去哪儿旅行 参数bella分析
2024-06-02 10:41:36 0 举报AI智能生成
已经去除混淆,调试分析bella是怎么生成的
作者其他创作
大纲/内容
_0x112026返回的就是bella
window["june_v"]
window.june_v = '1683616182042'
固定值
_0xc21476
var _0xc21476 = _0x5625ac['default']["signature"](_0x5ad2bb);
_0x5ad2bb
var _0x5ad2bb = _0x4dd553["bParam"] + _0x34877a + JSON["stringify"](_0x4dd553['keyArray']);
_0x4dd553["bParam"]
"3015911b1392e96931b59f5521723e83"
_0x34877a
在字符串"-_zyxwvutsrqponmlkjihgfedcba9876543210ZYXWVUTSRQPONMLKJIHGFEDCBA"中取随机取21位的字符串
JSON["stringify"](_0x4dd553['keyArray'])
["slideToken"]
传入token值+随机21位字符串+["slideToken"]
_0x5625ac['default']["signature"]
分析得知是hmac sha1加密,盐是b"h8fsaK3wqe+ioMvs"
对传入token值+随机21位字符串+["slideToken"]继续hmac sha1加密,盐b"h8fsaK3wqe+ioMvs"
_0x34c54c
_0x34c54c = (0x0, _0x38cd63["default"])(JSON["stringify"](_0x4fb8ac), _0x3d0fe0["default"]);
(JSON["stringify"](_0x4fb8ac)
'{"referer":"","piccolo":"6567##296BED55F4C7372F##1717248766181","shirley":"unknown","title":"unknown","keywords":"unknown","description":"unknown","host":"user.qunar.com","scriptSrc":["qimgs.qunarzz.co","q.qunarzz.com/ho"],"sign":"cfaa534b2ba6e711ce949a2f8576efb3a89f84f0","randomNum":"F_BCo-mpCMbmcB0te5_vv","t":1717250301844}'
randomNum值是前面随机生成的21字符串
piccolo值是"1000到9999的随机数"+"09azAZ随机16位"+时间戳
sign是传入的token值
t是时间戳
_0x3d0fe0["default"])
['B6F1YrNm+OA=sw', 'n8xbeLlzQ', 'p5M02SUHt/dog', 'cyfj-9kPKu', 'EX7VWaqJi', '3CIGDRhTv4']
_0x38cd63["default"]
代码
_0x21da9c
代码
_0x2d06ba代码
总结:将_0x4800e6的每个字符的ascii码,前面加1到2个0,凑8位,添加到_0x933810的列表中
_0x933810的值
_0x2e4d85
值,长度159
_0x2d06ba
代码
_0x2a779b
_0x2a779b值
_0x34877a
在字符串"-_zyxwvutsrqponmlkjihgfedcba9876543210ZYXWVUTSRQPONMLKJIHGFEDCBA"中取随机取21位的字符串
_0x4dd553["keyArray"]
["slideToken"]
在和上面的字符串相加后[]和""都自动删除,只和slideToken相加
收藏
0 条评论
下一页
