Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

关于match/v2加密 #9

Open
xmexg opened this issue Oct 11, 2024 · 122 comments
Open

关于match/v2加密 #9

xmexg opened this issue Oct 11, 2024 · 122 comments

Comments

@xmexg
Copy link
Owner

xmexg commented Oct 11, 2024
edited
Loading

#7
下面这个脚本意外能解开最新的加密

 frida -U -n 小猿口算 -l .\anay_webview.js

image

首先复制下密文,得到

W251bGwseyJyZXN1bHQiOiJleUp3YTBsa1UzUnlJam9pTmpBNU5ETTRNVEkzTXpRMU16azNPREUzSWl3aWIzUm9aWEpWYzJWeUlqcDdJblZ6WlhKSlpDSTZNVEExXG5OakEwTkRJM01pd2lkWE5sY2s1aGJXVWlPaUxuakwvbHJwMDBOREkzTWlJc0ltRjJZWFJoY2xWeWJDSTZJbWgwZEhCek9pOHZiR1Z2XG5MVzl1YkdsdVpTNW1ZbU52Ym5SbGJuUXVZMjR2YkdWdkxXZGhiR3hsY25rdk1UWmhPV1prTURsaU1XUTRPVEpoTG5CdVp5SXNJblZ6XG5aWEpRWlc1a1lXNTBWWEpzSWpwdWRXeHNmU3dpYjNSb1pYSlhhVzVEYjNWdWRDSTZNQ3dpYzJWc1psZHBia052ZFc1MElqb3hNeXdpXG5kR0Z5WjJWMFEyOXpkRlJwYldVaU9qVXdNREF3TENKbGVHRnRWazhpT25zaWNHdEpaRk4wY2lJNklqWXdPVFF6T0RFeU56TTBOVE01XG5Oemd4TnlJc0luQnZhVzUwU1dRaU9qSXNJbkJ2YVc1MFRtRnRaU0k2SWpJdzVMdWw1WWFGNXBXdzU1cUU1cStVNWFTbjViQ1BJaXdpXG5jblZzWlZSNWNHVWlPakFzSW5GMVpYTjBhVzl1UTI1MElqb3hNQ3dpWTI5eWNtVmpkRU51ZENJNk1Dd2lZMjl6ZEZScGJXVWlPakFzXG5JbkYxWlhOMGFXOXVjeUk2VzNzaWFXUWlPakFzSW1WNFlXMUpaQ0k2TmpBNU5ETTRNVEkzTXpRMU16azNPREUzTENKamIyNTBaVzUwXG5Jam9pTVRWY1hHTnBjbU5zWlRFNUlpd2lZVzV6ZDJWeUlqb2lQQ0lzSW5WelpYSkJibk4zWlhJaU9tNTFiR3dzSW1GdWMzZGxjbk1pXG5PbHNpUENKZExDSnpkR0YwZFhNaU9qQXNJbk5qY21sd2RDSTZiblZzYkN3aWQzSnZibWRUWTNKcGNIUWlPbTUxYkd3c0luSjFiR1ZVXG5lWEJsSWpvaVEwOU5VRUZTUlNKOUxIc2lhV1FpT2pFc0ltVjRZVzFKWkNJNk5qQTVORE00TVRJM016UTFNemszT0RFM0xDSmpiMjUwXG5aVzUwSWpvaU1UQmNYR05wY21Oc1pUY2lMQ0poYm5OM1pYSWlPaUkrSWl3aWRYTmxja0Z1YzNkbGNpSTZiblZzYkN3aVlXNXpkMlZ5XG5jeUk2V3lJK0lsMHNJbk4wWVhSMWN5STZNQ3dpYzJOeWFYQjBJanB1ZFd4c0xDSjNjbTl1WjFOamNtbHdkQ0k2Ym5Wc2JDd2ljblZzXG5aVlI1Y0dVaU9pSkRUMDFRUVZKRkluMHNleUpwWkNJNk1pd2laWGhoYlVsa0lqbzJNRGswTXpneE1qY3pORFV6T1RjNE1UY3NJbU52XG5iblJsYm5RaU9pSTRYRnhqYVhKamJHVXhPQ0lzSW1GdWMzZGxjaUk2SWp3aUxDSjFjMlZ5UVc1emQyVnlJanB1ZFd4c0xDSmhibk4zXG5aWEp6SWpwYklqd2lYU3dpYzNSaGRIVnpJam93TENKelkzSnBjSFFpT201MWJHd3NJbmR5YjI1blUyTnlhWEIwSWpwdWRXeHNMQ0p5XG5kV3hsVkhsd1pTSTZJa05QVFZCQlVrVWlmU3g3SW1sa0lqb3pMQ0psZUdGdFNXUWlPall3T1RRek9ERXlOek0wTlRNNU56Z3hOeXdpXG5ZMjl1ZEdWdWRDSTZJalZjWEdOcGNtTnNaVEV6SWl3aVlXNXpkMlZ5SWpvaVBDSXNJblZ6WlhKQmJuTjNaWElpT201MWJHd3NJbUZ1XG5jM2RsY25NaU9sc2lQQ0pkTENKemRHRjBkWE1pT2pBc0luTmpjbWx3ZENJNmJuVnNiQ3dpZDNKdmJtZFRZM0pwY0hRaU9tNTFiR3dzXG5JbkoxYkdWVWVYQmxJam9pUTA5TlVFRlNSU0o5TEhzaWFXUWlPalFzSW1WNFlXMUpaQ0k2TmpBNU5ETTRNVEkzTXpRMU16azNPREUzXG5MQ0pqYjI1MFpXNTBJam9pTVRWY1hHTnBjbU5zWlRnaUxDSmhibk4zWlhJaU9pSStJaXdpZFhObGNrRnVjM2RsY2lJNmJuVnNiQ3dpXG5ZVzV6ZDJWeWN5STZXeUkrSWwwc0luTjBZWFIxY3lJNk1Dd2ljMk55YVhCMElqcHVkV3hzTENKM2NtOXVaMU5qY21sd2RDSTZiblZzXG5iQ3dpY25Wc1pWUjVjR1VpT2lKRFQwMVFRVkpGSW4wc2V5SnBaQ0k2TlN3aVpYaGhiVWxrSWpvMk1EazBNemd4TWpjek5EVXpPVGM0XG5NVGNzSW1OdmJuUmxiblFpT2lJeE1WeGNZMmx5WTJ4bE5pSXNJbUZ1YzNkbGNpSTZJajRpTENKMWMyVnlRVzV6ZDJWeUlqcHVkV3hzXG5MQ0poYm5OM1pYSnpJanBiSWo0aVhTd2ljM1JoZEhWeklqb3dMQ0p6WTNKcGNIUWlPbTUxYkd3c0luZHliMjVuVTJOeWFYQjBJanB1XG5kV3hzTENKeWRXeGxWSGx3WlNJNklrTlBUVkJCVWtVaWZTeDdJbWxrSWpvMkxDSmxlR0Z0U1dRaU9qWXdPVFF6T0RFeU56TTBOVE01XG5Oemd4Tnl3aVkyOXVkR1Z1ZENJNklqRTFYRnhqYVhKamJHVTJJaXdpWVc1emQyVnlJam9pUGlJc0luVnpaWEpCYm5OM1pYSWlPbTUxXG5iR3dzSW1GdWMzZGxjbk1pT2xzaVBpSmRMQ0p6ZEdGMGRYTWlPakFzSW5OamNtbHdkQ0k2Ym5Wc2JDd2lkM0p2Ym1kVFkzSnBjSFFpXG5PbTUxYkd3c0luSjFiR1ZVZVhCbElqb2lRMDlOVUVGU1JTSjlMSHNpYVdRaU9qY3NJbVY0WVcxSlpDSTZOakE1TkRNNE1USTNNelExXG5NemszT0RFM0xDSmpiMjUwWlc1MElqb2lOMXhjWTJseVkyeGxNVEVpTENKaGJuTjNaWElpT2lJOElpd2lkWE5sY2tGdWMzZGxjaUk2XG5iblZzYkN3aVlXNXpkMlZ5Y3lJNld5SThJbDBzSW5OMFlYUjFjeUk2TUN3aWMyTnlhWEIwSWpwdWRXeHNMQ0ozY205dVoxTmpjbWx3XG5kQ0k2Ym5Wc2JDd2ljblZzWlZSNWNHVWlPaUpEVDAxUVFWSkZJbjBzZXlKcFpDSTZPQ3dpWlhoaGJVbGtJam8yTURrME16Z3hNamN6XG5ORFV6T1RjNE1UY3NJbU52Ym5SbGJuUWlPaUl4TUZ4Y1kybHlZMnhsTVRraUxDSmhibk4zWlhJaU9pSThJaXdpZFhObGNrRnVjM2RsXG5jaUk2Ym5Wc2JDd2lZVzV6ZDJWeWN5STZXeUk4SWwwc0luTjBZWFIxY3lJNk1Dd2ljMk55YVhCMElqcHVkV3hzTENKM2NtOXVaMU5qXG5jbWx3ZENJNmJuVnNiQ3dpY25Wc1pWUjVjR1VpT2lKRFQwMVFRVkpGSW4wc2V5SnBaQ0k2T1N3aVpYaGhiVWxrSWpvMk1EazBNemd4XG5NamN6TkRVek9UYzRNVGNzSW1OdmJuUmxiblFpT2lJNFhGeGphWEpqYkdVeE5TSXNJbUZ1YzNkbGNpSTZJandpTENKMWMyVnlRVzV6XG5kMlZ5SWpwdWRXeHNMQ0poYm5OM1pYSnpJanBiSWp3aVhTd2ljM1JoZEhWeklqb3dMQ0p6WTNKcGNIUWlPbTUxYkd3c0luZHliMjVuXG5VMk55YVhCMElqcHVkV3hzTENKeWRXeGxWSGx3WlNJNklrTlBUVkJCVWtVaWZWMHNJblZ3WkdGMFpXUlVhVzFsSWpvd2ZYMFx1MDAzZFxuIn1d

解base64得到

[null,{"result":"eyJwa0lkU3RyIjoiNjA5NDM4MTI3MzQ1Mzk3ODE3Iiwib3RoZXJVc2VyIjp7InVzZXJJZCI6MTA1\nNjA0NDI3MiwidXNlck5hbWUiOiLnjL/lrp00NDI3MiIsImF2YXRhclVybCI6Imh0dHBzOi8vbGVv\nLW9ubGluZS5mYmNvbnRlbnQuY24vbGVvLWdhbGxlcnkvMTZhOWZkMDliMWQ4OTJhLnBuZyIsInVz\nZXJQZW5kYW50VXJsIjpudWxsfSwib3RoZXJXaW5Db3VudCI6MCwic2VsZldpbkNvdW50IjoxMywi\ndGFyZ2V0Q29zdFRpbWUiOjUwMDAwLCJleGFtVk8iOnsicGtJZFN0ciI6IjYwOTQzODEyNzM0NTM5\nNzgxNyIsInBvaW50SWQiOjIsInBvaW50TmFtZSI6IjIw5Lul5YaF5pWw55qE5q+U5aSn5bCPIiwi\ncnVsZVR5cGUiOjAsInF1ZXN0aW9uQ250IjoxMCwiY29ycmVjdENudCI6MCwiY29zdFRpbWUiOjAs\nInF1ZXN0aW9ucyI6W3siaWQiOjAsImV4YW1JZCI6NjA5NDM4MTI3MzQ1Mzk3ODE3LCJjb250ZW50\nIjoiMTVcXGNpcmNsZTE5IiwiYW5zd2VyIjoiPCIsInVzZXJBbnN3ZXIiOm51bGwsImFuc3dlcnMi\nOlsiPCJdLCJzdGF0dXMiOjAsInNjcmlwdCI6bnVsbCwid3JvbmdTY3JpcHQiOm51bGwsInJ1bGVU\neXBlIjoiQ09NUEFSRSJ9LHsiaWQiOjEsImV4YW1JZCI6NjA5NDM4MTI3MzQ1Mzk3ODE3LCJjb250\nZW50IjoiMTBcXGNpcmNsZTciLCJhbnN3ZXIiOiI+IiwidXNlckFuc3dlciI6bnVsbCwiYW5zd2Vy\ncyI6WyI+Il0sInN0YXR1cyI6MCwic2NyaXB0IjpudWxsLCJ3cm9uZ1NjcmlwdCI6bnVsbCwicnVs\nZVR5cGUiOiJDT01QQVJFIn0seyJpZCI6MiwiZXhhbUlkIjo2MDk0MzgxMjczNDUzOTc4MTcsImNv\nbnRlbnQiOiI4XFxjaXJjbGUxOCIsImFuc3dlciI6IjwiLCJ1c2VyQW5zd2VyIjpudWxsLCJhbnN3\nZXJzIjpbIjwiXSwic3RhdHVzIjowLCJzY3JpcHQiOm51bGwsIndyb25nU2NyaXB0IjpudWxsLCJy\ndWxlVHlwZSI6IkNPTVBBUkUifSx7ImlkIjozLCJleGFtSWQiOjYwOTQzODEyNzM0NTM5NzgxNywi\nY29udGVudCI6IjVcXGNpcmNsZTEzIiwiYW5zd2VyIjoiPCIsInVzZXJBbnN3ZXIiOm51bGwsImFu\nc3dlcnMiOlsiPCJdLCJzdGF0dXMiOjAsInNjcmlwdCI6bnVsbCwid3JvbmdTY3JpcHQiOm51bGws\nInJ1bGVUeXBlIjoiQ09NUEFSRSJ9LHsiaWQiOjQsImV4YW1JZCI6NjA5NDM4MTI3MzQ1Mzk3ODE3\nLCJjb250ZW50IjoiMTVcXGNpcmNsZTgiLCJhbnN3ZXIiOiI+IiwidXNlckFuc3dlciI6bnVsbCwi\nYW5zd2VycyI6WyI+Il0sInN0YXR1cyI6MCwic2NyaXB0IjpudWxsLCJ3cm9uZ1NjcmlwdCI6bnVs\nbCwicnVsZVR5cGUiOiJDT01QQVJFIn0seyJpZCI6NSwiZXhhbUlkIjo2MDk0MzgxMjczNDUzOTc4\nMTcsImNvbnRlbnQiOiIxMVxcY2lyY2xlNiIsImFuc3dlciI6Ij4iLCJ1c2VyQW5zd2VyIjpudWxs\nLCJhbnN3ZXJzIjpbIj4iXSwic3RhdHVzIjowLCJzY3JpcHQiOm51bGwsIndyb25nU2NyaXB0Ijpu\ndWxsLCJydWxlVHlwZSI6IkNPTVBBUkUifSx7ImlkIjo2LCJleGFtSWQiOjYwOTQzODEyNzM0NTM5\nNzgxNywiY29udGVudCI6IjE1XFxjaXJjbGU2IiwiYW5zd2VyIjoiPiIsInVzZXJBbnN3ZXIiOm51\nbGwsImFuc3dlcnMiOlsiPiJdLCJzdGF0dXMiOjAsInNjcmlwdCI6bnVsbCwid3JvbmdTY3JpcHQi\nOm51bGwsInJ1bGVUeXBlIjoiQ09NUEFSRSJ9LHsiaWQiOjcsImV4YW1JZCI6NjA5NDM4MTI3MzQ1\nMzk3ODE3LCJjb250ZW50IjoiN1xcY2lyY2xlMTEiLCJhbnN3ZXIiOiI8IiwidXNlckFuc3dlciI6\nbnVsbCwiYW5zd2VycyI6WyI8Il0sInN0YXR1cyI6MCwic2NyaXB0IjpudWxsLCJ3cm9uZ1Njcmlw\ndCI6bnVsbCwicnVsZVR5cGUiOiJDT01QQVJFIn0seyJpZCI6OCwiZXhhbUlkIjo2MDk0MzgxMjcz\nNDUzOTc4MTcsImNvbnRlbnQiOiIxMFxcY2lyY2xlMTkiLCJhbnN3ZXIiOiI8IiwidXNlckFuc3dl\nciI6bnVsbCwiYW5zd2VycyI6WyI8Il0sInN0YXR1cyI6MCwic2NyaXB0IjpudWxsLCJ3cm9uZ1Nj\ncmlwdCI6bnVsbCwicnVsZVR5cGUiOiJDT01QQVJFIn0seyJpZCI6OSwiZXhhbUlkIjo2MDk0Mzgx\nMjczNDUzOTc4MTcsImNvbnRlbnQiOiI4XFxjaXJjbGUxNSIsImFuc3dlciI6IjwiLCJ1c2VyQW5z\nd2VyIjpudWxsLCJhbnN3ZXJzIjpbIjwiXSwic3RhdHVzIjowLCJzY3JpcHQiOm51bGwsIndyb25n\nU2NyaXB0IjpudWxsLCJydWxlVHlwZSI6IkNPTVBBUkUifV0sInVwZGF0ZWRUaW1lIjowfX0\u003d\n"}]

删掉所有\n

eyJwa0lkU3RyIjoiNjA5NDM4MTI3MzQ1Mzk3ODE3Iiwib3RoZXJVc2VyIjp7InVzZXJJZCI6MTA1NjA0NDI3MiwidXNlck5hbWUiOiLnjL/lrp00NDI3MiIsImF2YXRhclVybCI6Imh0dHBzOi8vbGVvLW9ubGluZS5mYmNvbnRlbnQuY24vbGVvLWdhbGxlcnkvMTZhOWZkMDliMWQ4OTJhLnBuZyIsInVzZXJQZW5kYW50VXJsIjpudWxsfSwib3RoZXJXaW5Db3VudCI6MCwic2VsZldpbkNvdW50IjoxMywidGFyZ2V0Q29zdFRpbWUiOjUwMDAwLCJleGFtVk8iOnsicGtJZFN0ciI6IjYwOTQzODEyNzM0NTM5NzgxNyIsInBvaW50SWQiOjIsInBvaW50TmFtZSI6IjIw5Lul5YaF5pWw55qE5q+U5aSn5bCPIiwicnVsZVR5cGUiOjAsInF1ZXN0aW9uQ250IjoxMCwiY29ycmVjdENudCI6MCwiY29zdFRpbWUiOjAsInF1ZXN0aW9ucyI6W3siaWQiOjAsImV4YW1JZCI6NjA5NDM4MTI3MzQ1Mzk3ODE3LCJjb250ZW50IjoiMTVcXGNpcmNsZTE5IiwiYW5zd2VyIjoiPCIsInVzZXJBbnN3ZXIiOm51bGwsImFuc3dlcnMiOlsiPCJdLCJzdGF0dXMiOjAsInNjcmlwdCI6bnVsbCwid3JvbmdTY3JpcHQiOm51bGwsInJ1bGVUeXBlIjoiQ09NUEFSRSJ9LHsiaWQiOjEsImV4YW1JZCI6NjA5NDM4MTI3MzQ1Mzk3ODE3LCJjb250ZW50IjoiMTBcXGNpcmNsZTciLCJhbnN3ZXIiOiI+IiwidXNlckFuc3dlciI6bnVsbCwiYW5zd2VycyI6WyI+Il0sInN0YXR1cyI6MCwic2NyaXB0IjpudWxsLCJ3cm9uZ1NjcmlwdCI6bnVsbCwicnVsZVR5cGUiOiJDT01QQVJFIn0seyJpZCI6MiwiZXhhbUlkIjo2MDk0MzgxMjczNDUzOTc4MTcsImNvbnRlbnQiOiI4XFxjaXJjbGUxOCIsImFuc3dlciI6IjwiLCJ1c2VyQW5zd2VyIjpudWxsLCJhbnN3ZXJzIjpbIjwiXSwic3RhdHVzIjowLCJzY3JpcHQiOm51bGwsIndyb25nU2NyaXB0IjpudWxsLCJydWxlVHlwZSI6IkNPTVBBUkUifSx7ImlkIjozLCJleGFtSWQiOjYwOTQzODEyNzM0NTM5NzgxNywiY29udGVudCI6IjVcXGNpcmNsZTEzIiwiYW5zd2VyIjoiPCIsInVzZXJBbnN3ZXIiOm51bGwsImFuc3dlcnMiOlsiPCJdLCJzdGF0dXMiOjAsInNjcmlwdCI6bnVsbCwid3JvbmdTY3JpcHQiOm51bGwsInJ1bGVUeXBlIjoiQ09NUEFSRSJ9LHsiaWQiOjQsImV4YW1JZCI6NjA5NDM4MTI3MzQ1Mzk3ODE3LCJjb250ZW50IjoiMTVcXGNpcmNsZTgiLCJhbnN3ZXIiOiI+IiwidXNlckFuc3dlciI6bnVsbCwiYW5zd2VycyI6WyI+Il0sInN0YXR1cyI6MCwic2NyaXB0IjpudWxsLCJ3cm9uZ1NjcmlwdCI6bnVsbCwicnVsZVR5cGUiOiJDT01QQVJFIn0seyJpZCI6NSwiZXhhbUlkIjo2MDk0MzgxMjczNDUzOTc4MTcsImNvbnRlbnQiOiIxMVxcY2lyY2xlNiIsImFuc3dlciI6Ij4iLCJ1c2VyQW5zd2VyIjpudWxsLCJhbnN3ZXJzIjpbIj4iXSwic3RhdHVzIjowLCJzY3JpcHQiOm51bGwsIndyb25nU2NyaXB0IjpudWxsLCJydWxlVHlwZSI6IkNPTVBBUkUifSx7ImlkIjo2LCJleGFtSWQiOjYwOTQzODEyNzM0NTM5NzgxNywiY29udGVudCI6IjE1XFxjaXJjbGU2IiwiYW5zd2VyIjoiPiIsInVzZXJBbnN3ZXIiOm51bGwsImFuc3dlcnMiOlsiPiJdLCJzdGF0dXMiOjAsInNjcmlwdCI6bnVsbCwid3JvbmdTY3JpcHQiOm51bGwsInJ1bGVUeXBlIjoiQ09NUEFSRSJ9LHsiaWQiOjcsImV4YW1JZCI6NjA5NDM4MTI3MzQ1Mzk3ODE3LCJjb250ZW50IjoiN1xcY2lyY2xlMTEiLCJhbnN3ZXIiOiI8IiwidXNlckFuc3dlciI6bnVsbCwiYW5zd2VycyI6WyI8Il0sInN0YXR1cyI6MCwic2NyaXB0IjpudWxsLCJ3cm9uZ1NjcmlwdCI6bnVsbCwicnVsZVR5cGUiOiJDT01QQVJFIn0seyJpZCI6OCwiZXhhbUlkIjo2MDk0MzgxMjczNDUzOTc4MTcsImNvbnRlbnQiOiIxMFxcY2lyY2xlMTkiLCJhbnN3ZXIiOiI8IiwidXNlckFuc3dlciI6bnVsbCwiYW5zd2VycyI6WyI8Il0sInN0YXR1cyI6MCwic2NyaXB0IjpudWxsLCJ3cm9uZ1NjcmlwdCI6bnVsbCwicnVsZVR5cGUiOiJDT01QQVJFIn0seyJpZCI6OSwiZXhhbUlkIjo2MDk0MzgxMjczNDUzOTc4MTcsImNvbnRlbnQiOiI4XFxjaXJjbGUxNSIsImFuc3dlciI6IjwiLCJ1c2VyQW5zd2VyIjpudWxsLCJhbnN3ZXJzIjpbIjwiXSwic3RhdHVzIjowLCJzY3JpcHQiOm51bGwsIndyb25nU2NyaXB0IjpudWxsLCJydWxlVHlwZSI6IkNPTVBBUkUifV0sInVwZGF0ZWRUaW1lIjowfX0\u003d

解unicode

eyJwa0lkU3RyIjoiNjA5NDM4MTI3MzQ1Mzk3ODE3Iiwib3RoZXJVc2VyIjp7InVzZXJJZCI6MTA1NjA0NDI3MiwidXNlck5hbWUiOiLnjL/lrp00NDI3MiIsImF2YXRhclVybCI6Imh0dHBzOi8vbGVvLW9ubGluZS5mYmNvbnRlbnQuY24vbGVvLWdhbGxlcnkvMTZhOWZkMDliMWQ4OTJhLnBuZyIsInVzZXJQZW5kYW50VXJsIjpudWxsfSwib3RoZXJXaW5Db3VudCI6MCwic2VsZldpbkNvdW50IjoxMywidGFyZ2V0Q29zdFRpbWUiOjUwMDAwLCJleGFtVk8iOnsicGtJZFN0ciI6IjYwOTQzODEyNzM0NTM5NzgxNyIsInBvaW50SWQiOjIsInBvaW50TmFtZSI6IjIw5Lul5YaF5pWw55qE5q+U5aSn5bCPIiwicnVsZVR5cGUiOjAsInF1ZXN0aW9uQ250IjoxMCwiY29ycmVjdENudCI6MCwiY29zdFRpbWUiOjAsInF1ZXN0aW9ucyI6W3siaWQiOjAsImV4YW1JZCI6NjA5NDM4MTI3MzQ1Mzk3ODE3LCJjb250ZW50IjoiMTVcXGNpcmNsZTE5IiwiYW5zd2VyIjoiPCIsInVzZXJBbnN3ZXIiOm51bGwsImFuc3dlcnMiOlsiPCJdLCJzdGF0dXMiOjAsInNjcmlwdCI6bnVsbCwid3JvbmdTY3JpcHQiOm51bGwsInJ1bGVUeXBlIjoiQ09NUEFSRSJ9LHsiaWQiOjEsImV4YW1JZCI6NjA5NDM4MTI3MzQ1Mzk3ODE3LCJjb250ZW50IjoiMTBcXGNpcmNsZTciLCJhbnN3ZXIiOiI+IiwidXNlckFuc3dlciI6bnVsbCwiYW5zd2VycyI6WyI+Il0sInN0YXR1cyI6MCwic2NyaXB0IjpudWxsLCJ3cm9uZ1NjcmlwdCI6bnVsbCwicnVsZVR5cGUiOiJDT01QQVJFIn0seyJpZCI6MiwiZXhhbUlkIjo2MDk0MzgxMjczNDUzOTc4MTcsImNvbnRlbnQiOiI4XFxjaXJjbGUxOCIsImFuc3dlciI6IjwiLCJ1c2VyQW5zd2VyIjpudWxsLCJhbnN3ZXJzIjpbIjwiXSwic3RhdHVzIjowLCJzY3JpcHQiOm51bGwsIndyb25nU2NyaXB0IjpudWxsLCJydWxlVHlwZSI6IkNPTVBBUkUifSx7ImlkIjozLCJleGFtSWQiOjYwOTQzODEyNzM0NTM5NzgxNywiY29udGVudCI6IjVcXGNpcmNsZTEzIiwiYW5zd2VyIjoiPCIsInVzZXJBbnN3ZXIiOm51bGwsImFuc3dlcnMiOlsiPCJdLCJzdGF0dXMiOjAsInNjcmlwdCI6bnVsbCwid3JvbmdTY3JpcHQiOm51bGwsInJ1bGVUeXBlIjoiQ09NUEFSRSJ9LHsiaWQiOjQsImV4YW1JZCI6NjA5NDM4MTI3MzQ1Mzk3ODE3LCJjb250ZW50IjoiMTVcXGNpcmNsZTgiLCJhbnN3ZXIiOiI+IiwidXNlckFuc3dlciI6bnVsbCwiYW5zd2VycyI6WyI+Il0sInN0YXR1cyI6MCwic2NyaXB0IjpudWxsLCJ3cm9uZ1NjcmlwdCI6bnVsbCwicnVsZVR5cGUiOiJDT01QQVJFIn0seyJpZCI6NSwiZXhhbUlkIjo2MDk0MzgxMjczNDUzOTc4MTcsImNvbnRlbnQiOiIxMVxcY2lyY2xlNiIsImFuc3dlciI6Ij4iLCJ1c2VyQW5zd2VyIjpudWxsLCJhbnN3ZXJzIjpbIj4iXSwic3RhdHVzIjowLCJzY3JpcHQiOm51bGwsIndyb25nU2NyaXB0IjpudWxsLCJydWxlVHlwZSI6IkNPTVBBUkUifSx7ImlkIjo2LCJleGFtSWQiOjYwOTQzODEyNzM0NTM5NzgxNywiY29udGVudCI6IjE1XFxjaXJjbGU2IiwiYW5zd2VyIjoiPiIsInVzZXJBbnN3ZXIiOm51bGwsImFuc3dlcnMiOlsiPiJdLCJzdGF0dXMiOjAsInNjcmlwdCI6bnVsbCwid3JvbmdTY3JpcHQiOm51bGwsInJ1bGVUeXBlIjoiQ09NUEFSRSJ9LHsiaWQiOjcsImV4YW1JZCI6NjA5NDM4MTI3MzQ1Mzk3ODE3LCJjb250ZW50IjoiN1xcY2lyY2xlMTEiLCJhbnN3ZXIiOiI8IiwidXNlckFuc3dlciI6bnVsbCwiYW5zd2VycyI6WyI8Il0sInN0YXR1cyI6MCwic2NyaXB0IjpudWxsLCJ3cm9uZ1NjcmlwdCI6bnVsbCwicnVsZVR5cGUiOiJDT01QQVJFIn0seyJpZCI6OCwiZXhhbUlkIjo2MDk0MzgxMjczNDUzOTc4MTcsImNvbnRlbnQiOiIxMFxcY2lyY2xlMTkiLCJhbnN3ZXIiOiI8IiwidXNlckFuc3dlciI6bnVsbCwiYW5zd2VycyI6WyI8Il0sInN0YXR1cyI6MCwic2NyaXB0IjpudWxsLCJ3cm9uZ1NjcmlwdCI6bnVsbCwicnVsZVR5cGUiOiJDT01QQVJFIn0seyJpZCI6OSwiZXhhbUlkIjo2MDk0MzgxMjczNDUzOTc4MTcsImNvbnRlbnQiOiI4XFxjaXJjbGUxNSIsImFuc3dlciI6IjwiLCJ1c2VyQW5zd2VyIjpudWxsLCJhbnN3ZXJzIjpbIjwiXSwic3RhdHVzIjowLCJzY3JpcHQiOm51bGwsIndyb25nU2NyaXB0IjpudWxsLCJydWxlVHlwZSI6IkNPTVBBUkUifV0sInVwZGF0ZWRUaW1lIjowfX0=

再解base64得到明文

{"pkIdStr":"609438127345397817","otherUser":{"userId":1056044272,"userName":"猿宝44272","avatarUrl":"https://leo-online.fbcontent.cn/leo-gallery/16a9fd09b1d892a.png","userPendantUrl":null},"otherWinCount":0,"selfWinCount":13,"targetCostTime":50000,"examVO":{"pkIdStr":"609438127345397817","pointId":2,"pointName":"20以内数的比大小","ruleType":0,"questionCnt":10,"correctCnt":0,"costTime":0,"questions":[{"id":0,"examId":609438127345397817,"content":"15\\circle19","answer":"<","userAnswer":null,"answers":["<"],"status":0,"script":null,"wrongScript":null,"ruleType":"COMPARE"},{"id":1,"examId":609438127345397817,"content":"10\\circle7","answer":">","userAnswer":null,"answers":[">"],"status":0,"script":null,"wrongScript":null,"ruleType":"COMPARE"},{"id":2,"examId":609438127345397817,"content":"8\\circle18","answer":"<","userAnswer":null,"answers":["<"],"status":0,"script":null,"wrongScript":null,"ruleType":"COMPARE"},{"id":3,"examId":609438127345397817,"content":"5\\circle13","answer":"<","userAnswer":null,"answers":["<"],"status":0,"script":null,"wrongScript":null,"ruleType":"COMPARE"},{"id":4,"examId":609438127345397817,"content":"15\\circle8","answer":">","userAnswer":null,"answers":[">"],"status":0,"script":null,"wrongScript":null,"ruleType":"COMPARE"},{"id":5,"examId":609438127345397817,"content":"11\\circle6","answer":">","userAnswer":null,"answers":[">"],"status":0,"script":null,"wrongScript":null,"ruleType":"COMPARE"},{"id":6,"examId":609438127345397817,"content":"15\\circle6","answer":">","userAnswer":null,"answers":[">"],"status":0,"script":null,"wrongScript":null,"ruleType":"COMPARE"},{"id":7,"examId":609438127345397817,"content":"7\\circle11","answer":"<","userAnswer":null,"answers":["<"],"status":0,"script":null,"wrongScript":null,"ruleType":"COMPARE"},{"id":8,"examId":609438127345397817,"content":"10\\circle19","answer":"<","userAnswer":null,"answers":["<"],"status":0,"script":null,"wrongScript":null,"ruleType":"COMPARE"},{"id":9,"examId":609438127345397817,"content":"8\\circle15","answer":"<","userAnswer":null,"answers":["<"],"status":0,"script":null,"wrongScript":null,"ruleType":"COMPARE"}],"updatedTime":0}}

image

这次我们多了一步,删除所有\n, 这下完美解决乱码
@xmexg xmexg pinned this issue Oct 11, 2024
@xmexg xmexg mentioned this issue Oct 11, 2024
Open
@ZeroQing89
Copy link

芜湖!!!!

@ZeroQing89
Copy link

大佬NB

@wztxy
Copy link

wztxy commented Oct 11, 2024

大佬牛逼

@sd0ric4
Copy link

sd0ric4 commented Oct 11, 2024

好诶

@GSQZ
Copy link

GSQZ commented Oct 11, 2024

牛逼

@dfaofeng
Copy link

大佬牛B!!!

@kongbai141
Copy link

密文是直接hook的传参吗

@The-Lucky-0ne
Copy link

大佬NB

@WH2315
Copy link

WH2315 commented Oct 11, 2024

NB

@Adamzealmony
Copy link

留名

@Hillton53
Copy link

这么快我操

@qiushaonan
Copy link

厉害

@xmexg
Copy link
Owner Author

xmexg commented Oct 11, 2024

这个密文是怎么来的?貌似不是响应体里的

带sign的url计算方法一样, 核心加密在libRequestEncoder.so
#5
目前还不能解开具体加解密方法, 但是可以通过hook拿到加解密后的数据

@Hillton53
Copy link

请问老师这个思路应该如何落地,在网上看到了一些frida和charles联用的案例,但感觉讲的不是很清楚

@Moraxyc Moraxyc mentioned this issue Oct 11, 2024
Closed
@lshigurel
Copy link

牛逼

@lacia233
Copy link

牛蛙

@dongguyang
Copy link

无敌了 这效率

@chenzhengqingzzz
Copy link

大佬nb!!

@xmexg
Copy link
Owner Author

xmexg commented Oct 11, 2024

请问老师这个思路应该如何落地,在网上看到了一些frida和charles联用的案例,但感觉讲的不是很清楚

使用 https://github.com/xmexg/xyks/tree/master/frida/matchV2 下的do_matchV2.py文件, 会拿到明文试题及答案
视频演示

@xiaou61
Copy link

xiaou61 commented Oct 11, 2024

这就是中国速度吗

@GSQZ
Copy link

GSQZ commented Oct 11, 2024

请问老师这个思路应该如何落地,在网上看到了一些frida和charles联用的案例,但感觉讲的不是很清楚

使用 https://github.com/xmexg/xyks/tree/master/frida/matchV2 下的do_matchV2.py文件, 会拿到明文试题及答案 视频演示

可行 牛逼啊

@Hillton53
Copy link

请问老师这个思路应该如何落地,在网上看到了一些frida和charles联用的案例,但感觉讲的不是很清楚

使用 https://github.com/xmexg/xyks/tree/master/frida/matchV2 下的do_matchV2.py文件, 会拿到明文试题及答案 视频演示

是的,我刚刚进行到这一步,frida出问题了,每次运行就报错“Failed to spawn: failed to open USB device: Input/Output Error” 然后python闪退;

我太菜了,这种方法拿到明文之后不知道怎么能重写内容作为响应,请问目前有方案吗,还是说需要等待新思路

@Arsenicss
Copy link

image
没啥难度

@xmexg
Copy link
Owner Author

xmexg commented Oct 11, 2024
edited
Loading

请问老师这个思路应该如何落地,在网上看到了一些frida和charles联用的案例,但感觉讲的不是很清楚

使用 https://github.com/xmexg/xyks/tree/master/frida/matchV2 下的do_matchV2.py文件, 会拿到明文试题及答案 视频演示

是的,我刚刚进行到这一步,frida出问题了,每次运行就报错“Failed to spawn: failed to open USB device: Input/Output Error” 然后python闪退;

我太菜了,这种方法拿到明文之后不知道怎么能重写内容作为响应,请问目前有方案吗,还是说需要等待新思路

“Failed to spawn: failed to open USB device: Input/Output Error” :

拿到明文之后不知道怎么能重写内容作为响应

不明白响应是什么

  • 如果是修改试题和答案传回浏览器, 这是在安卓apk内置代码 传向 vue前端页面过成中拿到的, 应该能使用frida修改答案, 但还是要自己答题, 目前还没研究
  • 如果是自动提交正确答案, 目前还没有逆向前端vue页面提交答案的算法, 还是使用传统的模拟滑动输入答案答题, 开启webview调试见视频演示

@whl555
Copy link

whl555 commented Oct 11, 2024

大哥放过我们吧

@chenzhengqingzzz
Copy link

大哥放过我们吧

笑死我了 你这不会是官方人员吧

@masknull
Copy link

大哥放过我们吧

官方放一下算法吧

@GalacticDevOps
Copy link
Contributor

采用修改时间的方式 Reg By @Hawcett
@xmexg

@0x3fffff
Copy link

牛逼

@XianTong-king
Copy link

webview还能用吗,webview弄好了,之后怎么做,我看视频到这就结束了,有后面教程吗

@GalacticDevOps
Copy link
Contributor

webview还能用吗,webview弄好了,之后怎么做,我看视频到这就结束了,有后面教程吗

可以

@XianTong-king
Copy link

XianTong-king commented Oct 13, 2024 via email

@GalacticDevOps
Copy link
Contributor

所以接下来该怎么做

---原始邮件--- 发件人: @.> 发送时间: 2024年10月13日(周日) 下午4:56 收件人: @.>; 抄送: @.@.>; 主题: Re: [xmexg/xyks] 关于match/v2加密 (Issue #9) webview还能用吗,webview弄好了,之后怎么做,我看视频到这就结束了,有后面教程吗 可以 — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you commented.Message ID: @.***>

看说明文档

@xmexg
Copy link
Owner Author

xmexg commented Oct 13, 2024

webview还能用吗,webview弄好了,之后怎么做,我看视频到这就结束了,有后面教程吗

正常点击手机/模拟器/浏览器屏幕即可,在切换页面时会一直处于加载状态,回到你浏览器的 chrome://inspect / edge://inspect 页面, 等待显示出新的链接, 点击新链接的inspect按钮即可, 顺带一提, 断点也会卡住页面
屏幕截图 2024-10-13 171604

@XianTong-king
Copy link

Uploading image.png…

@XianTong-king
Copy link

运行哪个脚本啊

@xmexg
Copy link
Owner Author

xmexg commented Oct 13, 2024

运行哪个脚本啊

重新编辑一下图片, 看不到

@XianTong-king
Copy link

就是我正常打开了手机的webview,不知道下一步该用哪个脚本去运行程序了

@GalacticDevOps
Copy link
Contributor

Reference in n

就是我正常打开了手机的webview,不知道下一步该用哪个脚本去运行程序了

两个文件一起用

@xmexg
Copy link
Owner Author

xmexg commented Oct 13, 2024

就是我正常打开了手机的webview,不知道下一步该用哪个脚本去运行程序了

webview和frida是互相独立的, webview用于调试前端页面, frida用于hook应用内部函数, 如果你要运行程序的话, 我猜你想运行frida, 去 https://github.com/xmexg/xyks/tree/master/frida 目录

目录 功能
matchV2 修改获取到的试题包,可修改成一道题任意答案
matchV2_byDataDecryptCommand matchV2同样的功能, 修改获取到的试题包,可修改成一道题任意答案
submit 修改提交的答案包,可修改答题耗时
gan_sign 生成sign参数, 在未来纯协议发包时有用, 目前没用

使用方法都是

python 文件名.py

@dfaofeng
Copy link 

https://xyks.yuanfudao.com/bh5/leo-web-config-activity/activity.html?orionKey=leo.activity.config.picture.v5&_productId=611#/

全国每日榜

@777miss
Copy link

777miss commented Oct 13, 2024

大佬会写协议版本的么 全程python调用

@xmexg
Copy link
Owner Author

xmexg commented Oct 13, 2024

大佬会写协议版本的么 全程python调用

正在研究, 貌似试题二进制包到目前hook的解包点之间还有加密

@GalacticDevOps
Copy link
Contributor

大佬会写协议版本的么 全程python调用

正在研究, 貌似试题二进制包到目前hook的解包点之间还有加密

image
看一下收到的base64能不能解码

@xmexg
Copy link
Owner Author

xmexg commented Oct 13, 2024

大佬会写协议版本的么 全程python调用

正在研究, 貌似试题二进制包到目前hook的解包点之间还有加密

image 看一下收到的base64能不能解码

这是模拟提交match/v2请求后, 调用目前已知的DataDecryptCommand hook点直接解密的, 但是解出来是乱码,
image

@GalacticDevOps
Copy link
Contributor

大佬会写协议版本的么 全程python调用

正在研究, 貌似试题二进制包到目前hook的解包点之间还有加密

image 看一下收到的base64能不能解码

这是模拟提交match/v2请求后, 调用目前已知的DataDecryptCommand hook点直接解密的, 但是解出来是乱码, image

封装一次base64进去在解密呢

@xmexg
Copy link
Owner Author

xmexg commented Oct 13, 2024

大佬会写协议版本的么 全程python调用

正在研究, 貌似试题二进制包到目前hook的解包点之间还有加密

image 看一下收到的base64能不能解码

这是模拟提交match/v2请求后, 调用目前已知的DataDecryptCommand hook点直接解密的, 但是解出来是乱码, image

封装一次base64进去在解密呢

还是乱码

@xmexg
Copy link
Owner Author

xmexg commented Oct 13, 2024

作业帮的题目目前也是明文: 具体URL地址:https://competition.zuoyebang.com/kspk/rank/match 每题目会POST进行验证 https://competition.zuoyebang.com/kspk/report/single 最终发送结果https://competition.zuoyebang.com/kspk/pk/result

作业帮怎么了? 作业帮和小猿口算有什么关系吗?

@Amamiyia
Copy link

666.pdf
本人水平有限,提供一下逆向的思路~

@Amamiyia
Copy link

666.pdf 本人水平有限,提供一下逆向的思路~

我参考的这个:https://www.bilibili.com/video/BV1C128Y2EBa/?spm_id_from=333.880.my_history.page.click

@xmexg
Copy link
Owner Author

xmexg commented Oct 14, 2024

@Amamiyaya @777miss 已实现纯协议答题模板 https://github.com/xmexg/xyks/blob/master/frida/auto_answer/

@GalacticDevOps
Copy link
Contributor

@Amamiyaya @777miss 已实现纯协议答题模板 https://github.com/xmexg/xyks/blob/master/frida/auto_answer/

@xmexg 已实现cookie的自动获取
image

@xmexg
Copy link
Owner Author

xmexg commented Oct 14, 2024

YFD_U好像不在cookie里了

只需要ks_persistent, sess, userid 三个cookie就能答题了

@GalacticDevOps
Copy link
Contributor

GalacticDevOps commented Oct 14, 2024
edited
Loading

YFD_U好像不在cookie里了

只需要ks_persistent, sess, userid 三个cookie就能答题了
user-agent
image

image
这个 YFD_U要填 version需要自己修改对应版本

@GalacticDevOps
Copy link
Contributor

@xmexg 已成功复现,需要修改一些地方,即将在下面标明

image

@imofelrj
Copy link

所以现在是只能hook抓数据吗
不能直接解密post下来的试题?
ios在调试方面困难太多了,webview都做不到

@GalacticDevOps
Copy link
Contributor

所以现在是只能hook抓数据吗 不能直接解密post下来的试题? ios在调试方面困难太多了,webview都做不到

有另外一种方式,但是目前还缺少sign关于时间的关键算法

nodejs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests