What causes
This is a question from one of his friends in his communication group. There are so many big names in the communication group that I think this problem should be solved soon.
Sure enough, soon there is a brother to crack the code, silently a thumbs up, say a cow force.
Here I post the zhihu column of The Loco tycoon first, the column content is mainly crawler crawl, reverse article, more people pay attention to maybe the Tycoon can rise up to update.
zhuanlan.zhihu.com/webspider
There is also a tutorial written by the old brother I giving the code, published in aiO Chen’s public number:
Mp.weixin.qq.com/s/UP3EiMIuU…
after
I see the cause of the old brother to give the answer, but also with a try to try their own attitude, the main content of the crack in AIO Chen’s public account written in enough detail, so this article on a few stuck points I encountered, to make a note of the decrypt, easy to review after review.
View encrypted requests
Open developer mode, switch to the XHR TAB, and see two requests:
Search encryption parameters
Open a global search, search for the encrypt_data file, and find only one file. Search within the file and find six places where the encrypt_data is associated:
Here I come across the first pit:
I quickly found the correlation by searching for it, but I did it the wrong way. Instead of analyzing the code carefully, I kept looking for the decrypts in the callback, complicating the problem.
In fact, the decryption place is in the following screenshot where the breakpoint:
Find out where the key decryption is
After debugging F11 twice, I found the decryption place:
The second problem I encountered here is that I am not familiar with debugging tools. I have been using the debugging function of F10, which happens to be mentioned by the Loco boss in the group:
Developers.google.com/web/tools/c…
The completion code
Once we find the encryption code, we can do what’s missing and what’s missing.
Here is the beginning of the code.
Run the code
Here’s the third pit:
The solution to this problem is as follows:
Normally we dig out the js code as follows :(key parts)
In fact, when you call it in python, you write it like this :(the code comes from the guy who gave it at the beginning)
function my_decrypt(t) {
return new Buffer(s("5e5062e82f15fe4ca9d24bc5", my_decode(t), 0.0."012345677890123".1)).toString("base64")}Copy the codeThe reasons for this change are:
“Json. parse is removed, and the JSON string before parse is returned. In case the string contains specially encoded characters, it is converted to Base64 and then returned” — Loco Boss
Above is the js cracking process from the group chat, I hope the article mentioned in this article, tutorials for you to help.
The code was tested on 2019-5-13
EOF
