本文主要是介绍【JS逆向+Python模拟API请求】逆向某一个略微中等的混淆网站,并模拟调用api请求 仅供学习。注:不是源代码混淆,而是一个做代码混淆业务的网站,,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
逆向日期:2024.02.16
使用工具:Node.js
加密方法:RSA标准库
文章全程已做去敏处理!!! 【需要做的可联系我】
AES解密处理(直接解密即可)(crypto-js.js 标准算法):在线AES加解密工具
仅供学习,这个网站的逆向还是蛮简单的,大家在测试的时候要注意,不用登录、有debugger、每天只能免费请求10次,超过10次的会通过禁IP的方法禁止使用,所以大家不要乱点,要珍惜。有池子的可以随便点
1、打开某某网站(请使用文章开头的AES在线工具解密):H/yIs9e+gElb4jxbCqe3x4L5L72pQ1VY36m6kAIsG14=
2、打开网站,过debugger直接右键一律不在此处暂停,
3、输入框输入js代码,然后点击混淆,哎幺,弹出了一个接口,直接全局搜索【Sojsondata】和【Sojsonhost】,发现只能搜索到【Sojsondata】,另一个搜索不到,那我们就选把能搜索到的先模拟一下
4、全局搜索大法,哟哟哟,找到了,还是个混淆,断上,点击混淆按钮,哎幺,断上了,经过我测试,目测为RSA加密,然后加密参数就是【js|2l.58ddn5vja|17】,其中【jsjs|2l.58ddn5vja|】写固定就行,那个17其实就是我们要混淆的参数的总长度,,我们往里进,步入步入再步入
5、好家伙,步入进来了,经过测试,发现就是RSA算法加密,你看下面图。。。RSA一般在加密之前都会导入密钥,无论什么时候导入的密钥,一定会在加密参数之前导入,,导入后是可以通过查看【方法.key.n】是否存在,存在就是已经导入了,我们可以通过【方法.getPublicKey()】提取公钥。在本网站里,RSA的方法是【this】,所以我们用【this.getPublicKey()】即可将公钥提取出来。
6、我们直接复制公钥,然后本地直接模拟,嘿,成功了,接下来我们继续步入找【Sojsonhost】
7、经过我千年的寻找,终于找到了,他这个也很简单,一个固定值加一个时间戳,得,我们直接模拟
8、【Sojsonhost】【Sojsondata】都模拟成功了,上python去请求,测试看看
9、我们的python代码要导入刚刚写好的js代码,然后直接调用即可
10、我们直接模拟测试一下,成功了,请求混淆后的js代码都保存到了本地的【text.js】文件里了
11、我们打开js文件,然后我们调用那个方法,黑,成了
【附上源码】
为防止二次编辑或对该网站的原创保护,请大家自觉一点,源码在下方,请用网页版AES进行解密即可,无密码,尽量使用博主提供的AES加解密网站(crypto-js.js 标准算法),否则可能会出现其他不必要的问题。
可使用AES进行解密处理(直接解密即可):在线AES加解密工具
由于某限制问题,请使用本文章自带的在线AES解密工具进行解密,即可获得python代码
【new_1.py】:
JXtvLmP9Dt9/JkkmxV1w1+V6TviFL10uR2oSMSsPES7brQRzziFlUrZ2Vdyapj9ONguiZsvsVxsG03BVhEgcYtRxLOP3XD+35iJsC/1Fpa8MgirYw8ktt9sOwHLpLCemW9CJplZXHtArbXwYpmp536YR3NAAOHEPppyd0ggk+p9DkIvtVkATGuzecjJUxN9o50cas6OfH9J5bBHxIacg0bUXYSPoA1gabQNe3yUHO51PLPs5SVBP3mf9VpihYh9k3E7AfyaG52UcTlQSeaiQv1rdfbkzq0OBD3R9Z0qnSnljcC+EKRSTePParDwUwwAZHRlolsIvx1bIRcsu0C26urDM7DBCxzzcs7Dbb+QJ9TI3xqRo7S3K68XDNSkEG/3Y5iRTqvmuvAi0Og4j8QBEYyPZ6K5wKMJATyoiu5pAQkEv2jJl9x2o4gBY1LxuE+s9+wZs35Yb0u7KsXuXpKZtUh27mUBNSbXjCIrF/yaEyNeZrsOlF1y2hrcIX/VgAyNeu2Z26BNWnZPC1trJTMU8ryXwDl1vi+vnzBIAu8x7qv3roJtd7aLH71AokW8OTOPrEoNRLx0CB+R5LIbYYIEXNlqwauf/7bQrhqiLDXBWBoIf1pr45JyVsVxEneYE5DWAiKUVfo2KTdxI/nJYObD+r/Uu4nBV24mL/rB/Tba06uYXFWWAA/s1Mf6vRCq+16nXB/zjzKFtDi9Ui3OC/Lo5DlDX22Lw5Pkyz0/SiCqnRXnARkzuxsRYn/eBe7Oy7HY8BbBrxuogp9xWpJu9H1WucWp4cNJe1xOcfjJN9Sy2pE7NAYvbwX+vy7zLuzNsNcpqiq35WXKH4tICBuoLtCJlwU6nfnnzv3IG/U8HysS20Wj4w/hCEGqOPs8QSM40VMYU6AYP32tCQNx9ymzLMhY9GmJiL9yukhYxNBQB0RrBVdxGHyXNe6lZ57xyE7ymYY2batEny03ZZpu1JZrR42p2poCbSkUuk/LnR6qrs00A0uAjlQxr038OpIJgO3XT1TSaSnMiN6Ip1p7RwWMk1ibRtl8TYwlp1BuJf/YhWXa+tFkCbLeBTYhegARDJBGcQIV97L2VuYuTjZyuak9rY9gHITo05/H1pyuVzIxtzSymp0HgbswgJLh8xfg7p3l9TgcKrSiBFDkDl944Ncn4zPmS7UEqozUhxwmmvozZck6B9MZ74+Q6pQrBtqd+HSarys84N/zq66sq6rH6jQYkog3HpZZmJPYDpRcORdw3mtr7cPAALFilXYs3uGt7nqal53Gf3f2EBA6+aeBY318d9y+WDRWU5J6e/w1HkRB4pNUzs6aa0R16+lkz2gCd8d35N9OeHQWzWeGBXGR/LMrqugRMDz/0425Jy97yLaAmaxFVnJ24BuIWrfJNhNqev/9cBq1dZgAQWEuJjEKXBOGG/70/9NMjYAj/S7QrpUzhxtUU/Qm1HkKevAu/0kJvLYFUhR7W6IAr+4H6ICPDzfaS66WGY4pjTB3pZdAvkW1Z10FfWoCOcjyVrPS0Yct9/cBfmle+ElVluKUW4awk047mZ0Luj+YeXcacl2I61ANTCTsSMnSMUZOIXX/UppyOUyu3Ryff+Fz7DUXEpAvWIZZJjo7fcK6j4BclnVwLxwwShF4fc4bjIuAyPR+0S7HsvmKVE7RuLejHUT9eXguGjjbI6E8akbyDMNYBIhXngzbLqE2EZqhQa1gh7PL7IxhfGQiAhZ75AmrE7Oyi7X9oVtFPFtRr4JFKKKVmEdSAHnLv8pltZ5FHlNfmc0aCNedESlZ6cRiCxoQmVRLvJ2jTTTVVvYyCRW3xBEg2X20b9/gTDafBARf9xIPayUUeKiFfx1Qf2/6HnuGWHbyjmrdnmpGTt3rJFsQYV4yWyOK4ZkZoLtQD7HOj9/VNas9Hcd2yMAPMYcVsB2nmerTAcvJVtL4ZFj1LuUA2QmyPjLMlUgAYPsvK+Xr25bbY2KJxtYBam/nnI/MwV2R+JXthQ/+p0Kygt5FMsPJr783gjTqQMSAixse8TV1dD5orJxZUQxrPj94YnDhg3ybgom0yLnxfT3N4Ns39Q5c9wI3dr5qP8o0lwM7px7kbrXmw0UZ3cKQY2T6GWHtatUAMfefp0R4I2iSSGUeC+abpxKgMaM1lnuGn/cu6wUzv6RjQtKX/lkKYDmsUidOQnISVvwq5o++O4vmF2T7wPpVI0q8XNbKxMwjiZZt/nLzt74wxfkrsJ8U84hc8oh452DpJtZVpJbksGHl/jljTvHlXwYPlPl7lPbJ3uYMoSTxZ6ZszzdxyRWQJdML/S3Kmurub+4kUqeVyujDtF5rjsjFndCOx5EE+C8nhhwCVWQGCEfCq9Zg040XmzHbQnDXHgSza9sLRWVqPsTTRB5t2pEIg8+SEdNW7Yjtaw9v9Z4MTcqqUPpaY2R5BjuhluDsrH/HemedExbh7i+ORuEVzXglxw0H+ahhHbhnPPKqAAE5e196NTRtrKBBvNaCRjegfLERymCVG2+wIpJURDf0mSqftbNUQefcWQIG1OGgJ7dIf7Tf6jL5Hcifnwbndg3MnS/Lu3xmXQCr6vWSSoMQJIrPFR4w8qpHIUa/cskHnLwS9q06esxD8eBCU4CTfqokY8dig7qdQVeGxmieHno0qGEGRg9mA7PeJhU/XB6ZyxvcljKSZKQ+RiOwFYoiouyvbZEn7/sxEJ+qDsMZ0Kz0gP5Rh7NsaIL1bqSrLLVeNHqDu331KrpXA7QMWOvrQoP1DFeijl+mwUfpX/SK1a41wf/Jo2owPOMuOhPSYY3xE4Asb3eLmZ7NxDkgedQi8Op2c9OE2WHMlUPl6jmAfaeXK4i7wtGehIPAI42491eqpkZa4HCsqauRXI6wVVZ6R8SCajfy1su0JgEfl9QKGYKSaYcXpl24Ulpgz/60vfSV1FBG6uIa/ion2wH6Em0LBKtM/W/RwwmEb0ICxYqLh/ERN687bMZlAXGgRDP7O5VJS/V88k80tpv4+KEjnQbHIryhafNxipuqIAWfGkwcWmNLikfRfgSVB4LC167E+62hJj1XEOPVQNGsvAxYsyO/manNQaS63ScBg6gTe60FOrdmPIAUpWqRN4Inn0HVbR41jtVdzAZPRZUmRAedoHPar1+BAynM3D41KVwvuCI6FWXQ5IB8DsGdJ2JQq7zsKf0Q6xvju/a4A3RvcpcYdC+UxQbJlBBofTEng4IbwpJn17PLB69IDw257SfYIn3jNo+yVlwZZgamEeOUTvxhAWHXLFhR34cNIcL2RSdGTHwSlwzvIO0dKiFz2dtxsAacA8vwgdc44lTSnviR92qK09wrUW3gVe0XuaJ2MpLQqYi5u8YYcEZk6QzsovdgLe+pLoB6n0b7DLN3MS3yP8u9hV9FudeCN/PRdQUO1tHCnJI++hOyHk0frFHn3rWb5jsFCNchVDJ7jwbSGYWlmMHtkvgrRu3nitLM19ckAoAk4w/9HvwpNQk4tnLmL6gIqOwvOhlvnkZAhhgHvdc2TGWmS6vZt2PykgQzCmqbAJ8pMsLZZpD40R0I7Z2hcyEcuiroduNbmD2hEGEzkMFutL9BC+ykKTfMnRUb2ibvD6eEKNqFtE6mdPNQ+vSSfGI+ka7DJl2zW7V+sve94GpTTnDBNbIPFjuKo2kJNFwjYIevbSc6mbIYElJE7Kv189Mgwl1u1rK3UwkOQXh/keTrrytb+uD1bK0yFguhIW/oDRd3x20e0ZbBErrQgd5OPPBdOGZ6akxxGbBP1caxTeJGMmzX6IUaP7hFoOYMn3JG/SAQAtYynW23aNOFwHLBJZPhYk1xiPV1NOzUBdcGkNKTlYbwFedOM9rQZ7QbkoDms8PRKdfoz+vA+AHcnl14FuH+ZGIuaHtEQfoTnnq+2zAZmWA3FKNDTK15l28FaBTg5PUrqBPgfCGlBzTlnN0xNkbaCNyYH9cn8Shj4ozboviFi7R50hcBxggEjDIIq2MPJLbfbDsBy6SwnpsHM6THohGuhEO/sbXfOJxgESqbL2WOEdIkdxZjsiVjBahT9IXXVPzmWjgIjyOIp4g==由于某限制问题,请使用本文章自带的在线AES解密工具进行解密,即可获得js代码
【c1.js】:
fZslTjinCyMn2AngMj3aaca1w3QQ2n0+6kbZRwnlyDg7LLTyzRLoy5/bIAMWq6hsmpk46x9uMq/UbvxjGOq2/VUACW8fJ5hm+7Wycir9WHIiJv7cxjsBb5QVxrIQUDhevW4E+E2LuHhSb/c05fcEQW7kH+Ut7NWsV9qGNGmSX/cTeyT/brNKKgxfrXOAyVSlpypw9omImM5gRjOofjAdEni2KTr5gEy8zAAGgGY6UUrGmh0+5MeCu5diWkvVOTrqpNg/7NGThPm8Mg27tvMXm8JK3TlAEveV2DsO0/fx+D3qNPtYS9pgAGftgJFzPNZfmMrq9KmZ4Qrb2Fy0x74vsSYQdBip8gWOxw5XYuiPWoL5fTMncF0P46e5QZDYv+mPmdvaalZ87gwXMQxPTbPWswZm8xo+q/jZyeFw5cZPAOlSN8D478kC+s3l5o03nvGmrcQreZLkgWqaE8GqjRJbEG3k2WhadfrorK+FdcU1fbyUBTd6UlPPRdZdiRXxYTZ0TOu7gp2Mx8CPfW5v88Rk/YxdOC0DXVO9i5CsWOXYlXOJo7sJIzP8wasLvaBurmYFqruwvwvep+a2bHjWm6SJjjIGpdZH3fBllSSzsa3TfEBQWIXEHvH1RWNwH5DdfPKCniCMggUIM/MTRuMgUYsEyDRQJMe9Az7QohsYdlFsX1P6zi1i2rwu021e6+GyKcfOHrP39mYJRf1+T6Tes4BNBr2lw6e4ltBhGdic4LGlXUl6JyMVz6+aNo206RiluL9rl0vbPTUWKQC1uC9pt/l8MOQtK9Su90tD+FAyhOUM9aIksnDJtNWs4xvVuhVF/z+qZEpC2oTtuqlIqUK0flweLzUwai5ibF2G7ylvtxgG8QtEjMpZPYwMtaadUTiYPUAPi1t+GAjXyD8lwhdEfknFPPB1Ee4CZrRFfVUKdxw9xngYbgjAsNBuVx3U1Puls74IYYrilOJXlGQpkOXEDkbwmF+DjIS474WSaZbGw67YUlUhwZUAdsjP0gZfyzxIPbzXWQQKKEvcCpIYk6TK8r+6lZxtL94OsKUBiXMRgbN3ID4F5uAMx9W0hgH+9MLb/FIa8ZWYCaPtmZO602mjQL0lsYJwZdcNYOhPGpddBARVkRlhJ2Iz7ENdBjqIZJcxkn4U4+VHwU4mLJfc4EI1TSIO7381VovFzjeQPy4G3VTPD4hip01mWZDimv3MhUHT8lCA70lxYsp4Q2ZVuZfMSTGTd87uewo+PGy3Z9mK5XvQbVFX5eG2mh7l+FC6O/WXPZ2I这篇关于【JS逆向+Python模拟API请求】逆向某一个略微中等的混淆网站,并模拟调用api请求 仅供学习。注:不是源代码混淆,而是一个做代码混淆业务的网站,的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
