|
首先说明一下:
我不知道大家遇到的 v5 都是什么样的,我就说下我遇到的。
我遇到的 v5 是一个 eval 里面包含一些 var 参数的声明定义其中包含(dynamicurl【姑且称之为 uri】,wzwsquestion【用来生成加密参数的】),然后就是 js 计算一下,生成一个 url,访问这个 url,如果加密数据计算正确的话,就会返回有效的 cookie,就会重定向到咱们的目标页了。
总结一下,这 v5 纯属体力活,把这种 _0x56ae('0x36', 'jo5I') 【姑且称之为解密函数吧】弄一下基本就好了,当然把 _0x56ae 的逻辑扣一下,然后写个正则什么的提取替换一波也挺好,或者也可以使用高大上的抽象语法树 AST 来做这个还原。
好了,废话说完了,接下来按照惯例直接上代码吧。
Talk is cheap,show me your code!
var dynamicurl="/WZWSREL2ZhbnhpcWlhbmp1LzEzNTE1My8xMzUxNTUvaW5kZXguaHRtbA==";var wzwsquestion="Dx[4S?Ph_5L<m9";var wzwsfactor="4973";var wzwsmethod="WZWS_METHOD";var wzwsparams="WZWS_PARAMS"; function _0x344cd4() { var _0x53d9fc = { 'GjCbS': function _0x1a0314(_0x33da81, _0xe25eb5) { return _0x33da81 < _0xe25eb5; }, 'JBFUL': function _0x1af799(_0x51aa2f, _0x2e4887) { return _0x51aa2f + _0x2e4887; } }; var _0x3c9135 = 0x0; var _0x43beea = 0x0; for (_0x43beea = 0x0; _0x53d9fc["GjCbS"](_0x43beea, wzwsquestion["length"]); _0x43beea++) { _0x3c9135 += wzwsquestion["charCodeAt"](_0x43beea); } _0x3c9135 *= wzwsfactor; _0x3c9135 += 0x1b207; return _0x53d9fc["JBFUL"]("WZWS_CONFIRM_PREFIX_LABEL", _0x3c9135); } // 夜幕论坛,【公众号】---->【NightTeam】【妄为写代码】 function _0x412a72(_0x2a28c0) { var _0x4257c9 = { 'bwGZX': "7|1|6|5|2|0|3|4", 'mGirf': function _0x2eb028(_0x5ab0bc, _0x5505f4) { return _0x5ab0bc < _0x5505f4; }, 'hOkXt': function _0x16449b(_0x22286c, _0x41c8cd) { return _0x22286c & _0x41c8cd; }, 'RJeYY': function _0x24beb6(_0x59303b, _0x576d3b) { return _0x59303b == _0x576d3b; }, 'cFxMb': function _0x45b03c(_0xadce3d, _0x5416a9) { return _0xadce3d >> _0x5416a9; }, 'spzgJ': function _0x3c313d(_0x19fd11, _0xcacabb) { return _0x19fd11 << _0xcacabb; }, 'VdlKD': function _0x2427d5(_0x23b25b, _0x23b39e) { return _0x23b25b & _0x23b39e; }, 'VDeWo': function _0x1ef1b0(_0x476993, _0x40dd2a) { return _0x476993 == _0x40dd2a; }, 'gHLRp': function _0x16afb3(_0x4bdebb, _0x1065a7) { return _0x4bdebb >> _0x1065a7; }, 'biRta': function _0x301047(_0x2ada60, _0x1c4232) { return _0x2ada60 | _0x1c4232; }, 'oKMpY': function _0x1d0b02(_0x547e37, _0x500868) { return _0x547e37 << _0x500868; }, 'HlUXJ': function _0x21902c(_0x16ae1a, _0x466bbf) { return _0x16ae1a >> _0x466bbf; }, 'vuJTm': function _0x2fea95(_0x34f7b5, _0x59e46f) { return _0x34f7b5 << _0x59e46f; }, 'lHuwG': function _0x1339d0(_0x3c775a, _0x3450ae) { return _0x3c775a >> _0x3450ae; }, 'fpeDs': function _0x52b661(_0x318fc3, _0x59aa7b) { return _0x318fc3 & _0x59aa7b; }, 'HqwlU': function _0x2144ca(_0x4799d4, _0x25b745) { return _0x4799d4 | _0x25b745; }, 'nPBKx': function _0x42b833(_0xe339b1, _0x5c500c) { return _0xe339b1 & _0x5c500c; }, 'ZRhVT': function _0xc9529d(_0x5ed560, _0x4383da) { return _0x5ed560 & _0x4383da; }, 'bdZKt': "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=" }; var _0x6c47cd = _0x4257c9["bwGZX"]["split"]('|') , _0x3a5836 = 0x0; while (!![]) { switch (_0x6c47cd[_0x3a5836++]) { case '0': _0x27d1f5 = ''; continue; case '1': var _0x27d1f5, _0x4262d0, _0xc876d4; continue; case '2': _0x4262d0 = 0x0; continue; case '3': while (_0x4257c9["mGirf"](_0x4262d0, _0xc876d4)) { _0x5526a7 = _0x4257c9["hOkXt"](_0x2a28c0['charCodeAt'](_0x4262d0++), 0xff); if (_0x4257c9['RJeYY'](_0x4262d0, _0xc876d4)) { _0x27d1f5 += _0x2097d8["charAt"](_0x4257c9["cFxMb"](_0x5526a7, 0x2)); _0x27d1f5 += _0x2097d8['charAt'](_0x4257c9["spzgJ"](_0x4257c9["VdlKD"](_0x5526a7, 0x3), 0x4)); _0x27d1f5 += '=='; break; } _0x138cf5 = _0x2a28c0['charCodeAt'](_0x4262d0++); if (_0x4257c9["VDeWo"](_0x4262d0, _0xc876d4)) { _0x27d1f5 += _0x2097d8["charAt"](_0x4257c9['gHLRp'](_0x5526a7, 0x2)); _0x27d1f5 += _0x2097d8["charAt"](_0x4257c9["biRta"](_0x4257c9["oKMpY"](_0x4257c9["VdlKD"](_0x5526a7, 0x3), 0x4), _0x4257c9["HlUXJ"](_0x4257c9["VdlKD"](_0x138cf5, 0xf0), 0x4))); _0x27d1f5 += _0x2097d8["charAt"](_0x4257c9["vuJTm"](_0x4257c9['VdlKD'](_0x138cf5, 0xf), 0x2)); _0x27d1f5 += '='; break; } _0x4093e6 = _0x2a28c0["charCodeAt"](_0x4262d0++); _0x27d1f5 += _0x2097d8["charAt"](_0x4257c9['lHuwG'](_0x5526a7, 0x2)); _0x27d1f5 += _0x2097d8['charAt'](_0x4257c9["biRta"](_0x4257c9['VdlKD'](_0x5526a7, 0x3) << 0x4, _0x4257c9["fpeDs"](_0x138cf5, 0xf0) >> 0x4)); _0x27d1f5 += _0x2097d8["charAt"](_0x4257c9["HqwlU"](_0x4257c9["vuJTm"](_0x4257c9['nPBKx'](_0x138cf5, 0xf), 0x2), _0x4257c9["ZRhVT"](_0x4093e6, 0xc0) >> 0x6)); _0x27d1f5 += _0x2097d8["charAt"](_0x4257c9['ZRhVT'](_0x4093e6, 0x3f)); } continue; case '4': return _0x27d1f5; case '5': _0xc876d4 = _0x2a28c0['length']; continue; case '6': var _0x5526a7, _0x138cf5, _0x4093e6; continue; case '7': var _0x2097d8 = _0x4257c9["bdZKt"]; continue; } break; } } function get_wzwschallenge(){ var _0xb14971 = _0x344cd4(); var _0x10ace8 = _0x412a72(_0xb14971); return _0x10ace8; } function get_uri_params(){ return dynamicurl + "?wzwschallenge=" + get_wzwschallenge(); } console.log(get_uri_params());
[ttreply]
萨瓦迪卡
[/ttreply]
欢迎关注我的公众号【妄为写代码】,一起交流学习
|
|