1. 破解返回結果
1.1. 分析 response
-
打開網站,在輸入框輸入查詢關鍵字【吳*凡】,分析 response 發現找不到返回的數據,但是卻能找到以下內容:
![]()
- 根據經驗推測,這裏的 result 結果就是我們要抓取的數據,只不過被某種加密方式加密了,我們無法直接獲取。
- 這裏我們注意到,返回的 response 中包含一個 secretKey,我們猜測這個 secretKey 就是解密 result 的關鍵鑰匙。
1.2. 逆向過程
-
全局搜搜 secretKey,找到下面的代碼,通過分析代碼我們推測這裏就是加密代碼;
![]()
- 在此處打上斷點,進行翻頁調試,發現該段代碼最後返回的結果
data.result的值就是result;
![]()
- 在調試的過程中,我們注意到此處加密的函數爲
DES3.decrypt,那這個函數具體執行步驟是什麼呢?我們進行回溯分析,並找到下面的代碼:
![]()
1.3. DES3.decrypt 代碼邏輯
- 通過下段調試,得到解密的 js 代碼。
'use strict';
var CryptoJS = CryptoJS || function(e, m) {
var p = {};
var j = p.lib = {};
/**
* @return {undefined}
*/
var l = function() {
};
var Base = j.Base = {
extend : function(opts) {
l.prototype = this;
var c = new l;
if (opts) {
c.mixIn(opts);
}
if (!c.hasOwnProperty("init")) {
/**
* @return {undefined}
*/
c.init = function() {
c.$super.init.apply(this, arguments);
};
}
c.init.prototype = c;
c.$super = this;
return c;
},
create : function() {
var instance = this.extend();
instance.init.apply(instance, arguments);
return instance;
},
init : function() {
},
mixIn : function(properties) {
var property;
for (property in properties) {
if (properties.hasOwnProperty(property)) {
this[property] = properties[property];
}
}
if (properties.hasOwnProperty("toString")) {
this.toString = properties.toString;
}
},
clone : function() {
return this.init.prototype.extend(this);
}
};
var n = j.WordArray = Base.extend({
init : function(a, c) {
a = this.words = a || [];
this.sigBytes = c != m ? c : 4 * a.length;
},
toString : function(encoder) {
return (encoder || Hex).stringify(this);
},
concat : function(a) {
var c = this.words;
var q = a.words;
var d = this.sigBytes;
a = a.sigBytes;
this.clamp();
if (d % 4) {
/** @type {number} */
var b = 0;
for (; b < a; b++) {
c[d + b >>> 2] |= (q[b >>> 2] >>> 24 - 8 * (b % 4) & 255) << 24 - 8 * ((d + b) % 4);
}
} else {
if (65535 < q.length) {
/** @type {number} */
b = 0;
for (; b < a; b = b + 4) {
c[d + b >>> 2] = q[b >>> 2];
}
} else {
c.push.apply(c, q);
}
}
this.sigBytes += a;
return this;
},
clamp : function() {
var a = this.words;
var c = this.sigBytes;
a[c >>> 2] &= 4294967295 << 32 - 8 * (c % 4);
/** @type {number} */
a.length = e.ceil(c / 4);
},
clone : function() {
var c = Base.clone.call(this);
c.words = this.words.slice(0);
return c;
},
random : function(a) {
/** @type {!Array} */
var b = [];
/** @type {number} */
var d = 0;
for (; d < a; d = d + 4) {
b.push(4294967296 * e.random() | 0);
}
return new n.init(b, a);
}
});
var b = p.enc = {};
var Hex = b.Hex = {
stringify : function(a) {
var c = a.words;
a = a.sigBytes;
/** @type {!Array} */
var outChance = [];
/** @type {number} */
var d = 0;
for (; d < a; d++) {
/** @type {number} */
var f = c[d >>> 2] >>> 24 - 8 * (d % 4) & 255;
outChance.push((f >>> 4).toString(16));
outChance.push((f & 15).toString(16));
}
return outChance.join("");
},
parse : function(a) {
var c = a.length;
/** @type {!Array} */
var b = [];
/** @type {number} */
var d = 0;
for (; d < c; d = d + 2) {
b[d >>> 3] |= parseInt(a.substr(d, 2), 16) << 24 - 4 * (d % 8);
}
return new n.init(b, c / 2);
}
};
var g = b.Latin1 = {
stringify : function(a) {
var c = a.words;
a = a.sigBytes;
/** @type {!Array} */
var outChance = [];
/** @type {number} */
var d = 0;
for (; d < a; d++) {
outChance.push(String.fromCharCode(c[d >>> 2] >>> 24 - 8 * (d % 4) & 255));
}
return outChance.join("");
},
parse : function(message) {
var d = message.length;
/** @type {!Array} */
var c = [];
/** @type {number} */
var b = 0;
for (; b < d; b++) {
c[b >>> 2] |= (message.charCodeAt(b) & 255) << 24 - 8 * (b % 4);
}
return new n.init(c, d);
}
};
var f = b.Utf8 = {
stringify : function(a) {
try {
return decodeURIComponent(escape(g.stringify(a)));
} catch (d) {
throw Error("Malformed UTF-8 data");
}
},
parse : function(string) {
return g.parse(unescape(encodeURIComponent(string)));
}
};
var k = j.BufferedBlockAlgorithm = Base.extend({
reset : function() {
this._data = new n.init;
/** @type {number} */
this._nDataBytes = 0;
},
_append : function(a) {
if ("string" == typeof a) {
a = f.parse(a);
}
this._data.concat(a);
this._nDataBytes += a.sigBytes;
},
_process : function(a) {
var b = this._data;
var c = b.words;
var d = b.sigBytes;
var f = this.blockSize;
/** @type {number} */
var h = d / (4 * f);
/** @type {number} */
h = a ? e.ceil(h) : e.max((h | 0) - this._minBufferSize, 0);
/** @type {number} */
a = h * f;
/** @type {number} */
d = e.min(4 * a, d);
if (a) {
/** @type {number} */
var g = 0;
for (; g < a; g = g + f) {
this._doProcessBlock(c, g);
}
g = c.splice(0, a);
b.sigBytes -= d;
}
return new n.init(g, d);
},
clone : function() {
var polygon = Base.clone.call(this);
polygon._data = this._data.clone();
return polygon;
},
_minBufferSize : 0
});
j.Hasher = k.extend({
cfg : Base.extend(),
init : function(cfg) {
this.cfg = this.cfg.extend(cfg);
this.reset();
},
reset : function() {
k.reset.call(this);
this._doReset();
},
update : function(a) {
this._append(a);
this._process();
return this;
},
finalize : function(a) {
if (a) {
this._append(a);
}
return this._doFinalize();
},
blockSize : 16,
_createHelper : function(hasher) {
return function(b, cfg) {
return (new hasher.init(cfg)).finalize(b);
};
},
_createHmacHelper : function(a) {
return function(b, f) {
return (new s.HMAC.init(a, f)).finalize(b);
};
}
});
var s = p.algo = {};
return p;
}(Math);
(function() {
var b = CryptoJS
, a = b.lib.WordArray;
b.enc.Base64 = {
stringify: function(i) {
var j = i.words
, e = i.sigBytes
, g = this._map;
i.clamp();
i = [];
for (var h = 0; h < e; h += 3) {
for (var c = (j[h >>> 2] >>> 24 - 8 * (h % 4) & 255) << 16 | (j[h + 1 >>> 2] >>> 24 - 8 * ((h + 1) % 4) & 255) << 8 | j[h + 2 >>> 2] >>> 24 - 8 * ((h + 2) % 4) & 255, f = 0; 4 > f && h + 0.75 * f < e; f++) {
i.push(g.charAt(c >>> 6 * (3 - f) & 63))
}
}
if (j = g.charAt(64)) {
for (; i.length % 4; ) {
i.push(j)
}
}
return i.join("")
},
parse: function(j) {
var k = j.length
, i = this._map
, g = i.charAt(64);
g && (g = j.indexOf(g),
-1 != g && (k = g));
for (var g = [], h = 0, e = 0; e < k; e++) {
if (e % 4) {
var f = i.indexOf(j.charAt(e - 1)) << 2 * (e % 4)
, c = i.indexOf(j.charAt(e)) >>> 6 - 2 * (e % 4);
g[h >>> 2] |= (f | c) << 24 - 8 * (h % 4);
h++
}
}
return a.create(g, h)
},
_map: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="
}
}
)();
(function(m) {
function f(l, r, n, s, d, q, p) {
l = l + (r & n | ~r & s) + d + p;
return (l << q | l >>> 32 - q) + r
}
function g(l, r, n, s, d, q, p) {
l = l + (r & s | n & ~s) + d + p;
return (l << q | l >>> 32 - q) + r
}
function e(l, r, n, s, d, q, p) {
l = l + (r ^ n ^ s) + d + p;
return (l << q | l >>> 32 - q) + r
}
function c(l, r, n, s, d, q, p) {
l = l + (n ^ (r | ~s)) + d + p;
return (l << q | l >>> 32 - q) + r
}
for (var o = CryptoJS, a = o.lib, j = a.WordArray, k = a.Hasher, a = o.algo, h = [], i = 0; 64 > i; i++) {
h[i] = 4294967296 * m.abs(m.sin(i + 1)) | 0
}
a = a.MD5 = k.extend({
_doReset: function() {
this._hash = new j.init([1732584193, 4023233417, 2562383102, 271733878])
},
_doProcessBlock: function(J, T) {
for (var V = 0; 16 > V; V++) {
var U = T + V
, N = J[U];
J[U] = (N << 8 | N >>> 24) & 16711935 | (N << 24 | N >>> 8) & 4278255360
}
var V = this._hash.words
, U = J[T + 0]
, N = J[T + 1]
, S = J[T + 2]
, F = J[T + 3]
, d = J[T + 4]
, L = J[T + 5]
, H = J[T + 6]
, n = J[T + 7]
, p = J[T + 8]
, E = J[T + 9]
, l = J[T + 10]
, b = J[T + 11]
, M = J[T + 12]
, K = J[T + 13]
, I = J[T + 14]
, G = J[T + 15]
, R = V[0]
, Q = V[1]
, P = V[2]
, O = V[3]
, R = f(R, Q, P, O, U, 7, h[0])
, O = f(O, R, Q, P, N, 12, h[1])
, P = f(P, O, R, Q, S, 17, h[2])
, Q = f(Q, P, O, R, F, 22, h[3])
, R = f(R, Q, P, O, d, 7, h[4])
, O = f(O, R, Q, P, L, 12, h[5])
, P = f(P, O, R, Q, H, 17, h[6])
, Q = f(Q, P, O, R, n, 22, h[7])
, R = f(R, Q, P, O, p, 7, h[8])
, O = f(O, R, Q, P, E, 12, h[9])
, P = f(P, O, R, Q, l, 17, h[10])
, Q = f(Q, P, O, R, b, 22, h[11])
, R = f(R, Q, P, O, M, 7, h[12])
, O = f(O, R, Q, P, K, 12, h[13])
, P = f(P, O, R, Q, I, 17, h[14])
, Q = f(Q, P, O, R, G, 22, h[15])
, R = g(R, Q, P, O, N, 5, h[16])
, O = g(O, R, Q, P, H, 9, h[17])
, P = g(P, O, R, Q, b, 14, h[18])
, Q = g(Q, P, O, R, U, 20, h[19])
, R = g(R, Q, P, O, L, 5, h[20])
, O = g(O, R, Q, P, l, 9, h[21])
, P = g(P, O, R, Q, G, 14, h[22])
, Q = g(Q, P, O, R, d, 20, h[23])
, R = g(R, Q, P, O, E, 5, h[24])
, O = g(O, R, Q, P, I, 9, h[25])
, P = g(P, O, R, Q, F, 14, h[26])
, Q = g(Q, P, O, R, p, 20, h[27])
, R = g(R, Q, P, O, K, 5, h[28])
, O = g(O, R, Q, P, S, 9, h[29])
, P = g(P, O, R, Q, n, 14, h[30])
, Q = g(Q, P, O, R, M, 20, h[31])
, R = e(R, Q, P, O, L, 4, h[32])
, O = e(O, R, Q, P, p, 11, h[33])
, P = e(P, O, R, Q, b, 16, h[34])
, Q = e(Q, P, O, R, I, 23, h[35])
, R = e(R, Q, P, O, N, 4, h[36])
, O = e(O, R, Q, P, d, 11, h[37])
, P = e(P, O, R, Q, n, 16, h[38])
, Q = e(Q, P, O, R, l, 23, h[39])
, R = e(R, Q, P, O, K, 4, h[40])
, O = e(O, R, Q, P, U, 11, h[41])
, P = e(P, O, R, Q, F, 16, h[42])
, Q = e(Q, P, O, R, H, 23, h[43])
, R = e(R, Q, P, O, E, 4, h[44])
, O = e(O, R, Q, P, M, 11, h[45])
, P = e(P, O, R, Q, G, 16, h[46])
, Q = e(Q, P, O, R, S, 23, h[47])
, R = c(R, Q, P, O, U, 6, h[48])
, O = c(O, R, Q, P, n, 10, h[49])
, P = c(P, O, R, Q, I, 15, h[50])
, Q = c(Q, P, O, R, L, 21, h[51])
, R = c(R, Q, P, O, M, 6, h[52])
, O = c(O, R, Q, P, F, 10, h[53])
, P = c(P, O, R, Q, l, 15, h[54])
, Q = c(Q, P, O, R, N, 21, h[55])
, R = c(R, Q, P, O, p, 6, h[56])
, O = c(O, R, Q, P, G, 10, h[57])
, P = c(P, O, R, Q, H, 15, h[58])
, Q = c(Q, P, O, R, K, 21, h[59])
, R = c(R, Q, P, O, d, 6, h[60])
, O = c(O, R, Q, P, b, 10, h[61])
, P = c(P, O, R, Q, S, 15, h[62])
, Q = c(Q, P, O, R, E, 21, h[63]);
V[0] = V[0] + R | 0;
V[1] = V[1] + Q | 0;
V[2] = V[2] + P | 0;
V[3] = V[3] + O | 0
},
_doFinalize: function() {
var l = this._data
, p = l.words
, n = 8 * this._nDataBytes
, q = 8 * l.sigBytes;
p[q >>> 5] |= 128 << 24 - q % 32;
var d = m.floor(n / 4294967296);
p[(q + 64 >>> 9 << 4) + 15] = (d << 8 | d >>> 24) & 16711935 | (d << 24 | d >>> 8) & 4278255360;
p[(q + 64 >>> 9 << 4) + 14] = (n << 8 | n >>> 24) & 16711935 | (n << 24 | n >>> 8) & 4278255360;
l.sigBytes = 4 * (p.length + 1);
this._process();
l = this._hash;
p = l.words;
for (n = 0; 4 > n; n++) {
q = p[n],
p[n] = (q << 8 | q >>> 24) & 16711935 | (q << 24 | q >>> 8) & 4278255360
}
return l
},
clone: function() {
var d = k.clone.call(this);
d._hash = this._hash.clone();
return d
}
});
o.MD5 = k._createHelper(a);
o.HmacMD5 = k._createHmacHelper(a)
}
)(Math);
CryptoJS.lib.Cipher || function(C) {
var j = CryptoJS
, m = j.lib
, i = m.Base
, h = m.WordArray
, D = m.BufferedBlockAlgorithm
, g = j.enc.Base64
, A = j.algo.EvpKDF
, B = m.Cipher = D.extend({
cfg: i.extend(),
createEncryptor: function(b, c) {
return this.create(this._ENC_XFORM_MODE, b, c)
},
createDecryptor: function(b, c) {
return this.create(this._DEC_XFORM_MODE, b, c)
},
init: function(d, e, c) {
this.cfg = this.cfg.extend(c);
this._xformMode = d;
this._key = e;
this.reset()
},
reset: function() {
D.reset.call(this);
this._doReset()
},
process: function(b) {
this._append(b);
return this._process()
},
finalize: function(b) {
b && this._append(b);
return this._doFinalize()
},
keySize: 4,
ivSize: 4,
_ENC_XFORM_MODE: 1,
_DEC_XFORM_MODE: 2,
_createHelper: function(a) {
return {
encrypt: function(d, c, l) {
return ("string" == typeof c ? o : y).encrypt(a, d, c, l)
},
decrypt: function(d, c, l) {
return ("string" == typeof c ? o : y).decrypt(a, d, c, l)
}
}
}
});
m.StreamCipher = B.extend({
_doFinalize: function() {
return this._process(!0)
},
blockSize: 1
});
var t = j.mode = {}
, z = function(l, n, d) {
var q = this._iv;
q ? this._iv = C : q = this._prevBlock;
for (var p = 0; p < d; p++) {
l[n + p] ^= q[p]
}
}
, f = (m.BlockCipherMode = i.extend({
createEncryptor: function(b, c) {
return this.Encryptor.create(b, c)
},
createDecryptor: function(b, c) {
return this.Decryptor.create(b, c)
},
init: function(b, c) {
this._cipher = b;
this._iv = c
}
})).extend();
f.Encryptor = f.extend({
processBlock: function(e, l) {
var d = this._cipher
, n = d.blockSize;
z.call(this, e, l, n);
d.encryptBlock(e, l);
this._prevBlock = e.slice(l, l + n)
}
});
f.Decryptor = f.extend({
processBlock: function(n, l) {
var r = this._cipher
, p = r.blockSize
, q = n.slice(l, l + p);
r.decryptBlock(n, l);
z.call(this, n, l, p);
this._prevBlock = q
}
});
t = t.CBC = f;
f = (j.pad = {}).Pkcs7 = {
pad: function(q, n) {
for (var u = 4 * n, u = u - q.sigBytes % u, r = u << 24 | u << 16 | u << 8 | u, s = [], p = 0; p < u; p += 4) {
s.push(r)
}
u = h.create(s, u);
q.concat(u)
},
unpad: function(b) {
b.sigBytes -= b.words[b.sigBytes - 1 >>> 2] & 255
}
};
m.BlockCipher = B.extend({
cfg: B.cfg.extend({
mode: t,
padding: f
}),
reset: function() {
B.reset.call(this);
var e = this.cfg
, l = e.iv
, e = e.mode;
if (this._xformMode == this._ENC_XFORM_MODE) {
var d = e.createEncryptor
} else {
d = e.createDecryptor,
this._minBufferSize = 1
}
this._mode = d.call(e, this, l && l.words)
},
_doProcessBlock: function(b, d) {
this._mode.processBlock(b, d)
},
_doFinalize: function() {
var b = this.cfg.padding;
if (this._xformMode == this._ENC_XFORM_MODE) {
b.pad(this._data, this.blockSize);
var d = this._process(!0)
} else {
d = this._process(!0),
b.unpad(d)
}
return d
},
blockSize: 4
});
var k = m.CipherParams = i.extend({
init: function(b) {
this.mixIn(b)
},
toString: function(b) {
return (b || this.formatter).stringify(this)
}
})
, t = (j.format = {}).OpenSSL = {
stringify: function(b) {
var d = b.ciphertext;
b = b.salt;
return (b ? h.create([1398893684, 1701076831]).concat(b).concat(d) : d).toString(g)
},
parse: function(e) {
e = g.parse(e);
var l = e.words;
if (1398893684 == l[0] && 1701076831 == l[1]) {
var d = h.create(l.slice(2, 4));
l.splice(0, 4);
e.sigBytes -= 16
}
return k.create({
ciphertext: e,
salt: d
})
}
}
, y = m.SerializableCipher = i.extend({
cfg: i.extend({
format: t
}),
encrypt: function(p, r, e, q) {
q = this.cfg.extend(q);
var n = p.createEncryptor(e, q);
r = n.finalize(r);
n = n.cfg;
return k.create({
ciphertext: r,
key: e,
iv: n.iv,
algorithm: p,
mode: n.mode,
padding: n.padding,
blockSize: p.blockSize,
formatter: q.format
})
},
decrypt: function(l, p, d, n) {
n = this.cfg.extend(n);
p = this._parse(p, n.format);
return l.createDecryptor(d, n).finalize(p.ciphertext)
},
_parse: function(b, d) {
return "string" == typeof b ? d.parse(b, this) : b
}
})
, j = (j.kdf = {}).OpenSSL = {
execute: function(l, p, e, n) {
n || (n = h.random(8));
l = A.create({
keySize: p + e
}).compute(l, n);
e = h.create(l.words.slice(p), 4 * e);
l.sigBytes = 4 * p;
return k.create({
key: l,
iv: e,
salt: n
})
}
}
, o = m.PasswordBasedCipher = y.extend({
cfg: y.cfg.extend({
kdf: j
}),
encrypt: function(p, a, l, n) {
n = this.cfg.extend(n);
l = n.kdf.execute(l, p.keySize, p.ivSize);
n.iv = l.iv;
p = y.encrypt.call(this, p, a, l.key, n);
p.mixIn(l);
return p
},
decrypt: function(p, a, l, n) {
n = this.cfg.extend(n);
a = this._parse(a, n.format);
l = n.kdf.execute(l, p.keySize, p.ivSize, a.salt);
n.iv = l.iv;
return y.decrypt.call(this, p, a, l.key, n)
}
})
}();
(function() {
function o(d, l) {
var n = (this._lBlock >>> d ^ this._rBlock) & l;
this._rBlock ^= n;
this._lBlock ^= n << d
}
function g(d, l) {
var n = (this._rBlock >>> d ^ this._lBlock) & l;
this._lBlock ^= n;
this._rBlock ^= n << d
}
var h = CryptoJS
, f = h.lib
, e = f.WordArray
, f = f.BlockCipher
, t = h.algo
, c = [57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18, 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36, 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22, 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4]
, k = [14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10, 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2, 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48, 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32]
, m = [1, 2, 4, 6, 8, 10, 12, 14, 15, 17, 19, 21, 23, 25, 27, 28]
, i = [{
"0": 8421888,
268435456: 32768,
536870912: 8421378,
805306368: 2,
1073741824: 512,
1342177280: 8421890,
1610612736: 8389122,
1879048192: 8388608,
2147483648: 514,
2415919104: 8389120,
2684354560: 33280,
2952790016: 8421376,
3221225472: 32770,
3489660928: 8388610,
3758096384: 0,
4026531840: 33282,
134217728: 0,
402653184: 8421890,
671088640: 33282,
939524096: 32768,
1207959552: 8421888,
1476395008: 512,
1744830464: 8421378,
2013265920: 2,
2281701376: 8389120,
2550136832: 33280,
2818572288: 8421376,
3087007744: 8389122,
3355443200: 8388610,
3623878656: 32770,
3892314112: 514,
4160749568: 8388608,
1: 32768,
268435457: 2,
536870913: 8421888,
805306369: 8388608,
1073741825: 8421378,
1342177281: 33280,
1610612737: 512,
1879048193: 8389122,
2147483649: 8421890,
2415919105: 8421376,
2684354561: 8388610,
2952790017: 33282,
3221225473: 514,
3489660929: 8389120,
3758096385: 32770,
4026531841: 0,
134217729: 8421890,
402653185: 8421376,
671088641: 8388608,
939524097: 512,
1207959553: 32768,
1476395009: 8388610,
1744830465: 2,
2013265921: 33282,
2281701377: 32770,
2550136833: 8389122,
2818572289: 514,
3087007745: 8421888,
3355443201: 8389120,
3623878657: 0,
3892314113: 33280,
4160749569: 8421378
}, {
"0": 1074282512,
16777216: 16384,
33554432: 524288,
50331648: 1074266128,
67108864: 1073741840,
83886080: 1074282496,
100663296: 1073758208,
117440512: 16,
134217728: 540672,
150994944: 1073758224,
167772160: 1073741824,
184549376: 540688,
201326592: 524304,
218103808: 0,
234881024: 16400,
251658240: 1074266112,
8388608: 1073758208,
25165824: 540688,
41943040: 16,
58720256: 1073758224,
75497472: 1074282512,
92274688: 1073741824,
109051904: 524288,
125829120: 1074266128,
142606336: 524304,
159383552: 0,
176160768: 16384,
192937984: 1074266112,
209715200: 1073741840,
226492416: 540672,
243269632: 1074282496,
260046848: 16400,
268435456: 0,
285212672: 1074266128,
301989888: 1073758224,
318767104: 1074282496,
335544320: 1074266112,
352321536: 16,
369098752: 540688,
385875968: 16384,
402653184: 16400,
419430400: 524288,
436207616: 524304,
452984832: 1073741840,
469762048: 540672,
486539264: 1073758208,
503316480: 1073741824,
520093696: 1074282512,
276824064: 540688,
293601280: 524288,
310378496: 1074266112,
327155712: 16384,
343932928: 1073758208,
360710144: 1074282512,
377487360: 16,
394264576: 1073741824,
411041792: 1074282496,
427819008: 1073741840,
444596224: 1073758224,
461373440: 524304,
478150656: 0,
494927872: 16400,
511705088: 1074266128,
528482304: 540672
}, {
"0": 260,
1048576: 0,
2097152: 67109120,
3145728: 65796,
4194304: 65540,
5242880: 67108868,
6291456: 67174660,
7340032: 67174400,
8388608: 67108864,
9437184: 67174656,
10485760: 65792,
11534336: 67174404,
12582912: 67109124,
13631488: 65536,
14680064: 4,
15728640: 256,
524288: 67174656,
1572864: 67174404,
2621440: 0,
3670016: 67109120,
4718592: 67108868,
5767168: 65536,
6815744: 65540,
7864320: 260,
8912896: 4,
9961472: 256,
11010048: 67174400,
12058624: 65796,
13107200: 65792,
14155776: 67109124,
15204352: 67174660,
16252928: 67108864,
16777216: 67174656,
17825792: 65540,
18874368: 65536,
19922944: 67109120,
20971520: 256,
22020096: 67174660,
23068672: 67108868,
24117248: 0,
25165824: 67109124,
26214400: 67108864,
27262976: 4,
28311552: 65792,
29360128: 67174400,
30408704: 260,
31457280: 65796,
32505856: 67174404,
17301504: 67108864,
18350080: 260,
19398656: 67174656,
20447232: 0,
21495808: 65540,
22544384: 67109120,
23592960: 256,
24641536: 67174404,
25690112: 65536,
26738688: 67174660,
27787264: 65796,
28835840: 67108868,
29884416: 67109124,
30932992: 67174400,
31981568: 4,
33030144: 65792
}, {
"0": 2151682048,
65536: 2147487808,
131072: 4198464,
196608: 2151677952,
262144: 0,
327680: 4198400,
393216: 2147483712,
458752: 4194368,
524288: 2147483648,
589824: 4194304,
655360: 64,
720896: 2147487744,
786432: 2151678016,
851968: 4160,
917504: 4096,
983040: 2151682112,
32768: 2147487808,
98304: 64,
163840: 2151678016,
229376: 2147487744,
294912: 4198400,
360448: 2151682112,
425984: 0,
491520: 2151677952,
557056: 4096,
622592: 2151682048,
688128: 4194304,
753664: 4160,
819200: 2147483648,
884736: 4194368,
950272: 4198464,
1015808: 2147483712,
1048576: 4194368,
1114112: 4198400,
1179648: 2147483712,
1245184: 0,
1310720: 4160,
1376256: 2151678016,
1441792: 2151682048,
1507328: 2147487808,
1572864: 2151682112,
1638400: 2147483648,
1703936: 2151677952,
1769472: 4198464,
1835008: 2147487744,
1900544: 4194304,
1966080: 64,
2031616: 4096,
1081344: 2151677952,
1146880: 2151682112,
1212416: 0,
1277952: 4198400,
1343488: 4194368,
1409024: 2147483648,
1474560: 2147487808,
1540096: 64,
1605632: 2147483712,
1671168: 4096,
1736704: 2147487744,
1802240: 2151678016,
1867776: 4160,
1933312: 2151682048,
1998848: 4194304,
2064384: 4198464
}, {
"0": 128,
4096: 17039360,
8192: 262144,
12288: 536870912,
16384: 537133184,
20480: 16777344,
24576: 553648256,
28672: 262272,
32768: 16777216,
36864: 537133056,
40960: 536871040,
45056: 553910400,
49152: 553910272,
53248: 0,
57344: 17039488,
61440: 553648128,
2048: 17039488,
6144: 553648256,
10240: 128,
14336: 17039360,
18432: 262144,
22528: 537133184,
26624: 553910272,
30720: 536870912,
34816: 537133056,
38912: 0,
43008: 553910400,
47104: 16777344,
51200: 536871040,
55296: 553648128,
59392: 16777216,
63488: 262272,
65536: 262144,
69632: 128,
73728: 536870912,
77824: 553648256,
81920: 16777344,
86016: 553910272,
90112: 537133184,
94208: 16777216,
98304: 553910400,
102400: 553648128,
106496: 17039360,
110592: 537133056,
114688: 262272,
118784: 536871040,
122880: 0,
126976: 17039488,
67584: 553648256,
71680: 16777216,
75776: 17039360,
79872: 537133184,
83968: 536870912,
88064: 17039488,
92160: 128,
96256: 553910272,
100352: 262272,
104448: 553910400,
108544: 0,
112640: 553648128,
116736: 16777344,
120832: 262144,
124928: 537133056,
129024: 536871040
}, {
"0": 268435464,
256: 8192,
512: 270532608,
768: 270540808,
1024: 268443648,
1280: 2097152,
1536: 2097160,
1792: 268435456,
2048: 0,
2304: 268443656,
2560: 2105344,
2816: 8,
3072: 270532616,
3328: 2105352,
3584: 8200,
3840: 270540800,
128: 270532608,
384: 270540808,
640: 8,
896: 2097152,
1152: 2105352,
1408: 268435464,
1664: 268443648,
1920: 8200,
2176: 2097160,
2432: 8192,
2688: 268443656,
2944: 270532616,
3200: 0,
3456: 270540800,
3712: 2105344,
3968: 268435456,
4096: 268443648,
4352: 270532616,
4608: 270540808,
4864: 8200,
5120: 2097152,
5376: 268435456,
5632: 268435464,
5888: 2105344,
6144: 2105352,
6400: 0,
6656: 8,
6912: 270532608,
7168: 8192,
7424: 268443656,
7680: 270540800,
7936: 2097160,
4224: 8,
4480: 2105344,
4736: 2097152,
4992: 268435464,
5248: 268443648,
5504: 8200,
5760: 270540808,
6016: 270532608,
6272: 270540800,
6528: 270532616,
6784: 8192,
7040: 2105352,
7296: 2097160,
7552: 0,
7808: 268435456,
8064: 268443656
}, {
"0": 1048576,
16: 33555457,
32: 1024,
48: 1049601,
64: 34604033,
80: 0,
96: 1,
112: 34603009,
128: 33555456,
144: 1048577,
160: 33554433,
176: 34604032,
192: 34603008,
208: 1025,
224: 1049600,
240: 33554432,
8: 34603009,
24: 0,
40: 33555457,
56: 34604032,
72: 1048576,
88: 33554433,
104: 33554432,
120: 1025,
136: 1049601,
152: 33555456,
168: 34603008,
184: 1048577,
200: 1024,
216: 34604033,
232: 1,
248: 1049600,
256: 33554432,
272: 1048576,
288: 33555457,
304: 34603009,
320: 1048577,
336: 33555456,
352: 34604032,
368: 1049601,
384: 1025,
400: 34604033,
416: 1049600,
432: 1,
448: 0,
464: 34603008,
480: 33554433,
496: 1024,
264: 1049600,
280: 33555457,
296: 34603009,
312: 1,
328: 33554432,
344: 1048576,
360: 1025,
376: 34604032,
392: 33554433,
408: 34603008,
424: 0,
440: 34604033,
456: 1049601,
472: 1024,
488: 33555456,
504: 1048577
}, {
"0": 134219808,
1: 131072,
2: 134217728,
3: 32,
4: 131104,
5: 134350880,
6: 134350848,
7: 2048,
8: 134348800,
9: 134219776,
10: 133120,
11: 134348832,
12: 2080,
13: 0,
14: 134217760,
15: 133152,
2147483648: 2048,
2147483649: 134350880,
2147483650: 134219808,
2147483651: 134217728,
2147483652: 134348800,
2147483653: 133120,
2147483654: 133152,
2147483655: 32,
2147483656: 134217760,
2147483657: 2080,
2147483658: 131104,
2147483659: 134350848,
2147483660: 0,
2147483661: 134348832,
2147483662: 134219776,
2147483663: 131072,
16: 133152,
17: 134350848,
18: 32,
19: 2048,
20: 134219776,
21: 134217760,
22: 134348832,
23: 131072,
24: 0,
25: 131104,
26: 134348800,
27: 134219808,
28: 134350880,
29: 133120,
30: 2080,
31: 134217728,
2147483664: 131072,
2147483665: 2048,
2147483666: 134348832,
2147483667: 133152,
2147483668: 32,
2147483669: 134348800,
2147483670: 134217728,
2147483671: 134219808,
2147483672: 134350880,
2147483673: 134217760,
2147483674: 134219776,
2147483675: 0,
2147483676: 133120,
2147483677: 2080,
2147483678: 131104,
2147483679: 134350848
}]
, j = [4160749569, 528482304, 33030144, 2064384, 129024, 8064, 504, 2147483679]
, a = t.DES = f.extend({
_doReset: function() {
for (var n = this._key.words, q = [], u = 0; 56 > u; u++) {
var s = c[u] - 1;
q[u] = n[s >>> 5] >>> 31 - s % 32 & 1
}
n = this._subKeys = [];
for (s = 0; 16 > s; s++) {
for (var r = n[s] = [], p = m[s], u = 0; 24 > u; u++) {
r[u / 6 | 0] |= q[(k[u] - 1 + p) % 28] << 31 - u % 6,
r[4 + (u / 6 | 0)] |= q[28 + (k[u + 24] - 1 + p) % 28] << 31 - u % 6
}
r[0] = r[0] << 1 | r[0] >>> 31;
for (u = 1; 7 > u; u++) {
r[u] >>>= 4 * (u - 1) + 3
}
r[7] = r[7] << 5 | r[7] >>> 27
}
q = this._invSubKeys = [];
for (u = 0; 16 > u; u++) {
q[u] = n[15 - u]
}
},
encryptBlock: function(d, l) {
this._doCryptBlock(d, l, this._subKeys)
},
decryptBlock: function(d, l) {
this._doCryptBlock(d, l, this._invSubKeys)
},
_doCryptBlock: function(w, z, y) {
this._lBlock = w[z];
this._rBlock = w[z + 1];
o.call(this, 4, 252645135);
o.call(this, 16, 65535);
g.call(this, 2, 858993459);
g.call(this, 8, 16711935);
o.call(this, 1, 1431655765);
for (var x = 0; 16 > x; x++) {
for (var v = y[x], u = this._lBlock, s = this._rBlock, l = 0, b = 0; 8 > b; b++) {
l |= i[b][((s ^ v[b]) & j[b]) >>> 0]
}
this._lBlock = s;
this._rBlock = u ^ l
}
y = this._lBlock;
this._lBlock = this._rBlock;
this._rBlock = y;
o.call(this, 1, 1431655765);
g.call(this, 8, 16711935);
g.call(this, 2, 858993459);
o.call(this, 16, 65535);
o.call(this, 4, 252645135);
w[z] = this._lBlock;
w[z + 1] = this._rBlock
},
keySize: 2,
ivSize: 2,
blockSize: 2
});
h.DES = f._createHelper(a);
t = t.TripleDES = f.extend({
_doReset: function() {
var d = this._key.words;
this._des1 = a.createEncryptor(e.create(d.slice(0, 2)));
this._des2 = a.createEncryptor(e.create(d.slice(2, 4)));
this._des3 = a.createEncryptor(e.create(d.slice(4, 6)))
},
encryptBlock: function(d, l) {
this._des1.encryptBlock(d, l);
this._des2.decryptBlock(d, l);
this._des3.encryptBlock(d, l)
},
decryptBlock: function(d, l) {
this._des3.decryptBlock(d, l);
this._des2.encryptBlock(d, l);
this._des1.decryptBlock(d, l)
},
keySize: 6,
ivSize: 2,
blockSize: 2
});
h.TripleDES = f._createHelper(t)
}
)();
function myformatDate(value, format) {
if (!value) {
return "";
}
/** @type {!Object} */
var date = value;
if (typeof value === "string") {
if (value.indexOf("/Date(") > -1) {
/** @type {!Date} */
date = new Date(parseInt(value.replace("/Date(", "").replace(")/", ""), 10));
} else {
/** @type {!Date} */
date = new Date(Date.parse(value.replace(/-/g, "/").replace("T", " ").split(".")[0]));
}
} else {
if (typeof value === "number") {
/** @type {!Date} */
date = new Date(value);
}
}
var o = {
"M+" : date.getMonth() + 1,
"d+" : date.getDate(),
"h+" : date.getHours(),
"m+" : date.getMinutes(),
"s+" : date.getSeconds(),
"q+" : Math.floor((date.getMonth() + 3) / 3),
"S" : date.getMilliseconds()
};
format = format || "yyyy-MM-dd";
if (/(y+)/.test(format)) {
format = format.replace(RegExp.$1, (date.getFullYear() + "").substr(4 - RegExp.$1.length));
}
var str;
for (str in o) {
if ((new RegExp("(" + str + ")")).test(format)) {
format = format.replace(RegExp.$1, RegExp.$1.length == 1 ? o[str] : ("00" + o[str]).substr(("" + o[str]).length));
}
}
return format;
};
var DES3 = {
iv : function() {
return myformatDate(new Date, "yyyyMMdd");
},
encrypt : function(message, data, text) {
if (data) {
return CryptoJS.TripleDES.encrypt(message, CryptoJS.enc.Utf8.parse(data), {
iv : CryptoJS.enc.Utf8.parse(text || DES3.iv()),
mode : CryptoJS.mode.CBC,
padding : CryptoJS.pad.Pkcs7
}).toString();
}
return "";
},
decrypt : function(key, ciphertext, options) {
if (ciphertext) {
return CryptoJS.enc.Utf8.stringify(CryptoJS.TripleDES.decrypt(key, CryptoJS.enc.Utf8.parse(ciphertext), {
iv : CryptoJS.enc.Utf8.parse(options || DES3.iv()),
mode : CryptoJS.mode.CBC,
padding : CryptoJS.pad.Pkcs7
})).toString();
}
return "";
}
};
-
使用 js 調試工具,對 response 數據進行解密,得到下面的結果,破解成功:
![]()
2. 破解請求參數
2.1. 分析參數生成邏輯
-
分析請的參數,發現 Form Data 裏的參數
![]()
pageId:
pageId: 953feda22cf2bf18b9548aaa05152120
- 通過分析回溯,找到 pageId 的生成函數爲
uuid();
![]()
-
繼續查找得到 uuid 函數的生成邏輯如下:
![]()
s21:
- 此參數爲輸入的查找對象;
sortFields:
- 不做處理;
ciphertext:
110100 1100111 1000110 1100001 110111 1010001 1111001 110001 1111000 1000100 1010010 1111001 1010001 1000010 1100100 110101 1010101 110100 1010101 1010101 1110011 1111000 1100011 1000011 110010 110000 110010 110001 110000 111000 110000 110011 110100 1110000 1001110 1110101 1010011 1010000 1101101 1111010 101011 1011000 1110010 1001001 110001 110111 1000110 1000101 1001101 110111 1100001 1110011 1000011 1110111 111101 111101
- 通過分析我們發現這裏的數值都是二進制的,查找關鍵字
strTobinary或者查找ciphertext然後斷點調試得到參數生成邏輯,如下圖:
![]()
pageNum:
- 頁碼數;
queryCondition:
- 分析 [{"key":"s21","value":"吳*凡"}]
key的值爲s21表示案件類型爲全文,如下圖:
![]()
value表示查找對象
cfg:
- 值爲
com.lawyee.judge.dc.parse.dto.SearchDataDsoDTO@queryDoc,不做處理;
__RequestVerificationToken:
-
通過分析,得到生成邏輯如下:
![]()
2.2.參數 js 代碼
- 略。