网站 › 『脱壳破解区』 › JS逆向之MD5初体验

QingYi. 发表于 2021-7-12 15:52

JS逆向之MD5初体验

本帖最后由 QingYi. 于 2021-8-26 11:22 编辑

首先我们打开网站https://mp.weixin.qq.com/


调出开发者工具，输入账号密码然后这边post一个数据 ：pwd=555ed8459bf8514130bfbd2bee1b3693


我们可以看到，他是32位的，有经验的一看就知道是md5加密（在js里面 就可以判断出来了）

我们去根据关键词去搜索

我们可以看到login这边有pwd，只要觉得可以的值 就打断点

然后点击登录，会断在这边


然后进入下一个函数调用

我们可以看到return出去的数据是加密的，可能会在这边进行数据加密


我们可以看到 这边有什么乱七八糟的 e n s 等什么鬼，我们可以把它附近的函数抠出来
我们可以看到这边有下划线，找到上面那个括号带下划线的，抠出来（抠代码的时候 就可以看到有md5加密的函数了）



好，现在我们把这个单独抠出来 改名为test,并把它上面的函数也抠出来 代码如下

n = {};
function l(t, e) {
var n = (65535 & t) + (65535 & e);
return (t >> 16) + (e >> 16) + (n >> 16) << 16 | 65535 & n
}
function a(t, e, n, o, r, i) {
return l((s = l(l(e, t), l(o, i))) << (a = r) | s >>> 32 - a, n);
var s, a
}
function f(t, e, n, o, r, i, s) {
return a(e & n | ~e & o, t, e, r, i, s)
}
function d(t, e, n, o, r, i, s) {
return a(e & o | n & ~o, t, e, r, i, s)
}
function h(t, e, n, o, r, i, s) {
return a(e ^ n ^ o, t, e, r, i, s)
}
function m(t, e, n, o, r, i, s) {
return a(n ^ (e | ~o), t, e, r, i, s)
}
function c(t, e) {
t |= 128 << e % 32,
t = e;
var n, o, r, i, s, a = 1732584193,
c = -271733879,
u = -1732584194,
p = 271733878;
for (n = 0; n < t.length; n += 16) a = f(o = a, r = c, i = u, s = p, t, 7, -680876936),
p = f(p, a, c, u, t, 12, -389564586),
u = f(u, p, a, c, t, 17, 606105819),
c = f(c, u, p, a, t, 22, -1044525330),
a = f(a, c, u, p, t, 7, -176418897),
p = f(p, a, c, u, t, 12, 1200080426),
u = f(u, p, a, c, t, 17, -1473231341),
c = f(c, u, p, a, t, 22, -45705983),
a = f(a, c, u, p, t, 7, 1770035416),
p = f(p, a, c, u, t, 12, -1958414417),
u = f(u, p, a, c, t, 17, -42063),
c = f(c, u, p, a, t, 22, -1990404162),
a = f(a, c, u, p, t, 7, 1804603682),
p = f(p, a, c, u, t, 12, -40341101),
u = f(u, p, a, c, t, 17, -1502002290),
a = d(a, c = f(c, u, p, a, t, 22, 1236535329), u, p, t, 5, -165796510),
p = d(p, a, c, u, t, 9, -1069501632),
u = d(u, p, a, c, t, 14, 643717713),
c = d(c, u, p, a, t, 20, -373897302),
a = d(a, c, u, p, t, 5, -701558691),
p = d(p, a, c, u, t, 9, 38016083),
u = d(u, p, a, c, t, 14, -660478335),
c = d(c, u, p, a, t, 20, -405537848),
a = d(a, c, u, p, t, 5, 568446438),
p = d(p, a, c, u, t, 9, -1019803690),
u = d(u, p, a, c, t, 14, -187363961),
c = d(c, u, p, a, t, 20, 1163531501),
a = d(a, c, u, p, t, 5, -1444681467),
p = d(p, a, c, u, t, 9, -51403784),
u = d(u, p, a, c, t, 14, 1735328473),
a = h(a, c = d(c, u, p, a, t, 20, -1926607734), u, p, t, 4, -378558),
p = h(p, a, c, u, t, 11, -2022574463),
u = h(u, p, a, c, t, 16, 1839030562),
c = h(c, u, p, a, t, 23, -35309556),
a = h(a, c, u, p, t, 4, -1530992060),
p = h(p, a, c, u, t, 11, 1272893353),
u = h(u, p, a, c, t, 16, -155497632),
c = h(c, u, p, a, t, 23, -1094730640),
a = h(a, c, u, p, t, 4, 681279174),
p = h(p, a, c, u, t, 11, -358537222),
u = h(u, p, a, c, t, 16, -722521979),
c = h(c, u, p, a, t, 23, 76029189),
a = h(a, c, u, p, t, 4, -640364487),
p = h(p, a, c, u, t, 11, -421815835),
u = h(u, p, a, c, t, 16, 530742520),
a = m(a, c = h(c, u, p, a, t, 23, -995338651), u, p, t, 6, -198630844),
p = m(p, a, c, u, t, 10, 1126891415),
u = m(u, p, a, c, t, 15, -1416354905),
c = m(c, u, p, a, t, 21, -57434055),
a = m(a, c, u, p, t, 6, 1700485571),
p = m(p, a, c, u, t, 10, -1894986606),
u = m(u, p, a, c, t, 15, -1051523),
c = m(c, u, p, a, t, 21, -2054922799),
a = m(a, c, u, p, t, 6, 1873313359),
p = m(p, a, c, u, t, 10, -30611744),
u = m(u, p, a, c, t, 15, -1560198380),
c = m(c, u, p, a, t, 21, 1309151649),
a = m(a, c, u, p, t, 6, -145523070),
p = m(p, a, c, u, t, 10, -1120210379),
u = m(u, p, a, c, t, 15, 718787259),
c = m(c, u, p, a, t, 21, -343485551),
a = l(a, o),
c = l(c, r),
u = l(u, i),
p = l(p, s);
return
}
function u(t) {
var e, n = "";
for (e = 0; e < 32 * t.length; e += 8) n += String.fromCharCode(t >>> e % 32 & 255);
return n
}
function p(t) {
var e, n = [];
for (n[(t.length >> 2) - 1] = void 0, e = 0; e < n.length; e += 1) n = 0;
for (e = 0; e < 8 * t.length; e += 8) n |= (255 & t.charCodeAt(e / 8)) << e % 32;
return n
}
function o(t) {
var e, n, o = "0123456789abcdef",
r = "";
for (n = 0; n < t.length; n += 1) e = t.charCodeAt(n),
r += o.charAt(e >>> 4 & 15) + o.charAt(15 & e);
return r
}
function r(t) {
return unescape(encodeURIComponent(t))
}
function i(t) {
return u(c(p(e = r(t)), 8 * e.length));
var e
}
function s(t, e) {
return function(t, e) {
    var n, o, r = p(t),
    i = [],
    s = [];
    for (i = s = void 0, 16 < r.length && (r = c(r, 8 * t.length)), n = 0; n < 16; n += 1) i = 909522486 ^ r,
    s = 1549556828 ^ r;
    return o = c(i.concat(p(e)), 512 + 8 * e.length),
    u(c(s.concat(o), 640))
} (r(t), r(e))
}
n.exports = function(t, e, n) {
return e ? n ? s(e, t) : o(s(e, t)) : n ? i(t) : o(i(t))
}


function test(t, e, n) {
return e ? n ? s(e, t) : o(s(e, t)) : n ? i(t) : o(i(t))
}



去加载代码。提示n没有定义，我们去定义一下

去执行代码，我们看看效果



本质上我们可以直接调用




到此完毕

保温杯枸杞 发表于 2021-7-12 15:56

很好的内容，谢谢楼主分享

子凌什么都不会 发表于 2021-7-12 17:02

你好，我想问下pwd搜索那个在哪里

QingYi. 发表于 2021-7-12 17:30

开发者工具==> “右上角三个点”==> More tools==> Search

QingYi. 发表于 2021-7-12 17:32

子凌什么都不会 发表于 2021-7-12 17:02
你好，我想问下pwd搜索那个在哪里

开发者工具==> “右上角三个点”==> More tools==> Search

查看完整版本: JS逆向之MD5初体验