发现问题
在一次偶然中,在爬取某个公开网站(非商业型网站)时,老方法,打开调试工具查看请求方式,请求拦截,是否是异步加载,不亦乐乎,当我以为这个网站非常简单的时候,发现二级网页的地址和源码不对应
Ajax异步加载?源码也是这样的
而且这些链接直接访问根本无法访问
用火狐浏览器的event显示:
找到加密方式
源码:
function() { var hh = $(this).attr("href"); if (typeof(hh) == \'undefined\' || hh == \'#\') { return } var aa = hh.split("/"); var aaa = aa.length; var bbb = aa[aaa - 1].split(\'.\'); var ccc = bbb[0]; var cccc = bbb[1]; var r = /^\+?[1-9][0-9]*$/; if (r.test(ccc) && cccc.indexOf(\'jhtml\') != -1) { var srcs = CryptoJS.enc.Utf8.parse(ccc); var k = CryptoJS.enc.Utf8.parse(s); var en = CryptoJS.AES.encrypt(srcs, k, { mode: CryptoJS.mode.ECB, padding: CryptoJS.pad.Pkcs7 }); var ddd = en.toString(); ddd = ddd.replace(/\//g, "^"); ddd = ddd.substring(0, ddd.length - 2); var bbbb = ddd + \'.\' + bbb[1]; aa[aaa - 1] = bbbb; var uuu = \'\'; for (i = 0; i < aaa; i++) { uuu += aa[i] + \'/\' } uuu = uuu.substring(0, uuu.length - 1); window.open(uuu) } else { var ee = $(this).attr(\'target\'); if (ee.typeof(\'undefined\')) { window.location = hh } else { window.open(hh) } } return false }
根据我的发现,实现的效果就是让源码的链接:
http://xxxx.xxxx.xx:80/jssfdg/3254639.jhtml
变为如下链接:
http://xxxx.xxxx.xx:80/jssfdg/JzRnGhk7J9D1ZNMlh47fMw.jhtml
以上代码缩减了下:
就这几行代码:
var srcs = CryptoJS.enc.Utf8.parse(ccc); var k = CryptoJS.enc.Utf8.parse(s); var en = CryptoJS.AES.encrypt(srcs, k, { mode: CryptoJS.mode.ECB, padding: CryptoJS.pad.Pkcs7 }); var ddd = en.toString(); ddd = ddd.replace(/\//g, "^"); ddd = ddd.substring(0, ddd.length - 2); return ddd
大概的意思就是先将那串数字用utf8加密成数组:
再对密钥操作:
再将上面的两个数组用aes加密
将用aes加密过的en转为字符串:
我渣一看这种字符串像是base64加密
再将带有/符号的转为^,因为在url编码中,/符号有特殊意义
再将数据后面的[==]分割掉
最后的字符串就是需要的数据了
把这段操作封装成一个函数,然后测试:
经过测试,没毛病,返回的这个字符与真实的一致。
卧槽,瞬间激动啦,这还没完,我是直接在当前网页的控制台操作的,换到其他网页的控制台:
需要两个重要的东西:CryptoJS对象 和 s变量
CryptoJS对象都还好,那特么一定是引入的,s变量就难了,从源码找,包含s的太多了,而且还是小写,关键词太多了
而且S变量是已经定义好的,因为我打开控制台直接访问s就能有结果:
所以,那绝对是已定义的,但是我无法确定是写死的还是随机生成的,如果按照一定规则随机生成的话,那就难了,所以我必须找到它,它也至关重要,因为就是aes加密需要的密钥,不然无法加密出来希望的格式
我找了一上午,还请教了我的前端大佬同事,也是一时不知道怎么找
最后,我把当天的任务忙完之后,专门腾出两小时时间来再分析,我一个一个js文件慢慢看:
找到key值
结果,他么的,放在jquery源码里面:
而且,还真的是写死的
卧槽!!!!!!!!!!!!!!!!!!!!,太nm骚了,放源码了,按正常人的惯用思维,像什么jquery,vue等的源码,一定是不敢去乱改的,要写js的话,也不敢去乱搞,都是新建一个js文件写入,它这个把密钥写在jquery源码里,简直反其道而行,我不知道说这个网站的前端开发者是高明还是奇葩了
好的,两样东西都齐了,准备用代码实现了,在这之前,先了解下什么是CryptoJS
源码:
!function(t, n) { "object" == typeof exports ? module.exports = exports = n() : "function" == typeof define && define.amd ? define([], n) : t.CryptoJS = n() } (this, function() { var t = t || function(t, n) { var i = Object.create || function() { function t() {} return function(n) { var i; return t.prototype = n, i = new t, t.prototype = null, i } } (), e = {}, r = e.lib = {}, o = r.Base = function() { return { extend: function(t) { var n = i(this); return t && n.mixIn(t), n.hasOwnProperty("init") && this.init !== n.init || (n.init = function() { n.$super.init.apply(this, arguments) }), n.init.prototype = n, n.$super = this, n }, create: function() { var t = this.extend(); return t.init.apply(t, arguments), t }, init: function() {}, mixIn: function(t) { for (var n in t) t.hasOwnProperty(n) && (this[n] = t[n]); t.hasOwnProperty("toString") && (this.toString = t.toString) }, clone: function() { return this.init.prototype.extend(this) } } } (), s = r.WordArray = o.extend({ init: function(t, i) { t = this.words = t || [], i != n ? this.sigBytes = i: this.sigBytes = 4 * t.length }, toString: function(t) { return (t || c).stringify(this) }, concat: function(t) { var n = this.words, i = t.words, e = this.sigBytes, r = t.sigBytes; if (this.clamp(), e % 4) for (var o = 0; o < r; o++) { var s = i[o >>> 2] >>> 24 - o % 4 * 8 & 255; n[e + o >>> 2] |= s << 24 - (e + o) % 4 * 8 } else for (var o = 0; o < r; o += 4) n[e + o >>> 2] = i[o >>> 2]; return this.sigBytes += r, this }, clamp: function() { var n = this.words, i = this.sigBytes; n[i >>> 2] &= 4294967295 << 32 - i % 4 * 8, n.length = t.ceil(i / 4) }, clone: function() { var t = o.clone.call(this); return t.words = this.words.slice(0), t }, random: function(n) { for (var i, e = [], r = function(n) { var n = n, i = 987654321, e = 4294967295; return function() { i = 36969 * (65535 & i) + (i >> 16) & e, n = 18e3 * (65535 & n) + (n >> 16) & e; var r = (i << 16) + n & e; return r /= 4294967296, r += .5, r * (t.random() > .5 ? 1 : -1) } }, o = 0; o < n; o += 4) { var a = r(4294967296 * (i || t.random())); i = 987654071 * a(), e.push(4294967296 * a() | 0) } return new s.init(e, n) } }), a = e.enc = {}, c = a.Hex = { stringify: function(t) { for (var n = t.words, i = t.sigBytes, e = [], r = 0; r < i; r++) { var o = n[r >>> 2] >>> 24 - r % 4 * 8 & 255; e.push((o >>> 4).toString(16)), e.push((15 & o).toString(16)) } return e.join("") }, parse: function(t) { for (var n = t.length, i = [], e = 0; e < n; e += 2) i[e >>> 3] |= parseInt(t.substr(e, 2), 16) << 24 - e % 8 * 4; return new s.init(i, n / 2) } }, u = a.Latin1 = { stringify: function(t) { for (var n = t.words, i = t.sigBytes, e = [], r = 0; r < i; r++) { var o = n[r >>> 2] >>> 24 - r % 4 * 8 & 255; e.push(String.fromCharCode(o)) } return e.join("") }, parse: function(t) { for (var n = t.length, i = [], e = 0; e < n; e++) i[e >>> 2] |= (255 & t.charCodeAt(e)) << 24 - e % 4 * 8; return new s.init(i, n) } }, f = a.Utf8 = { stringify: function(t) { try { return decodeURIComponent(escape(u.stringify(t))) } catch(t) { throw new Error("Malformed UTF-8 data") } }, parse: function(t) { return u.parse(unescape(encodeURIComponent(t))) } }, h = r.BufferedBlockAlgorithm = o.extend({ reset: function() { this._data = new s.init, this._nDataBytes = 0 }, _append: function(t) { "string" == typeof t && (t = f.parse(t)), this._data.concat(t), this._nDataBytes += t.sigBytes }, _process: function(n) { var i = this._data, e = i.words, r = i.sigBytes, o = this.blockSize, a = 4 * o, c = r / a; c = n ? t.ceil(c) : t.max((0 | c) - this._minBufferSize, 0); var u = c * o, f = t.min(4 * u, r); if (u) { for (var h = 0; h < u; h += o) this._doProcessBlock(e, h); var p = e.splice(0, u); i.sigBytes -= f } return new s.init(p, f) }, clone: function() { var t = o.clone.call(this); return t._data = this._data.clone(), t }, _minBufferSize: 0 }), p = (r.Hasher = h.extend({ cfg: o.extend(), init: function(t) { this.cfg = this.cfg.extend(t), this.reset() }, reset: function() { h.reset.call(this), this._doReset() }, update: function(t) { return this._append(t), this._process(), this }, finalize: function(t) { t && this._append(t); var n = this._doFinalize(); return n }, blockSize: 16, _createHelper: function(t) { return function(n, i) { return new t.init(i).finalize(n) } }, _createHmacHelper: function(t) { return function(n, i) { return new p.HMAC.init(t, i).finalize(n) } } }), e.algo = {}); return e } (Math); return t }); //# sourceMappingURL=core.min.js.map ! function(e, t, i) { "object" == typeof exports ? module.exports = exports = t(require("./core.min"), require("./sha1.min"), require("./hmac.min")) : "function" == typeof define && define.amd ? define(["./core.min", "./sha1.min", "./hmac.min"], t) : t(e.CryptoJS) } (this, function(e) { return function() { var t = e, i = t.lib, r = i.Base, n = i.WordArray, o = t.algo, a = o.MD5, c = o.EvpKDF = r.extend({ cfg: r.extend({ keySize: 4, hasher: a, iterations: 1 }), init: function(e) { this.cfg = this.cfg.extend(e) }, compute: function(e, t) { for (var i = this.cfg, r = i.hasher.create(), o = n.create(), a = o.words, c = i.keySize, f = i.iterations; a.length < c;) { s && r.update(s); var s = r.update(e).finalize(t); r.reset(); for (var u = 1; u < f; u++) s = r.finalize(s), r.reset(); o.concat(s) } return o.sigBytes = 4 * c, o } }); t.EvpKDF = function(e, t, i) { return c.create(i).compute(e, t) } } (), e.EvpKDF }); //# sourceMappingURL=evpkdf.min.js.map ! function(r, e) { "object" == typeof exports ? module.exports = exports = e(require("./core.min")) : "function" == typeof define && define.amd ? define(["./core.min"], e) : e(r.CryptoJS) } (this, function(r) { return function() { function e(r, e, t) { for (var n = [], i = 0, o = 0; o < e; o++) if (o % 4) { var f = t[r.charCodeAt(o - 1)] << o % 4 * 2, c = t[r.charCodeAt(o)] >>> 6 - o % 4 * 2; n[i >>> 2] |= (f | c) << 24 - i % 4 * 8, i++ } return a.create(n, i) } var t = r, n = t.lib, a = n.WordArray, i = t.enc; i.Base64 = { stringify: function(r) { var e = r.words, t = r.sigBytes, n = this._map; r.clamp(); for (var a = [], i = 0; i < t; i += 3) for (var o = e[i >>> 2] >>> 24 - i % 4 * 8 & 255, f = e[i + 1 >>> 2] >>> 24 - (i + 1) % 4 * 8 & 255, c = e[i + 2 >>> 2] >>> 24 - (i + 2) % 4 * 8 & 255, s = o << 16 | f << 8 | c, h = 0; h < 4 && i + .75 * h < t; h++) a.push(n.charAt(s >>> 6 * (3 - h) & 63)); var p = n.charAt(64); if (p) for (; a.length % 4;) a.push(p); return a.join("") }, parse: function(r) { var t = r.length, n = this._map, a = this._reverseMap; if (!a) { a = this._reverseMap = []; for (var i = 0; i < n.length; i++) a[n.charCodeAt(i)] = i } var o = n.charAt(64); if (o) { var f = r.indexOf(o); f !== -1 && (t = f) } return e(r, t, a) }, _map: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=" } } (), r.enc.Base64 }); //# sourceMappingURL=enc-base64.min.js.map ! function(e, t, r) { "object" == typeof exports ? module.exports = exports = t(require("./core.min"), require("./evpkdf.min")) : "function" == typeof define && define.amd ? define(["./core.min", "./evpkdf.min"], t) : t(e.CryptoJS) } (this, function(e) { e.lib.Cipher || function(t) { var r = e, i = r.lib, n = i.Base, c = i.WordArray, o = i.BufferedBlockAlgorithm, s = r.enc, a = (s.Utf8, s.Base64), f = r.algo, p = f.EvpKDF, d = i.Cipher = o.extend({ cfg: n.extend(), createEncryptor: function(e, t) { return this.create(this._ENC_XFORM_MODE, e, t) }, createDecryptor: function(e, t) { return this.create(this._DEC_XFORM_MODE, e, t) }, init: function(e, t, r) { this.cfg = this.cfg.extend(r), this._xformMode = e, this._key = t, this.reset() }, reset: function() { o.reset.call(this), this._doReset() }, process: function(e) { return this._append(e), this._process() }, finalize: function(e) { e && this._append(e); var t = this._doFinalize(); return t }, keySize: 4, ivSize: 4, _ENC_XFORM_MODE: 1, _DEC_XFORM_MODE: 2, _createHelper: function() { function e(e) { return "string" == typeof e ? B: x } return function(t) { return { encrypt: function(r, i, n) { return e(i).encrypt(t, r, i, n) }, decrypt: function(r, i, n) { return e(i).decrypt(t, r, i, n) } } } } () }), h = (i.StreamCipher = d.extend({ _doFinalize: function() { var e = this._process(!0); return e }, blockSize: 1 }), r.mode = {}), u = i.BlockCipherMode = n.extend({ createEncryptor: function(e, t) { return this.Encryptor.create(e, t) }, createDecryptor: function(e, t) { return this.Decryptor.create(e, t) }, init: function(e, t) { this._cipher = e, this._iv = t } }), l = h.CBC = function() { function e(e, r, i) { var n = this._iv; if (n) { var c = n; this._iv = t } else var c = this._prevBlock; for (var o = 0; o < i; o++) e[r + o] ^= c[o] } var r = u.extend(); return r.Encryptor = r.extend({ processBlock: function(t, r) { var i = this._cipher, n = i.blockSize; e.call(this, t, r, n), i.encryptBlock(t, r), this._prevBlock = t.slice(r, r + n) } }), r.Decryptor = r.extend({ processBlock: function(t, r) { var i = this._cipher, n = i.blockSize, c = t.slice(r, r + n); i.decryptBlock(t, r), e.call(this, t, r, n), this._prevBlock = c } }), r } (), _ = r.pad = {}, v = _.Pkcs7 = { pad: function(e, t) { for (var r = 4 * t, i = r - e.sigBytes % r, n = i << 24 | i << 16 | i << 8 | i, o = [], s = 0; s < i; s += 4) o.push(n); var a = c.create(o, i); e.concat(a) }, unpad: function(e) { var t = 255 & e.words[e.sigBytes - 1 >>> 2]; e.sigBytes -= t } }, y = (i.BlockCipher = d.extend({ cfg: d.cfg.extend({ mode: l, padding: v }), reset: function() { d.reset.call(this); var e = this.cfg, t = e.iv, r = e.mode; if (this._xformMode == this._ENC_XFORM_MODE) var i = r.createEncryptor; else { var i = r.createDecryptor; this._minBufferSize = 1 } this._mode && this._mode.__creator == i ? this._mode.init(this, t && t.words) : (this._mode = i.call(r, this, t && t.words), this._mode.__creator = i) }, _doProcessBlock: function(e, t) { this._mode.processBlock(e, t) }, _doFinalize: function() { var e = this.cfg.padding; if (this._xformMode == this._ENC_XFORM_MODE) { e.pad(this._data, this.blockSize); var t = this._process(!0) } else { var t = this._process(!0); e.unpad(t) } return t }, blockSize: 4 }), i.CipherParams = n.extend({ init: function(e) { this.mixIn(e) }, toString: function(e) { return (e || this.formatter).stringify(this) } })), m = r.format = {}, k = m.OpenSSL = { stringify: function(e) { var t = e.ciphertext, r = e.salt; if (r) var i = c.create([1398893684, 1701076831]).concat(r).concat(t); else var i = t; return i.toString(a) }, parse: function(e) { var t = a.parse(e), r = t.words; if (1398893684 == r[0] && 1701076831 == r[1]) { var i = c.create(r.slice(2, 4)); r.splice(0, 4), t.sigBytes -= 16 } return y.create({ ciphertext: t, salt: i }) } }, x = i.SerializableCipher = n.extend({ cfg: n.extend({ format: k }), encrypt: function(e, t, r, i) { i = this.cfg.extend(i); var n = e.createEncryptor(r, i), c = n.finalize(t), o = n.cfg; return y.create({ ciphertext: c, key: r, iv: o.iv, algorithm: e, mode: o.mode, padding: o.padding, blockSize: e.blockSize, formatter: i.format }) }, decrypt: function(e, t, r, i) { i = this.cfg.extend(i), t = this._parse(t, i.format); var n = e.createDecryptor(r, i).finalize(t.ciphertext); return n }, _parse: function(e, t) { return "string" == typeof e ? t.parse(e, this) : e } }), g = r.kdf = {}, S = g.OpenSSL = { execute: function(e, t, r, i) { i || (i = c.random(8)); var n = p.create({ keySize: t + r }).compute(e, i), o = c.create(n.words.slice(t), 4 * r); return n.sigBytes = 4 * t, y.create({ key: n, iv: o, salt: i }) } }, B = i.PasswordBasedCipher = x.extend({ cfg: x.cfg.extend({ kdf: S }), encrypt: function(e, t, r, i) { i = this.cfg.extend(i); var n = i.kdf.execute(r, e.keySize, e.ivSize); i.iv = n.iv; var c = x.encrypt.call(this, e, t, n.key, i); return c.mixIn(n), c }, decrypt: function(e, t, r, i) { i = this.cfg.extend(i), t = this._parse(t, i.format); var n = i.kdf.execute(r, e.keySize, e.ivSize, t.salt); i.iv = n.iv; var c = x.decrypt.call(this, e, t, n.key, i); return c } }) } () }); //# sourceMappingURL=cipher-core.min.js.map ! function(e, i) { "object" == typeof exports ? module.exports = exports = i(require("./core.min")) : "function" == typeof define && define.amd ? define(["./core.min"], i) : i(e.CryptoJS) } (this, function(e) { ! function() { var i = e, t = i.lib, n = t.Base, s = i.enc, r = s.Utf8, o = i.algo; o.HMAC = n.extend({ init: function(e, i) { e = this._hasher = new e.init, "string" == typeof i && (i = r.parse(i)); var t = e.blockSize, n = 4 * t; i.sigBytes > n && (i = e.finalize(i)), i.clamp(); for (var s = this._oKey = i.clone(), o = this._iKey = i.clone(), a = s.words, f = o.words, c = 0; c < t; c++) a[c] ^= 1549556828, f[c] ^= 909522486; s.sigBytes = o.sigBytes = n, this.reset() }, reset: function() { var e = this._hasher; e.reset(), e.update(this._iKey) }, update: function(e) { return this._hasher.update(e), this }, finalize: function(e) { var i = this._hasher, t = i.finalize(e); i.reset(); var n = i.finalize(this._oKey.clone().concat(t)); return n } }) } () }); //# sourceMappingURL=hmac.min.js.map ! function(e, o, r) { "object" == typeof exports ? module.exports = exports = o(require("./core.min"), require("./cipher-core.min")) : "function" == typeof define && define.amd ? define(["./core.min", "./cipher-core.min"], o) : o(e.CryptoJS) } (this, function(e) { return e.mode.ECB = function() { var o = e.lib.BlockCipherMode.extend(); return o.Encryptor = o.extend({ processBlock: function(e, o) { this._cipher.encryptBlock(e, o) } }), o.Decryptor = o.extend({ processBlock: function(e, o) { this._cipher.decryptBlock(e, o) } }), o } (), e.mode.ECB }); //# sourceMappingURL=mode-ecb.min.js.map ! function(e, r, i) { "object" == typeof exports ? module.exports = exports = r(require("./core.min"), require("./cipher-core.min")) : "function" == typeof define && define.amd ? define(["./core.min", "./cipher-core.min"], r) : r(e.CryptoJS) } (this, function(e) { return e.pad.Pkcs7 }); eval(function(p, a, c, k, e, d) { e = function(c) { return (c < a ? "": e(parseInt(c / a))) + ((c = c % a) > 35 ? String.fromCharCode(c + 29) : c.toString(36)) }; if (!\'\'.replace(/^/, String)) { while (c--) d[e(c)] = k[c] || e(c); k = [function(e) { return d[e] }]; e = function() { return \'\\w+\' }; c = 1; }; while (c--) if (k[c]) p = p.replace(new RegExp(\'\\b\' + e(c) + \'\\b\', \'g\'), k[c]); return p; } (\'$(E(){$("a").Q(E(){3 6=$(A).x("N");f(z(6)==\\'y\\'||6==\\'#\\'){q}3 7=6.p("/");3 c=7.e;3 b=7[c-1].p(\\'.\\');3 d=b[0];3 n=b[1];3 r=/^\\+?[1-9][0-9]*$/;f(r.F(d)&&n.G(\\'I\\')!=-1){3 u=8.m.l.v(d);3 k=8.m.l.v(s);3 w=8.H.J(u,k,{t:8.t.K,T:8.U.S});3 4=w.V();4=4.R(/\\//g,"^");4=4.D(0,4.e-2);3 o=4+\\'.\\'+b[1];7[c-1]=o;3 5=\\'\\';L(i=0;i<c;i++){5+=7[i]+\\'/\\'}5=5.D(0,5.e-1);h.j(5)}C{3 B=$(A).x(\\'P\\');f(B.z(\\'y\\')){h.O=6}C{h.j(6)}}q M})});\', 58, 58, \'|||var|ddd|uuu|hh|aa|CryptoJS|||bbb|aaa|ccc|length|if||window||open||Utf8|enc|cccc|bbbb|split|return|||mode|srcs|parse|en|attr|undefined|typeof|this|ee|else|substring|function|test|indexOf|AES|jhtml|encrypt|ECB|for|false|href|location|target|click|replace|Pkcs7|padding|pad|toString\'.split(\'|\'), 0, {})); //# sourceMappingURL=pad-pkcs7.min.js.map ! function(e, r, i) { "object" == typeof exports ? module.exports = exports = r(require("./core.min"), require("./enc-base64.min"), require("./md5.min"), require("./evpkdf.min"), require("./cipher-core.min")) : "function" == typeof define && define.amd ? define(["./core.min", "./enc-base64.min", "./md5.min", "./evpkdf.min", "./cipher-core.min"], r) : r(e.CryptoJS) } (this, function(e) { return function() { var r = e, i = r.lib, n = i.BlockCipher, o = r.algo, t = [], c = [], s = [], f = [], a = [], d = [], u = [], v = [], h = [], y = []; ! function() { for (var e = [], r = 0; r < 256; r++) r < 128 ? e[r] = r << 1 : e[r] = r << 1 ^ 283; for (var i = 0, n = 0, r = 0; r < 256; r++) { var o = n ^ n << 1 ^ n << 2 ^ n << 3 ^ n << 4; o = o >>> 8 ^ 255 & o ^ 99, t[i] = o, c[o] = i; var p = e[i], l = e[p], _ = e[l], k = 257 * e[o] ^ 16843008 * o; s[i] = k << 24 | k >>> 8, f[i] = k << 16 | k >>> 16, a[i] = k << 8 | k >>> 24, d[i] = k; var k = 16843009 * _ ^ 65537 * l ^ 257 * p ^ 16843008 * i; u[o] = k << 24 | k >>> 8, v[o] = k << 16 | k >>> 16, h[o] = k << 8 | k >>> 24, y[o] = k, i ? (i = p ^ e[e[e[_ ^ p]]], n ^= e[e[n]]) : i = n = 1 } } (); var p = [0, 1, 2, 4, 8, 16, 32, 64, 128, 27, 54], l = o.AES = n.extend({ _doReset: function() { if (!this._nRounds || this._keyPriorReset !== this._key) { for (var e = this._keyPriorReset = this._key, r = e.words, i = e.sigBytes / 4, n = this._nRounds = i + 6, o = 4 * (n + 1), c = this._keySchedule = [], s = 0; s < o; s++) if (s < i) c[s] = r[s]; else { var f = c[s - 1]; s % i ? i > 6 && s % i == 4 && (f = t[f >>> 24] << 24 | t[f >>> 16 & 255] << 16 | t[f >>> 8 & 255] << 8 | t[255 & f]) : (f = f << 8 | f >>> 24, f = t[f >>> 24] << 24 | t[f >>> 16 & 255] << 16 | t[f >>> 8 & 255] << 8 | t[255 & f], f ^= p[s / i | 0] << 24), c[s] = c[s - i] ^ f } for (var a = this._invKeySchedule = [], d = 0; d < o; d++) { var s = o - d; if (d % 4) var f = c[s]; else var f = c[s - 4]; d < 4 || s <= 4 ? a[d] = f: a[d] = u[t[f >>> 24]] ^ v[t[f >>> 16 & 255]] ^ h[t[f >>> 8 & 255]] ^ y[t[255 & f]] } } }, encryptBlock: function(e, r) { this._doCryptBlock(e, r, this._keySchedule, s, f, a, d, t) }, decryptBlock: function(e, r) { var i = e[r + 1]; e[r + 1] = e[r + 3], e[r + 3] = i, this._doCryptBlock(e, r, this._invKeySchedule, u, v, h, y, c); var i = e[r + 1]; e[r + 1] = e[r + 3], e[r + 3] = i }, _doCryptBlock: function(e, r, i, n, o, t, c, s) { for (var f = this._nRounds, a = e[r] ^ i[0], d = e[r + 1] ^ i[1], u = e[r + 2] ^ i[2], v = e[r + 3] ^ i[3], h = 4, y = 1; y < f; y++) { var p = n[a >>> 24] ^ o[d >>> 16 & 255] ^ t[u >>> 8 & 255] ^ c[255 & v] ^ i[h++], l = n[d >>> 24] ^ o[u >>> 16 & 255] ^ t[v >>> 8 & 255] ^ c[255 & a] ^ i[h++], _ = n[u >>> 24] ^ o[v >>> 16 & 255] ^ t[a >>> 8 & 255] ^ c[255 & d] ^ i[h++], k = n[v >>> 24] ^ o[a >>> 16 & 255] ^ t[d >>> 8 & 255] ^ c[255 & u] ^ i[h++]; a = p, d = l, u = _, v = k } var p = (s[a >>> 24] << 24 | s[d >>> 16 & 255] << 16 | s[u >>> 8 & 255] << 8 | s[255 & v]) ^ i[h++], l = (s[d >>> 24] << 24 | s[u >>> 16 & 255] << 16 | s[v >>> 8 & 255] << 8 | s[255 & a]) ^ i[h++], _ = (s[u >>> 24] << 24 | s[v >>> 16 & 255] << 16 | s[a >>> 8 & 255] << 8 | s[255 & d]) ^ i[h++], k = (s[v >>> 24] << 24 | s[a >>> 16 & 255] << 16 | s[d >>> 8 & 255] << 8 | s[255 & u]) ^ i[h++]; e[r] = p, e[r + 1] = l, e[r + 2] = _, e[r + 3] = k }, keySize: 8 }); r.AES = n._createHelper(l) } (), e.AES }); //# sourceMappingURL=aes.min.js.map ! function(e, n) { "object" == typeof exports ? module.exports = exports = n(require("./core.min")) : "function" == typeof define && define.amd ? define(["./core.min"], n) : n(e.CryptoJS) } (this, function(e) { return e.enc.Utf8 });
源码看半天看不懂,我高估了我自己,我搜[ccc]找到了刚才那段加密步骤,找了很多解密方法还没发解密
这里强烈推荐火狐浏览器,就是他妈的牛逼,用火狐可以嗅探到js的事件,而且还显示解密过的js,对的,就是最开始那段代码,具体往上滑,还可以看到源码,以及这段代码在源码文件的哪个位置
那好的,加密过程我们已经知道了
用python实现加密解密
先选用js2py库来跑js代码:
报错,提示没有引入CryptoJS对象
将crypo-js的源码保存到本地js文件里,放在当前目录,
引入crypo-js,还是不行,我傻了,这个需要在当前环境运行的
最后,搞来搞去还是没法,这条路走不通了,最后网上查了下,还是有很多人遇到我这样的问题,并且有的已经解决了的,我开始慢慢找跟我的情况一样的,发现python自己有一个加密库—— Crypto
我研究了半天这个库,pypi文档上看了一遍也没发现个什么东西,跟我用来解密还是有些距离
真的没法了吗?
我想了半天,我觉得我都已经到这一步了,为什么还是不行,一定有我没注意到的情况,最后网上找了很多篇相关的文章,找到如下代码可行,但是到底是哪篇文章我已经不知道了,感谢这位老哥,源地址我真找不到了:
from Crypto.Cipher import AES import base64 def add_to_16(s): while len(s) % 16 != 0: s += (16 - len(s) % 16) * chr(16 - len(s) % 16) return str.encode(s) # 返回bytes def get_secret_url(text, key=\'qnbyzzwmdgghmcnm\'): aes = AES.new(str.encode(key), AES.MODE_ECB) # 初始化加密器,本例采用ECB加密模式 encrypted_text = str(base64.encodebytes(aes.encrypt(add_to_16(text))), encoding=\'utf8\').replace(\'\n\', \'\') # 加密 encrypted_text = encrypted_text.replace(\'/\', "^") # ddd.replace(/\//g, "^") return encrypted_text[:-2] def get_real_url(first_url, key): aa = first_url.split(\'/\') aaa = len(aa) bbb = aa[aaa - 1].split(\'.\') ccc = bbb[0] secret_text = get_secret_url(ccc, key=key) return first_url.replace(ccc, secret_text) url = \'http://xxx.xxxx.xxx.xxx.cn:80/xxxx/938848.jhtml\' key = \'qnbyzzwmdgghmcnm\' # 此处问加密key值 url = get_real_url(url, key=key) print(url)
运行:
复制这个链接用浏览器打开:
能打开,并且标题与一级网页的标题一致,ok,解码成功,激动!!!!
有眼熟的朋友如果认出了这个平台,请不要在评论区给出地址,秉着不公开的原则,我看到会删除,你把网址发出来你知道这意味着什么吗?不多说了,后果自负哈