├── .gitignore ├── .idea ├── js逆向.iml ├── misc.xml ├── modules.xml └── vcs.xml ├── README.md ├── encryption_decryption_function.py ├── jsvmp原理 ├── demo.js ├── jsvmp.txt └── jvsmp_demo.js ├── jsvmp实战 ├── check-nm15.html ├── demo.py ├── jss-nm15.html ├── jsvmp补环境实战.txt └── 粘下来的代码.js ├── webpack与axios ├── dist_3 │ └── bundle.js ├── dist_4 │ └── bundle.js ├── dist_5 │ ├── main.js │ └── main.js.LICENSE.txt ├── webpack4扣下来的代码.js └── webpack与axios.txt ├── 初识js-Hook ├── hook.txt └── 第54题.py ├── 抠代码和补环境 ├── demo.js ├── js11的抠代码.js ├── 扣代码之方法暴露全局.txt └── 第55题 │ ├── 55题解题代码.py │ ├── node环境aes-ecb.js │ └── 硬抠AES-ECB代码.js ├── 无限debugger ├── hook_cookie.txt ├── 无限debuuger.txt └── 第1题.py ├── 混淆跟值 ├── Function_all.js ├── demo.js ├── md5.js ├── ob.js ├── 混淆跟值.txt ├── 第2题.js ├── 第2题.py ├── 第3题.js └── 第三题.py ├── 百度翻译逆向 ├── compute_sign.js ├── demo.js └── demo.py └── 补环境导论与实战 ├── 111.js ├── 11题eval里执行的函数抠出来js.txt ├── 11题第一次请求返回.js ├── 1、补环境导论.txt ├── demo.js ├── 第11题.js ├── 第11题.py └── 补环境实战-讲解13页面 ├── js13.js ├── js13.py ├── 蜜罐的处理.txt └── 补环境实战.txt /.gitignore: -------------------------------------------------------------------------------- 1 | *.apk 2 | *.ipa 3 | *.settings/ 4 | *.log 5 | *.idea 6 | *.iml 7 | *.xml -------------------------------------------------------------------------------- /.idea/js逆向.iml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 11 | -------------------------------------------------------------------------------- /.idea/misc.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 6 | 7 | -------------------------------------------------------------------------------- /.idea/modules.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /.idea/vcs.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | "# js-reverse" 2 | -------------------------------------------------------------------------------- /encryption_decryption_function.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | import base64 3 | import hashlib 4 | 5 | 6 | # 将数据转换成 base64编码 7 | def str_to_bs64(data: str): 8 | base64_string = base64.b64encode(data.encode()).decode() 9 | return base64_string 10 | 11 | 12 | # 将数据 进行 md5 加密, 并转换成 十六进制字符串 13 | def str_to_md5(data: str): 14 | # 将字符串编码并进行 MD5 加密 15 | hash_object = hashlib.md5(data.encode()) 16 | # 获取加密后的十六进制字符串 17 | hash_hex = hash_object.hexdigest() 18 | return hash_hex 19 | 20 | 21 | __all__ = ['str_to_bs64', 'str_to_md5'] 22 | -------------------------------------------------------------------------------- /jsvmp原理/demo.js: -------------------------------------------------------------------------------- 1 | window = global 2 | document = { 3 | all:{length: 22} 4 | } 5 | 6 | !function (a) { 7 | // 变量池 8 | let variable = {'window': window}; 9 | // 寄存器 10 | let register = ""; 11 | let left; 12 | let right; 13 | // 指令 14 | let instruct; 15 | 16 | function analysis(a) { 17 | if (a === 'a_a') { 18 | return register 19 | } 20 | if (typeof a !== 'string') { 21 | return variable[a[0]] 22 | } 23 | return a 24 | } 25 | 26 | for (i of a) { 27 | instruct = i[0]; 28 | switch (instruct) { 29 | case 166: 30 | variable[i[1]] = void 0; 31 | break; 32 | case 188: 33 | left = analysis(i[1]); 34 | right = analysis(i[2]); 35 | // 判断处理结果是否进寄存器 36 | if (i.at(-1) === 1 && i.length === 4) { 37 | register = left[right] 38 | } else { 39 | left[right] 40 | } 41 | break; 42 | case 222: 43 | left = analysis(i[1]) 44 | right = analysis(i[2]) 45 | variable[right] = left; 46 | break; 47 | case 355: 48 | if (i.at(-1) === 1 && i.length === 3) { 49 | register = typeof analysis(i[1]) 50 | } 51 | break; 52 | case 888: 53 | window[i[2]] = analysis(i[1]) 54 | break; 55 | } 56 | } 57 | }( 58 | [[166, 'a'], 59 | [188, ['window'], 'document', 1], 60 | [188, 'a_a', 'all', 1], 61 | [222, 'a_a', 'a'], 62 | [166, 'b'], 63 | [355, ['a'], 1], 64 | [222, 'a_a', 'b'], 65 | [166, 'c'], 66 | [188, ['a'], 'length', 1], 67 | [222, 'a_a', 'c'], 68 | [888, ['b'], 'sign1'], 69 | [888, ['c'], 'sign2']] 70 | ) 71 | console.log(window.sign1) 72 | console.log(window.sign2) -------------------------------------------------------------------------------- /jsvmp原理/jsvmp.txt: -------------------------------------------------------------------------------- 1 | 2 | 3 | 本节课基于 js高阶课第五节后半部分, jsvmp基础。没看过请提前看完 4 | 5 | 再回忆一下之前的内容 6 | 什么是 JSVMP? 7 | JSVMP 全称 Virtual Machine based code Protection for JavaScript,即 JS 代码虚拟化保护方案。 8 | 9 | JSVMP 的核心是在 JavaScript 代码保护过程中引入代码虚拟化思想,实现源代码的虚拟化过程,将目标代码转换成自定义的字节码,这些字节码只有特殊的解释器才能识别,隐藏目标代码的关键逻辑。 10 | 11 | 那么其实,JSVMP 说白的,就是: 12 | 解释器 + 自定义字节码 的组合 13 | 14 | 但是js没有办法真正意义上实现vmp化,所以只能模拟。 接下来我讲的是一种简单的模拟jsvmp的实现思路 15 | 那么我们先简简单单看下面的一段代码 16 | 17 | 18 | var a = document.all; 19 | var b = typeof a; 20 | var c = document.all.length; 21 | window.sign1 = b; 22 | window.sign2 = c; 23 | 24 | 首先,这段代码都是赋值指令,我们把这五句话进行一下拆解 25 | 26 | 1. var a(声明一个变量,变量名为a) 27 | 2. document (获取当前作用域/全局变量 document) 28 | 3. document.all (document 下的属性 all) 29 | 4. var a = document.all; (将document.all 赋值给变量 a) 30 | 5. var b(声明一个变量,变量名为b) 31 | 6. typeof a (取得typeof a的值) 32 | 7. var b = typeof a (将 typeof a的值赋值给 b) 33 | 8. var c(声明一个变量,变量名为c) 34 | 9. 重复 2 - 3 取document.all 后,取document.all的 length属性 (此处可优化为取 a.length) 35 | 10. var c = document.all.length; (将 document.all.length 赋值给c) 36 | 11. 将 b 赋值给 window.sign1 37 | 12. 将 c 赋值给 window.sign2 38 | 39 | 通过拆解之后,我们就明确了上面的代码究竟是在做些什么事情。那么接下来,我们分析他们都用到了什么相关的操作 40 | 41 | 1. 声明变量 42 | 2. 取window下的全局变量 43 | 3. 取变量的属性 44 | 4. 赋值 45 | 5. 声明变量 46 | 6. typeof 操作 47 | 7. 赋值 48 | 8. 声明变量 49 | 9. 取变量的属性 50 | 10 赋值 51 | 11. 赋值 52 | 12. 赋值 53 | 54 | 将上面的内容去重,我们就会得到如下用到的指令: 55 | 56 | 声明变量,取变量的属性,赋值,typeof操作 57 | 58 | 下面,我们随便将下面的指令设置一个序号(完全自定义) 59 | 60 | 166: 声明变量 61 | 188: 取变量的属性 62 | 222: 赋值 63 | 355: typeof操作 64 | 65 | 那么,我们之前的十个步骤,就可以抽象为下列的操作 66 | 67 | 166 ---> a 68 | 188 ---> window, document *** 寄存进内存 69 | 188 ---> 寄存内存(也就是 window.document), all *** 寄存进内存 70 | 222 ---> 寄存内存(也就是 window.document.all), a 71 | 166 ---> b 72 | 355 ---> a *** 寄存进内存 73 | 222 ---> 寄存内存(也就是 typeof a), b 74 | 166 ---> c 75 | 188 ---> a, length *** 寄存进内存 76 | 222 ---> 寄存内存(也就是 a.length), c 77 | 222 ---> b, window.sign1 78 | 222 ---> c, window.sign2 79 | 80 | 81 | 接下来,我们把上面十个操作抽象成指令集(指令数组), 82 | 用最后一个的 1, 0 来表示结果是否存储为寄存器临时变量。 83 | 为了方便我们学习和表示,我们把最后的两步全局变量赋值抽象成一个新指令,记为 888 84 | 还有一个问题,就是,我们有一些,需要从变量里面取值。所以我们需要进行一定的标记 85 | 86 | 166 ---> a 87 | 188 ---> window, document *** 寄存进内存 88 | 188 ---> 寄存内存(也就是 window.document), all *** 寄存进内存 89 | 222 ---> 寄存内存(也就是 window.document.all), a【~变量~】 90 | 166 ---> b 91 | 355 ---> a【~变量~】 *** 寄存进内存 92 | 222 ---> 寄存内存(也就是 typeof a), b【~变量~】 93 | 166 ---> c 94 | 188 ---> a【~变量~】, length *** 寄存进内存 95 | 222 ---> 寄存内存(也就是 a.length), c【~变量~】 96 | 888 ---> b【~变量~】, window.sign1 97 | 888 ---> c【~变量~】, window.sign2 98 | 99 | 万事俱备,将上面的抽象思想转化为实际应用数组 100 | 101 | [166, 'a'] 102 | [188, window, 'document', 1] 103 | [188, 寄存内存, 'all', 1] 104 | [222, 寄存内存, 'a'] 105 | [166, 'b'] 106 | [355, ['a'], 1] 107 | [222, 寄存内存, 'b'] 108 | [166, c] 109 | [188, ['a'], length, 1] 110 | [222, 寄存内存, 'c'] 111 | [888, ['b'], sign1] 112 | [888, ['c'], sign2] 113 | 114 | 115 | 指令写完后,我们开始按照指令操作写指示器 116 | 117 | 166: 声明变量 118 | 188: 取变量的属性 119 | 222: 赋值 120 | 355: typeof操作 121 | 888: 全局变量赋值操作 122 | 123 | 124 | debugger; 125 | !function (a){ 126 | let variable = {'window': window}; 127 | let register = ""; 128 | let left; 129 | let right; 130 | let instruct; 131 | 132 | function analysis(a){ 133 | if (a==='a_a'){ 134 | return register 135 | } 136 | if (typeof a !== 'string'){ 137 | return variable[a[0]] 138 | } 139 | return a 140 | } 141 | 142 | for(i of a){ 143 | instruct = i[0]; 144 | switch(instruct){ 145 | case 166: 146 | variable[i[1]] = void 0; 147 | break; 148 | case 188: 149 | left = analysis(i[1]); 150 | right = analysis(i[2]); 151 | // 判断处理结果是否进寄存器 152 | if (i.at(-1) === 1 && i.length === 4){ 153 | register = left[right] 154 | } 155 | else{ 156 | left[right] 157 | } 158 | break; 159 | case 222: 160 | left = analysis(i[1]) 161 | right = analysis(i[2]) 162 | variable[right] = left; 163 | break; 164 | case 355: 165 | if (i.at(-1) === 1 && i.length === 3){ 166 | register = typeof analysis(i[1]) 167 | } 168 | break; 169 | case 888: 170 | window[i[2]] = analysis(i[1]) 171 | break; 172 | } 173 | } 174 | }( 175 | [[166, 'a'], 176 | [188, ['window'], 'document', 1], 177 | [188, 'a_a', 'all', 1], 178 | [222, 'a_a', 'a'], 179 | [166, 'b'], 180 | [355, ['a'], 1], 181 | [222, 'a_a', 'b'], 182 | [166, 'c'], 183 | [188, ['a'], 'length', 1], 184 | [222, 'a_a', 'c'], 185 | [888, ['b'], 'sign1'], 186 | [888, ['c'], 'sign2']] 187 | ) 188 | 189 | 那么接下来,这个,是不是跟我们接触的东西不太像啊,因为它是一个最基本最简单的代码了 190 | 191 | 我们稍微处理一下它 192 | 193 | 194 | 195 | 196 | !function (a){ 197 | let variable = {'window': window}; 198 | let register = ""; 199 | let left; 200 | let right; 201 | let instruct; 202 | a = JSON.parse(atob(a)) 203 | function analysis(a){ 204 | if (a==='a_a'){ 205 | return register 206 | } 207 | if (typeof a !== 'string'){ 208 | return variable[a[0]] 209 | } 210 | return a 211 | } 212 | 213 | for(i of a){ 214 | instruct = i[0]; 215 | switch(instruct){ 216 | case 166: 217 | variable[i[1]] = void 0; 218 | break; 219 | case 188: 220 | left = analysis(i[1]); 221 | right = analysis(i[2]); 222 | // 判断处理结果是否进寄存器 223 | if (i.at(-1) === 1 && i.length === 4){ 224 | register = left[right] 225 | } 226 | else{ 227 | left[right] 228 | } 229 | break; 230 | case 222: 231 | left = analysis(i[1]) 232 | right = analysis(i[2]) 233 | variable[right] = left; 234 | break; 235 | case 355: 236 | if (i.at(-1) === 1 && i.length === 3){ 237 | register = typeof analysis(i[1]) 238 | } 239 | break; 240 | case 888: 241 | window[i[2]] = analysis(i[1]) 242 | break; 243 | } 244 | } 245 | }( 246 | 'W1sxNjYsImEiXSxbMTg4LFsid2luZG93Il0sImRvY3VtZW50IiwxXSxbMTg4LCJhX2EiLCJhbGwiLDFdLFsyMjIsImFfYSIsImEiXSxbMTY2LCJiIl0sWzM1NSxbImEiXSwxXSxbMjIyLCJhX2EiLCJiIl0sWzE2NiwiYyJdLFsxODgsWyJhIl0sImxlbmd0aCIsMV0sWzIyMiwiYV9hIiwiYyJdLFs4ODgsWyJiIl0sInNpZ24xIl0sWzg4OCxbImMiXSwic2lnbjIiXV0=' 247 | ) 248 | 249 | 这就是一个最简单的 jsvmp的demo,但是这个demo,我们的传值依然是明文的字符串。那么存在一定的伪装方案,比如: 250 | 251 | 252 | 253 | !function (a){ 254 | let variable = {'window': window}; 255 | let register = ""; 256 | let left; 257 | let right; 258 | let instruct; 259 | let decode_str = ''; 260 | for (i of a){ 261 | decode_str += String.fromCharCode(i) 262 | } 263 | a = decode_str; 264 | 265 | a = JSON.parse(atob(a)) 266 | function analysis(a){ 267 | if (a==='a_a'){ 268 | return register 269 | } 270 | if (typeof a !== 'string'){ 271 | return variable[a[0]] 272 | } 273 | return a 274 | } 275 | 276 | for(i of a){ 277 | instruct = i[0]; 278 | switch(instruct){ 279 | case 166: 280 | variable[i[1]] = void 0; 281 | break; 282 | case 188: 283 | left = analysis(i[1]); 284 | right = analysis(i[2]); 285 | // 判断处理结果是否进寄存器 286 | if (i.at(-1) === 1 && i.length === 4){ 287 | register = left[right] 288 | } 289 | else{ 290 | left[right] 291 | } 292 | break; 293 | case 222: 294 | left = analysis(i[1]) 295 | right = analysis(i[2]) 296 | variable[right] = left; 297 | break; 298 | case 355: 299 | if (i.at(-1) === 1 && i.length === 3){ 300 | register = typeof analysis(i[1]) 301 | } 302 | break; 303 | case 888: 304 | window[i[2]] = analysis(i[1]) 305 | break; 306 | } 307 | } 308 | }( 309 | [87,49,115,120,78,106,89,115,73,109,69,105,88,83,120,98,77,84,103,52,76,70,115,105,100,50,108,117,90,71,57,51,73,108,48,115,73,109,82,118,89,51,86,116,90,87,53,48,73,105,119,120,88,83,120,98,77,84,103,52,76,67,74,104,88,50,69,105,76,67,74,104,98,71,119,105,76,68,70,100,76,70,115,121,77,106,73,115,73,109,70,102,89,83,73,115,73,109,69,105,88,83,120,98,77,84,89,50,76,67,74,105,73,108,48,115,87,122,77,49,78,83,120,98,73,109,69,105,88,83,119,120,88,83,120,98,77,106,73,121,76,67,74,104,88,50,69,105,76,67,74,105,73,108,48,115,87,122,69,50,78,105,119,105,89,121,74,100,76,70,115,120,79,68,103,115,87,121,74,104,73,108,48,115,73,109,120,108,98,109,100,48,97,67,73,115,77,86,48,115,87,122,73,121,77,105,119,105,89,86,57,104,73,105,119,105,89,121,74,100,76,70,115,52,79,68,103,115,87,121,74,105,73,108,48,115,73,110,78,112,90,50,52,120,73,108,48,115,87,122,103,52,79,67,120,98,73,109,77,105,88,83,119,105,99,50,108,110,98,106,73,105,88,86,48,61] 310 | ) 311 | 312 | 接下来压缩一下 313 | 314 | !function(yrx_vmpi){let yrx_vmpe={window:window};let yrx_vmpt="";let yrx_vmpr;let yrx_vmpa;let yrx_vmpo;let yrx_vmpn="";for(i of yrx_vmpi){yrx_vmpn+=String.fromCharCode(i)}yrx_vmpi=yrx_vmpn;yrx_vmpi=JSON.parse(atob(yrx_vmpi));function yrx_vmpf(yrx_vmpi){if(yrx_vmpi==="a_a"){return yrx_vmpt}if(typeof yrx_vmpi!=="string"){return yrx_vmpe[yrx_vmpi[0]]}return yrx_vmpi}for(i of yrx_vmpi){yrx_vmpo=i[0];switch(yrx_vmpo){case 166:yrx_vmpe[i[1]]=void 0;break;case 188:yrx_vmpr=yrx_vmpf(i[1]);yrx_vmpa=yrx_vmpf(i[2]);if(i.at(-1)===1&&i.length===4){yrx_vmpt=yrx_vmpr[yrx_vmpa]}else{yrx_vmpr[yrx_vmpa]}break;case 222:yrx_vmpr=yrx_vmpf(i[1]);yrx_vmpa=yrx_vmpf(i[2]);yrx_vmpe[yrx_vmpa]=yrx_vmpr;break;case 355:if(i.at(-1)===1&&i.length===3){yrx_vmpt=typeof yrx_vmpf(i[1])}break;case 888:window[i[2]]=yrx_vmpf(i[1]);break}}}([87,49,115,120,78,106,89,115,73,109,69,105,88,83,120,98,77,84,103,52,76,70,115,105,100,50,108,117,90,71,57,51,73,108,48,115,73,109,82,118,89,51,86,116,90,87,53,48,73,105,119,120,88,83,120,98,77,84,103,52,76,67,74,104,88,50,69,105,76,67,74,104,98,71,119,105,76,68,70,100,76,70,115,121,77,106,73,115,73,109,70,102,89,83,73,115,73,109,69,105,88,83,120,98,77,84,89,50,76,67,74,105,73,108,48,115,87,122,77,49,78,83,120,98,73,109,69,105,88,83,119,120,88,83,120,98,77,106,73,121,76,67,74,104,88,50,69,105,76,67,74,105,73,108,48,115,87,122,69,50,78,105,119,105,89,121,74,100,76,70,115,120,79,68,103,115,87,121,74,104,73,108,48,115,73,109,120,108,98,109,100,48,97,67,73,115,77,86,48,115,87,122,73,121,77,105,119,105,89,86,57,104,73,105,119,105,89,121,74,100,76,70,115,52,79,68,103,115,87,121,74,105,73,108,48,115,73,110,78,112,90,50,52,120,73,108,48,115,87,122,103,52,79,67,120,98,73,109,77,105,88,83,119,105,99,50,108,110,98,106,73,105,88,86,48,61]); 315 | 316 | 接下来就不给大家写了,直接给大家口述,vmp的常见附加情况 317 | 318 | 1. 数组不显示明文 319 | 320 | 即: [166, 'a'] 实际显示为: [166, 97] (String.fromCharCode(97) 为 'a') 321 | 322 | 2. 数组栈是随机栈,有一个控制系统,先压栈再解栈 323 | 324 | 1 ---> 2 ---> 3 ---> 4 ----> 5 ----> 6 325 | 2 ---> 1 ---> 6 ---> 3 ----> 5 ----> 4 326 | 327 | 3. 不止一个寄存器 328 | 329 | 不止一个寄存器还叫寄存器么? emmmm..... 330 | 331 | 4. 外层加壳 332 | 333 | jsvmp加壳后是非常难处理的,比如。让我们js盾一下 334 | 335 | 336 | eval(function(q,y){var n,M,c,Z,r,b,i,t,$,h,v,e,f,o,l,G,a,u=0,g=0,s={},Q="call",B="apply",d=Q.charAt,J=Q.charCodeAt,p=Q.slice,E=[].join,C=[].push,k=Math.sin,I=JSON.stringify,j=Math.random,U=String.fromCharCode,L=1..toString,w=function(q,y){var n,M=[];for(n=0;n1<"==i?"":"a"==i?J[Q](q,u++)-1?"(new "+x()+"("+E[Q](_(),",")+"))":"new "+x()+"("+E[Q](_(),",")+")":"y"==i?J[Q](q,u++)-1?"("+(x()+(((n=J[Q](q,u++)-1)||q)&&p[Q](q,u,u+=n))+x())+")":x()+(((n=J[Q](q,u++)-1)||q)&&p[Q](q,u,u+=n))+x():""==i?"this":"3"==i?"null":"("==i?J[Q](q,u++)-1?"true":"false":"<"==i?J[Q](q,u++)-1?"("+x()+"?"+x()+":"+x()+")":x()+"?"+x()+":"+x():""==i?(r=J[Q](q,u++)-1)<5?G[0](107)+(e++%4==0?"["+G[4]:"[")+(((c[Z=M()]=b[r]())||M)&&Z)+"]":G[0](33)+"("+G[0](107)+(e++%4==0?"["+G[4]:"[")+(((c[Z=M()]=b[r]())||M)&&Z)+"])":"E"==i?I(c):""==i?f[J[Q](q,u++)-1]:void 0}return(((M=function(){var q,n;function M(){var M,c=[];for(M=0;M<16;M++)c[M]=M;((q=function(){var q,M,c;for(q=0;qt))||3)&&41==r&&H.$[8](3,Z,!0)&&0||35==r&&H.$[8](3,Z,q[n++])||1)&&((42==r&&((t=H.$[8](4,Z))&&y||H.$[8](3,Z,H.$[8](4,Z)*t))||1)&&(45==r&&H.$[8](3,Z,[])||10)&&(20==r&&H.$[8](3,Z,c[H.$[8](4,Z)])||4)&&(50==r&&((t=H.$[8](4,Z))&&y||H.$[8](3,Z,H.$[8](4,Z)^t))||5)&&(39==r&&H.$[8](3,Z,-H.$[8](4,Z))||8)&&(24==r&&(i=Z[Z.length-1])||1)&&18==r&&H.$[8](3,Z,typeof H.$[8](4,Z))&&y||4==r&&((t=H.$[8](4,Z))||10)&&1&&(0==($=q[n++])?M[0][0][t]=H.$[8](4,Z):Z[$]=H.$[8](4,Z))&&y||48==r&&((t=H.$[8](4,Z))&&y||H.$[8](3,Z,H.$[8](4,Z)>>t))&&y||11==r&&((t=H.$[8](4,Z))&&y||1)&&H.$[8](3,Z,H.$[8](4,Z)<=t))&&0||(7==r&&((t=H.$[8](4,Z))||7)&&H.$[8](3,Z,H.$[8](4,Z)/t)||7)&&(13==r&&((t=H.$[8](4,Z))&&0||1)&&H.$[8](3,Z,H.$[8](4,Z)+t)&&y||27==r&&(b=!0)||7)&&37==r&&(c=[])&&0||25==r&&((t=H.$[8](4,Z))&&y||H.$[8](3,Z,H.$[8](4,Z)|t))&&y||((17==r&&((t=H.$[8](4,Z))&&y||($=H.$[8](4,Z))&&y||H.$[8](7,Z,$,t,H.$[8](4,Z)?t[$]:undefined))||10)&&3==r&&((t=H.$[8](4,Z))&&y||H.$[8](3,Z,H.$[8](4,Z)-t))&&0||30==r&&H.$[8](3,Z,!H.$[8](4,Z))&&y||36==r&&((t=H.$[8](4,Z))||6)&&1&&(($=H.$[8](4,Z))&&y||1)&&(-1!=M.indexOf(t)?H.$[8](3,Z,!1):H.$[8](3,Z,delete t[$]))||9)&&23==r&&H.$[8](3,Z,{})&&y||16==r&&(Z[Z.length-1]+=String.fromCharCode(85^q[n++]))&&y||19==r&&H.$[8](3,Z,Z[H.$[8](4,Z)])&&y||(46==r&&((q=H.$[8](6,q,n))&&y||(n=0))&&y||40==r&&((t=Z[Z.length-1])&&y||1)&&((Z[Z.length-1]=Z[Z.length-2])&&y||1)&&(Z[Z.length-2]=t)&&y||44==r&&((t=H.$[8](4,Z))&&0||1)&&H.$[8](3,Z,H.$[8](4,Z)&t))&&y||(34==r&&((t=H.$[8](4,Z))&&y||($=H.$[8](4,Z))&&0||(h=H.$[8](4,Z))&&y||H.$[8](3,Z,function e(){var n,Z,r=[this,arguments,e];for(((r.length=h+3)||10)&&((n=(n=r[1].length)<$?n:$)&&y||(Z=0));Za&&1==u?"":_?((s=n++%3==0?"{"+q:"{")||6)&&(0===f?s:((J=r(b,B=t++,$,h,v,f,o,l,a,_,g+0))&&y||(E=b[B])||1)&&((C=r(b,B=t++,$,h,v,f,o,l,a,_,g+_))||6)&&(k=b[B])&&y||(J||C?C?(I=G[0](107)+(e++%4==0?"["+G[4]:"[")+(((c[Z=M()]=$(_+g))||M)&&Z)+"]")&&0||(J=g+_>a&&1==u?"":J)&&y||(C=g+_>a&&1==u?"":C)&&y||((b[i]=1==E&&1==k?1:0)&&J&&C?o+"<"+I+"?"+J+":"+C:"if("+o+"<"+I+")"+(E?J+";":s+J+"}")+"else"+(k?" "+C+";":s+C+"}")):((b[i]=E)||9)&&(g+_>a&&1==u?"":J):"")):f[g]?f[g][2]?(b[i]=1)&&y||"("+f[g][4]+")?"+($(f[g][2][0])-$(f[g][0])>0?o+"+="+G[0](107)+(e++%4==0?"["+G[4]:"[")+(((c[Z=M()]=$(f[g][2][0])-$(f[g][0]))||M)&&Z)+"]":o+"-="+G[0](107)+(e++%4==0?"["+G[4]:"[")+(((c[Z=M()]=$(f[g][0])-$(f[g][2][0]))||M)&&Z)+"]")+":"+($(f[g][2][1])-$(f[g][0])>0?o+"+="+G[0](107)+(e++%4==0?"["+G[4]:"[")+(((c[Z=M()]=$(f[g][2][1])-$(f[g][0]))||M)&&Z)+"]":o+"-="+G[0](107)+(e++%4==0?"["+G[4]:"[")+(((c[Z=M()]=$(f[g][0])-$(f[g][2][1]))||M)&&Z)+"]"):f[g][4]&&"break"!==f[g][4]&&"continue"!==f[g][4]?"v v v"===f[g][4]?((b[i]=2)||1)&&(v?"break":"return"):"return "==p[Q](f[g][4],0,7)?((b[i]=2)||4)&&(";"==d[Q](f[g][4],f[g][4].length-1)?p[Q](f[g][4],0,-1):f[g][4]):(f[g][3]&&((j=f[g][3][0])&&y||(U=f[g][3][1])&&y||(L=G[0](107)+(e++%4==0?"["+G[4]:"[")+(((c[Z=M()]=$(l[j][U]+.1))||M)&&Z)+"]")&&y||(f[g][4]=p[Q](f[g][4],0,-1)+L+")"))||6)&&((b[i]=f[g][5]||0)?((w=f[g][4])||8)&&(";"==d[Q](w,w.length-1)&&(w=p[Q](w,0,-1))||9)&&"(("+w+")||1)&&("+($(f[g][1])-$(f[g][0])>0?o+"+="+G[0](107)+(e++%4==0?"["+G[4]:"[")+(((c[Z=M()]=$(f[g][1])-$(f[g][0]))||M)&&Z)+"]":o+"-="+G[0](107)+(e++%4==0?"["+G[4]:"[")+(((c[Z=M()]=$(f[g][0])-$(f[g][1]))||M)&&Z)+"]")+")":f[g][4]+";"+($(f[g][1])-$(f[g][0])>0?o+"+="+G[0](107)+(e++%4==0?"["+G[4]:"[")+(((c[Z=M()]=$(f[g][1])-$(f[g][0]))||M)&&Z)+"]":o+"-="+G[0](107)+(e++%4==0?"["+G[4]:"[")+(((c[Z=M()]=$(f[g][0])-$(f[g][1]))||M)&&Z)+"]")):(b[i]=1)&&y||($(f[g][1])-$(f[g][0])>0?o+"+="+G[0](107)+(e++%4==0?"["+G[4]:"[")+(((c[Z=M()]=$(f[g][1])-$(f[g][0]))||M)&&Z)+"]":o+"-="+G[0](107)+(e++%4==0?"["+G[4]:"[")+(((c[Z=M()]=$(f[g][0])-$(f[g][1]))||M)&&Z)+"]"):(b[i]=0)&&0||""}},function(q){var y=0,n={};return function(M,c){if(M){if(n[M])return n[M];var Z=(13*q|1)*(y+++21*q)%262144;return n[M]=c?Z:h+Z}}},function(q,y){return function(n){return 1e5*(n+(3.7+(-4|~q))*k(n)+y)^0}},function(q){return function(y){var n,M,c,Z=[];for(n=0;n=0?Z[q]:q}}},function(q,y,n,M){var c,Z,r;if((M=q+(y?o.length:0))in l)c=l[M];else if(y){for((c="")&&0||(Z=0);Z528ZwDNZP{ZqCGZEuqZ cdnorElZQb`Z\rmWZ BZ> ZK&/$->\"ZZhmZV!'<;2Zv\r66Zy@MZ+Z!ZBpqZt@AZzKHZ\"Zb\0\rZtZT``ZhV_Z/,Z]mjZTajZaQQZYiaZ0Zm_XZ/\nO\\I[CK@Z]Z %ZJZ%Z!#ZJ{}ZXeeZUfbZZjoZZ :67*-+,:-6+Zr7]Zoxihos=sxj=[5ZvZS~Z)Z-2-ZknhsZ\\+4+Z)KGFKI\\Zo\r ZaURZ> ZKsZ^hkZ-Z\"ZFpqZcTRZ(ZN||uZJx{~ZyK@Z6\0ZbXPZ//.Z)-!Z.Z&Z6ZdQ[PZ>::ZQebfZ $\"ZEqvqZBuusZ+/'Z8ZwCGAZ\\nkcZI}xZ1 ZxOEZ#ZY`nZ%%\"ZwNAZfPVZi_[ZgWW_ZJq}Z)(+Z|MLZYolZ#Z> Z%+Z)ZUedbZr@AHZ_onlZN|ZSfkZyO@Z.ZaYWZGwwtZrHHZ*Z#%$%Z]=(9Z_01)ZC 2#01' ,6Z&尪旓Z-_\\@EXZ0XFAK@XZk ZtsZv &Zl!8皕勋嚑奚攣Z9KHTQ[]ZdPVVZ(FxFZC+ZY@\\]Z8GVEDRZ?_JQ\\Zo_VVZ k~Z)))Z1ZcSTTZP|~z|yZ悧皋们砎歬圧变刿E\\盱皋俒披Z?Z# Z 价砕剽位朝敜朋.Z\"Zd  \0\rZ,JGGvi=>qlqeBj\n>\n\">\nG>\nbicq:=yycq=yycqM=s+qh&&,||qM&&q||q\n6>\nicqp=yycqz=yycq0=,&&q||,||,&&,\nicq ==q:q%\n icqk=yycqi=yycq8=,||,&&, ||,\n&&, \n\nVicq:=yy=MyycqM=\\ &&3||q:qhqM&&,||q\r\n Dicqh=yycq:=yycq=qM||,&&stypeof q&&q||\\ X4qh\n\rI>\n(icq,=yycqM=yycqh=\\||,&&=Mq:qh||,\n&&qM 7$yycq=yycqc=yycqr=,||,&&;qo/qr||,&&;q:>qc&&3||q\nP>\nicq?=yycq=yycq$=,||,&&,||,&&,\njicq=yycqP=yycq+=,||,&&,||,&&,\n%icqM=yycqh=yycq:=q,&&q||q|&&q||;q:-qh\n^>\nicq =yycq_=yycqG=,&&,||,&&3||,\n\nicqh=yycq:=yy=Mq:qhqM||,&&q\r||,&&\\\nWicq=;q+q'\neicq:=q\nais!q \n/icqN=yycq\\=yycq6=,&&3||, &&q||,!\nicqo=yycqQ=yycq=,\"||,&&;qM*q&&q||;qh+qQ\n\"varqK>qB\n\n?i=Myycqh=yycq:=ql&&q||\\#||,&&q:qh\nicqt=yycqM=yycqh=,$||,&&;q:*qh&&q||qM\nQ\"varq\"==q4 q)qgq2qq`q@q&qAq>q*q1B\nis!=>qyq7qvqq€B \n i=MMq4q%,,\nq`a=MMq4q%,,Mq4q&qv=MMq4q%,,3q7\n>\niyycq=||,&&cq€=,\niq€++\n\niyyyyyyy;,'==qy&&yycq7==MMq4q%,,(q`&&3||=MMq4q%,,\nq`;=MMq4q%,,(q`*q7&&,||yy;,)==qy&&ycq7==MMq4q%,,(q`||,&&=MMq4q%,,\nq`;=MMq4q%,,(q`^q7||,&&yyy;,*==qy&&yyycq7==MMq4q%,,(q`&&,||cqv==MMq4q%,,(q`||,&&<;s-,!==Mq2q+q7=MMq4q%,,\nq`s!,=MMq4q%,,\nq`sdelete Mq7qv||,\n&&;,,==qy&&cqg=Mq)qg++\nicMqq€=;;\\-+q€+\\.\n \n>\n\n> yyycq7==MMq4q%,,(q`||,&&ycqv==MMq4q%,,(q`||,&&Mq4q& \ryyyyyyyyyyyyyyyyyyyyyyyyyyyyy;,/==qy&&=MMq4q%,,\nq`Mq`;Mq`q0-,&&q||y;,1==qy&&yycq)==MMq4q%,,q)qg&&q||cqg=,||,&&;,\n==qy&&cMq`;Mq`q0-,+==Mq2q3;,4^Mq)qg++&&,||yy;,==qy&&cqA=Mq`;Mq`q0-,&&,||y;,==qy&&=MMq4q%,,\nq`||,&&;,5==qy&&yycq7==MMq4q%,,(q`&&q||=MMq4q%,,\nq`;=MMq4q%,,(q`%q7&&3||yy;,6==qy&&yyycq7==MMq4q%,,(q`&&q||cqv=Mq)qg++||,&&<;,==cq=Mq)qg++=MMq4q%,,\nq`MMMq2qv,q7=MMq4q%,,\nq`MMq2qvq||,7&&;,==qy&&=MMq4q%,,\nq`M=MMq4q%,,(q`=MMq4q%,,(q`&&,||yy;,8==qy&&=MMq4q%,,\nq`Mq`=MMq4q%,,(q`&&3||y;,9==qy&&yyycq7=Mq)qg++&&q||cqv==MMq4q%,,(q`||cqg=q7||,&&yyyyyyyyyyyyyyyyyy;,:==qy&&yyyyycq7==MMq4q%,,(q`||,\n&&ycqv=<q7=MMq4q%,,q`s-q7||,&&cMq`q0-=q7&&3||<=MMq4q%,,(q`=MMq4q%,,\nq`=MMq4q;q<=MMq4q%,,(q`=MMq4q%,,(q`qv=MMq4q%,,\nq`=MMq4q;q<=MMq4q%,,(q`MMq2,,qv&&q||yy;,===qy&&=MMq4q%,,\nq`stypeof =MMq4q%,,(q`&&,||yy;,>==qy&&yycq7==MMq4q%,,(q`&&,||=MMq4q%,,\nq`;=MMq4q%,,(q`+q7&&,||y;,?==qy&&yycq7==MMq4q%,,(q`&&,||=MMq4q%,,\nq`;=MMq4q%,,(q`==q7||,&&yyy;,@==qy&&yyycq7==MMq4q%,,(q`&&,||cqv=Mq)qg++||,&&<;,==cq=Mq)qg++=MMq4q%,,q`q7MMq2,,<=MMq4q%,,(q`MMMq2,,q7q=MMq4q%,,q`qMq2qv<=MMq4q%,,(q`MMq2qvqq||,(&&yy;,==qy&&cq&=s!,||,&&;,A==qy&&yyycq7==MMq4q%,,(q`&&3||ycqv==MMq4q%,,(q`&&3||=MMq4q%,,q`qvq7<=MMq4q%,,(q`Mq7qvq&&q||yy;,B==qy&&ycq7==MMq4q%,,(q`||,\n&&=MMq4q%,,\nq`cM=MMq4q%,,(q`=MMq4q%,,(q`=q7||,&&;,(==qy&&yycq7==MMq4q%,,(q`&&q||=MMq4q%,,\nq`;=MMq4q%,,(q`-q7&&,||yy;,C==qy&&ycq7==MMq4q%,,(q`||,&&=MMq4q%,,\nq`;=MMq4q%,,(q`/q7||,7&&yyyyyyyyyyyyyyyyyyy;,==qy&&=MMq4q%,,(q`&&q||yy;,D==qy&&cq=&&3||yy;,E==qy&&yyyyyycq7==MMq4q%,,(q`&&,||cqv==MMq4q%,,(q`||,(&&cq==MMq4q%,,(q`&&,||=MMq4q%,,\nq`qHB \n\n> ;qx\n icq/=qFqH\niqx++\nU=q4q)q7=MMq4q%,,q2q/q\nicMq/;qx+,\n=MMq/,qx\n iyyyycMq/q0=;q+,\n||,&&cqu=<;cqu=MMq/,q0>q7||,&&;,K==qy&&ycq7==MMq4q%,,(q`||,\n&&=MMq4q%,,\nq`;=MMq4q%,,(q`>q7&&,||y;,==qy&&=MMq4q%,,\nq`Mq)qg++||,\n&&;,L==qy&&=MMq4q%,,\nq`Mq=MMq4q%,,(q`&&,||yyyyyy;,7==qy&&=MMq4q%,,\nq=MMq4q%,,(q`||,\n&&;,M==qy&&ycq7==MMq4q%,,(q`||,&&<;,==cqv=Mq)qg++cMMMq2,,q7==MMq4q%,,(q`cMq`qv==MMq4q%,,(q`&&q||yy;,==qy&&yycq7==MMq4q%,,(q`&&q||=MMq4q%,,\nq`;=MMq4q%,,(q`&q7&&q||;,N==qy\n\r>\n\n>\n>\n>\n> y;q€\n> s!q&\n>\nUqA\niyyyyq2||cMq4q%=\ncMq4q%=\\UcMMq4q;Mq4q%=cMMq4qqqBqYqqB\nU<;,==q=MMMq4q%,MMq4q%,MMq4q%,\nqBqYqq<;,==q=MMMq4q%,MMq4q%,MMq4q%qqBqYq=MMMq4q%,MMq4q%,MMq4q%qqBqY||,&&ycq`=Mcq2=yq2||;Mq2q0-,||,7&&cqg=yqg||,ɵ,D,G,\n,5,\n,Z,\n,=,\n,[,7,G,\n,\\,\n,8,\n,],\n,^,\n,[,\n,_,7,G,\n,!,\n,8,\n,\\,\n,`,\n,=,\n,a,\n,b,\n,\\,7,G,\n,7,\n,c,\n,d,\n,c,\n,7,7,G,\n,e,\n, ,\n,a,\n,`,\n,[,7,G,\n,e,\n,=,\n,_,\n,a,\n,\\,\n,,7,1,,,f,,,,,,G,M,,G,6,,(,,,K,9,g,G,6,,(,,,,9,,,,G,@,,,,G,6,,,G,6,,\n,',G,6,,,5,B,,,,G,@,,(,,G,6,,(,,,,B,,,,G,@,,\n,,G,6,,\n,G,6,,\n,',G,6,,,5,B,,,,,G,6,,,,,,,(,,\n,,(,E,G,M,,,,d,G,6,,\n,G,6,,(,',G,6,,(,5,,,,,,,,,h,E,G,M,,,,i,G,6,,\n,G,6,,\n,',,,>,G,6,,(,5,,,,,,,,,j,E,G,M,7,,,k,G,6,,,,,G,6,,\n,G,6,,,G,6,,(,,\n,:,,,(,G,6,,\n,C,G,6,,,',G,6,,\n,5,,,,,,,,,l,E,G,M,B,,,L,6,,,,N,,7,C,,7,C,,7,C,,,),,,,,',,,',,,(,,G,M,I,G,6,,I,I,9,m,G,6,,B,,,G,6,,,,,:,G,M,J,,,n,G,6,,B,,,G,6,,,,,G,6,,7,,,,7,G,6,,I,>,,,:,G,6,,,,,:,,,:,,,C,,,),G,M,J,G,6,,B,,,G,6,,,,,:,G,M,1,G,6,,1,G,6,,J,?,I,9,n,,,G,@,,J,,,,G,@,,1,,7,>,B,B,,,,o,G,6,,\n,=,,,L,?,9,p,G,6,,\n,G,6,,J,C,,,(,,,,,q,G,6,,\n,=,,,L,?,/,9,r,,G,6,,\n,/,,(,L,J,,,,,,,,,,:,,\n,L,?,9,s,G,6,,\n,,,8,,G,M,(,G,6,,(,=,,,L,?,9,t,,,G,@,,(,,G,6,,(,,,,,:,B,,,,G,6,,\n,,,8,A,,*,,G,6,,(,,,,,u,,,v,,,,,,,w,E,,,,,q,G,6,,\n,,,,,,,,,x,E,,,,,J,,,,,E,,,\n icq%=yycqs=yycq#=,y&&,||,c&&3||ĕqhqMqqQqoqrqcqq]qOq-q8qiqkq+qPqq'qqq$qq?qGq_q q0qzqpq6q\\qNq{qnqCqIqZqSq#qs,z,!,{,|,,},~,[,,,€,, , ,,,,,‚,Z,,ƒ,„,…, ,,†,,,ƒ,„,…,,,€,,,‡,,,,,,ˆ,,‰,,,,Š,,‹,z, ,,,,Š,†,, , ,,,,,z,,,ƒ,„,,,,[,,},Œ,,,Ž, ,,,,Š,†,, , ,€,, , ,,,,‰,,ˆ,,ƒ,„,…, ,,†,,,ƒ,„,,,,[,,},Œ,†,,Ž,,€,,z,ˆ,„,,,,,,,‡,‚,,},ˆ,„,…,,,[,,,Š,,,,Š,,[,,ƒ,,,,{,[,,},Œ,,ˆ,,,€,,z,{, ,…,,,€,,z,ˆ,„,,,,,Z,,‡,‚,,},ˆ,„,,,,[,,,h,Ž,‘,,,Z,,,,[,,},Œ,‚,Z,,ƒ,,,,Š,,, , ,€,,’,,,h,,‰,,, ,{,[,“\n!T>\n\"M>\n#>\n$J>\n%Oicqo=yycqQ=yycq=qt&&q||;qM-q||,&&,\n&-icqh=q| '_9yycqh=;!==q:&&3||qh\n(icq:=yycq|=yycq:=,”||,&&q:||,&&,(\n)Uicqr=yycqo=yycqQ=q•||,&&\\–&&3||=MqQqo\n*#>\n+icq'=yycq=yycqP==q—q+&&,||;qM+qP&&q||\\˜\n,iicqM=yycqh=yycq:=||,&&,@&&q||q:qh\n-T>\n.Ciyyyyyyyyyyyyyyyyycq:=yycq|=yycq:=\\||,7&&q:||,&&\\||,&&cq|+=q:&&q||cq:=,||,\n&&cq|+=q:&&q||cq:=,||,&&cq|+=q:&&3||ycqM=yycqh=yycq:=q&&q||\\™||,&&q|&&3||ycq:=yycq|=yycq==Mq:qhqM&&q||q||,&&q|&&3||ycq|=yycqM=yycqh=\\0&&3||Mq:qh||,(&&qM&&,||cqM=yycqh=yycq:=q|||,&&,||,&&;q:>qh||,\n&&cq|=qM\n/hicqC=yycqn=yycq{=,||,&&,&&,||,[\n0S>\n16>\n2>\n3Y>\n4iyyyyyyyyyyycqM=yycqh=yycq:=ql&&q||\\0||,&&Mq:qh||,7&&ycqo=yycqQ=yycq=,&&,||;qM/q||,&&,||,&&ycq:=yycq=yycqr=;qQ^qo&&q||qr&&3||ql||,&&cq=yycqM=yycqh=\\0&&,||Mq:qh&&3||,&&q||cq:=yycq9=yycqQ=;qM-q&&q||qQ&&q||ql||,&&cq=yycqM=yycqh=q||,7&&ql&&3||q9&&q||ycqQ=MqMq&&,||cMq:qh=qQ\n5=icqo=yycqQ=yycq=,||,&&,&&q||,Ž\n6> 7[KyycqM=yycqh=yycq:=qš||,&&\\›||,&&Mq:qh||,&&qM\n8^>\n9Y> :<8yycqQ=;qM>q||,&&qQ\n; icqM=yycqh=yycq:=>B\nicq=\\œ\nUq\n\"varq||,&&\\&&3||=Mq:qh <]>yycqM=yycqh=yycq:=qš||,&&\\›||,&&Mq:qh||,&&qM\n=Hicq=yycqc=yycqr=,‰||,&&,z&&q||,\n>0iyycqM=yycqh=yycq:=q\r&&q||\\&&q||\\ž||,&&=Mq:qhqM\n?J>\n@`icq8=yycq-=yycqO=,$&&3||,a||,&&;qO*q-\nA\\iyyyyyyyycqM=yycqh=yycq:=ql&&3||\\Ÿ||,&&ql&&q||cqo=yycqQ=yycq=\\0||,&&MqMq&&,||,||,7&&cq=yycqc=yycqr=;qQ/qo||,&&,&&q||;qr^qc&&q||cq]=,||,7&&=Mq:qhqq]\nB2>\nC2>\nDZicq:=yycq=yycqM=;q:==qh&&,||qM||,&&(\nE5icqM=yycqh=yycq:=>q\nB7\n6>\n3I /;, ===qw\n3I\n \"varqj>q^B yycq5=yycqJ=yycqf=stypeof q^||,(&&\\||,7&&;qf!==qJ||,&&q5\n>\n\ricqf=q^\n>\n>\n \"varqfqJq5q qm\n>\n icqf=q(\n\n>\n > yycq5=yycqJ=yycqf=q^||,&&\\¡||,&&;qf===qJ||,&&q5\n\rUqf\nUqm\n\nUqf\niyyycq5=yycqJ=yycqf=qL&&q||q^||,&&,&&,||ycq =MqJq5&&q||cqm=Mqfq \n,icq¢=MqXq\n$iyyyyyycq\r=yycq\n=yycq\r=q[&&3||q\r&&,||q£&&3||cq =yycq.=yycq;=\\¤&&q||q\n||,&&=q¥q.||,\n&&cqD==Mq\rq;q &&q||cq\n=qD\n 7> \n#(;,¦===qw\n 7>\n %\"varqUqFq!qqq~qLq\rq(q}qaqq[q;q.q qD\n\r.>\n\r>\n\r> ;q 'yycqa==qjMq¢,&&3||y;=Mq¢q§s-,===,&&;Mq¢q0===,(\niq++  y;=Mq¢q§s-,===,&&;Mq¢q0===,\n\niyyycq\r=q}||,&&ycq;=qa||,7&&Mq\rq;\n \"varqX\n!\"varq,\n\"qq\nicMq<q++=q\n#icq}==qjMq¢,\n$0\"varq\n%2iyyyycq(=yycq\r=yycqL=yyyyyyyyycqU=r&&,||cqF=qU||,&&ycq!=\\š||,&&cqq=qš&&q||cq~=cMqFq!=qq||,&&qU&&q||\\H||,7&&q\r||,&&cq\r=\\H&&q||cq[=q\r\n&3I\n'iyycq.=yycq;=yycq\r=q}&&q||qa&&,||Mq\rq;&&,||cq(=q. ();,¨===qw\n)icq}==qjMq¢,\n*\"\"varqE,\n+iqE++\n,iyyyycq.=yycq;=yycq\r=q2&&3||\\3&&,||q¢||,&&cq ==Mq\rq;q.&&3||cq[+=q \n-5\"varqwq\n.3I /3;,©===qw\n0\"varq<\n1icMqLqa=q}\n2 \"varq\n3+>\n4-iyycq.=yycq;=yycq\r=q¢||,&&,||,&&Mq\rq;||,&&cq=q. 5\n;,ª===qw\n6\n7>||,&&,}&&3||,\nFicqM=yycqh=yycq:=q||,&&q&&3||,«\nGicqM=yycqh=yycq:=q\r||,&&\\||,&&\\¬\nH icq-=yycqO=yycq]=,||,&&,Š&&q||,†\nI*>\nJR>\nKiyycqM=yycqh=yycq:=q\r||,&&\\||,&&\\ž||,&&=Mq:qhqM\nLicq:=yycq,=yycqM=Mq:qh&&,||qM&&,||q,\nMicqh=yycq:=yycq=||,7&&q•||,&&aq:\nNS> OgAyycqr=;qQ===qo||,&&qr\nPE>\nQ,\"var5q:qhqMq,q|qtqqQqoqrqcqq]qqqq9qqqOq-q8qiqkq+qPqq'qqq$qq?qGq_q q0qzqpq6q\\qNq{qnqCqIqZqSq#qsq%q \nR'icq:=,­\nSd>\nT >\nU@icq]=yycq=yycqc=;q-qr&&,||,®||,7&&;qc+q\nV)icq=yycqM=yycqh=\\&&q||\\¯&&,||,°\nWi=Mq:qhq\nX\">\nY\r>\nZficq|=q:\n[1iyycq:=\\ž&&q||=q›q:\n\\c>\n]Niyycq:=\\ž||,\n&&=q›q:\n^F>\n_3iyyyyycqM=yycqh=yycq:=q±&&,||\\²||,7&&Mq:qh&&,||ycqo=yycqQ=yycq=,&&q||MqMq&&,||,&&3||ycqr=MqQqo&&,||ycqc=,&&q||Mqrqc\n`+icq+=yycqk=yycqi=,a&&q||;q8*qi&&3||;q]/qk\na\nb:icq=yycqM=yycqh=,&&3||;q:/qh||,&&q\nc;>\ndiyycqM=yycqh=yycq:=q||,&&,&&q||;q:*qh||,&&cq=qM e&!yycqh=q:&&,||qh f.Byycq:=q&&,||q:\ngc>\nh icqS=yycqZ=yycqI=,&&3||,||,&&,Š\niLicqh=yycq:=yycq,=qM&&3||q,&&,||,\njicq=yycq=yycq'=,&&q||,‚&&q||,ZE")); 337 | 338 | 339 | jsvmp 的弊端: 340 | 341 | 1. 速度慢,核心算法存储数量有限 342 | 2. 安全性上限低 (它难度下限非常非常高,但是上限非常非常低,因为安全性上升性能指数级下降) 343 | 3. 容易插桩 / 猜测 344 | 345 | jsvmp 的优势 346 | 347 | 1. 安全性下限高 348 | 2. 可以搭配其他安全措施使用,只加固核心检测点 349 | 3. 难以还原 350 | 351 | 352 | -------------------------------------------------------------------------------- /jsvmp原理/jvsmp_demo.js: -------------------------------------------------------------------------------- 1 | /* 我们假设赋值指令为 66, 加和指令为 88,声明指令为 110(爱取什么名字取什么名字) 2 | 如果按照从上到下的顺序,我们就可以将他们的操作变成指令性的[用|分割左侧和右侧]*/ 3 | !function (_stack) { 4 | // 寄存器 5 | var register; 6 | // 存放全局变量 variable->windows 7 | var variable = {}; 8 | for (let i = 0; i < _stack.length; i++) { 9 | instruct = _stack[i][0]; 10 | left = _stack[i][1]; 11 | right = _stack[i][2]; 12 | if (instruct === 110) { 13 | variable[right] = '' 14 | } 15 | if (instruct === 66) { 16 | if (right === '?') { 17 | variable[left] = register 18 | } else { 19 | variable[left] = right 20 | } 21 | } 22 | if (instruct === 88) { 23 | register = variable[left] + variable[right] 24 | } 25 | } 26 | ;console.log(variable) 27 | ;console.log(register) 28 | }([[110, 'var', 'a'], [66, 'a', 1000], [110, 'var', 'b'], [66, 'b', 1000], [110, 'var', 'c'], [66, 'c', 1000], [110, 'var', 'd'], [88, 'a', 'b'], [66, 'd', '?'], [110, 'var', 'e'], [88, 'd', 'c'], [66, 'e', '?']]) 29 | 30 | 'a'['charCodeAt']() -------------------------------------------------------------------------------- /jsvmp实战/demo.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | import requests 3 | 4 | headers = { 5 | 'authority': 'www.python-spider.com', 6 | 'accept': '*/*', 7 | 'accept-language': 'zh-CN,zh;q=0.9', 8 | 'cache-control': 'no-cache', 9 | 'content-type': 'text/plain;charset=UTF-8', 10 | 'cookie': 'yrx-13=A6d5nyu2jxPLaG8rrKM41Nz0MNB0LHsO1QD_gnkUwzZdaMmOgfwLXuXQj9OK; Hm_lvt_337e99a01a907a08d00bed4a1a52e35d=1699605433,1699845034,1699864141,1699943589; sessionid=6i4hy81316n89pcged3hrgcz266n38z1; Hm_lpvt_337e99a01a907a08d00bed4a1a52e35d=1699943601', 11 | 'origin': 'https://www.python-spider.com', 12 | 'pragma': 'no-cache', 13 | 'referer': 'https://www.python-spider.com/challenge/new/jss?nm=15', 14 | 'sec-ch-ua': '"Google Chrome";v="119", "Chromium";v="119", "Not?A_Brand";v="24"', 15 | 'sec-ch-ua-mobile': '?0', 16 | 'sec-ch-ua-platform': '"macOS"', 17 | 'sec-fetch-dest': 'empty', 18 | 'sec-fetch-mode': 'cors', 19 | 'sec-fetch-site': 'same-origin', 20 | 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36', 21 | 'yrx-15-jsvmp': '861871127.96b2fdce53be66bfc1bb0675520557b868c8f59cb5df9c9581ef6f7fb8633a04.1699943854648', 22 | } 23 | 24 | params = ( 25 | ('yrx15', '8ebba084e45a1638b24f9fa21294a96d'), 26 | ) 27 | 28 | data = '\u4F60\u662F\u5149\uFF0C\u4F60\u662F\u7535\uFF0C\u4F60\u662F\u552F\u4E00\u7684\u795E\u8BDD'.encode('utf-8') 29 | response = requests.post('https://www.python-spider.com/challenge/api/user', headers=headers, params=params, data=data) 30 | 31 | print(response.text) 32 | 33 | 34 | 35 | -------------------------------------------------------------------------------- /jsvmp实战/jss-nm15.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 7 | 8 | 9 | Document 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 37 | 38 | 51 | -------------------------------------------------------------------------------- /jsvmp实战/jsvmp补环境实战.txt: -------------------------------------------------------------------------------- 1 | 2 | 3 | https://www.python-spider.com/challenge/new/jss?nm=15 4 | 5 | 6 | 这节课弄两个东西 7 | 一个是 yrx15=274e27e504107ffec63539e136dd950d 8 | 第二是 Yrx-15-Jsvmp:470516302.05abd2d479032a93b8555b09260fd99b5216e6b3b12232423f47334768d5ebaa.1690458469099 9 | 10 | 11 | 12 | 13 | 14 | 目标:先hook住 浏览器的时间,和随机数 15 | 让本地的node js 执行结果与浏览器一致。就算成功 16 | 17 | https://www.python-spider.com/challenge/api/user?yrx15=10bdfc24fd501e39b6bbda36341b61ac 18 | Yrx-15-Jsvmp: 470516302.a50b5d950418ebcd276fba710363926c45bcb114157d6e7efa8619e4c5ddd9d7.1690435186814 19 | 20 | 21 | Date.prototype.getTime = function(){ 22 | return 1690435186814 23 | }; 24 | Math.random = function (){ 25 | return 0.22283564695768754 26 | } 27 | 28 | MAC OS 29 | charles mapping 30 | 31 | 32 | jsvmp 补环境 33 | 34 | 1. 找准插桩位置 35 | a. 重复执行(多次,很多次,几千,几万,十几万) 36 | b. 信息充足(以,有明文,有关键操作,有返回值为准) 37 | c. 插桩位置,出现了密文,要逆向的内容以及关键计算步骤 38 | 39 | 2. 根据插桩信息,【推测】代码执行流程,补充缺失环境 40 | 41 | 3. 浏览器本地联调,文本相似度对比 42 | 43 | 44 | 总结: 45 | 补环境: 46 | jsvmp 核心: 插桩,对比 47 | 48 | 49 | jsvmp算法流: 50 | 基于插桩: 51 | 指令中跟计算相关的操作,然后再去补充插桩,进行组合。就是算法还原 52 | 53 | 100 --- 10000 54 | 55 | 乘以指令/平方指令 56 | 57 | 平方指令 --- 100 58 | 乘以指令 --- 100, 100 59 | 60 | 下一个桩会出现 10000 61 | 62 | 加和指令 ---- 10000, 50 63 | 64 | 下一个桩会出现 10050 65 | 66 | 67 | 68 | 69 | 环境代码: 70 | window = global; 71 | 72 | Error = function (){}; 73 | 74 | 75 | Error.prototype.stack = 'Error\n at eval (eval at onRequest (https://www.python-spider.com/challenge/new/jss?nm=15:2:148216), :1:2)\n at onRequest (https://www.python-spider.com/challenge/new/jss?nm=15:52:148216)\n at yrx_i (https://www.python-spider.com/challenge/new/jss?nm=15:52:85760)' 76 | 77 | 78 | navigator = { 79 | webdriver: false, 80 | languages: ['zh-CN'], 81 | 82 | userAgent: 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36', 83 | plugins: [ 84 | { 85 | name: 'PDF Viewer', 86 | description:"Portable Document Format", 87 | length: 2, 88 | "0": { 89 | type: 'application/pdf', 90 | suffixes: 'pdf', 91 | }, 92 | "1": { 93 | type: 'text/pdf', 94 | suffixes: 'pdf', 95 | } 96 | }, { 97 | name: 'Chrome PDF Viewer', 98 | description:"Portable Document Format", 99 | length: 2, 100 | "0": { 101 | type: 'application/pdf', 102 | suffixes: 'pdf', 103 | }, 104 | "1": { 105 | type: 'text/pdf', 106 | suffixes: 'pdf', 107 | }, 108 | }, { 109 | name: 'Chromium PDF Viewer', 110 | description:"Portable Document Format", 111 | length: 2, 112 | "0": { 113 | type: 'application/pdf', 114 | suffixes: 'pdf', 115 | }, 116 | "1": { 117 | type: 'text/pdf', 118 | suffixes: 'pdf', 119 | }, 120 | }, { 121 | name: 'Microsoft Edge PDF Viewer', 122 | description:"Portable Document Format", 123 | length: 2, 124 | "0": { 125 | type: 'application/pdf', 126 | suffixes: 'pdf', 127 | }, 128 | "1": { 129 | type: 'text/pdf', 130 | suffixes: 'pdf', 131 | }, 132 | 133 | }, { 134 | name: 'WebKit built-in PDF', 135 | description:"Portable Document Format", 136 | length: 2, 137 | "0": { 138 | type: 'application/pdf', 139 | suffixes: 'pdf', 140 | }, 141 | "1": { 142 | type: 'text/pdf', 143 | suffixes: 'pdf', 144 | } 145 | }], 146 | 147 | } 148 | document = { 149 | cookie: 'Hm_lvt_337e99a01a907a08d00bed4a1a52e35d=1690457397; sessionid=itefu56ekeiprd33z7qeyeyk3xand1e2; Hm_lpvt_337e99a01a907a08d00bed4a1a52e35d=1690457411' 150 | } 151 | screen = { 152 | height: 1080, 153 | width: 1920, 154 | colorDepth: 24, 155 | } 156 | class localStorageMock { 157 | constructor() { 158 | this.store = {}; 159 | }; 160 | getItem(key) { 161 | return this.store[key] || null; 162 | }; 163 | setItem(key, value) { 164 | this.store[key] = value.toString(); 165 | }; 166 | removeItem(key) { 167 | delete this.store[key]; 168 | }; 169 | clear() { 170 | this.store = {}; 171 | }; 172 | } 173 | window.localStorage = new localStorageMock() 174 | window.sessionStorage = new localStorageMock() 175 | 176 | XMLHttpRequest = function (){} 177 | XMLHttpRequest.prototype.send = function (){} 178 | XMLHttpRequest.prototype.open = function (){} 179 | XMLHttpRequest.prototype.setRequestHeader = function (){} 180 | 181 | try { 182 | 183 | 184 | debugger; 185 | 186 | Date.prototype.getTime = function(){ 187 | return 1690435186814 188 | }; 189 | Math.random = function (){ 190 | return 0.22283564695768754 191 | } 192 | 193 | ;;;; 194 | 195 | 196 | -------------------------------------------------------------------------------- /webpack与axios/dist_5/main.js.LICENSE.txt: -------------------------------------------------------------------------------- 1 | /** @preserve 2 | * Counter block mode compatible with Dr Brian Gladman fileenc.c 3 | * derived from CryptoJS.mode.CTR 4 | * Jan Hruby jhruby.web@gmail.com 5 | */ 6 | 7 | /** @preserve 8 | (c) 2012 by Cédric Mesnil. All rights reserved. 9 | 10 | Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 11 | 12 | - Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 13 | - Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 14 | 15 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 16 | */ 17 | -------------------------------------------------------------------------------- /webpack与axios/webpack与axios.txt: -------------------------------------------------------------------------------- 1 | 2 | 3 | 这节课也比较简单 4 | 5 | 主要是讲 webpack抠法和 axios这个库抠的注意事项 6 | 7 | webpack 实际上做了什么事情呢 8 | 9 | 以加载器为核心, 以加载器调用某一个模块为入口 (r(10)), 分模块打包,最终返回 n.exports,进行调用的一种打包工具 10 | PS1: 加载器 11 | function r(i) { 12 | if (e[i]) 13 | return e[i].exports; 14 | var n = e[i] = { 15 | i: i, 16 | l: !1, 17 | exports: {} 18 | }; 19 | return t[i].call(n.exports, n, n.exports, r), 20 | n.l = !0, 21 | n.exports 22 | } 23 | PS2: 模块 24 | webpack 的自执行函数里面,传入的参数 25 | 这个参数,可以是数组,可以是对象 26 | 27 | PS3: 加载器的参数返回值是什么? 28 | 29 | window.result = window.result + '"' + i + '":' + t[i]+'' + ',' 30 | 从代码执行到函数入口开始 --r(12)-->r(0)--xxxxx--暂时在函数执行入口处下断--> 代码拿到秘文结束 --r(1)--r(2)-- 31 | 暂时下断可能导致部分模块没有加载到,这时候需要向前下一个断点,在进行测试,直到模块不缺失并且能运行即可 32 | 33 | 34 | 35 | 最重要的一点: 36 | 注意:webpack是一种打包工具,可以勉强理解为是一种壳。所以,webpack本身并不会影响到任何的混淆 37 | 38 | 所以,webpack + 检测 + 混淆 是一种非常常见的组合手段 39 | 40 | 我们之前讲过了 55题的打包原理,其实webpack的打包原理跟 55题非常像。接下来我用 三个版本的webpack去讲述webpack的打包原理 41 | 42 | 43 | 我不讲什么webpack自动化抠代码程序。我讲自动抠代码的原理 44 | 45 | 至于什么自动化抠代码成品,就是在原理上进行封装。封装你们自己去包装。是exe也好,插件也好,油猴脚本也好随便 46 | 47 | 48 | 自动扣的弊端 49 | 1、webpack 知识打包工具, 环境监测,浏览器指纹等各种信息收集都需要自己处理 50 | 2、投毒不易被发现 51 | 3、如果有反扒,他只是缩减了需要处理的内容,但是还是需要额外处理 52 | 53 | 54 | axios 是一个非常出名的框架,除了jquery(10%),剩下的要有 89%是它 55 | https://unpkg.com/axios/dist/axios.min.js 56 | 57 | const service = axios.create({ 58 | baseURL: 'https://www.python-spider.com/api/combat?page=1&count=10', 59 | timeout: 5000, 60 | responseType: "json", 61 | withCredentials: true, 62 | headers: { 63 | "Content-Type": "application/json;charset=utf-8", 64 | } 65 | }) 66 | service.interceptors.request.use( 67 | config => { 68 | if(config.method === "post") { 69 | } else { 70 | if (store.getters.token) { 71 | config.headers['X-Token'] = 'anlan:1698751:wq2s313sdre3' 72 | } 73 | } 74 | return config; 75 | }, 76 | error => { 77 | Message({ 78 | showClose: true, 79 | message: error, 80 | type: "warning" 81 | }); 82 | return Promise.reject(error); 83 | } 84 | ) 85 | 86 | 87 | 这节课代码比较多,所以打了个压缩包上传到CDN了: 88 | 89 | https://download.python-spider.com/10%E8%AF%BE%E4%BB%B6.zip 90 | -------------------------------------------------------------------------------- /初识js-Hook/hook.txt: -------------------------------------------------------------------------------- 1 | // arguments 类数组 特性,不是数组,只有一部分数组的特性,其余很多属性没有 2 | _eval = eval; 3 | eval= function(){ 4 | // [xxxx].indexOf('xxxx') 判断[]数组中是否包含 'xxxx' 的值相等,相等返回0,不等返回-1 5 | if ([arguments[0]].indexOf('debugger')) 6 | return _eval(arguments[0]) 7 | } 8 | 9 | 10 | // 此处要接触 原型链 知识, __proto__ 相当于父(上级),prototype 相当于兄(同级), a = new Date() 相当于 a继承Date(a是Date儿子), 11 | // 当 new Date() 函数变更,无需在new 一个对象, a 跟着变更,相当于浅拷贝 12 | _appendChild = Node.prototype.appendChild 13 | Node.prototype.appendChild = function(){ 14 | if (arguments[0].innerHTML && arguments[0].innerHTML.indexOf('debugger') != -1){ 15 | arguments[0].innerHTML = '' 16 | } 17 | return _appendChild.apply(this, arguments) 18 | } 19 | 20 | // 学过原型链的大家应该都清楚了 21 | 已知: 22 | 1. Function.constructor = Function 23 | 2. 所有的函数定义,实际上都是 new Function 24 | 3. 也就是说,函数实际上是 Function 的实例化对象 25 | 4. 那么函数的constructor,实际上就是 Function.prototype.constructor 26 | 5. 所以 Function.prototype.constructor = Function 27 | 6. 所以只要修改 Function.prototype.constructor,就可以实现 hook 自定义函数的constructor 目的 28 | 29 | 所以应该这样写: 30 | _Function = Function 31 | Function.prototype.constructor = function(){ 32 | if (arguments[0].indexOf('debugger') != -1){ 33 | return _Function('') 34 | } 35 | return _Function(arguments[0]) 36 | } -------------------------------------------------------------------------------- /初识js-Hook/第54题.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | import requests 3 | from encryption_decryption_function import str_to_bs64 4 | 5 | """ 6 | 目标:采集100页的全部数字,并计算所有数据加和! 本题js加密为入门难度。当做新手训练。无限debugger难度较高,可以用于无限debugger训练 7 | 8 | """ 9 | 10 | 11 | def debugger_summation(page: int): 12 | global number 13 | headers = { 14 | 'authority': 'www.python-spider.com', 15 | 'accept': 'application/json, text/javascript, */*; q=0.01', 16 | 'accept-language': 'zh-CN,zh;q=0.9', 17 | 'cache-control': 'no-cache', 18 | 'content-type': 'application/x-www-form-urlencoded; charset=UTF-8', 19 | 'cookie': 'Hm_lvt_337e99a01a907a08d00bed4a1a52e35d=1698653592,1698737339; no-alert=true; sessionid=lbg6f27etlfi4cz30ndqd5gdtiwqbmxx; Hm_lpvt_337e99a01a907a08d00bed4a1a52e35d=1698742166', 20 | 'origin': 'https://www.python-spider.com', 21 | 'pragma': 'no-cache', 22 | 'referer': 'https://www.python-spider.com/challenge/54', 23 | 'sec-ch-ua': '"Chromium";v="118", "Google Chrome";v="118", "Not=A?Brand";v="99"', 24 | 'sec-ch-ua-mobile': '?0', 25 | 'sec-ch-ua-platform': '"macOS"', 26 | 'sec-fetch-dest': 'empty', 27 | 'sec-fetch-mode': 'cors', 28 | 'sec-fetch-site': 'same-origin', 29 | 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36', 30 | 'x-requested-with': 'XMLHttpRequest', 31 | } 32 | data = { 33 | 'page': str(page), 34 | 'token': str_to_bs64(str(page)) 35 | } 36 | response = requests.post('https://www.python-spider.com/api/challenge54', headers=headers, data=data) 37 | data_dict = response.json() 38 | for data in data_dict['data']: 39 | number += int(data['value']) 40 | 41 | 42 | if __name__ == '__main__': 43 | number = 0 44 | for i in range(100): 45 | page = i + 1 46 | debugger_summation(page) 47 | print(number) 48 | -------------------------------------------------------------------------------- /抠代码和补环境/js11的抠代码.js: -------------------------------------------------------------------------------- 1 | // 作业 抠出来 https://www.python-spider.com/challenge/new/js11?token=open 2 | 3 | // 函数入口 4 | var yrx_o = yrx_$[yrx_n(1300)](), 5 | yrx_C = yrx_s()[yrx_r(1372)](yrx_pt[yrx_r(417)](yrx_$[yrx_n(321)]), yrx_$[yrx_r(1361)]()), 6 | yrx__ = yrx_W[yrx_n(1303)](yrx_C), yrx_v = { 7 | yrx_o: yrx_$[yrx_r(321)][yrx_r(300)], 8 | yrx_c: yrx_$[yrx_n(321)][yrx_n(377)], 9 | yrx_n: yrx_c[yrx_r(250)], 10 | yrx_w: yrx_$[yrx_r(1391)], 11 | yrx_b: yrx_$[yrx_n(1352)], 12 | yrx_a: yrx__ + yrx_o 13 | }; 14 | 15 | ycf = { 16 | gt: "e52c06c937981b90b275d0aff1d40076", 17 | challenge: "8531a133b0134dfdccf09111b4ffa7aa", 18 | offline: false, 19 | new_captcha: true, 20 | product: "float", 21 | width: "300px", 22 | https: true, 23 | api_server: "www.python-spider.com", 24 | protocol: "https://", 25 | type: "fullpage", 26 | static_servers: ["www.python-spider.com/static"], 27 | aspect_radio: {slide: 103, click: 128, voice: 128, beeline: 50}, 28 | cc: 12, 29 | ww: true, 30 | i: "6126!!10304!!CSS1Compat!!1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!2!!3!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!-1!!1!!-1!!-1!!-1!!214!!40!!0!!0!!1524!!250!!1540!!881!!zh-CN!!zh-CN,zh!!-1!!1!!24!!Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36!!1!!1!!1920!!1080!!1920!!1040!!1!!1!!1!!-1!!Win32!!0!!-8!!adfdf7e1f6a89f8cddbc861fe983114b!!0!!internal-pdf-viewer,internal-pdf-viewer,internal-pdf-viewer,internal-pdf-viewer,internal-pdf-viewer!!0!!-1!!0!!12!!Arial,ArialBlack,ArialNarrow,BookAntiqua,BookmanOldStyle,Calibri,Cambria,CambriaMath,Century,CenturyGothic,CenturySchoolbook,ComicSansMS,Consolas,Courier,CourierNew,Garamond,Georgia,Helvetica,Impact,LucidaBright,LucidaCalligraphy,LucidaConsole,LucidaFax,LucidaHandwriting,LucidaSans,LucidaSansTypewriter,LucidaSansUnicode,MicrosoftSansSerif,MonotypeCorsiva,MSGothic,MSPGothic,MSReferenceSansSerif,MSSansSerif,MSSerif,PalatinoLinotype,SegoePrint,SegoeScript,SegoeUI,SegoeUILight,SegoeUISemibold,SegoeUISymbol,Tahoma,Times,TimesNewRoman,TrebuchetMS,Verdana,Wingdings,Wingdings2,Wingdings3!!1685345002063!!-1!!-1!!-1!!12!!-1!!-1!!-1!!6!!-1" 31 | }; -------------------------------------------------------------------------------- /抠代码和补环境/扣代码之方法暴露全局.txt: -------------------------------------------------------------------------------- 1 | Success 2 | // 断点不见了 按 control + shift + r 3 | 这节课是抠代码和补环境的衔接课程。所以课程中可能会用到一些补环境的思想。 4 | 其实抠代码有时候是要适当的补一些环境的。 5 | 6 | 为了避免翻车浪费大家时间,我把思路流程写成文档了,主打的就是稳健! 7 | 8 | 首先:新手做法(经验不足) 9 | 10 | 1. 首先第一步 确定函数入口。 由于它是一个 XHR请求,所以直接下 XHR断点,确定一下位置 11 | 2. 确定位置:xhr.send(this.$_FIH.src.slice(151).split('&callback')[0]) 12 | 3. this.$_FIH.src.slice(151).split('&callback')[0] 就是参数位置。但是这里不是函数入口,因为不知道哪里来的。需要往前找 13 | 4. 那么首先必须确定 this 是什么。 { 14 | 拓展 1: this 指向了哪里? 15 | 拓展 2: 确定原因后,如何进行定位 16 | 拓展 3: 如何改变一个函数执行的this指向 17 | } 18 | 5. 向上找一层堆栈,定位至 -----> new yrx_lt(yrx_Z) 19 | 6. 找前文,【谁调它】,找到 src: yrx_r,即 yrx_r 为生成的密文。下断 20 | 7. 【这个时候就要开始思考了】yrx_r变量到底是哪来的 { 21 | 方案 1: 向上硬读 22 | 方案 2: 借助IDE 23 | 方案 3: 看Scope找线索 24 | } 25 | 8. 定位到 1443行 var yrx_i = yrx_t.$_Ds()[0][14]; 第一个参数 { 26 | 选择 1: 断点打到函数第一行,即 var yrx_i = yrx_t.$_Ds()[0][14]; 27 | 选择 2: 直接看上一层堆栈 28 | } 29 | 9. 断点打到 1443行 var yrx_i = yrx_t.$_Ds()[0][14] ,下断,向上一层看堆栈 定位 yrx_a 30 | 10. 重复第七步,定位到 1256行 ,下断,向上看一层堆栈 31 | 11. 定位到 1275行 yrx_e 是我们要找的对象。重复第七步 32 | 12. 定位到 1249行 var yrx_C = yrx_t.$_Ds()[0][14]; 第六个传入参数就是,向上一层看堆栈 33 | 13. 定位到 1210行 yrx_i 重复第七步 34 | 14. 定位到 1193行 var yrx_$ = yrx_t.$_CG, yrx_c = ["$_FIAV"].concat(yrx_$), yrx_s = yrx_c[1]; 下断 35 | 15. yrx_i 就是,第三个传入的参数。 向上一层看堆栈 36 | 16. yrx_c 就是,重复第七步(这步稍微有点长,得多向上看,咳咳,JS基础很重要嗷) 37 | 17. 定位到1149行 var yrx_s = yrx_t.$_Ds()[0][14]; yrx_c就是,传入的第三个参数,向上看一层堆栈 38 | 18. yrx_v 就是,重复第七步,定位到 5350行 39 | 19. 函数入口基本确定: yrx_W[yrx_n(1303)](yrx_C) + yrx_$[yrx_n(1300)]() 40 | 41 | 那么:逆向经验比较充足的人: 42 | XHR断点。向上找 15层堆栈。直接定位(每一层堆栈都看一下 Scope) 43 | 44 | 45 | 接下来,我们尝试抠代码(其实用到了一定的补环境思路) 46 | 47 | 在讲之前,我再稍微聊一下闭包的事儿(不深入,想深入看基础课) 48 | 49 | 50 | function a(b){ 51 | return (function(){ 52 | return (function(a, b, c){ 53 | function d(){ 54 | return c + 6000; // 假装返回的是我们需要的关键密文 55 | } 56 | function e(){ 57 | } 58 | console.log(d()) 59 | document.createElement('canvas') // 假装进行样式渲染以及业务代码等不重要内容 60 | })(100, 1000, 10000) 61 | })(1, 2, 3) 62 | } 63 | a() 64 | 65 | 我们可以对它进行一定的改造,把闭包的 d函数突到全局使用 66 | 67 | function a(b){ 68 | return (function(){ 69 | return (function(a, b, c){ 70 | function d(){ 71 | return c + 6000; // 假装返回的是我们需要的关键密文 72 | } 73 | function e(){ 74 | } 75 | window.yrx = d; 76 | document.createElement('canvas') // 假装进行样式渲染以及业务代码等不重要内容 77 | [0][1][2]; 78 | })(100, 1000, 10000) 79 | })(1, 2, 3) 80 | } 81 | a() 82 | 83 | 使用这个技巧是有严格限制条件的 84 | 85 | 代码控制流必须走到全局变量吐出位置 即 window.yrx = d; (后面的就算报错也可以完全不管,不影响。 但是之前报错不行) 86 | 87 | PS:如果吐出位置之前有环境检测等各种检测的话,也没有办法绕过。它只是一种改变变量令其全局吐出的方法而已 88 | 89 | 90 | 那么,现在,我们已经懂了这基础知识。我们开始操作上面的代码了 91 | 92 | 为了让我们方便一些,我们使用 node --inspect-brk 去调试 node.js 93 | inspect我在基础课讲过了,这里再强调一次。 inspect是一个能够利用chrome浏览器调试 node.js 的工具。在node.js环境下,就可以进行舒服的调试。 94 | 95 | 当然了,这个工具在打断点等这种方面,多少还是有一些弊端的。比如断点丢失之类的。也是没有办法的事情,不过不影响我们整体的调试。 96 | 97 | 1. 首先,我们必须要稍微读一下js代码(不用细致的去读),看一下这些代码是否满足我们的条件,如果不满足的话。我们就得稍微处理一下,让它满足 98 | 注意满足条件:让代码控制流走到我们要的位置相关函数就行,不用完全走完整个流程 99 | 2. 该处理处理,该写死写死,该截断截断 100 | 101 | 102 | 103 | 抠代码结业考试: 104 | 把 yrx_W[yrx_n(1303)](yrx_C) + yrx_$[yrx_n(1300)]() 抠出来(不是用我的方式吐出来,而是~抠~出来) -------------------------------------------------------------------------------- /抠代码和补环境/第55题/55题解题代码.py: -------------------------------------------------------------------------------- 1 | import requests 2 | import json 3 | import base64 4 | from Crypto.Cipher import AES 5 | 6 | 7 | def get_response(page): 8 | headers = { 9 | 'authority': 'www.python-spider.com', 10 | 'accept': 'application/json, text/javascript, */*; q=0.01', 11 | 'accept-language': 'zh-CN,zh;q=0.9', 12 | 'content-type': 'application/x-www-form-urlencoded; charset=UTF-8', 13 | 'cookie': 'Hm_lvt_337e99a01a907a08d00bed4a1a52e35d=1698391348,1698644393,1698812805,1699158090; sessionid=962dlukx2g7146qd07ts6z32owlgioh6; Hm_lpvt_337e99a01a907a08d00bed4a1a52e35d=1699159553', 14 | 'origin': 'https://www.python-spider.com', 15 | 'referer': 'https://www.python-spider.com/challenge/55', 16 | 'sec-ch-ua': '^\\^Google', 17 | 'sec-ch-ua-mobile': '?0', 18 | 'sec-ch-ua-platform': '^\\^Windows^\\^', 19 | 'sec-fetch-dest': 'empty', 20 | 'sec-fetch-mode': 'cors', 21 | 'sec-fetch-site': 'same-origin', 22 | 'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36', 23 | 'x-requested-with': 'XMLHttpRequest', 24 | } 25 | data = { 26 | 'page': str(page) 27 | } 28 | response = requests.post('https://www.python-spider.com/api/challenge55', headers=headers, data=data) 29 | result = response.json()['result'] 30 | return result 31 | 32 | 33 | # 将原始的明文用空格填充到16字节 34 | def pad(data): 35 | pad_data = data 36 | for i in range(0, 16 - len(data)): 37 | pad_data = pad_data + ' ' 38 | return pad_data 39 | 40 | 41 | def AES_de(key, data, iv=None): 42 | # 解密过程逆着加密过程写 43 | # 将密文字符串重新编码成二进制形式 44 | data = data.encode("utf-8") 45 | # 将base64的编码解开 46 | data = base64.b64decode(data) 47 | # 创建解密对象 48 | AES_de_obj = AES.new(key.encode("utf-8"), AES.MODE_ECB) 49 | # 完成解密 50 | AES_de_str = AES_de_obj.decrypt(data) 51 | # 去掉补上的空格 52 | AES_de_str = AES_de_str.strip() 53 | # # 对明文解码 54 | AES_de_str = AES_de_str.decode("utf-8") 55 | return AES_de_str 56 | 57 | 58 | if __name__ == '__main__': 59 | num = 0 60 | key = 'aiding6666666666' 61 | for i in range(100): 62 | pages = i + 1 63 | print('pages:', pages) 64 | data = get_response(pages) 65 | res_str = AES_de(key, data) 66 | res_str = res_str.replace(res_str.split("}")[-1], '') 67 | res_dict = json.loads(res_str) 68 | for j in res_dict['data']: 69 | num += int(j['value']) 70 | print('num:', num) 71 | -------------------------------------------------------------------------------- /抠代码和补环境/第55题/node环境aes-ecb.js: -------------------------------------------------------------------------------- 1 | function decode(str){ 2 | var CryptoJS = require("crypto-js"); 3 | var KEY = 'aiding6666666666'; 4 | var key = CryptoJS.enc.Utf8.parse(KEY); 5 | var decrypted = CryptoJS.AES.decrypt(str, key, { 6 | // iv: iv, 7 | mode: CryptoJS.mode.ECB, 8 | padding: CryptoJS.pad.Pkcs7, 9 | }); 10 | return decrypted.toString(CryptoJS.enc.Utf8) 11 | } 12 | // var str_ = "2A4w0jqbUivhDV042Ka+VbfXmH65wRwPgKTNHCnEW2hkVTAx4LzvekaBzGEikZHeLblU4KdKeP2LI/nT/Z9vFfby5lg6jI336umLu6ofyFzsHihQ/lJDwCFl7yCY3RXxe6raQF061MqSao4eZ8RUQn6dnITrmFXK4gSCDTbTnrLjUueZnyozu3rmD/XvIYvjtDENnW+T3CjW3SecHQ4x3myB33JETq0coOwn0zgdP2kMqei6MDGpsXX1wp3XqLo05ysk+Pa+rzmgrWtauWcLC5UJxL6JIiP//40bKbOnHhwTcoFdoY+a6t6EGrUDWbQB7JFdJPOLT2RMYKdKz1fiQw==" 13 | var str_ = "2A4w0jqbUivhDV042Ka+VbfXmH65wRwPgKTNHCnEW2hkVTAx4LzvekaBzGEikZHe+htFTMrIDuMFCKUdERnynVJFarAHg4fufeYRZQTQtEclE3bYgT8P10ImYGVNtjiwDWTpI3SpH9RMDZwCL08F8oU3N+UgqLHPDwGQNT26nkK8/zX07Aaf4ZNk+x3xcOj67B4oUP5SQ8AhZe8gmN0V8T1a+JozDIKF3veiIWTEGfPk9ZKjUWuRU79X++2s0/BFWgTl68O56tMaNbENZAPcp7QxDZ1vk9wo1t0nnB0OMd5TFSBwYdKqCsrXOXPofnLDmlOrxpyfX6QI4HySxVeaqQ==\n"; 14 | console.log(decode(str_)); 15 | -------------------------------------------------------------------------------- /抠代码和补环境/第55题/硬抠AES-ECB代码.js: -------------------------------------------------------------------------------- 1 | var RCON = [0x00, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36]; 2 | // Lookup tables 3 | var SBOX = []; 4 | var INV_SBOX = []; 5 | var SUB_MIX_0 = []; 6 | var SUB_MIX_1 = []; 7 | var SUB_MIX_2 = []; 8 | var SUB_MIX_3 = []; 9 | var INV_SUB_MIX_0 = []; 10 | var INV_SUB_MIX_1 = []; 11 | var INV_SUB_MIX_2 = []; 12 | var INV_SUB_MIX_3 = []; 13 | (function () { 14 | // Compute double table 15 | var d = []; 16 | for (var i = 0; i < 256; i++) { 17 | if (i < 128) { 18 | d[i] = i << 1; 19 | } else { 20 | d[i] = (i << 1) ^ 0x11b; 21 | } 22 | } 23 | 24 | // Walk GF(2^8) 25 | var x = 0; 26 | var xi = 0; 27 | for (var i = 0; i < 256; i++) { 28 | // Compute sbox 29 | var sx = xi ^ (xi << 1) ^ (xi << 2) ^ (xi << 3) ^ (xi << 4); 30 | sx = (sx >>> 8) ^ (sx & 0xff) ^ 0x63; 31 | SBOX[x] = sx; 32 | INV_SBOX[sx] = x; 33 | 34 | // Compute multiplication 35 | var x2 = d[x]; 36 | var x4 = d[x2]; 37 | var x8 = d[x4]; 38 | 39 | // Compute sub bytes, mix columns tables 40 | var t = (d[sx] * 0x101) ^ (sx * 0x1010100); 41 | SUB_MIX_0[x] = (t << 24) | (t >>> 8); 42 | SUB_MIX_1[x] = (t << 16) | (t >>> 16); 43 | SUB_MIX_2[x] = (t << 8) | (t >>> 24); 44 | SUB_MIX_3[x] = t; 45 | 46 | // Compute inv sub bytes, inv mix columns tables 47 | var t = (x8 * 0x1010101) ^ (x4 * 0x10001) ^ (x2 * 0x101) ^ (x * 0x1010100); 48 | INV_SUB_MIX_0[sx] = (t << 24) | (t >>> 8); 49 | INV_SUB_MIX_1[sx] = (t << 16) | (t >>> 16); 50 | INV_SUB_MIX_2[sx] = (t << 8) | (t >>> 24); 51 | INV_SUB_MIX_3[sx] = t; 52 | 53 | // Compute next counter 54 | if (!x) { 55 | x = xi = 1; 56 | } else { 57 | x = x2 ^ d[d[d[x8 ^ x2]]]; 58 | xi ^= d[d[xi]]; 59 | } 60 | } 61 | }()); 62 | 63 | function parseLoop(base64Str, base64StrLength, reverseMap) { 64 | var words = []; 65 | var nBytes = 0; 66 | for (var i = 0; i < base64StrLength; i++) { 67 | if (i % 4) { 68 | var bits1 = reverseMap[base64Str.charCodeAt(i - 1)] << ((i % 4) * 2); 69 | var bits2 = reverseMap[base64Str.charCodeAt(i)] >>> (6 - (i % 4) * 2); 70 | var bitsCombined = bits1 | bits2; 71 | words[nBytes >>> 2] |= bitsCombined << (24 - (nBytes % 4) * 8); 72 | nBytes++; 73 | } 74 | } 75 | // return WordArray.create(words, nBytes); 76 | 77 | return {words: words, sigBytes: nBytes} // args5 *** new WordArray_init(words, nBytes)/ {words: words, sigBytes:nBytes} 使用其中一种进行大胆的改写 78 | } 79 | 80 | function Base64_parse(base64Str) { 81 | // Shortcuts 82 | var base64StrLength = base64Str.length; 83 | // var map = this._map; 84 | var map = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/='; 85 | // var reverseMap = this._reverseMap; 86 | var reverseMap; // args4 *** 这里是个数组,我先进行置空 87 | 88 | if (!reverseMap) { 89 | reverseMap = []; 90 | for (var j = 0; j < map.length; j++) { 91 | reverseMap[map.charCodeAt(j)] = j; 92 | } 93 | } 94 | // Ignore padding 95 | var paddingChar = map.charAt(64); 96 | if (paddingChar) { 97 | var paddingIndex = base64Str.indexOf(paddingChar); 98 | if (paddingIndex !== -1) { 99 | base64StrLength = paddingIndex; 100 | } 101 | } 102 | 103 | // Convert 104 | return parseLoop(base64Str, base64StrLength, reverseMap); 105 | 106 | } 107 | 108 | function format_parse(openSSLStr) { 109 | var salt; 110 | // Parse base64 111 | var ciphertext = Base64_parse(openSSLStr); 112 | // return CipherParams.create({ciphertext: ciphertext, salt: salt}); 113 | return {ciphertext: ciphertext, salt: salt}; // args6 *** 进行改写的位置 危险性大 114 | // return new WordArray_init(ciphertext, salt); 115 | } 116 | 117 | function this_parse(ciphertext) { 118 | if (typeof ciphertext == 'string') { 119 | return format_parse(ciphertext); // args3 *** , this 参数没有传 120 | } else { 121 | return ciphertext; 122 | } 123 | } 124 | 125 | function this_doReset() { 126 | var t; 127 | // Shortcuts 128 | var key = global_this._keyPriorReset = global_this._key; 129 | var keyWords = key.words; 130 | var keySize = key.sigBytes / 4; 131 | 132 | // Compute number of rounds 133 | var nRounds = global_this._nRounds = keySize + 6; 134 | 135 | // Compute number of key schedule rows 136 | var ksRows = (nRounds + 1) * 4; 137 | 138 | // Compute key schedule 139 | var keySchedule = global_this._keySchedule = []; 140 | 141 | for (var ksRow = 0; ksRow < ksRows; ksRow++) { 142 | if (ksRow < keySize) { 143 | keySchedule[ksRow] = keyWords[ksRow]; 144 | } else { 145 | t = keySchedule[ksRow - 1]; 146 | if (!(ksRow % keySize)) { 147 | // Rot word 148 | t = (t << 8) | (t >>> 24); 149 | 150 | // Sub word 151 | t = (SBOX[t >>> 24] << 24) | (SBOX[(t >>> 16) & 0xff] << 16) | (SBOX[(t >>> 8) & 0xff] << 8) | SBOX[t & 0xff]; 152 | 153 | // Mix Rcon 154 | t ^= RCON[(ksRow / keySize) | 0] << 24; 155 | } else if (keySize > 6 && ksRow % keySize == 4) { 156 | // Sub word 157 | t = (SBOX[t >>> 24] << 24) | (SBOX[(t >>> 16) & 0xff] << 16) | (SBOX[(t >>> 8) & 0xff] << 8) | SBOX[t & 0xff]; 158 | } 159 | 160 | keySchedule[ksRow] = keySchedule[ksRow - keySize] ^ t; 161 | } 162 | } 163 | 164 | // Compute inv key schedule 165 | var invKeySchedule = global_this._invKeySchedule = []; 166 | for (var invKsRow = 0; invKsRow < ksRows; invKsRow++) { 167 | var ksRow = ksRows - invKsRow; 168 | 169 | if (invKsRow % 4) { 170 | var t = keySchedule[ksRow]; 171 | } else { 172 | var t = keySchedule[ksRow - 4]; 173 | } 174 | 175 | if (invKsRow < 4 || ksRow <= 4) { 176 | invKeySchedule[invKsRow] = t; 177 | } else { 178 | invKeySchedule[invKsRow] = INV_SUB_MIX_0[SBOX[t >>> 24]] ^ INV_SUB_MIX_1[SBOX[(t >>> 16) & 0xff]] ^ 179 | INV_SUB_MIX_2[SBOX[(t >>> 8) & 0xff]] ^ INV_SUB_MIX_3[SBOX[t & 0xff]]; 180 | } 181 | } 182 | 183 | } 184 | 185 | function Cipher_reset() { 186 | // Reset data buffer 187 | // BufferedBlockAlgorithm.reset.call(this); 188 | // BufferedBlockAlgorithm_reset(arguments); // args9 *** this 处理 189 | global_this._nDataBytes = 0; 190 | // global_this._data = new WordArray_init(); 191 | global_this._data = {sigBytes: 0, words: []}; 192 | // Perform concrete-cipher logic 193 | this_doReset(); 194 | 195 | } 196 | 197 | global.global_this = {}; 198 | 199 | function this_reset() { 200 | var modeCreator; 201 | 202 | // Reset cipher 203 | // Cipher.reset.call(this); 204 | Cipher_reset(arguments); // args8 *** this 处理 205 | 206 | // Reset block mode 207 | if (this._xformMode == this._ENC_XFORM_MODE) { 208 | // modeCreator = mode.createEncryptor; 209 | } else /* if (this._xformMode == this._DEC_XFORM_MODE) */ { 210 | // modeCreator = mode.createDecryptor; 211 | // Keep at least one block in the buffer for unpadding 212 | global_this._minBufferSize = 1; 213 | // this._minBufferSize = 1; 214 | } 215 | 216 | 217 | if (this._mode && this._mode.__creator == modeCreator) { 218 | this._mode.init(this, iv && iv.words); 219 | } else { 220 | // args9 *** 删除了一些操作 221 | // this._mode = modeCreator.call(mode, this, iv && iv.words); 222 | // this._mode.__creator = modeCreator; 223 | } 224 | } 225 | 226 | function cipher_createDecryptor(key, cfg) { 227 | this._DEC_XFORM_MODE = 2; // args7 *** 低风险 直接写死 228 | // return this.create(this._DEC_XFORM_MODE, key, cfg); 229 | global_this._key = key; 230 | global_this.xformMode = 2; 231 | 232 | // return this_reset(this._DEC_XFORM_MODE, key, cfg); 233 | return this_reset(this._DEC_XFORM_MODE, key, cfg); 234 | } 235 | 236 | function Latin1_parse(latin1Str) { 237 | // Shortcut 238 | var latin1StrLength = latin1Str.length; 239 | 240 | // Convert 241 | var words = []; 242 | for (var i = 0; i < latin1StrLength; i++) { 243 | words[i >>> 2] |= (latin1Str.charCodeAt(i) & 0xff) << (24 - (i % 4) * 8); 244 | } 245 | 246 | return new WordArray_init(words, latin1StrLength); 247 | } 248 | 249 | function Utf8_parse(utf8Str) { 250 | return Latin1_parse(unescape(encodeURIComponent(utf8Str))); 251 | } 252 | 253 | function this_clamp() { 254 | // Shortcuts 255 | var words = this.words; 256 | var sigBytes = this.sigBytes; 257 | // console.log(words); 258 | // console.log(sigBytes); 259 | // Clamp 260 | words[sigBytes >>> 2] &= 0xffffffff << (32 - (sigBytes % 4) * 8); 261 | words.length = Math.ceil(sigBytes / 4); 262 | } 263 | 264 | function this_data_concat(wordArray) { 265 | // Shortcuts 266 | var thisWords = this.words; 267 | var thatWords = wordArray.words; 268 | var thisSigBytes = this.sigBytes; 269 | var thatSigBytes = wordArray.sigBytes; 270 | 271 | // Clamp excess bits 272 | // this_clamp.call(global_this, arguments); // args10 *** 低风险 273 | 274 | // Concat 275 | if (thisSigBytes % 4) { 276 | // Copy one byte at a time 277 | for (var i = 0; i < thatSigBytes; i++) { 278 | var thatByte = (thatWords[i >>> 2] >>> (24 - (i % 4) * 8)) & 0xff; 279 | thisWords[(thisSigBytes + i) >>> 2] |= thatByte << (24 - ((thisSigBytes + i) % 4) * 8); 280 | } 281 | } else { 282 | // Copy one word at a time 283 | for (var j = 0; j < thatSigBytes; j += 4) { 284 | thisWords[(thisSigBytes + j) >>> 2] = thatWords[j >>> 2]; 285 | } 286 | } 287 | this.sigBytes += thatSigBytes; 288 | 289 | // Chainable 290 | return this; 291 | } 292 | 293 | function this_append(data) { 294 | // Convert string to WordArray, else assume WordArray already 295 | if (typeof data == 'string') { 296 | data = Utf8_parse(data); 297 | } 298 | 299 | // Append 300 | // global_this.concat = this_data_concat(data); 301 | global_this.concat = this_data_concat.call(global_this._data, data); 302 | // this_data_concat(data); 303 | global_this._nDataBytes += data.sigBytes; 304 | } 305 | 306 | function this_doCryptBlock(M, offset, keySchedule, SUB_MIX_0, SUB_MIX_1, SUB_MIX_2, SUB_MIX_3, SBOX) { 307 | // Shortcut 308 | var nRounds = global_this._nRounds; 309 | // Get input, add round key 310 | var s0 = M[offset] ^ keySchedule[0]; 311 | var s1 = M[offset + 1] ^ keySchedule[1]; 312 | var s2 = M[offset + 2] ^ keySchedule[2]; 313 | var s3 = M[offset + 3] ^ keySchedule[3]; 314 | // Key schedule row counter 315 | var ksRow = 4; 316 | // Rounds 317 | for (var round = 1; round < nRounds; round++) { 318 | // Shift rows, sub bytes, mix columns, add round key 319 | var t0 = SUB_MIX_0[s0 >>> 24] ^ SUB_MIX_1[(s1 >>> 16) & 0xff] ^ SUB_MIX_2[(s2 >>> 8) & 0xff] ^ SUB_MIX_3[s3 & 0xff] ^ keySchedule[ksRow++]; 320 | var t1 = SUB_MIX_0[s1 >>> 24] ^ SUB_MIX_1[(s2 >>> 16) & 0xff] ^ SUB_MIX_2[(s3 >>> 8) & 0xff] ^ SUB_MIX_3[s0 & 0xff] ^ keySchedule[ksRow++]; 321 | var t2 = SUB_MIX_0[s2 >>> 24] ^ SUB_MIX_1[(s3 >>> 16) & 0xff] ^ SUB_MIX_2[(s0 >>> 8) & 0xff] ^ SUB_MIX_3[s1 & 0xff] ^ keySchedule[ksRow++]; 322 | var t3 = SUB_MIX_0[s3 >>> 24] ^ SUB_MIX_1[(s0 >>> 16) & 0xff] ^ SUB_MIX_2[(s1 >>> 8) & 0xff] ^ SUB_MIX_3[s2 & 0xff] ^ keySchedule[ksRow++]; 323 | // Update state 324 | s0 = t0; 325 | s1 = t1; 326 | s2 = t2; 327 | s3 = t3; 328 | } 329 | 330 | // Shift rows, sub bytes, add round key 331 | var t0 = ((SBOX[s0 >>> 24] << 24) | (SBOX[(s1 >>> 16) & 0xff] << 16) | (SBOX[(s2 >>> 8) & 0xff] << 8) | SBOX[s3 & 0xff]) ^ keySchedule[ksRow++]; 332 | var t1 = ((SBOX[s1 >>> 24] << 24) | (SBOX[(s2 >>> 16) & 0xff] << 16) | (SBOX[(s3 >>> 8) & 0xff] << 8) | SBOX[s0 & 0xff]) ^ keySchedule[ksRow++]; 333 | var t2 = ((SBOX[s2 >>> 24] << 24) | (SBOX[(s3 >>> 16) & 0xff] << 16) | (SBOX[(s0 >>> 8) & 0xff] << 8) | SBOX[s1 & 0xff]) ^ keySchedule[ksRow++]; 334 | var t3 = ((SBOX[s3 >>> 24] << 24) | (SBOX[(s0 >>> 16) & 0xff] << 16) | (SBOX[(s1 >>> 8) & 0xff] << 8) | SBOX[s2 & 0xff]) ^ keySchedule[ksRow++]; 335 | 336 | // Set output 337 | M[offset] = t0; 338 | M[offset + 1] = t1; 339 | M[offset + 2] = t2; 340 | M[offset + 3] = t3; 341 | } 342 | 343 | function this_cipher_decryptBlock(M, offset) { 344 | // Swap 2nd and 4th rows 345 | var t = M[offset + 1]; 346 | M[offset + 1] = M[offset + 3]; 347 | M[offset + 3] = t; 348 | this_doCryptBlock(M, offset, global_this._invKeySchedule, INV_SUB_MIX_0, INV_SUB_MIX_1, INV_SUB_MIX_2, INV_SUB_MIX_3, INV_SBOX); 349 | // Inv swap 2nd and 4th rows 350 | var t = M[offset + 1]; 351 | M[offset + 1] = M[offset + 3]; 352 | M[offset + 3] = t; 353 | } 354 | 355 | function this_process(doFlush) { 356 | // console.log(global_this); 357 | // process.exit(); 358 | var processedWords; 359 | // Shortcuts 360 | var data = global_this._data; 361 | var dataWords = data.words; 362 | var dataSigBytes = data.sigBytes; 363 | // var blockSize = this.blockSize; 364 | var blockSize = 4; // args12 *** 写死这个参数 365 | var blockSizeBytes = blockSize * 4; 366 | // Count blocks ready 367 | var nBlocksReady = dataSigBytes / blockSizeBytes; 368 | if (doFlush) { 369 | // Round up to include partial blocks 370 | nBlocksReady = Math.ceil(nBlocksReady); 371 | } else { 372 | // Round down to include only full blocks, 373 | // less the number of blocks that must remain in the buffer 374 | nBlocksReady = Math.max((nBlocksReady | 0) - this._minBufferSize, 0); 375 | } 376 | // Count words ready 377 | var nWordsReady = nBlocksReady * blockSize; 378 | 379 | // Count bytes ready 380 | var nBytesReady = Math.min(nWordsReady * 4, dataSigBytes); 381 | 382 | // Process blocks 383 | if (nWordsReady) { 384 | for (var offset = 0; offset < nWordsReady; offset += blockSize) { 385 | // Perform concrete-algorithm logic 386 | this_cipher_decryptBlock(dataWords, offset) 387 | } 388 | // Remove processed words 389 | processedWords = dataWords.splice(0, nWordsReady); 390 | data.sigBytes -= nBytesReady; 391 | } 392 | // Return processed words 393 | return new WordArray_init(processedWords, nBytesReady); 394 | } 395 | 396 | function padding_unpad(data) { 397 | // Get number of padding bytes from last byte 398 | var nPaddingBytes = data.words[(data.sigBytes - 1) >>> 2] & 0xff; 399 | // Remove padding 400 | data.sigBytes -= nPaddingBytes; 401 | } 402 | 403 | function this_doFinalize() { 404 | var finalProcessedBlocks; 405 | // Shortcut 406 | // args11 *** 删除了if分支, 此处没有走该分支 407 | // Process final blocks 408 | finalProcessedBlocks = this_process(!!'flush'); 409 | // Unpad data 410 | padding_unpad(finalProcessedBlocks); 411 | return finalProcessedBlocks; 412 | } 413 | 414 | function finalize(dataUpdate) { 415 | // Final data update 416 | if (dataUpdate) { 417 | this_append(dataUpdate); 418 | } 419 | // Perform concrete-cipher logic 420 | var finalProcessedData = this_doFinalize(); 421 | 422 | return finalProcessedData; 423 | } 424 | 425 | function SerializableCipher_decrypt(cipher, ciphertext, key, cfg) { 426 | // Apply config defaults 427 | // cfg = this_cfg_extend(cfg); 428 | // Convert string to CipherParams 429 | ciphertext = this_parse(ciphertext); // args2 *** cfg.format这个参数 我没传入 430 | // Decrypt 431 | cipher_createDecryptor(key, cfg); 432 | var plaintext = finalize(ciphertext.ciphertext); 433 | 434 | return plaintext; 435 | } 436 | 437 | // 对象置空 或者 不传参数 438 | var cipher = {}; 439 | 440 | function CryptoJS_AES_decrypt(ciphertext, key, cfg) { 441 | return SerializableCipher_decrypt(cipher, ciphertext, key, cfg); 442 | } 443 | 444 | function superInit(words, sigBytes) { 445 | words = this.words = words || []; 446 | 447 | if (sigBytes != undefined) { 448 | this.sigBytes = sigBytes; 449 | } else { 450 | this.sigBytes = words.length * 4; 451 | } 452 | }; 453 | 454 | function WordArray_init(typedArray) { 455 | // Convert buffers to uint8 456 | if (typedArray instanceof ArrayBuffer) { 457 | typedArray = new Uint8Array(typedArray); 458 | } 459 | // Convert other array views to uint8 460 | if ( 461 | typedArray instanceof Int8Array || 462 | (typeof Uint8ClampedArray !== "undefined" && typedArray instanceof Uint8ClampedArray) || 463 | typedArray instanceof Int16Array || 464 | typedArray instanceof Uint16Array || 465 | typedArray instanceof Int32Array || 466 | typedArray instanceof Uint32Array || 467 | typedArray instanceof Float32Array || 468 | typedArray instanceof Float64Array 469 | ) { 470 | typedArray = new Uint8Array(typedArray.buffer, typedArray.byteOffset, typedArray.byteLength); 471 | } 472 | 473 | // Handle Uint8Array 474 | if (typedArray instanceof Uint8Array) { 475 | // Shortcut 476 | var typedArrayByteLength = typedArray.byteLength; 477 | 478 | // Extract bytes 479 | var words = []; 480 | for (var i = 0; i < typedArrayByteLength; i++) { 481 | words[i >>> 2] |= typedArray[i] << (24 - (i % 4) * 8); 482 | } 483 | 484 | // Initialize this word array 485 | superInit.call(this, words, typedArrayByteLength); 486 | } else { 487 | // Else call normal init 488 | superInit.apply(this, arguments); 489 | } 490 | }; 491 | 492 | function Latin1_parse(latin1Str) { 493 | // Shortcut 494 | var latin1StrLength = latin1Str.length; 495 | // Convert 496 | var words = []; 497 | for (var i = 0; i < latin1StrLength; i++) { 498 | words[i >>> 2] |= (latin1Str.charCodeAt(i) & 0xff) << (24 - (i % 4) * 8); 499 | } 500 | 501 | return new WordArray_init(words, latin1StrLength); 502 | }; 503 | 504 | function CryptoJS_enc_Utf8_parse(utf8Str) { 505 | return Latin1_parse(unescape(encodeURIComponent(utf8Str))); 506 | }; 507 | 508 | 509 | function Latin1_stringify(wordArray) { 510 | // Shortcuts 511 | var words = wordArray.words; 512 | var sigBytes = wordArray.sigBytes; 513 | // Convert 514 | var latin1Chars = []; 515 | for (var i = 0; i < sigBytes; i++) { 516 | var bite = (words[i >>> 2] >>> (24 - (i % 4) * 8)) & 0xff; 517 | latin1Chars.push(String.fromCharCode(bite)); 518 | } 519 | return latin1Chars.join(''); 520 | } 521 | 522 | function _stringify(wordArray) { 523 | try { 524 | return decodeURIComponent(escape(Latin1_stringify(wordArray))); 525 | } catch (e) { 526 | throw new Error('Malformed UTF-8 data'); 527 | } 528 | } 529 | 530 | function _toString(decrypted) { 531 | return _stringify(decrypted); 532 | } 533 | 534 | var KEY = 'aiding6666666666'; 535 | var key = CryptoJS_enc_Utf8_parse(KEY); 536 | var CryptoJS_mode_ECB = {}; 537 | var CryptoJS_pad_Pkcs7 = {}; 538 | var str_ = "2A4w0jqbUivhDV042Ka+VbfXmH65wRwPgKTNHCnEW2hkVTAx4LzvekaBzGEikZHeLblU4KdKeP2LI/nT/Z9vFfby5lg6jI336umLu6ofyFzsHihQ/lJDwCFl7yCY3RXxe6raQF061MqSao4eZ8RUQn6dnITrmFXK4gSCDTbTnrLjUueZnyozu3rmD/XvIYvjtDENnW+T3CjW3SecHQ4x3myB33JETq0coOwn0zgdP2kMqei6MDGpsXX1wp3XqLo05ysk+Pa+rzmgrWtauWcLC5UJxL6JIiP//40bKbOnHhwTcoFdoY+a6t6EGrUDWbQB7JFdJPOLT2RMYKdKz1fiQw=="; 539 | var decrypted = CryptoJS_AES_decrypt(str_, key, { 540 | // iv: iv, 541 | mode: CryptoJS_mode_ECB, // arg1 *** 参数暂时置空 542 | padding: CryptoJS_pad_Pkcs7, // arg1 *** 参数暂时置空 543 | }); 544 | var result = _toString(decrypted); 545 | console.log(result); 546 | -------------------------------------------------------------------------------- /无限debugger/hook_cookie.txt: -------------------------------------------------------------------------------- 1 | (function() { 2 | "use strict"; 3 | var cookieTemp = ""; 4 | Object.defineProperty(document, "cookie", { 5 | writable: false, // 表示能否修改属性的值,即值是可写的还是只读 6 | configurable: false, // 表示能否通过 delete 删除属性、能否修改属性的特性,或者将属性修改为访问器属性 7 | set: function(val) { 8 | if (val.indexOf("cookie的参数名称") != -1) { 9 | debugger ; 10 | } 11 | console.log("Hook捕获Cookie设置->", val); 12 | cookieTemp = val; 13 | return val; 14 | }, 15 | 16 | get: function() { 17 | return cookieTemp; 18 | } 19 | }) 20 | } 21 | )(); 22 | 23 | (function () { 24 | 'use strict'; 25 | var cookie_cache = document.cookie; 26 | Object.defineProperty(document, 'cookie', { 27 | get: function () { 28 | return cookie_cache; 29 | }, 30 | set: function (val) { 31 | console.log('Setting cookie', val); 32 | // 填写cookie名 33 | if (val.indexOf('cookie名') != -1) { 34 | debugger; 35 | } 36 | var cookie = val.split(";")[0]; 37 | var ncookie = cookie.split("="); 38 | var flag = false; 39 | var cache = cookie_cache.split("; "); 40 | cache = cache.map(function (a) { 41 | if (a.split("=")[0] === ncookie[0]) { 42 | flag = true; 43 | return cookie; 44 | } 45 | return a; 46 | }) 47 | cookie_cache = cache.join("; "); 48 | if (!flag) { 49 | cookie_cache += cookie + "; "; 50 | } 51 | return cookie_cache; 52 | } 53 | }); 54 | })(); 55 | -------------------------------------------------------------------------------- /无限debugger/无限debuuger.txt: -------------------------------------------------------------------------------- 1 | // 1、学过原型链的大家应该都清楚了 2 | 已知: 3 | 1. Function.constructor = Function 4 | 2. 所有的函数定义,实际上都是 new Function 5 | 3. 也就是说,函数实际上是 Function 的实例化对象 6 | 4. 那么函数的constructor,实际上就是 Function.prototype.constructor 7 | 5. 所以 Function.prototype.constructor = Function 8 | 6. 所以只要修改 Function.prototype.constructor,就可以实现 hook 自定义函数的constructor 目的 9 | 10 | 所以应该这样写: 11 | _Function = Function 12 | Function.prototype.constructor = function(){ 13 | if (arguments[0].indexOf('debugger') != -1){ 14 | return _Function('') 15 | } 16 | return _Function(arguments[0]) 17 | } 18 | 19 | // 2、arguments 类数组 特性,不是数组,只有一部分数组的特性,其余很多属性没有 20 | _eval = eval; 21 | eval= function(){ 22 | // [xxxx].indexOf('xxxx') 判断[]数组中是否包含 'xxxx' 的值相等,相等返回0,不等返回-1 23 | if ([arguments[0]].indexOf('debugger')) 24 | return _eval(arguments[0]) 25 | } -------------------------------------------------------------------------------- /无限debugger/第1题.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | import base64 3 | import hashlib 4 | import time 5 | import requests 6 | from encryption_decryption_function import str_to_bs64, str_to_md5 7 | 8 | """ 9 | 目标:采集100页的全部数字,并计算所有数据加和。就从这里开启你的逆向之旅吧! 10 | """ 11 | 12 | 13 | def summation(page: int): 14 | global number 15 | t = str(round(time.time())) 16 | headers = { 17 | 'authority': 'www.python-spider.com', 18 | 'accept': 'application/json, text/javascript, */*; q=0.01', 19 | 'accept-language': 'zh-CN,zh;q=0.9', 20 | 'cache-control': 'no-cache', 21 | 'content-type': 'application/x-www-form-urlencoded; charset=UTF-8', 22 | 'origin': 'https://www.python-spider.com', 23 | 'pragma': 'no-cache', 24 | 'referer': 'https://www.python-spider.com/challenge/1', 25 | 'safe': str_to_md5(str_to_bs64('9622' + t)), 26 | 'sec-ch-ua': '"Chromium";v="118", "Google Chrome";v="118", "Not=A?Brand";v="99"', 27 | 'sec-ch-ua-mobile': '?0', 28 | 'sec-ch-ua-platform': '"macOS"', 29 | 'sec-fetch-dest': 'empty', 30 | 'sec-fetch-mode': 'cors', 31 | 'sec-fetch-site': 'same-origin', 32 | 'timestamp': str(t), 33 | 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36', 34 | 'x-requested-with': 'XMLHttpRequest', 35 | } 36 | data = { 37 | 'page': str(page) 38 | } 39 | response = requests.post('https://www.python-spider.com/api/challenge1', headers=headers, data=data) 40 | data_dict = response.json() 41 | data_list = data_dict['data'] 42 | for data in data_list: 43 | number += int(data['value']) 44 | 45 | 46 | if __name__ == '__main__': 47 | number = 0 48 | for i in range(100): 49 | page = i + 1 50 | summation(page) 51 | print(number) 52 | -------------------------------------------------------------------------------- /混淆跟值/Function_all.js: -------------------------------------------------------------------------------- 1 | // AAencode 2 | ゚ω゚ノ= /`m´)ノ ~┻━┻ //*´∇`*/ ['_']; o=(゚ー゚) =_=3; c=(゚Θ゚) =(゚ー゚)-(゚ー゚); (゚Д゚) =(゚Θ゚)= (o^_^o)/ (o^_^o);(゚Д゚)={゚Θ゚: '_' ,゚ω゚ノ : ((゚ω゚ノ==3) +'_') [゚Θ゚] ,゚ー゚ノ :(゚ω゚ノ+ '_')[o^_^o -(゚Θ゚)] ,゚Д゚ノ:((゚ー゚==3) +'_')[゚ー゚] }; (゚Д゚) [゚Θ゚] =((゚ω゚ノ==3) +'_') [c^_^o];(゚Д゚) ['c'] = ((゚Д゚)+'_') [ (゚ー゚)+(゚ー゚)-(゚Θ゚) ];(゚Д゚) ['o'] = ((゚Д゚)+'_') [゚Θ゚];(゚o゚)=(゚Д゚) ['c']+(゚Д゚) ['o']+(゚ω゚ノ +'_')[゚Θ゚]+ ((゚ω゚ノ==3) +'_') [゚ー゚] + ((゚Д゚) +'_') [(゚ー゚)+(゚ー゚)]+ ((゚ー゚==3) +'_') [゚Θ゚]+((゚ー゚==3) +'_') [(゚ー゚) - (゚Θ゚)]+(゚Д゚) ['c']+((゚Д゚)+'_') [(゚ー゚)+(゚ー゚)]+ (゚Д゚) ['o']+((゚ー゚==3) +'_') [゚Θ゚];(゚Д゚) ['_'] =(o^_^o) [゚o゚] [゚o゚];(゚ε゚)=((゚ー゚==3) +'_') [゚Θ゚]+ (゚Д゚) .゚Д゚ノ+((゚Д゚)+'_') [(゚ー゚) + (゚ー゚)]+((゚ー゚==3) +'_') [o^_^o -゚Θ゚]+((゚ー゚==3) +'_') [゚Θ゚]+ (゚ω゚ノ +'_') [゚Θ゚]; (゚ー゚)+=(゚Θ゚); (゚Д゚)[゚ε゚]='\\'; (゚Д゚).゚Θ゚ノ=(゚Д゚+ ゚ー゚)[o^_^o -(゚Θ゚)];(o゚ー゚o)=(゚ω゚ノ +'_')[c^_^o];(゚Д゚) [゚o゚]='\"';(゚Д゚) ['_'] ( (゚Д゚) ['_'] (゚ε゚+/*´∇`*/(゚Д゚)[゚o゚]+ (゚Д゚)[゚ε゚]+(゚Θ゚)+(゚ー゚)+(o^_^o)+(゚Д゚)[゚ε゚]+(゚Θ゚)+((゚ー゚) + (゚Θ゚))+((゚ー゚) + (o^_^o))+(゚Д゚)[゚ε゚]+(゚Θ゚)+((゚ー゚) + (゚Θ゚))+((o^_^o) +(o^_^o))+(゚Д゚)[゚ε゚]+(゚Θ゚)+((o^_^o) +(o^_^o))+(o^_^o)+(゚Д゚)[゚ε゚]+(゚Θ゚)+((゚ー゚) + (゚Θ゚))+((゚ー゚) + (o^_^o))+(゚Д゚)[゚ε゚]+(゚Θ゚)+((゚ー゚) + (゚Θ゚))+(゚ー゚)+(゚Д゚)[゚ε゚]+(゚Θ゚)+(゚ー゚)+((゚ー゚) + (゚Θ゚))+(゚Д゚)[゚ε゚]+((゚ー゚) + (゚Θ゚))+((o^_^o) +(o^_^o))+(゚Д゚)[゚ε゚]+(゚Θ゚)+((゚ー゚) + (゚Θ゚))+(゚ー゚)+(゚Д゚)[゚ε゚]+(゚Θ゚)+((゚ー゚) + (゚Θ゚))+((゚ー゚) + (o^_^o))+(゚Д゚)[゚ε゚]+(゚Θ゚)+(゚ー゚)+((゚ー゚) + (o^_^o))+(゚Д゚)[゚ε゚]+((゚ー゚) + (゚Θ゚))+(c^_^o)+(゚Д゚)[゚ε゚]+((o^_^o) +(o^_^o))+(゚Θ゚)+(゚Д゚)[゚ε゚]+((o^_^o) +(o^_^o))+(゚Θ゚)+(゚Д゚)[゚ε゚]+((o^_^o) +(o^_^o))+(゚Θ゚)+(゚Д゚)[゚ε゚]+((o^_^o) +(o^_^o))+(゚Θ゚)+(゚Д゚)[゚ε゚]+((o^_^o) +(o^_^o))+(゚Θ゚)+(゚Д゚)[゚ε゚]+((o^_^o) +(o^_^o))+(゚Θ゚)+(゚Д゚)[゚ε゚]+((゚ー゚) + (゚Θ゚))+(゚Θ゚)+(゚Д゚)[゚o゚]) (゚Θ゚)) ('_'); 3 | // jjencode 4 | $=~[];$={___:++$,$$$$:(![]+"")[$],__$:++$,$_$_:(![]+"")[$],_$_:++$,$_$$:({}+"")[$],$$_$:($[$]+"")[$],_$$:++$,$$$_:(!""+"")[$],$__:++$,$_$:++$,$$__:({}+"")[$],$$_:++$,$$$:++$,$___:++$,$__$:++$};$.$_=($.$_=$+"")[$.$_$]+($._$=$.$_[$.__$])+($.$$=($.$+"")[$.__$])+((!$)+"")[$._$$]+($.__=$.$_[$.$$_])+($.$=(!""+"")[$.__$])+($._=(!""+"")[$._$_])+$.$_[$.$_$]+$.__+$._$+$.$;$.$$=$.$+(!""+"")[$._$$]+$.__+$._+$.$+$.$$;$.$=($.___)[$.$_][$.$_];$.$($.$($.$$+"\""+$.$_$_+(![]+"")[$._$_]+$.$$$_+"\\"+$.__$+$.$$_+$._$_+$.__+"(\\\"\\"+$.__$+$.__$+$.___+$.$$$_+(![]+"")[$._$_]+(![]+"")[$._$_]+$._$+",\\"+$.$__+$.___+"\\"+$.__$+$.__$+$._$_+$.$_$_+"\\"+$.__$+$.$$_+$.$$_+$.$_$_+"\\"+$.__$+$._$_+$._$$+$.$$__+"\\"+$.__$+$.$$_+$._$_+"\\"+$.__$+$.$_$+$.__$+"\\"+$.__$+$.$$_+$.___+$.__+"\\\"\\"+$.$__+$.___+");\\"+$.__$+$._$_+"\\"+$.__$+$.__$+"\\"+$.__$+$.__$+"\\"+$.__$+$.__$+"\"")())(); 5 | // jsfuck 6 | [][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]][([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]((!![]+[])[+!+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+([][[]]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+!+[]]+(+[![]]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+!+[]]]+(!![]+[])[!+[]+!+[]+!+[]]+(+(!+[]+!+[]+!+[]+[+!+[]]))[(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+([]+[])[([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]][([][[]]+[])[+!+[]]+(![]+[])[+!+[]]+((+[])[([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]+[])[+!+[]+[+!+[]]]+(!![]+[])[!+[]+!+[]+!+[]]]](!+[]+!+[]+!+[]+[!+[]+!+[]])+(![]+[])[+!+[]]+(![]+[])[!+[]+!+[]])()((![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]+([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[+!+[]+[!+[]+!+[]+!+[]]]+[+!+[]]+([+[]]+![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[!+[]+!+[]+[+[]]]) 7 | -------------------------------------------------------------------------------- /混淆跟值/demo.js: -------------------------------------------------------------------------------- 1 | $a = ['\x77\x72\x2f\x44\x71\x67\x77\x3d', '\x4a\x47\x50\x44\x6b\x77\x3d\x3d', '\x47\x6e\x6e\x44\x67\x51\x3d\x3d', '\x77\x35\x67\x4f\x58\x67\x3d\x3d', '\x77\x6f\x37\x44\x6c\x73\x4f\x78', '\x43\x63\x4f\x51\x77\x72\x51\x3d', '\x4a\x73\x4f\x34\x77\x6f\x30\x3d', '\x77\x37\x74\x54\x77\x36\x77\x3d', '\x44\x38\x4b\x59\x77\x6f\x6f\x3d', '\x77\x34\x37\x43\x74\x43\x38\x3d', '\x47\x51\x78\x30', '\x64\x55\x73\x36', '\x4e\x63\x4f\x55\x77\x71\x34\x3d', '\x44\x4d\x4b\x36\x48\x41\x3d\x3d', '\x77\x34\x66\x43\x73\x31\x45\x3d', '\x77\x36\x55\x2b\x77\x36\x59\x3d', '\x77\x36\x41\x44\x57\x67\x3d\x3d', '\x77\x72\x35\x52\x46\x67\x3d\x3d', '\x77\x71\x38\x72\x5a\x77\x3d\x3d', '\x77\x71\x2f\x44\x74\x4d\x4f\x6b', '\x51\x78\x44\x43\x6a\x77\x3d\x3d', '\x77\x34\x62\x43\x6a\x6d\x4d\x3d', '\x77\x72\x66\x43\x6d\x38\x4f\x4a', '\x77\x35\x4e\x4a\x77\x35\x51\x3d', '\x50\x38\x4f\x47\x57\x77\x3d\x3d', '\x45\x42\x4a\x67', '\x4d\x63\x4f\x67\x77\x71\x59\x3d', '\x77\x37\x63\x45\x58\x67\x3d\x3d', '\x77\x71\x4c\x44\x75\x67\x63\x3d', '\x44\x41\x6c\x39', '\x77\x37\x6b\x33\x77\x36\x45\x3d', '\x5a\x73\x4b\x32\x77\x72\x49\x3d', '\x50\x6e\x54\x44\x6e\x51\x3d\x3d', '\x77\x35\x38\x53\x77\x37\x73\x3d', '\x58\x51\x30\x31', '\x77\x35\x7a\x44\x6f\x56\x38\x3d', '\x77\x71\x30\x68\x51\x77\x3d\x3d', '\x49\x38\x4b\x63\x47\x77\x3d\x3d', '\x5a\x6a\x55\x54', '\x77\x72\x39\x37\x43\x67\x3d\x3d', '\x77\x6f\x78\x74\x45\x41\x3d\x3d', '\x77\x6f\x6e\x44\x72\x53\x34\x3d', '\x4c\x79\x74\x55', '\x77\x37\x6f\x2f\x77\x37\x6f\x3d', '\x77\x36\x58\x44\x67\x57\x4d\x3d', '\x77\x34\x2f\x43\x6b\x46\x30\x3d', '\x77\x34\x6a\x44\x71\x56\x45\x3d', '\x77\x35\x37\x44\x6d\x31\x73\x3d', '\x77\x34\x2f\x44\x75\x7a\x38\x3d', '\x61\x43\x73\x61', '\x4c\x45\x33\x43\x6d\x77\x3d\x3d', '\x77\x34\x72\x43\x72\x41\x41\x3d', '\x77\x71\x6e\x44\x74\x52\x6b\x3d', '\x77\x72\x74\x6c\x4f\x67\x3d\x3d', '\x42\x77\x68\x77', '\x61\x78\x41\x68', '\x77\x37\x33\x44\x6f\x73\x4f\x4c', '\x64\x42\x58\x44\x6a\x41\x3d\x3d', '\x77\x6f\x74\x4d\x77\x70\x41\x3d', '\x50\x73\x4b\x74\x45\x51\x3d\x3d', '\x51\x38\x4f\x68\x44\x77\x3d\x3d', '\x77\x35\x31\x38\x77\x36\x63\x3d', '\x42\x38\x4f\x34\x77\x35\x51\x3d', '\x77\x72\x33\x44\x6b\x4d\x4f\x77', '\x77\x72\x6e\x44\x76\x58\x67\x3d', '\x77\x6f\x45\x76\x54\x67\x3d\x3d', '\x54\x54\x58\x43\x6b\x77\x3d\x3d', '\x52\x69\x33\x43\x68\x41\x3d\x3d', '\x77\x37\x4d\x66\x57\x77\x3d\x3d', '\x56\x4d\x4b\x45\x77\x71\x38\x3d', '\x43\x4d\x4f\x42\x77\x70\x41\x3d', '\x50\x31\x58\x44\x67\x41\x3d\x3d', '\x77\x70\x2f\x43\x69\x77\x41\x3d', '\x77\x34\x30\x41\x58\x51\x3d\x3d', '\x77\x36\x58\x43\x6d\x52\x73\x3d', '\x77\x34\x4e\x2f\x77\x37\x45\x3d', '\x77\x6f\x48\x43\x6e\x77\x67\x3d', '\x4a\x63\x4f\x42\x77\x37\x63\x3d', '\x46\x32\x7a\x44\x70\x67\x3d\x3d', '\x77\x70\x4c\x43\x69\x77\x49\x3d', '\x47\x58\x54\x44\x6c\x77\x3d\x3d', '\x4c\x51\x2f\x43\x6a\x51\x3d\x3d', '\x41\x44\x68\x6e', '\x77\x70\x66\x44\x6e\x73\x4f\x48', '\x77\x37\x30\x37\x66\x41\x3d\x3d', '\x58\x52\x72\x43\x6f\x77\x3d\x3d', '\x4a\x6c\x66\x44\x68\x51\x3d\x3d', '\x61\x42\x4c\x43\x67\x51\x3d\x3d', '\x77\x6f\x54\x44\x72\x42\x30\x3d', '\x77\x71\x76\x44\x72\x44\x34\x3d', '\x77\x71\x34\x73\x77\x6f\x6b\x3d', '\x77\x6f\x48\x44\x68\x4d\x4f\x57', '\x4d\x63\x4f\x41\x77\x6f\x77\x3d', '\x77\x6f\x72\x43\x70\x77\x67\x3d', '\x77\x36\x6e\x44\x72\x32\x4d\x3d', '\x54\x42\x45\x32', '\x50\x73\x4f\x67\x58\x51\x3d\x3d', '\x77\x72\x46\x39\x49\x51\x3d\x3d', '\x43\x38\x4f\x6f\x77\x71\x49\x3d', '\x65\x4d\x4f\x37\x48\x77\x3d\x3d', '\x77\x37\x4e\x7a\x77\x36\x51\x3d', '\x77\x70\x7a\x44\x69\x77\x6f\x3d', '\x4f\x67\x31\x77', '\x77\x35\x44\x43\x74\x32\x38\x3d', '\x4a\x45\x6a\x44\x6b\x51\x3d\x3d', '\x50\x67\x39\x6c', '\x4d\x68\x62\x43\x6d\x67\x3d\x3d', '\x77\x37\x44\x44\x6c\x6a\x51\x3d', '\x77\x70\x48\x43\x67\x4d\x4f\x2f', '\x46\x58\x54\x44\x74\x77\x3d\x3d', '\x77\x6f\x6f\x4c\x77\x72\x59\x3d', '\x77\x6f\x4a\x79\x77\x72\x30\x3d', '\x44\x63\x4b\x41\x41\x67\x3d\x3d', '\x77\x72\x72\x43\x75\x4d\x4f\x49', '\x35\x4c\x75\x48\x35\x35\x53\x53\x36\x49\x6d\x50', '\x4c\x4d\x4f\x69\x77\x6f\x45\x3d', '\x61\x43\x6e\x44\x6d\x77\x3d\x3d', '\x77\x35\x34\x6c\x59\x67\x3d\x3d', '\x63\x68\x49\x75', '\x65\x56\x55\x65', '\x77\x35\x66\x43\x71\x69\x59\x3d', '\x77\x72\x6a\x44\x6b\x38\x4f\x58', '\x4f\x47\x72\x43\x73\x77\x3d\x3d', '\x77\x36\x50\x44\x69\x56\x30\x3d', '\x65\x38\x4f\x50\x77\x37\x55\x3d', '\x77\x70\x52\x67\x48\x41\x3d\x3d', '\x44\x43\x6c\x54', '\x63\x63\x4b\x4c\x77\x72\x55\x3d', '\x41\x63\x4f\x34\x77\x70\x67\x3d', '\x77\x34\x49\x43\x66\x41\x3d\x3d', '\x42\x4d\x4b\x71\x48\x41\x3d\x3d', '\x77\x71\x31\x4f\x77\x71\x59\x3d', '\x77\x34\x78\x55\x77\x35\x4d\x3d', '\x47\x73\x4f\x30\x77\x6f\x67\x3d', '\x77\x72\x6a\x44\x76\x41\x59\x3d', '\x77\x6f\x48\x44\x70\x73\x4f\x6b', '\x53\x77\x55\x74', '\x77\x71\x4c\x43\x6b\x67\x6f\x3d', '\x4e\x46\x76\x43\x6e\x41\x3d\x3d', '\x77\x36\x2f\x43\x73\x30\x6f\x3d', '\x52\x77\x48\x43\x6d\x67\x3d\x3d', '\x35\x4c\x69\x7a\x35\x35\x61\x65\x36\x49\x71\x71', '\x77\x34\x72\x43\x70\x79\x77\x3d', '\x4a\x42\x64\x5a', '\x77\x37\x4e\x48\x77\x35\x67\x3d', '\x77\x71\x62\x44\x67\x38\x4f\x51', '\x77\x70\x6f\x30\x77\x70\x59\x3d', '\x51\x41\x6b\x74', '\x50\x73\x4f\x50\x77\x71\x45\x3d', '\x77\x34\x34\x66\x51\x67\x3d\x3d', '\x77\x72\x62\x43\x68\x42\x59\x3d', '\x59\x73\x4b\x41\x77\x71\x30\x3d', '\x77\x71\x58\x43\x6d\x63\x4b\x2b', '\x48\x51\x39\x49', '\x77\x37\x6b\x49\x59\x77\x3d\x3d', '\x58\x42\x55\x42', '\x77\x35\x76\x44\x6b\x67\x34\x3d', '\x77\x37\x4d\x59\x56\x41\x3d\x3d', '\x4c\x57\x72\x44\x76\x51\x3d\x3d', '\x77\x36\x59\x75\x64\x67\x3d\x3d', '\x77\x34\x67\x67\x77\x35\x73\x3d', '\x77\x70\x33\x43\x6b\x68\x77\x3d', '\x77\x71\x72\x43\x70\x78\x77\x3d', '\x77\x34\x63\x4b\x66\x77\x3d\x3d', '\x77\x35\x6a\x44\x75\x78\x55\x3d', '\x77\x37\x63\x54\x77\x34\x59\x3d', '\x53\x4d\x4b\x6c\x77\x72\x30\x3d', '\x55\x6a\x54\x43\x72\x67\x3d\x3d', '\x77\x72\x6f\x53\x77\x72\x4d\x3d', '\x77\x72\x59\x55\x77\x72\x6b\x3d', '\x4f\x47\x76\x44\x73\x77\x3d\x3d', '\x54\x44\x50\x43\x6c\x41\x3d\x3d', '\x50\x63\x4b\x54\x77\x71\x41\x3d', '\x57\x52\x55\x48', '\x77\x34\x54\x43\x72\x46\x4d\x3d', '\x77\x72\x39\x70\x4f\x41\x3d\x3d', '\x77\x72\x6f\x43\x77\x70\x4d\x3d', '\x77\x70\x6a\x43\x69\x79\x38\x3d', '\x59\x77\x59\x44', '\x4e\x53\x74\x31', '\x77\x34\x42\x68\x77\x37\x4d\x3d', '\x77\x37\x50\x43\x72\x43\x34\x3d', '\x5a\x68\x4d\x48', '\x77\x6f\x35\x33\x77\x36\x51\x3d', '\x77\x72\x31\x47\x45\x67\x3d\x3d', '\x41\x73\x4b\x52\x77\x34\x59\x3d', '\x77\x72\x6f\x47\x62\x41\x3d\x3d', '\x45\x57\x6a\x44\x68\x77\x3d\x3d', '\x43\x78\x62\x43\x6e\x67\x3d\x3d', '\x49\x67\x7a\x43\x6a\x77\x3d\x3d', '\x59\x4d\x4b\x4e\x77\x6f\x73\x3d', '\x54\x69\x7a\x43\x68\x77\x3d\x3d', '\x5a\x53\x76\x44\x6b\x51\x3d\x3d', '\x77\x36\x48\x44\x6c\x6c\x45\x3d', '\x4c\x73\x4f\x61\x77\x36\x30\x3d', '\x77\x70\x42\x4b\x77\x72\x6f\x3d', '\x50\x63\x4f\x65\x77\x6f\x67\x3d', '\x44\x33\x58\x43\x70\x67\x3d\x3d', '\x4b\x63\x4f\x31\x77\x6f\x30\x3d', '\x77\x70\x76\x43\x73\x63\x4f\x58', '\x77\x36\x51\x51\x77\x35\x38\x3d', '\x4b\x32\x54\x44\x70\x67\x3d\x3d', '\x77\x72\x33\x44\x70\x38\x4f\x66', '\x77\x72\x4d\x53\x51\x77\x3d\x3d', '\x77\x36\x37\x43\x6a\x51\x77\x3d', '\x4f\x43\x70\x39', '\x62\x63\x4f\x34\x77\x36\x63\x3d', '\x77\x35\x72\x43\x6f\x6b\x73\x3d', '\x77\x70\x67\x4f\x77\x72\x63\x3d', '\x77\x71\x4d\x4f\x77\x71\x6b\x3d', '\x5a\x4d\x4b\x6c\x77\x72\x63\x3d', '\x4c\x4d\x4f\x37\x77\x35\x30\x3d', '\x77\x35\x37\x43\x67\x44\x59\x3d', '\x77\x37\x33\x43\x6e\x38\x4b\x4e', '\x77\x6f\x37\x44\x75\x4d\x4f\x52', '\x66\x69\x54\x44\x74\x41\x3d\x3d', '\x77\x70\x44\x44\x68\x77\x30\x3d', '\x4e\x4d\x4f\x4c\x77\x70\x6b\x3d', '\x4d\x73\x4f\x73\x77\x71\x59\x3d', '\x50\x57\x6e\x44\x6a\x51\x3d\x3d', '\x45\x6e\x2f\x44\x6f\x67\x3d\x3d', '\x77\x35\x6e\x44\x70\x6b\x55\x3d', '\x49\x47\x6a\x43\x6a\x51\x3d\x3d', '\x35\x35\x2b\x59\x37\x37\x36\x69\x35\x4c\x79\x77', '\x50\x6a\x37\x43\x68\x41\x3d\x3d', '\x58\x42\x6a\x43\x71\x51\x3d\x3d', '\x77\x6f\x66\x44\x6d\x42\x34\x3d', '\x51\x6b\x70\x35', '\x77\x36\x44\x43\x69\x45\x41\x3d', '\x77\x72\x76\x44\x6b\x73\x4f\x77', '\x59\x38\x4f\x62\x77\x35\x51\x3d', '\x77\x37\x6a\x43\x75\x77\x30\x3d', '\x63\x78\x63\x43', '\x54\x53\x4d\x34', '\x59\x52\x4d\x72', '\x49\x53\x31\x38', '\x77\x36\x6a\x44\x67\x73\x4b\x6e', '\x4a\x77\x4a\x6a', '\x77\x6f\x77\x4a\x5a\x77\x3d\x3d', '\x57\x38\x4f\x48\x77\x37\x38\x3d', '\x48\x6a\x68\x53', '\x4a\x38\x4b\x73\x77\x72\x41\x3d', '\x77\x35\x66\x43\x74\x57\x59\x3d', '\x77\x37\x45\x54\x77\x34\x59\x3d', '\x77\x71\x37\x43\x69\x43\x6b\x3d', '\x45\x68\x64\x37', '\x77\x36\x63\x62\x58\x77\x3d\x3d', '\x43\x52\x76\x43\x70\x67\x3d\x3d', '\x35\x62\x2b\x46\x45\x52\x45\x3d', '\x77\x35\x4e\x68\x77\x34\x34\x3d', '\x57\x79\x72\x43\x6f\x41\x3d\x3d', '\x48\x38\x4b\x4d\x41\x41\x3d\x3d', '\x77\x72\x35\x69\x77\x71\x59\x3d', '\x66\x73\x4b\x51\x4a\x67\x3d\x3d', '\x55\x38\x4b\x65\x77\x72\x67\x3d', '\x77\x6f\x37\x44\x69\x63\x4f\x2f', '\x77\x6f\x6a\x44\x70\x38\x4f\x30', '\x45\x73\x4f\x35\x56\x67\x3d\x3d']; 2 | (function (a, b) { 3 | var c = function (g) { 4 | while (--g) { 5 | a['push'](a['shift']()); 6 | } 7 | }; 8 | var f = function () { 9 | var g = { 10 | 'data': {'key': 'cookie', 'value': 'timeout'}, 'setCookie': function (k, l, m, n) { 11 | n = n || {}; 12 | var o = l + '=' + m; 13 | var p = 0x0; 14 | for (var q = 0x0, r = k['length']; q < r; q++) { 15 | var s = k[q]; 16 | o += ';\x20' + s; 17 | var t = k[s]; 18 | k['push'](t); 19 | r = k['length']; 20 | if (t !== !![]) { 21 | o += '=' + t; 22 | } 23 | } 24 | n['cookie'] = o; 25 | }, 'removeCookie': function () { 26 | return 'dev'; 27 | }, 'getCookie': function (k, l) { 28 | k = k || function (o) { 29 | return o; 30 | }; 31 | var m = k(new RegExp('(?:^|;\x20)' + l['replace'](/([.$?*|{}()[]\/+^])/g, '$1') + '=([^;]*)')); 32 | var n = function (o, p) { 33 | o(++p); 34 | }; 35 | n(c, b); 36 | return m ? decodeURIComponent(m[0x1]) : undefined; 37 | } 38 | }; 39 | var h = function () { 40 | var k = new RegExp('\x5cw+\x20*\x5c(\x5c)\x20*{\x5cw+\x20*[\x27|\x22].+[\x27|\x22];?\x20*}'); 41 | return k['test'](g['removeCookie']['toString']()); 42 | }; 43 | g['updateCookie'] = h; 44 | var i = ''; 45 | var j = g['updateCookie'](); 46 | if (!j) { 47 | g['setCookie'](['*'], 'counter', 0x1); 48 | } else if (j) { 49 | i = g['getCookie'](null, 'counter'); 50 | } else { 51 | g['removeCookie'](); 52 | } 53 | }; 54 | f(); 55 | }($a, 0xfe)); 56 | var $b = function (a, b) { 57 | a = a - 0x0; 58 | var c = $a[a]; 59 | if ($b['UUPUdR'] === undefined) { 60 | (function () { 61 | var f; 62 | try { 63 | var h = Function('return\x20(function()\x20' + '{}.constructor(\x22return\x20this\x22)(\x20)' + ');'); 64 | f = h(); 65 | } catch (i) { 66 | f = window; 67 | } 68 | var g = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/='; 69 | f['atob'] || (f['atob'] = function (j) { 70 | var k = String(j)['replace'](/=+$/, ''); 71 | var l = ''; 72 | for (var m = 0x0, n, o, p = 0x0; o = k['charAt'](p++); ~o && (n = m % 0x4 ? n * 0x40 + o : o, m++ % 0x4) ? l += String['fromCharCode'](0xff & n >> (-0x2 * m & 0x6)) : 0x0) { 73 | o = g['indexOf'](o); 74 | } 75 | return l; 76 | }); 77 | }()); 78 | var e = function (f, g) { 79 | var h = [], l = 0x0, m, n = '', o = ''; 80 | f = atob(f); 81 | for (var q = 0x0, r = f['length']; q < r; q++) { 82 | o += '%' + ('00' + f['charCodeAt'](q)['toString'](0x10))['slice'](-0x2); 83 | } 84 | f = decodeURIComponent(o); 85 | var p; 86 | for (p = 0x0; p < 0x100; p++) { 87 | h[p] = p; 88 | } 89 | for (p = 0x0; p < 0x100; p++) { 90 | l = (l + h[p] + g['charCodeAt'](p % g['length'])) % 0x100; 91 | m = h[p]; 92 | h[p] = h[l]; 93 | h[l] = m; 94 | } 95 | p = 0x0; 96 | l = 0x0; 97 | for (var t = 0x0; t < f['length']; t++) { 98 | p = (p + 0x1) % 0x100; 99 | l = (l + h[p]) % 0x100; 100 | m = h[p]; 101 | h[p] = h[l]; 102 | h[l] = m; 103 | n += String['fromCharCode'](f['charCodeAt'](t) ^ h[(h[p] + h[l]) % 0x100]); 104 | } 105 | return n; 106 | }; 107 | $b['Eyzsxu'] = e; 108 | $b['LTootv'] = {}; 109 | $b['UUPUdR'] = !![]; 110 | } 111 | var d = $b['LTootv'][a]; 112 | if (d === undefined) { 113 | if ($b['Wfrhiu'] === undefined) { 114 | var f = function (g) { 115 | this['spbCXc'] = g; 116 | this['IKgCut'] = [0x1, 0x0, 0x0]; 117 | this['sXFDvX'] = function () { 118 | return 'newState'; 119 | }; 120 | this['FsQkyQ'] = '\x5cw+\x20*\x5c(\x5c)\x20*{\x5cw+\x20*'; 121 | this['ucbVst'] = '[\x27|\x22].+[\x27|\x22];?\x20*}'; 122 | }; 123 | f['prototype']['lImNKx'] = function () { 124 | var g = new RegExp(this['FsQkyQ'] + this['ucbVst']); 125 | var h = g['test'](this['sXFDvX']['toString']()) ? --this['IKgCut'][0x1] : --this['IKgCut'][0x0]; 126 | return this['ESbAOw'](h); 127 | }; 128 | f['prototype']['ESbAOw'] = function (g) { 129 | if (!Boolean(~g)) { 130 | return g; 131 | } 132 | return this['kwfgaZ'](this['spbCXc']); 133 | }; 134 | f['prototype']['kwfgaZ'] = function (g) { 135 | for (var h = 0x0, j = this['IKgCut']['length']; h < j; h++) { 136 | this['IKgCut']['push'](Math['round'](Math['random']())); 137 | j = this['IKgCut']['length']; 138 | } 139 | return g(this['IKgCut'][0x0]); 140 | }; 141 | new f($b)['lImNKx'](); 142 | $b['Wfrhiu'] = !![]; 143 | } 144 | c = $b['Eyzsxu'](c, b); 145 | $b['LTootv'][a] = c; 146 | } else { 147 | c = d; 148 | } 149 | return c; 150 | }; 151 | (function $c(k) { 152 | var y = {}; 153 | y[$b('\x30\x78\x62\x34', '\x78\x42\x29\x57') + '\x4d\x6b'] = function (Y, Z) { 154 | return Y + Z; 155 | }; 156 | y[$b('\x30\x78\x37\x33', '\x32\x4e\x55\x71') + '\x75\x54'] = function (Y, Z) { 157 | return Y & Z; 158 | }; 159 | y['\x43\x79\x74' + '\x5a\x53'] = function (Y, Z) { 160 | return Y << Z; 161 | }; 162 | y[$b('\x30\x78\x37\x65', '\x2a\x58\x4b\x25') + '\x4e\x4b'] = function (Y, Z) { 163 | return Y + Z; 164 | }; 165 | y[$b('\x30\x78\x32\x64', '\x53\x48\x58\x32') + '\x4f\x4c'] = function (Y, Z) { 166 | return Y >> Z; 167 | }; 168 | y[$b('\x30\x78\x31\x31', '\x29\x55\x56\x25') + '\x64\x71'] = function (Y, Z) { 169 | return Y | Z; 170 | }; 171 | y[$b('\x30\x78\x32\x32', '\x44\x24\x61\x5e') + '\x70\x66'] = function (Y, Z) { 172 | return Y << Z; 173 | }; 174 | y[$b('\x30\x78\x65\x66', '\x21\x48\x79\x4f') + '\x44\x43'] = function (Y, Z) { 175 | return Y - Z; 176 | }; 177 | y[$b('\x30\x78\x38\x39', '\x6d\x43\x25\x30') + '\x4f\x6d'] = function (Y, Z, a0) { 178 | return Y(Z, a0); 179 | }; 180 | y[$b('\x30\x78\x66\x65', '\x25\x6b\x64\x72') + '\x45\x44'] = function (Y, Z, a0) { 181 | return Y(Z, a0); 182 | }; 183 | y[$b('\x30\x78\x39\x66', '\x49\x67\x73\x70') + '\x67\x56'] = function (Y, Z, a0, a1, a2, a3, a4) { 184 | return Y(Z, a0, a1, a2, a3, a4); 185 | }; 186 | y['\x41\x48\x56' + '\x69\x45'] = function (Y, Z, a0, a1, a2, a3, a4) { 187 | return Y(Z, a0, a1, a2, a3, a4); 188 | }; 189 | y[$b('\x30\x78\x62\x38', '\x79\x6f\x72\x77') + '\x65\x49'] = function (Y, Z) { 190 | return Y | Z; 191 | }; 192 | y['\x71\x6a\x68' + '\x74\x71'] = function (Y, Z) { 193 | return Y & Z; 194 | }; 195 | y[$b('\x30\x78\x61\x61', '\x73\x42\x51\x69') + '\x4c\x70'] = function (Y, Z) { 196 | return Y & Z; 197 | }; 198 | y[$b('\x30\x78\x31\x35', '\x4a\x43\x4d\x28') + '\x63\x6a'] = function (Y, Z) { 199 | return Y ^ Z; 200 | }; 201 | y[$b('\x30\x78\x35\x33', '\x64\x65\x5d\x4e') + '\x62\x78'] = function (Y, Z, a0, a1, a2, a3, a4) { 202 | return Y(Z, a0, a1, a2, a3, a4); 203 | }; 204 | y['\x4c\x51\x6d' + '\x5a\x4f'] = function (Y, Z) { 205 | return Y | Z; 206 | }; 207 | y['\x6d\x55\x76' + '\x68\x52'] = function (Y, Z) { 208 | return Y(Z); 209 | }; 210 | y['\x56\x69\x4f' + '\x42\x4b'] = function (Y, Z) { 211 | return Y < Z; 212 | }; 213 | y['\x4f\x4b\x72' + '\x42\x64'] = $b('\x30\x78\x37\x66', '\x5b\x23\x4e\x31') + $b('\x30\x78\x65\x32', '\x2a\x58\x4b\x25') + $b('\x30\x78\x34\x32', '\x73\x42\x51\x69') + $b('\x30\x78\x66\x30', '\x65\x49\x24\x37') + $b('\x30\x78\x31\x34', '\x76\x40\x23\x6a') + $b('\x30\x78\x39\x63', '\x49\x39\x42\x24') + $b('\x30\x78\x66', '\x32\x5b\x59\x51'); 214 | y['\x6a\x4d\x61' + '\x6d\x67'] = function (Y, Z, a0) { 215 | return Y(Z, a0); 216 | }; 217 | y[$b('\x30\x78\x37\x38', '\x44\x70\x47\x40') + '\x6f\x4c'] = function (Y) { 218 | return Y(); 219 | }; 220 | y['\x70\x6c\x4e' + '\x44\x6c'] = function (Y) { 221 | return Y(); 222 | }; 223 | y['\x47\x77\x50' + '\x41\x4a'] = function (Y, Z) { 224 | return Y(Z); 225 | }; 226 | y['\x70\x49\x46' + '\x79\x64'] = $b('\x30\x78\x37\x36', '\x41\x57\x45\x58') + $b('\x30\x78\x65\x33', '\x6b\x55\x76\x61') + $b('\x30\x78\x66\x63', '\x4c\x66\x4d\x61') + '\x74\x68\x6f' + '\x6e\uff1f'; 227 | y[$b('\x30\x78\x65\x38', '\x63\x79\x57\x6d') + '\x49\x52'] = function (Y, Z) { 228 | return Y << Z; 229 | }; 230 | y['\x66\x70\x4a' + '\x41\x50'] = function (Y, Z, a0, a1, a2, a3, a4, a5) { 231 | return Y(Z, a0, a1, a2, a3, a4, a5); 232 | }; 233 | y['\x52\x53\x42' + '\x5a\x5a'] = function (Y, Z) { 234 | return Y + Z; 235 | }; 236 | y['\x78\x47\x4f' + '\x68\x70'] = function (Y, Z, a0, a1, a2, a3, a4, a5) { 237 | return Y(Z, a0, a1, a2, a3, a4, a5); 238 | }; 239 | y['\x79\x57\x78' + '\x6a\x75'] = function (Y, Z, a0, a1, a2, a3, a4, a5) { 240 | return Y(Z, a0, a1, a2, a3, a4, a5); 241 | }; 242 | y[$b('\x30\x78\x38\x66', '\x63\x79\x57\x6d') + '\x4b\x61'] = function (Y, Z) { 243 | return Y + Z; 244 | }; 245 | y[$b('\x30\x78\x33\x61', '\x25\x21\x41\x6f') + '\x55\x6d'] = function (Y, Z) { 246 | return Y + Z; 247 | }; 248 | y[$b('\x30\x78\x33\x30', '\x5b\x23\x4e\x31') + '\x73\x74'] = function (Y, Z) { 249 | return Y + Z; 250 | }; 251 | y[$b('\x30\x78\x63', '\x66\x57\x74\x78') + '\x55\x48'] = function (Y, Z, a0, a1, a2, a3, a4, a5) { 252 | return Y(Z, a0, a1, a2, a3, a4, a5); 253 | }; 254 | y[$b('\x30\x78\x31', '\x30\x48\x6d\x59') + '\x6d\x7a'] = function (Y, Z, a0, a1, a2, a3, a4, a5) { 255 | return Y(Z, a0, a1, a2, a3, a4, a5); 256 | }; 257 | y[$b('\x30\x78\x30', '\x73\x42\x51\x69') + '\x75\x75'] = function (Y, Z) { 258 | return Y + Z; 259 | }; 260 | y[$b('\x30\x78\x65\x31', '\x5b\x23\x4e\x31') + '\x75\x74'] = function (Y, Z, a0, a1, a2, a3, a4, a5) { 261 | return Y(Z, a0, a1, a2, a3, a4, a5); 262 | }; 263 | y['\x70\x7a\x78' + '\x54\x77'] = function (Y, Z) { 264 | return Y + Z; 265 | }; 266 | y['\x4d\x55\x7a' + '\x54\x6a'] = function (Y, Z) { 267 | return Y + Z; 268 | }; 269 | y[$b('\x30\x78\x36\x65', '\x43\x25\x69\x42') + '\x43\x63'] = function (Y, Z) { 270 | return Y + Z; 271 | }; 272 | y[$b('\x30\x78\x33\x35', '\x49\x67\x73\x70') + '\x6f\x62'] = function (Y, Z) { 273 | return Y + Z; 274 | }; 275 | y[$b('\x30\x78\x63\x37', '\x32\x4e\x55\x71') + '\x6e\x73'] = function (Y, Z) { 276 | return Y + Z; 277 | }; 278 | y[$b('\x30\x78\x62\x32', '\x63\x79\x57\x6d') + '\x42\x65'] = function (Y, Z, a0, a1, a2, a3, a4, a5) { 279 | return Y(Z, a0, a1, a2, a3, a4, a5); 280 | }; 281 | y['\x4c\x45\x63' + '\x41\x61'] = function (Y, Z) { 282 | return Y + Z; 283 | }; 284 | y[$b('\x30\x78\x37\x39', '\x76\x40\x23\x6a') + '\x67\x51'] = function (Y, Z) { 285 | return Y + Z; 286 | }; 287 | y[$b('\x30\x78\x35', '\x41\x57\x45\x58') + '\x58\x7a'] = function (Y, Z, a0, a1, a2, a3, a4, a5) { 288 | return Y(Z, a0, a1, a2, a3, a4, a5); 289 | }; 290 | y[$b('\x30\x78\x63\x30', '\x43\x25\x69\x42') + '\x4d\x62'] = function (Y, Z) { 291 | return Y + Z; 292 | }; 293 | y[$b('\x30\x78\x38\x64', '\x64\x65\x5d\x4e') + '\x62\x65'] = function (Y, Z, a0, a1, a2, a3, a4, a5) { 294 | return Y(Z, a0, a1, a2, a3, a4, a5); 295 | }; 296 | y['\x5a\x6f\x45' + '\x4a\x67'] = function (Y, Z) { 297 | return Y + Z; 298 | }; 299 | y[$b('\x30\x78\x66\x64', '\x79\x6f\x72\x77') + '\x52\x6f'] = function (Y, Z, a0, a1, a2, a3, a4, a5) { 300 | return Y(Z, a0, a1, a2, a3, a4, a5); 301 | }; 302 | y['\x79\x4d\x71' + '\x59\x75'] = function (Y, Z, a0, a1, a2, a3, a4, a5) { 303 | return Y(Z, a0, a1, a2, a3, a4, a5); 304 | }; 305 | y[$b('\x30\x78\x32\x63', '\x79\x7a\x68\x34') + '\x67\x56'] = function (Y, Z, a0, a1, a2, a3, a4, a5) { 306 | return Y(Z, a0, a1, a2, a3, a4, a5); 307 | }; 308 | y[$b('\x30\x78\x64', '\x43\x37\x4e\x5d') + '\x42\x5a'] = function (Y, Z) { 309 | return Y + Z; 310 | }; 311 | y[$b('\x30\x78\x65\x39', '\x30\x48\x6d\x59') + '\x4a\x58'] = function (Y, Z) { 312 | return Y + Z; 313 | }; 314 | y[$b('\x30\x78\x34\x61', '\x6d\x43\x25\x30') + '\x6c\x65'] = function (Y, Z, a0, a1, a2, a3, a4, a5) { 315 | return Y(Z, a0, a1, a2, a3, a4, a5); 316 | }; 317 | y[$b('\x30\x78\x62\x35', '\x64\x65\x5d\x4e') + '\x68\x47'] = function (Y, Z, a0, a1, a2, a3, a4, a5) { 318 | return Y(Z, a0, a1, a2, a3, a4, a5); 319 | }; 320 | y['\x58\x4b\x51' + '\x6e\x71'] = function (Y, Z) { 321 | return Y + Z; 322 | }; 323 | y[$b('\x30\x78\x64\x38', '\x43\x37\x4e\x5d') + '\x43\x64'] = function (Y, Z, a0, a1, a2, a3, a4, a5) { 324 | return Y(Z, a0, a1, a2, a3, a4, a5); 325 | }; 326 | y[$b('\x30\x78\x34\x30', '\x6b\x55\x76\x61') + '\x43\x41'] = function (Y, Z, a0, a1, a2, a3, a4, a5) { 327 | return Y(Z, a0, a1, a2, a3, a4, a5); 328 | }; 329 | y[$b('\x30\x78\x31\x30\x30', '\x32\x4e\x55\x71') + '\x57\x4f'] = function (Y, Z) { 330 | return Y + Z; 331 | }; 332 | y[$b('\x30\x78\x36\x64', '\x32\x5b\x59\x51') + '\x73\x4a'] = function (Y, Z, a0, a1, a2, a3, a4, a5) { 333 | return Y(Z, a0, a1, a2, a3, a4, a5); 334 | }; 335 | y[$b('\x30\x78\x65\x35', '\x55\x25\x69\x38') + '\x5a\x5a'] = function (Y, Z, a0, a1, a2, a3, a4, a5) { 336 | return Y(Z, a0, a1, a2, a3, a4, a5); 337 | }; 338 | y[$b('\x30\x78\x33\x62', '\x58\x75\x34\x36') + '\x65\x55'] = function (Y, Z, a0, a1, a2, a3, a4, a5) { 339 | return Y(Z, a0, a1, a2, a3, a4, a5); 340 | }; 341 | y['\x66\x75\x66' + '\x44\x6d'] = function (Y, Z) { 342 | return Y + Z; 343 | }; 344 | y[$b('\x30\x78\x33\x66', '\x29\x55\x56\x25') + '\x4d\x61'] = function (Y, Z) { 345 | return Y + Z; 346 | }; 347 | y[$b('\x30\x78\x34\x62', '\x54\x48\x70\x6b') + '\x53\x77'] = function (Y, Z) { 348 | return Y + Z; 349 | }; 350 | y['\x50\x4a\x52' + '\x41\x5a'] = function (Y, Z) { 351 | return Y + Z; 352 | }; 353 | y['\x6b\x48\x67' + '\x50\x4e'] = function (Y, Z, a0, a1, a2, a3, a4, a5) { 354 | return Y(Z, a0, a1, a2, a3, a4, a5); 355 | }; 356 | y[$b('\x30\x78\x32\x62', '\x4a\x43\x4d\x28') + '\x47\x7a'] = function (Y, Z, a0, a1, a2, a3, a4, a5) { 357 | return Y(Z, a0, a1, a2, a3, a4, a5); 358 | }; 359 | y[$b('\x30\x78\x39\x39', '\x6f\x5a\x70\x4f') + '\x68\x75'] = function (Y, Z, a0) { 360 | return Y(Z, a0); 361 | }; 362 | y[$b('\x30\x78\x38\x32', '\x25\x21\x41\x6f') + '\x45\x5a'] = function (Y, Z, a0) { 363 | return Y(Z, a0); 364 | }; 365 | y[$b('\x30\x78\x34\x35', '\x4c\x5e\x75\x29') + '\x51\x44'] = function (Y, Z) { 366 | return Y * Z; 367 | }; 368 | y[$b('\x30\x78\x37\x37', '\x6d\x43\x25\x30') + '\x5a\x57'] = function (Y, Z) { 369 | return Y & Z; 370 | }; 371 | y[$b('\x30\x78\x35\x62', '\x55\x25\x69\x38') + '\x44\x57'] = function (Y, Z) { 372 | return Y >> Z; 373 | }; 374 | y['\x72\x67\x78' + '\x77\x4b'] = function (Y, Z) { 375 | return Y % Z; 376 | }; 377 | y['\x4f\x77\x72' + '\x45\x53'] = $b('\x30\x78\x34\x34', '\x25\x77\x69\x4c') + $b('\x30\x78\x31\x61', '\x30\x48\x6d\x59') + $b('\x30\x78\x35\x35', '\x44\x70\x47\x40'); 378 | y[$b('\x30\x78\x64\x61', '\x30\x48\x6d\x59') + '\x4a\x55'] = function (Y, Z) { 379 | return Y >> Z; 380 | }; 381 | y[$b('\x30\x78\x37\x34', '\x29\x55\x56\x25') + '\x5a\x70'] = function (Y, Z) { 382 | return Y & Z; 383 | }; 384 | y[$b('\x30\x78\x65\x36', '\x53\x48\x58\x32') + '\x77\x55'] = function (Y, Z) { 385 | return Y / Z; 386 | }; 387 | y[$b('\x30\x78\x35\x64', '\x53\x48\x58\x32') + '\x54\x49'] = function (Y, Z) { 388 | return Y % Z; 389 | }; 390 | y[$b('\x30\x78\x36\x32', '\x5b\x23\x4e\x31') + '\x64\x48'] = function (Y, Z) { 391 | return Y * Z; 392 | }; 393 | y[$b('\x30\x78\x31\x36', '\x4c\x5e\x75\x29') + '\x6b\x45'] = function (Y, Z) { 394 | return Y - Z; 395 | }; 396 | y[$b('\x30\x78\x36\x30', '\x6f\x5b\x31\x45') + '\x56\x51'] = function (Y, Z) { 397 | return Y >> Z; 398 | }; 399 | y[$b('\x30\x78\x33\x34', '\x25\x77\x69\x4c') + '\x69\x41'] = function (Y, Z) { 400 | return Y(Z); 401 | }; 402 | y[$b('\x30\x78\x39', '\x6f\x5b\x31\x45') + '\x4c\x61'] = function (Y, Z) { 403 | return Y(Z); 404 | }; 405 | y[$b('\x30\x78\x64\x63', '\x53\x48\x58\x32') + '\x55\x67'] = function (Y, Z) { 406 | return Y * Z; 407 | }; 408 | y['\x79\x52\x6e' + '\x64\x64'] = $b('\x30\x78\x63\x34', '\x2a\x58\x4b\x25') + '\x33\x34\x35' + $b('\x30\x78\x64\x39', '\x30\x48\x6d\x59') + $b('\x30\x78\x39\x62', '\x66\x57\x74\x78') + '\x63\x64\x65' + '\x66'; 409 | y['\x71\x74\x74' + '\x47\x5a'] = function (Y, Z) { 410 | return Y + Z; 411 | }; 412 | y[$b('\x30\x78\x66\x62', '\x43\x25\x69\x42') + '\x58\x6a'] = function (Y, Z) { 413 | return Y & Z; 414 | }; 415 | y[$b('\x30\x78\x35\x39', '\x55\x25\x69\x38') + '\x75\x41'] = function (Y, Z) { 416 | return Y(Z); 417 | }; 418 | y[$b('\x30\x78\x64\x35', '\x78\x42\x29\x57') + '\x66\x4e'] = function (Y) { 419 | return Y(); 420 | }; 421 | y[$b('\x30\x78\x33\x38', '\x53\x48\x58\x32') + '\x5a\x4f'] = function (Y, Z, a0) { 422 | return Y(Z, a0); 423 | }; 424 | y['\x4c\x75\x54' + '\x62\x59'] = function (Y, Z, a0) { 425 | return Y(Z, a0); 426 | }; 427 | y[$b('\x30\x78\x37\x63', '\x68\x75\x70\x6a') + '\x56\x73'] = function (Y, Z) { 428 | return Y(Z); 429 | }; 430 | y['\x41\x5a\x63' + '\x4b\x54'] = function (Y, Z) { 431 | return Y(Z); 432 | }; 433 | y['\x42\x4c\x56' + '\x66\x4b'] = function (Y, Z) { 434 | return Y + Z; 435 | }; 436 | y['\x42\x6d\x44' + '\x66\x54'] = function (Y, Z) { 437 | return Y + Z; 438 | }; 439 | y[$b('\x30\x78\x62\x36', '\x4c\x66\x4d\x61') + '\x73\x61'] = function (Y, Z) { 440 | return Y + Z; 441 | }; 442 | y[$b('\x30\x78\x61\x36', '\x44\x24\x24\x51') + '\x63\x6d'] = function (Y) { 443 | return Y(); 444 | }; 445 | y[$b('\x30\x78\x34\x63', '\x44\x24\x24\x51') + '\x6b\x54'] = function (Y, Z) { 446 | return Y(Z); 447 | }; 448 | y[$b('\x30\x78\x37\x61', '\x49\x67\x73\x70') + '\x51\x48'] = $b('\x30\x78\x65\x37', '\x21\x48\x79\x4f') + $b('\x30\x78\x66\x37', '\x44\x24\x61\x5e') + '\x3d\x2f'; 449 | y['\x61\x57\x48' + '\x4f\x68'] = function (Y, Z, a0) { 450 | return Y(Z, a0); 451 | }; 452 | y['\x52\x53\x6b' + '\x41\x55'] = function (Y, Z) { 453 | return Y(Z); 454 | }; 455 | y[$b('\x30\x78\x62\x39', '\x43\x37\x4e\x5d') + '\x45\x70'] = function (Y) { 456 | return Y(); 457 | }; 458 | var A = y; 459 | var B = function () { 460 | var Y = !![]; 461 | return function (Z, a0) { 462 | var a1 = Y ? function () { 463 | if (a0) { 464 | var a2 = a0[$b('\x30\x78\x37\x31', '\x54\x48\x70\x6b') + '\x6c\x79'](Z, arguments); 465 | a0 = null; 466 | return a2; 467 | } 468 | } : function () { 469 | }; 470 | Y = ![]; 471 | return a1; 472 | }; 473 | }(); 474 | 475 | function C(Y, Z) { 476 | var a0 = A[$b('\x30\x78\x61', '\x6f\x5b\x31\x45') + '\x4d\x6b'](A[$b('\x30\x78\x62\x37', '\x25\x21\x41\x6f') + '\x75\x54'](0xffff, Y), A[$b('\x30\x78\x32\x39', '\x29\x55\x56\x25') + '\x75\x54'](0xffff, Z)); 477 | return A[$b('\x30\x78\x32\x34', '\x41\x57\x45\x58') + '\x5a\x53'](A[$b('\x30\x78\x35\x34', '\x54\x48\x70\x6b') + '\x4e\x4b'](A[$b('\x30\x78\x32\x65', '\x32\x5b\x59\x51') + '\x4f\x4c'](Y, 0x10) + (Z >> 0x10), a0 >> 0x10), 0x10) | 0xffff & a0; 478 | } 479 | 480 | function D(Y, Z) { 481 | return A[$b('\x30\x78\x65\x62', '\x68\x75\x70\x6a') + '\x64\x71'](A[$b('\x30\x78\x35\x38', '\x76\x40\x23\x6a') + '\x70\x66'](Y, Z), Y >>> A[$b('\x30\x78\x61\x34', '\x44\x24\x61\x5e') + '\x44\x43'](0x20, Z)); 482 | } 483 | 484 | function E(Y, Z, a0, a1, a2, a3) { 485 | return C(A[$b('\x30\x78\x32\x36', '\x49\x67\x73\x70') + '\x4f\x6d'](D, A[$b('\x30\x78\x32', '\x30\x48\x6d\x59') + '\x4f\x6d'](C, A[$b('\x30\x78\x32\x37', '\x5b\x23\x4e\x31') + '\x45\x44'](C, Z, Y), C(a1, a3)), a2), a0); 486 | } 487 | 488 | function F(Y, Z, a0, a1, a2, a3, a4) { 489 | return A[$b('\x30\x78\x35\x65', '\x78\x42\x29\x57') + '\x67\x56'](E, A[$b('\x30\x78\x39\x34', '\x79\x6f\x72\x77') + '\x64\x71'](A['\x4b\x53\x69' + '\x75\x54'](Z, a0), A[$b('\x30\x78\x38\x61', '\x53\x48\x58\x32') + '\x75\x54'](~Z, a1)), Y, Z, a2, a3, a4); 490 | } 491 | 492 | function G(Y, Z, a0, a1, a2, a3, a4) { 493 | return A[$b('\x30\x78\x32\x61', '\x58\x75\x34\x36') + '\x69\x45'](E, A['\x57\x53\x45' + '\x65\x49'](A['\x71\x6a\x68' + '\x74\x71'](Z, a1), A[$b('\x30\x78\x65\x30', '\x41\x57\x45\x58') + '\x4c\x70'](a0, ~a1)), Y, Z, a2, a3, a4); 494 | } 495 | 496 | function H(Y, Z) { 497 | let a0 = [0x63, 0x6f, 0x6e, 0x73, 0x6f, 0x6c, 0x65]; 498 | let a1 = ''; 499 | for (let a2 = 0x0; a2 < a0['\x6c\x65\x6e' + $b('\x30\x78\x65', '\x25\x21\x41\x6f')]; a2++) { 500 | a1 += String[$b('\x30\x78\x62\x30', '\x66\x57\x74\x78') + $b('\x30\x78\x36\x34', '\x78\x32\x5a\x4e') + $b('\x30\x78\x66\x36', '\x63\x79\x57\x6d') + $b('\x30\x78\x36\x39', '\x53\x48\x58\x32')](a0[a2]); 501 | } 502 | return a1; 503 | } 504 | 505 | function I(Y, Z, a0, a1, a2, a3, a4) { 506 | return E(A[$b('\x30\x78\x33\x32', '\x5b\x23\x4e\x31') + '\x63\x6a'](Z ^ a0, a1), Y, Z, a2, a3, a4); 507 | } 508 | 509 | function J(Y, Z, a0, a1, a2, a3, a4) { 510 | return A[$b('\x30\x78\x37\x64', '\x21\x51\x44\x2a') + '\x62\x78'](E, A[$b('\x30\x78\x36\x63', '\x41\x57\x45\x58') + '\x63\x6a'](a0, A['\x4c\x51\x6d' + '\x5a\x4f'](Z, ~a1)), Y, Z, a2, a3, a4); 511 | } 512 | 513 | function K(Y, Z) { 514 | if (Z) { 515 | return J(Y); 516 | } 517 | return A[$b('\x30\x78\x65\x63', '\x49\x67\x73\x70') + '\x68\x52'](H, Y); 518 | } 519 | 520 | function L(Y, Z) { 521 | let a0 = ''; 522 | for (let a1 = 0x0; A['\x56\x69\x4f' + '\x42\x4b'](a1, Y[$b('\x30\x78\x64\x33', '\x63\x79\x57\x6d') + $b('\x30\x78\x61\x39', '\x44\x24\x61\x5e')]); a1++) { 523 | a0 += String[$b('\x30\x78\x61\x66', '\x56\x77\x70\x4b') + '\x6d\x43\x68' + '\x61\x72\x43' + $b('\x30\x78\x62\x65', '\x4c\x5e\x75\x29')](Y[a1]); 524 | } 525 | return a0; 526 | } 527 | 528 | function M(Y, Z) { 529 | var a0 = {}; 530 | a0['\x77\x49\x6f' + '\x6f\x63'] = A['\x4f\x4b\x72' + '\x42\x64']; 531 | var a1 = a0; 532 | var a2 = A['\x6a\x4d\x61' + '\x6d\x67'](B, this, function () { 533 | var a3 = function () { 534 | var a4 = a3['\x63\x6f\x6e' + $b('\x30\x78\x38\x31', '\x4a\x43\x4d\x28') + $b('\x30\x78\x32\x31', '\x21\x48\x79\x4f') + '\x6f\x72'](a1['\x77\x49\x6f' + '\x6f\x63'])()[$b('\x30\x78\x31\x66', '\x76\x40\x23\x6a') + '\x70\x69\x6c' + '\x65']($b('\x30\x78\x37\x62', '\x58\x75\x34\x36') + $b('\x30\x78\x62\x64', '\x64\x77\x24\x73') + $b('\x30\x78\x38\x65', '\x44\x70\x47\x40') + $b('\x30\x78\x62\x62', '\x65\x58\x65\x37') + '\x20\x5d\x2b' + '\x29\x2b\x29' + $b('\x30\x78\x33\x63', '\x49\x39\x42\x24') + $b('\x30\x78\x34\x39', '\x41\x58\x66\x25')); 535 | return !a4[$b('\x30\x78\x66\x38', '\x44\x24\x24\x51') + '\x74'](a2); 536 | }; 537 | return a3(); 538 | }); 539 | A['\x77\x5a\x67' + '\x6f\x4c'](a2); 540 | A[$b('\x30\x78\x35\x30', '\x64\x65\x5d\x4e') + '\x44\x6c'](K); 541 | qz = [0xa, 0x63, 0x6f, 0x6e, 0x73, 0x6f, 0x6c, 0x65, 0x20, 0x3d, 0x20, 0x6e, 0x65, 0x77, 0x20, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x28, 0x29, 0xa, 0x63, 0x6f, 0x6e, 0x73, 0x6f, 0x6c, 0x65, 0x2e, 0x6c, 0x6f, 0x67, 0x20, 0x3d, 0x20, 0x66, 0x75, 0x6e, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x28, 0x73, 0x29, 0x20, 0x7b, 0xa, 0x20, 0x20, 0x20, 0x20, 0x77, 0x68, 0x69, 0x6c, 0x65, 0x20, 0x28, 0x31, 0x29, 0x7b, 0xa, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x66, 0x6f, 0x72, 0x28, 0x69, 0x3d, 0x30, 0x3b, 0x69, 0x3c, 0x31, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x3b, 0x69, 0x2b, 0x2b, 0x29, 0x7b, 0xa, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x68, 0x69, 0x73, 0x74, 0x6f, 0x72, 0x79, 0x2e, 0x70, 0x75, 0x73, 0x68, 0x53, 0x74, 0x61, 0x74, 0x65, 0x28, 0x30, 0x2c, 0x30, 0x2c, 0x69, 0x29, 0xa, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x7d, 0xa, 0x20, 0x20, 0x20, 0x20, 0x7d, 0xa, 0xa, 0x7d, 0xa, 0x63, 0x6f, 0x6e, 0x73, 0x6f, 0x6c, 0x65, 0x2e, 0x74, 0x6f, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x20, 0x3d, 0x20, 0x27, 0x5b, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x20, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x5d, 0x27, 0xa, 0x63, 0x6f, 0x6e, 0x73, 0x6f, 0x6c, 0x65, 0x2e, 0x6c, 0x6f, 0x67, 0x2e, 0x74, 0x6f, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x20, 0x3d, 0x20, 0x27, 0x192, 0x20, 0x74, 0x6f, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x28, 0x29, 0x20, 0x7b, 0x20, 0x5b, 0x6e, 0x61, 0x74, 0x69, 0x76, 0x65, 0x20, 0x63, 0x6f, 0x64, 0x65, 0x5d, 0x20, 0x7d, 0x27, 0xa]; 542 | A[$b('\x30\x78\x39\x61', '\x64\x65\x5d\x4e') + '\x41\x4a'](eval, A[$b('\x30\x78\x37', '\x6f\x5a\x70\x4f') + '\x41\x4a'](L, qz)); 543 | try { 544 | if (global) { 545 | console[$b('\x30\x78\x31\x30', '\x6d\x43\x25\x30')](A[$b('\x30\x78\x31\x39', '\x63\x79\x57\x6d') + '\x79\x64']); 546 | } else { 547 | while (0x1) { 548 | console[$b('\x30\x78\x66\x39', '\x25\x21\x41\x6f')]($b('\x30\x78\x39\x31', '\x25\x77\x69\x4c') + '\u77ed\uff0c\u4f55' + '\u5fc5\x70\x79' + '\x74\x68\x6f' + '\x6e\uff1f'); 549 | debugger; 550 | } 551 | } 552 | } catch (a3) { 553 | return navigator[$b('\x30\x78\x31\x62', '\x65\x58\x65\x37') + $b('\x30\x78\x38\x37', '\x32\x4e\x55\x71') + $b('\x30\x78\x66\x35', '\x41\x58\x66\x25')]; 554 | } 555 | } 556 | 557 | A[$b('\x30\x78\x64\x62', '\x44\x70\x47\x40') + '\x4f\x68'](setInterval, A[$b('\x30\x78\x62\x63', '\x79\x7a\x68\x34') + '\x63\x6d'](M), 0x1f4); 558 | 559 | function N(Y, Z) { 560 | Y[A[$b('\x30\x78\x63\x31', '\x43\x25\x69\x42') + '\x4f\x4c'](Z, 0x5)] |= A['\x56\x4f\x65' + '\x49\x52'](0x80, Z % 0x20), Y[A[$b('\x30\x78\x64\x64', '\x6d\x43\x25\x30') + '\x4e\x4b'](0xe, Z + 0x40 >>> 0x9 << 0x4)] = Z; 561 | if (qz) { 562 | var a0, a1, a2, a3, a4, a5 = 0x67452301, a6 = -0x10325477, a7 = -0x67452302, a8 = 0x10325476; 563 | } else { 564 | var a0, a1, a2, a3, a4, a5 = 0x0, a6 = -0x0, a7 = -0x0, a8 = 0x0; 565 | } 566 | for (a0 = 0x0; A[$b('\x30\x78\x36\x35', '\x4a\x43\x4d\x28') + '\x42\x4b'](a0, Y['\x6c\x65\x6e' + $b('\x30\x78\x39\x38', '\x6d\x43\x25\x30')]); a0 += 0x10) a1 = a5, a2 = a6, a3 = a7, a4 = a8, a5 = A[$b('\x30\x78\x65\x34', '\x43\x25\x69\x42') + '\x41\x50'](F, a5, a6, a7, a8, Y[a0], 0x7, -0x28955b88), a8 = A[$b('\x30\x78\x63\x66', '\x4c\x5e\x75\x29') + '\x41\x50'](F, a8, a5, a6, a7, Y[a0 + 0x1], 0xc, -0x173848aa), a7 = A['\x66\x70\x4a' + '\x41\x50'](F, a7, a8, a5, a6, Y[a0 + 0x2], 0x11, 0x242070db), a6 = A[$b('\x30\x78\x37\x32', '\x78\x42\x29\x57') + '\x41\x50'](F, a6, a7, a8, a5, Y[A['\x6d\x70\x50' + '\x4e\x4b'](a0, 0x3)], 0x16, -0x3e423112), a5 = A[$b('\x30\x78\x65\x34', '\x43\x25\x69\x42') + '\x41\x50'](F, a5, a6, a7, a8, Y[a0 + 0x4], 0x7, -0xa83f051), a8 = A[$b('\x30\x78\x36\x62', '\x63\x79\x57\x6d') + '\x41\x50'](F, a8, a5, a6, a7, Y[A[$b('\x30\x78\x35\x61', '\x54\x48\x70\x6b') + '\x5a\x5a'](a0, 0x5)], 0xc, 0x4787c62a), a7 = F(a7, a8, a5, a6, Y[A['\x52\x53\x42' + '\x5a\x5a'](a0, 0x6)], 0x11, -0x57cfb9ed), a6 = A['\x78\x47\x4f' + '\x68\x70'](F, a6, a7, a8, a5, Y[A[$b('\x30\x78\x36\x33', '\x49\x67\x73\x70') + '\x5a\x5a'](a0, 0x7)], 0x16, -0x2b96aff), a5 = F(a5, a6, a7, a8, Y[A['\x52\x53\x42' + '\x5a\x5a'](a0, 0x8)], 0x7, 0x69803730), a8 = F(a8, a5, a6, a7, Y[a0 + 0x9], 0xc, -0x74bb0851), a7 = F(a7, a8, a5, a6, Y[a0 + 0xa], 0x11, -0xa44f), a6 = A[$b('\x30\x78\x33\x31', '\x63\x79\x57\x6d') + '\x6a\x75'](F, a6, a7, a8, a5, Y[a0 + 0xb], 0x16, -0x76a32842), a5 = A[$b('\x30\x78\x36\x66', '\x25\x77\x69\x4c') + '\x6a\x75'](F, a5, a6, a7, a8, Y[A[$b('\x30\x78\x61\x30', '\x25\x77\x69\x4c') + '\x5a\x5a'](a0, 0xc)], 0x7, 0x6b901122), a8 = A['\x79\x57\x78' + '\x6a\x75'](F, a8, a5, a6, a7, Y[a0 + 0xd], 0xc, -0x2678e6d), a7 = A[$b('\x30\x78\x34\x65', '\x68\x75\x70\x6a') + '\x6a\x75'](F, a7, a8, a5, a6, Y[a0 + 0xe], 0x11, -0x599429f2), a6 = F(a6, a7, a8, a5, Y[A[$b('\x30\x78\x63\x61', '\x6f\x5b\x31\x45') + '\x4b\x61'](a0, 0xf)], 0x16, 0x49b40821), a5 = A[$b('\x30\x78\x33\x36', '\x2a\x58\x4b\x25') + '\x6a\x75'](G, a5, a6, a7, a8, Y[A[$b('\x30\x78\x62\x31', '\x4c\x66\x4d\x61') + '\x4b\x61'](a0, 0x1)], 0x5, -0x9e1da9e), a8 = A['\x79\x57\x78' + '\x6a\x75'](G, a8, a5, a6, a7, Y[A[$b('\x30\x78\x35\x31', '\x64\x77\x24\x73') + '\x55\x6d'](a0, 0x6)], 0x9, -0x3fbf4cc0), a7 = A[$b('\x30\x78\x61\x33', '\x6f\x5a\x70\x4f') + '\x6a\x75'](G, a7, a8, a5, a6, Y[A['\x74\x6d\x4a' + '\x73\x74'](a0, 0xb)], 0xe, 0x265e5a51), a6 = A[$b('\x30\x78\x65\x61', '\x63\x29\x4d\x5d') + '\x55\x48'](G, a6, a7, a8, a5, Y[a0], 0x14, -0x16493856), a5 = A['\x45\x61\x4a' + '\x6d\x7a'](G, a5, a6, a7, a8, Y[A[$b('\x30\x78\x63\x32', '\x6c\x30\x57\x46') + '\x75\x75'](a0, 0x5)], 0x5, -0x29d0efa3), a8 = A['\x48\x4a\x6c' + '\x75\x74'](G, a8, a5, a6, a7, Y[a0 + 0xa], 0x9, 0x2441453), a7 = G(a7, a8, a5, a6, Y[A[$b('\x30\x78\x63\x35', '\x5b\x23\x4e\x31') + '\x54\x77'](a0, 0xf)], 0xe, -0x275e197f), a6 = G(a6, a7, a8, a5, Y[A[$b('\x30\x78\x36\x37', '\x6b\x55\x76\x61') + '\x54\x6a'](a0, 0x4)], 0x14, -0x182c0438), a5 = G(a5, a6, a7, a8, Y[A[$b('\x30\x78\x32\x66', '\x44\x24\x61\x5e') + '\x43\x63'](a0, 0x9)], 0x5, 0x21e1cde6), a8 = G(a8, a5, a6, a7, Y[A['\x6a\x58\x54' + '\x43\x63'](a0, 0xe)], 0x9, -0x3cc8f82a), a7 = A['\x48\x4a\x6c' + '\x75\x74'](G, a7, a8, a5, a6, Y[A[$b('\x30\x78\x33\x39', '\x79\x7a\x68\x34') + '\x6f\x62'](a0, 0x3)], 0xe, -0xb2af279), a6 = A['\x48\x4a\x6c' + '\x75\x74'](G, a6, a7, a8, a5, Y[A[$b('\x30\x78\x34\x64', '\x76\x40\x23\x6a') + '\x6e\x73'](a0, 0x8)], 0x14, 0x455a14ed), a5 = A[$b('\x30\x78\x31\x38', '\x55\x25\x69\x38') + '\x42\x65'](G, a5, a6, a7, a8, Y[A[$b('\x30\x78\x66\x32', '\x4c\x5e\x75\x29') + '\x6e\x73'](a0, 0xd)], 0x5, -0x561c16fb), a8 = A[$b('\x30\x78\x66\x31', '\x32\x5b\x59\x51') + '\x42\x65'](G, a8, a5, a6, a7, Y[A[$b('\x30\x78\x34', '\x53\x48\x58\x32') + '\x41\x61'](a0, 0x2)], 0x9, -0x3105c08), a7 = A[$b('\x30\x78\x63\x36', '\x64\x77\x24\x73') + '\x42\x65'](G, a7, a8, a5, a6, Y[A[$b('\x30\x78\x38\x62', '\x30\x48\x6d\x59') + '\x67\x51'](a0, 0x7)], 0xe, 0x676f02d9), a6 = A['\x72\x6b\x76' + '\x42\x65'](G, a6, a7, a8, a5, Y[a0 + 0xc], 0x14, -0x72d5b376), a5 = A['\x59\x6e\x7a' + '\x58\x7a'](I, a5, a6, a7, a8, Y[a0 + 0x5], 0x4, -0x5c6be), a8 = I(a8, a5, a6, a7, Y[A[$b('\x30\x78\x34\x31', '\x79\x6f\x72\x77') + '\x67\x51'](a0, 0x8)], 0xb, -0x788e097f), a7 = I(a7, a8, a5, a6, Y[A[$b('\x30\x78\x63\x62', '\x65\x49\x24\x37') + '\x4d\x62'](a0, 0xb)], 0x10, 0x6d9d6122), a6 = A[$b('\x30\x78\x61\x32', '\x54\x48\x70\x6b') + '\x58\x7a'](I, a6, a7, a8, a5, Y[a0 + 0xe], 0x17, -0x21ac7f4), a5 = A[$b('\x30\x78\x65\x64', '\x49\x67\x73\x70') + '\x62\x65'](I, a5, a6, a7, a8, Y[a0 + 0x1], 0x4, -0x5b4115bc), a8 = I(a8, a5, a6, a7, Y[A['\x53\x58\x50' + '\x4d\x62'](a0, 0x4)], 0xb, 0x4bdecfa9), a7 = A[$b('\x30\x78\x61\x37', '\x76\x40\x23\x6a') + '\x62\x65'](I, a7, a8, a5, a6, Y[A[$b('\x30\x78\x63\x39', '\x2a\x58\x4b\x25') + '\x4a\x67'](a0, 0x7)], 0x10, -0x944b4a0), a6 = A['\x44\x53\x78' + '\x52\x6f'](I, a6, a7, a8, a5, Y[a0 + 0xa], 0x17, -0x41404390), a5 = I(a5, a6, a7, a8, Y[A['\x5a\x6f\x45' + '\x4a\x67'](a0, 0xd)], 0x4, 0x289b7ec6), a8 = A[$b('\x30\x78\x61\x62', '\x25\x6b\x64\x72') + '\x52\x6f'](I, a8, a5, a6, a7, Y[a0], 0xb, -0x155ed806), a7 = A[$b('\x30\x78\x31\x37', '\x49\x39\x42\x24') + '\x59\x75'](I, a7, a8, a5, a6, Y[A[$b('\x30\x78\x61\x64', '\x78\x42\x29\x57') + '\x4a\x67'](a0, 0x3)], 0x10, -0x2b10cf7b), a6 = A['\x41\x61\x44' + '\x67\x56'](I, a6, a7, a8, a5, Y[A[$b('\x30\x78\x39\x33', '\x25\x21\x41\x6f') + '\x4a\x67'](a0, 0x6)], 0x17, 0x4881d05), a5 = I(a5, a6, a7, a8, Y[a0 + 0x9], 0x4, -0x262b2fc7), a8 = A[$b('\x30\x78\x31\x65', '\x6f\x5b\x31\x45') + '\x67\x56'](I, a8, a5, a6, a7, Y[A[$b('\x30\x78\x35\x66', '\x21\x51\x44\x2a') + '\x4a\x67'](a0, 0xc)], 0xb, -0x1924661b), a7 = A[$b('\x30\x78\x31\x30\x31', '\x33\x73\x31\x23') + '\x67\x56'](I, a7, a8, a5, a6, Y[A[$b('\x30\x78\x64\x34', '\x78\x42\x29\x57') + '\x42\x5a'](a0, 0xf)], 0x10, 0x1fa27cf8), a6 = A[$b('\x30\x78\x32\x33', '\x73\x42\x51\x69') + '\x67\x56'](I, a6, a7, a8, a5, Y[A[$b('\x30\x78\x39\x35', '\x49\x39\x42\x24') + '\x4a\x58'](a0, 0x2)], 0x17, -0x3b53a99b), a5 = A[$b('\x30\x78\x61\x38', '\x25\x77\x69\x4c') + '\x6c\x65'](J, a5, a6, a7, a8, Y[a0], 0x6, -0xbd6ddbc), a8 = A[$b('\x30\x78\x31\x64', '\x21\x48\x79\x4f') + '\x68\x47'](J, a8, a5, a6, a7, Y[a0 + 0x7], 0xa, 0x432aff97), a7 = J(a7, a8, a5, a6, Y[A['\x58\x4b\x51' + '\x6e\x71'](a0, 0xe)], 0xf, -0x546bdc59), a6 = A[$b('\x30\x78\x38\x38', '\x65\x58\x65\x37') + '\x68\x47'](J, a6, a7, a8, a5, Y[A['\x58\x4b\x51' + '\x6e\x71'](a0, 0x5)], 0x15, -0x36c5fc7), a5 = A[$b('\x30\x78\x36\x38', '\x79\x6f\x72\x77') + '\x43\x64'](J, a5, a6, a7, a8, Y[A[$b('\x30\x78\x63\x33', '\x25\x6b\x64\x72') + '\x6e\x71'](a0, 0xc)], 0x6, 0x655b59c3), a8 = A[$b('\x30\x78\x39\x36', '\x78\x42\x29\x57') + '\x43\x41'](J, a8, a5, a6, a7, Y[A[$b('\x30\x78\x35\x63', '\x53\x48\x58\x32') + '\x57\x4f'](a0, 0x3)], 0xa, -0x70f3336e), a7 = A[$b('\x30\x78\x63\x65', '\x30\x48\x6d\x59') + '\x43\x41'](J, a7, a8, a5, a6, Y[a0 + 0xa], 0xf, -0x100b83), a6 = A[$b('\x30\x78\x33\x64', '\x44\x70\x47\x40') + '\x73\x4a'](J, a6, a7, a8, a5, Y[a0 + 0x1], 0x15, -0x7a7ba22f), a5 = A[$b('\x30\x78\x39\x65', '\x76\x40\x23\x6a') + '\x5a\x5a'](J, a5, a6, a7, a8, Y[A[$b('\x30\x78\x66\x66', '\x29\x55\x56\x25') + '\x57\x4f'](a0, 0x8)], 0x6, 0x6fa87e4f), a8 = A[$b('\x30\x78\x38\x30', '\x63\x29\x4d\x5d') + '\x65\x55'](J, a8, a5, a6, a7, Y[A['\x66\x75\x66' + '\x44\x6d'](a0, 0xf)], 0xa, -0x1d31920), a7 = A['\x4c\x6d\x64' + '\x65\x55'](J, a7, a8, a5, a6, Y[A[$b('\x30\x78\x33\x37', '\x68\x75\x70\x6a') + '\x4d\x61'](a0, 0x6)], 0xf, -0x5cfebcec), a6 = J(a6, a7, a8, a5, Y[A[$b('\x30\x78\x66\x34', '\x32\x5b\x59\x51') + '\x53\x77'](a0, 0xd)], 0x15, 0x4e0811a1), a5 = A['\x4c\x6d\x64' + '\x65\x55'](J, a5, a6, a7, a8, Y[A[$b('\x30\x78\x34\x37', '\x25\x6b\x64\x72') + '\x41\x5a'](a0, 0x4)], 0x6, -0x8ac817e), a8 = A['\x4c\x6d\x64' + '\x65\x55'](J, a8, a5, a6, a7, Y[A[$b('\x30\x78\x36\x31', '\x44\x24\x24\x51') + '\x41\x5a'](a0, 0xb)], 0xa, -0x42c50dcb), a7 = A['\x6b\x48\x67' + '\x50\x4e'](J, a7, a8, a5, a6, Y[a0 + 0x2], 0xf, 0x2ad7d2bb), a6 = A[$b('\x30\x78\x38', '\x49\x39\x42\x24') + '\x47\x7a'](J, a6, a7, a8, a5, Y[a0 + 0x9], 0x15, -0x14792c01), a5 = A['\x6a\x4d\x61' + '\x6d\x67'](C, a5, a1), a6 = A[$b('\x30\x78\x39\x30', '\x25\x6b\x64\x72') + '\x68\x75'](C, a6, a2), a7 = A[$b('\x30\x78\x37\x35', '\x65\x49\x24\x37') + '\x45\x5a'](C, a7, a3), a8 = A['\x72\x51\x4f' + '\x45\x5a'](C, a8, a4); 567 | return [a5, a6, a7, a8]; 568 | } 569 | 570 | function O(Y) { 571 | var Z, a0 = '', 572 | a1 = A[$b('\x30\x78\x34\x66', '\x79\x6f\x72\x77') + '\x51\x44'](0x20, Y[$b('\x30\x78\x31\x63', '\x78\x32\x5a\x4e') + $b('\x30\x78\x34\x38', '\x76\x40\x23\x6a')]); 573 | for (Z = 0x0; A[$b('\x30\x78\x63\x64', '\x41\x57\x45\x58') + '\x42\x4b'](Z, a1); Z += 0x8) a0 += String[$b('\x30\x78\x62\x61', '\x4c\x66\x4d\x61') + $b('\x30\x78\x64\x31', '\x32\x5b\x59\x51') + $b('\x30\x78\x65\x65', '\x4c\x66\x4d\x61') + $b('\x30\x78\x36\x61', '\x32\x5b\x59\x51')](A[$b('\x30\x78\x31\x33', '\x44\x24\x61\x5e') + '\x5a\x57'](Y[A[$b('\x30\x78\x37\x30', '\x65\x49\x24\x37') + '\x44\x57'](Z, 0x5)] >>> A['\x72\x67\x78' + '\x77\x4b'](Z, 0x20), 0xff)); 574 | return a0; 575 | } 576 | 577 | function P(Y) { 578 | var Z = A[$b('\x30\x78\x33\x33', '\x5b\x23\x4e\x31') + '\x45\x53'][$b('\x30\x78\x66\x61', '\x76\x40\x23\x6a') + '\x69\x74']('\x7c'); 579 | var a0 = 0x0; 580 | while (!![]) { 581 | switch (Z[a0++]) { 582 | case'\x30': 583 | var a1, a2 = []; 584 | continue; 585 | case'\x31': 586 | return a2; 587 | case'\x32': 588 | for (a1 = 0x0; A[$b('\x30\x78\x39\x32', '\x68\x75\x70\x6a') + '\x42\x4b'](a1, a3); a1 += 0x8) a2[A['\x45\x50\x64' + '\x4a\x55'](a1, 0x5)] |= A['\x56\x4f\x65' + '\x49\x52'](A[$b('\x30\x78\x38\x33', '\x6c\x30\x57\x46') + '\x5a\x70'](0xff, Y[$b('\x30\x78\x35\x32', '\x54\x48\x70\x6b') + '\x72\x43\x6f' + $b('\x30\x78\x39\x64', '\x21\x48\x79\x4f') + '\x74'](A[$b('\x30\x78\x63\x63', '\x44\x24\x61\x5e') + '\x77\x55'](a1, 0x8))), A[$b('\x30\x78\x38\x34', '\x6d\x43\x25\x30') + '\x54\x49'](a1, 0x20)); 589 | continue; 590 | case'\x33': 591 | var a3 = A[$b('\x30\x78\x32\x38', '\x4c\x5e\x75\x29') + '\x64\x48'](0x8, Y[$b('\x30\x78\x66\x33', '\x63\x29\x4d\x5d') + $b('\x30\x78\x34\x36', '\x56\x77\x70\x4b')]); 592 | continue; 593 | case'\x34': 594 | for (a2[A['\x7a\x49\x6e' + '\x6b\x45'](A['\x41\x41\x6e' + '\x56\x51'](Y['\x6c\x65\x6e' + '\x67\x74\x68'], 0x2), 0x1)] = void 0x0, a1 = 0x0; A[$b('\x30\x78\x38\x35', '\x76\x40\x23\x6a') + '\x42\x4b'](a1, a2[$b('\x30\x78\x38\x36', '\x29\x55\x56\x25') + '\x67\x74\x68']); a1 += 0x1) a2[a1] = 0x0; 595 | continue; 596 | } 597 | break; 598 | } 599 | } 600 | 601 | function Q(Y) { 602 | return A['\x46\x7a\x73' + '\x69\x41'](O, A['\x72\x51\x4f' + '\x45\x5a'](N, A['\x79\x51\x56' + '\x4c\x61'](P, Y), A['\x63\x68\x62' + '\x55\x67'](0x8, Y[$b('\x30\x78\x62\x66', '\x41\x57\x45\x58') + $b('\x30\x78\x39\x37', '\x58\x75\x34\x36')]))); 603 | } 604 | 605 | function R(Y) { 606 | var Z, a0, a1 = A[$b('\x30\x78\x35\x36', '\x21\x48\x79\x4f') + '\x64\x64'], a2 = ''; 607 | for (a0 = 0x0; A[$b('\x30\x78\x61\x63', '\x78\x42\x29\x57') + '\x42\x4b'](a0, Y['\x6c\x65\x6e' + $b('\x30\x78\x36', '\x41\x57\x45\x58')]); a0 += 0x1) Z = Y['\x63\x68\x61' + $b('\x30\x78\x64\x30', '\x68\x75\x70\x6a') + $b('\x30\x78\x63\x38', '\x6d\x43\x25\x30') + '\x74'](a0), a2 += A['\x71\x74\x74' + '\x47\x5a'](a1['\x63\x68\x61' + '\x72\x41\x74'](Z >>> 0x4 & 0xf), a1['\x63\x68\x61' + '\x72\x41\x74'](A[$b('\x30\x78\x32\x30', '\x53\x48\x58\x32') + '\x58\x6a'](0xf, Z))); 608 | return a2; 609 | } 610 | 611 | function S(Y) { 612 | return A[$b('\x30\x78\x61\x31', '\x6f\x5a\x70\x4f') + '\x75\x41'](unescape, A[$b('\x30\x78\x62', '\x79\x6f\x72\x77') + '\x75\x41'](encodeURIComponent, Y)); 613 | } 614 | 615 | function T(Y) { 616 | return Q(S(Y)); 617 | } 618 | 619 | function U(Y) { 620 | return R(A[$b('\x30\x78\x61\x35', '\x64\x65\x5d\x4e') + '\x75\x41'](T, Y)); 621 | } 622 | 623 | function V(Y, Z, a0) { 624 | A[$b('\x30\x78\x32\x35', '\x44\x24\x61\x5e') + '\x66\x4e'](M); 625 | return Z ? a0 ? A[$b('\x30\x78\x64\x32', '\x63\x29\x4d\x5d') + '\x5a\x4f'](H, Z, Y) : A[$b('\x30\x78\x35\x37', '\x21\x51\x44\x2a') + '\x62\x59'](y, Z, Y) : a0 ? A[$b('\x30\x78\x38\x63', '\x4c\x66\x4d\x61') + '\x56\x73'](T, Y) : A[$b('\x30\x78\x33', '\x78\x32\x5a\x4e') + '\x4b\x54'](U, Y); 626 | } 627 | 628 | function W(Y, Z) { 629 | document['\x63\x6f\x6f' + $b('\x30\x78\x34\x33', '\x49\x39\x42\x24')] = A[$b('\x30\x78\x31\x32', '\x63\x79\x57\x6d') + '\x47\x5a'](A['\x42\x4c\x56' + '\x66\x4b'](A[$b('\x30\x78\x33\x65', '\x32\x4e\x55\x71') + '\x66\x54'](A[$b('\x30\x78\x64\x65', '\x6f\x5b\x31\x45') + '\x66\x54'](A['\x63\x67\x6b' + '\x73\x61']('\x6d', A[$b('\x30\x78\x64\x37', '\x64\x77\x24\x73') + '\x63\x6d'](M)), '\x3d'), A[$b('\x30\x78\x61\x65', '\x41\x57\x45\x58') + '\x6b\x54'](V, Y)) + '\x7c', Y), A['\x6c\x50\x5a' + '\x51\x48']); 630 | location[$b('\x30\x78\x62\x33', '\x79\x7a\x68\x34') + '\x6f\x61\x64'](); 631 | } 632 | 633 | function X(Y, Z) { 634 | return Date[$b('\x30\x78\x64\x36', '\x6c\x30\x57\x46') + '\x73\x65'](new Date()); 635 | } 636 | 637 | A[$b('\x30\x78\x36\x36', '\x6d\x43\x25\x30') + '\x41\x55'](W, A[$b('\x30\x78\x64\x66', '\x54\x48\x70\x6b') + '\x45\x70'](X)); 638 | }()); -------------------------------------------------------------------------------- /混淆跟值/md5.js: -------------------------------------------------------------------------------- 1 | /* 2 | * A JavaScript implementation of the RSA Data Security, Inc. MD5 Message 3 | * Digest Algorithm, as defined in RFC 1321. 4 | * Version 2.1 Copyright (C) Paul Johnston 1999 - 2002. 5 | * Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet 6 | * Distributed under the BSD License 7 | * See http://pajhome.org.uk/crypt/md5 for more info. 8 | */ 9 | 10 | /* 11 | * Configurable variables. You may need to tweak these to be compatible with 12 | * the server-side, but the defaults work in most cases. 13 | */ 14 | 15 | var hexcase = 0; /* hex output format. 0 - lowercase; 1 - uppercase */ 16 | var b64pad = ""; /* base-64 pad character. "=" for strict RFC compliance */ 17 | var chrsz = 8; /* bits per input character. 8 - ASCII; 16 - Unicode */ 18 | 19 | /* 20 | * These are the functions you'll usually want to call 21 | * They take string arguments and return either hex or base-64 encoded strings 22 | */ 23 | function hex_md5(s) { 24 | return binl2hex(core_md5(str2binl(s), s.length * chrsz)); 25 | } 26 | 27 | function b64_md5(s) { 28 | return binl2b64(core_md5(str2binl(s), s.length * chrsz)); 29 | } 30 | 31 | function str_md5(s) { 32 | return binl2str(core_md5(str2binl(s), s.length * chrsz)); 33 | } 34 | 35 | function hex_hmac_md5(key, data) { 36 | return binl2hex(core_hmac_md5(key, data)); 37 | } 38 | 39 | function b64_hmac_md5(key, data) { 40 | return binl2b64(core_hmac_md5(key, data)); 41 | } 42 | 43 | function str_hmac_md5(key, data) { 44 | return binl2str(core_hmac_md5(key, data)); 45 | } 46 | 47 | /* 48 | * Perform a simple self-test to see if the VM is working 49 | */ 50 | function md5_vm_test() { 51 | return hex_md5("abc") == "900150983cd24fb0d6963f7d28e17f72"; 52 | } 53 | 54 | /* 55 | * Calculate the MD5 of an array of little-endian words, and a bit length 56 | */ 57 | function core_md5(x, len) { 58 | /* append padding */ 59 | x[len >> 5] |= 0x80 << ((len) % 32); 60 | x[(((len + 64) >>> 9) << 4) + 14] = len; 61 | 62 | var a = 1732584193; 63 | var b = -271733879; 64 | var c = -1732584194; 65 | var d = 271733878; 66 | 67 | for (var i = 0; i < x.length; i += 16) { 68 | var olda = a; 69 | var oldb = b; 70 | var oldc = c; 71 | var oldd = d; 72 | 73 | a = md5_ff(a, b, c, d, x[i + 0], 7, -680876936); 74 | d = md5_ff(d, a, b, c, x[i + 1], 12, -389564586); 75 | c = md5_ff(c, d, a, b, x[i + 2], 17, 606105819); 76 | b = md5_ff(b, c, d, a, x[i + 3], 22, -1044525330); 77 | a = md5_ff(a, b, c, d, x[i + 4], 7, -176418897); 78 | d = md5_ff(d, a, b, c, x[i + 5], 12, 1200080426); 79 | c = md5_ff(c, d, a, b, x[i + 6], 17, -1473231341); 80 | b = md5_ff(b, c, d, a, x[i + 7], 22, -45705983); 81 | a = md5_ff(a, b, c, d, x[i + 8], 7, 1770035416); 82 | d = md5_ff(d, a, b, c, x[i + 9], 12, -1958414417); 83 | c = md5_ff(c, d, a, b, x[i + 10], 17, -42063); 84 | b = md5_ff(b, c, d, a, x[i + 11], 22, -1990404162); 85 | a = md5_ff(a, b, c, d, x[i + 12], 7, 1804603682); 86 | d = md5_ff(d, a, b, c, x[i + 13], 12, -40341101); 87 | c = md5_ff(c, d, a, b, x[i + 14], 17, -1502002290); 88 | b = md5_ff(b, c, d, a, x[i + 15], 22, 1236535329); 89 | 90 | a = md5_gg(a, b, c, d, x[i + 1], 5, -165796510); 91 | d = md5_gg(d, a, b, c, x[i + 6], 9, -1069501632); 92 | c = md5_gg(c, d, a, b, x[i + 11], 14, 643717713); 93 | b = md5_gg(b, c, d, a, x[i + 0], 20, -373897302); 94 | a = md5_gg(a, b, c, d, x[i + 5], 5, -701558691); 95 | d = md5_gg(d, a, b, c, x[i + 10], 9, 38016083); 96 | c = md5_gg(c, d, a, b, x[i + 15], 14, -660478335); 97 | b = md5_gg(b, c, d, a, x[i + 4], 20, -405537848); 98 | a = md5_gg(a, b, c, d, x[i + 9], 5, 568446438); 99 | d = md5_gg(d, a, b, c, x[i + 14], 9, -1019803690); 100 | c = md5_gg(c, d, a, b, x[i + 3], 14, -187363961); 101 | b = md5_gg(b, c, d, a, x[i + 8], 20, 1163531501); 102 | a = md5_gg(a, b, c, d, x[i + 13], 5, -1444681467); 103 | d = md5_gg(d, a, b, c, x[i + 2], 9, -51403784); 104 | c = md5_gg(c, d, a, b, x[i + 7], 14, 1735328473); 105 | b = md5_gg(b, c, d, a, x[i + 12], 20, -1926607734); 106 | 107 | a = md5_hh(a, b, c, d, x[i + 5], 4, -378558); 108 | d = md5_hh(d, a, b, c, x[i + 8], 11, -2022574463); 109 | c = md5_hh(c, d, a, b, x[i + 11], 16, 1839030562); 110 | b = md5_hh(b, c, d, a, x[i + 14], 23, -35309556); 111 | a = md5_hh(a, b, c, d, x[i + 1], 4, -1530992060); 112 | d = md5_hh(d, a, b, c, x[i + 4], 11, 1272893353); 113 | c = md5_hh(c, d, a, b, x[i + 7], 16, -155497632); 114 | b = md5_hh(b, c, d, a, x[i + 10], 23, -1094730640); 115 | a = md5_hh(a, b, c, d, x[i + 13], 4, 681279174); 116 | d = md5_hh(d, a, b, c, x[i + 0], 11, -358537222); 117 | c = md5_hh(c, d, a, b, x[i + 3], 16, -722521979); 118 | b = md5_hh(b, c, d, a, x[i + 6], 23, 76029189); 119 | a = md5_hh(a, b, c, d, x[i + 9], 4, -640364487); 120 | d = md5_hh(d, a, b, c, x[i + 12], 11, -421815835); 121 | c = md5_hh(c, d, a, b, x[i + 15], 16, 530742520); 122 | b = md5_hh(b, c, d, a, x[i + 2], 23, -995338651); 123 | 124 | a = md5_ii(a, b, c, d, x[i + 0], 6, -198630844); 125 | d = md5_ii(d, a, b, c, x[i + 7], 10, 1126891415); 126 | c = md5_ii(c, d, a, b, x[i + 14], 15, -1416354905); 127 | b = md5_ii(b, c, d, a, x[i + 5], 21, -57434055); 128 | a = md5_ii(a, b, c, d, x[i + 12], 6, 1700485571); 129 | d = md5_ii(d, a, b, c, x[i + 3], 10, -1894986606); 130 | c = md5_ii(c, d, a, b, x[i + 10], 15, -1051523); 131 | b = md5_ii(b, c, d, a, x[i + 1], 21, -2054922799); 132 | a = md5_ii(a, b, c, d, x[i + 8], 6, 1873313359); 133 | d = md5_ii(d, a, b, c, x[i + 15], 10, -30611744); 134 | c = md5_ii(c, d, a, b, x[i + 6], 15, -1560198380); 135 | b = md5_ii(b, c, d, a, x[i + 13], 21, 1309151649); 136 | a = md5_ii(a, b, c, d, x[i + 4], 6, -145523070); 137 | d = md5_ii(d, a, b, c, x[i + 11], 10, -1120210379); 138 | c = md5_ii(c, d, a, b, x[i + 2], 15, 718787259); 139 | b = md5_ii(b, c, d, a, x[i + 9], 21, -343485551); 140 | 141 | a = safe_add(a, olda); 142 | b = safe_add(b, oldb); 143 | c = safe_add(c, oldc); 144 | d = safe_add(d, oldd); 145 | } 146 | return Array(a, b, c, d); 147 | 148 | } 149 | 150 | /* 151 | * These functions implement the four basic operations the algorithm uses. 152 | */ 153 | function md5_cmn(q, a, b, x, s, t) { 154 | return safe_add(bit_rol(safe_add(safe_add(a, q), safe_add(x, t)), s), b); 155 | } 156 | 157 | function md5_ff(a, b, c, d, x, s, t) { 158 | return md5_cmn((b & c) | ((~b) & d), a, b, x, s, t); 159 | } 160 | 161 | function md5_gg(a, b, c, d, x, s, t) { 162 | return md5_cmn((b & d) | (c & (~d)), a, b, x, s, t); 163 | } 164 | 165 | function md5_hh(a, b, c, d, x, s, t) { 166 | return md5_cmn(b ^ c ^ d, a, b, x, s, t); 167 | } 168 | 169 | function md5_ii(a, b, c, d, x, s, t) { 170 | return md5_cmn(c ^ (b | (~d)), a, b, x, s, t); 171 | } 172 | 173 | /* 174 | * Calculate the HMAC-MD5, of a key and some data 175 | */ 176 | function core_hmac_md5(key, data) { 177 | var bkey = str2binl(key); 178 | if (bkey.length > 16) bkey = core_md5(bkey, key.length * chrsz); 179 | 180 | var ipad = Array(16), opad = Array(16); 181 | for (var i = 0; i < 16; i++) { 182 | ipad[i] = bkey[i] ^ 0x36363636; 183 | opad[i] = bkey[i] ^ 0x5C5C5C5C; 184 | } 185 | 186 | var hash = core_md5(ipad.concat(str2binl(data)), 512 + data.length * chrsz); 187 | return core_md5(opad.concat(hash), 512 + 128); 188 | } 189 | 190 | /* 191 | * Add integers, wrapping at 2^32. This uses 16-bit operations internally 192 | * to work around bugs in some JS interpreters. 193 | */ 194 | function safe_add(x, y) { 195 | var lsw = (x & 0xFFFF) + (y & 0xFFFF); 196 | var msw = (x >> 16) + (y >> 16) + (lsw >> 16); 197 | return (msw << 16) | (lsw & 0xFFFF); 198 | } 199 | 200 | /* 201 | * Bitwise rotate a 32-bit number to the left. 202 | */ 203 | function bit_rol(num, cnt) { 204 | return (num << cnt) | (num >>> (32 - cnt)); 205 | } 206 | 207 | /* 208 | * Convert a string to an array of little-endian words 209 | * If chrsz is ASCII, characters >255 have their hi-byte silently ignored. 210 | */ 211 | function str2binl(str) { 212 | var bin = Array(); 213 | var mask = (1 << chrsz) - 1; 214 | for (var i = 0; i < str.length * chrsz; i += chrsz) 215 | bin[i >> 5] |= (str.charCodeAt(i / chrsz) & mask) << (i % 32); 216 | return bin; 217 | } 218 | 219 | /* 220 | * Convert an array of little-endian words to a string 221 | */ 222 | function binl2str(bin) { 223 | var str = ""; 224 | var mask = (1 << chrsz) - 1; 225 | for (var i = 0; i < bin.length * 32; i += chrsz) 226 | str += String.fromCharCode((bin[i >> 5] >>> (i % 32)) & mask); 227 | return str; 228 | } 229 | 230 | /* 231 | * Convert an array of little-endian words to a hex string. 232 | */ 233 | function binl2hex(binarray) { 234 | var hex_tab = hexcase ? "0123456789ABCDEF" : "0123456789abcdef"; 235 | var str = ""; 236 | for (var i = 0; i < binarray.length * 4; i++) { 237 | str += hex_tab.charAt((binarray[i >> 2] >> ((i % 4) * 8 + 4)) & 0xF) + 238 | hex_tab.charAt((binarray[i >> 2] >> ((i % 4) * 8)) & 0xF); 239 | } 240 | return str; 241 | } 242 | 243 | /* 244 | * Convert an array of little-endian words to a base-64 string 245 | */ 246 | function binl2b64(binarray) { 247 | var tab = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; 248 | var str = ""; 249 | for (var i = 0; i < binarray.length * 4; i += 3) { 250 | var triplet = (((binarray[i >> 2] >> 8 * (i % 4)) & 0xFF) << 16) 251 | | (((binarray[i + 1 >> 2] >> 8 * ((i + 1) % 4)) & 0xFF) << 8) 252 | | ((binarray[i + 2 >> 2] >> 8 * ((i + 2) % 4)) & 0xFF); 253 | for (var j = 0; j < 4; j++) { 254 | if (i * 8 + j * 6 > binarray.length * 32) str += b64pad; 255 | else str += tab.charAt((triplet >> 6 * (3 - j)) & 0x3F); 256 | } 257 | } 258 | return str; 259 | } 260 | 261 | console.log(hex_md5('123456')) 262 | 263 | -------------------------------------------------------------------------------- /混淆跟值/ob.js: -------------------------------------------------------------------------------- 1 | var _$oa = ['TW9nbEo=', 'S0prekU=', 'YUVuRUo=', 'RElxQ1M=', 'UVhzY2o=', 'SkZVUkE=', 'YW52WVo=', 'eXVEem4=', 'b3dHSE4=', 'Y29va2ll', 'dWJtbk0=', 'TnlodFo=', 'RWtrd3k=', 'dGVzdA==', 'Z0pxU1U=', 'd1FDd3g=', 'WW5RTlQ=', 'OyBwYXRoPS8=', 'TGVndVM=', 'aFFwa00=', 'ZFJsR0M=', 'YWN0aW9u', 'd1pFT00=', 'Z2dlcg==', 'c2lnbj0=', 'UlZyek8=', 'THFsQ3g=', 'Y2FsbA==', 'QmRjaEs=', 'bGVuZ3Ro', 'XCtcKyAqKD86W2EtekEtWl8kXVswLTlhLXpBLVpfJF0qKQ==', 'eUJQTnQ=', 'bm9TZHU=', 'ZG9JdVQ=', 'Y2hhaW4=', 'aW5wdXQ=', 'UE5NZ20=', 'VWZaZU0=', 'VnhSemQ=', 'U2ltaWk=', 'b1pIZVU=', 'TFRyU3g=', 'RGFQclU=', 'amFGVmM=', 'U2F5THg=', 'cWhLS2Q=', 'eVNSaVg=', 'anNHbWg=', 'V0NnSlU=', 'ZFlxY0s=', 'YnRvYQ==', 'V3laa0o=', 'SGViekM=', 'VVpld1k=', 'VVZoUEE=', 'ZFBSWk8=', 'eFZ2bG8=', 'Q0dFcWo=', 'SGpvdmw=', 'aVV4Umk=', 'cmVsb2Fk', 'aU1NekE=', 'b2hhbEE=', 'YWlkaW5nX3dpbg==', 'R25waEE=', 'ampjVVM=', 'SkFhR2Q=', 'bkNxRG8=', 'Q3lFR2o=', 'UGRMaWQ=', 'aW5pdA==', 'ckttV0s=', 'YXBwbHk=', 'cEdESkg=', 'R1FCSFU=', 'ZGVidQ==', 'YnNvT1U=', 'd2hpbGUgKHRydWUpIHt9', 'Z3daR3I=', 'dGRxWU0=', 'cmJVaEY=', '5q2k572R6aG15Y+X44CQ54ix6ZSt5LqR55u+IFYxLjAg5Yqo5oCB54mI44CR5L+d5oqk', 'bkRXZFY=', 'ZHNvZGI=', 'ZnVuY3Rpb24gKlwoICpcKQ==', 'WHpheVk=', 'R05NYkQ=', 'TFVRdkU=', 'cm91bmQ=', 'aUNXVlI=', 'QkxITng=', 'RG9paXM=', 'bG9n', 'WWhHcGQ=', 'bm52dHc=', 'R2hIQU0=', 'ckJBcFg=', 'ekl0WHQ=', 'Q0dIbmc=', 'bGVVb24=', 'ZE5QYkI=', 'd2lWZUo=', 'UEpXTUM=', 'ZkFHTlg=', 'RGh0WkM=', 'cFZQRmI=', 'Y291bnRlcg==', 'YXNLdk0=', 'cFNMcUI=', 'TEREeHU=', 'Z3hNbEU=', 'UkVTbE4=', 'c3RyaW5n', 'Y29uc3RydWN0b3I=', 'c2N2Sno=']; 2 | (function (a, b) { 3 | var c = function (f) { 4 | while (--f) { 5 | a['push'](a['shift']()); 6 | } 7 | }; 8 | c(++b); 9 | }(_$oa, 0xca)); 10 | var _$ob = function (a, b) { 11 | a = a - 0x0; 12 | var c = _$oa[a]; 13 | if (_$ob['IxafKT'] === undefined) { 14 | (function () { 15 | var f; 16 | try { 17 | var h = Function('return\x20(function()\x20' + '{}.constructor(\x22return\x20this\x22)(\x20)' + ');'); 18 | f = h(); 19 | } catch (i) { 20 | f = window; 21 | } 22 | var g = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/='; 23 | f['atob'] || (f['atob'] = function (j) { 24 | var k = String(j)['replace'](/=+$/, ''); 25 | var l = ''; 26 | for (var m = 0x0, n, o, p = 0x0; o = k['charAt'](p++); ~o && (n = m % 0x4 ? n * 0x40 + o : o, 27 | m++ % 0x4) ? l += String['fromCharCode'](0xff & n >> (-0x2 * m & 0x6)) : 0x0) { 28 | o = g['indexOf'](o); 29 | } 30 | return l; 31 | } 32 | ); 33 | }()); 34 | _$ob['zmzJoP'] = function (e) { 35 | var f = atob(e); 36 | var g = []; 37 | for (var h = 0x0, j = f['length']; h < j; h++) { 38 | g += '%' + ('00' + f['charCodeAt'](h)['toString'](0x10))['slice'](-0x2); 39 | } 40 | return decodeURIComponent(g); 41 | } 42 | ; 43 | _$ob['XDOlVv'] = {}; 44 | _$ob['IxafKT'] = !![]; 45 | } 46 | var d = _$ob['XDOlVv'][a]; 47 | if (d === undefined) { 48 | c = _$ob['zmzJoP'](c); 49 | _$ob['XDOlVv'][a] = c; 50 | } else { 51 | c = d; 52 | } 53 | return c; 54 | }; 55 | (function () { 56 | var a = { 57 | 'GQBHU': function (d, e, f) { 58 | return d(e, f); 59 | }, 60 | 'ySRiX': function (d, e) { 61 | return d + e; 62 | }, 63 | 'YhGpd': _$ob('0x67'), 64 | 'pVPFb': _$ob('0x33'), 65 | 'LqlCx': _$ob('0x31'), 66 | 'WCgJU': function (d, e) { 67 | return d === e; 68 | }, 69 | 'PJWMC': _$ob('0x28'), 70 | 'CEjbG': _$ob('0x70'), 71 | 'rKmWK': _$ob('0x3a'), 72 | 'LTrSx': function (d, e) { 73 | return d(e); 74 | }, 75 | 'BdchK': _$ob('0x62'), 76 | 'SayLx': function (d, e) { 77 | return d + e; 78 | }, 79 | 'yBPNt': _$ob('0x3e'), 80 | 'yuDzn': 'input', 81 | 'nDWdV': function (d) { 82 | return d(); 83 | }, 84 | 'EIwZE': function (d, e) { 85 | return d === e; 86 | }, 87 | 'Doiis': 'YlsGg', 88 | 'fAGNX': _$ob('0x5e'), 89 | 'leUon': _$ob('0x69'), 90 | 'UfZeM': 'counter', 91 | 'qhKKd': function (d, e) { 92 | return d(e); 93 | }, 94 | 'asKvM': function (d, e) { 95 | return d + e; 96 | }, 97 | 'GNMbD': function (d, e) { 98 | return d === e; 99 | }, 100 | 'xNVsS': 'VjHJn', 101 | 'CyEGj': _$ob('0x0'), 102 | 'hQpkM': _$ob('0x5d'), 103 | 'anvYZ': _$ob('0x2a'), 104 | 'xVvlo': _$ob('0x6d'), 105 | 'nnvtw': _$ob('0x5b'), 106 | 'QXscj': function (d, e) { 107 | return d(e); 108 | }, 109 | 'dRlGC': function (d, e) { 110 | return d(e); 111 | }, 112 | 'zItXt': function (d, e) { 113 | return d(e); 114 | }, 115 | 'pSLqB': function (d, e) { 116 | return d / e; 117 | }, 118 | 'MoglJ': function (d, e) { 119 | return d + e; 120 | }, 121 | 'KJkzE': function (d, e) { 122 | return d + e; 123 | }, 124 | 'wQCwx': function (d, e) { 125 | return d + e; 126 | }, 127 | 'aEnEJ': _$ob('0x34'), 128 | 'jsGmh': _$ob('0x2d') 129 | }; 130 | var b = function () { 131 | var d = { 132 | 'tqevQ': a['CEjbG'], 133 | 'VxRzd': a['rKmWK'], 134 | 'UVhPA': function (f, g) { 135 | return a[_$ob('0x45')](f, g); 136 | }, 137 | 'noSdu': a[_$ob('0x38')], 138 | 'GnphA': function (f, g) { 139 | return a[_$ob('0x48')](f, g); 140 | }, 141 | 'pGDJH': a[_$ob('0x3b')], 142 | 'IFvSE': a['yuDzn'], 143 | 'CGHng': function (f) { 144 | return a['nDWdV'](f); 145 | } 146 | }; 147 | if (a['EIwZE'](a[_$ob('0x4')], a[_$ob('0x10')])) { 148 | qILVxC[_$ob('0x66')](taEnv, this, function () { 149 | var g = new RegExp(GHmKho['tqevQ']); 150 | var h = new RegExp(GHmKho[_$ob('0x42')], 'i'); 151 | var i = GHmKho[_$ob('0x52')](_$oc, GHmKho[_$ob('0x3c')]); 152 | if (!g[_$ob('0x29')](GHmKho['GnphA'](i, GHmKho[_$ob('0x65')])) || !h[_$ob('0x29')](GHmKho[_$ob('0x5c')](i, GHmKho['IFvSE']))) { 153 | GHmKho['UVhPA'](i, '0'); 154 | } else { 155 | GHmKho[_$ob('0xb')](_$oc); 156 | } 157 | })(); 158 | } else { 159 | var e = !![]; 160 | return function (g, h) { 161 | var i = { 162 | 'RDlmH': function (k, l) { 163 | return a[_$ob('0x4a')](k, l); 164 | }, 165 | 'oZHeU': a[_$ob('0x6')], 166 | 'LDDxu': a[_$ob('0x12')], 167 | 'WyZkJ': a[_$ob('0x36')] 168 | }; 169 | if (a[_$ob('0x4c')](a['PJWMC'], a[_$ob('0xf')])) { 170 | var j = e ? function () { 171 | if (h) { 172 | var k = h['apply'](g, arguments); 173 | h = null; 174 | return k; 175 | } 176 | } 177 | : function () { 178 | } 179 | ; 180 | e = ![]; 181 | return j; 182 | } else { 183 | (function () { 184 | return !![]; 185 | } 186 | [_$ob('0x1a')](NHHgvu['RDlmH'](NHHgvu[_$ob('0x44')], NHHgvu[_$ob('0x16')]))[_$ob('0x37')](NHHgvu[_$ob('0x4f')])); 187 | } 188 | } 189 | ; 190 | } 191 | }(); 192 | (function () { 193 | var d = { 194 | 'JFURA': a[_$ob('0xc')], 195 | 'rbUhF': a[_$ob('0x41')], 196 | 'iMMzA': a['CEjbG'], 197 | 'Wuzlk': a[_$ob('0x63')], 198 | 'YnQNT': function (e, f) { 199 | return a[_$ob('0x49')](e, f); 200 | }, 201 | 'XcpPz': a[_$ob('0x38')], 202 | 'ubmnM': function (e, f) { 203 | return a['asKvM'](e, f); 204 | }, 205 | 'PNMgm': a[_$ob('0x3b')], 206 | 'tdqYM': a[_$ob('0x23')], 207 | 'DIqCS': function (e, f) { 208 | return a[_$ob('0x72')](e, f); 209 | }, 210 | 'BLHNx': a['xNVsS'], 211 | 'LeguS': a[_$ob('0x60')], 212 | 'bsoOU': function (e, f) { 213 | return a[_$ob('0x49')](e, f); 214 | }, 215 | 'nCqDo': function (e) { 216 | return a[_$ob('0x6e')](e); 217 | } 218 | }; 219 | if (a['GNMbD'](a[_$ob('0x2f')], a[_$ob('0x22')])) { 220 | qILVxC[_$ob('0x45')](result, '0'); 221 | } else { 222 | a[_$ob('0x66')](b, this, function () { 223 | var f = { 224 | 'LUrEn': d[_$ob('0x21')], 225 | 'dPRZO': d[_$ob('0x6c')] 226 | }; 227 | var g = new RegExp(d[_$ob('0x59')]); 228 | var h = new RegExp(d['Wuzlk'], 'i'); 229 | var i = d[_$ob('0x2c')](_$oc, d['XcpPz']); 230 | if (!g[_$ob('0x29')](d[_$ob('0x26')](i, d[_$ob('0x40')])) || !h[_$ob('0x29')](d[_$ob('0x26')](i, d[_$ob('0x6b')]))) { 231 | if (d[_$ob('0x1f')](d[_$ob('0x3')], d[_$ob('0x2e')])) { 232 | return function (k) { 233 | } 234 | [_$ob('0x1a')](deGfMk['LUrEn'])[_$ob('0x64')](deGfMk[_$ob('0x53')]); 235 | } else { 236 | d[_$ob('0x68')](i, '0'); 237 | } 238 | } else { 239 | d[_$ob('0x5f')](_$oc); 240 | } 241 | })(); 242 | } 243 | }()); 244 | console[_$ob('0x5')](a[_$ob('0x54')]); 245 | var c = new Date()['valueOf'](); 246 | token = window[_$ob('0x4e')](a[_$ob('0x14')](a['nnvtw'], a[_$ob('0x20')](String, c))); 247 | md = a[_$ob('0x30')](hex_md5, window[_$ob('0x4e')](a[_$ob('0x14')](a[_$ob('0x7')], a[_$ob('0xa')](String, Math[_$ob('0x1')](a['pSLqB'](c, 0x3e8)))))); 248 | document[_$ob('0x25')] = a[_$ob('0x1c')](a[_$ob('0x1d')](a[_$ob('0x1d')](a[_$ob('0x2b')](a[_$ob('0x2b')](a['wQCwx'](a[_$ob('0x1e')], Math[_$ob('0x1')](a[_$ob('0x15')](c, 0x3e8))), '~'), token), '|'), md), a[_$ob('0x4b')]); 249 | location[_$ob('0x58')](); 250 | }()); 251 | 252 | function _$oc(a) { 253 | var b = { 254 | 'ohalA': function (d, e) { 255 | return d === e; 256 | }, 257 | 'UvQPB': _$ob('0x24'), 258 | 'DhtZC': _$ob('0x61'), 259 | 'UZewY': function (d, e) { 260 | return d === e; 261 | }, 262 | 'LXaMK': 'nMXpX', 263 | 'CGEqj': _$ob('0x19'), 264 | 'scvJz': _$ob('0x69'), 265 | 'iUxRi': _$ob('0x13'), 266 | 'hKLTQ': function (d, e) { 267 | return d !== e; 268 | }, 269 | 'dNPbB': function (d, e) { 270 | return d + e; 271 | }, 272 | 'RVrzO': function (d, e) { 273 | return d / e; 274 | }, 275 | 'gfbZg': _$ob('0x39'), 276 | 'gxMlE': function (d, e) { 277 | return d % e; 278 | }, 279 | 'Simii': function (d, e) { 280 | return d + e; 281 | }, 282 | 'rBApX': _$ob('0x67'), 283 | 'jaFVc': 'gger', 284 | 'tWczT': _$ob('0x31'), 285 | 'Hjovl': 'stateObject', 286 | 'DaPrU': function (d, e) { 287 | return d(e); 288 | }, 289 | 'XzayY': _$ob('0x70'), 290 | 'wiVeJ': _$ob('0x3a'), 291 | 'PrxOQ': function (d, e) { 292 | return d(e); 293 | }, 294 | 'dsodb': _$ob('0x62'), 295 | 'dYqcK': _$ob('0x3e'), 296 | 'gwZGr': function (d, e) { 297 | return d + e; 298 | }, 299 | 'HebzC': _$ob('0x3f'), 300 | 'doIuT': function (d, e) { 301 | return d(e); 302 | }, 303 | 'wZEOM': function (d) { 304 | return d(); 305 | }, 306 | 'NyhtZ': _$ob('0x2') 307 | }; 308 | 309 | function c(d) { 310 | var e = { 311 | 'RESlN': function (f, g) { 312 | return b[_$ob('0x51')](f, g); 313 | }, 314 | 'GhHAM': b['LXaMK'] 315 | }; 316 | if (b[_$ob('0x51')](typeof d, b[_$ob('0x55')])) { 317 | return function (f) { 318 | } 319 | ['constructor'](b[_$ob('0x1b')])[_$ob('0x64')](b[_$ob('0x57')]); 320 | } else { 321 | if (b['hKLTQ'](b[_$ob('0xd')]('', b[_$ob('0x35')](d, d))[b['gfbZg']], 0x1) || b[_$ob('0x51')](b[_$ob('0x17')](d, 0x14), 0x0)) { 322 | (function () { 323 | if (b[_$ob('0x5a')](b['UvQPB'], b[_$ob('0x11')])) { 324 | var g = fn['apply'](context, arguments); 325 | fn = null; 326 | return g; 327 | } else { 328 | return !![]; 329 | } 330 | } 331 | [_$ob('0x1a')](b[_$ob('0x43')](b[_$ob('0x9')], b[_$ob('0x47')]))[_$ob('0x37')](b['tWczT'])); 332 | } else { 333 | (function () { 334 | if (e[_$ob('0x18')](e[_$ob('0x8')], e[_$ob('0x8')])) { 335 | return ![]; 336 | } else { 337 | return !![]; 338 | } 339 | } 340 | [_$ob('0x1a')](b['Simii'](b[_$ob('0x9')], b[_$ob('0x47')]))[_$ob('0x64')](b[_$ob('0x56')])); 341 | } 342 | } 343 | b[_$ob('0x46')](c, ++d); 344 | } 345 | 346 | try { 347 | if (b['UZewY'](b[_$ob('0x27')], b[_$ob('0x27')])) { 348 | if (a) { 349 | return c; 350 | } else { 351 | b[_$ob('0x3d')](c, 0x0); 352 | } 353 | } else { 354 | var e = new RegExp(b[_$ob('0x71')]); 355 | var f = new RegExp(b[_$ob('0xe')], 'i'); 356 | var g = b['PrxOQ'](_$oc, b[_$ob('0x6f')]); 357 | if (!e['test'](b['Simii'](g, b[_$ob('0x4d')])) || !f[_$ob('0x29')](b[_$ob('0x6a')](g, b[_$ob('0x50')]))) { 358 | b['doIuT'](g, '0'); 359 | } else { 360 | b[_$ob('0x32')](_$oc); 361 | } 362 | } 363 | } catch (e) { 364 | } 365 | } 366 | -------------------------------------------------------------------------------- /混淆跟值/混淆跟值.txt: -------------------------------------------------------------------------------- 1 | 混淆实际上就是把核心的js代码计算逻辑混淆掉从而增加阅读难度的一种方法 2 | 3 | 目前我们能遇到的混淆基本上只有几类 4 | 5 | 一、 定制类(各大安全公司产品 与 安全开发自研) 种类最多,难度最大,通性最小 6 | 二、ob系加壳器( 7 | 祖宗:http://obfuscator.io/ 8 | 请注意,这些大部分加壳器都是依靠ob开源框架并且增加了自己的一些理解的加壳器。 9 | ) 10 | 11 | ob 混淆特征: 大数组 + 数组移位 + 解密函数 12 | 13 | 经验: 先大胆尝试风险测试,尽心耗时精力和成功率 平衡 --- 先干再说 14 | 15 | 结论: 16 | 1、伪动态 ob 混淆 17 | 2、它可能不存在 set-cookie 交互 18 | 3、混淆代码 可以一定程度被还原 19 | 20 | 21 | 三、 Function半淘汰加壳器系列( // 性能差被淘汰了 22 | AAencode 23 | jjencode 24 | jsfuck 25 | ... 26 | ) 27 | 3、jsfuck 解题思路 hook Funchtion 在hook eval 28 | // hook Function 29 | _Function = Function 30 | Function.prototype.constructor = function(){ 31 | console.log(arguments) 32 | return _Function(arguments[0]) 33 | } 34 | // hook eval 35 | _eval = eval; 36 | eval= function(){ 37 | console.log(arguments) 38 | return _eval(arguments[0]) 39 | } 40 | 41 | 四、通过产品分类之后,我们还可以通过属性来分(之前课程已经讲过了,我们再来回顾一下) 42 | 变量名与变量不可视 43 | 控制流平坦化 44 | 花指令 45 | 死代码 46 | 表达式干扰 47 | 代码压缩成一行 + 格式化的检测 练习平台第三题 48 | 49 | 处理动态代码,首先要明确几个概念 50 | 1、页面的cookie 反扒的表现形式 先混淆 然后就正常,如果cookie 没过期,就一直正常 51 | 2、何为动态 伪动态/真动态,无论怎样,建议先静态处理,然后再说 52 | 3、跟断了怎么办 静态处理 不怕跟断,伪动态/真动态 先保存js 在终端进行调试,断了在使用保存的js 继续跟 53 | 54 | 原生的 ob 内存爆破, 解决方法 55 | 1、不进行格式化 56 | 2、hooke 正则, 例如第三题 57 | RegExp.prototype.test = function () { 58 | return true 59 | } 60 | 3、改写正则监测点 61 | 62 | 63 | -------------------------------------------------------------------------------- /混淆跟值/第2题.js: -------------------------------------------------------------------------------- 1 | var hexcase = 0; /* hex output format. 0 - lowercase; 1 - uppercase */ 2 | var b64pad = ""; /* base-64 pad character. "=" for strict RFC compliance */ 3 | var chrsz = 8; /* bits per input character. 8 - ASCII; 16 - Unicode */ 4 | 5 | /* 6 | * These are the functions you'll usually want to call 7 | * They take string arguments and return either hex or base-64 encoded strings 8 | */ 9 | function hex_md5(s) { 10 | return binl2hex(core_md5(str2binl(s), s.length * chrsz)); 11 | } 12 | 13 | function b64_md5(s) { 14 | return binl2b64(core_md5(str2binl(s), s.length * chrsz)); 15 | } 16 | 17 | function str_md5(s) { 18 | return binl2str(core_md5(str2binl(s), s.length * chrsz)); 19 | } 20 | 21 | function hex_hmac_md5(key, data) { 22 | return binl2hex(core_hmac_md5(key, data)); 23 | } 24 | 25 | function b64_hmac_md5(key, data) { 26 | return binl2b64(core_hmac_md5(key, data)); 27 | } 28 | 29 | function str_hmac_md5(key, data) { 30 | return binl2str(core_hmac_md5(key, data)); 31 | } 32 | 33 | /* 34 | * Perform a simple self-test to see if the VM is working 35 | */ 36 | function md5_vm_test() { 37 | return hex_md5("abc") == "900150983cd24fb0d6963f7d28e17f72"; 38 | } 39 | 40 | /* 41 | * Calculate the MD5 of an array of little-endian words, and a bit length 42 | */ 43 | function core_md5(x, len) { 44 | /* append padding */ 45 | x[len >> 5] |= 0x80 << ((len) % 32); 46 | x[(((len + 64) >>> 9) << 4) + 14] = len; 47 | 48 | var a = 1732584193; 49 | var b = -271733879; 50 | var c = -1732584194; 51 | var d = 271733878; 52 | 53 | for (var i = 0; i < x.length; i += 16) { 54 | var olda = a; 55 | var oldb = b; 56 | var oldc = c; 57 | var oldd = d; 58 | 59 | a = md5_ff(a, b, c, d, x[i + 0], 7, -680876936); 60 | d = md5_ff(d, a, b, c, x[i + 1], 12, -389564586); 61 | c = md5_ff(c, d, a, b, x[i + 2], 17, 606105819); 62 | b = md5_ff(b, c, d, a, x[i + 3], 22, -1044525330); 63 | a = md5_ff(a, b, c, d, x[i + 4], 7, -176418897); 64 | d = md5_ff(d, a, b, c, x[i + 5], 12, 1200080426); 65 | c = md5_ff(c, d, a, b, x[i + 6], 17, -1473231341); 66 | b = md5_ff(b, c, d, a, x[i + 7], 22, -45705983); 67 | a = md5_ff(a, b, c, d, x[i + 8], 7, 1770035416); 68 | d = md5_ff(d, a, b, c, x[i + 9], 12, -1958414417); 69 | c = md5_ff(c, d, a, b, x[i + 10], 17, -42063); 70 | b = md5_ff(b, c, d, a, x[i + 11], 22, -1990404162); 71 | a = md5_ff(a, b, c, d, x[i + 12], 7, 1804603682); 72 | d = md5_ff(d, a, b, c, x[i + 13], 12, -40341101); 73 | c = md5_ff(c, d, a, b, x[i + 14], 17, -1502002290); 74 | b = md5_ff(b, c, d, a, x[i + 15], 22, 1236535329); 75 | 76 | a = md5_gg(a, b, c, d, x[i + 1], 5, -165796510); 77 | d = md5_gg(d, a, b, c, x[i + 6], 9, -1069501632); 78 | c = md5_gg(c, d, a, b, x[i + 11], 14, 643717713); 79 | b = md5_gg(b, c, d, a, x[i + 0], 20, -373897302); 80 | a = md5_gg(a, b, c, d, x[i + 5], 5, -701558691); 81 | d = md5_gg(d, a, b, c, x[i + 10], 9, 38016083); 82 | c = md5_gg(c, d, a, b, x[i + 15], 14, -660478335); 83 | b = md5_gg(b, c, d, a, x[i + 4], 20, -405537848); 84 | a = md5_gg(a, b, c, d, x[i + 9], 5, 568446438); 85 | d = md5_gg(d, a, b, c, x[i + 14], 9, -1019803690); 86 | c = md5_gg(c, d, a, b, x[i + 3], 14, -187363961); 87 | b = md5_gg(b, c, d, a, x[i + 8], 20, 1163531501); 88 | a = md5_gg(a, b, c, d, x[i + 13], 5, -1444681467); 89 | d = md5_gg(d, a, b, c, x[i + 2], 9, -51403784); 90 | c = md5_gg(c, d, a, b, x[i + 7], 14, 1735328473); 91 | b = md5_gg(b, c, d, a, x[i + 12], 20, -1926607734); 92 | 93 | a = md5_hh(a, b, c, d, x[i + 5], 4, -378558); 94 | d = md5_hh(d, a, b, c, x[i + 8], 11, -2022574463); 95 | c = md5_hh(c, d, a, b, x[i + 11], 16, 1839030562); 96 | b = md5_hh(b, c, d, a, x[i + 14], 23, -35309556); 97 | a = md5_hh(a, b, c, d, x[i + 1], 4, -1530992060); 98 | d = md5_hh(d, a, b, c, x[i + 4], 11, 1272893353); 99 | c = md5_hh(c, d, a, b, x[i + 7], 16, -155497632); 100 | b = md5_hh(b, c, d, a, x[i + 10], 23, -1094730640); 101 | a = md5_hh(a, b, c, d, x[i + 13], 4, 681279174); 102 | d = md5_hh(d, a, b, c, x[i + 0], 11, -358537222); 103 | c = md5_hh(c, d, a, b, x[i + 3], 16, -722521979); 104 | b = md5_hh(b, c, d, a, x[i + 6], 23, 76029189); 105 | a = md5_hh(a, b, c, d, x[i + 9], 4, -640364487); 106 | d = md5_hh(d, a, b, c, x[i + 12], 11, -421815835); 107 | c = md5_hh(c, d, a, b, x[i + 15], 16, 530742520); 108 | b = md5_hh(b, c, d, a, x[i + 2], 23, -995338651); 109 | 110 | a = md5_ii(a, b, c, d, x[i + 0], 6, -198630844); 111 | d = md5_ii(d, a, b, c, x[i + 7], 10, 1126891415); 112 | c = md5_ii(c, d, a, b, x[i + 14], 15, -1416354905); 113 | b = md5_ii(b, c, d, a, x[i + 5], 21, -57434055); 114 | a = md5_ii(a, b, c, d, x[i + 12], 6, 1700485571); 115 | d = md5_ii(d, a, b, c, x[i + 3], 10, -1894986606); 116 | c = md5_ii(c, d, a, b, x[i + 10], 15, -1051523); 117 | b = md5_ii(b, c, d, a, x[i + 1], 21, -2054922799); 118 | a = md5_ii(a, b, c, d, x[i + 8], 6, 1873313359); 119 | d = md5_ii(d, a, b, c, x[i + 15], 10, -30611744); 120 | c = md5_ii(c, d, a, b, x[i + 6], 15, -1560198380); 121 | b = md5_ii(b, c, d, a, x[i + 13], 21, 1309151649); 122 | a = md5_ii(a, b, c, d, x[i + 4], 6, -145523070); 123 | d = md5_ii(d, a, b, c, x[i + 11], 10, -1120210379); 124 | c = md5_ii(c, d, a, b, x[i + 2], 15, 718787259); 125 | b = md5_ii(b, c, d, a, x[i + 9], 21, -343485551); 126 | 127 | a = safe_add(a, olda); 128 | b = safe_add(b, oldb); 129 | c = safe_add(c, oldc); 130 | d = safe_add(d, oldd); 131 | } 132 | return Array(a, b, c, d); 133 | 134 | } 135 | 136 | /* 137 | * These functions implement the four basic operations the algorithm uses. 138 | */ 139 | function md5_cmn(q, a, b, x, s, t) { 140 | return safe_add(bit_rol(safe_add(safe_add(a, q), safe_add(x, t)), s), b); 141 | } 142 | 143 | function md5_ff(a, b, c, d, x, s, t) { 144 | return md5_cmn((b & c) | ((~b) & d), a, b, x, s, t); 145 | } 146 | 147 | function md5_gg(a, b, c, d, x, s, t) { 148 | return md5_cmn((b & d) | (c & (~d)), a, b, x, s, t); 149 | } 150 | 151 | function md5_hh(a, b, c, d, x, s, t) { 152 | return md5_cmn(b ^ c ^ d, a, b, x, s, t); 153 | } 154 | 155 | function md5_ii(a, b, c, d, x, s, t) { 156 | return md5_cmn(c ^ (b | (~d)), a, b, x, s, t); 157 | } 158 | 159 | /* 160 | * Calculate the HMAC-MD5, of a key and some data 161 | */ 162 | function core_hmac_md5(key, data) { 163 | var bkey = str2binl(key); 164 | if (bkey.length > 16) bkey = core_md5(bkey, key.length * chrsz); 165 | 166 | var ipad = Array(16), opad = Array(16); 167 | for (var i = 0; i < 16; i++) { 168 | ipad[i] = bkey[i] ^ 0x36363636; 169 | opad[i] = bkey[i] ^ 0x5C5C5C5C; 170 | } 171 | 172 | var hash = core_md5(ipad.concat(str2binl(data)), 512 + data.length * chrsz); 173 | return core_md5(opad.concat(hash), 512 + 128); 174 | } 175 | 176 | /* 177 | * Add integers, wrapping at 2^32. This uses 16-bit operations internally 178 | * to work around bugs in some JS interpreters. 179 | */ 180 | function safe_add(x, y) { 181 | var lsw = (x & 0xFFFF) + (y & 0xFFFF); 182 | var msw = (x >> 16) + (y >> 16) + (lsw >> 16); 183 | return (msw << 16) | (lsw & 0xFFFF); 184 | } 185 | 186 | /* 187 | * Bitwise rotate a 32-bit number to the left. 188 | */ 189 | function bit_rol(num, cnt) { 190 | return (num << cnt) | (num >>> (32 - cnt)); 191 | } 192 | 193 | /* 194 | * Convert a string to an array of little-endian words 195 | * If chrsz is ASCII, characters >255 have their hi-byte silently ignored. 196 | */ 197 | function str2binl(str) { 198 | var bin = Array(); 199 | var mask = (1 << chrsz) - 1; 200 | for (var i = 0; i < str.length * chrsz; i += chrsz) 201 | bin[i >> 5] |= (str.charCodeAt(i / chrsz) & mask) << (i % 32); 202 | return bin; 203 | } 204 | 205 | /* 206 | * Convert an array of little-endian words to a string 207 | */ 208 | function binl2str(bin) { 209 | var str = ""; 210 | var mask = (1 << chrsz) - 1; 211 | for (var i = 0; i < bin.length * 32; i += chrsz) 212 | str += String.fromCharCode((bin[i >> 5] >>> (i % 32)) & mask); 213 | return str; 214 | } 215 | 216 | /* 217 | * Convert an array of little-endian words to a hex string. 218 | */ 219 | function binl2hex(binarray) { 220 | var hex_tab = hexcase ? "0123456789ABCDEF" : "0123456789abcdef"; 221 | var str = ""; 222 | for (var i = 0; i < binarray.length * 4; i++) { 223 | str += hex_tab.charAt((binarray[i >> 2] >> ((i % 4) * 8 + 4)) & 0xF) + 224 | hex_tab.charAt((binarray[i >> 2] >> ((i % 4) * 8)) & 0xF); 225 | } 226 | return str; 227 | } 228 | 229 | /* 230 | * Convert an array of little-endian words to a base-64 string 231 | */ 232 | function binl2b64(binarray) { 233 | var tab = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; 234 | var str = ""; 235 | for (var i = 0; i < binarray.length * 4; i += 3) { 236 | var triplet = (((binarray[i >> 2] >> 8 * (i % 4)) & 0xFF) << 16) 237 | | (((binarray[i + 1 >> 2] >> 8 * ((i + 1) % 4)) & 0xFF) << 8) 238 | | ((binarray[i + 2 >> 2] >> 8 * ((i + 2) % 4)) & 0xFF); 239 | for (var j = 0; j < 4; j++) { 240 | if (i * 8 + j * 6 > binarray.length * 32) str += b64pad; 241 | else str += tab.charAt((triplet >> 6 * (3 - j)) & 0x3F); 242 | } 243 | } 244 | return str; 245 | } 246 | 247 | 248 | var c = new Date()['valueOf'](); 249 | // c = 1587102734000 250 | token = global['btoa']('aiding_win' + String(c)); 251 | md = hex_md5(global['btoa']('aiding_win' + String(Math['round'](c / 1000)))); 252 | // 'sign=1699254727~YWlkaW5nX3dpbjE2OTkyNTQ3MjY1NzI=|6085dca97477f08b3238b85a3a764da9; path=/' 253 | sign = Math["round"](c / 1000) + '~' + token + '|' + md; 254 | console.log(sign) 255 | -------------------------------------------------------------------------------- /混淆跟值/第2题.py: -------------------------------------------------------------------------------- 1 | import requests 2 | import subprocess 3 | result = subprocess.check_output(['node', '第2题.js']) 4 | sign = result.decode().replace('\n', '') 5 | print(type(sign), sign) 6 | cookies = { 7 | 'sessionid': 'cwcac9fjwh6ct9es91qvky7x4f374481', 8 | 'sign': sign 9 | 10 | } 11 | response = requests.get('https://www.python-spider.com/challenge/2', cookies=cookies) 12 | print(response.text) 13 | -------------------------------------------------------------------------------- /混淆跟值/第三题.py: -------------------------------------------------------------------------------- 1 | import requests 2 | import requests 3 | 4 | cookies = { 5 | 'HMACCOUNT_BFESS': '187D04FA3E11E62A', 6 | } 7 | 8 | headers = { 9 | 'Accept': '*/*', 10 | 'Accept-Language': 'zh-CN,zh;q=0.9', 11 | 'Cache-Control': 'max-age=0', 12 | 'Connection': 'keep-alive', 13 | 'Pragma': 'no-cache', 14 | 'Referer': 'https://www.python-spider.com/', 15 | 'Sec-Fetch-Dest': 'empty', 16 | 'Sec-Fetch-Mode': 'no-cors', 17 | 'Sec-Fetch-Site': 'cross-site', 18 | 'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36', 19 | 'sec-ch-ua': '"Chromium";v="118", "Google Chrome";v="118", "Not=A?Brand";v="99"', 20 | 'sec-ch-ua-mobile': '?0', 21 | 'sec-ch-ua-platform': '"macOS"', 22 | } 23 | 24 | params = ( 25 | ('hca', '187D04FA3E11E62A'), 26 | ('cc', '1'), 27 | ('ck', '1'), 28 | ('cl', '30-bit'), 29 | ('ds', '1512x982'), 30 | ('vl', '324'), 31 | ('ep', '142424,72616'), 32 | ('et', '3'), 33 | ('ja', '0'), 34 | ('ln', 'zh-cn'), 35 | ('lo', '0'), 36 | ('lt', '1699339272'), 37 | ('rnd', '635042415'), 38 | ('si', '337e99a01a907a08d00bed4a1a52e35d'), 39 | ('su', 'https://www.python-spider.com/challenge/3'), 40 | ('v', '1.3.0'), 41 | ('lv', '2'), 42 | ('sn', '22090'), 43 | ('r', '0'), 44 | ('ww', '1512'), 45 | ('u', 'https://www.python-spider.com/challenge/3'), 46 | ) 47 | 48 | response = requests.get('https://hm.baidu.com/hm.gif', headers=headers, params=params, cookies=cookies) 49 | 50 | #NB. Original query string below. It seems impossible to parse and 51 | #reproduce query strings 100% accurately so the one below is given 52 | #in case the reproduced version is not "correct". 53 | # response = requests.get('https://hm.baidu.com/hm.gif?hca=187D04FA3E11E62A&cc=1&ck=1&cl=30-bit&ds=1512x982&vl=324&ep=142424%2C72616&et=3&ja=0&ln=zh-cn&lo=0<=1699339272&rnd=635042415&si=337e99a01a907a08d00bed4a1a52e35d&su=https%3A%2F%2Fwww.python-spider.com%2Fchallenge%2F3&v=1.3.0&lv=2&sn=22090&r=0&ww=1512&u=https%3A%2F%2Fwww.python-spider.com%2Fchallenge%2F3', headers=headers, cookies=cookies) 54 | 55 | print(response.text) 56 | 57 | 58 | 59 | import requests 60 | 61 | cookies = { 62 | 'sessionid': 'gxoucw0suytmmfsyuf1daahvmkys1d9g', 63 | 'Hm_lvt_337e99a01a907a08d00bed4a1a52e35d': '1699339272', 64 | 'Hm_lpvt_337e99a01a907a08d00bed4a1a52e35d': '1699343681', 65 | 'm': 'ae705844192feff466d9dbdbc6009fb5|1699343922000', 66 | } 67 | 68 | headers = { 69 | 'Host': 'www.python-spider.com', 70 | 'cache-control': 'max-age=0', 71 | 'sec-ch-ua': '"Chromium";v="118", "Google Chrome";v="118", "Not=A?Brand";v="99"', 72 | 'sec-ch-ua-mobile': '?0', 73 | 'sec-ch-ua-platform': '"macOS"', 74 | 'upgrade-insecure-requests': '1', 75 | 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36', 76 | 'accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7', 77 | 'sec-fetch-site': 'same-origin', 78 | 'sec-fetch-mode': 'navigate', 79 | 'sec-fetch-dest': 'document', 80 | 'referer': 'https://www.python-spider.com/challenge/3', 81 | 'accept-language': 'zh-CN,zh;q=0.9', 82 | } 83 | 84 | response = requests.get('https://www.python-spider.com/challenge/3', headers=headers, cookies=cookies) 85 | 86 | print(2222, response.text) -------------------------------------------------------------------------------- /百度翻译逆向/compute_sign.js: -------------------------------------------------------------------------------- 1 | function n(t, e) { 2 | for (var n = 0; n < e.length - 2; n += 3) { 3 | var r = e.charAt(n + 2); 4 | r = "a" <= r ? r.charCodeAt(0) - 87 : Number(r), 5 | r = "+" === e.charAt(n + 1) ? t >>> r : t << r, 6 | t = "+" === e.charAt(n) ? t + r & 4294967295 : t ^ r 7 | } 8 | return t 9 | } 10 | 11 | var r = 320305.131321201 12 | 13 | get_sign = function (t) { 14 | var o, i = t.match(/[\uD800-\uDBFF][\uDC00-\uDFFF]/g); 15 | if (null === i) { 16 | var a = t.length; 17 | a > 30 && (t = "".concat(t.substr(0, 10)).concat(t.substr(Math.floor(a / 2) - 5, 10)).concat(t.substr(-10, 10))) 18 | } else { 19 | for (var s = t.split(/[\uD800-\uDBFF][\uDC00-\uDFFF]/), c = 0, u = s.length, l = []; c < u; c++) 20 | "" !== s[c] && l.push.apply(l, function (t) { 21 | if (Array.isArray(t)) 22 | return e(t) 23 | }(o = s[c].split("")) || function (t) { 24 | if ("undefined" != typeof Symbol && null != t[Symbol.iterator] || null != t["@@iterator"]) 25 | return Array.from(t) 26 | }(o) || function (t, n) { 27 | if (t) { 28 | if ("string" == typeof t) 29 | return e(t, n); 30 | var r = Object.prototype.toString.call(t).slice(8, -1); 31 | return "Object" === r && t.constructor && (r = t.constructor.name), 32 | "Map" === r || "Set" === r ? Array.from(t) : "Arguments" === r || /^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(r) ? e(t, n) : void 0 33 | } 34 | }(o) || function () { 35 | throw new TypeError("Invalid attempt to spread non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.") 36 | }()), 37 | c !== u - 1 && l.push(i[c]); 38 | var d = l.length; 39 | d > 30 && (t = l.slice(0, 10).join("") + l.slice(Math.floor(d / 2) - 5, Math.floor(d / 2) + 5).join("") + l.slice(-10).join("")) 40 | } 41 | for (var p = "".concat(String.fromCharCode(103)).concat(String.fromCharCode(116)).concat(String.fromCharCode(107)), f = ["320305", "131321201"], h = Number(f[0]) || 0, m = Number(f[1]) || 0, g = [], v = 0, y = 0; y < t.length; y++) { 42 | var w = t.charCodeAt(y); 43 | w < 128 ? g[v++] = w : (w < 2048 ? g[v++] = w >> 6 | 192 : (55296 == (64512 & w) && y + 1 < t.length && 56320 == (64512 & t.charCodeAt(y + 1)) ? (w = 65536 + ((1023 & w) << 10) + (1023 & t.charCodeAt(++y)), 44 | g[v++] = w >> 18 | 240, 45 | g[v++] = w >> 12 & 63 | 128) : g[v++] = w >> 12 | 224, 46 | g[v++] = w >> 6 & 63 | 128), 47 | g[v++] = 63 & w | 128) 48 | } 49 | for (var b = h, x = "".concat(String.fromCharCode(43)).concat(String.fromCharCode(45)).concat(String.fromCharCode(97)) + "".concat(String.fromCharCode(94)).concat(String.fromCharCode(43)).concat(String.fromCharCode(54)), k = "".concat(String.fromCharCode(43)).concat(String.fromCharCode(45)).concat(String.fromCharCode(51)) + "".concat(String.fromCharCode(94)).concat(String.fromCharCode(43)).concat(String.fromCharCode(98)) + "".concat(String.fromCharCode(43)).concat(String.fromCharCode(45)).concat(String.fromCharCode(102)), _ = 0; _ < g.length; _++) 50 | b = n(b += g[_], x); 51 | return b = n(b, k), 52 | (b ^= m) < 0 && (b = 2147483648 + (2147483647 & b)), 53 | "".concat((b %= 1e6).toString(), ".").concat(b ^ h) 54 | } 55 | 56 | console.log(get_sign('中国')) -------------------------------------------------------------------------------- /百度翻译逆向/demo.js: -------------------------------------------------------------------------------- 1 | function n(t, e) { 2 | for (var n = 0; n < e.length - 2; n += 3) { 3 | var r = e.charAt(n + 2); 4 | r = "a" <= r ? r.charCodeAt(0) - 87 : Number(r), 5 | r = "+" === e.charAt(n + 1) ? t >>> r : t << r, 6 | t = "+" === e.charAt(n) ? t + r & 4294967295 : t ^ r 7 | } 8 | return t 9 | } 10 | 11 | let r = "320305.131321201" 12 | 13 | get_sign = function (t) { 14 | var o, i = t.match(/[\uD800-\uDBFF][\uDC00-\uDFFF]/g); 15 | if (null === i) { 16 | var a = t.length; 17 | a > 30 && (t = "".concat(t.substr(0, 10)).concat(t.substr(Math.floor(a / 2) - 5, 10)).concat(t.substr(-10, 10))) 18 | } else { 19 | for (var s = t.split(/[\uD800-\uDBFF][\uDC00-\uDFFF]/), c = 0, u = s.length, l = []; c < u; c++) 20 | "" !== s[c] && l.push.apply(l, function (t) { 21 | if (Array.isArray(t)) 22 | return e(t) 23 | }(o = s[c].split("")) || function (t) { 24 | if ("undefined" != typeof Symbol && null != t[Symbol.iterator] || null != t["@@iterator"]) 25 | return Array.from(t) 26 | }(o) || function (t, n) { 27 | if (t) { 28 | if ("string" == typeof t) 29 | return e(t, n); 30 | var r = Object.prototype.toString.call(t).slice(8, -1); 31 | return "Object" === r && t.constructor && (r = t.constructor.name), 32 | "Map" === r || "Set" === r ? Array.from(t) : "Arguments" === r || /^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(r) ? e(t, n) : void 0 33 | } 34 | }(o) || function () { 35 | throw new TypeError("Invalid attempt to spread non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.") 36 | }()), 37 | c !== u - 1 && l.push(i[c]); 38 | var p = l.length; 39 | p > 30 && (t = l.slice(0, 10).join("") + l.slice(Math.floor(p / 2) - 5, Math.floor(p / 2) + 5).join("") + l.slice(-10).join("")) 40 | } 41 | for (var d = "".concat(String.fromCharCode(103)).concat(String.fromCharCode(116)).concat(String.fromCharCode(107)), h = (null !== r ? r : (r = window[d] || "") || "").split("."), f = Number(h[0]) || 0, m = Number(h[1]) || 0, g = [], y = 0, v = 0; v < t.length; v++) { 42 | var _ = t.charCodeAt(v); 43 | _ < 128 ? g[y++] = _ : (_ < 2048 ? g[y++] = _ >> 6 | 192 : (55296 == (64512 & _) && v + 1 < t.length && 56320 == (64512 & t.charCodeAt(v + 1)) ? (_ = 65536 + ((1023 & _) << 10) + (1023 & t.charCodeAt(++v)), 44 | g[y++] = _ >> 18 | 240, 45 | g[y++] = _ >> 12 & 63 | 128) : g[y++] = _ >> 12 | 224, 46 | g[y++] = _ >> 6 & 63 | 128), 47 | g[y++] = 63 & _ | 128) 48 | } 49 | for (var b = f, w = "".concat(String.fromCharCode(43)).concat(String.fromCharCode(45)).concat(String.fromCharCode(97)) + "".concat(String.fromCharCode(94)).concat(String.fromCharCode(43)).concat(String.fromCharCode(54)), k = "".concat(String.fromCharCode(43)).concat(String.fromCharCode(45)).concat(String.fromCharCode(51)) + "".concat(String.fromCharCode(94)).concat(String.fromCharCode(43)).concat(String.fromCharCode(98)) + "".concat(String.fromCharCode(43)).concat(String.fromCharCode(45)).concat(String.fromCharCode(102)), x = 0; x < g.length; x++) 50 | b = n(b += g[x], w); 51 | return b = n(b, k), 52 | (b ^= m) < 0 && (b = 2147483648 + (2147483647 & b)), 53 | "".concat((b %= 1e6).toString(), ".").concat(b ^ f) 54 | } 55 | console.log(get_sign('中国')) -------------------------------------------------------------------------------- /百度翻译逆向/demo.py: -------------------------------------------------------------------------------- 1 | import time 2 | 3 | import requests 4 | import execjs 5 | 6 | 7 | def get_sign(data): 8 | with open('compute_sign.js', 'r', encoding='utf-8') as f: 9 | demo_code = f.read() 10 | sign = execjs.compile(demo_code).call('get_sign', data) 11 | return sign 12 | 13 | 14 | def post_data(data: str): 15 | cookies = { 16 | 'PSTM': '1692418097', 17 | 'BAIDUID': '9ACE297B2A06524DF8727B6DDB1B1CCB:FG=1', 18 | 'BIDUPSID': '338BF1F7878D5A6E8C547387697B6334', 19 | 'REALTIME_TRANS_SWITCH': '1', 20 | 'FANYI_WORD_SWITCH': '1', 21 | 'HISTORY_SWITCH': '1', 22 | 'SOUND_SPD_SWITCH': '1', 23 | 'SOUND_PREFER_SWITCH': '1', 24 | 'H_WISE_SIDS': '216833_213361_214797_110085_244726_261718_236312_265615_265881_266358_267371_267074_268592_268706_266187_259642_269409_256151_269832_269905_269050_267066_256739_270460_270519_264424_270547_271171_263618_271321_271269_266028_270102_271812_271254_234296_234208_272282_267596_272466_272764_260335_273137_273231_273301_273400_273387_271157_273472_273520_271147_273318_264170_270186_272263_273164_274077_273931_274140_274177_273917_273043_273593_272857_274301_203520_274413_272562_179345_273071_274765_274762_274755_274778_274853_274857_274846_270158_275069_275097_267806_267548_272333_275167_274332_275199_275147_272317_275776_275782_270366_273491_275007_275823_275939_275970_274784_274079_276090_269610_276060_276120_275903_276202_276251_274283_274502_276196_276334_276244', 25 | 'H_WISE_SIDS_BFESS': '216833_213361_214797_110085_244726_261718_236312_265615_265881_266358_267371_267074_268592_268706_266187_259642_269409_256151_269832_269905_269050_267066_256739_270460_270519_264424_270547_271171_263618_271321_271269_266028_270102_271812_271254_234296_234208_272282_267596_272466_272764_260335_273137_273231_273301_273400_273387_271157_273472_273520_271147_273318_264170_270186_272263_273164_274077_273931_274140_274177_273917_273043_273593_272857_274301_203520_274413_272562_179345_273071_274765_274762_274755_274778_274853_274857_274846_270158_275069_275097_267806_267548_272333_275167_274332_275199_275147_272317_275776_275782_270366_273491_275007_275823_275939_275970_274784_274079_276090_269610_276060_276120_275903_276202_276251_274283_274502_276196_276334_276244', 26 | 'MCITY': '-179%3A', 27 | 'BDUSS': 'VczVkFYYXByS01vekluaFBhSnFxRDlVMjVVcTYydHMyOEhMUkpFcW1KSTNzMkpsSVFBQUFBJCQAAAAAAAAAAAEAAAAKOehI0KHQocK9tPPLp7n4xbYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADcmO2U3JjtlQ', 28 | 'BDUSS_BFESS': 'VczVkFYYXByS01vekluaFBhSnFxRDlVMjVVcTYydHMyOEhMUkpFcW1KSTNzMkpsSVFBQUFBJCQAAAAAAAAAAAEAAAAKOehI0KHQocK9tPPLp7n4xbYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADcmO2U3JjtlQ', 29 | 'BDORZ': 'B490B5EBF6F3CD402E515D22BCDA1598', 30 | 'BA_HECTOR': '0g2ka0ak802k2g21a0ak81am1ik4fjf1q', 31 | 'BAIDUID_BFESS': '9ACE297B2A06524DF8727B6DDB1B1CCB:FG=1', 32 | 'ZFY': ':AnBcgT4E0zKoc7EdhE1cD:BAzp3slHugmmxctOTNXV8U:C', 33 | 'APPGUIDE_10_6_6': '1', 34 | 'Hm_lvt_64ecd82404c51e03dc91cb9e8c025574': '1698840840', 35 | 'BDRCVFR[feWj1Vr5u3D]': 'I67x6TjHwwYf0', 36 | 'delPer': '0', 37 | 'PSINO': '3', 38 | 'H_PS_PSSID': '39531_39419_39592_39528_39497_26350_39561_22160', 39 | 'Hm_lpvt_64ecd82404c51e03dc91cb9e8c025574': '1698841550', 40 | 'ab_sr': '1.0.1_NDc0ZTliOWEyNThmOWQ0Mjg2NDBkODg0YjJhOWYzMjQ2ZTI4MmYxOThmN2RjOWU1OGUzNDJiNmRmZmEyNTFkZTZlNGZhMGY0NTA3MDMxMjZjYzZiMzA1ZWZhODM2MDY1YWM2MjZhZWU5ZDM0NDE3NTMwYTE1ZDA5MDI1YzRmNzdiODhjZjgyZjgzYzZhOGZlOWY1OTMwMGZiNTg5OWZjYjdjYzBmNjQ5N2VkZjNmMjg5ZTU3MTA4YTZlYzY1NTFj', 41 | } 42 | headers = { 43 | 'Accept': '*/*', 44 | 'Accept-Language': 'zh-CN,zh;q=0.9', 45 | 'Acs-Token': '1698841550259_1698841654391_rUmDAOVnVAwkizrnbmFxHFNs4aQ1Dtv24xGIHhqIzMXoAWuNDnnXS7kGCeCOBd90gCxRfAV20Rq++BUXApahx1n8Aut0tUl9+DbHAWTqauvZ+BlhWea7/WfD10qcmSoXT/8psFTjojmJT3d7UohxH8w3FrxIXffmQwqDI96EgZMxeNCgnq4kbOhQG6UuHIamiNAaw6lHRxunD1vvEExv6yoTEcOPWbrRXGqPC5Qrd0qfvnFvhcdqwpjvs7qntQQB3AkNBOSAS6JR/gvagEiuoMr/g2tTFYGeeBknnf9qqA9ZryxVlCfn4qAPFvWcMn3SypxPlDnTRoymg5NgqL8gCaDrXi9txejCPo3T8x2IPuIpmYhLVGHGeiwXpqJpxlvCKmB2o4Ppveg1uW6xlPXNxwmrMPewR8oSnd4+zkkuPKTQw9a7PAg/gy7t7OQ8ha/loMp6d41F0LhssO0miBLx34WN2U1vrugAk7+fTtmclzJIMsgfCAE5uJhP7AsssPgO506+PhtpWpn42OFhJgeZTA==', 46 | 'Cache-Control': 'no-cache', 47 | 'Connection': 'keep-alive', 48 | 'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8', 49 | 'Origin': 'https://fanyi.baidu.com', 50 | 'Pragma': 'no-cache', 51 | 'Referer': 'https://fanyi.baidu.com/?aldtype=16047', 52 | 'Sec-Fetch-Dest': 'empty', 53 | 'Sec-Fetch-Mode': 'cors', 54 | 'Sec-Fetch-Site': 'same-origin', 55 | 'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36', 56 | 'X-Requested-With': 'XMLHttpRequest', 57 | 'sec-ch-ua': '"Chromium";v="118", "Google Chrome";v="118", "Not=A?Brand";v="99"', 58 | 'sec-ch-ua-mobile': '?0', 59 | 'sec-ch-ua-platform': '"macOS"', 60 | } 61 | params = ( 62 | ('from', 'zh'), 63 | ('to', 'en'), 64 | ) 65 | data = { 66 | 'from': 'zh', 67 | 'to': 'en', 68 | 'query': data, 69 | 'transtype': 'enter', 70 | 'simple_means_flag': '3', 71 | 'sign': get_sign(data), 72 | 'token': '24cae223b795d34ae95b9f486e8b9472', 73 | 'domain': 'common', 74 | 'ts': str(round(time.time()*1000)) 75 | } 76 | response = requests.post('https://fanyi.baidu.com/v2transapi', headers=headers, params=params, cookies=cookies, 77 | data=data) 78 | print(response.text) 79 | 80 | 81 | if __name__ == '__main__': 82 | post_data('中国') 83 | -------------------------------------------------------------------------------- /补环境导论与实战/111.js: -------------------------------------------------------------------------------- 1 | // HTMLAnchorElement = function () { 2 | // if (this instanceof HTMLAnchorElement) { 3 | // throw TypeError('Illegal constructor') 4 | // } else if (val) { 5 | // if (val === "anlan_cE") { 6 | // } 7 | // } else { 8 | // throw TypeError(`Failed to construct 'HTMLAnchorElement': Please use the 'new' operator, this DOM object constructor cannot be called as a function`) 9 | // } 10 | // }; 11 | HTMLAnchorElement = function () { 12 | 13 | } 14 | // HTMLAnchorElement.prototype.host = '' 15 | // HTMLAnchorElement.prototype.href = '' 16 | 17 | document = { 18 | createElement: function (val) { 19 | if (val === 'a') { 20 | return new HTMLAnchorElement() 21 | } 22 | } 23 | } 24 | 25 | // 非尖头函数 和 new 过程中 谁调用this 只向谁 26 | Object.defineProperty(HTMLAnchorElement.prototype, 'href', { 27 | set: function () { 28 | this.host = arguments[0].split('/').at(-1); 29 | this._HTMLAnchorElement_href = arguments[0]; 30 | // return arguments[0] // 这里不用return 等号表达式在解析的时候会自动向前赋值的,这里不需要return 31 | }, 32 | get: function () { 33 | // 这里设置中间变量 防止递归栈溢出。所以不能直接写 this.href 34 | return this._HTMLAnchorElement_href; 35 | }, 36 | }) 37 | a = document.createElement('a') 38 | a.href = 'https://www.yuanrenxue.com' 39 | console.log(a.host) 40 | console.log(a.href) -------------------------------------------------------------------------------- /补环境导论与实战/11题eval里执行的函数抠出来js.txt: -------------------------------------------------------------------------------- 1 | var _N = function() { 2 | setTimeout('location.href=location.pathname+location.search.replace(/[\?|&]captcha-challenge/,\'\')', 1500); 3 | document.cookie = '__jsl_clearance=1699584984.427|0|' + (function() { 4 | var _t = [function(_N) { 5 | return _N 6 | } 7 | , function(_t) { 8 | return _t 9 | } 10 | , (function() { 11 | var _N = document.createElement('div'); 12 | _N.innerHTML = '_1H'; 13 | _N = _N.firstChild.href; 14 | var _t = _N.match(/https?:\/\//)[0]; 15 | _N = _N.substr(_t.length).toLowerCase(); 16 | return function(_t) { 17 | for (var _1H = 0; _1H < _t.length; _1H++) { 18 | _t[_1H] = _N.charAt(_t[_1H]) 19 | } 20 | ;return _t.join('') 21 | } 22 | } 23 | )(), function(_N) { 24 | for (var _t = 0; _t < _N.length; _t++) { 25 | _N[_t] = parseInt(_N[_t]).toString(36) 26 | } 27 | ;return _N.join('') 28 | } 29 | ] 30 | , _N = ['clD', [(-~~~{} << -~~~{}) + (-~~~{} << -~~~{})], 'V', [(-~[] + [] + [[]][0]) + [-~-~{}]], 'fq', [(-~[] + [] + [[]][0]) + [-~[] - ~[] - ~!/!/ + (-~[] - ~[]) * [-~[] - ~[]]], (-~[] + [] + [[]][0]) + (-~[-~-~{}] + [[]][0]), (-~[] + [] + [[]][0]) + [(+!![[][[]]][1])]], 'LBWywKW', [(2 - ~[-~-~{}] + [] + [[]][0])], '%2FZyf', [(-~[] + [] + [[]][0]) + (-~[-~-~{}] + [[]][0])], '6', [(-~[] + [] + [[]][0]) + (-~[-~-~{}] + [[]][0])], '_07c161cc34e09b7fd1d1cd6199cccaa5', (-~[-~-~{}] + [[]][0]), 'D']; 31 | for (var _1H = 0; _1H < _N.length; _1H++) { 32 | _N[_1H] = _t[[1, 0, 1, 2, 1, 3, 1, 2, 1, 2, 1, 3, 1, 0, 1][_1H]](_N[_1H]) 33 | } 34 | ;return _N.join('') 35 | } 36 | )() + ';Expires=Tue, 12-Dec-30 09:50:26 GMT;Path=/;' 37 | }; 38 | if ((function() { 39 | try { 40 | return !!window.addEventListener; 41 | } catch (e) { 42 | return false; 43 | } 44 | } 45 | )()) { 46 | document.addEventListener('DOMContentLoaded', _N, false) 47 | } else { 48 | document.attachEvent('onreadystatechange', _N) 49 | } 50 | -------------------------------------------------------------------------------- /补环境导论与实战/11题第一次请求返回.js: -------------------------------------------------------------------------------- 1 | var x = "div@Expires@@captcha@while@length@@reverse@0xEDB88320@substr@fromCharCode@686@@0@@@LBWywKW@1500@@cookie@@36@createElement@JgSe0upZ@rOm9XFMtA3QKV7nYsPGT4lifyWwkq5vcjH2IdxUoCbhERLaz81DNB6@Dec@Tue@eval@@window@href@3@String@attachEvent@false@toLowerCase@09@clD@Array@@26@@Path@@@@f@if@@@D@@addEventListener@@@try@return@location@toString@@@50@@@pathname@@@@setTimeout@@replace@a@innerHTML@@@@1699584643@else@@document@V@@@@https@join@for@@DOMContentLoaded@6@e@@@@@new@catch@var@@2@30@split@@function@1@charAt@12@__jsl_clearance@0xFF@firstChild@search@k@chars@charCodeAt@2FZyf@parseInt@8@@match@RegExp@fq@challenge@@g@onreadystatechange@@d@GMT".replace(/@*$/, "").split("@"), 2 | y = "1L N=22(){1i('17.v=17.1e+17.29.1k(/[\\?|&]4-2k/,\\'\\')',i);1t.k='26=1q.c|e|'+(22(){1L t=[22(N){16 N},22(t){16 t},(22(){1L N=1t.n('1');N.1m='<1l v=\\'/\\'>1H';N=N.28.v;1L t=N.2h(/1y?:\\/\\//)[e];N=N.a(t.6).A();16 22(t){1A(1L 1H=e;1H 也有对环境的处理 ---> 扣代码+补环境 3 | 2、补环境 ---> 狭义的补环境 4 | 5 | 何为补环境? 6 | 7 | 狭义: 一段js代码拿过来,原封不动的处理。然后让它兼容我们的执行环境 8 | 9 | eg: 10 | 11 | function canvas_ck(){ 12 | var canvas = document.createElement('canvas'); 13 | var context = canvas.getContext('2d'); 14 | targetWidth = 500 15 | targetHeight = 300 16 | context.clearRect(0, 0, targetWidth, targetHeight); 17 | context.fillRect(10, 10, 150, 75) 18 | return canvas.toDataURL() 19 | } 20 | 21 | 广义: 只要有相关浏览器API的补充,哪怕只有一句话,都可以认为是在一定程度上的补环境 22 | 23 | if(canvas_ck()){ 24 | document.cookie = 'yrx=class12bhj' 25 | } 26 | 27 | ------> 28 | 29 | document = {cookie: ''} 30 | 31 | if(true){ 32 | document.cookie = 'yrx=class12bhj' 33 | } 34 | 35 | 36 | 通过这个例子大家就发现了,普通的对象补起来比较轻松,只需要单纯处理一下即可。 37 | 38 | 那么我们就利用补环境的思路处理一下练习平台的 11题 39 | 40 | 41 | 42 | js 代码: 43 | 44 | document = { 45 | cookie: '', 46 | addEventListener: function (a, b, c) { 47 | b() 48 | }, 49 | createElement: function (){return {firstChild: {href: 'https://www.python-spider.com/'}}} 50 | } 51 | setTimeout = function () {}; 52 | window = { 53 | addEventListener: '111', 54 | }; 55 | 56 | __jscodes 57 | function decode(){ 58 | return document.cookie 59 | } 60 | 61 | 62 | python代码 63 | 64 | import requests 65 | import re 66 | import execjs 67 | 68 | session = requests.session() 69 | cookies = { 70 | 'sessionid': '4ki93yugkyyzhznovqx6u5erslc8pwr8' 71 | } 72 | response = session.get('https://www.python-spider.com/challenge/11', cookies=cookies) 73 | jscode = re.match('', response.text).group(1) 74 | with open('1.js', 'r', encoding='utf-8') as f: 75 | result = execjs.compile(f.read().replace('__jscodes', jscode)).call('decode') 76 | 77 | print(result) 78 | 79 | cookies[result.split('=')[0]] = result.split('=')[1].split(';')[0] 80 | print(cookies) 81 | response = session.get('https://www.python-spider.com/challenge/11', cookies=cookies) 82 | print(response.text) 83 | 84 | 通过这个例子大家可以看出,简单的补环境实现起来特别容易。 85 | 86 | 87 | 接下来我们简单提一嘴原型链 【很重要】 88 | 89 | 我们都知道,构造函数的实例化对象隐式原型__proto__ 指向了构造函数的显式原型prototype 90 | 91 | 即: function A(){} 92 | a = new A() 93 | a.__proto__ === A.prototype 94 | 95 | 当调用一个对象/函数的属性的时候,会按照原型链(隐式原型)的方式进行逐级的向下搜寻 96 | 97 | 举例:比如我们来一个 chrome常见的参数 98 | 99 | document.DOCUMENT_NODE 100 | 101 | 那么实际上它就是逐级寻找的过程 102 | 103 | 我们在控制台打印一个对象的时候,大家应该发现了,对象里两种不同的颜色 104 | 105 | 深色,浅色 106 | 107 | 其中: 深色 指 可枚举属性(即 可以用for in方式查找出来) 108 | 浅色 指 不可枚举属性 109 | 110 | 加粗标识该属性在当前的对象中 111 | 不加粗标识属性在当前对象的原型链中 112 | 113 | 但是这个规律在document上有些是不适用的。 114 | 115 | 我们先看一下 window 和 document 的原型链 116 | 117 | window.__proto__.__proto__.__proto__.__proto__ 118 | document.__proto__.__proto__.__proto__.__proto__.__proto__ 119 | 120 | 所以其实,最终实现的 window 与 document 原则上是通过一点一点的"构造函数" new 上去的(或拼上去的) 121 | 122 | 而 “关键词” 在 js语法中是不可被重写的 123 | 124 | 也就是说,如果有这样一个网站做了这样一个检测: 125 | 126 | document instanceof EventTarget ,从补环境的角度上来说,我们就必须让 document 与 EventTarget 产生继承关系才行 127 | 128 | 129 | Q: 类似于 document instanceof EventTarget 这些相关检测点是如何被发现的。就是经验。大量的,海量的经验。 130 | 131 | 我会告诉大家我目前遇到的所有的 不同类型的检测点处理思路 132 | 133 | 那么目前位置:简单的对象与函数检测。我就讲完了。按照例题那么补就可以了 134 | 135 | 那么接下来,我们来学习下一个检测点 136 | 137 | a = document.createElement('a') 138 | a.href = 'https://www.yuanrenxue.com' 139 | console.log(a.host) 140 | 141 | 首先我们要先找到 href 和 host在哪里 142 | a.__proto__ 143 | 144 | 所以 稍微标准一点(标准1%)的话,我们就需要先处理一下 HTMLAnchorElement 145 | 【初学补环境不要考虑太多。跟我的节奏,我考虑一个你就考虑一个,不要杠,杠就是你对】 146 | 147 | HTMLAnchorElement = function(){}; 148 | HTMLAnchorElement.prototype.host = ''; 149 | HTMLAnchorElement.prototype.href = ''; 150 | HTMLAnchorElement.prototype._HTMLAnchorElement_href = ''; 151 | 152 | Object.defineProperty(HTMLAnchorElement.prototype, 'href', { 153 | set: function(){ 154 | this.host = arguments[0].split('/').at(-1); 155 | this._HTMLAnchorElement_href = arguments[0]; 156 | // return arguments[0] // 这里不用return 等号表达式在解析的时候会自动向前赋值的,这里不需要return 157 | }, 158 | get: function(){ 159 | return this._HTMLAnchorElement_href; 160 | }, 161 | }) 162 | 163 | // 这个模块写完了之后,我们就需要做一些其他的处理了 164 | 165 | document = { 166 | createElement: function(val){ 167 | if(val === 'a'){ 168 | return new HTMLAnchorElement("anlan_cE") 169 | } 170 | } 171 | } 172 | 173 | 这样就算搞定这么一个 小检测点了。 接下来我们要稍微抹除一下痕迹 174 | 175 | document.createElement.toString() 这个常规的检测,那么 这个检测点的根源在哪里? 176 | 177 | 大家继续跟着我的思路走 178 | 179 | document.createElement.__proto__ 180 | 181 | document.createElement.__proto__.__proto__ 在这儿,对么? 182 | 183 | 空函数本质是什么? Function.prototype 184 | 185 | _toString = Function.prototype.toString 186 | Function.prototype.toString = function(val){ 187 | debugger; 188 | if (this.name === 'createElement'){ 189 | return 'function createElement() { [native code] }' 190 | } 191 | else if(this.name === ''){ 192 | return 'function () { [native code] }' 193 | } 194 | else if(this.name === 'HTMLAnchorElement'){ 195 | return 'function HTMLAnchorElement() { [native code] }' 196 | } 197 | else{ 198 | _toString.apply(this, arguments) 199 | } 200 | } 201 | 202 | 那么写了这么多我们是不是就高枕无忧了呢? 不是 203 | 204 | 为什么? 因为: 205 | 206 | HTMLAnchorElement() 直接执行会报错。所以 207 | 208 | HTMLAnchorElement = function(){ 209 | debugger; 210 | if(this instanceof HTMLAnchorElement){ 211 | throw TypeError(`Failed to construct 'HTMLAnchorElement': Please use the 'new' operator, this DOM object constructor cannot be called as a function) 212 | } 213 | else if(val){ 214 | if(val === "anlan_cE"){} 215 | } 216 | else{ 217 | throw TypeError('Illegal constructor') 218 | } 219 | }; 220 | 221 | 今天的课程暂时就先这样。就讲这么多吧 222 | -------------------------------------------------------------------------------- /补环境导论与实战/demo.js: -------------------------------------------------------------------------------- 1 | document = {} 2 | _canvas = {} 3 | _context = {} 4 | _context.clearRect = function () { 5 | } 6 | _context.fillRect = function () { 7 | } 8 | _canvas.getContext = function () { 9 | return _context 10 | } 11 | _canvas.toDataURL = function () { 12 | return 'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAASwAAACWCAYAAABkW7XSAAAAAXNSR0IArs4c6QAABwtJREFUeF7t20FqBEEMA8Dd/z86+UILrIPYynlw3NVCTBjy/fghQIDAiMB3ZE9rEiBA4KOwhIAAgRkBhTVzVRYlQEBhyQABAjMCCmvmqixKgIDCkgECBGYEFNbMVVmUAAGFJQMECMwIKKyZq7IoAQJJYf3hIlAQSDJY+PVGLgkkYVFYSze7s2uSwZ1T2bQikIRFYVWu4OeHJhn8eaxfB0jCorB+PS2d8ycZ7Gxg6oxAEhaFNXOtU4smGZw6mGXvBZKwKKx7fxM//gFfCN4FFNa7lSc7AkkGOxuYOiOQhMUb1sy1Ti2aZHDqYJa9F0jCorDu/U30J6EMBAIKK8DyaEUgyWBlAUN3BJKweMPaudelTZMMLp3LrgWBJCwKq3ABRvpKKAPvAgrr3cqTHYEkg50NTJ0RSMLiDWvmWqcWTTI4dTDL3gskYVFY9/4m+kooA4GAwgqwPFoRSDJYWcDQHYEkLN6wdu51adMkg0vnsmtBIAmLwipcgJG+EsrAu4DCerfyZEcgyWBnA1NnBJKweMOaudapRZMMTh3MsvcCSVgU1r2/ib4SykAgoLACLI9WBJIMVhYwdEcgCYs3rJ17Xdo0yeDSuexaEEjCorAKF2Ckr4Qy8C6gsN6tPNkRSDLY2cDUGYEkLN6wZq51atEkg1MHs+y9QBIWhXXvb6KvhDIQCCisAMujFYEkg5UFDN0RSMLiDWvnXpc2TTK4dC67FgSSsCiswgUY6SuhDLwLKKx3K092BJIMdjYwdUYgCYs3rJlrnVo0yeDUwSx7L5CERWHd+5voK6EMBAIKK8DyaEUgyWBlAUN3BJKweMPaudelTZMMLp3LrgWBJCwKq3ABRvpKKAPvAgrr3cqTHYEkg50NTJ0RSMLiDWvmWqcWTTI4dTDL3gskYVFY9/4m+kooA4GAwgqwPFoRSDJYWcDQHYEkLN6wdu51adMkg0vnsmtBIAmLwipcgJG+EsrAu4DCerfyZEcgyWBnA1NnBJKweMOaudapRZMMTh3MsvcCSVgU1r2/ib4SykAgoLACLI9WBJIMVhYwdEcgCYs3rJ17Xdo0yeDSuexaEEjCorAKF2Ckr4Qy8C6gsN6tPNkRSDLY2cDUGYEkLN6wZq51atEkg1MHs+y9QBIWhXXvb6KvhDIQCCisAMujFYEkg5UFDN0RSMLiDWvnXpc2TTK4dC67FgSSsCiswgUY6SuhDLwLKKx3K092BJIMdjYwdUYgCYs3rJlrnVo0yeDUwSx7L5CERWHd+5voK6EMBAIKK8DyaEUgyWBlAUN3BJKweMPaudelTZMMLp3LrgWBJCwKq3ABRvpKKAPvAgrr3cqTHYEkg50NTJ0RSMLiDWvmWqcWTTI4dTDL3gskYVFY9/4m+kooA4GAwgqwPFoRSDJYWcDQHYEkLN6wdu51adMkg0vnsmtBIAmLwipcgJG+EsrAu4DCerfyZEcgyWBnA1NnBJKweMOaudapRZMMTh3MsvcCSVgU1r2/ib4SykAgoLACLI9WBJIMVhYwdEcgCYs3rJ17Xdo0yeDSuexaEEjCorAKF2Ckr4Qy8C6gsN6tPNkRSDLY2cDUGYEkLN6wZq51atEkg1MHs+y9QBIWhXXvb6KvhDIQCCSFFYz1KAECBO4FFNa9qYkECJQEFFYJ1lgCBO4FFNa9qYkECJQEFFYJ1lgCBO4FFNa9qYkECJQEFFYJ1lgCBO4FFNa9qYkECJQEFFYJ1lgCBO4FFNa9qYkECJQEFFYJ1lgCBO4FFNa9qYkECJQEFFYJ1lgCBO4FFNa9qYkECJQEFFYJ1lgCBO4FFNa9qYkECJQEFFYJ1lgCBO4FFNa9qYkECJQEFFYJ1lgCBO4FFNa9qYkECJQEFFYJ1lgCBO4FFNa9qYkECJQEFFYJ1lgCBO4FFNa9qYkECJQEFFYJ1lgCBO4FFNa9qYkECJQEFFYJ1lgCBO4FFNa9qYkECJQEFFYJ1lgCBO4FFNa9qYkECJQEFFYJ1lgCBO4FFNa9qYkECJQEFFYJ1lgCBO4FFNa9qYkECJQEFFYJ1lgCBO4FFNa9qYkECJQEFFYJ1lgCBO4FFNa9qYkECJQEFFYJ1lgCBO4FFNa9qYkECJQEFFYJ1lgCBO4FFNa9qYkECJQEFFYJ1lgCBO4FFNa9qYkECJQEFFYJ1lgCBO4FFNa9qYkECJQEFFYJ1lgCBO4FFNa9qYkECJQEFFYJ1lgCBO4FFNa9qYkECJQEFFYJ1lgCBO4FFNa9qYkECJQEFFYJ1lgCBO4FFNa9qYkECJQEFFYJ1lgCBO4FFNa9qYkECJQEFFYJ1lgCBO4FFNa9qYkECJQEFFYJ1lgCBO4FFNa9qYkECJQEFFYJ1lgCBO4FFNa9qYkECJQEFFYJ1lgCBO4FFNa9qYkECJQEFFYJ1lgCBO4F/gEqnUuX5F18ZAAAAABJRU5ErkJggg==' 13 | } 14 | document.createElement = function () { 15 | return _canvas 16 | } 17 | 18 | function canvas_ck() { 19 | var canvas = document.createElement('canvas'); 20 | var context = canvas.getContext('2d'); 21 | targetWidth = 500 22 | targetHeight = 300 23 | context.clearRect(0, 0, targetWidth, targetHeight); 24 | context.fillRect(10, 10, 150, 75) 25 | return canvas.toDataURL() 26 | } 27 | 28 | console.log(canvas_ck()) 29 | 30 | 31 | -------------------------------------------------------------------------------- /补环境导论与实战/第11题.js: -------------------------------------------------------------------------------- 1 | window = {} 2 | document = {} 3 | window.addEventListener = '1' 4 | document.addEventListener = function (a, b, c) { 5 | b() 6 | } 7 | document.attachEvent = function (a, b, c) { 8 | b() 9 | } 10 | document.createElement = function () { 11 | return { 12 | 'innerHTML': "_1H", 13 | "firstChild": {"href": 'https://www.python-spider.com/'} 14 | } 15 | } 16 | setTimeout = function () { 17 | 18 | } 19 | 20 | __jscode 21 | 22 | function decode() { 23 | return document.cookie 24 | } -------------------------------------------------------------------------------- /补环境导论与实战/第11题.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | import requests 3 | import re 4 | import execjs 5 | 6 | cookies = { 7 | 'sessionid': 'ej59kzqq45net4nepy8noj9t39jgjkb8' 8 | } 9 | session = requests.session() 10 | 11 | url = 'https://www.python-spider.com/challenge/11' 12 | response = session.get(url, cookies=cookies) 13 | js_code = re.match('', response.text).group(1) 14 | with open('第11题.js', 'r', encoding='utf-8') as f: 15 | # 进行替换的时候,可以讲 第11题.js 中 __jscode 以上的代码删除(除了补充的环境)---> 补充的环境+替换的代码直接输出即可/ 直接用扣下来的+补环境 直接运行也可以 16 | __jsl_clearance = execjs.compile(f.read().replace('__jscode', js_code)).call('decode') 17 | cookies['__jsl_clearance'] = __jsl_clearance.split('=')[1].split(';')[0] 18 | url = 'https://www.python-spider.com/challenge/11' 19 | response = session.get(url, cookies=cookies) 20 | print(response.text) 21 | -------------------------------------------------------------------------------- /补环境导论与实战/补环境实战-讲解13页面/js13.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | import requests 3 | 4 | headers = { 5 | 'authority': 'www.python-spider.com', 6 | 'accept': '*/*', 7 | 'accept-language': 'zh-CN,zh;q=0.9', 8 | 'cache-control': 'no-cache', 9 | 'content-type': 'application/x-www-form-urlencoded; charset=UTF-8', 10 | 'cookie': 'yrx-13=AyH_CeGU4V0hqikdNkEGamb2MOY-zpXAv0I51IP2HSiH6k8Yyx6lkE-SSaUQ;; Hm_lvt_337e99a01a907a08d00bed4a1a52e35d=1699583477,1699605433,1699845034; sessionid=jtu7jxrunsq4cq2vywx81y5mmgofa4vd; Hm_lpvt_337e99a01a907a08d00bed4a1a52e35d=1699845055', 11 | 'origin': 'https://www.python-spider.com', 12 | 'pragma': 'no-cache', 13 | 'referer': 'https://www.python-spider.com/challenge/new/jss?nm=13', 14 | 'sec-ch-ua': '"Google Chrome";v="119", "Chromium";v="119", "Not?A_Brand";v="24"', 15 | 'sec-ch-ua-mobile': '?0', 16 | 'sec-ch-ua-platform': '"macOS"', 17 | 'sec-fetch-dest': 'empty', 18 | 'sec-fetch-mode': 'cors', 19 | 'sec-fetch-site': 'same-origin', 20 | 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36', 21 | 'x-requested-with': 'XMLHttpRequest', 22 | } 23 | 24 | params = ( 25 | ('nm', '13'), 26 | ) 27 | 28 | data = { 29 | 'as': 'Window' 30 | } 31 | 32 | response = requests.post('https://www.python-spider.com/challenge/new/check', headers=headers, params=params, data=data) 33 | 34 | #NB. Original query string below. It seems impossible to parse and 35 | #reproduce query strings 100% accurately so the one below is given 36 | #in case the reproduced version is not "correct". 37 | # response = requests.post('https://www.python-spider.com/challenge/new/check?nm=13', headers=headers, data=data) 38 | 39 | print(response.text) -------------------------------------------------------------------------------- /补环境导论与实战/补环境实战-讲解13页面/蜜罐的处理.txt: -------------------------------------------------------------------------------- 1 | 注意: 2 | 蜜罐 代码的走向没有按照预期的方法走 3 | 处理蜜罐的笨方法 浏览器和本地的node.js连调 一步一步走,一个函数一个函数, 一段一段代码 对比 4 | 猿人学第二届比赛题, 蜜罐从第一题到第10题 全是蜜罐 5 | 巧方法, 蜜罐一定会出现条件分支, (从分支里面处理) 6 | 1、判断 if else 7 | 2、控制流平坦化 case switch 8 | 3、三目表达式 9 | 4、try catch (优先先排查,操作在所有的cath 后面打上日志) 10 | 5、&& || -------------------------------------------------------------------------------- /补环境导论与实战/补环境实战-讲解13页面/补环境实战.txt: -------------------------------------------------------------------------------- 1 | 谷歌浏览器调试代码 2 | node --inspect-brk xxx.js 3 | 4 | // 判断在哪里进行 设置cookie , hook cookie 5 | cookieTemp = '' 6 | Object.defineProperty(document, "cookie", { 7 | set: function(val) { 8 | if (val.indexOf("yrx-13") != -1) { 9 | debugger; 10 | } 11 | cookieTemp = val; 12 | console.log("Hook捕获Cookie设置->", val); 13 | // return val; 14 | },get: function() { 15 | return cookieTemp; 16 | }}) 17 | 18 | 注意: 19 | // 蜜罐 代码的走向没有按照预期的方法走 20 | // 处理蜜罐的本方法 浏览器和本地的node.js连调 一步一步走,一个函数一个函数, 一段一段代码 对比 21 | // 猿人学第二届比赛题, 蜜罐从第一题到第10题 全是蜜罐 22 | // 巧方法, 蜜罐一定会出现条件分支, (从分支里面处理) 23 | // 1、判断 if else 24 | // 2、控制流平坦化 case switch 25 | // 3、三目表达式 26 | // 4、try catch (先排查,操作在所有的cath 后面打上日志) 27 | // 5、&& || 28 | 29 | 30 | 31 | 搞定本页cookie ----- yrx-13 32 | 33 | 34 | 35 | 36 | setInterval = function (a, b){ 37 | } 38 | window = global; 39 | addEventListener = function (a, b, c){ 40 | } 41 | Element = function (){} 42 | Element.prototype = { 43 | insertBefore: function (){}, 44 | appendChild: function (){}, 45 | } 46 | localStorage = { 47 | getItem: function (){}, 48 | setItem: function (){}, 49 | } 50 | tag = { 51 | 'onwheel': null 52 | } 53 | 54 | canvas = { 55 | getContext: function (){ return {}}, 56 | } 57 | document = { 58 | // cookie: 'yrx-13=A8ylTinQxLIswbT6E5p2O-kInSH7BXCvcqmEcyaN2HcasWIfThVAP8K5VAJ1', 59 | getElementsByTagName: function() { 60 | // console.log(arguments) 61 | if (arguments === 'base'){ 62 | return [] 63 | } 64 | return [tag] 65 | }, 66 | createElement: function(a) { 67 | if (a === 'canvas'){ 68 | return canvas 69 | } 70 | return tag 71 | }, 72 | attachEvent: function(a, b, c) {}, 73 | documentElement: { 74 | addBehavior: undefined, 75 | }, 76 | addEventListener: addEventListener, 77 | } 78 | MimeType = function (){ 79 | return { 80 | 0: { 81 | description: "Portable Document Format", 82 | enabledPlugin: "", 83 | }, 84 | name: "PDF Viewer" 85 | } 86 | } 87 | 88 | 89 | navigator = { 90 | userAgent: 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36', 91 | javaEnabled: function (){return false}, 92 | plugins: { 93 | 0: MimeType(), 94 | 1: MimeType(), 95 | 2: MimeType(), 96 | 3: MimeType(), 97 | 4: MimeType(), 98 | length: 5, 99 | }, 100 | vendor: 'Google Inc.', 101 | webdriver: false, 102 | doNotTrack: null, 103 | language: "zh-CN", 104 | languages: ['zh-CN', 'zh'], 105 | platform: 'Win32', 106 | } 107 | location = { 108 | hostname: 'www.python-spider.com', 109 | href: 'https://www.python-spider.com/challenge/new/js13', 110 | } 111 | --------------------------------------------------------------------------------