Notice! ! ! ! The reverse example of a certain XX website is only used as a learning case, and other individuals and groups are prohibited from making profit! ! !
Step 1: Request to get the response content. and analyze.
The second step: analysis of key steps ( this part refers to the boss of station B Turinghe ). The content is the formatted response content
Step 3: Break point at setcookie(). Delete the cookie and refresh the page (it takes a long time to load, please wait patiently). X appears at the breakpoint, indicating that X is to generate a cookie. By seeing the order of execution at the stack, the previous step of the reload function is an anonymous function. click to enter
Step 4: After entering the anonymous function, you can see reload (arg2) explaining x=arg2 (the loading time is very long, you can’t see it without patience.)
Step 5: Make a breakpoint at arg2 in the marked tab. After hitting the breakpoint, delete the cookie, refresh the page and wait to stay here. Notice! ! ! Be sure to remove the breakpoint of the previous setcookie() function
Step 6: Two values can be seen at the breakpoint, namely _0x23a392 and _0x5e8b26. Where _0x23a392 is the generated value. Buckle this piece of content and put it in the editor
_0x5e8b26 This value is searched, and it can be seen that it is a constant (students who do not understand, you can privately or look at the picture to understand)
Step 7: Analyze the deducted code. It can be parsed and supplemented by executing the error content locally.
Final code display
// arg1 = 'F90D514BDEF402588B5CFCED428E96F13C466BBE'
function fuzhi_arg1(arg1) {
_0x5e8b26 = "3000176000856006061501533003690027800375"
String['prototype']['unsbox'] = function() {
var _0x4b082b = [0xf, 0x23, 0x1d, 0x18, 0x21, 0x10, 0x1, 0x26, 0xa, 0x9, 0x13, 0x1f, 0x28, 0x1b, 0x16, 0x17, 0x19, 0xd, 0x6, 0xb, 0x27, 0x12, 0x14, 0x8, 0xe, 0x15, 0x20, 0x1a, 0x2, 0x1e, 0x7, 0x4, 0x11, 0x5, 0x3, 0x1c, 0x22, 0x25, 0xc, 0x24];
var _0x4da0dc = [];
var _0x12605e = '';
for (var _0x20a7bf = 0x0; _0x20a7bf < this['\x6c\x65\x6e\x67\x74\x68']; _0x20a7bf++) {
var _0x385ee3 = this[_0x20a7bf];
for (var _0x217721 = 0x0; _0x217721 < _0x4b082b['length']; _0x217721++) {
if (_0x4b082b[_0x217721] == _0x20a7bf + 0x1) {
_0x4da0dc[_0x217721] = _0x385ee3;
}
}
}
_0x12605e = _0x4da0dc['\x6a\x6f\x69\x6e']('');
return _0x12605e;
}
String['prototype']['hexXor'] = function(_0x4e08d8) {
var _0x5a5d3b = '';
for (var _0xe89588 = 0x0; _0xe89588 < this['length'] && _0xe89588 < _0x4e08d8['length']; _0xe89588 += 0x2) {
var _0x401af1 = parseInt(this['slice'](_0xe89588, _0xe89588 + 0x2), 0x10);
var _0x105f59 = parseInt(_0x4e08d8['slice'](_0xe89588, _0xe89588 + 0x2), 0x10);
var _0x189e2c = (_0x401af1 ^ _0x105f59)['toString'](0x10);
if (_0x189e2c['length'] == 0x1) {
_0x189e2c = '\x30' + _0x189e2c;
}
_0x5a5d3b += _0x189e2c;
}
return _0x5a5d3b;
}
var _0x23a392 = arg1['unsbox']();
arg2 = _0x23a392['hexXor'](_0x5e8b26)
return arg2;
}Just as a note record, if you have any questions, please guide me