某简壁纸(ob混淆,js逆向)

emmm,这是今天在群里摸鱼聊天的时候一位老哥发出来的,最近被某宝app折磨得及其痛苦,就拿这个站来放松一下吧…

网址:aHR0cHM6Ly9iei56enptaC5jbi9pbmRleA==

一、抓包分析
打开控制台有反调试,输入下面这个代码就能过掉了

Function.prototype.__constructor_back = Function.prototype.constructor;
Function.prototype.constructor = function() {
     
    if(arguments && typeof arguments[0]==='string'){
     
        //alert("new function: "+ arguments[0]);
        if("debugger" === arguments[0]){
     
            //arguments[0]="console.log(\"anti debugger\");";
            //arguments[0]=";";
            return
        }
    }
   return Function.prototype.__constructor_back.apply(this,arguments);
}

点击翻页的时候,可以看到getData这个包有数据返回,但数据是经过加密的(安澜大佬说过:像这样数据加密的,直接下xhr断点,只要你足够耐心,一直单步,总能找到解密函数~)
某简壁纸(ob混淆,js逆向)_第1张图片
二、跟栈分析
这里的话,直接点进图中这个栈就能看到一些很明显的特征某简壁纸(ob混淆,js逆向)_第2张图片
这不就是链接后面的地址吗,在这行下断然后单步跟进去
某简壁纸(ob混淆,js逆向)_第3张图片
某简壁纸(ob混淆,js逆向)_第4张图片
跟进来后可以看到[‘data’][‘result’],返回的加密数据中也key值也是result,验证一下,下断点打印看看
某简壁纸(ob混淆,js逆向)_第5张图片

可以看到解密后的数据正是我们想要的(图片的地址拼接需要图中i对应的值)

三、找到解密函数
根据上面的分析可以知道_0x1b3984[‘a’][‘decipher’]是解密函数的入口,跟进去
某简壁纸(ob混淆,js逆向)_第6张图片
return返回的就是解密后的数据了,至于怎么扣呢,先不用管混淆,单步跟进每个函数里面,然后逐步扣下来,然后就完成啦

注:这个网站翻页偶尔都弹验证码的,不过比较简单,相信如果看过我前几篇关于验证码的文章都可以搞出来,最后祝大家国庆快乐!

window=global;
atob = function(r) {
     
    e = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
    var o = String(r).replace(/=+$/, "");
    for (var n, a, i = 0, c = 0, d = ""; a = o.charAt(c++); ~a && (n = i % 4 ? 64 * n + a : a,
    i++ % 4) ? d += String.fromCharCode(255 & n >> (-2 * i & 6)) : 0)
        a = e.indexOf(a);
    return d
}

var _0x2fc7 = ['wochw63CgsOh', 'dGYWwpzDtcOuw44=', 'BMK6wpPCq8Of', 'woh5X8OnMw==', 'P8OSwoElw5jDkA==', 'wpJ9w5/CnGs=', 'HwjCmxQ=', 'wq1GAMO9CcO3', 'wqpswqwHPcKN', 'cRpIw7V6cA==', 'L21/w6I=', 'TsKiwrzCjsKEMA==', 'SMKQbcOwPMOWH8O7', 'RcO1wpbDm8O6', 'BBoSEyo=', 'WcO7woM=', 'LsOpwqnChQ==', 'w5lXYQfDlA==', 'w4ANSsO8', 'woUiw67Cmw==', 'woosw5fDvcOTw43DmQ==', 'VQwBGzZzPn8=', 'wpBNHRxBLMOxFw==', 'woktw67CmMO0Dg==', 'wqlnwq4PKMKB', 'IMKqZyfCjQ==', 'w5REwonDosKwwoNUwrvCvTFL', 'w5AcCcOuGcKhwrwHd8ORwpE=', 'wpjDqBrDh2nChRnDtMO+wpvDsMO8wq9rLw==', 'w7/DvcOxDWrCh8OK', 'wr5cDsO7J8O3worCky0=', 'b2oRwpzDs8Oyw5Bh', 'wo5zR8OyMsOtwqvDpQ==', 'w6PClRcm', 'w40pQ8KwZDA=', 'wp9+QcOsNsKuwrrDpsKxw4gXwpMNfQ==', 'w7rDlUprOsOcwotKag==', 'cwxow4tueyMFFMORwp1WOsKd', 'w4scWEccZcOxFsOww4oBVH1Q'];
(function(_0x2c5577, _0x17a726) {
     
    var _0x398121 = function(_0x3b7631) {
     
        while (--_0x3b7631) {
     
            _0x2c5577['push'](_0x2c5577['shift']());
        }
    };
    _0x398121(++_0x17a726);
}(_0x2fc7, 0x83));
var _0x3194 = function(_0x1cba17, _0xcfe055) {
     
    _0x1cba17 = _0x1cba17 - 0x0;
    var _0x59be99 = _0x2fc7[_0x1cba17];
    if (_0x3194['UnRNJc'] === undefined) {
     
        (function() {
     
            var _0x114d5b;
            try {
     
                var _0x3fc3bf = Function('return\x20(function()\x20' + '{}.constructor(\x22return\x20this\x22)(\x20)' + ');');
                _0x114d5b = _0x3fc3bf();
            } catch (_0x1a1046) {
     
                _0x114d5b = window;
            }
            var _0x45ecf4 = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';
            _0x114d5b['atob'] || (_0x114d5b['atob'] = function(_0x2021ea) {
     
                var _0x2513e1 = String(_0x2021ea)['replace'](/=+$/, '');
                for (var _0x1b1a6f = 0x0, _0x3023db, _0x435495, _0x18ef51 = 0x0, _0x152fa4 = ''; _0x435495 = _0x2513e1['charAt'](_0x18ef51++); ~_0x435495 && (_0x3023db = _0x1b1a6f % 0x4 ? _0x3023db * 0x40 + _0x435495 : _0x435495,
                _0x1b1a6f++ % 0x4) ? _0x152fa4 += String['fromCharCode'](0xff & _0x3023db >> (-0x2 * _0x1b1a6f & 0x6)) : 0x0) {
     
                    _0x435495 = _0x45ecf4['indexOf'](_0x435495);
                }
                return _0x152fa4;
            }
            );
        }());
        var _0x33aed5 = function(_0x56843b, _0xcfe055) {
     
            var _0x15f05c = [], _0x43aaf4 = 0x0, _0x3beae3, _0x57f07c = '', _0x257ca3 = '';
            _0x56843b = atob(_0x56843b);
            for (var _0x2659fa = 0x0, _0x28d696 = _0x56843b['length']; _0x2659fa < _0x28d696; _0x2659fa++) {
     
                _0x257ca3 += '%' + ('00' + _0x56843b['charCodeAt'](_0x2659fa)['toString'](0x10))['slice'](-0x2);
            }
            _0x56843b = decodeURIComponent(_0x257ca3);
            for (var _0x1fd8c1 = 0x0; _0x1fd8c1 < 0x100; _0x1fd8c1++) {
     
                _0x15f05c[_0x1fd8c1] = _0x1fd8c1;
            }
            for (_0x1fd8c1 = 0x0; _0x1fd8c1 < 0x100; _0x1fd8c1++) {
     
                _0x43aaf4 = (_0x43aaf4 + _0x15f05c[_0x1fd8c1] + _0xcfe055['charCodeAt'](_0x1fd8c1 % _0xcfe055['length'])) % 0x100;
                _0x3beae3 = _0x15f05c[_0x1fd8c1];
                _0x15f05c[_0x1fd8c1] = _0x15f05c[_0x43aaf4];
                _0x15f05c[_0x43aaf4] = _0x3beae3;
            }
            _0x1fd8c1 = 0x0;
            _0x43aaf4 = 0x0;
            for (var _0x21c602 = 0x0; _0x21c602 < _0x56843b['length']; _0x21c602++) {
     
                _0x1fd8c1 = (_0x1fd8c1 + 0x1) % 0x100;
                _0x43aaf4 = (_0x43aaf4 + _0x15f05c[_0x1fd8c1]) % 0x100;
                _0x3beae3 = _0x15f05c[_0x1fd8c1];
                _0x15f05c[_0x1fd8c1] = _0x15f05c[_0x43aaf4];
                _0x15f05c[_0x43aaf4] = _0x3beae3;
                _0x57f07c += String['fromCharCode'](_0x56843b['charCodeAt'](_0x21c602) ^ _0x15f05c[(_0x15f05c[_0x1fd8c1] + _0x15f05c[_0x43aaf4]) % 0x100]);
            }
            return _0x57f07c;
        };
        _0x3194['eUjNwO'] = _0x33aed5;
        _0x3194['MmcvBM'] = {
     };
        _0x3194['UnRNJc'] = !![];
    }
    var _0x1cc11c = _0x3194['MmcvBM'][_0x1cba17];
    if (_0x1cc11c === undefined) {
     
        if (_0x3194['NNxMLo'] === undefined) {
     
            _0x3194['NNxMLo'] = !![];
        }
        _0x59be99 = _0x3194['eUjNwO'](_0x59be99, _0xcfe055);
        _0x3194['MmcvBM'][_0x1cba17] = _0x59be99;
    } else {
     
        _0x59be99 = _0x1cc11c;
    }
    return _0x59be99;
};

function _0x333786(_0x2226a8) {
     
    for (var _0x56a369 = window['atob'](_0x2226a8), _0x41f114 = new Int8Array(_0x56a369['length']), _0x41ac2a = 0x0; _0x41ac2a < _0x56a369['length']; _0x41ac2a++)
        _0x41f114[_0x41ac2a] = _0x56a369['charCodeAt'](_0x41ac2a);
    return _0x41f114;
}

function _0x243f1a(_0x2226a8) {
     
    for (var _0x56a369 = [-0x6f, 0x34, 0x5b, 0x41, -0x41, 0x74, 0x77, 0x6a, -0x79, -0x52, -0x5, 0x50, 0x33, 0x61, 0x44, -0x53, -0x70, -0x33, 0x17, -0x2e, -0x22, -0x72, -0x37, -0xb, -0x7f, 0x5a, 0x21, 0x16, -0x1f, 0x32, -0x11, 0x14, -0x2c, 0xf, -0x5e, -0x7b, 0x76, -0x17, -0x3d, 0x72, 0x47, -0x68, -0x7e, -0x75, -0x51, -0x36, -0x12, -0x6e, -0x4, -0x5f, -0x5b, 0x5e, -0x50, -0xe, 0x78, 0x69, 0x55, 0x68, -0x56, -0x6c, 0x43, 0x19, 0x65, 0x6c, 0x10, -0x69, 0x6f, -0xa, 0x75, -0x49, 0x4d, 0x59, -0x1d, -0x62, -0x44, 0x70, 0x6b, -0x1, 0x56, 0x79, 0x58, -0x65, -0x7c, 0x45, -0x1e, -0x8, -0x71, -0x4a, -0x76, 0x39, -0x19, 0xc, -0x73, -0x6a, 0x5f, 0x7f, 0x54, 0x7c, -0x66, -0x1c, 0x49, 0x2b, -0x3c, 0x1c, 0x2e, 0x73, 0x1e, 0x7a, -0x4b, 0x7d, -0x43, -0x4d, 0x3, -0x7, -0x35, -0xd, 0x35, 0x4e, -0x48, 0x1, 0xb, -0x47, -0x27, -0x4f, -0x3, 0x13, 0x29, 0x7e, -0x2b, -0x7d, -0x1b, 0x22, 0x3f, 0x8, 0x48, -0x23, -0x29, -0x3f, 0x3c, -0x18, 0x66, 0x2f, -0x77, -0x67, -0x16, 0x2d, 0x3b, 0x40, -0x60, 0x31, 0x53, -0x6b, -0x78, -0x39, -0x46, 0x0, -0x26, -0x54, -0x28, 0x18, 0xe, 0x30, 0x1d, 0x2c, -0x24, -0x2f, 0x38, -0x5c, 0x26, 0x25, 0x4, -0x32, 0x67, 0xa, -0x59, 0x37, 0x71, -0x1a, 0x6e, 0x36, 0x24, -0x14, -0x4e, -0xc, -0x74, 0x46, -0x25, 0x5, -0x3e, -0x4c, -0x30, -0x40, 0x4f, 0x64, 0x28, 0x6, -0x3a, -0x5a, -0x13, -0x9, 0x27, 0x5d, -0x63, 0x15, 0x7, 0x1a, -0x2, 0x1b, -0x2d, 0x51, 0x3a, -0x7a, 0x4c, -0x42, 0x2, 0x5c, -0x2a, 0x62, -0x10, 0x9, 0x3d, 0x3e, -0xf, 0x63, -0x15, 0x1f, -0x38, 0x57, 0x11, -0x34, -0x45, -0x21, -0x3b, -0x55, 0x42, 0x4a, 0x12, -0x5d, -0x80, -0x57, -0x20, 0x2a, 0x20, -0x58, 0x6d, 0x60, 0xd, -0x6, 0x4b, -0x64, -0x31, 0x23, -0x61, 0x52, -0x6d, 0x7b], _0x41f114 = 0x0, _0x41ac2a = 0x0, _0xacc48e = 0x0, _0x243f1a = new Array(), _0x45a954 = 0x0; _0x45a954 < _0x2226a8['length']; _0x45a954++) {
     
        if (_0x3194('0x1e', 'J[#p') !== 'XsiVC') {
     
            return _0x2226a8[_0x3194('0x1f', '#1sg')]['token'];
        } else {
     
            _0x41f114 = _0x41f114 + 0x1 & 0xff,
            _0x41ac2a = (0xff & _0x56a369[_0x41f114]) + _0x41ac2a & 0xff;
            var _0x378032 = _0x56a369[_0x41f114];
            _0x56a369[_0x41f114] = _0x56a369[_0x41ac2a],
            _0x56a369[_0x41ac2a] = _0x378032,
            _0xacc48e = (0xff & _0x56a369[_0x41f114]) + (0xff & _0x56a369[_0x41ac2a]) & 0xff,
            _0x243f1a['push'](_0x2226a8[_0x45a954] ^ _0x56a369[_0xacc48e]);
        }
    }
    return _0x243f1a;
}

function _0xb08069(_0x2226a8) {
     
    for (var _0x56a369, _0x41f114, _0x41ac2a = '', _0xacc48e = 0x0; _0xacc48e < _0x2226a8['length']; )
        _0x56a369 = _0x2226a8[_0xacc48e],
        _0x41f114 = 0x0,
        _0x56a369 >>> 0x7 === 0x0 ? (_0x41ac2a += String['fromCharCode'](_0x2226a8[_0xacc48e]),
        _0xacc48e += 0x1) : 0xfc === (0xfc & _0x56a369) ? (_0x41f114 = (0x3 & _0x2226a8[_0xacc48e]) << 0x1e,
        _0x41f114 |= (0x3f & _0x2226a8[_0xacc48e + 0x1]) << 0x18,
        _0x41f114 |= (0x3f & _0x2226a8[_0xacc48e + 0x2]) << 0x12,
        _0x41f114 |= (0x3f & _0x2226a8[_0xacc48e + 0x3]) << 0xc,
        _0x41f114 |= (0x3f & _0x2226a8[_0xacc48e + 0x4]) << 0x6,
        _0x41f114 |= 0x3f & _0x2226a8[_0xacc48e + 0x5],
        _0x41ac2a += String['fromCharCode'](_0x41f114),
        _0xacc48e += 0x6) : 0xf8 === (0xf8 & _0x56a369) ? (_0x41f114 = (0x7 & _0x2226a8[_0xacc48e]) << 0x18,
        _0x41f114 |= (0x3f & _0x2226a8[_0xacc48e + 0x1]) << 0x12,
        _0x41f114 |= (0x3f & _0x2226a8[_0xacc48e + 0x2]) << 0xc,
        _0x41f114 |= (0x3f & _0x2226a8[_0xacc48e + 0x3]) << 0x6,
        _0x41f114 |= 0x3f & _0x2226a8[_0xacc48e + 0x4],
        _0x41ac2a += String['fromCharCode'](_0x41f114),
        _0xacc48e += 0x5) : 0xf0 === (0xf0 & _0x56a369) ? (_0x41f114 = (0xf & _0x2226a8[_0xacc48e]) << 0x12,
        _0x41f114 |= (0x3f & _0x2226a8[_0xacc48e + 0x1]) << 0xc,
        _0x41f114 |= (0x3f & _0x2226a8[_0xacc48e + 0x2]) << 0x6,
        _0x41f114 |= 0x3f & _0x2226a8[_0xacc48e + 0x3],
        _0x41ac2a += String['fromCharCode'](_0x41f114),
        _0xacc48e += 0x4) : 0xe0 === (0xe0 & _0x56a369) ? (_0x41f114 = (0x1f & _0x2226a8[_0xacc48e]) << 0xc,
        _0x41f114 |= (0x3f & _0x2226a8[_0xacc48e + 0x1]) << 0x6,
        _0x41f114 |= 0x3f & _0x2226a8[_0xacc48e + 0x2],
        _0x41ac2a += String['fromCharCode'](_0x41f114),
        _0xacc48e += 0x3) : 0xc0 === (0xc0 & _0x56a369) ? (_0x41f114 = (0x3f & _0x2226a8[_0xacc48e]) << 0x6,
        _0x41f114 |= 0x3f & _0x2226a8[_0xacc48e + 0x1],
        _0x41ac2a += String['fromCharCode'](_0x41f114),
        _0xacc48e += 0x2) : (_0x41ac2a += String['fromCharCode'](_0x2226a8[_0xacc48e]),
        _0xacc48e += 0x1);
    return _0x41ac2a;
}

var _0x2226a8='ak+9VCsq4dEdB+UdX/Go8kh5JDEbMHGTCmF/AyXJQ0IgGEGkVwivRFLreN7rhFPP2wTUOEnZPvocsF/fXLKmh9+1OCtMUf8Z/TwY0E9ufsuvmNKbG1j6Eh/bWp9BcjXF3RMhCk3P2kFG5fHTK8myMdL+FT/KupP3FVv7PwEE1rwdOiIiyTWi/+R3YxD5AnkRS+l/gAV6hZgJ0vuBLeLPQ4WPcc2oYGk5dO4FmTeWoRie+iq1IXGvQh3A62tSkvwDqjP8BwHRgZR+ibYi3qQH4yLIKCFj7UDw9WxFzatw9McEpoLERVV54ZxgiCrYfBcCNSU+TghsmM4/e+aleqXCYeGUQ3r3O2t4BB7yOeK9TNCoTqQZKw6BUOh2OH1qt+64POe7OpsOjMBlb9fMyhajmg22u3RHfC44AZAIXxfG7aIFx5oUSklErG8s11HJSLSJ4pUIamJKQyKVWXmrYwalKsFPvIL3QJlFbbINGYZIE1S5kmLBHFGbB8NFXbSuFJcxpE+B0yUnZ0iaF2FWjGdAXQX9LEnU2R7ICLXb8eEBJWVwp6AYL7z/7ofCgaIeCXWBtJNo1aA1pEMT6ugp/6IiUHDo/bE9MvejrIerM+pASVxMpTDS6RJKLDZB9dtuqy4sTzzrsUWLoId8Tk1clXPIfb9smSsuI0RTTQxd7NArNzAoIth98AXvtmsdW+lP+aF4oP1Nr5HNKPiJyi0tW5h2NKRn7LTd2gwPzqGOFHBq1UbGFjlrrqfjEtbiqc8FEBmngLrl2nD93pUfnbh1YxLM2MMm+CZidBnYinB7PXK7n7bUL6WRFc4mqN9Vvt0kfTQkXJa952eN+rxGhBlFNjTi9O6alt3dsTMbZWm6c6FbBE8kyuhTiTzwy58E3sylfNoR6CVBgxgSobos/9+hObsHRDEeoNB9O66NmIx+QhVQeayIWfo3vZ72a5xkCkUmONJmVYudQ5mxigQK7ijLKlje/W2oHtglEZWvKTnZ9lUmcalcMgJ5GfclmGZhjgD++8cEcSFgjEeLLYaYWt6SyqyximHhWSmsF1ACeUGIxcI9h2rjT66xnZBWmrZiOeC3UpB8Tg+8RpohA7TV74m6kgJCDuUgOoUrHymEeDrG6JFoM0OYxb+1HXMEqqER3zQH4RX62/ASkqTzJ8HAHuvYW6ZThRi7NYQCWUN7rCytnPOpPE2m6utcGfi4410KKDaZh/bcKVdEy1VE19OY6g4YNNwXhlCyiKx5WnFFomEbi2UG42iZRvL8Z5kL6QoNh31dRrVMYfOTOG3KS8uW6/3DySI8Zk3qVapLJ4Aa2nj11milyWRLZYb+VnpVejD5SVM9+gP9tQ/p7xy4GJepJhOtwetMhxVybOJ5Qj8ZeF0YeBHQehiD8/EwNOp4SZ9svT7yjS0XGIO4TV6if/cgUIHxBmCjH4gWDXorpxxGlpZ3S20IV0QJSHrvGPvaLGe9YIWWKA4Mgx1mB1fCHfB8BJGu9bwE0Ehtca5tFzRKNZ6qWcZnZqxOBVzTYsUFUwVDMtR4Dc5CQljGJyeyQydHON2TTIka0iOtfi0fUdwegYo97gFJGbUULzSJvpwPutvpLXV8iP2D0mhT+7YlXglLbePFPoIChxH09v5TPe6LfwDwv9fpOlbo56zAp9dyHRWQmgGpcRuGOUVaSCWP08MXyj6XbSLA7rlIPcgtlXuxF9oJPnk25U2WSnHkxW475SuxjhXnr85c8/afZvXo+aogwxK/AePBBs3t4SN1bFwXmL1pEQ8SUqjc1QdgRvhgsGAKy73cJYQz3AoptmiauEmA5N9fYIzL1T6yqts4ftCgsuQl4Nk4qzEmdA451bKqpEohciYUmz1X+6MQen/QlfRQUM1Fi3f0h8LDPOk2KR/ZXbMCQmRLG+C7KEYN+efn1xM9uJdCGSizXo1FEomyvuBhqzfgzj8KE8mGrdfqm7KfrQ6Ya1P8s7tlHHi/RUYVYRSvm55fNdGCbRWE/ADY7yK91WpCxxuOn6rsYoeGeOklbvz+Of4RGuP/BLshE4MRWhroAOV9KyUT1g8kCrHneCh073GPwr1o3uEMaXqvGbu9qgTXj+AAZwE=';
console.log(_0xb08069(_0x243f1a(_0x333786(_0x2226a8))))

你可能感兴趣的:(javascript,python,爬虫)