js逆向解析之百度翻译案例
作者:互联网
百度翻译使用了js函数对sign值进行加密,所以需要用到js逆向解析
js逆向解析即通过调用对方的js加密函数来获取正确的加密数据
js逆向解析需要安装js开发环境node.js和execjs模块
有两个文件,一个py文件存放主程序,和一个js文件存放从浏览器中找到的生成js加密数据的js代码
两个文件需在同一个文件夹中。
*.py py文件
import requests # 需安装
import execjs # pip install pyexecjs 用于运行js代码
import jsonpath # 需安装
import time
class BaiduFanyi:
def __init__(self):
self.url = 'https://fanyi.baidu.com/v2transapi?from=zh&to=en'
self.head = {
"user-agent": "", # 请到浏览器开发者工具中复制
"referer": "https: // fanyi.baidu.com /",
"cookie": "", # 请到浏览器开发者工具中复制
}
self.zh = None
self.sign = None
self.formdata = {"from": "zh",
"to": "en",
"query": self.zh,
"transtype": "enter",
"simple_means_flag": "3",
"sign": self.sign,
"token": "", # 请到浏览器开发者工具中复制
"domain": "common"}
def get_sign(self):
# 1、打开js文件,使用js代码生成js加密数据
with open('sign.js', 'r') as f:
js_sign = f.read()
# 2、编译
exe_sign = execjs.compile(js_sign)
# 3、调用js函数生成加密数据
self.sign = exe_sign.call('e', self.zh)
def fanyi(self, zh):
# 翻译
self.zh = zh
self.get_sign()
self.formdata['query'] = self.zh
self.formdata['sign'] = self.sign
res = requests.post(self.url, data=self.formdata, headers=self.head)
pydict = res.json()
try:
dst = jsonpath.jsonpath(pydict, '$..text')[0] # 单词
except:
dst = jsonpath.jsonpath(pydict, '$..dst')[0] # 句子
return dst
if __name__ == '__main__':
zhtoen = BaiduFanyi()
n = 10
for i in range(n):
zh = input("百度翻译为您服务!请输入中文:\n")
en = zhtoen.fanyi(zh)
print(f"英文翻译为:\n{en}")
if i < n - 1:
y = input(f"你还有{n - i}次机会,继续吗?(Y/N)\n")
if y in ['n', 'N']:
break
else:
print("机会已经用完,请重新启动...")
input("请按任意键...")
print("\n感谢您的使用!")
time.sleep(1.5)
print("\n本次服务到此结束!")
*.js文件
function n(r, o) {
for (var t = 0; t < o.length - 2; t += 3) {
var a = o.charAt(t + 2);
a = a >= "a" ? a.charCodeAt(0) - 87 : Number(a),
a = "+" === o.charAt(t + 1) ? r >>> a : r << a,
r = "+" === o.charAt(t) ? r + a & 4294967295 : r ^ a
}
return r
}
function e(r) {
var o = r.match(/[\uD800-\uDBFF][\uDC00-\uDFFF]/g);
if (null === o) {
var t = r.length;
t > 30 && (r = "" + r.substr(0, 10) + r.substr(Math.floor(t / 2) - 5, 10) + r.substr(-10, 10))
} else {
for (var e = r.split(/[\uD800-\uDBFF][\uDC00-\uDFFF]/), C = 0, h = e.length, f = []; h > C; C++)
"" !== e[C] && f.push.apply(f, a(e[C].split(""))),
C !== h - 1 && f.push(o[C]);
var g = f.length;
g > 30 && (r = f.slice(0, 10).join("") + f.slice(Math.floor(g / 2) - 5, Math.floor(g / 2) + 5).join("") + f.slice(-10).join(""))
}
u = "320305.131321201";
for (var d = u.split("."), m = Number(d[0]) || 0, s = Number(d[1]) || 0, S = [], c = 0, v = 0; v < r.length; v++) {
var A = r.charCodeAt(v);
128 > A ? S[c++] = A : (2048 > A ? S[c++] = A >> 6 | 192 : (55296 === (64512 & A) && v + 1 < r.length && 56320 === (64512 & r.charCodeAt(v + 1)) ? (A = 65536 + ((1023 & A) << 10) + (1023 & r.charCodeAt(++v)),
S[c++] = A >> 18 | 240,
S[c++] = A >> 12 & 63 | 128) : S[c++] = A >> 12 | 224,
S[c++] = A >> 6 & 63 | 128),
S[c++] = 63 & A | 128)
}
for (var p = m, F = "" + String.fromCharCode(43) + String.fromCharCode(45) + String.fromCharCode(97) + ("" + String.fromCharCode(94) + String.fromCharCode(43) + String.fromCharCode(54)), D = "" + String.fromCharCode(43) + String.fromCharCode(45) + String.fromCharCode(51) + ("" + String.fromCharCode(94) + String.fromCharCode(43) + String.fromCharCode(98)) + ("" + String.fromCharCode(43) + String.fromCharCode(45) + String.fromCharCode(102)), b = 0; b < S.length; b++)
p += S[b],
p = n(p, F);
return p = n(p, D),
p ^= s,
0 > p && (p = (2147483647 & p) + 2147483648),
p %= 1e6,
p.toString() + "." + (p ^ m)
}
标签:逆向,zh,String,self,js,sign,百度,fromCharCode 来源: https://www.cnblogs.com/52note/p/13971399.html