深度解析:易盾滑块—2.28.5
作者声明:文章仅供学习交流与参考!严禁用于任何商业与非法用途!否则由此产生的一切后果均与作者无关!如有侵权,请联系作者本人进行删除!目标网站:官网1.流程分析主要就是这两个地址,第一个是获取背景图片和滑块图片的地址,第二个就是验证轨迹的地址
作者声明:文章仅供学习交流与参考!严禁用于任何商业与非法用途!否则由此产生的一切后果均与作者无关!如有侵权,请联系作者本人进行删除!
目标网站:官网
1.流程分析
主要就是这两个地址,第一个是获取背景图片和滑块图片的地址,第二个就是验证轨迹的地址
2.分析
首先第一个地址:
跟栈:
断住之后很明显可以看到url已经生成所以继续往前跟
跟到这里之后可以看到部分参数生成的地方,这里我们只关心cb,因为我们在请求的时候只把cb替换,其他固定即可
进入cb这个函数,我的方法是把全部代码拿下来然后把这个函数赋值给window上,然后环境简单补一下即可,然后这样运行就可以拿到
console
.
log
(
window
.
bb
(
)
)
;
接下来第二个地址
{
"referer"
:
""
,
"zoneId"
:
""
,
"dt"
:
""
,
"id"
:
""
,
"token"
:
token
,
"data"
:
parsed_data
,
"width"
:
320
,
"type"
:
2
,
"version"
:
"2.28.5"
,
"cb"
:
""
,
"user"
:
""
,
"extraData"
:
""
,
"bf"
:
0
,
"runEnv"
:
10
,
"sdkVersion"
:
""
,
"loadVersion"
:
"2.5.3"
,
"iv"
:
4
,
"callback"
:
""
}
对于参数我们只关心,token, parsed_data
token:是请求图片的地址返回的
parsed_data跟栈
'onMouseMoving'
:
function
(
)
{
var
_0x1c1072
=
this
[
'restrict'
]
(
this
[
'$slider'
]
)
;
this
[
'$slider'
]
[
'style'
]
[
'left'
]
=
_0x1c1072
+
'px'
;
var
_0x2aef35
=
this
[
a0_0x3f0a
(
0x2c5
)
]
[
'offsetWidth'
]
,
_0x49e261
=
this
[
a0_0x3f0a
(
0x2bf
)
]
[
'offsetWidth'
]
,
_0x1290e8
=
this
[
'restrict'
]
(
this
[
'$jigsaw'
]
,
_0x2aef35
-
_0x49e261
)
;
this
[
'attrs'
]
?
this
[
'updateJigsawRotateAndLeft'
]
(
)
:
this
[
a0_0x3f0a
(
0x2bf
)
]
[
'style'
]
[
'left'
]
=
_0x1290e8
+
'px'
,
_0xf0500b
[
a0_0x3f0a
(
0x6b
)
]
(
this
[
a0_0x3f0a
(
0x2d2
)
]
,
'yidun_control--moving'
)
,
this
[
'$slideIndicator'
]
[
a0_0x3f0a
(
0x1b1
)
]
[
'width'
]
=
_0x1c1072
+
_0x2aef35
+
'px'
,
this
[
a0_0x3f0a
(
0x2d3
)
]
(
this
[
'controlBar'
]
[
'slideIconMoving'
]
)
;
}
,
'onMouseMove'
:
function
(
_0x42cc2c
)
{
var
_0x16631f
=
_0x42cc2c
[
a0_0x3f0a
(
0x2d
)
]
,
_0x183a6b
=
_0x42cc2c
[
'clientY'
]
,
_0x5e1960
=
this
[
a0_0x3f0a
(
0x297
)
]
,
_0x5841d6
=
_0x5e1960
[
'status'
]
,
_0x4c9a7b
=
_0x5e1960
[
a0_0x3f0a
(
0x268
)
]
,
_0x31d271
=
_0x5e1960
[
'startX'
]
;
if
(
_0x5e1960
[
'status'
]
=
_0x4c9a7b
&&
_0x16631f
-
_0x31d271
>
0x3
&&
'dragend'
===
_0x5841d6
?
'dragstart'
:
_0x5841d6
,
a0_0x3f0a
(
0x298
)
!==
_0x5e1960
[
'status'
]
)
{
!
(
_0x42cc2c
[
a0_0x3f0a
(
0x2b
)
]
[
'indexOf'
]
(
'touch'
)
!==
-
0x1
&&
_0xf0500b
[
a0_0x3f0a
(
0x55
)
]
||
_0x42cc2c
[
a0_0x3f0a
(
0x28
)
]
[
a0_0x3f0a
(
0x295
)
]
!==
!
0x1
)
&&
_0x42cc2c
[
'preventDefault'
]
(
)
,
Object
[
a0_0x3f0a
(
0x78
)
]
(
_0x5e1960
,
{
'clientX'
:
_0x16631f
,
'clientY'
:
_0x183a6b
,
'dragX'
:
_0x16631f
-
_0x5e1960
[
a0_0x3f0a
(
0x2a2
)
]
}
)
;
var
_0x57ee7a
=
this
[
a0_0x3f0a
(
0x19a
)
]
[
'state'
]
[
a0_0x3f0a
(
0x19c
)
]
,
_0x3a2d3a
=
[
Math
[
'round'
]
(
_0x5e1960
[
'dragX'
]
<
0x0
?
0x0
:
_0x5e1960
[
'dragX'
]
)
,
Math
[
a0_0x3f0a
(
0x29c
)
]
(
_0x5e1960
[
'clientY'
]
-
_0x5e1960
[
a0_0x3f0a
(
0x29a
)
]
)
,
_0x13a834
[
a0_0x3f0a
(
0x264
)
]
(
)
-
_0x5e1960
[
a0_0x3f0a
(
0x268
)
]
,
null
==
_0x42cc2c
[
a0_0x3f0a
(
0x29d
)
]
?
0x0
:
_0x42cc2c
[
'isTrusted'
]
?
0x1
:
0x2
]
;
this
[
a0_0x3f0a
(
0x2d1
)
]
[
a0_0x3f0a
(
0x5
)
]
(
_0x3a2d3a
)
;
var
_0x332561
=
_0x4a51e7
(
_0x57ee7a
,
_0x3a2d3a
+
''
)
;
this
[
'traceData'
]
[
a0_0x3f0a
(
0x5
)
]
(
_0x332561
)
,
a0_0x3f0a
(
0x29e
)
===
_0x5e1960
[
'status'
]
&&
this
[
'onMouseMoveStart'
]
(
_0x42cc2c
)
,
'dragging'
===
_0x5e1960
[
a0_0x3f0a
(
0x11b
)
]
&&
this
[
a0_0x3f0a
(
0x29f
)
]
(
_0x42cc2c
)
;
}
}
,
'onMouseUp'
:
function
(
_0x9b6bb0
)
{
var
_0x5155c7
=
this
[
'drag'
]
,
_0x19b5fc
=
{
}
;
_0x19b5fc
[
a0_0x3f0a
(
0x268
)
]
=
0x0
;
if
(
a0_0x3f0a
(
0x298
)
===
_0x5155c7
[
a0_0x3f0a
(
0x11b
)
]
)
return
void
Object
[
'assign'
]
(
_0x5155c7
,
_0x19b5fc
)
;
Object
[
'assign'
]
(
_0x5155c7
,
this
[
a0_0x3f0a
(
0x2c0
)
]
)
;
var
_0x287252
=
_0x13a834
[
a0_0x3f0a
(
0x2a0
)
]
(
this
[
a0_0x3f0a
(
0x26b
)
]
,
_0x51eee4
)
,
_0xf9d2a0
=
this
[
a0_0x3f0a
(
0x19a
)
]
[
'state'
]
[
'token'
]
,
_0x1c44f9
=
_0x4ad40a
(
_0x4a51e7
(
_0xf9d2a0
,
parseInt
(
this
[
'$jigsaw'
]
[
a0_0x3f0a
(
0x1b1
)
]
[
'left'
]
,
0xa
)
/
this
[
'width'
]
*
0x64
+
''
)
)
,
_0x10cba3
=
_0xf0adff
(
_0x13a834
[
a0_0x3f0a
(
0x2d4
)
]
(
this
[
'atomTraceData'
]
,
0x2
)
)
;
this
[
a0_0x3f0a
(
0x2d5
)
]
(
{
'data'
:
JSON
[
a0_0x3f0a
(
0x133
)
]
(
{
'd'
:
_0x4ad40a
(
_0x287252
[
a0_0x3f0a
(
0x1e
)
]
(
':'
)
)
,
'm'
:
''
,
'p'
:
_0x1c44f9
,
'f'
:
_0x4ad40a
(
_0x4a51e7
(
_0xf9d2a0
,
_0x10cba3
[
'join'
]
(
','
)
)
)
,
'ext'
:
_0x4ad40a
(
_0x4a51e7
(
_0xf9d2a0
,
this
[
'mouseDownCounts'
]
+
','
+
this
[
'traceData'
]
[
a0_0x3f0a
(
0x15
)
]
)
)
}
)
}
)
;
}
,
/*
分析:
'd': _0x4ad40a(_0x287252[a0_0x3f0a(0x1e)](':'))-->_0x4ad40a(_0x287252["join"](':'))这里看一看出来是对_0x287252进行拼接,那么我们需要找到_0x287252是什么,上方_0x287252 = _0x13a834[a0_0x3f0a(0x2a0)](this[a0_0x3f0a(0x26b)], _0x51eee4), 可以看到是由this[a0_0x3f0a(0x26b)]生成的,而this[a0_0x3f0a(0x26b)]生成的地方在onMouseMove函数里面,是由轨迹生成的
主要代码:var _0x57ee7a = this[a0_0x3f0a(0x19a)]['state'][a0_0x3f0a(0x19c)]
, _0x3a2d3a = [Math['round'](_0x5e1960['dragX'] < 0x0 ? 0x0 : _0x5e1960['dragX']), Math[a0_0x3f0a(0x29c)](_0x5e1960['clientY'] - _0x5e1960[a0_0x3f0a(0x29a)]), _0x13a834[a0_0x3f0a(0x264)]() - _0x5e1960[a0_0x3f0a(0x268)], null == _0x42cc2c[a0_0x3f0a(0x29d)] ? 0x0 : _0x42cc2c['isTrusted'] ? 0x1 : 0x2];
this[a0_0x3f0a(0x2d1)][a0_0x3f0a(0x5)](_0x3a2d3a);
var _0x332561 = _0x4a51e7(_0x57ee7a, _0x3a2d3a + '');
this['traceData'][a0_0x3f0a(0x5)](_0x332561),
逐行分析:第一行_0x57ee7a 就是token
第二行_0x3a2d3a 轨迹
第三行将获取到的每一个轨迹push操作
第四行通过方法生成字符串
第五行也是将生成的字符串push
这里我们可以将模拟的轨迹循环执行生成随机字符串的方法,最后放到列表里面
最后生成d的方法扣或者导出应该都可以
'm': '',
'p': _0x1c44f9 = _0x4ad40a(_0x4a51e7(_0xf9d2a0, parseInt(this['$jigsaw'][a0_0x3f0a(0x1b1)]['left'], 0xa) / this['width'] * 0x64 + '')),主要是通过这个值来生成的,就数值来看好像和轨迹最后一个差了10,他的生成位置在onMouseMoving里面this[a0_0x3f0a(0x2bf)]['style']['left'] = _0x1290e8 + 'px',有兴趣的可以追进去看看,把方法执行一下就行了
'f': _0x4ad40a(_0x4a51e7(_0xf9d2a0, _0x10cba3['join'](','))),第一个参数是token, 第二个就是轨迹拼接但是轨迹在上面这里处理了一下0x10cba3 = _0xf0adff(_0x13a834[a0_0x3f0a(0x2d4)](this['atomTraceData'], 0x2));_0x13a834 = _0x3fdfe3(0x3)是个webpack包,最外面的函数在执行一下就好了,最后把参数带进去f就出来了
'ext': _0x4ad40a(_0x4a51e7(_0xf9d2a0, this['mouseDownCounts'] + ',' + this['traceData'][a0_0x3f0a(0x15)]))第一个参数token, 第二个固定1, 最后一个轨迹长度
*/
data到这里就分析完毕,有兴趣的小伙伴快去试试吧
此文章仅供学习参考,有疑问,建议或者纠正的欢迎大家交流!!!