Skip to content

P
px3
Commit de7a57d0 authored by 王明明's avatar 王明明
Browse files
Options

222

parent 4a752ac2
Expand all Show whitespace changes
Inline Side-by-side
Showing with 11515 additions and 17 deletions
ast/decode.js 0 → 100644
View file @ de7a57d0
const fs = require('fs');
const types = require("@babel/types");
const parser = require("@babel/parser");
const traverse = require("@babel/traverse").default;
const generator = require("@babel/generator").default;
//js混淆代码读取
process.argv.length > 2 ? encodeFile = process.argv[2] : encodeFile = "./main.js";
process.argv.length > 3 ? decodeFile = process.argv[3] : decodeFile = "./decodeResult.js";
//将源代码解析为AST
let sourceCode = fs.readFileSync(encodeFile, {encoding: "utf-8"});
let ast = parser.parse(sourceCode);
console.time("处理完毕,耗时");
function n(n) {
for (var i = atob(n), l = "IWTh9S8", a = "", c = 0; c < i.length; ++c) {
var u = l.charCodeAt(c % 7);
a += String.fromCharCode(u ^ i.charCodeAt(c))
}
return a
}
function getBinding(scope, name, func) {
let binding = scope.getBinding(name);
// console.log(`scope.get(${name}).length = ${binding.references}`)
if (binding.references > 0) {
for (const referencePath of binding.referencePaths) {
func(referencePath)
}
}
}
traverse(ast, {
FunctionDeclaration(path) {
let node = path.node;
if (node.id.name === 'n') {
let code = generator(node).code;
if (code.includes('charCodeAt')) {
// console.log(node.id.name)
let scope = path.parentPath.parentPath.scope;
getBinding(scope, node.id.name, e => {
// console.log(e.parent.type, generator(e.parent).code)
if (types.isVariableDeclarator(e.parent)) {
let initIdName = e.parent.id.name;
getBinding(e.parentPath.parentPath.parentPath.scope, initIdName, (i => {
// console.log(initIdName, i.parent.type )
if (types.isCallExpression(i.parent)) {
// console.log(generator(i.parent).code)
let {arguments} = i.parent
if (arguments.length === 1 && types.isStringLiteral(arguments[0])) {
let value = n(arguments[0].value)
// console.log(arguments[0].value, value)
i.parentPath.replaceWith(types.StringLiteral(value))
}
}
}))
} else if (types.isCallExpression(e.parent)) {
let {arguments} = e.parent
if (arguments.length === 1 && types.isStringLiteral(arguments[0])) {
let value = n(arguments[0].value)
e.parentPath.replaceWith(types.StringLiteral(value))
}
}
})
}
}
}
})
traverse(ast, {
CallExpression(path) {
let node = path.node;
if (node.callee.name === 'J') {
let {arguments} = node
if (arguments.length === 1 && types.isStringLiteral(arguments[0])) {
let value = atob(arguments[0].value)
path.replaceWith(types.StringLiteral(value))
}
}
}
})
// 常量还原
function isNodePure(node, scope) {
if (types.isLiteral(node)) {
return true;
}
if (types.isUnaryExpression(node)) {
return isNodePure(node.argument, scope)
}
if (types.isIdentifier(node)) {//处理 var c = String;
if (scope && scope.isPure(node, true)) {
return true;
}
if (typeof this[node.name] != 'undefined') {
return true;
}
return false;
}
if (types.isMemberExpression(node)) {//处理 var d = String.fromCharCode;
let {object, property, computed} = node;
if (computed && !isNodePure(property, scope)) {
return false;
}
if (isNodePure(object, scope)) {
return true;
}
if (types.isIdentifier(object)) {
let name = object.name;
if (typeof this[name] != 'undefined' && name != 'window') {//注意object为window时,可能会还原出错
return true;
}
return false;
}
if (types.isMemberExpression(object)) {
return isNodePure(object, scope);
}
return false;
}
if (types.isBinary(node) && scope) {
return isNodePure(node.left, scope) && isNodePure(node.right, scope);
}
return false;
}
const restoreVarDeclarator = {
VariableDeclarator(path) {
let scope = path.scope;
let {id, init} = path.node;
if (!types.isIdentifier(id) || !isNodePure(init, scope)) {
return;
}
const binding = scope.getBinding(id.name);
try {
var {
constant, referencePaths, constantViolations
} = binding; //变量的定义一定会有binding.
}catch (e){
return;
}
if (constantViolations.length > 1) {
return;
}
if (constant || constantViolations[0] == path) {
for (let referPath of referencePaths) {
referPath.replaceWith(init);
}
console.log(path.toString())
path.remove();//没有被引用,或者替换完成,可直接删除
}
},
}
traverse(ast, restoreVarDeclarator)
//end
console.timeEnd("处理完毕,耗时");
let {code} = generator(ast, opts = {jsescOption: {"minimal": true}});
fs.writeFile(decodeFile, code, (err) => {
});
\ No newline at end of file
ast/decodeResult.js 0 → 100644
View file @ de7a57d0
This diff is collapsed.
ast/main.js
View file @ de7a57d0
This diff is collapsed.
main.py
View file @ de7a57d0
# This is a sample Python script. import base64
import json
import random
import time
import ctypes
import tls_client
from py_mini_racer import MiniRacer
from loguru import logger
with open('test.js', 'r', encoding='utf-8')as f:
jsCode = f.read()
# Press ⌃R to execute it or replace it with your code. def get_timestamp():
# Press Double ⇧ to search everywhere for classes, files, tool windows, actions, and settings. return int(time.time() * 1000)
def print_hi(name): def unsinged_right_shift(x, y):
# Use a breakpoint in the code line below to debug your script. x, y = ctypes.c_uint32(x).value, y % 32
print(f'Hi, {name}') # Press ⌘F8 to toggle the breakpoint. return ctypes.c_uint32(x >> y).value
# Press the green button in the gutter to run the script. class PxBypass():
if __name__ == '__main__': session = tls_client.Session(client_identifier='chrome_112')
print_hi('PyCharm')
def __init__(self, target_url):
self.target_url = target_url
self.log = logger.bind(module_name='px')
def run(self):
print(self._step_1())
# self._init()
def _init(self):
headers = {
"authority": "www.chegg.com",
"accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7",
"accept-language": "en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7",
"cache-control": "no-cache",
"pragma": "no-cache",
"sec-ch-ua": "\"Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"115\", \"Chromium\";v=\"115\"",
"sec-ch-ua-mobile": "?0",
"sec-ch-ua-platform": "\"Windows\"",
"sec-fetch-dest": "document",
"sec-fetch-mode": "navigate",
"sec-fetch-site": "same-origin",
"sec-fetch-user": "?1",
"upgrade-insecure-requests": "1",
"user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36"
}
res = self.session.get(self.target_url, headers=headers)
self.log.info(f"初始化请求 res {res.status_code}")
self.log.info(f"init cookie {self.session.cookies}")
def __uuid(self):
r = ["00", "01", "02", "03", "04", "05", "06", "07", "08", "09", "0a", "0b", "0c", "0d", "0e", "0f", "10", "11",
"12", "13", "14", "15", "16", "17", "18", "19", "1a", "1b", "1c", "1d", "1e", "1f", "20", "21", "22", "23",
"24", "25", "26", "27", "28", "29", "2a", "2b", "2c", "2d", "2e", "2f", "30", "31", "32", "33", "34", "35",
"36", "37", "38", "39", "3a", "3b", "3c", "3d", "3e", "3f", "40", "41", "42", "43", "44", "45", "46", "47",
"48", "49", "4a", "4b", "4c", "4d", "4e", "4f", "50", "51", "52", "53", "54", "55", "56", "57", "58", "59",
"5a", "5b", "5c", "5d", "5e", "5f", "60", "61", "62", "63", "64", "65", "66", "67", "68", "69", "6a", "6b",
"6c", "6d", "6e", "6f", "70", "71", "72", "73", "74", "75", "76", "77", "78", "79", "7a", "7b", "7c", "7d",
"7e", "7f", "80", "81", "82", "83", "84", "85", "86", "87", "88", "89", "8a", "8b", "8c", "8d", "8e", "8f",
"90", "91", "92", "93", "94", "95", "96", "97", "98", "99", "9a", "9b", "9c", "9d", "9e", "9f", "a0", "a1",
"a2", "a3", "a4", "a5", "a6", "a7", "a8", "a9", "aa", "ab", "ac", "ad", "ae", "af", "b0", "b1", "b2", "b3",
"b4", "b5", "b6", "b7", "b8", "b9", "ba", "bb", "bc", "bd", "be", "bf", "c0", "c1", "c2", "c3", "c4", "c5",
"c6", "c7", "c8", "c9", "ca", "cb", "cc", "cd", "ce", "cf", "d0", "d1", "d2", "d3", "d4", "d5", "d6", "d7",
"d8", "d9", "da", "db", "dc", "dd", "de", "df", "e0", "e1", "e2", "e3", "e4", "e5", "e6", "e7", "e8", "e9",
"ea", "eb", "ec", "ed", "ee", "ef", "f0", "f1", "f2", "f3", "f4", "f5", "f6", "f7", "f8", "f9", "fa", "fb",
"fc", "fd", "fe", "ff"]
bs = 0
ys = [63, 161, 165, 50, 14, 19]
Gs = 8057
Ws = 0
s = Gs
h = get_timestamp()
d = bs + 1
m = int(h - Ws + (d - bs) / 1e4)
Ws = h
bs = d
Gs = s
h += 122192928e5
h = int(h)
f = []
u = 0
p = (1000 * (268435455 & h) + d) % 4294967296
# p = 4180087664
f[:3] = int(p).to_bytes(4, byteorder='big')
Q = int(h / 4294967296) * 1000 & 268435455
# Q = 32386116
f.append(unsinged_right_shift(Q, 8) & 255)
f.append(255 & Q)
f.append(unsinged_right_shift(Q, 24) & 15 | 16)
f.append(unsinged_right_shift(Q, 16) & 255)
# s = 6488
f.append(unsinged_right_shift(s, 8) | 128)
f.append(255 & s)
for i in ys:
f.append(i)
print(f)
res = [r[f[0]], r[f[1]], r[f[2]], r[f[3]], '-', r[f[4]], r[f[5]], '-', r[f[6]], r[f[7]], '-', r[f[8]], r[f[9]],
'-',
r[f[10]], r[f[11]], r[f[12]], r[f[13]], r[f[14]], r[f[15]]]
return ''.join(res)
def _step_1(self):
t1 = int(time.time() * 1000)
t2 = t1 + random.randint(3, 12)
_uuid = self.__uuid()
data = [
{
"t": "PX10816",
"d": {
"PX10360": "https://www.chegg.com/",
"PX10929": 0,
"PX11186": "Win32",
"PX10622": 0, # index ++
"PX10272": 6869, # Math.round(performance.now())
"PX10970": 3600,
"PX10094": t1,
"PX11004": t2,
"PX10206": _uuid,
"PX10088": False
}
}
]
data_str = json.dumps(data, separators=('"', ':'))
self.log.info(f'data_str {data_str}')
# See PyCharm help at https://www.jetbrains.com/help/pycharm/ payload = base64.b64encode(self.__encrypt(data_str, 50)).decode()
self.log.info(f'payload {payload}')
tag = "v7.6.2"
ft = "263"
pc = self.__gen_pc(data_str, f'{_uuid}:{tag}:{ft}')
body = {
"payload": payload,
"appId": "PXzYvFOXaC",
"tag": tag,
"uuid": _uuid,
"ft": ft,
"seq": "0",
"en": "NTA",
"pc": "7074408855928128",
"p1": "5268602cc413e604a21b412a3fa6118c64c205f92f5602.78118214",
"rsc": "1"
}
def __encrypt(self, data_str, param):
n = bytearray()
for i in data_str.encode():
n.append(i ^ 50)
return n
def __gen_pc(self, data_str, param):
if __name__ == '__main__':
px = PxBypass('https://www.chegg.com/')
px.run()
print(unsinged_right_shift(275404960, 24) & 255)
package.json
View file @ de7a57d0
...@@ -7,5 +7,8 @@ ...@@ -7,5 +7,8 @@
"test": "echo \"Error: no test specified\" && exit 1" "test": "echo \"Error: no test specified\" && exit 1"
}, },
"author": "", "author": "",
"license": "ISC" "license": "ISC",
"dependencies": {
"@babel/core": "^7.22.9"
}
} }
test.js 0 → 100644
View file @ de7a57d0
function R(t, e, n, r, o, i, l) {
return B(e ^ n ^ r, t, e, o, i, l);
}
function O(t, e, n, r, o, i, l) {
return B(n ^ (e | ~r), t, e, o, i, l);
}
function k(t, e, n, r, o, i, l) {
return B(e & r | n & ~r, t, e, o, i, l);
}
function x(t, e) {
return t << e | t >>> 32 - e;
}
function E(t, e) {
return (t >> 16) + (e >> 16) + ((65535 & t) + (65535 & e) >> 16) << 16 | 65535 & (65535 & t) + (65535 & e);
}
function B(t, e, n, r, o, i) {
return E(x(E(E(e, t), E(r, i)), o), n);
}
function M(t, e, n, r, o, i, l) {
return B(e & n | ~e & r, t, e, o, i, l);
}
function I(t) {
var e = void 0,
n = [];
for (n[(t.length >> 2) - 1] = void 0, e = 0; e < n.length; e += 1) n[e] = 0;
for (e = 0; e < 8 * t.length; e += 8) n[e >> 5] |= (255 & t.charCodeAt(e / 8)) << e % 32;
return n;
}
function F(t, e) {
t[e >> 5] |= 128 << e % 32, t[14 + (e + 64 >>> 9 << 4)] = e;
var n = void 0,
r = void 0,
o = void 0,
i = void 0,
l = void 0,
a = 1732584193,
c = -271733879,
u = -1732584194,
f = 271733878;
for (n = 0; n < t.length; n += 16) r = a, o = c, i = u, l = f, a = M(a, c, u, f, t[n], 7, -680876936), f = M(f, a, c, u, t[n + 1], 12, -389564586), u = M(u, f, a, c, t[n + 2], 17, 606105819), c = M(c, u, f, a, t[n + 3], 22, -1044525330), a = M(a, c, u, f, t[n + 4], 7, -176418897), f = M(f, a, c, u, t[n + 5], 12, 1200080426), u = M(u, f, a, c, t[n + 6], 17, -1473231341), c = M(c, u, f, a, t[n + 7], 22, -45705983), a = M(a, c, u, f, t[n + 8], 7, 1770035416), f = M(f, a, c, u, t[n + 9], 12, -1958414417), u = M(u, f, a, c, t[n + 10], 17, -42063), c = M(c, u, f, a, t[n + 11], 22, -1990404162), a = M(a, c, u, f, t[n + 12], 7, 1804603682), f = M(f, a, c, u, t[n + 13], 12, -40341101), u = M(u, f, a, c, t[n + 14], 17, -1502002290), c = M(c, u, f, a, t[n + 15], 22, 1236535329), a = k(a, c, u, f, t[n + 1], 5, -165796510), f = k(f, a, c, u, t[n + 6], 9, -1069501632), u = k(u, f, a, c, t[n + 11], 14, 643717713), c = k(c, u, f, a, t[n], 20, -373897302), a = k(a, c, u, f, t[n + 5], 5, -701558691), f = k(f, a, c, u, t[n + 10], 9, 38016083), u = k(u, f, a, c, t[n + 15], 14, -660478335), c = k(c, u, f, a, t[n + 4], 20, -405537848), a = k(a, c, u, f, t[n + 9], 5, 568446438), f = k(f, a, c, u, t[n + 14], 9, -1019803690), u = k(u, f, a, c, t[n + 3], 14, -187363961), c = k(c, u, f, a, t[n + 8], 20, 1163531501), a = k(a, c, u, f, t[n + 13], 5, -1444681467), f = k(f, a, c, u, t[n + 2], 9, -51403784), u = k(u, f, a, c, t[n + 7], 14, 1735328473), c = k(c, u, f, a, t[n + 12], 20, -1926607734), a = R(a, c, u, f, t[n + 5], 4, -378558), f = R(f, a, c, u, t[n + 8], 11, -2022574463), u = R(u, f, a, c, t[n + 11], 16, 1839030562), c = R(c, u, f, a, t[n + 14], 23, -35309556), a = R(a, c, u, f, t[n + 1], 4, -1530992060), f = R(f, a, c, u, t[n + 4], 11, 1272893353), u = R(u, f, a, c, t[n + 7], 16, -155497632), c = R(c, u, f, a, t[n + 10], 23, -1094730640), a = R(a, c, u, f, t[n + 13], 4, 681279174), f = R(f, a, c, u, t[n], 11, -358537222), u = R(u, f, a, c, t[n + 3], 16, -722521979), c = R(c, u, f, a, t[n + 6], 23, 76029189), a = R(a, c, u, f, t[n + 9], 4, -640364487), f = R(f, a, c, u, t[n + 12], 11, -421815835), u = R(u, f, a, c, t[n + 15], 16, 530742520), c = R(c, u, f, a, t[n + 2], 23, -995338651), a = O(a, c, u, f, t[n], 6, -198630844), f = O(f, a, c, u, t[n + 7], 10, 1126891415), u = O(u, f, a, c, t[n + 14], 15, -1416354905), c = O(c, u, f, a, t[n + 5], 21, -57434055), a = O(a, c, u, f, t[n + 12], 6, 1700485571), f = O(f, a, c, u, t[n + 3], 10, -1894986606), u = O(u, f, a, c, t[n + 10], 15, -1051523), c = O(c, u, f, a, t[n + 1], 21, -2054922799), a = O(a, c, u, f, t[n + 8], 6, 1873313359), f = O(f, a, c, u, t[n + 15], 10, -30611744), u = O(u, f, a, c, t[n + 6], 15, -1560198380), c = O(c, u, f, a, t[n + 13], 21, 1309151649), a = O(a, c, u, f, t[n + 4], 6, -145523070), f = O(f, a, c, u, t[n + 11], 10, -1120210379), u = O(u, f, a, c, t[n + 2], 15, 718787259), c = O(c, u, f, a, t[n + 9], 21, -343485551), a = E(a, r), c = E(c, o), u = E(u, i), f = E(f, l);
return [a, c, u, f];
}
function _(t) {
var e = void 0,
n = "";
for (e = 0; e < 32 * t.length; e += 8) n += String.fromCharCode(t[e >> 5] >>> e % 32 & 255);
return n;
}
function N(t, e) {
var n = void 0
, r = I(t)
, o = []
, i = [];
for (o[15] = i[15] = void 0,
r.length > 16 && (r = F(r, 8 * t.length)),
n = 0; n < 16; n += 1)
o[n] = 909522486 ^ r[n],
i[n] = 1549556828 ^ r[n];
var l = F(o.concat(I(e)), 512 + 8 * e.length);
return _(F(i.concat(l), 640))
}
function j(t) {
var e = "0123456789abcdef"
, n = ""
, r = void 0
, o = void 0;
for (o = 0; o < t.length; o += 1)
r = t.charCodeAt(o),
n += e.charAt(r >>> 4 & 15) + e.charAt(15 & r);
return n
}
let t = '7f338930-2c4a-11ee-b4af-75cb5563a0c5:v7.6.2:263'
let e = '[{"t":"PX10816","d":{"PX10360":"https://www.chegg.com/","PX10929":0,"PX11186":"Win32","PX10622":0,"PX10272":38485,"PX10970":3600,"PX10094":1690440897986,"PX11004":1690440897987,"PX10206":"7f338930-2c4a-11ee-b4af-75cb5563a0c5","PX10088":false}}]'
function Y(t, e) {
return j(N(t, e))
}
function ie(t) {
for (var e = "", n = "", r = 0; r < t.length; r++) {
var o = t.charCodeAt(r);
o >= 48 && o <= 57 ? e += t[r] : n += o % 10
}
return e + n
}
function Jt(t, e) {
var n = Y(t, e);
try {
for (var r = ie(n), o = "", i = 0; i < r.length; i += 2)
o += r[i];
return o
} catch (t) {
}
}
console.log(Jt(t, e))
\ No newline at end of file
test.py 0 → 100644
View file @ de7a57d0
def I(t):
e = 0
n = [0] *8 * len(t)
for e in range(0, 8 * len(t), 8):
# print(e >> 5, n[e >> 5])
n[e >> 5] |= (255 & ord(t[int(e / 8)])) << e % 32
# print(n)
return n[:12]
t = 'debcc4b0-2c46-11ee-8ef9-9bbc3c70f1cb:v7.6.2:263'
print(I(t))
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment