程序師世界是廣大編程愛好者互助、分享、學習的平台,程序師世界有你更精彩!
首頁
編程語言
C語言|JAVA編程
Python編程
網頁編程
ASP編程|PHP編程
JSP編程
數據庫知識
MYSQL數據庫|SqlServer數據庫
Oracle數據庫|DB2數據庫
您现在的位置: 程式師世界 >> 編程語言 >  >> 更多編程語言 >> Python

Python crawler Eval confusion, advanced practical series of crawler

編輯:Python

List of articles

    • ️ Pre knowledge
    • ️ TV cat Actual combat scene
    • ️ Actual code

️ Pre knowledge

after 10 About Python Font anti crawl series , We have entered a new theme , Common confusion encryption principle and practice .

This blog is from eval Confusion starts , Disassemble for everyone layer by layer JS Confusing related knowledge in reverse .

eval The function can change JS The string is parsed into the source code for execution

Random selection in the search engine can be encrypted JS Code page , Then encrypt the following .

Before encryption

var name = " Eraser ";

After encryption

eval(
(function (p, a, c, k, e, d) {

e = function (c) {

return (
(c < a ? "" : e(parseInt(c / a))) +
((c = c % a) > 35 ? String.fromCharCode(c + 29) : c.toString(36))
);
};
if (!"".replace(/^/, String)) {

while (c--) d[e(c)] = k[c] || e(c);
k = [
function (e) {

return d[e];
},
];
e = function () {

return "\\w+";
};
c = 1;
}
while (c--)
if (k[c]) p = p.replace(new RegExp("\\b" + e(c) + "\\b", "g"), k[c]);
return p;
})('1 0 = " Eraser "', 62, 2, "name|var".split("|"), 0, {
})
);

You can see that the encrypted code becomes more complex , And the readability becomes weak .

stay JS in ,eval The function itself is a JS Code executor , It can convert the incoming string into JS Syntax is parsed and executed .

Decrypt eval The method of function is relatively simple , Find the tools directly .

The most common scenario for this form of code is Baidu's statistical code , You can look for specific cases .

The site we want to collect this time is TV cat , The target address is :https://www.tvmao.com/program/BTV1.

After clicking more on this page , Program list data will be loaded , The interface and parameters obtained are as follows .

  • Request URL : https://www.tvmao.com/api/pg?p= Encrypted string
  • Request form :GET

By viewing more , We can grab the data request location .

️ TV cat Actual combat scene

Accompanying breakpoints , We enter JS Reverse link , The first code obtained is as follows .

$(".more-epg").click(function () {

var b = "src";
var a = A.d("a", b);
ajaxVerify(
"/api/pg",
"GET",
{

p: a,
},
function (c, d) {

$("#noon").after(d[1]);
$(".more-epg").remove();
}
);
});

The core of the code is A.d("a", b) , The function d() It may be an encryption link .

Next is the main content , We did not find the location of the encryption function JS file , The JS Code snippets are temporary , Or anonymous .

But the keyword _keyStr Can be directly retrieved , Search the whole picture , Get the following .

Along base.js Climb over , Find the following , Find out eval function , The point of confusion appears .

️ Actual code

be-all eval Function wrapped code , You can use console.log Print .

You can see the code differences before and after the confusion , After parsing, it happens to be our objective function .

You can also search for anti aliasing tools , Direct inquiry is enough , Anti confusion , Pay attention to carrying eval() function , The content can be tested many times by yourself .

When we get the original function , The basic representation encryption logic has been solved .

Finally, I'd like to add

When you find out 【 anonymous 】 Function time , Probably this paragraph JS Is an encrypted string .


You are reading 【 Dream eraser 】 The blog of
Finished reading , You can praise it with a little hand
Find the error , Correct it in the direct comment area
The second part of the eraser 683 Original blog


  1. 上一篇文章:
  2. 下一篇文章:
Copyright © 程式師世界 All Rights Reserved