This is the sixth day of my participation in the August More text Challenge. For details, see:August is more challenging

Today’s web site

aHR0cHM6Ly93d3cuZ205OS5jb20v

This site comes from the technology exchange group of salted fish

I was wondering what web site failed to match with Reres to see if there was any new anti-crawling measures

Results analysis down is not, but the analysis of all analysis, write an article, this website encryption use webpack so handy analysis should be how to buckle

Or that sentence: the general algorithm words do not buckle, direct reference to the encryption library, do not give yourself trouble

Encryption positioning

Know that encryption is the password used for login, so directly find the login request, the purpose of clear positioning inside the encryption parameter password

Positioning by two methods:

1. Retrieve the password parameter

2. Trace directly to the source in network according to js enumerated in initator

With the second method, go to the breakpoint first, and then click login again to enter the breakpoint

After a few more debugging, I found the location down here

s = (new Date).getTime() r = g.encode(t.password, s) p = {... password: r,}Copy the code

According to the above pseudo code, you can see that the current location is the method G.encode

Continue with the breakpoint and then request, and you can see the following logic

Basically done, RSA encryption public key in the above setPublicKey place, using the general encryption guide package to reproduce encryption, the whole process is over here

Encryption analysis

Since I said I would look at the WebPack used here at the beginning, here’s a quick look

Take a look at the features of WebPack here

Copy all of this code into the editor, narrowing all the parentheses

The overall structure is pseudocode like this

!function(x){
xxxxx
}([
function xxx,
function xxxx,
function xxxxx,
]);
Copy the code

Is it the same as the pseudo code above

In addition to the structure of webPack, the most important thing is that he also has a method loader, after loading is the analysis of WebPack encryption often see XXX (90), XXX [‘ XXXX ‘] such calls, button code when feeling the code is all nesting

The module loader is usually at the top of the code, and some sites split the code into other JS files

A site like ours is at the top

He defines an empty s, then makes a judgment in n to see if s[t] has anything, and if it does, it doesn’t go into the following logic

So the module loader usually stops after the site loads.

So in the logic of our analysis we see that s=r(3) is already loaded

It’s not going to break at this point

You need to put a breakpoint on the current module loader, refresh the site, and it will break

Click on the echo of I [3] to see where s=r(3) is located

Webpack how buckle

1. The original code has a loader. Let’s get a loader

2. Define your own list of modules in the same way as the pseudocode above

Here its own module list content is encryption parameters through the encryption logic code, cut out and put in

Where the red box is in the code

3, take the code will not report an error on it, and then is to export the corresponding method according to the encryption logic to be used one by one.

Done, well, today’s article to end here, we will see you next time ~