python之js逆向功能演示详解

寻技术 Python编程 / JS脚本 2023年07月11日 101

前言

我们今天来介绍一个js案例,本文仅供学习参考,大家谨慎使用。 我们先认识一下,什么是js逆向。

JavaScript 逆向是指对 JavaScript 程序进行反汇编或反编译的过程。它可以帮助你了解 JavaScript 程序的工作原理,并且可以用来修改或扩展程序的功能。

在 JavaScript 中,很多代码是被高度压缩的,这是为了减少文件大小和提高加载速度。但是,在压缩代码的过程中,有些情况下会导致代码变得难以理解和调试。因此,逆向工程师可以通过分析反汇编代码,来理解代码的工作原理,并且修改或扩展 JavaScript 程序的功能。

功能演示

我们这里以某个网站的一个加密参数,作为演示,为了安全,我们这里不放网页,不放逆向的过程。

我们这里获取到了一个加密参数,我们接下来就是解密,我们先把加密后的值写死。

_0x2219f6 = 'ak+9VCsq4dEdB+UdVPGo8kh5JDEbMHGTCmF/AyXJQ0IgHU+lUAivRFLre9jlgVPP2wTUOE6PMq0asFjbCuP00t/pOHkVAvhOpzdJ30Qxe5v5mtObG1j6Eh/bWp9BcjXF3RMhAEnP2kFG5fHQLM+yMdL+FT/KvZWiQAWtbQsEjO5MPyJxzjby+bMgMED7Uy4XQLp6hAN6hZgJ0vuBLeHPQ4WPcc2oYGk5dO4FmTeXqRie+iq1IXH8QUfC6jtYx6VarWX5B1PVgpEv2rYmjqZUsyCZeHtm7EDw9WxFzatw98cEpoLETFx74ZxgiCrYeRYGNSU+TghsmMo8fbbycPrDNeXAQnqhPG8hUR+nb7LkHdGsGPkYKl3RUOh2OH1qt+64POe7OpsKhMBlb9fMyhagnwixu3RHfC44BsYIC0WStvQPzpsdT0oS/jQp0ADJTrGLs5BaazERQyOVWXmrYwalKsFPvIL3QJ9KZ7INGYZIE1G6mGLBHFGbB8MUALSvE5Az8ETagiEibk7MTGEH0TBGDgutLx/U2RnKXrXb8eEBJWVwp6AYL7z/74rAgaIeCXWBt5Zq1aA1pEMT6u19qfElBSO7pO80NPLxqNfxPLocTlVJ9GbTuhQXd2FL9dtuqy4sTzzrsUWLoId7R09clXPIfb9umiQqI0RTTQxdvtcpNjF1I9V3rgK/szwcDOlNq/Uk9fkbrsLLK/zZmSotW5h2NKRn7LTd2gwPzqCDFnBq1UbGFjpurKfjEtbiqc9VQ02m172wjCz0jJkalOh0YxPK3pMh/HVicE7a1nEjOHK7n7bUL6WRFc4mqN9VuNMleDQkXJa95meD+7xGhBlFNjK3oeKZw4zc62Mcb2npJfVbAR8qyOhQijignJ8GiM7/fNoR6CVBgxgSobos/9+jOL0HRDEeoNB9PaSNmIx+QhVQeKCKWfo26J//Mp5gD0AgPtJgVN3ORZrn2QMI6nzKKl7e/W2oHtglEZWvKTnZ9lwvc6lcMgJ5GfIgkGZhjgD++8cAcSJniRSOLIrOU42SkaWwiWG9WnHwFwZSKxmMlZA502rjT66xnZBWmbZiOeC3UZx2Tg+8RpohA7TZ6Ym6kgJCDrZ3MYNxTSnTIjGS65RoNBDDw7vpTXtWqvdCgjEGskH42/ASkqTzJ8HDHuvYW6ZQiRy7NYQCWUN7qSqpnPOpPE2m4+dVHKWw4FkLcmKfgvTYcg0TlgMVhNqfv11KMtpF1FqyiKx5WnFFomEbi2UG42uQQPr8Z5kL6QoJiXxdRrVMYfOTazrIS8XM7/PDnXQ5ZhmwD/gdc9dL3y2igm2mzj5Jbob+VnpVejD5SVM9+gP9tw7v7xy4GJepJRajwOtMhxVybLF/Qz0dKFYRcBzUeR2EpqZqOr8lHJo8umTx3SpKH9C4TV6if/cgUIHyBmCjH4gTBn0tpxxGlpZ0Q2YKV0QJSHrvGfiCeGroYNObJQlbhk82Vw3AGawrUsP6obtR1BlodqxtFzRKNZ6qWcVnZqxOBV/dYsEFUwVDMtR9BsxCQljGJye1FiFBNdfIFN9I03SteClLUtwc0Ydt41ROROYTJG2JsJwPutvpLXV8i/2D0mhT+LcvXglLbePFPooKhxH09v5TPezWKAiqvda/PFfpt6yaoddyS0GWzAb8fRzdaBNYHneI08MXyj6XbSLA7rlIPcgvlH2xF9oJPnk15EOWSnHkxW47s3ni3EXjqJtYp/WUZqK4/KsnyhTpBObBXc2+sndwYFkXmL1pEQ8SUqjc1QdgRvtptmgKy73cJYQ21wwptmiauEmA4IkNN9+dgjjlqow4IYTwsb8gtoVp+zAqIl9m0+qg8EohciYUmz1X+KMQen/QlfRQUM1Fi3f0h8DDPOk2KR/ZXeMCR2hLH7bsdU1f+eLi0ERnusYVTSm7CNtGR93i7Odjqzfgzj8KE8mFrdfqm7KZrAiWa1P8s7tmFX+/RUYVYRSvmcVYMovSYxGO8lTV6nDr1DFEl0fYzfm+MYzQfLt2a/b+OY9GGue8WexeWI5WQhHjAflzfSJFjVJUVv2lLmNs5mfZl+Enz6IFKi+mcbzu+BWOh7ENNkxEzWxx3rmEDRrzA3E0fAIo17Z7yuf9na0vJIFs6lLzTQAJoBormCVhAJ7k4CrUNtU6k2G/xofL5slSTt7hasGil03Hv5OYDclGq0gBcUwFvAajQbUK'

我们首先进行第一次解密,我们找到对应的解密函数,我们看看代码怎么写。

function _0x4207c2(_0x2219f6) {  
for (var _0x9c7ad4 = atob(_0x2219f6), _0x2dd788 = new Int8Array(_0x9c7ad4['length']), _0x7c7af6 = 0x0; _0x7c7af6 < _0x9c7ad4['length']; _0x7c7af6++)  
_0x2dd788[_0x7c7af6] = _0x9c7ad4['charCodeAt'](_0x7c7af6);  
return _0x2dd788;  
}  
console.log(_0x4207c2(_0x2219f6));

在控制台中调用 _0x4207c2 函数,并传入 _0x2219f6 作为参数,可以看到函数返回的结果为包含原字符串反转后的字节数组的对象,其中第一个字节为 0x0,表示字符串的结束标志。

Int8Array(1653) [  106,  79, -67,  84,  43,   42, -31,  -47,  29,    7, -27,   29,   84, -15, -88, -14,  72,  121,  36,   49,  27,   48, 113, -109,   10,  97, 127,   3,  37,  -55,  67,   66,  32,   29,  79,  -91,   80,   8, -81,  68,  82,  -21, 123,  -40, -27, -127,  83,  -49,  -37,   4, -44,  56,  78, -113,  50,  -83,  26,  -80,  88,  -37,   10, -29, -12, -46, -33,  -23,  56,  121,  21,    2,  -8,   78,  -89,  55,  73, -33,  68,   49, 123, -101,  -7, -102, -45, -101,   27,  88,  -6,  18,  31,  -37,  90,  -97,  65,  114,  53,  -59,  -35,  19,  33,   0,  ... 1553 more items]

我们进行第二次解密,我们找到对应的解密函数,我们看看代码怎么写。

function _0x3ed467(_0x58f7d4) {  
for (var _0x4f1bcd = [-0x6f, 0x34, 0x5b, 0x41, -0x41, 0x74, 0x77, 0x6a, -0x79, -0x52, -0x5, 0x50, 0x33, 0x61, 0x44, -0x53, -0x70, -0x33, 0x17, -0x2e, -0x22, -0x72, -0x37, -0xb, -0x7f, 0x5a, 0x21, 0x16, -0x1f, 0x32, -0x11, 0x14, -0x2c, 0xf, -0x5e, -0x7b, 0x76, -0x17, -0x3d, 0x72, 0x47, -0x68, -0x7e, -0x75, -0x51, -0x36, -0x12, -0x6e, -0x4, -0x5f, -0x5b, 0x5e, -0x50, -0xe, 0x78, 0x69, 0x55, 0x68, -0x56, -0x6c, 0x43, 0x19, 0x65, 0x6c, 0x10, -0x69, 0x6f, -0xa, 0x75, -0x49, 0x4d, 0x59, -0x1d, -0x62, -0x44, 0x70, 0x6b, -0x1, 0x56, 0x79, 0x58, -0x65, -0x7c, 0x45, -0x1e, -0x8, -0x71, -0x4a, -0x76, 0x39, -0x19, 0xc, -0x73, -0x6a, 0x5f, 0x7f, 0x54, 0x7c, -0x66, -0x1c, 0x49, 0x2b, -0x3c, 0x1c, 0x2e, 0x73, 0x1e, 0x7a, -0x4b, 0x7d, -0x43, -0x4d, 0x3, -0x7, -0x35, -0xd, 0x35, 0x4e, -0x48, 0x1, 0xb, -0x47, -0x27, -0x4f, -0x3, 0x13, 0x29, 0x7e, -0x2b, -0x7d, -0x1b, 0x22, 0x3f, 0x8, 0x48, -0x23, -0x29, -0x3f, 0x3c, -0x18, 0x66, 0x2f, -0x77, -0x67, -0x16, 0x2d, 0x3b, 0x40, -0x60, 0x31, 0x53, -0x6b, -0x78, -0x39, -0x46, 0x0, -0x26, -0x54, -0x28, 0x18, 0xe, 0x30, 0x1d, 0x2c, -0x24, -0x2f, 0x38, -0x5c, 0x26, 0x25, 0x4, -0x32, 0x67, 0xa, -0x59, 0x37, 0x71, -0x1a, 0x6e, 0x36, 0x24, -0x14, -0x4e, -0xc, -0x74, 0x46, -0x25, 0x5, -0x3e, -0x4c, -0x30, -0x40, 0x4f, 0x64, 0x28, 0x6, -0x3a, -0x5a, -0x13, -0x9, 0x27, 0x5d, -0x63, 0x15, 0x7, 0x1a, -0x2, 0x1b, -0x2d, 0x51, 0x3a, -0x7a, 0x4c, -0x42, 0x2, 0x5c, -0x2a, 0x62, -0x10, 0x9, 0x3d, 0x3e, -0xf, 0x63, -0x15, 0x1f, -0x38, 0x57, 0x11, -0x34, -0x45, -0x21, -0x3b, -0x55, 0x42, 0x4a, 0x12, -0x5d, -0x80, -0x57, -0x20, 0x2a, 0x20, -0x58, 0x6d, 0x60, 0xd, -0x6, 0x4b, -0x64, -0x31, 0x23, -0x61, 0x52, -0x6d, 0x7b], _0x39eb66 = 0x0, _0x46445e = 0x0, _0x1360a5 = 0x0, _0x596013 = new Array(), _0x411913 = 0x0; _0x411913 < _0x58f7d4['length']; _0x411913++) {  
_0x39eb66 = _0x39eb66 + 0x1 & 0xff,  
_0x46445e = (0xff & _0x4f1bcd[_0x39eb66]) + _0x46445e & 0xff;  
var _0x5e20d4 = _0x4f1bcd[_0x39eb66];  
_0x4f1bcd[_0x39eb66] = _0x4f1bcd[_0x46445e],  
_0x4f1bcd[_0x46445e] = _0x5e20d4,  
_0x1360a5 = (0xff & _0x4f1bcd[_0x39eb66]) + (0xff & _0x4f1bcd[_0x46445e]) & 0xff,  
_0x596013['push'](_0x58f7d4[_0x411913] ^ _0x4f1bcd[_0x1360a5]);  
}  
return _0x596013;  
}  
console.log(_0x3ed467(_0x58f7d4))

我们定义了一个名为 _0x3ed467 的函数,该函数接受一个整数参数 _0x58f7d4,并返回一个字符串。

[  123,  34, 99, 117, 114, 114,  80, 97, 103, 101,  34,  58,   51,  44, 34, 108, 105, 115, 116, 34,  58,  91, 123,  34,  116,  34, 58,  50,  44,  34, 119, 34,  58,  49,  57,  50,   48,  44, 34, 104,  34,  58,  49, 48,  56,  48,  44,  34,  105,  34, 58,  34,  49,  50,  57, 54,  54,  48,  49, 101,   51,  55, 54, 101,  52,  56,  56, 48,  56,  55,  49,  99,   57,  56, 51,  54,  56, 102,  99, 54,  98,  53,  53,  99,   34, 125, 44, 123,  34, 116,  34, 58,  50,  44,  34, 119,   34,  58, 51,  50,  ... 1553 more items]

我们第三次解密之后,就会得到下面的内容。

{"currPage":3,"list":[{"t":2,"w":1920,"h":1080,"i":"1296601e376e4880871c98368fc6b55c"},{"t":2,"w":3200,"h":1600,"i":"151
ffe398bcb416eafc33ca52eb96fe4"},{"t":2,"w":1920,"h":1100,"i":"f6cceb2baa7c417fa347d4a50bfc59d3"},{"t":2,"w":1920,"h":144
0,"i":"117332980bcc4a538641f18574bd1cef"},{"t":2,"w":1920,"h":1437,"i":"437d11872128423093b5d645276368a3"},{"t":2,"w":19
20,"h":1080,"i":"b9f3d1013cae48c4964936b93122edcd"},{"t":2,"w":3840,"h":2160,"i":"67b0bdc2af904ca28958c94f53748868"},{"t
":2,"w":1920,"h":1080,"i":"a34d3d192f764fd5b4708e5abab1a325"},{"t":2,"w":3840,"h":2160,"i":"a76bc43bd1b9485cb7cb475dc630
9b97"},{"t":2,"w":3840,"h":2160,"i":"7c054fa99bb34a7f8ff6cfa161d62d18"},{"t":2,"w":3840,"h":1620,"i":"0916a04e1a2144cdb0
d2762a05f61ba4"},{"t":2,"w":1920,"h":1080,"i":"45faaa549400488ca99aa88c4ca63aba"},{"t":2,"w":2580,"h":1290,"i":"cb2b9741
b3d641b190a848c75a97d050"},{"t":2,"w":1920,"h":1124,"i":"980181719bd343a98a825c806a64c138"},{"t":2,"w":1920,"h":1080,"i"
:"054709ce68e741188d303a4b4fa1b9c9"},{"t":2,"w":1920,"h":1081,"i":"0c71159805454605880915a091458d22"},{"t":1,"w":1920,"h
":1080,"i":"26928d2b557b4c5284a83fcc75164ff0"},{"t":2,"w":1920,"h":1080,"i":"e3408389cb0d4ea1b5f651873dab2a19"},{"t":1,"
w":2880,"h":1800,"i":"a93980ec55db49c6b76406d5e9ad70ee"},{"t":2,"w":1920,"h":1080,"i":"50044b636c284cc59b970a358d2dcc84"
},{"t":2,"w":2048,"h":1536,"i":"b70d5aca343f4f5bbca0ee1c8e295996"},{"t":2,"w":1920,"h":1280,"i":"c4d4e0dce3b544b58443019
a511f51f0"},{"t":1,"w":2048,"h":1153,"i":"79c5b27326d84c3c90582bbe092670d8"},{"t":2,"w":1920,"h":1339,"i":"efdc37f74e8f4

总结

这样,我们就把加密参数获取了下来,也解密了出来,更多关于python js逆向的资料请关注其它相关文章!

原文地址:https://juejin.cn/post/7229287872113164325
关闭

用微信“扫一扫”