10148pzf
commented
1 year ago +1,困扰了好久,怎么会出现“预约下单失败”这种报错。解决了求踢踢
Open aaaaqqqyzjin opened 1 year ago
10148pzf
commented
1 year ago +1,困扰了好久,怎么会出现“预约下单失败”这种报错。解决了求踢踢
singularity-s0
commented
1 year ago 由于服务器并未返回具体的错误信息,很难确定此问题的原因所在。注意到现在小程序发送预约请求的时候会带上一个text_字段,对应于每个预约项目的rsaText字段,怀疑可能是近期添加了某种加密以针对脚本。
SyntaxSmith
commented
1 year ago 由于服务器并未返回具体的错误信息,很难确定此问题的原因所在。注意到现在小程序发送预约请求的时候会带上一个
text_字段,对应于每个预约项目的rsaText字段,怀疑可能是近期添加了某种加密以针对脚本。
crypto-js.min_v3_1.zip 加密的JS脚本好像是这个主要关注sub2有关的代码段,但是这代码加密过而且实在是太长了,vscode甚至不能正确解析。
singularity-s0
commented
1 year ago 如果是前端加密,那可以考虑采用 Selenium,但这意味着现有代码需要推倒重来。
Byounng
commented
1 year ago 在最后一步提交预定请求多了rsa_text_和text_这俩个验证字段,而这俩字段在请求:
GET https://elife.fudan.edu.cn/public/front/loadOrderForm_ordinary.htm?xxx 这个请求的response里面可以看到,如下,其中rsa_text可以看到,但是text_为空
<input type="hidden" id="rsa_text_" name="rsa_text_" value="可以看到XXX">
<input type="hidden" id="text_" name="text_" value="">
qzshi97
commented
11 months ago 有人解决RSA加密问题了吗?
SyntaxSmith
commented
8 months ago 如果是前端加密,那可以考虑采用 Selenium,但这意味着现有代码需要推倒重来。 如果只是使用selenium的话解决不算困难,现在改成了点按验证码,已经写了检测字符位置的代码,正确率在7成以上。现在想问问有没有懂前端的老哥看看字符位置的上报也是加密的吗?
SyntaxSmith
commented
8 months ago _0x2df407[_0x2143('0xf2', 'ZDky')] = function(_0x4bc16d) {
var _0x3f1c51 = {
'ZmAEr': function _0x5972fc(_0x4396e0, _0x431e14) {
return _0x4396e0 === _0x431e14;
},
'MNEUN': 'HoX',
'GPrBm': function _0x59671a(_0x576293, _0x308e0c) {
return _0x576293(_0x308e0c);
},
'GOxLP': _0x2143('0xf3', 'M@aE'),
'gTOCc': function _0x3994dd(_0x57b9d6, _0x32216e) {
return _0x57b9d6(_0x32216e);
},
'jdpGE': function _0x426046(_0x224591, _0x4e8e11) {
return _0x224591 + _0x4e8e11;
},
'xpnFf': _0x2143('0xf4', '#2ij'),
'oezxj': _0x2143('0xf5', 'U^*O'),
'fVwmT': _0x2143('0xf6', 'cOEn'),
'ojGkW': _0x2143('0xf7', '1L[]'),
'oUDND': _0x2143('0xf8', '2j*j'),
'FkGVv': function _0x404d28(_0x5d461e, _0x1ddf3a) {
return _0x5d461e !== _0x1ddf3a;
},
'EojXo': _0x2143('0xf9', 'sPad'),
'NgRUW': function _0x3497eb(_0x15b972, _0x598b45) {
return _0x15b972(_0x598b45);
},
'VvwAB': _0x2143('0xfa', 'jOoK'),
'oXOQJ': function _0x5061ef(_0x5b60b9, _0x145945) {
return _0x5b60b9 != _0x145945;
},
'fEeGB': function _0x3b1375(_0x205165, _0xd397a4) {
return _0x205165 !== _0xd397a4;
},
'zqhry': _0x2143('0xfb', 'jOoK'),
'xhTpt': function _0x2f2c3b(_0x5bbeea, _0x224986) {
return _0x5bbeea(_0x224986);
},
'bmxVt': function _0x409cf4(_0xe7d117, _0x16f595) {
return _0xe7d117 == _0x16f595;
}
};
if (_0x3f1c51[_0x2143('0xfc', 'l2)f')](_0x2143('0xfd', '(jIy'), _0x3f1c51['MNEUN'])) {
that['verify'](_0x3f1c51[_0x2143('0xfe', 'Q)Q*')](_0x506456, that['clickPoint']));
} else {
var _0x1b1176 = _0x3f1c51['GOxLP'][_0x2143('0xff', 'Mbv*')]('|')
, _0x3455ab = 0x0;
while (!![]) {
switch (_0x1b1176[_0x3455ab++]) {
case '0':
_0x4bc16d = _0x3f1c51[_0x2143('0x100', 'j2]$')](__encrypt, _0x3f1c51[_0x2143('0x101', 'vnUn')](_0x4bc16d, '_') + new Date()['getTime']());
continue;
case '1':
if (_0x2efed6['options'][_0x2143('0x102', 'M@aE')]) {
var _0x310a63 = _0x3f1c51[_0x2143('0x103', '1L[]')][_0x2143('0x104', 'U1Ta')]('|')
, _0x37a4b7 = 0x0;
while (!![]) {
switch (_0x310a63[_0x37a4b7++]) {
case '0':
_0x2395a1['find'](_0x3f1c51['oezxj'])[_0x2143('0x105', 'U1Ta')](_0x3f1c51['fVwmT']);
continue;
case '1':
var _0x5a5edb = _0x2efed6[_0x2143('0x106', '2j*j')][_0x2143('0x107', 'zr@3')];
continue;
case '2':
var _0x2c6cd7 = _0x2efed6['options']['validFiled'] || 'code';
continue;
case '3':
_0x5a5edb[_0x2c6cd7] = _0x4bc16d;
continue;
case '4':
_0x4be52a[_0x2143('0x108', 'jOoK')]({
'url': _0x2efed6[_0x2143('0x24', 'BVhT')][_0x2143('0x109', 'cyED')],
'type': _0x3f1c51[_0x2143('0x10a', 'j2]$')],
'dataType': _0x3f1c51[_0x2143('0x10b', 'XsL[')],
'data': _0x5a5edb,
'success': function(_0xeadf4d) {
var _0xe368a6 = {
'QbpRf': function _0x54abb2(_0x3ab46f, _0x5b879e) {
return _0x3ab46f === _0x5b879e;
},
'UMAQP': _0x2143('0x10c', 'Mbv*'),
'YUfOV': function _0x368333(_0x449494, _0x4bacef) {
return _0x449494 >= _0x4bacef;
},
'HszNJ': function _0x49b663(_0x550362, _0x106e6e) {
return _0x550362 + _0x106e6e;
},
'LOMWl': function _0x46aad8(_0xc7424a, _0x358b4d) {
return _0xc7424a + _0x358b4d;
},
'EYlBu': function _0x2bb018(_0x11c5d4, _0x94ea5b) {
return _0x11c5d4 + _0x94ea5b;
},
'mmGoy': 'px;\x20top:\x20',
'qfrUH': function _0xe52965(_0xdb00f1, _0x2ac117) {
return _0xdb00f1 - _0x2ac117;
},
'XMhly': _0x2143('0x10d', '2j*j'),
'MAFNp': function _0x12481e(_0x2457ca, _0x2c5cc6) {
return _0x2457ca == _0x2c5cc6;
},
'MRfuY': function _0x5096e2(_0x402d2a, _0x4338d1) {
return _0x402d2a(_0x4338d1);
}
};
if (_0xe368a6['QbpRf'](_0xe368a6[_0x2143('0x10e', 'VPfm')], 'otK')) {
if (_0xe368a6[_0x2143('0x10f', '(nrh')](_0x2efed6[_0x2143('0x110', 'XsL[')], 0x4)) {
return;
}
_0x2efed6['curIndex']++;
var _0x149f8a = _0xe368a6[_0x2143('0x111', 'zr@3')](_0xe368a6[_0x2143('0x112', ')CMW')](_0xe368a6[_0x2143('0x113', 'Mbv*')](_0xe368a6[_0x2143('0x114', 'VPfm')](_0x2143('0x115', 'VPfm'), _0x2efed6[_0x2143('0x116', 'y9Ak')]) + _0x2143('0x117', 'cyED'), event[_0x2143('0x118', '#tCT')] - 0xd), _0xe368a6['mmGoy']) + _0xe368a6[_0x2143('0x119', 'j2]$')](event[_0x2143('0x11a', '(jIy')], 0x17), _0xe368a6[_0x2143('0x11b', 'deF2')]);
_0x4be52a(this)['append'](_0x149f8a);
_0x2efed6[_0x2143('0x11c', '13Es')][_0x2143('0x11d', 'tAFr')]([event[_0x2143('0x11e', ')CMW')], event['offsetY']]);
if (_0xe368a6['MAFNp'](_0x2efed6[_0x2143('0x11f', '0DV1')], _0x2efed6['options'][_0x2143('0x120', ')CMW')])) {
_0x2efed6[_0x2143('0x121', '1L[]')](_0xe368a6[_0x2143('0x122', 'deF2')](_0x506456, _0x2efed6[_0x2143('0x123', 'sPad')]));
}
} else {
if (_0x4be52a['isFunction'](_0x2efed6['options']['onSubmit'])) {
_0x2efed6[_0x2143('0x124', 'k9)2')]['onSubmit'][_0x2143('0xbd', 'sPad')](_0x2efed6[_0x2143('0x125', 'EeW*')], _0xeadf4d, _0x2efed6);
}
}
}
});
continue;
}
break;
}
} else {
if (_0x4be52a[_0x2143('0x126', '1L[]')](_0x2efed6[_0x2143('0x127', 'fhes')][_0x2143('0x128', '*Z^)')])) {
if (_0x3f1c51[_0x2143('0x129', 'zr@3')](_0x3f1c51['EojXo'], _0x2143('0x12a', 'Mbv*'))) {
var _0x1c39ad = this;
if (_0x1c39ad[_0x2143('0x12b', 'kxWN')][_0x2143('0x12c', 'deF2')] == _0x2143('0x12d', 'kMDe')) {
_0x3f1c51[_0x2143('0x12e', 'HakO')](_0x4be52a, _0x3f1c51[_0x2143('0x12f', '(nrh')])[_0x2143('0x130', '#tCT')](_0x2143('0x131', 'deF2'))[_0x2143('0x132', 'VPfm')]();
}
} else {
_0x2efed6[_0x2143('0x133', '0DV1')][_0x2143('0x134', '13Es')][_0x2143('0x135', 'y9Ak')](_0x2efed6[_0x2143('0x136', 'U^*O')], _0x4bc16d, _0x2efed6);
}
}
}
continue;
case '2':
var _0x2efed6 = this;
continue;
case '3':
if (!_0x4bc16d || _0x3f1c51[_0x2143('0x137', 'i7c8')](_0x4bc16d['length'], 0x18)) {
if (_0x3f1c51['fEeGB'](_0x3f1c51['zqhry'], 'QDx')) {
this['$element'] = _0x3f1c51[_0x2143('0x138', 'ake^')](_0x4be52a, element);
this[_0x2143('0x139', '%mdC')] = 0x0;
this[_0x2143('0x13a', 'EeW*')] = [];
this[_0x2143('0x13b', 'HakO')] = _0x4be52a['extend']({}, _0x5b9763[_0x2143('0x13c', '1L[]')], options);
this['initDOM']();
} else {
console['error'](_0x2143('0x13d', 'U^*O'));
return;
}
}
continue;
case '4':
var _0x2395a1 = _0x3f1c51['bmxVt'](_0x2efed6[_0x2143('0x13e', 'zr@3')]['mode'], _0x2143('0x13f', 'vnUn')) ? _0x4be52a(_0x2143('0x140', 'cyED')) : _0x2efed6['$element'];
continue;
}
break;
}
}
}这应该是生成验证结果的js,本来想着直接调用看看输入点击坐标能不能直接生成post数据,我还是小看xxb的程度了,最近服务器状况非常差,早上server炸了,这么久了不修,搞这些
LuckyBits1024
commented
1 week ago _0x2df407[_0x2143('0xf2', 'ZDky')] = function(_0x4bc16d) { var _0x3f1c51 = { 'ZmAEr': function _0x5972fc(_0x4396e0, _0x431e14) { return _0x4396e0 === _0x431e14; }, 'MNEUN': 'HoX', 'GPrBm': function _0x59671a(_0x576293, _0x308e0c) { return _0x576293(_0x308e0c); }, 'GOxLP': _0x2143('0xf3', 'M@aE'), 'gTOCc': function _0x3994dd(_0x57b9d6, _0x32216e) { return _0x57b9d6(_0x32216e); }, 'jdpGE': function _0x426046(_0x224591, _0x4e8e11) { return _0x224591 + _0x4e8e11; }, 'xpnFf': _0x2143('0xf4', '#2ij'), 'oezxj': _0x2143('0xf5', 'U^*O'), 'fVwmT': _0x2143('0xf6', 'cOEn'), 'ojGkW': _0x2143('0xf7', '1L[]'), 'oUDND': _0x2143('0xf8', '2j*j'), 'FkGVv': function _0x404d28(_0x5d461e, _0x1ddf3a) { return _0x5d461e !== _0x1ddf3a; }, 'EojXo': _0x2143('0xf9', 'sPad'), 'NgRUW': function _0x3497eb(_0x15b972, _0x598b45) { return _0x15b972(_0x598b45); }, 'VvwAB': _0x2143('0xfa', 'jOoK'), 'oXOQJ': function _0x5061ef(_0x5b60b9, _0x145945) { return _0x5b60b9 != _0x145945; }, 'fEeGB': function _0x3b1375(_0x205165, _0xd397a4) { return _0x205165 !== _0xd397a4; }, 'zqhry': _0x2143('0xfb', 'jOoK'), 'xhTpt': function _0x2f2c3b(_0x5bbeea, _0x224986) { return _0x5bbeea(_0x224986); }, 'bmxVt': function _0x409cf4(_0xe7d117, _0x16f595) { return _0xe7d117 == _0x16f595; } }; if (_0x3f1c51[_0x2143('0xfc', 'l2)f')](_0x2143('0xfd', '(jIy'), _0x3f1c51['MNEUN'])) { that['verify'](_0x3f1c51[_0x2143('0xfe', 'Q)Q*')](_0x506456, that['clickPoint'])); } else { var _0x1b1176 = _0x3f1c51['GOxLP'][_0x2143('0xff', 'Mbv*')]('|') , _0x3455ab = 0x0; while (!![]) { switch (_0x1b1176[_0x3455ab++]) { case '0': _0x4bc16d = _0x3f1c51[_0x2143('0x100', 'j2]$')](__encrypt, _0x3f1c51[_0x2143('0x101', 'vnUn')](_0x4bc16d, '_') + new Date()['getTime']()); continue; case '1': if (_0x2efed6['options'][_0x2143('0x102', 'M@aE')]) { var _0x310a63 = _0x3f1c51[_0x2143('0x103', '1L[]')][_0x2143('0x104', 'U1Ta')]('|') , _0x37a4b7 = 0x0; while (!![]) { switch (_0x310a63[_0x37a4b7++]) { case '0': _0x2395a1['find'](_0x3f1c51['oezxj'])[_0x2143('0x105', 'U1Ta')](_0x3f1c51['fVwmT']); continue; case '1': var _0x5a5edb = _0x2efed6[_0x2143('0x106', '2j*j')][_0x2143('0x107', 'zr@3')]; continue; case '2': var _0x2c6cd7 = _0x2efed6['options']['validFiled'] || 'code'; continue; case '3': _0x5a5edb[_0x2c6cd7] = _0x4bc16d; continue; case '4': _0x4be52a[_0x2143('0x108', 'jOoK')]({ 'url': _0x2efed6[_0x2143('0x24', 'BVhT')][_0x2143('0x109', 'cyED')], 'type': _0x3f1c51[_0x2143('0x10a', 'j2]$')], 'dataType': _0x3f1c51[_0x2143('0x10b', 'XsL[')], 'data': _0x5a5edb, 'success': function(_0xeadf4d) { var _0xe368a6 = { 'QbpRf': function _0x54abb2(_0x3ab46f, _0x5b879e) { return _0x3ab46f === _0x5b879e; }, 'UMAQP': _0x2143('0x10c', 'Mbv*'), 'YUfOV': function _0x368333(_0x449494, _0x4bacef) { return _0x449494 >= _0x4bacef; }, 'HszNJ': function _0x49b663(_0x550362, _0x106e6e) { return _0x550362 + _0x106e6e; }, 'LOMWl': function _0x46aad8(_0xc7424a, _0x358b4d) { return _0xc7424a + _0x358b4d; }, 'EYlBu': function _0x2bb018(_0x11c5d4, _0x94ea5b) { return _0x11c5d4 + _0x94ea5b; }, 'mmGoy': 'px;\x20top:\x20', 'qfrUH': function _0xe52965(_0xdb00f1, _0x2ac117) { return _0xdb00f1 - _0x2ac117; }, 'XMhly': _0x2143('0x10d', '2j*j'), 'MAFNp': function _0x12481e(_0x2457ca, _0x2c5cc6) { return _0x2457ca == _0x2c5cc6; }, 'MRfuY': function _0x5096e2(_0x402d2a, _0x4338d1) { return _0x402d2a(_0x4338d1); } }; if (_0xe368a6['QbpRf'](_0xe368a6[_0x2143('0x10e', 'VPfm')], 'otK')) { if (_0xe368a6[_0x2143('0x10f', '(nrh')](_0x2efed6[_0x2143('0x110', 'XsL[')], 0x4)) { return; } _0x2efed6['curIndex']++; var _0x149f8a = _0xe368a6[_0x2143('0x111', 'zr@3')](_0xe368a6[_0x2143('0x112', ')CMW')](_0xe368a6[_0x2143('0x113', 'Mbv*')](_0xe368a6[_0x2143('0x114', 'VPfm')](_0x2143('0x115', 'VPfm'), _0x2efed6[_0x2143('0x116', 'y9Ak')]) + _0x2143('0x117', 'cyED'), event[_0x2143('0x118', '#tCT')] - 0xd), _0xe368a6['mmGoy']) + _0xe368a6[_0x2143('0x119', 'j2]$')](event[_0x2143('0x11a', '(jIy')], 0x17), _0xe368a6[_0x2143('0x11b', 'deF2')]); _0x4be52a(this)['append'](_0x149f8a); _0x2efed6[_0x2143('0x11c', '13Es')][_0x2143('0x11d', 'tAFr')]([event[_0x2143('0x11e', ')CMW')], event['offsetY']]); if (_0xe368a6['MAFNp'](_0x2efed6[_0x2143('0x11f', '0DV1')], _0x2efed6['options'][_0x2143('0x120', ')CMW')])) { _0x2efed6[_0x2143('0x121', '1L[]')](_0xe368a6[_0x2143('0x122', 'deF2')](_0x506456, _0x2efed6[_0x2143('0x123', 'sPad')])); } } else { if (_0x4be52a['isFunction'](_0x2efed6['options']['onSubmit'])) { _0x2efed6[_0x2143('0x124', 'k9)2')]['onSubmit'][_0x2143('0xbd', 'sPad')](_0x2efed6[_0x2143('0x125', 'EeW*')], _0xeadf4d, _0x2efed6); } } } }); continue; } break; } } else { if (_0x4be52a[_0x2143('0x126', '1L[]')](_0x2efed6[_0x2143('0x127', 'fhes')][_0x2143('0x128', '*Z^)')])) { if (_0x3f1c51[_0x2143('0x129', 'zr@3')](_0x3f1c51['EojXo'], _0x2143('0x12a', 'Mbv*'))) { var _0x1c39ad = this; if (_0x1c39ad[_0x2143('0x12b', 'kxWN')][_0x2143('0x12c', 'deF2')] == _0x2143('0x12d', 'kMDe')) { _0x3f1c51[_0x2143('0x12e', 'HakO')](_0x4be52a, _0x3f1c51[_0x2143('0x12f', '(nrh')])[_0x2143('0x130', '#tCT')](_0x2143('0x131', 'deF2'))[_0x2143('0x132', 'VPfm')](); } } else { _0x2efed6[_0x2143('0x133', '0DV1')][_0x2143('0x134', '13Es')][_0x2143('0x135', 'y9Ak')](_0x2efed6[_0x2143('0x136', 'U^*O')], _0x4bc16d, _0x2efed6); } } } continue; case '2': var _0x2efed6 = this; continue; case '3': if (!_0x4bc16d || _0x3f1c51[_0x2143('0x137', 'i7c8')](_0x4bc16d['length'], 0x18)) { if (_0x3f1c51['fEeGB'](_0x3f1c51['zqhry'], 'QDx')) { this['$element'] = _0x3f1c51[_0x2143('0x138', 'ake^')](_0x4be52a, element); this[_0x2143('0x139', '%mdC')] = 0x0; this[_0x2143('0x13a', 'EeW*')] = []; this[_0x2143('0x13b', 'HakO')] = _0x4be52a['extend']({}, _0x5b9763[_0x2143('0x13c', '1L[]')], options); this['initDOM'](); } else { console['error'](_0x2143('0x13d', 'U^*O')); return; } } continue; case '4': var _0x2395a1 = _0x3f1c51['bmxVt'](_0x2efed6[_0x2143('0x13e', 'zr@3')]['mode'], _0x2143('0x13f', 'vnUn')) ? _0x4be52a(_0x2143('0x140', 'cyED')) : _0x2efed6['$element']; continue; } break; } } }这应该是生成验证结果的js,本来想着直接调用看看输入点击坐标能不能直接生成post数据,我还是小看xxb的程度了,最近服务器状况非常差,早上server炸了,这么久了不修,搞这些
这个没有加密 直接拼接的 反混淆的代码如下: function _0xb55c80(_0xe6557f) { var _0x19f83c = ""; for (var _0x40b3c9 = 0; _0x40b3c9 < _0xe6557f.length; _0x40b3c9++) { _0x19f83c += _0x1ba42e(_0xe6557f[_0x40b3c9][0], 3); _0x19f83c += _0x1ba42e(_0xe6557f[_0x40b3c9][1], 3); } function _0x1ba42e(_0x5d976b, _0xa3ef05) { _0x5d976b = _0x5d976b.toFixed(0); if (_0x5d976b.length > _0xa3ef05) { console.error("点击坐标值超过了处理长度"); return _0x5d976b; } var _0x5f50b6 = _0x5d976b.length; while (_0x5f50b6 < _0xa3ef05) { _0x5f50b6++; _0x5d976b = "0" + _0x5d976b; } return _0x5d976b; } return _0x19f83c; } })(jQuery); 这个是拼接点击验证码的坐标值的 _0x4bb9d9.verify = function (_0x58fac3) { var _0x43cab3 = this; if (!_0x58fac3 || _0x58fac3.length != 24) { console.error("生成的校验码不合法"); return; } var _0x3d4f8f = _0x43cab3.options.mode == "pop" ? _0x31d564("body .valid_popup") : _0x43cab3.$element; if (_0x43cab3.options.submitUrl) { var _0x26215e = _0x43cab3.options.submitData; var _0x232dba = _0x43cab3.options.validFiled || "code"; _0x26215e[_0x232dba] = _0x58fac3; _0x3d4f8f.find(".valid_tips__text").html("验证中,请稍后..."); _0x31d564.ajax({ url: _0x43cab3.options.submitUrl, type: "POST", dataType: "json", data: _0x26215e, success: function (_0x499dc7) { if (_0x31d564.isFunction(_0x43cab3.options.onSubmit)) { _0x43cab3.options.onSubmit.call(_0x43cab3.$element, _0x499dc7, _0x43cab3); } } }); } else if (_0x31d564.isFunction(_0x43cab3.options.onComplete)) { _0x43cab3.options.onComplete.call(_0x43cab3.$element, _0x58fac3, _0x43cab3); } }; 这个是用来校验一下拼出来的坐标值合不合法,然后没问题就post上去了。并没有加密
目前代码已经失效。卡在最后一步reserve环节(前面的所有场地信息都可以正确获取),查看服务器返回信息直接显示“预约订单失败”,不知道是哪里出了问题,很奇怪