pdd登录分析(一)
作者:互联网
某日玩果园上瘾,于是打算做个自动浇水的软件。绕了一大圈,卡在了登录,登录上有个screen_token,这个值的作用对报文的校验。搜索相关文章,大部分是直接复制其源码,引入必要库,直接调用。参考地址:
https://blog.csdn.net/qq_41668369/article/details/105577538
https://blog.csdn.net/qq_31795679/article/details/102701533
https://blog.csdn.net/juedi999/article/details/102585144
https://blog.csdn.net/qq_39802740/article/details/104912052
这显而易见不符合我的作风。那就开始吧。
首先搜索关键字screen_token,然后找到其加密return t = e.sent,n = t.messagePack(),
然后会跟到function Ae() 这个函数。
function Ae() {
var e, t = {};
t[p("0xde", "tGHt")] = function(e) {
return e()
}
,
t[p("0xdf", "g!0p")] = p("0xe0", "kYKn"),
t[p("0xe1", "3HI!")] = function(e, t) {
return e < t
}
,
t[p("0xe2", "9cg4")] = function(e, t) {
return e * t
}
,
t[p("0xe3", "l9X*")] = function(e, t, r) {
return e(t, r)
}
,
t[p("0xe4", "]kE!")] = p("0xe5", "2Bha"),
t[p("0xe6", "9cg4")] = function(e, t) {
return e === t
}
,
t[p("0xe7", "nBw!")] = function(e, t) {
return e > t
}
,
t[p("0xe8", "3HI!")] = function(e, t) {
return e <= t
}
,
t[p("0xe9", "krTJ")] = function(e, t) {
return e - t
}
,
t[p("0xea", "]pQq")] = function(e, t) {
return e << t
}
,
t[p("0xeb", "g!0p")] = function(e, t) {
return e === t
}
,
t[p("0xec", ")uYb")] = p("0xed", "3zQ4"),
t[p("0xee", "9cg4")] = p("0xef", "LYQ!"),
t[p("0xf0", "9cg4")] = function(e, t) {
return e + t
}
,
t[p("0xf1", "ijT1")] = p("0xf2", "4N]H"),
t[p("0xf3", "J7u(")] = p("0xf4", "jvpv"),
B = t[p("0xf5", "UnBX")](t[p("0xf6", "jvpv")](Math[A](), 10), 7) ? "" : "N";
var r = [p("0xf7", "g!0p") + B]
, n = (e = [])[j].apply(e, [Z ? [][j](t[p("0xf8", "F6r*")](we), ae[r]()) : h[r](), ne[r](), ie[r](), oe[r](), se[r](), ce[r](), ue[r](), he[r](), de[r](), pe[r](), le[r]()].concat(function(e) {
if (Array.isArray(e)) {
for (var t = 0, r = Array(e.length); t < e.length; t++)
r[t] = e[t];
return r
}
return Array.from(e)
}(fe[r]()), [_e[r](), me[r](), ge[r]()]));
t[p("0xf9", "3HI!")](setTimeout, (function() {
t[p("0xfa", "l*GI")](Ee)
}
), 0);
for (var a = n[U][_](2)[p("0xfb", "UnBX")](""), i = 0; t[p("0xfc", "I%I8")](a[U], 16); i += 1)
a[t[p("0xfd", "Fvsl")]]("0");
a = a[p("0xfe", "l*GI")]("");
var o = [];
t[p("0xff", "l9X*")](n[U], 0) ? o[W](0, 0) : t[p("0x100", "Ya61")](n[U], 0) && t[p("0x101", "2Bha")](n[U], t[p("0x102", "U0CN")](t[p("0x103", "43d3")](1, 8), 1)) ? o[W](0, n[U]) : t[p("0x104", ")uYb")](n[U], t[p("0x102", "U0CN")](t[p("0x105", "Sdwk")](1, 8), 1)) && o[W](z[m](a[E](0, 8), 2), z[m](a[E](8, 16), 2)),
n = [][j]([t[p("0x106", "c6Bq")](B, "N") ? 2 : 1], [1, 0, 0], o, n);
var u = s[t[p("0x107", "ui)S")]](n)
, d = [][t[p("0x108", "P!c2")]][p("0x109", "dQAO")](u, (function(e) {
return String[t[p("0x10a", "b]KU")]](e)
}
));
return t[p("0x10b", "Fvsl")](t[p("0x10c", "nBw!")], c[t[p("0x10d", "krTJ")]](d[p("0x10e", "B4$K")]("")))
}
这段就是代码了,然而有一些混淆,下篇文章,替换其混淆部分。
标签:分析,function,return,登录,blog,csdn,article,net,pdd 来源: https://www.cnblogs.com/kittyajoke/p/13775684.html