|
前言:本文不是教学篇,我是跟着阿J哥和小小白的文章才弄出来的,其次我目前对jsvmp还不够熟悉,感觉没这个能力讲明白。唉这也太难了,时常深夜辗转反侧就是因为太菜了。
这是qq_music的sign,还原后的算法如下:
function get_sign(word){
md5_str = MD5_Encrypt(word).toUpperCase()
filx_list = [212, 45, 80, 68, 195, 163, 163, 203, 157, 220, 254, 91, 204, 79, 104, 6];
ys_dict = {'0':0,'1':1,'2':2,'3':3,'4':4,'5':5,'6':6,'7':7,'8':8,'9':9,'A':10,'B':11,'C':12,'D':13,'E':14,'F':15};
base64_str = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';
two_list = [];
number = 0
for(var i = 0;i<filx_list.length;i++){
aa = ys_dict[md5_str[number]] * 16;
bb = aa + ys_dict[md5_str[number+1]];
cc = bb ^ filx_list[i];
two_list.push(cc);
number+=2
}
i = 0
str_m = ''
for (var j = 0; j < 5; j++) {
aa = [two_list[i], two_list[i + 1], two_list[i + 2]]
one_number = aa[0] >> 2
two_number = ((aa[0] & 3) << 4) + (aa[1] >> 4)
three_number = ((aa[1] & 15) << 2) + (aa[2] >> 6)
four_number = aa[2] & 63;
i += 3
str_m += [base64_str[one_number], base64_str[two_number], base64_str[three_number], base64_str[four_number]].join("")
}
last_t_number = base64_str[two_list[15] >> 2];
last_o_number = base64_str[(two_list[15] & 3) << 4];
s3 = str_m+last_t_number+last_o_number;
s1 = ''
s1_list = [21,4,9,26,16,20,27,30]
for(var i = 0;i<s1_list.length;i++){
s1+=md5_str[s1_list[i]]
}
s2 = ''
s2_list = [18,11,3,2,1,7,6,25]
for(var i = 0;i<s2_list.length;i++){
s2+=md5_str[s2_list[i]]
}
final_str = ('zzb' + s1 + s3 + s2).toLowerCase().replace(RegExp("/", "g"), "");
return final_str
}
var word ='{"comm":{"cv":4747474,"ct":24,"format":"json","inCharset":"utf-8","outCharset":"utf-8","notice":0,"platform":"yqq.json","needNewCode":1,"uin":0,"g_tk_new_20200303":5381,"g_tk":5381},"req_1":{"module":"music.musichallSinger.SingerList","method":"GetSingerListIndex","param":{"area":-100,"sex":-100,"genre":-100,"index":-100,"sin":320,"cur_page":5}}}'
console.log(get_sign(word))
最后感叹两句,逆向圈子的大环境真的很卷,稍微停下一段时间就会发现,群里那些大佬说话都听不懂了,还是得努力呀!
(还有 接下里几个月应该不会更了,该做毕设啦,拜拜!)
|