js逆向求助
本帖最后由 krystal 于 2024-2-1 16:08 编辑整不出来啊各位好哥哥帮忙看一下(金币奉上)🤡
**网站地址:https://www.jsjiami.com/**
**触发条件:**
**逆向接口:https://www.jsjiami.com/auth_v_1_0/v7/js/js_obfuscator.json**
**干了一天没出来的参数:sojsonData**
***
**关键加密位置**
!(data/attachment/forum/202402/01/155602zld320qqdq0qfa2r.png)
var _0x58b14a = (Math.random() * 100).toString(32);
var _0x40fdd5 = so.trim(so("#source").val()); //代码
const result="js|" + _0x58b14a + "|" + _0x40fdd5.length
key在
t.prototype.getKey = function (t) {
if (!this.key) {
if (this.key = new it, t && "" === {}.toString.call(t)) return void this.key.generateAsync(this.default_key_size, this.default_public_exponent, t);
this.key.generate(this.default_key_size, this.default_public_exponent)
}
return this.key
}
size 1024
public 010001
取加密后算出
0bb81715e88746562c30593eab993e0937a97cb1748cec427d7cfefa06353dff9c86444cb28e972e5bfc10629327bbc7382ca86fe331b046acff12a65e02c37f4d0e03b7ddaff9b9bdc08e02ab8930783bb3db8cf0999d8af6a70cbe2dc9a1d386020d186e8b85538959fdd965c1e3abeece75d8a963ffc70c93bcbe5de217f7
走一层位运算
function c(t) {
var e, i, r = "";
for (e = 0; e + 3 <= t.length; e += 3) i = parseInt(t.substring(e, e + 3), 16), r += h.charAt(i >> 6) + h.charAt(63 & i);
for (e + 1 == t.length ? (i = parseInt(t.substring(e, e + 1), 16), r += h.charAt(i << 2)) : e + 2 == t.length && (i = parseInt(t.substring(e, e + 2), 16), r += h.charAt(i >> 2) + h.charAt((3 & i) << 4)); 0 < (3 & r.length);) r += "=";
return r
} 好像有通杀的,但是我不知道,等大佬来解答 标准ob,先用babel走ast解掉混淆,剩下直接覆盖本地文件无脑调就行了
也不建议用这个
直接用ob官方库比这个更好 李恒道 发表于 2024-2-1 16:35
标准ob,先用babel走ast解掉混淆,剩下直接覆盖本地文件无脑调就行了
也不建议用这个
直接用ob官方库比这个 ...
gg真快 我哭死{:4_115:} https://github.com/search?q=repo%3Atravist%2Fjsencrypt+generateAsync&type=code
库有点像这个 krystal 发表于 2024-2-1 16:38
gg真快 我哭死
写太多了
感兴趣可以正经看一下ast解混淆的那本书
然后多看一些其他大佬的ast代码
熟悉了之后普通ob几乎秒开
-------------------------------------------------
我刚开始入门好像就是搞得他家ast
李恒道 发表于 2024-2-1 16:46
写太多了
感兴趣可以正经看一下ast解混淆的那本书
然后多看一些其他大佬的ast代码
好的好的 AST狗都不玩
但是我玩{:4_115:}
可以了 之前漏了个分隔符
本帖最后由 krystal 于 2024-2-2 10:32 编辑李恒道 发表于 2024-2-1 16:35
标准ob,先用babel走ast解掉混淆,剩下直接覆盖本地文件无脑调就行了
也不建议用这个
直接用ob官方库比这个 ...import axios from "axios";
import qs from "qs";
import querystring from "querystring";
import { JSEncrypt } from "./lib/JSEncrypt";
var encrypt = new JSEncrypt();
encrypt.setPublicKey(
"-----BEGIN PUBLIC KEY-----MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCM2eQ5SNpL7Lbv9Uh6UPY/kk5Hpm1fwjPriMd2n3aACGQKus3L3xYnsd67BThXFh7+khiTZ0Ixm9HX03EbS8N6oggeoordvWN6oIS75RRhJFqHZhCdf18W27FmOoBp5tlQXPt0z7tdi3KG4D+4464tsbyybvESDCG3yWVeK0HB9wIDAQAB-----END PUBLIC KEY-----"
);
let urlParam = (Math.random() * 100).toString(32);
let source = 'console.log("Hello")'.replace(/(^\s*)|(\s*$)/g, "");
let result = "js|" + urlParam + "|" + source.length;
var sojsondata = encrypt.encrypt(result);
let sojsonhost = encrypt.encrypt("www.jsjiami.com" + "|" + +Date.now());
function request(urlParam, source, sojsondata, sojsonhost) {
var data = querystring.stringify({
source,
rotateStringArrayEnabled: "true",
compact: "true",
controlFlowFlattening: "true",
deadCodeInjection: "true",
imark: "true",
basic: "true",
controlFlowFlatteningThreshold: "0.7",
deadCodeInjectionThreshold: "0.5",
stringArrayEncoding: "rc4",
stringArrayThreshold: "0.7",
allRename: "false",
selfDefending: "false",
platform: "0",
stringArrayShuffle: "true",
splitStrings: "true",
stringArrayStorageItemNum: "3",
stringArrayStorageItemNum: "3",
simplify: "true",
numbersToExpressions: "true",
best: "true",
niub: "false",
autojs: "false",
encodeVersion: "jsjiami.com.v7",
basicName: "1",
selenium: "0",
unicodeEscapeSequence: "false",
debugProtection: "false",
disableConsoleOutput: "false",
domains: "",
reservedStrings: "",
reservedNames: "",
});
let url =
"https://www.jsjiami.com/auth_v_1_0/v7/js/js_obfuscator.json?v=" + urlParam;
var config = {
method: "POST",
headers: {
authority: "www.jsjiami.com",
method: "POST",
scheme: "https",
Accept: "application/json, text/javascript, */*; q=0.01",
path: "/auth_v_1_0/v7/js/js_obfuscator.json?v=" + urlParam,
"accept-language": "zh-CN,zh;q=0.9",
"cache-control": "max-age=0",
origin: "https://www.jsjiami.com",
pragma: "no-cache",
referer: "https://www.jsjiami.com/",
"sec-ch-ua":
'"Not_A Brand";v="8", "Chromium";v="120", "Google Chrome";v="120"',
"sec-ch-ua-mobile": "?0",
"sec-ch-ua-platform": '"Windows"',
"sec-fetch-dest": "empty",
"sec-fetch-mode": "cors",
"sec-fetch-site": "same-origin",
Cookie:
"Hm_lvt_75b5ae4b288fcf7d181cec6859c9754f=1706764075,1706770756,1706779344,1706838286; Hm_lpvt_75b5ae4b288fcf7d181cec6859c9754f=1706838286",
sojsondata,
sojsonhost,
"user-agent":
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36",
"x-requested-with": "XMLHttpRequest",
"content-type": "application/x-www-form-urlencoded",
},
data,
url,
};
axios(config)
.then(function (response) {
console.log(response.data);
})
.catch(function (error) {
console.log(error);
});
}
request(urlParam, source, sojsondata, sojsonhost);
页:
[1]
2