preface

Bloggers through the netease Cloud music comment encryption example to do a learning process analysis and sharing.

If you have any questions or questions, you can follow my wechat official account (Bigsai) and contact me.

Skill points

Front end:jsKnowledge (more important), Google Chrome Debug, packet capture,Break point debuggingAbility (must). As well as various js encryption functions (understand).
Python: Basic requestsrequests.Crypto.CipherEncryption and decryption module.
Others: Postman (simulated request use), good thinking and analytical skills. (Encryption algorithm is a little messy), there is another pointJs encryption to PythonCode implementation.

Interface profile

A static page

For the general URL with the change of the page and the change of the page, netease Cloud is still some, you only need to grab the page for analysis.

Dynamic web pages

But with the popularity of front and back end separation, and the benefits of data separation are obvious. More and more data is rendered with Ajax. And netease cloud’s comment even so. Back in the early days of the separation, many sites didn’t have much protection against excuses. Makes it easy for many websites to get results. So far there are a lot of such excuses exist, this site is a fool to climb.

Let me unveil it for you what

Page parsing

Step1: Find parameters

As you can see, it takes two parameters, one is params, one is encSecKey and both are encrypted, so we’re going to analyze where it comes from. F12 Open Source to search for encSckey.

encSecKey

Step2: Analyze JS functions

This js has 4w lines, how can you find useful information in 4W lines of JS, and then clear the idea here?

Abstract and reverse thinking

   var bYc7V = window.asrsea(JSON.stringify(i3x), bkY2x(["Tears"."Strong"]), bkY2x(VM8E.md), bkY2x(["Love"."Girl"."Panic"."Laugh"]));
   e3x.data = k4o.cz4D({
         params: bYc7V.encText,
         encSecKey: bYc7V.encSecKey
            })
Copy the code

Let’s leave json.stringify (i3x) as the argument and find out what window.asrsea is. Not far above you will find:

D, E, F, G
Two (b)
c()
a(16)

 function a(a) {
        var d, e, b = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789", c = "";
        for (d = 0; a > d; d += 1)
            e = Math.random() * b.length,
            e = Math.floor(e),
            c += b.charAt(e);
        return c
    }
    function b(a, b) {
        var c = CryptoJS.enc.Utf8.parse(b)
          , d = CryptoJS.enc.Utf8.parse("0102030405060708")
          , e = CryptoJS.enc.Utf8.parse(a)
          , f = CryptoJS.AES.encrypt(e, c, {
            iv: d,
            mode: CryptoJS.mode.CBC
        });
        return f.toString()
    }
    function c(a, b, c) {
        var d, e;
        return setMaxDigits(131),
        d = new RSAKeyPair(b,"",c),
        e = encryptedString(d, a)
    }
    function d(d, e, f, g) {
        var h = {}
          , i = a(16);
        return h.encText = b(d, g),
        h.encText = b(h.encText, i),
        h.encSecKey = c(i, e, f),
        h
    }
Copy the code

You can see that a(16) is just a randomly generated number, so we don’t have to worry about it. And B is currently AES CBC mode encryption. So the rules that encText generates are pretty clear. CBC encryption with two AES. The offset 0102030405060708 is fixed. The keys are different. And function C is three parameters for RSA encryption. The general process of the algorithm is more or less understood.

So let’s stop here, we’re not analyzing functions, we’re analyzing data.

Step3: analyze parameters

Back to the var bYc7V = window. Asrsea (JSON. Stringify (i3x), bkY2x ([” tears “, “strong”]), bkY2x (VM8E. Md), bkY2x ([” love “, “girl,” “panic”, “Laugh “])) this function. Intuitively, some of the data must have nothing to do with our core parameters, and at most have to do with timestamps.

Find the source of BKY2X,

fixed

Page * 20
I and encSecKey
i
encSecKey
i

Now you are not very excited, because really want to surface soon.

Step4: check

This step is also an important one, as you will find in its JS.

The architecture here,

Step5: convert to python code

The CBC mode code of AES needs to be cloned in Python. It’s encrypted. Let’s test it. The results are consistent with nice

Write the crawler

Let’s start writing a crawler. First, use Postman to test what parameters you need.

Source github address

If you have any questions or expired can follow my public account contact me.

Welcome to follow my personal public number: Bigsai

mo4tech.com (Moment For Technology) is a global community with thousands techies from across the global hang out!Passionate technologists, be it gadget freaks, tech enthusiasts, coders, technopreneurs, or CIOs, you would find them all here.

JS decryption analysis – crawler of netease Cloud music encryption crack

preface

Skill points

Interface profile

A static page

Dynamic web pages

Page parsing

Step1: Find parameters

Step2: Analyze JS functions

Step3: analyze parameters

Step4: check

Step5: convert to python code

Write the crawler

JS decryption analysis – crawler of netease Cloud music encryption crack

preface

Skill points

Interface profile

A static page

Dynamic web pages

Page parsing

Step1: Find parameters

Step2: Analyze JS functions

Step3: analyze parameters

Step4: check

Step5: convert to python code

Write the crawler

Related Posts

How to get started with Maven

Vue learning – Encounter Vue. Js

[front end] Copy Chrome implementation TAB bar (React)-1