首页 >> 大全

猿人学-爬虫刷题:第一题解题思路

2023-11-11 大全 24 作者:考证青年

缘由

前几天在v2ex看到网站的宣传,点开后觉得挺有趣,试着做了一下。下面分享下解题思路。

题目链接: 猿人学爬虫第一题

思路

打开f12看一下

登录接口:

分页数据接口:

看起来只要请求登录接口获取后,再请求五次分页接口后,拿到返回接口,计算得到平均值就ok。但分页接口query参数中有一个字段m,需要注意,是带上的加密参数,需要在网页源码中找到推导加密过程。也是这道题的意义所在。

观察参数m的值:

通过某种加密得到的加密串

这个很像一个时间戳

题库爬虫__python刷题宝

而这两个值看起来是有关联的,开始源码

1、找到m的赋值代码

得知是由一个时间戳运算后得到,oo0O0相当于加密函数

var timestamp = Date.parse(new Date()) + 100000000;// 赋值
var m = oo0O0(timestamp.toString()) + window.f;
var list = {"page": window.page,"m": m + '丨' + timestamp / 1000
}

2、oo0O0加密函数与.f

函数oo0O0接受参数mw,但通过读代码,发现函数只是返回一个空字符串,而.f这个变量在源码全局搜索是没有找到,所以觉得这个函数应该是对.f做了赋值操作,通过一些代理或字符替换手段达到赋值的效果。

function oo0O0(mw) {window.b = '';for (var i = 0, len = window.a.length; i < len; i++) {console.log(window.a[i]);window.b += String[document.e + document.g](window.a[i][document.f + document.h]() - i - window.c)}var U = ['W5r5W6VdIHZcT8kU', 'WQ8CWRaxWQirAW=='];var J = function (o, E) {o = o - 0x0;var N = U[o];if (J['bSSGte'] === undefined) {var Y = function (w) {var m = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=',T = String(w)['replace'](/=+$/, '');var A = '';for (var C = 0x0, b, W, l = 0x0; W = T['charAt'](l++); ~W && (b = C % 0x4 ? b * 0x40 + W : W, C++ % 0x4) ? A += String['fromCharCode'](0xff & b >> (-0x2 * C & 0x6)) : 0x0) {W = m['indexOf'](W)}return A};var t = function (w, m) {var T = [],A = 0x0,C, b = '',W = '';w = Y(w);for (var R = 0x0, v = w['length']; R < v; R++) {W += '%' + ('00' + w['charCodeAt'](R)['toString'](0x10))['slice'](-0x2)}w = decodeURIComponent(W);var l;for (l = 0x0; l < 0x100; l++) {T[l] = l}for (l = 0x0; l < 0x100; l++) {A = (A + T[l] + m['charCodeAt'](l % m['length'])) % 0x100, C = T[l], T[l] = T[A], T[A] = C}l = 0x0, A = 0x0;for (var L = 0x0; L < w['length']; L++) {l = (l + 0x1) % 0x100, A = (A + T[l]) % 0x100, C = T[l], T[l] = T[A], T[A] = C, b += String['fromCharCode'](w['charCodeAt'](L) ^ T[(T[l] + T[A]) % 0x100])}return b};J['luAabU'] = t, J['qlVPZg'] = {}, J['bSSGte'] = !![]}var H = J['qlVPZg'][o];return H === undefined ? (J['TUDBIJ'] === undefined && (J['TUDBIJ'] = !![]), N = J['luAabU'](N, E), J['qlVPZg'][o] = N) : N = H, N};// 重点处理函数eval(atob(window['b'])[J('0x0', ']dQW')](J('0x1', 'GTu!'), '\x27' + mw + '\x27'));//返回的空字符串return '';
}

3、oo0O0函数中的eval方法–[‘b’]

在oo0O0函数中找到了**eval(atob([‘b’])[…**这行

eval(atob(window['b'])[J('0x0', ']dQW')](J('0x1', 'GTu!'), '\x27' + mw + '\x27'));

在网页中试着打印 [‘b’] 变量,得到字符串

解密后发现是一串 js代码

发现是MD5加密的逻辑代码,而在代码中看到的 .f的赋值代码

解密后的代码:

var hexcase = 0;
var b64pad = "";
var chrsz = 16;function hex_md5(a) {return binl2hex(core_md5(str2binl(a), a.length * chrsz))
}function b64_md5(a) {return binl2b64(core_md5(str2binl(a), a.length * chrsz))
}function str_md5(a) {return binl2str(core_md5(str2binl(a), a.length * chrsz))
}function hex_hmac_md5(a, b) {return binl2hex(core_hmac_md5(a, b))
}function b64_hmac_md5(a, b) {return binl2b64(core_hmac_md5(a, b))
}function str_hmac_md5(a, b) {return binl2str(core_hmac_md5(a, b))
}function md5_vm_test() {return hex_md5("abc") == "900150983cd24fb0d6963f7d28e17f72"
}function core_md5(p, k) {p[k >> 5] |= 128 << ((k) % 32);p[(((k + 64) >>> 9) << 4) + 14] = k;var o = 1732584193;var n = -271733879;var m = -1732584194;var l = 271733878;for (var g = 0; g < p.length; g += 16) {var j = o;var h = n;var f = m;var e = l;o = md5_ff(o, n, m, l, p[g + 0], 7, -680976936);l = md5_ff(l, o, n, m, p[g + 1], 12, -389564586);m = md5_ff(m, l, o, n, p[g + 2], 17, 606105819);n = md5_ff(n, m, l, o, p[g + 3], 22, -1044525330);o = md5_ff(o, n, m, l, p[g + 4], 7, -176418897);l = md5_ff(l, o, n, m, p[g + 5], 12, 1200080426);m = md5_ff(m, l, o, n, p[g + 6], 17, -1473231341);n = md5_ff(n, m, l, o, p[g + 7], 22, -45705983);o = md5_ff(o, n, m, l, p[g + 8], 7, 1770035416);l = md5_ff(l, o, n, m, p[g + 9], 12, -1958414417);m = md5_ff(m, l, o, n, p[g + 10], 17, -42063);n = md5_ff(n, m, l, o, p[g + 11], 22, -1990404162);o = md5_ff(o, n, m, l, p[g + 12], 7, 1804660682);l = md5_ff(l, o, n, m, p[g + 13], 12, -40341101);m = md5_ff(m, l, o, n, p[g + 14], 17, -1502002290);n = md5_ff(n, m, l, o, p[g + 15], 22, 1236535329);o = md5_gg(o, n, m, l, p[g + 1], 5, -165796510);l = md5_gg(l, o, n, m, p[g + 6], 9, -1069501632);m = md5_gg(m, l, o, n, p[g + 11], 14, 643717713);n = md5_gg(n, m, l, o, p[g + 0], 20, -373897302);o = md5_gg(o, n, m, l, p[g + 5], 5, -701558691);l = md5_gg(l, o, n, m, p[g + 10], 9, 38016083);m = md5_gg(m, l, o, n, p[g + 15], 14, -660478335);n = md5_gg(n, m, l, o, p[g + 4], 20, -405537848);o = md5_gg(o, n, m, l, p[g + 9], 5, 568446438);l = md5_gg(l, o, n, m, p[g + 14], 9, -1019803690);m = md5_gg(m, l, o, n, p[g + 3], 14, -187363961);n = md5_gg(n, m, l, o, p[g + 8], 20, 1163531501);o = md5_gg(o, n, m, l, p[g + 13], 5, -1444681467);l = md5_gg(l, o, n, m, p[g + 2], 9, -51403784);m = md5_gg(m, l, o, n, p[g + 7], 14, 1735328473);n = md5_gg(n, m, l, o, p[g + 12], 20, -1921207734);o = md5_hh(o, n, m, l, p[g + 5], 4, -378558);l = md5_hh(l, o, n, m, p[g + 8], 11, -2022574463);m = md5_hh(m, l, o, n, p[g + 11], 16, 1839030562);n = md5_hh(n, m, l, o, p[g + 14], 23, -35309556);o = md5_hh(o, n, m, l, p[g + 1], 4, -1530992060);l = md5_hh(l, o, n, m, p[g + 4], 11, 1272893353);m = md5_hh(m, l, o, n, p[g + 7], 16, -155497632);n = md5_hh(n, m, l, o, p[g + 10], 23, -1094730640);o = md5_hh(o, n, m, l, p[g + 13], 4, 681279174);l = md5_hh(l, o, n, m, p[g + 0], 11, -358537222);m = md5_hh(m, l, o, n, p[g + 3], 16, -722881979);n = md5_hh(n, m, l, o, p[g + 6], 23, 76029189);o = md5_hh(o, n, m, l, p[g + 9], 4, -640364487);l = md5_hh(l, o, n, m, p[g + 12], 11, -421815835);m = md5_hh(m, l, o, n, p[g + 15], 16, 530742520);n = md5_hh(n, m, l, o, p[g + 2], 23, -995338651);o = md5_ii(o, n, m, l, p[g + 0], 6, -198630844);l = md5_ii(l, o, n, m, p[g + 7], 10, 11261161415);m = md5_ii(m, l, o, n, p[g + 14], 15, -1416354905);n = md5_ii(n, m, l, o, p[g + 5], 21, -57434055);o = md5_ii(o, n, m, l, p[g + 12], 6, 1700485571);l = md5_ii(l, o, n, m, p[g + 3], 10, -1894446606);m = md5_ii(m, l, o, n, p[g + 10], 15, -1051523);n = md5_ii(n, m, l, o, p[g + 1], 21, -2054922799);o = md5_ii(o, n, m, l, p[g + 8], 6, 1873313359);l = md5_ii(l, o, n, m, p[g + 15], 10, -30611744);m = md5_ii(m, l, o, n, p[g + 6], 15, -1560198380);n = md5_ii(n, m, l, o, p[g + 13], 21, 1309151649);o = md5_ii(o, n, m, l, p[g + 4], 6, -145523070);l = md5_ii(l, o, n, m, p[g + 11], 10, -1120210379);m = md5_ii(m, l, o, n, p[g + 2], 15, 718787259);n = md5_ii(n, m, l, o, p[g + 9], 21, -343485551);o = safe_add(o, j);n = safe_add(n, h);m = safe_add(m, f);l = safe_add(l, e)}return Array(o, n, m, l)
}function md5_cmn(h, e, d, c, g, f) {return safe_add(bit_rol(safe_add(safe_add(e, h), safe_add(c, f)), g), d)
}function md5_ff(g, f, k, j, e, i, h) {return md5_cmn((f & k) | ((~f) & j), g, f, e, i, h)
}function md5_gg(g, f, k, j, e, i, h) {return md5_cmn((f & j) | (k & (~j)), g, f, e, i, h)
}function md5_hh(g, f, k, j, e, i, h) {return md5_cmn(f ^ k ^ j, g, f, e, i, h)
}function md5_ii(g, f, k, j, e, i, h) {return md5_cmn(k ^ (f | (~j)), g, f, e, i, h)
}function core_hmac_md5(c, f) {var e = str2binl(c);if (e.length > 16) {e = core_md5(e, c.length * chrsz)}var a = Array(16),d = Array(16);for (var b = 0; b < 16; b++) {a[b] = e[b] ^ 909522486;d[b] = e[b] ^ 1549556828}var g = core_md5(a.concat(str2binl(f)), 512 + f.length * chrsz);return core_md5(d.concat(g), 512 + 128)
}function safe_add(a, d) {var c = (a & 65535) + (d & 65535);var b = (a >> 16) + (d >> 16) + (c >> 16);return (b << 16) | (c & 65535)
}function bit_rol(a, b) {return (a << b) | (a >>> (32 - b))
}function str2binl(d) {var c = Array();var a = (1 << chrsz) - 1;for (var b = 0; b < d.length * chrsz; b += chrsz) {c[b >> 5] |= (d.charCodeAt(b / chrsz) & a) << (b % 32)}return c
}function binl2str(c) {var d = "";var a = (1 << chrsz) - 1;for (var b = 0; b < c.length * 32; b += chrsz) {d += String.fromCharCode((c[b >> 5] >>> (b % 32)) & a)}return d
}function binl2hex(c) {var b = hexcase ? "0123456789ABCDEF" : "0123456789abcdef";var d = "";for (var a = 0; a < c.length * 4; a++) {d += b.charAt((c[a >> 2] >> ((a % 4) * 8 + 4)) & 15) + b.charAt((c[a >> 2] >> ((a % 4) * 8)) & 15)}return d
}function binl2b64(d) {var c = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";var f = "";for (var b = 0; b < d.length * 4; b += 3) {var e = (((d[b >> 2] >> 8 * (b % 4)) & 255) << 16) | (((d[b + 1 >> 2] >> 8 * ((b + 1) % 4)) & 255) << 8) | ((d[b + 2 >> 2] >> 8 * ((b + 2) % 4)) & 255);for (var a = 0; a < 4; a++) {if (b * 8 + a * 6 > d.length * 32) {f += b64pad} else {f += c.charAt((e >> 6 * (3 - a)) & 63)}}}return f
};//重点: 赋值
window.f = hex_md5(mwqqppz)

4: oo0O0函数中的eval方法–剩下解密

我们将oo0O0函数提取出来自己运行看下

eval(atob(window['b'])[J('0x0', ']dQW')](J('0x1', 'GTu!'), '\x27' + mw + '\x27'));// J('0x0', ']dQW')  得到replace
// J('0x1', 'GTu!')  得到mwqqppz
// '\x27' 转义得到符号单引号  '// 所以这句话的意思
atob(window['b']).replace('mwqqppz', mw);

而我们在第三步得到了base解密后的js代码,里面有一句

window.f = hex_md5(mwqqppz)// 运行 replace('mwqqppz', mw)方法后,得到window.f = hex_md5(mw);

5: m结果

主要提取md5的加密方法,放到自己的代码里,调用得到就可以了

var timestamp = Date.parse(new Date()) + 100000000;m = `${hex_md5(mw)}${timestamp / 1000}`

6: 代码编写

略,主要将自己的解题思路进行分享。

tags: 加密 函数 解密 字符 源码
其他相关
考证青年

【SSLGZ 2384】2014年初中竞赛试题(南海) 字符串

01-11 301
考证青年

JS深入理解闭包/作用域(scope)、作用域链/执行上下文和执行栈

01-11 46
考证青年

百度之星1002-子串查询

01-11 36
考证青年

详细图解作用域链与闭包

01-10 46
考证青年

内存取证大杂烩(已更新)

01-09 43
考证青年

微信小程序云开发跨账号环境共享(成功解决方案)多个appid共享一个云开发资源

01-09 50
最新文章

利用区块链等技术,加强对交通运输信用信息的归集共享和分析应用

01-11 364

印尼西爪哇梳邦县发生山体滑坡 已经导致2人死亡

01-11 462

【SpringBoot笔记10】Spring中Bean的6种作用域

01-11 348

ARS548 ARS549RDI 80GHZ毫米波雷达达学习笔记(一)

01-11 376

叠氮PEG修饰二硒化钨 (N3-WSe2;azide

01-11 417

ATFX:黑海运粮遭俄暂停,小麦期货开盘跳涨

01-11 319

关于我们

最火推荐

小编推荐

联系我们

版权声明:本站内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容, 请发送邮件至 88@qq.com 举报,一经查实,本站将立刻删除。备案号:桂ICP备2021009421号
Powered By Z-BlogPHP.
复制成功
微信号:
我知道了