某站点超简单前端JS逆向

Security Classification: C-1

Publish Time: 2024-08-22

Category: Test Notes

Latest Version

⚠️ This article was published over 3 months ago. Please independently assess the validity of the technical methods and code mentioned. :)

AI Info

📌 AI Point 92

📝 AI Summary 本文详细记录了一次针对某网站前端 JS 加密接口的逆向分析过程。通过浏览器开发者工具定位加密函数，结合断点调试和静态分析，识别出数据采用 AES 加密，并还原出密钥（key）和初始化向量（iv）。最终利用 CyberChef 工具成功解密，为后续自动化抓取提供了技术基础。

⭐ AI Evaluation 本文内容详实，逻辑清晰，完整展示了从发现加密接口、定位 JS 函数、动态调试、参数提取到最终解密的完整逆向流程。图文并茂，步骤明确，尤其对 AES 加密参数的获取和工具使用有清晰说明，具有较高的技术参考价值。语言表达规范，结构严谨，符合高质量技术笔记标准。

## 基础信息

访问站点接口发现数据全部加密

![](https://img.meituan.net/imgupload/6f3025adc498bc621f92dfb4f48b1dc08052.png)

## js逆向

![](https://img.meituan.net/imgupload/68c4d35de9f9275987f1b079283a28e51678.png)

找到一个请求接口，在资源文件中找到定义位置

![](https://img.meituan.net/imgupload/613b5e40bfdc83fe251d57064551fa394486.png)

此处下断点，请求接口时必调用相关定义

单步调试，时刻观察数据、接口是否发出请求

![](https://img.meituan.net/imgupload/cfa7d91cd02d0aa01564aa200287597722558.png)

在这个位置出现body以及加密方法，由于前面的路由是GET请求，我们来观察POST请求的数据表现

![](https://img.meituan.net/imgupload/ec0a1cf4dcfe8aa9c0ada7c7aff6ee188737.png)

数据通过U.encrypttx加密后追加/E29D8C，再拼接一个16长度的随机字符串。

进入U.encrypttx的定义，发现经过了简单的字符串加密混淆，一看就是个aes加密

![](https://img.meituan.net/imgupload/46b779d7d5796f26f38629c179eed05131889.png)

在return出加上断点，刷新界面，使用CryptoJS库进行AES加密的函数原型如下

![](https://img.meituan.net/imgupload/87914682b7f23c0b77c8da2e7f1c75e418380.png)

![](https://img.meituan.net/imgupload/d454ca54a9ef39b771dde01b42db68f06980.png)

拿到iv 字符串

![](https://img.meituan.net/imgupload/7d6477aeffbb16baab3aad0d7d2aa53f15001.png)

拿到key 字符串

![](https://img.meituan.net/imgupload/43353d75c76bf869c4df3baada532d459330.png)

## cyberchef解密

![](https://img.meituan.net/imgupload/77a8202d5b67febf1b6cfd39c3ea8277112288.png)

Comment List [Latest 5]

Comment

AI Assistant Reply

Add @depybot in your content to summon the AI robot for a reply. This action will automatically make your comment public. Do not use it if sensitive information is involved. Contact the site administrator for deletion if needed.

© Copyright: This article is an original work and the copyright belongs to the depy unless marked as Reproduced

Please contact the blogger for authorization to reprint

某站点超简单前端JS逆向

© Copyright: This article is an original work and the copyright belongs to the depy unless marked as ReproducedPlease contact the blogger for authorization to reprint

© Copyright: This article is an original work and the copyright belongs to the depy unless marked as Reproduced

Please contact the blogger for authorization to reprint