Dou音滑块日志分析

2024-05-26 20:12
文章标签 分析 日志 滑块 dou

本文主要是介绍Dou音滑块日志分析,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!

记得加入我们的学习群:961566389

点击链接加入群聊:[https://h5.qun.qq.com/s/62P0xwrCNO](https://h5.qun.qq.com/s/62P0xwrCNO)

1.插桩-打印日志

image-20240526170308690

获取背景和滑块的图片的接口一看没啥参数需要逆向的

image-20240526170717122

验证的接口body参数需要进行逆向,直接看启动器,找到合适的位置插桩,最终定位到产生body参数的vmp位置:

image-20240526171033626

其次在下面的apply调用的地方都加上日志输出:

image-20240526171140262

直接拖动一下,保留日志到本地进行分析

2.分析日志

这次我是直接从头往后分析,没有逆推,具体情况具体分析。

func:  ƒ (e){var t=n,a=e[t(228)+"h"];s[t(243)+"geLen"+t(204)]+=a,a=[a/4294967296>>>0,a>>>0];for(var f=r.codYh(s["fullM"+t(219)+t(216)+"th"][t(228)+"h"],1);f>=0;--f){s["fullMessag"+t(216)+"th"][f]+=a[1],a[1]=a… 
caleed,two args-> {"algorithm":"sha512","blockLength":128,"digestLength":64,"messageLength":2716,"fullMessageLength":[0,0,0,2716],"messageLengthSize":16,"messageLength128":[0,0,0,2716]} 
["{\"modified_img_width\":340,\"id\":\"e5e6bb223a3eafcfff268cf2b4fdc84475b09731\",\"mode\":\"slide\",\"KSQ\":[{\"x\":0,\"y\":86,\"relative_time\":125},{\"x\":11,\"y\":86,\"relative_time\":160},{\"x\":22,\"y\":86,\"relative_time\":196},{\"x\":31,\"y\":86,\"relative_time\":233},{\"x\":35,\"y\":86,\"relative_time\":271},{\"x\":36,\"y\":86,\"relative_time\":310},{\"x\":37,\"y\":86,\"relative_time\":346},{\"x\":37,\"y\":86,\"relative_time\":384}],\"jg2KgnF\":{\"AJeQfbTvl\":{\"x\":369,\"y\":351,\"time\":1716706984604},\"Ovx9sZrnP\":{\"x\":59,\"y\":327,\"time\":1716707288030},\"tUZ1hw\":[{\"x\":363,\"y\":355,\"time\":1716707287607},{\"x\":192,\"y\":366,\"time\":1716707287643},{\"x\":143,\"y\":369,\"time\":1716707287678},{\"x\":141,\"y\":369,\"time\":1716707287863},{\"x\":127,\"y\":367,\"time\":1716707287900},{\"x\":91,\"y\":355,\"time\":1716707287939},{\"x\":66,\"y\":337,\"time\":1716707287977},{\"x\":59,\"y\":328,\"time\":1716707288015},{\"x\":58,\"y\":326,\"time\":1716707288057},{\"x\":58,\"y\":325,\"time\":1716707288092},{\"x\":57,\"y\":319,\"time\":1716707288138},{\"x\":56,\"y\":314,\"time\":1716707288175},{\"x\":56,\"y\":312,\"time\":1716707288209},{\"x\":56,\"y\":312,\"time\":1716707288399},{\"x\":67,\"y\":312,\"time\":1716707288435},{\"x\":78,\"y\":312,\"time\":1716707288471},{\"x\":87,\"y\":312,\"time\":1716707288507},{\"x\":91,\"y\":312,\"time\":1716707288543},{\"x\":92,\"y\":312,\"time\":1716707288584},{\"x\":93,\"y\":312,\"time\":1716707288620},{\"x\":93,\"y\":312,\"time\":1716707288658}],\"jiLYUQ\":[],\"ugl\":[{\"x\":56,\"y\":312,\"time\":1716707288289,\"t\":0},{\"x\":56,\"y\":312,\"time\":1716707288414,\"t\":0},{\"x\":78,\"y\":312,\"time\":1716707288485,\"t\":0},{\"x\":91,\"y\":312,\"time\":1716707288560,\"t\":0},{\"x\":93,\"y\":312,\"time\":1716707288635,\"t\":0}]},\"env\":{\"canvas_hash\":\"f93ed480ebf91e8b3db9a\\",\"webgl_hash\":\"1f429dbe59a0c1370378ef\",\"font_hash\":\"1ba6bb535aebaf57631321298f5bf6e215d4347f75e15d394f0e3cdcb803ffe445cd942923787a306e3e2d07392e43853b43ad797cb8ab46\",\"audio_hash\":124.047657808103,\"time_offset\":-480,\"time_zone\":\"Asia/Shanghai\",\"languages\":[\"zh-CN\"],\"plugins\":[\"PDF Viewer\",\"Chrome PDF Viewer\",\"Chromium PDF Viewer\",\"Microsoft Edge PDF Viewer\",\"WebKit built-in PDF\"],\"platform\":\"MacIntel\",\"max_touch_points\":0,\"webdriver\":false,\"touch_actions\":[],\"mouse_actions\":[\"1,1\",\"1,1\",\"1,1\",\"1,1\",\"1,1\",\"1,1\",\"1,1\",\"1,1\",\"1,1\",\"1,1\"],\"device\":{\"model\":\"Macintosh\",\"vendor\":\"Apple\"},\"os\":{\"name\":\"Mac OS\",\"version\":\"10.15.7\"},\"browser\":{\"name\":\"Chrome\",\"version\":\"125.0.0.0\"},\"engine\":{\"name\":\"Blink\",\"version\":\"125.0.0.0\"},\"gpu\":{\"vendor\":\"Google Inc. (ATI Technologies Inc.)\",\"renderer\":\"ANGLE (ATI Technologies Inc., AMD Radeon Pro 560X OpenGL Engine, OpenGL 4.1)\"},\"resolution\":\"1680,1050\",\"browser_size\":\"1680,1050\",\"page_size\":\"1680,963\",\"captcha_origin\":\"0,0\",\"captcha_size\":\"380, 384\",\"mask_time\":171669208153662,\"loading_time\":1716692082536,\"ready_time\":1716692083010},\"a\":41}"] 
res-> {"algorithm":"sha512","blockLength":128,"digestLength":64,"messageLength":2716,"fullMessageLength":[0,0,0,2716],"messageLengthSize":16,"messageLength128":[0,0,0,2716]}

定位到js源码处:

image-20240526172251237

是sha512的update函数,传入参数见上日志,包含了轨迹、env信息。

接着:

func:  ƒ (){var t=n,r=new em;r.putBytes(c.bytes());var a=s["fullM"+t(219)+t(216)+"th"][s[t(245)+"essageLength"].length-1]+s["messa"+t(212)+"gthSize"]&s["block"+t(203)+"h"]-1;r.putBytes(eI.substr(0,s[t(195)+t(… caleed,two args-> {"algorithm":"sha512","blockLength":128,"digestLength":64,"messageLength":2716,"fullMessageLength":[0,0,0,2716],"messageLengthSize":16,"messageLength128":[0,0,0,2716]} [] res-> 
{"data":"‡žPŽ\n\u001bªò
òvŒ\u001elÇ!nÅ·ˆ\u0005z\u0017ÿ¦Lf¥\u001580—îvÎ\u0019±õÛ\u0005ç@Ä6±\u0007<&Rô­ë=z\u0016|CD(U€\u001d€.","read":0,"_constructedStringLength":64}

定位到js是digest函数,就是将刚才的数据进行digest操作。

接着:

func:  ƒ (){for(var e=Hg,t="",n=this.read;n<this[e(205)].length;++n){var r=this.data["charC"+e(224)](n);r<16&&(t+="0"),t+=r.toString(16)} return t} caleed,two args-> {"data":"‡žPŽ\n\u001bªò
òvŒ\u001elÇ!nÅ·ˆ\u0005z\u0017ÿ¦Lf¥\u001580—îvÎ\u0019±õÛ\u0005ç@Ä6±\u0007<&Rô­ë=z\u0016|CD(U€\u001d€.","read":0,"_constructedStringLength":64} [] res-> "879e508e0a1baaf285f2768c1e6cc7216ec5b788057a17ffa64c66a515383097ee76ce19b1f5db05e740c436b1073c2652f4adeb3d7a167c43442855801d802e"

定位到原js是tohex().

接着:

func:  
ƒ Wg(e){for(var t=Jg,n="",r=0;r<e[t(494)+"h"];r++){n+=e[t(481)+t(457)](r)["toStr"+t(458)](16)}return n} caleed,two args-> null ["{\"modified_img_width\":340,\"id\":\"e5e6bb223a3eafcfff268cf2b4fdc84475b09731\",\"mode\":\"slide\",\"KSQ\":[{\"x\":0,\"y\":86,\"relative_time\":125},{\"x\":11,\"y\":86,\"relative_time\":160},{\"x\":22,\"y\":86,\"relative_time\":196}.....省略一些] res-> "7b226d6f6469666965645f696d675f7769647468223a3334302c226964223a2265356536626232323361336561666366666632363863663262346664633834343735623039373331222c226d6f6465223a22736c696465222c224b5351223a5b7b2278223a302c2279223a38362c2272656c61746976655f74696d65223a3132357d2c7b2278223a31312c2279223a38362c2272656c61746976655f74696d65223a3136307......省略一些"

定位到js处是将字符串的charcode转成16进制字符串。

image-20240526173306214

接着:

captcha.js:1 func:  ƒ random() { [native code] } caleed,two args-> {} [] res-> 0.11919045665764205
captcha.js:1 t-> 99 p-> 3 m-> [] b-> [null,null,0,0.11919045665764205,null]
captcha.js:1 t-> 102 p-> 4 m-> [] b-> [null,null,0,0.11919045665764205,["0","1","2","3","4","5","6","7","8","9","A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R","S","T","U","V","W","X","Y","Z","a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z"]]
captcha.js:1 t-> 105 p-> 4 m-> [] b-> [null,null,0,0.11919045665764205,62]
captcha.js:1 t-> 106 p-> 3 m-> [] b-> [null,null,0,7.389808312773807,62]
captcha.js:1 t-> 107 p-> 2 m-> [] b-> [null,null,7,7.389808312773807,62]
captcha.js:1 t-> 110 p-> 1 m-> [] b-> [null,null,7,7.389808312773807,62]
captcha.js:1 t-> 113 p-> 2 m-> [] b-> [null,null,["0","1","2","3","4","5","6","7","8","9","A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R","S","T","U","V","W","X","Y","Z","a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z"],7.389808312773807,62]
captcha.js:1 t-> 116 p-> 3 m-> [] b-> [null,null,["0","1","2","3","4","5","6","7","8","9","A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R","S","T","U","V","W","X","Y","Z","a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z"],7,62]
captcha.js:1 t-> 117 p-> 2 m-> [] b-> [null,null,"7",7,62]
captcha.js:1 t-> 120 p-> 3 m-> [] b-> [null,null,"7",["L","2","t","0","s","e","F","q","O","w","K","d","i","2","g","L","B","o","m","5","U","z","f","V","4","b","3","m","2","4"],62]
captcha.js:1 t-> 123 p-> 4 m-> [] b-> [null,null,"7",["L","2","t","0","s","e","F","q","O","w","K","d","i","2","g","L","B","o","m","5","U","z","f","V","4","b","3","m","2","4"],30]
captcha.js:1 t-> 124 p-> 1 m-> [] b-> [null,null,"7",["L","2","t","0","s","e","F","q","O","w","K","d","i","2","g","L","B","o","m","5","U","z","f","V","4","b","3","m","2","4","7"],30]
captcha.js:1 t-> 127 p-> 3 m-> [] b-> [null,null,[[true],true,["0","1","2","3","4","5","6","7","8","9","A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R","S","T","U","V","W","X","Y","Z","a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z"],["L","2","t","0","s","e","F","q","O","w","K","d","i","2","g","L","B","o","m","5","U","z","f","V","4","b","3","m","2","4","7"],30,7],4,30]
captcha.js:1 t-> 128 p-> 2 m-> [] b-> [null,null,30,4,30]
captcha.js:1 t-> 129 p-> 1 m-> [] b-> [null,null,30,4,30]
captcha.js:1 t-> 79 p-> 1 m-> [] b-> [null,null,30,4,30]
captcha.js:1 t-> 82 p-> 2 m-> [] b-> [null,null,31,4,30]
captcha.js:1 t-> 84 p-> 3 m-> [] b-> [null,null,31,32,30]
captcha.js:1 t-> 85 p-> 2 m-> [] b-> [null,null,true,32,30]
captcha.js:1 t-> 88 p-> 1 m-> [] b-> [null,null,true,32,30]
captcha.js:1 t-> 90 p-> 2 m-> [] b-> [null,null,0,32,30]
captcha.js:1 t-> 93 p-> 3 m-> [] b-> [null,null,0,{},30]
captcha.js:1 t-> 94 p-> 4 m-> [] b-> [null,null,0,{},{}]
captcha.js:1 t-> 97 p-> 4 m-> [] b-> [null,null,0,{},null]
captcha.js:1 func function slice() { [native code] } called,args-> 5 5 res-> []
captcha.js:1 func:  ƒ random() { [native code] } caleed,two args-> {} [] res-> 0.4641664592050647
captcha.js:1 t-> 99 p-> 3 m-> [] b-> [null,null,0,0.4641664592050647,null]
captcha.js:1 t-> 102 p-> 4 m-> [] b-> [null,null,0,0.4641664592050647,["0","1","2","3","4","5","6","7","8","9","A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R","S","T","U","V","W","X","Y","Z","a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z"]]
captcha.js:1 t-> 105 p-> 4 m-> [] b-> [null,null,0,0.4641664592050647,62]
captcha.js:1 t-> 106 p-> 3 m-> [] b-> [null,null,0,28.778320470714014,62]
captcha.js:1 t-> 107 p-> 2 m-> [] b-> [null,null,28,28.778320470714014,62]
captcha.js:1 t-> 110 p-> 1 m-> [] b-> [null,null,28,28.778320470714014,62]
captcha.js:1 t-> 113 p-> 2 m-> [] b-> [null,null,["0","1","2","3","4","5","6","7","8","9","A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R","S","T","U","V","W","X","Y","Z","a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z"],28.778320470714014,62]
captcha.js:1 t-> 116 p-> 3 m-> [] b-> [null,null,["0","1","2","3","4","5","6","7","8","9","A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R","S","T","U","V","W","X","Y","Z","a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z"],28,62]
captcha.js:1 t-> 117 p-> 2 m-> [] b-> [null,null,"S",28,62]
captcha.js:1 t-> 120 p-> 3 m-> [] b-> [null,null,"S",["L","2","t","0","s","e","F","q","O","w","K","d","i","2","g","L","B","o","m","5","U","z","f","V","4","b","3","m","2","4","7"],62]
captcha.js:1 t-> 123 p-> 4 m-> [] b-> [null,null,"S",["L","2","t","0","s","e","F","q","O","w","K","d","i","2","g","L","B","o","m","5","U","z","f","V","4","b","3","m","2","4","7"],31]
captcha.js:1 t-> 124 p-> 1 m-> [] b-> [null,null,"S",["L","2","t","0","s","e","F","q","O","w","K","d","i","2","g","L","B","o","m","5","U","z","f","V","4","b","3","m","2","4","7","S"],31]
captcha.js:1 t-> 127 p-> 3 m-> [] b-> [null,null,[[true],true,["0","1","2","3","4","5","6","7","8","9","A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R","S","T","U","V","W","X","Y","Z","a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z"],["L","2","t","0","s","e","F","q","O","w","K","d","i","2","g","L","B","o","m","5","U","z","f","V","4","b","3","m","2","4","7","S"],31,28],4,31]
captcha.js:1 t-> 128 p-> 2 m-> [] b-> [null,null,31,4,31]
captcha.js:1 t-> 129 p-> 1 m-> [] b-> [null,null,31,4,31]
captcha.js:1 t-> 79 p-> 1 m-> [] b-> [null,null,31,4,31]
captcha.js:1 t-> 82 p-> 2 m-> [] b-> [null,null,32,4,31]
captcha.js:1 t-> 84 p-> 3 m-> [] b-> [null,null,32,32,31]
captcha.js:1 t-> 85 p-> 2 m-> [] b-> [null,null,false,32,31]
captcha.js:1 t-> 132 p-> 1 m-> [] b-> [null,null,false,32,31]
captcha.js:1 t-> 135 p-> 2 m-> [] b-> [null,null,["L","2","t","0","s","e","F","q","O","w","K","d","i","2","g","L","B","o","m","5","U","z","f","V","4","b","3","m","2","4","7","S"],32,31]
captcha.js:1 t-> 136 p-> 3 m-> [] b-> [null,null,["L","2","t","0","s","e","F","q","O","w","K","d","i","2","g","L","B","o","m","5","U","z","f","V","4","b","3","m","2","4","7","S"],["L","2","t","0","s","e","F","q","O","w","K","d","i","2","g","L","B","o","m","5","U","z","f","V","4","b","3","m","2","4","7","S"],31]
captcha.js:1 t-> 139 p-> 3 m-> [] b-> [null,null,["L","2","t","0","s","e","F","q","O","w","K","d","i","2","g","L","B","o","m","5","U","z","f","V","4","b","3","m","2","4","7","S"],null,31]
captcha.js:1 t-> 142 p-> 4 m-> [] b-> [null,null,["L","2","t","0","s","e","F","q","O","w","K","d","i","2","g","L","B","o","m","5","U","z","f","V","4","b","3","m","2","4","7","S"],null,""]
captcha.js:1 func function slice() { [native code] } called,args-> 4 5 res-> [""]
captcha.js:1 func:  ƒ join() { [native code] } caleed,two args-> ["L","2","t","0","s","e","F","q","O","w","K","d","i","2","g","L","B","o","m","5","U","z","f","V","4","b","3","m","2","4","7","S"] [""] res-> "L2t0seFqOwKdi2gLBom5UzfV4b3m247S"
captcha.js:1 t-> 144 p-> 2 m-> [] b-> [null,null,"L2t0seFqOwKdi2gLBom5UzfV4b3m247S",null,""]
captcha.js:1 t-> 147 p-> 4 m-> [] b-> [null,null,"L2t0seFqOwKdi2gLBom5UzfV4b3m247S",[[],"5BXnjhnQRpCcczSq4xKfN5kGCOU1CgQs",null,null,null,null],1]
captcha.js:1 t-> 148 p-> 2 m-> [] b-> [null,null,"L2t0seFqOwKdi2gLBom5UzfV4b3m247S",[[],"L2t0seFqOwKdi2gLBom5UzfV4b3m247S",null,null,null,null],1]
captcha.js:1 t-> 149 p-> 1 m-> [] b-> [null,null,"L2t0seFqOwKdi2gLBom5UzfV4b3m247S",[[],"L2t0seFqOwKdi2gLBom5UzfV4b3m247S",null,null,null,null],1]
captcha.js:1 t-> 152 p-> 2 m-> [] b-> [null,null,"L2t0seFqOwKdi2gLBom5UzfV4b3m247S",[[],"L2t0seFqOwKdi2gLBom5UzfV4b3m247S",null,null,null,null],1]
captcha.js:1 t-> 309 p-> 2 m-> [] b-> [null,null,"L2t0seFqOwKdi2gLBom5UzfV4b3m247S",[[],"L2t0seFqOwKdi2gLBom5UzfV4b3m247S",null,null,null,null],1]

产生32位长度的包含大小写数字的字符串。

接着:

func:  
ƒ (e){var t=n,a=e[t(228)+"h"];s[t(243)+"geLen"+t(204)]+=a,a=[a/4294967296>>>0,a>>>0];for(var f=r.codYh(s["fullM"+t(219)+t(216)+"th"][t(228)+"h"],1);f>=0;--f){s["fullMessag"+t(216)+"th"][f]+=a[1],a[1]=a… 
caleed,two args-> {"algorithm":"sha512","blockLength":128,"digestLength":64,"messageLength":32,"fullMessageLength":[0,0,0,32],"messageLengthSize":16,"messageLength128":[0,0,0,32]} ["L2t0seFqOwKdi2gLBom5UzfV4b3m247S"] res-> {"algorithm":"sha512","blockLength":128,"digestLength":64,"messageLength":32,"fullMessageLength":[0,0,0,32],"messageLengthSize":16,"messageLength128":[0,0,0,32]}

这个也是传入32位字符串sha512进行update。

接着也一样进行digest、tohex 操作,的到:

824b10a5e1bc0d5d96d029fc91890ab86e4fa2bc4f6aa8dd89ddd3b1c7e3122facf061db6deb876fe5f224c5c2f8b31e09bb3c88910eba3deda162b5db0387f6

captcha.js:1 t-> 224 p-> 1 m-> [] b-> ["824b10a5e1bc0d5d96d029fc91890ab86e4fa2bc4f6aa8dd89ddd3b1c7e3122facf061db6deb876fe5f224c5c2f8b31e09bb3c88910eba3deda162b5db0387f6","8f5711634f21ac9aa819d1cd6ba7b114e8e12a328280af677364c20e1489df3b972a53b13a24c7897ce426b40856756cbe754f768462a4e...","L2t0seFqOwKdi2gLBom5UzfV4b3m247S",[[],"L2t0seFqOwKdi2gLBom5UzfV4b3m247S",null,null,null,null],1]
captcha.js:1 t-> 225 p-> 0 m-> [] b-> ["824b10a5e1bc0d5d96d029fc91890ab86e4fa2bc4f6aa8dd89ddd3b1c7e3122facf061db6deb876fe5f224c5c2f8b31e09bb3c88910eba3deda162b5db0387f68f5711634f21ac9aa819d1cd6ba7b114e8e12a328280af677364c20e1489df3b972a53b13a24c7897ce426b40856756cbe754f768462a4eec4be6dcdcbfd86e5","8f5711634f21ac9aa819d1cd6ba7b114e8e12a328280af677364c20e1489df3b972a53b13a24c7897ce426b40856756cbe754f768462a4e...","L2t0seFqOwKdi2gLBom5UzfV4b3m247S",[[],"L2t0seFqOwKdi2gLBom5UzfV4b3m247S",null,null,null,null],1]

一看,突然出现了个8f5711634f21ac9aa819d1cd6ba7b114e8e12a328280af677364c20e1489df3b972a53b13a24c7897ce426b40856756cbe754f768462a4eec4be6dcdc...字符串和我们上面产生的824b10....进行了拼接。

这个可能是固定的salt哦,毕竟他是和随机产上的salt进行拼接。

接着:

func:  
ƒ Ug(e){var t=Jg,n="";return e[t(482)](/[\da-f]{2}/gi)[t(471)+"ch"]((function(e){var r=t;if("ZpPAZ"!==r(490)){return _0x1066c5[r(484)+"ing"]()[r(476)+"h"]("(((.+"+r(465)+"+$")[r(484)+"ing"]()[r(448)+r(… 
caleed,
two args-> null ["824b10a5e1bc0d5d96d029fc91890ab86e4fa2bc4f6aa8dd89ddd3b1c7e3122facf061db6deb876fe5f224c5c2f8b31e09bb3c88910eba3deda162b5db0387f68f5711634f21ac9aa819d1cd6ba7b114e8e12a328280af677364c20e1489df3b972a53b13a24c7897ce426b40856756cbe754f768462a4eec4be6dc..."] res-> "‚K\u0010¥á¼\r]–Ð)ü‘‰\n¸nO¢¼Oj¨Ý‰ÝÓ±Çã\u0012/¬ðaÛmë‡oåò$ÅÂø³\u001e\t»<ˆ‘\u000eº=í¡bµÛ\u0003‡öW\u0011cO!¬š¨\u0019ÑÍk§±\u0014èá*2‚€¯gsdÂ\u000e\u0014‰ß;—*S±:$lj|ä&´\bVul¾uOv„b¤îľmÍËý†å"

定位到原文:

    function Ug(e) {var t = Jg, n = "";return e[t(482)](/[\da-f]{2}/gi)[t(471) + "ch"]((function(e) {var r = t;if ("ZpPAZ" !== r(490)) {return _0x1066c5[r(484) + "ing"]()[r(476) + "h"]("(((.+" + r(465) + "+$")[r(484) + "ing"]()[r(448) + r(463) + "r"](_0x59eefd).search("(((.+" + r(465) + "+$")}n += String["fromC" + r(460) + "de"](parseInt(e, 16))})),n}

一看关键的一行:

n += String["fromCode"](parseInt(e, 16))

明显做了hex转string。

接着:

func:  ƒ (e){var t=n,a=e[t(228)+"h"];s[t(243)+"geLen"+t(204)]+=a,a=[a/4294967296>>>0,a>>>0];for(var f=r.codYh(s["fullM"+t(219)+t(216)+"th"][t(228)+"h"],1);f>=0;--f){s["fullMessag"+t(216)+"th"][f]+=a[1],a[1]=a… caleed,two args-> {"algorithm":"sha512","blockLength":128,"digestLength":64,"messageLength":128,"fullMessageLength":[0,0,0,128],"messageLengthSize":16,"messageLength128":[0,0,0,128]} ["‚K\u0010¥á¼\r]–Ð)ü‘‰\n¸nO¢¼Oj¨Ý‰ÝÓ±Çã\u0012/¬ðaÛmë‡oåò$ÅÂø³\u001e\t»<ˆ‘\u000eº=í¡bµÛ\u0003‡öW\u0011cO!¬š¨\u0019ÑÍk§±\u0014èá*2‚€¯gsdÂ\u000e\u0014‰ß;—*S±:$lj|ä&´\bVul¾uOv„b¤îľmÍËý†å"] res-> {"algorithm":"sha512","blockLength":128,"digestLength":64,"messageLength":128,"fullMessageLength":[0,0,0,128],"messageLengthSize":16,"messageLength128":[0,0,0,128]}

这是update。

接着:

func:  ƒ (){var t=n,r=new em;r.putBytes(c.bytes());var a=s["fullM"+t(219)+t(216)+"th"][s[t(245)+"essageLength"].length-1]+s["messa"+t(212)+"gthSize"]&s["block"+t(203)+"h"]-1;r.putBytes(eI.substr(0,s[t(195)+t(… caleed,two args-> {"algorithm":"sha512","blockLength":128,"digestLength":64,"messageLength":128,"fullMessageLength":[0,0,0,128],"messageLengthSize":16,"messageLength128":[0,0,0,128]} [] res-> {"data":"“þ°Œm÷\u0006G\f\u000b»í7ó7́ô\u001a@ƺP:0¡So
_Ǻd›qÎÂ\u0006?\u0015\nÚ¶àù^¤\\£Ž‘©Nµð\u00164¦
Êp","read":0,"_constructedStringLength":64}

这是digest操作

func:  ƒ (){for(var e=Hg,t="",n=this.read;n<this[e(205)].length;++n){var r=this.data["charC"+e(224)](n);r<16&&(t+="0"),t+=r.toString(16)}return t} caleed,two args-> {"data":"“þ°Œm÷\u0006G\f\u000b»í7ó7́ô\u001a@ƺP:0¡So
_Ǻd›qÎÂ\u0006?\u0015\nÚ¶àù^¤\\£Ž‘©Nµð\u00164¦
Êp","read":0,"_constructedStringLength":64} [] res-> "93feb08c6df706470c0bbb7fed37f337cd81f41a40c6ba503a30a1536f855fc7ba649b7f8f71cec2063f150adab6e0f95ea45ca38e91a94eb5f01634a685ca70"

这是tohex操作

接着:

captcha.js:1 func:  ƒ substring() { [native code] } caleed,two args-> "93feb08c6df706470c0bbb7fed37f337cd81f41a40c6ba503a30a1536f855fc7ba649b7f8f71cec2063f150adab6e0f95ea45ca38e91a94eb5f01634a685ca70" [0,64] res-> "93feb08c6df706470c0bbb7fed37f337cd81f41a40c6ba503a30a1536f855fc7"

取[0,64]子串操作。

接着:

captcha.js:1 func:  ƒ substring() { [native code] } caleed,two args-> "93feb08c6df706470c0bbb7fed37f337cd81f41a40c6ba503a30a1536f855fc7ba649b7f8f71cec2063f150adab6e0f95ea45ca38e91a94eb5f01634a685ca70" [64,88] res-> "ba649b7f8f71cec2063f150a"

也是一样的,取[64,68]

接着:

[{"aesKey":"93feb08c6df706470c0bbb7fed37f337cd81f41a40c6ba503a30a1536f855fc7","iv":"ba649b7f8f71cec2063f150a"},"ba649b7f8f71cec2063f150a",64,88,1]

发现得到了重要信息:AES KEY IV

ƒ Yg(e){var t=Jg;return new Uint8Array(e.match(/[\da-f]{2}/gi)[t(468)]((function(e){return parseInt(e,16)})))} caleed,two args->null ["879e508e0a1baaf285f2768c1e6cc7216ec5b788057a17ffa64c66a515383097ee76ce19b1f5db05e740c436b1073c2652f4adeb3d7a167c43442855801d802e7b226d6f6469666965645f696d675f7769647468223a3334302c226964223a2265356536626232323361336561666366666632363863663262346664633834343735623039373331222c226d6f6465223a22736c696465222c224b5351223a5b7b2278223a302c2279223a38362c2272656c61746976655f74696d65223a3132357d2c7b2278223a31312c2279223a38362c2272656c61746976655f74696d65223a3136307d2c7b2278223a32322c2279223a38362c2272656c61746976655f74696d65223a3139367d2c7b2278223a33312c2279223a38362c2272656c61746976655f74696d65223a3233337d2c7b2278223a33352c2279223a38362c2272656c61746976655f74696d65223a3237317d2c7b2278223a33362c2279223a38362c2272656c61746976655f74696d65223a3331307d2c7b2278223a33372c2279223a38362c2272656c61746976655f74696d65223a3334367d2c7b2278..."] res-> {"0":135,"1":158,"2":80,"3":142,"4":10,"5":27,"6":170,"7":242,"8":133,"9":242,"10":118,"11":140,"12":30,"13":108,"14":199,"15":33,"16":110,"17":197,"18":183,"19":136,"20":5,"21":122,"22":23,"23":255,"24":166,"25":76,"26":102,"27":165,"28":21,"29":56,"30":48,"31":151,"32":238,"33":118,"34":206,"35":25,"36":177,"37":245,"38":219,"39":5,"40":231,"41":64,"42":196,"43":54,"44":177,"45":7,"46":60,"47":38,"48":82,"49":244,"50":173,"51":235,"52":61,"53":122,"54":22,"55":124,"56":67,"57":68,"58":40,"59...

定位到原文:

    function Yg(e) {var t = Jg;return new Uint8Array(e.match(/[\da-f]{2}/gi)[t(468)]((function(e) {return parseInt(e, 16)})))}

16进制字符串转整数列表。这里为什么说是列表,是因为,我这里日志用的json.stringify打印出来的,所以看起来像字典,其实不是,是列表。

接着:

captcha.js:1 func function slice() { [native code] } called,args-> 5 6 res-> ["93feb08c6df706470c0bbb7fed37f337cd81f41a40c6ba503a30a1536f855fc7"]captcha.js:1 func:  ƒ Yg(e){var t=Jg;return new Uint8Array(e.match(/[\da-f]{2}/gi)[t(468)]((function(e){return parseInt(e,16)})))} caleed,two args-> null ["93feb08c6df706470c0bbb7fed37f337cd81f41a40c6ba503a30a1536f855fc7"] res-> {"0":147,"1":254,"2":176,"3":140,"4":109,"5":247,"6":6,"7":71,"8":12,"9":11,"10":187,"11":127,"12":237,"13":55,"14":243,"15":55,"16":205,"17":129,"18":244,"19":26,"20":64,"21":198,"22":186,"23":80,"24":58,"25":48,"26":161,"27":83,"28":111,"29":133,"30":95,"31":199}

把我们上面的AES的key转成了int列表。

接着:

captcha.js:1 func function slice() { [native code] } called,args-> 6 7 res-> ["ba649b7f8f71cec2063f150a"]captcha.js:1 func:  ƒ Yg(e){var t=Jg;return new Uint8Array(e.match(/[\da-f]{2}/gi)[t(468)]((function(e){return parseInt(e,16)})))} caleed,two args-> null ["ba649b7f8f71cec2063f150a"] res-> {"0":186,"1":100,"2":155,"3":127,"4":143,"5":113,"6":206,"7":194,"8":6,"9":63,"10":21,"11":10}

这个iv一样

接下来其实离我们最终解密已经不远了,下一篇中继续!!

记得加入我们的学习群:

记得加入我们的学习群:961566389

点击链接加入群聊:https://h5.qun.qq.com/s/62P0xwrCNO

这篇关于Dou音滑块日志分析的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!


http://www.chinasem.cn/article/1005472

相关文章

SpringBoot日志级别与日志分组详解

SpringBoot日志级别与日志分组详解

《SpringBoot日志级别与日志分组详解》文章介绍了日志级别(ALL至OFF)及其作用,说明SpringBoot默认日志级别为INFO,可通过application.properties调整全局或... 目录日志级别1、级别内容2、调整日志级别调整默认日志级别调整指定类的日志级别项目开发过程中,利用日志
阅读更多...
深度剖析SpringBoot日志性能提升的原因与解决

深度剖析SpringBoot日志性能提升的原因与解决

《深度剖析SpringBoot日志性能提升的原因与解决》日志记录本该是辅助工具,却为何成了性能瓶颈,SpringBoot如何用代码彻底破解日志导致的高延迟问题,感兴趣的小伙伴可以跟随小编一起学习一下... 目录前言第一章:日志性能陷阱的底层原理1.1 日志级别的“双刃剑”效应1.2 同步日志的“吞吐量杀手”
阅读更多...
java -jar example.jar 产生的日志输出到指定文件的方法

java -jar example.jar 产生的日志输出到指定文件的方法

《java-jarexample.jar产生的日志输出到指定文件的方法》这篇文章给大家介绍java-jarexample.jar产生的日志输出到指定文件的方法,本文给大家介绍的非常详细,对大家的... 目录怎么让 Java -jar example.jar 产生的日志输出到指定文件一、方法1:使用重定向1、
阅读更多...
c++日志库log4cplus快速入门小结

c++日志库log4cplus快速入门小结

《c++日志库log4cplus快速入门小结》文章浏览阅读1.1w次,点赞9次,收藏44次。本文介绍Log4cplus,一种适用于C++的线程安全日志记录API,提供灵活的日志管理和配置控制。文章涵盖... 目录简介日志等级配置文件使用关于初始化使用示例总结参考资料简介log4j 用于Java,log4c
阅读更多...
Android 缓存日志Logcat导出与分析最佳实践

Android 缓存日志Logcat导出与分析最佳实践

《Android缓存日志Logcat导出与分析最佳实践》本文全面介绍AndroidLogcat缓存日志的导出与分析方法,涵盖按进程、缓冲区类型及日志级别过滤,自动化工具使用,常见问题解决方案和最佳实... 目录android 缓存日志(Logcat)导出与分析全攻略为什么要导出缓存日志?按需过滤导出1. 按
阅读更多...
nginx配置错误日志的实现步骤

nginx配置错误日志的实现步骤

《nginx配置错误日志的实现步骤》配置nginx代理过程中,如果出现错误,需要看日志,可以把nginx日志配置出来,以便快速定位日志问题,下面就来介绍一下nginx配置错误日志的实现步骤,感兴趣的可... 目录前言nginx配置错误日志总结前言在配置nginx代理过程中,如果出现错误,需要看日志,可以把
阅读更多...
Linux中的HTTPS协议原理分析

Linux中的HTTPS协议原理分析

《Linux中的HTTPS协议原理分析》文章解释了HTTPS的必要性:HTTP明文传输易被篡改和劫持,HTTPS通过非对称加密协商对称密钥、CA证书认证和混合加密机制,有效防范中间人攻击,保障通信安全... 目录一、什么是加密和解密?二、为什么需要加密?三、常见的加密方式3.1 对称加密3.2非对称加密四、
阅读更多...
MySQL中读写分离方案对比分析与选型建议

MySQL中读写分离方案对比分析与选型建议

《MySQL中读写分离方案对比分析与选型建议》MySQL读写分离是提升数据库可用性和性能的常见手段,本文将围绕现实生产环境中常见的几种读写分离模式进行系统对比,希望对大家有所帮助... 目录一、问题背景介绍二、多种解决方案对比2.1 原生mysql主从复制2.2 Proxy层中间件:ProxySQL2.3
阅读更多...
python使用Akshare与Streamlit实现股票估值分析教程(图文代码)

python使用Akshare与Streamlit实现股票估值分析教程(图文代码)

《python使用Akshare与Streamlit实现股票估值分析教程(图文代码)》入职测试中的一道题,要求:从Akshare下载某一个股票近十年的财务报表包括,资产负债表,利润表,现金流量表,保存... 目录一、前言二、核心知识点梳理1、Akshare数据获取2、Pandas数据处理3、Matplotl
阅读更多...
python panda库从基础到高级操作分析

python panda库从基础到高级操作分析

《pythonpanda库从基础到高级操作分析》本文介绍了Pandas库的核心功能,包括处理结构化数据的Series和DataFrame数据结构,数据读取、清洗、分组聚合、合并、时间序列分析及大数据... 目录1. Pandas 概述2. 基本操作:数据读取与查看3. 索引操作:精准定位数据4. Group
阅读更多...

Copyright China编程 23002807@qq.com

沪ICP备2023033072号-2