JS reverse - sign parameter
Cannot request data directly, need to add sign parameter to request
Target website: https://sale.1688.com/factory/home.html?spm=a260k.22464671.kyebv087.2.13d47a6e2aTz9Q
1. The text data cannot be found in html, find the interface location, and roughly remember the parameter part.
2. Find the launcher in the file and enter the JS file.
3. Search sign in the JS file to find the complete sign position. It can be seen that sign is generated by j, and the j function is solved.
4. Make a breakpoint at position j, refresh the webpage, and find out d.token, i, g, and c.data (compare c.data with the data of the data interface)
5. Take out the parameters and write the python code.
import time
# d.token + "&" + i + "&" + g + "&" + c.data
# token 会变化。
token = '************************'
i = round(time.time() * 1000)
g = '12574478'
data = '{"cid":"FactorySearchPCConditionService:FactorySearchPCConditionService","methodName":"execute","params":"{\\"lv1RecCateSize\\":\\"50\\",\\"classifyByCategory\\":\\"true\\",\\"classifyByGeo\\":\\"true\\",\\"from\\":\\"pc_index_recommend\\",\\"trafficSource\\":\\"pc_index_recommend\\",\\"url\\":\\"https://sale.1688.com/factory/home.html?spm=a260k.dacugeneral.0.0\\"}"}'
signkey = token + '&' + str(i) + '&' + g + '&' + data
6. Enter the h method and write the entire function into the js file.
7. Create a js file and write the found h method into the js file.
function h(a) {
function b(a, b) {
return a << b | a >>> 32 - b
}
function c(a, b) {
var c, d, e, f, g;
return e = 2147483648 & a,
f = 2147483648 & b,
c = 1073741824 & a,
d = 1073741824 & b,
g = (1073741823 & a) + (1073741823 & b),
c & d ? 2147483648 ^ g ^ e ^ f : c | d ? 1073741824 & g ? 3221225472 ^ g ^ e ^ f : 1073741824 ^ g ^ e ^ f : g ^ e ^ f
}
function d(a, b, c) {
return a & b | ~a & c
}
function e(a, b, c) {
return a & c | b & ~c
}
function f(a, b, c) {
return a ^ b ^ c
}
function g(a, b, c) {
return b ^ (a | ~c)
}
function h(a, e, f, g, h, i, j) {
return a = c(a, c(c(d(e, f, g), h), j)),
c(b(a, i), e)
}
function i(a, d, f, g, h, i, j) {
return a = c(a, c(c(e(d, f, g), h), j)),
c(b(a, i), d)
}
function j(a, d, e, g, h, i, j) {
return a = c(a, c(c(f(d, e, g), h), j)),
c(b(a, i), d)
}
function k(a, d, e, f, h, i, j) {
return a = c(a, c(c(g(d, e, f), h), j)),
c(b(a, i), d)
}
function l(a) {
for (var b, c = a.length, d = c + 8, e = (d - d % 64) / 64, f = 16 * (e + 1), g = new Array(f - 1), h = 0, i = 0; c > i; )
b = (i - i % 4) / 4,
h = i % 4 * 8,
g[b] = g[b] | a.charCodeAt(i) << h,
i++;
return b = (i - i % 4) / 4,
h = i % 4 * 8,
g[b] = g[b] | 128 << h,
g[f - 2] = c << 3,
g[f - 1] = c >>> 29,
g
}
function m(a) {
var b, c, d = "", e = "";
for (c = 0; 3 >= c; c++)
b = a >>> 8 * c & 255,
e = "0" + b.toString(16),
d += e.substr(e.length - 2, 2);
return d
}
function n(a) {
a = a.replace(/\r\n/g, "\n");
for (var b = "", c = 0; c < a.length; c++) {
var d = a.charCodeAt(c);
128 > d ? b += String.fromCharCode(d) : d > 127 && 2048 > d ? (b += String.fromCharCode(d >> 6 | 192),
b += String.fromCharCode(63 & d | 128)) : (b += String.fromCharCode(d >> 12 | 224),
b += String.fromCharCode(d >> 6 & 63 | 128),
b += String.fromCharCode(63 & d | 128))
}
return b
}
var o, p, q, r, s, t, u, v, w, x = [], y = 7, z = 12, A = 17, B = 22, C = 5, D = 9, E = 14, F = 20, G = 4, H = 11, I = 16, J = 23, K = 6, L = 10, M = 15, N = 21;
for (a = n(a),
x = l(a),
t = 1732584193,
u = 4023233417,
v = 2562383102,
w = 271733878,
o = 0; o < x.length; o += 16)
p = t,
q = u,
r = v,
s = w,
t = h(t, u, v, w, x[o + 0], y, 3614090360),
w = h(w, t, u, v, x[o + 1], z, 3905402710),
v = h(v, w, t, u, x[o + 2], A, 606105819),
u = h(u, v, w, t, x[o + 3], B, 3250441966),
t = h(t, u, v, w, x[o + 4], y, 4118548399),
w = h(w, t, u, v, x[o + 5], z, 1200080426),
v = h(v, w, t, u, x[o + 6], A, 2821735955),
u = h(u, v, w, t, x[o + 7], B, 4249261313),
t = h(t, u, v, w, x[o + 8], y, 1770035416),
w = h(w, t, u, v, x[o + 9], z, 2336552879),
v = h(v, w, t, u, x[o + 10], A, 4294925233),
u = h(u, v, w, t, x[o + 11], B, 2304563134),
t = h(t, u, v, w, x[o + 12], y, 1804603682),
w = h(w, t, u, v, x[o + 13], z, 4254626195),
v = h(v, w, t, u, x[o + 14], A, 2792965006),
u = h(u, v, w, t, x[o + 15], B, 1236535329),
t = i(t, u, v, w, x[o + 1], C, 4129170786),
w = i(w, t, u, v, x[o + 6], D, 3225465664),
v = i(v, w, t, u, x[o + 11], E, 643717713),
u = i(u, v, w, t, x[o + 0], F, 3921069994),
t = i(t, u, v, w, x[o + 5], C, 3593408605),
w = i(w, t, u, v, x[o + 10], D, 38016083),
v = i(v, w, t, u, x[o + 15], E, 3634488961),
u = i(u, v, w, t, x[o + 4], F, 3889429448),
t = i(t, u, v, w, x[o + 9], C, 568446438),
w = i(w, t, u, v, x[o + 14], D, 3275163606),
v = i(v, w, t, u, x[o + 3], E, 4107603335),
u = i(u, v, w, t, x[o + 8], F, 1163531501),
t = i(t, u, v, w, x[o + 13], C, 2850285829),
w = i(w, t, u, v, x[o + 2], D, 4243563512),
v = i(v, w, t, u, x[o + 7], E, 1735328473),
u = i(u, v, w, t, x[o + 12], F, 2368359562),
t = j(t, u, v, w, x[o + 5], G, 4294588738),
w = j(w, t, u, v, x[o + 8], H, 2272392833),
v = j(v, w, t, u, x[o + 11], I, 1839030562),
u = j(u, v, w, t, x[o + 14], J, 4259657740),
t = j(t, u, v, w, x[o + 1], G, 2763975236),
w = j(w, t, u, v, x[o + 4], H, 1272893353),
v = j(v, w, t, u, x[o + 7], I, 4139469664),
u = j(u, v, w, t, x[o + 10], J, 3200236656),
t = j(t, u, v, w, x[o + 13], G, 681279174),
w = j(w, t, u, v, x[o + 0], H, 3936430074),
v = j(v, w, t, u, x[o + 3], I, 3572445317),
u = j(u, v, w, t, x[o + 6], J, 76029189),
t = j(t, u, v, w, x[o + 9], G, 3654602809),
w = j(w, t, u, v, x[o + 12], H, 3873151461),
v = j(v, w, t, u, x[o + 15], I, 530742520),
u = j(u, v, w, t, x[o + 2], J, 3299628645),
t = k(t, u, v, w, x[o + 0], K, 4096336452),
w = k(w, t, u, v, x[o + 7], L, 1126891415),
v = k(v, w, t, u, x[o + 14], M, 2878612391),
u = k(u, v, w, t, x[o + 5], N, 4237533241),
t = k(t, u, v, w, x[o + 12], K, 1700485571),
w = k(w, t, u, v, x[o + 3], L, 2399980690),
v = k(v, w, t, u, x[o + 10], M, 4293915773),
u = k(u, v, w, t, x[o + 1], N, 2240044497),
t = k(t, u, v, w, x[o + 8], K, 1873313359),
w = k(w, t, u, v, x[o + 15], L, 4264355552),
v = k(v, w, t, u, x[o + 6], M, 2734768916),
u = k(u, v, w, t, x[o + 13], N, 1309151649),
t = k(t, u, v, w, x[o + 4], K, 4149444226),
w = k(w, t, u, v, x[o + 11], L, 3174756917),
v = k(v, w, t, u, x[o + 2], M, 718787259),
u = k(u, v, w, t, x[o + 9], N, 3951481745),
t = c(t, p),
u = c(u, q),
v = c(v, r),
w = c(w, s);
var O = m(t) + m(u) + m(v) + m(w);
return O.toLowerCase()
}
8. Integrate the parameters in python, pass in the js file to get the encrypted parameter sign.
import time
import execjs
import requests
# d.token + "&" + i + "&" + g + "&" + c.data
token = '************************'
i = round(time.time() * 1000)
g = '12574478'
data = '{"cid":"FactorySearchPCConditionService:FactorySearchPCConditionService","methodName":"execute","params":"{\\"lv1RecCateSize\\":\\"50\\",\\"classifyByCategory\\":\\"true\\",\\"classifyByGeo\\":\\"true\\",\\"from\\":\\"pc_index_recommend\\",\\"trafficSource\\":\\"pc_index_recommend\\",\\"url\\":\\"https://sale.1688.com/factory/home.html?spm=a260k.dacugeneral.0.0\\"}"}'
signkey = token + '&' + str(i) + '&' + g + '&' + data
with open('./16xxsign加密.js','r',encoding='utf-8') as f:
jscall = f.read()
ctx = execjs.compile(jscall).call('h',signkey)
print(ctx)
ctx输出:7a19d23c2be028316ab448fb582e9c6b
9. Access the url in python and take out the required data.
import time
import execjs
import requests
# d.token + "&" + i + "&" + g + "&" + c.data
token = '************************'
i = round(time.time() * 1000)
g = '12574478'
data = '{"cid":"FactorySearchPCConditionService:FactorySearchPCConditionService","methodName":"execute","params":"{\\"lv1RecCateSize\\":\\"50\\",\\"classifyByCategory\\":\\"true\\",\\"classifyByGeo\\":\\"true\\",\\"from\\":\\"pc_index_recommend\\",\\"trafficSource\\":\\"pc_index_recommend\\",\\"url\\":\\"https://sale.1688.com/factory/home.html?spm=a260k.dacugeneral.0.0\\"}"}'
signkey = token + '&' + str(i) + '&' + g + '&' + data
with open('./16xxsign加密.js','r',encoding='utf-8') as f:
jscall = f.read()
ctx = execjs.compile(jscall).call('h',signkey)
# print(ctx)
url = 'https://h5api.m.1688.com/h5/mtop.taobao.widgetservice.getjsoncomponent/1.0/?'
payload = {
'jsv': '2.6.1', 'appKey': g, 't': i, 'sign': ctx, 'v': '1.0', 'type': 'jsonp', 'isSec': 0,
'timeout': 20000, 'api': 'mtop.taobao.widgetService.getJsonComponent', 'dataType': 'jsonp', 'jsonpIncPrefix': 'mboxfc',
'callback': 'mtopjsonpmboxfc9', 'data': data}
headers = {
'cookie': 'cookie2=1c0abad5c2140fdeede0825e2afc1d61; t=158eb3f1db5b6433c138d96a55bff422; _tb_token_=e9b6d8de8eebe; __cn_logon__=false; cna=BsypG+e0SikCAX0mpQ6sZKaj; ali_ab=117.14.229.124.1667377780458.6; _csrf_token=1668502961679; _m_h5_tk=e01893f248fba2155ddbf5ad725026c8_1668591039098; _m_h5_tk_enc=02271f81b3eb9e5860e2d6d24e1ca468; xlly_s=1; alicnweb=touch_tb_at%3D1668584062851; tfstk=cUrCBb2Jj7ENcAIkxX6NaMWW1anCZ9KIQ9Ggd66MrW5evmyCihtqGQxQECnreA1..; l=eBOBUSdmTJ6RPHFh2Ofwourza77OSIRAguPzaNbMiOCPOPCp5r7CW6zJ0AL9C3GVh6yWR3kzvXKpBeYBcIjcdlWlc7DZWVHmn; isg=BHV1Kcb6ekD1w57qTSyw0YfbhPcv8ikEmNzmk_eaMew7zpXAv0I51INIGJJ4jkG8',
'sec-fetch-site': 'same-site',
'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36'
}
res = requests.get(url,headers=headers,data=payload)
print(res.text)