Skip to content

P
px3
Commit d2aa09f3 authored by wang's avatar wang
Browse files
Options

解密函数完成

parent 398d20e5
Expand all Show whitespace changes
Inline Side-by-side
Showing with 3875 additions and 8332 deletions
ast/222.js
View file @ d2aa09f3
This diff is collapsed.
ast/decodeResult.js
View file @ d2aa09f3
This diff is collapsed.
captcha.py 0 → 100644
View file @ d2aa09f3
This diff is collapsed.
captcha/captcha.js
View file @ d2aa09f3
......@@ -106,7 +106,7 @@ try {
for (var v, t, e = 0, f = 0, s = ""; t = u.charAt(f++); ~t && (v = e % 4 ? 64 * v + t : t, e++ % 4) ? s += String.fromCharCode(255 & v >> (-2 * e & 6)) : 0) t = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=".indexOf(t);
return s
}
}(), n = Object.create(null), v = u,function (r, n) {
}(), n = Object.create(null), v = u, function (r, n) {
function u(r, n) {
return i(r - 915, n)
}
......@@ -1136,8 +1136,7 @@ try {
} catch (r) {
u.push(u.shift())
}
}(),
function (r, n) {
}(), function (r, n) {
var u = Vn();
function v(r, n) {
......
captcha/decode.js
View file @ d2aa09f3
......@@ -500,7 +500,7 @@ traverse(ast, {
referencePath.parentPath.parentPath.parentPath.parentPath.parentPath.parentPath.parentPath.replaceWith(
types.CallExpression(
types.FunctionExpression(
null,[],
null, [],
types.BlockStatement([])
),
[]
......@@ -519,7 +519,7 @@ traverse(ast, {
referencePath.parentPath.parentPath.parentPath.parentPath.parentPath.parentPath.replaceWith(
types.CallExpression(
types.FunctionExpression(
null,[],
null, [],
types.BlockStatement([])
),
[]
......@@ -780,22 +780,43 @@ var map2 = {};
// })
// }
traverse(ast, {
for (let j = 0; j < 3; j++) {
traverse(ast, {
CallExpression(path) {
let callee = path.node.callee;
let args = path.node.arguments;
if (funcs[callee.name]) {
if (args.length !== 2)return;
if (args[1] === undefined)return;
if (types.isNumericLiteral(args[0]) && types.isNumericLiteral(args[1])) {
if (args.length !== 2) return;
if (args[1] === undefined) return;
// console.log('xxx', callee.name)
// console.log(generator(path.node).code)
if (generator(path.node).code.indexOf('(1277, 1264)') > -1)debugger
if (funcTemp[callee.name]) {
let arggs = [];
if (types.isBinaryExpression(args[0]) || types.isBinaryExpression(args[1])) {
let code22 = generator(path.parent).code;
// console.log(code22)
try {
let tName = path.parentPath.parentPath.parent.id.name;
eval(`funcTemp.${tName} = function (r, n) {
return funcTemp.${generator(path.node).code}
}`)
// console.log(`funcTemp.${tName} = function (r, n) {
// return funcTemp.${generator(path.node).code}
// }`)
} catch (e) {
}
return;
}
if (types.isNumericLiteral(args[0])) {
// let res = funcs[callee.name](arguments[0].value, arguments[1].value)
try {
console.log(callee.name, args[0].value,args[1].value)
let res = funcTemp[callee.name](args[0].value, args[1].value)
console.log(callee.name, args[0].value,args[1].value, res)
if (!res) return
path.replaceWith(types.StringLiteral(res))
arggs[0] = args[0].value
// console.log(callee.name, args[0].value,args[1].value)
// let res = funcTemp[callee.name](args[0].value, args[1].value)
// console.log(callee.name, args[0].value,args[1].value, res)
// if (!res) return
// path.replaceWith(types.StringLiteral(res))
} catch (e) {
}
// if (id.name === 'zo') {
......@@ -803,10 +824,46 @@ traverse(ast, {
// console.log(arguments[0].value, res)
// }
}
if (types.isUnaryExpression(args[0]) && args[0].operator === '-') {
arggs[0] = -args[0].argument.value
}
if (types.isNumericLiteral(args[1])) {
// let res = funcs[callee.name](arguments[0].value, arguments[1].value)
try {
arggs[1] = args[1].value
// console.log(callee.name, args[0].value,args[1].value)
// let res = funcTemp[callee.name](args[0].value, args[1].value)
// console.log(callee.name, args[0].value,args[1].value, res)
// if (!res) return
// path.replaceWith(types.StringLiteral(res))
} catch (e) {
}
})
// if (id.name === 'zo') {
// console.log(arguments[0].value, res)
// }
}
if (types.isUnaryExpression(args[1]) && args[1].operator === '-') {
arggs[1] = -args[1].argument.value
}
if (arggs.length == 2) {
try {
let res = funcTemp[callee.name](arggs[0], arggs[1])
console.log(callee.name, arggs[0], arggs[1], res)
if (!res) return
path.replaceWith(types.StringLiteral(res))
} catch (e) {
}
}
}
}
})
}
// console.log(keys2 + '')
console.log(funcs)
......@@ -837,53 +894,53 @@ var i = function () {
function o(n) {
var r = t();
for (var c = i(n), u = "", l = 0; l < c.length; ++l) {
var s = "XsS5yUA".charCodeAt(l % 7);
var s = "j6yKtVh".charCodeAt(l % 7);
u += String.fromCharCode(s ^ c.charCodeAt(l));
}
return u;
}
// traverse(ast, {
// VariableDeclaration(path) {
// let {declarations} = path.node;
// let scope = path.scope;
// if (declarations.length !== 1) return;
// let declaration = declarations[0]
// let {id, init} = declaration;
// if (!init) return
// if (!types.isIdentifier(init)) return;
// if (init.name === 'o') {
// let binding = scope.getBinding(id.name);
// if (id.name === 'xs') {
// debugger
// }
// if (!binding) return;
// // console.log(id.name, init.name, binding.references)
//
// for (const referencePath of binding.referencePaths) {
// // console.log(referencePath);
// // console.log(generator(referencePath.parent).code)
// // console.log(referencePath.parentPath.type)
//
// if (types.isCallExpression(referencePath.parent)) {
// let {callee, arguments} = referencePath.parent;
//
// if (arguments.length === 1 && types.isStringLiteral(arguments[0])) {
// let res = o(arguments[0].value)
// // if (id.name === 'xs') {
// //
// // console.log(generator(referencePath.parent).code, res)
// // }
// referencePath.parentPath.replaceWith(types.StringLiteral(res))
// }
// } else {
//
// }
// }
// }
//
// }
// })
traverse(ast, {
VariableDeclaration(path) {
let {declarations} = path.node;
let scope = path.scope;
if (declarations.length !== 1) return;
let declaration = declarations[0]
let {id, init} = declaration;
if (!init) return
if (!types.isIdentifier(init)) return;
if (init.name === 'u') {
let binding = scope.getBinding(id.name);
if (id.name === 'xs') {
debugger
}
if (!binding) return;
// console.log(id.name, init.name, binding.references)
for (const referencePath of binding.referencePaths) {
// console.log(referencePath);
// console.log(generator(referencePath.parent).code)
// console.log(referencePath.parentPath.type)
if (types.isCallExpression(referencePath.parent)) {
let {callee, arguments} = referencePath.parent;
if (arguments.length === 1 && types.isStringLiteral(arguments[0])) {
let res = o(arguments[0].value)
// if (id.name === 'xs') {
//
// console.log(generator(referencePath.parent).code, res)
// }
referencePath.parentPath.replaceWith(types.StringLiteral(res))
}
} else {
}
}
}
}
})
//end
......
captcha/decodeResult.js
View file @ d2aa09f3
This diff is collapsed.
captcha_down.js 0 → 100644
View file @ d2aa09f3
This diff is collapsed.
captcha_step2.js 0 → 100644
View file @ d2aa09f3
This diff is collapsed.
error.json 0 → 100644
View file @ d2aa09f3
{"appId":"PXkp4CLSb5","jsClientSrc":"/kp4CLSb5/init.js","firstPartyEnabled":true,"vid":"","uuid":"b5f4636f-4647-11ee-a54b-704749494b72","hostUrl":"/kp4CLSb5/xhr","blockScript":"/kp4CLSb5/captcha/kp4CLSb5/captcha.js?a=c&u=b5f4636f-4647-11ee-a54b-704749494b72&v=&m=0","altBlockScript":"https://captcha.px-cloud.net/PXkp4CLSb5/captcha.js?a=c&u=b5f4636f-4647-11ee-a54b-704749494b72&v=&m=0","customLogo":"https://content.spirit.com/a/1679"}
index.html
View file @ d2aa09f3
This diff is collapsed.
js/encodepayload.js
View file @ d2aa09f3
This diff is collapsed.
main.py
View file @ d2aa09f3
......@@ -269,11 +269,11 @@ class PxBypass():
"ft": ft,
"seq": "1",
"en": "NTA",
"cs": self.m['0l0000'],
"cs": self.m['00III0'],
"pc": pc,
"sid": self.m['000ll0'],
"vid": self.m['l000l0'],
"cts": self.m['0lll0l00'],
"sid": self.m['I0I0II'],
"vid": self.m['I000I0'],
"cts": self.m['0III00I0'],
"rsc": "1"
}
url = "https://collector-PXVb73hTEg.px-cloud.net/api/v2/collector"
......@@ -299,7 +299,7 @@ class PxBypass():
resp = response.json()
m = {}
if 'ob' in resp:
cookies = self.encrypt(base64.b64decode(resp['ob'].encode()), 96).decode()
cookies = self.encrypt(base64.b64decode(resp['ob'].encode()), 866 % 128).decode()
print(cookies.split('~~~~'))
for i in cookies.split('~~~~'):
tmp = i.split('|')
......
step2.js
View file @ d2aa09f3
......@@ -78,7 +78,7 @@ function createPx1(t) {
function getPX12573(a, b, c) {
let t = function (o, n, h) {
return o - 36454 + h.charCodeAt(12);
// }["apply"](null, ['0llll00l', 'l000l0', 'uuid'])
// }["apply"](null, ['0III0III', 'I000I0', 'uuid'])
}["apply"](null, [a, b, c])
return createPx1(t);
}
......@@ -97,27 +97,27 @@ let ua = 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KH
function genPayload2(m, uuid) {
let vid = m['l000l0']
let sid = m['000ll0']
console.log(vid,sid)
let vid = m['I000I0']
let sid = m['I0I0II']
console.log(vid, sid)
let data = {
// "PX11431": 1692944411084, // 0llll00l
"PX11431": m['0llll00l'], //
// "PX11431": 1692944411084, // 0III0III
"PX11431": m['0III0III'], //
// "75602>44073>?2261175": "46531=77340=<1152246",
"PX12454": m['0llll000'], // 0llll000
"PX11701": m['ll0ll0'], // ll0ll0
"PX12454": m['0III0II0'], // 0III0II0
"PX11701": m['I00III'], // I00III
"PX11529": 102721973,// usedJSHeapSize
"PX11555": 4294705152,// jsHeapSizeLimit
"PX11833": 122502277,// totalJSHeapSize
// "PX11840": "Fri Aug 25 2023 14:20:11 GMT+0800 (中国标准时间)",
"PX11840": new Date() + '',
// "PX12573": "e29b74b1", // parseInt(0llll00l/10)
"PX12573": getPX12573(m['0llll00l'], m['l000l0'], uuid), // parseInt(0llll00l/10)
// "PX12573": "e29b74b1", // parseInt(0III0III/10)
"PX12573": getPX12573(m['0III0III'], m['I000I0'], uuid), // parseInt(0III0III/10)
// "PX11804": "36f924a304c56d1ae9971c767ca7f510", //uuid 转换
"PX11804": createPx2(ua, uuid), //uuid 转换
"PX12118": m['IIII00'],// 第一步返回 0ll0ll
"PX11746": createPx2(ua, vid), //_pxvid // l000l0
"PX11371": createPx2(ua, sid), // pxsid sessionStorage // 000ll0
"PX11746": createPx2(ua, vid), //_pxvid // I000I0
"PX11371": createPx2(ua, sid), // pxsid sessionStorage // I0I0II
"PX12501": md5(vid), // vid md5
"PX12169": 2,
"PX11902": 1,
......@@ -238,7 +238,8 @@ function genPayload2(m, uuid) {
}
},
"PX12508": [{
"brand": "Not.A/Brand", "version": "8"
"brand": "Not/A)Brand",
"version": "99"
}, {
"brand": "Chromium", "version": "115"
}, {
......
test.js
View file @ d2aa09f3
......@@ -432,8 +432,7 @@ var i = function () {
function oaa(n) {
for (var c = atob(n), u = "", l = 0; l < c.length; ++l) {
var s = "XsS5yUA".charCodeAt(l % 7);
console.log(l, s, c.charCodeAt(l), s ^ c.charCodeAt(l))
var s = "j6yKtVh".charCodeAt(l % 7);
u += String.fromCharCode(s ^ c.charCodeAt(l));
}
console.log(u)
......@@ -441,21 +440,27 @@ function oaa(n) {
return u
}
console.log('oaa',oaa("CCtiBEFldQ"))
console.log('oaa',oaa("Om5IekJjWg"))
function oaa2(n) {
for (var c = n, u = "", l = 0; l < c.length; ++l) {
var s = "XsS5yUA".charCodeAt(l % 7);
var s = "j6yKtVh".charCodeAt(l % 7);
// console.log(l, s ^ c.charCodeAt(l))
u += String.fromCharCode(s ^ c.charCodeAt(l));
}
for (var c = n, uu = "", l = 0; l < c.length; ++l) {
var s1 = "1Lx5B7o".charCodeAt(l % 7);
// console.log(l, s ^ c.charCodeAt(l))
uu += String.fromCharCode(s1 ^ c.charCodeAt(l));
}
// console.log(u)
// console.log(atob(u))
return btoa(u).replaceAll('=','')
console.log(btoa(u).replaceAll('=',''))
return btoa(uu).replaceAll('=','')
}
console.log('oaa2',oaa2("PX12099"))
console.log('oaa2',oaa2("PX12040"))
function $C_pMN(t) {
......@@ -491,7 +496,7 @@ function l(t) {
return t && "function" == typeof Symbol && t.constructor === Symbol && t !== Symbol.prototype ? "symbol" : typeof t;
}, l(t);
}
console.log($C_pMN("Y2hyb21l"))
console.log($C_pMN("DFcSLiA5Aw9Y"))
function $C_dMU(t) {
t = "" + t;
......
test.py
View file @ d2aa09f3
......@@ -51,9 +51,18 @@ a = 'aUkQRhAIEGJqAwMHBgUQHhBWEAhJEGJqAwAGCwAQCBBRBwIHUQMCVwAEUwNQBVMFBQYDBgEFVlA
a2 = "UAxQUAwMHD8QGFIcU1NQHAUZKlEpCg8JOTQHVC0KIg0tNCEULiQpUi4zUBgtNzYMLDQLGS0KKRQvJylSLiQICjk0C1AtNAwJKQkXCQQJKVYpDTUXLzQDGi40NgwsNDEZLgo1FC00Jgw6M1EILQoxUyw3Lg0uCggJLRopGi83KVAtGSkTKQ4xCS8KJVIvNClULhopGS0aNVUuCiETKQ0HCS8JKVIvJCYKOjc1Fy4aCA06CiYNLSQhUi4KIVEuNAQLLQ0lGi8nKVUvJDlRLQ0lUy03Mgs5NzlQOg01GS4kLgouDToJOiQqCi40AxgtGjVQOQ0tVC83JRgpDlBdHBQSFQUcU1BQHh4eHlBQUFBQUBwDFQ=="
a2 = "UFBQUFBQHAMVHh4eHlAMUFAMDBw/EBhSHFNTUBwFGSpRKQoPCTkKOVMtNCVULTQlFC4NLVEvI1AYLSQtGCw3JRo6JCUULgoLGS4nJVQ6CjYKORotGikJFwkECSlWKQoECS8kOVIvJAMaLDQxGi0NKRQtNCYMOjNRCS8kOggsNzoJOg0tFy4NKVE5GjUaOgkpEykOMQkvCiVSLzQpVS40BxctJAcZLSQlEykNBwkvCSlULQopUjkaC1Q5NAgKOQoMDTo3MVIvJClTLRomCy0kNRguJzlULzQyCi43NRktJAQLOic1FzkKKVM5CggLLicqCzokMgo5NAMaOjcuCy0KOgwuDSlVKQ5QXRwUEhUFHFNQUA=="
a2 = 'UisrK1JSK1IeAwNVUlRQBwFPVlcAUU9TUwcHT1tbVABPVABUVVZTVVRUBFVWHhYQFwccHBwcUlIrUitSHgEXHBwcHCsrKytSUh4BCA8ABlUEDQcXFwYJABIOUBcHBRwcHBwrUlIrKyseVVZRVlFWVFpbVFpSVlBRVlBSW1UcHBwcUlIrKytSHlNVW1QDWlUAAAFTVVRWVFNWAQYHBFdbWlMAB1RSWlsBUFFaVVpRUVRVBwdTU1dRVloDV1RQAAFRAFNSU1oHU1scHBwcUisrK1IrKyseU1RbUVBRVlpWV1RQUxwcHBwrUitSKyseAwNVUlcEAQZPVlcAUU9TUwcHT1tbVABPVABUVVZTVVRUBFVWHBwcHCsrKysrKx4BAR5UUh43UCQWODQsEgYlN1s2JSRWLRVfXxwcHBxSKysrUisrUh5WU1pWHBwcHCtSUlIrUh4DA1VSV1YEVU9WVwBRT1NTBwdPW1tUAE8HUlJUWlMGUlcEBAMeUVNXUVRSUlIeFhAXBw=='
a2 = "UisrKytSUlIePRIaBgceUVFSHlQDU1BVAVcGWgQEAABaUFABWgABVlJbWlNaBgdXW1BUBgMDA1VRUgBRV1BTUwZbUFFWUwRaV1YBBFsAWlUBVgFYBxsoUgM1Uw4BUTAKADojCy0IJ1AtNi8bLTYFFSwIOxovGDhbHhYQFwceUVJSHBwcHFJSK1IrUh4BFxwcHBwrKysrK1IePRIaUB5RUVIeBxsoUysIDQstNStSLCYsCi8mARYsJjtSLAtSGi81NA4uNStWLSYBFiwlO1IsGAFXLCYnUy82OxgrCxULBgsrVCsPKxU4CCNWLBgzUS42M1AsJjsWLzYkDjgxUwovCAoOLjYzGC8mN1YsJTAILzYnVywxKxErDDMLLQgnUC02LxstNgUYLAg7GiwmLxErDwULLQsrGi02NAssUCQIOwgoCSwIBRUsNiQOOwg3Ujs1JA84CCNSOw8sCi8lL1AvDycVLAg3UC8YLxgsUDsbLxgzFTgmOA8tJTgJOw8nVzsYIAksJTdQOCYFVisMUl8eFhAXBx5RUlIcHBwcUisrK1IrUlIeUhwcHBxSKytSK1IeEQENEAceUh4ACwwDEBs="
a2 = "UisrUitSHhEBDRAHHlIeAAsMAxAbHBwcHCsrKysrUh49EhpQHlFRUh4HGyhTKwgNCywYNxo4Ji8VLyU3FiwmO1IsG1IaLzU0Di41JxUsNTMWLDY7Ujg2NxosJjtQLTYzVisLFQsGCytUKwgFViwYKAsvNg4LLjYzUCwmARYvNiQOODFSVi0lO1YuNiMaOCYBUiw1MAssGCdWLzErESsMMwstCCdQLTYvGy02BVAsCAVSLyYnESsPBQstCytTL1AnGi8IJ1YsJS8bLzUwDywPK1YvGCtWLzYKCC0mO1AsNTQPOCYvUjsIIA8sUDdXOw8oDi9QMxg7NjtXLSU7FS81LAssJTALLDU3FSwPMA4sGDQOKwxSXx4WEBcHHlFSUhwcHBxSKysrK1JSUh49EhoGBx5RUVIeAwdQVlZVA1dTVVpWU1YHUVQHWwcDAFRVVVJRUFRQVVBRUQFbWgBWAVAAAVBRV1VWA1pWAwdXBgQHWlBSAVsBUlgHGyhSAzVTDgFRMAoAOiMLLQgnUC02LxstNgUYLAgFGC02MFseFhAXBx5RUlIcHBwcUlIrUitSHgEXHBwcHFIrKytSK1JSHlI="
a2 = "KysrKytSHj0SGlAeUVFSHgcbKFMrCA0LLBg3GjgmLxUvJTcWLCY7UiwbUhovNTQOLjUnFSw1MxYsNjtSODY3GiwmO1AtNjNWKwsVCwYLK1QrCAVWLBgoCy82DgsuNjNQLCYBFi82JA44MVJWLSU7Vi42Ixo4JgFSLDUwCywYJ1YvMSsRKwwzCy0IJ1AtNi8bLTYFUCwIO1AtJiMRKw8FCy0LKAs4JjALOzYjVy8IOxU7NjQPLCYzUTglOxg7UDtXLCYoDzgIMxg4NiNTLBgBUDs2N1AsNSsaLFAsCS01JA4sCCNQOwgFViwYBVIsJigOLA8vGjsYN1crDFJfHhYQFwceUVJSHBwcHFJSK1IrUh4BFxwcHBxSKysrK1JSUh49EhoGBx5RUVIeA1NQVgBaAFdXV1pXAFFWV1RRA1pTV1VQWwAAAFFWVAMDA1IHU1EHU1ZVBlQHU1oGWgBXA1VWAwZWBFFVBgZTAVgHGyhSAzVTDgFRMAoAOiMLLQgnUC02LxstNgUYLAg7UC0mIFseFhAXBx5RUlIcHBwcUisrUitSHhEBDRAHHlIeAAsMAxAb"
a2 = "UisrUitSHhEBDRAHHlIeAAsMAxAbHBwcHCsrKysrUh49EhpQHlFRUh4HGyhTKwgNCzsINA8sJjsYLA87FiwmO1IsG1IaLzU0Di41J1MsJSsWLBgjUiwYM1csJglSOwgBGysLFQsGCytUKw8zFS01M1ctNjNTLjYzUCwmARYvNiQOODFTCiw2MAsuNjMYLyYGCi9QJxg4NScaOCErESsMMwstCDcYLzYzUiwIMxUvIRULAyErVCsICg4tJiQPLwgnGi8lJxosJg4POxg3FTg2MA4tNTtTLAg3Vzg1Oxo7UDAJOCYzVzsYOA4vGCtRO1AnGDgIN1MsJicYLTUnGDsPM1IvGDgPO1A7Gi8YAQsEM19fHhYQFwceUVJSHBwcHFIrK1IrUh4RAQ0QBx5SHgALDAMQGxwcHBxSKysrK1JSUh49EhoGBx5RUVIeUVRRU1JRBlEAVFJUA1pQV1QEB1VXBgFXVAcHUQQHVVVUBFFRV1paV1VSAVYHVgRUAVdXAAFQAFoAWgdbUFEGBlgHGyhSAzVTDgFRMAoAOiMLLQgnUC02LxstNgVTLBg3ViwIMFseFhAXBx5RUlIcHBwcUisrK1IrUlIeUhwcHBxSUitSK1IeARc="
a2 = "KysrKytSHj0SGlAeUVFSHgcbKFMrCA0LLxgoDy82JAsvGC8WLCY7UjsbUhovNTQOLjUoCCwICRYsNSdQLTY3Vyw2I1IsGDtQKwsVCwYLK1QrCDQOOxgjVzg2K1AuNjNQLCUvFi82JA44MVMKLSYzUC41M1EsGAYPLFA7GywmK1MvGysRKwwzCy0IJ1AtNi8YLyYjUS8YCVAsGAERKw8FCy0LKxs7NiQKOAg3UCwIDgo7NjtSLDUnVzgIMxsvJidSOAgGCixQKxsvDy9TODY7UCwIJ1AsCAFRO1A7VywYO1MsNiNTLA8kCjgPLA8vNjQOOCU4Diw1OA8rDFJfHhYQFwceUVJSHBwcHFJSK1IrUh4BFw=="
# 0III0I00 判断是否通过
b2 = base64.b64decode(a2.encode())
for i in bytes(encrypt(b2, 98)).decode().split('~~~~'):
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment