webpack js 逆向 --- 个人记录
- 网站
aHR0cDovL2FlcmZheWluZy5jb20v - 加密参数
- 参数加密位置
方法:
1. 构造自执行函数
!function(e) {
// 加载器
}(
// 模块1;
// 模块2
)
2. 找到js的加载器
3. 把上述代码放入第一步构造的自执行函数(完整扣取一整个加载器里的代码),并用一个全局参数接收加载器,比如window.zzz = i;
自执行代码如下:
var window=global;
!function(e) {
function t(t) {
for (var r, i, l = t[0], s = t[1], u = t[2], f = 0, p = []; f < l.length; f++)
i = l[f],
Object.prototype.hasOwnProperty.call(o, i) && o[i] && p.push(o[i][0]),
o[i] = 0;
for (r in s)
Object.prototype.hasOwnProperty.call(s, r) && (e[r] = s[r]);
for (c && c(t); p.length; )
p.shift()();
return a.push.apply(a, u || []),
n()
}
function n() {
for (var e, t = 0; t < a.length; t++) {
for (var n = a[t], r = !0, l = 1; l < n.length; l++) {
var s = n[l];
0 !== o[s] && (r = !1)
}
r && (a.splice(t--, 1),
e = i(i.s = n[0]))
}
return e
}
var r = {}
, o = {
0: 0
}
, a = [];
function i(t) {
if (r[t])
return r[t].exports;
var n = r[t] = {
i: t,
l: !1,
exports: {}
};
return e[t].call(n.exports, n, n.exports, i),
n.l = !0,
n.exports
}
window.zzz = i; // 定义一个参数window.zzz接收加载器
;
var l = window.webpackJsonp = window.webpackJsonp || []
, s = l.push.bind(l);
l.push = t,
l = l.slice();
for (var u = 0; u < l.length; u++)
t(l[u]);
var c = s;
}({
// 模块1;
// 模块2
})
4. 把加密位置的代码扣取下来,放入自执行函数的模块里,然后定义一个模块名给,比如jsencrypt,自执行函数代码如下:
var window=global;
!function(e) {
function t(t) {
for (var r, i, l = t[0], s = t[1], u = t[2], f = 0, p = []; f < l.length; f++)
i = l[f],
Object.prototype.hasOwnProperty.call(o, i) && o[i] && p.push(o[i][0]),
o[i] = 0;
for (r in s)
Object.prototype.hasOwnProperty.call(s, r) && (e[r] = s[r]);
for (c && c(t); p.length; )
p.shift()();
return a.push.apply(a, u || []),
n()
}
function n() {
for (var e, t = 0; t < a.length; t++) {
for (var n = a[t], r = !0, l = 1; l < n.length; l++) {
var s = n[l];
0 !== o[s] && (r = !1)
}
r && (a.splice(t--, 1),
e = i(i.s = n[0]))
}
return e
}
var r = {}
, o = {
0: 0
}
, a = [];
function i(t) {
if (r[t])
return r[t].exports;
var n = r[t] = {
i: t,
l: !1,
exports: {}
};
return e[t].call(n.exports, n, n.exports, i),
n.l = !0,
n.exports
}
window.zzz = i; // 定义一个参数window.zzz接收加载器
;
var l = window.webpackJsonp = window.webpackJsonp || []
, s = l.push.bind(l);
l.push = t,
l = l.slice();
for (var u = 0; u < l.length; u++)
t(l[u]);
var c = s;
}(
{
// 模块名:jsencrypt
jsencrypt:function(e, t, n) {
"use strict";
Object.defineProperty(t, "__esModule", {
value: !0
});
t.default = function(e, t) {
var n = (new Date).getTime() + 2592e6 + (t || 3e4)
, r = (e || "") + "&t=" + n;
return {
t: n,
s: Sha1.hash(r)
}
}
}},
)
5. 对上述代码new一下,然后执行jsencrypt方法,运行代码,发现报错
result = new window.zzz("jsencrypt").default()
console.log(result)
报错:
6. 然后去源码里扣取Sha1的代码
最后所有js代码如下:
var window=global;
function Sha1() {}
Sha1.hash = function(n, t) {
var w = Object.assign({
msgFormat: "string",
outFormat: "hex"
}, t), b, i, f, u, e, r, p, k, h, d;
switch (w.msgFormat) {
default:
case "string":
n = Sha1.utf8Encode(n);
break;
case "hex-bytes":
n = Sha1.hexBytesToString(n)
}
b = [1518500249, 1859775393, 2400959708, 3395469782];
i = [1732584193, 4023233417, 2562383102, 271733878, 3285377520];
n += String.fromCharCode(128);
var g = n.length / 4 + 2
, o = Math.ceil(g / 16)
, s = new Array(o);
for (u = 0; u < o; u++)
for (s[u] = new Array(16),
f = 0; f < 16; f++)
s[u][f] = n.charCodeAt(u * 64 + f * 4) << 24 | n.charCodeAt(u * 64 + f * 4 + 1) << 16 | n.charCodeAt(u * 64 + f * 4 + 2) << 8 | n.charCodeAt(u * 64 + f * 4 + 3);
for (s[o - 1][14] = (n.length - 1) * 8 / Math.pow(2, 32),
s[o - 1][14] = Math.floor(s[o - 1][14]),
s[o - 1][15] = (n.length - 1) * 8 & 4294967295,
u = 0; u < o; u++) {
for (e = new Array(80),
r = 0; r < 16; r++)
e[r] = s[u][r];
for (r = 16; r < 80; r++)
e[r] = Sha1.ROTL(e[r - 3] ^ e[r - 8] ^ e[r - 14] ^ e[r - 16], 1);
var c = i[0]
, l = i[1]
, a = i[2]
, v = i[3]
, y = i[4];
for (r = 0; r < 80; r++)
p = Math.floor(r / 20),
k = Sha1.ROTL(c, 5) + Sha1.f(p, l, a, v) + y + b[p] + e[r] >>> 0,
y = v,
v = a,
a = Sha1.ROTL(l, 30) >>> 0,
l = c,
c = k;
i[0] = i[0] + c >>> 0;
i[1] = i[1] + l >>> 0;
i[2] = i[2] + a >>> 0;
i[3] = i[3] + v >>> 0;
i[4] = i[4] + y >>> 0
}
for (h = 0; h < i.length; h++)
i[h] = ("00000000" + i[h].toString(16)).slice(-8);
return d = w.outFormat == "hex-w" ? " " : "",
i.join(d)
}
;
Sha1.f = function(n, t, i, r) {
switch (n) {
case 0:
return t & i ^ ~t & r;
case 1:
return t ^ i ^ r;
case 2:
return t & i ^ t & r ^ i & r;
case 3:
return t ^ i ^ r
}
}
;
Sha1.ROTL = function(n, t) {
return n << t | n >>> 32 - t
}
;
Sha1.utf8Encode = function(n) {
return unescape(encodeURIComponent(n))
}
;
Sha1.hexBytesToString = function(n) {
var i, t;
for (n = n.replace(" ", ""),
i = "",
t = 0; t < n.length; t += 2)
i += String.fromCharCode(parseInt(n.slice(t, t + 2), 16));
return i
}
!function(e) {
function t(t) {
for (var r, i, l = t[0], s = t[1], u = t[2], f = 0, p = []; f < l.length; f++)
i = l[f],
Object.prototype.hasOwnProperty.call(o, i) && o[i] && p.push(o[i][0]),
o[i] = 0;
for (r in s)
Object.prototype.hasOwnProperty.call(s, r) && (e[r] = s[r]);
for (c && c(t); p.length; )
p.shift()();
return a.push.apply(a, u || []),
n()
}
function n() {
for (var e, t = 0; t < a.length; t++) {
for (var n = a[t], r = !0, l = 1; l < n.length; l++) {
var s = n[l];
0 !== o[s] && (r = !1)
}
r && (a.splice(t--, 1),
e = i(i.s = n[0]))
}
return e
}
var r = {}
, o = {
0: 0
}
, a = [];
function i(t) {
if (r[t])
return r[t].exports;
var n = r[t] = {
i: t,
l: !1,
exports: {}
};
return e[t].call(n.exports, n, n.exports, i),
n.l = !0,
n.exports
}
window.zzz = i; // 定义一个参数window.zzz接收加载器
;
var l = window.webpackJsonp = window.webpackJsonp || []
, s = l.push.bind(l);
l.push = t,
l = l.slice();
for (var u = 0; u < l.length; u++)
t(l[u]);
var c = s;
}(
{
// 模块名:jsencrypt
jsencrypt:function(e, t, n) {
"use strict";
Object.defineProperty(t, "__esModule", {
value: !0
});
t.default = function(e, t) {
var n = (new Date).getTime() + 2592e6 + (t || 3e4)
, r = (e || "") + "&t=" + n;
return {
t: n,
s: Sha1.hash(r)
}
}
}},
)
result = new window.zzz("jsencrypt").default()
console.log(result)
最后运行结果:
