扇贝单词js逆向补环境

就往丶 · 发表于 2025-3-2 22:18

https://web.shanbay.com/wordsweb/#/collection

单词数据加密

使用json hookvar my_parse = JSON.parse;JSON.parse = function (params) { // 这里可以添加其他逻辑比如 console.log("json_parse params:",params); debugger return my_parse(params);};

跳过这个断点因为这个是服务器返回的加密数据，我们需要找到他的解密位置

断在他解密之后的数据上面，往上面跟栈

解密函数

扣出来开始补代码可以看到这个_checkVersion 是检测版本什么的应该不是的返回空字符串肯定是错的，直接删掉

接着运行

缺少new a.default; 未定义

断道这里跟进去

扣出来把函数名修改一下

继续扣i函数

修改一下函数让把参数t给传参进去

扣o.default对象

上面有个异常处理直接不要了下面他的函数也可以一起扣下来

扣f

开始扣 e.init

发现下面有很多函数内容一起给扣了，把这个列表给复制出来

写个列表赋值一下，这个e对象下面的函数，是通过new a_default 出来的所以这些函数需要补在a_default下面

继续运行缺号this._random.seed继续扣

一样的方法扣出来

缺少o

把seed函数里面的o.default.loop 修改成 loop

继续扣 u 函数

继续用上面的方法

这个位置需要修改一下给他传递t参数

直接替换成nodejs 自带的base64解码

完成

[JavaScript] 纯文本查看 复制代码

001

002

003

004

005

006

007

008

009

010

011

012

013

014

015

016

017

018

019

020

021

022

023

024

025

026

027

028

029

030

031

032

033

034

035

036

037

038

039

040

041

042

043

044

045

046

047

048

049

050

051

052

053

054

055

056

057

058

059

060

061

062

063

064

065

066

067

068

069

070

071

072

073

074

075

076

077

078

079

080

081

082

083

084

085

086

087

088

089

090

091

092

093

094

095

096

097

098

099

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

function d(t) {
    var e = new a_default(t);
    e.init(t.substr(0, 4));
    var r = e.decode(t);
    return Buffer.from(r,"base64").toString("utf8")
}
 
f_list = [{
                            key: "getChar",
                            value: function() {
                                return this._char
                            }
                        }, {
                            key: "getChildren",
                            value: function() {
                                return this._children
                            }
                        }, {
                            key: "setChar",
                            value: function(t) {
                                this._char = t
                            }
                        }, {
                            key: "setChildren",
                            value: function(t, e) {
                                this._children[t] = e
                            }
                        }]
function f(key) {
    i.call(this, key),
    this._char = ".",
    this._children = {}
 
    f_list.forEach(function (funDec){
        this[funDec.key] = funDec.value
    },this)
}
 
 
 
s = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567"
c = [1, 2, 2, 2, 2, 2]
var a_list = [{
        key: "init",
        value: function(t) {
            var e = this;
            this._random.seed(t),
            this._sign = t,
            loop(64, function(t) {
                e._addSymbol("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"[t], c[parseInt((t + 1) / 11)])
            }),
            this._inter["="] = "="
        }
    }, {
        key: "_addSymbol",
        value: function(t, e) {
            var r = this
              , n = this._head
              , o = "";
            return loop(e, function(t) {
                for (var e = s[r._random.generate(32)]; e in n.getChildren() && "." !== n.getChildren()[e].getChar(); )
                    e = s[r._random.generate(32)];
                o += e,
                e in n.getChildren() || n.setChildren(e, new f(t_code)),
                n = n.getChildren()[e]
            }),
            n.setChar(t),
            this._inter[t] = o
        }
    }, {
        key: "decode",
        value: function(t) {
            for (var e = "", r = 4; r < t.length; )
                if ("=" !== t[r]) {
                    for (var n = this._head; t[r]in n.getChildren(); )
                        n = n.getChildren()[t[r]],
                        r++;
                    e += n.getChar()
                } else
                    e += "=",
                    r++;
            return e
        }
    }]
u_list = [{
                            key: "get",
                            value: function(t) {
                                return t >>> 0
                            }
                        }, {
                            key: "xor",
                            value: function(t, e) {
                                return this.get(this.get(t) ^ this.get(e))
                            }
                        }, {
                            key: "and",
                            value: function(t, e) {
                                return this.get(this.get(t) & this.get(e))
                            }
                        }, {
                            key: "mul",
                            value: function(t, e) {
                                var r = ((4294901760 & t) >>> 0) * e
                                  , n = (65535 & t) * e;
                                return this.get((r >>> 0) + (n >>> 0))
                            }
                        }, {
                            key: "or",
                            value: function(t, e) {
                                return this.get(this.get(t) | this.get(e))
                            }
                        }, {
                            key: "not",
                            value: function(t) {
                                return this.get(~this.get(t))
                            }
                        }, {
                            key: "shiftLeft",
                            value: function(t, e) {
                                return this.get(this.get(t) << e)
                            }
                        }, {
                            key: "shiftRight",
                            value: function(t, e) {
                                return this.get(t) >>> e
                            }
                        }, {
                            key: "mod",
                            value: function(t, e) {
                                return this.get(this.get(t) % e)
                            }
                        }]
var u = {
    default : {}
}
u_list.forEach(function (funDec){
    u.default[funDec.key] = funDec.value.bind(u.default)
})
var _random_list = [{
                            key: "seed",
                            value: function(e) {
                                var r = this;
                                loop(4, function(t) {
                                    e.length > t ? r._status[t] = u.default.get(e.charAt(t).charCodeAt()) : r._status[t] = u.default.get(110)
                                }),
                                this._mat1 = this._status[1],
                                this._mat2 = this._status[2],
                                this._tmat = this._status[3],
                                this._init()
                            }
                        }, {
                            key: "_init",
                            value: function() {
                                var e = this;
                                loop(7, function(t) {
                                    e._status[t + 1 & 3] = u.default.xor(e._status[t + 1 & 3], t + 1 + u.default.mul(1812433253, u.default.xor(e._status[3 & t], u.default.shiftRight(e._status[3 & t], 30))))
                                }),
                                0 == (2147483647 & this._status[0]) && 0 === this._status[1] && 0 === this._status[2] && 0 === this._status[3] && (this._status[0] = 66,
                                this._status[1] = 65,
                                this._status[2] = 89,
                                this._status[3] = 83),
                                loop(8, function() {
                                    return e._next_state()
                                })
                            }
                        }, {
                            key: "_next_state",
                            value: function() {
                                var t = void 0
                                  , e = void 0;
                                e = this._status[3],
                                t = u.default.xor(u.default.and(this._status[0], 2147483647), u.default.xor(this._status[1], this._status[2])),
                                t = u.default.xor(t, u.default.shiftLeft(t, 1)),
                                e = u.default.xor(e, u.default.xor(u.default.shiftRight(e, 1), t)),
                                this._status[0] = this._status[1],
                                this._status[1] = this._status[2],
                                this._status[2] = u.default.xor(t, u.default.shiftLeft(e, 10)),
                                this._status[3] = e,
                                this._status[1] = u.default.xor(this._status[1], u.default.and(-u.default.and(e, 1), this._mat1)),
                                this._status[2] = u.default.xor(this._status[2], u.default.and(-u.default.and(e, 1), this._mat2))
                            }
                        }, {
                            key: "generate",
                            value: function(t) {
                                this._next_state();
                                var e, r = void 0;
                                return r = this._status[3],
                                e = u.default.xor(this._status[0], u.default.shiftRight(this._status[2], 8)),
                                r = u.default.xor(r, e),
                                (r = u.default.xor(u.default.and(-u.default.and(e, 1), this._tmat), r)) % t
                            }
                        }]
function a_default(t) {
    i.call(this, t),
    this._random = new o_default,
    this._sign = "",
    this._inter = {},
    this._head = new f(t)
    a_list.forEach(function (funDec){
        this[funDec.key] = funDec.value;
    },this)
 
    _random_list.forEach(function (funDec){
        this._random[funDec.key] = funDec.value;
    },this)
}
i = function(t) {
    var e = t.charCodeAt();
    return 65 <= e ? e - 65 : e - 65 + 41
}
 
function o_default() {
    this._status = [],
    this._mat1 = 0,
    this._mat2 = 0,
    this._tmat = 0
}
 
function loop(t, r) {
    "v".repeat(t).split("").map(function(t, e) {
        return r(e)
    })
}
 
 
t_code = "" // 自行添加加密数据
console.log(d(t_code))

仿佛_一念成佛 · 发表于 2025-3-3 01:17

一直对这个扣代码有一个疑问。

不能直接全部复制下来到本地直接运行吗？这不是就不用去扣来扣去了吗

ZLP520 · 发表于 2025-3-2 22:32

用着还不错

neworld1974 · 发表于 2025-3-2 22:38

谢谢楼主

jayhan · 发表于 2025-3-2 23:10

牛的，学习了

ScutMe · 发表于 2025-3-2 23:16

学到了，作者这一路下来思路很清晰呀

就往丶 · 发表于 2025-3-3 08:32

仿佛_一念成佛发表于 2025-3-3 01:17
一直对这个扣代码有一个疑问。

不能直接全部复制下来到本地直接运行吗？这不是就不用去扣来扣去了吗

如果全部都扣的话就有些太复杂了，代码太多了比如有些js代码有几w行的，而且不好修改调试

ibrucekong · 发表于 2025-3-3 08:58

支持原创，越来越好

lyue0771 · 发表于 2025-3-3 09:09

学习了，感谢分享

smilface · 发表于 2025-3-3 09:10

学习学习，感谢楼主分享

帐号		自动登录	找回密码
密码			注册[Register]

[Web逆向] 扇贝单词js逆向补环境

免费评分