最近闲来无事,沙雕网友叫我帮他搞事情🤔
-
注:由于电脑不在身边所以就用的手机端搞的
话不多说开始搞事情🤣
-
页面请求下来后我惊呆了🤒
-
把script 标签拿出来进行格式化后。。。
- 我只想说NP NP
经过审核后可以吧js分为3部分
- 对_0x4818数组的操作
- _0x55f3 解密方法
- l 任务
开始解析
第一部分
- 源码
(function(_0x4c97f0, _0x1742fd) {
var _0x4db1c = function(_0x48181e) {
while (--_0x48181e) {
_0x4c97f0['push'](_0x4c97f0['shift']());
}
};
var _0x3cd6c6 = function() {
var _0xb8360b = {
'data': {
'key': 'cookie',
'value': 'timeout'
},
'setCookie': function(_0x20bf34, _0x3e840e, _0x5693d3, _0x5e8b26) {
_0x5e8b26 = _0x5e8b26 || {};
var _0xba82f0 = _0x3e840e + '=' + _0x5693d3;
var _0x5afe31 = 0x0;
for (var _0x5afe31 = 0x0, _0x178627 = _0x20bf34['length']; _0x5afe31 < _0x178627; _0x5afe31++) {
var _0x41b2ff = _0x20bf34[_0x5afe31];
_0xba82f0 += '; ' + _0x41b2ff;
var _0xd79219 = _0x20bf34[_0x41b2ff];
_0x20bf34['push'](_0xd79219);
_0x178627 = _0x20bf34['length'];
if (_0xd79219 !== !![]) {
_0xba82f0 += '=' + _0xd79219;
}
}
_0x5e8b26['cookie'] = _0xba82f0;
},
'removeCookie': function() {
return 'dev';
},
'getCookie': function(_0x4a11fe, _0x189946) {
_0x4a11fe = _0x4a11fe || function(_0x6259a2) {
return _0x6259a2;
};
var _0x25af93 = _0x4a11fe(new RegExp('(?:^|; )' + _0x189946['replace'](/([.$?*|{}()[]\/+^])/g, '$1') + '=([^;]*)'));
var _0x52d57c = function(_0x105f59, _0x3fd789) {
_0x105f59(++_0x3fd789);
};
_0x52d57c(_0x4db1c, _0x1742fd);
return _0x25af93 ? decodeURIComponent(_0x25af93[0x1]) : undefined;
}
};
var _0x4a2aed = function() {
var _0x124d17 = new RegExp('\w+ *\(\) *{\w+ *[\'|"].+[\'|"];? *}');
return _0x124d17['test'](_0xb8360b['removeCookie']['toString']());
};
_0xb8360b['updateCookie'] = _0x4a2aed;
var _0x2d67ec = '';
var _0x120551 = _0xb8360b['updateCookie']();
if (!_0x120551) {
_0xb8360b['setCookie'](['*'], 'counter', 0x1);
} else if (_0x120551) {
_0x2d67ec = _0xb8360b['getCookie'](null, 'counter');
} else {
_0xb8360b['removeCookie']();
}
};
_0x3cd6c6();
}(_0x4818, 0x15b));
- 转换成python后就是
array = ['csKHwqMI','ZsKJwr8VeAsy','UcKiN8O/wplwMA==','JR8CTg==','YsOnbSEQw7ozwqZKesKUw7kwX8ORIQ==','w7oVS8OSwoPCl3jChMKhw6HDlsKXw4s/YsOG','fwVmI1AtwplaY8Otw5cNfSgpw6M=','OcONwrjCqsKxTGTChsOjEWE8PcOcJ8K6','U8K5LcOtwpV0EMOkw47DrMOX','HMO2woHCiMK9SlXClcOoC1k=','asKIwqMDdgMuPsOKBMKcwrrCtkLDrMKBw64d','wqImMT0tw6RNw5k=','DMKcU0JmUwUv','VjHDlMOHVcONX3fDicKJHQ==','wqhBH8Knw4TDhSDDgMOdwrjCncOWwphhN8KCGcKqw6dHAU5+wrg2JcKaw4IEJcOcwrRJwoZ0wqF9YgAV','dzd2w5bDm3jDpsK3wpY=','w4PDgcKXwo3CkcKLwr5qwrY=','wrJOTcOQWMOg','wqTDvcOjw447wr4=','w5XDqsKhMF1/','wrAyHsOfwppc','J3dVPcOxLg==','wrdHw7p9Zw==','w4rDo8KmNEw=','IMKAUkBt','w6bDrcKQwpVHwpNQwqU=','d8OsWhAUw7YzwrU=','wqnCksOeezrDhw==','UsKnIMKWV8K/','w4zDocK8NUZv','c8OxZhAJw6skwqJj','PcKIw4nCkkVb','KHgodMO2VQ==','wpsmwqvDnGFq','wqLDt8Okw4c=','w7w1w4PCpsO4wqA=','wq9FRsOqWMOq','byBhw7rDm34=','LHg+S8OtTw==','wqhOw715dsOH','U8O7VsO0wqvDvcKuKsOqX8Kr','Yittw5DDnWnDrA==','YMKIwqUUfgIk','aB7DlMODTQ==','wpfDh8Orw6kk','w7vCqMOrY8KAVk5OwpnCu8OaXsKZP3DClcKyw6HDrQ==','wow+w6vDmHpsw7Rtwo98LC7CiG7CksORT8KlW8O5wr3Di8OTHsODeHjDmcKlJsKqVA==','NwV+','w7HDrcKtwpJawpZb','wpQswqvDiHpuw6I=','YMKUwqMJZQ==','KH1VKcOqKsK1','fQ5sFUkkwpI=','wrvCrcOBR8Kk','M3w0fQ==','w6xXwqPDvMOFwo5d']
def do(n):
for i in range(n):
array.append(array.pop(0))
do(0x15b)
- 是不是很不可思议!
- 其中最主要的是下面这个,其他的都是对js格式的验证(被格式后的代码回进入死循环)。这段代码中 _0x4c97f0就是_0x4818数组,_0x48181e = 0x15b+1
var _0x4db1c = function(_0x48181e) {
while (--_0x48181e) {
_0x4c97f0['push'](_0x4c97f0['shift']());
}
};
第二部分
- 先上源码
var _0x55f3 = function(_0x4c97f0, _0x1742fd) {
var _0x4c97f0 = parseInt(_0x4c97f0, 0x10);
var _0x48181e = _0x4818[_0x4c97f0];
if (!_0x55f3['atobPolyfillAppended']) {
(function() {
var _0xdf49c6 = Function('return (function () ' + '{}.constructor("return this")()' + ');');
var _0xb8360b = _0xdf49c6();
var _0x389f44 = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';
_0xb8360b['atob'] || (_0xb8360b['atob'] = function(_0xba82f0) {
var _0xec6bb4 = String(_0xba82f0)['replace'](/=+$/, '');
for (var _0x1a0f04 = 0x0, _0x18c94e, _0x41b2ff, _0xd79219 = 0x0, _0x5792f7 = ''; _0x41b2ff = _0xec6bb4['charAt'](_0xd79219++); ~_0x41b2ff && (_0x18c94e = _0x1a0f04 % 0x4 ? _0x18c94e * 0x40 + _0x41b2ff : _0x41b2ff, _0x1a0f04++ % 0x4) ? _0x5792f7 += String['fromCharCode'](0xff & _0x18c94e >> (-0x2 * _0x1a0f04 & 0x6)) : 0x0) {
_0x41b2ff = _0x389f44['indexOf'](_0x41b2ff);
}
return _0x5792f7;
});
}());
_0x55f3['atobPolyfillAppended'] = !![];
}
if (!_0x55f3['rc4']) {
var _0x232678 = function(_0x401af1, _0x532ac0) {
var _0x45079a = [],
_0x52d57c = 0x0,
_0x105f59, _0x3fd789 = '',
_0x4a2aed = '';
_0x401af1 = atob(_0x401af1);
for (var _0x124d17 = 0x0, _0x1b9115 = _0x401af1['length']; _0x124d17 < _0x1b9115; _0x124d17++) {
_0x4a2aed += '%' + ('00' + _0x401af1['charCodeAt'](_0x124d17)['toString'](0x10))['slice'](-0x2);
}
_0x401af1 = decodeURIComponent(_0x4a2aed);
for (var _0x2d67ec = 0x0; _0x2d67ec < 0x100; _0x2d67ec++) {
_0x45079a[_0x2d67ec] = _0x2d67ec;
}
for (_0x2d67ec = 0x0; _0x2d67ec < 0x100; _0x2d67ec++) {
_0x52d57c = (_0x52d57c + _0x45079a[_0x2d67ec] + _0x532ac0['charCodeAt'](_0x2d67ec % _0x532ac0['length'])) % 0x100;
_0x105f59 = _0x45079a[_0x2d67ec];
_0x45079a[_0x2d67ec] = _0x45079a[_0x52d57c];
_0x45079a[_0x52d57c] = _0x105f59;
}
_0x2d67ec = 0x0;
_0x52d57c = 0x0;
for (var _0x4e5ce2 = 0x0; _0x4e5ce2 < _0x401af1['length']; _0x4e5ce2++) {
_0x2d67ec = (_0x2d67ec + 0x1) % 0x100;
_0x52d57c = (_0x52d57c + _0x45079a[_0x2d67ec]) % 0x100;
_0x105f59 = _0x45079a[_0x2d67ec];
_0x45079a[_0x2d67ec] = _0x45079a[_0x52d57c];
_0x45079a[_0x52d57c] = _0x105f59;
_0x3fd789 += String['fromCharCode'](_0x401af1['charCodeAt'](_0x4e5ce2) ^ _0x45079a[(_0x45079a[_0x2d67ec] + _0x45079a[_0x52d57c]) % 0x100]);
}
return _0x3fd789;
};
_0x55f3['rc4'] = _0x232678;
}
if (!_0x55f3['data']) {
_0x55f3['data'] = {};
}
if (_0x55f3['data'][_0x4c97f0] === undefined) {
if (!_0x55f3['once']) {
var _0x5f325c = function(_0x23a392) {
this['rc4Bytes'] = _0x23a392;
this['states'] = [0x1, 0x0, 0x0];
this['newState'] = function() {
return 'newState';
};
this['firstState'] = '\w+ *\(\) *{\w+ *';
this['secondState'] = '[\'|"].+[\'|"];? *}';
};
_0x5f325c['prototype']['checkState'] = function() {
var _0x19f809 = new RegExp(this['firstState'] + this['secondState']);
return this['runState'](_0x19f809['test'](this['newState']['toString']()) ? --this['states'][0x1] : --this['states'][0x0]);
};
_0x5f325c['prototype']['runState'] = function(_0x4380bd) {
if (!Boolean(~_0x4380bd)) {
return _0x4380bd;
}
return this['getState'](this['rc4Bytes']);
};
_0x5f325c['prototype']['getState'] = function(_0x58d85e) {
for (var _0x1c9f5b = 0x0, _0x1ce9e0 = this['states']['length']; _0x1c9f5b < _0x1ce9e0; _0x1c9f5b++) {
this['states']['push'](Math['round'](Math['random']()));
_0x1ce9e0 = this['states']['length'];
}
return _0x58d85e(this['states'][0x0]);
};
new _0x5f325c(_0x55f3)['checkState']();
_0x55f3['once'] = !![];
}
_0x48181e = _0x55f3['rc4'](_0x48181e, _0x1742fd);
_0x55f3['data'][_0x4c97f0] = _0x48181e;
} else {
_0x48181e = _0x55f3['data'][_0x4c97f0];
}
return _0x48181e;
};
- 废话不多说,换成python
import re
from urllib import parse
def atob(s):
s = re.sub(r'=+$', '',str(s))
keys = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="
result = ""
a = 0
b = 0
for i in s:
n = keys.index(i)
b = b*64+n if a%4 else n
a+=1
if ~n and (a-1)%4:
result += chr(255 & b >> (-2 * a & 6))
return result
def rc4(value, key):
value = atob(value)
s = ""
for i in value:
s += '%'+('00'+hex(ord(i)).replace('0x',''))[-2:]
value = parse.unquote(s)
ls = list(range(256))
n = 0
for i in range(256):
n = (n + ls[i] + ord(key[i%len(key)]))%256
ls[i], ls[n] = ls[n], ls[i]
a = 0
n = 0
result = ""
for i in value:
a = (a+1)%256
n = (n+ls[a])%256
ls[a], ls[n] = ls[n], ls[a]
result += chr( ord(i)^ls[(ls[a]+ls[n])%256])
return result
def _0x55f3(a, b):
return rc4(array[int(a,16)],b)
- 其中 以解密数据储存没做外基本就这样了🤓
第三部分
- 源码
var l = function() {
while (window[_0x55f3('0x1', 'XMW^')] || window['__phantomas']) {};
var _0x5e8b26 = _0x55f3('0x3', 'jS1Y');
String[_0x55f3('0x5', 'n]fR')][_0x55f3('0x6', 'Pg54')] = function(_0x4e08d8) {
var _0x5a5d3b = '';
for (var _0xe89588 = 0x0; _0xe89588 < this[_0x55f3('0x8', ')hRc')] && _0xe89588 < _0x4e08d8[_0x55f3('0xa', 'jE&^')]; _0xe89588 += 0x2) {
var _0x401af1 = parseInt(this[_0x55f3('0xb', 'V2KE')](_0xe89588, _0xe89588 + 0x2), 0x10);
var _0x105f59 = parseInt(_0x4e08d8[_0x55f3('0xd', 'XMW^')](_0xe89588, _0xe89588 + 0x2), 0x10);
var _0x189e2c = (_0x401af1 ^ _0x105f59)[_0x55f3('0xf', 'W1FE')](0x10);
if (_0x189e2c[_0x55f3('0x11', 'MGrv')] == 0x1) {
_0x189e2c = '0' + _0x189e2c;
}
_0x5a5d3b += _0x189e2c;
}
return _0x5a5d3b;
};
String['prototype'][_0x55f3('0x14', 'Z*DM')] = function() {
var _0x4b082b = [0xf, 0x23, 0x1d, 0x18, 0x21, 0x10, 0x1, 0x26, 0xa, 0x9, 0x13, 0x1f, 0x28, 0x1b, 0x16, 0x17, 0x19, 0xd, 0x6, 0xb, 0x27, 0x12, 0x14, 0x8, 0xe, 0x15, 0x20, 0x1a, 0x2, 0x1e, 0x7, 0x4, 0x11, 0x5, 0x3, 0x1c, 0x22, 0x25, 0xc, 0x24];
var _0x4da0dc = [];
var _0x12605e = '';
for (var _0x20a7bf = 0x0; _0x20a7bf < this['length']; _0x20a7bf++) {
var _0x385ee3 = this[_0x20a7bf];
for (var _0x217721 = 0x0; _0x217721 < _0x4b082b[_0x55f3('0x16', 'aH*N')]; _0x217721++) {
if (_0x4b082b[_0x217721] == _0x20a7bf + 0x1) {
_0x4da0dc[_0x217721] = _0x385ee3;
}
}
}
_0x12605e = _0x4da0dc['join']('');
return _0x12605e;
};
var _0x23a392 = arg1[_0x55f3('0x19', 'Pg54')]();
arg2 = _0x23a392[_0x55f3('0x1b', 'z5O&')](_0x5e8b26);
setTimeout('reload(arg2)', 0x66a);
};
- 这个就是 arg1 to arg2
- 转换成python 为
import re
import time
# 智联acw_sc__v2 cookie 计算
def hexXor(s):
s1 = "3000176000856006061501533003690027800375"
result = ""
l1 = re.findall('..',s)
l2 = re.findall('..',s1)
for i,y in zip(l1,l2):
i = int(i,16)
y = int(y,16)
s_ = hex(i^y).replace('0x','')
if len(s_) == 1:
s_ = '0' + s_
result += s_
return result
def unsbox(arg):
ls = [ 15, 35, 29, 24, 33, 16, 1, 38, 10, 9, 19, 31, 40, 27, 22, 23, 25, 13, 6, 11, 39, 18, 20, 8, 14, 21, 32, 26, 2, 30, 7, 4, 17, 5, 3, 28, 34, 37, 12, 36 ]
data = {}
for i,y in enumerate(arg):
for _i,_y in enumerate(ls):
if _y == i+1:
data[_i] = y
s = ""
for i in sorted(data.keys()):
s += data[i]
return hexXor(s)
def parse(s):
s = unsbok(s)
t = time.gmtime(time.time()+3600 * 1e3)
str_t = time.strftime('%a, %d %b %Y %H:%M:%S GMT',t)
return f'{s};expires={str_t};max-age=3600;path=/'
- 到此翻译完成
- 最后 你就会发现 前面2步对cookie根本没用🤕
import re
import time
# 智联acw_sc__v2 cookie 计算
def hexXor(s):
s1 = "3000176000856006061501533003690027800375"
result = ""
l1 = re.findall('..',s)
l2 = re.findall('..',s1)
for i,y in zip(l1,l2):
i = int(i,16)
y = int(y,16)
s_ = hex(i^y).replace('0x','')
if len(s_) == 1:
s_ = '0' + s_
result += s_
return result
def unsbox(arg):
ls = [ 15, 35, 29, 24, 33, 16, 1, 38, 10, 9, 19, 31, 40, 27, 22, 23, 25, 13, 6, 11, 39, 18, 20, 8, 14, 21, 32, 26, 2, 30, 7, 4, 17, 5, 3, 28, 34, 37, 12, 36 ]
data = {}
for i,y in enumerate(arg):
for _i,_y in enumerate(ls):
if _y == i+1:
data[_i] = y
s = ""
for i in sorted(data.keys()):
s += data[i]
return hexXor(s)
def parse(s):
s = unsbok(s)
t = time.gmtime(time.time()+3600 * 1e3)
str_t = time.strftime('%a, %d %b %Y %H:%M:%S GMT',t)
return f'{s};expires={str_t};max-age=3600;path=/'
if __name__ == '__main__':
import requests
with requests.session() as session:
with session.get(' https://jobs.zhaopin.com/CC120088604J00143072312.htm') as rep:
text = rep.text
reg =re.compile(r'var arg1 ?= ?[\'"](.*?)[\'"]')
ls = reg.findall(text)
cookies = {}
if ls:
cookies['acw_sc__v2']=parse(ls[0])
print(cookies)
with session.get(' https://jobs.zhaopin.com/CC120088604J00143072312.htm',cookies=cookies) as rep:
with open('ts.html','wb') as f:
f.write(rep.content)
