声明:
本文章中所有内容仅供学习交流使用,不用于其他任何目的,抓包内容、敏感网址、数据接口等均已做脱敏处理,严禁用于商业用途和非法用途,否则由此产生的一切后果均与作者无关!
逆向分析
学习了2天某物,frida检测有点狠,看了几篇博客,全是hook线程,遇到难的就不行。习惯性看评论发现大佬都在评论区直接给通用方案秒了95% libmsaoaidsec.so检测。卡在vmp了,真的恶心。还是降级老老实实学习一下基础。
if vt:
cookies.update(response.cookies)
print(response.cookies)
for i in range(1, 5):
cp = execjs.compile(open('h5st.js', 'r', encoding='utf-8').read())
result = cp.call('getH5st')
# print(result)
headers = {
"accept": "application/json, text/javascript, */*; q=0.01",
"accept-language": "zh-CN,zh;q=0.9",
"cache-control": "no-cache",
"pragma": "no-cache",
"priority": "u=1, i",
"referer": "https://item.jd.com/",
"sec-ch-ua": "\"Not A(Brand\";v=\"8\", \"Chromium\";v=\"132\", \"Microsoft Edge\";v=\"132\"",
"sec-ch-ua-mobile": "?0",
"sec-ch-ua-platform": "\"Windows\"",
"sec-fetch-dest": "empty",
"sec-fetch-mode": "cors",
"sec-fetch-site": "same-site",
"user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36 Edg/132.0.0.0",
"x-rp-client": "h5_1.0.0"
}
url = ""
params = {
"appid": "pc-item-soa",
"functionId": "pc_detailpage_wareBusiness",
"client": "pc",
"clientVersion": "1.0.0",
"t": result['t'],
"body": result['body'],
"h5st": result['h5st'],
"x-api-eid-token": token,
"loginType": "3",
"scval": "100145994848",
"uuid": jda
}
response = session.get(url, headers=headers, params=params,cookies=cookies)
print(result)
print(response.text)
else:
print("验证不通过")
结果
总结
1.出于安全考虑,本章未提供完整流程,调试环节省略较多,只提供大致思路,具体细节要你自己还原,相信你也能调试出来。
