + 'KN591' + '1.0.0' + '.0.0.' + '0:$0.' + '0.1">' + '中國聯合航' + '空</sp' + 'an></' + 'div><' + 'div c' + 'lass=' + '"num"' + 'data-' + 'react' + 'id=".' + '1.3.3' + '.2.0.' + '$KN59' + '11.0.' + '0.0.0' + '.0:$0' + '.1"><' + 'span ' + 'class' + '="n"d' + 'ata-r' + 'eacti' + 'd=".1' + '.3.3.' + '2.0.$' + 'KN591' + '1.0.0' + '.0.0.' + '0:$0.' + '1.0">' + 'KN591' + '1</sp' + 'an><s' + 'pan c' + 'lass=' + '"n"da' + 'ta-re' + 'actid' + '=".1.' + '3.3.2' + '.0.$K' + 'N5911' + '.0.0.' + '0.0.0' + ':$0.1' + '.1">波' + '音737(' + '中)</s' + 'pan><' + 'noscr' + 'ipt d' + 'ata-r' + 'eacti' + 'd=".1' + '.3.3.' + '2.0.$' + 'KN591' + '1.0.0' + '.0.0.' + '0:$0.' + '1.2">' + '</nos' + 'cript' + '></di' + 'v></d' + 'iv><n' + 'oscri' + 'pt da' + 'ta-re' + 'actid' + '=".1.' + '3.3.2' + '.0.$K' + 'N5911' + '.0.0.' + '0.0.1' + '"></n' + 'oscri' + 'pt></' + 'div><' + 'div c' + 'lass=' + '"col-' + 'time"' + 'data-' + 'react' + 'id=".' + '1.3.3' + '.2.0.' + '$KN59' + '11.0.' + '0.0.1' + '"><di' + 'v cla' + 'ss="s' + 'ep-lf' + '"data' + '-reac' + 'tid="' + '.1.3.' + '3.2.0' + '.$KN5' + '911.0' + '.0.0.' + '1.0">' + '<h2 d' + 'ata-r' + 'eacti' + 'd=".1' + '.3.3.' + ('2.0.$' + 'KN591' + '1.0.0' + '.0.1.' + '0.0">' + '13:50' + '</h2>' + '<p cl' + 'ass="' + 'airpo' + 'rt"da' + 'ta-re' + 'actid' + '=".1.' + '3.3.2' + '.0.$K' + 'N5911' + '.0.0.' + '0.1.0' + '.1"><' + 'span ' + 'data-' + 'react' + 'id=".' + '1.3.3' + '.2.0.' + '$KN59' + '11.0.' + '0.0.1' + '.0.1.' + '0">大興' + '國際機場<' + '/span' + '><spa' + 'n dat' + 'a-rea' + 'ctid=' + '".1.3' + '.3.2.' + '0.$KN' + '5911.' + '0.0.0' + '.1.0.' + '1.1">' + '</spa' + 'n></p' + '></di' + 'v><di' + 'v cla' + 'ss="s' + 'ep-ct' + '"data' + '-reac' + 'tid="' + '.1.3.' + '3.2.0' + '.$KN5' + '911.0' + '.0.0.' + '1.1">' + '<div ' + 'class' + '="ran' + 'ge"da' + 'ta-re' + 'actid' + '=".1.' + '3.3.2' + '.0.$K' + 'N5911' + '.0.0.' + '0.1.1' + '.0">3' + '小時40分' + '鍾</di' + 'v><di' + 'v cla' + 'ss="l' + 'ine"d' + 'ata-r' + 'eacti' + 'd=".1' + '.3.3.' + '2.0.$' + 'KN591' + '1.0.0' + '.0.1.' + '1.1">' + '</div' + '></di' + 'v><di' + 'v cla' + 'ss="s' + 'ep-rt' + '"data' + '-reac' + 'tid="' + '.1.3.' + '3.2.0' + '.$KN5' + '911.0' + '.0.0.' + '1.2">' + '<nosc' + 'ript ' + 'data-' + 'react' + 'id=".' + '1.3.3' + '.2.0.' + '$KN59' + '11.0.' + '0.0.1' + '.2.0"' + '></no' + 'scrip' + 't><h2' + ' data' + '-reac' + 'tid="' + '.1.3.' + '3.2.0' + '.$KN5' + '911.0' + '.0.0.' + '1.2.1' + '">17:' + '30</h' + '2><p ' + 'class' + '="air' + 'port"' + 'data-' + 'react' + 'id=".' + '1.3.3' + '.2.0.' + '$KN59' + '11.0.' + '0.0.1' + '.2.2"' + '><spa' + 'n dat' + 'a-rea' + 'ctid=' + '".1.3' + '.3.2.' + '0.$KN' + '5911.' + '0.0.0' + '.1.2.' + '2.0">' + '寶安機場<' + '/span' + '></p>' + '</div' + '><nos' + 'cript' + ' data' + '-reac' + 'tid="' + '.1.3.' + '3.2.0' + '.$KN5' + '911.0' + '.0.0.' + '1.3">' + '</nos' + 'cript' + '></di' + 'v></d' + 'iv></' + 'div><' + 'div c' + 'lass=' + '"col-' + 'price' + '"data' + '-reac' + 'tid="' + '.1.3.' + '3.2.0' + '.$KN5' + '911.0' + '.1"><' + 'p cla' + 'ss="p' + 'rc"da' + 'ta-re' + 'actid' + '=".1.' + '3.3.2' + '.0.$K' + 'N5911' + '.0.1.' + '0"><s' + 'pan d' + 'ata-r' + 'eacti' + 'd=".1') + ('.3.3.' + '2.0.$' + 'KN591' + '1.0.1' + '.0.0"' + '><i c' + 'lass=' + '"rmb"' + 'data-' + 'react' + 'id=".' + '1.3.3' + '.2.0.' + '$KN59' + '11.0.' + '1.0.0' + '.0">&' + 'yen;<' + '/i><s' + 'pan c' + 'lass=' + '"fix_' + 'price' + '"data' + '-reac' + 'tid="' + '.1.3.' + '3.2.0' + '.$KN5' + '911.0' + '.1.0.' + '0.1">' + '<span' + ' clas' + 's="pr' + 'c_wp"' + 'style' + '="wid' + 'th:48' + 'px">p' + 'rice_' + 'sole<' + '/span' + '></sp' + 'an></' + 'span>' + '</p><' + 'div c' + 'lass=' + '"vim"' + 'data-' + 'react' + 'id=".' + '1.3.3' + '.2.0.' + '$KN59' + '11.0.' + '1.1">' + '<span' + ' clas' + 's="v ' + 'dis"d' + 'ata-r' + 'eacti' + 'd=".1' + '.3.3.' + '2.0.$' + 'KN591' + '1.0.1' + '.1.$0' + '"></s' + 'pan><' + '/div>' + '</div' + '><div' + ' clas' + 's="co' + 'l-fol' + 'd"dat' + 'a-rea' + 'ctid=' + '".1.3' + '.3.2.' + '0.$KN' + '5911.' + '0.2">' + '<p cl' + 'ass="' + 'fd"da' + 'ta-re' + 'actid' + '=".1.' + '3.3.2' + '.0.$K' + 'N5911' + '.0.2.' + '0">收起' + '</p><' + '/div>' + '</div' + '><nos' + 'cript' + ' data' + '-reac' + 'tid="' + '.1.3.' + '3.2.0' + '.$KN5' + '911.1' + '"></n' + 'oscri' + 'pt></' + 'div>') , _0x548377 = ['中國南方航' + '空', '吉祥航空', '奧凱航空', '九元航空', '長龍航空', '東方航空', '中國國際航' + '空', '深圳航空', '海南航空', '春秋航空', '上海航空', '西部航空', '重慶航空', '西藏航空', '中國聯合航' + '空', '雲南祥鵬航' + '空', '雲南英安航' + '空', '廈門航空', '天津航空', '山東航空', '四川航空', '華夏航空', '長城航空', '成都航空有', '北京首都航' + '空', '中華航空', '義大利國家' + '航空公司', '印度百捷航' + '空', '越南航空', '遠東航空', '印度航空公' + '司', '印度捷特航' + '空有限公司', '以色列航空' + '公司', '義大利航空', '伊朗航空公' + '司', '印度尼西亞' + '鷹航空公司', '英國航空公' + '司', '西方天空航' + '空', '西捷航空', '西班牙歐洲' + '航空公司', '西班牙航空' + '公司', '中國南方航' + '空', '吉祥航空', '奧凱航空', '九元航空', '長龍航空', '東方航空', '中國國際航' + '空', '深圳航空', '海南航空', '春秋航空', '上海航空', '西部航空', '重慶航空', '西藏航空', '中國聯合航' + '空', '雲南祥鵬航' + '空', '雲南英安航' + '空', '廈門航空', '天津航空', '山東航空', '四川航空', '華夏航空', '長城航空', '成都航空有', '北京首都航' + '空', '中華航空', '義大利國家' + '航空公司', '印度百捷航' + '空', '越南航空', '遠東航空', '印度航空公' + '司', '印度捷特航' + '空有限公司', '以色列航空' + '公司', '義大利航空', '伊朗航空公' + '司', '印度尼西亞' + '鷹航空公司', '英國航空公' + '司', '西方天空航' + '空', '西捷航空', '西班牙歐洲' + '航空公司', '西班牙航空' + '公司'] , _0x5286d2 = 22 * 251 + -1721 + -3800 , _0xa24ff9 = ['北京首都國' + '際機場', '上海虹橋國' + '際機場', '上海浦東國' + '際機場', '天津濱海國' + '際機場', '太原武宿機' + '場', '呼和浩特白' + '塔機場', '瀋陽桃仙國' + '際機場', '大連周水子' + '國際機場', '長春大房身' + '機場', '哈爾濱閻家' + '崗國際機場', '齊齊哈爾三' + '家子機場', '佳木斯東郊' + '機場', '廈門高崎國' + '際機場', '福州長樂國' + '際機場', '杭州蕭山國' + '際機場', '合肥駱崗機' + '場', '寧波櫟社機' + '場', '南京祿口國' + '際機場', '廣州白雲國' + '際機場', '深圳寶安國' + '際機場', '長沙黃花機' + '場', '海口美亞機' + '場', '武漢天河機' + '場', '濟南遙牆機' + '場', '青島流亭機' + '場', '南寧吳墟機' + '場', '三亞鳳凰國' + '際機場', '重慶江北國' + '際機場', '成都雙流國' + '際機場', '昆明巫家壩' + '國際機場', '昆明長水國' + '際機場', '桂林兩江國' + '際機場', '西安咸陽國' + '際機場', '蘭州中川機' + '場', '貴陽龍洞堡' + '機場', '拉薩貢嘎機' + '場', '烏魯木齊地' + '窩堡機場', '南昌向塘機' + '場', '鄭州新鄭機' + '場', '北京首都國' + '際機場', '上海虹橋國' + '際機場', '上海浦東國' + '際機場', '天津濱海國' + '際機場', '太原武宿機' + '場', '呼和浩特白' + '塔機場', '瀋陽桃仙國' + '際機場', '大連周水子' + '國際機場', '長春大房身' + '機場', '哈爾濱閻家' + '崗國際機場', '齊齊哈爾三' + '家子機場', '佳木斯東郊' + '機場', '廈門高崎國' + '際機場', '福州長樂國' + '際機場', '杭州蕭山國' + '際機場', '合肥駱崗機' + '場', '寧波櫟社機' + '場', '南京祿口國' + '際機場', '廣州白雲國' + '際機場', '深圳寶安國' + '際機場', '長沙黃花機' + '場', '海口美亞機' + '場', '武漢天河機' + '場', '濟南遙牆機' + '場', '青島流亭機' + '場', '南寧吳墟機' + '場', '三亞鳳凰國' + '際機場', '重慶江北國' + '際機場', '成都雙流國' + '際機場', '昆明巫家壩' + '國際機場', '昆明長水國' + '際機場', '桂林兩江國' + '際機場', '西安咸陽國' + '際機場', '蘭州中川機' + '場', '貴陽龍洞堡' + '機場', '拉薩貢嘎機' + '場', '烏魯木齊地' + '窩堡機場', '南昌向塘機' + '場', '鄭州新鄭機' + '場']; if (window['page']) {} else window['page'] = 2333 * 3 + 458 * -5 + -4708; $['each'](_0x131e59, function(_0x282f1d, _0x4e0853) { _0x354583 += _0x1b89ba['repla' + 'ce']('price' + '_sole', _0x4e0853['value'])['repla' + 'ce']('中國聯合航' + '空', _0x548377[_0x5286d2 * window['page']])['repla' + 'ce']('大興國際', _0xa24ff9[parseInt(_0x5286d2 * window['page'] / (659 + 785 * -7 + 4838)) + (5666 * 1 + 2 * -4161 + 2657)])['repla' + 'ce']('寶安機場', _0xa24ff9[_0xa24ff9['lengt' + 'h'] - parseInt(_0x5286d2 * window['page'] / (8357 + -323 * 1 + -8032)) - (350 + -9 * 295 + 2306)]), _0x5286d2 += -156 * -53 + -78 * -111 + -16925; }), $('.m-ai' + 'rfly-' + 'lst')['text']('')['appen' + 'd'](_0x354583); }, 'complete': function() {}, 'error': function() { alert('資料拉取失' + '敗。可能是' + '觸發了風控' + '系統,若您' + '是正常訪問' + ',請使用谷' + '歌瀏覽器無' + '痕模式,並' + '且校準電腦' + '的系統時間' + '重新嘗試'), alert('生而為蟲,' + '我很抱歉,' + '請重新整理頁面' + ',檢視問題' + '是否存在'), $('.page' + '-mess' + 'age')['eq'](17 * -94 + 1014 + -4 * -146)['addCl' + 'ass']('activ' + 'e'), $('.page' + '-mess' + 'age')['remov' + 'eClas' + 's']('activ' + 'e'); } }); } - 重點關注
_0x5d83a3['m'] = _0x57feae + '丨' + _0x2268f9 / (-1 * 3483 + -9059 + 13542);這行程式碼,其餘m引數的生成有關,涉及到_0x57feae和_0x2268f9兩個變數。
_0x2268f9:var _0x2268f9 = Date['parse'](new Date()) + (16798545 + -72936737 + 156138192)就是對時間戳做了個加減法,還是比較好理解的,看下它的輸出結果。(等下這個地方在寫python程式碼需要注意一下)
_0x57feae:_0x57feae = oo0O0(_0x2268f9['toStr' + 'ing']()) + window['f']:將_0x2268f9的結果經oo0O0函式處理再拼接上window['f']。 - 看下
oo0O0函式是什麼。
- 將程式碼複製到一個js檔案中,執行測試一下,報錯
window未定義。
如果要去補程式碼的話比較麻煩,我們就採取在頁面中打斷點一步一步除錯,看跟window相關的變數值是什麼,直接進行替換。例如,window.a.length的值是6612,直接在程式碼中替換即可。
替換後的程式碼如下。let a = "\"isMRQsxrU]xtDhMbZJrrdvxPiiuypx] qz}® g°¤¯©¡tª¥¯º§¯·£¢³²¯¥ ĺ¡Ä½¢±Õ¿Ç¡É¹ײÓÏÔÎÓÖÏ¡¹Üɤ¤ßÃÉßòÝÂÄõÖëëõãÅëìÐÙÿðÕ÷ăøïûóÀòÕăþöÞáĒþăĆČăõùÑăďñÔĆýàĝòñôÞûôèĤċöĈģĎĉģïĜħđìġĖĉĵĊĉčĴħijľŁĢĴĤüĘĕĝņĴĿĩĺķĭĨĉĤĢĩČŀňĩʼnłĹĘŗİĭĬŘĵıİšŏĵŅťŋĥŅţŀţŅŧŜŨʼnIJňőūĹśŰřŹŞĹřŸūļĿųŰŁšƉũńńſţũſƀŤŲƏƕŷŶűőƄƏŗƋžƓƓƝƋŮŵƦƑŶŸƟƊŤŬƭƏƌŰƬƓžƐƫƠűƑƹƎƯƍƴƧƳƾƷƢƝƶƿƦơƄǃƫƩƈǂƹƝƾljƲƌǃǕǀƑǎǐƬƺƔǑljƽƜǒǍƱǗǢǏǗƱǟNjNJǛǚǖƽƨǠǒƫƴǰǗǂǔǯǚǕǻǭǐǞǻȁǣǢǝƽǰǻǃǷǪǿǿȉǷǚǡȇdzDzȂȋǶǐǘșǻǸǜȓȇǽǭȒȁǜǜȗǻȁȗȘǽǹǼȤȀȎǨȥȝȑǰȦȡȅȫȶȣȫȅȭȓȰșȮȪȑǼȴȦǿȈɄȫȖȨɃȮȩɏɁȤȲɏɕȷȶȱȑɄɏȗɋȾɓɓɝɋȮȵɕȻɘɀɟɊȤȬɭɏɌȰɧɛɑɁɦɕȰȰɫɏɕɫɬɑɍɐɸɔɢȼɹɱɥɄɺɵəɿʊɷɿəʒɽɢɥʂɾɥɐʈɺɓɜʘɿɪɼʗʂɽʣʕɸʆʣʩʋʊʅɥʘʣɫʟʒʧʧʱʟʂʉʺʥʊʌʳʞɸʀˁʣʠʄʻʯʥʕʺʩʄʄʿʣʩʿˀʥʡʤˌʨʶʐˍ˅ʹʘˎˉʭ˓˞ˋ˓ʭˠˇʲ˅˖˕˟ʤ˚˙ʽˍ˲˝ʽˢˬˢʱˉˬ˥ˊ˙˽˧˯ˉ˷ˣˢ˳˲˯˥ˠˁ˜˕˝˼ˮ̃ˤ́ˤˮˋ˕˦̗̈̊ˮ˦˨˕˲˪̒˜˶˜˹̗˺̘̝̜́̊˵̢̟̠̃˪̆ˬ̔˯̗̂̈˴̛̖̈˷̸̟̰̪́̒˼̵̷̵̵̛̹̱̥̺̙̙̻̥͈̯̱̭͚͎̝̭͎͎̣͈̤̬̼̄̿͊̿͂̍̐̐͋͋͛ͨ̿͊͘ͅͱ͈̾Ͳ̴͈́ͧͲ͕͌͘;͒ͯͲ̿ͬ͐;ͻ͑͘ͷ͜Όͬ̈́ͪ͋̓ͩ͠΄ΆΌͭ͢Ζ͐ͬ͵ΖΜͳͬ͗͡ΊΤΟ͞ΆΆΗΓάͣάΰ΄α·ΎͬΊΒΪκΐ͵ΝάΨίΉνΙΝͻυΛψΔΞόΠΈΣϐςΏνχΡϕΦΥΏΙέζΨΗβϠΰΙθήμϤμςπΧϕϟιϭξνϮαφϤϞϴϋϸόϺϐφϦθϔθϡϾϬϳϳξϦϦϘϷϫЌσЋϤψϺϐϼϝϐЏϷϵϔЎЅϩЊϛϿПКϡ϶ϾЄМВϡЉИДЛϵХЅЍϯϯНЧЁеІЅЦϹУЬз϶ООАЯУдϼрМЁЩидлЕрХЭюЏлєЌѐзТецлямѓчџџѝебЛџябѧѧшФіѦтмЧѫчѳѲѰыѨѦѷѐіѦжєњєкєўѿѿѝѥрѻџѨьҁѯѿѿҋѥѡѓҏѿ҇җҔѭѪѥ҆ѿҟҚҠҁѽҢҤѺҗҦҤѾҬҚѩ҃ҊҐѨ҇ҎҢѮ҈ҒҳҴґҙѴүғҜҀҵңҳҳӀҙҕӆӃҳӋӋӉҡҞҙҺҳӓӎӕҵұӖӘүӛӚҖҲҪӀӠҶҮӀҠҺӂӚӠӀҤҧҭӗӍӈҩӑҬӕөӈӅҳӳӣӕӻӷӑӍҿӻӬӐӿӺӘԈӝӴӝӖӜԍӡәӇԐӦӞӬӌӫӲӨӑӮԜӰԛӰӺԛԞӹԁӜԗӻԄӨԝԋԛԛԪԁӽӫԫԛԍԳԯԉԆԁԢԛԻԶӴԝԙԾӻԕԍӻՄԛՈԨԀԞԦԺԈԤԪԺՈԨԌՒԕԿԵԑԹԔԽՑԭ՞՛ՋգգաԹԵԟգՔԸէբՀհՍ՜ՅԾՀյՉՂՄչՎՆՄջՔՊՈԸՖմդռ՜ՀԿՉճթդՅխՈձօդաՋ֏տա֖֗խթ֗ֈլ֛֖մ֤օչղմգսյգ֬փպֲ֚ֆ֤ֈִ֊ַָָֹ֖֕֝ոֳ֗֠քַַֹ֧ׅ֝֙փַׇ֥֢֙֝־ַחגֵֹ֓ךםֲמלַ֮׀ֲֺ֥֟ׄ׀ֶ׀פֱׄ֨֯כב֭וְיֻקׯובװהל،סך؋צתענؚׯ״׳؏ؒן؋לؠ؇ײؖ؋؟،أؗدخׯد؟ؑططؘ״ئضؔػؖ؞ؔؿؙآؔ؟ئغآتب؈ئخؾٌجؐ؏ؙكعشؕؽؘفٕشر؛ُٟر٧٦ؽعا٧٘ؼ٫٦لٴـٳّٕٶٸُٻٺٸٓيِٿٗٴ٘ټٜـكىٳ٩٤م٭وٱڅ٤١ُڏٿٱڗړ٭٩ٛڗڈ٬ڛږٴڤٰڤڅځڦکپڛڪڨڂڊڢ٭چپڌڳڋڂڄٲڎګڮٻڧۀٸڼڣڎڡڲڧڻڨڿڳۋۋۉڡڝڇۋڻڝۓۓڴڐۂےڮڶڭۈڱڪۊۛڶھےۣڻڲۈڢھڶیڨۂ۟ۢگۛھڬ۰ۗۂەۦۛۯۜ۳ۧۉۿ۾ەۑڿۿۯۡ܇܇ۨۄ۶܆۪ۢۥۼۥ۞۠ܕ۩ۡۏېۮۦ۰۔۲ۺ۬ܟ۶۽ܖۣ܂۠ܤ܋۶܉ܚܣܐܧܛ܍ܳܯ܉܅۷ܳܣܫܻܻܜ۸ܪܺܖܞܝܰܙܒܔ܃ܝܕ܃ܣܪܘݑܦܞܜݕܪ݈݊ݗܬܶݗݙܵܽܘݓܷ݀ܤݙ݇ݗݗݥܹܽܣݧݗܹݯݮ݂݅ܽݞݗݷݲݸݏݘܳݷݒݰݐݻݖݞݔކݛݸݤފݟݦݠލݤݩނݏݻޔސݷݢݵކݻݔކޓއޟޟޝݵݱݛޟޏݱާާވݤޖަނތݧޫއލްފޒޘݱޏޮݶޓޚތޔޞޝޥހޟިތ߂ޯߏߋޥޡޓߏ߇ߗߔޭުޥ߆ߟߚޚ߁ߢޡޱޟߨߌީ߃ߊ߰߇ߤ߈ߵ߈ߒ߳ߴߑߙ߯ߓߜ߀߶ߣࠃ߳ࠀߙߕࠆࠃ߳ࠋࠋࠉߡߞߙߺ߳ࠓࠎࠔߪߴߏࠓ߮߶ߴࠗ߳ࠐ߸ࠢ߷ࠤ߰ߟࠨߴࠪࠆࠧࠩࠅࠍߨࠣࠇࠐߴࠪࠗ࠷ࠧ࠵ࠍࠉ߳࠷ࠧࠉ࠾ࠕࠒࠍࠧࡇࡂࡇࠩࠥࡊࡍࠢ࠙ࡎࡌࠦࡔ࠾ࡖࠬࠢࡊࠓࠤ࠰࠺࡛࡞࠹ࡁࠜࡗ࠻ࡄࠨ࡞ࡋ࡛ࡪࡁ࠽࡛ࠫࡍࡳࡉࡆࡁࡢ࡛ࡻࡶ࠵࡙ࡾ࠹ࡕࡍ࠻࡚ࡒࡔࡁࡦࡺࡆࡤࡪ࢈ࡨࡌࡕࡿࡵࡰࡑࡹࡔࢇࡰ࢛࢞ࢋࢣࢣࢡࡹࡵࢣࡸࢧࢢࢀࢰࡼࢯࢍࢲࡱࢉࢂࢌࡴࢎࢆ࢈ࡶࢊࢮࣂ࢞ࢿࣀ࢝ࢥࢀࢻ࢟ࢨࢌࣂࢯ࣏ࢿ࣌ࢥࢡ࣒࣏ࢿࣗࣗࣕࢭࢪࢥࣆࢿࣟࣚ࣠ࢷࣀ࢛ࣟࢺࣂࣀࣣࢽࣆ࣌ࢦࣂࢺࣈࢫࣈࢾࣈࣶ࣑࣋࣪ࢷࣣ࣬ࢴ࣮ࣣࣸࣟ࣊ࣝࢼ࣮࣯ࣻࣷइऄࣝࣙऊइࣷएएएࣰ࣌ࣾऎ࣏࣫ࣤओ࣮ऌࣤगࣱࣺࣸटࣷࣾऀदࣻनख࣠ऀࣵञ࣫गरࣨबओࣾऑढगࣰढयणऻऻहऑऍࣷऻफऍृृतऀलूठनःेणऩॎउधॄूऌफढसऐमड़ॊ॔ऴघफ़डोु़झॅठ॓फ़़ह४१ॗ९९७ॅुफ९ॠॄॳ८ौॼैऴढ़ख़ॾऽॕ्ऻग़॒॔ॅॠॖ॔ॣঀংএ।८এঐ७ॵॐঋ९ॸड़ॿটএজॵॱঢটএধধথॽॺॵখএযপললঋঁশখপॷীঠূঘঞতৄঘঢৃডিণবঐৃথএৃথমৃৣঠু০৩া৪৬ূ৲েৎৈ৴োী৸ৌ৷৺ঢ়স৳ৗৠৄ৺১ਇ৷ਆঢ়েਇ৷৩ਏৢঢ়৾৷ਗਘ৮ਗ৳৹ਞਜ৶৾ৼড়৻৲ਈ৾ਆ০ਃਯਢ৯ਛ৾৬ਰਗਂਕਦਛ৴ਦਲ਼ਧਉਿਾਕਿਯਡੇੇਨਸ਼ਢੂਇੋਨਭਫਲਤਐਮਦਰਗਪਸਸਜਛਥੀਡਤੀਧ੫ਜ਼ੳੲਲ਼ੳੈੲ੫੬਼ਖ਼ਫ਼ઌ੨ੈ੧ઔ੨ઌ੬ਖ਼ઃੴઋખੴੱટએઁધણ੫ધઘફદવકઑશહઅસચલુખઞઔૃછૈલટકાઋષૐઈૌળઞૂાથૃભગોભૣૣૄઠૢિૈણ૧ૃહ૮૬રોૌસૠૄૻ૮ଃોଇ૿ଏଌૢ૾ଗૹଚଜૹଞଜଔ૬ଥૺଘૣ૿૦ଂଯଢ૯ଛ૬ରଗଂକଦଢଉପଳଧଙିକଃିଯଷେେନଶଢପଝ଼ଥଞଠଢତଔମଡ଼ଲୠନଙଷଡ଼଼ଠଣୄଥ୍ନୟ୧ୄୁଯ୯ୟ୷୳୍୷୨ୌ୶଼ୡஆஉஊஈୢஐ୬ஒ୦ஆ୍୫୲ஐ୰ଢ଼இଡ଼ஓ୵୧ணஓநமஜயபஈஸஅதஆஔஷசஜேடஔதஈறவஐேனௗேவறௐழ௬ு௰ாீ௵ோ௸ைழௐௐ௸௯ு௩ఃேఋఓఒ௩ఓఄ௨గఒ௰ఠఋఌ௵௮௰௹௱నఆఈఄఊచ௪ఆఴఄబఌ௰௳௹ణఙఔ௵ఝ௸యషఔియడేృఝఙఋేసజోెతఠవఱౖౙమౚౘలనఝషమ౦లైఠావఫన౬ాౢ౦౯ౣ౻౻౹్ష౻౫్ಃಃీಂ౦ౡ౸ౡౚ౨ಋ౧಄ಂಔ౪ಈಂౕ౮ಆ౺ಛಛ౹ಁಗ౻಄౨ಟಒಛಧಁ౽౯ಫಛಣಳರಉಆಁಢಛಶಝಙಾೀಖಝೂೀಚೈತ಄ಟದಠಇಢೀಠತಮಭವಐೋಯಸಜೆವಱೢ೧೧ಽವೖ೯೪ೲ್ೲೋ೧ೌೊ೮ഀೞ೮ುೢഃഅೡ೩ೄೣ೬ഇೝഃ೩ഓഃഛചೱ೮೩ഊഃണഞೞഅഁദഩഫപ೧ഃഠറഈഎഀഌപണ഼സടഊഝമപല഻യേേഝങഃേഷങ൏൏രഌാൎബഴഏയഥ൚൘ളസൟശൄജ഻ലൖണ഼െ൧൧്നൣേഴ൫൞ു൧൳്഻൷൧൯ൿർൕ്൮൧ඇංඈ൞ൾൃඇൢ൪൜උ൮൬ඕ൪൲ආ൯൶ඊඞ൳൹ඒൟඋൾ൜චඇ൲අඖඒ൹කඣඉදණඅඁ൳දඟටභභ൴ඦබඒකඝඬඕඎඐൾඒඤ්ඞඖබජවඬෑඦඝෆඓඐුරඦඹ්ෆතීඹඵ෦ී෫෫෫ඨේ෪ෆ෦ණ෯්෨ෳූ෮ඹීේුขෘලේෳฌහจ෯ේ෭ฆซททต෭෩ීทง෩ฟฟොฎพ෴ෟรปสศขชย෬งฤจำฌขฐฌถืืตฝำทภคฮมืใฝนซ็ื฿๏์ลยฝื๗๒ณูี๚าษึิพฺโิยๆไใ้ฯ๛๎ฬ๗โ๕๙๙๕๑ใງງไຆํ๏ຘ๖ຠ๘ຂຣລກຉຟຌຨບຍຣັຉຳຣົ຺ຑຎຉສຣໃລມໆ້ພລ໊່ຣສ຺ຈ໔ຬ໓ຫາິ໐ະດປຝຽຸນແຜ໗ໜຸີວ໓ແຽໜເ່ໄ໙໕ຶ໑໊໌ົ໖໎໌ຼໜ໒ແໟ༌໘༄່༎໑ໍ໐་༐༚༗༇༟༟༝༟༐༣༞༬༁༘༁༯༅༴༌༂༪༏༆༔༓༰༈༔༞༿ཀ༝༥ༀ༻༟༨༌ང༶༩༿ཌ༥༡དྷཏ༿བྷབྷཕ༭༪༥ཆ༿ཟཚའ༶༰༛ཟ༺གངལ༽ཆ༸ཫགྷཊ༼༩ཆཤཬཌ༰༳༹ལཙཔ༵ཝ༸ཱིླྀཔད༿ཿཡ྇ྃཝཙཋ྇ླྀཛྷྋ྆ཤྔཡྀཀྵརཨཥནྜྷིཪོམླྀཾུྥཻྨྚཥོ྆ྦྷྪ྅ྍཨྣ྇ྐུྫྷྞྑྦྷྶྍྉཷྷྦྷྙ྿ྻྕྒྍྮྦྷ࿇࿂྄ྩྥ࿊྆ྡྚྜྌྦྷ࿔ྨ࿖ྪྲྫྷ࿚ྯྶ࿎࿔ྴྡ࿋࿁ྼྜྷ࿅ྠྼྐྵ࿗࿅࿁ྫ࿄࿌࿈ྵ࿙က࿖ဂက࿚ဈ࿐࿂࿘࿇࿚ဈ࿌࿋࿕࿑࿔ဏန࿗ရဋဣဢဣနဧဢကူထလစကဉခးဏဖလျဒယဲဖ၄ဲ၃ဘဢ၃၅အဩငဿဣာတ၈်ိ၃ၑဩဥဏၓ၃ဥၛၚေီဩ၊၃ၣၞၤ်ဟဟၣှၜးၧ၂၊၄ၯ၈၎၀ိ၊ၒၘူၐၕၮျၧႀးၼၣ၎ၡၲၮၥၺၿၳႋႋႉၡၝ၇ႋၻၝ႓႓ၴၐႂ႒ၯၨၓ႗ၳႏ႞ႜၶၾၼၝၻႂၸႪၾၶ႖ႫႀႊႫႫႉ႑ၬႧႋ႔ၸႰႢ႕ႫႷ႑ႍၿႻႫႳჃჀ႙႖႑ႲႫႢႬႇႦႮႜႩႲႤიႮႤოႲႺႨტႷფზნႼႠ႟ႩდჄႥჍႨუშჄჁႫჯჟჁჷჶჍႷჷშ჻ჶეᄄვჰკგეჁოზჶᄌფლჺყᄔფჍწჱᄊთᄃᄌეᄘჿცჽᄎᄊᄁᄖᄛᄏᄗᄧᄤჽჹᄪᄧᄗᄯᄯᄯᄐწᄞᄮᄌᄔჯᄳᄎᄬᄈᄷᄑᄚᄔჸᄖᅄᄜᄀᄛᄢᄤᄁᄞᄥᄾᄋᄷᅐᄈᅒᄲᄱᄵᅈᄵᄐᄥᅋᄻᄥᅋᅚᄱᄭᅖᅘᄸᄜᄟᄥᅐᄠᄵᅝᅋᅈᄬᅜᅏᄽᅈᅧᅛᅣᅳᅫᅈᅒᅳᅴᅑᅚᅑᅬᅟᅳᅝᅮᅢᅡᅝᅷᅘᅕᄿᆃᅫᅻᅾᅋᅷᅚᅈᆒᅲᅱᅵᆈᅵᅐᅥᆋᅻᅥᆋᆗᅱᅭᅼᆘᆏᆂᅵᆘᆑᅶᆅᆩᆓᆛᅵᅶᆘᆤᆁᆠᆞᆍᆣᆲᆉᆅᅳᆳᆣᆕᆻᆷᆐᆞᅸᆵᆭᆡᆀᆶᆱᆕᆻᇆᆳᆻᆕᇈᆯᆚᆭᆾᆲᆌᆌᇑᆨᆥᇆᇓᆻᆵᇛᇏᆱᆭᆴᇛᇃᇣᇣᇙᆸᇆᇣᇩᇋᇊᇅᆥᇘᇣᆫᇟᇜᆬᇁᇩᇗᇔᆸᇨᇛᇉᇔᇳᇞᇳᇳᆸᇡᆽᇕሂᇯᇑᇷሊᇪᇩᇭሀᇭᇈᇝሃᇳᇝሃሖᇶᇵᇹሌᇹᇔᇩሏᇿᇩሏሔᇵᇱሒሜᇹᇶᇽመላሟሉሚሎልሉሣሄሁለሯሗሧሪሰልሉሦሴሑልመሸሯሡሥᇽሯሻምሀሲሩሌሞምለቃሧሰሔሷቇቇርሩሼቆስሱቀቁቧሼቊቧቭሩቜቧሯባቕቐሱሴቑቸቧቯቮቷባታብቾቘቦኆቿቜቚቈኁበቩቱቤቭናኊቩብቸናቻትኛኔቱቭኘኁኅቝኛችበኒቬኩቾችቨኣኇነቴኪኗኧኮኍኜኦኹንኑአኮኡኜኪውኯኮኩኼዃኵኰኑኹኔዘዏዎዃዓዅዝኸዦዟዒያዌዣዛዣዦየዄውዳዪዉዅዘዳዛዕዻዴዑውዮዸዯዡዥኽዯዻዝዀዲዩዌጉዞዝወጃዧደዔጋዾዡጇጎይዩዼጆጟጟጙድዱጀጟጎጁጧጟዼጊጧጭጏጎጉዩጜጧዯጣጟጕጐዱጙዴጸጧጯጯጵጡጷጿጱጮጷፇጾጝጙጬፇጯጩፏፈጥጡፂፌፃጵጹፃፏጱጔፆጽጠ፝ጲጱጜፗጻፄጨ፠ፒፅ።ፁጽፐ፫ፚ፳፳፭ፉፅፔ፳።ፕ፻፳ፐ፞፻ᎁ፣።፝ጽ፰፻ፃ፷፳፩፤ፅ፭ፈ፥ᎌ፻ᎃᎃᎎ፵ᎇᎇᎍᎇ፥ᎋፏᎆᎏ᎒᎘፵፱ᎎᎇ᎗Ꭷ፹Ꭷ᎖፹Ꭳ፱᎓Ꭸ᎑Ꮁ᎖፱᎑ᎰᎣ፴፷Ꭻ፸ᎀᏁᎣᎠᎄᎻᎯᎥ᎕ᎺᎩᎄᎄᎿᎣᎩᎿᏂᎥᎡᎴᏌᏂ᎑ᎹᏈᏄᏋᎥᏐᎵᎾᎵ᎘ᏌᏔᎵᏕᏎᏅᎤᏣᎼᎹᏀᏤᏄᎨᏣᏥᏄᏁᏐᏱᏟᏅᏕᏵᏛᎵᏕᏳᏕᏰᏌᎺᏔᏢᏸᏝᏥᏝᐆᏴᏩᏺᏭᏨᏉᏤᏡᏰᐏᐗᏔᐓᏻᏹᏘᐒᐉᏭᐎᐙᐂᏜᐓᐥᐐᏡᐞᐠᐗᐊᐍᐜᐘᐟᏹᐠᐉᐏᐁᐵᐠᐫᐅᏵᐌᐆᐈᐐᐙᐿᐳᐙᐟᐑᑅᐰᐻᐕᐅᐜᐖᐘᐆᐠᐪᑋᑅᐻᐍᐤᑋᑁᑋᐥᑙᐪᐩᐬᐝᐲᐪᑛᑑᐹᐮᐰᐞᐼᐠᐸᑢᐼᑫᑟᐫᑎᑌᑫᑡᑑᑎᐬᑨᑔᐰᑉᑤᑙᑬᑮᑻᑔᑚᑜᒁᑖᑴᑜᑀᑛᑸᒃᑻᑨᑄᑝᑸᑥᑭᑭᑺᑲᒆᑌᒁᑪᑲᑴᑐᑰᑶᑸᑕᑳᒐᒎᒡᑸᑲᑜᑞᒆᒆᑸᒗᒋᒬᑤᒞᒗᑩᒁᒤᒑᑬᑬᒧᒋᒑᒧᒨᒍᒯᒑᒺᒧᒳᒕᒰᒭᒍᒳᓆᒱᒖᒘᓉᒪᒿᒿᓉᒷᒙᒿᓅᒤᒭᓆᓏᒫᒲᒤᓙᒬᒔᒼᓙᓇᒭᒽᓝᓃᒝᒽᓛᒸᓛᒽᓟᓔᓠᓁᒪᓀᓊᓫᓱᓓᓒᓍᒭᓠᓫᒳᓧᓚᒴᒼᓽᓟᓜᓀᓼᓣᓎᓠᓻᓧᓑᓄᓺᓳᓄᓈᓾᓮᓮᓨᔇᓳᔓᔆᔏᓫᓲᓤᔙᓬᔜᓨᔝᓴᓩᔓᓡᔃᔘᔁᔡᔆᓡᔁᔠᔓᓤᓧᔛᔘᓨᓽᔥᔓᔐᓴᔤᔗᔅᔐᔯᔚᔕᔻᔯᔐᔞᔻᓺᔢᔢᔔᔳᔦᕈᓿᔿᔪᔥᔬᔆᔣᔪᔬᕒᔧᔭᕆᕎᔨᔥᔰᕍᔯᕌᔸᔕᔲᕠᔼᕘᔸᔝᕅᕔᕐᕗᔱᕙᕁᕅᕛᕜᕅᕠᔫᕰᕇᕣᕦᕮᕈᕅᕐᔫᕑᕬᕈᔶᕐᕙᕺᕷᕢᖄᔿᔷᕚᕢᕨᖀᕠᕅᕝᖀᕹᕞᕭᖑᕻᖃᖃᖅᕭᕢᖖᖘᕯᖋᖏᕜᕰᕭᕴᖕᕷᖔᖀᕝᕺᖨᖄᖠᖗᖉᖍᕥᖗᖣᖅᕨᖚᖑᕴᖱᖆᖅᖉᖰᖥᖈᕼᖽᖧᕸᖾᖷᖢᖝᗃᖵᖘᖦᗃᗉᖫᖪᖥᖅᖸᗃᖋᗇᖲᖮᗒᖔᖶᗇᗋᖘᖬᖩᖨᖏᖵᗐᖛᗗᖶᗤᖴᗠᗆᗗᗚᗠᗗᗉᗍᖥᗗᗣᗅᖨᗚᗑᖴᗱᗆᗆᗍᖰᗤᗬᗍᗭᗦᗝᖼᗻᗔᗑᗜᗼᗲᗁᗩᗸᗴᗻᗕᗾᗥᗫᗝᘑᗼᘇᗡᗑᗨᗡᘊᗗᘅᘏᗩᘝᗮᗭᗬᗡᗴᗮᗰᗤᗽᗵᗽᘟᘔᘠᘁᗪᘀᘉᗧᘰᘈᗬᘕᘲᘠᘧᘧᗲᘚᘚᘌᘫᘞᘰᗷᘿᘘᗼᘔᘄᘧᘑᘄᙃᘫᘩᘈᙂᘹᘝᘾᙉᘲᘌᙃᙕᙀᘑᙎᘗᘺᙋᙖᘝᘾᘘᙏᙡᙌᘝᙚᙜᙒᘠᘽᙒᙊᙜᘧᘟᙃᙌᘨᘰᙉᙍᙣᙧᙉᙫᙍᙯᙚᙚᙍᙈᙧᘸᙙᙴᙚᙢᙜᙻᙦᙷᙈᙺᙲᙚᙝᚎᙺᙿᚂᚅᙲ᙭ᚆᙔ᙭ᙡᚇᚉᙫᙶᙰᙰᙾᙘᚡᚃᚂᙽᙝᚐ᚛ᙣᚗᚊᙥᙤᚡᚙᚍᙬᚢᚁᚧᚲᚧᚁᚩᚢᚙᙸᚷᚒᚴᚕᙸᚬᚳᚳᚶᚘᚦᛃᚂᚪᚪ᚜ᚻᚯᚚᚇᛁᚢᛄᛏᚎᚶᚶᚨᛇᚺᚶᚓᛓᚲᚺᛞᚠᛂ᚜ᛓᛥᛐᚡᛞᛠᚽᛆᚸᚫᛏᛣᚰᛱᛄᛂᛕᛤᛠᛧᛁᛩᛑᛖᛄᚻᛞᛰᛲᛕᛷᜃᛸᛯᛳᛀᛲᛕᜂᜎᛢᜀᜋᜁᛤ᜔ᛌᜆᛦᛩᜆᜋᜏᛛᛩᛡᛝᜥᜎᜅᛤᜟᜍᜭᛨᛨᜁᜁ᜵ᜎᛰᛸᜫ᜕ᜪᜳᛷᜱ᜴ᜥᜢᜃᜡᜟᜪᜤᝑᜤᜭᝆᝉ᜶ᜱᝋᝄᝏ᜔ᝉᜱᜲᜱᜥᝇᝅᝥᝊᜥᝅᝤᜨᜫᝒᝧᝧᝂᝉᝯᝪᝳᝳᝑចᝉᝲᝩᝈᝮᝈធᝳᝮᝓចᝪᝢᝤយᝮវᝳថដᝯខឃលᝪហឰឆឤឈᝬឋធមᝳថឆឯឬឞឳផឳឣឡឤ឵វខឩី឴ុផឿឥឩហេឨឌ឵្ៀះះធឺឺឬ់ើឺភីវឰឤំ៧ឤ៣់៉ឨ២៙ួ៩ះើ៤ៈ៷៲៰៦឴។៶៕៝័២ូ៳៴៰៹៕ៀៜ៕ៈៜៃ៩᠄៥᠀᠈៓᠏៩៨᠐៳៩᠒᠙៸ៜ៸᠁᠆᠈ᠤ᠀៨᠀ᠭ᠒ᠣᠤᠠᠩ᠅៰᠌᠅ᠫᠮ៸᠌៳᠙ᠴ᠕ᠰᠸ᠃ᠿ᠙᠘ᡀᠣ᠙ᡂᡉᠨᡆᡌᠧᡈᠤ᠑ᠬᠺ᠔ᡝᠿᠾᠹ᠙ᡌᡗᡓᡇᠶᠠᡝᡕᡉᠨᡞᡙᠽᡣᡮᡛᡣᠽᡥᡞᡕᠴᡳᡎᡯᡌᠶᡓᡉᡯᡳᡔᡢᠾᡦᡦᡘᡷᡪᢌᡃᡦᡫᡡᡜᡫᡟᡱᡣᡯᡎᢇᡪᡴᢍᢗᡱᡜᡸᡰᡱᢂᡟᢁᢆᢇᢞᢗᢍᢌᢌᢧᢠᢒᢧᢉᢧᢗᢕᢙᢢᢉᢵᢦᡸᢿᢼᢷᢄᣃᢰᢦᢙᣊᢵᢚᢩᢆᢹᢉᢿᢍᢾᣄᢜᣔᢪᣈᢐᢶᢼᢗᢴᢪᣒᣚᢵᣣᢴᢣᣑᣛᢵᣩᢺᢹᣌᢾᣟᣀᣓᣧᢴᣵᣈᣆᣙᣨᣤᣫᣅᣭᣕᣚᣈᢿᣢᣴᤃᣙᤇᣳᣄᣙᤆᣈᣨᣌᣤᤎᣭᣲᣬᤐᤆᣕᤌᤈᤏᣩᤔᤒᤛᣵᤁᤒᤊᤜᣧᣟᤂᤢᣧᣣᤉᤤᤢᤈᤅᤈᤏᤅᤴᤏᤰᤐᤗᤝᤶᤄᤝᤒᤔᤂᤜᤪ᥊ᤠᤙᤰᤌᤤ᥎ᤪᤲᤓᤋ᥎ᤓᤏᤵᥐ᥎ᥙᤴᥓᥕᤸᥨᤴᥠ᤻᥆᥄ᥤ᥀᥉ᥐᥱ᥇᥎ᥐᥬ᥍ᤴ᥌ᥚᥳᥐ᥍ᥙᥪᥢᥳᦅᥝᦉᥩᥦ᥇ᥤᥙᦆᦇᥤᥡᥤᦎᥪᦇᦊᦌᥥᦎᦔᦐᥰᥙᦖᥣᦇᦛᥨᦩᦍᦜᦘᦟᦠᦉᦎᥳᦖᦒᦶᥰᦐᥴᦈᦶᦐᦿᦳᦪᦡᦤᦻᦦᦷᦾᦄᦜᦄᦘᧅᦣᧀᦌᧃᦥᧇ᧓ᧈᦿᧃᦐᧂᦥ᧒᧞ᦲ᧓ᦟᧃ᧓᧞ᦥᧆ᧘ᧈᦠ᧔ᦹᦹ᧟᧫᧑ᦳ᧗᧧᧲ᦹ᧚᧻ᦸ᧮᧦ᨁ᧚᧢᧻᧘᧕᧤ᦻ᧡᧼᧬ᨅ᧠᧚᧤ᨌ᧲᧭ᨆᨌ᧧ᨈ᧸ᨚ᧬᧺᧔ᨋ᧾᧱ᨔᨍ᧲ᨁᨥᨏᨗ᧱ᨗᨆᨧ᧧ᨖᨍ᧬ᨣᨛ᧭᨞ᨱᨗᨧᨀ᧹ᨊᨉᨫᨰᨪᨌᨀᨼᨣᨎᨠᨻᨯᨦᨳᩈᨴᨪᨕᩋᨺᨿᩂᨕ\""; function oo0O0(mw) { let b = ''; for (var i = 0, len = 6612; i < len; i++) { console.log(a[i]); b += String["fromC" + "harCode"](a[i]["charCo" + "deAt"]() - i - 5) } var U = ['W5r5W6VdIHZcT8kU', 'WQ8CWRaxWQirAW==']; var J = function (o, E) { o = o - 0x0; var N = U[o]; if (J['bSSGte'] === undefined) { var Y = function (w) { var m = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=' , T = String(w)['replace'](/=+$/, ''); var A = ''; for (var C = 0x0, b, W, l = 0x0; W = T['charAt'](l++); ~W && (b = C % 0x4 ? b * 0x40 + W : W, C++ % 0x4) ? A += String['fromCharCode'](0xff & b >> (-0x2 * C & 0x6)) : 0x0) { W = m['indexOf'](W) } return A }; var t = function (w, m) { var T = [], A = 0x0, C, b = '', W = ''; w = Y(w); for (var R = 0x0, v = w['length']; R < v; R++) { W += '%' + ('00' + w['charCodeAt'](R)['toString'](0x10))['slice'](-0x2) } w = decodeURIComponent(W); var l; for (l = 0x0; l < 0x100; l++) { T[l] = l } for (l = 0x0; l < 0x100; l++) { A = (A + T[l] + m['charCodeAt'](l % m['length'])) % 0x100, C = T[l], T[l] = T[A], T[A] = C } l = 0x0, A = 0x0; for (var L = 0x0; L < w['length']; L++) { l = (l + 0x1) % 0x100, A = (A + T[l]) % 0x100, C = T[l], T[l] = T[A], T[A] = C, b += String['fromCharCode'](w['charCodeAt'](L) ^ T[(T[l] + T[A]) % 0x100]) } return b }; J['luAabU'] = t, J['qlVPZg'] = {}, J['bSSGte'] = !![] } var H = J['qlVPZg'][o]; return H === undefined ? (J['TUDBIJ'] === undefined && (J['TUDBIJ'] = !![]), N = J['luAabU'](N, E), J['qlVPZg'][o] = N) : N = H, N }; eval(atob("dmFyIGhleGNhc2U9MDt2YXIgYjY0cGFkPSIiO3ZhciBjaHJzej0xNjtmdW5jdGlvbiBoZXhfbWQ1KGEpe3JldHVybiBiaW5sMmhleChjb3JlX21kNShzdHIyYmlubChhKSxhLmxlbmd0aCpjaHJzeikpfWZ1bmN0aW9uIGI2NF9tZDUoYSl7cmV0dXJuIGJpbmwyYjY0KGNvcmVfbWQ1KHN0cjJiaW5sKGEpLGEubGVuZ3RoKmNocnN6KSl9ZnVuY3Rpb24gc3RyX21kNShhKXtyZXR1cm4gYmlubDJzdHIoY29yZV9tZDUoc3RyMmJpbmwoYSksYS5sZW5ndGgqY2hyc3opKX1mdW5jdGlvbiBoZXhfaG1hY19tZDUoYSxiKXtyZXR1cm4gYmlubDJoZXgoY29yZV9obWFjX21kNShhLGIpKX1mdW5jdGlvbiBiNjRfaG1hY19tZDUoYSxiKXtyZXR1cm4gYmlubDJiNjQoY29yZV9obWFjX21kNShhLGIpKX1mdW5jdGlvbiBzdHJfaG1hY19tZDUoYSxiKXtyZXR1cm4gYmlubDJzdHIoY29yZV9obWFjX21kNShhLGIpKX1mdW5jdGlvbiBtZDVfdm1fdGVzdCgpe3JldHVybiBoZXhfbWQ1KCJhYmMiKT09IjkwMDE1MDk4M2NkMjRmYjBkNjk2M2Y3ZDI4ZTE3ZjcyIn1mdW5jdGlvbiBjb3JlX21kNShwLGspe3Bbaz4+NV18PTEyODw8KChrKSUzMik7cFsoKChrKzY0KT4+PjkpPDw0KSsxNF09azt2YXIgbz0xNzMyNTg0MTkzO3ZhciBuPS0yNzE3MzM4Nzk7dmFyIG09LTE3MzI1ODQxOTQ7dmFyIGw9MjcxNzMzODc4O2Zvcih2YXIgZz0wO2c8cC5sZW5ndGg7Zys9MTYpe3ZhciBqPW87dmFyIGg9bjt2YXIgZj1tO3ZhciBlPWw7bz1tZDVfZmYobyxuLG0sbCxwW2crMF0sNywtNjgwOTc2OTM2KTtsPW1kNV9mZihsLG8sbixtLHBbZysxXSwxMiwtMzg5NTY0NTg2KTttPW1kNV9mZihtLGwsbyxuLHBbZysyXSwxNyw2MDYxMDU4MTkpO249bWQ1X2ZmKG4sbSxsLG8scFtnKzNdLDIyLC0xMDQ0NTI1MzMwKTtvPW1kNV9mZihvLG4sbSxsLHBbZys0XSw3LC0xNzY0MTg4OTcpO2w9bWQ1X2ZmKGwsbyxuLG0scFtnKzVdLDEyLDEyMDAwODA0MjYpO209bWQ1X2ZmKG0sbCxvLG4scFtnKzZdLDE3LC0xNDczMjMxMzQxKTtuPW1kNV9mZihuLG0sbCxvLHBbZys3XSwyMiwtNDU3MDU5ODMpO289bWQ1X2ZmKG8sbixtLGwscFtnKzhdLDcsMTc3MDAzNTQxNik7bD1tZDVfZmYobCxvLG4sbSxwW2crOV0sMTIsLTE5NTg0MTQ0MTcpO209bWQ1X2ZmKG0sbCxvLG4scFtnKzEwXSwxNywtNDIwNjMpO249bWQ1X2ZmKG4sbSxsLG8scFtnKzExXSwyMiwtMTk5MDQwNDE2Mik7bz1tZDVfZmYobyxuLG0sbCxwW2crMTJdLDcsMTgwNDY2MDY4Mik7bD1tZDVfZmYobCxvLG4sbSxwW2crMTNdLDEyLC00MDM0MTEwMSk7bT1tZDVfZmYobSxsLG8sbixwW2crMTRdLDE3LC0xNTAyMDAyMjkwKTtuPW1kNV9mZihuLG0sbCxvLHBbZysxNV0sMjIsMTIzNjUzNTMyOSk7bz1tZDVfZ2cobyxuLG0sbCxwW2crMV0sNSwtMTY1Nzk2NTEwKTtsPW1kNV9nZyhsLG8sbixtLHBbZys2XSw5LC0xMDY5NTAxNjMyKTttPW1kNV9nZyhtLGwsbyxuLHBbZysxMV0sMTQsNjQzNzE3NzEzKTtuPW1kNV9nZyhuLG0sbCxvLHBbZyswXSwyMCwtMzczODk3MzAyKTtvPW1kNV9nZyhvLG4sbSxsLHBbZys1XSw1LC03MDE1NTg2OTEpO2w9bWQ1X2dnKGwsbyxuLG0scFtnKzEwXSw5LDM4MDE2MDgzKTttPW1kNV9nZyhtLGwsbyxuLHBbZysxNV0sMTQsLTY2MDQ3ODMzNSk7bj1tZDVfZ2cobixtLGwsbyxwW2crNF0sMjAsLTQwNTUzNzg0OCk7bz1tZDVfZ2cobyxuLG0sbCxwW2crOV0sNSw1Njg0NDY0MzgpO2w9bWQ1X2dnKGwsbyxuLG0scFtnKzE0XSw5LC0xMDE5ODAzNjkwKTttPW1kNV9nZyhtLGwsbyxuLHBbZyszXSwxNCwtMTg3MzYzOTYxKTtuPW1kNV9nZyhuLG0sbCxvLHBbZys4XSwyMCwxMTYzNTMxNTAxKTtvPW1kNV9nZyhvLG4sbSxsLHBbZysxM10sNSwtMTQ0NDY4MTQ2Nyk7bD1tZDVfZ2cobCxvLG4sbSxwW2crMl0sOSwtNTE0MDM3ODQpO209bWQ1X2dnKG0sbCxvLG4scFtnKzddLDE0LDE3MzUzMjg0NzMpO249bWQ1X2dnKG4sbSxsLG8scFtnKzEyXSwyMCwtMTkyMTIwNzczNCk7bz1tZDVfaGgobyxuLG0sbCxwW2crNV0sNCwtMzc4NTU4KTtsPW1kNV9oaChsLG8sbixtLHBbZys4XSwxMSwtMjAyMjU3NDQ2Myk7bT1tZDVfaGgobSxsLG8sbixwW2crMTFdLDE2LDE4MzkwMzA1NjIpO249bWQ1X2hoKG4sbSxsLG8scFtnKzE0XSwyMywtMzUzMDk1NTYpO289bWQ1X2hoKG8sbixtLGwscFtnKzFdLDQsLTE1MzA5OTIwNjApO2w9bWQ1X2hoKGwsbyxuLG0scFtnKzRdLDExLDEyNzI4OTMzNTMpO209bWQ1X2hoKG0sbCxvLG4scFtnKzddLDE2LC0xNTU0OTc2MzIpO249bWQ1X2hoKG4sbSxsLG8scFtnKzEwXSwyMywtMTA5NDczMDY0MCk7bz1tZDVfaGgobyxuLG0sbCxwW2crMTNdLDQsNjgxMjc5MTc0KTtsPW1kNV9oaChsLG8sbixtLHBbZyswXSwxMSwtMzU4NTM3MjIyKTttPW1kNV9oaChtLGwsbyxuLHBbZyszXSwxNiwtNzIyODgxOTc5KTtuPW1kNV9oaChuLG0sbCxvLHBbZys2XSwyMyw3NjAyOTE4OSk7bz1tZDVfaGgobyxuLG0sbCxwW2crOV0sNCwtNjQwMzY0NDg3KTtsPW1kNV9oaChsLG8sbixtLHBbZysxMl0sMTEsLTQyMTgxNTgzNSk7bT1tZDVfaGgobSxsLG8sbixwW2crMTVdLDE2LDUzMDc0MjUyMCk7bj1tZDVfaGgobixtLGwsbyxwW2crMl0sMjMsLTk5NTMzODY1MSk7bz1tZDVfaWkobyxuLG0sbCxwW2crMF0sNiwtMTk4NjMwODQ0KTtsPW1kNV9paShsLG8sbixtLHBbZys3XSwxMCwxMTI2MTE2MTQxNSk7bT1tZDVfaWkobSxsLG8sbixwW2crMTRdLDE1LC0xNDE2MzU0OTA1KTtuPW1kNV9paShuLG0sbCxvLHBbZys1XSwyMSwtNTc0MzQwNTUpO289bWQ1X2lpKG8sbixtLGwscFtnKzEyXSw2LDE3MDA0ODU1NzEpO2w9bWQ1X2lpKGwsbyxuLG0scFtnKzNdLDEwLC0xODk0NDQ2NjA2KTttPW1kNV9paShtLGwsbyxuLHBbZysxMF0sMTUsLTEwNTE1MjMpO249bWQ1X2lpKG4sbSxsLG8scFtnKzFdLDIxLC0yMDU0OTIyNzk5KTtvPW1kNV9paShvLG4sbSxsLHBbZys4XSw2LDE4NzMzMTMzNTkpO2w9bWQ1X2lpKGwsbyxuLG0scFtnKzE1XSwxMCwtMzA2MTE3NDQpO209bWQ1X2lpKG0sbCxvLG4scFtnKzZdLDE1LC0xNTYwMTk4MzgwKTtuPW1kNV9paShuLG0sbCxvLHBbZysxM10sMjEsMTMwOTE1MTY0OSk7bz1tZDVfaWkobyxuLG0sbCxwW2crNF0sNiwtMTQ1NTIzMDcwKTtsPW1kNV9paShsLG8sbixtLHBbZysxMV0sMTAsLTExMjAyMTAzNzkpO209bWQ1X2lpKG0sbCxvLG4scFtnKzJdLDE1LDcxODc4NzI1OSk7bj1tZDVfaWkobixtLGwsbyxwW2crOV0sMjEsLTM0MzQ4NTU1MSk7bz1zYWZlX2FkZChvLGopO249c2FmZV9hZGQobixoKTttPXNhZmVfYWRkKG0sZik7bD1zYWZlX2FkZChsLGUpfXJldHVybiBBcnJheShvLG4sbSxsKX1mdW5jdGlvbiBtZDVfY21uKGgsZSxkLGMsZyxmKXtyZXR1cm4gc2FmZV9hZGQoYml0X3JvbChzYWZlX2FkZChzYWZlX2FkZChlLGgpLHNhZmVfYWRkKGMsZikpLGcpLGQpfWZ1bmN0aW9uIG1kNV9mZihnLGYsayxqLGUsaSxoKXtyZXR1cm4gbWQ1X2NtbigoZiZrKXwoKH5mKSZqKSxnLGYsZSxpLGgpfWZ1bmN0aW9uIG1kNV9nZyhnLGYsayxqLGUsaSxoKXtyZXR1cm4gbWQ1X2NtbigoZiZqKXwoayYofmopKSxnLGYsZSxpLGgpfWZ1bmN0aW9uIG1kNV9oaChnLGYsayxqLGUsaSxoKXtyZXR1cm4gbWQ1X2NtbihmXmteaixnLGYsZSxpLGgpfWZ1bmN0aW9uIG1kNV9paShnLGYsayxqLGUsaSxoKXtyZXR1cm4gbWQ1X2NtbihrXihmfCh+aikpLGcsZixlLGksaCl9ZnVuY3Rpb24gY29yZV9obWFjX21kNShjLGYpe3ZhciBlPXN0cjJiaW5sKGMpO2lmKGUubGVuZ3RoPjE2KXtlPWNvcmVfbWQ1KGUsYy5sZW5ndGgqY2hyc3opfXZhciBhPUFycmF5KDE2KSxkPUFycmF5KDE2KTtmb3IodmFyIGI9MDtiPDE2O2IrKyl7YVtiXT1lW2JdXjkwOTUyMjQ4NjtkW2JdPWVbYl1eMTU0OTU1NjgyOH12YXIgZz1jb3JlX21kNShhLmNvbmNhdChzdHIyYmlubChmKSksNTEyK2YubGVuZ3RoKmNocnN6KTtyZXR1cm4gY29yZV9tZDUoZC5jb25jYXQoZyksNTEyKzEyOCl9ZnVuY3Rpb24gc2FmZV9hZGQoYSxkKXt2YXIgYz0oYSY2NTUzNSkrKGQmNjU1MzUpO3ZhciBiPShhPj4xNikrKGQ+PjE2KSsoYz4+MTYpO3JldHVybihiPDwxNil8KGMmNjU1MzUpfWZ1bmN0aW9uIGJpdF9yb2woYSxiKXtyZXR1cm4oYTw8Yil8KGE+Pj4oMzItYikpfWZ1bmN0aW9uIHN0cjJiaW5sKGQpe3ZhciBjPUFycmF5KCk7dmFyIGE9KDE8PGNocnN6KS0xO2Zvcih2YXIgYj0wO2I8ZC5sZW5ndGgqY2hyc3o7Yis9Y2hyc3ope2NbYj4+NV18PShkLmNoYXJDb2RlQXQoYi9jaHJzeikmYSk8PChiJTMyKX1yZXR1cm4gY31mdW5jdGlvbiBiaW5sMnN0cihjKXt2YXIgZD0iIjt2YXIgYT0oMTw8Y2hyc3opLTE7Zm9yKHZhciBiPTA7YjxjLmxlbmd0aCozMjtiKz1jaHJzeil7ZCs9U3RyaW5nLmZyb21DaGFyQ29kZSgoY1tiPj41XT4+PihiJTMyKSkmYSl9cmV0dXJuIGR9ZnVuY3Rpb24gYmlubDJoZXgoYyl7dmFyIGI9aGV4Y2FzZT8iMDEyMzQ1Njc4OUFCQ0RFRiI6IjAxMjM0NTY3ODlhYmNkZWYiO3ZhciBkPSIiO2Zvcih2YXIgYT0wO2E8Yy5sZW5ndGgqNDthKyspe2QrPWIuY2hhckF0KChjW2E+PjJdPj4oKGElNCkqOCs0KSkmMTUpK2IuY2hhckF0KChjW2E+PjJdPj4oKGElNCkqOCkpJjE1KX1yZXR1cm4gZH1mdW5jdGlvbiBiaW5sMmI2NChkKXt2YXIgYz0iQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVphYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ejAxMjM0NTY3ODkrLyI7dmFyIGY9IiI7Zm9yKHZhciBiPTA7YjxkLmxlbmd0aCo0O2IrPTMpe3ZhciBlPSgoKGRbYj4+Ml0+PjgqKGIlNCkpJjI1NSk8PDE2KXwoKChkW2IrMT4+Ml0+PjgqKChiKzEpJTQpKSYyNTUpPDw4KXwoKGRbYisyPj4yXT4+OCooKGIrMiklNCkpJjI1NSk7Zm9yKHZhciBhPTA7YTw0O2ErKyl7aWYoYio4K2EqNj5kLmxlbmd0aCozMil7Zis9YjY0cGFkfWVsc2V7Zis9Yy5jaGFyQXQoKGU+PjYqKDMtYSkpJjYzKX19fXJldHVybiBmfTt3aW5kb3cuZiA9IGhleF9tZDUobXdxcXBweik=")[J('0x0', ']dQW')](J('0x1', 'GTu!'), '\x27' + mw + '\x27')); return '' } let mw = 1730475147000; oo0O0(mw);
執行發現還是報錯,還是提示window未定義。
可是window已經被替換完了,到底是哪裡出了問題?根據報錯位置定位,發現是eval語句的問題。
那我們把eval中的語句輸出看下是什麼,將eval替換成console.log,內容如下。
var hexcase = 0;
var b64pad = "";
var chrsz = 16;
function hex_md5(a) {
return binl2hex(core_md5(str2binl(a), a.length * chrsz))
}
function b64_md5(a) {
return binl2b64(core_md5(str2binl(a), a.length * chrsz))
}
function str_md5(a) {
return binl2str(core_md5(str2binl(a), a.length * chrsz))
}
function hex_hmac_md5(a, b) {
return binl2hex(core_hmac_md5(a, b))
}
function b64_hmac_md5(a, b) {
return binl2b64(core_hmac_md5(a, b))
}
function str_hmac_md5(a, b) {
return binl2str(core_hmac_md5(a, b))
}
function md5_vm_test() {
return hex_md5("abc") == "900150983cd24fb0d6963f7d28e17f72"
}
function core_md5(p, k) {
p[k >> 5] |= 128 << ((k) % 32);
p[(((k + 64) >>> 9) << 4) + 14] = k;
var o = 1732584193;
var n = -271733879;
var m = -1732584194;
var l = 271733878;
for (var g = 0; g < p.length; g += 16) {
var j = o;
var h = n;
var f = m;
var e = l;
o = md5_ff(o, n, m, l, p[g + 0], 7, -680976936);
l = md5_ff(l, o, n, m, p[g + 1], 12, -389564586);
m = md5_ff(m, l, o, n, p[g + 2], 17, 606105819);
n = md5_ff(n, m, l, o, p[g + 3], 22, -1044525330);
o = md5_ff(o, n, m, l, p[g + 4], 7, -176418897);
l = md5_ff(l, o, n, m, p[g + 5], 12, 1200080426);
m = md5_ff(m, l, o, n, p[g + 6], 17, -1473231341);
n = md5_ff(n, m, l, o, p[g + 7], 22, -45705983);
o = md5_ff(o, n, m, l, p[g + 8], 7, 1770035416);
l = md5_ff(l, o, n, m, p[g + 9], 12, -1958414417);
m = md5_ff(m, l, o, n, p[g + 10], 17, -42063);
n = md5_ff(n, m, l, o, p[g + 11], 22, -1990404162);
o = md5_ff(o, n, m, l, p[g + 12], 7, 1804660682);
l = md5_ff(l, o, n, m, p[g + 13], 12, -40341101);
m = md5_ff(m, l, o, n, p[g + 14], 17, -1502002290);
n = md5_ff(n, m, l, o, p[g + 15], 22, 1236535329);
o = md5_gg(o, n, m, l, p[g + 1], 5, -165796510);
l = md5_gg(l, o, n, m, p[g + 6], 9, -1069501632);
m = md5_gg(m, l, o, n, p[g + 11], 14, 643717713);
n = md5_gg(n, m, l, o, p[g + 0], 20, -373897302);
o = md5_gg(o, n, m, l, p[g + 5], 5, -701558691);
l = md5_gg(l, o, n, m, p[g + 10], 9, 38016083);
m = md5_gg(m, l, o, n, p[g + 15], 14, -660478335);
n = md5_gg(n, m, l, o, p[g + 4], 20, -405537848);
o = md5_gg(o, n, m, l, p[g + 9], 5, 568446438);
l = md5_gg(l, o, n, m, p[g + 14], 9, -1019803690);
m = md5_gg(m, l, o, n, p[g + 3], 14, -187363961);
n = md5_gg(n, m, l, o, p[g + 8], 20, 1163531501);
o = md5_gg(o, n, m, l, p[g + 13], 5, -1444681467);
l = md5_gg(l, o, n, m, p[g + 2], 9, -51403784);
m = md5_gg(m, l, o, n, p[g + 7], 14, 1735328473);
n = md5_gg(n, m, l, o, p[g + 12], 20, -1921207734);
o = md5_hh(o, n, m, l, p[g + 5], 4, -378558);
l = md5_hh(l, o, n, m, p[g + 8], 11, -2022574463);
m = md5_hh(m, l, o, n, p[g + 11], 16, 1839030562);
n = md5_hh(n, m, l, o, p[g + 14], 23, -35309556);
o = md5_hh(o, n, m, l, p[g + 1], 4, -1530992060);
l = md5_hh(l, o, n, m, p[g + 4], 11, 1272893353);
m = md5_hh(m, l, o, n, p[g + 7], 16, -155497632);
n = md5_hh(n, m, l, o, p[g + 10], 23, -1094730640);
o = md5_hh(o, n, m, l, p[g + 13], 4, 681279174);
l = md5_hh(l, o, n, m, p[g + 0], 11, -358537222);
m = md5_hh(m, l, o, n, p[g + 3], 16, -722881979);
n = md5_hh(n, m, l, o, p[g + 6], 23, 76029189);
o = md5_hh(o, n, m, l, p[g + 9], 4, -640364487);
l = md5_hh(l, o, n, m, p[g + 12], 11, -421815835);
m = md5_hh(m, l, o, n, p[g + 15], 16, 530742520);
n = md5_hh(n, m, l, o, p[g + 2], 23, -995338651);
o = md5_ii(o, n, m, l, p[g + 0], 6, -198630844);
l = md5_ii(l, o, n, m, p[g + 7], 10, 11261161415);
m = md5_ii(m, l, o, n, p[g + 14], 15, -1416354905);
n = md5_ii(n, m, l, o, p[g + 5], 21, -57434055);
o = md5_ii(o, n, m, l, p[g + 12], 6, 1700485571);
l = md5_ii(l, o, n, m, p[g + 3], 10, -1894446606);
m = md5_ii(m, l, o, n, p[g + 10], 15, -1051523);
n = md5_ii(n, m, l, o, p[g + 1], 21, -2054922799);
o = md5_ii(o, n, m, l, p[g + 8], 6, 1873313359);
l = md5_ii(l, o, n, m, p[g + 15], 10, -30611744);
m = md5_ii(m, l, o, n, p[g + 6], 15, -1560198380);
n = md5_ii(n, m, l, o, p[g + 13], 21, 1309151649);
o = md5_ii(o, n, m, l, p[g + 4], 6, -145523070);
l = md5_ii(l, o, n, m, p[g + 11], 10, -1120210379);
m = md5_ii(m, l, o, n, p[g + 2], 15, 718787259);
n = md5_ii(n, m, l, o, p[g + 9], 21, -343485551);
o = safe_add(o, j);
n = safe_add(n, h);
m = safe_add(m, f);
l = safe_add(l, e)
}
return Array(o, n, m, l)
}
function md5_cmn(h, e, d, c, g, f) {
return safe_add(bit_rol(safe_add(safe_add(e, h), safe_add(c, f)), g), d)
}
function md5_ff(g, f, k, j, e, i, h) {
return md5_cmn((f & k) | ((~f) & j), g, f, e, i, h)
}
function md5_gg(g, f, k, j, e, i, h) {
return md5_cmn((f & j) | (k & (~j)), g, f, e, i, h)
}
function md5_hh(g, f, k, j, e, i, h) {
return md5_cmn(f ^ k ^ j, g, f, e, i, h)
}
function md5_ii(g, f, k, j, e, i, h) {
return md5_cmn(k ^ (f | (~j)), g, f, e, i, h)
}
function core_hmac_md5(c, f) {
var e = str2binl(c);
if (e.length > 16) {
e = core_md5(e, c.length * chrsz)
}
var a = Array(16), d = Array(16);
for (var b = 0; b < 16; b++) {
a[b] = e[b] ^ 909522486;
d[b] = e[b] ^ 1549556828
}
var g = core_md5(a.concat(str2binl(f)), 512 + f.length * chrsz);
return core_md5(d.concat(g), 512 + 128)
}
function safe_add(a, d) {
var c = (a & 65535) + (d & 65535);
var b = (a >> 16) + (d >> 16) + (c >> 16);
return (b << 16) | (c & 65535)
}
function bit_rol(a, b) {
return (a << b) | (a >>> (32 - b))
}
function str2binl(d) {
var c = Array();
var a = (1 << chrsz) - 1;
for (var b = 0; b < d.length * chrsz; b += chrsz) {
c[b >> 5] |= (d.charCodeAt(b / chrsz) & a) << (b % 32)
}
return c
}
function binl2str(c) {
var d = "";
var a = (1 << chrsz) - 1;
for (var b = 0; b < c.length * 32; b += chrsz) {
d += String.fromCharCode((c[b >> 5] >>> (b % 32)) & a)
}
return d
}
function binl2hex(c) {
var b = hexcase ? "0123456789ABCDEF" : "0123456789abcdef";
var d = "";
for (var a = 0; a < c.length * 4; a++) {
d += b.charAt((c[a >> 2] >> ((a % 4) * 8 + 4)) & 15) + b.charAt((c[a >> 2] >> ((a % 4) * 8)) & 15)
}
return d
}
function binl2b64(d) {
var c = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
var f = "";
for (var b = 0; b < d.length * 4; b += 3) {
var e = (((d[b >> 2] >> 8 * (b % 4)) & 255) << 16) | (((d[b + 1 >> 2] >> 8 * ((b + 1) % 4)) & 255) << 8) | ((d[b + 2 >> 2] >> 8 * ((b + 2) % 4)) & 255);
for (var a = 0; a < 4; a++) {
if (b * 8 + a * 6 > d.length * 32) {
f += b64pad
} else {
f += c.charAt((e >> 6 * (3 - a)) & 63)
}
}
}
return f
};
window.f = hex_md5('1730485141000');
原來是最後一行中涉及到了window,對其改造一下,let f = hex_md5('1730485141000'),看下f的輸出是什麼。
其實這裡的window.f是跟_0x57feae變數相關的。因為我們可以看到oo0O0函式的返回值是空,實際上_0x57feae就等於window['f'],也就是上面程式碼中的f。
看頁面中_0x57feae的值,跟我們程式碼中得到的值一致,說明我們找對地方了。
10. 接下來只要根據_0x5d83a3['m'] = _0x57feae + '丨' + _0x2268f9 / (-1 * 3483 + -9059 + 13542);拼接即可得到m的值。編寫python程式碼嘗試訪問一下。
import time
import execjs
import requests
datetime = int(time.time()) # 這裡的時間需要跟js程式碼進行對照一下,一個地方錯了,計算出來的md5值就不對了
t = datetime * 1000 + 100000000
file = open("test2.js", mode="r")
exec_js = file.read()
exec_code = execjs.compile(exec_js)
m_first = exec_code.call("hex_md5", str(t))
m = m_first + "丨" + str(t // 1000)
url = "https://match.yuanrenxue.cn/api/match/1?page=1&m={}".format(m)
headers = {
"user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 "
"Safari/537.36",
"cookie": "Hm_lvt_c99546cf032aaa5a679230de9a95c7db=1730369936; HMACCOUNT=FB6A954ACD9C4235; qpfccr=true; no-alert3=true; tk=-5370204167750759641; sessionid=kecgrg5cfgt3pp816bhvux9ly89l7x4w; Hm_lvt_9bcbda9cbf86757998a2339a0437208e=1730370135; Hm_lpvt_9bcbda9cbf86757998a2339a0437208e=1730370135; Hm_lpvt_c99546cf032aaa5a679230de9a95c7db=1730370138"}
resp = requests.get(url, headers=headers)
print(resp.text)
得到結果如下,可以正確拿到結果。
11. 最終的完整程式碼如下。
import time
import execjs
import requests
import re
sum_price = 0
pattern = r'{"value": (?P<num>.*?)}'
count_num = 0
for i in range(1, 6):
datetime = int(time.time())
t = datetime * 1000 + 100000000
file = open("test2.js", mode="r")
exec_js = file.read()
exec_code = execjs.compile(exec_js)
m_first = exec_code.call("hex_md5", str(t))
m = m_first + "丨" + str(t // 1000)
url = "https://match.yuanrenxue.cn/api/match/1?page={}&m={}".format(i, m)
headers = {
"user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 "
"Safari/537.36",
"cookie": "Hm_lvt_c99546cf032aaa5a679230de9a95c7db=1730369936; HMACCOUNT=FB6A954ACD9C4235; qpfccr=true; no-alert3=true; tk=-5370204167750759641; sessionid=kecgrg5cfgt3pp816bhvux9ly89l7x4w; Hm_lvt_9bcbda9cbf86757998a2339a0437208e=1730370135; Hm_lpvt_9bcbda9cbf86757998a2339a0437208e=1730370135; Hm_lpvt_c99546cf032aaa5a679230de9a95c7db=1730370138"}
resp = requests.get(url, headers=headers)
string = resp.text
# print(string)
findall = re.findall(pattern, string)
for item in findall:
sum_price += int(item)
count_num += 1
print(sum_price//count_num)
執行結果如下。
12. 提交結果,成功通關。
