## js逆向分析案例——某站視頻在線下載網(wǎng)站的爬取 幾天前發(fā)現(xiàn)某站視頻有些沒有字母,所以想用開源中文語音識別自動生成字母,但是要先把B站視頻下載下來才行,這里選擇一個在線某站視頻下載網(wǎng)站某站視頻解析下載 1.網(wǎng)站展示
在這里插入圖片描述
可以看到還是可以下載很多資源的,某易云的音樂也可以,直接分析 2.網(wǎng)站分析 F12刷新提交,發(fā)現(xiàn)只有一個post請求
在這里插入圖片描述
看下荷載
在這里插入圖片描述
可以,加密過的,看下源代碼(我這里就不貼出圖來了,因為根本沒啥好看的ug逆向反求工程案例導(dǎo)航視頻教程,它重要的都是后面ajax生成的,前端沒啥重要的代碼)所以這里直接看函數(shù)調(diào)用堆棧
在這里插入圖片描述
很明顯,就是提交了請求,就是解析視頻,點進(jìn)去看看 這里兩個很重要的函數(shù)都在一個源文件里,這里我就直接貼出來好了
"undefined" != typeof Storage && (Storage.prototype.setObject = function(t, e) {
this.setItem(t, JSON.stringify(e))
}
,
Storage.prototype.getObject = function(t) {
t = this.getItem(t);
return t && JSON.parse(t)
}
),
Array.prototype.find || (Array.prototype.find = function(t) {
return t && (this.filter(t) || [])[0]
}
),
jQuery.support.cors = !0;
var o = {
miaopai: "weibo",
xiaokaxiu: "weibo",
yixia: "weibo",
weibo: "weibo",
weico: "weibo",
meipai: "meipai",
xiaoying: "xiaoying",
vivavideo: "xiaoying",
immomo: "momo",
momocdn: "momo",
inke: "inke",
163: "yunyinyue",
"weishi.qq": "weishi",
"qzone.qq": "weishi",
"kg4.qq": "kg",
"kg3.qq": "kg",
"kg2.qq": "kg",
"kg1.qq": "kg",
"kg.qq": "kg",
facebook: "facebook",
fb: "facebook",
youtube: "youtube",
youtu: "youtube",
vimeo: "vimeo",
twitter: "twitter",
instagram: "instagram",
hao222: "quanmin",
"haokan.baidu": "quanmin",
quduopai: "quduopai",
"3qtt": "quduopai",
bilibili: "bilibili",
b23: "bilibili",
pearvideo: "pearvideo",
tumblr: "tumblr",
luisonte: "tumblr",
acfun: "acfun",
izuiyou: "zuiyou"
};
function s(t) {
return t + ".iiilab.com"
}
function a() {
var t = window.navigator.userAgent;
return 0 < t.indexOf("MSIE ") || 0 < t.indexOf("Trident/")
}
new Vue({
delimiters: ["[[", "]]"],
el: "#app",
data: {
link: "",
submitBtnClass: {
disabled: !1
},
errorTip: "",
browserTip: "",
requestSuccess: !1,
showAllSupportLink: !1,
showClearBtn: !1,
requestResult: {
text: "",
medias: [],
overseas: 0
},
sponsor: {
text: [],
img: []
},
gaCode: '<ins class="adsbygoogle" style="display:block;" data-ad-client="ca-pub-2341115656300335" data-ad-slot="2960734406" data-ad-format="horizontal">ins><script>(adsbygoogle = window.adsbygoogle || []).push({});<\/script>'
},
watch: {
link: function(t, e) {
0 < t.length ? (this.showClearBtn = !0,
$(".input-group-lg .link-input").css("padding-right", "32px")) : (this.showClearBtn = !1,
$(".input-group-lg .link-input").css("padding-right", "16px"))
}
},
methods: {
toggleAllSupportLink: function() {
this.showAllSupportLink = !this.showAllSupportLink
},
submit: function(t) {
var e;
this.submitBtnClass.disabled || (this.removeLastResult(),
"" !== this.link ? "" !== tool.getCookie(c) ? (console.log("is human"),
-1 !== (e = -1 === (e = this.link.lastIndexOf("http://")) ? this.link.lastIndexOf("https://") : e) ? (this.link = this.link.substr(e),
-1 !== (e = this.link.indexOf(" ")) && (this.link = this.link.substring(0, e)),
this.link.length < 16 || !/https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z]{2,5}\b([-a-zA-Z0-9@:%_\+.~#?&//=]*)/g.test(this.link) ? this.errorTip = "請輸入正確的視頻鏈接" : (this.errorTip = "",
this.parseVideo())) : this.errorTip = "請輸入正確的鏈接") : $("#human-code").modal("show") : this.errorTip = "請先將鏈接粘貼到上面的輸入框")
},
parseVideo: function() {
var t, n, e, i = (i = this.link,
(t = document.createElement("a")).href = i,
(t = t.hostname.split(".")).length < 2 ? "" : t[t.length - 2]);
o.hasOwnProperty(i) || (t = this.link,
(e = document.createElement("a")).href = t,
i = (e = e.hostname.split(".")).length < 3 ? "" : e[e.length - 3] + "." + e[e.length - 2]),
o.hasOwnProperty(i) && s(o[i]) !== location.hostname ? this.redirect(s(o[i])) : (this.submitBtnClass.disabled = !0,
n = this,
e = Math.random().toString(10).substring(2),
i = tool.cal(this.link + "@" + e).toString(10),
$.ajax({
type: "POST",
beforeSend: function(t) {
t.setRequestHeader("Accept-Patch", tool.uc(n.link))
},
url: "/media",
xhrFields: {
withCredentials: !0
},
crossDomain: !0,
data: JSON.stringify({
link: tool.encode(n.link) + "@" + e + "@" + i
}),
contentType: "application/json; charset=UTF-8",
dataType: "json",
success: function(i) {
if (n.submitBtnClass.disabled = !1,
200 === i.code) {
i.data = JSON.parse(tool.decode(i.data));
for (let e = 0; e < i.data.medias.length; e++) {
let t = i.data.medias[e];
var o;
"video" !== t.media_type || !t.formats || (o = t.formats.find(function(t) {
return 1 === t.separate
})) && (i.data.medias[e].audio_url = o.audio_url)
}
n.requestResult = i.data,
n.requestSuccess = !0,
n.cacheResult()
} else
-999 === i.code && ($("#pro-sponsor-title").text(i.msg),
$("#pro-sponsor-detail").html(i.msg_detail),
$("#pro-sponsor").modal("show")),
n.errorTip = i.msg
},
error: function(t, e, i) {
n.submitBtnClass.disabled = !1,
a() && "error" === e && -2147024891 === i.number ? n.errorTip = "由于您IE瀏覽器的安全設(shè)置,本站部分功能無法正常使用,請更改IE瀏覽器安全設(shè)置或更換為WebKit內(nèi)核瀏覽器訪問本站獲得最佳上網(wǎng)體驗。IE瀏覽器設(shè)置方法: 打開IE瀏覽器,依次選擇右上角工具—Internet選項-安全-自定義級別-其它-通過域訪問數(shù)據(jù)源,設(shè)置為啟用即可。" : n.errorTip = "處理失敗,請檢查您的網(wǎng)絡(luò)連接后重試!"
}
}))
},
init: function() {
var t = "?link=";
if (-1 !== location.search.indexOf(t) && "" !== location.search.substr(t.length))
return this.link = decodeURI(location.search.substr(t.length)),
window.history && history.replaceState && history.replaceState("", "", "/"),
void this.submit();
"undefined" != typeof Storage && (null != localStorage.getItem("time") && 36e5 < (new Date).getTime() - localStorage.getItem("time") ? this.removeLastResult() : (null != localStorage.getItem("link") && (this.link = localStorage.getItem("link")),
null != localStorage.getItem("requestResult") && (this.requestResult = localStorage.getObject("requestResult"),
this.requestSuccess = !0)))
},
initSponsor: function() {
-1 < window.navigator.userAgent.indexOf("MicroMessenger") && (this.browserTip = "因微信內(nèi)置瀏覽器不支持下載文件, 請在iiiLab推薦的瀏覽器中打開本站: " + window.location.origin);
var e = this;
$.ajax({
type: "POST",
url: "/sponsor",
xhrFields: {
withCredentials: !0
},
crossDomain: !0,
dataType: "json",
success: function(t) {
t.succ && (e.sponsor.text = t.data.text || [],
e.sponsor.img = t.data.img || [])
},
error: function() {},
complete: function() {
e.init(),
0 === e.sponsor.img.length && $("#ga-code").html(e.gaCode)
}
})
},
cacheResult: function() {
"undefined" != typeof Storage && (localStorage.setItem("time", (new Date).getTime()),
localStorage.setItem("link", this.link),
localStorage.setObject("requestResult", this.requestResult))
},
removeLastResult: function() {
"undefined" != typeof Storage && (this.requestSuccess = !1,
localStorage.removeItem("time"),
localStorage.removeItem("link"),
localStorage.removeItem("requestResult"))
},
clear: function() {
this.removeLastResult(),
this.link = ""
},
redirect: function(t) {
t = location.protocol + "http://" + t + "/?link=" + encodeURI(this.link);
window.location.replace(t)
}
}
}).initSponsor(),
$(document).ready(function() {
a() && $("#app .row .col-md-12").prepend('<div style="text-align: center;" class="alert alert-danger" role="alert">抱歉,本站不支持IE瀏覽器。推薦使用谷歌Chrome、微軟Edge等主流瀏覽器訪問本站!div>'),
$("#parent-nav").hover(function() {
$("#child-nav").css("display", "block")
}, function() {
$("#child-nav").css("display", "none")
})
});
try {
window.console && window.console.log && console.log("[廣告]全網(wǎng)視頻圖片解析API對接文檔:https://www.kancloud.cn/artdist/lingquan/1607574"),
window.console && window.console.log && console.log("[廣告]全網(wǎng)視頻圖片解析下載:https://admin.meiwzj.com")
} catch (t) {}在這里插入圖片描述
這里的邏輯就很清楚了ug逆向反求工程案例導(dǎo)航視頻教程,先正則判斷鏈接正確性,然后直接,那這里最關(guān)鍵的就是了
在這里插入圖片描述
頭大?別急,一步步來,看不懂的可以自己百度,或者瀏覽器里下斷點一步步運行來,這里我直接把最關(guān)鍵的給貼出來好了 1.
在這里插入圖片描述
e就是隨機(jī)了一個數(shù)(因為是隨機(jī)的,所以我們完全可以讓e是個定值),i就是tool.cal()函數(shù)傳入一個this.link+"@"+e的字符串,這里不知道this.link是啥的話可以在這里下個斷點,然后運行到這里后在瀏覽器控制臺里輸入this.link查看,就像這樣
在這里插入圖片描述
很好,其實this.link就是我們輸入的b站視頻url而已 這里的tool.cal先不管(因為有點麻煩),繼續(xù)往下看 2.
在這里插入圖片描述
是不是很熟悉?沒錯這里就是加密過后的載荷link 那么就剩下tool.cal和tool.兩個函數(shù)了 *好戲,才剛剛開始! *3.真正網(wǎng)站逆向分析 在前面tool.cal那行下個斷點,運行到那里
在這里插入圖片描述
鼠標(biāo)放在cal上面點進(jìn)去來源
在這里插入圖片描述
!!!是不是傻眼了! 說實話剛看到我是絕望的,這根本看不清楚,我問別人說這是代碼混淆,說是有網(wǎng)站可以恢復(fù)的,我找了很久都不行,那就只能自己分析了。 PS:你當(dāng)然可以直接編譯出來運行,但是網(wǎng)上啥混淆代碼復(fù)原都不要相信,它們都有很大局限性,所以還是老老實實自己分析吧 4.代碼混淆手動復(fù)原(以最大智若愚的方式解決問題) 先把tool.cal代碼貼出來
Tool[_0x49a041(0x47e, 0x4a5, 0x49a, 0x478)][_0x49a041(0x477, 0x4db, 0x4bc, 0x4ef)] = function(_0x289005) {
const _0x4b5a07 = {
'pIYsU': function(_0x1973f6, _0xb564aa) {
return _0x1973f6(_0xb564aa);
},
'VguUy': _0x388442(0x222, 0x241, 0x259, 0x23d) + 'e-tip',
'gLJiN': function(_0x546c35, _0x3a185e) {
return _0x546c35(_0x3a185e);
},
'yXQbT': function(_0x49d296, _0x371742, _0x243dd8) {
return _0x49d296(_0x371742, _0x243dd8);
},
'epVsg': function(_0x18ed52, _0x1ece24) {
return _0x18ed52 < _0x1ece24;
},
'JmpRD': _0x388442(0x24c, 0x290, 0x275, 0x264)
};
function _0x283431(_0x7c71cf, _0xe14f7, _0x1718c3, _0x36799d) {
return _0x2f3ec3(_0x7c71cf - 0x4a, _0x7c71cf - 0x6, _0x1718c3 - 0x80, _0xe14f7);
}
let _0x855acb = -0x6de + 0x2 * -0x7ea + -0x48a * -0x5;
for (let _0x4b8f3f = 0x17b1 + -0xa52 + 0x15 * -0xa3, _0x3b7b35 = _0x289005[_0x388442(0x23e, 0x243, 0x257, 0x227)]; _0x4b5a07[_0x283431(0xf, 0x57, 0x24, 0xf)](_0x4b8f3f, _0x3b7b35); ) {
_0x4b5a07[_0x283431(-0x54, -0x6a, -0x64, -0x5a)] === _0x4b5a07['JmpRD'] ? _0x855acb += _0x289005[_0x283431(-0x16, -0x13, -0x5e, -0x7)](_0x4b8f3f++) % (-0xd * 0x242 + 0x138 + 0x1c2c) : (_0x4b5a07[_0x283431(-0x25, 0x9, 0xb, -0x50)](_0x31f942, _0x4b5a07[_0x388442(0x2a4, 0x2a7, 0x2ce, 0x2db)])[_0x388442(0x29a, 0x293, 0x2ba, 0x2f6)](),
_0x4b5a07[_0x388442(0x226, 0x245, 0x266, 0x24b)](_0x566769, function() {
function _0x57fa9c(_0x357500, _0x578da0, _0x26931d, _0x281de0) {
return _0x283431(_0x578da0 - 0x55, _0x281de0, _0x26931d - 0x185, _0x281de0 - 0x10b);
}
function _0x3ff2e2(_0x3c604b, _0x48662f, _0x507d63, _0x39a77d) {
return _0x388442(_0x3c604b - 0x18f, _0x48662f, _0x39a77d - 0xd, _0x39a77d - 0xfb);
}
_0x4b5a07[_0x3ff2e2(0x272, 0x280, 0x235, 0x259)](_0x514fd6, _0x4b5a07[_0x57fa9c(0x19, 0x60, 0x27, 0x18)])[_0x57fa9c(0x1a, 0x5b, 0x13, 0x2a)]();
}, -0x4d * 0x27 + 0x18c0 + 0x1f * -0x2b));
}
function _0x388442(_0x391a32, _0x3dda94, _0x364826, _0x6d9882) {
return _0x49a041(_0x391a32 - 0x1b8, _0x3dda94 - 0x12c, _0x364826 - -0x23b, _0x3dda94);
}
return _0x855acb << 0x1f6 + 0x26b8 + -0x28a6;
}
其實思路很簡單,這么復(fù)雜的代碼為什么瀏覽器知道要干嘛呢?所以我們問瀏覽器啊! 但是首先你要知道,前面帶有“ _ ”的,要么是變量要么是函數(shù)名,而沒有“_”的,則是十六進(jìn)制的常量我們可以把常量先替換成自己看得懂的,比如這段-0x6de + 0x2 * -0x7ea + -0x48a * -0x5 復(fù)制黏貼到瀏覽器控制臺中,
在這里插入圖片描述
在這里插入圖片描述
所以這句代碼的意思是初始化臨時變量為0 然后就一直重復(fù)這個步驟就可以了就像點讀機(jī)一樣,那里不知道點哪里復(fù)制黏貼到瀏覽器控制臺,直接問他這是啥就行了 最后其實你會發(fā)現(xiàn)它很多代碼都是故意饒老繞去的,比如加了個很復(fù)雜的判斷,結(jié)果值恒為true,或者有很復(fù)雜的運算結(jié)果值為0 抽絲剝繭,一步步來最后tool.cal的意思其實是把url每一個字符的碼取余10后相加,然后左移8位就可以了 這是我還原出來的
在這里插入圖片描述
這是tool.cal同理tool.函數(shù) 思路網(wǎng)址加密后取前面沒有=的內(nèi)容進(jìn)行反轉(zhuǎn),加上 這里的是我分析出來隨機(jī)的東西,所以直接用定值就可以了 結(jié)合這t圖,其實
在這里插入圖片描述
其實參數(shù)link已經(jīng)出來了 接下來看返回值
{
"code": 200,
"succ": true,
"data": "XrVsTSaTjfeqHqJVQfwAiOiMXYlNnclZ3biACLd1nIn5GcuATO3kjMyATZwITM5gDOwQWM1QTOxcjYiFGMmlTY1QWYidzNzATZzI2LlZXaoNmch9ycmJ2Lt92YuIGbzRGauITav8iOwRHdoJCI6ICbyV3X3VWa2VmcwJCIsICMwADMwADM40zbn9GbmEDLw0DZpJXZkJ3bmUDMxETN9cnYmATPlBXe0RXZuZCZvZXPjZnYm0mcvZGdhxGcsQWatxCZpJHdsk2bsM3bs4WZnxSZulGbkFWZkxyci5GLrBXa1xSZ9MXbhJXYwVnJkVWO4QWMkZzN4EmYwETNklDNzITM5MWYldjNyITZzkTPnl2cwVnJ1wWb0hWPtJ3bmRXYsBnJw0DZp1mJUlTMyQDZ4YWNkRGOxEjZ3EmM5YDNhVjMzUGN2UmN1UmY9QWayRnJzEDM1EzN2YDOx0TavZidiNnY9M3bmIjdsJXd5FGbw1jbldmJ5gDOwAjN4UjNx0TZulGbkFWZkZSM9MnYuZSN9sGcpVnJ900QONTNhRHbfpGVZVmSxZGOYtmdwgHVTNXRuZlNGVDT4UkbFRFe1VkVylTcmJmT6lkSxJEOD5kdO9GaWR2doZFZXhGbkdHaWR2doZlUi50YOJnMNpFe1VGOnlWPl9DNw1mL4AjMtETL1MDNxgTMxUDNvUzM0EDOxETN08CNx8SNz8SZk92Y4N2ZwV3Lt92Yu8WZklmdpxWai5ycvNmcvJncp1WL6NXLz9Gc19yL6MHc0RHaiAiOiwmc19VZjJXdvNXZyJCIsIyblRWa2JCI6ISZwlHdfFWakVWbis3WgojIzFWakVWbiACLiYzYiVTdcBTYyUTdcFmMmRTdcRjNlNXYC5SNg0CIxAjZmVHX2YjY1UHX1MmZ1UHXxYmM3UHX1YTM1UHXjBjZmVHXxEDN1UHX2ADM5UHXzpWOiJWN1xVN4ETN1xlNzYTO1xFOkFWO1xlY2YDO1x1YyIzN1xVYxYGN1xlN2IWN1xVN1YGN1xlM4kTN1xFM2YGN1xVO1UjN1xVM5gTO1xlNjlDO1xVYyUGN1xFMlFTN1xVOkZGO1xlZxYmZ1xlZxYmZ1xlN4UGN1xFZwUGN1x1YyIzN1xlNjJWN1xFMhJTN1xVOkF2N1xVM1Y2N1xFMzITN1x1N0ATO1xlIgojI0hXZ0Jye=="
}
哈哈傻眼了吧! 又是加密過的!如果你前面思路已經(jīng)明白的話,那后面不成問題。 這里我先不寫下去了,要是不會可以留言,我過幾天看看要不要揭曉謎底。 給你們看看我做好的成品吧!
在這里插入圖片描述
1.txt輸入要解析的視頻地址,這里我三個一樣的圖個方便而已,運行!
在這里插入圖片描述
很順利的解析出來了。輸出在2.txt文件里
在這里插入圖片描述
這些視頻地址都可以直接放在idm里面下載,下載速度特別快。 可以自己先練練手玩玩試著自己逆向下,不會可以留言[doge]