热门标签
热门文章
- 1如何通过 4 种方式在 Mac 上恢复未保存的 Excel 文件_mac excel忘记保存怎么找回
- 2【自注意力机制必学】BERT类预训练语言模型(含Python实例)_bert预训练
- 3基于深度学习的人脸识别_基于深度学习的小黄脸识别
- 4如何使用AI写作扩写文章?看完这篇学会扩写_ai扩写
- 5【Java练习】-----基础(2)_自定义四个对象,添加到集合并遍历
- 6nltk扩展包下载慢解决办法_nltk.download('punkt')很慢
- 7安装Python模块_对于windows用户,本指南中的示例假定在安装python时选择了调整系统path环境变量的
- 8计算机毕业设计PySpark+Hadoop地震预测系统 地震数据分析可视化 地震爬虫 大数据毕业设计 Flink Hadoop 深度学习 机器学习 人工智能 知识图谱 大数据毕业设计_基于python的全球地震信息数据可视化分析平台研究技术可行性
- 9以太坊DAPP[3]-×××-react特性与×××合约实例
- 10C#执行mysql存储过程报Fatal error encountered during command execution
当前位置: article > 正文
nodejs最新某东h5st(4.7.2)参数分析与javascript逆向纯算法还原(含算法源码)(2024-06-09)_h5st 4.7.2
作者:weixin_40725706 | 2024-06-14 08:53:51
赞
踩
h5st 4.7.2
一、作者声明:
文章仅供学习交流与参考!严禁用于任何商业与非法用途!否则由此产生的一切后果均与作者无关!如有侵权,请联系作者本人进行删除!
二 、写在前面
h5st从4.1一路更新到4.7.2,逐渐vmp化,基本稳定下来。现在小版本也是更新不断!不过小版本并不会受到太大的一个影响,本次文章更新的算法分析还原为最新4.7大版本下的4.7.2小版本~~
没有x-api-eid-token--->会出现风控 没有h5st--->不稳定能拿到数据 只有正确的h5st才能百分百拿到数据。
三、 加密分析
首先,看看核心点,目前全部VMP化,先把加密值拿出来,如下所示:
20240606160042598%3Bm9itny6zz9mmzmm8%3Bfb5df%3Btk03wb4481c2018nYOtAQRSkhO0LLdsml3SszMlxWFvYj0i6XQo1LAbkMv9JbG6wNADMG4bnX7gJZU5uVci2a_ujP8FU%3B5be08ae1ec26b3f5fdb2b4874534a585c28e0239ddd73aba69133354d343c387%3B4.7%3B1717660842598%3BTKmWl61wPiYmFVY91TfdhoEOxdR4256MojfrTtc1mdzUsiISbK4CQ3KX7VKYlhPyEGtomiZzVrD2j3uG32O3PONJMz22FBH1L_aFBlrQHqxzWCQ0bBGt1_9VJj0Nc2MW3fbAH2q2uaeaHjOEa-zrzOQZR872Veu4c28_B_WWBD36YLdhIWIFUa6nLG5eaN5Fxn-HYKqRo-1C5SJvhi4UNCR7NMVLrBt9W8ZzgTnmPaCKYQpzvqvXbi9o7JHP8kpxuj831cnf35PscS8sdppanAGEyS-ZLTKzhZZtF59jj3FxmZN27ZHSN7tImxDcfrrh3DM6kbMy4mYy5CEgzyfQlVEPFB1OoQgtz2r2MSfCsMCxNB99KeSzZgjmmdkpl6AC7cEzggE7nDk8PeheJO0dl8zjLad9Prk3hGJ0DQIeqffFGvzEemLTD52YgeDqWQHLXbk34.2之前是没有sign签名段的,可以看到整个加密参数的值跟4.2是有区别的!同样经过多块组合拼接而成的 ,最新的以分号拆开大约分为8个部分了!
第一部分是一个时间格式的字符串,后续我们可以自行生成
第二部分则是fingerprint指纹,这个是需要算法生成的,第三部分可固定
第四部分tk则拼接多个参数加上指纹通过加密算法生成
第五部分签名Sign参数,通过对Token、fingerprint、时间戳、APPID
第六部分分别是算法的版本号以及时间戳!这个自行填写
第七部分时间戳
第八部分的大长串则是上面参数经过最终AES加密生成
四、 算法还原
1、第一部分,时间参代码
接下来按上面拆分出来的几部分,附上扣出来的算法并附上讲解,第一部分,时间参代码实现如下:
- function timestampToFormat(timestamp) {
- const date = new Date(timestamp);
- const pad = (num, size) => String(num).padStart(size, '0');
- return `${date.getFullYear()}${pad(date.getMonth() + 1, 2)}${pad(date.getDate(), 2)}${pad(date.getHours(), 2)}${pad(date.getMinutes(), 2)}${pad(date.getSeconds(), 2)}${pad(date.getMilliseconds(), 3)}`;
- }
2、第二部分,FP指纹
第二部分我们需要还原的是FP的指纹,加密算法实现如下:
- !function () {
- function t(e) {
- for (var t = "", r = 0; r < e.length;) {
- var n = e.charCodeAt(r++);
- t += n > 63 ? String.fromCharCode(32 ^ n) : 35 == n ? e.charAt(r++) : String.fromCharCode(n)
- }
- return t
- }
-
- var r = [t("SIZE"), "num", t("SPLIT"), "", t("DEFAULT"), t("CALL"), t("PUSH"), "pop", t("TOsTRING"), t("JOIN"), t("DEFAULT"), t("CALL"), t("REPLACE"), ""]
- , n = Function.prototype.call
- ,
- a = [2, 66, 17, 98, 16, 25, 286, 76, 37, 17, 58, 16, 13, 25, -2821, 25, -8150, 68, 25, 10976, 68, 91, 74, 17, 26, 16, 4, 78, 17, 73, 16, 13, 7, 91, 62, 17, 36, 16, 32, 88, 80, 0, 46, 80, 1, 76, 7, 68, 36, 16, 32, 25, -3718, 25, 2322, 68, 25, 1412, 68, 25, 575, 25, 6105, 68, 25, -6675, 68, 3, 88, 3, 25, 6578, 25, -9306, 68, 25, 2729, 68, 3, 80, 0, 46, 80, 1, 76, 68, 88, 68, 5, 17, 48, 70, 2, 52, 3, 76, 54, 17, 63, 17, 60, 93, 4, 40, 72, 76, 70, 5, 72, 25, 8402, 25, -5374, 68, 25, -3028, 68, 25, -8134, 25, -8213, 68, 25, 16362, 68, 65, 71, 17, 63, 17, 60, 93, 4, 40, 72, 76, 70, 5, 72, 25, 6175, 25, 4230, 68, 25, -10390, 68, 91, 79, 17, 67, 0, 33, 17, 30, 45, 95, 70, 6, 25, -5057, 25, 6375, 68, 25, -1283, 68, 63, 17, 49, 93, 4, 40, 87, 70, 7, 4, 25, 3357, 25, -5902, 68, 25, 2581, 68, 91, 3, 70, 8, 25, -8817, 25, 8543, 68, 25, 310, 68, 76, 76, 17, 87, 51, 25, 8755, 25, -8004, 68, 25, -751, 68, 34, 42, -56, 63, 17, 69, 93, 4, 40, 95, 76, 70, 5, 95, 14, 91, 33, 17, 95, 70, 9, 52, 3, 76, 29, 17, 27, 90, 39, 73, -2215, 73, -5180, 68, 73, 7395, 68, 94, 58, 50, 44, 49, 58, 76, 21, 0, 71, 4, 93, 70, 1, 4, 11, 79, 22, 84, 55, 58, 82, 73, -6046, 73, -7717, 68, 73, 13764, 68, 2, 60, 86, 11, 4, 70, 2, 11, 79, 22, 98, 3, 84, 39, 58, 27, 58, 79, 11, 36, 74, 91, -48, 4, 90, 20]
- , o = zk
- , i = Array.from
- , c = Symbol
- , s = eh
- , u = Array.isArray
- , l = Og.exports;
-
- var generateVisitKey = function () {
- for (var e, t, o, i, c, s, u, l, p, v, d, _, x = n, S = a, A = [], E = 0; ;)
- switch (S[E++]) {
- case 2:
- A.push(y);
- break;
- case 3:
- _ = A.pop(),
- A[A.length - 1] -= _;
- break;
- case 4:
- null != A[A.length - 1] ? A[A.length - 2] = x.call(A[A.length - 2], A[A.length - 1]) : (_ = A[A.length - 2],
- A[A.length - 2] = _()),
- A.length--;
- break;
- case 5:
- s = A[A.length - 1];
- break;
- case 7:
- A.push(o);
- break;
- case 13:
- A.push(t);
- break;
- case 14:
- A.push(p);
- break;
- case 16:
- A.push(null);
- break;
- case 17:
- A.pop();
- break;
- case 25:
- A.push(S[E++]);
- break;
- case 26:
- A.push(b);
- break;
- case 27:
- A.push(d);
- break;
- case 29:
- d = A[A.length - 1];
- break;
- case 30:
- E += S[E];
- break;
- case 32:
- A.push({});
- break;
- case 33:
- v = A[A.length - 1];
- break;
- case 34:
- _ = A.pop(),
- A[A.length - 1] = A[A.length - 1] > _;
- break;
- case 36:
- A.push(m);
- break;
- case 37:
- t = A[A.length - 1];
- break;
- case 39:
- return;
- case 40:
- A.push(void 0);
- break;
- case 42:
- A.pop() ? E += S[E] : ++E;
- break;
- case 46:
- A.push(c);
- break;
- case 48:
- A.push(s);
- break;
- case 49:
- A.push(h);
- break;
- case 51:
- A[A.length - 1] = A[A.length - 1].length;
- break;
- case 52:
- A.push(r[S[E++]]);
- break;
- case 54:
- u = A[A.length - 1];
- break;
- case 58:
- A.push(k);
- break;
- case 60:
- A.push(f);
- break;
- case 62:
- c = A[A.length - 1];
- break;
- case 63:
- A.push(0);
- break;
- case 65:
- A[A.length - 5] = x.call(A[A.length - 5], A[A.length - 4], A[A.length - 3], A[A.length - 2], A[A.length - 1]),
- A.length -= 4;
- break;
- case 66:
- e = A[A.length - 1];
- break;
- case 67:
- A.push(new Array(S[E++]));
- break;
- case 68:
- _ = A.pop(),
- A[A.length - 1] += _;
- break;
- case 69:
- A.push(g);
- break;
- case 70:
- A.push(A[A.length - 1]),
- A[A.length - 2] = A[A.length - 2][r[S[E++]]];
- break;
- case 71:
- l = A[A.length - 1];
- break;
- case 72:
- A.push(u);
- break;
- case 73:
- A.push(w);
- break;
- case 74:
- o = A[A.length - 1];
- break;
- case 76:
- null != A[A.length - 2] ? (A[A.length - 3] = x.call(A[A.length - 3], A[A.length - 2], A[A.length - 1]),
- A.length -= 2) : (_ = A[A.length - 3],
- A[A.length - 3] = _(A[A.length - 1]),
- A.length -= 2);
- break;
- case 78:
- i = A[A.length - 1];
- break;
- case 79:
- p = A[A.length - 1];
- break;
- case 80:
- A[A.length - 2][r[S[E++]]] = A[A.length - 1],
- A.length--;
- break;
- case 87:
- A.push(l);
- break;
- case 88:
- A.push(i);
- break;
- case 90:
- return A.pop();
- case 91:
- A[A.length - 4] = x.call(A[A.length - 4], A[A.length - 3], A[A.length - 2], A[A.length - 1]),
- A.length -= 3;
- break;
- case 93:
- A[A.length - 1] = A[A.length - 1][r[S[E++]]];
- break;
- case 95:
- A.push(v);
- break;
- case 98:
- A.push(e)
- }
- };
- var h = l(nm)
- , f = l(zk)
- , g = l(j_)
- , p = l(Rk);
-
- function v(e, t) {
- var r = void 0 !== c && s(e) || e["@@iterator"];
- if (!r) {
- if (u(e) || (r = function (e, t) {
- var r;
- if (!e)
- return;
- if ("string" == typeof e)
- return d(e, t);
- var n = o(r = Object.prototype.toString.call(e)).call(r, 8, -1);
- "Object" === n && e.constructor && (n = e.constructor.name);
- if ("Map" === n || "Set" === n)
- return i(e);
- if ("Arguments" === n || /^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n))
- return d(e, t)
- }(e)) || t && e && "number" == typeof e.length) {
- r && (e = r);
- var n = 0
- , a = function () {
- };
- return {
- s: a,
- n: function () {
- return n >= e.length ? {
- done: !0
- } : {
- done: !1,
- value: e[n++]
- }
- },
- e: function (e) {
- throw e
- },
- f: a
- }
- }
- throw new TypeError("Invalid attempt to iterate non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")
- }
- var l, h = !0, f = !1;
- return {
- s: function () {
- r = r.call(e)
- },
- n: function () {
- var e = r.next();
- return h = e.done,
- e
- },
- e: function (e) {
- f = !0,
- l = e
- },
- f: function () {
- try {
- h || null == r.return || r.return()
- } finally {
- if (f)
- throw l
- }
- }
- }
- }
-
- function d(e, t) {
- (null == t || t > e.length) && (t = e.length);
- for (var r = 0, n = new Array(t); r < t; r++)
- n[r] = e[r];
- return n
- }
-
- function b() {
- return 10 * Math.random() | 0
- }
-
- function y(e, t) {
- var r = _();
- return y = function (t, n) {
- var a = r[t -= 280];
- if (void 0 === y.RpSzcS) {
- y.licQQm = function (e) {
- for (var t, r, n = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=", a = "", o = "", i = 0, c = 0; r = e.charAt(c++); ~r && (t = i % 4 ? 64 * t + r : r,
- i++ % 4) ? a += String.fromCharCode(255 & t >> (-2 * i & 6)) : 0)
- r = (0,
- p.default)(n).call(n, r);
- for (var s = 0, u = a.length; s < u; s++) {
- var l;
- o += "%" + (0,
- f.default)(l = "00" + a.charCodeAt(s).toString(16)).call(l, -2)
- }
- return decodeURIComponent(o)
- }
- ,
- e = arguments,
- y.RpSzcS = !0
- }
- var o = t + r[0].substring(0, 2)
- , i = e[o];
- return i ? a = i : (a = y.licQQm(a),
- e[o] = a),
- a
- }
- ,
- y(e, t)
- }
-
- function k(e, t) {
- var r, n = [], a = e.length, o = v(e);
- try {
- for (o.s(); !(r = o.n()).done;) {
- var i = r.value;
- if (Math.random() * a < t && (n.push(i),
- 0 == --t))
- break;
- a--
- }
- } catch (e) {
- o.e(e)
- } finally {
- o.f()
- }
- for (var c = "", s = 0; s < n.length; s++) {
- var u = Math.random() * (n.length - s) | 0;
- c += n[u],
- n[u] = n[n.length - s - 1]
- }
- return c
- }
-
- function m(e) {
- for (var t = e.size, r = e.num, n = ""; t--;)
- n += r[Math.random() * r.length | 0];
- return n
- }
-
- function w(e, t) {
- for (var o, i, c, s = n, u = a, l = [], h = 239; ;)
- switch (u[h++]) {
- case 2:
- l[l.length - 1] = -l[l.length - 1];
- break;
- case 4:
- l.push(e);
- break;
- case 11:
- l.push(t);
- break;
- case 20:
- return;
- case 21:
- l[l.length - 1] = l[l.length - 1][r[10 + u[h++]]];
- break;
- case 22:
- l[l.length - 2] = l[l.length - 2][l[l.length - 1]],
- l.length--;
- break;
- case 27:
- l.push(o++);
- break;
- case 36:
- l[l.length - 1] = l[l.length - 1].length;
- break;
- case 39:
- e = l[l.length - 1];
- break;
- case 49:
- l.push(0);
- break;
- case 50:
- h += u[h];
- break;
- case 55:
- i = l[l.length - 1];
- break;
- case 58:
- l.pop();
- break;
- case 60:
- c = l.pop(),
- l[l.length - 1] = l[l.length - 1] !== c;
- break;
- case 68:
- c = l.pop(),
- l[l.length - 1] += c;
- break;
- case 70:
- l.push(l[l.length - 1]),
- l[l.length - 2] = l[l.length - 2][r[10 + u[h++]]];
- break;
- case 71:
- l.push(void 0);
- break;
- case 73:
- l.push(u[h++]);
- break;
- case 74:
- c = l.pop(),
- l[l.length - 1] = l[l.length - 1] < c;
- break;
- case 76:
- l.push(p);
- break;
- case 79:
- l.push(o);
- break;
- case 82:
- l.push(i);
- break;
- case 84:
- l[l.length - 4] = s.call(l[l.length - 4], l[l.length - 3], l[l.length - 2], l[l.length - 1]),
- l.length -= 3;
- break;
- case 86:
- l[l.length - 1] ? (++h,
- --l.length) : h += u[h];
- break;
- case 90:
- return l.pop();
- case 91:
- l.pop() ? h += u[h] : ++h;
- break;
- case 93:
- null != l[l.length - 2] ? (l[l.length - 3] = s.call(l[l.length - 3], l[l.length - 2], l[l.length - 1]),
- l.length -= 2) : (c = l[l.length - 3],
- l[l.length - 3] = c(l[l.length - 1]),
- l.length -= 2);
- break;
- case 94:
- o = l[l.length - 1];
- break;
- case 98:
- l.push(r[10 + u[h++]])
- }
- }
-
- function _() {
- var e = ["ndqXnZqYofn2uw90Ca", "nJyYmtm3Cvrcvhvc", "mty2ntG2nhrZsg9WtW", "mJjMswjnv0C", "mte5mte0nwP4ugrqAW", "nNHJEvrWva", "odiXmJqXnLf6vKfgvW", "ouPpuNDkDa", "mta0ntK5mgTPwM5TAW", "mMT4AhLiDq", "nZe3nJq4yKHWwunj", "mxvJDdzKmgPOCq", "mZbqBvzVCfu"];
- return (_ = function () {
- return e
- }
- )()
- }
-
- !function (e, t) {
- for (var r = y, n = e(); ;)
- try {
- if (676921 === -(0,
- h.default)(r(284)) / 1 * ((0,
- h.default)(r(285)) / 2) + (0,
- h.default)(r(280)) / 3 * ((0,
- h.default)(r(290)) / 4) + -(0,
- h.default)(r(292)) / 5 * ((0,
- h.default)(r(287)) / 6) + (0,
- h.default)(r(289)) / 7 + (0,
- h.default)(r(281)) / 8 * ((0,
- h.default)(r(282)) / 9) + -(0,
- h.default)(r(283)) / 10 + -(0,
- h.default)(r(291)) / 11 * (-(0,
- h.default)(r(288)) / 12))
- break;
- n.push(n.shift())
- } catch (e) {
- n.push(n.shift())
- }
- }(_)
- }();
3、第三部分,APPID直接取AID即可
第三部分的APPID直接取AID即可。
4、第四部分,Token
接下来就是第四部分的Token生成了,加密算法实现如下所示:
- var getLocalTK;
- !function () {
- function t(e) {
- for (var t = "", r = 0; r < e.length;) {
- var n = e.charCodeAt(r++);
- t += n > 63 ? String.fromCharCode(53 ^ n) : 35 == n ? e.charAt(r++) : String.fromCharCode(n)
- }
- return t
- }
-
- var r = ["tk", t("XTR#iV"), "03", t("CPGF#iZ["), "w", t("EYTASZGX"), "41", t("PME#iGPF"), "l", t("EGZQ@VPG"), t("PMEG"), t("V#iE]PG"), t("TQYPG32"), t("RPAgT[QZX|qeGZ"), t("F#iOP"), t("Q#iVAaLEP"), t("V@FAZXq#iVA"), "", t("QPST@YA"), "C2", t("ETGFP"), t("P[VGLEA"), t("_Z#i["), "iv", t("SGZXwTFP64"), t("FAG#i[R#iSL"), t("V#iE]PGAPMA"), t("QPST@YA"), t("EGZAZALEP"), t("VTYY"), "set", "buf", t("AZfAG#i[R"), t("F@WFAG"), t("V]TGvZQPtA"), t("V]TGvZQPtA"), t("V]TGvZQPtA"), t("SYZZG"), "pow", t("FPA`#i[A32"), t("FPA|[A16"), t("RPAgT[QZX|qeGZ"), t("F#iOP"), t("Q#iVAaLEP"), t("V@FAZXq#iVA"), "1", "2", "3", "+", "x", t("SYZZG"), t("GT[QZX"), "", t("F@WFAG"), t("QPST@YA"), t("ETGFP"), t("FAG#i[R#iSL"), t("SGZXwTFP64")]
- , n = Function.prototype.call
- ,
- a = [23, 64, 79, 28, 21, 0, 99, 1, 79, 28, 21, 2, 99, 3, 79, 28, 21, 4, 99, 5, 79, 28, 21, 6, 99, 7, 79, 28, 21, 8, 99, 9, 79, 28, 50, 11, 49, 99, 10, 79, 28, 12, 11, 53, 46, 99, 11, 79, 28, 24, 11, 28, 29, 1, 28, 29, 3, 17, 28, 29, 5, 17, 28, 29, 7, 17, 28, 29, 9, 17, 28, 29, 10, 17, 28, 29, 11, 17, 46, 99, 12, 79, 28, 29, 1, 28, 29, 3, 17, 28, 29, 5, 17, 28, 29, 12, 17, 28, 29, 7, 17, 28, 29, 9, 17, 28, 29, 10, 17, 28, 29, 11, 17, 51, 35, 45, 75, 54, 64, 54, 70, 20, 0, 63, 5, 4, 32, 69, 1, 28, 81, 4, 178, 40, 69, 2, 81, 69, 3, 40, 6, 54, 68, 4, 42, 54, 64, 54, 86, 20, 5, 63, 21, 61, 54, 68, 6, 99, 54, 28, 81, 4, 182, 40, 52, 54, 31, 81, 95, 16, 19, 10, 18, 38, 54, 26, 98, 81, 78, 40, 83, 42, 54, 26, 98, 81, 19, 40, 83, 42, 54, 26, 98, 81, 10, 40, 83, 42, 54, 26, 22, 81, 16, 40, 83, 42, 54, 26, 98, 81, 95, 40, 83, 42, 54, 97, 20, 5, 80, 7, 26, 40, 27, 54, 76, 20, 5, 80, 8, 39, 47, 20, 5, 80, 7, 77, 40, 5, 47, 20, 5, 80, 7, 29, 80, 9, 68, 4, 40, 40, 69, 10, 73, 89, 54, 64, 54, 70, 20, 11, 63, 56, 20, 5, 80, 12, 37, 20, 13, 40, 40, 88, 7, 14, 10, 70, 74, 20, 22, 253, 22, -2067, 96, 22, 1830, 96, 60, 52, 70, 17, 70, 98, 51, 0, 20, 97, 51, 1, 53, 25, 2, 75, 73, 19, 70, 65, 15, 49, 53, 91, 70, 74, 20, 22, -1530, 22, 415, 96, 22, 1117, 96, 60, 68, 70, 17, 70, 98, 51, 0, 20, 97, 51, 1, 53, 25, 2, 48, 92, 19, 70, 74, 20, 22, -7373, 22, 4503, 96, 22, 2882, 96, 60, 16, 70, 17, 70, 98, 51, 0, 20, 97, 51, 1, 53, 25, 2, 81, 84, 19, 70, 74, 20, 22, 5169, 22, -9153, 96, 22, 4022, 96, 60, 30, 70, 33, 25, 3, 48, 53, 70, 33, 25, 3, 81, 22, -7348, 22, 4861, 96, 22, 2489, 96, 19, 70, 33, 25, 3, 43, 22, -7830, 22, -2494, 96, 22, 10338, 96, 19, 70, 33, 25, 3, 75, 22, 6556, 22, -649, 96, 22, -5885, 96, 19, 70, 13, 51, 0, 25, 4, 33, 53, 71, 70, 83, 22, 8329, 22, -2927, 96, 22, -5402, 96, 21, 71, 70, 76, 15, 22, 187, 53, 83, 25, 5, 22, -3433, 22, 1157, 96, 22, 2292, 96, 53, 96, 72, 70, 47, 25, 6, 47, 32, 22, -47, 22, -1896, 96, 22, 1951, 96, 86, 53, 89, 57, 79, 77, 67, 12, 0, 77, 56, 62, 4, 30, 23, 45, 87, 9, 0, 45, 15, 62, 95, 16, 2, 51, 30, 44, 0, 51, 4, 24, 1, 7, 69, 24, 64, 5, 42, 77, 78, 0, 98, 77, 78, 1, 65, 6751, 65, -342, 81, 65, -6407, 81, 65, 5336, 65, -6432, 81, 65, 1128, 81, 72, 95, 13, 85, 42, 98, 77, 78, 1, 65, -310, 65, 8475, 81, 65, -8163, 81, 65, 32, 72, 88, 1, 42, 94, 24, 65, 5048, 65, -9090, 81, 65, 4050, 81, 2, 67, 42, 8, 24, 32, 2, 37, 42, 12, 71, 32, 16, 78, 2, 65, -5825, 65, -8303, 81, 65, 14128, 81, 47, 12, 34, 42, 16, 78, 2, 65, -4393, 65, -6070, 81, 65, 10467, 81, 56, 12, 34, 80, 30, 16, 78, 2, 65, -8374, 65, -5679, 81, 65, 14053, 81, 56, 12, 34, 42, 16, 78, 2, 65, 5472, 65, -7245, 81, 65, 1777, 81, 47, 12, 34, 42, 52, 24, 32, 2, 20, 93, 94, 60, 29, 2, 79, 92, 78, 62, 60, 1, 79, 59, 0, 29, -4658, 29, -4430, 87, 29, 9088, 87, 29, 6433, 29, 9036, 87, 29, -15213, 87, 48, 0, 85, 85, 97, 78, 27, 60, 1, 79, 29, 6857, 29, -8577, 87, 29, 1720, 87, 4, 29, -353, 29, -2847, 87, 29, 3456, 87, 42, 37, 99, 2, 7, 71, 62, 71, 30, 63, 0, 29, 12, 35, 32, 93, 1, 18, 8, 35, 178, 48, 93, 2, 8, 93, 3, 48, 85, 71, 36, 3, 62, 53, 4, 17, 92, 53, 5, 17, 35, 2, 53, 6, 17, 24, 71, 36, 2, 62, 53, 7, 17, 92, 53, 8, 17, 27, 71, 35, -1160, 35, -3905, 84, 35, 5067, 84, 21, 45, 9, 21, 45, 10, 14, 35, 5398, 35, 8267, 84, 35, -13661, 84, 78, 48, 84, 81, 71, 53, 11, 83, 71, 35, 6113, 35, -8607, 84, 35, 2494, 84, 22, 71, 41, 63, 61, 59, 21, 45, 9, 21, 45, 10, 14, 35, 4505, 35, -8459, 84, 35, 3957, 84, 78, 48, 31, 84, 83, 71, 3, 49, 35, -7624, 35, 707, 84, 35, 6918, 84, 76, 97, 95, 23, 61, 60, 21, 45, 9, 21, 45, 10, 14, 35, -7093, 35, -9161, 84, 35, 16256, 84, 78, 48, 31, 84, 83, 71, 56, 71, 3, 49, 97, 86, -66, 61, 69, 35, -8937, 35, -657, 84, 35, 9603, 84, 97, 95, 27, 61, 1, 45, 12, 35, -1991, 35, -3690, 84, 35, 5681, 84, 35, 3277, 35, -1882, 84, 35, -1386, 84, 61, 69, 76, 32, 84, 83, 71, 38, 63, 13, 45, 14, 61, 48, 94, 71, 23, 63, 13, 45, 15, 15, 48, 19, 71, 62, 71, 30, 63, 16, 29, 74, 48, 65, 44]
- , o = Og.exports;
-
- var genLocalTK = function (e) {
- for (var t, o, i = n, c = a, s = [], u = 0; ;)
- switch (c[u++]) {
- case 11:
- s.push(null);
- break;
- case 12:
- s.push(x);
- break;
- case 17:
- o = s.pop(),
- s[s.length - 1] += o;
- break;
- case 21:
- s.push(r[c[u++]]);
- break;
- case 23:
- s.push({});
- break;
- case 24:
- s.push(_);
- break;
- case 28:
- s.push(t);
- break;
- case 29:
- s[s.length - 1] = s[s.length - 1][r[c[u++]]];
- break;
- case 35:
- return;
- case 46:
- null != s[s.length - 2] ? (s[s.length - 3] = i.call(s[s.length - 3], s[s.length - 2], s[s.length - 1]),
- s.length -= 2) : (o = s[s.length - 3],
- s[s.length - 3] = o(s[s.length - 1]),
- s.length -= 2);
- break;
- case 49:
- null != s[s.length - 1] ? s[s.length - 2] = i.call(s[s.length - 2], s[s.length - 1]) : (o = s[s.length - 2],
- s[s.length - 2] = o()),
- s.length--;
- break;
- case 50:
- s.push(j);
- break;
- case 51:
- return s.pop();
- case 53:
- s.push(e);
- break;
- case 64:
- t = s[s.length - 1];
- break;
- case 79:
- s.pop();
- break;
- case 99:
- s[s.length - 2][r[c[u++]]] = s[s.length - 1],
- s[s.length - 2] = s[s.length - 1],
- s.length--
- }
- };
- var i = o(nm)
- , c = o(cm)
- , s = o(Rk)
- , u = o(zk)
- , l = o(xm)
- , h = o(Om)
- , f = vx
- , g = o(eA.exports)
- , p = o(rA.exports)
- , v = o(tA.exports)
- , d = o($S.exports)
- , b = o(yA)
- , y = S;
- !function (e, t) {
- for (var r = S, n = e(); ;)
- try {
- if (569306 === (0,
- i.default)(r(173)) / 1 + (0,
- i.default)(r(175)) / 2 * (-(0,
- i.default)(r(188)) / 3) + -(0,
- i.default)(r(179)) / 4 * (-(0,
- i.default)(r(177)) / 5) + (0,
- i.default)(r(174)) / 6 * ((0,
- i.default)(r(184)) / 7) + -(0,
- i.default)(r(186)) / 8 + -(0,
- i.default)(r(180)) / 9 * ((0,
- i.default)(r(183)) / 10) + -(0,
- i.default)(r(176)) / 11 * ((0,
- i.default)(r(181)) / 12))
- break;
- n.push(n.shift())
- } catch (e) {
- n.push(n.shift())
- }
- }(w);
- var k = y(185)
- , m = ["01", "02", "03", "04", "05", "06", "07", "08"];
-
- function w() {
- var e = ["mdaWmdaWmda", "ndK0nZLNr3vswMW", "mta0mZy5owvft0Lhzq", "mta0odjODNngCKO", "ndbvqvzcq1i", "ode3m2DqBxjfta", "mZG3ndyZmhjSvxfsEa", "Bwf4", "nhPZsurozW", "nJCXmJaYovbVwKfNvW", "nJi2nhzjqMnZsq", "sZnYt3fntdbrCsze", "mtbIu0Xbuhi", "mZK2mKrLBwH2zG", "puyPp243qf1prLG2mMjunq", "nJe5nZa3mNjJuK5xrq"];
- return (w = function () {
- return e
- }
- )()
- }
-
- function _(e) {
- var t = y
- , r = b.default.str(e);
- r >>>= 0;
- var n = t(187) + r.toString(16);
- return n.substr(n.length - 8)
- }
-
- function S(e, t) {
- var r = w();
- return S = function (t, n) {
- var a = r[t -= 173];
- if (void 0 === S.zUShtv) {
- S.CXUmZy = function (e) {
- for (var t, r, n = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=", a = "", o = "", i = 0, c = 0; r = e.charAt(c++); ~r && (t = i % 4 ? 64 * t + r : r,
- i++ % 4) ? a += String.fromCharCode(255 & t >> (-2 * i & 6)) : 0)
- r = (0,
- s.default)(n).call(n, r);
- for (var l = 0, h = a.length; l < h; l++) {
- var f;
- o += "%" + (0,
- u.default)(f = "00" + a.charCodeAt(l).toString(16)).call(f, -2)
- }
- return decodeURIComponent(o)
- }
- ,
- e = arguments,
- S.zUShtv = !0
- }
- var o = t + r[0].substring(0, 2)
- , i = e[o];
- return i ? a = i : (a = S.CXUmZy(a),
- e[o] = a),
- a
- }
- ,
- S(e, t)
- }
-
- function E(e) {
- return (0,
- h.default)(Array.prototype).call(e, (function (e) {
- var t;
- return (0,
- u.default)(t = "00" + (255 & e).toString(16)).call(t, -2)
- }
- )).join("")
- }
-
- function C(e) {
- var t = new Uint8Array(e.length);
- return (0,
- l.default)(Array.prototype).call(t, (function (t, r, n) {
- n[r] = e.charCodeAt(r)
- }
- )),
- E(t)
- }
-
-
- function O(e) {
- return E(T(e))
- }
- getLocalTK = genLocalTK
- }();
直接调用getLocalTK,入参则是上面的get_fingerprint指纹值
5、第五部分,Sign签名
第五部分的Sign签名其实算比较复杂的一部分了,多参数参与了加密,核心算法实现如下:
- !function () {
- function t(e) {
- for (var t = "", r = 0; r < e.length;) {
- var n = e.charCodeAt(r++);
- t += n > 63 ? String.fromCharCode(24 ^ n) : 35 == n ? e.charAt(r++) : String.fromCharCode(n)
- }
- return t
- }
-
- var r = ["", t("|}~ymtl"), t("kljqv#gq~a"), t("hyjk}"), t("lwZyk}64"), t("GGhyjk}Lws}v"), t("uyl{p"), t("FC123E(C`+EC123E)+"), t("khtql"), t("G|}~ymtlYt#gwjqlpu"), t("{ytt"), "log", t("G|}zm#g"), "", t("TW[YTGYT_WJQLPUGHJ]^Q@"), "+", "x", t("GGyt#gwjqlpu"), t("|}~ymtl"), t("{ytt"), t("|}~ymtl"), t("{ytt"), t("rwqv"), "&", t("lwKljqv#g"), "log", t("G|}zm#g"), "key", ":", t("nytm}"), "", t("|}~ymtl"), t("~wjuyl"), "07", t("GqkVwjuyt"), t("GG#g}vS}a"), t("Glws}v"), t("G~qv#g}jhjqvl"), t("GyhhQ|"), t("yt#gwk"), t("lwKljqv#g"), t("#g}vTw{ytLS"), t("G|}~ymtlLws}v"), t("GG#g}v#D}~ymtlS}a"), t("GG#g}vKq#gv"), t("{ytt"), t("rwqv"), ",", t("]VNQJWVU]VL"), t("GG#g}vKq#gvHyjyuk"), "log", t("G|}zm#g"), "key", t("kq#gvKlj"), t("Gkls"), t("Gkl}"), t("p5kl"), t("GwvKq#gv"), t("{w|}"), t("u}kky#g}"), t("Gn}jkqwv"), "v", t("GGRKGK][MJQLAGN]JKQWV"), t("kmzGn"), t("}`l}v|"), t("]jj[w|}k"), t("_]V]JYL]GKQ_VYLMJ]G^YQT]#D"), t("LWS]VG]UHLA"), "key", t("}vn[wtt}{l"), t("G~qv#g}jhjqvl"), "fp", t("Gzm{s}l"), t("|}~ymtl"), "log", t("G|}zm#g"), t("}v{jahl"), t("hyjk}"), "01", "02", "03", "04", "05", "06", "07", "08", t("rwqv"), "", "iv", t("}v{w|}"), t("{qhp}jl}`l"), t("|}~ymtl"), t("ojyh"), t("v}`l"), t("hj}n"), 0, 5, 10, 13, "end", t("|}~ymtl"), t("GG{p}{sHyjyuk"), t("yzjmhl"), t("j}lmjv"), t("GGj}im}kl#D}hk"), t("GG{wtt}{l"), t("GGuys}Kq#gv"), "log", t("G|}zm#g"), "ms", t("{yl{p"), "t0", t("GwvKq#gv"), t("]jj[w|}k"), t("MVPYV#DT]#DG]JJWJ"), t("{w|}"), t("u}kky#g}"), t("Gn}jkqwv"), "v", t("GGRKGK][MJQLAGN]JKQWV"), t("kmzGn"), t("}`l}v|"), t("klwh")]
- , n = Function.prototype.call
- ,
- o = [75, 1, 29, 51, 66, 29, 41, 0, 21, 29, 91, 68, 76, 397, 15, 79, 29, 41, 0, 3, 96, 40, 96, 4, 96, 56, 96, 90, 96, 53, 29, 16, 30, 1, 44, 2, 6, 30, 1, 44, 3, 88, 29, 85, 30, 4, 22, 75, 44, 5, 3, 76, 6038, 76, 6806, 96, 76, -12828, 96, 76, 4468, 76, -656, 96, 76, -3784, 96, 35, 15, 15, 15, 72, 29, 57, 44, 6, 37, 7, 15, 84, 29, 81, 77, 43, 81, 76, 8106, 76, 2295, 96, 76, -10401, 96, 9, 33, 29, 23, 44, 8, 41, 0, 15, 50, 29, 31, 9, 71, 29, 41, 0, 18, 29, 88, 29, 48, 30, 1, 22, 26, 15, 44, 10, 26, 32, 36, 29, 88, 29, 85, 30, 11, 22, 31, 12, 91, 68, 76, 413, 15, 62, 96, 91, 68, 76, 376, 15, 96, 57, 96, 91, 68, 76, 405, 15, 96, 87, 96, 36, 29, 87, 43, 98, 31, 32, 15, 41, 69, 96, 12, 43, 64, 85, 0, 48, 28, 1, 26, 69, 26, 90, 32, 62, 30, 5, 43, 47, 92, 80, 33, 2, 2, 6, 3, 22, 85, 0, 46, 26, 33, 87, 4, 30, 51, 7, 98, 26, 75, 32, 72, 23, 33, 87, 4, 30, 46, 7, 98, 75, 32, 72, 12, 33, 87, 4, 30, 51, 7, 98, 75, 32, 72, 1, 72, 38, 50, 32, 91, 28, 5, 83, 95, 2, 50, 85, 2, 2, 8, 85, 3, 2, 40, 96, 87, 6, 31, 69, 23, 74, 7495, 74, -6716, 26, 74, -779, 26, 59, 68, 3, 69, 65, 32, 53, 62, 47, 35, 25, 35, 93, 98, 0, 53, 34, 75, 50, 1, 34, 14, 72, 50, 2, 8, 3, 75, 95, 35, 25, 35, 96, 98, 0, 53, 85, 88, 72, 50, 4, 58, 98, 0, 75, 4, 35, 25, 35, 69, 98, 5, 53, 73, 6, 91, 2, 26, 399, 75, 85, 80, 91, 2, 26, 414, 75, 80, 28, 80, 72, 35, 28, 10, 52, 76, 7, 0, 61, 1, 65, 76, 7, 2, 65, 75, 16, 93, 98, 84, 92, 0, 37, 84, 19, 84, 22, 26, 1, 67, 4, 91, 84, 19, 84, 14, 26, 2, 67, 38, 18, 76, 63, 406, 65, 90, 11, 84, 35, 92, 3, 53, 83, 84, 74, 4, 16, 24, 42, 36, 5, 74, 6, 74, 7, 20, 74, 8, 74, 9, 17, 36, 10, 4, 95, 3, 92, 0, 37, 82, 26, 42, 19, 84, 29, 26, 11, 67, 74, 7, 65, 25, 12, 84, 42, 36, 13, 74, 12, 74, 7, 20, 74, 8, 88, 37, 84, 69, 5, 84, 57, 16, 136, 42, 36, 14, 57, 45, 90, 21, 84, 19, 84, 3, 26, 1, 67, 45, 65, 36, 15, 45, 8, 90, 36, 16, 92, 17, 65, 2, 84, 40, 26, 18, 12, 84, 42, 36, 19, 62, 38, 35, 34, 88, 41, 84, 19, 84, 59, 26, 20, 67, 74, 21, 18, 76, 63, 375, 65, 19, 84, 27, 26, 1, 67, 69, 57, 32, 22, 62, 32, 23, 33, 32, 24, 52, 32, 25, 54, 32, 26, 76, 63, 1119, 63, -3077, 53, 63, 1960, 53, 58, 53, 90, 84, 69, 33, 32, 24, 52, 32, 25, 54, 32, 26, 5, 84, 42, 36, 27, 69, 19, 32, 28, 18, 76, 63, 394, 65, 32, 29, 69, 74, 30, 32, 31, 40, 26, 32, 32, 33, 32, 34, 65, 84, 86, 39, 82, 76, 74, 6, 95, 3, 74, 12, 16, 34, 42, 36, 27, 69, 31, 26, 35, 26, 36, 32, 28, 18, 76, 63, 373, 65, 32, 29, 69, 74, 30, 32, 31, 40, 26, 32, 32, 33, 32, 34, 65, 82, 32, 42, 36, 27, 69, 31, 26, 35, 26, 37, 32, 28, 18, 76, 63, 381, 65, 32, 29, 69, 74, 30, 32, 31, 40, 26, 32, 32, 33, 32, 34, 65, 84, 86, 39, 1, 24, 61, 0, 40, 41, 41, 52, 8, 61, 8, 89, 92, 0, 44, 45, 5394, 45, 7249, 87, 45, -12642, 87, 15, 39, 8, 69, 27, 1, 95, 2, 8, 69, 11, 83, 45, 415, 15, 27, 3, 3, 8, 69, 11, 83, 45, 368, 15, 19, 11, 83, 45, 365, 15, 69, 11, 83, 45, 368, 15, 19, 11, 83, 45, 365, 15, 19, 45, 6472, 45, -4012, 87, 45, -2460, 87, 24, 40, 12, 45, 9932, 45, -4858, 87, 45, -5073, 87, 67, 51, 14, 69, 11, 83, 45, 368, 15, 19, 11, 83, 45, 365, 15, 19, 3, 8, 61, 8, 46, 92, 4, 44, 69, 83, 45, -8946, 45, 8447, 87, 45, 501, 87, 10, 36, 8, 61, 8, 16, 92, 5, 44, 27, 6, 11, 83, 45, 421, 15, 31, 87, 12, 8, 42, 92, 4, 20, 7, 31, 70, 92, 4, 20, 8, 11, 83, 45, 389, 15, 15, 74, 70, 92, 4, 20, 8, 50, 8, 61, 13, 9, 94, 84, 13, 10, 94, 45, 2, 13, 11, 94, 45, 3, 13, 12, 94, 45, 4, 13, 13, 94, 45, 5, 13, 14, 94, 45, 6, 13, 15, 94, 45, 7, 13, 16, 94, 20, 17, 13, 18, 15, 15, 33, 19, 10, 18, 8, 62, 92, 4, 20, 20, 79, 92, 21, 15, 5, 82, 46, 24, 58, 24, 35, 24, 65, 24, 23, 24, 72, 86, 0, 42, 1, 75, 13, 11, 21, 1, 87, 21, 2, 87, 89, 91, 89, 28, 10, 91, 91, 60, 15, 36, 76, 194, 75, 75, 23, 0, 17, 1, 35, 186, 5, 2, 12, 3, 58, 4, 122, 5, 181, 6, 181, 43, 19, 25, 75, 47, 17, 1, 25, 85, 25, 80, 23, 7, 61, 32, 97, 25, 44, 3, 8, 98, 94, 51, 25, 79, 21, 91, 77, 58, 9, 75, 2, 5, 17, 0, 25, 76, 137, 75, 3, 9, 68, 10, 98, 78, 88, 44, 3, 11, 32, 25, 44, 3, 12, 32, 29, 25, 44, 3, 13, 79, 12, 78, 28, 25, 75, 3, 9, 68, 10, 85, 25, 7, 23, 14, 61, 83, 15, 31, 21, 2, 374, 94, 85, 25, 80, 23, 7, 61, 32, 74, 34, 56, 68, 16, 56, 78, 25, 85, 25, 46, 23, 7, 61, 4, 98, 90, 70, 78, 88, 75, 2, 10, 17, 1, 25, 75, 75, 3, 17, 47, 94, 17, 18, 25, 75, 3, 9, 68, 10, 44, 3, 19, 4, 89, 23, 20, 23, 21, 99, 22, 31, 21, 2, 401, 94, 75, 23, 18, 56, 99, 23, 4, 83, 24, 99, 25, 63, 23, 26, 99, 27, 99, 28, 94, 25, 98, 78, 88, 75, 3, 29, 32, 88, 55, 66, -195, 30]
- , i = a.exports
- , l = Og.exports;
- var v = l(Rk)
- , d = l(zk)
- , b = l(nm)
- , y = l(cm)
- , m = l(xm)
- , w = l(Om)
- , O = Lx
- , R = l($S.exports)
- , z = l(eA.exports)
- , L = l(tA.exports)
- , I = l(rA.exports)
- , B = l(cA.exports)
- , N = l(R_.exports)
- , G = l(sA.exports)
- , F = l(uA.exports)
- , H = l(hA.exports)
- , W = l(fA.exports)
- , U = vx;
-
- function Z(e, t) {
- var r = V();
- return Z = function (t, n) {
- var a = r[t -= 339];
- if (void 0 === Z.kfjFYr) {
- Z.VsajSZ = function (e) {
- for (var t, r, n = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=", a = "", o = "", i = 0, c = 0; r = e.charAt(c++); ~r && (t = i % 4 ? 64 * t + r : r,
- i++ % 4) ? a += String.fromCharCode(255 & t >> (-2 * i & 6)) : 0)
- r = (0,
- v.default)(n).call(n, r);
- for (var s = 0, u = a.length; s < u; s++) {
- var l;
- o += "%" + (0,
- d.default)(l = "00" + a.charCodeAt(s).toString(16)).call(l, -2)
- }
- return decodeURIComponent(o)
- }
- ,
- e = arguments,
- Z.kfjFYr = !0
- }
- var o = t + r[0].substring(0, 2)
- , i = e[o];
- return i ? a = i : (a = Z.VsajSZ(a),
- e[o] = a),
- a
- }
- ,
- Z(e, t)
- }
-
- function V() {
- var e = ["x19Yzxf1zxn0rgvWCYb1C2uGy2fJAguGzNaSigzWoG", "x19JB2XSzwn0igvUDKnVBgXLy3q9", "x19Yzxf1zxn0qwXNB3jPDgHTt25Jzq", "x19Yzxf1zxn0qwXNB3jPDgHTihjLCxvLC3qGC3vJy2vZCYeSignOzwnRig1LBw9YEsbMCdO", "x19HBgDVCML0Ag0", "nJuYodqWB0nXwfPp", "x19Yzxf1zxn0rgvWCW", "x19Nzw5tAwDUugfYyw1Z", "CgfYyw1ZigLZig5VDcbHihbSywLUig9IAMvJDa", "x19Yzxf1zxn0rgvWCYbYzxf1zxn0ihrVA2vUigzHAwXLzcWGzxjYB3i6ia", "CMvXDwvZDcb0B2TLBIbMywLSzwqGA2v5oG", "ihrVA2vUoG", "ExL5Eu1nzgq", "Bg9HzcbYywmGANmGzMfPBce", "x19WyxjZzufSz29YAxrOBq", "x19Yzxf1zxn0qwXNB3jPDgHTigvUDKnVBgXLy3q9", "CgfYyw1ZigLZigvTChr5igfMDgvYigv4y2X1zgLUzYaIDw5ZywzLiIbWyxjHBxm", "x19JAgvJA1bHCMfTCW", "nc43", "Bg9JywXFA2v5xZm", "x19Yzxf1zxn0qwXNB3jPDgHTt25JzsbRzxK6", "lcbYzxrYEsbUzxH0ihrPBwuU", "x19Yzxf1zxn0rgvWCYbMCM9TignHy2HLlcbLBMqU", "lcbJAgvJAYbZDg9YywDLigzWoG", "C2v0DgLUz3mUyxbWswqGBxvZDcbIzsbHig5VBI1LBxb0EsbZDhjPBMC", "x19JB2XSzwn0", "C2LNBG", "CxvLCNLtzwXLy3rVCG", "yNuY", "BdfMBa", "lcbZDg9YywDLrNa6", "zxH0zw5K", "Ahr0Chm6lY9ZDg9YywDLlJm2mgj1EwLTzY5JB20VD2vIy29UDgfPBMvYl21HAw4VANmTC2vJDxjPDhKTDJmTCMfJlMPZp3y9", "BwfPBI5ZAwDUi19Fzgv0zwn0Aw5N", "DxnLig5VCM1HBfrVA2vU", "x19Yzxf1zxn0rgvWCYWGx19WyxjZzufSz29YAxrOBsbYzxn1Bhq6", "z2vUzxjHDguGA2v5igzHAwXLza", "C2LNBIbLBgfWC2vKihrPBwuH", "x19TywTLu2LNBIWGCMvZDwX0oG", "lgv4ChjLC3m9", "mtq0mtC3nKjKwLDQwG", "x19WyxjZzvrVA2vU", "x19Yzxf1zxn0rgvWCYbLBMqU", "z2v0vg9Rzw5F", "Dg9Rzw4GAxmGzw1WDhK", "mcfa", "CMv0DxjUia", "lcbHBgDVoG", "lcbFBg9HzgvKx2nHy2HLCZO", "CgfYyw1ZigLZigvTChr5", "x19Yzxf1zxn0qwXNB3jPDgHTigvUzc4", "y3jLyxrLigLUC3rHBMnLihDPDgGGyxbWswq9", "x002wt9KDMzondbwtuzBwa", "CgfYyw1ZignVBNrHAw5ZihjLC2vYDMvKihbHCMfTig5HBwuU", "DgvZDcbLCNi", "ntC5mdG5B0PlCuTl", "x19TywTLu2LNBG", "C3vJy2vZCW", "x19Yzxf1zxn0qwXNB3jPDgHTihn0yxj0lG", "CYnS", "odDUoceT", "nteZode4mNDTwKjxBq", "x19Nzw5tAwDUlcbWyxjHBxntDhi6", "lcbLpq", "Dw5RBM93BIbLCNjVCI4", "x19PBMLdB25MAwC", "nduXmtiWBhHjDKDU", "Bg9HzcbYywmGANmGC3vJy2vZCYe", "lgTLEt0", "ExL5Eu1nzgrOAg1TC3ntu1m", "mtGXnZm0nKrtDKPRwG", "x19Yzxf1zxn0rgvWCYbZDgfYDc4", "x19Nzw5tAwDU", "lcb0B2TLBJO", "lcbMCdO", "mZe0mdGYsuHeC3rs", "x19Nzw5ezwzHDwX0s2v5igLUChv0pq", "lcbZAwDUzwrtDhi6", "yNuX", "x19Nzw5ezwzHDwX0s2v5", "BwfPBI5ZAwDUi19FCMvXDwvZDerLChm", "x19Yzxf1zxn0qwXNB3jPDgHT", "x19Yzxf1zxn0rgvWCYb1C2uGBMv3igzWlcbMCdO"];
- return (V = function () {
- return e
- }
- )()
- }
-
- var X = Z;
- (function (e, t) {
- for (var r = Z, n = e(); ;)
- try {
- if (296934 === -(0,
- b.default)(r(392)) / 1 + -(0,
- b.default)(r(342)) / 2 + -(0,
- b.default)(r(412)) / 3 + (0,
- b.default)(r(377)) / 4 + -(0,
- b.default)(r(403)) / 5 + (0,
- b.default)(r(407)) / 6 + (0,
- b.default)(r(398)) / 7)
- break;
- n.push(n.shift())
- } catch (e) {
- console.log(e)
- n.push(n.shift())
- }
- }
- )(V);
-
- var __parseToken = function (e, t, r) {
- return e ? vk(e).call(e, t, r) : ""
- }
- , _defaultAlgorithm = {
- local_key_1: CryptoJS.MD5,
- local_key_2: CryptoJS.SHA256,
- local_key_3: CryptoJS.HmacSHA256
- }
- , algos = {
- MD5: CryptoJS.MD5,
- SHA256: CryptoJS.SHA256,
- SHA512: CryptoJS.SHA512,
- HmacSHA256: CryptoJS.HmacSHA256,
- HmacSHA512: CryptoJS.HmacSHA512,
- HmacMD5: CryptoJS.HmacMD5
- }
- , __algorithm = function (e, t, r) {
- var n = X
- , a = this._defaultAlgorithm[e];
- return e === 'local_key_3' ? a(t, r).toString(CryptoJS.enc.Hex) : a(t).toString(CryptoJS.enc.Hex)
- };
- var _this = {
- __parseToken: __parseToken,
- __algorithm: __algorithm,
- _defaultAlgorithm: _defaultAlgorithm,
- algos: algos
- };
-
- var genDefaultKey = function (e, t, a, i) {
- for (var c, s, u, l, h, f, g, p, d, b, y, k, w = n, _ = o, x = [], S = 0; ;)
- switch (_[S++]) {
- case 1:
- c = x[x.length - 1];
- break;
- case 3:
- x.push(e);
- break;
- case 4:
- x.push(a);
- break;
- case 6:
- x.push(R);
- break;
- case 9:
- x[x.length - 2] = x[x.length - 2][x[x.length - 1]],
- x.length--;
- break;
- case 15:
- null != x[x.length - 2] ? (x[x.length - 3] = w.call(x[x.length - 3], x[x.length - 2], x[x.length - 1]),
- x.length -= 2) : (k = x[x.length - 3],
- x[x.length - 3] = k(x[x.length - 1]),
- x.length -= 2);
- break;
- case 16:
- x.push(L);
- break;
- case 18:
- y = x[x.length - 1];
- break;
- case 21:
- u = x[x.length - 1];
- break;
- case 22:
- x.push(void 0);
- break;
- case 23:
- x.push(p);
- break;
- case 26:
- x.push(d);
- break;
- case 29:
- x.pop();
- break;
- case 30:
- x[x.length - 1] = x[x.length - 1][r[_[S++]]];
- break;
- case 31:
- x.push(_this[r[_[S++]]]);
- break;
- case 32:
- x.push((function (t) {
- var a, i, s, l, f = n, g = o, p = [], d = 162;
- e: for (; ;)
- switch (g[d++]) {
- case 2:
- p[p.length - 3][p[p.length - 2]] = p[p.length - 1],
- p.length -= 2;
- break;
- case 5:
- p[p.length - 2] = p[p.length - 2][p[p.length - 1]],
- p.length--;
- break;
- case 7:
- p.push(e);
- break;
- case 8:
- p.push(1);
- break;
- case 12:
- p[p.length - 1] = !p[p.length - 1];
- break;
- case 15:
- p.push(isNaN);
- break;
- case 23:
- p[p.length - 4] = f.call(p[p.length - 4], p[p.length - 3], p[p.length - 2], p[p.length - 1]),
- p.length -= 3;
- break;
- case 26:
- s = p.pop(),
- p[p.length - 1] += s;
- break;
- case 28:
- p[p.length - 1] = p[p.length - 1][r[13 + g[d++]]];
- break;
- case 30:
- p.push(i);
- break;
- case 31:
- p.push(a);
- break;
- case 32:
- p.pop();
- break;
- case 33:
- p.push(c);
- break;
- case 40:
- a = p[p.length - 1];
- break;
- case 41:
- p.push(null);
- break;
- case 43:
- p.pop() ? ++d : d += g[d];
- break;
- case 46:
- p.push(u);
- break;
- case 48:
- p.push(O);
- break;
- case 50:
- p.push(0);
- break;
- case 51:
- p.push(h);
- break;
- case 53:
- return;
- case 59:
- s = p.pop(),
- p[p.length - 1] = p[p.length - 1] >= s;
- break;
- case 62:
- p.push(b);
- break;
- case 65:
- y = p[p.length - 1];
- break;
- case 68:
- p[p.length - 1] ? (++d,
- --p.length) : d += g[d];
- break;
- case 69:
- p.push(t);
- break;
- case 72:
- d += g[d];
- break;
- case 74:
- p.push(g[d++]);
- break;
- case 75:
- u = p[p.length - 1];
- break;
- case 80:
- for (s = p.pop(),
- l = 0; l < g[d + 1]; ++l)
- if (s === r[13 + g[d + 2 * l + 2]]) {
- d += g[d + 2 * l + 3];
- continue e
- }
- d += g[d];
- break;
- case 83:
- p.push(void 0);
- break;
- case 85:
- p.push(r[13 + g[d++]]);
- break;
- case 87:
- p.push(p[p.length - 1]),
- p[p.length - 2] = p[p.length - 2][r[13 + g[d++]]];
- break;
- case 90:
- i = p[p.length - 1];
- break;
- case 91:
- p.push(v);
- break;
- case 92:
- p.push(y);
- break;
- case 95:
- p.push(new Array(g[d++]));
- break;
- case 96:
- null != p[p.length - 2] ? (p[p.length - 3] = f.call(p[p.length - 3], p[p.length - 2], p[p.length - 1]),
- p.length -= 2) : (s = p[p.length - 3],
- p[p.length - 3] = s(p[p.length - 1]),
- p.length -= 2);
- break;
- case 98:
- p[p.length - 5] = f.call(p[p.length - 5], p[p.length - 4], p[p.length - 3], p[p.length - 2], p[p.length - 1]),
- p.length -= 4
- }
- }
- ));
- break;
- case 33:
- p = x[x.length - 1];
- break;
- case 35:
- x[x.length - 5] = w.call(x[x.length - 5], x[x.length - 4], x[x.length - 3], x[x.length - 2], x[x.length - 1]),
- x.length -= 4;
- break;
- case 36:
- x[x.length - 4] = w.call(x[x.length - 4], x[x.length - 3], x[x.length - 2], x[x.length - 1]),
- x.length -= 3;
- break;
- case 37:
- x.push(new RegExp(r[_[S++]]));
- break;
- case 40:
- x.push(t);
- break;
- case 41:
- x.push(r[_[S++]]);
- break;
- case 43:
- return x.pop();
- case 44:
- x.push(x[x.length - 1]),
- x[x.length - 2] = x[x.length - 2][r[_[S++]]];
- break;
- case 48:
- x.push(m);
- break;
- case 50:
- d = x[x.length - 1];
- break;
- case 51:
- x.push(X);
- break;
- case 53:
- h = x[x.length - 1];
- break;
- case 56:
- x.push(i);
- break;
- case 57:
- x.push(f);
- break;
- case 62:
- x.push(h);
- break;
- case 66:
- s = x[x.length - 1];
- break;
- case 68:
- x.push(null);
- break;
- case 71:
- b = x[x.length - 1];
- break;
- case 72:
- f = x[x.length - 1];
- break;
- case 75:
- x.push(_this);
- break;
- case 76:
- x.push(_[S++]);
- break;
- case 77:
- x.pop() ? ++S : S += _[S];
- break;
- case 79:
- l = x[x.length - 1];
- break;
- case 81:
- x.push(g);
- break;
- case 84:
- g = x[x.length - 1];
- break;
- case 85:
- x.push(U);
- break;
- case 87:
- x.push(u);
- break;
- case 88:
- x.push(0);
- break;
- case 90:
- x.push(l);
- break;
- case 91:
- x.push(s);
- break;
- case 96:
- k = x.pop(),
- x[x.length - 1] += k;
- break;
- case 98:
- return
- }
- };
- var genSign = function (e, t) {
- for (var a, i, c, s, u = n, l = o, h = [], f = 272; ;)
- switch (l[f++]) {
- case 2:
- h.push(null);
- break;
- case 4:
- c = h[h.length - 1];
- break;
- case 8:
- h.push(r[20 + l[f++]]);
- break;
- case 10:
- return h.pop();
- case 14:
- h.push((function (e) {
- for (var t, n = o, a = [], i = 340; ;)
- switch (n[i++]) {
- case 7:
- a[a.length - 1] = a[a.length - 1][r[27 + n[i++]]];
- break;
- case 16:
- return;
- case 61:
- a.push(r[27 + n[i++]]);
- break;
- case 65:
- t = a.pop(),
- a[a.length - 1] += t;
- break;
- case 75:
- return a.pop();
- case 76:
- a.push(e)
- }
- }
- ));
- break;
- case 25:
- h.push(0);
- break;
- case 26:
- h.push(l[f++]);
- break;
- case 28:
- h.push(c);
- break;
- case 34:
- h.push(t);
- break;
- case 35:
- h.pop();
- break;
- case 47:
- a = h[h.length - 1];
- break;
- case 50:
- h.push(h[h.length - 1]),
- h[h.length - 2] = h[h.length - 2][r[20 + l[f++]]];
- break;
- case 52:
- return;
- case 53:
- h.push(void 0);
- break;
- case 58:
- h.push(z);
- break;
- case 62:
- h.push(X);
- break;
- case 69:
- h.push(U);
- break;
- case 72:
- h[h.length - 4] = u.call(h[h.length - 4], h[h.length - 3], h[h.length - 2], h[h.length - 1]),
- h.length -= 3;
- break;
- case 73:
- h.push(_this[r[20 + l[f++]]]);
- break;
- case 75:
- null != h[h.length - 2] ? (h[h.length - 3] = u.call(h[h.length - 3], h[h.length - 2], h[h.length - 1]),
- h.length -= 2) : (s = h[h.length - 3],
- h[h.length - 3] = s(h[h.length - 1]),
- h.length -= 2);
- break;
- case 80:
- s = h.pop(),
- h[h.length - 1] += s;
- break;
- case 85:
- h.push(i);
- break;
- case 88:
- h.push(e);
- break;
- case 91:
- h.push(a);
- break;
- case 93:
- h.push(w);
- break;
- case 95:
- i = h[h.length - 1];
- break;
- case 96:
- h.push(G);
- break;
- case 98:
- h[h.length - 1] = h[h.length - 1][r[20 + l[f++]]]
- }
- };
先调用genDefaultKey,入参是四个,分别是上面得到的Token、FP、APPID、时间戳+07拿到值,再调用签名函数getSign,入参数则是genDefaultKey的值加params,如下所示:
- params = {
- "functionId": "mzhprice_getCustomRealPriceInfoForColor",
- "appid": "search-pc-java",
- "client": "pc",
- "clientVersion": "1.0.0",
- "t": str(int(time.time() * 1000)),
- "body": '{"skuPriceInfoRequestList":[{"skuId":"10105124153052"},{"skuId":"10102973236034"},{"skuId":"10060158269227"},{"skuId":"10085438117915"},{"skuId":"100023408281"},{"skuId":"10034095072591"},{"skuId":"10099066159774"},{"skuId":"10102882832111"},{"skuId":"10081102086006"},{"skuId":"10102882779610"},{"skuId":"10105124220789"},{"skuId":"10102882813512"},{"skuId":"10102882813511"},{"skuId":"10105124218483"},{"skuId":"100114410144"},{"skuId":"10093665009265"},{"skuId":"10039552855611"},{"skuId":"10036842860178"},{"skuId":"11677624998"},{"skuId":"26616715173"}],"area":"19_1659_37260_37346","source":"search_pc","fields":"11101100111001"}',
- }
注意!其中body需要经过SHA256加密,实现算法如下所示:
- function GEN_SHA256(s) {
- var chrsz = 8;
- var hexcase = 0;
-
- function safe_add(x, y) {
- var lsw = (x & 0xFFFF) + (y & 0xFFFF);
- var msw = (x >> 16) + (y >> 16) + (lsw >> 16);
- return (msw << 16) | (lsw & 0xFFFF)
- }
-
- function S(X, n) {
- return (X >>> n) | (X << (32 - n))
- }
-
- function R(X, n) {
- return (X >>> n)
- }
-
- function Ch(x, y, z) {
- return ((x & y) ^ ((~x) & z))
- }
-
- function Maj(x, y, z) {
- return ((x & y) ^ (x & z) ^ (y & z))
- }
-
- function Sigma0256(x) {
- return (S(x, 2) ^ S(x, 13) ^ S(x, 22))
- }
-
- function Sigma1256(x) {
- return (S(x, 6) ^ S(x, 11) ^ S(x, 25))
- }
-
- function Gamma0256(x) {
- return (S(x, 7) ^ S(x, 18) ^ R(x, 3))
- }
-
- function Gamma1256(x) {
- return (S(x, 17) ^ S(x, 19) ^ R(x, 10))
- }
-
- function core_sha256(m, l) {
- var K = new Array(0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5, 0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5, 0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3, 0x72BE5D74, 0x80DEB1FE, 0x9BDC06A7, 0xC19BF174, 0xE49B69C1, 0xEFBE4786, 0xFC19DC6, 0x240CA1CC, 0x2DE92C6F, 0x4A7484AA, 0x5CB0A9DC, 0x76F988DA, 0x983E5152, 0xA831C66D, 0xB00327C8, 0xBF597FC7, 0xC6E00BF3, 0xD5A79147, 0x6CA6351, 0x14292967, 0x27B70A85, 0x2E1B2138, 0x4D2C6DFC, 0x53380D13, 0x650A7354, 0x766A0ABB, 0x81C2C92E, 0x92722C85, 0xA2BFE8A1, 0xA81A664B, 0xC24B8B70, 0xC76C51A3, 0xD192E819, 0xD6990624, 0xF40E3585, 0x106AA070, 0x19A4C116, 0x1E376C08, 0x2748774C, 0x34B0BCB5, 0x391C0CB3, 0x4ED8AA4A, 0x5B9CCA4F, 0x682E6FF3, 0x748F82EE, 0x78A5636F, 0x84C87814, 0x8CC70208, 0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2);
- var HASH = new Array(0x6A09E667, 0xBB67AE85, 0x3C6EF372, 0xA54FF53A, 0x510E527F, 0x9B05688C, 0x1F83D9AB, 0x5BE0CD19);
- var W = new Array(64);
- var a, b, c, d, e, f, g, h, i, j;
- var T1, T2;
- m[l >> 5] |= 0x80 << (24 - l % 32);
- m[((l + 64 >> 9) << 4) + 15] = l;
- for (var i = 0; i < m.length; i += 16) {
- a = HASH[0];
- b = HASH[1];
- c = HASH[2];
- d = HASH[3];
- e = HASH[4];
- f = HASH[5];
- g = HASH[6];
- h = HASH[7];
- for (var j = 0; j < 64; j++) {
- if (j < 16)
- W[j] = m[j + i];
- else
- W[j] = safe_add(safe_add(safe_add(Gamma1256(W[j - 2]), W[j - 7]), Gamma0256(W[j - 15])), W[j - 16]);
- T1 = safe_add(safe_add(safe_add(safe_add(h, Sigma1256(e)), Ch(e, f, g)), K[j]), W[j]);
- T2 = safe_add(Sigma0256(a), Maj(a, b, c));
- h = g;
- g = f;
- f = e;
- e = safe_add(d, T1);
- d = c;
- c = b;
- b = a;
- a = safe_add(T1, T2)
- }
- HASH[0] = safe_add(a, HASH[0]);
- HASH[1] = safe_add(b, HASH[1]);
- HASH[2] = safe_add(c, HASH[2]);
- HASH[3] = safe_add(d, HASH[3]);
- HASH[4] = safe_add(e, HASH[4]);
- HASH[5] = safe_add(f, HASH[5]);
- HASH[6] = safe_add(g, HASH[6]);
- HASH[7] = safe_add(h, HASH[7])
- }
- return HASH
- }
-
- function str2binb(str) {
- var bin = Array();
- var mask = (1 << chrsz) - 1;
- for (var i = 0; i < str.length * chrsz; i += chrsz) {
- bin[i >> 5] |= (str.charCodeAt(i / chrsz) & mask) << (24 - i % 32)
- }
- return bin
- }
-
- function Utf8Encode(string) {
- string = string.replace(/\r\n/g, "\n");
- var utftext = "";
- for (var n = 0; n < string.length; n++) {
- var c = string.charCodeAt(n);
- if (c < 128) {
- utftext += String.fromCharCode(c)
- } else if ((c > 127) && (c < 2048)) {
- utftext += String.fromCharCode((c >> 6) | 192);
- utftext += String.fromCharCode((c & 63) | 128)
- } else {
- utftext += String.fromCharCode((c >> 12) | 224);
- utftext += String.fromCharCode(((c >> 6) & 63) | 128);
- utftext += String.fromCharCode((c & 63) | 128)
- }
- }
- return utftext
- }
-
- function binb2hex(binarray) {
- var hex_tab = hexcase ? "0123456789ABCDEF" : "0123456789abcdef";
- var str = "";
- for (var i = 0; i < binarray.length * 4; i++) {
- str += hex_tab.charAt((binarray[i >> 2] >> ((3 - i % 4) * 8 + 4)) & 0xF) + hex_tab.charAt((binarray[i >> 2] >> ((3 - i % 4) * 8)) & 0xF)
- }
- return str
- }
-
- s = Utf8Encode(s);
- return binb2hex(core_sha256(str2binb(s), s.length * chrsz))
- };
调用GEN_SHA256把body参数拿出来丢进去最后toString一下
6、第六部分,版本号
7、第七部分,时间戳
接下来的六、七部分当然也就不需要给出思路了,一个版本号一个时间戳,大家自行生成即可!!!
8、第八部分,AES 上面参数经过AES加密生成
实现算法如下所示:
- function _aesEncrypt(data) {
- var i = CryptoJS.AES.encrypt(
- data,
- CryptoJS.enc.Utf8.parse('_M6Y?dvfN40VMF[X'), // 密钥
- {
- iv: CryptoJS.enc.Utf8.parse(["01", "02", "03", "04", "05", "06", "07", "08"].join(""))
- }
- );
- return CryptoJS.enc.Base64.encode(i.ciphertext)
- }
data是什么?是ENV构造的环境参数,包括版本号、指纹、设备信息的参数。
最后,我们来测试一下校验一下这JS的算法效果,如下所示:
图1(nodejs测试源码环境)
当前纯算法稳定!无任何601,当然算法不对就是601,也不全是!比如价格接口它是有TLS指纹校验的,请求的时候用三方模块处理一下即可!不然的话也会出现601。
技术支持:
UVHvvJozOTg0ODg3MuW+ruS/oe+8mmJ5YzYzNTLmiJZtZXRhYnljZueUteaKpe+8mmJ5YzAx (base64解码)
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/weixin_40725706/article/detail/717305
推荐阅读
相关标签
