Statement ： This article is for study only , It is forbidden to be used for illegal purposes , Otherwise, we will be responsible for the consequences . If your rights and interests are infringed , Please contact me immediately to delete ！

Preface

The target site ：aHR0cDovL2p6c2MubW9odXJkLmdvdi5jbi9kYXRhL2NvbXBhbnk=

Grab the bag

Bag grabbing discovery , The response data is a string of characters , Description is encrypted .

Find the encrypted location

next xhr The breakpoint , Turn the page to break the breakpoint , Then go back to the stack , Come here .

Although the response data is encrypted , But the whole process must first request data normally , Then decrypt the response data , And then render it to the page . Here we need to focus on onreadystatechange This method , Because there is response and respnseText The word .

But this onreadystatechange What is? , The definition of a rookie is ：

The logic here should be when readyState by 4 The callback function is executed to decrypt the response data .

Here's the next breakpoint , Then step through the debugging , Come to this place ,


This h Is the method of decryption , Enter h Look inside .

function h(t) {
    
    var e = d.a.enc.Hex.parse(t)
    , n = d.a.enc.Base64.stringify(e)
    , a = d.a.AES.decrypt(n, f, {
    
        iv: m,
        mode: d.a.mode.CBC,
        padding: d.a.pad.Pkcs7
    })
    , r = a.toString(d.a.enc.Utf8);
    return r.toString()
}

Encryption logic

h It's just one. AES encryption ( laugh ), The encryption mode is CBC,key and iv It is also defined in the previous section .

f = d.a.enc.Utf8.parse("jo8j9wGw%6HbxfFn")
m = d.a.enc.Utf8.parse("0123456789ABCDEF");

Although this view is original AES, But for insurance , Or first take the online website to verify .

It's really native AES, That's easy , Direct use python The library adjustment is finished .

python Code ：

from Crypto.Cipher import AES
from Crypto.Util.Padding import pad, unpad
import binascii


def decrypt(data):
    cipher = AES.new(key=KEY, mode=AES.MODE_CBC, iv=IV)
    decrypted_data = cipher.decrypt(binascii.a2b_hex(data))
    return unpad(decrypted_data, block_size=AES.block_size).decode('utf8')


KEY = 'jo8j9wGw%6HbxfFn'.encode()
IV = '0123456789ABCDEF'.encode()
raw_data = 'xxx'  #  Too long , I will not post it 
result = decrypt(raw_data)
print(result)

Running effect ：

Another piece of water (bushi), I'll see you next time .