七麦网app榜单链接:https://www.qimai.cn/rank
七麦网analysis参数破解请查看妄为写代码,链接为:https://mp.weixin.qq.com/s/1E_ONUnMwTFozd9-dB70Yw
在此非常感谢【 妄为写代码】,我一直都没有接触过js混淆这块,想找个简单的js混淆学习,也没有接触过chrome的断点调试,通过作者的讲解,已经了解了chrome的断点调试,也学会了使用snippets进行js测试,也了解了打断点的需要注意的函数,收获很大,再次感谢。该作者还有其它网站解析的原创文,有几篇写的也很好,有需要的朋友可以关注下。
写这篇意义,1.记录自己的学习情况;2.在原文的情况下,进一步完善。
原文只分析到,第一页的情况,获取了第一页的analysis,但是如果滚动条往下滚,可以发现analysis是有了新的变化,同时需要以下7个参数,并且你继续往下滚,每次的analysis都是会变的。
查看断点,发现出现以下函数:
其实最终还是要进入到这个函数体里面:
红色框框的代码是转折的重点,一步步点击,你可以看到,这个函数把参数都放进m这个数组里面去了,同时绿色的框框,把m数组进行了排序,生成了一个字符串。可以看出,就是把所有参数合并在一起了。再往下走,你会发现进入了v函数
就是原文里面讲的v函数。把拼接的参数,先运行一遍v函数,运行完你会发现m变成这个了
再往下运行,你会发现,最终的m是这样
获取到这个m就成功了,后面跟原文一样,执行v(C(m_str,b_str))就行
这里说一个改动的地方,原文是取了44的长度,这里直接返回整个长度。
在此附上我所有的代码
function C(a, n) {
// n || (n = s()),
a = a["split"]("");
for (var t = a["length"], e = n["length"], r = "charCodeAt", i = 0; i < t; i++)
a[i] = m(a[i][r](0) ^ n[i % e][r](0));
return a["join"]("")
}
function m(n) {
var t = "fromCharCode";
return String[t](n)
}
function v(n) {
return n_fun(encodeURIComponent(n)["replace"](/%([0-9A-F]{2})/g, function (a, n) {
return m("0x" + n)
}))
}
function n_fun(t) {
var n;
n = e_from(t.toString(), "binary");
return q_fromB(n)
}
function e_from(t_str, b) {
var r = t_str.length;
t = new Uint8Array(r);
var i = t_write(t, t_str, b, r);
return t
}
function W(t) {
for (var e = [], n = 0; n < t.length; ++n)
e.push(255 & t.charCodeAt(n));
return e
}
function K(t, e, n, r) {
for (var i = 0; i < r && !(i + n >= e.length || i >= t.length); ++i)
e[i + n] = t[i];
return i
}
function t_write(t, e, b, r) {
return K(W(e), t, 0, r)
}
l = ["A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z", "a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "+", "/"]
// l = "A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z,0,1,2,3,4,5,6,7,8,9,+,/"
// l = l.split(",")
function q_fromB(t) {
for (var e, n = t.length, r = n % 3, i = "", o = [], a = 16383, u = 0, c = n - r; u < c; u += a)
o.push(s(t, u, u + a > c ? c : u + a));
return 1 === r ? (e = t[n - 1],
i += l[e >> 2],
i += l[e << 4 & 63],
i += "==") : 2 === r && (e = (t[n - 2] << 8) + t[n - 1],
i += l[e >> 10],
i += l[e >> 4 & 63],
i += l[e << 2 & 63],
i += "="),
o.push(i),
o.join("")
}
function s(t, e, n) {
for (var r, i = [], o = e; o < n; o += 3)
r = (t[o] << 16 & 16711680) + (t[o + 1] << 8 & 65280) + (255 & t[o + 2]),
i.push(a(r));
return i.join("")
}
function a(t) {
return l[t >> 18 & 63] + l[t >> 12 & 63] + l[t >> 6 & 63] + l[63 & t]
}
function get0analysis(synct, params) {
// 生成时间戳
var g = new Date() - 1000 * synct;
var e = new Date() - g - 1515125653845;
var analy = [];
var palist = [];
for (var key in params) {
palist.push(params[key])
}
var mm = palist["sort"]()["join"]("");
var mmm = v(mm);
var m_str0 = mmm + "@#/rank/indexPlus/brand_id/0@#" + e + "@#0";
var m_str1 = mmm + "@#/rank/indexPlus/brand_id/1@#" + e + "@#1";
var m_str2 = mmm + "@#/rank/indexPlus/brand_id/2@#" + e + "@#2";
var b_str = "00000008d78d46a";
var r0 = v(C(m_str0, b_str));
var r1 = v(C(m_str1, b_str));
var r2 = v(C(m_str2, b_str));
analy.push(r0, r1, r2);
return analy
}
import requests, os, execjs, json
headers = {
"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36",
"Content-Type": "application/x-www-form-urlencoded",
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8",
}
cookies = dict()
def getanaly(synct, params):
js_path = "%s/qimai.js" % "/".join(os.path.abspath(__file__).split("/")[:-1])
with open(js_path, 'r') as f:
js_content = f.read()
ctx = execjs.compile(js_content)
new_pwd = ctx.call("get0analysis", synct, params)
return new_pwd
def qimai():
resp = requests.get('https://www.qimai.cn/rank', headers=headers, verify=False)
cookies.update(resp.cookies.get_dict())
synct = cookies.get('synct')
for i in range(3):
params = {
'brand': 'all',
'country': 'cn',
'device': 'iphone',
'genre': '5000',
'date': '2019-04-17',
'page': 2 # 这里写1也是可以的
}
url = "https://api.qimai.cn/rank/indexPlus/brand_id/" + str(i)
analy_list = getanaly(synct, params)
params['analysis'] = analy_list[i]
resp = requests.get(url=url, params=params, headers=headers, verify=False, cookies=cookies)
resjson = json.loads(resp.text)
contents = resjson['list']
for content in contents:
appInfo = content['appInfo']
print(appInfo)
if __name__ == '__main__':
qimai()
1.感觉snippets挺好用的,可以脱离项目单独写js运行,测试js是否有效。
2.熟练运用这几个键,
3.最好懂点前端的知识,我最近在看前端,了解到拦截器,看到Promise.resolve,Promise.reject,才知道拦截器的作用和好处
4.要有耐心啊。。。这还是看着前人走过的路走的,要是我自己研究,不知道这绕来绕去的函数会不会把我绕晕