oklink js逆向（入口定位）

分析api请求，定位参数 X-Apikey

搜索关键字apikey，发现结果太多

结合搜索结果，搜索关键字 apikey(，只找到5个

断点后定位

可见使用了字符串混淆，所以搜索不到 x-apikey

还可以通过搜索 headers，追踪调用栈的方式定位

定位函数实现

function encryptApiKey() {
    var e = "a2c903cc-b31e-4547-9299-b6d07b7631ab"
      , t = e.split("")
      , n = t.splice(0, 8);
    return e = t.concat(n).join("")
}

function encryptTime(e) {
    var c = 1111111111111;
    var t = (1 * e + c).toString().split("")
      , n = parseInt(10 * Math.random(), 10)
      , r = parseInt(10 * Math.random(), 10)
      , o = parseInt(10 * Math.random(), 10);
    return t.concat([n, r, o]).join("")
}

function  comb(e, t) {
    var n = "".concat(e, "|").concat(t);
    return btoa(n)
}

function getApiKey() {
    var e = (new Date).getTime()
      , t = encryptApiKey();
    return e = encryptTime(e),
    comb(t, e)
}

// console.log(getApiKey());

import requests
import execjs

cookies = {
    'aliyungf_tc': '55fdcff53b12ca87bef7cb974e51b2efdfe603ad361484413c36587efaf3f4c1',
    'devId': 'aba30a6f-6792-40e7-87b5-50f240ba7eb0',
    'ok_site_info': '9FjOikHdpRnblJCLiskTJx0SPJiOiUGZvNmIsIiTDJiOi42bpdWZyJye',
    'locale': 'zh_CN',
    'ok-exp-time': '1744012749063',
    'fingerprint_id': 'aba30a6f-6792-40e7-87b5-50f240ba7eb0',
    'fp_s': '-1',
    'first_ref': 'https%3A%2F%2Fcn.bing.com%2F',
    'okg.currentMedia': 'lg',
    'oklink.unaccept_cookie': '1',
    'traceId': '2920140203142910001',
    '_monitor_extras': '{"deviceId":"NeY96FrE7_QZm1P4cKuO4J","eventId":38,"sequenceNumber":38}',
    'ok-ses-id': 'SSu8nvSCRHX+fm/NUu3Ublr4+sMStUQzdyR6bo9k6zIKhGv+ao8edPbpcMJn4K6LzICcGndwSug8QDiLLIFwlzwpJvMwSvhxqvfBs4t14Jvj+MjhILMBHEf+M5Jmnv9W',
}

headers = {
    'accept': 'application/json',
    'accept-language': 'zh-CN,zh;q=0.9',
    'app-type': 'web',
    'cache-control': 'no-cache',
    'devid': 'aba30a6f-6792-40e7-87b5-50f240ba7eb0',
    'dnt': '1',
    'ok-timestamp': '1744020333388',
    'ok-verify-sign': 'uIO9gGqvlHW2FLgKOf9Z4foA/1MbZq58dtSLx81EFK4=',
    'ok-verify-token': '4bbe3437-0881-4a39-b171-f10596474649',
    'pragma': 'no-cache',
    'priority': 'u=1, i',
    'referer': 'https://www.oklink.com/zh-hans/btc/block-list/page/3',
    'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 Edg/135.0.0.0',
    'x-apikey': 'LWIzMWUtNDU0Ny05Mjk5LWI2ZDA3Yjc2MzFhYmEyYzkwM2NjfDI4NTUxMzE0NDQ0NzkyNzI=',
    'x-cdn': 'https://static.oklink.com',
    'x-id-group': '2920140203142910001-c-4',
    'x-locale': 'zh_CN',
    'x-simulated-trading': 'undefined',
    'x-site-info': '9FjOikHdpRnblJCLiskTJx0SPJiOiUGZvNmIsIiTDJiOi42bpdWZyJye',
    'x-utc': '8',
    'x-zkdex-env': '0',
}

params = {
    'offset': '40',
    'limit': '20',
    't': '1744020333368',
}

apikey = execjs.compile(open('Apikey.js').read()).call('getApiKey')

headers['x-apikey'] = apikey

resp = requests.get('https://www.oklink.com/api/explorer/v1/btc/blocks', params=params, cookies=cookies, headers=headers)

print(resp.text)