• 通过 chatgpt 协助完成网站数据破解

    Chatgpt 的出现极大地提升了程序员的工作效率,常见的使用场景包括代码自动生成、代码静态检查等,那么 chatgpt 能否用于某些网站的数据破解工作呢?

    问题

    某天线上服务开始报警,原来是某个视频网站无法获取到其 cdn 地址导致的下载失败问题。

    经过 debug 发现原来的明文数据现在变成了加密数据(数据放在 html 中),如下

    由于职责所在,需要对此加密数据进行破解

    解决方案

    通过搜索,可以定位到相关 js 代码位置,点击 Open in Sources panel,可以进行断点调试

    结合断点和变量输出,我们发现核心的解密函数逻辑是 Object(le.videoDataDecrypt),点击可以继续跟踪

    这下有点傻眼了,这都是什么啊

    不要急,让我们翻译翻译

    那么,解密逻辑

    return e = a[t(540)][t(737)][t(577)](a[t(540)][t(506)][t(582)](e)), (0, o[t(782)])(e, t(747))

    等价于

    1. e = a['enc']['Utf8']['stringify'](a['enc']['Base64']['parse'](e));
    2.  
    3. return (0, o['xorCipher'])(e, 'guanhui456')

    我们观察到,`a['enc']['Base64']['parse']` 看起来像是 base64 解码,经过尝试发现确实是;

    而 `a['enc']['Utf8']['stringify']`,容易获得其源码为

    1. stringify: function(e) {
    2.     var t = l;
    3.     try {
    4.         return decodeURIComponent(escape(v[t(577)](e)))
    5.     } catch (r) {
    6.         throw new Error(t(754))
    7.     }
    8. }

    所以,解密逻辑变成了

    1. e = decodeURIComponent(escape(base64decode(e)))
    2. return (0, o['xorCipher'])(e, 'guanhui456')

    `(0, o['xorCipher'])` 的逻辑可以直接通过 chatgpt 进行理解和生成

    结合上面这些分析,可以得到测试的 python 代码如下

    1. import base64
    2. from urllib.parse import unquote, quote
    3.  
    4. e = 'HFcICkVSV1gEBAVXRlNZVV9CXQcADlBHVVteSllLQFxCCxBDVEU0AFEHVwQ7AFQMUlgpHA0FAAMpFFkEUEw1QQFTVhE9G18MR1FoQAFSTFAyEg4TWVdpQ1EWWAg7HUxZBVRqEkNUC1c0AF8BAQ47AFdYUVApHAIDAF8pFFZRXxE1QQMBV0w9G1BYF1BoQAAERFUyEl5EWwBpQwETUQ07HUEPAANqEkBYWV40AFwHAgI7AFkMAVwpHABQDlEpFFYBDEw1QQMOVEI9G1MNRVloQAFSQwAyElAXDVAVFTsAV1xWWSkcAwMOUykUWgJeRDVBAwFSRD0bUF1ED2hAAANGA05ENABcBQxVOwBXWVJZKRwDAAVSKRRbUlxDSxgXRggGFQsVSk9LXEFCFwZbMkg0Wg8DG1QGHAUbSQsaBGgaXxMpThtaXUFfAgMEXk1UQlVcQFEABA5SRldIAQVIWwYHEAYFEVNWWENPUgh8NzAmLhQ3RUVDag5XRU0GOFlFWQQZRzhNUUIBNxQcQFoUS1cRAgYRFgdAFwxVQU1MAQUFBVVMVQkBQ1RFWkE1QQNUVUQ9G1FcFA1oQABSRgRMS0oFHFZZXxQdPhoOBRBLDgQAXkRXW1RbR1kYF1IGAQRMXUopHAEGUlYpFFsCWEY1QQMDAUM9G15dE11oQFABRABcV1pGNUEAU1BBWTISXkJZDAQGOwBXWwJdV0UWQV8KED4CAgYSHVwXDEVFVFRVUFdFFlFDFRQVBwgGV1MHBw5LV1cdOBgZCE1qQxUZQ1RFAAEdRA9qSClOBg4PHQVdUl4TWBcHAw0aR1dRWEkXAgsFBwZHV1pbO1oXBwMNGjUbA0U7WlQIBA5FWg0NG1RCVwpKWUQMURhXV0RWQ1ELTFtWUw5RQ1IKUUYYGQAKQDgTEwEKNwZUXF5XFwVMBgYHHghaGF4FE0NCRRgZCE1ARAtXW0wPHAEZRw9qSClOGANaWwtQRkIGAQgNSQsaBGgaWwMUTB4PUREaDUBbDRIVDV8ZHwdoGgVRRREySABHXwBpGVZDWF9RXkVfBQcGVUZZXlZZQF9oGlsDFEweD1ERGg1AWw0SFQ1fGR8HGlhGU0oXMQEaGgRrRgsPHgAeF0UdCFteVwlYCQwBThQcQF1pDBAYU1ZeTFgCDQRRTFJDV0VFRAwNDwMUVlhUUEJYDFAEX0xUD15aQVBVVwNfQwNYBg1FT1ZWUxEaBTEEABQHWlBaWgYEDxULHQtbTWkBEAQKQQsHVAQTVQNIUUgXDEhYEkVCWkZHAggPHA0JBgZeRlRcU1BGURJDXwNIUF5WW0VaBgIEUEJVXVJQQlsAAA9FWUMNCwkHAEBMYxUZQ1Q8E1cCUUwUXVcSCkVEVxtVW11FT1FCRRwcHVhQFF1XPRtRUEVeaEAAAkVUTEtKABtYFwxFHRUaFxtPNRtpGRERU0AFDAYdVUFfBFsCAQo0WgRQVBsXHVgKFFEABF5SQgRNEAQJNFpaAgVGO1oJXFFcKUYFAw9WQ1deUVlHWQYGDldEUFtRNFoEUFQbFx1YChRRAAReUkIETRAECUYYGQAKQDgTEwEKNwZUXF5XFwVMBgYHHghaGF4FE0cPEhwdNl9QT1pEV1dWXk1bAgwFSkVMXkpQTVBQVAFRRllZVlAQWwwMAwZMU1peCRdcDANUURQEXkEKFgxCWlI4FgkPCQYQBQlGUwYHAgYFBw02UlBTA1MCHFpYUwpQCAZBBQVTVk4FHQkGEAsaBgcDVUZZDQYDVUFZXV9OAwBQCAdXRFJeVFpCWwMCAlRAWVlVXEBQFhkUERwFCwgqBRoWDwJWQk1MEQcRP11RUwg9NkxdSkZfBBESUUFRTEtKAwBQUFk0HBsLRVJEXxoCGkUDDgoqBxofZ1xMAldbX1JeTVsDSBocVwoLHkpPS1xRFEtXEw8JA1dTBRkUExwVAgJKT0toQA8GEVkyEl4QWQEXGkUAEwJFUlcBQEFGFE89QTtHAw0GG1QDBhUPEwEWR1daWztaDAoGRQUBDVFFXgAMBAAcFlFFX1g7WlRZURgpRlwHAFMpTl9RUURfAgUAVkdQXlJaQ1wCBgY7WgwKBkUFAQ1RRV4ADAQAHBZRRV9YSRgRWlgeKg9GWls4BlwGDAkFGRldVwgeAABKABcPElRDEx0+BQIRSFgCDAdRTVNYXltYWRkFGwETVF5UDkcMAQVTVUBYC1cNE1pQBg5fQwRaBApMWAcBEAUWBBgIDCoKXFRYCRANUxQNFBtXXVQIDT4IAg0RT1dHC1ZTAgpaWFMZUAgHQQUVU1ROGQZTXFJaRlFXVF1HXQwGDkEDCApaWUVYBwUFVUJTWVBcRlwMAgRTQFhMS0oDAFBQWSUFEkxdXkZaGBdACBE3BwMNGiFjFwxFQFZYQ0xEWQYBFEtXFwcDDRo6XU9TRU9TW0lcWUtCWlIqGg4YNAEPDBYPB1JDVF5VFVkSFl5THldbTBQLV0UWR1cJHkNUVURXHV1BWgJXW0w7HU0NDABqEkMEXlJKWUtBR1pFT0MGExwFGg5pGTtaFwpVRhcNR0FXExwCQAQHGDUbWFIGWBEGXgwGUEFYXAABAlYWAhs1GwIEVwU9QQ9aQ11oGgdRTFBYUVhDWAYFBVNMVVdRXUc1G1hSBlgRBl4MBlBBWFwAAQJWFgIbR1lFAlgDPggVBxg2RwheDBQRHkoAFAZfVFhKHQMIQQkAHVxqXQIMXF9RUURfDAcAXkZMXkpYWFBXBlRVEwJbVwoUW1UABFQWUg8DC0NdBVEEBEFUWlNRUwtXUEAIET4NDwkbB1FZCxQQABwEABcGTGpQAhAFSAQaSFsSVlJaRUceA1VET0RBC1RTDQEAARFUBwUPVEBTWl9bTU9CXFJaRFFfVFhGWwMHAVBBUltfX0ddAQwUS1cXBwMNGitERhRdTFRXS0oDBlBjXwMQDiYwSk9LAwcGQ1FQXF9YV0UWQ18DEA49DhIQSw4GDklBTUwRBxEkW1pANBwbC0VSRFwCAw9TCDxCRR4cDVFaaRQBABoSG1dTBBkUERwFCwg3BwxeUFUTIRgeAkpPB0FZWktXCB04BBwCURcMV1lDBxQ3FgZYWVMEAQgBCUpPWRgXWg4eBExdW1lLXUZpFxQYMQQHGRxZWxRdRU1MFAsQB1FGFF0TAAIUDVlLQlpCAjEIHQYKGQx3QUQLV1tMV0pZS1JYWg4eBDEJHRhLDhcFRVlDDQgFGAxaQRRdRU1MAQUWBllYUwkBPgASBVdTFgVqEkMDXFY0AF8AVFI7AFdbVA1XRRZWWQsADAA4ARsPWxcMPChNTBcaEB9dUEEyBw0mExwFSw4XXhMBEVQ7RylGXFxRDxkICQ8cWB9dUVMIWwIKCUYXClFXWRRbAgEKNFofXVFTCClOWBQ0WlxSVlBXRlhWSltCX1AYB1YQBEMGWEReGQNVXkcDCF9eQ1pQAxgKBVVRETcTG1tYaRRICQUGGAVEXFRZDBQPQw8KE0sYF18UOQ4AAD4cDVFaFF0TAAIUDVlLUkdXChA+HRcaHB1RRhRdDkMHCgkSDGtARAsGQ1Q8Sh0dQEUMO1o9QQABBRoFG1QGHAUbSQsaBGgaXxMpThtaW0NfBw0GVkxVVktRRV0DBgRfQldIAQVIWgQHB0EUER5aW0VbBRNQWj8xKyBXAlQGAwdXUwlTVlxCWRYZFA8BFR5dNFo1G1JfFwZRQAUJHA1BG1UIGD1BDhwpRkEIBVVAUl5VUU1YBBkEUEJQWlVfTVsNE1AKSFJeVVlTCERFC1RFU19BDkgjZHBxWAJcXFFZRU9cCAdTQlFMS0odHUBFDDtaPUEAAQUaBBtUBhwFG0kLGgRoGl8TKU4bWllFWQwND1dHU19LWUNcDQcOX0NRXUEOGFQHBQRWUwAeF1VGWQYEEAFIKz4iL0oeCQcAVkVHBlpZQV4EFxpFHRUaF1IpRmgaUQ4FEl5JChQAUEAYBBoMMkgBATUbQAtUQVhYVllAWAQMGlZEWF5SW0ZcAAYQARhcXVdaRE9VRUZaRlFcVk4TVH5lcyBKFlNVXkRZEl0LVkFWXkU1WUtdW0ICBxcPC0pPWBgXTjgZBABFUkRZGBdOOAYIFAJKT1sCBBpFDD4CAgZXUwUFGkUMPh0OEhBLDgQCUAhNTA4bKg9bR1QOEQULCTcGAVVHU0VPUUJFGx0IRlB/CRMOTF0TVx1NRVNFT0MbFQRXFBgXVQgZDQsEHBwGWmpfCRMOTF0zKBQ='
    5.  
    6.  
    7. def simple_decode(data):
    8.     # 先进行 base64 解码
    9.     data = base64.b64decode(data)
    10.     # 再进行 escape 和 decodeURIComponent 操作
    11.     data = unquote(quote(data), encoding='utf-8')
    12.     return data
    13.  
    14.  
    15. def xor_strings(data, key):
    16.     n = ""
    17.     for i in range(len(data)):
    18.         o = ord(data[i])
    19.         s = ord(key[i % len(key)])
    20.         n += chr(o ^ s)
    21.     return n
    22.  
    23.  
    24. print(xor_strings(simple_decode(e), 'guanghui456'))

    总结

    chatgpt 可以用在 javascript 破解的两个方面

    1. 代码理解:对于一些难以读懂的 javascript 代码,可以让 gpt 辅助进行理解。有些可能是已经成熟的算法,chatgpt 可以识别出来
    2. 代码改写:将 javascript 代码改写为其他语言,例如 python 或 java,便于集成进业务代码中

    写在最后

    实际第一次做的时候,完全没有文章中写的这么顺利,那个 base64decode 的代码,也是靠 gpt 猜出来的。。。

  • 相关阅读:
    Spring boot 全局异常处理
    常用的 Spring Boot 注解及其作用
    Python 如何实现 Command(命令)模式?什么是 Command(命令)设计模式?
    加速推进企业信息化建设,SRM采购系统赋能建筑工程产业生态链实现数字化转型
    alias linux 命令别名使用
    【Proteus仿真】【STM32单片机】蔬菜大棚温湿度控制系统设计
    尚医通 (六) --------- 集成 Swagger
    python import相关内容简单介绍
    Java调用py或者exe文件实现word转PDF
    (附源码)计算机毕业设计SSM基于的宿舍楼跳蚤市场管理系统
  • 原文地址:https://blog.csdn.net/JackLang/article/details/132846006