最新h5st(4.7.2)参数分析与纯算法还原(含算法源码)

文章目录

  • 1. 写在前面
  • 2. 加密分析
  • 3. 算法还原

【🏠作者主页】:吴秋霖
【💼作者介绍】:擅长爬虫与JS加密逆向分析!Python领域优质创作者、CSDN博客专家、阿里云博客专家、华为云享专家。一路走来长期坚守并致力于Python与爬虫领域研究与开发工作!
【🌟作者推荐】:对爬虫领域以及JS逆向分析感兴趣的朋友可以关注《爬虫JS逆向实战》《深耕爬虫领域》
未来作者会持续更新所用到、学到、看到的技术知识!包括但不限于:各类验证码突防、爬虫APP与JS逆向分析、RPA自动化、分布式爬虫、Python领域等相关文章

作者声明:文章仅供学习交流与参考!严禁用于任何商业与非法用途!否则由此产生的一切后果均与作者无关!如有侵权,请联系作者本人进行删除!

1. 写在前面

  又是一个忙碌的周末!其实最新有研究很多新的东西~但一直也没时间去写文章!上次发布的关于h5st参数的文章,是4.2版本的,批量商品价格查询。没几天全部更新到了4.7,现在小版本也是更新不断!不过小版本并不会受到太大的一个影响,本次文章更新的算法分析还原为最新4.7大版本下的4.7.2小版本~~

在这里插入图片描述

2. 加密分析

首先,接口请求的参数啥的就不再过多的去分析,主要看看核心点,目前全部VMP化,先把加密值拿出来,如下所示:

20240602103029809;5gtm6nz5ygggi9i8;f06cc;tk03w83c31b9341lMXgxWV9ScV9T5XO0c4lf3D7C4_8ewrP-y5CbOpQMxXJtPJoRrTYLui0MOiXN6oSSmP8Lwj0A6ghi;41cfe0ef53fa6ef42f0c090e80fac571be52efc6d951c5749036fb8edc892de3;4.7;1717295429809;TKmW3TyExztvDjBvYW30spstXUA9USbfpQA2Z0cZM9L1VhcxddydRM47xpgvr9gF1nxvSbHGC822PZqAj-untQlDF4PnJ0Hf1Ilqo8hI63Ymujt8frJjHYiCZK_VL5qL6uWRqrkdShS9QVb-UatJZSq8fRWDAxec-u0Ix4xN0XCKsQk4deD2JTt97sw4UlkGVqXbTOnXzyEQ-GTGuMi_gO-qtogbuof-tt5aNubxmj2ZcBxUGJOC9AkC1m6rZFKpSRCIob0WfsB6qSaH7fCv0-Ec7AwbiRbE_7C6-dAuo8ua3M8D4UdUNQAep_YCy4xEV_zuUUgKb3noPhz7rTiN1tS03CdM-n9YKsQaAEuJdlXhUQV8fY_p5xIpUsrVxOLCu7nZggE7nDk8PeheJO0dl8zjLad9Prk3hGJ0DQIeqffFGvzEemLTD52YgeDqWQHLXbk3

4.2之前是没有sign签名段的,可以看到整个加密参数的值跟上次的4.2是有区别的!同样经过多块组合拼接而成的 ,不过最新的以分号拆开大约分为8个部分了!

第一部分是一个时间格式的字符串,后续我们可以自行生成

第二部分则是fingerprint指纹,这个是需要算法生成的,第三部分可固定

第四部分tk则拼接多个参数加上指纹通过加密算法生成

第五部分签名Sign参数,通过对Token、fingerprint、时间戳、APPID

第六部分分别是算法的版本号以及时间戳!这个自行填写

第七部分时间戳

最后一部分的大长串则是上面参数经过最终AES加密生成

3. 算法还原

接下来这里作者按上面拆分出来的几部分,附上扣出来的算法并附上粗浅的讲解,第部分的时间戳这里也给一下,主打的就是喂饭,时间参代码实现如下:

function timestampToFormat(timestamp) {const date = new Date(timestamp);const pad = (num, size) => String(num).padStart(size, '0');return `${date.getFullYear()}${pad(date.getMonth() + 1, 2)}${pad(date.getDate(), 2)}${pad(date.getHours(), 2)}${pad(date.getMinutes(), 2)}${pad(date.getSeconds(), 2)}${pad(date.getMilliseconds(), 3)}`;
}

部分我们需要还原的是FP的指纹,加密算法实现如下:

!function () {function t(e) {for (var t = "", r = 0; r < e.length;) {var n = e.charCodeAt(r++);t += n > 63 ? String.fromCharCode(32 ^ n) : 35 == n ? e.charAt(r++) : String.fromCharCode(n)}return t}var r = [t("SIZE"), "num", t("SPLIT"), "", t("DEFAULT"), t("CALL"), t("PUSH"), "pop", t("TOsTRING"), t("JOIN"), t("DEFAULT"), t("CALL"), t("REPLACE"), ""], n = Function.prototype.call,a = [2, 66, 17, 98, 16, 25, 286, 76, 37, 17, 58, 16, 13, 25, -2821, 25, -8150, 68, 25, 10976, 68, 91, 74, 17, 26, 16, 4, 78, 17, 73, 16, 13, 7, 91, 62, 17, 36, 16, 32, 88, 80, 0, 46, 80, 1, 76, 7, 68, 36, 16, 32, 25, -3718, 25, 2322, 68, 25, 1412, 68, 25, 575, 25, 6105, 68, 25, -6675, 68, 3, 88, 3, 25, 6578, 25, -9306, 68, 25, 2729, 68, 3, 80, 0, 46, 80, 1, 76, 68, 88, 68, 5, 17, 48, 70, 2, 52, 3, 76, 54, 17, 63, 17, 60, 93, 4, 40, 72, 76, 70, 5, 72, 25, 8402, 25, -5374, 68, 25, -3028, 68, 25, -8134, 25, -8213, 68, 25, 16362, 68, 65, 71, 17, 63, 17, 60, 93, 4, 40, 72, 76, 70, 5, 72, 25, 6175, 25, 4230, 68, 25, -10390, 68, 91, 79, 17, 67, 0, 33, 17, 30, 45, 95, 70, 6, 25, -5057, 25, 6375, 68, 25, -1283, 68, 63, 17, 49, 93, 4, 40, 87, 70, 7, 4, 25, 3357, 25, -5902, 68, 25, 2581, 68, 91, 3, 70, 8, 25, -8817, 25, 8543, 68, 25, 310, 68, 76, 76, 17, 87, 51, 25, 8755, 25, -8004, 68, 25, -751, 68, 34, 42, -56, 63, 17, 69, 93, 4, 40, 95, 76, 70, 5, 95, 14, 91, 33, 17, 95, 70, 9, 52, 3, 76, 29, 17, 27, 90, 39, 73, -2215, 73, -5180, 68, 73, 7395, 68, 94, 58, 50, 44, 49, 58, 76, 21, 0, 71, 4, 93, 70, 1, 4, 11, 79, 22, 84, 55, 58, 82, 73, -6046, 73, -7717, 68, 73, 13764, 68, 2, 60, 86, 11, 4, 70, 2, 11, 79, 22, 98, 3, 84, 39, 58, 27, 58, 79, 11, 36, 74, 91, -48, 4, 90, 20], o = zk, i = Array.from, c = Symbol, s = eh, u = Array.isArray, l = Og.exports;var generateVisitKey = function () {for (var e, t, o, i, c, s, u, l, p, v, d, _, x = n, S = a, A = [], E = 0; ;)switch (S[E++]) {case 2:A.push(y);break;case 3:_ = A.pop(),A[A.length - 1] -= _;break;case 4:null != A[A.length - 1] ? A[A.length - 2] = x.call(A[A.length - 2], A[A.length - 1]) : (_ = A[A.length - 2],A[A.length - 2] = _()),A.length--;break;case 5:s = A[A.length - 1];break;case 7:A.push(o);break;case 13:A.push(t);break;case 14:A.push(p);break;case 16:A.push(null);break;case 17:A.pop();break;case 25:A.push(S[E++]);break;case 26:A.push(b);break;case 27:A.push(d);break;case 29:d = A[A.length - 1];break;case 30:E += S[E];break;case 32:A.push({});break;case 33:v = A[A.length - 1];break;case 34:_ = A.pop(),A[A.length - 1] = A[A.length - 1] > _;break;case 36:A.push(m);break;case 37:t = A[A.length - 1];break;case 39:return;case 40:A.push(void 0);break;case 42:A.pop() ? E += S[E] : ++E;break;case 46:A.push(c);break;case 48:A.push(s);break;case 49:A.push(h);break;case 51:A[A.length - 1] = A[A.length - 1].length;break;case 52:A.push(r[S[E++]]);break;case 54:u = A[A.length - 1];break;case 58:A.push(k);break;case 60:A.push(f);break;case 62:c = A[A.length - 1];break;case 63:A.push(0);break;case 65:A[A.length - 5] = x.call(A[A.length - 5], A[A.length - 4], A[A.length - 3], A[A.length - 2], A[A.length - 1]),A.length -= 4;break;case 66:e = A[A.length - 1];break;case 67:A.push(new Array(S[E++]));break;case 68:_ = A.pop(),A[A.length - 1] += _;break;case 69:A.push(g);break;case 70:A.push(A[A.length - 1]),A[A.length - 2] = A[A.length - 2][r[S[E++]]];break;case 71:l = A[A.length - 1];break;case 72:A.push(u);break;case 73:A.push(w);break;case 74:o = A[A.length - 1];break;case 76:null != A[A.length - 2] ? (A[A.length - 3] = x.call(A[A.length - 3], A[A.length - 2], A[A.length - 1]),A.length -= 2) : (_ = A[A.length - 3],A[A.length - 3] = _(A[A.length - 1]),A.length -= 2);break;case 78:i = A[A.length - 1];break;case 79:p = A[A.length - 1];break;case 80:A[A.length - 2][r[S[E++]]] = A[A.length - 1],A.length--;break;case 87:A.push(l);break;case 88:A.push(i);break;case 90:return A.pop();case 91:A[A.length - 4] = x.call(A[A.length - 4], A[A.length - 3], A[A.length - 2], A[A.length - 1]),A.length -= 3;break;case 93:A[A.length - 1] = A[A.length - 1][r[S[E++]]];break;case 95:A.push(v);break;case 98:A.push(e)}};var h = l(nm), f = l(zk), g = l(j_), p = l(Rk);function v(e, t) {var r = void 0 !== c && s(e) || e["@@iterator"];if (!r) {if (u(e) || (r = function (e, t) {var r;if (!e)return;if ("string" == typeof e)return d(e, t);var n = o(r = Object.prototype.toString.call(e)).call(r, 8, -1);"Object" === n && e.constructor && (n = e.constructor.name);if ("Map" === n || "Set" === n)return i(e);if ("Arguments" === n || /^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n))return d(e, t)}(e)) || t && e && "number" == typeof e.length) {r && (e = r);var n = 0, a = function () {};return {s: a,n: function () {return n >= e.length ? {done: !0} : {done: !1,value: e[n++]}},e: function (e) {throw e},f: a}}throw new TypeError("Invalid attempt to iterate non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}var l, h = !0, f = !1;return {s: function () {r = r.call(e)},n: function () {var e = r.next();return h = e.done,e},e: function (e) {f = !0,l = e},f: function () {try {h || null == r.return || r.return()} finally {if (f)throw l}}}}function d(e, t) {(null == t || t > e.length) && (t = e.length);for (var r = 0, n = new Array(t); r < t; r++)n[r] = e[r];return n}function b() {return 10 * Math.random() | 0}function y(e, t) {var r = _();return y = function (t, n) {var a = r[t -= 280];if (void 0 === y.RpSzcS) {y.licQQm = function (e) {for (var t, r, n = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=", a = "", o = "", i = 0, c = 0; r = e.charAt(c++); ~r && (t = i % 4 ? 64 * t + r : r,i++ % 4) ? a += String.fromCharCode(255 & t >> (-2 * i & 6)) : 0)r = (0,p.default)(n).call(n, r);for (var s = 0, u = a.length; s < u; s++) {var l;o += "%" + (0,f.default)(l = "00" + a.charCodeAt(s).toString(16)).call(l, -2)}return decodeURIComponent(o)},e = arguments,y.RpSzcS = !0}var o = t + r[0].substring(0, 2), i = e[o];return i ? a = i : (a = y.licQQm(a),e[o] = a),a},y(e, t)}function k(e, t) {var r, n = [], a = e.length, o = v(e);try {for (o.s(); !(r = o.n()).done;) {var i = r.value;if (Math.random() * a < t && (n.push(i),0 == --t))break;a--}} catch (e) {o.e(e)} finally {o.f()}for (var c = "", s = 0; s < n.length; s++) {var u = Math.random() * (n.length - s) | 0;c += n[u],n[u] = n[n.length - s - 1]}return c}function m(e) {for (var t = e.size, r = e.num, n = ""; t--;)n += r[Math.random() * r.length | 0];return n}function w(e, t) {for (var o, i, c, s = n, u = a, l = [], h = 239; ;)switch (u[h++]) {case 2:l[l.length - 1] = -l[l.length - 1];break;case 4:l.push(e);break;case 11:l.push(t);break;case 20:return;case 21:l[l.length - 1] = l[l.length - 1][r[10 + u[h++]]];break;case 22:l[l.length - 2] = l[l.length - 2][l[l.length - 1]],l.length--;break;case 27:l.push(o++);break;case 36:l[l.length - 1] = l[l.length - 1].length;break;case 39:e = l[l.length - 1];break;case 49:l.push(0);break;case 50:h += u[h];break;case 55:i = l[l.length - 1];break;case 58:l.pop();break;case 60:c = l.pop(),l[l.length - 1] = l[l.length - 1] !== c;break;case 68:c = l.pop(),l[l.length - 1] += c;break;case 70:l.push(l[l.length - 1]),l[l.length - 2] = l[l.length - 2][r[10 + u[h++]]];break;case 71:l.push(void 0);break;case 73:l.push(u[h++]);break;case 74:c = l.pop(),l[l.length - 1] = l[l.length - 1] < c;break;case 76:l.push(p);break;case 79:l.push(o);break;case 82:l.push(i);break;case 84:l[l.length - 4] = s.call(l[l.length - 4], l[l.length - 3], l[l.length - 2], l[l.length - 1]),l.length -= 3;break;case 86:l[l.length - 1] ? (++h,--l.length) : h += u[h];break;case 90:return l.pop();case 91:l.pop() ? h += u[h] : ++h;break;case 93:null != l[l.length - 2] ? (l[l.length - 3] = s.call(l[l.length - 3], l[l.length - 2], l[l.length - 1]),l.length -= 2) : (c = l[l.length - 3],l[l.length - 3] = c(l[l.length - 1]),l.length -= 2);break;case 94:o = l[l.length - 1];break;case 98:l.push(r[10 + u[h++]])}}function _() {var e = ["ndqXnZqYofn2uw90Ca", "nJyYmtm3Cvrcvhvc", "mty2ntG2nhrZsg9WtW", "mJjMswjnv0C", "mte5mte0nwP4ugrqAW", "nNHJEvrWva", "odiXmJqXnLf6vKfgvW", "ouPpuNDkDa", "mta0ntK5mgTPwM5TAW", "mMT4AhLiDq", "nZe3nJq4yKHWwunj", "mxvJDdzKmgPOCq", "mZbqBvzVCfu"];return (_ = function () {return e})()}!function (e, t) {for (var r = y, n = e(); ;)try {if (676921 === -(0,h.default)(r(284)) / 1 * ((0,h.default)(r(285)) / 2) + (0,h.default)(r(280)) / 3 * ((0,h.default)(r(290)) / 4) + -(0,h.default)(r(292)) / 5 * ((0,h.default)(r(287)) / 6) + (0,h.default)(r(289)) / 7 + (0,h.default)(r(281)) / 8 * ((0,h.default)(r(282)) / 9) + -(0,h.default)(r(283)) / 10 + -(0,h.default)(r(291)) / 11 * (-(0,h.default)(r(288)) / 12))break;n.push(n.shift())} catch (e) {n.push(n.shift())}}(_)
}();

部分的APPID直接取AID即可,这里不需要过多的分析

接下来就是第部分的Token生成了,加密算法实现如下所示:

var getLocalTK;
!function () {function t(e) {for (var t = "", r = 0; r < e.length;) {var n = e.charCodeAt(r++);t += n > 63 ? String.fromCharCode(53 ^ n) : 35 == n ? e.charAt(r++) : String.fromCharCode(n)}return t}var r = ["tk", t("XTR#iV"), "03", t("CPGF#iZ["), "w", t("EYTASZGX"), "41", t("PME#iGPF"), "l", t("EGZQ@VPG"), t("PMEG"), t("V#iE]PG"), t("TQYPG32"), t("RPAgT[QZX|qeGZ"), t("F#iOP"), t("Q#iVAaLEP"), t("V@FAZXq#iVA"), "", t("QPST@YA"), "C2", t("ETGFP"), t("P[VGLEA"), t("_Z#i["), "iv", t("SGZXwTFP64"), t("FAG#i[R#iSL"), t("V#iE]PGAPMA"), t("QPST@YA"), t("EGZAZALEP"), t("VTYY"), "set", "buf", t("AZfAG#i[R"), t("F@WFAG"), t("V]TGvZQPtA"), t("V]TGvZQPtA"), t("V]TGvZQPtA"), t("SYZZG"), "pow", t("FPA`#i[A32"), t("FPA|[A16"), t("RPAgT[QZX|qeGZ"), t("F#iOP"), t("Q#iVAaLEP"), t("V@FAZXq#iVA"), "1", "2", "3", "+", "x", t("SYZZG"), t("GT[QZX"), "", t("F@WFAG"), t("QPST@YA"), t("ETGFP"), t("FAG#i[R#iSL"), t("SGZXwTFP64")], n = Function.prototype.call,a = [23, 64, 79, 28, 21, 0, 99, 1, 79, 28, 21, 2, 99, 3, 79, 28, 21, 4, 99, 5, 79, 28, 21, 6, 99, 7, 79, 28, 21, 8, 99, 9, 79, 28, 50, 11, 49, 99, 10, 79, 28, 12, 11, 53, 46, 99, 11, 79, 28, 24, 11, 28, 29, 1, 28, 29, 3, 17, 28, 29, 5, 17, 28, 29, 7, 17, 28, 29, 9, 17, 28, 29, 10, 17, 28, 29, 11, 17, 46, 99, 12, 79, 28, 29, 1, 28, 29, 3, 17, 28, 29, 5, 17, 28, 29, 12, 17, 28, 29, 7, 17, 28, 29, 9, 17, 28, 29, 10, 17, 28, 29, 11, 17, 51, 35, 45, 75, 54, 64, 54, 70, 20, 0, 63, 5, 4, 32, 69, 1, 28, 81, 4, 178, 40, 69, 2, 81, 69, 3, 40, 6, 54, 68, 4, 42, 54, 64, 54, 86, 20, 5, 63, 21, 61, 54, 68, 6, 99, 54, 28, 81, 4, 182, 40, 52, 54, 31, 81, 95, 16, 19, 10, 18, 38, 54, 26, 98, 81, 78, 40, 83, 42, 54, 26, 98, 81, 19, 40, 83, 42, 54, 26, 98, 81, 10, 40, 83, 42, 54, 26, 22, 81, 16, 40, 83, 42, 54, 26, 98, 81, 95, 40, 83, 42, 54, 97, 20, 5, 80, 7, 26, 40, 27, 54, 76, 20, 5, 80, 8, 39, 47, 20, 5, 80, 7, 77, 40, 5, 47, 20, 5, 80, 7, 29, 80, 9, 68, 4, 40, 40, 69, 10, 73, 89, 54, 64, 54, 70, 20, 11, 63, 56, 20, 5, 80, 12, 37, 20, 13, 40, 40, 88, 7, 14, 10, 70, 74, 20, 22, 253, 22, -2067, 96, 22, 1830, 96, 60, 52, 70, 17, 70, 98, 51, 0, 20, 97, 51, 1, 53, 25, 2, 75, 73, 19, 70, 65, 15, 49, 53, 91, 70, 74, 20, 22, -1530, 22, 415, 96, 22, 1117, 96, 60, 68, 70, 17, 70, 98, 51, 0, 20, 97, 51, 1, 53, 25, 2, 48, 92, 19, 70, 74, 20, 22, -7373, 22, 4503, 96, 22, 2882, 96, 60, 16, 70, 17, 70, 98, 51, 0, 20, 97, 51, 1, 53, 25, 2, 81, 84, 19, 70, 74, 20, 22, 5169, 22, -9153, 96, 22, 4022, 96, 60, 30, 70, 33, 25, 3, 48, 53, 70, 33, 25, 3, 81, 22, -7348, 22, 4861, 96, 22, 2489, 96, 19, 70, 33, 25, 3, 43, 22, -7830, 22, -2494, 96, 22, 10338, 96, 19, 70, 33, 25, 3, 75, 22, 6556, 22, -649, 96, 22, -5885, 96, 19, 70, 13, 51, 0, 25, 4, 33, 53, 71, 70, 83, 22, 8329, 22, -2927, 96, 22, -5402, 96, 21, 71, 70, 76, 15, 22, 187, 53, 83, 25, 5, 22, -3433, 22, 1157, 96, 22, 2292, 96, 53, 96, 72, 70, 47, 25, 6, 47, 32, 22, -47, 22, -1896, 96, 22, 1951, 96, 86, 53, 89, 57, 79, 77, 67, 12, 0, 77, 56, 62, 4, 30, 23, 45, 87, 9, 0, 45, 15, 62, 95, 16, 2, 51, 30, 44, 0, 51, 4, 24, 1, 7, 69, 24, 64, 5, 42, 77, 78, 0, 98, 77, 78, 1, 65, 6751, 65, -342, 81, 65, -6407, 81, 65, 5336, 65, -6432, 81, 65, 1128, 81, 72, 95, 13, 85, 42, 98, 77, 78, 1, 65, -310, 65, 8475, 81, 65, -8163, 81, 65, 32, 72, 88, 1, 42, 94, 24, 65, 5048, 65, -9090, 81, 65, 4050, 81, 2, 67, 42, 8, 24, 32, 2, 37, 42, 12, 71, 32, 16, 78, 2, 65, -5825, 65, -8303, 81, 65, 14128, 81, 47, 12, 34, 42, 16, 78, 2, 65, -4393, 65, -6070, 81, 65, 10467, 81, 56, 12, 34, 80, 30, 16, 78, 2, 65, -8374, 65, -5679, 81, 65, 14053, 81, 56, 12, 34, 42, 16, 78, 2, 65, 5472, 65, -7245, 81, 65, 1777, 81, 47, 12, 34, 42, 52, 24, 32, 2, 20, 93, 94, 60, 29, 2, 79, 92, 78, 62, 60, 1, 79, 59, 0, 29, -4658, 29, -4430, 87, 29, 9088, 87, 29, 6433, 29, 9036, 87, 29, -15213, 87, 48, 0, 85, 85, 97, 78, 27, 60, 1, 79, 29, 6857, 29, -8577, 87, 29, 1720, 87, 4, 29, -353, 29, -2847, 87, 29, 3456, 87, 42, 37, 99, 2, 7, 71, 62, 71, 30, 63, 0, 29, 12, 35, 32, 93, 1, 18, 8, 35, 178, 48, 93, 2, 8, 93, 3, 48, 85, 71, 36, 3, 62, 53, 4, 17, 92, 53, 5, 17, 35, 2, 53, 6, 17, 24, 71, 36, 2, 62, 53, 7, 17, 92, 53, 8, 17, 27, 71, 35, -1160, 35, -3905, 84, 35, 5067, 84, 21, 45, 9, 21, 45, 10, 14, 35, 5398, 35, 8267, 84, 35, -13661, 84, 78, 48, 84, 81, 71, 53, 11, 83, 71, 35, 6113, 35, -8607, 84, 35, 2494, 84, 22, 71, 41, 63, 61, 59, 21, 45, 9, 21, 45, 10, 14, 35, 4505, 35, -8459, 84, 35, 3957, 84, 78, 48, 31, 84, 83, 71, 3, 49, 35, -7624, 35, 707, 84, 35, 6918, 84, 76, 97, 95, 23, 61, 60, 21, 45, 9, 21, 45, 10, 14, 35, -7093, 35, -9161, 84, 35, 16256, 84, 78, 48, 31, 84, 83, 71, 56, 71, 3, 49, 97, 86, -66, 61, 69, 35, -8937, 35, -657, 84, 35, 9603, 84, 97, 95, 27, 61, 1, 45, 12, 35, -1991, 35, -3690, 84, 35, 5681, 84, 35, 3277, 35, -1882, 84, 35, -1386, 84, 61, 69, 76, 32, 84, 83, 71, 38, 63, 13, 45, 14, 61, 48, 94, 71, 23, 63, 13, 45, 15, 15, 48, 19, 71, 62, 71, 30, 63, 16, 29, 74, 48, 65, 44], o = Og.exports;var genLocalTK = function (e) {for (var t, o, i = n, c = a, s = [], u = 0; ;)switch (c[u++]) {case 11:s.push(null);break;case 12:s.push(x);break;case 17:o = s.pop(),s[s.length - 1] += o;break;case 21:s.push(r[c[u++]]);break;case 23:s.push({});break;case 24:s.push(_);break;case 28:s.push(t);break;case 29:s[s.length - 1] = s[s.length - 1][r[c[u++]]];break;case 35:return;case 46:null != s[s.length - 2] ? (s[s.length - 3] = i.call(s[s.length - 3], s[s.length - 2], s[s.length - 1]),s.length -= 2) : (o = s[s.length - 3],s[s.length - 3] = o(s[s.length - 1]),s.length -= 2);break;case 49:null != s[s.length - 1] ? s[s.length - 2] = i.call(s[s.length - 2], s[s.length - 1]) : (o = s[s.length - 2],s[s.length - 2] = o()),s.length--;break;case 50:s.push(j);break;case 51:return s.pop();case 53:s.push(e);break;case 64:t = s[s.length - 1];break;case 79:s.pop();break;case 99:s[s.length - 2][r[c[u++]]] = s[s.length - 1],s[s.length - 2] = s[s.length - 1],s.length--}};var i = o(nm), c = o(cm), s = o(Rk), u = o(zk), l = o(xm), h = o(Om), f = vx, g = o(eA.exports), p = o(rA.exports), v = o(tA.exports), d = o($S.exports), b = o(yA), y = S;!function (e, t) {for (var r = S, n = e(); ;)try {if (569306 === (0,i.default)(r(173)) / 1 + (0,i.default)(r(175)) / 2 * (-(0,i.default)(r(188)) / 3) + -(0,i.default)(r(179)) / 4 * (-(0,i.default)(r(177)) / 5) + (0,i.default)(r(174)) / 6 * ((0,i.default)(r(184)) / 7) + -(0,i.default)(r(186)) / 8 + -(0,i.default)(r(180)) / 9 * ((0,i.default)(r(183)) / 10) + -(0,i.default)(r(176)) / 11 * ((0,i.default)(r(181)) / 12))break;n.push(n.shift())} catch (e) {n.push(n.shift())}}(w);var k = y(185), m = ["01", "02", "03", "04", "05", "06", "07", "08"];function w() {var e = ["mdaWmdaWmda", "ndK0nZLNr3vswMW", "mta0mZy5owvft0Lhzq", "mta0odjODNngCKO", "ndbvqvzcq1i", "ode3m2DqBxjfta", "mZG3ndyZmhjSvxfsEa", "Bwf4", "nhPZsurozW", "nJCXmJaYovbVwKfNvW", "nJi2nhzjqMnZsq", "sZnYt3fntdbrCsze", "mtbIu0Xbuhi", "mZK2mKrLBwH2zG", "puyPp243qf1prLG2mMjunq", "nJe5nZa3mNjJuK5xrq"];return (w = function () {return e})()}function _(e) {var t = y, r = b.default.str(e);r >>>= 0;var n = t(187) + r.toString(16);return n.substr(n.length - 8)}function S(e, t) {var r = w();return S = function (t, n) {var a = r[t -= 173];if (void 0 === S.zUShtv) {S.CXUmZy = function (e) {for (var t, r, n = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=", a = "", o = "", i = 0, c = 0; r = e.charAt(c++); ~r && (t = i % 4 ? 64 * t + r : r,i++ % 4) ? a += String.fromCharCode(255 & t >> (-2 * i & 6)) : 0)r = (0,s.default)(n).call(n, r);for (var l = 0, h = a.length; l < h; l++) {var f;o += "%" + (0,u.default)(f = "00" + a.charCodeAt(l).toString(16)).call(f, -2)}return decodeURIComponent(o)},e = arguments,S.zUShtv = !0}var o = t + r[0].substring(0, 2), i = e[o];return i ? a = i : (a = S.CXUmZy(a),e[o] = a),a},S(e, t)}function E(e) {return (0,h.default)(Array.prototype).call(e, (function (e) {var t;return (0,u.default)(t = "00" + (255 & e).toString(16)).call(t, -2)})).join("")}function C(e) {var t = new Uint8Array(e.length);return (0,l.default)(Array.prototype).call(t, (function (t, r, n) {n[r] = e.charCodeAt(r)})),E(t)}function O(e) {return E(T(e))}getLocalTK = genLocalTK
}();

直接调用getLocalTK,入参则是上面的get_fingerprint指纹值

部分的Sign签名其实算比较复杂的一部分了,多参数参与了加密,核心算法实现如下:

!function () {function t(e) {for (var t = "", r = 0; r < e.length;) {var n = e.charCodeAt(r++);t += n > 63 ? String.fromCharCode(24 ^ n) : 35 == n ? e.charAt(r++) : String.fromCharCode(n)}return t}var r = ["", t("|}~ymtl"), t("kljqv#gq~a"), t("hyjk}"), t("lwZyk}64"), t("GGhyjk}Lws}v"), t("uyl{p"), t("FC123E(C`+EC123E)+"), t("khtql"), t("G|}~ymtlYt#gwjqlpu"), t("{ytt"), "log", t("G|}zm#g"), "", t("TW[YTGYT_WJQLPUGHJ]^Q@"), "+", "x", t("GGyt#gwjqlpu"), t("|}~ymtl"), t("{ytt"), t("|}~ymtl"), t("{ytt"), t("rwqv"), "&", t("lwKljqv#g"), "log", t("G|}zm#g"), "key", ":", t("nytm}"), "", t("|}~ymtl"), t("~wjuyl"), "07", t("GqkVwjuyt"), t("GG#g}vS}a"), t("Glws}v"), t("G~qv#g}jhjqvl"), t("GyhhQ|"), t("yt#gwk"), t("lwKljqv#g"), t("#g}vTw{ytLS"), t("G|}~ymtlLws}v"), t("GG#g}v#D}~ymtlS}a"), t("GG#g}vKq#gv"), t("{ytt"), t("rwqv"), ",", t("]VNQJWVU]VL"), t("GG#g}vKq#gvHyjyuk"), "log", t("G|}zm#g"), "key", t("kq#gvKlj"), t("Gkls"), t("Gkl}"), t("p5kl"), t("GwvKq#gv"), t("{w|}"), t("u}kky#g}"), t("Gn}jkqwv"), "v", t("GGRKGK][MJQLAGN]JKQWV"), t("kmzGn"), t("}`l}v|"), t("]jj[w|}k"), t("_]V]JYL]GKQ_VYLMJ]G^YQT]#D"), t("LWS]VG]UHLA"), "key", t("}vn[wtt}{l"), t("G~qv#g}jhjqvl"), "fp", t("Gzm{s}l"), t("|}~ymtl"), "log", t("G|}zm#g"), t("}v{jahl"), t("hyjk}"), "01", "02", "03", "04", "05", "06", "07", "08", t("rwqv"), "", "iv", t("}v{w|}"), t("{qhp}jl}`l"), t("|}~ymtl"), t("ojyh"), t("v}`l"), t("hj}n"), 0, 5, 10, 13, "end", t("|}~ymtl"), t("GG{p}{sHyjyuk"), t("yzjmhl"), t("j}lmjv"), t("GGj}im}kl#D}hk"), t("GG{wtt}{l"), t("GGuys}Kq#gv"), "log", t("G|}zm#g"), "ms", t("{yl{p"), "t0", t("GwvKq#gv"), t("]jj[w|}k"), t("MVPYV#DT]#DG]JJWJ"), t("{w|}"), t("u}kky#g}"), t("Gn}jkqwv"), "v", t("GGRKGK][MJQLAGN]JKQWV"), t("kmzGn"), t("}`l}v|"), t("klwh")], n = Function.prototype.call,o = [75, 1, 29, 51, 66, 29, 41, 0, 21, 29, 91, 68, 76, 397, 15, 79, 29, 41, 0, 3, 96, 40, 96, 4, 96, 56, 96, 90, 96, 53, 29, 16, 30, 1, 44, 2, 6, 30, 1, 44, 3, 88, 29, 85, 30, 4, 22, 75, 44, 5, 3, 76, 6038, 76, 6806, 96, 76, -12828, 96, 76, 4468, 76, -656, 96, 76, -3784, 96, 35, 15, 15, 15, 72, 29, 57, 44, 6, 37, 7, 15, 84, 29, 81, 77, 43, 81, 76, 8106, 76, 2295, 96, 76, -10401, 96, 9, 33, 29, 23, 44, 8, 41, 0, 15, 50, 29, 31, 9, 71, 29, 41, 0, 18, 29, 88, 29, 48, 30, 1, 22, 26, 15, 44, 10, 26, 32, 36, 29, 88, 29, 85, 30, 11, 22, 31, 12, 91, 68, 76, 413, 15, 62, 96, 91, 68, 76, 376, 15, 96, 57, 96, 91, 68, 76, 405, 15, 96, 87, 96, 36, 29, 87, 43, 98, 31, 32, 15, 41, 69, 96, 12, 43, 64, 85, 0, 48, 28, 1, 26, 69, 26, 90, 32, 62, 30, 5, 43, 47, 92, 80, 33, 2, 2, 6, 3, 22, 85, 0, 46, 26, 33, 87, 4, 30, 51, 7, 98, 26, 75, 32, 72, 23, 33, 87, 4, 30, 46, 7, 98, 75, 32, 72, 12, 33, 87, 4, 30, 51, 7, 98, 75, 32, 72, 1, 72, 38, 50, 32, 91, 28, 5, 83, 95, 2, 50, 85, 2, 2, 8, 85, 3, 2, 40, 96, 87, 6, 31, 69, 23, 74, 7495, 74, -6716, 26, 74, -779, 26, 59, 68, 3, 69, 65, 32, 53, 62, 47, 35, 25, 35, 93, 98, 0, 53, 34, 75, 50, 1, 34, 14, 72, 50, 2, 8, 3, 75, 95, 35, 25, 35, 96, 98, 0, 53, 85, 88, 72, 50, 4, 58, 98, 0, 75, 4, 35, 25, 35, 69, 98, 5, 53, 73, 6, 91, 2, 26, 399, 75, 85, 80, 91, 2, 26, 414, 75, 80, 28, 80, 72, 35, 28, 10, 52, 76, 7, 0, 61, 1, 65, 76, 7, 2, 65, 75, 16, 93, 98, 84, 92, 0, 37, 84, 19, 84, 22, 26, 1, 67, 4, 91, 84, 19, 84, 14, 26, 2, 67, 38, 18, 76, 63, 406, 65, 90, 11, 84, 35, 92, 3, 53, 83, 84, 74, 4, 16, 24, 42, 36, 5, 74, 6, 74, 7, 20, 74, 8, 74, 9, 17, 36, 10, 4, 95, 3, 92, 0, 37, 82, 26, 42, 19, 84, 29, 26, 11, 67, 74, 7, 65, 25, 12, 84, 42, 36, 13, 74, 12, 74, 7, 20, 74, 8, 88, 37, 84, 69, 5, 84, 57, 16, 136, 42, 36, 14, 57, 45, 90, 21, 84, 19, 84, 3, 26, 1, 67, 45, 65, 36, 15, 45, 8, 90, 36, 16, 92, 17, 65, 2, 84, 40, 26, 18, 12, 84, 42, 36, 19, 62, 38, 35, 34, 88, 41, 84, 19, 84, 59, 26, 20, 67, 74, 21, 18, 76, 63, 375, 65, 19, 84, 27, 26, 1, 67, 69, 57, 32, 22, 62, 32, 23, 33, 32, 24, 52, 32, 25, 54, 32, 26, 76, 63, 1119, 63, -3077, 53, 63, 1960, 53, 58, 53, 90, 84, 69, 33, 32, 24, 52, 32, 25, 54, 32, 26, 5, 84, 42, 36, 27, 69, 19, 32, 28, 18, 76, 63, 394, 65, 32, 29, 69, 74, 30, 32, 31, 40, 26, 32, 32, 33, 32, 34, 65, 84, 86, 39, 82, 76, 74, 6, 95, 3, 74, 12, 16, 34, 42, 36, 27, 69, 31, 26, 35, 26, 36, 32, 28, 18, 76, 63, 373, 65, 32, 29, 69, 74, 30, 32, 31, 40, 26, 32, 32, 33, 32, 34, 65, 82, 32, 42, 36, 27, 69, 31, 26, 35, 26, 37, 32, 28, 18, 76, 63, 381, 65, 32, 29, 69, 74, 30, 32, 31, 40, 26, 32, 32, 33, 32, 34, 65, 84, 86, 39, 1, 24, 61, 0, 40, 41, 41, 52, 8, 61, 8, 89, 92, 0, 44, 45, 5394, 45, 7249, 87, 45, -12642, 87, 15, 39, 8, 69, 27, 1, 95, 2, 8, 69, 11, 83, 45, 415, 15, 27, 3, 3, 8, 69, 11, 83, 45, 368, 15, 19, 11, 83, 45, 365, 15, 69, 11, 83, 45, 368, 15, 19, 11, 83, 45, 365, 15, 19, 45, 6472, 45, -4012, 87, 45, -2460, 87, 24, 40, 12, 45, 9932, 45, -4858, 87, 45, -5073, 87, 67, 51, 14, 69, 11, 83, 45, 368, 15, 19, 11, 83, 45, 365, 15, 19, 3, 8, 61, 8, 46, 92, 4, 44, 69, 83, 45, -8946, 45, 8447, 87, 45, 501, 87, 10, 36, 8, 61, 8, 16, 92, 5, 44, 27, 6, 11, 83, 45, 421, 15, 31, 87, 12, 8, 42, 92, 4, 20, 7, 31, 70, 92, 4, 20, 8, 11, 83, 45, 389, 15, 15, 74, 70, 92, 4, 20, 8, 50, 8, 61, 13, 9, 94, 84, 13, 10, 94, 45, 2, 13, 11, 94, 45, 3, 13, 12, 94, 45, 4, 13, 13, 94, 45, 5, 13, 14, 94, 45, 6, 13, 15, 94, 45, 7, 13, 16, 94, 20, 17, 13, 18, 15, 15, 33, 19, 10, 18, 8, 62, 92, 4, 20, 20, 79, 92, 21, 15, 5, 82, 46, 24, 58, 24, 35, 24, 65, 24, 23, 24, 72, 86, 0, 42, 1, 75, 13, 11, 21, 1, 87, 21, 2, 87, 89, 91, 89, 28, 10, 91, 91, 60, 15, 36, 76, 194, 75, 75, 23, 0, 17, 1, 35, 186, 5, 2, 12, 3, 58, 4, 122, 5, 181, 6, 181, 43, 19, 25, 75, 47, 17, 1, 25, 85, 25, 80, 23, 7, 61, 32, 97, 25, 44, 3, 8, 98, 94, 51, 25, 79, 21, 91, 77, 58, 9, 75, 2, 5, 17, 0, 25, 76, 137, 75, 3, 9, 68, 10, 98, 78, 88, 44, 3, 11, 32, 25, 44, 3, 12, 32, 29, 25, 44, 3, 13, 79, 12, 78, 28, 25, 75, 3, 9, 68, 10, 85, 25, 7, 23, 14, 61, 83, 15, 31, 21, 2, 374, 94, 85, 25, 80, 23, 7, 61, 32, 74, 34, 56, 68, 16, 56, 78, 25, 85, 25, 46, 23, 7, 61, 4, 98, 90, 70, 78, 88, 75, 2, 10, 17, 1, 25, 75, 75, 3, 17, 47, 94, 17, 18, 25, 75, 3, 9, 68, 10, 44, 3, 19, 4, 89, 23, 20, 23, 21, 99, 22, 31, 21, 2, 401, 94, 75, 23, 18, 56, 99, 23, 4, 83, 24, 99, 25, 63, 23, 26, 99, 27, 99, 28, 94, 25, 98, 78, 88, 75, 3, 29, 32, 88, 55, 66, -195, 30], i = a.exports, l = Og.exports;var v = l(Rk), d = l(zk), b = l(nm), y = l(cm), m = l(xm), w = l(Om), O = Lx, R = l($S.exports), z = l(eA.exports), L = l(tA.exports), I = l(rA.exports), B = l(cA.exports), N = l(R_.exports), G = l(sA.exports), F = l(uA.exports), H = l(hA.exports), W = l(fA.exports), U = vx;function Z(e, t) {var r = V();return Z = function (t, n) {var a = r[t -= 339];if (void 0 === Z.kfjFYr) {Z.VsajSZ = function (e) {for (var t, r, n = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=", a = "", o = "", i = 0, c = 0; r = e.charAt(c++); ~r && (t = i % 4 ? 64 * t + r : r,i++ % 4) ? a += String.fromCharCode(255 & t >> (-2 * i & 6)) : 0)r = (0,v.default)(n).call(n, r);for (var s = 0, u = a.length; s < u; s++) {var l;o += "%" + (0,d.default)(l = "00" + a.charCodeAt(s).toString(16)).call(l, -2)}return decodeURIComponent(o)},e = arguments,Z.kfjFYr = !0}var o = t + r[0].substring(0, 2), i = e[o];return i ? a = i : (a = Z.VsajSZ(a),e[o] = a),a},Z(e, t)}function V() {var e = ["x19Yzxf1zxn0rgvWCYb1C2uGy2fJAguGzNaSigzWoG", "x19JB2XSzwn0igvUDKnVBgXLy3q9", "x19Yzxf1zxn0qwXNB3jPDgHTt25Jzq", "x19Yzxf1zxn0qwXNB3jPDgHTihjLCxvLC3qGC3vJy2vZCYeSignOzwnRig1LBw9YEsbMCdO", "x19HBgDVCML0Ag0", "nJuYodqWB0nXwfPp", "x19Yzxf1zxn0rgvWCW", "x19Nzw5tAwDUugfYyw1Z", "CgfYyw1ZigLZig5VDcbHihbSywLUig9IAMvJDa", "x19Yzxf1zxn0rgvWCYbYzxf1zxn0ihrVA2vUigzHAwXLzcWGzxjYB3i6ia", "CMvXDwvZDcb0B2TLBIbMywLSzwqGA2v5oG", "ihrVA2vUoG", "ExL5Eu1nzgq", "Bg9HzcbYywmGANmGzMfPBce", "x19WyxjZzufSz29YAxrOBq", "x19Yzxf1zxn0qwXNB3jPDgHTigvUDKnVBgXLy3q9", "CgfYyw1ZigLZigvTChr5igfMDgvYigv4y2X1zgLUzYaIDw5ZywzLiIbWyxjHBxm", "x19JAgvJA1bHCMfTCW", "nc43", "Bg9JywXFA2v5xZm", "x19Yzxf1zxn0qwXNB3jPDgHTt25JzsbRzxK6", "lcbYzxrYEsbUzxH0ihrPBwuU", "x19Yzxf1zxn0rgvWCYbMCM9TignHy2HLlcbLBMqU", "lcbJAgvJAYbZDg9YywDLigzWoG", "C2v0DgLUz3mUyxbWswqGBxvZDcbIzsbHig5VBI1LBxb0EsbZDhjPBMC", "x19JB2XSzwn0", "C2LNBG", "CxvLCNLtzwXLy3rVCG", "yNuY", "BdfMBa", "lcbZDg9YywDLrNa6", "zxH0zw5K", "Ahr0Chm6lY9ZDg9YywDLlJm2mgj1EwLTzY5JB20VD2vIy29UDgfPBMvYl21HAw4VANmTC2vJDxjPDhKTDJmTCMfJlMPZp3y9", "BwfPBI5ZAwDUi19Fzgv0zwn0Aw5N", "DxnLig5VCM1HBfrVA2vU", "x19Yzxf1zxn0rgvWCYWGx19WyxjZzufSz29YAxrOBsbYzxn1Bhq6", "z2vUzxjHDguGA2v5igzHAwXLza", "C2LNBIbLBgfWC2vKihrPBwuH", "x19TywTLu2LNBIWGCMvZDwX0oG", "lgv4ChjLC3m9", "mtq0mtC3nKjKwLDQwG", "x19WyxjZzvrVA2vU", "x19Yzxf1zxn0rgvWCYbLBMqU", "z2v0vg9Rzw5F", "Dg9Rzw4GAxmGzw1WDhK", "mcfa", "CMv0DxjUia", "lcbHBgDVoG", "lcbFBg9HzgvKx2nHy2HLCZO", "CgfYyw1ZigLZigvTChr5", "x19Yzxf1zxn0qwXNB3jPDgHTigvUzc4", "y3jLyxrLigLUC3rHBMnLihDPDgGGyxbWswq9", "x002wt9KDMzondbwtuzBwa", "CgfYyw1ZignVBNrHAw5ZihjLC2vYDMvKihbHCMfTig5HBwuU", "DgvZDcbLCNi", "ntC5mdG5B0PlCuTl", "x19TywTLu2LNBG", "C3vJy2vZCW", "x19Yzxf1zxn0qwXNB3jPDgHTihn0yxj0lG", "CYnS", "odDUoceT", "nteZode4mNDTwKjxBq", "x19Nzw5tAwDUlcbWyxjHBxntDhi6", "lcbLpq", "Dw5RBM93BIbLCNjVCI4", "x19PBMLdB25MAwC", "nduXmtiWBhHjDKDU", "Bg9HzcbYywmGANmGC3vJy2vZCYe", "lgTLEt0", "ExL5Eu1nzgrOAg1TC3ntu1m", "mtGXnZm0nKrtDKPRwG", "x19Yzxf1zxn0rgvWCYbZDgfYDc4", "x19Nzw5tAwDU", "lcb0B2TLBJO", "lcbMCdO", "mZe0mdGYsuHeC3rs", "x19Nzw5ezwzHDwX0s2v5igLUChv0pq", "lcbZAwDUzwrtDhi6", "yNuX", "x19Nzw5ezwzHDwX0s2v5", "BwfPBI5ZAwDUi19FCMvXDwvZDerLChm", "x19Yzxf1zxn0qwXNB3jPDgHT", "x19Yzxf1zxn0rgvWCYb1C2uGBMv3igzWlcbMCdO"];return (V = function () {return e})()}var X = Z;(function (e, t) {for (var r = Z, n = e(); ;)try {if (296934 === -(0,b.default)(r(392)) / 1 + -(0,b.default)(r(342)) / 2 + -(0,b.default)(r(412)) / 3 + (0,b.default)(r(377)) / 4 + -(0,b.default)(r(403)) / 5 + (0,b.default)(r(407)) / 6 + (0,b.default)(r(398)) / 7)break;n.push(n.shift())} catch (e) {console.log(e)n.push(n.shift())}})(V);var __parseToken = function (e, t, r) {return e ? vk(e).call(e, t, r) : ""}, _defaultAlgorithm = {local_key_1: CryptoJS.MD5,local_key_2: CryptoJS.SHA256,local_key_3: CryptoJS.HmacSHA256}, algos = {MD5: CryptoJS.MD5,SHA256: CryptoJS.SHA256,SHA512: CryptoJS.SHA512,HmacSHA256: CryptoJS.HmacSHA256,HmacSHA512: CryptoJS.HmacSHA512,HmacMD5: CryptoJS.HmacMD5}, __algorithm = function (e, t, r) {var n = X, a = this._defaultAlgorithm[e];return e === 'local_key_3' ? a(t, r).toString(CryptoJS.enc.Hex) : a(t).toString(CryptoJS.enc.Hex)};var _this = {__parseToken: __parseToken,__algorithm: __algorithm,_defaultAlgorithm: _defaultAlgorithm,algos: algos};var genDefaultKey = function (e, t, a, i) {for (var c, s, u, l, h, f, g, p, d, b, y, k, w = n, _ = o, x = [], S = 0; ;)switch (_[S++]) {case 1:c = x[x.length - 1];break;case 3:x.push(e);break;case 4:x.push(a);break;case 6:x.push(R);break;case 9:x[x.length - 2] = x[x.length - 2][x[x.length - 1]],x.length--;break;case 15:null != x[x.length - 2] ? (x[x.length - 3] = w.call(x[x.length - 3], x[x.length - 2], x[x.length - 1]),x.length -= 2) : (k = x[x.length - 3],x[x.length - 3] = k(x[x.length - 1]),x.length -= 2);break;case 16:x.push(L);break;case 18:y = x[x.length - 1];break;case 21:u = x[x.length - 1];break;case 22:x.push(void 0);break;case 23:x.push(p);break;case 26:x.push(d);break;case 29:x.pop();break;case 30:x[x.length - 1] = x[x.length - 1][r[_[S++]]];break;case 31:x.push(_this[r[_[S++]]]);break;case 32:x.push((function (t) {var a, i, s, l, f = n, g = o, p = [], d = 162;e: for (; ;)switch (g[d++]) {case 2:p[p.length - 3][p[p.length - 2]] = p[p.length - 1],p.length -= 2;break;case 5:p[p.length - 2] = p[p.length - 2][p[p.length - 1]],p.length--;break;case 7:p.push(e);break;case 8:p.push(1);break;case 12:p[p.length - 1] = !p[p.length - 1];break;case 15:p.push(isNaN);break;case 23:p[p.length - 4] = f.call(p[p.length - 4], p[p.length - 3], p[p.length - 2], p[p.length - 1]),p.length -= 3;break;case 26:s = p.pop(),p[p.length - 1] += s;break;case 28:p[p.length - 1] = p[p.length - 1][r[13 + g[d++]]];break;case 30:p.push(i);break;case 31:p.push(a);break;case 32:p.pop();break;case 33:p.push(c);break;case 40:a = p[p.length - 1];break;case 41:p.push(null);break;case 43:p.pop() ? ++d : d += g[d];break;case 46:p.push(u);break;case 48:p.push(O);break;case 50:p.push(0);break;case 51:p.push(h);break;case 53:return;case 59:s = p.pop(),p[p.length - 1] = p[p.length - 1] >= s;break;case 62:p.push(b);break;case 65:y = p[p.length - 1];break;case 68:p[p.length - 1] ? (++d,--p.length) : d += g[d];break;case 69:p.push(t);break;case 72:d += g[d];break;case 74:p.push(g[d++]);break;case 75:u = p[p.length - 1];break;case 80:for (s = p.pop(),l = 0; l < g[d + 1]; ++l)if (s === r[13 + g[d + 2 * l + 2]]) {d += g[d + 2 * l + 3];continue e}d += g[d];break;case 83:p.push(void 0);break;case 85:p.push(r[13 + g[d++]]);break;case 87:p.push(p[p.length - 1]),p[p.length - 2] = p[p.length - 2][r[13 + g[d++]]];break;case 90:i = p[p.length - 1];break;case 91:p.push(v);break;case 92:p.push(y);break;case 95:p.push(new Array(g[d++]));break;case 96:null != p[p.length - 2] ? (p[p.length - 3] = f.call(p[p.length - 3], p[p.length - 2], p[p.length - 1]),p.length -= 2) : (s = p[p.length - 3],p[p.length - 3] = s(p[p.length - 1]),p.length -= 2);break;case 98:p[p.length - 5] = f.call(p[p.length - 5], p[p.length - 4], p[p.length - 3], p[p.length - 2], p[p.length - 1]),p.length -= 4}}));break;case 33:p = x[x.length - 1];break;case 35:x[x.length - 5] = w.call(x[x.length - 5], x[x.length - 4], x[x.length - 3], x[x.length - 2], x[x.length - 1]),x.length -= 4;break;case 36:x[x.length - 4] = w.call(x[x.length - 4], x[x.length - 3], x[x.length - 2], x[x.length - 1]),x.length -= 3;break;case 37:x.push(new RegExp(r[_[S++]]));break;case 40:x.push(t);break;case 41:x.push(r[_[S++]]);break;case 43:return x.pop();case 44:x.push(x[x.length - 1]),x[x.length - 2] = x[x.length - 2][r[_[S++]]];break;case 48:x.push(m);break;case 50:d = x[x.length - 1];break;case 51:x.push(X);break;case 53:h = x[x.length - 1];break;case 56:x.push(i);break;case 57:x.push(f);break;case 62:x.push(h);break;case 66:s = x[x.length - 1];break;case 68:x.push(null);break;case 71:b = x[x.length - 1];break;case 72:f = x[x.length - 1];break;case 75:x.push(_this);break;case 76:x.push(_[S++]);break;case 77:x.pop() ? ++S : S += _[S];break;case 79:l = x[x.length - 1];break;case 81:x.push(g);break;case 84:g = x[x.length - 1];break;case 85:x.push(U);break;case 87:x.push(u);break;case 88:x.push(0);break;case 90:x.push(l);break;case 91:x.push(s);break;case 96:k = x.pop(),x[x.length - 1] += k;break;case 98:return}};var genSign = function (e, t) {for (var a, i, c, s, u = n, l = o, h = [], f = 272; ;)switch (l[f++]) {case 2:h.push(null);break;case 4:c = h[h.length - 1];break;case 8:h.push(r[20 + l[f++]]);break;case 10:return h.pop();case 14:h.push((function (e) {for (var t, n = o, a = [], i = 340; ;)switch (n[i++]) {case 7:a[a.length - 1] = a[a.length - 1][r[27 + n[i++]]];break;case 16:return;case 61:a.push(r[27 + n[i++]]);break;case 65:t = a.pop(),a[a.length - 1] += t;break;case 75:return a.pop();case 76:a.push(e)}}));break;case 25:h.push(0);break;case 26:h.push(l[f++]);break;case 28:h.push(c);break;case 34:h.push(t);break;case 35:h.pop();break;case 47:a = h[h.length - 1];break;case 50:h.push(h[h.length - 1]),h[h.length - 2] = h[h.length - 2][r[20 + l[f++]]];break;case 52:return;case 53:h.push(void 0);break;case 58:h.push(z);break;case 62:h.push(X);break;case 69:h.push(U);break;case 72:h[h.length - 4] = u.call(h[h.length - 4], h[h.length - 3], h[h.length - 2], h[h.length - 1]),h.length -= 3;break;case 73:h.push(_this[r[20 + l[f++]]]);break;case 75:null != h[h.length - 2] ? (h[h.length - 3] = u.call(h[h.length - 3], h[h.length - 2], h[h.length - 1]),h.length -= 2) : (s = h[h.length - 3],h[h.length - 3] = s(h[h.length - 1]),h.length -= 2);break;case 80:s = h.pop(),h[h.length - 1] += s;break;case 85:h.push(i);break;case 88:h.push(e);break;case 91:h.push(a);break;case 93:h.push(w);break;case 95:i = h[h.length - 1];break;case 96:h.push(G);break;case 98:h[h.length - 1] = h[h.length - 1][r[20 + l[f++]]]}};

先调用genDefaultKey,入参是四个,分别是上面得到的Token、FP、APPID、时间戳+07拿到值,再调用签名函数getSign,入参数则是genDefaultKey的值加params,如下所示:

params = {"functionId": "mzhprice_getCustomRealPriceInfoForColor","appid": "search-pc-java","client": "pc","clientVersion": "1.0.0","t": str(int(time.time() * 1000)),"body": '{"skuPriceInfoRequestList":[{"skuId":"10105124153052"},{"skuId":"10102973236034"},{"skuId":"10060158269227"},{"skuId":"10085438117915"},{"skuId":"100023408281"},{"skuId":"10034095072591"},{"skuId":"10099066159774"},{"skuId":"10102882832111"},{"skuId":"10081102086006"},{"skuId":"10102882779610"},{"skuId":"10105124220789"},{"skuId":"10102882813512"},{"skuId":"10102882813511"},{"skuId":"10105124218483"},{"skuId":"100114410144"},{"skuId":"10093665009265"},{"skuId":"10039552855611"},{"skuId":"10036842860178"},{"skuId":"11677624998"},{"skuId":"26616715173"}],"area":"19_1659_37260_37346","source":"search_pc","fields":"11101100111001"}',
}

注意!其中body需要经过SHA256加密,实现算法如下所示:

function GEN_SHA256(s) {var chrsz = 8;var hexcase = 0;function safe_add(x, y) {var lsw = (x & 0xFFFF) + (y & 0xFFFF);var msw = (x >> 16) + (y >> 16) + (lsw >> 16);return (msw << 16) | (lsw & 0xFFFF)}function S(X, n) {return (X >>> n) | (X << (32 - n))}function R(X, n) {return (X >>> n)}function Ch(x, y, z) {return ((x & y) ^ ((~x) & z))}function Maj(x, y, z) {return ((x & y) ^ (x & z) ^ (y & z))}function Sigma0256(x) {return (S(x, 2) ^ S(x, 13) ^ S(x, 22))}function Sigma1256(x) {return (S(x, 6) ^ S(x, 11) ^ S(x, 25))}function Gamma0256(x) {return (S(x, 7) ^ S(x, 18) ^ R(x, 3))}function Gamma1256(x) {return (S(x, 17) ^ S(x, 19) ^ R(x, 10))}function core_sha256(m, l) {var K = new Array(0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5, 0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5, 0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3, 0x72BE5D74, 0x80DEB1FE, 0x9BDC06A7, 0xC19BF174, 0xE49B69C1, 0xEFBE4786, 0xFC19DC6, 0x240CA1CC, 0x2DE92C6F, 0x4A7484AA, 0x5CB0A9DC, 0x76F988DA, 0x983E5152, 0xA831C66D, 0xB00327C8, 0xBF597FC7, 0xC6E00BF3, 0xD5A79147, 0x6CA6351, 0x14292967, 0x27B70A85, 0x2E1B2138, 0x4D2C6DFC, 0x53380D13, 0x650A7354, 0x766A0ABB, 0x81C2C92E, 0x92722C85, 0xA2BFE8A1, 0xA81A664B, 0xC24B8B70, 0xC76C51A3, 0xD192E819, 0xD6990624, 0xF40E3585, 0x106AA070, 0x19A4C116, 0x1E376C08, 0x2748774C, 0x34B0BCB5, 0x391C0CB3, 0x4ED8AA4A, 0x5B9CCA4F, 0x682E6FF3, 0x748F82EE, 0x78A5636F, 0x84C87814, 0x8CC70208, 0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2);var HASH = new Array(0x6A09E667, 0xBB67AE85, 0x3C6EF372, 0xA54FF53A, 0x510E527F, 0x9B05688C, 0x1F83D9AB, 0x5BE0CD19);var W = new Array(64);var a, b, c, d, e, f, g, h, i, j;var T1, T2;m[l >> 5] |= 0x80 << (24 - l % 32);m[((l + 64 >> 9) << 4) + 15] = l;for (var i = 0; i < m.length; i += 16) {a = HASH[0];b = HASH[1];c = HASH[2];d = HASH[3];e = HASH[4];f = HASH[5];g = HASH[6];h = HASH[7];for (var j = 0; j < 64; j++) {if (j < 16)W[j] = m[j + i];elseW[j] = safe_add(safe_add(safe_add(Gamma1256(W[j - 2]), W[j - 7]), Gamma0256(W[j - 15])), W[j - 16]);T1 = safe_add(safe_add(safe_add(safe_add(h, Sigma1256(e)), Ch(e, f, g)), K[j]), W[j]);T2 = safe_add(Sigma0256(a), Maj(a, b, c));h = g;g = f;f = e;e = safe_add(d, T1);d = c;c = b;b = a;a = safe_add(T1, T2)}HASH[0] = safe_add(a, HASH[0]);HASH[1] = safe_add(b, HASH[1]);HASH[2] = safe_add(c, HASH[2]);HASH[3] = safe_add(d, HASH[3]);HASH[4] = safe_add(e, HASH[4]);HASH[5] = safe_add(f, HASH[5]);HASH[6] = safe_add(g, HASH[6]);HASH[7] = safe_add(h, HASH[7])}return HASH}function str2binb(str) {var bin = Array();var mask = (1 << chrsz) - 1;for (var i = 0; i < str.length * chrsz; i += chrsz) {bin[i >> 5] |= (str.charCodeAt(i / chrsz) & mask) << (24 - i % 32)}return bin}function Utf8Encode(string) {string = string.replace(/\r\n/g, "\n");var utftext = "";for (var n = 0; n < string.length; n++) {var c = string.charCodeAt(n);if (c < 128) {utftext += String.fromCharCode(c)} else if ((c > 127) && (c < 2048)) {utftext += String.fromCharCode((c >> 6) | 192);utftext += String.fromCharCode((c & 63) | 128)} else {utftext += String.fromCharCode((c >> 12) | 224);utftext += String.fromCharCode(((c >> 6) & 63) | 128);utftext += String.fromCharCode((c & 63) | 128)}}return utftext}function binb2hex(binarray) {var hex_tab = hexcase ? "0123456789ABCDEF" : "0123456789abcdef";var str = "";for (var i = 0; i < binarray.length * 4; i++) {str += hex_tab.charAt((binarray[i >> 2] >> ((3 - i % 4) * 8 + 4)) & 0xF) + hex_tab.charAt((binarray[i >> 2] >> ((3 - i % 4) * 8)) & 0xF)}return str}s = Utf8Encode(s);return binb2hex(core_sha256(str2binb(s), s.length * chrsz))
};

调用GEN_SHA256把body参数拿出来丢进去最后toString一下

接下来的六、七部分当然也就不需要给出思路了,一个版本号一个时间戳,大家自行生成即可!!!

最最最后面的AES,也是重点,话不多说,实现算法如下所示:

function _aesEncrypt(data) {var i = CryptoJS.AES.encrypt(data,CryptoJS.enc.Utf8.parse('_M6Y?dvfN40VMF[X'), // 密钥{iv: CryptoJS.enc.Utf8.parse(["01", "02", "03", "04", "05", "06", "07", "08"].join(""))});return CryptoJS.enc.Base64.encode(i.ciphertext)
}

data是什么?是ENV构造的环境参数,包括版本号、指纹、设备信息的参数,不懂没关系,我贴一个图给你思路,如下所示:

在这里插入图片描述

最后,我们来测试一下校验一下这JS的算法效果,如下所示:

在这里插入图片描述

这里,我们以价格查询接口为示例,编写Python示例调用加密算法,去请求接口,如下所示:
在这里插入图片描述

当前纯算法稳定!无任何601,当然算法不对就是601,也不全是!比如上面的价格接口它是有TLS指纹校验的,请求的时候用三方模块处理一下即可!不然的话也会出现601

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.rhkb.cn/news/338746.html

如若内容造成侵权/违法违规/事实不符,请联系长河编程网进行投诉反馈email:809451989@qq.com,一经查实,立即删除!

相关文章

22 、系统安全

新的服务器到手&#xff0c;部署服务器初始化。 1、配置ip地址 网关dns解析&#xff08;static&#xff09;内网和外网。 2、安装源&#xff0c;外网&#xff08;在线即可&#xff09;&#xff0c;内网&#xff08;只能用源码包编译安装&#xff09;。 3、磁盘分区&#xff…

k8s 1.28.x 配置nfs

1.安装nfs&#xff0c;在每个节点上安装 yum install -y nfs-utils 2.创建共享目录(主节点上操作) mkdir -p /opt/nfs/k8s 3.编写NFS的共享配置 /opt/nfs/k8s *(rw,no_root_squash) #*代表对所有IP都开放此目录&#xff0c;rw是读写 4.启动nfs systemctl enable nfs-ser…

十_信号11 - 函数sigsetjmp() 和 siglongjmp()

也就是说&#xff0c;正常情况下&#xff0c;当捕捉到一个信号&#xff0c;并调用该信号的信号处理程序时&#xff0c;被捕捉的信号会被加入到当前进程的信号屏蔽字中&#xff0c;以防止在本次信号处理程序还没有完成的时候&#xff0c;再次触发该信号&#xff0c; 发生重入。 …

Py列表(list)

目录 正向索引&#xff1a; 反向索引&#xff1a; 嵌套列表&#xff1a; 修改列表中的值 列表常用的方法 实例 练习&#xff1a; 正向索引&#xff1a; 从0开始&#xff0c;依次递增。第一个元素的索引为0&#xff0c;第二个元素的索引为1&#xff0c;依此类推。 列表的下标…

JS-09-es6常用知识1

目录 1 模板字符串 1.1 模板字符串基本用法 1.2 模板字符串解决了一些痛点 2 解构赋值 2.1 对象的解构赋值 2.2 函数参数的解构赋值 2.3 补写&#xff1a;属性的简写 3 rest参数 3.1 arguments 3.2 rest参数 3.3 补充&#xff1a;判断数据类型 4 箭头函数 4.1 …

传输中的串扰(八)

串扰指的是有害信号从一个线网传递到相邻线网上。通常把噪声源所在的线网称为动态线或攻击线网&#xff0c;而把有噪声形成的线网称为静态线或受害线网。 静态线上的噪声电压的表现与信号电压完全一样。一旦在静态线上产生噪声电压&#xff0c;它们就会传播并在阻抗突变处出现反…

服务器数据恢复—服务器raid常见故障表现原因解决方案

RAID&#xff08;磁盘阵列&#xff09;是一种将多块物理硬盘整合成一个虚拟存储的技术&#xff0c;raid模块相当于一个存储管理的中间层&#xff0c;上层接收并执行操作系统及文件系统的数据读写指令&#xff0c;下层管理数据在各个物理硬盘上的存储及读写。相对于单独的物理硬…

外卖点餐系统 springboot+vue+element-ui

免费获取方式↓↓↓ 项目介绍038&#xff1a; http://localhost:8080/ 账号&#xff1a;weiguanke 123 系统登陆后展示 用户可视界面 – 登录页面 – 首页&#xff1a; – 店铺查找页面&#xff1a; 店铺查找 – 店铺页面 店铺管理者可视页面 – 店铺页面 店铺管理员…

Redis之持久化、集群

1. Redis持久化 Redis为什么需要持久化?因为Redis的数据我们都知道是存放在内存中的&#xff0c;那么每次关闭或者机器断电&#xff0c;我们的数据旧丢失了。 因此&#xff0c;Redis如果想要被别人使用&#xff0c;这个问题就需要解决&#xff0c;怎么解决呢?就是说我们的数…

Windows通过cmd运行快速启动应用

Windows如何通过cmd运行快速启动应用&#xff1f; 在Windows操作系统中&#xff0c;可以通过配置环境变量的方式将文件的路径配置到环境变量的path中&#xff0c;配置完成后可以在cmd中输入对应的应用名称即可启动应用&#xff0c;具体操作如下&#xff1a; 1. 添加应用程序路径…

力扣62. 不同路径

一个机器人位于一个 m x n 网格的左上角 &#xff08;起始点在下图中标记为 “Start” &#xff09;。 机器人每次只能向下或者向右移动一步。机器人试图达到网格的右下角&#xff08;在下图中标记为 “Finish” &#xff09;。问总共有多少条不同的路径&#xff1f; 示例 1&…

FJSP:蛇鹫优化算法(SBOA)求解柔性作业车间调度问题(FJSP),提供MATLAB代码

详细介绍 FJSP&#xff1a;蛇鹫优化算法&#xff08;Secretary bird optimization algorithm&#xff0c;SBOA&#xff09;求解柔性作业车间调度问题&#xff08;FJSP&#xff09;&#xff0c;提供MATLAB代码-CSDN博客 完整MATLAB代码 FJSP&#xff1a;蛇鹫优化算法&#xff…

spoon工具的常用基础操作

一些常用转换工具 1、emp表输入->excel表输出 emp表输入&#xff0c;可以进行预览查看数据有没有过来excel表输出 成功执行后&#xff0c;可以到保存的excel位置进行查看。 2、excel输入->表输出 运行转换后可以在oracle进行查看是否有成功创建这个表 3、对部门最高…

Java 22的FFM API,比起Java 21的虚拟线程

哪个对Java未来的发展影响更大&#xff1f;两个 Java 版本中的重要特性&#xff1a;Java 21 的虚拟线程和 Java 22 的 FFM API。我这里有一套编程入门教程&#xff0c;不仅包含了详细的视频讲解&#xff0c;项目实战。如果你渴望学习编程&#xff0c;不妨点个关注&#xff0c;给…

原生APP开发和Flutter开发的比较

原生APP开发和Flutter开发各有优缺点&#xff0c;适用于不同的场景和需求。下面是两者的详细比较&#xff0c;从开发语言、性能、开发效率、维护和更新、社区和支持等多个方面进行分析。北京木奇移动技术有限公司&#xff0c;专业的软件外包开发公司&#xff0c;欢迎交流合作。…

【康耐视国产案例】智能AI相机机器视觉精准快速实现包裹标签的智能粘贴

康耐视推出的3D-A1000是专业的、匹配物流行业各类分拣机及包裹检测应用的全功能视觉检测系统&#xff0c;其能够准确检测分拣机上是否有包裹、包裹是否超出边界、空车检测、是否有遗留物品等。由于搭载了专利的三维结构光技术&#xff0c;产品具有更强大的创新性以满足持续更新…

综合交易模型--雪球跟单参数说明支持qmt,同花顺

经过测试&#xff0c;目前完成了这个策略。支持多策略&#xff0c;支持全市场&#xff0c;包括股票&#xff0c;etf,可转债 全部的参数 { "雪球跟单":"跟单原理", "原理":"比重变大默认买入&#xff0c;变小默认卖出&#xff0c;持股…

fintuning chatglm3

chatglm3介绍 ChatGLM3-6B 是 ChatGLM 系列最新一代的开源模型&#xff0c;在保留了前两代模型对话流畅、部署门槛低等众多优秀特性的基础上&#xff0c;ChatGLM3-6B 引入了如下特性&#xff1a; 更强大的基础模型&#xff1a; ChatGLM3-6B 的基础模型 ChatGLM3-6B-Base 采用…

【uni-app】Pinia 持久化

小程序端 Pinia 持久化 说明&#xff1a;Pinia 用法与 Vue3 项目完全一致&#xff0c;uni-app 项目仅需解决持久化插件兼容性问题。 持久化存储插件 安装持久化存储插件&#xff1a; pinia-plugin-persistedstate pnpm i pinia-plugin-persistedstate插件默认使用 localStor…

Anaconda创建python环境默认C盘,如何修改路径

文章目录 前言解决方案1.找到Anaconda的根目录2. 找到根目录文件夹&#xff0c;右键-属性-安全 测试-重新创建新的python环境 前言 使用 Anaconda创建python环境&#xff0c;默认在C盘。 如何修改到别的路径呢&#xff1f; base环境 是安装 Anaconda是安装的默认环境&#x…