Python实战|js逆向空中网
Posted 向阳-Y.
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Python实战|js逆向空中网相关的知识,希望对你有一定的参考价值。
空中网链接:
https://passport.kongzhong.com/
js代码调试阶段
1.查找关键字password,找了半天,只找到了一个被混淆后的js代码
2.开启浏览器自带反混淆功能
3.Setting——Preferences——Sources勾选上下图框中内容即可
4.再次重新搜索一下,VM中就是反混淆后的内容
5.进来就能看见相关加密函数,此处打上断点并重新点登录按钮,进入该函数内部
6.经过调试发现,该文件内部包含了所有加密所需要的代码
7.将里面的代码复制出来进行调试
爬虫代码编写
kongzhongwang.py
import requests
import time
import json
import execjs
import re
def get_time():
now_time=str(int(time.time()*1000))
return now_time
time = get_time()
url = 'https://sso.kongzhong.com/ajaxLogin?j=j&jsonp=j&service=https://passport.kongzhong.com/&_='+ time
headers =
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (Khtml, like Gecko) Chrome/94.0.4606.20 Safari/537.36',
'Referer': 'https://passport.kongzhong.com/',
res = requests.get(url=url, headers=headers).text
rz = 'KZLoginHandler.jsonpCallbackKongZ\\((.*?)\\)'
text_py = re.findall(rz, res)[0]
dc = json.loads(text_py)['dc']
#实例化一个对象
node = execjs.get()
ctx = node.compile(open('./kongzhongwang.js').read())
pwd = '123'
funcName = 'getPwd("0","1")'.format(pwd, dc)
pwd = ctx.eval(funcName)
print(pwd)
kongzhongwang.js
var KZLoginHandler =
'id': 'kongzhong-login-agent',
'loginServer': 'http://sso.kongzhong.com',
'service': '',
'targetService': '',
'j_data': null,
'f_call_back': null,
'timestamp': 0,
'completed': false,
'renew': false,
'init': function()
this.j_data = null;
this.f_call_back = null;
this.timestamp = 0;
this.completed = true;
,
'check': function(call_back)
this.init();
this.f_call_back = call_back;
var param = "jsonp=j";
if (this.service != null && jQuery.trim(this.service) != "")
param += "&service=" + decodeURIComponent(this.service)
;
if (this.targetService != null && jQuery.trim(this.targetService) != "")
param += "&targetService=" + decodeURIComponent(this.targetService)
;
if (this.renew)
param += "&renew=1"
;
this.exec_login(param)
,
'exec_login': function(param)
if (this.completed == false)
return false
;
if (this.j_data != null && this.j_data["state"] == "1")
var data = ;
data["user"] = this.j_data["user"];
data["service"] = this.j_data["service"];
data["logged"] = true;
data["dc"] = this.j_data["dc"];
this.f_call_back(data);
return false
;
var url = this.loginServer + "/ajaxLogin";
jQuery.ajax(
async: false,
url: url,
type: 'post',
dataType: 'jsonp',
jsonp: 'j',
data: param,
jsonpCallback: "j",
timeout: 5000,
success: function(json) ,
error: function(xhr)
)
,
'jsonpCallbackKongZ': function(vData)
this.j_data = vData;
this.timestamp = Date.parse(new Date());
if (this.f_call_back != null)
var data = ;
if (vData["state"] == "0")
data["service"] = vData["service"];
data["logged"] = false;
data["errors"] = vData["kzmsg"];
if (vData["requirevcode"] != null && vData["requirevcode"] == "1")
data["requirevcode"] = true
else
data["requirevcode"] = false
else if (vData["state"] == "1")
data["user"] = vData["user"];
data["service"] = vData["service"];
data["logged"] = true
;
data["dc"] = this.j_data["dc"];
this.f_call_back(data)
;
this.completed = true
,
'login': function(user, pwd, to_save, vcode, call_back)
var tempTime = Date.parse(new Date()) - this.timestamp;
if ((tempTime / 1000) >= 180)
this.j_data = null
;
if (this.j_data == null || this.j_data == "")
this.check(function(data)
this.f_call_back = call_back;
var param = "";
param += "&type=1";
if (this.service != null && jQuery.trim(this.service) != "")
param += "&service=" + decodeURIComponent(this.service)
;
param += "&username=" + user;
param += "&password=" + this.encrypt(pwd, data["dc"]);
param += "&vcode=" + vcode;
if (to_save)
param += "&toSave=1"
else
param += "&toSave=0"
;
if (this.targetService != null && jQuery.trim(this.targetService) != "")
param += "&targetService=" + decodeURIComponent(this.targetService)
;
if (this.renew)
param += "&renew=1"
;
this.exec_login(param)
)
else
this.f_call_back = call_back;
var param = "";
param += "&type=1";
if (this.service != null && jQuery.trim(this.service) != "")
param += "&service=" + decodeURIComponent(this.service)
;
param += "&username=" + user;
param += "&password=" + this.encrypt(pwd, this.j_data["dc"]);
param += "&vcode=" + vcode;
if (to_save)
param += "&toSave=1"
else
param += "&toSave=0"
;
if (this.targetService != null && jQuery.trim(this.targetService) != "")
param += "&targetService=" + decodeURIComponent(this.targetService)
;
if (this.renew)
param += "&renew=1"
;
this.exec_login(param)
,
'login_sms': function(user, smscode, to_save, vcode, call_back)
var tempTime = Date.parse(new Date()) - this.timestamp;
if ((tempTime / 1000) >= 180)
this.j_data = null
;
if (this.j_data == null || this.j_data == "")
this.check(function()
this.f_call_back = call_back;
var param = "";
param += "&type=2";
param += "&service=" + this.service;
param += "&username=" + user;
param += "&vcode=" + vcode;
param += "&smscode=" + smscode;
if (to_save)
param += "&toSave=1"
else
param += "&toSave=0"
;
if (this.targetService != null)
param += "&targetService=" + decodeURIComponent(this.targetService)
;
if (this.renew)
param += "&renew=1"
;
this.exec_login(param)
)
else
this.f_call_back = call_back;
var param = "";
param += "&type=2";
param += "&service=" + this.service;
param += "&username=" + user;
param += "&vcode=" + vcode;
param += "&smscode=" + smscode;
if (to_save)
param += "&toSave=1"
else
param += "&toSave=0"
;
if (this.targetService != null)
param += "&targetService=" + decodeURIComponent(this.targetService)
;
if (this.renew)
param += "&renew=1"
;
this.exec_login(param)
,
'login_reg': function(user, pwd, to_save, call_back)
var tempTime = Date.parse(new Date()) - this.timestamp;
if ((tempTime / 1000) >= 180)
this.j_data = null
;
if (this.j_data == null || this.j_data == "")
this.check(function()
this.f_call_back = call_back;
var param = "";
param += "&type=101";
param += "&service=" + this.service;
param += "&username=" + user;
param += "&password=" + pwd;
if (to_save)
param += "&toSave=1"
else
param += "&toSave=0"
;
if (this.renew)
param += "&renew=1"
;
this.exec_login(param)
)
else
this.f_call_back = call_back;
var param = "";
param += "&type=101";
param += "&service=" + this.service;
param += "&username=" + user;
param += "&password=" + pwd;
if (to_save)
param += "&toSave=1"
else
param += "&toSave=0"
;
if (this.renew)
param += "&renew=1"
;
this.exec_login(param)
,
'encrypt': function(str, pwd)
if (pwd == null || pwd.length <= 0)
return null
;
var prand = "";
for (var i = 0; i < pwd.length; i++)
prand += pwd.charCodeAt(i).toString()
;
var sPos = Math.floor(prand.length / 5);
var mult = parseInt(prand.charAt(sPos) + prand.charAt(sPos * 2) + prand.charAt(sPos * 3) + prand.charAt(sPos * 4) + prand.charAt(sPos * 5));
var incr = Math.ceil(pwd.length / 2);
var modu = Math.pow(2, 31) - 1;
if (mult < 2)
return null
;
var salt = Math.round(Math.random() * 1000000000) % 100000000;
prand += salt;
while (prand.length > 10)
var a = prand.substring(0, 1);
var b = prand.substring(10, prand.length);
if (b.length > 10)
prand = b
else
prand = (parseInt(a) + parseInt(b)).toString()
;
prand = (mult * prand + incr) % modu;
var enc_chr = "";
var enc_str = "";
for (var i = 0; i < str.length; i++)
enc_chr = parseInt(str.charCodeAt(i) ^ Math.floor((prand / modu) * 255));
if (enc_chr < 16)
enc_str += "0" + enc_chr.toString(16)
else enc_str += enc_chr.toString(16);
prand = (mult * prand + incr) % modu
;
salt = salt.toString(16);
while (salt.length < 8) salt = "0" + salt;
enc_str += salt;
return enc_str
;
function getPwd(pwd)
dc = "C7F9A5AD3594668B6418E9F8FABC1F86";
return KZLoginHandler.encrypt(pwd, dc);
以上是关于Python实战|js逆向空中网的主要内容,如果未能解决你的问题,请参考以下文章