JS逆向-搜狗词库加密

今天分析的网站是:https://pinyin.sogou.com/dict/

加密的接口是这个: https://pinyin.sogou.com/dict/search/search_list/%CD%F5%D5%DF%C8%D9%D2%AB/normal，起初我还以为后面的那一大串是parse.quote()模块生成的，因为确实有点像，后来果然还是我想简单了。

分析一下，全局搜索 search/search_lis 这个接口的后缀，一下子就定位到了。

加密代码如下：

window.location.href = "/dict/search/search_list/"+URLEncode(word)+'/normal';

也就是说我们只需要看看URLEncode()这个方法是咋写的就行。

紧接着在第11行打个断点进去看看，紧接着来到这里。

打印str参数看看，就是我们刚才输入的关键词：王者荣耀。

好了加密已经定位到，我们只管抠js里面计算的逻辑不用关心。

js代码如下：
（ps:不能直接使用，代码太多了放不下。）

var qswhU2GB=["D2BB","B6A1","8140","C6DF","8141","8142","8143","CDF2","D5C9","C8FD","C9CF","CFC2","D8A2","B2BB","D3EB","8144","D8A4","B3F3","8145","D7A8","C7D2","D8A7","CAC0","8146","C7F0","B1FB","D2B5","B4D4","B6AB","CBBF","D8A9","8147","8148","8149","B6AD8B","FD8C","FD8D","FD8E","FD8F","FD90","FD91","FD92","FD93","C1FA","B9A8","EDE8","FD94","FD95","FD96","B9EA","D9DF","FD97","FD98","FD99","FD9A","FD9B"];
function URLEncode(str){
    var i,c,ret="",strSpecial="!\"#$%&'()*+,/:;<=>?@[\]^`{|}~%";
    for(i=0;i<str.length;i++){
        try{
            if(str.charCodeAt(i)>=0x4e00){
                c=qswhU2GB[str.charCodeAt(i)-0x4e00];
                ret+="%"+c.slice(0,2)+"%"+c.slice(-2);
            }
            else{
                c=str.charAt(i);
                if(c==" ")
                    ret+="+";
                else if(strSpecial.indexOf(c)!=-1)
                    ret+="%"+str.charCodeAt(i).toString(16);
                else
                    ret+=c;
            }
        }catch(a){}
    }
    if(ret.indexOf("—") >=0 )ret = ret.replace(/—/g,"%A1%AA");
    if(ret.indexOf("【") >=0 )ret = ret.replace(/【/g,"%A1%BE");
    if(ret.indexOf("】") >=0 )ret = ret.replace(/】/g,"%A1%BF");
    return ret;
}
var encrypt_text = URLEncode("王者荣耀")
console.log("打印下加密数据：", encrypt_text)

看看运行出来的加密和实际搜索的返回一模一样。

完事手工下一个。