JS逆向:破解某某文书网反爬虫JS加密策略

1. 破解返回结果

1.1. 分析 response

  • 打开网站,在输入框输入查询关键字【吴*凡】,分析 response 发现找不到返回的数据,但是却能找到以下内容:

  • 根据经验推测,这里的 result 结果就是我们要抓取的数据,只不过被某种加密方式加密了,我们无法直接获取。
  • 这里我们注意到,返回的 response 中包含一个 secretKey,我们猜测这个 secretKey 就是解密 result 的关键钥匙。

1.2. 逆向过程

  • 全局搜搜 secretKey,找到下面的代码,通过分析代码我们推测这里就是加密代码;

  • 在此处打上断点,进行翻页调试,发现该段代码最后返回的结果 data.result 的值就是 result

  • 在调试的过程中,我们注意到此处加密的函数为 DES3.decrypt,那这个函数具体执行步骤是什么呢?我们进行回溯分析,并找到下面的代码:

1.3. DES3.decrypt 代码逻辑

  • 通过下段调试,得到解密的 js 代码。
'use strict';
var CryptoJS = CryptoJS || function(e, m) {
  var p = {};
  var j = p.lib = {};
  /**
   * @return {undefined}
   */
  var l = function() {
  };
  var Base = j.Base = {
    extend : function(opts) {
      l.prototype = this;
      var c = new l;
      if (opts) {
        c.mixIn(opts);
      }
      if (!c.hasOwnProperty("init")) {
        /**
         * @return {undefined}
         */
        c.init = function() {
          c.$super.init.apply(this, arguments);
        };
      }
      c.init.prototype = c;
      c.$super = this;
      return c;
    },
    create : function() {
      var instance = this.extend();
      instance.init.apply(instance, arguments);
      return instance;
    },
    init : function() {
    },
    mixIn : function(properties) {
      var property;
      for (property in properties) {
        if (properties.hasOwnProperty(property)) {
          this[property] = properties[property];
        }
      }
      if (properties.hasOwnProperty("toString")) {
        this.toString = properties.toString;
      }
    },
    clone : function() {
      return this.init.prototype.extend(this);
    }
  };
  var n = j.WordArray = Base.extend({
    init : function(a, c) {
      a = this.words = a || [];
      this.sigBytes = c != m ? c : 4 * a.length;
    },
    toString : function(encoder) {
      return (encoder || Hex).stringify(this);
    },
    concat : function(a) {
      var c = this.words;
      var q = a.words;
      var d = this.sigBytes;
      a = a.sigBytes;
      this.clamp();
      if (d % 4) {
        /** @type {number} */
        var b = 0;
        for (; b < a; b++) {
          c[d + b >>> 2] |= (q[b >>> 2] >>> 24 - 8 * (b % 4) & 255) << 24 - 8 * ((d + b) % 4);
        }
      } else {
        if (65535 < q.length) {
          /** @type {number} */
          b = 0;
          for (; b < a; b = b + 4) {
            c[d + b >>> 2] = q[b >>> 2];
          }
        } else {
          c.push.apply(c, q);
        }
      }
      this.sigBytes += a;
      return this;
    },
    clamp : function() {
      var a = this.words;
      var c = this.sigBytes;
      a[c >>> 2] &= 4294967295 << 32 - 8 * (c % 4);
      /** @type {number} */
      a.length = e.ceil(c / 4);
    },
    clone : function() {
      var c = Base.clone.call(this);
      c.words = this.words.slice(0);
      return c;
    },
    random : function(a) {
      /** @type {!Array} */
      var b = [];
      /** @type {number} */
      var d = 0;
      for (; d < a; d = d + 4) {
        b.push(4294967296 * e.random() | 0);
      }
      return new n.init(b, a);
    }
  });
  var b = p.enc = {};
  var Hex = b.Hex = {
    stringify : function(a) {
      var c = a.words;
      a = a.sigBytes;
      /** @type {!Array} */
      var outChance = [];
      /** @type {number} */
      var d = 0;
      for (; d < a; d++) {
        /** @type {number} */
        var f = c[d >>> 2] >>> 24 - 8 * (d % 4) & 255;
        outChance.push((f >>> 4).toString(16));
        outChance.push((f & 15).toString(16));
      }
      return outChance.join("");
    },
    parse : function(a) {
      var c = a.length;
      /** @type {!Array} */
      var b = [];
      /** @type {number} */
      var d = 0;
      for (; d < c; d = d + 2) {
        b[d >>> 3] |= parseInt(a.substr(d, 2), 16) << 24 - 4 * (d % 8);
      }
      return new n.init(b, c / 2);
    }
  };
  var g = b.Latin1 = {
    stringify : function(a) {
      var c = a.words;
      a = a.sigBytes;
      /** @type {!Array} */
      var outChance = [];
      /** @type {number} */
      var d = 0;
      for (; d < a; d++) {
        outChance.push(String.fromCharCode(c[d >>> 2] >>> 24 - 8 * (d % 4) & 255));
      }
      return outChance.join("");
    },
    parse : function(message) {
      var d = message.length;
      /** @type {!Array} */
      var c = [];
      /** @type {number} */
      var b = 0;
      for (; b < d; b++) {
        c[b >>> 2] |= (message.charCodeAt(b) & 255) << 24 - 8 * (b % 4);
      }
      return new n.init(c, d);
    }
  };
  var f = b.Utf8 = {
    stringify : function(a) {
      try {
        return decodeURIComponent(escape(g.stringify(a)));
      } catch (d) {
        throw Error("Malformed UTF-8 data");
      }
    },
    parse : function(string) {
      return g.parse(unescape(encodeURIComponent(string)));
    }
  };
  var k = j.BufferedBlockAlgorithm = Base.extend({
    reset : function() {
      this._data = new n.init;
      /** @type {number} */
      this._nDataBytes = 0;
    },
    _append : function(a) {
      if ("string" == typeof a) {
        a = f.parse(a);
      }
      this._data.concat(a);
      this._nDataBytes += a.sigBytes;
    },
    _process : function(a) {
      var b = this._data;
      var c = b.words;
      var d = b.sigBytes;
      var f = this.blockSize;
      /** @type {number} */
      var h = d / (4 * f);
      /** @type {number} */
      h = a ? e.ceil(h) : e.max((h | 0) - this._minBufferSize, 0);
      /** @type {number} */
      a = h * f;
      /** @type {number} */
      d = e.min(4 * a, d);
      if (a) {
        /** @type {number} */
        var g = 0;
        for (; g < a; g = g + f) {
          this._doProcessBlock(c, g);
        }
        g = c.splice(0, a);
        b.sigBytes -= d;
      }
      return new n.init(g, d);
    },
    clone : function() {
      var polygon = Base.clone.call(this);
      polygon._data = this._data.clone();
      return polygon;
    },
    _minBufferSize : 0
  });
  j.Hasher = k.extend({
    cfg : Base.extend(),
    init : function(cfg) {
      this.cfg = this.cfg.extend(cfg);
      this.reset();
    },
    reset : function() {
      k.reset.call(this);
      this._doReset();
    },
    update : function(a) {
      this._append(a);
      this._process();
      return this;
    },
    finalize : function(a) {
      if (a) {
        this._append(a);
      }
      return this._doFinalize();
    },
    blockSize : 16,
    _createHelper : function(hasher) {
      return function(b, cfg) {
        return (new hasher.init(cfg)).finalize(b);
      };
    },
    _createHmacHelper : function(a) {
      return function(b, f) {
        return (new s.HMAC.init(a, f)).finalize(b);
      };
    }
  });
  var s = p.algo = {};
  return p;
}(Math);

(function() {
    var b = CryptoJS
      , a = b.lib.WordArray;
    b.enc.Base64 = {
        stringify: function(i) {
            var j = i.words
              , e = i.sigBytes
              , g = this._map;
            i.clamp();
            i = [];
            for (var h = 0; h < e; h += 3) {
                for (var c = (j[h >>> 2] >>> 24 - 8 * (h % 4) & 255) << 16 | (j[h + 1 >>> 2] >>> 24 - 8 * ((h + 1) % 4) & 255) << 8 | j[h + 2 >>> 2] >>> 24 - 8 * ((h + 2) % 4) & 255, f = 0; 4 > f && h + 0.75 * f < e; f++) {
                    i.push(g.charAt(c >>> 6 * (3 - f) & 63))
                }
            }
            if (j = g.charAt(64)) {
                for (; i.length % 4; ) {
                    i.push(j)
                }
            }
            return i.join("")
        },
        parse: function(j) {
            var k = j.length
              , i = this._map
              , g = i.charAt(64);
            g && (g = j.indexOf(g),
            -1 != g && (k = g));
            for (var g = [], h = 0, e = 0; e < k; e++) {
                if (e % 4) {
                    var f = i.indexOf(j.charAt(e - 1)) << 2 * (e % 4)
                      , c = i.indexOf(j.charAt(e)) >>> 6 - 2 * (e % 4);
                    g[h >>> 2] |= (f | c) << 24 - 8 * (h % 4);
                    h++
                }
            }
            return a.create(g, h)
        },
        _map: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="
    }
}
)();

(function(m) {
    function f(l, r, n, s, d, q, p) {
        l = l + (r & n | ~r & s) + d + p;
        return (l << q | l >>> 32 - q) + r
    }
    function g(l, r, n, s, d, q, p) {
        l = l + (r & s | n & ~s) + d + p;
        return (l << q | l >>> 32 - q) + r
    }
    function e(l, r, n, s, d, q, p) {
        l = l + (r ^ n ^ s) + d + p;
        return (l << q | l >>> 32 - q) + r
    }
    function c(l, r, n, s, d, q, p) {
        l = l + (n ^ (r | ~s)) + d + p;
        return (l << q | l >>> 32 - q) + r
    }
    for (var o = CryptoJS, a = o.lib, j = a.WordArray, k = a.Hasher, a = o.algo, h = [], i = 0; 64 > i; i++) {
        h[i] = 4294967296 * m.abs(m.sin(i + 1)) | 0
    }
    a = a.MD5 = k.extend({
        _doReset: function() {
            this._hash = new j.init([1732584193, 4023233417, 2562383102, 271733878])
        },
        _doProcessBlock: function(J, T) {
            for (var V = 0; 16 > V; V++) {
                var U = T + V
                  , N = J[U];
                J[U] = (N << 8 | N >>> 24) & 16711935 | (N << 24 | N >>> 8) & 4278255360
            }
            var V = this._hash.words
              , U = J[T + 0]
              , N = J[T + 1]
              , S = J[T + 2]
              , F = J[T + 3]
              , d = J[T + 4]
              , L = J[T + 5]
              , H = J[T + 6]
              , n = J[T + 7]
              , p = J[T + 8]
              , E = J[T + 9]
              , l = J[T + 10]
              , b = J[T + 11]
              , M = J[T + 12]
              , K = J[T + 13]
              , I = J[T + 14]
              , G = J[T + 15]
              , R = V[0]
              , Q = V[1]
              , P = V[2]
              , O = V[3]
              , R = f(R, Q, P, O, U, 7, h[0])
              , O = f(O, R, Q, P, N, 12, h[1])
              , P = f(P, O, R, Q, S, 17, h[2])
              , Q = f(Q, P, O, R, F, 22, h[3])
              , R = f(R, Q, P, O, d, 7, h[4])
              , O = f(O, R, Q, P, L, 12, h[5])
              , P = f(P, O, R, Q, H, 17, h[6])
              , Q = f(Q, P, O, R, n, 22, h[7])
              , R = f(R, Q, P, O, p, 7, h[8])
              , O = f(O, R, Q, P, E, 12, h[9])
              , P = f(P, O, R, Q, l, 17, h[10])
              , Q = f(Q, P, O, R, b, 22, h[11])
              , R = f(R, Q, P, O, M, 7, h[12])
              , O = f(O, R, Q, P, K, 12, h[13])
              , P = f(P, O, R, Q, I, 17, h[14])
              , Q = f(Q, P, O, R, G, 22, h[15])
              , R = g(R, Q, P, O, N, 5, h[16])
              , O = g(O, R, Q, P, H, 9, h[17])
              , P = g(P, O, R, Q, b, 14, h[18])
              , Q = g(Q, P, O, R, U, 20, h[19])
              , R = g(R, Q, P, O, L, 5, h[20])
              , O = g(O, R, Q, P, l, 9, h[21])
              , P = g(P, O, R, Q, G, 14, h[22])
              , Q = g(Q, P, O, R, d, 20, h[23])
              , R = g(R, Q, P, O, E, 5, h[24])
              , O = g(O, R, Q, P, I, 9, h[25])
              , P = g(P, O, R, Q, F, 14, h[26])
              , Q = g(Q, P, O, R, p, 20, h[27])
              , R = g(R, Q, P, O, K, 5, h[28])
              , O = g(O, R, Q, P, S, 9, h[29])
              , P = g(P, O, R, Q, n, 14, h[30])
              , Q = g(Q, P, O, R, M, 20, h[31])
              , R = e(R, Q, P, O, L, 4, h[32])
              , O = e(O, R, Q, P, p, 11, h[33])
              , P = e(P, O, R, Q, b, 16, h[34])
              , Q = e(Q, P, O, R, I, 23, h[35])
              , R = e(R, Q, P, O, N, 4, h[36])
              , O = e(O, R, Q, P, d, 11, h[37])
              , P = e(P, O, R, Q, n, 16, h[38])
              , Q = e(Q, P, O, R, l, 23, h[39])
              , R = e(R, Q, P, O, K, 4, h[40])
              , O = e(O, R, Q, P, U, 11, h[41])
              , P = e(P, O, R, Q, F, 16, h[42])
              , Q = e(Q, P, O, R, H, 23, h[43])
              , R = e(R, Q, P, O, E, 4, h[44])
              , O = e(O, R, Q, P, M, 11, h[45])
              , P = e(P, O, R, Q, G, 16, h[46])
              , Q = e(Q, P, O, R, S, 23, h[47])
              , R = c(R, Q, P, O, U, 6, h[48])
              , O = c(O, R, Q, P, n, 10, h[49])
              , P = c(P, O, R, Q, I, 15, h[50])
              , Q = c(Q, P, O, R, L, 21, h[51])
              , R = c(R, Q, P, O, M, 6, h[52])
              , O = c(O, R, Q, P, F, 10, h[53])
              , P = c(P, O, R, Q, l, 15, h[54])
              , Q = c(Q, P, O, R, N, 21, h[55])
              , R = c(R, Q, P, O, p, 6, h[56])
              , O = c(O, R, Q, P, G, 10, h[57])
              , P = c(P, O, R, Q, H, 15, h[58])
              , Q = c(Q, P, O, R, K, 21, h[59])
              , R = c(R, Q, P, O, d, 6, h[60])
              , O = c(O, R, Q, P, b, 10, h[61])
              , P = c(P, O, R, Q, S, 15, h[62])
              , Q = c(Q, P, O, R, E, 21, h[63]);
            V[0] = V[0] + R | 0;
            V[1] = V[1] + Q | 0;
            V[2] = V[2] + P | 0;
            V[3] = V[3] + O | 0
        },
        _doFinalize: function() {
            var l = this._data
              , p = l.words
              , n = 8 * this._nDataBytes
              , q = 8 * l.sigBytes;
            p[q >>> 5] |= 128 << 24 - q % 32;
            var d = m.floor(n / 4294967296);
            p[(q + 64 >>> 9 << 4) + 15] = (d << 8 | d >>> 24) & 16711935 | (d << 24 | d >>> 8) & 4278255360;
            p[(q + 64 >>> 9 << 4) + 14] = (n << 8 | n >>> 24) & 16711935 | (n << 24 | n >>> 8) & 4278255360;
            l.sigBytes = 4 * (p.length + 1);
            this._process();
            l = this._hash;
            p = l.words;
            for (n = 0; 4 > n; n++) {
                q = p[n],
                p[n] = (q << 8 | q >>> 24) & 16711935 | (q << 24 | q >>> 8) & 4278255360
            }
            return l
        },
        clone: function() {
            var d = k.clone.call(this);
            d._hash = this._hash.clone();
            return d
        }
    });
    o.MD5 = k._createHelper(a);
    o.HmacMD5 = k._createHmacHelper(a)
}
)(Math);

CryptoJS.lib.Cipher || function(C) {
    var j = CryptoJS
      , m = j.lib
      , i = m.Base
      , h = m.WordArray
      , D = m.BufferedBlockAlgorithm
      , g = j.enc.Base64
      , A = j.algo.EvpKDF
      , B = m.Cipher = D.extend({
        cfg: i.extend(),
        createEncryptor: function(b, c) {
            return this.create(this._ENC_XFORM_MODE, b, c)
        },
        createDecryptor: function(b, c) {
            return this.create(this._DEC_XFORM_MODE, b, c)
        },
        init: function(d, e, c) {
            this.cfg = this.cfg.extend(c);
            this._xformMode = d;
            this._key = e;
            this.reset()
        },
        reset: function() {
            D.reset.call(this);
            this._doReset()
        },
        process: function(b) {
            this._append(b);
            return this._process()
        },
        finalize: function(b) {
            b && this._append(b);
            return this._doFinalize()
        },
        keySize: 4,
        ivSize: 4,
        _ENC_XFORM_MODE: 1,
        _DEC_XFORM_MODE: 2,
        _createHelper: function(a) {
            return {
                encrypt: function(d, c, l) {
                    return ("string" == typeof c ? o : y).encrypt(a, d, c, l)
                },
                decrypt: function(d, c, l) {
                    return ("string" == typeof c ? o : y).decrypt(a, d, c, l)
                }
            }
        }
    });
    m.StreamCipher = B.extend({
        _doFinalize: function() {
            return this._process(!0)
        },
        blockSize: 1
    });
    var t = j.mode = {}
      , z = function(l, n, d) {
        var q = this._iv;
        q ? this._iv = C : q = this._prevBlock;
        for (var p = 0; p < d; p++) {
            l[n + p] ^= q[p]
        }
    }
      , f = (m.BlockCipherMode = i.extend({
        createEncryptor: function(b, c) {
            return this.Encryptor.create(b, c)
        },
        createDecryptor: function(b, c) {
            return this.Decryptor.create(b, c)
        },
        init: function(b, c) {
            this._cipher = b;
            this._iv = c
        }
    })).extend();
    f.Encryptor = f.extend({
        processBlock: function(e, l) {
            var d = this._cipher
              , n = d.blockSize;
            z.call(this, e, l, n);
            d.encryptBlock(e, l);
            this._prevBlock = e.slice(l, l + n)
        }
    });
    f.Decryptor = f.extend({
        processBlock: function(n, l) {
            var r = this._cipher
              , p = r.blockSize
              , q = n.slice(l, l + p);
            r.decryptBlock(n, l);
            z.call(this, n, l, p);
            this._prevBlock = q
        }
    });
    t = t.CBC = f;
    f = (j.pad = {}).Pkcs7 = {
        pad: function(q, n) {
            for (var u = 4 * n, u = u - q.sigBytes % u, r = u << 24 | u << 16 | u << 8 | u, s = [], p = 0; p < u; p += 4) {
                s.push(r)
            }
            u = h.create(s, u);
            q.concat(u)
        },
        unpad: function(b) {
            b.sigBytes -= b.words[b.sigBytes - 1 >>> 2] & 255
        }
    };
    m.BlockCipher = B.extend({
        cfg: B.cfg.extend({
            mode: t,
            padding: f
        }),
        reset: function() {
            B.reset.call(this);
            var e = this.cfg
              , l = e.iv
              , e = e.mode;
            if (this._xformMode == this._ENC_XFORM_MODE) {
                var d = e.createEncryptor
            } else {
                d = e.createDecryptor,
                this._minBufferSize = 1
            }
            this._mode = d.call(e, this, l && l.words)
        },
        _doProcessBlock: function(b, d) {
            this._mode.processBlock(b, d)
        },
        _doFinalize: function() {
            var b = this.cfg.padding;
            if (this._xformMode == this._ENC_XFORM_MODE) {
                b.pad(this._data, this.blockSize);
                var d = this._process(!0)
            } else {
                d = this._process(!0),
                b.unpad(d)
            }
            return d
        },
        blockSize: 4
    });
    var k = m.CipherParams = i.extend({
        init: function(b) {
            this.mixIn(b)
        },
        toString: function(b) {
            return (b || this.formatter).stringify(this)
        }
    })
      , t = (j.format = {}).OpenSSL = {
        stringify: function(b) {
            var d = b.ciphertext;
            b = b.salt;
            return (b ? h.create([1398893684, 1701076831]).concat(b).concat(d) : d).toString(g)
        },
        parse: function(e) {
            e = g.parse(e);
            var l = e.words;
            if (1398893684 == l[0] && 1701076831 == l[1]) {
                var d = h.create(l.slice(2, 4));
                l.splice(0, 4);
                e.sigBytes -= 16
            }
            return k.create({
                ciphertext: e,
                salt: d
            })
        }
    }
      , y = m.SerializableCipher = i.extend({
        cfg: i.extend({
            format: t
        }),
        encrypt: function(p, r, e, q) {
            q = this.cfg.extend(q);
            var n = p.createEncryptor(e, q);
            r = n.finalize(r);
            n = n.cfg;
            return k.create({
                ciphertext: r,
                key: e,
                iv: n.iv,
                algorithm: p,
                mode: n.mode,
                padding: n.padding,
                blockSize: p.blockSize,
                formatter: q.format
            })
        },
        decrypt: function(l, p, d, n) {
            n = this.cfg.extend(n);
            p = this._parse(p, n.format);
            return l.createDecryptor(d, n).finalize(p.ciphertext)
        },
        _parse: function(b, d) {
            return "string" == typeof b ? d.parse(b, this) : b
        }
    })
      , j = (j.kdf = {}).OpenSSL = {
        execute: function(l, p, e, n) {
            n || (n = h.random(8));
            l = A.create({
                keySize: p + e
            }).compute(l, n);
            e = h.create(l.words.slice(p), 4 * e);
            l.sigBytes = 4 * p;
            return k.create({
                key: l,
                iv: e,
                salt: n
            })
        }
    }
      , o = m.PasswordBasedCipher = y.extend({
        cfg: y.cfg.extend({
            kdf: j
        }),
        encrypt: function(p, a, l, n) {
            n = this.cfg.extend(n);
            l = n.kdf.execute(l, p.keySize, p.ivSize);
            n.iv = l.iv;
            p = y.encrypt.call(this, p, a, l.key, n);
            p.mixIn(l);
            return p
        },
        decrypt: function(p, a, l, n) {
            n = this.cfg.extend(n);
            a = this._parse(a, n.format);
            l = n.kdf.execute(l, p.keySize, p.ivSize, a.salt);
            n.iv = l.iv;
            return y.decrypt.call(this, p, a, l.key, n)
        }
    })
}();

(function() {
    function o(d, l) {
        var n = (this._lBlock >>> d ^ this._rBlock) & l;
        this._rBlock ^= n;
        this._lBlock ^= n << d
    }
    function g(d, l) {
        var n = (this._rBlock >>> d ^ this._lBlock) & l;
        this._lBlock ^= n;
        this._rBlock ^= n << d
    }
    var h = CryptoJS
      , f = h.lib
      , e = f.WordArray
      , f = f.BlockCipher
      , t = h.algo
      , c = [57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18, 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36, 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22, 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4]
      , k = [14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10, 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2, 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48, 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32]
      , m = [1, 2, 4, 6, 8, 10, 12, 14, 15, 17, 19, 21, 23, 25, 27, 28]
      , i = [{
        "0": 8421888,
        268435456: 32768,
        536870912: 8421378,
        805306368: 2,
        1073741824: 512,
        1342177280: 8421890,
        1610612736: 8389122,
        1879048192: 8388608,
        2147483648: 514,
        2415919104: 8389120,
        2684354560: 33280,
        2952790016: 8421376,
        3221225472: 32770,
        3489660928: 8388610,
        3758096384: 0,
        4026531840: 33282,
        134217728: 0,
        402653184: 8421890,
        671088640: 33282,
        939524096: 32768,
        1207959552: 8421888,
        1476395008: 512,
        1744830464: 8421378,
        2013265920: 2,
        2281701376: 8389120,
        2550136832: 33280,
        2818572288: 8421376,
        3087007744: 8389122,
        3355443200: 8388610,
        3623878656: 32770,
        3892314112: 514,
        4160749568: 8388608,
        1: 32768,
        268435457: 2,
        536870913: 8421888,
        805306369: 8388608,
        1073741825: 8421378,
        1342177281: 33280,
        1610612737: 512,
        1879048193: 8389122,
        2147483649: 8421890,
        2415919105: 8421376,
        2684354561: 8388610,
        2952790017: 33282,
        3221225473: 514,
        3489660929: 8389120,
        3758096385: 32770,
        4026531841: 0,
        134217729: 8421890,
        402653185: 8421376,
        671088641: 8388608,
        939524097: 512,
        1207959553: 32768,
        1476395009: 8388610,
        1744830465: 2,
        2013265921: 33282,
        2281701377: 32770,
        2550136833: 8389122,
        2818572289: 514,
        3087007745: 8421888,
        3355443201: 8389120,
        3623878657: 0,
        3892314113: 33280,
        4160749569: 8421378
    }, {
        "0": 1074282512,
        16777216: 16384,
        33554432: 524288,
        50331648: 1074266128,
        67108864: 1073741840,
        83886080: 1074282496,
        100663296: 1073758208,
        117440512: 16,
        134217728: 540672,
        150994944: 1073758224,
        167772160: 1073741824,
        184549376: 540688,
        201326592: 524304,
        218103808: 0,
        234881024: 16400,
        251658240: 1074266112,
        8388608: 1073758208,
        25165824: 540688,
        41943040: 16,
        58720256: 1073758224,
        75497472: 1074282512,
        92274688: 1073741824,
        109051904: 524288,
        125829120: 1074266128,
        142606336: 524304,
        159383552: 0,
        176160768: 16384,
        192937984: 1074266112,
        209715200: 1073741840,
        226492416: 540672,
        243269632: 1074282496,
        260046848: 16400,
        268435456: 0,
        285212672: 1074266128,
        301989888: 1073758224,
        318767104: 1074282496,
        335544320: 1074266112,
        352321536: 16,
        369098752: 540688,
        385875968: 16384,
        402653184: 16400,
        419430400: 524288,
        436207616: 524304,
        452984832: 1073741840,
        469762048: 540672,
        486539264: 1073758208,
        503316480: 1073741824,
        520093696: 1074282512,
        276824064: 540688,
        293601280: 524288,
        310378496: 1074266112,
        327155712: 16384,
        343932928: 1073758208,
        360710144: 1074282512,
        377487360: 16,
        394264576: 1073741824,
        411041792: 1074282496,
        427819008: 1073741840,
        444596224: 1073758224,
        461373440: 524304,
        478150656: 0,
        494927872: 16400,
        511705088: 1074266128,
        528482304: 540672
    }, {
        "0": 260,
        1048576: 0,
        2097152: 67109120,
        3145728: 65796,
        4194304: 65540,
        5242880: 67108868,
        6291456: 67174660,
        7340032: 67174400,
        8388608: 67108864,
        9437184: 67174656,
        10485760: 65792,
        11534336: 67174404,
        12582912: 67109124,
        13631488: 65536,
        14680064: 4,
        15728640: 256,
        524288: 67174656,
        1572864: 67174404,
        2621440: 0,
        3670016: 67109120,
        4718592: 67108868,
        5767168: 65536,
        6815744: 65540,
        7864320: 260,
        8912896: 4,
        9961472: 256,
        11010048: 67174400,
        12058624: 65796,
        13107200: 65792,
        14155776: 67109124,
        15204352: 67174660,
        16252928: 67108864,
        16777216: 67174656,
        17825792: 65540,
        18874368: 65536,
        19922944: 67109120,
        20971520: 256,
        22020096: 67174660,
        23068672: 67108868,
        24117248: 0,
        25165824: 67109124,
        26214400: 67108864,
        27262976: 4,
        28311552: 65792,
        29360128: 67174400,
        30408704: 260,
        31457280: 65796,
        32505856: 67174404,
        17301504: 67108864,
        18350080: 260,
        19398656: 67174656,
        20447232: 0,
        21495808: 65540,
        22544384: 67109120,
        23592960: 256,
        24641536: 67174404,
        25690112: 65536,
        26738688: 67174660,
        27787264: 65796,
        28835840: 67108868,
        29884416: 67109124,
        30932992: 67174400,
        31981568: 4,
        33030144: 65792
    }, {
        "0": 2151682048,
        65536: 2147487808,
        131072: 4198464,
        196608: 2151677952,
        262144: 0,
        327680: 4198400,
        393216: 2147483712,
        458752: 4194368,
        524288: 2147483648,
        589824: 4194304,
        655360: 64,
        720896: 2147487744,
        786432: 2151678016,
        851968: 4160,
        917504: 4096,
        983040: 2151682112,
        32768: 2147487808,
        98304: 64,
        163840: 2151678016,
        229376: 2147487744,
        294912: 4198400,
        360448: 2151682112,
        425984: 0,
        491520: 2151677952,
        557056: 4096,
        622592: 2151682048,
        688128: 4194304,
        753664: 4160,
        819200: 2147483648,
        884736: 4194368,
        950272: 4198464,
        1015808: 2147483712,
        1048576: 4194368,
        1114112: 4198400,
        1179648: 2147483712,
        1245184: 0,
        1310720: 4160,
        1376256: 2151678016,
        1441792: 2151682048,
        1507328: 2147487808,
        1572864: 2151682112,
        1638400: 2147483648,
        1703936: 2151677952,
        1769472: 4198464,
        1835008: 2147487744,
        1900544: 4194304,
        1966080: 64,
        2031616: 4096,
        1081344: 2151677952,
        1146880: 2151682112,
        1212416: 0,
        1277952: 4198400,
        1343488: 4194368,
        1409024: 2147483648,
        1474560: 2147487808,
        1540096: 64,
        1605632: 2147483712,
        1671168: 4096,
        1736704: 2147487744,
        1802240: 2151678016,
        1867776: 4160,
        1933312: 2151682048,
        1998848: 4194304,
        2064384: 4198464
    }, {
        "0": 128,
        4096: 17039360,
        8192: 262144,
        12288: 536870912,
        16384: 537133184,
        20480: 16777344,
        24576: 553648256,
        28672: 262272,
        32768: 16777216,
        36864: 537133056,
        40960: 536871040,
        45056: 553910400,
        49152: 553910272,
        53248: 0,
        57344: 17039488,
        61440: 553648128,
        2048: 17039488,
        6144: 553648256,
        10240: 128,
        14336: 17039360,
        18432: 262144,
        22528: 537133184,
        26624: 553910272,
        30720: 536870912,
        34816: 537133056,
        38912: 0,
        43008: 553910400,
        47104: 16777344,
        51200: 536871040,
        55296: 553648128,
        59392: 16777216,
        63488: 262272,
        65536: 262144,
        69632: 128,
        73728: 536870912,
        77824: 553648256,
        81920: 16777344,
        86016: 553910272,
        90112: 537133184,
        94208: 16777216,
        98304: 553910400,
        102400: 553648128,
        106496: 17039360,
        110592: 537133056,
        114688: 262272,
        118784: 536871040,
        122880: 0,
        126976: 17039488,
        67584: 553648256,
        71680: 16777216,
        75776: 17039360,
        79872: 537133184,
        83968: 536870912,
        88064: 17039488,
        92160: 128,
        96256: 553910272,
        100352: 262272,
        104448: 553910400,
        108544: 0,
        112640: 553648128,
        116736: 16777344,
        120832: 262144,
        124928: 537133056,
        129024: 536871040
    }, {
        "0": 268435464,
        256: 8192,
        512: 270532608,
        768: 270540808,
        1024: 268443648,
        1280: 2097152,
        1536: 2097160,
        1792: 268435456,
        2048: 0,
        2304: 268443656,
        2560: 2105344,
        2816: 8,
        3072: 270532616,
        3328: 2105352,
        3584: 8200,
        3840: 270540800,
        128: 270532608,
        384: 270540808,
        640: 8,
        896: 2097152,
        1152: 2105352,
        1408: 268435464,
        1664: 268443648,
        1920: 8200,
        2176: 2097160,
        2432: 8192,
        2688: 268443656,
        2944: 270532616,
        3200: 0,
        3456: 270540800,
        3712: 2105344,
        3968: 268435456,
        4096: 268443648,
        4352: 270532616,
        4608: 270540808,
        4864: 8200,
        5120: 2097152,
        5376: 268435456,
        5632: 268435464,
        5888: 2105344,
        6144: 2105352,
        6400: 0,
        6656: 8,
        6912: 270532608,
        7168: 8192,
        7424: 268443656,
        7680: 270540800,
        7936: 2097160,
        4224: 8,
        4480: 2105344,
        4736: 2097152,
        4992: 268435464,
        5248: 268443648,
        5504: 8200,
        5760: 270540808,
        6016: 270532608,
        6272: 270540800,
        6528: 270532616,
        6784: 8192,
        7040: 2105352,
        7296: 2097160,
        7552: 0,
        7808: 268435456,
        8064: 268443656
    }, {
        "0": 1048576,
        16: 33555457,
        32: 1024,
        48: 1049601,
        64: 34604033,
        80: 0,
        96: 1,
        112: 34603009,
        128: 33555456,
        144: 1048577,
        160: 33554433,
        176: 34604032,
        192: 34603008,
        208: 1025,
        224: 1049600,
        240: 33554432,
        8: 34603009,
        24: 0,
        40: 33555457,
        56: 34604032,
        72: 1048576,
        88: 33554433,
        104: 33554432,
        120: 1025,
        136: 1049601,
        152: 33555456,
        168: 34603008,
        184: 1048577,
        200: 1024,
        216: 34604033,
        232: 1,
        248: 1049600,
        256: 33554432,
        272: 1048576,
        288: 33555457,
        304: 34603009,
        320: 1048577,
        336: 33555456,
        352: 34604032,
        368: 1049601,
        384: 1025,
        400: 34604033,
        416: 1049600,
        432: 1,
        448: 0,
        464: 34603008,
        480: 33554433,
        496: 1024,
        264: 1049600,
        280: 33555457,
        296: 34603009,
        312: 1,
        328: 33554432,
        344: 1048576,
        360: 1025,
        376: 34604032,
        392: 33554433,
        408: 34603008,
        424: 0,
        440: 34604033,
        456: 1049601,
        472: 1024,
        488: 33555456,
        504: 1048577
    }, {
        "0": 134219808,
        1: 131072,
        2: 134217728,
        3: 32,
        4: 131104,
        5: 134350880,
        6: 134350848,
        7: 2048,
        8: 134348800,
        9: 134219776,
        10: 133120,
        11: 134348832,
        12: 2080,
        13: 0,
        14: 134217760,
        15: 133152,
        2147483648: 2048,
        2147483649: 134350880,
        2147483650: 134219808,
        2147483651: 134217728,
        2147483652: 134348800,
        2147483653: 133120,
        2147483654: 133152,
        2147483655: 32,
        2147483656: 134217760,
        2147483657: 2080,
        2147483658: 131104,
        2147483659: 134350848,
        2147483660: 0,
        2147483661: 134348832,
        2147483662: 134219776,
        2147483663: 131072,
        16: 133152,
        17: 134350848,
        18: 32,
        19: 2048,
        20: 134219776,
        21: 134217760,
        22: 134348832,
        23: 131072,
        24: 0,
        25: 131104,
        26: 134348800,
        27: 134219808,
        28: 134350880,
        29: 133120,
        30: 2080,
        31: 134217728,
        2147483664: 131072,
        2147483665: 2048,
        2147483666: 134348832,
        2147483667: 133152,
        2147483668: 32,
        2147483669: 134348800,
        2147483670: 134217728,
        2147483671: 134219808,
        2147483672: 134350880,
        2147483673: 134217760,
        2147483674: 134219776,
        2147483675: 0,
        2147483676: 133120,
        2147483677: 2080,
        2147483678: 131104,
        2147483679: 134350848
    }]
      , j = [4160749569, 528482304, 33030144, 2064384, 129024, 8064, 504, 2147483679]
      , a = t.DES = f.extend({
        _doReset: function() {
            for (var n = this._key.words, q = [], u = 0; 56 > u; u++) {
                var s = c[u] - 1;
                q[u] = n[s >>> 5] >>> 31 - s % 32 & 1
            }
            n = this._subKeys = [];
            for (s = 0; 16 > s; s++) {
                for (var r = n[s] = [], p = m[s], u = 0; 24 > u; u++) {
                    r[u / 6 | 0] |= q[(k[u] - 1 + p) % 28] << 31 - u % 6,
                    r[4 + (u / 6 | 0)] |= q[28 + (k[u + 24] - 1 + p) % 28] << 31 - u % 6
                }
                r[0] = r[0] << 1 | r[0] >>> 31;
                for (u = 1; 7 > u; u++) {
                    r[u] >>>= 4 * (u - 1) + 3
                }
                r[7] = r[7] << 5 | r[7] >>> 27
            }
            q = this._invSubKeys = [];
            for (u = 0; 16 > u; u++) {
                q[u] = n[15 - u]
            }
        },
        encryptBlock: function(d, l) {
            this._doCryptBlock(d, l, this._subKeys)
        },
        decryptBlock: function(d, l) {
            this._doCryptBlock(d, l, this._invSubKeys)
        },
        _doCryptBlock: function(w, z, y) {
            this._lBlock = w[z];
            this._rBlock = w[z + 1];
            o.call(this, 4, 252645135);
            o.call(this, 16, 65535);
            g.call(this, 2, 858993459);
            g.call(this, 8, 16711935);
            o.call(this, 1, 1431655765);
            for (var x = 0; 16 > x; x++) {
                for (var v = y[x], u = this._lBlock, s = this._rBlock, l = 0, b = 0; 8 > b; b++) {
                    l |= i[b][((s ^ v[b]) & j[b]) >>> 0]
                }
                this._lBlock = s;
                this._rBlock = u ^ l
            }
            y = this._lBlock;
            this._lBlock = this._rBlock;
            this._rBlock = y;
            o.call(this, 1, 1431655765);
            g.call(this, 8, 16711935);
            g.call(this, 2, 858993459);
            o.call(this, 16, 65535);
            o.call(this, 4, 252645135);
            w[z] = this._lBlock;
            w[z + 1] = this._rBlock
        },
        keySize: 2,
        ivSize: 2,
        blockSize: 2
    });
    h.DES = f._createHelper(a);
    t = t.TripleDES = f.extend({
        _doReset: function() {
            var d = this._key.words;
            this._des1 = a.createEncryptor(e.create(d.slice(0, 2)));
            this._des2 = a.createEncryptor(e.create(d.slice(2, 4)));
            this._des3 = a.createEncryptor(e.create(d.slice(4, 6)))
        },
        encryptBlock: function(d, l) {
            this._des1.encryptBlock(d, l);
            this._des2.decryptBlock(d, l);
            this._des3.encryptBlock(d, l)
        },
        decryptBlock: function(d, l) {
            this._des3.decryptBlock(d, l);
            this._des2.encryptBlock(d, l);
            this._des1.decryptBlock(d, l)
        },
        keySize: 6,
        ivSize: 2,
        blockSize: 2
    });
    h.TripleDES = f._createHelper(t)
}
)();

function myformatDate(value, format) {
  if (!value) {
    return "";
  }
  /** @type {!Object} */
  var date = value;
  if (typeof value === "string") {
    if (value.indexOf("/Date(") > -1) {
      /** @type {!Date} */
      date = new Date(parseInt(value.replace("/Date(", "").replace(")/", ""), 10));
    } else {
      /** @type {!Date} */
      date = new Date(Date.parse(value.replace(/-/g, "/").replace("T", " ").split(".")[0]));
    }
  } else {
    if (typeof value === "number") {
      /** @type {!Date} */
      date = new Date(value);
    }
  }
  var o = {
    "M+" : date.getMonth() + 1,
    "d+" : date.getDate(),
    "h+" : date.getHours(),
    "m+" : date.getMinutes(),
    "s+" : date.getSeconds(),
    "q+" : Math.floor((date.getMonth() + 3) / 3),
    "S" : date.getMilliseconds()
  };
  format = format || "yyyy-MM-dd";
  if (/(y+)/.test(format)) {
    format = format.replace(RegExp.$1, (date.getFullYear() + "").substr(4 - RegExp.$1.length));
  }
  var str;
  for (str in o) {
    if ((new RegExp("(" + str + ")")).test(format)) {
      format = format.replace(RegExp.$1, RegExp.$1.length == 1 ? o[str] : ("00" + o[str]).substr(("" + o[str]).length));
    }
  }
  return format;
};

var DES3 = {
  iv : function() {
    return myformatDate(new Date, "yyyyMMdd");
  },
  encrypt : function(message, data, text) {
    if (data) {
      return CryptoJS.TripleDES.encrypt(message, CryptoJS.enc.Utf8.parse(data), {
        iv : CryptoJS.enc.Utf8.parse(text || DES3.iv()),
        mode : CryptoJS.mode.CBC,
        padding : CryptoJS.pad.Pkcs7
      }).toString();
    }
    return "";
  },
  decrypt : function(key, ciphertext, options) {
    if (ciphertext) {
      return CryptoJS.enc.Utf8.stringify(CryptoJS.TripleDES.decrypt(key, CryptoJS.enc.Utf8.parse(ciphertext), {
        iv : CryptoJS.enc.Utf8.parse(options || DES3.iv()),
        mode : CryptoJS.mode.CBC,
        padding : CryptoJS.pad.Pkcs7
      })).toString();
    }
    return "";
  }
};
  • 使用 js 调试工具,对 response 数据进行解密,得到下面的结果,破解成功:

2. 破解请求参数

2.1. 分析参数生成逻辑

  • 分析请的参数,发现 Form Data 里的参数

2.2. pageId

pageId: 953feda22cf2bf18b9548aaa05152120

  • 通过分析回溯,找到 pageId 的生成函数为 uuid()

  • 继续查找得到 uuid 函数的生成逻辑如下:

2.3. s21

  • 此参数为输入的查找对象;

2.4. sortFields

  • 不做处理;

2.5. ciphertext

110100 1100111 1000110 1100001 110111 1010001 1111001 110001 1111000 1000100 1010010 1111001 1010001 1000010 1100100 110101 1010101 110100 1010101 1010101 1110011 1111000 1100011 1000011 110010 110000 110010 110001 110000 111000 110000 110011 110100 1110000 1001110 1110101 1010011 1010000 1101101 1111010 101011 1011000 1110010 1001001 110001 110111 1000110 1000101 1001101 110111 1100001 1110011 1000011 1110111 111101 111101

  • 通过分析我们发现这里的数值都是二进制的,查找关键字 strTobinary 或者查找 ciphertext 然后断点调试得到参数生成逻辑,如下图:

2.6. pageNum

  • 页码数;

2.7. queryCondition

  • 分析 [{“key”:”s21”,”value”:”吴*凡”}] key 的值为 s21 表示案件类型为 全文, 如下图:
    value 表示查找对象

2.8. cfg

  • 值为 com.lawyee.judge.dc.parse.dto.SearchDataDsoDTO@queryDoc,不做处理;

2.9. __RequestVerificationToken

  • 通过分析,得到生成逻辑如下:

2.10.参数 js 代码

  • 略。