如何破解JS加密?
一.项目背景
学习爬虫最难之一无非就是如何破解js加密,但是关于js加密的网上资料非常零散杂乱,本人对这方面也略有研究,本篇文章在之前两篇文章[python玩转js脚本](http://mp.weixin.qq.com/s?__biz=mzizodi4odm2ma==&mid=2247486598&idx=1&sn=1fb3996f99d0080c0c146395bb1a5139&chksm=e93ae001de4d6917a52ce50472e95d8153f23dad2409046d78ec0627b4af8c3f894349b41db9&scene=21#wechat_redirect) 和 [送你一个翻译软件(文末福利)](http://mp.weixin.qq.com/s?__biz=mzizodi4odm2ma==&mid=2247485945&idx=1&sn=4d085a0fbf2825fb8ce9c1466fad34b4&chksm=e93ae57ede4d6c68476a422b0d0102d06acb269853150894579475269c2298ba39710fd835fe&scene=21#wechat_redirect) 基础上教大家如何破解js加密,希望大家能够学有所获二.实现过程
1.准备工具》》chrome浏览器》》鬼鬼js调试工具》》pycharm如果没有鬼鬼js调试器(可以写js代码的编译器,运行时需要关闭杀毒软件)工具的小伙伴,后台发送 **js** 关键字即可获取。2.分析网页》》网页抓包》》分析参数》》明确来源我们的目标网址是微博登录网址https://weibo.com/login.php,通过点击浏览器network抓包找到真正的请求网络网址,通过查看请求信息发现是一个post请求(一般来说post请求要比get请求安全的多)如下图所示。
我们主要任务是如何破解请求参数 su (如下图所示),该参数明显是一个被加密的参数(关于其他参数比如s****p等参数破解方法都是一样的,感兴趣的读者可以下去试试,有问题的话可以后台私聊我)
接下来我们需要搜索我们要破解的参数,如下图所示(如果还有不清楚的请参考之前文章[)](http://mp.weixin.qq.com/s?__biz=mzizodi4odm2ma==&mid=2247485945&idx=1&sn=4d085a0fbf2825fb8ce9c1466fad34b4&chksm=e93ae57ede4d6c68476a422b0d0102d06acb269853150894579475269c2298ba39710fd835fe&scene=21#wechat_redirect)
我们打断点分析,如下图所示,发现此处的**su**参数是输入的用户名经过base64算法加密,现在需要以相同方式模拟生成。知道这些内容后,通过复制网页中相关js加密代码,在我们鬼鬼js调试工具中运行生成加密内容。
3.加载js代码》》复制网页中js代码》》运行js代码
#鬼鬼js调试工具代码function get_su(){var sinassoencoder = sinassoencoder || {};(function() { var a = 0 , b = 8; this.hex_sha1 = function(a) { return i(c(h(a), a.length * b)) } ; var c = function(a, b) { a[b >> 5] |= 128 <> 9 << 4) + 15] = b; var c = array(80) , h = 1732584193 , i = -271733879 , j = -1732584194 , k = 271733878 , l = -1009589776; for (var m = 0; m < a.length; m += 16) { var n = h , o = i , p = j , q = k , r = l; for (var s = 0; s < 80; s++) { s < 16 ? c[s] = a[m + s] : c[s] = g(c[s - 3] ^ c[s - 8] ^ c[s - 14] ^ c[s - 16], 1); var t = f(f(g(h, 5), d(s, i, j, k)), f(f(l, c[s]), e(s))); l = k; k = j; j = g(i, 30); i = h; h = t } h = f(h, n); i = f(i, o); j = f(j, p); k = f(k, q); l = f(l, r) } return [h, i, j, k, l] } , d = function(a, b, c, d) { return a < 20 ? b & c | ~b & d : a < 40 ? b ^ c ^ d : a < 60 ? b & c | b & d | c & d : b ^ c ^ d } , e = function(a) { return a < 20 ? 1518500249 : a < 40 ? 1859775393 : a > 16) + (b >> 16) + (c >> 16); return d << 16 | c & 65535 } , g = function(a, b) { return a > 32 - b } , h = function(a) { var c = [] , d = (1 < 5] |= (a.charcodeat(e / b) & d) << 24 - e % 32; return c } , i = function(b) { var c = a ? 0123456789abcdef : 0123456789abcdef , d = ; for (var e = 0; e > 2] >> (3 - e % 4) * 8 + 4 & 15) + c.charat(b[e >> 2] >> (3 - e % 4) * 8 & 15); return d } , j = function(a) { var b = , c = 0; for (; c < a.length; c++) b += % + k(a[c]); return decodeuricomponent(b) } , k = function(a) { var b = 0 + a.tostring(16); return b.length > 2; g = (c & 3) <> 4; h = (d & 15) <> 6; i = e & 63; isnan(d) ? h = i = 64 : isnan(e) && (i = 64); b = b + this._keys.charat(f) + this._keys.charat(g) + this._keys.charat(h) + this._keys.charat(i); c = d = e = ; f = g = h = i = } while (j < a.length); return b }, decode: function(a, b, c) { var d = function(a, b) { for (var c = 0; c < a.length; c++) if (a[c] === b) return c; return -1 }; typeof a == string && (a = a.split()); var e = [], f, g, h = , i, j, k, l = ; a.length % 4 == 0; var m = /[^a-za-z0-9+\\/=]/ , n = this._keys.split(); if (b == urlsafe) { m = /[^a-za-z0-9-_=]/; n = this._keys_urlsafe.split() } if (b == subp_v2) { m = /[^a-za-z0-9_=-]/; n = this._subp_v2_keys.split() } if (b == subp_v3_3) { m = /[^a-za-z0-9-_.-]/; n = this._subp_v3_keys_3.split() } var o = 0; if (b == binnary) { n = []; for (o = 0; o <= 64; o++) n[o] = o + 128 } if (b != binnary && m.test(a.join())) return c == array ? [] : ; o = 0; do { i = d(n, a[o++]); j = d(n, a[o++]); k = d(n, a[o++]); l = d(n, a[o++]); f = i <> 4; g = (j & 15) <> 2; h = (k & 3) << 6 | l; e.push(f); k != 64 && k != -1 && e.push(g); l != 64 && l != -1 && e.push(h); f = g = h = ; i = j = k = l = } while (o < a.length); if (c == array) return e; var p = , q = 0; for (; q < e.lenth; q++) p += string.fromcharcode(e[q]); return p }, _keys: abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz0123456789+/=, _keys_urlsafe: abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz0123456789-_=, _subp_v2_keys: ual715w8e3jjccnu0lt_fsxvgxpbeddq4vkaioh2gbptfzqsmyzo-wrm9i6hynrk=, _subp_v3_keys_3: 5wfh28sgziztes1lbxck-hgpq9idmuwknybo.ljrqd3uj_va7pe0xfcnr4aoyvm6t }; this.cookie = { decode: function(a) { var b = [] , c = a.substr(0, 3) , d = a.substr(3); switch (c) { case v01: for (var e = 0; e < d.length; e += 2) b.push(parseint(d.substr(e, 2), 16)); return decodeuricomponent(j(sinassoencoder.base64.decode(b, binnary, array))); case v02: d = d.replace(/\\./g, =); b = sinassoencoder.base64.decode(d, urlsafe, array); return j(sinassoencoder.base64.decode(b, binnary, array)); default: return decodeuricomponent(a) } } }; this.getsubpcookie = { __parse: function(a) { var b, c, d, e, f, g = 0, h, i = {}, k = , l = ; if (!a) return i; do { c = a[g]; b = ++g; for (h = g; h < c + b; h++, g++) k += string.fromcharcode(a[h]); e = a[g]; b = ++g; if (k == status || k == flag) for (h = g; h < e + b; h++, g++) l += a[h]; else { l = a.slice(b, e + b); try { l = j(l) } catch (m) { l = } g += e } i[k] = l; k = ; l = } while (g < a.length); return i }, decode: function(a) { var b = [], c, d = a.substr(0, 3), e = decodeuricomponent(a.substr(3)); switch (d) { case 002: b = sinassoencoder.base64.decode(e, subp_v2, array); return sinassoencoder.getsubpcookie.__parse(b); case 003: c = e.substr(0, 1); e = e.substr(1); b = sinassoencoder.base64.decode(e, subp_v3_ + c, array); return sinassoencoder.getsubpcookie.__parse(b); default: return decodeuricomponent(a) } } }}).call(sinassoencoder); urlencode = function(a) { return encodeuricomponent(a) } su = sinassoencoder.base64.encode(urlencode(13525486941)) return su}与我们发的post请求参数相同,说明我们成功地破解该参数。
4.python运行js文件》》导入包名》》加载文件》》编译文件》》调用函数import execjs#生成sudef get_su(): #读入js脚本文件 with open('weibo_su.js', 'r', encoding='utf-8') as f: content = f.read() #编译js代码 jsdata = execjs.compile(content) #调用函数 wb_su = jsdata.call('get_su') #输出结果 print('wb_su:', wb_su)#运行函数,输出也是相同的get_su()
三星S8什么时候上市?三星S8下周发布,不知道三星这次能否像国足一样给力
Single Voice Core关键技术有何种优势
!销售/收购/维修HP53131A频率计HP53131A小兵
汽车电气化如何发展电压电源板网
uboot中的SPL作用详解
如何破解JS加密?
IPA蒸汽干燥硅晶片中的水分实验研究
IPv6下的移动多媒体通信系统
华为Mate 40即将面世,它将带动移动摄影的新高度
在CAM350中导出元件坐标的步骤
使用DragonBoard 410c快速开发基于Windows10 IoT应用
手持式气象仪(BNL-GPRS系列)的功能特点是什么
判断电感饱和的几个小窍门
虚拟局域网技术详解
全新水上机器人亮相 可解决生物污损问题
SAN网络存储的类型
十铨科技发布新一代火神Z SATA SSD 打造快速启动游戏全新升级体验
FPGA学习系列:5.阻塞赋值与非阻塞赋值
AR在移动领域有着无限的潜力
常用的组合逻辑电路
学习爬虫最难之一无非就是如何破解js加密,但是关于js加密的网上资料非常零散杂乱,本人对这方面也略有研究,本篇文章在之前两篇文章[python玩转js脚本](http://mp.weixin.qq.com/s?__biz=mzizodi4odm2ma==&mid=2247486598&idx=1&sn=1fb3996f99d0080c0c146395bb1a5139&chksm=e93ae001de4d6917a52ce50472e95d8153f23dad2409046d78ec0627b4af8c3f894349b41db9&scene=21#wechat_redirect) 和 [送你一个翻译软件(文末福利)](http://mp.weixin.qq.com/s?__biz=mzizodi4odm2ma==&mid=2247485945&idx=1&sn=4d085a0fbf2825fb8ce9c1466fad34b4&chksm=e93ae57ede4d6c68476a422b0d0102d06acb269853150894579475269c2298ba39710fd835fe&scene=21#wechat_redirect) 基础上教大家如何破解js加密,希望大家能够学有所获二.实现过程
1.准备工具》》chrome浏览器》》鬼鬼js调试工具》》pycharm如果没有鬼鬼js调试器(可以写js代码的编译器,运行时需要关闭杀毒软件)工具的小伙伴,后台发送 **js** 关键字即可获取。2.分析网页》》网页抓包》》分析参数》》明确来源我们的目标网址是微博登录网址https://weibo.com/login.php,通过点击浏览器network抓包找到真正的请求网络网址,通过查看请求信息发现是一个post请求(一般来说post请求要比get请求安全的多)如下图所示。
我们主要任务是如何破解请求参数 su (如下图所示),该参数明显是一个被加密的参数(关于其他参数比如s****p等参数破解方法都是一样的,感兴趣的读者可以下去试试,有问题的话可以后台私聊我)
接下来我们需要搜索我们要破解的参数,如下图所示(如果还有不清楚的请参考之前文章[)](http://mp.weixin.qq.com/s?__biz=mzizodi4odm2ma==&mid=2247485945&idx=1&sn=4d085a0fbf2825fb8ce9c1466fad34b4&chksm=e93ae57ede4d6c68476a422b0d0102d06acb269853150894579475269c2298ba39710fd835fe&scene=21#wechat_redirect)
我们打断点分析,如下图所示,发现此处的**su**参数是输入的用户名经过base64算法加密,现在需要以相同方式模拟生成。知道这些内容后,通过复制网页中相关js加密代码,在我们鬼鬼js调试工具中运行生成加密内容。
3.加载js代码》》复制网页中js代码》》运行js代码
#鬼鬼js调试工具代码function get_su(){var sinassoencoder = sinassoencoder || {};(function() { var a = 0 , b = 8; this.hex_sha1 = function(a) { return i(c(h(a), a.length * b)) } ; var c = function(a, b) { a[b >> 5] |= 128 <> 9 << 4) + 15] = b; var c = array(80) , h = 1732584193 , i = -271733879 , j = -1732584194 , k = 271733878 , l = -1009589776; for (var m = 0; m < a.length; m += 16) { var n = h , o = i , p = j , q = k , r = l; for (var s = 0; s < 80; s++) { s < 16 ? c[s] = a[m + s] : c[s] = g(c[s - 3] ^ c[s - 8] ^ c[s - 14] ^ c[s - 16], 1); var t = f(f(g(h, 5), d(s, i, j, k)), f(f(l, c[s]), e(s))); l = k; k = j; j = g(i, 30); i = h; h = t } h = f(h, n); i = f(i, o); j = f(j, p); k = f(k, q); l = f(l, r) } return [h, i, j, k, l] } , d = function(a, b, c, d) { return a < 20 ? b & c | ~b & d : a < 40 ? b ^ c ^ d : a < 60 ? b & c | b & d | c & d : b ^ c ^ d } , e = function(a) { return a < 20 ? 1518500249 : a < 40 ? 1859775393 : a > 16) + (b >> 16) + (c >> 16); return d << 16 | c & 65535 } , g = function(a, b) { return a > 32 - b } , h = function(a) { var c = [] , d = (1 < 5] |= (a.charcodeat(e / b) & d) << 24 - e % 32; return c } , i = function(b) { var c = a ? 0123456789abcdef : 0123456789abcdef , d = ; for (var e = 0; e > 2] >> (3 - e % 4) * 8 + 4 & 15) + c.charat(b[e >> 2] >> (3 - e % 4) * 8 & 15); return d } , j = function(a) { var b = , c = 0; for (; c < a.length; c++) b += % + k(a[c]); return decodeuricomponent(b) } , k = function(a) { var b = 0 + a.tostring(16); return b.length > 2; g = (c & 3) <> 4; h = (d & 15) <> 6; i = e & 63; isnan(d) ? h = i = 64 : isnan(e) && (i = 64); b = b + this._keys.charat(f) + this._keys.charat(g) + this._keys.charat(h) + this._keys.charat(i); c = d = e = ; f = g = h = i = } while (j < a.length); return b }, decode: function(a, b, c) { var d = function(a, b) { for (var c = 0; c < a.length; c++) if (a[c] === b) return c; return -1 }; typeof a == string && (a = a.split()); var e = [], f, g, h = , i, j, k, l = ; a.length % 4 == 0; var m = /[^a-za-z0-9+\\/=]/ , n = this._keys.split(); if (b == urlsafe) { m = /[^a-za-z0-9-_=]/; n = this._keys_urlsafe.split() } if (b == subp_v2) { m = /[^a-za-z0-9_=-]/; n = this._subp_v2_keys.split() } if (b == subp_v3_3) { m = /[^a-za-z0-9-_.-]/; n = this._subp_v3_keys_3.split() } var o = 0; if (b == binnary) { n = []; for (o = 0; o <= 64; o++) n[o] = o + 128 } if (b != binnary && m.test(a.join())) return c == array ? [] : ; o = 0; do { i = d(n, a[o++]); j = d(n, a[o++]); k = d(n, a[o++]); l = d(n, a[o++]); f = i <> 4; g = (j & 15) <> 2; h = (k & 3) << 6 | l; e.push(f); k != 64 && k != -1 && e.push(g); l != 64 && l != -1 && e.push(h); f = g = h = ; i = j = k = l = } while (o < a.length); if (c == array) return e; var p = , q = 0; for (; q < e.lenth; q++) p += string.fromcharcode(e[q]); return p }, _keys: abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz0123456789+/=, _keys_urlsafe: abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz0123456789-_=, _subp_v2_keys: ual715w8e3jjccnu0lt_fsxvgxpbeddq4vkaioh2gbptfzqsmyzo-wrm9i6hynrk=, _subp_v3_keys_3: 5wfh28sgziztes1lbxck-hgpq9idmuwknybo.ljrqd3uj_va7pe0xfcnr4aoyvm6t }; this.cookie = { decode: function(a) { var b = [] , c = a.substr(0, 3) , d = a.substr(3); switch (c) { case v01: for (var e = 0; e < d.length; e += 2) b.push(parseint(d.substr(e, 2), 16)); return decodeuricomponent(j(sinassoencoder.base64.decode(b, binnary, array))); case v02: d = d.replace(/\\./g, =); b = sinassoencoder.base64.decode(d, urlsafe, array); return j(sinassoencoder.base64.decode(b, binnary, array)); default: return decodeuricomponent(a) } } }; this.getsubpcookie = { __parse: function(a) { var b, c, d, e, f, g = 0, h, i = {}, k = , l = ; if (!a) return i; do { c = a[g]; b = ++g; for (h = g; h < c + b; h++, g++) k += string.fromcharcode(a[h]); e = a[g]; b = ++g; if (k == status || k == flag) for (h = g; h < e + b; h++, g++) l += a[h]; else { l = a.slice(b, e + b); try { l = j(l) } catch (m) { l = } g += e } i[k] = l; k = ; l = } while (g < a.length); return i }, decode: function(a) { var b = [], c, d = a.substr(0, 3), e = decodeuricomponent(a.substr(3)); switch (d) { case 002: b = sinassoencoder.base64.decode(e, subp_v2, array); return sinassoencoder.getsubpcookie.__parse(b); case 003: c = e.substr(0, 1); e = e.substr(1); b = sinassoencoder.base64.decode(e, subp_v3_ + c, array); return sinassoencoder.getsubpcookie.__parse(b); default: return decodeuricomponent(a) } } }}).call(sinassoencoder); urlencode = function(a) { return encodeuricomponent(a) } su = sinassoencoder.base64.encode(urlencode(13525486941)) return su}与我们发的post请求参数相同,说明我们成功地破解该参数。
4.python运行js文件》》导入包名》》加载文件》》编译文件》》调用函数import execjs#生成sudef get_su(): #读入js脚本文件 with open('weibo_su.js', 'r', encoding='utf-8') as f: content = f.read() #编译js代码 jsdata = execjs.compile(content) #调用函数 wb_su = jsdata.call('get_su') #输出结果 print('wb_su:', wb_su)#运行函数,输出也是相同的get_su()
三星S8什么时候上市?三星S8下周发布,不知道三星这次能否像国足一样给力
Single Voice Core关键技术有何种优势
!销售/收购/维修HP53131A频率计HP53131A小兵
汽车电气化如何发展电压电源板网
uboot中的SPL作用详解
如何破解JS加密?
IPA蒸汽干燥硅晶片中的水分实验研究
IPv6下的移动多媒体通信系统
华为Mate 40即将面世,它将带动移动摄影的新高度
在CAM350中导出元件坐标的步骤
使用DragonBoard 410c快速开发基于Windows10 IoT应用
手持式气象仪(BNL-GPRS系列)的功能特点是什么
判断电感饱和的几个小窍门
虚拟局域网技术详解
全新水上机器人亮相 可解决生物污损问题
SAN网络存储的类型
十铨科技发布新一代火神Z SATA SSD 打造快速启动游戏全新升级体验
FPGA学习系列:5.阻塞赋值与非阻塞赋值
AR在移动领域有着无限的潜力
常用的组合逻辑电路