京东小步伐h5st
声明本文章中所有内容仅供学习交换利用,不消于其他任何目的,抓包内容、敏感网址、数据接口等均已做脱敏处理,严禁用于商业用途和非法用途,否则由此产生的一切后果均与作者无关!wx a15018601872
本文章未经许可克制转载,克制任何修改后二次流传,擅自利用本文讲解的技术而导致的任何不测,作者均不负责,如有侵权,请联系作者立刻删除!q 2766958292
1.逆向过程
团体过程和h5st网页版差不多。感觉小步伐对环境检测并不是很严酷。访问多次太多直接封openid。加密流程差不都。起首对body加密。加密后把整个函数扣下来调用一下就行了。
sha256_digest=function(r) {
function n(r, n) {
var t = (65535 & r) + (65535 & n);
return (r >> 16) + (n >> 16) + (t >> 16) << 16 | 65535 & t
}
function t(r, n) {
return r >>> n | r << 32 - n
}
function e(r, n) {
return r >>> n
}
function o(r, n, t) {
return r & n ^ ~r & t
}
function u(r, n, t) {
return r & n ^ r & t ^ n & t
}
function a(r) {
return t(r, 2) ^ t(r, 13) ^ t(r, 22)
}
function f(r) {
return t(r, 6) ^ t(r, 11) ^ t(r, 25)
}
function i(r) {
return t(r, 7) ^ t(r, 18) ^ e(r, 3)
}
function c(r) {
return t(r, 17) ^ t(r, 19) ^ e(r, 10)
}
var h = 8
, C = 0;
return r = function(r) {
r = r.replace(/\r\n/g, "\n");
for (var n = "", t = 0; t < r.length; t++) {
var e = r.charCodeAt(t);
e < 128 ? n += String.fromCharCode(e) : e > 127 && e < 2048 ? (n += String.fromCharCode(e >> 6 | 192),
n += String.fromCharCode(63 & e | 128)) : (n += String.fromCharCode(e >> 12 | 224),
n += String.fromCharCode(e >> 6 & 63 | 128),
n += String.fromCharCode(63 & e | 128))
}
return n
}(r),
function(r) {
for (var n = C ? "0123456789ABCDEF" : "0123456789abcdef", t = "", e = 0; e < 4 * r.length; e++)
t += n.charAt(r >> 8 * (3 - e % 4) + 4 & 15) + n.charAt(r >> 8 * (3 - e % 4) & 15);
return t
}(function(r, t) {
var e, h, C, g, d, v, A, l, m, S, s = new Array(1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298), y = new Array(1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225), w = new Array(64);
r |= 128 << 24 - t % 32,
r = t;
for (var p = 0; p < r.length; p += 16) {
e = y,
h = y,
C = y,
g = y,
d = y,
v = y,
A = y,
l = y;
for (var b = 0; b < 64; b++)
w = b < 16 ? r : n(n(n(c(w), w), i(w)), w),
m = n(n(n(n(l, f(d)), o(d, v, A)), s), w),
S = n(a(e), u(e, h, C)),
l = A,
A = v,
v = d,
d = n(g, m),
g = C,
C = h,
h = e,
e = n(m, S);
y = n(e, y),
y = n(h, y),
y = n(C, y),
y = n(g, y),
y = n(d, y),
y = n(v, y),
y = n(A, y),
y = n(l, y)
}
return y
}(function(r) {
for (var n = Array(), t = (1 << h) - 1, e = 0; e < r.length * h; e += h)
n |= (r.charCodeAt(e / h) & t) << 24 - e % 32;
return n
}(r), r.length * h))
} 但是必要主要token,和fp。这两个手动调用一下函数赋值给fe就行了。另有一些小细节就不说了。
2.效果
https://img-blog.csdnimg.cn/direct/c2cc55e5dc5a43c5a18e61b2b7f24f3f.png
3.总结
1.出于安全考虑,本章未提供完整流程,调试环节省略较多,只提供大致思绪,具体细节要你自己还原,信任你也能调试出来。
wx a15018601872 、x30184483xx
q 2766958292
仅用于学习交换
页:
[1]