最近某网站加上了阿里防火墙,使得无法正常签到,请求显示如下:

upload successful
网上搜了下,刚好发现吾爱破解里有现成的,原网址(https://www.52pojie.cn/thread-1822807-1-1.html) ,既然有现成的,就不再自己逆向分析,将其代码稍加改动,使其能够在nodejs中运行以满足脚本需要,构造一下函数

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
async function decryptFunction(encryptedId) {
  var encryptionKey = "3000176000856006061501533003690027800375";

  String.prototype.hexXor = function(xorStr) {
    var decrypted = "";

    for (var i = 0; i < this.length && i < xorStr.length; i += 2) {
      var char1 = parseInt(this.slice(i, i + 2), 16);
      var char2 = parseInt(xorStr.slice(i, i + 2), 16);  
      var xored = (char1 ^ char2).toString(16);

      if (xored.length == 1) {
        xored = "0" + xored;
      }

      decrypted += xored;
    }

    return decrypted;
  };

  String.prototype.unbox = function() {
    var map = [15, 35, 29, 24, 33, 16, 1, 38, 10, 9, 19, 31, 40, 27, 22, 23, 25, 13, 6, 11, 39, 18, 20, 8, 14, 21, 32, 26, 2, 30, 7, 4, 17, 5, 3, 28, 34, 37, 12, 36];
    var unboxed = [];
    var unboxedStr = "";

    for (var i = 0; i < this.length; i++) {
      var char = this[i];

      for (var j = 0; j < map.length; j++) {
        if (map[j] == i + 1) {
          unboxed[j] = char;
        }
      }
    }

    unboxedStr = unboxed.join("");
    return unboxedStr;
  };

  var decryptedId = encryptedId.unbox();
  var decryptedValue = decryptedId.hexXor(encryptionKey);
  return decryptedValue;
}

在原代码中加入,encryptedId为arg1的值,将acw和acw2放入cookie再次请求,果然可以成功

upload successful