该该文次要就供给更多研习接纳,切勿借助其展开失当立功行为! 如第一集该文损害了贵子公司的小我隐私,请联络我马上删掉!
如因误用NSA控造手艺而形成的信誉风险与生前毫无关系!
一、Tourbe预测shumeiID由下列USB回到,必要NSA的是 ep、data,organization为常量。
# url https://fengkong-proxy.poizon.com/deviceprofile/v4 # 许诺 { "appId": "default", "organization": "rUssDjmVPwiqx8QpjXUk", "ep": "Hvz6UxjTpYvYNl7/xgO5LYhZjEQXPDQDBlIzvuWU4oDF+mzohACnWf25f2ztILfGvwClXnLQqo4LKQkK6Z7tIkvOvh+agKmmKGEzU+ndR8HBDw/avDKzAgLFPT+h2mhfh62Lq2W3hKB61yJY1Zxasl3bVT4StvVwtWHm1XJGfC4=", "data": "10f432b0da5ca5c78f81fba0d15488de7c0583becb8c7448fb5438910c885cd41eac38486610df514ff1644627ebba7c28521f25bf38e8bc426db90505e70df408657ac8f614d1f9ddec0f4eccb444d7883ed6a018d46c06ee2d86b7830ec006ce09419bd914009e5954ace45fb37847eeaebc5e9455cd319a119642e863796841c00db1b1ac653e289884687dddcbf74977da0775b55ba271f2b285cacf6d67b39124fae227077f6841e7b44a1cac48b4d7d146eee9e101a75987a0f79337db1e0d6969cfa4e9e5c21150e60a66e72e7e524966da26cdb7bc38d4fbc9060ddf2117bd076fd463c3e1f5854cd89843d03558854a3e9c0e59c78e9817b440822cb54a36a6d02ae821d7a3682b6e0b1b672eb83ad88181efe8c721b4bf91dc1a34c1d7881da56a00b681390a61c256026ebdd86cc33a8deeac7f477b34beb887b1380437c72c996fc35c4f92d62b80016eb26a91989363af677fb0c9ebaedd83777b1abb105dcaa0138ab46ab379b689b2dd4bd992add9ffdf30b73c3a89e47741a7e86d674c5543da1cf3010f35cf5ab5e2cf85ca46806e83473aa069757f22f2a3a3f3fdfe703bbd6ad8b985b5240b01950e510e91eb40150c5d1154a50ae01971c89eedb035a8442d313dc9f2eba3792a43eeae9693fe65c397878bac43084f6e5dbc7e6f60faef7107689262656f0f83ae5b7fa8137277ac30790267ccd8c568e68ca971d64c6ff664ac0909eeacf857cbe49a15e9c5759ea37595ba091bc5d810177881f3a0f66f21f6c6ab5e68da484b37e69a550e2852a0dfadb526d8823ccfe75b347ef0b38397817837483ed2cd5b1ddbe561e02de78d738117cf72deb091d8099a9cbc2bfdc1fa39be39b7a5cc0f757162a572ac32fe04963c01c576cf67d4d903dd4016e41ba2565247a32be52d3bb288144f2d98ae0aafb9d5ff978579fb298012988c0376b057a465a1121f089f8249c53edbc8cce4b5750e59cac35a2231a5c1ec7c7cd52424ba837691be1e2c00b6ed6fdda0dfbdd6e3f0748fa77b3cac4c64a41c4330d75b34b340f090806d0f77df27193ce1426660e15641f31383e60cb94ab617869915509c4c5a79d1910a644fd3e9b23588c6fb3b2142509e902e41ad6fb5e8e6551e0e2c2b9baa88a9999d730c9f2096b3a9f2014db1bf43ea3416b69a23c7ec6dbfa6cd4af2da8f53bafd4f6be94ef83854a72001cdb8ee038c1374e406c2af218b56c6f62867703a449991bc9ff1c4b0a45236495b8b3765f2c4b6a5d1b47bd56a8d388264be71b919fffb5d4e41caca685e376fab6a667cdbd33cc8da2938c9ea907db5df281776a0a11b8c319621267f089df753a8b70ef99b0de60aa763f22ec529d4d4e5b1e883a353b29bef953acbf2f31aca93bd21e97a681f55dd4ba3d57bf3973d15552763d234b9ef01ad4584fa9eecd7ab4bf9b35f1312d6200c2fbb9bf236ceaded23c059c7507d04a00b1d21be6e49c975bbedc54d097d511df63314959c019cb61fa8bbfe0b6d4735b3c113992ad095ac933fbf5cfdbf7d294f2e16081e19154fae6cbdbaa715996a17d4a98cd38198ec5fc0721c0410b6f397835b85e812f39d7a05ea52d8c527edf5ddf04e56fcbb70d75a9cd67170aa5fbc0cfb6f1e65120caf0c0492ec6522e09ae9399c17330aa3833370bd09a41bd523ce7defa8d7d43affed3c1edd99cd3bf22ca10dc8364481b55b8c45f099d92f0fefed04ebd2802d7a00a1022b834dc613e5e5b2a0abe821e05813e07b4e4f4ee547973b2a78dc324a233066560c697278fe3d60ddcf729c4f3899f9f313a92114dfb2e7d9e11109e35c18dcf73baf7db945cf22d42b1343b3fecda683c613c4f0806fee67e66630f153f26839a99219aceddec37cb29f3df202ef00a2996e5d18918067b21facd95539c54e7c1570b189c0810f95dec8445758e203da2fe3533d8ab3eb5b01", "os": "web", "encode": 5, "compress": 2 } # 响应 { "code": 1100, "detail": { "deviceId": "HFa1+vbg+fCHRmDdArJtC0Jes3hcxKMblk9+/My4Whm0vVttXAWoXeMWVLumE9Yhpp9KSv8oyxU1/ltJzqB2aQ==" }, "requestId": "4d3de6f4d6c4029449152a2dfd2b1ddd" } 二、xhr断点,跟栈预测断下来后,仓库往上预测便能看到加密后统计数据。
此时,发现 ep、data均来自 _0x300946 对象,
继续往上察看代码,看到有函数在对,_0x300946展开赋值,下断点,刷新页面继续,
发现该处确实是赋值处,查看仓库,找 ep 加密位置
很明显,ep 就是对 uuid(随机) rsa 加密的成果
ep 预测完毕,如今寻找 data,继续放行断点,曲至 data 统计数据呈现
向上跟栈时,发现参数值已经被污染了,在该处下断点,刷新页面继续
发现 data 是对 _0x13ec85展开了 AES 加密,而且传入了 priId 做为 key,此时重点为 _0x13ec85
而且,发现 _0x13ec85 由上面的一个自施行函数赋值而来,并颠末了 _0x2818ea[gzip] 函数处置,两处下断点,刷新页面,此时能看到情况明文值了。
预测该函数,函数对每个参数值都零丁展开加密,加密体例以及密钥在 js 文件中均有给出,间接扣代码复现
继续施行断点,在 _0x2818ea[gzip] 出断下,跟进函数,能看到推测大要加密逻辑,
对传入参数展开格局化——>gzip压缩——>base64编码
至此预测完毕。
下列供给更多几个USB研习,勿做不法用处。
# 商品详情http://101.35.129.215:8000/dw/goods?spuid=41495
# 商品购置信息http://101.35.129.215:8000/dw/BuyNowInfo?spuid=3094350
# 搜刮http://101.35.129.215:8000/dw/search?keyword=nike&page=0