a_bogus.js 16 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430
  1. // All the content in this article is only for learning and communication use, not for any other purpose, strictly prohibited for commercial use and illegal use, otherwise all the consequences are irrelevant to the author!
  2. function rc4_encrypt(plaintext, key) {
  3. var s = [];
  4. for (var i = 0; i < 256; i++) {
  5. s[i] = i;
  6. }
  7. var j = 0;
  8. for (var i = 0; i < 256; i++) {
  9. j = (j + s[i] + key.charCodeAt(i % key.length)) % 256;
  10. var temp = s[i];
  11. s[i] = s[j];
  12. s[j] = temp;
  13. }
  14. var i = 0;
  15. var j = 0;
  16. var cipher = [];
  17. for (var k = 0; k < plaintext.length; k++) {
  18. i = (i + 1) % 256;
  19. j = (j + s[i]) % 256;
  20. var temp = s[i];
  21. s[i] = s[j];
  22. s[j] = temp;
  23. var t = (s[i] + s[j]) % 256;
  24. cipher.push(String.fromCharCode(s[t] ^ plaintext.charCodeAt(k)));
  25. }
  26. return cipher.join('');
  27. }
  28. function le(e, r) {
  29. return (e << (r %= 32) | e >>> 32 - r) >>> 0
  30. }
  31. function de(e) {
  32. return 0 <= e && e < 16 ? 2043430169 : 16 <= e && e < 64 ? 2055708042 : void console['error']("invalid j for constant Tj")
  33. }
  34. function pe(e, r, t, n) {
  35. return 0 <= e && e < 16 ? (r ^ t ^ n) >>> 0 : 16 <= e && e < 64 ? (r & t | r & n | t & n) >>> 0 : (console['error']('invalid j for bool function FF'),
  36. 0)
  37. }
  38. function he(e, r, t, n) {
  39. return 0 <= e && e < 16 ? (r ^ t ^ n) >>> 0 : 16 <= e && e < 64 ? (r & t | ~r & n) >>> 0 : (console['error']('invalid j for bool function GG'),
  40. 0)
  41. }
  42. function reset() {
  43. this.reg[0] = 1937774191,
  44. this.reg[1] = 1226093241,
  45. this.reg[2] = 388252375,
  46. this.reg[3] = 3666478592,
  47. this.reg[4] = 2842636476,
  48. this.reg[5] = 372324522,
  49. this.reg[6] = 3817729613,
  50. this.reg[7] = 2969243214,
  51. this["chunk"] = [],
  52. this["size"] = 0
  53. }
  54. function write(e) {
  55. var a = "string" == typeof e ? function (e) {
  56. n = encodeURIComponent(e)['replace'](/%([0-9A-F]{2})/g, (function (e, r) {
  57. return String['fromCharCode']("0x" + r)
  58. }
  59. ))
  60. , a = new Array(n['length']);
  61. return Array['prototype']['forEach']['call'](n, (function (e, r) {
  62. a[r] = e.charCodeAt(0)
  63. }
  64. )),
  65. a
  66. }(e) : e;
  67. this.size += a.length;
  68. var f = 64 - this['chunk']['length'];
  69. if (a['length'] < f)
  70. this['chunk'] = this['chunk'].concat(a);
  71. else
  72. for (this['chunk'] = this['chunk'].concat(a.slice(0, f)); this['chunk'].length >= 64;)
  73. this['_compress'](this['chunk']),
  74. f < a['length'] ? this['chunk'] = a['slice'](f, Math['min'](f + 64, a['length'])) : this['chunk'] = [],
  75. f += 64
  76. }
  77. function sum(e, t) {
  78. e && (this['reset'](),
  79. this['write'](e)),
  80. this['_fill']();
  81. for (var f = 0; f < this.chunk['length']; f += 64)
  82. this._compress(this['chunk']['slice'](f, f + 64));
  83. var i = null;
  84. if (t == 'hex') {
  85. i = "";
  86. for (f = 0; f < 8; f++)
  87. i += se(this['reg'][f]['toString'](16), 8, "0")
  88. } else
  89. for (i = new Array(32),
  90. f = 0; f < 8; f++) {
  91. var c = this.reg[f];
  92. i[4 * f + 3] = (255 & c) >>> 0,
  93. c >>>= 8,
  94. i[4 * f + 2] = (255 & c) >>> 0,
  95. c >>>= 8,
  96. i[4 * f + 1] = (255 & c) >>> 0,
  97. c >>>= 8,
  98. i[4 * f] = (255 & c) >>> 0
  99. }
  100. return this['reset'](),
  101. i
  102. }
  103. function _compress(t) {
  104. if (t < 64)
  105. console.error("compress error: not enough data");
  106. else {
  107. for (var f = function (e) {
  108. for (var r = new Array(132), t = 0; t < 16; t++)
  109. r[t] = e[4 * t] << 24,
  110. r[t] |= e[4 * t + 1] << 16,
  111. r[t] |= e[4 * t + 2] << 8,
  112. r[t] |= e[4 * t + 3],
  113. r[t] >>>= 0;
  114. for (var n = 16; n < 68; n++) {
  115. var a = r[n - 16] ^ r[n - 9] ^ le(r[n - 3], 15);
  116. a = a ^ le(a, 15) ^ le(a, 23),
  117. r[n] = (a ^ le(r[n - 13], 7) ^ r[n - 6]) >>> 0
  118. }
  119. for (n = 0; n < 64; n++)
  120. r[n + 68] = (r[n] ^ r[n + 4]) >>> 0;
  121. return r
  122. }(t), i = this['reg'].slice(0), c = 0; c < 64; c++) {
  123. var o = le(i[0], 12) + i[4] + le(de(c), c)
  124. , s = ((o = le(o = (4294967295 & o) >>> 0, 7)) ^ le(i[0], 12)) >>> 0
  125. , u = pe(c, i[0], i[1], i[2]);
  126. u = (4294967295 & (u = u + i[3] + s + f[c + 68])) >>> 0;
  127. var b = he(c, i[4], i[5], i[6]);
  128. b = (4294967295 & (b = b + i[7] + o + f[c])) >>> 0,
  129. i[3] = i[2],
  130. i[2] = le(i[1], 9),
  131. i[1] = i[0],
  132. i[0] = u,
  133. i[7] = i[6],
  134. i[6] = le(i[5], 19),
  135. i[5] = i[4],
  136. i[4] = (b ^ le(b, 9) ^ le(b, 17)) >>> 0
  137. }
  138. for (var l = 0; l < 8; l++)
  139. this['reg'][l] = (this['reg'][l] ^ i[l]) >>> 0
  140. }
  141. }
  142. function _fill() {
  143. var a = 8 * this['size']
  144. , f = this['chunk']['push'](128) % 64;
  145. for (64 - f < 8 && (f -= 64); f < 56; f++)
  146. this.chunk['push'](0);
  147. for (var i = 0; i < 4; i++) {
  148. var c = Math['floor'](a / 4294967296);
  149. this['chunk'].push(c >>> 8 * (3 - i) & 255)
  150. }
  151. for (i = 0; i < 4; i++)
  152. this['chunk']['push'](a >>> 8 * (3 - i) & 255)
  153. }
  154. function SM3() {
  155. this.reg = [];
  156. this.chunk = [];
  157. this.size = 0;
  158. this.reset()
  159. }
  160. SM3.prototype.reset = reset;
  161. SM3.prototype.write = write;
  162. SM3.prototype.sum = sum;
  163. SM3.prototype._compress = _compress;
  164. SM3.prototype._fill = _fill;
  165. function result_encrypt(long_str, num = null) {
  166. let s_obj = {
  167. "s0": "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",
  168. "s1": "Dkdpgh4ZKsQB80/Mfvw36XI1R25+WUAlEi7NLboqYTOPuzmFjJnryx9HVGcaStCe=",
  169. "s2": "Dkdpgh4ZKsQB80/Mfvw36XI1R25-WUAlEi7NLboqYTOPuzmFjJnryx9HVGcaStCe=",
  170. "s3": "ckdp1h4ZKsUB80/Mfvw36XIgR25+WQAlEi7NLboqYTOPuzmFjJnryx9HVGDaStCe",
  171. "s4": "Dkdpgh2ZmsQB80/MfvV36XI1R45-WUAlEixNLwoqYTOPuzKFjJnry79HbGcaStCe"
  172. }
  173. let constant = {
  174. "0": 16515072,
  175. "1": 258048,
  176. "2": 4032,
  177. "str": s_obj[num],
  178. }
  179. let result = "";
  180. let lound = 0;
  181. let long_int = get_long_int(lound, long_str);
  182. for (let i = 0; i < long_str.length / 3 * 4; i++) {
  183. if (Math.floor(i / 4) !== lound) {
  184. lound += 1;
  185. long_int = get_long_int(lound, long_str);
  186. }
  187. let key = i % 4;
  188. switch (key) {
  189. case 0:
  190. temp_int = (long_int & constant["0"]) >> 18;
  191. result += constant["str"].charAt(temp_int);
  192. break;
  193. case 1:
  194. temp_int = (long_int & constant["1"]) >> 12;
  195. result += constant["str"].charAt(temp_int);
  196. break;
  197. case 2:
  198. temp_int = (long_int & constant["2"]) >> 6;
  199. result += constant["str"].charAt(temp_int);
  200. break;
  201. case 3:
  202. temp_int = long_int & 63;
  203. result += constant["str"].charAt(temp_int);
  204. break;
  205. default:
  206. break;
  207. }
  208. }
  209. return result;
  210. }
  211. function get_long_int(round, long_str) {
  212. round = round * 3;
  213. return (long_str.charCodeAt(round) << 16) | (long_str.charCodeAt(round + 1) << 8) | (long_str.charCodeAt(round + 2));
  214. }
  215. function gener_random(random, option) {
  216. return [
  217. (random & 255 & 170) | option[0] & 85, // 163
  218. (random & 255 & 85) | option[0] & 170, //87
  219. (random >> 8 & 255 & 170) | option[1] & 85, //37
  220. (random >> 8 & 255 & 85) | option[1] & 170, //41
  221. ]
  222. }
  223. //////////////////////////////////////////////
  224. function generate_rc4_bb_str(url_search_params, user_agent, window_env_str, suffix = "cus", Arguments = [0, 1, 14]) {
  225. let sm3 = new SM3()
  226. let start_time = Date.now()
  227. /**
  228. * 进行3次加密处理
  229. * 1: url_search_params两次sm3之的结果
  230. * 2: 对后缀两次sm3之的结果
  231. * 3: 对ua处理之后的结果
  232. */
  233. // url_search_params两次sm3之的结果
  234. let url_search_params_list = sm3.sum(sm3.sum(url_search_params + suffix))
  235. // 对后缀两次sm3之的结果
  236. let cus = sm3.sum(sm3.sum(suffix))
  237. // 对ua处理之后的结果
  238. let ua = sm3.sum(result_encrypt(rc4_encrypt(user_agent, String.fromCharCode.apply(null, [0.00390625, 1, 14])), "s3"))
  239. //
  240. let end_time = Date.now()
  241. // b
  242. let b = {
  243. 8: 3, // 固定
  244. 10: end_time, //3次加密结束时间
  245. 15: {
  246. "aid": 6383,
  247. "pageId": 6241,
  248. "boe": false,
  249. "ddrt": 7,
  250. "paths": {
  251. "include": [
  252. {},
  253. {},
  254. {},
  255. {},
  256. {},
  257. {},
  258. {}
  259. ],
  260. "exclude": []
  261. },
  262. "track": {
  263. "mode": 0,
  264. "delay": 300,
  265. "paths": []
  266. },
  267. "dump": true,
  268. "rpU": ""
  269. },
  270. 16: start_time, //3次加密开始时间
  271. 18: 44, //固定
  272. 19: [1, 0, 1, 5],
  273. }
  274. //3次加密开始时间
  275. b[20] = (b[16] >> 24) & 255
  276. b[21] = (b[16] >> 16) & 255
  277. b[22] = (b[16] >> 8) & 255
  278. b[23] = b[16] & 255
  279. b[24] = (b[16] / 256 / 256 / 256 / 256) >> 0
  280. b[25] = (b[16] / 256 / 256 / 256 / 256 / 256) >> 0
  281. // 参数Arguments [0, 1, 14, ...]
  282. // let Arguments = [0, 1, 14]
  283. b[26] = (Arguments[0] >> 24) & 255
  284. b[27] = (Arguments[0] >> 16) & 255
  285. b[28] = (Arguments[0] >> 8) & 255
  286. b[29] = Arguments[0] & 255
  287. b[30] = (Arguments[1] / 256) & 255
  288. b[31] = (Arguments[1] % 256) & 255
  289. b[32] = (Arguments[1] >> 24) & 255
  290. b[33] = (Arguments[1] >> 16) & 255
  291. b[34] = (Arguments[2] >> 24) & 255
  292. b[35] = (Arguments[2] >> 16) & 255
  293. b[36] = (Arguments[2] >> 8) & 255
  294. b[37] = Arguments[2] & 255
  295. // (url_search_params + "cus") 两次sm3之的结果
  296. /**let url_search_params_list = [
  297. 91, 186, 35, 86, 143, 253, 6, 76,
  298. 34, 21, 167, 148, 7, 42, 192, 219,
  299. 188, 20, 182, 85, 213, 74, 213, 147,
  300. 37, 155, 93, 139, 85, 118, 228, 213
  301. ]*/
  302. b[38] = url_search_params_list[21]
  303. b[39] = url_search_params_list[22]
  304. // ("cus") 对后缀两次sm3之的结果
  305. /**
  306. * let cus = [
  307. 136, 101, 114, 147, 58, 77, 207, 201,
  308. 215, 162, 154, 93, 248, 13, 142, 160,
  309. 105, 73, 215, 241, 83, 58, 51, 43,
  310. 255, 38, 168, 141, 216, 194, 35, 236
  311. ]*/
  312. b[40] = cus[21]
  313. b[41] = cus[22]
  314. // 对ua处理之后的结果
  315. /**
  316. * let ua = [
  317. 129, 190, 70, 186, 86, 196, 199, 53,
  318. 99, 38, 29, 209, 243, 17, 157, 69,
  319. 147, 104, 53, 23, 114, 126, 66, 228,
  320. 135, 30, 168, 185, 109, 156, 251, 88
  321. ]*/
  322. b[42] = ua[23]
  323. b[43] = ua[24]
  324. //3次加密结束时间
  325. b[44] = (b[10] >> 24) & 255
  326. b[45] = (b[10] >> 16) & 255
  327. b[46] = (b[10] >> 8) & 255
  328. b[47] = b[10] & 255
  329. b[48] = b[8]
  330. b[49] = (b[10] / 256 / 256 / 256 / 256) >> 0
  331. b[50] = (b[10] / 256 / 256 / 256 / 256 / 256) >> 0
  332. // object配置项
  333. b[51] = b[15]['pageId']
  334. b[52] = (b[15]['pageId'] >> 24) & 255
  335. b[53] = (b[15]['pageId'] >> 16) & 255
  336. b[54] = (b[15]['pageId'] >> 8) & 255
  337. b[55] = b[15]['pageId'] & 255
  338. b[56] = b[15]['aid']
  339. b[57] = b[15]['aid'] & 255
  340. b[58] = (b[15]['aid'] >> 8) & 255
  341. b[59] = (b[15]['aid'] >> 16) & 255
  342. b[60] = (b[15]['aid'] >> 24) & 255
  343. // 中间进行了环境检测
  344. // 代码索引: 2496 索引值: 17 (索引64关键条件)
  345. // '1536|747|1536|834|0|30|0|0|1536|834|1536|864|1525|747|24|24|Win32'.charCodeAt()得到65位数组
  346. /**
  347. * let window_env_list = [49, 53, 51, 54, 124, 55, 52, 55, 124, 49, 53, 51, 54, 124, 56, 51, 52, 124, 48, 124, 51,
  348. * 48, 124, 48, 124, 48, 124, 49, 53, 51, 54, 124, 56, 51, 52, 124, 49, 53, 51, 54, 124, 56,
  349. * 54, 52, 124, 49, 53, 50, 53, 124, 55, 52, 55, 124, 50, 52, 124, 50, 52, 124, 87, 105, 110,
  350. * 51, 50]
  351. */
  352. let window_env_list = [];
  353. for (let index = 0; index < window_env_str.length; index++) {
  354. window_env_list.push(window_env_str.charCodeAt(index))
  355. }
  356. b[64] = window_env_list.length
  357. b[65] = b[64] & 255
  358. b[66] = (b[64] >> 8) & 255
  359. b[69] = [].length
  360. b[70] = b[69] & 255
  361. b[71] = (b[69] >> 8) & 255
  362. b[72] = b[18] ^ b[20] ^ b[26] ^ b[30] ^ b[38] ^ b[40] ^ b[42] ^ b[21] ^ b[27] ^ b[31] ^ b[35] ^ b[39] ^ b[41] ^ b[43] ^ b[22] ^
  363. b[28] ^ b[32] ^ b[36] ^ b[23] ^ b[29] ^ b[33] ^ b[37] ^ b[44] ^ b[45] ^ b[46] ^ b[47] ^ b[48] ^ b[49] ^ b[50] ^ b[24] ^
  364. b[25] ^ b[52] ^ b[53] ^ b[54] ^ b[55] ^ b[57] ^ b[58] ^ b[59] ^ b[60] ^ b[65] ^ b[66] ^ b[70] ^ b[71]
  365. let bb = [
  366. b[18], b[20], b[52], b[26], b[30], b[34], b[58], b[38], b[40], b[53], b[42], b[21], b[27], b[54], b[55], b[31],
  367. b[35], b[57], b[39], b[41], b[43], b[22], b[28], b[32], b[60], b[36], b[23], b[29], b[33], b[37], b[44], b[45],
  368. b[59], b[46], b[47], b[48], b[49], b[50], b[24], b[25], b[65], b[66], b[70], b[71]
  369. ]
  370. bb = bb.concat(window_env_list).concat(b[72])
  371. return rc4_encrypt(String.fromCharCode.apply(null, bb), String.fromCharCode.apply(null, [121]));
  372. }
  373. function generate_random_str() {
  374. let random_str_list = []
  375. random_str_list = random_str_list.concat(gener_random(Math.random() * 10000, [3, 45]))
  376. random_str_list = random_str_list.concat(gener_random(Math.random() * 10000, [1, 0]))
  377. random_str_list = random_str_list.concat(gener_random(Math.random() * 10000, [1, 5]))
  378. return String.fromCharCode.apply(null, random_str_list)
  379. }
  380. function generate_a_bogus(url_search_params, user_agent) {
  381. /**
  382. * url_search_params:"device_platform=webapp&aid=6383&channel=channel_pc_web&update_version_code=170400&pc_client_type=1&version_code=170400&version_name=17.4.0&cookie_enabled=true&screen_width=1536&screen_height=864&browser_language=zh-CN&browser_platform=Win32&browser_name=Chrome&browser_version=123.0.0.0&browser_online=true&engine_name=Blink&engine_version=123.0.0.0&os_name=Windows&os_version=10&cpu_core_num=16&device_memory=8&platform=PC&downlink=10&effective_type=4g&round_trip_time=50&webid=7362810250930783783&msToken=VkDUvz1y24CppXSl80iFPr6ez-3FiizcwD7fI1OqBt6IICq9RWG7nCvxKb8IVi55mFd-wnqoNkXGnxHrikQb4PuKob5Q-YhDp5Um215JzlBszkUyiEvR"
  383. * user_agent:"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36"
  384. */
  385. let result_str = generate_random_str() + generate_rc4_bb_str(
  386. url_search_params,
  387. user_agent,
  388. "1536|747|1536|834|0|30|0|0|1536|834|1536|864|1525|747|24|24|Win32"
  389. );
  390. return result_encrypt(result_str, "s4") + "=";
  391. }
  392. //测试调用
  393. // console.log(generate_a_bogus(
  394. // "device_platform=webapp&aid=6383&channel=channel_pc_web&update_version_code=170400&pc_client_type=1&version_code=170400&version_name=17.4.0&cookie_enabled=true&screen_width=1536&screen_height=864&browser_language=zh-CN&browser_platform=Win32&browser_name=Chrome&browser_version=123.0.0.0&browser_online=true&engine_name=Blink&engine_version=123.0.0.0&os_name=Windows&os_version=10&cpu_core_num=16&device_memory=8&platform=PC&downlink=10&effective_type=4g&round_trip_time=50&webid=7362810250930783783&msToken=VkDUvz1y24CppXSl80iFPr6ez-3FiizcwD7fI1OqBt6IICq9RWG7nCvxKb8IVi55mFd-wnqoNkXGnxHrikQb4PuKob5Q-YhDp5Um215JzlBszkUyiEvR",
  395. // "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36"
  396. // ));