xhs x-mns,x-s-com,x_b3_traceid,x_xray_traceid逆向
此分享只用于学习用途,不作商业用途,若有冒犯,请联系处理
x-mns
生成位置:
使用OB混淆js代码,同样使用补环境的方式
补环境要点
- 注意不要格式化
- 会使用Error抛出错误,捕获后使用RegExp匹配,来验证
代码
CryptoJS = require('crypto-js');
function watch(obj, name) {
return new Proxy(obj, {
get(target, p, receiver) {
let val = Reflect.get(...arguments);
// || p.toString().indexOf("Symbol(Symbol.") != -1
if (p === "Math" || p === "isNaN" || p === "encodeURI" || p === "Uint8Array" || p=='Date') {
return val
}
if (p === 'globalThis') {
console.log('get | ', name ,'.globalThis');
} else {
// if (p=='stack'){
// debugger
// }
console.log(`get | `, name , '.' , p, ` ==>`, val);
}
// debugger
return val
},
set(target, p, value, receiver) {
let val = Reflect.get(...arguments);
console.log(`set | `, name,'.',p, ' ',val,'==>',value);
// debugger
return Reflect.set(...arguments)
}
})
}
function Document() {
}
Document.prototype.createElement = function () {
console.log('====>createElement', arguments);
return watch({
}, 'document.createElement')
}
Document.prototype.getElementById = function () {
console.log('====>getElementById:', arguments);
return watch({
}, 'document.getElementBy');
}
Document.prototype.getElementsByTagName = function () {
console.log('====>getElementsByTagName:', arguments);
if (arguments[0] == 'head') {
return [watch({
}, 'head')]
}
return watch({
}, 'document.getElementsByTagName')
}
Document.prototype.getElementsByClassName = function () {
console.log('====>getElementsByClassName:', arguments);
return watch({
}, 'document.getElementsByClassName')
}
Document.prototype.documentElement = watch({
getAttribute: function () {
console.log('====>getAttribute:', arguments);
if (arguments[0] == 'selenium' || arguments[0] == 'webdriver' || arguments[0] == 'driver') return null
return watch({
}, 'document.documentElement.getAttribute')
}
}, 'document.documentElement')
Document.prototype.querySelectorAll = watch(function querySelectorAll() {
}, 'document.querySelectorAll')
Document.prototype.cookie = ''; //....
document = new Document();
document.toString = () => '[object HTMLDocument]'
let Navigator =function Navigator() {
}
Navigator.prototype = {
appCodeName: "Mozilla",
appName: "Netscape",
appVersion: "5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36",
platform: "Win32",
product: "Gecko",
productSub: "20030107",
'userAgent': "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36",
language: "zh-CN",
languages: ["zh-CN", "zh"],
}
let navigator = new Navigator();
navigator.toString = () => '[object Navigator]'
function Location() {
}
Location.prototype = {
"ancestorOrigins": {
},
"href": "https://www.xiaohongshu.com/explore",
"origin": "https://www.xiaohongshu.com",
"protocol": "https:",
"host": "www.xiaohongshu.com",
"hostname": "www.xiaohongshu.com",
"port": "",
"pathname": "/explore",
"search": "",
"hash": ""
};
let location = new Location();
location.toString = () => 'https://www.xiaohongshu.com/explore'
function Storage() {
this.getItem = function () {
console.log('====>getItem:', arguments);
return this[arguments[0]]
}
this.setItem = function () {
console.log('====>setItem:', arguments);
this[arguments[0]] = arguments[1]
}
}
Storage.prototype = {
//....
}
let localStorage = new Storage();
function Screen() {
}
Screen.prototype = {
}
let screen = new Screen();
screen.toString = () => '[object Screen]';
function History() {
}
History.prototype = {
};
let history = new History();
history.toString = () => '[object History]';
let Error = function Error() {
console.log('====>Error:', arguments);
return watch({
stack:`Error
at eval (eval at _0x2dad65 (https://fe-static.xhscdn.com/as/v1/3e44/public/11b080d07a42355a374e830a4a0dc392.js:1:45658), <anonymous>:1:1)
at _0x2dad65 (https://fe-static.xhscdn.com/as/v1/3e44/public/11b080d07a42355a374e830a4a0dc392.js:1:45658)
at Object.AlmBt (https://fe-static.xhscdn.com/as/v1/3e44/public/11b080d07a42355a374e830a4a0dc392.js:1:19104)
at _0x5a7ef0 (https://fe-static.xhscdn.com/as/v1/3e44/public/11b080d07a42355a374e830a4a0dc392.js:1:59925)
at _0x25d05c (https://fe-static.xhscdn.com/as/v1/3e44/public/11b080d07a42355a374e830a4a0dc392.js:1:51441)
at _0x2dad65 (https://fe-static.xhscdn.com/as/v1/3e44/public/11b080d07a42355a374e830a4a0dc392.js:1:47823)
at _0x2dad65 (https://fe-static.xhscdn.com/as/v1/3e44/public/11b080d07a42355a374e830a4a0dc392.js:1:54510)
at Object.AlmBt (https://fe-static.xhscdn.com/as/v1/3e44/public/11b080d07a42355a374e830a4a0dc392.js:1:19104)
at _0x5a7ef0 (https://fe-static.xhscdn.com/as/v1/3e44/public/11b080d07a42355a374e830a4a0dc392.js:1:59925)
at _0x2dad65 (https://fe-static.xhscdn.com/as/v1/3e44/public/11b080d07a42355a374e830a4a0dc392.js:1:47430)
at Object.AlmBt (https://fe-static.xhscdn.com/as/v1/3e44/public/11b080d07a42355a374e830a4a0dc392.js:1:19104)
at _0x5a7ef0 (https://fe-static.xhscdn.com/as/v1/3e44/public/11b080d07a42355a374e830a4a0dc392.js:1:59925)
at Object._0x25d05c [as getMnsToken] (https://fe-static.xhscdn.com/as/v1/3e44/public/11b080d07a42355a374e830a4a0dc392.js:1:51441)
at xhsSign (https://fe-static.xhscdn.com/formula-static/xhs-pc-web/public/resource/js/vendor-dynamic.3e7bc84b.js:1:191965)
at Object.<anonymous> (https://fe-static.xhscdn.com/formula-static/xhs-pc-web/public/resource/js/vendor-dynamic.3e7bc84b.js:1:190943)
at step (https://fe-static.xhscdn.com/formula-static/xhs-pc-web/public/resource/js/vendor-dynamic.3e7bc84b.js:1:190607)
at Object.next (https://fe-static.xhscdn.com/formula-static/xhs-pc-web/public/resource/js/vendor-dynamic.3e7bc84b.js:1:189888)
at https://fe-static.xhscdn.com/formula-static/xhs-pc-web/public/resource/js/vendor-dynamic.3e7bc84b.js:1:189577
at new Promise (<anonymous>)
at signAdaptor_awaiter (https://fe-static.xhscdn.com/formula-static/xhs-pc-web/public/resource/js/vendor-dynamic.3e7bc84b.js:1:189328)
at Object.signAdaptor (https://fe-static.xhscdn.com/formula-static/xhs-pc-web/public/resource/js/vendor-dynamic.3e7bc84b.js:1:190753)
at https://fe-static.xhscdn.com/formula-static/xhs-pc-web/public/resource/js/vendor-dynamic.3e7bc84b.js:1:139943`
},'Error')
}
// Error.prototype = {
// stackTraceLimit:10
// };
Error.stackTraceLimit=10
// 保存原始的 Error 构造函数
const originalError = Error;
// 定义一个新的 Error 构造函数来进行 Hook
// function HookedError(message) {
// // 调用原始的 Error 构造函数
// const error = new originalError(message);
// // 在这里你可以添加自定义的逻辑,例如记录错误信息到控制台或者发送到服务器
// console.log('Hooked Error:', error.message);
// debugger;
// // 返回错误实例
// return error;
// }
// // 替换全局的 Error 构造函数
// window.Error = HookedError;
function Window() {
}
Window.prototype = {
"TEMPORARY": 0,
"PERSISTENT": 1,
navigator:navigator,
location: location,
history: history,
localStorage: localStorage,
screen: screen,
document: document,
String: String,
Number: Number,
Boolean: Boolean,
Date: Date,
Array: Array,
Object: Object,
Math: Math,
JSON: JSON,
console: console,
Function: Function,
Error: watch(Error,'Error'),
eval: eval,
parseInt: parseInt,
parseFloat: parseFloat,
isNaN: isNaN,
isFinite: isFinite,
decodeURI: decodeURI,
decodeURIComponent: decodeURIComponent,
encodeURI: encodeURI,
encodeURIComponent: encodeURIComponent,
RegExp: watch(RegExp,'RegExp'),
toString: function () {
return '[object Window]' }
}
window=new Window();
window.name = ''
window.alert = function () {
}
window.setInterval = function () {
}
window.setTimeout = function () {
}
// window.toString=()=>'[object Window]';
window.toString = function () {
return '[object Window]' }
let External = function External() {
}
window.external = watch(new External(), 'window.external')
window.constructor = Window;
// window.Window = Window;
window.Image = function Image() {
return watch({
}, 'Image')
}
function Element() {
}
Element.prototype.append = function () {
}
window.Element = watch(Element, 'Element')
window.addEventListener = function () {
}
window.outerWidth = 1707;
window.innerWidth = 1707;
window.outerHeight = 27;
window.innerHeight = 791;
function RTCPeerConnection() {
}
window.webkitRTCPeerConnection = watch(new RTCPeerConnection(), 'webkitRTCPeerConnection')
window.origin = 'https://www.xiaohongshu.com'
window.top = watch({
0: window
}, 'top')
document = watch(document, "document");
navigator = watch(navigator, "navigator");
location = watch(location, "location");
localStorage = watch(localStorage, "localStorage");
screen = watch(screen, "screen");
history = watch(history, "history");
window = watch(window, "window");
let __process = process;
delete global
delete process
delete Buffer
delete __dirname
delete __filename
x-s-com
生成位置:
加密参数如下:
- 缺什么补什么就行
- 注意localStorage的b1参数,应该是浏览器指纹,每次都会变化(有大佬会的可以交流一下)
x_b3_traceid
生成位置:
就是一个随机数组合
function generateTraceId() {
for (var e = "", r = 0; r < 16; r++)
e += "abcdef0123456789".charAt(Math.floor(16 * Math.random()));
return e
}
let x_b3_traceid = generateTraceId();
x_xray_traceid
生成位置:
虽然这是一个webpack,需要扣加载器和模块
但是,经过分析, 加密逻辑很简单(使用时间戳来进行移位,自增,随机数),可以直接扣代码:
- 加密函数是50142模块里的一个函数
- 其中s是2044模块中的一个Long类,和其他模块没有耦合,可以直接扣
- a 是一个函数的实例化,和其他模块没有耦合,可以直接扣
代码
helar={
}
function B(A) {
"use strict";
Object.defineProperty(A, "__esModule", {
value: !0
}),
A.default = void 0;
var B = null;
try {
B = new WebAssembly.Instance(new WebAssembly.Module(new Uint8Array([0, 97, 115, 109, 1, 0, 
最低0.47元/天 解锁文章
扫一扫
2333
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
