首先打开易盾官网,依次单击“在线体验”和“滑块拼图”选项,出现如下图所示的滑块验证码,滑动后发现Network面板成功抓包。
如图所示 其中主要的加密参数可以看出来就是acToken以及cb 我们接着下断点往下走
我通过上图可以看到 acToken,同时也发现了data,这里 data 先放一下,我们追溯 acToken ,这里我们就看栈,通过栈追溯到它。
这里我是在箭头指的这个栈对应的位置打的断点。这里我们再次让网页运行,当断点断到这里时,可以看到当前栈之上的栈没有 acToken 类似样式的值出现,那就说明,acToken 是在这里或者之后出现的,我们先分析当前的,看看是否是,如若不是再继续向下找。这里我们进入上面函数 cc
这里我们在 开头 以及两个 return 处打上断点,这里我们让它自己运行到return处,从下往上分析。
可以看到这里生成的值跟上面看到的 acToken 相似,同时这里也说明了 acToken 在这里生成的。
还有一个要注意的是函数cc里面的参数b是,上图api请求返回回来的dt值。
剩下就扣代码吧,细心点就可以搞出来。
下面我们逆向参数 data,其实参数 data 本质上就是滑块轨迹的加密。
这里我们可以在上面一开始找 acToken 时发现有 data,我们在那里打上断点,然后再追栈,最后会发现在下图发现 data,再往上追,就找不到了
那我们就找一下 e ,但是 e 太多了,不好找,那我们找 data ,但是 data 也有点断,也不到找,这里我们要根据 data 的特征下手了。
我把一个data复制下来,然后序列化一下,这里我是通过 ext 找的。
最后找到一个,这里可以看到跟上面序列化得到的差不多,那我们打一下断点看看。
可以看到已经成功断到这里了,那也说明了 data 在这里生成,
上面 this.traceData 就是加密的轨迹,u 其实是个定值 50 。
这里我们搜索一下 this.traceData 。可以看到跟滑块的x和y的坐标还有时间有关。最终用f函数做了一下加密处理。我们这里不方便直接断点。因为,在此处断点,每动一下鼠标都要debug。这里我们可以通过条件断点打印一下。
Math.round(e.clientX - i) 为第一个是横坐标的拖动距离,
Math.round(e.clientY - n) 为第二个是纵坐标上下浮动的距离,
s.now() - this.beginTime 为第三个是当前滑动的时间-开始滑动的时间。
然后,剩下的就是一个扣代码了以及缺口识别了,缺口识别的话可以用ddddocr或者目前已经有很多的开源ocr来搞,反正能精准识别到距离就行。
这里给一个ddddocr的例子
import ddddocrdef get_gap(target_img:bytes, background_img:bytes):det = ddddocr.DdddOcr(det=False, ocr=False, show_ad=False)res = det.slide_match(target_img, background_img,simple_target=True)print(res)return res["target"][0]
下图是我本地生成的 data 值。
cb生成部分代码
function uuid(e, t) {var i = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz".split(""), a = [], n = void 0;if (t = t || i.length,e)for (n = 0; n < e; n++)a[n] = i[0 | Math.random() * t];else {var r = void 0;for (a[8] = a[13] = a[18] = a[23] = "-",a[14] = "4",n = 0; n < 36; n++)a[n] || (r = 0 | 16 * Math.random(),a[n] = i[19 === n ? 3 & r | 8 : r])}return a.join("")
}__toByte = function (e) {function t(t) {return e.apply(this, arguments)}return t.toString = function () {return e.toString()},t
}(function (e) {if (e < -128)return __toByte(128 - (-128 - e));if (e >= -128 && e <= 127)return e;if (e > 127)return __toByte(-129 + e - 127);throw new Error("1001")
});
n = function (e, t) {return __toByte(e + t)
}
r = function (e, t) {if (null == e)return null;if (null == t)return e;for (var i = [], r = t.length, o = 0, a = e.length; o < a; o++)i[o] = n(e[o], t[o % r]);return i
}
oo = function (e, t) {return e = __toByte(e),t = __toByte(t),__toByte(e ^ t)
}a = function (e, t) {if (null == e || null == t || e.length != t.length)return e;for (var i = [], n = e.length, r = 0, a = n; r < a; r++)i[r] = oo(e[r], t[r]);return i
}
s = ["0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "a", "b", "c", "d", "e", "f"]
l = function (e) {var t = [];return t.push(s[e >>> 4 & 15]),t.push(s[15 & e]),t.join("")
}
u = function (e) {var t = e.length;if (null == e || t < 0)return new String("");for (var i = [], n = 0; n < t; n++)i.push(l(e[n]));return i.join("")
}
c = function (e) {if (null == e || void 0 == e)return e;for (var t = encodeURIComponent(e), i = [], n = t.length, r = 0; r < n; r++)if ("%" == t.charAt(r)) {if (!(r + 2 < n))throw new Error("1009");i.push(f(t.charAt(++r) + "" + t.charAt(++r))[0])} elsei.push(t.charCodeAt(r));return i
}
j = function (e) {var t = [];return t[0] = e >>> 24 & 255,t[1] = e >>> 16 & 255,t[2] = e >>> 8 & 255,t[3] = 255 & e,t
}
d = function (e) {var t = j(e);return u(t)
}
h = function (e, t, i) {var n = [];if (null == e || 0 == e.length)return n;if (e.length < i)throw new Error("1003");for (var r = 0; r < i; r++)n[r] = e[t + r];return n
}
p = function (e, t, i, n, r) {if (null == e || 0 == e.length)return i;if (null == i)throw new Error("1004");if (e.length < r)throw new Error("1003");for (var o = 0; o < r; o++)i[n + o] = e[t + o];return i
}
y = function (e) {for (var t = [], i = 0; i < e; i++)t[i] = 0;return t
}
g = function () {return ["i", "/", "x", "1", "X", "g", "U", "0", "z", "7", "k", "8", "N", "+", "l", "C", "p", "O", "n", "P", "r", "v", "6", "\\", "q", "u", "2", "G", "j", "9", "H", "R", "c", "w", "T", "Y", "Z", "4", "b", "f", "S", "J", "B", "h", "a", "W", "s", "t", "A", "e", "o", "M", "I", "E", "Q", "5", "m", "D", "d", "V", "F", "L", "K", "y"]
}
b = function () {return "3"
}
m = function (e, t, i) {var n, r, o, a = g(), s = b(), l = [];if (1 == i)n = e[t],r = 0,o = 0,l.push(a[n >>> 2 & 63]),l.push(a[(n << 4 & 48) + (r >>> 4 & 15)]),l.push(s),l.push(s);else if (2 == i)n = e[t],r = e[t + 1],o = 0,l.push(a[n >>> 2 & 63]),l.push(a[(n << 4 & 48) + (r >>> 4 & 15)]),l.push(a[(r << 2 & 60) + (o >>> 6 & 3)]),l.push(s);else {if (3 != i)throw new Error("1010");n = e[t],r = e[t + 1],o = e[t + 2],l.push(a[n >>> 2 & 63]),l.push(a[(n << 4 & 48) + (r >>> 4 & 15)]),l.push(a[(r << 2 & 60) + (o >>> 6 & 3)]),l.push(a[63 & o])}return l.join("")
}
_ = function (e) {if (null == e || void 0 == e)return null;if (0 == e.length)return "";var t = 3;for (var i = [], n = 0; n < e.length;) {if (!(n + t <= e.length)) {i.push(m(e, n, e.length - n));break}i.push(m(e, n, t)),n += t}return i.join("")// try {// for (var i = [], n = 0; n < e.length;) {// if (!(n + t <= e.length)) {// i.push(m(e, n, e.length - n));// break// }// i.push(m(e, n, t)),// n += t// }// return i.join("")// } catch (r) {// throw new Error("1010")// }
}T = [0, 1996959894, 3993919788, 2567524794, 124634137, 1886057615, 3915621685, 2657392035, 249268274, 2044508324, 3772115230, 2547177864, 162941995, 2125561021, 3887607047, 2428444049, 498536548, 1789927666, 4089016648, 2227061214, 450548861, 1843258603, 4107580753, 2211677639, 325883990, 1684777152, 4251122042, 2321926636, 335633487, 1661365465, 4195302755, 2366115317, 997073096, 1281953886, 3579855332, 2724688242, 1006888145, 1258607687, 3524101629, 2768942443, 901097722, 1119000684, 3686517206, 2898065728, 853044451, 1172266101, 3705015759, 2882616665, 651767980, 1373503546, 3369554304, 3218104598, 565507253, 1454621731, 3485111705, 3099436303, 671266974, 1594198024, 3322730930, 2970347812, 795835527, 1483230225, 3244367275, 3060149565, 1994146192, 31158534, 2563907772, 4023717930, 1907459465, 112637215, 2680153253, 3904427059, 2013776290, 251722036, 2517215374, 3775830040, 2137656763, 141376813, 2439277719, 3865271297, 1802195444, 476864866, 2238001368, 4066508878, 1812370925, 453092731, 2181625025, 4111451223, 1706088902, 314042704, 2344532202, 4240017532, 1658658271, 366619977, 2362670323, 4224994405, 1303535960, 984961486, 2747007092, 3569037538, 1256170817, 1037604311, 2765210733, 3554079995, 1131014506, 879679996, 2909243462, 3663771856, 1141124467, 855842277, 2852801631, 3708648649, 1342533948, 654459306, 3188396048, 3373015174, 1466479909, 544179635, 3110523913, 3462522015, 1591671054, 702138776, 2966460450, 3352799412, 1504918807, 783551873, 3082640443, 3233442989, 3988292384, 2596254646, 62317068, 1957810842, 3939845945, 2647816111, 81470997, 1943803523, 3814918930, 2489596804, 225274430, 2053790376, 3826175755, 2466906013, 167816743, 2097651377, 4027552580, 2265490386, 503444072, 1762050814, 4150417245, 2154129355, 426522225, 1852507879, 4275313526, 2312317920, 282753626, 1742555852, 4189708143, 2394877945, 397917763, 1622183637, 3604390888, 2714866558, 953729732, 1340076626, 3518719985, 2797360999, 1068828381, 1219638859, 3624741850, 2936675148, 906185462, 1090812512, 3747672003, 2825379669, 829329135, 1181335161, 3412177804, 3160834842, 628085408, 1382605366, 3423369109, 3138078467, 570562233, 1426400815, 3317316542, 2998733608, 733239954, 1555261956, 3268935591, 3050360625, 752459403, 1541320221, 2607071920, 3965973030, 1969922972, 40735498, 2617837225, 3943577151, 1913087877, 83908371, 2512341634, 3803740692, 2075208622, 213261112, 2463272603, 3855990285, 2094854071, 198958881, 2262029012, 4057260610, 1759359992, 534414190, 2176718541, 4139329115, 1873836001, 414664567, 2282248934, 4279200368, 1711684554, 285281116, 2405801727, 4167216745, 1634467795, 376229701, 2685067896, 3608007406, 1308918612, 956543938, 2808555105, 3495958263, 1231636301, 1047427035, 2932959818, 3654703836, 1088359270, 936918e3, 2847714899, 3736837829, 1202900863, 817233897, 3183342108, 3401237130, 1404277552, 615818150, 3134207493, 3453421203, 1423857449, 601450431, 3009837614, 3294710456, 1567103746, 711928724, 3020668471, 3272380065, 1510334235, 755167117]
S = function (e) {var t = 4294967295;if (null != e)for (var i = 0; i < e.length; i++) {var n = e[i];t = t >>> 8 ^ T[255 & (t ^ n)]}return d(4294967295 ^ t, 8)
}
k = function (e) {return S(null == e ? [] : c(e))
}
var E = [120, 85, -95, -84, 122, 38, -16, -53, -11, 16, 55, 3, 125, -29, 32, -128, -94, 77, 15, 106, -88, -100, -34, 88, 78, 105, -104, -90, -70, 90, -119, -28, -19, -47, -111, 117, -105, -62, -35, 2, -14, -32, 114, 23, -21, 25, -7, -92, 96, -103, 126, 112, -113, -65, -109, -44, 47, 48, 86, 75, 62, -26, 72, -56, -27, 66, -42, 63, 14, 92, 59, -101, 19, -33, 12, -18, -126, -50, -67, 42, 7, -60, -81, -93, -86, 40, -69, -37, 98, -63, -59, 108, 46, -45, 93, 102, 65, -79, 73, -23, -46, 37, -114, -15, 44, -54, 99, -10, 60, -96, 76, 26, 61, -107, 18, -116, -55, -40, 57, -76, -82, 45, 0, -112, -77, 29, 43, -30, 109, -91, -83, 107, 101, 81, -52, -71, 84, 36, -41, 68, 39, -75, -122, -6, 11, -80, -17, -74, -73, 35, 49, -49, -127, 80, 103, 79, -25, 52, -43, 56, 41, -61, -24, 17, -118, 115, -38, 8, -78, 33, -85, -106, 58, -98, -108, 94, 116, -125, -51, -9, 71, 82, 87, -115, 9, 69, -123, 123, -117, 113, -22, -124, -87, 64, 13, 21, -89, -2, -99, -97, 1, -4, 34, 20, 83, 119, 30, -12, -110, -66, 118, -48, 6, -36, 104, -58, -102, 97, 5, -20, 31, -72, 70, -39, 67, -68, -57, 110, 89, 51, 10, -120, 28, 111, 127, 22, -3, 54, 53, -1, 100, 74, 50, 91, 27, -31, -5, -64, 124, -121, 24, -13, 95, 121, -8, 4], C = 4, R = 4, O = 4, $ = 4
I = function (e) {var t = [];if (null == e || void 0 == e || 0 == e.length)return y(R);if (e.length >= R)return h(e, 0, R);for (var i = 0; i < R; i++)t[i] = e[i % e.length];return t
}
X = function (e) {if (null == e || void 0 == e || 0 == e.length)return y(C);var t = e.length, i = 0;i = t % C <= C - O ? C - t % C - O : 2 * C - t % C - O;var n = [];p(e, 0, n, 0, t);for (var r = 0; r < i; r++)n[t + r] = 0;var o = j(t);return p(o, 0, n, t + i, O),n
}
x = function (e) {if (null == e || e.length % C != 0)throw new Error("1005");for (var t = [], i = 0, n = e.length / C, r = 0; r < n; r++) {t[r] = [];for (var o = 0; o < C; o++)t[r][o] = e[i++]}return t
}
A = function (e) {var t = e >>> 4 & 15, i = 15 & e, n = 16 * t + i;return E[n]
}
P = function (e) {if (null == e)return null;for (var t = [], i = 0, n = e.length; i < n; i++)t[i] = A(e[i]);return t
}
N = function () {for (var e = [], t = 0; t < $; t++) {var i = 256 * Math.random();i = Math.floor(i),e[t] = __toByte(i)}return e
}
D = function (e, t) {if (null == e)return null;for (var i = __toByte(t), r = [], o = e.length, a = 0; a < o; a++)r.push(n(e[a], i));return r
}
M = function (e, t) {if (null == e)return null;for (var i = __toByte(t), n = [], r = e.length, a = 0; a < r; a++)n.push(oo(e[a], i));return n
}
V = function (e) {var t = M(e, 56), i = D(t, -40), n = M(i, 103);return n
}
L = function (e, t) {null == e && (e = []);var i = N();t = I(t),t = a(t, I(i)),t = I(t);var n = t, o = X(e), s = x(o), l = [];p(i, 0, l, 0, $);for (var u = s.length, f = 0; f < u; f++) {var c = V(s[f]), j = a(c, t), d = r(j, n);j = a(d, n);var h = P(j);h = P(h),p(h, 0, l, f * C + $, C),n = h}return l
}
B = function (e) {var t = "14731382d816714fC59E47De5dA0C871D3F";if (null == t || void 0 == t)throw new Error("1008");null != e && void 0 != e || (e = "");var i = e + k(e), n = c(i), r = c(t), o = L(n, r);return _(o)
}function ss() {var e = uuid(32);return B(e)
}function cb() {return ss()
}
最终成品代码图
