xhs(x红书)x-s参数逆向[2023.6.22]
1.提要
众所周知,此次的加密逻辑进入一个叫
window._webmsxyw()
的函数里面该函数是封装在一个自执行函数内部,并添加到了
window
属性里,下面是两种获取思路。
2.扣环境
扣环境的话,只需要在
jsdom
的document
对象上cookie
添加a1
;在请求的头部添加web_session
,这个方法,唯一出现的问题就是环境检测参数x2
用node
生成的和浏览器的不一样,简单的把这个参数改成和浏览器一致即可,在bilibili
以及一些热心的朋友已经分享了。修改位置:
function(B, A, Q, E, g, I, w) {
if(D["_ace_eb1d"]&&D["_ace_eb1d"]["172"]&&D["_ace_eb1d"]["172"]["stackInput"].indexOf("x4=")!==-1){
var arr = D["_ace_eb1d"]["172"]["stackInput"].split(";")
arr[1] = "x2=0|0|0|1|0|0|1|0|0|0|1|0|0|0|0" //正确的x2
D["_ace_eb1d"]["172"]["stackInput"] = arr.join(";")
}
var c = t.slice(s(B, A), s(Q, E) + 1), N = D;
j(function() {
M = {
_ace_5ee37: this || C,
_ace_84c79: M,
_ace_b0594: arguments,
_ace_eb1d: N
};
- 生成效果:
{
stackInput: 'x1=9546fb5adde0da04b89f070932c583e6;x2=0|0|0|1|0|0|1|0|0|
baa86a9b02946f8a132c94993551a96ebd15d064',
shouldJoker: false
}
{
'X-s': 'XYW_eyJzaWduU3ZuIjoiNTEiLCJzaWduVHlwZSI6IngxIiwicGF5bG9hZCI6IjAxNDA1OGVlNzUzNmQ1ZjBhMzZiZDAyMTU2ZmVhNG
Q1ZWE0YjVmMmU3YjllNjQzMTU5NzJhOGQxYzcxZDBiNjYxYTUyZGZmYTFmOGMwYzM1NGYzNWM4ZTA3YmZhNTU4N2M5ZTNiZmRhMWZhYTFlYjkwZD
c0YWEzMWI1NGM3MmNkMGQ3NGFhMzFiNTRjNzJjZGFjNDg5YjlkYThjZTVlNDhmNGFmYjlhY2ZjM2VhMjZmZTBiMjY2YTZiNGNjM2NiNTczZGE2MD
A2NjZlNWM3ZTY5ZTg3NmUwZWMyZmY3Y2Q1NGQ3YTlkMTE3YmFhZWEyNWJiMjlmZDJkNWE1NjIyNTllZWM2MGQ1NDljN2I4NjgyYjUyNjVhMGEyOT
BlMzdmZDJkNjRkOWNhMzJhNGJkYWNkNTRmY2M4YzkwZWY4NzcwZTNkYWRmODZjMzE2NGExYTVhYjgzYjgyYmFhODZhOWIwMjk0NmY4YTEzMmM5ND
k5MzU1MWE5NmViZDE1ZDA2NCJ9',
'X-t': 1687447169324
}
3.算法还原
- 算法还原一大特点就是,打日志,一般来说,这种加密算法基本大多数关键的操作就是数据之间的位运算操作,所以一般断点都打在所有的位运算操作的位置,比如:
- 断点的写法参考:
- 打印出的日志be like:
- 此后便是无穷的逆推过程,比较掉头发的,这里提供关键的思路步骤,给热爱技术的朋友提供参考(想想自己到处寻找灵感的时候,多么希望能有一篇文章能够指点迷津,现在自己弄出来了,必然给诸君共享)
xhs.js:290 X + - => X-
xhs.js:290 X- + s => X-s
xhs.js:290 X + Y => XY
xhs.js:290 XY + W => XYW
xhs.js:290 XYW + _ => XYW_
xhs.js:290 XYW_ + eyJzaWduU3ZuIjoiNTEiLCJzaWduVHlwZSI6IngxIiwiYXBwSWQiOiJ4aHMtcGMtd2ViIiwic2lnblZlcnNpb24iOiIxIiwicGF5bG9hZCI6Ijk1ZWViZmQzZTY3OWE1YzU4ZGMzMTE0ZDg3ZTgzOTVlNGVhODA4YTZiZGU5Y2E3YjljYWVhYjgzZGExNDA5MjQzMDJmNjQ1ZTFiYzcxM2QwMGFkZDdhMzYwODdlNTJlMmM5ZTNiZmRhMWZhYTFlYjkwZDc0YWEzMWI1NGM3MmNkMGQ3NGFhMzFiNTRjNzJjZGFjNDg5YjlkYThjZTVlNDhmNGFmYjlhY2ZjM2VhMjZmZTBiMjY2YTZiNGNjM2NiNTczZGE2MDA2NjZlNWM3ZTY5ZTg3NmUwZWMyZmY3Y2Q1NGQ3YTlkMTE3YmFhZWEyNWJiMjlmZDJkNWE1NjIyNTllZWM2MGQ1NDljN2I4NjgyYjUyNjVhMGEyOTBlMzdmZDJkNjRkOWNhMzJhNGJkYWNkNTRmY2M4YzkwZWY4NzcwZTNkYWRmODZjMzE2NGExYWEzMWNjODFjOWZmYTQ5MDNmNTA5ODZkZWY1MjQ1ZjY1OWNkOGNhY2Y2MzhlMWRmNiJ9 => XYW_eyJzaWduU3ZuIjoiNTEiLCJzaWduVHlwZSI6IngxIiwiYXBwSWQiOiJ4aHMtcGMtd2ViIiwic2lnblZlcnNpb24iOiIxIiwicGF5bG9hZCI6Ijk1ZWViZmQzZTY3OWE1YzU4ZGMzMTE0ZDg3ZTgzOTVlNGVhODA4YTZiZGU5Y2E3YjljYWVhYjgzZGExNDA5MjQzMDJmNjQ1ZTFiYzcxM2QwMGFkZDdhMzYwODdlNTJlMmM5ZTNiZmRhMWZhYTFlYjkwZDc0YWEzMWI1NGM3MmNkMGQ3NGFhMzFiNTRjNzJjZGFjNDg5YjlkYThjZTVlNDhmNGFmYjlhY2ZjM2VhMjZmZTBiMjY2YTZiNGNjM2NiNTczZGE2MDA2NjZlNWM3ZTY5ZTg3NmUwZWMyZmY3Y2Q1NGQ3YTlkMTE3YmFhZWEyNWJiMjlmZDJkNWE1NjIyNTllZWM2MGQ1NDljN2I4NjgyYjUyNjVhMGEyOTBlMzdmZDJkNjRkOWNhMzJhNGJkYWNkNTRmY2M4YzkwZWY4NzcwZTNkYWRmODZjMzE2NGExYWEzMWNjODFjOWZmYTQ5MDNmNTA5ODZkZWY1MjQ1ZjY1OWNkOGNhY2Y2MzhlMWRmNiJ9
xhs.js:290 X + - => X-
xhs.js:290 X- + t => X-t
xhs.js:577 ** {X-s: 'XYW_eyJzaWduU3ZuIjoiNTEiLCJzaWduVHlwZSI6IngxIiwiYX…5MDNmNTA5ODZkZWY1MjQ1ZjY1OWNkOGNhY2Y2MzhlMWRmNiJ9', X-t: 1686987735039}
3.1 ey……J9的生成
-
ey……J9
呢是charAt
产生的,如下:
xhs.js:490 56 '>>' 2 '=>' 14
xhs.js:278 56 '&' 3 '=>' 0
xhs.js:384 0 '<<' 4 '=>' 0
xhs.js:490 99 '>>' 4 '=>' 6
xhs.js:426 0 '|' 6 '=>' 6
xhs.js:278 99 '&' 15 '=>' 3
xhs.js:384 3 '<<' 2 '=>' 12
xhs.js:490 97 '>>' 6 '=>' 1
xhs.js:426 12 '|' 1 '=>' 13
xhs.js:278 97 '&' 63 '=>' 33
xhs.js:290 c + h => ch
xhs.js:290 ch + a => cha
xhs.js:290 cha + r => char
xhs.js:290 char + A => charA
xhs.js:290 charA + t => charAt
xhs.js:290 eyJzaWduU3ZuIjoiNTEiLCJzaWduVHlwZSI6IngxIiwiYXBwSWQiOiJ4aHMtcGMtd2ViIiwic2lnblZlcnNpb24iOiIxIiwicGF5bG9hZCI6Ijk1ZWViZmQzZTY3OWE1YzU4ZGMzMTE0ZDg3ZTgzOTVlNGVhODA4YTZiZGU5Y2E3YjljYWVhYjgzZGExNDA5MjQzMDJmNjQ1ZTFiYzcxM2QwMGFkZDdhMzYwODdlNTJlMmM5ZTNiZmRhMWZhYTFlYjkwZDc0YWEzMWI1NGM3MmNkMGQ3NGFhMzFiNTRjNzJjZGFjNDg5YjlkYThjZTVlNDhmNGFmYjlhY2ZjM2VhMjZmZTBiMjY2YTZiNGNjM2NiNTczZGE2MDA2NjZlNWM3ZTY5ZTg3NmUwZWMyZmY3Y2Q1NGQ3YTlkMTE3YmFhZWEyNWJiMjlmZDJkNWE1NjIyNTllZWM2MGQ1NDljN2I4NjgyYjUyNjVhMGEyOTBlMzdmZDJkNjRkOWNhMzJhNGJkYWNkNTRmY2M4YzkwZWY4NzcwZTNkYWRmODZjMzE2NGExYWEzMWNjODFjOWZmYTQ5MDNmNTA5ODZkZWY1MjQ1ZjY1OWNk + O => eyJzaWduU3ZuIjoiNTEiLCJzaWduVHlwZSI6IngxIiwiYXBwSWQiOiJ4aHMtcGMtd2ViIiwic2lnblZlcnNpb24iOiIxIiwicGF5bG9hZCI6Ijk1ZWViZmQzZTY3OWE1YzU4ZGMzMTE0ZDg3ZTgzOTVlNGVhODA4YTZiZGU5Y2E3YjljYWVhYjgzZGExNDA5MjQzMDJmNjQ1ZTFiYzcxM2QwMGFkZDdhMzYwODdlNTJlMmM5ZTNiZmRhMWZhYTFlYjkwZDc0YWEzMWI1NGM3MmNkMGQ3NGFhMzFiNTRjNzJjZGFjNDg5YjlkYThjZTVlNDhmNGFmYjlhY2ZjM2VhMjZmZTBiMjY2YTZiNGNjM2NiNTczZGE2MDA2NjZlNWM3ZTY5ZTg3NmUwZWMyZmY3Y2Q1NGQ3YTlkMTE3YmFhZWEyNWJiMjlmZDJkNWE1NjIyNTllZWM2MGQ1NDljN2I4NjgyYjUyNjVhMGEyOTBlMzdmZDJkNjRkOWNhMzJhNGJkYWNkNTRmY2M4YzkwZWY4NzcwZTNkYWRmODZjMzE2NGExYWEzMWNjODFjOWZmYTQ5MDNmNTA5ODZkZWY1MjQ1ZjY1OWNkO
xhs.js:290 c + h => ch
xhs.js:290 ch + a => cha
xhs.js:290 cha + r => char
xhs.js:290 char + A => charA
xhs.js:290 charA + t => charAt
xhs.js:290 eyJzaWduU3ZuIjoiNTEiLCJzaWduVHlwZSI6IngxIiwiYXBwSWQiOiJ4aHMtcGMtd2ViIiwic2lnblZlcnNpb24iOiIxIiwicGF5bG9hZCI6Ijk1ZWViZmQzZTY3OWE1YzU4ZGMzMTE0ZDg3ZTgzOTVlNGVhODA4YTZiZGU5Y2E3YjljYWVhYjgzZGExNDA5MjQzMDJmNjQ1ZTFiYzcxM2QwMGFkZDdhMzYwODdlNTJlMmM5ZTNiZmRhMWZhYTFlYjkwZDc0YWEzMWI1NGM3MmNkMGQ3NGFhMzFiNTRjNzJjZGFjNDg5YjlkYThjZTVlNDhmNGFmYjlhY2ZjM2VhMjZmZTBiMjY2YTZiNGNjM2NiNTczZGE2MDA2NjZlNWM3ZTY5ZTg3NmUwZWMyZmY3Y2Q1NGQ3YTlkMTE3YmFhZWEyNWJiMjlmZDJkNWE1NjIyNTllZWM2MGQ1NDljN2I4NjgyYjUyNjVhMGEyOTBlMzdmZDJkNjRkOWNhMzJhNGJkYWNkNTRmY2M4YzkwZWY4NzcwZTNkYWRmODZjMzE2NGExYWEzMWNjODFjOWZmYTQ5MDNmNTA5ODZkZWY1MjQ1ZjY1OWNkO + G => eyJzaWduU3ZuIjoiNTEiLCJzaWduVHlwZSI6IngxIiwiYXBwSWQiOiJ4aHMtcGMtd2ViIiwic2lnblZlcnNpb24iOiIxIiwicGF5bG9hZCI6Ijk1ZWViZmQzZTY3OWE1YzU4ZGMzMTE0ZDg3ZTgzOTVlNGVhODA4YTZiZGU5Y2E3YjljYWVhYjgzZGExNDA5MjQzMDJmNjQ1ZTFiYzcxM2QwMGFkZDdhMzYwODdlNTJlMmM5ZTNiZmRhMWZhYTFlYjkwZDc0YWEzMWI1NGM3MmNkMGQ3NGFhMzFiNTRjNzJjZGFjNDg5YjlkYThjZTVlNDhmNGFmYjlhY2ZjM2VhMjZmZTBiMjY2YTZiNGNjM2NiNTczZGE2MDA2NjZlNWM3ZTY5ZTg3NmUwZWMyZmY3Y2Q1NGQ3YTlkMTE3YmFhZWEyNWJiMjlmZDJkNWE1NjIyNTllZWM2MGQ1NDljN2I4NjgyYjUyNjVhMGEyOTBlMzdmZDJkNjRkOWNhMzJhNGJkYWNkNTRmY2M4YzkwZWY4NzcwZTNkYWRmODZjMzE2NGExYWEzMWNjODFjOWZmYTQ5MDNmNTA5ODZkZWY1MjQ1ZjY1OWNkOG
xhs.js:290 c + h => ch
xhs.js:290 ch + a => cha
xhs.js:290 cha + r => char
xhs.js:290 char + A => charA
xhs.js:290 charA + t => charAt
xhs.js:290 eyJzaWduU3ZuIjoiNTEiLCJzaWduVHlwZSI6IngxIiwiYXBwSWQiOiJ4aHMtcGMtd2ViIiwic2lnblZlcnNpb24iOiIxIiwicGF5bG9hZCI6Ijk1ZWViZmQzZTY3OWE1YzU4ZGMzMTE0ZDg3ZTgzOTVlNGVhODA4YTZiZGU5Y2E3YjljYWVhYjgzZGExNDA5MjQzMDJmNjQ1ZTFiYzcxM2QwMGFkZDdhMzYwODdlNTJlMmM5ZTNiZmRhMWZhYTFlYjkwZDc0YWEzMWI1NGM3MmNkMGQ3NGFhMzFiNTRjNzJjZGFjNDg5YjlkYThjZTVlNDhmNGFmYjlhY2ZjM2VhMjZmZTBiMjY2YTZiNGNjM2NiNTczZGE2MDA2NjZlNWM3ZTY5ZTg3NmUwZWMyZmY3Y2Q1NGQ3YTlkMTE3YmFhZWEyNWJiMjlmZDJkNWE1NjIyNTllZWM2MGQ1NDljN2I4NjgyYjUyNjVhMGEyOTBlMzdmZDJkNjRkOWNhMzJhNGJkYWNkNTRmY2M4YzkwZWY4NzcwZTNkYWRmODZjMzE2NGExYWEzMWNjODFjOWZmYTQ5MDNmNTA5ODZkZWY1MjQ1ZjY1OWNkOG + N => eyJzaWduU3ZuIjoiNTEiLCJzaWduVHlwZSI6IngxIiwiYXBwSWQiOiJ4aHMtcGMtd2ViIiwic2lnblZlcnNpb24iOiIxIiwicGF5bG9hZCI6Ijk1ZWViZmQzZTY3OWE1YzU4ZGMzMTE0ZDg3ZTgzOTVlNGVhODA4YTZiZGU5Y2E3YjljYWVhYjgzZGExNDA5MjQzMDJmNjQ1ZTFiYzcxM2QwMGFkZDdhMzYwODdlNTJlMmM5ZTNiZmRhMWZhYTFlYjkwZDc0YWEzMWI1NGM3MmNkMGQ3NGFhMzFiNTRjNzJjZGFjNDg5YjlkYThjZTVlNDhmNGFmYjlhY2ZjM2VhMjZmZTBiMjY2YTZiNGNjM2NiNTczZGE2MDA2NjZlNWM3ZTY5ZTg3NmUwZWMyZmY3Y2Q1NGQ3YTlkMTE3YmFhZWEyNWJiMjlmZDJkNWE1NjIyNTllZWM2MGQ1NDljN2I4NjgyYjUyNjVhMGEyOTBlMzdmZDJkNjRkOWNhMzJhNGJkYWNkNTRmY2M4YzkwZWY4NzcwZTNkYWRmODZjMzE2NGExYWEzMWNjODFjOWZmYTQ5MDNmNTA5ODZkZWY1MjQ1ZjY1OWNkOGN
xhs.js:290 c + h => ch
xhs.js:290 ch + a => cha
xhs.js:290 cha + r => char
xhs.js:290 char + A => charA
xhs.js:290 charA + t => charAt
xhs.js:290 eyJzaWduU3ZuIjoiNTEiLCJzaWduVHlwZSI6IngxIiwiYXBwSWQiOiJ4aHMtcGMtd2ViIiwic2lnblZlcnNpb24iOiIxIiwicGF5bG9hZCI6Ijk1ZWViZmQzZTY3OWE1YzU4ZGMzMTE0ZDg3ZTgzOTVlNGVhODA4YTZiZGU5Y2E3YjljYWVhYjgzZGExNDA5MjQzMDJmNjQ1ZTFiYzcxM2QwMGFkZDdhMzYwODdlNTJlMmM5ZTNiZmRhMWZhYTFlYjkwZDc0YWEzMWI1NGM3MmNkMGQ3NGFhMzFiNTRjNzJjZGFjNDg5YjlkYThjZTVlNDhmNGFmYjlhY2ZjM2VhMjZmZTBiMjY2YTZiNGNjM2NiNTczZGE2MDA2NjZlNWM3ZTY5ZTg3NmUwZWMyZmY3Y2Q1NGQ3YTlkMTE3YmFhZWEyNWJiMjlmZDJkNWE1NjIyNTllZWM2MGQ1NDljN2I4NjgyYjUyNjVhMGEyOTBlMzdmZDJkNjRkOWNhMzJhNGJkYWNkNTRmY2M4YzkwZWY4NzcwZTNkYWRmODZjMzE2NGExYWEzMWNjODFjOWZmYTQ5MDNmNTA5ODZkZWY1MjQ1ZjY1OWNkOGN + h => eyJzaWduU3ZuIjoiNTEiLCJzaWduVHlwZSI6IngxIiwiYXBwSWQiOiJ4aHMtcGMtd2ViIiwic2lnblZlcnNpb24iOiIxIiwicGF5bG9hZCI6Ijk1ZWViZmQzZTY3OWE1YzU4ZGMzMTE0ZDg3ZTgzOTVlNGVhODA4YTZiZGU5Y2E3YjljYWVhYjgzZGExNDA5MjQzMDJmNjQ1ZTFiYzcxM2QwMGFkZDdhMzYwODdlNTJlMmM5ZTNiZmRhMWZhYTFlYjkwZDc0YWEzMWI1NGM3MmNkMGQ3NGFhMzFiNTRjNzJjZGFjNDg5YjlkYThjZTVlNDhmNGFmYjlhY2ZjM2VhMjZmZTBiMjY2YTZiNGNjM2NiNTczZGE2MDA2NjZlNWM3ZTY5ZTg3NmUwZWMyZmY3Y2Q1NGQ3YTlkMTE3YmFhZWEyNWJiMjlmZDJkNWE1NjIyNTllZWM2MGQ1NDljN2I4NjgyYjUyNjVhMGEyOTBlMzdmZDJkNjRkOWNhMzJhNGJkYWNkNTRmY2M4YzkwZWY4NzcwZTNkYWRmODZjMzE2NGExYWEzMWNjODFjOWZmYTQ5MDNmNTA5ODZkZWY1MjQ1ZjY1OWNkOGNh
那么是谁的charAt呢,又是at几呢?
-
往上寻找
ey……J9
最初产生的地方看看:{"signSvn":"51","signType":"x1","appId":"xhs-pc-web","signVersion":"1","payload":"95eebfd3e679a5c58dc3114d87e8395e4ea808a6bde9ca7b9caeab83da140924302f645e1bc713d00add7a36087e52e2c9e3bfda1faa1eb90d74aa31b54c72cd0d74aa31b54c72cdac489b9da8ce5e48f4afb9acfc3ea26fe0b266a6b4cc3cb573da600666e5c7e69e876e0ec2ff7cd54d7a9d117baaea25bb29fd2d5a562259eec60d549c7b8682b5265a0a290e37fd2d64d9ca32a4bdacd54fcc8c90ef8770e3dadf86c3164a1aa31cc81c9ffa4903f50986def5245f659cd8cacf638e1df6"} xhs.js:290 l + e => le xhs.js:290 le + n => len xhs.js:290 len + g => leng xhs.js:290 leng + t => lengt xhs.js:290 lengt + h => length xhs.js:290 s + t => st xhs.js:290 st + a => sta xhs.js:290 sta + c => stac xhs.js:290 stac + k => stack xhs.js:290 stack + O => stackO xhs.js:290 stackO + u => stackOu xhs.js:290 stackOu + t => stackOut xhs.js:290 stackOut + p => stackOutp xhs.js:290 stackOutp + u => stackOutpu xhs.js:290 stackOutpu + t => stackOutput xhs.js:290 s + t => st xhs.js:290 st + a => sta xhs.js:290 sta + c => stac xhs.js:290 stac + k => stack xhs.js:290 stack + O => stackO xhs.js:290 stackO + u => stackOu xhs.js:290 stackOu + t => stackOut xhs.js:290 stackOut + p => stackOutp xhs.js:290 stackOutp + u => stackOutpu xhs.js:290 stackOutpu + t => stackOutput xhs.js:290 l + e => le xhs.js:290 le + n => len xhs.js:290 len + g => leng xhs.js:290 leng + t => lengt xhs.js:290 lengt + h => length xhs.js:290 c + h => ch xhs.js:290 ch + a => cha xhs.js:290 cha + r => char xhs.js:290 char + C => charC xhs.js:290 charC + o => charCo xhs.js:290 charCo + d => charCod xhs.js:290 charCod + e => charCode xhs.js:290 charCode + A => charCodeA xhs.js:290 charCodeA + t => charCodeAt xhs.js:290 c + h => ch xhs.js:290 ch + a => cha xhs.js:290 cha + r => char xhs.js:290 char + C => charC xhs.js:290 charC + o => charCo xhs.js:290 charCo + d => charCod xhs.js:290 charCod + e => charCode xhs.js:290 charCode + A => charCodeA xhs.js:290 charCodeA + t => charCodeAt xhs.js:290 c + h => ch xhs.js:290 ch + a => cha xhs.js:290 cha + r => char xhs.js:290 char + C => charC xhs.js:290 charC + o => charCo xhs.js:290 charCo + d => charCod xhs.js:290 charCod + e => charCode xhs.js:290 charCode + A => charCodeA xhs.js:290 charCodeA + t => charCodeAt xhs.js:290 s + h => sh xhs.js:290 sh + o => sho xhs.js:290 sho + u => shou xhs.js:290 shou + l => shoul xhs.js:290 shoul + d => should xhs.js:290 should + J => shouldJ xhs.js:290 shouldJ + o => shouldJo xhs.js:290 shouldJo + k => shouldJok xhs.js:290 shouldJok + e => shouldJoke xhs.js:290 shouldJoke + r => shouldJoker xhs.js:490 123 '>>' 2 '=>' 30 xhs.js:278 123 '&' 3 '=>' 3 xhs.js:384 3 '<<' 4 '=>' 48 xhs.js:490 34 '>>' 4 '=>' 2 xhs.js:426 48 '|' 2 '=>' 50 xhs.js:278 34 '&' 15 '=>' 2 xhs.js:384 2 '<<' 2 '=>' 8 xhs.js:490 115 '>>' 6 '=>' 1 xhs.js:426 8 '|' 1 '=>' 9 xhs.js:278 115 '&' 63 '=>' 51 xhs.js:290 c + h => ch xhs.js:290 ch + a => cha xhs.js:290 cha + r => char xhs.js:290 char + A => charA xhs.js:290 charA + t => charAt xhs.js:290 + e => e xhs.js:290 c + h => ch xhs.js:290 ch + a => cha xhs.js:290 cha + r => char xhs.js:290 char + A => charA xhs.js:290 charA + t => charAt xhs.js:290 e + y => ey xhs.js:290 c + h => ch xhs.js:290 ch + a => cha xhs.js:290 cha + r => char xhs.js:290 char + A => charA xhs.js:290 charA + t => charAt xhs.js:290 ey + J => eyJ xhs.js:290 c + h => ch xhs.js:290 ch + a => cha xhs.js:290 cha + r => char xhs.js:290 char + A => charA xhs.js:290 charA + t => charAt xhs.js:290 eyJ + z => eyJz
猜测
123
、34
等那几个数可能是{“signSVn……
这个长传的charCodeAt
产生,验证:果然,3个一组,产生4个数,这四个数作为
charat
的参数,那么是谁的charat
呢?这个就继续往上翻到signsvn……
产生的地方看看:xhs.js:290 ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/ + = => ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/= xhs.js:290 s + t => st xhs.js:290 st + a => sta xhs.js:290 sta + c => stac xhs.js:290 stac + k => stack xhs.js:290 stack + I => stackI xhs.js:290 stackI + n => stackIn xhs.js:290 stackIn + p => stackInp xhs.js:290 stackInp + u => stackInpu xhs.js:290 stackInpu + t => stackInput xhs.js:290 l + e => le xhs.js:290 le + n => len xhs.js:290 len + g => leng xhs.js:290 leng + t => lengt xhs.js:290 lengt + h => length xhs.js:290 c + h => ch xhs.js:290 ch + a => cha xhs.js:290 cha + r => char xhs.js:290 char + C => charC xhs.js:290 charC + o => charCo xhs.js:290 charCo + d => charCod xhs.js:290 charCod + e => charCode xhs.js:290 charCode + A => charCodeA xhs.js:290 charCodeA + t => charCodeAt xhs.js:286 0 '%' 4 '=>' 0 xhs.js:290 s + h => sh xhs.js:290 sh + o => sho xhs.js:290 sho + u => shou xhs.js:290 shou + l => shoul xhs.js:290 shoul + d => should xhs.js:290 should + J => shouldJ xhs.js:290 shouldJ + o => shouldJo xhs.js:290 shouldJo + k => shouldJok xhs.js:290 shouldJok + e => shouldJoke xhs.js:290 shouldJoke + r => shouldJoker xhs.js:290 f + r => fr xhs.js:290 fr + o => fro xhs.js:290 fro + m => from xhs.js:290 from + C => fromC xhs.js:290 fromC + h => fromCh xhs.js:290 fromCh + a => fromCha xhs.js:290 fromCha + r => fromChar xhs.js:290 fromChar + C => fromCharC xhs.js:290 fromCharC + o => fromCharCo xhs.js:290 fromCharCo + d => fromCharCod xhs.js:290 fromCharCod + e => fromCharCode xhs.js:290 + { => { xhs.js:290 l + e => le xhs.js:290 le + n => len xhs.js:290 len + g => leng xhs.js:290 leng + t => lengt xhs.js:290 lengt + h => length xhs.js:290 c + h => ch xhs.js:290 ch + a => cha xhs.js:290 cha + r => char xhs.js:290 char + C => charC xhs.js:290 charC + o => charCo xhs.js:290 charCo + d => charCod xhs.js:290 charCod + e => charCode xhs.js:290 charCode + A => charCodeA xhs.js:290 charCodeA + t => charCodeAt xhs.js:286 1 '%' 4 '=>' 1 xhs.js:290 f + r => fr xhs.js:290 fr + o => fro xhs.js:290 fro + m => from xhs.js:290 from + C => fromC xhs.js:290 fromC + h => fromCh xhs.js:290 fromCh + a => fromCha xhs.js:290 fromCha + r => fromChar xhs.js:290 fromChar + C => fromCharC xhs.js:290 fromCharC + o => fromCharCo xhs.js:290 fromCharCo + d => fromCharCod xhs.js:290 fromCharCod + e => fromCharCode xhs.js:290 { + " => {" xhs.js:290 l + e => le xhs.js:290 le + n => len xhs.js:290 len + g => leng xhs.js:290 leng + t => lengt xhs.js:290 lengt + h => length xhs.js:290 c + h => ch xhs.js:290 ch + a => cha xhs.js:290 cha + r => char xhs.js:290 char + C => charC xhs.js:290 charC + o => charCo xhs.js:290 charCo + d => charCod xhs.js:290 charCod + e => charCode xhs.js:290 charCode + A => charCodeA xhs.js:290 charCodeA + t => charCodeAt xhs.js:286 2 '%' 4 '=>' 2 xhs.js:290 f + r => fr xhs.js:290 fr + o => fro xhs.js:290 fro + m => from xhs.js:290 from + C => fromC xhs.js:290 fromC + h => fromCh xhs.js:290 fromCh + a => fromCha xhs.js:290 fromCha + r => fromChar xhs.js:290 fromChar + C => fromCharC xhs.js:290 fromCharC + o => fromCharCo xhs.js:290 fromCharCo + d => fromCharCod xhs.js:290 fromCharCod + e => fromCharCode xhs.js:290 {" + s => {"s xhs.js:290 l + e => le xhs.js:290 le + n => len xhs.js:290 len + g => leng xhs.js:290 leng + t => lengt xhs.js:290 lengt + h => length xhs.js:290 c + h => ch xhs.js:290 ch + a => cha xhs.js:290 cha + r => char xhs.js:290 char + C => charC xhs.js:290 charC + o => charCo xhs.js:290 charCo + d => charCod xhs.js:290 charCod + e => charCode xhs.js:290 charCode + A => charCodeA xhs.js:290 charCodeA + t => charCodeAt xhs.js:286 3 '%' 4 '=>' 3 xhs.js:290 f + r => fr xhs.js:290 fr + o => fro xhs.js:290 fro + m => from xhs.js:290 from + C => fromC xhs.js:290 fromC + h => fromCh xhs.js:290 fromCh + a => fromCha xhs.js:290 fromCha + r => fromChar xhs.js:290 fromChar + C => fromCharC xhs.js:290 fromCharC + o => fromCharCo xhs.js:290 fromCharCo + d => fromCharCod xhs.js:290 fromCharCod + e => fromCharCode xhs.js:290 {"s + i => {"si xhs.js:290 l + e => le xhs.js:290 le + n => len xhs.js:290 len + g => leng xhs.js:290 leng + t => lengt xhs.js:290 lengt + h => length xhs.js:290 c + h => ch xhs.js:290 ch + a => cha xhs.js:290 cha + r => char xhs.js:290 char + C => charC xhs.js:290 charC + o => charCo xhs.js:290 charCo + d => charCod xhs.js:290 charCod + e => charCode xhs.js:290 charCode + A => charCodeA xhs.js:290 charCodeA + t => charCodeAt xhs.js:286 4 '%' 4 '=>' 0 xhs.js:290 s + h => sh xhs.js:290 sh + o => sho xhs.js:290 sho + u => shou xhs.js:290 shou + l => shoul xhs.js:290 shoul + d => should xhs.js:290 should + J => shouldJ xhs.js:290 shouldJ + o => shouldJo xhs.js:290 shouldJo + k => shouldJok xhs.js:290 shouldJok + e => shouldJoke xhs.js:290 shouldJoke + r => shouldJoker xhs.js:290 f + r => fr xhs.js:290 fr + o => fro xhs.js:290 fro + m => from xhs.js:290 from + C => fromC xhs.js:290 fromC + h => fromCh xhs.js:290 fromCh + a => fromCha xhs.js:290 fromCha + r => fromChar xhs.js:290 fromChar + C => fromCharC xhs.js:290 fromCharC + o => fromCharCo xhs.js:290 fromCharCo + d => fromCharCod xhs.js:290 fromCharCod + e => fromCharCode xhs.js:290 {"si + g => {"sig xhs.js:290 l + e => le xhs.js:290 le + n => len xhs.js:290 len + g => leng xhs.js:290 leng + t => lengt xhs.js:290 lengt + h => length xhs.js:290 c + h => ch xhs.js:290 ch + a => cha xhs.js:290 cha + r => char xhs.js:290 char + C => charC xhs.js:290 charC + o => charCo xhs.js:290 charCo + d => charCod xhs.js:290 charCod + e => charCode xhs.js:290 charCode + A => charCodeA xhs.js:290 charCodeA + t => charCodeAt xhs.js:286 5 '%' 4 '=>' 1 xhs.js:290 f + r => fr xhs.js:290 fr + o => fro xhs.js:290 fro + m => from xhs.js:290 from + C => fromC xhs.js:290 fromC + h => fromCh xhs.js:290 fromCh + a => fromCha xhs.js:290 fromCha + r => fromChar xhs.js:290 fromChar + C => fromCharC xhs.js:290 fromCharC + o => fromCharCo xhs.js:290 fromCharCo + d => fromCharCod xhs.js:290 fromCharCod + e => fromCharCode xhs.js:290 {"sig + n => {"sign
-
从最上面的长串可以看出:
有可能是
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=
的charAt生成的ey……J9
注释:这里就很明显的可以看出,非常类似汇编的感觉,进行处理之前,先把需要的参数入栈,然后取指、执行,也就是它自己实现了解释器,对很长的字节码进行解释执行,我叫它
vmp
不过分把?
- 验证一下:
xhs.js:490 123 '>>' 2 '=>' 30
xhs.js:278 123 '&' 3 '=>' 3
xhs.js:384 3 '<<' 4 '=>' 48
xhs.js:490 34 '>>' 4 '=>' 2
xhs.js:426 48 '|' 2 '=>' 50
xhs.js:278 34 '&' 15 '=>' 2
xhs.js:384 2 '<<' 2 '=>' 8
xhs.js:490 115 '>>' 6 '=>' 1
xhs.js:426 8 '|' 1 '=>' 9
xhs.js:278 115 '&' 63 '=>' 51
xhs.js:290 c + h => ch
xhs.js:290 ch + a => cha
xhs.js:290 cha + r => char
xhs.js:290 char + A => charA
xhs.js:290 charA + t => charAt
xhs.js:290 + e => e
xhs.js:290 c + h => ch
xhs.js:290 ch + a => cha
xhs.js:290 cha + r => char
xhs.js:290 char + A => charA
xhs.js:290 charA + t => charAt
xhs.js:290 e + y => ey
xhs.js:290 c + h => ch
xhs.js:290 ch + a => cha
xhs.js:290 cha + r => char
xhs.js:290 char + A => charA
xhs.js:290 charA + t => charAt
xhs.js:290 ey + J => eyJ
xhs.js:290 c + h => ch
xhs.js:290 ch + a => cha
xhs.js:290 cha + r => char
xhs.js:290 char + A => charA
xhs.js:290 charA + t => charAt
xhs.js:290 eyJ + z => eyJz
xhs.js:290 l + e => le
xhs.js:290 le + n => len
xhs.js:290 len + g => leng
xhs.js:290 leng + t => lengt
xhs.js:290 lengt + h => length
xhs.js:290 c + h => ch
xhs.js:290 ch + a => cha
xhs.js:290 cha + r => char
xhs.js:290 char + C => charC
xhs.js:290 charC + o => charCo
xhs.js:290 charCo + d => charCod
xhs.js:290 charCod + e => charCode
xhs.js:290 charCode + A => charCodeA
xhs.js:290 charCodeA + t => charCodeAt
xhs.js:290 c + h => ch
xhs.js:290 ch + a => cha
xhs.js:290 cha + r => char
xhs.js:290 char + C => charC
xhs.js:290 charC + o => charCo
xhs.js:290 charCo + d => charCod
xhs.js:290 charCod + e => charCode
xhs.js:290 charCode + A => charCodeA
xhs.js:290 charCodeA + t => charCodeAt
xhs.js:290 c + h => ch
xhs.js:290 ch + a => cha
xhs.js:290 cha + r => char
xhs.js:290 char + C => charC
xhs.js:290 charC + o => charCo
xhs.js:290 charCo + d => charCod
xhs.js:290 charCod + e => charCode
xhs.js:290 charCode + A => charCodeA
xhs.js:290 charCodeA + t => charCodeAt
xhs.js:290 s + h => sh
xhs.js:290 sh + o => sho
xhs.js:290 sho + u => shou
xhs.js:290 shou + l => shoul
xhs.js:290 shoul + d => should
xhs.js:290 should + J => shouldJ
xhs.js:290 shouldJ + o => shouldJo
xhs.js:290 shouldJo + k => shouldJok
xhs.js:290 shouldJok + e => shouldJoke
xhs.js:290 shouldJoke + r => shouldJoker
产生了eyJz
后面的一样:
-
{"signSvn:……
每三个char
一组,产生4个数,这四个数作为charAt
的参数产生ey……
这也就验证了,为什么每次都是XYW_ey……
开头,因为{"
对应的charCode
为123
、34
,-
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=".charAt(123>>2)
永远都是e
-
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=".charAt((123&3<<4) |(34 >>4))
永远都是y
-
-
还原
JS
为function getXYW(payload) { let in1 = `{"signSvn":"51","signType":"x1","payload":"${payload}"}` let XYW = "XYW_" let iter = [] for (let i = 0; i < in1.length; i=i+3) { let num1 = in1[i].charCodeAt(0) let num2 = in1[i+1] === undefined undefined :in1[i+1].charCodeAt(0) let num3 = in1[i+2] === undefined undefined :in1[i+2].charCodeAt(0) iter.push(num1 >> 2) num2 && iter.push(((num1 & 3) << 4) | (num2 >> 4)) num3 && iter.push(((num2 & 15) << 2) | (num3 >> 6)) num3 && iter.push(num3 & 63) } for (i of iter){ let code = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=" XYW+=code.charAt(i) } return { "X-s":XYW, "X-t":now } }
3.2 payload
的算法
- 由上面的
signSvn
串得知下一步需要逆推payload
串,还是一样的思路,去payload串最开始产生的地方看看线索。(nam sayin……,这种逆向就是这种,一步一步逆推,为什么我一直做着这种繁琐、掉头发、还没有很好的变现渠道的事情?还不是因为逆向出来了收获一点成就感而已,喜欢和人博弈的感觉,但是,这又有什么意义呢?一些胡言乱语………_) - 本次日志的payload为
"95eebfd3e679a5c58dc3114d87e8395e4ea808a6bde9ca7b9caeab83da140924302f645e1bc713d00add7a36087e52e2c9e3bfda1faa1eb90d74aa31b54c72cd0d74aa31b54c72cdac489b9da8ce5e48f4afb9acfc3ea26fe0b266a6b4cc3cb573da600666e5c7e69e876e0ec2ff7cd54d7a9d117baaea25bb29fd2d5a562259eec60d549c7b8682b5265a0a290e37fd2d64d9ca32a4bdacd54fcc8c90ef8770e3dadf86c3164a1aa31cc81c9ffa4903f50986def5245f659cd8cacf638e1df6"
xhs.js:290 ???ó?y¥????M?è9^N¨|?éê{????ú? chatCodeAt(0) >> 4 = 11 => b
/d^???D
Yz6~Raé??ú?a?1
ta1μLrí
ta1μLrí?H??¨?^H?ˉ1?ü>¢oà2f|′ì<μsú`?f?????n???|?Mz??{aê%?)y-ZV"Y??
T?{??μ&Z
)?7y-dùê2¤???Oì????p?ú????J?£?è??úI?? ?T?$_e + ??ê?c??? => ???ó?y¥????M?è9^N¨|?éê{????ú? chatCodeAt(1) & 15 = 15 => f
/d^???D
Yz6~Raé??ú?a?1
ta1μLrí
ta1μLrí?H??¨?^H?ˉ1?ü>¢oà2f|′ì<μsú`?f?????n???|?Mz??{aê%?)y-ZV"Y??
T?{??μ&Z
)?7y-dùê2¤???Oì????p?ú????J?£?è??úI?? ?T?$_e??ê?c???
xhs.js:290 184 '+' 8 '=>' 192
xhs.js:290 + ???ó?y¥????M?è9^N¨|?éê{????ú? 9 => 9
5 => 5
11 => b
14 => e
15 => f
//这个把类似的都看一遍的话就比较容易看出来了,其实就是10以内的数直接转string,大于等于10的模10取余,从'a'右偏余数个位置,比如11%10=1 => *(&a+1) = b(取地址的写法都出来了……理解就行,严格取地址偏移的话,应该是+span,span是js中char所占的位宽)
/d^???D
Yz6~Raé??ú?a?1
ta1μLrí
ta1μLrí?H??¨?^H?ˉ1?ü>¢oà2f|′ì<μsú`?f?????n???|?Mz??{aê%?)y-ZV"Y??
T?{??μ&Z
)?7y-dùê2¤???Oì????p?ú????J?£?è??úI?? ?T?$_e??ê?c??? => ???ó?y¥????M?è9^N¨|?éê{????ú? js
/d^???D
Yz6~Raé??ú?a?1
ta1μLrí
ta1μLrí?H??¨?^H?ˉ1?ü>¢oà2f|′ì<μsú`?f?????n???|?Mz??{aê%?)y-ZV"Y??
T?{??μ&Z
)?7y-dùê2¤???Oì????p?ú????J?£?è??úI?? ?T?$_e??ê?c???
xhs.js:290 e + n => en
xhs.js:290 en + c => enc
xhs.js:290 enc + r => encr
xhs.js:290 encr + y => encry
xhs.js:290 encry + p => encryp
xhs.js:290 encryp + t => encrypt
xhs.js:290 l + e => le
xhs.js:290 le + n => len
xhs.js:290 len + g => leng
xhs.js:290 leng + t => lengt
xhs.js:290 lengt + h => length
xhs.js:290 c + h => ch
xhs.js:290 ch + a => cha
xhs.js:290 cha + r => char
xhs.js:290 char + C => charC
xhs.js:290 charC + o => charCo
xhs.js:290 charCo + d => charCod
xhs.js:290 charCod + e => charCode
xhs.js:290 charCode + A => charCodeA
xhs.js:290 charCodeA + t => charCodeAt
xhs.js:490 149 '>>' 4 '=>' 9
xhs.js:278 149 '&' 15 '=>' 5
xhs.js:290 9 + 5 => 95
xhs.js:290 + 95 => 95
xhs.js:290 l + e => le
xhs.js:290 le + n => len
xhs.js:290 len + g => leng
xhs.js:290 leng + t => lengt
xhs.js:290 lengt + h => length
xhs.js:290 c + h => ch
xhs.js:290 ch + a => cha
xhs.js:290 cha + r => char
xhs.js:290 char + C => charC
xhs.js:290 charC + o => charCo
xhs.js:290 charCo + d => charCod
xhs.js:290 charCod + e => charCode
xhs.js:290 charCode + A => charCodeA
xhs.js:290 charCodeA + t => charCodeAt
xhs.js:490 238 '>>' 4 '=>' 14
xhs.js:278 238 '&' 15 '=>' 14
xhs.js:290 e + e => ee
xhs.js:290 95 + ee => 95ee
xhs.js:290 l + e => le
xhs.js:290 le + n => len
xhs.js:290 len + g => leng
xhs.js:290 leng + t => lengt
xhs.js:290 lengt + h => length
xhs.js:290 c + h => ch
xhs.js:290 ch + a => cha
xhs.js:290 cha + r => char
xhs.js:290 char + C => charC
xhs.js:290 charC + o => charCo
xhs.js:290 charCo + d => charCod
xhs.js:290 charCod + e => charCode
xhs.js:290 charCode + A => charCodeA
xhs.js:290 charCodeA + t => charCodeAt
xhs.js:490 191 '>>' 4 '=>' 11
xhs.js:278 191 '&' 15 '=>' 15
xhs.js:290 b + f => bf
xhs.js:290 95ee + bf => 95eebf
-
看该日志,有了一些经验的话,就猜测:
- 乱码的
function get_payload(lm){ let payload = "" for (let i = 0; i < lm.length; i++){ let code = lm.charCodeAt(i) let nums = [code >> 4,code & 15] let num; for (num of nums){ if (num >= 10){ payload += String.fromCharCode(num % 10 + 97) }else{ payload += num } } } return payload }
- 乱码的
3.3 乱码的由来
- 乱码的
-
验证下呗:
-
果然是正确的,那么:
- 老办法,我们来到乱码产生的第一个位置,寻找线索:
xhs.js:290 eDE9MzQ3YzI2NmM0MDk0MGExZmU2MjNhMmQ2OGUyZTY2Njk7eDI9MHwwfDB8MXwwfDB8MXwwfDB8MHwxfDB8MHwwfDA7eDM9MTg4YWFmOTI2OTBjZmpncWxmNnJvNjBmbWQ1d3Qwa2N6aGQzbHQ3MnA1MDAwMDI1NDc4Mjt4ND0xNjg2OTg3NzM1MDM5Ow= + = => eDE9MzQ3YzI2NmM0MDk0MGExZmU2MjNhMmQ2OGUyZTY2Njk7eDI9MHwwfDB8MXwwfDB8MXwwfDB8MHwxfDB8MHwwfDA7eDM9MTg4YWFmOTI2OTBjZmpncWxmNnJvNjBmbWQ1d3Qwa2N6aGQzbHQ3MnA1MDAwMDI1NDc4Mjt4ND0xNjg2OTg3NzM1MDM5Ow== xhs.js:290 l + e => le xhs.js:290 le + n => len xhs.js:290 len + g => leng xhs.js:290 leng + t => lengt xhs.js:290 lengt + h => length xhs.js:290 s + t => st xhs.js:290 st + a => sta xhs.js:290 sta + c => stac xhs.js:290 stac + k => stack xhs.js:290 stack + O => stackO xhs.js:290 stackO + u => stackOu xhs.js:290 stackOu + t => stackOut xhs.js:290 stackOut + p => stackOutp xhs.js:290 stackOutp + u => stackOutpu xhs.js:290 stackOutpu + t => stackOutput xhs.js:290 s + t => st xhs.js:290 st + a => sta xhs.js:290 sta + c => stac xhs.js:290 stac + k => stack xhs.js:290 stack + I => stackI xhs.js:290 stackI + n => stackIn xhs.js:290 stackIn + p => stackInp xhs.js:290 stackInp + u => stackInpu xhs.js:290 stackInpu + t => stackInput xhs.js:290 s + t => st xhs.js:290 st + a => sta xhs.js:290 sta + c => stac xhs.js:290 stac + k => stack xhs.js:290 stack + O => stackO xhs.js:290 stackO + u => stackOu xhs.js:290 stackOu + t => stackOut xhs.js:290 stackOut + p => stackOutp xhs.js:290 stackOutp + u => stackOutpu xhs.js:290 stackOutpu + t => stackOutput xhs.js:290 s + h => sh xhs.js:290 sh + o => sho xhs.js:290 sho + u => shou xhs.js:290 shou + l => shoul xhs.js:290 shoul + d => should xhs.js:290 should + J => shouldJ xhs.js:290 shouldJ + o => shouldJo xhs.js:290 shouldJo + k => shouldJok xhs.js:290 shouldJok + e => shouldJoke xhs.js:290 shouldJoke + r => shouldJoker xhs.js:290 x + 1 => x1 xhs.js:290 5 + 1 => 51 xhs.js:290 e + n => en xhs.js:290 en + c => enc xhs.js:290 enc + r => encr xhs.js:290 encr + y => encry xhs.js:290 encry + p => encryp xhs.js:290 encryp + t => encrypt xhs.js:290 s + t => st xhs.js:290 st + a => sta xhs.js:290 sta + c => stac xhs.js:290 stac + k => stack xhs.js:290 stack + I => stackI xhs.js:290 stackI + n => stackIn xhs.js:290 stackIn + p => stackInp xhs.js:290 stackInp + u => stackInpu xhs.js:290 stackInpu + t => stackInput xhs.js:290 d + e => de xhs.js:290 de + c => dec xhs.js:290 dec + r => decr xhs.js:290 decr + y => decry xhs.js:290 decry + p => decryp xhs.js:290 decryp + t => decrypt xhs.js:290 s + t => st xhs.js:290 st + a => sta xhs.js:290 sta + c => stac xhs.js:290 stac + k => stack xhs.js:290 stack + I => stackI xhs.js:290 stackI + n => stackIn xhs.js:290 stackIn + p => stackInp xhs.js:290 stackInp + u => stackInpu xhs.js:290 stackInpu + t => stackInput xhs.js:290 s + t => st xhs.js:290 st + a => sta xhs.js:290 sta + c => stac xhs.js:290 stac + k => stack xhs.js:290 stack + I => stackI xhs.js:290 stackI + n => stackIn xhs.js:290 stackIn + p => stackInp xhs.js:290 stackInp + u => stackInpu xhs.js:290 stackInpu + t => stackInput xhs.js:290 stackInput + 2 => stackInput2 xhs.js:290 s + t => st xhs.js:290 st + a => sta xhs.js:290 sta + c => stac xhs.js:290 stac + k => stack xhs.js:290 stack + I => stackI xhs.js:290 stackI + n => stackIn xhs.js:290 stackIn + p => stackInp xhs.js:290 stackInp + u => stackInpu xhs.js:290 stackInpu + t => stackInput xhs.js:290 stackInput + 2 => stackInput2 xhs.js:290 l + e => le xhs.js:290 le + n => len xhs.js:290 len + g => leng xhs.js:290 leng + t => lengt xhs.js:290 lengt + h => length xhs.js:290 l + e => le xhs.js:290 le + n => len xhs.js:290 len + g => leng xhs.js:290 leng + t => lengt xhs.js:290 lengt + h => length xhs.js:290 e + n => en xhs.js:290 en + c => enc xhs.js:290 enc + r => encr xhs.js:290 encr + y => encry xhs.js:290 encry + p => encryp xhs.js:290 encryp + t => encrypt xhs.js:290 c + h => ch xhs.js:290 ch + a => cha xhs.js:290 cha + r => char xhs.js:290 char + C => charC xhs.js:290 charC + o => charCo xhs.js:290 charCo + d => charCod xhs.js:290 charCod + e => charCode xhs.js:290 charCode + A => charCodeA xhs.js:290 charCodeA + t => charCodeAt xhs.js:384 101 '<<' 24 '=>' 1694498816 xhs.js:290 c + h => ch xhs.js:290 ch + a => cha xhs.js:290 cha + r => char xhs.js:290 char + C => charC xhs.js:290 charC + o => charCo xhs.js:290 charCo + d => charCod xhs.js:290 charCod + e => charCode xhs.js:290 charCode + A => charCodeA xhs.js:290 charCodeA + t => charCodeAt xhs.js:384 68 '<<' 16 '=>' 4456448 xhs.js:290 c + h => ch xhs.js:290 ch + a => cha xhs.js:290 cha + r => char xhs.js:290 char + C => charC xhs.js:290 charC + o => charCo xhs.js:290 charCo + d => charCod xhs.js:290 charCod + e => charCode xhs.js:290 charCode + A => charCodeA xhs.js:290 charCodeA + t => charCodeAt xhs.js:384 69 '<<' 8 '=>' 17664 xhs.js:290 c + h => ch xhs.js:290 ch + a => cha xhs.js:290 cha + r => char xhs.js:290 char + C => charC xhs.js:290 charC + o => charCo xhs.js:290 charCo + d => charCod xhs.js:290 charCod + e => charCode xhs.js:290 charCode + A => charCodeA xhs.js:290 charCodeA + t => charCodeAt xhs.js:426 1694498816 '|' 4456448 '=>' 1698955264 xhs.js:426 1698955264 '|' 17664 '=>' 1698972928 xhs.js:426 1698972928 '|' 57 '=>' 1698972985 xhs.js:290 c + h => ch xhs.js:290 ch + a => cha xhs.js:290 cha + r => char xhs.js:290 char + C => charC xhs.js:290 charC + o => charCo xhs.js:290 charCo + d => charCod xhs.js:290 charCod + e => charCode xhs.js:290 charCode + A => charCodeA xhs.js:290 charCodeA + t => charCodeAt xhs.js:384 77 '<<' 24 '=>' 1291845632 xhs.js:290 c + h => ch xhs.js:290 ch + a => cha xhs.js:290 cha + r => char xhs.js:290 char + C => charC xhs.js:290 charC + o => charCo xhs.js:290 charCo + d => charCod xhs.js:290 charCod + e => charCode xhs.js:290 charCode + A => charCodeA xhs.js:290 charCodeA + t => charCodeAt xhs.js:384 122 '<<' 16 '=>' 7995392 xhs.js:290 c + h => ch xhs.js:290 ch + a => cha xhs.js:290 cha + r => char xhs.js:290 char + C => charC xhs.js:290 charC + o => charCo xhs.js:290 charCo + d => charCod xhs.js:290 charCod + e => charCode xhs.js:290 charCode + A => charCodeA xhs.js:290 charCodeA + t => charCodeAt xhs.js:384 81 '<<' 8 '=>' 20736 xhs.js:290 c + h => ch xhs.js:290 ch + a => cha xhs.js:290 cha + r => char xhs.js:290 char + C => charC xhs.js:290 charC + o => charCo xhs.js:290 charCo + d => charCod xhs.js:290 charCod + e => charCode xhs.js:290 charCode + A => charCodeA xhs.js:290 charCodeA + t => charCodeAt xhs.js:426 1291845632 '|' 7995392 '=>' 1299841024 xhs.js:426 1299841024 '|' 20736 '=>' 1299861760 xhs.js:426 1299861760 '|' 51 '=>' 1299861811 xhs.js:282 1698972985 '>>>' 4 '=>' 106185811 xhs.js:531 106185811 '^' 1299861811 '=>' 1261311328 xhs.js:278 1261311328 '&' 252645135 '=>' 185468160 xhs.js:531 1299861811 '^' 185468160 '=>' 1182028851 xhs.js:384 185468160 '<<' 4 '=>' -1327476736 xhs.js:531 1698972985 '^' -1327476736 '=>' -710666951 xhs.js:282 -710666951 '>>>' 16 '=>' 54692 xhs.js:531 54692 '^' 1182028851 '=>' 1182040471 xhs.js:278 1182040471 '&' 65535 '=>' 33175 xhs.js:531 1182028851 '^' 33175 '=>' 1182061988 xhs.js:384 33175 '<<' 16 '=>' -2120810496 xhs.js:531 -710666951 '^' -2120810496 '=>' 1412633913 xhs.js:282 1182061988 '>>>' 2 '=>' 295515497 xhs.js:531 295515497 '^' 1412633913 '=>' 1169039440 xhs.js:278 1169039440 '&' 858993459 '=>' 19013648 xhs.js:531 1412633913 '^' 19013648 '=>' 1427191081 xhs.js:384 19013648 '<<' 2 '=>' 76054592 xhs.js:531 1182061988 '^' 76054592 '=>' 1123833316 xhs.js:282 1123833316 '>>>' 8 '=>' 4389973 xhs.js:531 4389973 '^' 1427191081 '=>' 1431554428 xhs.js:278 1431554428 '&' 16711935 '=>' 5439612 xhs.js:531 1427191081 '^' 5439612 '=>' 1430402389 xhs.js:384 5439612 '<<' 8 '=>' 1392540672 xhs.js:531 1123833316 '^' 1392540672 '=>' 301738468 xhs.js:282 1430402389 '>>>' 1 '=>' 715201194 xhs.js:531 715201194 '^' 301738468 '=>' 995963726 xhs.js:278 995963726 '&' 1431655765 '=>' 290787652 xhs.js:531 301738468 '^' 290787652 '=>' 11090080 xhs.js:384 290787652 '<<' 1 '=>' 581575304 xhs.js:531 1430402389 '^' 581575304 '=>' 2011699165 xhs.js:384 2011699165 '<<' 1 '=>' -271568966 xhs.js:282 2011699165 '>>>' 31 '=>' 0 xhs.js:426 -271568966 '|' 0 '=>' -271568966 xhs.js:384 11090080 '<<' 1 '=>' 22180160 xhs.js:282 11090080 '>>>' 31 '=>' 0 xhs.js:426 22180160 '|' 0 '=>' 22180160 xhs.js:290 0 '+' 1 '=>' 1 xhs.js:290 0 '+' 2 '=>' 2 xhs.js:531 22180160 '^' 187050025 '=>' 175397225 xhs.js:282 22180160 '>>>' 4 '=>' 1386260 xhs.js:384 22180160 '<<' 28 '=>' 0 xhs.js:426 1386260 '|' 0 '=>' 1386260 xhs.js:290 0 '+' 1 '=>' 1 xhs.js:531 1386260 '^' 472920585 '=>' 472192285 xhs.js:282 175397225 '>>>' 24 '=>' 10 xhs.js:278 10 '&' 63 '=>' 10 xhs.js:282 175397225 '>>>' 16 '=>' 2676 xhs.js:278 2676 '&' 63 '=>' 52 xhs.js:426 -2146402304 '|' 8388609 '=>' -2138013695 xhs.js:282 175397225 '>>>' 8 '=>' 685145 xhs.js:278 685145 '&' 63 '=>' 25 xhs.js:426 -2138013695 '|' 0 '=>' -2138013695 xhs.js:278 175397225 '&' 63 '=>' 41 xhs.js:426 -2138013695 '|' 64 '=>' -2138013631 xhs.js:282 472192285 '>>>' 24 '=>' 28 xhs.js:278 28 '&' 63 '=>' 28 xhs.js:426 -2138013631 '|' 0 '=>' -2138013631 xhs.js:282 472192285 '>>>' 16 '=>' 7205 xhs.js:278 7205 '&' 63 '=>' 37 xhs.js:426 -2138013631 '|' 134349312 '=>' -2003664319 xhs.js:282 472192285 '>>>' 8 '=>' 1844501 xhs.js:278 1844501 '&' 63 '=>' 21 xhs.js:426 -2003664319 '|' 1107820800 '=>' -895843519 xhs.js:278 472192285 '&' 63 '=>' 29 xhs.js:426 -895843519 '|' 2 '=>' -895843517 xhs.js:531 -271568966 '^' -895843517 '=>' 625650937 xhs.js:290 0 '+' 2 '=>' 2 xhs.js:531 625650937 '^' 186915882 '=>' 779006163 xhs.js:282 625650937 '>>>' 4 '=>' 39103183 xhs.js:384 625650937 '<<' 28 '=>' -1879048192 xhs.js:426 39103183 '|' -1879048192 '=>' -1839945009 xhs.js:290 2 '+' 1 '=>' 3 xhs.js:531 -1839945009 '^' 876157969 '=>' -1502759202 xhs.js:282 779006163 '>>>' 24 '=>' 46 xhs.js:278 46 '&' 63 '=>' 46 xhs.js:282 779006163 '>>>' 16 '=>' 11886 xhs.js:278 11886 '&' 63 '=>' 46 xhs.js:426 32768 '|' 8321 '=>' 41089 xhs.js:282 779006163 '>>>' 8 '=>' 3042992 xhs.js:278 3042992 '&' 63 '=>' 48 xhs.js:426 41089 '|' 4210704 '=>' 4251793 xhs.js:278 779006163 '&' 63 '=>' 19 xhs.js:426 4251793 '|' 4160 '=>' 4255953 xhs.js:282 -1502759202 '>>>' 24 '=>' 166 xhs.js:278 166 '&' 63 '=>' 38 xhs.js:426 4255953 '|' 16777216 '=>' 21033169 xhs.js:282 -1502759202 '>>>' 16 '=>' 42605 xhs.js:278 42605 '&' 63 '=>' 45 xhs.js:426 21033169 '|' 512 '=>' 21033681 xhs.js:282 -1502759202 '>>>' 8 '=>' 10907062 xhs.js:278 10907062 '&' 63 '=>' 54 xhs.js:426 21033681 '|' 1074266112 '=>' 1095299793 xhs.js:278 -1502759202 '&' 63 '=>' 30 xhs.js:426 1095299793 '|' 67108864 '=>' 1162408657 xhs.js:531 22180160 '^' 1162408657 '=>' 1142588305 xhs.js:290 2 '+' 2 '=>' 4 xhs.js:531 1142588305 '^' 255199502 '=>' 1261210271 xhs.js:282 1142588305 '>>>' 4 '=>' 71411769 xhs.js:384 1142588305 '<<' 28 '=>' 268435456 xhs.js:426 71411769 '|' 268435456 '=>' 339847225 xhs.js:290 4 '+' 1 '=>' 5 xhs.js:531 339847225 '^' 806945584 '=>' 609790729 xhs.js:282 1261210271 '>>>' 24 '=>' 75 xhs.js:278 75 '&' 63 '=>' 11 xhs.js:282 1261210271 '>>>' 16 '=>' 19244 xhs.js:278 19244 '&' 63 '=>' 44 xhs.js:426 -2147483648 '|' 8396801 '=>' -2139086847 xhs.js:282 1261210271 '>>>' 8 '=>' 4926602 xhs.js:278 4926602 '&' 63 '=>' 10 xhs.js:426 -2139086847 '|' 4194304 '=>' -2134892543 xhs.js:278 1261210271 '&' 63 '=>' 31 xhs.js:426 -2134892543 '|' 262144 '=>' -2134630399 xhs.js:282 609790729 '>>>' 24 '=>' 36 xhs.js:278 36 '&' 63 '=>' 36 xhs.js:426 -2134630399 '|' 16843776 '=>' -2117786623 xhs.js:282 609790729 '>>>' 16 '=>' 9304 xhs.js:278 9304 '&' 63 '=>' 24 xhs.js:426 -2117786623 '|' 134218248 '=>' -1983568375 xhs.js:282 609790729 '>>>' 8 '=>' 2381995 xhs.js:278 2381995 '&' 63 '=>' 43 xhs.js:426 -1983568375 '|' 34078976 '=>' -1949489399 xhs.js:278 609790729 '&' 63 '=>' 9 xhs.js:426 -1949489399 '|' 2097152 '=>' -1947392247 xhs.js:531 625650937 '^' -1947392247 '=>' -1364751376 xhs.js:290 4 '+' 2 '=>' 6 xhs.js:531 -1364751376 '^' 220596020 '=>' -1551790908 xhs.js:282 -1364751376 '>>>' 4 '=>' 183138495 xhs.js:384 -1364751376 '<<' 28 '=>' 0 xhs.js:426 183138495 '|' 0 '=>' 183138495 xhs.js:290 6 '+' 1 '=>' 7 xhs.js:531 183138495 '^' 958210835 '=>' 871848876 xhs.js:282 -1551790908 '>>>' 24 '=>' 163 xhs.js:278 163 '&' 63 '=>' 35 xhs.js:282 -1551790908 '>>>' 16 '=>' 41857 xhs.js:278 41857 '&' 63 '=>' 1 xhs.js:426 1048576 '|' 8321 '=>' 1056897 xhs.js:282 -1551790908 '>>>' 8 '=>' 10715532 xhs.js:278 10715532 '&' 63 '=>' 12 xhs.js:426 1056897 '|' 4194320 '=>' 5251217 xhs.js:278 -1551790908 '&' 63 '=>' 4 xhs.js:426 5251217 '|' 268435456 '=>' 273686673 xhs.js:282 871848876 '>>>' 24 '=>' 51 xhs.js:278 51 '&' 63 '=>' 51 xhs.js:426 273686673 '|' 16778244 '=>' 290464917 xhs.js:282 871848876 '>>>' 16 '=>' 13303 xhs.js:278 13303 '&' 63 '=>' 55 xhs.js:426 290464917 '|' 134217736 '=>' 424682653 xhs.js:282 871848876 '>>>' 8 '=>' 3405659 xhs.js:278 3405659 '&' 63 '=>' 27 xhs.js:426 424682653 '|' 1107296256 '=>' 1531978909 xhs.js:278 871848876 '&' 63 '=>' 44 xhs.js:426 1531978909 '|' 69208064 '=>' 1601186973 xhs.js:531 1142588305 '^' 1601186973 '=>' 459976460 xhs.js:290 6 '+' 2 '=>' 8 xhs.js:531 459976460 '^' 757275681 '=>' 910799661 xhs.js:282 459976460 '>>>' 4 '=>' 28748528 xhs.js:384 459976460 '<<' 28 '=>' -1073741824 xhs.js:426 28748528 '|' -1073741824 '=>' -1044993296 xhs.js:290 8 '+' 1 '=>' 9 xhs.js:531 -1044993296 '^' 940378667 '=>' -105144101 xhs.js:282 910799661 '>>>' 24 '=>' 54 xhs.js:278 54 '&' 63 '=>' 54 xhs.js:282 910799661 '>>>' 16 '=>' 13897 xhs.js:278 13897 '&' 63 '=>' 9 xhs.js:426 -2147483616 '|' 8396800 '=>' -2139086816 xhs.js:282 910799661 '>>>' 8 '=>' 3557811 xhs.js:278 3557811 '&' 63 '=>' 51 xhs.js:426 -2139086816 '|' 541065232 '=>' -1598021584 xhs.js:278 910799661 '&' 63 '=>' 45 xhs.js:426 -1598021584 '|' 268435456 '=>' -1329586128 xhs.js:282 -105144101 '>>>' 24 '=>' 249 xhs.js:278 249 '&' 63 '=>' 57 xhs.js:426 -1329586128 '|' 16778240 '=>' -1312807888 xhs.js:282 -105144101 '>>>' 16 '=>' 63931 xhs.js:278 63931 '&' 63 '=>' 59 xhs.js:426 -1312807888 '|' 134348800 '=>' -1178459088 xhs.js:282 -105144101 '>>>' 8 '=>' 16366496 xhs.js:278 16366496 '&' 63 '=>' 32 xhs.js:426 -1178459088 '|' 524288 '=>' -1177934800 xhs.js:278 -105144101 '&' 63 '=>' 27 xhs.js:426 -1177934800 '|' 69208066 '=>' -1108726734 xhs.js:531 -1364751376 '^' -1108726734 '=>' 323856322 xhs.js:290 8 '+' 2 '=>' 10 xhs.js:531 323856322 '^' 489892883 '=>' 243174353 xhs.js:282 323856322 '>>>' 4 '=>' 20241020 xhs.js:384 323856322 '<<' 28 '=>' 536870912 xhs.js:426 20241020 '|' 536870912 '=>' 557111932 xhs.js:290 10 '+' 1 '=>' 11 xhs.js:531 557111932 '^' 705504304 '=>' 188350028 xhs.js:282 243174353 '>>>' 24 '=>' 14 xhs.js:278 14 '&' 63 '=>' 14 xhs.js:282 243174353 '>>>' 16 '=>' 3710 xhs.js:278 3710 '&' 63 '=>' 62 xhs.js:426 32 '|' 8192 '=>' 8224 xhs.js:282 243174353 '>>>' 8 '=>' 949899 xhs.js:278 949899 '&' 63 '=>' 11 xhs.js:426 8224 '|' 536870928 '=>' 536879152 xhs.js:278 243174353 '&' 63 '=>' 17 xhs.js:426 536879152 '|' 268435520 '=>' 805314672 xhs.js:282 188350028 '>>>' 24 '=>' 11 xhs.js:278 11 '&' 63 '=>' 11 xhs.js:426 805314672 '|' 1024 '=>' 805315696 xhs.js:282 188350028 '>>>' 16 '=>' 2873 xhs.js:278 2873 '&' 63 '=>' 57 xhs.js:426 805315696 '|' 134218248 '=>' 939533944 xhs.js:282 188350028 '>>>' 8 '=>' 735742 xhs.js:278 735742 '&' 63 '=>' 62 xhs.js:426 939533944 '|' 34078976 '=>' 973612920 xhs.js:278 188350028 '&' 63 '=>' 12 xhs.js:426 973612920 '|' 2 '=>' 973612922 xhs.js:531 459976460 '^' 973612922 '=>' 560105590 xhs.js:290 10 '+' 2 '=>' 12 xhs.js:531 560105590 '^' 354103316 '=>' 880392290 xhs.js:282 560105590 '>>>' 4 '=>' 35006599 xhs.js:384 560105590 '<<' 28 '=>' 1610612736 xhs.js:426 35006599 '|' 1610612736 '=>' 1645619335 xhs.js:290 12 '+' 1 '=>' 13 xhs.js:531 1645619335 '^' 688857884 '=>' 1259932571 xhs.js:282 880392290 '>>>' 24 '=>' 52 xhs.js:278 52 '&' 63 '=>' 52 xhs.js:282 880392290 '>>>' 16 '=>' 13433 xhs.js:278 13433 '&' 63 '=>' 57 xhs.js:426 1048608 '|' 8320 '=>' 1056928 xhs.js:282 880392290 '>>>' 8 '=>' 3439032 xhs.js:278 3439032 '&' 63 '=>' 56 xhs.js:426 1056928 '|' 16384 '=>' 1073312 xhs.js:278 880392290 '&' 63 '=>' 34 xhs.js:426 1073312 '|' 268701696 '=>' 269775008 xhs.js:282 1259932571 '>>>' 24 '=>' 75 xhs.js:278 75 '&' 63 '=>' 11 xhs.js:426 269775008 '|' 1024 '=>' 269776032 xhs.js:282 1259932571 '>>>' 16 '=>' 19225 xhs.js:278 19225 '&' 63 '=>' 25 xhs.js:426 269776032 '|' 131584 '=>' 269907616 xhs.js:282 1259932571 '>>>' 8 '=>' 4921611 xhs.js:278 4921611 '&' 63 '=>' 11 xhs.js:426 269907616 '|' 1074266368 '=>' 1344173984 xhs.js:278 1259932571 '&' 63 '=>' 27 xhs.js:426 1344173984 '|' 69208066 '=>' 1413382050 xhs.js:531 323856322 '^' 1413382050 '=>' 1198774368 xhs.js:290 12 '+' 2 '=>' 14 xhs.js:531 1198774368 '^' 890312192 '=>' 1919077984 xhs.js:282 1198774368 '>>>' 4 '=>' 74923398 xhs.js:384 1198774368 '<<' 28 '=>' 0 xhs.js:426 74923398 '|' 0 '=>' 74923398 xhs.js:290 14 '+' 1 '=>' 15 xhs.js:531 74923398 '^' 219096591 '=>' 158866313 xhs.js:282 1919077984 '>>>' 24 '=>' 114 xhs.js:278 114 '&' 63 '=>' 50 xhs.js:282 1919077984 '>>>' 16 '=>' 29282 xhs.js:278 29282 '&' 63 '=>' 34 xhs.js:426 1048576 '|' 8396800 '=>' 9445376 xhs.js:282 1919077984 '>>>' 8 '=>' 7496398 xhs.js:278 7496398 '&' 63 '=>' 14 xhs.js:426 9445376 '|' 536870912 '=>' 546316288 xhs.js:278 1919077984 '&' 63 '=>' 32 xhs.js:426 546316288 '|' 266304 '=>' 546582592 xhs.js:282 158866313 '>>>' 24 '=>' 9 xhs.js:278 9 '&' 63 '=>' 9 xhs.js:426 546582592 '|' 16843776 '=>' 563426368 xhs.js:282 158866313 '>>>' 16 '=>' 2424 xhs.js:278 2424 '&' 63 '=>' 56 xhs.js:426 563426368 '|' 134348800 '=>' 697775168 xhs.js:282 158866313 '>>>' 8 '=>' 620571 xhs.js:278 620571 '&' 63 '=>' 27 xhs.js:426 697775168 '|' 1107296256 '=>' 1805071424 xhs.js:278 158866313 '&' 63 '=>' 9 xhs.js:426 1805071424 '|' 2097152 '=>' 1807168576 xhs.js:531 560105590 '^' 1807168576 '=>' 1255521334 xhs.js:290 14 '+' 2 '=>' 16 xhs.js:531 1255521334 '^' 622400037 '=>' 1875684883 xhs.js:282 1255521334 '>>>' 4 '=>' 78470083 xhs.js:384 1255521334 '<<' 28 '=>' 1610612736 xhs.js:426 78470083 '|' 1610612736 '=>' 1689082819 xhs.js:290 16 '+' 1 '=>' 17 xhs.js:531 1689082819 '^' 254088489 '=>' 1804095210 xhs.js:282 1875684883 '>>>' 24 '=>' 111 xhs.js:278 111 '&' 63 '=>' 47 xhs.js:282 1875684883 '>>>' 16 '=>' 28620 xhs.js:278 28620 '&' 63 '=>' 12 xhs.js:426 -2147483648 '|' 129 '=>' -2147483519 xhs.js:282 1875684883 '>>>' 8 '=>' 7326894 xhs.js:278 7326894 '&' 63 '=>' 46 xhs.js:426 -2147483519 '|' 4210688 '=>' -2143272831 xhs.js:278 1875684883 '&' 63 '=>' 19 xhs.js:426 -2143272831 '|' 4160 '=>' -2143268671 xhs.js:282 1804095210 '>>>' 24 '=>' 107 xhs.js:278 107 '&' 63 '=>' 43 xhs.js:426 -2143268671 '|' 16777220 '=>' -2126491451 xhs.js:282 1804095210 '>>>' 16 '=>' 27528 xhs.js:278 27528 '&' 63 '=>' 8 xhs.js:426 -2126491451 '|' 131080 '=>' -2126360371 xhs.js:282 1804095210 '>>>' 8 '=>' 7047246 xhs.js:278 7047246 '&' 63 '=>' 14 xhs.js:426 -2126360371 '|' 524544 '=>' -2125835827 xhs.js:278 1804095210 '&' 63 '=>' 42 xhs.js:426 -2125835827 '|' 67110912 '=>' -2058724915 xhs.js:531 1198774368 '^' -2058724915 '=>' -1036418643 xhs.js:290 16 '+' 2 '=>' 18 xhs.js:531 -1036418643 '^' 907618332 '=>' -199185999 xhs.js:282 -1036418643 '>>>' 4 '=>' 203659290 xhs.js:384 -1036418643 '<<' 28 '=>' -805306368 xhs.js:426 203659290 '|' -805306368 '=>' -601647078 xhs.js:290 18 '+' 1 '=>' 19 xhs.js:531 -601647078 '^' 52759587 '=>' -553216967 xhs.js:282 -199185999 '>>>' 24 '=>' 244 xhs.js:278 244 '&' 63 '=>' 52 xhs.js:282 -199185999 '>>>' 16 '=>' 62496 xhs.js:278 62496 '&' 63 '=>' 32 xhs.js:426 1048608 '|' 8388736 '=>' 9437344 xhs.js:282 -199185999 '>>>' 8 '=>' 15999145 xhs.js:278 15999145 '&' 63 '=>' 41 xhs.js:426 9437344 '|' 536887296 '=>' 546324640 xhs.js:278 -199185999 '&' 63 '=>' 49 xhs.js:426 546324640 '|' 268701760 '=>' 815026400 xhs.js:282 -553216967 '>>>' 24 '=>' 223 xhs.js:278 223 '&' 63 '=>' 31 xhs.js:426 815026400 '|' 16777216 '=>' 831803616 xhs.js:282 -553216967 '>>>' 16 '=>' 57094 xhs.js:278 57094 '&' 63 '=>' 6 xhs.js:426 831803616 '|' 131592 '=>' 831935208 xhs.js:282 -553216967 '>>>' 8 '=>' 14616212 xhs.js:278 14616212 '&' 63 '=>' 20 xhs.js:426 831935208 '|' 1073742080 '=>' 1905677288 xhs.js:278 -553216967 '&' 63 '=>' 57 xhs.js:426 1905677288 '|' 2099202 '=>' 1907776490 xhs.js:531 1255521334 '^' 1907776490 '=>' 996403164 xhs.js:290 18 '+' 2 '=>' 20 xhs.js:531 996403164 '^' 907877143 '=>' 226426059 xhs.js:282 996403164 '>>>' 4 '=>' 62275197 xhs.js:384 996403164 '<<' 28 '=>' -1073741824 xhs.js:426 62275197 '|' -1073741824 '=>' -1011466627 xhs.js:290 20 '+' 1 '=>' 21 xhs.js:531 -1011466627 '^' 53870614 '=>' -1065337237 xhs.js:282 226426059 '>>>' 24 '=>' 13 xhs.js:278 13 '&' 63 '=>' 13 xhs.js:282 226426059 '>>>' 16 '=>' 3454 xhs.js:278 3454 '&' 63 '=>' 62 xhs.js:426 1048576 '|' 8192 '=>' 1056768 xhs.js:282 226426059 '>>>' 8 '=>' 884476 xhs.js:278 884476 '&' 63 '=>' 60 xhs.js:426 1056768 '|' 541081600 '=>' 542138368 xhs.js:278 226426059 '&' 63 '=>' 11 xhs.js:426 542138368 '|' 266240 '=>' 542404608 xhs.js:282 -1065337237 '>>>' 24 '=>' 192 xhs.js:278 192 '&' 63 '=>' 0 xhs.js:426 542404608 '|' 16843776 '=>' 559248384 xhs.js:282 -1065337237 '>>>' 16 '=>' 49280 xhs.js:278 49280 '&' 63 '=>' 0 xhs.js:426 559248384 '|' 520 '=>' 559248904 xhs.js:282 -1065337237 '>>>' 8 '=>' 12615742 xhs.js:278 12615742 '&' 63 '=>' 62 xhs.js:426 559248904 '|' 34078976 '=>' 593327880 xhs.js:278 -1065337237 '&' 63 '=>' 43 xhs.js:426 593327880 '|' 2097152 '=>' 595425032 xhs.js:531 -1036418643 '^' 595425032 '=>' -515574107 xhs.js:290 20 '+' 2 '=>' 22 xhs.js:531 -515574107 '^' 839463457 '=>' -749878140 xhs.js:282 -515574107 '>>>' 4 '=>' 236212074 xhs.js:384 -515574107 '<<' 28 '=>' 1342177280 xhs.js:426 236212074 '|' 1342177280 '=>' 1578389354 xhs.js:290 22 '+' 1 '=>' 23 xhs.js:531 1578389354 '^' 389417746 '=>' 1226982520 xhs.js:282 -749878140 '>>>' 24 '=>' 211 xhs.js:278 211 '&' 63 '=>' 19 xhs.js:282 -749878140 '>>>' 16 '=>' 54093 xhs.js:278 54093 '&' 63 '=>' 13 xhs.js:426 0 '|' 0 '=>' 0 xhs.js:282 -749878140 '>>>' 8 '=>' 13848004 xhs.js:278 13848004 '&' 63 '=>' 4 xhs.js:426 0 '|' 541065216 '=>' 541065216 xhs.js:278 -749878140 '&' 63 '=>' 4 xhs.js:426 541065216 '|' 268435456 '=>' 809500672 xhs.js:282 1226982520 '>>>' 24 '=>' 73 xhs.js:278 73 '&' 63 '=>' 9 xhs.js:426 809500672 '|' 16843776 '=>' 826344448 xhs.js:282 1226982520 '>>>' 16 '=>' 18722 xhs.js:278 18722 '&' 63 '=>' 34 xhs.js:426 826344448 '|' 131080 '=>' 826475528 xhs.js:282 1226982520 '>>>' 8 '=>' 4792900 xhs.js:278 4792900 '&' 63 '=>' 4 xhs.js:426 826475528 '|' 524288 '=>' 826999816 xhs.js:278 1226982520 '&' 63 '=>' 56 xhs.js:426 826999816 '|' 0 '=>' 826999816 xhs.js:531 996403164 '^' 826999816 '=>' 170451924 xhs.js:290 22 '+' 2 '=>' 24 xhs.js:531 170451924 '^' 975774727 '=>' 805423059 xhs.js:282 170451924 '>>>' 4 '=>' 10653245 xhs.js:384 170451924 '<<' 28 '=>' 1073741824 xhs.js:426 10653245 '|' 1073741824 '=>' 1084395069 xhs.js:290 24 '+' 1 '=>' 25 xhs.js:531 1084395069 '^' 372382245 '=>' 1452315672 xhs.js:282 805423059 '>>>' 24 '=>' 48 xhs.js:278 48 '&' 63 '=>' 48 xhs.js:282 805423059 '>>>' 16 '=>' 12289 xhs.js:278 12289 '&' 63 '=>' 1 xhs.js:426 32800 '|' 8321 '=>' 41121 xhs.js:282 805423059 '>>>' 8 '=>' 3146183 xhs.js:278 3146183 '&' 63 '=>' 7 xhs.js:426 41121 '|' 4194304 '=>' 4235425 xhs.js:278 805423059 '&' 63 '=>' 19 xhs.js:426 4235425 '|' 4160 '=>' 4239585 xhs.js:282 1452315672 '>>>' 24 '=>' 86 xhs.js:278 86 '&' 63 '=>' 22 xhs.js:426 4239585 '|' 16842752 '=>' 21082337 xhs.js:282 1452315672 '>>>' 16 '=>' 22160 xhs.js:278 22160 '&' 63 '=>' 16 xhs.js:426 21082337 '|' 134217728 '=>' 155300065 xhs.js:282 1452315672 '>>>' 8 '=>' 5673108 xhs.js:278 5673108 '&' 63 '=>' 20 xhs.js:426 155300065 '|' 1073742080 '=>' 1229042145 xhs.js:278 1452315672 '&' 63 '=>' 24 xhs.js:426 1229042145 '|' 69206016 '=>' 1298248161 xhs.js:531 -515574107 '^' 1298248161 '=>' -1406843068 xhs.js:290 24 '+' 2 '=>' 26 xhs.js:531 -1406843068 '^' 437136414 '=>' -1238668454 xhs.js:282 -1406843068 '>>>' 4 '=>' 180507764 xhs.js:384 -1406843068 '<<' 28 '=>' 1073741824 xhs.js:426 180507764 '|' 1073741824 '=>' 1254249588 xhs.js:290 26 '+' 1 '=>' 27 xhs.js:531 1254249588 '^' 909246726 '=>' 2096125298 xhs.js:282 -1238668454 '>>>' 24 '=>' 182 xhs.js:278 182 '&' 63 '=>' 54 xhs.js:282 -1238668454 '>>>' 16 '=>' 46635 xhs.js:278 46635 '&' 63 '=>' 43 xhs.js:426 -2147483616 '|' 1 '=>' -2147483615 xhs.js:282 -1238668454 '>>>' 8 '=>' 11938667 xhs.js:278 11938667 '&' 63 '=>' 43 xhs.js:426 -2147483615 '|' 16400 '=>' -2147467215 xhs.js:278 -1238668454 '&' 63 '=>' 26 xhs.js:426 -2147467215 '|' 0 '=>' -2147467215 xhs.js:282 2096125298 '>>>' 24 '=>' 124 xhs.js:278 124 '&' 63 '=>' 60 xhs.js:426 -2147467215 '|' 65540 '=>' -2147401675 xhs.js:282 2096125298 '>>>' 16 '=>' 31984 xhs.js:278 31984 '&' 63 '=>' 48 xhs.js:426 -2147401675 '|' 134218248 '=>' -2013183427 xhs.js:282 2096125298 '>>>' 8 '=>' 8187989 xhs.js:278 8187989 '&' 63 '=>' 21 xhs.js:426 -2013183427 '|' 1107820800 '=>' -905362627 xhs.js:278 2096125298 '&' 63 '=>' 50 xhs.js:426 -905362627 '|' 69208066 '=>' -836154561 xhs.js:531 170451924 '^' -836154561 '=>' -1006524181 xhs.js:290 26 '+' 2 '=>' 28 xhs.js:531 -1006524181 '^' 168694017 '=>' -837830166 xhs.js:282 -1006524181 '>>>' 4 '=>' 205527694 xhs.js:384 -1006524181 '<<' 28 '=>' -1342177280 xhs.js:426 205527694 '|' -1342177280 '=>' -1136649586 xhs.js:290 28 '+' 1 '=>' 29 xhs.js:531 -1136649586 '^' 473575703 '=>' -1602606183 xhs.js:282 -837830166 '>>>' 24 '=>' 206 xhs.js:278 206 '&' 63 '=>' 14 xhs.js:282 -837830166 '>>>' 16 '=>' 52751 xhs.js:278 52751 '&' 63 '=>' 15 xhs.js:426 32 '|' 8388609 '=>' 8388641 xhs.js:282 -837830166 '>>>' 8 '=>' 13504441 xhs.js:278 13504441 '&' 63 '=>' 57 xhs.js:426 8388641 '|' 4194320 '=>' 12582961 xhs.js:278 -837830166 '&' 63 '=>' 42 xhs.js:426 12582961 '|' 268435520 '=>' 281018481 xhs.js:282 -1602606183 '>>>' 24 '=>' 160 xhs.js:278 160 '&' 63 '=>' 32 xhs.js:426 281018481 '|' 65536 '=>' 281084017 xhs.js:282 -1602606183 '>>>' 16 '=>' 41082 xhs.js:278 41082 '&' 63 '=>' 58 xhs.js:426 281084017 '|' 520 '=>' 281084537 xhs.js:282 -1602606183 '>>>' 8 '=>' 10517035 xhs.js:278 10517035 '&' 63 '=>' 43 xhs.js:426 281084537 '|' 34078976 '=>' 315163513 xhs.js:278 -1602606183 '&' 63 '=>' 25 xhs.js:426 315163513 '|' 2048 '=>' 315165561 xhs.js:531 -1406843068 '^' 315165561 '=>' -1091810243 xhs.js:290 28 '+' 2 '=>' 30 xhs.js:531 -1091810243 '^' 52697872 '=>' -1110943955 xhs.js:282 -1091810243 '>>>' 4 '=>' 200197315 xhs.js:384 -1091810243 '<<' 28 '=>' -805306368 xhs.js:426 200197315 '|' -805306368 '=>' -605109053 xhs.js:290 30 '+' 1 '=>' 31 xhs.js:531 -605109053 '^' 1010440969 '=>' -405479478 xhs.js:282 -1110943955 '>>>' 24 '=>' 189 xhs.js:278 189 '&' 63 '=>' 61 xhs.js:282 -1110943955 '>>>' 16 '=>' 48584 xhs.js:278 48584 '&' 63 '=>' 8 xhs.js:426 -2146435040 '|' 0 '=>' -2146435040 xhs.js:282 -1110943955 '>>>' 8 '=>' 12437591 xhs.js:278 12437591 '&' 63 '=>' 23 xhs.js:426 -2146435040 '|' 541065232 '=>' -1605369808 xhs.js:278 -1110943955 '&' 63 '=>' 45 xhs.js:426 -1605369808 '|' 268435456 '=>' -1336934352 xhs.js:282 -405479478 '>>>' 24 '=>' 231 xhs.js:278 231 '&' 63 '=>' 39 xhs.js:426 -1336934352 '|' 1024 '=>' -1336933328 xhs.js:282 -405479478 '>>>' 16 '=>' 59348 xhs.js:278 59348 '&' 63 '=>' 20 xhs.js:426 -1336933328 '|' 131584 '=>' -1336801744 xhs.js:282 -405479478 '>>>' 8 '=>' 15193311 xhs.js:278 15193311 '&' 63 '=>' 31 xhs.js:426 -1336801744 '|' 524544 '=>' -1336277200 xhs.js:278 -405479478 '&' 63 '=>' 10 xhs.js:426 -1336277200 '|' 0 '=>' -1336277200 xhs.js:531 -1006524181 '^' -1336277200 '=>' 1952165851 xhs.js:290 30 '+' 2 '=>' 32 xhs.js:290 0 '+' 3 '=>' 3 xhs.js:282 1952165851 '>>>' 1 '=>' 976082925 xhs.js:384 1952165851 '<<' 31 '=>' -2147483648 xhs.js:426 976082925 '|' -2147483648 '=>' -1171400723 xhs.js:282 -1091810243 '>>>' 1 '=>' 1601578526 xhs.js:384 -1091810243 '<<' 31 '=>' -2147483648 xhs.js:426 1601578526 '|' -2147483648 '=>' -545905122 xhs.js:282 -1171400723 '>>>' 1 '=>' 1561783286 xhs.js:531 1561783286 '^' -545905122 '=>' -2107585048 xhs.js:278 -2107585048 '&' 1431655765 '=>' 4212032 xhs.js:531 -545905122 '^' 4212032 '=>' -550083746 xhs.js:384 4212032 '<<' 1 '=>' 8424064 xhs.js:531 -1171400723 '^' 8424064 '=>' -1163043475 xhs.js:282 -550083746 '>>>' 8 '=>' 14628451 xhs.js:531 14628451 '^' -1163043475 '=>' -1166906610 xhs.js:278 -1166906610 '&' 16711935 '=>' 7471118 xhs.js:531 -1163043475 '^' 7471118 '=>' -1159766685 xhs.js:384 7471118 '<<' 8 '=>' 1912606208 xhs.js:531 -550083746 '^' 1912606208 '=>' -1388941986 xhs.js:282 -1388941986 '>>>' 2 '=>' 726506327 xhs.js:531 726506327 '^' -1159766685 '=>' -1852651980 xhs.js:278 -1852651980 '&' 858993459 '=>' 286392880 xhs.js:531 -1159766685 '^' 286392880 '=>' -1412604077 xhs.js:384 286392880 '<<' 2 '=>' 1145571520 xhs.js:531 -1388941986 '^' 1145571520 '=>' -377592418 xhs.js:282 -1412604077 '>>>' 16 '=>' 43981 xhs.js:531 43981 '^' -377592418 '=>' -377565613 xhs.js:278 -377565613 '&' 65535 '=>' 52819 xhs.js:531 -377592418 '^' 52819 '=>' -377574451 xhs.js:384 52819 '<<' 16 '=>' -833421312 xhs.js:531 -1412604077 '^' -833421312 '=>' 1704877907 xhs.js:282 1704877907 '>>>' 4 '=>' 106554869 xhs.js:531 106554869 '^' -377574451 '=>' -282636744 xhs.js:278 -282636744 '&' 252645135 '=>' 252120584 xhs.js:531 -377574451 '^' 252120584 '=>' -428235323 xhs.js:384 252120584 '<<' 4 '=>' -261037952 xhs.js:531 1704877907 '^' -261037952 '=>' -1779515437 xhs.js:290 f + r => fr xhs.js:290 fr + o => fro xhs.js:290 fro + m => from xhs.js:290 from + C => fromC xhs.js:290 fromC + h => fromCh xhs.js:290 fromCh + a => fromCha xhs.js:290 fromCha + r => fromChar xhs.js:290 fromChar + C => fromCharC xhs.js:290 fromCharC + o => fromCharCo xhs.js:290 fromCharCo + d => fromCharCod xhs.js:290 fromCharCod + e => fromCharCode xhs.js:282 -1779515437 '>>>' 24 '=>' 149 xhs.js:282 -1779515437 '>>>' 16 '=>' 38382 xhs.js:278 38382 '&' 255 '=>' 238 xhs.js:282 -1779515437 '>>>' 8 '=>' 9825983 xhs.js:278 9825983 '&' 255 '=>' 191 xhs.js:278 -1779515437 '&' 255 '=>' 211 xhs.js:282 -428235323 '>>>' 24 '=>' 230 xhs.js:282 -428235323 '>>>' 16 '=>' 59001 xhs.js:278 59001 '&' 255 '=>' 121 xhs.js:282 -428235323 '>>>' 8 '=>' 15104421 xhs.js:278 15104421 '&' 255 '=>' 165 xhs.js:278 -428235323 '&' 255 '=>' 197 xhs.js:290 + ???ó?y¥? => ???ó?y¥?
还原代码:
DFS
mapping = {} # 用于缓存递归子集,减少递归次数,非常有效
# 存储那些无需往上搜寻的数 按情况处理添加删除
no_need = {
"1": "1",
"2": "2",
"4": "4",
"8": "8",
"16": "16",
"24": "24",
"28": "28",
"31": "31",
"32": "32",
"63": "63",
"512": "512",
"8321": "8321",
"4210704": "4210704",
"4160": "4160",
"1074266112": "1074266112",
}
def look(num, pos):
_ans = []
if num in no_need:
return num
# print("\n".join(new_list[:pos]))
if num == "0":
_ans = re.findall(rf"xhs.js:(\d+)\s([\-\d]+)\s'(.*?)'\s([\-\d]+)\s'=>'\s{num}\n",
"\n".join(new_list[pos - 4:pos]) + "\n")
else:
_ans = re.findall(rf"xhs.js:(\d+)\s([\-\d]+)\s'(.*?)'\s([\-\d]+)\s'=>'\s{num}\n",
"\n".join(new_list[:pos]) + "\n")
if len(_ans) == 0:
return num
else:
left = ""
right = ""
if _ans[-1][1] not in mapping.keys():
left = look(_ans[-1][1], int(_ans[-1][0]))
mapping[_ans[-1][1]] = left
else:
left = mapping[_ans[-1][1]] # 缓存递归子集
if _ans[-1][3] not in mapping.keys():
right = look(_ans[-1][3], int(_ans[-1][0]))
mapping[_ans[-1][3]] = right
else:
right = mapping[_ans[-1][3]] # 缓存递归子集
return "(" + "".join([left, _ans[-1][2], right]) + ")"
if __name__ == '__main__':
text = open("./form_next2.txt", "r").read()
new_list = text.split("\n")
res = look("149", pos=len(new_list) - 1)
print(res)
https://juejin.cn/post/7065972405260255240
-
从日志最后那里看到fromCharCode,看一下乱码的字符对应的charcode是啥:
乱码的由来还是比较烧脑的,如果直接逆推一步步替换也不是不可以,但是我因为才疏学浅,看了网上大佬逆推还原后的代码,觉得大受震撼,不知道他们是怎么通过观察日志还原的乱码生成算法,而我只能通过一步步从日志往上追踪与、或、异或关系所涉及到的数,直到一个无法继续往上寻找的数为止,我在尝试的时候,发现,如果人工逆推替换真的头发都掉完、而且还很费劲、于是按照这个逆推的思路,我使用了3DES
算法往上去搜索追踪与或、异或的操作数,代码如下:
3DSE
上面的代码就是搜寻149这个数的表达式的代码,结果如下:
虽然能够计算出正确结果,但是表达式太长,而且这仅仅是149对应的表达式,那么238等等呢?一个个弄出来也不是不可以,就是太重量级了!!
-
后来无意间群友提示,可能是3DES算法,于是我去搜寻了3des算法的原生js代码,去寻找特征数是否有重叠,于是我找到这个
3DES
CBC
可见很有可能是ECB
,然后取日志里一步步对应ECB
的算法步骤,恰好能够对应上操作数:
那么对于iv
,模式为key
还是key
呢?这个就靠分析日志了,日志中的位运算操作步骤可知是arscii
模式,那么3DES
为空,且不填充,但是key
呢?这里本人才疏学浅,没有通过断点找到
4.结果测试:
的源码,虽然不能得到初始的qq群技术交流:529528142
串,也能够完成加密。