example1

明文直接ctrl+F，找到目标数据包

发现可疑参数X-Apikey，search找不到，api关键词搜索也找不到，大海捞针找header

index.js!!!!!!终于找到你，还好我没放弃~ 乐

3b837f8e7ff3a83ecad29a79d0522c1

开始调试，补函数，没想到异常的简单，X-Apikey是与时间相关的一个参数，会随时间改变，补函数就好了我是废物的c v玩家

6ef3e9998bf3097246bb43d44ac8d1e

献上代码:

// re2.js
function comb(t, e) {
    var n = "".concat(t, "|").concat(e);
    return btoa(n)
}


function encryptApiKey(){
    var t = "a2c903cc-b31e-4547-9299-b6d07b7631ab"
      , e = t.split("")
      , n = e.splice(0, 8);
    return t = e.concat(n).join("")
}


function encryptTime(t) {
    a = 1111111111111
    var e = (1 * t + a).toString().split("")
      , n = parseInt(10 * Math.random(), 10)
      , r = parseInt(10 * Math.random(), 10)
      , o = parseInt(10 * Math.random(), 10);
    return e.concat([n, r, o]).join("")
}


function getApiKey()   {
    var t = (new Date).getTime()
      , e = encryptApiKey();
        t = encryptTime(t);
    return comb(e, t);
    }

# re2.py
import requests
import subprocess
from functools import partial
subprocess.Popen = partial(subprocess.Popen, encoding='utf-8')
import execjs

runtime = execjs.get()

with open("re2.js", "r", encoding="utf-8") as file:
    script = file.read()

compiled = runtime.compile(script)
result = compiled.call("getApiKey")


cookies = {
    'aliyungf_tc': '0f24459a3c9ddc241f5593e381aceb36128fdbfacf7d12236bd7eda4e037a90f',
    'locale': 'zh_CN',
    'devId': '42abde1b-84da-499b-95a4-404e9fe3c721',
    'okg.currentMedia': 'md',
    'Hm_lvt_5244adb4ce18f1d626ffc94627dd9fd7': '1689104079',
    'Hm_lpvt_5244adb4ce18f1d626ffc94627dd9fd7': '1689104093',
    '_monitor_extras': '{"deviceId":"DSuGzOkvjivvyotLvWTHiR","eventId":4,"sequenceNumber":4}',
}

headers = {
    'authority': 'www.oklink.com',
    'accept': 'application/json',
    'accept-language': 'zh-CN',
    'app-type': 'web',
    'baggage': 'sentry-environment=prod,sentry-release=4.5.6,sentry-public_key=b8a78f86048a44f7aa293eaddd87d494,sentry-trace_id=1ef62da291b2458da6e28a297c8294de,sentry-sample_rate=1',
    'cache-control': 'no-cache',
    # 'cookie': 'aliyungf_tc=0f24459a3c9ddc241f5593e381aceb36128fdbfacf7d12236bd7eda4e037a90f; locale=zh_CN; devId=42abde1b-84da-499b-95a4-404e9fe3c721; okg.currentMedia=md; Hm_lvt_5244adb4ce18f1d626ffc94627dd9fd7=1689104079; Hm_lpvt_5244adb4ce18f1d626ffc94627dd9fd7=1689104093; _monitor_extras={"deviceId":"DSuGzOkvjivvyotLvWTHiR","eventId":4,"sequenceNumber":4}',
    'devid': '42abde1b-84da-499b-95a4-404e9fe3c721',
    'pragma': 'no-cache',
    'referer': 'https://www.oklink.com/cn/btc/tx-list',
    'sec-ch-ua': '"Not.A/Brand";v="8", "Chromium";v="114", "Google Chrome";v="114"',
    'sec-ch-ua-mobile': '?0',
    'sec-ch-ua-platform': '"Windows"',
    'sec-fetch-dest': 'empty',
    'sec-fetch-mode': 'cors',
    'sec-fetch-site': 'same-origin',
    'sentry-trace': '1ef62da291b2458da6e28a297c8294de-82a4ef41e12fa2c6-1',
    'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36',
    'x-apikey': result,
    'x-cdn': 'https://static.oklink.com',
    'x-locale': 'zh_CN',
    'x-utc': '8',
}

params = {
    't': '1689104093968',
    'offset': '0',
    'txType': '',
    'limit': '20',
    'sort': '',
}

response = requests.get(
    'https://www.oklink.com/api/explorer/v1/btc/transactionsNoRestrict',
    params=params,
    cookies=cookies,
    headers=headers,
)

print(response.text)

这和re1很像，但这个是请求头参数加密，re1是数据直接加密，能算上有一点点不一样吧

悲

我只是个菜逼，ob混淆还搞不定，我是废物 f2db221136c72aceca709a5daf10ec6

JS逆向尝试（二）

example1

悲

哇哇哇哇哇哇哇哇哇哇

acw_sc__v2

乐子人

笑嘻嘻乐

example1

悲

哇哇哇哇哇哇哇哇哇哇

acw_sc__v2

乐子人

笑嘻嘻 乐

笑嘻嘻乐