本文主要是介绍京东h5st逆向 python代码算法还原逆向分析 h5st代码,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
废话不多说直接开干!
知识点 node python
上才艺
京东抓包遇到h5st算法
# coding=utf-8
import json
import math
import random
import time
from tkinter import filedialog, messagebox, ttk
import urllibfrom urllib.parse import quote, unquote
from urllib import parse
import pymysql
import requests
import xlrd
from tkinter.ttk import Label
from tkinter import *
import urllib3
import xlwt
from xlwt import Workbook
import threading
import tkinter as tk
from tkinter import *
from tkinter.ttk import * # 为了让按钮更加美观,所以使用tkinter.ttk
from tkinter.simpledialog import * # 输入邮箱账号需要用到
from tkinter.messagebox import *
import smtplib
# 发送字符串的邮件
from email.mime.text import MIMEText
# 处理多种形态的邮件主体我们需要 MIMEMultipart 类
from email.mime.multipart import MIMEMultipart
# 处理图片需要 MIMEImage 类
from email.mime.image import MIMEImage
import random # 随机生成激活码import os
import datetime
# 获取WMI接口urllib3.disable_warnings()def logic():sku = 100064564679cookie ='shshshfpa=4b770525-82d6-9dc2-191f-49213e2808af-1693276292; shshshfpx=4b770525-82d6-9dc2-191f-49213e2808af-1693276292; pinId=LxgJESmodokf_AhbrnKClw; pin=jinshiyuan1123; unick=jinshiyuan1123; _tp=qTmSS0pjZ%2BpSltacjzri4w%3D%3D; _pst=jinshiyuan1123; __jdv=76161171|direct|-|none|-|1697592319693; mba_muid=16934744924511616091388; user-key=11a484e2-f35f-4a4f-9827-c95f59dd47eb; __jdu=16983895067841432816868; TrackID=1HFZlWtgARPlbI1mTVFpwZ3u_SB09-1Q_bI6WyUS8IpkISJ6MmmNv6LbsWxET-X7MWNjLiNaACNKV-1Vht0fWcs89QNcw4qXk4Rqhs0xYx08; thor=EEFDDDF33A2E1B1574F38D3AEF89005246E4DF7F7341012C233F05A1CE1050707F2B2C7784309754BA0DF8532A4DF03135775FD5699D900B1443BD2FB2076E4CE284DDE4DF56071F679BE3AC90F368F539C29EBBA1F6CAEB5149648AA360E7948AB67D04395B9891D618EC1E696E8BC2635F84B0B83609EB90421520EB98293C7DF602769976770087AF3D1CBA2510AB; flash=2_7fZdpf_i3XDxiQCGotfuowSRGt_716ZFdTPZqfOjcmExH9AiqitrXU-JV6KP5hIbOio7x8_X8iS7NHJGVpeQRnyZjGY7IVA643W1OyW4DRq*; areaId=12; ipLoc-djd=12-904-907-50559; joyya=1698717531.1698727780.24.0oyeyhv; 3AB9D23F7A4B3C9B=7XKWKVW52FZTKEZTBRHLN5KSUEOMU4POIZAQBRA6ZODCWLPXFZ3VTUJEEWD6VNMV5C6RX3F4J4JIIGCLO65JD33MS4; 3AB9D23F7A4B3CSS=jdd037XKWKVW52FZTKEZTBRHLN5KSUEOMU4POIZAQBRA6ZODCWLPXFZ3VTUJEEWD6VNMV5C6RX3F4J4JIIGCLO65JD33MS4AAAAMLRDXCJ6YAAAAAD7HKTBXNJK6MCMX; __jda=122270672.16983895067841432816868.1698389507.1698735389.1698809391.6; __jdc=122270672; shshshfpb=AAjAp7oiLEncFJYLWncIZH0khPigIrxaTJ2KSSQAAAAA'# body ={"skuId":'{}'.format(sku),"cat":"670,686,694","area":"12_904_907_50559","shopId":"1000000193","venderId":1000000193,"paramJson":"{\"platform2\":\"100000000001\",\"specialAttrStr\":\"p0ppp1ppppppp1p1ppp1pppppppppp\",\"skuMarkStr\":\"00\"}","num":1,"bbTraffic":""}body = {'skuId': '{}'.format(sku), 'cat': '670,686,694', 'area': '12_904_907_50559', 'shopId': '1000000193','venderId': 1000000193,'paramJson': '{"platform2":"100000000001","specialAttrStr":"p0ppp1ppppppp1p1ppp1pppppppppp","skuMarkStr":"00"}','num': 1, 'bbTraffic': ''}body = str(body)body = urllib.parse.quote(body)print(body)# arr = []url = f'http://api.m.jd.com/?appid=pc-item-soa&functionId=pc_detailpage_wareBusiness&client=pc&clientVersion=1.0.0&t=1698750510309&body={body}&h5st=20231031190830356%3Bi6m6tn59gzim6id4%3Bfb5df%3Btk03w7a7f1b7f18n8a22ELMyzM0mwOM-PwhM63p7VR8R1fnZ_heth5R0NWngch5F1PA3t8gNeNnYDPPLyXNvB0gioGhe%3Ba04c942331d89ec5716f4426106ada2d%3B4.1%3B1698750510356%3Bee3cf7f6b94dc20e9265d83066bb9ceece4bb89e2b7e8bf5afb1bfd928788174bfa06c210ddd4437d8a2e234330c3a3980b96c3953b1ab788029ae792b39e113fdb0afe561ae12a73f3af9b8a64728f57c630d34f84ca87accc9a23f00b0184bd98829b8be46bd20b9e731ced214f78760d3b8ca56d6109ac4d4ecd6978787def74cdfbd40842c3cc5bdbb0080705528e358fc8607e931c023ddcf687b0c8e22be28e589ea6fdf726a7b00bce26101fea466541de03f731e24eebb4a913a6b50db014840a7a4f2c58ed091816e030cec3502d2fa30190a346ee5d64f65b4b5e83139a1fefc5e77bd99c2db61685d6dc651257be1e39cf8831fb7ac74816b6ac8d9e5830318daa925cb5d37dece35a3c932de7bb820ef044e65bf57eda47f600e218ab3f26faa55011219797d2c637f1a&x-api-eid-token=jdd03WLRBUSCQ54JFTSTWBWXLTWRCF5VI2SDVQQU5FBSYI6HL7RDY7WWNH5WNDDQK7XUEDI25TMLP623GF3ITSQRVSDB4C4AAAAMLQVVW7WIAAAAADKIC3UH3MNPZCMX&loginType=3&uuid=122270672.1697946179154327479288.1697946179.1697946179.1698750210.2'print(url)# headers = {# # 'Accept':'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9',# 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36',## 'cookie': cookie,# 'Content-Type': "application/json",# 'Origin': 'https://item.jd.com',# 'X-Referer-Page': f"https://item.jd.com/{sku}.html",## }headers = {"Authority": "api.m.jd.com","Accept": "application / json, text / javascript, * / *; q = 0.01","Accept - Encoding": "gzip, deflate, br","Accept - Language": "zh - CN, zh;q = 0.9","Cookie": cookie,"Origin": "https://item.jd.com","Referer": "https://item.jd.com/","Sec-Ch-Ua": "\"Not.A/Brand\";v=\"8\", \"Chromium\";v=\"114\", \"Google Chrome\";v=\"114\"","Sec-Ch-Ua-Mobile": "?0","Sec-Ch-Ua-Platform": "\"Windows\"","Sec-Fetch-Dest": "empty","Sec-Fetch-Mode": "cors","Sec-Fetch-Site": "same-site","User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36","X-Referer-Page": f"https://item.jd.com/{sku}.html","X-Rp-Client": "h5_1.0.0"}print(headers)req = requests.get(url, headers=headers, timeout=2)print(req.text)da = re.findall('"promise":".*预(.*?)<b>.*",', req.text)print(da)try:if da[0] == '计':print('succ')except Exception:print('fail')pass
logic()
参数分析 做爬虫最重要的事就是抓包,抓到想要的包之后发现某东新增了两个参数。
经过测试发现x-api-eid-token不是非必须校验参数,有兴趣得小伙伴可以自行分析。
接着看目标参数,可以看见该参数组成部分非常得多,肉眼可见的有时间戳得格式化日期和时间戳,其他的暂时不知。
全局搜索h5st发现意义不大,在这里主要采用xhr断点。
我这里选择的是getDataColor处打下断点,重新刷新页面后断点就断下了。
此时发现h5st已经生成了,向上跟栈查看哪里调用了该函数。
向上追了一层调用栈后发现此处出现了目标参数,依旧是打下断点进行分析。
跳到断点处,首先是将n进行json进行序列化和反序列化以便后续操作,然后进行sha256处理,看到then就知道是一个异步处理。
如果猜的不错的话,加密逻辑应该是放在了这个异步中,完成加密后赋值给n对象,此时就完成了参数的组装。
分析完成后分别看一下n、a.body是什么。
n是请求参数的一部分,body是哈希后的值,在后面生成h5st需要用到。
扣代码
分析完成后,就是扣代码了。对于异步的逻辑在跟值得时候经常后跟丢,在这里讲一个小技巧,遇到异步标识时使用F9去步入,这样可以有效的进入每一层,能够少走很多冤枉路。单步进入发现在此处强行更改了this的指向,此处比较可疑。在这里插入图片描述
再观察一下arguments的值。
可以看到出现了加密后的body值,在这里就要打起十二分的精神了。此处绝对有问题!
this中的__genKey函数追进去,发现是一个字符串的拼接然后进行sha256的加密处理(此时的算法可能会有不同),通过函数名称可以得知生成了一个key,至于有什么用,暂时不得而知。
在这里插入图片描述 其中tk、fp、ts、ai、algo这五个值的由来分别是:接口处返回、浏览器指纹、格式化的时间戳、appid、加密库。
tk和fp可以写死,ts可以通过python处理。
继续跟栈,知道出现下图。
也就是h5st中的关键参数。
实际上核心逻辑在这里,还原后的结果如下:
s = rr['HmacSHA256'](a, n).toString();
a是之前的对象做了处理,body已经知道是sha256后结果,中间一串固定,最后是一个当前时间戳。 n就是之前__genKey的结果。
其实在这里要进行加密处理的是a,盐是n。
那么现在就清晰了,借用一下大佬的文章,里面说的很清楚。
效果图
最后上h5st代码 自行研究
const CryptoJS = require("crypto-js");
const axios = require("axios");
const ADLER32 = require("adler-32");class h5st {constructor(cookieStr, userAgent, config, url) {this.cookieStr = cookieStr;this.userAgent = userAgent;if (url) {try {this.url = url;this.origin = new URL(url).origin;} catch(e) {console.log('url传递错误')}}this.map = new Map();this.settings = {debug: !1,preRequest: !1,timeout: 2,};var Q_ = {DYNAMIC_TOKEN: "WQ_dy_tk_s_file",DYNAMIC_ALGORITHM: "WQ_dy_algo_s_file",VK: "WQ_vk1_file",FLAG: "WQ_f_v_file",};this.gb = { UNSIGNABLE_PARAMS: 1, APPID_ABSENT: 2, TOKEN_EMPTY: 3, GENERATE_SIGNATURE_FAILED: 4, UNHANDLED_ERROR: -1 };this._storagetokenKey = Q_.DYNAMIC_TOKEN;this._storageAlgnKey = Q_.DYNAMIC_ALGORITHM;this._storageFormatVersionKey = Q_.FLAG;this._version = "4.2";this._storageFpKey = Q_.VK;this._token = "";this._defaultToken = "";this._isNormal = !1;this._appId = "";this._defaultAlgorithm = {local_key_1: CryptoJS.MD5,local_key_2: CryptoJS.SHA256,local_key_3: CryptoJS.HmacSHA256,};this.algos = {MD5: CryptoJS.MD5,SHA256: CryptoJS.SHA256,SHA512: CryptoJS.SHA512,HmacSHA256: CryptoJS.HmacSHA256,HmacSHA512: CryptoJS.HmacSHA512,HmacMD5: CryptoJS.HmacMD5,};this._formatVersion = 4.2;this._fingerprint = "";config = Object.assign({}, this.settings, config);this.__iniConfig(config);}S_(t) {function w_(t, r) {r = r || 0;for (var n = t.length - r, e = new Array(n); n--; ) e[n] = t[n + r];return e;}if (t) {var n = "[sign] ",o = new Array(arguments.length > 1 ? arguments.length - 1 : 0),i = 1;for (var i = 1; i < arguments.length; i++) {o[i - 1] = arguments[i];}var a = w_(o);console.log([n].concat(a));}}x_(params) {// console.log(JSON.stringify(params));}async __iniConfig(t) {var i = t.appId,a = t.preRequest,u = t.debug,c = t.timeout,f = t.onSign,s = t.onRequestToken,v = t.onRequestTokenRemotely;(!("string" == typeof t.appId) || !t.appId) && console.error("settings.appId must be a non-empty string");this._appId = i || "";if (this._appId) {this._storagetokenKey = "".concat(this._storagetokenKey, "_").concat(this._appId);this._storageAlgnKey = "".concat(this._storageAlgnKey, "_").concat(this._appId);this._storageFormatVersionKey = "".concat(this._storageFormatVersionKey, "_").concat(this._appId);this._storageFpKey = "".concat(this._storageFpKey, "_").concat(this._appId);}this._timeout = Number(c);this._debug = Boolean(u);this._onSign = "function" == typeof f ? f : this.x_;this._onRequestToken = "function" == typeof s ? s : this.x_;this._onRequestTokenRemotely = "function" == typeof v ? v : this.x_;this.S_(this._debug, "create instance with appId=".concat(this._appId));this.S_(this._debug, "create instance with timeout=".concat(this._timeout));if (a) await this.__requestDeps();}__genDefaultKey(t, r, n, e) {function C_(t) {return (t + "===".slice((t.length + 3) % 4)).replace(/-/g, "+").replace(/_/g, "/");}var z = this,D = "",B = "9>5*t5";var L = "".concat(t).concat(r).concat(n).concat(e).concat(B),M = CryptoJS.enc.Utf8.stringify(CryptoJS.enc.Base64.parse(C_(this.__parseToken(t, 16, 28))));var E = M.match(/^[123]([x+][123])+/);if (E) {var k = E[0].split(""),T = this._defaultAlgorithm,P = "";k.forEach(function (r) {var e = ["+", "x"];if (isNaN(r)) e.indexOf(r) >= 0 && (P = r);else {var u = "".concat("local_key_").concat(r);if (T[u])switch (P) {case "+":D = "".concat(D).concat(z.__algorithm(u, L, t));break;case "x":D = z.__algorithm(u, D, t);break;default:D = z.__algorithm(u, L, t);}}});}this.S_(this._debug, "__genDefaultKey input=" + L + ",express=" + M + ",key=" + D);return D;}__algorithm(t, r, n) {var o = this._defaultAlgorithm[t];return t === "local_key_3" ? o(r, n).toString(CryptoJS.enc.Hex) : o(r).toString(CryptoJS.enc.Hex);}__parseToken(t, r, n) {return t ? t.slice(r, n) : "";}__parseAlgorithm(t, r) {if (t && r) {this._token = t || "";this.__genKey = (r && new Function("return ".concat(r))()) || null;var a = this._token && this.__genKey;this._isNormal = a;return a;}return !1;}__genSignParams(t, r, n, e) {return ["".concat(n),"".concat(this._fingerprint),"".concat(this._appId),"".concat(this._isNormal ? this._token : this._defaultToken),"".concat(t),"".concat(this._version),"".concat(r),"".concat(e),].join(";");}__genSign(t, r) {var l = r.map(function (t) {return t.key + ":" + t.value;}).join("&");var h = CryptoJS.SHA256(t + l + t).toString(CryptoJS.enc.Hex);this.S_(this._debug, "__genSign, paramsStr:".concat(l, ", signedStr:").concat(h));return h;}async __requestDeps() {function Xb() {var U = "6d0jhqw3pa";var nt = Vb(U, 4);var rt = Jb();var Q = tw(U, nt);var tt =Qb({ size: rt, num: Q }) +nt +Qb({size: 11 - rt,num: Q,}) +rt;var Z = tt.split("");var X = Z.slice(0, 14);var J = Z.slice(14);var V = [];for (; X.length > 0; ) V.push((35 - parseInt(X.pop(), 36)).toString(36));V = V.concat(J);var Y = V.join("");return Y;}function Vb(t, r) {var b,C = [],A = t.length,S = (function (t, r) {var lt;if (typeof Ld === "undefined" || t[Symbol.iterator] == null) {if (Array.isArray(t) || (lt = Yb(t)) || (r && t && typeof t.length === "number")) {lt && (t = lt);var dt = 0;return {s: function () {},n: function () {if (dt >= t.length) {return {done: !0,};}return {done: !1,value: t[dt++],};},e: function (t) {throw t;},f: function () {},};}throw new TypeError("Invalid attempt to iterate non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.");}var st,vt = !0,ht = !1;return {s: function () {lt = t[Symbol.iterator]();},n: function () {var r = lt.next();return (vt = r.done), r;},e: function (t) {(ht = !0), (st = t);},f: function () {try {!vt && lt.return != null && lt.return();} finally {if (ht) throw st;}},};})(t);try {for (S.s(); !(b = S.n()).done; ) {var z = b.value;if (Math.random() * A < r && (C.push(z), --r == 0)) break;A--;}} catch (t) {S.e(t);} finally {S.f();}for (var D = "", B = 0; B < C.length; B++) {var j = (Math.random() * (C.length - B)) | 0;(D += C[j]), (C[j] = C[C.length - B - 1]);}return D;}function Yb(t, r) {if (!t) return;if (typeof t === "string") return Ub(t, r);var D = t.slice(8, -1);D === "Object" && t.constructor && (D = t.constructor.name);if (D === "Map" || D === "Set") return Array.from(t);if ("Arguments" === D || /^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/["test"](D)) return Ub(t, r);}function Ub(t, r) {(r == null || r > t.length) && (r = t.length);for (var h = 0, l = new Array(r); h < r; h++) l[h] = t[h];return l;}function Jb() {return (Math.random() * 10) | 0;}function tw(t, r) {for (var d = 0; d < r.length; d++) {var x = t.indexOf(r[d]);x !== -1 && (t = t.replace(r[d], ""));}return t;}function Qb(t) {var _ = t.size,g = t.num;for (var y = ""; _--; ) y += g[(Math.random() * g.length) | 0];return y;}var storageFormatVersion = this.getSync(this._storageFormatVersionKey);this.S_(this._debug, "__requestDeps, storageFormatVersion:" + storageFormatVersion + ", _formatVersion:" + this._formatVersion);if (!storageFormatVersion || storageFormatVersion !== this._formatVersion) {this.removeSync(this._storageFpKey);this.removeSync(this._storagetokenKey);this.removeSync(this._storageAlgnKey);this.setSync(this._storageFormatVersionKey, this._formatVersion, { expire: 365 * (3600 * 24) });}this._fingerprint = this.getSync(this._storageFpKey);if (this._fingerprint) {this.S_(this._debug, "__requestDeps use cache fp, fp:" + this._fingerprint);} else {this._fingerprint = Xb();this.setSync(this._storageFpKey, this._fingerprint, { expire: 3600 * 24 * 365 });this.S_(this._debug, "__requestDeps use new fp, fp:" + this._fingerprint);}var token = CryptoJS.enc.Utf8.stringify(CryptoJS.enc.Base64.parse(this.getSync(this._storagetokenKey) || ""));var algorithm = CryptoJS.enc.Utf8.stringify(CryptoJS.enc.Base64.parse(this.getSync(this._storageAlgnKey) || ""));if (this.__parseAlgorithm(token, algorithm)) {var response = {code: 0,message: "use normalToken",};this._onRequestToken(response);this.S_(this._debug, "__requestDeps, use cache token, token:" + this._token);return;}var response = {code: 1,message: "use defaultToken",};this._onRequestToken(response);this.S_(this._debug, "__requestDeps, start __requestAlgorithm, fp:" + this._fingerprint);try {await this.__requestAlgorithm();} catch (error) {this.S_(this._debug, "__requestDeps request token failed, error: " + error);}this.S_(this._debug, "__requestDeps, end __requestAlgorithm, fp:".concat(this._fingerprint));}async __requestAlgorithm() {var Dt = this.Cw(0);Dt.ai = this._appId;Dt.fp = this._fingerprint;var Bt = JSON.stringify(Dt, null, 2);this.S_(this._debug, "__requestAlgorithm envCollect=".concat(Bt));var jt = CryptoJS.AES.encrypt(Bt, CryptoJS.enc.Utf8.parse("wm0!@w-s#ll1flo("), {iv: CryptoJS.enc.Utf8.parse("0102030405060708"),});var fr = {fingerprint: this._fingerprint,appId: this._appId,version: this._version,timeout: this._timeout,env: jt.ciphertext.toString(),debug: this._debug,};var result = await this.im(fr, this._onRequestTokenRemotely);var h = result.algo,l = result.token,p = result.fp;var v = this.__parseAlgorithm(l, h);if (!v) return;var d = this.getSync(this._storageFpKey, 1);if (!p || (d && p === d)) {var w = this.__parseToken(l, 13, 15);var A = parseInt(w, 16);var C = 60 * A * 60;this.setSync(this._storagetokenKey, CryptoJS.enc.Base64.stringify(CryptoJS.enc.Utf8.parse(l)), { expire: C });this.setSync(this._storageAlgnKey, CryptoJS.enc.Base64.stringify(CryptoJS.enc.Utf8.parse(h)), { expire: C });this.S_(this._debug, "__requestAlgorithm request success!, token:".concat(l));} else {this.S_(this._debug, "__requestAlgorithm request success!, but not save token:".concat(l, ", storageFp:").concat(d, ", fp:").concat(p));}return;}async im(t, r) {try {var { data, status } = await axios({url: "https://cactus.jd.com/request_algo",method: "post",data: {version: t.version,fp: t.fingerprint,appId: t.appId,timestamp: Date.now(),platform: "web",expandParams: t.env,fv: "h5_npm_v4.2.0",},headers: {"Content-Type": "application/json;charset=utf-8",Origin: "https://cactus.jd.com",Host: "cactus.jd.com",accept: "*/*","User-Agent": this.userAgent,},});var a = {code: status,message: "",};r && r(a);if (status == 200 && data && data.data && data.data.result) {var f = data.data.result,s = f.algo,v = f.tk,h = f.fp;if (s && v) {var l = {algo: s,token: v,fp: h,};return l;} else {console.log("data.result format error.");}} else {console.log("request params error.");}} catch (e) {var b = e.code,w = e.message;r &&r({code: b,message: w,});console.log("request error, ".concat(b, ", ").concat(w));}return {};}__checkParams(t) {function jm(t) {return "[object Object]" === Object.prototype.toString.call(t);}function Lm(t) {return !!jm(t) && !Object.keys(t).length;}function b_(t) {var _m = ["h5st", "_stk", "_ste"];for (var r = Object.keys(t), n = 0; n < r.length; n++) {var e = r[n];if (_m.indexOf(e) >= 0) {return !0;}}return !1;}var b = null;if (!this._appId) {b = {code: this.gb.APPID_ABSENT,message: "appId is required",};}if (!jm(t)) {b = {code: this.gb.UNSIGNABLE_PARAMS,message: "params is not a plain object",};}if (Lm(t)) {b = {code: this.gb.UNSIGNABLE_PARAMS,message: "params is empty",};}if (b_(t)) {b = {code: this.gb.UNSIGNABLE_PARAMS,message: "params contains reserved param name.",};}if (b) return this._onSign(b), null;var g = Object.keys(t).sort().map(function (r) {return {key: r,value: t[r],};}).filter(function (t) {let type = typeof t.value;return ("number" == type && !isNaN(t.value)) || "string" == type || "boolean" == type;});if (g.length === 0) {var _ = {code: this.gb.UNSIGNABLE_PARAMS,message: 'params is empty after excluding "unsafe" params',};this._onSign(_);return null;}return g;}__makeSign(t, r) {function xb() {var t = arguments.length > 0 && void 0 !== arguments[0] ? arguments[0] : Date.now(),e = arguments.length > 1 && void 0 !== arguments[1] ? arguments[1] : "yyyy-MM-dd",n = new Date(t),r = e,o = {"M+": n.getMonth() + 1,"d+": n.getDate(),"D+": n.getDate(),"h+": n.getHours(),"H+": n.getHours(),"m+": n.getMinutes(),"s+": n.getSeconds(),"w+": n.getDay(),"q+": Math.floor((n.getMonth() + 3) / 3),"S+": n.getMilliseconds(),};return (/(y+)/i.test(r) && (r = r.replace(RegExp.$1, "".concat(n.getFullYear()).substr(4 - RegExp.$1.length))),Object.keys(o).forEach(function (t) {if (new RegExp("(".concat(t, ")")).test(r)) {var e = "S+" === t ? "000" : "00";r = r.replace(RegExp.$1, 1 == RegExp.$1.length ? o[t] : "".concat(e).concat(o[t]).substr("".concat(o[t]).length));}}),r);}function uw(t) {var ht = {magic: "tk",version: "02",platform: "w",expires: "41",producer: "l",expr: gw(),cipher: fw(t),};ht.adler32 = cw(ht.magic + ht.version + ht.platform + ht.expires + ht.producer + ht.expr + ht.cipher);return ht.magic + ht.version + ht.platform + ht.adler32 + ht.expires + ht.producer + ht.expr + ht.cipher;}function gw() {var G = {size: 32,dictType: "max",customDict: null,};var N = d_(G);var R = ["1", "2", "3"];var Y = ["+", "x"];var F = 2 + Math.floor(Math.random() * 4);var K = "";for (var W = 0; W < F; W++) (K += R[Math.floor(3 * Math.random())]), W < F - 1 && (K += Y[Math.floor(2 * Math.random())]);K.length < 9 && (K += N.substr(0, 9 - K.length));var H = CryptoJS.enc.Utf8.parse(K);var q = CryptoJS.enc.Base64.stringify(H);return A_(q);}function d_() {var t,r = arguments.length > 0 && void 0 !== arguments[0] ? arguments[0] : {},n = r.size,e = void 0 === n ? 10 : n,o = r.dictType,i = void 0 === o ? "number" : o,a = r.customDict,u = "";if (a && "string" == typeof a) t = a;elseswitch (i) {case "alphabet":t = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";break;case "max":t = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_-";break;case "number":default:t = "0123456789";}for (; e--; ) u += t[(Math.random() * t.length) | 0];return u;}function A_(t) {return t.replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");}function fw(t) {d_({size: 32,dictType: "max",customDict: null,});var J = "";var Z = Date.now();var V = "z7";var $ = "qem7+)g%Dhw5";var Q = sw(t, Z, V, $);J += lw(Q);J += lw(V);J += lw($);J += xw(Z);J += lw(t);var X = CryptoJS.enc.Hex.parse(J);var tt = CryptoJS.AES.encrypt(X, CryptoJS.enc.Utf8.parse("x6e@RoHi$Fgy7!5k"), { iv: CryptoJS.enc.Utf8.parse("0102030405060708") });return A_(CryptoJS.enc.Base64.stringify(tt.ciphertext));}function sw(t, r, n, e) {var nt = new Uint8Array(16);nt.forEach(function (r, n, e) {e[n] = t.charCodeAt(n);});var et = pw(r),ot = new Uint8Array(2);ot.forEach(function (t, r, e) {e[r] = n.charCodeAt(r);});var at = new Uint8Array(12);at.forEach(function (t, r, n) {n[r] = e.charCodeAt(r);});var ut = new Uint8Array(38);ut.set(ot), ut.set(at, 2), ut.set(et, 14), ut.set(nt, 22);var ct = adler32.buf(ut);var st = "00000000" + (ct = ct >>> 0).toString(16);return st["substr"](st.length - 8);}function pw(t) {var C = (function () {var n = new ArrayBuffer(2);return new DataView(n).setInt16(0, 256, !0), new Int16Array(n)[0] === 256;})(),A = Math.floor(t / Math.pow(2, 32)),S = t % Math.pow(2, 32),z = new ArrayBuffer(8),D = new DataView(z);return C ? (D.setUint32(0, S, C), D.setUint32(4, A, C)) : (D.setUint32(0, A, C), D.setUint32(4, S, C)), new Uint8Array(z);}function xw(t) {return vw(pw(t));}function lw(t) {var h = new Uint8Array(t.length);h.forEach(function (r, n, e) {e[n] = t.charCodeAt(n);});return vw(h);}function vw(t) {return t.map(function (t) {return "00" + (t & 255).toString(16).slice(-2);}).join("");}function cw(t) {var h = ADLER32.str(t);h >>>= 0;var y = "00000000" + h.toString(16);return y["substr"](y.length - 8);}var f = "";var b = Date.now();var s = xb(b, "yyyyMMddhhmmssSSS");var v = s + "74";if (this._isNormal) {f = this.__genKey(this._token, this._fingerprint, v, this._appId, this.algos).toString() || "";} else {this._defaultToken = uw(this._fingerprint);f = this.__genDefaultKey(this._defaultToken, this._fingerprint, v, this._appId);}var h = {};if (f) {var l = this.__genSign(f, t);var p = t.map(function (t) {return t.key;}).join(",");var d = this.__genSignParams(l, b, s, r);var x = {key: f,signStr: l,_stk: p,_ste: 1,h5st: d,};this.S_(this._debug, "__makeSign, result:" + JSON.stringify(x, null, 2));var h = {_stk: p,_ste: 1,h5st: d,};var g = {code: 0,message: "success",};this._onSign(g);return h;}if (this._token || this._defaultToken) {var _ = {code: this.gb.GENERATE_SIGNATURE_FAILED,message: "generate key failed",};this._onSign(_);} else {var m = {code: this.gb.TOKEN_EMPTY,message: "token is empty",};this._onSign(m);}}__collect() {var T = this.Cw(1);T.fp = this._fingerprint;var P = JSON.stringify(T, null, 2);this.S_(this._debug, "__collect envCollect=".concat(P));var I = CryptoJS.AES.encrypt(P, CryptoJS.enc.Utf8.parse("DNiHi703B0&17hh1"), {iv: CryptoJS.enc.Utf8.parse("0102030405060708"),});return I.ciphertext.toString();}async sign(t) {try {var e = Date.now();var o = this.__checkParams(t);if (o == null) {return t;}await this.__requestDeps();var collectedData = this.__collect();var a = this.__makeSign(o, collectedData);this.S_(this._debug, "sign elapsed time!".concat(Date.now() - e, "ms"));return Object.assign({}, t, a);} catch (e) {var J = {code: this.gb.UNHANDLED_ERROR,message: "unknown error",};this._onSign(J);return t;}}getSync(e) {return this.map.get(e);}removeSync(e) {this.map.delete(e);}setSync(k, v) {this.map.set(k, v);}Cw(o) {var temp = this;function mw(t) {if (temp.cookieStr) {var r = new RegExp("(^| )" + t + "(?:=([^;]*))?(;|$)"),n = temp.cookieStr.match(r);if (!n || !n[2]) return "";var e = n[2];try {return /(%[0-9A-F]{2}){2,}/.test(e) ? decodeURIComponent(e) : unescape(e);} catch (t) {return unescape(e);}}}function d_() {var t,r = arguments.length > 0 && void 0 !== arguments[0] ? arguments[0] : {},n = r.size,e = void 0 === n ? 10 : n,o = r.dictType,i = void 0 === o ? "number" : o,a = r.customDict,u = "";if (a && "string" == typeof a) t = a;elseswitch (i) {case "alphabet":t = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";break;case "max":t = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_-";break;case "number":default:t = "0123456789";}for (; e--; ) u += t[(Math.random() * t.length) | 0];return u;}var ft = ["pp", "sua", "random", "referer", "v", "extend"];var ct = {};var st = function (key, func) {try {if ((o === 1 && ft.includes(key)) || o === 0) {ct[key] = func();}} catch (e) {console.log(e);}};st("wc", function (t) {// return /Chrome/.test(window.navigator.userAgent) && !window.chrome ? 1 : 0;return 0;});st("wd", function (t) {// return navigator.webdriver ? 1 : 0;return 0;});st("l", function (t) {// return navigator.language;return "zh-CN";});st("ls", function (t) {// return navigator.languages.join(",");return "zh-CN,zh";});st("ml", function (t) {// return navigator.mimeTypes.length;return 0;});st("pl", function (t) {// return navigator.plugins.length;return 0;});st("av", function (t) {// return navigator.appVersion;let av = temp.userAgent.match(/(?<=\/)[0-9]\.0[^'"\n]+/g);return av.length > 0 ? av[0] : "";});st("ua", function (t) {// return window.navigator.userAgent;return temp.userAgent;});st("sua", function (t) {var regex = new RegExp("Mozilla/5.0 \\((.*?)\\)");// var matches = window.navigator.userAgent.match(regex);var matches = temp.userAgent.match(regex);return matches && matches[1] ? matches[1] : "";});st("pp", function (t) {var u = {};var i = mw("pwdt_id");var c = mw("pin");var a = mw("pt_pin");i && (u.p1 = i);c && (u.p2 = c);a && (u.p3 = a);return u;});st("extend", function () {// var e = navigator.permissions.query({// name: "notifications"// })// var Y = 0;// ("cdc_adoQpoasnfa76pfcZLmcfl_Array" in window || "cdc_adoQpoasnfa76pfcZLmcfl_Promise" in window || "cdc_adoQpoasnfa76pfcZLmcfl_Symbol" in window) && (Y |= 1);// ("$chrome_asyncScriptInfo" in window.document || "$cdc_asdjflasutopfhvcZLmcfl_" in window.document) && (Y |= 2);// var n = {// pm: Notification.permission === "denied" && e.state === "prompt" ? 1 : 0,// wd: window.navigator.webdriver ? 1 : 0,// l: !navigator.languages || navigator.languages.length === 0 ? 1 : 0,// ls: navigator.plugins.length,// bu1: rm,// wk: Y// }// return n;return { bu1: "0.1.9", l: 0, ls: 0, wd: 0, wk: 0 };});st("pp1", function (t) {var c = mw("pwdt_id");var u = mw("pin");var a = mw("pt_pin");if (!c && !u && !a) {var i = temp.cookieStr;if (i) return i;}return "";});st("pm", function () {// var result = navigator.permissions.query({ name: "notifications" });// return { ps: result.state, np: Notification.permission };return {ps: "prompt",np: "default",};});st("w", function (t) {// return window.screen.width;return 1536;});st("h", function (t) {// return window.screen.height;return 864;});st("ow", function (t) {// return window.outerWidth;return 1536;});st("oh", function (t) {// return window.outerHeight;return 864;});st("url", function (t) {// return location.href;return temp.url;});st("og", function (t) {// return location.origin;return temp.origin;});st("pf", function (t) {// return window.platform;return undefined;});st("pr", function (t) {// return window.devicePixelRatio;return 1.25;});st("re", function (t) {// return document.referrer;return "";});st("random", function (t) {return d_({ size: 10, dictType: "max", customDict: null });});st("referer", function (t) {// var i = new RegExp("[^?]*"),// u = document.referrer.match(i);// if (!u || !u[0]) return "";// return u[0];return "";});st("v", function (t) {return "h5_npm_v4.2.0";});return ct;}
}async function main() {var cookieStr = "",userAgent ="";var h5stObj = new h5st(cookieStr, userAgent, {debug: false,preRequest: false,timeout: 2,appId: "ea491", onSign: function onSign(e) {e.code;},onRequestTokenRemotely: function onRequestTokenRemotely(e) {e.code, e.message;},onRequestToken: function onRequestToken(e) {e.code, e.message;},});var a = await h5stObj.sign({functionId: "whx_getShopHomeFloorInfo",appid: "shop_m_jd_com",clientVersion: "12.0.0",client: "wh5",body: CryptoJS.SHA256(JSON.stringify({ shopId: "1000002481", source: "m-shop" })).toString(),});console.log(a);//// var params = `functionId=whx_getShopHomeFloorInfo&body=${encodeURIComponent(JSON.stringify({ shopId: "1000002481", source: "m-shop" }))}&appid=shop_m_jd_com&client=wh5&clientVersion=12.0.0&h5st=${// a.h5st || ""// }`;var params = `pc-item-soa&functionId=pc_detailpage_wareBusiness&client=pc&clientVersion=1.0.0&t=1698813236207&body=${encodeURIComponent(JSON.stringify({"skuId":100064564679,"cat":"1319,11842,14936","area":"12_904_907_50559","shopId":"1000008122","venderId":1000008122,"paramJson":"{'platform2':1,'specialAttrStr':'p0ppppppppp2ppppppppppppppp','skuMarkStr':'00'}","num":1,"bbTraffic":""}))}&h5st=${a.h5st || ""}`;console.log( params);cookie = 'shshshfpa=4b770525-82d6-9dc2-191f-49213e2808af-1693276292; shshshfpx=4b770525-82d6-9dc2-191f-49213e2808af-1693276292; pinId=LxgJESmodokf_AhbrnKClw; pin=jinshiyuan1123; unick=jinshiyuan1123; _tp=qTmSS0pjZ%2BpSltacjzri4w%3D%3D; _pst=jinshiyuan1123; __jdv=76161171|direct|-|none|-|1697592319693; mba_muid=16934744924511616091388; user-key=11a484e2-f35f-4a4f-9827-c95f59dd47eb; __jdu=16983895067841432816868; TrackID=1HFZlWtgARPlbI1mTVFpwZ3u_SB09-1Q_bI6WyUS8IpkISJ6MmmNv6LbsWxET-X7MWNjLiNaACNKV-1Vht0fWcs89QNcw4qXk4Rqhs0xYx08; thor=EEFDDDF33A2E1B1574F38D3AEF89005246E4DF7F7341012C233F05A1CE1050707F2B2C7784309754BA0DF8532A4DF03135775FD5699D900B1443BD2FB2076E4CE284DDE4DF56071F679BE3AC90F368F539C29EBBA1F6CAEB5149648AA360E7948AB67D04395B9891D618EC1E696E8BC2635F84B0B83609EB90421520EB98293C7DF602769976770087AF3D1CBA2510AB; flash=2_7fZdpf_i3XDxiQCGotfuowSRGt_716ZFdTPZqfOjcmExH9AiqitrXU-JV6KP5hIbOio7x8_X8iS7NHJGVpeQRnyZjGY7IVA643W1OyW4DRq*; areaId=12; ipLoc-djd=12-904-907-50559; joyya=1698717531.1698727780.24.0oyeyhv; 3AB9D23F7A4B3C9B=7XKWKVW52FZTKEZTBRHLN5KSUEOMU4POIZAQBRA6ZODCWLPXFZ3VTUJEEWD6VNMV5C6RX3F4J4JIIGCLO65JD33MS4; 3AB9D23F7A4B3CSS=jdd037XKWKVW52FZTKEZTBRHLN5KSUEOMU4POIZAQBRA6ZODCWLPXFZ3VTUJEEWD6VNMV5C6RX3F4J4JIIGCLO65JD33MS4AAAAMLRDXCJ6YAAAAAD7HKTBXNJK6MCMX; __jda=122270672.16983895067841432816868.1698389507.1698735389.1698809391.6; __jdc=122270672; shshshfpb=AAjAp7oiLEncFJYLWncIZH0khPigIrxaTJ2KSSQAAAAA'const { data, status } = await axios({method: "get",url: `https:/api.m.jd.com/?appid=${params}`,headers: {"origin": "https://item.jd.com","cookie":cookie,"x-referer-page":"https://item.jd.com/100064564679.html","User-Agent": userAgent,},});console.log(data);console.log(status);
}main();这篇关于京东h5st逆向 python代码算法还原逆向分析 h5st代码的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
