Commit de7a57d0 authored by 王明明's avatar 王明明

222

parent 4a752ac2
const fs = require('fs');
const types = require("@babel/types");
const parser = require("@babel/parser");
const traverse = require("@babel/traverse").default;
const generator = require("@babel/generator").default;
//js混淆代码读取
process.argv.length > 2 ? encodeFile = process.argv[2] : encodeFile = "./main.js";
process.argv.length > 3 ? decodeFile = process.argv[3] : decodeFile = "./decodeResult.js";
//将源代码解析为AST
let sourceCode = fs.readFileSync(encodeFile, {encoding: "utf-8"});
let ast = parser.parse(sourceCode);
console.time("处理完毕,耗时");
function n(n) {
for (var i = atob(n), l = "IWTh9S8", a = "", c = 0; c < i.length; ++c) {
var u = l.charCodeAt(c % 7);
a += String.fromCharCode(u ^ i.charCodeAt(c))
}
return a
}
function getBinding(scope, name, func) {
let binding = scope.getBinding(name);
// console.log(`scope.get(${name}).length = ${binding.references}`)
if (binding.references > 0) {
for (const referencePath of binding.referencePaths) {
func(referencePath)
}
}
}
traverse(ast, {
FunctionDeclaration(path) {
let node = path.node;
if (node.id.name === 'n') {
let code = generator(node).code;
if (code.includes('charCodeAt')) {
// console.log(node.id.name)
let scope = path.parentPath.parentPath.scope;
getBinding(scope, node.id.name, e => {
// console.log(e.parent.type, generator(e.parent).code)
if (types.isVariableDeclarator(e.parent)) {
let initIdName = e.parent.id.name;
getBinding(e.parentPath.parentPath.parentPath.scope, initIdName, (i => {
// console.log(initIdName, i.parent.type )
if (types.isCallExpression(i.parent)) {
// console.log(generator(i.parent).code)
let {arguments} = i.parent
if (arguments.length === 1 && types.isStringLiteral(arguments[0])) {
let value = n(arguments[0].value)
// console.log(arguments[0].value, value)
i.parentPath.replaceWith(types.StringLiteral(value))
}
}
}))
} else if (types.isCallExpression(e.parent)) {
let {arguments} = e.parent
if (arguments.length === 1 && types.isStringLiteral(arguments[0])) {
let value = n(arguments[0].value)
e.parentPath.replaceWith(types.StringLiteral(value))
}
}
})
}
}
}
})
traverse(ast, {
CallExpression(path) {
let node = path.node;
if (node.callee.name === 'J') {
let {arguments} = node
if (arguments.length === 1 && types.isStringLiteral(arguments[0])) {
let value = atob(arguments[0].value)
path.replaceWith(types.StringLiteral(value))
}
}
}
})
// 常量还原
function isNodePure(node, scope) {
if (types.isLiteral(node)) {
return true;
}
if (types.isUnaryExpression(node)) {
return isNodePure(node.argument, scope)
}
if (types.isIdentifier(node)) {//处理 var c = String;
if (scope && scope.isPure(node, true)) {
return true;
}
if (typeof this[node.name] != 'undefined') {
return true;
}
return false;
}
if (types.isMemberExpression(node)) {//处理 var d = String.fromCharCode;
let {object, property, computed} = node;
if (computed && !isNodePure(property, scope)) {
return false;
}
if (isNodePure(object, scope)) {
return true;
}
if (types.isIdentifier(object)) {
let name = object.name;
if (typeof this[name] != 'undefined' && name != 'window') {//注意object为window时,可能会还原出错
return true;
}
return false;
}
if (types.isMemberExpression(object)) {
return isNodePure(object, scope);
}
return false;
}
if (types.isBinary(node) && scope) {
return isNodePure(node.left, scope) && isNodePure(node.right, scope);
}
return false;
}
const restoreVarDeclarator = {
VariableDeclarator(path) {
let scope = path.scope;
let {id, init} = path.node;
if (!types.isIdentifier(id) || !isNodePure(init, scope)) {
return;
}
const binding = scope.getBinding(id.name);
try {
var {
constant, referencePaths, constantViolations
} = binding; //变量的定义一定会有binding.
}catch (e){
return;
}
if (constantViolations.length > 1) {
return;
}
if (constant || constantViolations[0] == path) {
for (let referPath of referencePaths) {
referPath.replaceWith(init);
}
console.log(path.toString())
path.remove();//没有被引用,或者替换完成,可直接删除
}
},
}
traverse(ast, restoreVarDeclarator)
//end
console.timeEnd("处理完毕,耗时");
let {code} = generator(ast, opts = {jsescOption: {"minimal": true}});
fs.writeFile(decodeFile, code, (err) => {
});
\ No newline at end of file
This source diff could not be displayed because it is too large. You can view the blob instead.
This source diff could not be displayed because it is too large. You can view the blob instead.
# This is a sample Python script.
import base64
import json
import random
import time
import ctypes
import tls_client
from py_mini_racer import MiniRacer
from loguru import logger
with open('test.js', 'r', encoding='utf-8')as f:
jsCode = f.read()
# Press ⌃R to execute it or replace it with your code.
# Press Double ⇧ to search everywhere for classes, files, tool windows, actions, and settings.
def get_timestamp():
return int(time.time() * 1000)
def print_hi(name):
# Use a breakpoint in the code line below to debug your script.
print(f'Hi, {name}') # Press ⌘F8 to toggle the breakpoint.
def unsinged_right_shift(x, y):
x, y = ctypes.c_uint32(x).value, y % 32
return ctypes.c_uint32(x >> y).value
# Press the green button in the gutter to run the script.
if __name__ == '__main__':
print_hi('PyCharm')
class PxBypass():
session = tls_client.Session(client_identifier='chrome_112')
def __init__(self, target_url):
self.target_url = target_url
self.log = logger.bind(module_name='px')
def run(self):
print(self._step_1())
# self._init()
def _init(self):
headers = {
"authority": "www.chegg.com",
"accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7",
"accept-language": "en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7",
"cache-control": "no-cache",
"pragma": "no-cache",
"sec-ch-ua": "\"Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"115\", \"Chromium\";v=\"115\"",
"sec-ch-ua-mobile": "?0",
"sec-ch-ua-platform": "\"Windows\"",
"sec-fetch-dest": "document",
"sec-fetch-mode": "navigate",
"sec-fetch-site": "same-origin",
"sec-fetch-user": "?1",
"upgrade-insecure-requests": "1",
"user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36"
}
res = self.session.get(self.target_url, headers=headers)
self.log.info(f"初始化请求 res {res.status_code}")
self.log.info(f"init cookie {self.session.cookies}")
def __uuid(self):
r = ["00", "01", "02", "03", "04", "05", "06", "07", "08", "09", "0a", "0b", "0c", "0d", "0e", "0f", "10", "11",
"12", "13", "14", "15", "16", "17", "18", "19", "1a", "1b", "1c", "1d", "1e", "1f", "20", "21", "22", "23",
"24", "25", "26", "27", "28", "29", "2a", "2b", "2c", "2d", "2e", "2f", "30", "31", "32", "33", "34", "35",
"36", "37", "38", "39", "3a", "3b", "3c", "3d", "3e", "3f", "40", "41", "42", "43", "44", "45", "46", "47",
"48", "49", "4a", "4b", "4c", "4d", "4e", "4f", "50", "51", "52", "53", "54", "55", "56", "57", "58", "59",
"5a", "5b", "5c", "5d", "5e", "5f", "60", "61", "62", "63", "64", "65", "66", "67", "68", "69", "6a", "6b",
"6c", "6d", "6e", "6f", "70", "71", "72", "73", "74", "75", "76", "77", "78", "79", "7a", "7b", "7c", "7d",
"7e", "7f", "80", "81", "82", "83", "84", "85", "86", "87", "88", "89", "8a", "8b", "8c", "8d", "8e", "8f",
"90", "91", "92", "93", "94", "95", "96", "97", "98", "99", "9a", "9b", "9c", "9d", "9e", "9f", "a0", "a1",
"a2", "a3", "a4", "a5", "a6", "a7", "a8", "a9", "aa", "ab", "ac", "ad", "ae", "af", "b0", "b1", "b2", "b3",
"b4", "b5", "b6", "b7", "b8", "b9", "ba", "bb", "bc", "bd", "be", "bf", "c0", "c1", "c2", "c3", "c4", "c5",
"c6", "c7", "c8", "c9", "ca", "cb", "cc", "cd", "ce", "cf", "d0", "d1", "d2", "d3", "d4", "d5", "d6", "d7",
"d8", "d9", "da", "db", "dc", "dd", "de", "df", "e0", "e1", "e2", "e3", "e4", "e5", "e6", "e7", "e8", "e9",
"ea", "eb", "ec", "ed", "ee", "ef", "f0", "f1", "f2", "f3", "f4", "f5", "f6", "f7", "f8", "f9", "fa", "fb",
"fc", "fd", "fe", "ff"]
bs = 0
ys = [63, 161, 165, 50, 14, 19]
Gs = 8057
Ws = 0
s = Gs
h = get_timestamp()
d = bs + 1
m = int(h - Ws + (d - bs) / 1e4)
Ws = h
bs = d
Gs = s
h += 122192928e5
h = int(h)
f = []
u = 0
p = (1000 * (268435455 & h) + d) % 4294967296
# p = 4180087664
f[:3] = int(p).to_bytes(4, byteorder='big')
Q = int(h / 4294967296) * 1000 & 268435455
# Q = 32386116
f.append(unsinged_right_shift(Q, 8) & 255)
f.append(255 & Q)
f.append(unsinged_right_shift(Q, 24) & 15 | 16)
f.append(unsinged_right_shift(Q, 16) & 255)
# s = 6488
f.append(unsinged_right_shift(s, 8) | 128)
f.append(255 & s)
for i in ys:
f.append(i)
print(f)
res = [r[f[0]], r[f[1]], r[f[2]], r[f[3]], '-', r[f[4]], r[f[5]], '-', r[f[6]], r[f[7]], '-', r[f[8]], r[f[9]],
'-',
r[f[10]], r[f[11]], r[f[12]], r[f[13]], r[f[14]], r[f[15]]]
return ''.join(res)
def _step_1(self):
t1 = int(time.time() * 1000)
t2 = t1 + random.randint(3, 12)
_uuid = self.__uuid()
data = [
{
"t": "PX10816",
"d": {
"PX10360": "https://www.chegg.com/",
"PX10929": 0,
"PX11186": "Win32",
"PX10622": 0, # index ++
"PX10272": 6869, # Math.round(performance.now())
"PX10970": 3600,
"PX10094": t1,
"PX11004": t2,
"PX10206": _uuid,
"PX10088": False
}
}
]
data_str = json.dumps(data, separators=('"', ':'))
self.log.info(f'data_str {data_str}')
# See PyCharm help at https://www.jetbrains.com/help/pycharm/
payload = base64.b64encode(self.__encrypt(data_str, 50)).decode()
self.log.info(f'payload {payload}')
tag = "v7.6.2"
ft = "263"
pc = self.__gen_pc(data_str, f'{_uuid}:{tag}:{ft}')
body = {
"payload": payload,
"appId": "PXzYvFOXaC",
"tag": tag,
"uuid": _uuid,
"ft": ft,
"seq": "0",
"en": "NTA",
"pc": "7074408855928128",
"p1": "5268602cc413e604a21b412a3fa6118c64c205f92f5602.78118214",
"rsc": "1"
}
def __encrypt(self, data_str, param):
n = bytearray()
for i in data_str.encode():
n.append(i ^ 50)
return n
def __gen_pc(self, data_str, param):
if __name__ == '__main__':
px = PxBypass('https://www.chegg.com/')
px.run()
print(unsinged_right_shift(275404960, 24) & 255)
......@@ -7,5 +7,8 @@
"test": "echo \"Error: no test specified\" && exit 1"
},
"author": "",
"license": "ISC"
"license": "ISC",
"dependencies": {
"@babel/core": "^7.22.9"
}
}
function R(t, e, n, r, o, i, l) {
return B(e ^ n ^ r, t, e, o, i, l);
}
function O(t, e, n, r, o, i, l) {
return B(n ^ (e | ~r), t, e, o, i, l);
}
function k(t, e, n, r, o, i, l) {
return B(e & r | n & ~r, t, e, o, i, l);
}
function x(t, e) {
return t << e | t >>> 32 - e;
}
function E(t, e) {
return (t >> 16) + (e >> 16) + ((65535 & t) + (65535 & e) >> 16) << 16 | 65535 & (65535 & t) + (65535 & e);
}
function B(t, e, n, r, o, i) {
return E(x(E(E(e, t), E(r, i)), o), n);
}
function M(t, e, n, r, o, i, l) {
return B(e & n | ~e & r, t, e, o, i, l);
}
function I(t) {
var e = void 0,
n = [];
for (n[(t.length >> 2) - 1] = void 0, e = 0; e < n.length; e += 1) n[e] = 0;
for (e = 0; e < 8 * t.length; e += 8) n[e >> 5] |= (255 & t.charCodeAt(e / 8)) << e % 32;
return n;
}
function F(t, e) {
t[e >> 5] |= 128 << e % 32, t[14 + (e + 64 >>> 9 << 4)] = e;
var n = void 0,
r = void 0,
o = void 0,
i = void 0,
l = void 0,
a = 1732584193,
c = -271733879,
u = -1732584194,
f = 271733878;
for (n = 0; n < t.length; n += 16) r = a, o = c, i = u, l = f, a = M(a, c, u, f, t[n], 7, -680876936), f = M(f, a, c, u, t[n + 1], 12, -389564586), u = M(u, f, a, c, t[n + 2], 17, 606105819), c = M(c, u, f, a, t[n + 3], 22, -1044525330), a = M(a, c, u, f, t[n + 4], 7, -176418897), f = M(f, a, c, u, t[n + 5], 12, 1200080426), u = M(u, f, a, c, t[n + 6], 17, -1473231341), c = M(c, u, f, a, t[n + 7], 22, -45705983), a = M(a, c, u, f, t[n + 8], 7, 1770035416), f = M(f, a, c, u, t[n + 9], 12, -1958414417), u = M(u, f, a, c, t[n + 10], 17, -42063), c = M(c, u, f, a, t[n + 11], 22, -1990404162), a = M(a, c, u, f, t[n + 12], 7, 1804603682), f = M(f, a, c, u, t[n + 13], 12, -40341101), u = M(u, f, a, c, t[n + 14], 17, -1502002290), c = M(c, u, f, a, t[n + 15], 22, 1236535329), a = k(a, c, u, f, t[n + 1], 5, -165796510), f = k(f, a, c, u, t[n + 6], 9, -1069501632), u = k(u, f, a, c, t[n + 11], 14, 643717713), c = k(c, u, f, a, t[n], 20, -373897302), a = k(a, c, u, f, t[n + 5], 5, -701558691), f = k(f, a, c, u, t[n + 10], 9, 38016083), u = k(u, f, a, c, t[n + 15], 14, -660478335), c = k(c, u, f, a, t[n + 4], 20, -405537848), a = k(a, c, u, f, t[n + 9], 5, 568446438), f = k(f, a, c, u, t[n + 14], 9, -1019803690), u = k(u, f, a, c, t[n + 3], 14, -187363961), c = k(c, u, f, a, t[n + 8], 20, 1163531501), a = k(a, c, u, f, t[n + 13], 5, -1444681467), f = k(f, a, c, u, t[n + 2], 9, -51403784), u = k(u, f, a, c, t[n + 7], 14, 1735328473), c = k(c, u, f, a, t[n + 12], 20, -1926607734), a = R(a, c, u, f, t[n + 5], 4, -378558), f = R(f, a, c, u, t[n + 8], 11, -2022574463), u = R(u, f, a, c, t[n + 11], 16, 1839030562), c = R(c, u, f, a, t[n + 14], 23, -35309556), a = R(a, c, u, f, t[n + 1], 4, -1530992060), f = R(f, a, c, u, t[n + 4], 11, 1272893353), u = R(u, f, a, c, t[n + 7], 16, -155497632), c = R(c, u, f, a, t[n + 10], 23, -1094730640), a = R(a, c, u, f, t[n + 13], 4, 681279174), f = R(f, a, c, u, t[n], 11, -358537222), u = R(u, f, a, c, t[n + 3], 16, -722521979), c = R(c, u, f, a, t[n + 6], 23, 76029189), a = R(a, c, u, f, t[n + 9], 4, -640364487), f = R(f, a, c, u, t[n + 12], 11, -421815835), u = R(u, f, a, c, t[n + 15], 16, 530742520), c = R(c, u, f, a, t[n + 2], 23, -995338651), a = O(a, c, u, f, t[n], 6, -198630844), f = O(f, a, c, u, t[n + 7], 10, 1126891415), u = O(u, f, a, c, t[n + 14], 15, -1416354905), c = O(c, u, f, a, t[n + 5], 21, -57434055), a = O(a, c, u, f, t[n + 12], 6, 1700485571), f = O(f, a, c, u, t[n + 3], 10, -1894986606), u = O(u, f, a, c, t[n + 10], 15, -1051523), c = O(c, u, f, a, t[n + 1], 21, -2054922799), a = O(a, c, u, f, t[n + 8], 6, 1873313359), f = O(f, a, c, u, t[n + 15], 10, -30611744), u = O(u, f, a, c, t[n + 6], 15, -1560198380), c = O(c, u, f, a, t[n + 13], 21, 1309151649), a = O(a, c, u, f, t[n + 4], 6, -145523070), f = O(f, a, c, u, t[n + 11], 10, -1120210379), u = O(u, f, a, c, t[n + 2], 15, 718787259), c = O(c, u, f, a, t[n + 9], 21, -343485551), a = E(a, r), c = E(c, o), u = E(u, i), f = E(f, l);
return [a, c, u, f];
}
function _(t) {
var e = void 0,
n = "";
for (e = 0; e < 32 * t.length; e += 8) n += String.fromCharCode(t[e >> 5] >>> e % 32 & 255);
return n;
}
function N(t, e) {
var n = void 0
, r = I(t)
, o = []
, i = [];
for (o[15] = i[15] = void 0,
r.length > 16 && (r = F(r, 8 * t.length)),
n = 0; n < 16; n += 1)
o[n] = 909522486 ^ r[n],
i[n] = 1549556828 ^ r[n];
var l = F(o.concat(I(e)), 512 + 8 * e.length);
return _(F(i.concat(l), 640))
}
function j(t) {
var e = "0123456789abcdef"
, n = ""
, r = void 0
, o = void 0;
for (o = 0; o < t.length; o += 1)
r = t.charCodeAt(o),
n += e.charAt(r >>> 4 & 15) + e.charAt(15 & r);
return n
}
let t = '7f338930-2c4a-11ee-b4af-75cb5563a0c5:v7.6.2:263'
let e = '[{"t":"PX10816","d":{"PX10360":"https://www.chegg.com/","PX10929":0,"PX11186":"Win32","PX10622":0,"PX10272":38485,"PX10970":3600,"PX10094":1690440897986,"PX11004":1690440897987,"PX10206":"7f338930-2c4a-11ee-b4af-75cb5563a0c5","PX10088":false}}]'
function Y(t, e) {
return j(N(t, e))
}
function ie(t) {
for (var e = "", n = "", r = 0; r < t.length; r++) {
var o = t.charCodeAt(r);
o >= 48 && o <= 57 ? e += t[r] : n += o % 10
}
return e + n
}
function Jt(t, e) {
var n = Y(t, e);
try {
for (var r = ie(n), o = "", i = 0; i < r.length; i += 2)
o += r[i];
return o
} catch (t) {
}
}
console.log(Jt(t, e))
\ No newline at end of file
def I(t):
e = 0
n = [0] *8 * len(t)
for e in range(0, 8 * len(t), 8):
# print(e >> 5, n[e >> 5])
n[e >> 5] |= (255 & ord(t[int(e / 8)])) << e % 32
# print(n)
return n[:12]
t = 'debcc4b0-2c46-11ee-8ef9-9bbc3c70f1cb:v7.6.2:263'
print(I(t))
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment