文章目录
- 1. 写在前面
- 2. 加密分析
- 3. 算法还原
【🏠作者主页】:吴秋霖
【💼作者介绍】:擅长爬虫与JS加密逆向分析!Python领域优质创作者、CSDN博客专家、阿里云博客专家、华为云享专家。一路走来长期坚守并致力于Python与爬虫领域研究与开发工作!
【🌟作者推荐】:对爬虫领域以及JS逆向分析感兴趣的朋友可以关注《爬虫JS逆向实战》《深耕爬虫领域》
未来作者会持续更新所用到、学到、看到的技术知识!包括但不限于:各类验证码突防、爬虫APP与JS逆向分析、RPA自动化、分布式爬虫、Python领域等相关文章
作者声明:文章仅供学习交流与参考!严禁用于任何商业与非法用途!否则由此产生的一切后果均与作者无关!如有侵权,请联系作者本人进行删除!
1. 写在前面
又是一个忙碌的周末!其实最新有研究很多新的东西~但一直也没时间去写文章!上次发布的关于h5st参数的文章,是4.2版本的,批量商品价格查询。没几天全部更新到了4.7,现在小版本也是更新不断!不过小版本并不会受到太大的一个影响,本次文章更新的算法分析还原为最新4.7大版本下的4.7.2小版本~~
2. 加密分析
首先,接口请求的参数啥的就不再过多的去分析,主要看看核心点,目前全部VMP化,先把加密值拿出来,如下所示:
20240602103029809;5gtm6nz5ygggi9i8;f06cc;tk03w83c31b9341lMXgxWV9ScV9T5XO0c4lf3D7C4_8ewrP-y5CbOpQMxXJtPJoRrTYLui0MOiXN6oSSmP8Lwj0A6ghi;41cfe0ef53fa6ef42f0c090e80fac571be52efc6d951c5749036fb8edc892de3;4.7;1717295429809;TKmW3TyExztvDjBvYW30spstXUA9USbfpQA2Z0cZM9L1VhcxddydRM47xpgvr9gF1nxvSbHGC822PZqAj-untQlDF4PnJ0Hf1Ilqo8hI63Ymujt8frJjHYiCZK_VL5qL6uWRqrkdShS9QVb-UatJZSq8fRWDAxec-u0Ix4xN0XCKsQk4deD2JTt97sw4UlkGVqXbTOnXzyEQ-GTGuMi_gO-qtogbuof-tt5aNubxmj2ZcBxUGJOC9AkC1m6rZFKpSRCIob0WfsB6qSaH7fCv0-Ec7AwbiRbE_7C6-dAuo8ua3M8D4UdUNQAep_YCy4xEV_zuUUgKb3noPhz7rTiN1tS03CdM-n9YKsQaAEuJdlXhUQV8fY_p5xIpUsrVxOLCu7nZggE7nDk8PeheJO0dl8zjLad9Prk3hGJ0DQIeqffFGvzEemLTD52YgeDqWQHLXbk3
4.2之前是没有sign签名段的,可以看到整个加密参数的值跟上次的4.2是有区别的!同样经过多块组合拼接而成的 ,不过最新的以分号拆开大约分为8个部分了!
第一部分是一个时间格式的字符串,后续我们可以自行生成
第二部分则是fingerprint指纹,这个是需要算法生成的,第三部分可固定
第四部分tk则拼接多个参数加上指纹通过加密算法生成
第五部分签名Sign参数,通过对Token、fingerprint、时间戳、APPID
第六部分分别是算法的版本号以及时间戳!这个自行填写
第七部分时间戳
最后一部分的大长串则是上面参数经过最终AES加密生成
3. 算法还原
接下来这里作者按上面拆分出来的几部分,附上扣出来的算法并附上粗浅的讲解,第一部分的时间戳这里也给一下,主打的就是喂饭,时间参代码实现如下:
function timestampToFormat(timestamp) {const date = new Date(timestamp);const pad = (num, size) => String(num).padStart(size, '0');return `${date.getFullYear()}${pad(date.getMonth() + 1, 2)}${pad(date.getDate(), 2)}${pad(date.getHours(), 2)}${pad(date.getMinutes(), 2)}${pad(date.getSeconds(), 2)}${pad(date.getMilliseconds(), 3)}`;
}
第二部分我们需要还原的是FP的指纹,加密算法实现如下:
!function () {function t(e) {for (var t = "", r = 0; r < e.length;) {var n = e.charCodeAt(r++);t += n > 63 ? String.fromCharCode(32 ^ n) : 35 == n ? e.charAt(r++) : String.fromCharCode(n)}return t}var r = [t("SIZE"), "num", t("SPLIT"), "", t("DEFAULT"), t("CALL"), t("PUSH"), "pop", t("TOsTRING"), t("JOIN"), t("DEFAULT"), t("CALL"), t("REPLACE"), ""], n = Function.prototype.call,a = [2, 66, 17, 98, 16, 25, 286, 76, 37, 17, 58, 16, 13, 25, -2821, 25, -8150, 68, 25, 10976, 68, 91, 74, 17, 26, 16, 4, 78, 17, 73, 16, 13, 7, 91, 62, 17, 36, 16, 32, 88, 80, 0, 46, 80, 1, 76, 7, 68, 36, 16, 32, 25, -3718, 25, 2322, 68, 25, 1412, 68, 25, 575, 25, 6105, 68, 25, -6675, 68, 3, 88, 3, 25, 6578, 25, -9306, 68, 25, 2729, 68, 3, 80, 0, 46, 80, 1, 76, 68, 88, 68, 5, 17, 48, 70, 2, 52, 3, 76, 54, 17, 63, 17, 60, 93, 4, 40, 72, 76, 70, 5, 72, 25, 8402, 25, -5374, 68, 25, -3028, 68, 25, -8134, 25, -8213, 68, 25, 16362, 68, 65, 71, 17, 63, 17, 60, 93, 4, 40, 72, 76, 70, 5, 72, 25, 6175, 25, 4230, 68, 25, -10390, 68, 91, 79, 17, 67, 0, 33, 17, 30, 45, 95, 70, 6, 25, -5057, 25, 6375, 68, 25, -1283, 68, 63, 17, 49, 93, 4, 40, 87, 70, 7, 4, 25, 3357, 25, -5902, 68, 25, 2581, 68, 91, 3, 70, 8, 25, -8817, 25, 8543, 68, 25, 310, 68, 76, 76, 17, 87, 51, 25, 8755, 25, -8004, 68, 25, -751, 68, 34, 42, -56, 63, 17, 69, 93, 4, 40, 95, 76, 70, 5, 95, 14, 91, 33, 17, 95, 70, 9, 52, 3, 76, 29, 17, 27, 90, 39, 73, -2215, 73, -5180, 68, 73, 7395, 68, 94, 58, 50, 44, 49, 58, 76, 21, 0, 71, 4, 93, 70, 1, 4, 11, 79, 22, 84, 55, 58, 82, 73, -6046, 73, -7717, 68, 73, 13764, 68, 2, 60, 86, 11, 4, 70, 2, 11, 79, 22, 98, 3, 84, 39, 58, 27, 58, 79, 11, 36, 74, 91, -48, 4, 90, 20], o = zk, i = Array.from, c = Symbol, s = eh, u = Array.isArray, l = Og.exports;var generateVisitKey = function () {for (var e, t, o, i, c, s, u, l, p, v, d, _, x = n, S = a, A = [], E = 0; ;)switch (S[E++]) {case 2:A.push(y);break;case 3:_ = A.pop(),A[A.length - 1] -= _;break;case 4:null != A[A.length - 1] ? A[A.length - 2] = x.call(A[A.length - 2], A[A.length - 1]) : (_ = A[A.length - 2],A[A.length - 2] = _()),A.length--;break;case 5:s = A[A.length - 1];break;case 7:A.push(o);break;case 13:A.push(t);break;case 14:A.push(p);break;case 16:A.push(null);break;case 17:A.pop();break;case 25:A.push(S[E++]);break;case 26:A.push(b);break;case 27:A.push(d);break;case 29:d = A[A.length - 1];break;case 30:E += S[E];break;case 32:A.push({});break;case 33:v = A[A.length - 1];break;case 34:_ = A.pop(),A[A.length - 1] = A[A.length - 1] > _;break;case 36:A.push(m);break;case 37:t = A[A.length - 1];break;case 39:return;case 40:A.push(void 0);break;case 42:A.pop() ? E += S[E] : ++E;break;case 46:A.push(c);break;case 48:A.push(s);break;case 49:A.push(h);break;case 51:A[A.length - 1] = A[A.length - 1].length;break;case 52:A.push(r[S[E++]]);break;case 54:u = A[A.length - 1];break;case 58:A.push(k);break;case 60:A.push(f);break;case 62:c = A[A.length - 1];break;case 63:A.push(0);break;case 65:A[A.length - 5] = x.call(A[A.length - 5], A[A.length - 4], A[A.length - 3], A[A.length - 2], A[A.length - 1]),A.length -= 4;break;case 66:e = A[A.length - 1];break;case 67:A.push(new Array(S[E++]));break;case 68:_ = A.pop(),A[A.length - 1] += _;break;case 69:A.push(g);break;case 70:A.push(A[A.length - 1]),A[A.length - 2] = A[A.length - 2][r[S[E++]]];break;case 71:l = A[A.length - 1];break;case 72:A.push(u);break;case 73:A.push(w);break;case 74:o = A[A.length - 1];break;case 76:null != A[A.length - 2] ? (A[A.length - 3] = x.call(A[A.length - 3], A[A.length - 2], A[A.length - 1]),A.length -= 2) : (_ = A[A.length - 3],A[A.length - 3] = _(A[A.length - 1]),A.length -= 2);break;case 78:i = A[A.length - 1];break;case 79:p = A[A.length - 1];break;case 80:A[A.length - 2][r[S[E++]]] = A[A.length - 1],A.length--;break;case 87:A.push(l);break;case 88:A.push(i);break;case 90:return A.pop();case 91:A[A.length - 4] = x.call(A[A.length - 4], A[A.length - 3], A[A.length - 2], A[A.length - 1]),A.length -= 3;break;case 93:A[A.length - 1] = A[A.length - 1][r[S[E++]]];break;case 95:A.push(v);break;case 98:A.push(e)}};var h = l(nm), f = l(zk), g = l(j_), p = l(Rk);function v(e, t) {var r = void 0 !== c && s(e) || e["@@iterator"];if (!r) {if (u(e) || (r = function (e, t) {var r;if (!e)return;if ("string" == typeof e)return d(e, t);var n = o(r = Object.prototype.toString.call(e)).call(r, 8, -1);"Object" === n && e.constructor && (n = e.constructor.name);if ("Map" === n || "Set" === n)return i(e);if ("Arguments" === n || /^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n))return d(e, t)}(e)) || t && e && "number" == typeof e.length) {r && (e = r);var n = 0, a = function () {};return {s: a,n: function () {return n >= e.length ? {done: !0} : {done: !1,value: e[n++]}},e: function (e) {throw e},f: a}}throw new TypeError("Invalid attempt to iterate non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}var l, h = !0, f = !1;return {s: function () {r = r.call(e)},n: function () {var e = r.next();return h = e.done,e},e: function (e) {f = !0,l = e},f: function () {try {h || null == r.return || r.return()} finally {if (f)throw l}}}}function d(e, t) {(null == t || t > e.length) && (t = e.length);for (var r = 0, n = new Array(t); r < t; r++)n[r] = e[r];return n}function b() {return 10 * Math.random() | 0}function y(e, t) {var r = _();return y = function (t, n) {var a = r[t -= 280];if (void 0 === y.RpSzcS) {y.licQQm = function (e) {for (var t, r, n = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=", a = "", o = "", i = 0, c = 0; r = e.charAt(c++); ~r && (t = i % 4 ? 64 * t + r : r,i++ % 4) ? a += String.fromCharCode(255 & t >> (-2 * i & 6)) : 0)r = (0,p.default)(n).call(n, r);for (var s = 0, u = a.length; s < u; s++) {var l;o += "%" + (0,f.default)(l = "00" + a.charCodeAt(s).toString(16)).call(l, -2)}return decodeURIComponent(o)},e = arguments,y.RpSzcS = !0}var o = t + r[0].substring(0, 2), i = e[o];return i ? a = i : (a = y.licQQm(a),e[o] = a),a},y(e, t)}function k(e, t) {var r, n = [], a = e.length, o = v(e);try {for (o.s(); !(r = o.n()).done;) {var i = r.value;if (Math.random() * a < t && (n.push(i),0 == --t))break;a--}} catch (e) {o.e(e)} finally {o.f()}for (var c = "", s = 0; s < n.length; s++) {var u = Math.random() * (n.length - s) | 0;c += n[u],n[u] = n[n.length - s - 1]}return c}function m(e) {for (var t = e.size, r = e.num, n = ""; t--;)n += r[Math.random() * r.length | 0];return n}function w(e, t) {for (var o, i, c, s = n, u = a, l = [], h = 239; ;)switch (u[h++]) {case 2:l[l.length - 1] = -l[l.length - 1];break;case 4:l.push(e);break;case 11:l.push(t);break;case 20:return;case 21:l[l.length - 1] = l[l.length - 1][r[10 + u[h++]]];break;case 22:l[l.length - 2] = l[l.length - 2][l[l.length - 1]],l.length--;break;case 27:l.push(o++);break;case 36:l[l.length - 1] = l[l.length - 1].length;break;case 39:e = l[l.length - 1];break;case 49:l.push(0);break;case 50:h += u[h];break;case 55:i = l[l.length - 1];break;case 58:l.pop();break;case 60:c = l.pop(),l[l.length - 1] = l[l.length - 1] !== c;break;case 68:c = l.pop(),l[l.length - 1] += c;break;case 70:l.push(l[l.length - 1]),l[l.length - 2] = l[l.length - 2][r[10 + u[h++]]];break;case 71:l.push(void 0);break;case 73:l.push(u[h++]);break;case 74:c = l.pop(),l[l.length - 1] = l[l.length - 1] < c;break;case 76:l.push(p);break;case 79:l.push(o);break;case 82:l.push(i);break;case 84:l[l.length - 4] = s.call(l[l.length - 4], l[l.length - 3], l[l.length - 2], l[l.length - 1]),l.length -= 3;break;case 86:l[l.length - 1] ? (++h,--l.length) : h += u[h];break;case 90:return l.pop();case 91:l.pop() ? h += u[h] : ++h;break;case 93:null != l[l.length - 2] ? (l[l.length - 3] = s.call(l[l.length - 3], l[l.length - 2], l[l.length - 1]),l.length -= 2) : (c = l[l.length - 3],l[l.length - 3] = c(l[l.length - 1]),l.length -= 2);break;case 94:o = l[l.length - 1];break;case 98:l.push(r[10 + u[h++]])}}function _() {var e = ["ndqXnZqYofn2uw90Ca", "nJyYmtm3Cvrcvhvc", "mty2ntG2nhrZsg9WtW", "mJjMswjnv0C", "mte5mte0nwP4ugrqAW", "nNHJEvrWva", "odiXmJqXnLf6vKfgvW", "ouPpuNDkDa", "mta0ntK5mgTPwM5TAW", "mMT4AhLiDq", "nZe3nJq4yKHWwunj", "mxvJDdzKmgPOCq", "mZbqBvzVCfu"];return (_ = function () {return e})()}!function (e, t) {for (var r = y, n = e(); ;)try {if (676921 === -(0,h.default)(r(284)) / 1 * ((0,h.default)(r(285)) / 2) + (0,h.default)(r(280)) / 3 * ((0,h.default)(r(290)) / 4) + -(0,h.default)(r(292)) / 5 * ((0,h.default)(r(287)) / 6) + (0,h.default)(r(289)) / 7 + (0,h.default)(r(281)) / 8 * ((0,h.default)(r(282)) / 9) + -(0,h.default)(r(283)) / 10 + -(0,h.default)(r(291)) / 11 * (-(0,h.default)(r(288)) / 12))break;n.push(n.shift())} catch (e) {n.push(n.shift())}}(_)
}();
第三部分的APPID直接取AID即可,这里不需要过多的分析
接下来就是第四部分的Token生成了,加密算法实现如下所示:
var getLocalTK;
!function () {function t(e) {for (var t = "", r = 0; r < e.length;) {var n = e.charCodeAt(r++);t += n > 63 ? String.fromCharCode(53 ^ n) : 35 == n ? e.charAt(r++) : String.fromCharCode(n)}return t}var r = ["tk", t("XTR#iV"), "03", t("CPGF#iZ["), "w", t("EYTASZGX"), "41", t("PME#iGPF"), "l", t("EGZQ@VPG"), t("PMEG"), t("V#iE]PG"), t("TQYPG32"), t("RPAgT[QZX|qeGZ"), t("F#iOP"), t("Q#iVAaLEP"), t("V@FAZXq#iVA"), "", t("QPST@YA"), "C2", t("ETGFP"), t("P[VGLEA"), t("_Z#i["), "iv", t("SGZXwTFP64"), t("FAG#i[R#iSL"), t("V#iE]PGAPMA"), t("QPST@YA"), t("EGZAZALEP"), t("VTYY"), "set", "buf", t("AZfAG#i[R"), t("F@WFAG"), t("V]TGvZQPtA"), t("V]TGvZQPtA"), t("V]TGvZQPtA"), t("SYZZG"), "pow", t("FPA`#i[A32"), t("FPA|[A16"), t("RPAgT[QZX|qeGZ"), t("F#iOP"), t("Q#iVAaLEP"), t("V@FAZXq#iVA"), "1", "2", "3", "+", "x", t("SYZZG"), t("GT[QZX"), "", t("F@WFAG"), t("QPST@YA"), t("ETGFP"), t("FAG#i[R#iSL"), t("SGZXwTFP64")], n = Function.prototype.call,a = [23, 64, 79, 28, 21, 0, 99, 1, 79, 28, 21, 2, 99, 3, 79, 28, 21, 4, 99, 5, 79, 28, 21, 6, 99, 7, 79, 28, 21, 8, 99, 9, 79, 28, 50, 11, 49, 99, 10, 79, 28, 12, 11, 53, 46, 99, 11, 79, 28, 24, 11, 28, 29, 1, 28, 29, 3, 17, 28, 29, 5, 17, 28, 29, 7, 17, 28, 29, 9, 17, 28, 29, 10, 17, 28, 29, 11, 17, 46, 99, 12, 79, 28, 29, 1, 28, 29, 3, 17, 28, 29, 5, 17, 28, 29, 12, 17, 28, 29, 7, 17, 28, 29, 9, 17, 28, 29, 10, 17, 28, 29, 11, 17, 51, 35, 45, 75, 54, 64, 54, 70, 20, 0, 63, 5, 4, 32, 69, 1, 28, 81, 4, 178, 40, 69, 2, 81, 69, 3, 40, 6, 54, 68, 4, 42, 54, 64, 54, 86, 20, 5, 63, 21, 61, 54, 68, 6, 99, 54, 28, 81, 4, 182, 40, 52, 54, 31, 81, 95, 16, 19, 10, 18, 38, 54, 26, 98, 81, 78, 40, 83, 42, 54, 26, 98, 81, 19, 40, 83, 42, 54, 26, 98, 81, 10, 40, 83, 42, 54, 26, 22, 81, 16, 40, 83, 42, 54, 26, 98, 81, 95, 40, 83, 42, 54, 97, 20, 5, 80, 7, 26, 40, 27, 54, 76, 20, 5, 80, 8, 39, 47, 20, 5, 80, 7, 77, 40, 5, 47, 20, 5, 80, 7, 29, 80, 9, 68, 4, 40, 40, 69, 10, 73, 89, 54, 64, 54, 70, 20, 11, 63, 56, 20, 5, 80, 12, 37, 20, 13, 40, 40, 88, 7, 14, 10, 70, 74, 20, 22, 253, 22, -2067, 96, 22, 1830, 96, 60, 52, 70, 17, 70, 98, 51, 0, 20, 97, 51, 1, 53, 25, 2, 75, 73, 19, 70, 65, 15, 49, 53, 91, 70, 74, 20, 22, -1530, 22, 415, 96, 22, 1117, 96, 60, 68, 70, 17, 70, 98, 51, 0, 20, 97, 51, 1, 53, 25, 2, 48, 92, 19, 70, 74, 20, 22, -7373, 22, 4503, 96, 22, 2882, 96, 60, 16, 70, 17, 70, 98, 51, 0, 20, 97, 51, 1, 53, 25, 2, 81, 84, 19, 70, 74, 20, 22, 5169, 22, -9153, 96, 22, 4022, 96, 60, 30, 70, 33, 25, 3, 48, 53, 70, 33, 25, 3, 81, 22, -7348, 22, 4861, 96, 22, 2489, 96, 19, 70, 33, 25, 3, 43, 22, -7830, 22, -2494, 96, 22, 10338, 96, 19, 70, 33, 25, 3, 75, 22, 6556, 22, -649, 96, 22, -5885, 96, 19, 70, 13, 51, 0, 25, 4, 33, 53, 71, 70, 83, 22, 8329, 22, -2927, 96, 22, -5402, 96, 21, 71, 70, 76, 15, 22, 187, 53, 83, 25, 5, 22, -3433, 22, 1157, 96, 22, 2292, 96, 53, 96, 72, 70, 47, 25, 6, 47, 32, 22, -47, 22, -1896, 96, 22, 1951, 96, 86, 53, 89, 57, 79, 77, 67, 12, 0, 77, 56, 62, 4, 30, 23, 45, 87, 9, 0, 45, 15, 62, 95, 16, 2, 51, 30, 44, 0, 51, 4, 24, 1, 7, 69, 24, 64, 5, 42, 77, 78, 0, 98, 77, 78, 1, 65, 6751, 65, -342, 81, 65, -6407, 81, 65, 5336, 65, -6432, 81, 65, 1128, 81, 72, 95, 13, 85, 42, 98, 77, 78, 1, 65, -310, 65, 8475, 81, 65, -8163, 81, 65, 32, 72, 88, 1, 42, 94, 24, 65, 5048, 65, -9090, 81, 65, 4050, 81, 2, 67, 42, 8, 24, 32, 2, 37, 42, 12, 71, 32, 16, 78, 2, 65, -5825, 65, -8303, 81, 65, 14128, 81, 47, 12, 34, 42, 16, 78, 2, 65, -4393, 65, -6070, 81, 65, 10467, 81, 56, 12, 34, 80, 30, 16, 78, 2, 65, -8374, 65, -5679, 81, 65, 14053, 81, 56, 12, 34, 42, 16, 78, 2, 65, 5472, 65, -7245, 81, 65, 1777, 81, 47, 12, 34, 42, 52, 24, 32, 2, 20, 93, 94, 60, 29, 2, 79, 92, 78, 62, 60, 1, 79, 59, 0, 29, -4658, 29, -4430, 87, 29, 9088, 87, 29, 6433, 29, 9036, 87, 29, -15213, 87, 48, 0, 85, 85, 97, 78, 27, 60, 1, 79, 29, 6857, 29, -8577, 87, 29, 1720, 87, 4, 29, -353, 29, -2847, 87, 29, 3456, 87, 42, 37, 99, 2, 7, 71, 62, 71, 30, 63, 0, 29, 12, 35, 32, 93, 1, 18, 8, 35, 178, 48, 93, 2, 8, 93, 3, 48, 85, 71, 36, 3, 62, 53, 4, 17, 92, 53, 5, 17, 35, 2, 53, 6, 17, 24, 71, 36, 2, 62, 53, 7, 17, 92, 53, 8, 17, 27, 71, 35, -1160, 35, -3905, 84, 35, 5067, 84, 21, 45, 9, 21, 45, 10, 14, 35, 5398, 35, 8267, 84, 35, -13661, 84, 78, 48, 84, 81, 71, 53, 11, 83, 71, 35, 6113, 35, -8607, 84, 35, 2494, 84, 22, 71, 41, 63, 61, 59, 21, 45, 9, 21, 45, 10, 14, 35, 4505, 35, -8459, 84, 35, 3957, 84, 78, 48, 31, 84, 83, 71, 3, 49, 35, -7624, 35, 707, 84, 35, 6918, 84, 76, 97, 95, 23, 61, 60, 21, 45, 9, 21, 45, 10, 14, 35, -7093, 35, -9161, 84, 35, 16256, 84, 78, 48, 31, 84, 83, 71, 56, 71, 3, 49, 97, 86, -66, 61, 69, 35, -8937, 35, -657, 84, 35, 9603, 84, 97, 95, 27, 61, 1, 45, 12, 35, -1991, 35, -3690, 84, 35, 5681, 84, 35, 3277, 35, -1882, 84, 35, -1386, 84, 61, 69, 76, 32, 84, 83, 71, 38, 63, 13, 45, 14, 61, 48, 94, 71, 23, 63, 13, 45, 15, 15, 48, 19, 71, 62, 71, 30, 63, 16, 29, 74, 48, 65, 44], o = Og.exports;var genLocalTK = function (e) {for (var t, o, i = n, c = a, s = [], u = 0; ;)switch (c[u++]) {case 11:s.push(null);break;case 12:s.push(x);break;case 17:o = s.pop(),s[s.length - 1] += o;break;case 21:s.push(r[c[u++]]);break;case 23:s.push({});break;case 24:s.push(_);break;case 28:s.push(t);break;case 29:s[s.length - 1] = s[s.length - 1][r[c[u++]]];break;case 35:return;case 46:null != s[s.length - 2] ? (s[s.length - 3] = i.call(s[s.length - 3], s[s.length - 2], s[s.length - 1]),s.length -= 2) : (o = s[s.length - 3],s[s.length - 3] = o(s[s.length - 1]),s.length -= 2);break;case 49:null != s[s.length - 1] ? s[s.length - 2] = i.call(s[s.length - 2], s[s.length - 1]) : (o = s[s.length - 2],s[s.length - 2] = o()),s.length--;break;case 50:s.push(j);break;case 51:return s.pop();case 53:s.push(e);break;case 64:t = s[s.length - 1];break;case 79:s.pop();break;case 99:s[s.length - 2][r[c[u++]]] = s[s.length - 1],s[s.length - 2] = s[s.length - 1],s.length--}};var i = o(nm), c = o(cm), s = o(Rk), u = o(zk), l = o(xm), h = o(Om), f = vx, g = o(eA.exports), p = o(rA.exports), v = o(tA.exports), d = o($S.exports), b = o(yA), y = S;!function (e, t) {for (var r = S, n = e(); ;)try {if (569306 === (0,i.default)(r(173)) / 1 + (0,i.default)(r(175)) / 2 * (-(0,i.default)(r(188)) / 3) + -(0,i.default)(r(179)) / 4 * (-(0,i.default)(r(177)) / 5) + (0,i.default)(r(174)) / 6 * ((0,i.default)(r(184)) / 7) + -(0,i.default)(r(186)) / 8 + -(0,i.default)(r(180)) / 9 * ((0,i.default)(r(183)) / 10) + -(0,i.default)(r(176)) / 11 * ((0,i.default)(r(181)) / 12))break;n.push(n.shift())} catch (e) {n.push(n.shift())}}(w);var k = y(185), m = ["01", "02", "03", "04", "05", "06", "07", "08"];function w() {var e = ["mdaWmdaWmda", "ndK0nZLNr3vswMW", "mta0mZy5owvft0Lhzq", "mta0odjODNngCKO", "ndbvqvzcq1i", "ode3m2DqBxjfta", "mZG3ndyZmhjSvxfsEa", "Bwf4", "nhPZsurozW", "nJCXmJaYovbVwKfNvW", "nJi2nhzjqMnZsq", "sZnYt3fntdbrCsze", "mtbIu0Xbuhi", "mZK2mKrLBwH2zG", "puyPp243qf1prLG2mMjunq", "nJe5nZa3mNjJuK5xrq"];return (w = function () {return e})()}function _(e) {var t = y, r = b.default.str(e);r >>>= 0;var n = t(187) + r.toString(16);return n.substr(n.length - 8)}function S(e, t) {var r = w();return S = function (t, n) {var a = r[t -= 173];if (void 0 === S.zUShtv) {S.CXUmZy = function (e) {for (var t, r, n = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=", a = "", o = "", i = 0, c = 0; r = e.charAt(c++); ~r && (t = i % 4 ? 64 * t + r : r,i++ % 4) ? a += String.fromCharCode(255 & t >> (-2 * i & 6)) : 0)r = (0,s.default)(n).call(n, r);for (var l = 0, h = a.length; l < h; l++) {var f;o += "%" + (0,u.default)(f = "00" + a.charCodeAt(l).toString(16)).call(f, -2)}return decodeURIComponent(o)},e = arguments,S.zUShtv = !0}var o = t + r[0].substring(0, 2), i = e[o];return i ? a = i : (a = S.CXUmZy(a),e[o] = a),a},S(e, t)}function E(e) {return (0,h.default)(Array.prototype).call(e, (function (e) {var t;return (0,u.default)(t = "00" + (255 & e).toString(16)).call(t, -2)})).join("")}function C(e) {var t = new Uint8Array(e.length);return (0,l.default)(Array.prototype).call(t, (function (t, r, n) {n[r] = e.charCodeAt(r)})),E(t)}function O(e) {return E(T(e))}getLocalTK = genLocalTK
}();
直接调用getLocalTK,入参则是上面的get_fingerprint指纹值
第五部分的Sign签名其实算比较复杂的一部分了,多参数参与了加密,核心算法实现如下:
!function () {function t(e) {for (var t = "", r = 0; r < e.length;) {var n = e.charCodeAt(r++);t += n > 63 ? String.fromCharCode(24 ^ n) : 35 == n ? e.charAt(r++) : String.fromCharCode(n)}return t}var r = ["", t("|}~ymtl"), t("kljqv#gq~a"), t("hyjk}"), t("lwZyk}64"), t("GGhyjk}Lws}v"), t("uyl{p"), t("FC123E(C`+EC123E)+"), t("khtql"), t("G|}~ymtlYt#gwjqlpu"), t("{ytt"), "log", t("G|}zm#g"), "", t("TW[YTGYT_WJQLPUGHJ]^Q@"), "+", "x", t("GGyt#gwjqlpu"), t("|}~ymtl"), t("{ytt"), t("|}~ymtl"), t("{ytt"), t("rwqv"), "&", t("lwKljqv#g"), "log", t("G|}zm#g"), "key", ":", t("nytm}"), "", t("|}~ymtl"), t("~wjuyl"), "07", t("GqkVwjuyt"), t("GG#g}vS}a"), t("Glws}v"), t("G~qv#g}jhjqvl"), t("GyhhQ|"), t("yt#gwk"), t("lwKljqv#g"), t("#g}vTw{ytLS"), t("G|}~ymtlLws}v"), t("GG#g}v#D}~ymtlS}a"), t("GG#g}vKq#gv"), t("{ytt"), t("rwqv"), ",", t("]VNQJWVU]VL"), t("GG#g}vKq#gvHyjyuk"), "log", t("G|}zm#g"), "key", t("kq#gvKlj"), t("Gkls"), t("Gkl}"), t("p5kl"), t("GwvKq#gv"), t("{w|}"), t("u}kky#g}"), t("Gn}jkqwv"), "v", t("GGRKGK][MJQLAGN]JKQWV"), t("kmzGn"), t("}`l}v|"), t("]jj[w|}k"), t("_]V]JYL]GKQ_VYLMJ]G^YQT]#D"), t("LWS]VG]UHLA"), "key", t("}vn[wtt}{l"), t("G~qv#g}jhjqvl"), "fp", t("Gzm{s}l"), t("|}~ymtl"), "log", t("G|}zm#g"), t("}v{jahl"), t("hyjk}"), "01", "02", "03", "04", "05", "06", "07", "08", t("rwqv"), "", "iv", t("}v{w|}"), t("{qhp}jl}`l"), t("|}~ymtl"), t("ojyh"), t("v}`l"), t("hj}n"), 0, 5, 10, 13, "end", t("|}~ymtl"), t("GG{p}{sHyjyuk"), t("yzjmhl"), t("j}lmjv"), t("GGj}im}kl#D}hk"), t("GG{wtt}{l"), t("GGuys}Kq#gv"), "log", t("G|}zm#g"), "ms", t("{yl{p"), "t0", t("GwvKq#gv"), t("]jj[w|}k"), t("MVPYV#DT]#DG]JJWJ"), t("{w|}"), t("u}kky#g}"), t("Gn}jkqwv"), "v", t("GGRKGK][MJQLAGN]JKQWV"), t("kmzGn"), t("}`l}v|"), t("klwh")], n = Function.prototype.call,o = [75, 1, 29, 51, 66, 29, 41, 0, 21, 29, 91, 68, 76, 397, 15, 79, 29, 41, 0, 3, 96, 40, 96, 4, 96, 56, 96, 90, 96, 53, 29, 16, 30, 1, 44, 2, 6, 30, 1, 44, 3, 88, 29, 85, 30, 4, 22, 75, 44, 5, 3, 76, 6038, 76, 6806, 96, 76, -12828, 96, 76, 4468, 76, -656, 96, 76, -3784, 96, 35, 15, 15, 15, 72, 29, 57, 44, 6, 37, 7, 15, 84, 29, 81, 77, 43, 81, 76, 8106, 76, 2295, 96, 76, -10401, 96, 9, 33, 29, 23, 44, 8, 41, 0, 15, 50, 29, 31, 9, 71, 29, 41, 0, 18, 29, 88, 29, 48, 30, 1, 22, 26, 15, 44, 10, 26, 32, 36, 29, 88, 29, 85, 30, 11, 22, 31, 12, 91, 68, 76, 413, 15, 62, 96, 91, 68, 76, 376, 15, 96, 57, 96, 91, 68, 76, 405, 15, 96, 87, 96, 36, 29, 87, 43, 98, 31, 32, 15, 41, 69, 96, 12, 43, 64, 85, 0, 48, 28, 1, 26, 69, 26, 90, 32, 62, 30, 5, 43, 47, 92, 80, 33, 2, 2, 6, 3, 22, 85, 0, 46, 26, 33, 87, 4, 30, 51, 7, 98, 26, 75, 32, 72, 23, 33, 87, 4, 30, 46, 7, 98, 75, 32, 72, 12, 33, 87, 4, 30, 51, 7, 98, 75, 32, 72, 1, 72, 38, 50, 32, 91, 28, 5, 83, 95, 2, 50, 85, 2, 2, 8, 85, 3, 2, 40, 96, 87, 6, 31, 69, 23, 74, 7495, 74, -6716, 26, 74, -779, 26, 59, 68, 3, 69, 65, 32, 53, 62, 47, 35, 25, 35, 93, 98, 0, 53, 34, 75, 50, 1, 34, 14, 72, 50, 2, 8, 3, 75, 95, 35, 25, 35, 96, 98, 0, 53, 85, 88, 72, 50, 4, 58, 98, 0, 75, 4, 35, 25, 35, 69, 98, 5, 53, 73, 6, 91, 2, 26, 399, 75, 85, 80, 91, 2, 26, 414, 75, 80, 28, 80, 72, 35, 28, 10, 52, 76, 7, 0, 61, 1, 65, 76, 7, 2, 65, 75, 16, 93, 98, 84, 92, 0, 37, 84, 19, 84, 22, 26, 1, 67, 4, 91, 84, 19, 84, 14, 26, 2, 67, 38, 18, 76, 63, 406, 65, 90, 11, 84, 35, 92, 3, 53, 83, 84, 74, 4, 16, 24, 42, 36, 5, 74, 6, 74, 7, 20, 74, 8, 74, 9, 17, 36, 10, 4, 95, 3, 92, 0, 37, 82, 26, 42, 19, 84, 29, 26, 11, 67, 74, 7, 65, 25, 12, 84, 42, 36, 13, 74, 12, 74, 7, 20, 74, 8, 88, 37, 84, 69, 5, 84, 57, 16, 136, 42, 36, 14, 57, 45, 90, 21, 84, 19, 84, 3, 26, 1, 67, 45, 65, 36, 15, 45, 8, 90, 36, 16, 92, 17, 65, 2, 84, 40, 26, 18, 12, 84, 42, 36, 19, 62, 38, 35, 34, 88, 41, 84, 19, 84, 59, 26, 20, 67, 74, 21, 18, 76, 63, 375, 65, 19, 84, 27, 26, 1, 67, 69, 57, 32, 22, 62, 32, 23, 33, 32, 24, 52, 32, 25, 54, 32, 26, 76, 63, 1119, 63, -3077, 53, 63, 1960, 53, 58, 53, 90, 84, 69, 33, 32, 24, 52, 32, 25, 54, 32, 26, 5, 84, 42, 36, 27, 69, 19, 32, 28, 18, 76, 63, 394, 65, 32, 29, 69, 74, 30, 32, 31, 40, 26, 32, 32, 33, 32, 34, 65, 84, 86, 39, 82, 76, 74, 6, 95, 3, 74, 12, 16, 34, 42, 36, 27, 69, 31, 26, 35, 26, 36, 32, 28, 18, 76, 63, 373, 65, 32, 29, 69, 74, 30, 32, 31, 40, 26, 32, 32, 33, 32, 34, 65, 82, 32, 42, 36, 27, 69, 31, 26, 35, 26, 37, 32, 28, 18, 76, 63, 381, 65, 32, 29, 69, 74, 30, 32, 31, 40, 26, 32, 32, 33, 32, 34, 65, 84, 86, 39, 1, 24, 61, 0, 40, 41, 41, 52, 8, 61, 8, 89, 92, 0, 44, 45, 5394, 45, 7249, 87, 45, -12642, 87, 15, 39, 8, 69, 27, 1, 95, 2, 8, 69, 11, 83, 45, 415, 15, 27, 3, 3, 8, 69, 11, 83, 45, 368, 15, 19, 11, 83, 45, 365, 15, 69, 11, 83, 45, 368, 15, 19, 11, 83, 45, 365, 15, 19, 45, 6472, 45, -4012, 87, 45, -2460, 87, 24, 40, 12, 45, 9932, 45, -4858, 87, 45, -5073, 87, 67, 51, 14, 69, 11, 83, 45, 368, 15, 19, 11, 83, 45, 365, 15, 19, 3, 8, 61, 8, 46, 92, 4, 44, 69, 83, 45, -8946, 45, 8447, 87, 45, 501, 87, 10, 36, 8, 61, 8, 16, 92, 5, 44, 27, 6, 11, 83, 45, 421, 15, 31, 87, 12, 8, 42, 92, 4, 20, 7, 31, 70, 92, 4, 20, 8, 11, 83, 45, 389, 15, 15, 74, 70, 92, 4, 20, 8, 50, 8, 61, 13, 9, 94, 84, 13, 10, 94, 45, 2, 13, 11, 94, 45, 3, 13, 12, 94, 45, 4, 13, 13, 94, 45, 5, 13, 14, 94, 45, 6, 13, 15, 94, 45, 7, 13, 16, 94, 20, 17, 13, 18, 15, 15, 33, 19, 10, 18, 8, 62, 92, 4, 20, 20, 79, 92, 21, 15, 5, 82, 46, 24, 58, 24, 35, 24, 65, 24, 23, 24, 72, 86, 0, 42, 1, 75, 13, 11, 21, 1, 87, 21, 2, 87, 89, 91, 89, 28, 10, 91, 91, 60, 15, 36, 76, 194, 75, 75, 23, 0, 17, 1, 35, 186, 5, 2, 12, 3, 58, 4, 122, 5, 181, 6, 181, 43, 19, 25, 75, 47, 17, 1, 25, 85, 25, 80, 23, 7, 61, 32, 97, 25, 44, 3, 8, 98, 94, 51, 25, 79, 21, 91, 77, 58, 9, 75, 2, 5, 17, 0, 25, 76, 137, 75, 3, 9, 68, 10, 98, 78, 88, 44, 3, 11, 32, 25, 44, 3, 12, 32, 29, 25, 44, 3, 13, 79, 12, 78, 28, 25, 75, 3, 9, 68, 10, 85, 25, 7, 23, 14, 61, 83, 15, 31, 21, 2, 374, 94, 85, 25, 80, 23, 7, 61, 32, 74, 34, 56, 68, 16, 56, 78, 25, 85, 25, 46, 23, 7, 61, 4, 98, 90, 70, 78, 88, 75, 2, 10, 17, 1, 25, 75, 75, 3, 17, 47, 94, 17, 18, 25, 75, 3, 9, 68, 10, 44, 3, 19, 4, 89, 23, 20, 23, 21, 99, 22, 31, 21, 2, 401, 94, 75, 23, 18, 56, 99, 23, 4, 83, 24, 99, 25, 63, 23, 26, 99, 27, 99, 28, 94, 25, 98, 78, 88, 75, 3, 29, 32, 88, 55, 66, -195, 30], i = a.exports, l = Og.exports;var v = l(Rk), d = l(zk), b = l(nm), y = l(cm), m = l(xm), w = l(Om), O = Lx, R = l($S.exports), z = l(eA.exports), L = l(tA.exports), I = l(rA.exports), B = l(cA.exports), N = l(R_.exports), G = l(sA.exports), F = l(uA.exports), H = l(hA.exports), W = l(fA.exports), U = vx;function Z(e, t) {var r = V();return Z = function (t, n) {var a = r[t -= 339];if (void 0 === Z.kfjFYr) {Z.VsajSZ = function (e) {for (var t, r, n = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=", a = "", o = "", i = 0, c = 0; r = e.charAt(c++); ~r && (t = i % 4 ? 64 * t + r : r,i++ % 4) ? a += String.fromCharCode(255 & t >> (-2 * i & 6)) : 0)r = (0,v.default)(n).call(n, r);for (var s = 0, u = a.length; s < u; s++) {var l;o += "%" + (0,d.default)(l = "00" + a.charCodeAt(s).toString(16)).call(l, -2)}return decodeURIComponent(o)},e = arguments,Z.kfjFYr = !0}var o = t + r[0].substring(0, 2), i = e[o];return i ? a = i : (a = Z.VsajSZ(a),e[o] = a),a},Z(e, t)}function V() {var e = ["x19Yzxf1zxn0rgvWCYb1C2uGy2fJAguGzNaSigzWoG", "x19JB2XSzwn0igvUDKnVBgXLy3q9", "x19Yzxf1zxn0qwXNB3jPDgHTt25Jzq", "x19Yzxf1zxn0qwXNB3jPDgHTihjLCxvLC3qGC3vJy2vZCYeSignOzwnRig1LBw9YEsbMCdO", "x19HBgDVCML0Ag0", "nJuYodqWB0nXwfPp", "x19Yzxf1zxn0rgvWCW", "x19Nzw5tAwDUugfYyw1Z", "CgfYyw1ZigLZig5VDcbHihbSywLUig9IAMvJDa", "x19Yzxf1zxn0rgvWCYbYzxf1zxn0ihrVA2vUigzHAwXLzcWGzxjYB3i6ia", "CMvXDwvZDcb0B2TLBIbMywLSzwqGA2v5oG", "ihrVA2vUoG", "ExL5Eu1nzgq", "Bg9HzcbYywmGANmGzMfPBce", "x19WyxjZzufSz29YAxrOBq", "x19Yzxf1zxn0qwXNB3jPDgHTigvUDKnVBgXLy3q9", "CgfYyw1ZigLZigvTChr5igfMDgvYigv4y2X1zgLUzYaIDw5ZywzLiIbWyxjHBxm", "x19JAgvJA1bHCMfTCW", "nc43", "Bg9JywXFA2v5xZm", "x19Yzxf1zxn0qwXNB3jPDgHTt25JzsbRzxK6", "lcbYzxrYEsbUzxH0ihrPBwuU", "x19Yzxf1zxn0rgvWCYbMCM9TignHy2HLlcbLBMqU", "lcbJAgvJAYbZDg9YywDLigzWoG", "C2v0DgLUz3mUyxbWswqGBxvZDcbIzsbHig5VBI1LBxb0EsbZDhjPBMC", "x19JB2XSzwn0", "C2LNBG", "CxvLCNLtzwXLy3rVCG", "yNuY", "BdfMBa", "lcbZDg9YywDLrNa6", "zxH0zw5K", "Ahr0Chm6lY9ZDg9YywDLlJm2mgj1EwLTzY5JB20VD2vIy29UDgfPBMvYl21HAw4VANmTC2vJDxjPDhKTDJmTCMfJlMPZp3y9", "BwfPBI5ZAwDUi19Fzgv0zwn0Aw5N", "DxnLig5VCM1HBfrVA2vU", "x19Yzxf1zxn0rgvWCYWGx19WyxjZzufSz29YAxrOBsbYzxn1Bhq6", "z2vUzxjHDguGA2v5igzHAwXLza", "C2LNBIbLBgfWC2vKihrPBwuH", "x19TywTLu2LNBIWGCMvZDwX0oG", "lgv4ChjLC3m9", "mtq0mtC3nKjKwLDQwG", "x19WyxjZzvrVA2vU", "x19Yzxf1zxn0rgvWCYbLBMqU", "z2v0vg9Rzw5F", "Dg9Rzw4GAxmGzw1WDhK", "mcfa", "CMv0DxjUia", "lcbHBgDVoG", "lcbFBg9HzgvKx2nHy2HLCZO", "CgfYyw1ZigLZigvTChr5", "x19Yzxf1zxn0qwXNB3jPDgHTigvUzc4", "y3jLyxrLigLUC3rHBMnLihDPDgGGyxbWswq9", "x002wt9KDMzondbwtuzBwa", "CgfYyw1ZignVBNrHAw5ZihjLC2vYDMvKihbHCMfTig5HBwuU", "DgvZDcbLCNi", "ntC5mdG5B0PlCuTl", "x19TywTLu2LNBG", "C3vJy2vZCW", "x19Yzxf1zxn0qwXNB3jPDgHTihn0yxj0lG", "CYnS", "odDUoceT", "nteZode4mNDTwKjxBq", "x19Nzw5tAwDUlcbWyxjHBxntDhi6", "lcbLpq", "Dw5RBM93BIbLCNjVCI4", "x19PBMLdB25MAwC", "nduXmtiWBhHjDKDU", "Bg9HzcbYywmGANmGC3vJy2vZCYe", "lgTLEt0", "ExL5Eu1nzgrOAg1TC3ntu1m", "mtGXnZm0nKrtDKPRwG", "x19Yzxf1zxn0rgvWCYbZDgfYDc4", "x19Nzw5tAwDU", "lcb0B2TLBJO", "lcbMCdO", "mZe0mdGYsuHeC3rs", "x19Nzw5ezwzHDwX0s2v5igLUChv0pq", "lcbZAwDUzwrtDhi6", "yNuX", "x19Nzw5ezwzHDwX0s2v5", "BwfPBI5ZAwDUi19FCMvXDwvZDerLChm", "x19Yzxf1zxn0qwXNB3jPDgHT", "x19Yzxf1zxn0rgvWCYb1C2uGBMv3igzWlcbMCdO"];return (V = function () {return e})()}var X = Z;(function (e, t) {for (var r = Z, n = e(); ;)try {if (296934 === -(0,b.default)(r(392)) / 1 + -(0,b.default)(r(342)) / 2 + -(0,b.default)(r(412)) / 3 + (0,b.default)(r(377)) / 4 + -(0,b.default)(r(403)) / 5 + (0,b.default)(r(407)) / 6 + (0,b.default)(r(398)) / 7)break;n.push(n.shift())} catch (e) {console.log(e)n.push(n.shift())}})(V);var __parseToken = function (e, t, r) {return e ? vk(e).call(e, t, r) : ""}, _defaultAlgorithm = {local_key_1: CryptoJS.MD5,local_key_2: CryptoJS.SHA256,local_key_3: CryptoJS.HmacSHA256}, algos = {MD5: CryptoJS.MD5,SHA256: CryptoJS.SHA256,SHA512: CryptoJS.SHA512,HmacSHA256: CryptoJS.HmacSHA256,HmacSHA512: CryptoJS.HmacSHA512,HmacMD5: CryptoJS.HmacMD5}, __algorithm = function (e, t, r) {var n = X, a = this._defaultAlgorithm[e];return e === 'local_key_3' ? a(t, r).toString(CryptoJS.enc.Hex) : a(t).toString(CryptoJS.enc.Hex)};var _this = {__parseToken: __parseToken,__algorithm: __algorithm,_defaultAlgorithm: _defaultAlgorithm,algos: algos};var genDefaultKey = function (e, t, a, i) {for (var c, s, u, l, h, f, g, p, d, b, y, k, w = n, _ = o, x = [], S = 0; ;)switch (_[S++]) {case 1:c = x[x.length - 1];break;case 3:x.push(e);break;case 4:x.push(a);break;case 6:x.push(R);break;case 9:x[x.length - 2] = x[x.length - 2][x[x.length - 1]],x.length--;break;case 15:null != x[x.length - 2] ? (x[x.length - 3] = w.call(x[x.length - 3], x[x.length - 2], x[x.length - 1]),x.length -= 2) : (k = x[x.length - 3],x[x.length - 3] = k(x[x.length - 1]),x.length -= 2);break;case 16:x.push(L);break;case 18:y = x[x.length - 1];break;case 21:u = x[x.length - 1];break;case 22:x.push(void 0);break;case 23:x.push(p);break;case 26:x.push(d);break;case 29:x.pop();break;case 30:x[x.length - 1] = x[x.length - 1][r[_[S++]]];break;case 31:x.push(_this[r[_[S++]]]);break;case 32:x.push((function (t) {var a, i, s, l, f = n, g = o, p = [], d = 162;e: for (; ;)switch (g[d++]) {case 2:p[p.length - 3][p[p.length - 2]] = p[p.length - 1],p.length -= 2;break;case 5:p[p.length - 2] = p[p.length - 2][p[p.length - 1]],p.length--;break;case 7:p.push(e);break;case 8:p.push(1);break;case 12:p[p.length - 1] = !p[p.length - 1];break;case 15:p.push(isNaN);break;case 23:p[p.length - 4] = f.call(p[p.length - 4], p[p.length - 3], p[p.length - 2], p[p.length - 1]),p.length -= 3;break;case 26:s = p.pop(),p[p.length - 1] += s;break;case 28:p[p.length - 1] = p[p.length - 1][r[13 + g[d++]]];break;case 30:p.push(i);break;case 31:p.push(a);break;case 32:p.pop();break;case 33:p.push(c);break;case 40:a = p[p.length - 1];break;case 41:p.push(null);break;case 43:p.pop() ? ++d : d += g[d];break;case 46:p.push(u);break;case 48:p.push(O);break;case 50:p.push(0);break;case 51:p.push(h);break;case 53:return;case 59:s = p.pop(),p[p.length - 1] = p[p.length - 1] >= s;break;case 62:p.push(b);break;case 65:y = p[p.length - 1];break;case 68:p[p.length - 1] ? (++d,--p.length) : d += g[d];break;case 69:p.push(t);break;case 72:d += g[d];break;case 74:p.push(g[d++]);break;case 75:u = p[p.length - 1];break;case 80:for (s = p.pop(),l = 0; l < g[d + 1]; ++l)if (s === r[13 + g[d + 2 * l + 2]]) {d += g[d + 2 * l + 3];continue e}d += g[d];break;case 83:p.push(void 0);break;case 85:p.push(r[13 + g[d++]]);break;case 87:p.push(p[p.length - 1]),p[p.length - 2] = p[p.length - 2][r[13 + g[d++]]];break;case 90:i = p[p.length - 1];break;case 91:p.push(v);break;case 92:p.push(y);break;case 95:p.push(new Array(g[d++]));break;case 96:null != p[p.length - 2] ? (p[p.length - 3] = f.call(p[p.length - 3], p[p.length - 2], p[p.length - 1]),p.length -= 2) : (s = p[p.length - 3],p[p.length - 3] = s(p[p.length - 1]),p.length -= 2);break;case 98:p[p.length - 5] = f.call(p[p.length - 5], p[p.length - 4], p[p.length - 3], p[p.length - 2], p[p.length - 1]),p.length -= 4}}));break;case 33:p = x[x.length - 1];break;case 35:x[x.length - 5] = w.call(x[x.length - 5], x[x.length - 4], x[x.length - 3], x[x.length - 2], x[x.length - 1]),x.length -= 4;break;case 36:x[x.length - 4] = w.call(x[x.length - 4], x[x.length - 3], x[x.length - 2], x[x.length - 1]),x.length -= 3;break;case 37:x.push(new RegExp(r[_[S++]]));break;case 40:x.push(t);break;case 41:x.push(r[_[S++]]);break;case 43:return x.pop();case 44:x.push(x[x.length - 1]),x[x.length - 2] = x[x.length - 2][r[_[S++]]];break;case 48:x.push(m);break;case 50:d = x[x.length - 1];break;case 51:x.push(X);break;case 53:h = x[x.length - 1];break;case 56:x.push(i);break;case 57:x.push(f);break;case 62:x.push(h);break;case 66:s = x[x.length - 1];break;case 68:x.push(null);break;case 71:b = x[x.length - 1];break;case 72:f = x[x.length - 1];break;case 75:x.push(_this);break;case 76:x.push(_[S++]);break;case 77:x.pop() ? ++S : S += _[S];break;case 79:l = x[x.length - 1];break;case 81:x.push(g);break;case 84:g = x[x.length - 1];break;case 85:x.push(U);break;case 87:x.push(u);break;case 88:x.push(0);break;case 90:x.push(l);break;case 91:x.push(s);break;case 96:k = x.pop(),x[x.length - 1] += k;break;case 98:return}};var genSign = function (e, t) {for (var a, i, c, s, u = n, l = o, h = [], f = 272; ;)switch (l[f++]) {case 2:h.push(null);break;case 4:c = h[h.length - 1];break;case 8:h.push(r[20 + l[f++]]);break;case 10:return h.pop();case 14:h.push((function (e) {for (var t, n = o, a = [], i = 340; ;)switch (n[i++]) {case 7:a[a.length - 1] = a[a.length - 1][r[27 + n[i++]]];break;case 16:return;case 61:a.push(r[27 + n[i++]]);break;case 65:t = a.pop(),a[a.length - 1] += t;break;case 75:return a.pop();case 76:a.push(e)}}));break;case 25:h.push(0);break;case 26:h.push(l[f++]);break;case 28:h.push(c);break;case 34:h.push(t);break;case 35:h.pop();break;case 47:a = h[h.length - 1];break;case 50:h.push(h[h.length - 1]),h[h.length - 2] = h[h.length - 2][r[20 + l[f++]]];break;case 52:return;case 53:h.push(void 0);break;case 58:h.push(z);break;case 62:h.push(X);break;case 69:h.push(U);break;case 72:h[h.length - 4] = u.call(h[h.length - 4], h[h.length - 3], h[h.length - 2], h[h.length - 1]),h.length -= 3;break;case 73:h.push(_this[r[20 + l[f++]]]);break;case 75:null != h[h.length - 2] ? (h[h.length - 3] = u.call(h[h.length - 3], h[h.length - 2], h[h.length - 1]),h.length -= 2) : (s = h[h.length - 3],h[h.length - 3] = s(h[h.length - 1]),h.length -= 2);break;case 80:s = h.pop(),h[h.length - 1] += s;break;case 85:h.push(i);break;case 88:h.push(e);break;case 91:h.push(a);break;case 93:h.push(w);break;case 95:i = h[h.length - 1];break;case 96:h.push(G);break;case 98:h[h.length - 1] = h[h.length - 1][r[20 + l[f++]]]}};
先调用genDefaultKey,入参是四个,分别是上面得到的Token、FP、APPID、时间戳+07拿到值,再调用签名函数getSign,入参数则是genDefaultKey的值加params,如下所示:
params = {"functionId": "mzhprice_getCustomRealPriceInfoForColor","appid": "search-pc-java","client": "pc","clientVersion": "1.0.0","t": str(int(time.time() * 1000)),"body": '{"skuPriceInfoRequestList":[{"skuId":"10105124153052"},{"skuId":"10102973236034"},{"skuId":"10060158269227"},{"skuId":"10085438117915"},{"skuId":"100023408281"},{"skuId":"10034095072591"},{"skuId":"10099066159774"},{"skuId":"10102882832111"},{"skuId":"10081102086006"},{"skuId":"10102882779610"},{"skuId":"10105124220789"},{"skuId":"10102882813512"},{"skuId":"10102882813511"},{"skuId":"10105124218483"},{"skuId":"100114410144"},{"skuId":"10093665009265"},{"skuId":"10039552855611"},{"skuId":"10036842860178"},{"skuId":"11677624998"},{"skuId":"26616715173"}],"area":"19_1659_37260_37346","source":"search_pc","fields":"11101100111001"}',
}
注意!其中body需要经过SHA256加密,实现算法如下所示:
function GEN_SHA256(s) {var chrsz = 8;var hexcase = 0;function safe_add(x, y) {var lsw = (x & 0xFFFF) + (y & 0xFFFF);var msw = (x >> 16) + (y >> 16) + (lsw >> 16);return (msw << 16) | (lsw & 0xFFFF)}function S(X, n) {return (X >>> n) | (X << (32 - n))}function R(X, n) {return (X >>> n)}function Ch(x, y, z) {return ((x & y) ^ ((~x) & z))}function Maj(x, y, z) {return ((x & y) ^ (x & z) ^ (y & z))}function Sigma0256(x) {return (S(x, 2) ^ S(x, 13) ^ S(x, 22))}function Sigma1256(x) {return (S(x, 6) ^ S(x, 11) ^ S(x, 25))}function Gamma0256(x) {return (S(x, 7) ^ S(x, 18) ^ R(x, 3))}function Gamma1256(x) {return (S(x, 17) ^ S(x, 19) ^ R(x, 10))}function core_sha256(m, l) {var K = new Array(0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5, 0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5, 0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3, 0x72BE5D74, 0x80DEB1FE, 0x9BDC06A7, 0xC19BF174, 0xE49B69C1, 0xEFBE4786, 0xFC19DC6, 0x240CA1CC, 0x2DE92C6F, 0x4A7484AA, 0x5CB0A9DC, 0x76F988DA, 0x983E5152, 0xA831C66D, 0xB00327C8, 0xBF597FC7, 0xC6E00BF3, 0xD5A79147, 0x6CA6351, 0x14292967, 0x27B70A85, 0x2E1B2138, 0x4D2C6DFC, 0x53380D13, 0x650A7354, 0x766A0ABB, 0x81C2C92E, 0x92722C85, 0xA2BFE8A1, 0xA81A664B, 0xC24B8B70, 0xC76C51A3, 0xD192E819, 0xD6990624, 0xF40E3585, 0x106AA070, 0x19A4C116, 0x1E376C08, 0x2748774C, 0x34B0BCB5, 0x391C0CB3, 0x4ED8AA4A, 0x5B9CCA4F, 0x682E6FF3, 0x748F82EE, 0x78A5636F, 0x84C87814, 0x8CC70208, 0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2);var HASH = new Array(0x6A09E667, 0xBB67AE85, 0x3C6EF372, 0xA54FF53A, 0x510E527F, 0x9B05688C, 0x1F83D9AB, 0x5BE0CD19);var W = new Array(64);var a, b, c, d, e, f, g, h, i, j;var T1, T2;m[l >> 5] |= 0x80 << (24 - l % 32);m[((l + 64 >> 9) << 4) + 15] = l;for (var i = 0; i < m.length; i += 16) {a = HASH[0];b = HASH[1];c = HASH[2];d = HASH[3];e = HASH[4];f = HASH[5];g = HASH[6];h = HASH[7];for (var j = 0; j < 64; j++) {if (j < 16)W[j] = m[j + i];elseW[j] = safe_add(safe_add(safe_add(Gamma1256(W[j - 2]), W[j - 7]), Gamma0256(W[j - 15])), W[j - 16]);T1 = safe_add(safe_add(safe_add(safe_add(h, Sigma1256(e)), Ch(e, f, g)), K[j]), W[j]);T2 = safe_add(Sigma0256(a), Maj(a, b, c));h = g;g = f;f = e;e = safe_add(d, T1);d = c;c = b;b = a;a = safe_add(T1, T2)}HASH[0] = safe_add(a, HASH[0]);HASH[1] = safe_add(b, HASH[1]);HASH[2] = safe_add(c, HASH[2]);HASH[3] = safe_add(d, HASH[3]);HASH[4] = safe_add(e, HASH[4]);HASH[5] = safe_add(f, HASH[5]);HASH[6] = safe_add(g, HASH[6]);HASH[7] = safe_add(h, HASH[7])}return HASH}function str2binb(str) {var bin = Array();var mask = (1 << chrsz) - 1;for (var i = 0; i < str.length * chrsz; i += chrsz) {bin[i >> 5] |= (str.charCodeAt(i / chrsz) & mask) << (24 - i % 32)}return bin}function Utf8Encode(string) {string = string.replace(/\r\n/g, "\n");var utftext = "";for (var n = 0; n < string.length; n++) {var c = string.charCodeAt(n);if (c < 128) {utftext += String.fromCharCode(c)} else if ((c > 127) && (c < 2048)) {utftext += String.fromCharCode((c >> 6) | 192);utftext += String.fromCharCode((c & 63) | 128)} else {utftext += String.fromCharCode((c >> 12) | 224);utftext += String.fromCharCode(((c >> 6) & 63) | 128);utftext += String.fromCharCode((c & 63) | 128)}}return utftext}function binb2hex(binarray) {var hex_tab = hexcase ? "0123456789ABCDEF" : "0123456789abcdef";var str = "";for (var i = 0; i < binarray.length * 4; i++) {str += hex_tab.charAt((binarray[i >> 2] >> ((3 - i % 4) * 8 + 4)) & 0xF) + hex_tab.charAt((binarray[i >> 2] >> ((3 - i % 4) * 8)) & 0xF)}return str}s = Utf8Encode(s);return binb2hex(core_sha256(str2binb(s), s.length * chrsz))
};
调用GEN_SHA256把body参数拿出来丢进去最后toString一下
接下来的六、七部分当然也就不需要给出思路了,一个版本号一个时间戳,大家自行生成即可!!!
最最最后面的AES,也是重点,话不多说,实现算法如下所示:
function _aesEncrypt(data) {var i = CryptoJS.AES.encrypt(data,CryptoJS.enc.Utf8.parse('_M6Y?dvfN40VMF[X'), // 密钥{iv: CryptoJS.enc.Utf8.parse(["01", "02", "03", "04", "05", "06", "07", "08"].join(""))});return CryptoJS.enc.Base64.encode(i.ciphertext)
}
data是什么?是ENV构造的环境参数,包括版本号、指纹、设备信息的参数,不懂没关系,我贴一个图给你思路,如下所示:
最后,我们来测试一下校验一下这JS的算法效果,如下所示:
这里,我们以价格查询接口为示例,编写Python示例调用加密算法,去请求接口,如下所示:
当前纯算法稳定!无任何601,当然算法不对就是601,也不全是!比如上面的价格接口它是有TLS指纹校验的,请求的时候用三方模块处理一下即可!不然的话也会出现601