js逆向 webpack_JS逆向:Webpack打包后的代码怎么搞？猿人学爬虫比赛第十六题详细题解...

抓包分析

地址栏输入 地址，按下F12并回车，发现数据在这里:

查看cookie，无加密相关的字段。请求的接口倒是有个m的加密参数，看来这题的主要目的就是 看看m参数怎么进行加密的吧。

切换 Initiator,这请求也太明显了，点击下面所示的js文件:

跟进去并美化后，来到这里:

不用过多分析，m加密在这里:

1. r.m = n[e(528)](btoa, p_s),

2. r.t = p_s;

而这个实参 p_s 是由上面的这行代码生成的:

1. p_s = Date[e(496)](new Date)[e(517)]();

在 r.m 赋值的这行打上断点，请求第二页,控制台输入 btoa 并回车,双击跟进，来到这里:

看这个混淆，很明显的 obfuscator 混淆，直接将整个 732 copy下来保存到文件，并写出AST插件进行反混淆：

进行反混淆和删除垃圾代码， 优化后的btoa函数 :

1. function btoa(e) {

2. var f = "U9876543210zyxwvutsrqpomnlkjihgfdecbaZXYWVUTSRQPONABHICESQWK2Fi+9876543210zyxwvutsrqpomnlkjihgfdecbaZXYWVUTSRQPONABHICESQWK2Fi";

3. for (var o, a, s, l = 0, c = []; l < e["length"];) {

4. a = e["charCodeAt"](l), s = l % 6;

5. switch (s) {

6. case 0:

7. c["push"](f["charAt"](a >> 2));

8. break;

11. case 1:

12. c["push"](f["charAt"]((2 & o) << 3 | a >> 4));

13. break;

16. case 2:

17. c["push"](f["charAt"]((15 & o) << 2 | a >> 6)), c["push"](f["charAt"](a & 63));

18. break;

21. case 3:

22. c["push"](f["charAt"](a >> 3));

23. break;

26. case 4:

27. c["push"](f["charAt"]((o & 4) << 6 | a >> 6));

28. break;

31. case 5:

32. c["push"](f["charAt"]((o & 15) << 4 | a >> 8)), c["push"](f["charAt"](a & 63));

33. }

36. o = a, l++;

37. }

39. c["push"](f["charAt"]((o & 3) << 4)), c["push"]("FM");

41. return d(15) + md5(c["join"]("")) + d(10);

42. }

这里可以看到还有 d 函数 和 md5 函数，分别进行抠取和优化。

优化后的d函数:

1. function d(e) {

2. e = e ||32;

3. var l = "ABCDEFGHJKMNPQRSTWXYZabcdefhijkmnprstwxyz2345678";

4. var s = l["length"];

5. var c = "";

6. for (i = 0; i < e; i++) c += l["charAt"](Math["floor"](Math["random"]() * s));

7. return c;

8. }

优化后的md5函数:

1. function md5(e) {

2. function o(e, n) {

3. e[n >> 5] |= 128 << n % 32;

4. e[(n + 64 >>> 9 << 4) + 14] = n;

5. var b = 1732584193;

6. var x = -271733879;

7. var T = -1732584194;

8. var w = 271733878;

11. for (var d = 0; d < e["length"]; d += 16) {

12. var m = b;

13. var y = x;

14. var v = T;

15. var g = w;

16. b = s(b, x, T, w, e[d + 0], 7, -680976936);

17. w = s(w, b, x, T, e[d + 1], 12, -389564586);

18. T = s(T, w, b, x, e[d + 2], 17, 606105819);

19. x = s(x, T, w, b, e[d + 3], 22, -1044525330);

20. b = s(b, x, T, w, e[d + 4], 7, -176418897);

21. w = s(w, b, x, T, e[d + 5], 12, 1200080426);

22. T = s(T, w, b, x, e[d + 6], 17, -1473231341);

23. x = s(x, T, w, b, e[d + 7], 22, -45705983);

24. b = s(b, x, T, w, e[d + 8], 7, 1770035416);

25. w = s(w, b, x, T, e[d + 9], 12, -1958414417);

26. T = s(T, w, b, x, e[d + 10], 17, -42063);

27. x = s(x, T, w, b, e[d + 11], 22, -1990404162);

28. b = s(b, x, T, w, e[d + 12], 7, 1804550682);

29. w = s(w, b, x, T, e[d + 13], 12, -40341101);

30. T = s(T, w, b, x, e[d + 14], 17, -1502002290);

31. x = s(x, T, w, b, e[d + 15], 22, 1236531029);

32. b = l(b, x, T, w, e[d + 1], 5, -165796510);

33. w = l(w, b, x, T, e[d + 6], 9, -1069501632);

34. T = l(T, w, b, x, e[d + 11], 14, 643717713);

35. x = l(x, T, w, b, e[d + 0], 20, -373897302);

36. b = l(b, x, T, w, e[d + 5], 5, -701520691);

37. w = l(w, b, x, T, e[d + 10], 9, 38016083);

38. T = l(T, w, b, x, e[d + 15], 14, -660478335);

39. x = l(x, T, w, b, e[d + 4], 20, -405537848);

40. b = l(b, x, T, w, e[d + 9], 5, 568446438);

41. w = l(w, b, x, T, e[d + 14], 9, -1019803690);

42. T = l(T, w, b, x, e[d + 3], 14, -187363961);

43. x = l(x, T, w, b, e[d + 8], 20, 1163531501);

44. b = l(b, x, T, w, e[d + 13], 5, -1444681467);

45. w = l(w, b, x, T, e[d + 2], 9, -51403784);

46. T = l(T, w, b, x, e[d + 7], 14, 1735328473);

47. x = l(x, T, w, b, e[d + 12], 20, -1921207734);

48. b = u(b, x, T, w, e[d + 5], 4, -378558);

49. w = u(w, b, x, T, e[d + 8], 11, -2022574463);

50. T = u(T, w, b, x, e[d + 11], 16, 1839030562);

51. x = u(x, T, w, b, e[d + 14], 23, -35311556);

52. b = u(b, x, T, w, e[d + 1], 4, -1530992060);

53. w = u(w, b, x, T, e[d + 4], 11, 1272893353);

54. T = u(T, w, b, x, e[d + 7], 16, -155497632);

55. x = u(x, T, w, b, e[d + 10], 23, -1094730640);

56. b = u(b, x, T, w, e[d + 13], 4, 681279174);

57. w = u(w, b, x, T, e[d + 0], 11, -358537222);

58. T = u(T, w, b, x, e[d + 3], 16, -722881979);

59. x = u(x, T, w, b, e[d + 6], 23, 76029189);

60. b = u(b, x, T, w, e[d + 9], 4, -640364487);

61. w = u(w, b, x, T, e[d + 12], 11, -421815835);

62. T = u(T, w, b, x, e[d + 15], 16, 530742520);

63. x = u(x, T, w, b, e[d + 2], 23, -995338651);

64. b = c(b, x, T, w, e[d + 0], 6, -198630844);

65. w = c(w, b, x, T, e[d + 7], 10, 11261161415);

66. T = c(T, w, b, x, e[d + 14], 15, -1416354905);

67. x = c(x, T, w, b, e[d + 5], 21, -57434055);

68. b = c(b, x, T, w, e[d + 12], 6, 1700485571);

69. w = c(w, b, x, T, e[d + 3], 10, -1894446606);

70. T = c(T, w, b, x, e[d + 10], 15, -1051523);

71. x = c(x, T, w, b, e[d + 1], 21, -2054922799);

72. b = c(b, x, T, w, e[d + 8], 6, 1873313359);

73. w = c(w, b, x, T, e[d + 15], 10, -30611744);

74. T = c(T, w, b, x, e[d + 6], 15, -1560198380);

75. x = c(x, T, w, b, e[d + 13], 21, 1309151649);

76. b = c(b, x, T, w, e[d + 4], 6, -145523070);

77. w = c(w, b, x, T, e[d + 11], 10, -1120210379);

78. T = c(T, w, b, x, e[d + 2], 15, 718787259);

79. x = c(x, T, w, b, e[d + 9], 21, -343485551);

80. b = f(b, m);

81. x = f(x, y);

82. T = f(T, v);

83. w = f(w, g);

84. }

87. return Array(b, x, T, w);

88. }

91. function a(e, n, r, o, a, s) {

92. return f(d(f(f(n, e), f(o, s)), a), r);

93. }

96. function s(e, n, r, o, s, l, u) {

97. return a(n & r | ~n & o, e, n, s, l, u);

98. }

101. function l(e, n, r, o, s, l, u) {

102. return a(n & o | r & ~o, e, n, s, l, u);

103. }

106. function u(e, n, r, o, s, l, u) {

107. return a(n ^ r ^ o, e, n, s, l, u);

108. }

111. function c(e, n, r, o, s, l, u) {

112. return a(r ^ (n | ~o), e, n, s, l, u);

113. }

116. function f(e, n) {

117. var o = (65535 & e) + (n & 65535),

118. a = (e >> 16) + (n >> 16) + (o >> 16);

119. return a << 16 | o & 65535;

120. }

123. function d(e, n) {

124. return e << n | e >>> 32 - n;

125. }

128. function p(e) {

129. for (var r = Array(), o = 65535, a = 0; a < e["length"] * 16; a += 16) r[a >> 5] |= (e["charCodeAt"](a / 16) & o) << a % 32;

132. return r;

133. }

136. function h(e) {

137. for (var r = "0123456789abcdef", o = "", a = 0; a < e["length"] * 4; a++) o += r["charAt"](15 & e[a >> 2] >> a % 4 * 8 + 4) + r["charAt"](15 & e[a >> 2] >> a % 4 * 8);

140. return o;

141. }

144. return function (e) {

145. return h(o(p(e), 16 * e["length"]));

146. }(e);

147. }

代码合并后，运行不再报错。很快就写出了 Python代码:

1. # -*- coding: utf-8 -*-

2. import time

3. import execjs

4. import requests

9. def main():

10. sums = 0

11. headers = {"User-Agent": "yuanrenxue.project",}

14. with open("decode_16.js","r",encoding = "utf-8") as fp:

15. jscode = fp.read()

18. ctx = execjs.compile(jscode)

20. for i in range(1, 6):

21. t = str(int(time.time()*1000))

24. m = ctx.call("btoa",t)

26. params = {

27. "m":m,

28. "page":i,

29. "t":t,

30. }

31. response = requests.get(url="http://match.yuanrenxue.com/api/match/16",params = params,headers=headers).json()

32. for each in response["data"]:

33. sums += each["value"]

34. print(sums)

35. # 287383

40. if __name__ == "__main__":

41. main()

43.