AI与JSVMP的初次结合-深入浅出的逆向JSVMP

AI与JSVMP的初次结合-深入浅出的逆向JSVMP
关键词：jr头条vmp逆向,a_bogus,jsvmp,插桩,ai

目标接口：aHR0cHM6Ly93d3cudG91dGlhby5jb20vYXBpL3BjL2xpc3QvZmVlZA==

本文仅供学习交流，因使用本文内容而产生的任何风险及后果，作者不承担任何责任，一起学习吧
代码均脱敏，如有侵权，请及时联系作者删除
因为部分原因，本文章仅做算法逆向分析，不提供任何完整代码分享。感谢理解
打开主页就行，上面这个是接口。就是个下拉列表详情接口。
逆向目标 -- a_bogus 仅对这个分析其他参数不做讲解
通过xhr断点即可进入目标文件bdms.js，一眼便知这是一个jsvmp,但是它和我们之前分析的某音的jsvmp大有不同，他的分支不明确而且很冗杂。如果我们手动分析，需要解大量的三元表达式，这对我们来说可能会累死。
但是大人，时代变了。面对这种重复性操作，我们可以基于ai，来达到快速插桩。我们只需要将我们需要操作的代码和明确的执行目的。我们就可以得到一份完美的插桩文件。ai nice!
但是插桩不是一次就完成的，这里你可以看看我之前文章讲的插桩思路和方法。这里我们第一次插桩，先重点在于apply函数，看看它这一整个流程。
/* === 我们关心的 apply === */
console.log('[调用 apply]', { 函数: String(s), 上下文: b, 参数: JSON.stringify(u) });
         d = s.apply(b, u);
         console.log('[返回值]', d);
         p[++l] = d;
简单打出日志，让我们观察一下。
bdms.js:10808 传入参数b-->  null 传入参数u-->  [0,1,12,"channel_id=0&max_behot_time=1744957399&offset=0&category=pc_profile_recommend&aid=24&app_name=toutiao_web&msToken=xmhFMI7s9bvxLn2gl79OMXsLigSxL7hwCMWLehsVYfrDRWLS2cJKwKcPOAF3TUiwKF6a_ttDryIK8uK8bqA-zJKxtHF-MNyoMbLPXl5VRDPiBDgtRGktEA%3D%3D","","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 Edg/135.0.0.0"] 调用函数s--> 输出结果d-->  -1
[参数] (6) [0, 1, 12, 'channel_id=0&max_behot_time=1744957399&offset=0&ca…K8uK8bqA-zJKxtHF-MNyoMbLPXl5VRDPiBDgtRGktEA%3D%3D', '', 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWeb…cko) Chrome/135.0.0.0 Safari/537.36 Edg/135.0.0.0']
[调用函数]
bdms.js:10452 传入参数b-->  undefined 传入参数u-->  [{"_Ax":"0X21"},"_Ax"] 调用函数s--> 输出结果d-->  undefined
bdms.js:10452 传入参数b-->  undefined 传入参数u-->  [] 调用函数s--> 输出结果d-->  {value: '0X21', writable: false, enumerable: true, configurable: true}
bdms.js:10452 传入参数b-->  {"reg":[1937774191,1226093241,388252375,3666478592,2842636476,372324522,3817729613,2969243214],"chunk":[],"size":0} 传入参数u-->  ["channel_id=0&max_behot_time=1744957399&offset=0&category=pc_profile_recommend&aid=24&app_name=toutiao_web&msToken=xmhFMI7s9bvxLn2gl79OMXsLigSxL7hwCMWLehsVYfrDRWLS2cJKwKcPOAF3TUiwKF6a_ttDryIK8uK8bqA-zJKxtHF-MNyoMbLPXl5VRDPiBDgtRGktEA%3D%3Dcus"] 调用函数s--> 输出结果d-->  t {reg: Array(8), chunk: Array(0), size: 0}
bdms.js:10452 传入参数b-->  {"reg":[1937774191,1226093241,388252375,3666478592,2842636476,372324522,3817729613,2969243214],"chunk":[],"size":0} 传入参数u-->  [[70,121,157,233,32,219,170,83,85,127,37,174,206,216,172,118,56,12,127,63,147,109,130,204,133,57,209,149,45,251,112,162]] 调用函数s--> 输出结果d-->  (32) [70, 121, 157, 233, 32, 219, 170, 83, 85, 127, 37, 174, 206, 216, 172, 118, 56, 12, 127, 63, 147, 109, 130, 204, 133, 57, 209, 149, 45, 251, 112, 162]
bdms.js:10452 传入参数b-->  {"reg":[1937774191,1226093241,388252375,3666478592,2842636476,372324522,3817729613,2969243214],"chunk":[],"size":0} 传入参数u-->  ["cus"] 调用函数s-->  ƒ (t, a) {
                  var n = r
                  , c = e;
                  t && (this[c(158, "d3))")](),
                  this.write(t)),
                  this[c(185, "yM$V")]();… 输出结果d-->  (32) [70, 119, 250, 201, 158, 62, 102, 61, 72, 140, 7, 83, 117, 97, 139, 88, 143, 3, 132, 85, 123, 12, 132, 23, 169, 152, 13, 37, 82, 102, 174, 63]
bdms.js:10452 传入参数b-->  {"reg":[1937774191,1226093241,388252375,3666478592,2842636476,372324522,3817729613,2969243214],"chunk":[],"size":0} 传入参数u-->  [[65,125,148,25,207,240,116,43,172,212,27,7,222,136,51,77,134,84,101,96,135,63,121,18,166,173,203,232,43,129,97,191]] 调用函数s-->  ƒ (t, a) {
                  var n = r
                  , c = e;
                  t && (this[c(158, "d3))")](),
                  this.write(t)),
                  this[c(185, "yM$V")]();… 输出结果d-->  (32) [65, 125, 148, 25, 207, 240, 116, 43, 172, 212, 27, 7, 222, 136, 51, 77, 134, 84, 101, 96, 135, 63, 121, 18, 166, 173, 203, 232, 43, 129, 97, 191]
bdms.js:10452 传入参数b-->  "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 Edg/135.0.0.0" 传入参数u-->  [] 调用函数s-->  ƒ trim() { [native code] } 输出结果d-->  (32) [136, 101, 114, 147, 58, 77, 207, 201, 215, 162, 154, 93, 248, 13, 142, 160, 105, 73, 215, 241, 83, 58, 51, 43, 255, 38, 168, 141, 216, 194, 35, 236]
bdms.js:10452 传入参数b-->  undefined 传入参数u-->  [null,[0.00390625,1,12]] 调用函数s-->  ƒ apply() { [native code] } 输出结果d-->  (3) [0.00390625, 1, 12]
bdms.js:10452 传入参数b-->  null 传入参数u-->  ["\u0000\u0001\f","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 Edg/135.0.0.0"] 调用函数s-->  ƒ e() {
                                 var r = e._v;
                                 return (0,
                                 e._u)(r[0], arguments, r[1], r[2], this)
               … 输出结果d-->  :þþ¢P§r$K·Úà©öãê°?Ãa¥&æ¼=¥²^ÜáBDf8>Þ+ªxð(ÀËaÄçäCZ¡6pMCg^`-£§Ü
sF¨ûØµI$^ÈGÙ¸@j74M½4alùÉë®æñvtß F®
bdms.js:9992 传入参数b-->  ":þþ\u001d¢P§r$\u0012\u0019K·Úà©öãê°?Ãa¥&æ¼=¥²^ÜáBDf8>Þ+ªxð(ÀËaÄç\u0015äCZ¡6pMCg^`-£§Ü\nsF¨û\u000fØµI$^È\u0019GÙ¸\u001e@j74M½\u00144\u0018alùÉ\u001eë®æ\u001bñvtß F®" 传入参数u-->  [0] 调用函数s-->  ƒ charCodeAt() { [native code] } 输出结果d-->  undefined
bdms.js:9992 传入参数b-->  ":þþ\u001d¢P§r$\u0012\u0019K·Úà©öãê°?Ãa¥&æ¼=¥²^ÜáBDf8>Þ+ªxð(ÀËaÄç\u0015äCZ¡6pMCg^`-£§Ü\nsF¨û\u000fØµI$^È\u0019GÙ¸\u001e@j74M½\u00144\u0018alùÉ\u001eë®æ\u001bñvtß F®" 传入参数u-->  [1] 调用函数s-->  ƒ charCodeAt() { [native code] } 输出结果d-->  58
bdms.js:9992 传入参数b-->  ":þþ\u001d¢P§r$\u0012\u0019K·Úà©öãê°?Ãa¥&æ¼=¥²^ÜáBDf8>Þ+ªxð(ÀËaÄç\u0015äCZ¡6pMCg^`-£§Ü\nsF¨û\u000fØµI$^È\u0019GÙ¸\u001e@j74M½\u00144\u0018alùÉ\u001eë®æ\u001bñvtß F®" 传入参数u-->  [2] 调用函数s-->  ƒ charCodeAt() { [native code] } 输出结果d-->  150
bdms.js:9992 传入参数b-->  "ckdp1h4ZKsUB80/Mfvw36XIgR25+WQAlEi7NLboqYTOPuzmFjJnryx9HVGDaStCe" 传入参数u-->  [14] 调用函数s-->  ƒ charAt() { [native code] } 输出结果d-->  254
bdms.js:9992 传入参数b-->  "ckdp1h4ZKsUB80/Mfvw36XIgR25+WQAlEi7NLboqYTOPuzmFjJnryx9HVGDaStCe" 传入参数u-->  [41] 调用函数s-->  ƒ charAt() { [native code] } 输出结果d-->  /
bdms.js:9992 传入参数b-->  "ckdp1h4ZKsUB80/Mfvw36XIgR25+WQAlEi7NLboqYTOPuzmFjJnryx9HVGDaStCe" 传入参数u-->  [27] 调用函数s-->  ƒ charAt() { [native code] } 输出结果d-->  T
bdms.js:9992 传入参数b-->  "ckdp1h4ZKsUB80/Mfvw36XIgR25+WQAlEi7NLboqYTOPuzmFjJnryx9HVGDaStCe" 传入参数u-->  [62] 调用函数s-->  ƒ charAt() { [native code] } 输出结果d-->  +
bdms.js:9992 传入参数b-->  ":þþ\u001d¢P§r$\u0012\u0019K·Úà©öãê°?Ãa¥&æ¼=¥²^ÜáBDf8>Þ+ªxð(ÀËaÄç\u0015äCZ¡6pMCg^`-£§Ü\nsF¨û\u000fØµI$^È\u0019GÙ¸\u001e@j74M½\u00144\u0018alùÉ\u001eë®æ\u001bñvtß F®" 传入参数u-->  [3] 调用函数s-->  ƒ charCodeAt() { [native code] } 输出结果d-->  C
bdms.js:9992 传入参数b-->  ":þþ\u001d¢P§r$\u0012\u0019K·Úà©öãê°?Ãa¥&æ¼=¥²^ÜáBDf8>Þ+ªxð(ÀËaÄç\u0015äCZ¡6pMCg^`-£§Ü\nsF¨û\u000fØµI$^È\u0019GÙ¸\u001e@j74M½\u00144\u0018alùÉ\u001eë®æ\u001bñvtß F®" 传入参数u-->  [4] 调用函数s-->  ƒ charCodeAt() { [native code] } 输出结果d-->  254
bdms.js:9992 传入参数b-->  ":þþ\u001d¢P§r$\u0012\u0019K·Úà©öãê°?Ãa¥&æ¼=¥²^ÜáBDf8>Þ+ªxð(ÀËaÄç\u0015äCZ¡6pMCg^`-£§Ü\nsF¨û\u000fØµI$^È\u0019GÙ¸\u001e@j74M½\u00144\u0018alùÉ\u001eë®æ\u001bñvtß F®" 传入参数u-->  [5] 调用函数s-->  ƒ charCodeAt() { [native code] } 输出结果d-->  29
bdms.js:9992 传入参数b-->  "ckdp1h4ZKsUB80/Mfvw36XIgR25+WQAlEi7NLboqYTOPuzmFjJnryx9HVGDaStCe" 传入参数u-->  [63] 调用函数s-->  ƒ charAt() { [native code] } 输出结果d-->  162
bdms.js:9992 传入参数b-->  "ckdp1h4ZKsUB80/Mfvw36XIgR25+WQAlEi7NLboqYTOPuzmFjJnryx9HVGDaStCe" 传入参数u-->  [33] 调用函数s-->  ƒ charAt() { [native code] } 输出结果d-->  e
bdms.js:9992 传入参数b-->  "ckdp1h4ZKsUB80/Mfvw36XIgR25+WQAlEi7NLboqYTOPuzmFjJnryx9HVGDaStCe" 传入参数u-->  [54] 调用函数s-->  ƒ charAt() { [native code] } 输出结果d-->  i
bdms.js:9992 传入参数b-->  "ckdp1h4ZKsUB80/Mfvw36XIgR25+WQAlEi7NLboqYTOPuzmFjJnryx9HVGDaStCe" 传入参数u-->  [34] 调用函数s-->  ƒ charAt() { [native code] } 输出结果d-->  9
这里我省略重复日志
bdms.js:10452 传入参数b-->  "1.0.1.7" 传入参数u-->  ["."] 调用函数s--> 输出结果d-->  (32) [123, 29, 49, 232, 252, 159, 32, 16, 217, 12, 29, 246, 59, 188, 11, 67, 21, 135, 88, 151, 219, 253, 189, 240, 178, 34, 186, 34, 89, 185, 233, 23]
bdms.js:10452 传入参数b-->  ["1","0","1","7"] 传入参数u-->  [null] 调用函数s--> 输出结果d-->  (4) ['1', '0', '1', '7']
[参数] (3) ['1', 0, Array(4)]
[调用函数]
[返回值] 1
[参数] (3) ['0', 1, Array(4)]
[调用函数]
[返回值] 0
[参数] (3) ['1', 2, Array(4)]
[调用函数]
[返回值] 1
[参数] (3) ['7', 3, Array(4)]
[调用函数]
[返回值] 7
这里是环境检测
bdms.js:10452 传入参数b-->  "1912|954|1914|1026|1283|-357|8828|8828|1920|1032|1920|1080|1897|10234|24|24|Win32" 传入参数u-->  [0] 调用函数s--> 输出结果d-->  undefined
bdms.js:10452 传入参数b-->  [] 传入参数u-->  [49] 调用函数s--> 输出结果d-->  49
bdms.js:10452 传入参数b-->  "1912|954|1914|1026|1283|-357|8828|8828|1920|1032|1920|1080|1897|10234|24|24|Win32" 传入参数u-->  [1] 调用函数s--> 输出结果d-->  1
bdms.js:10452 传入参数b-->  [49] 传入参数u-->  [57] 调用函数s--> 输出结果d-->  57
bdms.js:10452 传入参数b-->  "1912|954|1914|1026|1283|-357|8828|8828|1920|1032|1920|1080|1897|10234|24|24|Win32" 传入参数u-->  [2] 调用函数s--> 输出结果d-->  2
bdms.js:10452 传入参数b-->  [49,57] 传入参数u-->  [49] 调用函数s--> 输出结果d-->  49
bdms.js:10452 传入参数b-->  "1912|954|1914|1026|1283|-357|8828|8828|1920|1032|1920|1080|1897|10234|24|24|Win32" 传入参数u-->  [3] 调用函数s--> 输出结果d-->  3
bdms.js:10452 传入参数b-->  [49,57,49] 传入参数u-->  [50] 调用函数s--> 输出结果d-->  50
bdms.js:10452 传入参数b-->  "1912|954|1914|1026|1283|-357|8828|8828|1920|1032|1920|1080|1897|10234|24|24|Win32" 传入参数u-->  [4] 调用函数s--> 输出结果d-->  4
bdms.js:10452 传入参数b-->  [49,57,49,50] 传入参数u-->  [124] 调用函数s--> 输出结果d-->  124
bdms.js:10452 传入参数b-->  "1912|954|1914|1026|1283|-357|8828|8828|1920|1032|1920|1080|1897|10234|24|24|Win32" 传入参数u-->  [5] 调用函数s--> 输出结果d-->  5
bdms.js:10452 传入参数b-->  [49,57,49,50,124] 传入参数u-->  [57] 调用函数s--> 输出结果d-->  57
bdms.js:10452 传入参数b-->  "1912|954|1914|1026|1283|-357|8828|8828|1920|1032|1920|1080|1897|10234|24|24|Win32" 传入参数u-->  [6] 调用函数s--> 输出结果d-->  6
bdms.js:10452 传入参数b-->  [49,57,49,50,124,57] 传入参数u-->  [53] 调用函数s--> 输出结果d-->  53
生成环境数组
bdms.js:10452 传入参数b-->  [49,57,49,50,124,57,53,52,124,49,57,49,52,124,49,48,50,54,124,49,50,56,51,124,45,51,53,55,124,56,56,50,56,124,56,56,50,56,124,49,57,50,48,124,49,48,51,50,124,49,57,50,48,124,49,48,56,48,124,49,56,57,55,124,49,48,50,51,52,124,50,52,124,50,52,124,87,105,110,51] 传入参数u-->  [50] 调用函数s--> 输出结果d-->  50
bdms.js:10452 传入参数b-->  undefined 传入参数u-->  [[49,57,49,50,124,57,53,52,124,49,57,49,52,124,49,48,50,54,124,49,50,56,51,124,45,51,53,55,124,56,56,50,56,124,56,56,50,56,124,49,57,50,48,124,49,48,51,50,124,49,57,50,48,124,49,48,56,48,124,49,56,57,55,124,49,48,50,51,52,124,50,52,124,50,52,124,87,105,110,51,50]] 调用函数s--> 输出结果d-->  81
bdms.js:10452 传入参数b-->  undefined 传入参数u-->  [[]] 调用函数s--> 输出结果d-->  (81) [49, 57, 49, 50, 124, 57, 53, 52, 124, 49, 57, 49, 52, 124, 49, 48, 50, 54, 124, 49, 50, 56, 51, 124, 45, 51, 53, 55, 124, 56, 56, 50, 56, 124, 56, 56, 50, 56, 124, 49, 57, 50, 48, 124, 49, 48, 51, 50, 124, 49, 57, 50, 48, 124, 49, 48, 56, 48, 124, 49, 56, 57, 55, 124, 49, 48, 50, 51, 52, 124, 50, 52, 124, 50, 52, 124, 87, 105, 110, 51, 50]
bdms.js:10452 传入参数b-->  [44,71,0,0,0,0,0,12,58,0,240,162,0,25,57,1,0,24,132,51,178,188,0,0,0,0,211,0,0,12,71,162,0,188,206,3,406,1,406,1,81,0,0,0] 传入参数u-->  [[49,57,49,50,124,57,53,52,124,49,57,49,52,124,49,48,50,54,124,49,50,56,51,124,45,51,53,55,124,56,56,50,56,124,56,56,50,56,124,49,57,50,48,124,49,48,51,50,124,49,57,50,48,124,49,48,56,48,124,49,56,57,55,124,49,48,50,51,52,124,50,52,124,50,52,124,87,105,110,51,50],[],[149]] 调用函数s--> 输出结果d-->  []
bdms.js:10452 传入参数b-->  {} 传入参数u-->  [] 调用函数s--> 输出结果d-->  (126) [44, 71, 0, 0, 0, 0, 0, 12, 58, 0, 240, 162, 0, 25, 57, 1, 0, 24, 132, 51, 178, 188, 0, 0, 0, 0, 211, 0, 0, 12, 71, 162, 0, 188, 206, 3, 406, 1, 406, 1, 81, 0, 0, 0, 49, 57, 49, 50, 124, 57, 53, 52, 124, 49, 57, 49, 52, 124, 49, 48, 50, 54, 124, 49, 50, 56, 51, 124, 45, 51, 53, 55, 124, 56, 56, 50, 56, 124, 56, 56, 50, 56, 124, 49, 57, 50, 48, 124, 49, 48, 51, 50, 124, 49, 57, 50, 48, 124, 49, 48, …]
bdms.js:10452 传入参数b-->  undefined 传入参数u-->  [139,3,5,60] 调用函数s--> 输出结果d-->  0.5259586534477843
bdms.js:10452 传入参数b-->  {} 传入参数u-->  [] 调用函数s--> 输出结果d-->    undefined 传入参数u-->  [3,84,10,0] 调用函数s--> 输出结果d-->  0.2646494500107772
bdms.js:10452 传入参数b-->  {} 传入参数u-->  [] 调用函数s--> 输出结果d-->  T
再次加密
bdms.js:9992 传入参数b-->  "\u0003\u0005  [136] 调用函数s-->  ƒ charCodeAt() { [native code] } 输出结果d-->  169
bdms.js:9992 传入参数b-->  "\u0003\u0005  [137] 调用函数s-->  ƒ charCodeAt() { [native code] } 输出结果d-->  201
bdms.js:9992 传入参数b-->  "Dkdpgh2ZmsQB80/MfvV36XI1R45-WUAlEixNLwoqYTOPuzKFjJnry79HbGcaStCe" 传入参数u-->  [42] 调用函数s-->  ƒ charAt() { [native code] } 输出结果d-->  213
bdms.js:9992 传入参数b-->  "Dkdpgh2ZmsQB80/MfvV36XI1R45-WUAlEixNLwoqYTOPuzKFjJnry79HbGcaStCe" 传入参数u-->  [28] 调用函数s-->  ƒ charAt() { [native code] } 输出结果d-->  O
bdms.js:9992 传入参数b-->  "Dkdpgh2ZmsQB80/MfvV36XI1R45-WUAlEixNLwoqYTOPuzKFjJnry79HbGcaStCe" 传入参数u-->  [39] 调用函数s-->  ƒ charAt() { [native code] } 输出结果d-->  W
bdms.js:9992 传入参数b-->  "Dkdpgh2ZmsQB80/MfvV36XI1R45-WUAlEixNLwoqYTOPuzKFjJnry79HbGcaStCe" 传入参数u-->  [21] 调用函数s-->  ƒ charAt() { [native code] } 输出结果d-->  q
bdms.js:10409 [返回值] xj8hMD06dEdNkf6Z5W/LfY3qV3q3YhPv0t9bMDhqSVVTVL39HMP39exLyMwvELyjxT/2ICYjy4hbO3KkrQC781wf7Who/2CZmLX0tM3/5VSi5qhyuySDrzEF4k4UCaBBRk-lrOX0qh1HFb8pAnAn-h2UbfryGNYk9LJrOo392962H-sD4MefOWqX
bdms.js:10808 传入参数b-->  {} 传入参数u-->  ["a_bogus","xj8hMD06dEdNkf6Z5W/LfY3qV3q3YhPv0t9bMDhqSVVTVL39HMP39exLyMwvELyjxT/2ICYjy4hbO3KkrQC781wf7Who/2CZmLX0tM3/5VSi5qhyuySDrzEF4k4UCaBBRk-lrOX0qh1HFb8pAnAn-h2UbfryGNYk9LJrOo392962H-sD4MefOWqX"] 调用函数s-->  ƒ append() { [native code] } 输出结果d-->  xj8hMD06dEdNkf6Z5W/LfY3qV3q3YhPv0t9bMDhqSVVTVL39HMP39exLyMwvELyjxT/2ICYjy4hbO3KkrQC781wf7Who/2CZmLX0tM3/5VSi5qhyuySDrzEF4k4UCaBBRk-lrOX0qh1HFb8pAnAn-h2UbfryGNYk9LJrOo392962H-sD4MefOWqX
bdms.js:10808 传入参数b-->  [{"args":["GET","https://www.toutiao.com/api/pc/list/feed?channel_id=0&max_behot_time=1744957399&offset=0&category=pc_profile_recommend&aid=24&app_name=toutiao_web&msToken=xmhFMI7s9bvxLn2gl79OMXsLigSxL7hwCMWLehsVYfrDRWLS2cJKwKcPOAF3TUiwKF6a_ttDryIK8uK8bqA-zJKxtHF-MNyoMbLPXl5VRDPiBDgtRGktEA%3D%3D&a_bogus=xj8hMD06dEdNkf6Z5W%2FLfY3qV3q3YhPv0t9bMDhqSVVTVL39HMP39exLyMwvELyjxT%2F2ICYjy4hbO3KkrQC781wf7Who%2F2CZmLX0tM3%2F5VSi5qhyuySDrzEF4k4UCaBBRk-lrOX0qh1HFb8pAnAn-h2UbfryGNYk9LJrOo392962H-sD4MefOWqX",true]},{"args":["Accept","application/json, text/plain, */*"]}] 传入参数u-->  [null] 调用函数s-->  ƒ forEach() { [native code] } 输出结果d-->  undefined
这个日志就很清晰了，我们大体上了解到了这个参数是如何生成的
这里我们会发现我们的请求链接，ua,还有一个随机盐值，均通过了一个函数生成了一个数组，而且这个数组还同样经历了一次这个加密，生成了最后的结果。这个函数，我们直接进入，发现不是一个vmp，我们简单的把他抠出来，本文暂不讲解这里的扣取方法。如果问的多，我在考虑处一篇文章专门讲解。
然后我们的ua又进入到了一个vmp中进行了一段不为人知的加密，变成了一段乱码，这个乱码又通过一个字符串变成了一个新的字符串。
他还检测了我们的环境生成了一个环境数组，还有一个不为人知的小数组。二者拼接成为了一个大数组(少一位),然后这个数组又变成了乱码，这个乱码又和一个字符串进行不为人知的计算。最后生成了我们的加密参数。
整体流程我们大体上搞清楚了。我们接下来就是，把一个大的逆向流程，不断地拆分为很多个小流程。
乱码生成
为了了解乱码生成，日志是必不可少的。结合我之前讲过的方法，我们需要对常规的运算和apply进行插桩。这一步，我们还是交给ai来做。
生成的日志如下：
[加法] 0 + 0
[结果] 0
[取模] 0 % 3
[结果] 0
[调用 apply] {函数: 'charCodeAt', 上下文: '\x00\x01\x0E', 参数: '[0]'}
[apply 结果] 0
[加法] 0 + 0
[结果] 0
[取模] 0 % 256
[结果] 0
[自增] 对象: [{"0":"\u0000\u0001\u000e","1":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 Edg/135.0.0.0"},"\u0000\u0001\u000e","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 Edg/135.0.0.0",[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255],0,0,"",256,0] 键: 8 原始值: 0
[结果: 自增前值] 0 新值: 1
[小于比较] 1  结果1
// '\x00\x01\x0E'.charCodeAt(i % 3)  =  0  --> 结果2
// 结果1 + 结果2 = 0  --> 结果3
// 结果3 % 256 = 0  --> 结果4
// arr = 结果4
// arr[结果4] = 原来的arr
// arr = [0,1,2,3,4,5,6,......]
[加法] 0 + 1
[结果] 1
[取模] 1 % 3
[结果] 1
[调用 apply] {函数: 'charCodeAt', 上下文: '\x00\x01\x0E', 参数: '[1]'}
[apply 结果] 1
[加法] 1 + 1
[结果] 2
[取模] 2 % 256
[结果] 2
[自增] 对象: [{"0":"\u0000\u0001\u000e","1":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 Edg/135.0.0.0"},"\u0000\u0001\u000e","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 Edg/135.0.0.0",[0,2,1,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255],2,1,"",256,1] 键: 8 原始值: 1
[结果: 自增前值] 1 新值: 2
[小于比较] 2  结果1  // 猜想
// '\x00\x01\x0E'.charCodeAt(i % 3)  =  1  --> 结果2
// 结果1 + 结果2 = 2  --> 结果3
// 结果3 % 256 = 2  --> 结果4
// arr = 结果4 = 2
// arr[结果4] = 原来的arr
// arr = [0,2,1,3,4,5,6,......]
[加法] 2 + 1
[结果] 3
[取模] 2 % 3
[结果] 2
[调用 apply] {函数: 'charCodeAt', 上下文: '\x00\x01\x0E', 参数: '[2]'}
[apply 结果] 14
[加法] 3 + 14
[结果] 17
[取模] 17 % 256
[结果] 17
[自增] 对象: [{"0":"\u0000\u0001\u000e","1":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 Edg/135.0.0.0"},"\u0000\u0001\u000e","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 Edg/135.0.0.0",[0,2,17,3,4,5,6,7,8,9,10,11,12,13,14,15,16,1,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255],17,1,"",256,2] 键: 8 原始值: 2
[结果: 自增前值] 2 新值: 3
[小于比较] 3  结果1 正确  这里其实不太对arr[i-1]是上一轮的结果
// '\x00\x01\x0E'.charCodeAt(i % 3)  =  14  --> 结果2  正确
// 结果1 + 结果2 = 17  --> 结果3
// 结果3 % 256 = 17  --> 结果4
// arr = 结果4 = 17
// arr[结果4] = 原来的arr
// arr = [0,2,17,3,4,5,6.....]
[加法] 17 + 3
[结果] 20
[取模] 3 % 3
[结果] 0
[调用 apply] {函数: 'charCodeAt', 上下文: '\x00\x01\x0E', 参数: '[0]'}
[apply 结果] 0
[加法] 20 + 0
[结果] 20
[取模] 20 % 256
[结果] 20
[自增] 对象: [{"0":"\u0000\u0001\u000e","1":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 Edg/135.0.0.0"},"\u0000\u0001\u000e","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 Edg/135.0.0.0",[0,2,17,20,4,5,6,7,8,9,10,11,12,13,14,15,16,1,18,19,3,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255],20,3,"",256,3] 键: 8 原始值: 3
[结果: 自增前值] 3 新值: 4
[小于比较] 4  结果1 正确  这里其实不太对arr[i-1]是上一轮的结果
// '\x00\x01\x0E'.charCodeAt(i % 3)  =  0  --> 结果2  正确
// 结果1 + 结果2 = 20  --> 结果3
// 结果20 % 256 = 20  --> 结果4
// arr = 结果4 = 20
// arr[结果4] = 原来的arr
// arr = [0,2,17,20,4,5,6.....]
[加法] 20 + 4
[结果] 24
[取模] 4 % 3
[结果] 1
[调用 apply] {函数: 'charCodeAt', 上下文: '\x00\x01\x0E', 参数: '[1]'}
[apply 结果] 1
[加法] 24 + 1
[结果] 25
[取模] 25 % 256
[结果] 25
[自增] 对象: [{"0":"\u0000\u0001\u000e","1":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 Edg/135.0.0.0"},"\u0000\u0001\u000e","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 Edg/135.0.0.0",[0,2,17,20,25,5,6,7,8,9,10,11,12,13,14,15,16,1,18,19,3,21,22,23,24,4,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255],25,4,"",256,4] 键: 8 原始值: 4
[结果: 自增前值] 4 新值: 5
// 这里开始验证猜想
// 第四轮加法运算 i = 4  arr = [0,2,17,20,4,5,6.....]
// arr[i-1] + arr = 24  --> 结果1 正确  这里其实不太对arr[i-1]是上一轮的结果
// '\x00\x01\x0E'.charCodeAt(i % 3)  =  1  --> 结果2  正确
// 结果1 + 结果2 = 25  --> 结果3
// 25 % 256 = 25  --> 结果4
// arr = 结果4 = 25
// arr[结果4] = 原来的arr
// arr = [0,2,17,20,25....]
// 没问题
还原代码如下：
```js
function transformArray() {
const arr = Array.from({ length: 256 }, (_, i) => i);
const key = "\x00\x01\x0E";
let acc = 0;
for (let i = 0; i
最后运算的数组位：
[0,218,17,20,25,23,95,116,236,14,146,5,3,151,128,186,32,114,244,80,4,46,36,85,213,108,174,201,63,129,47,99,38,81,150,242,69,60,72,55,192,52,10,77,96,141,59,62,165,204,67,120,90,240,200,94,164,221,229,98,37,145,57,230,8,232,169,212,132,115,209,54,110,170,39,91,167,225,207,31,210,182,152,83,144,195,211,161,65,29,147,183,42,97,153,50,223,43,188,79,158,187,166,179,68,121,44,155,75,173,252,249,11,159,27,133,58,124,243,198,239,45,241,217,1,74,162,103,136,226,112,199,191,21,180,163,196,157,71,56,143,234,33,205,233,34,181,139,119,64,193,102,76,61,15,109,160,222,111,247,202,104,70,84,178,171,86,140,53,238,88,255,228,175,22,118,177,197,105,82,7,154,92,190,248,246,214,203,135,126,123,78,18,30,35,245,12,168,51,100,227,251,235,93,49,122,208,206,219,142,101,176,215,130,66,117,40,134,2,253,216,189,156,125,24,16,26,41,220,137,106,250,172,138,237,127,19,107,148,194,89,48,254,113,231,185,28,224,87,73,184,9,6,13,131,149]
[加法] 0 + 1
[结果] 1
[取模] 1 % 256
[结果] 1
[加法] 0 + 218
[结果] 218
[取模] 218 % 256
[结果] 218
[调用 apply] {函数: 'charCodeAt', 上下文: 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWeb…cko) Chrome/135.0.0.0 Safari/537.36 Edg/135.0.0.0', 参数: '[0]'}
[apply 结果] 77
[加法] 2 + 218
[结果] 220
[取模] 220 % 256
[结果] 220
[异或] 77 ^ 216
[结果] 149
[调用 apply] {函数: 'fromCharCode', 上下文: 'function String() { [native code] }', 参数: '[149]'}
[apply 结果]
[加法] "" + ""
[结果] ""
[赋值] 对象: [{"0":"\u0000\u0001\u000e","1":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 Edg/135.0.0.0"},"\u0000\u0001\u000e","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 Edg/135.0.0.0",[0,2,17,20,25,23,95,116,236,14,146,5,3,151,128,186,32,114,244,80,4,46,36,85,213,108,174,201,63,129,47,99,38,81,150,242,69,60,72,55,192,52,10,77,96,141,59,62,165,204,67,120,90,240,200,94,164,221,229,98,37,145,57,230,8,232,169,212,132,115,209,54,110,170,39,91,167,225,207,31,210,182,152,83,144,195,211,161,65,29,147,183,42,97,153,50,223,43,188,79,158,187,166,179,68,121,44,155,75,173,252,249,11,159,27,133,58,124,243,198,239,45,241,217,1,74,162,103,136,226,112,199,191,21,180,163,196,157,71,56,143,234,33,205,233,34,181,139,119,64,193,102,76,61,15,109,160,222,111,247,202,104,70,84,178,171,86,140,53,238,88,255,228,175,22,118,177,197,105,82,7,154,92,190,248,246,214,203,135,126,123,78,18,30,35,245,12,168,51,100,227,251,235,93,49,122,208,206,219,142,101,176,215,130,66,117,40,134,218,253,216,189,156,125,24,16,26,41,220,137,106,250,172,138,237,127,19,107,148,194,89,48,254,113,231,185,28,224,87,73,184,9,6,13,131,149],218,218,"",256,256,1,0] 键: 6 值:
[结果]
[自增] 对象: [{"0":"\u0000\u0001\u000e","1":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 Edg/135.0.0.0"},"\u0000\u0001\u000e","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 Edg/135.0.0.0",[0,2,17,20,25,23,95,116,236,14,146,5,3,151,128,186,32,114,244,80,4,46,36,85,213,108,174,201,63,129,47,99,38,81,150,242,69,60,72,55,192,52,10,77,96,141,59,62,165,204,67,120,90,240,200,94,164,221,229,98,37,145,57,230,8,232,169,212,132,115,209,54,110,170,39,91,167,225,207,31,210,182,152,83,144,195,211,161,65,29,147,183,42,97,153,50,223,43,188,79,158,187,166,179,68,121,44,155,75,173,252,249,11,159,27,133,58,124,243,198,239,45,241,217,1,74,162,103,136,226,112,199,191,21,180,163,196,157,71,56,143,234,33,205,233,34,181,139,119,64,193,102,76,61,15,109,160,222,111,247,202,104,70,84,178,171,86,140,53,238,88,255,228,175,22,118,177,197,105,82,7,154,92,190,248,246,214,203,135,126,123,78,18,30,35,245,12,168,51,100,227,251,235,93,49,122,208,206,219,142,101,176,215,130,66,117,40,134,218,253,216,189,156,125,24,16,26,41,220,137,106,250,172,138,237,127,19,107,148,194,89,48,254,113,231,185,28,224,87,73,184,9,6,13,131,149],218,218,"",256,256,1,0] 键: 10 原始值: 0
[结果: 自增前值] 0 新值: 1
[小于比较] 1
最开始[0,218,17,20,25,23,95,116,236,14,146,5,3,151,128,186,32,114,244,80,4,46,36,85,213,108,174,201,63,129,47,99,38,81,150,242,69,60,72,55,192,52,10,77,96,141,59,62,165,204,67,120,90,240,200,94,164,221,229,98,37,145,57,230,8,232,169,212,132,115,209,54,110,170,39,91,167,225,207,31,210,182,152,83,144,195,211,161,65,29,147,183,42,97,153,50,223,43,188,79,158,187,166,179,68,121,44,155,75,173,252,249,11,159,27,133,58,124,243,198,239,45,241,217,1,74,162,103,136,226,112,199,191,21,180,163,196,157,71,56,143,234,33,205,233,34,181,139,119,64,193,102,76,61,15,109,160,222,111,247,202,104,70,84,178,171,86,140,53,238,88,255,228,175,22,118,177,197,105,82,7,154,92,190,248,246,214,203,135,126,123,78,18,30,35,245,12,168,51,100,227,251,235,93,49,122,208,206,219,142,101,176,215,130,66,117,40,134,2,253,216,189,156,125,24,16,26,41,220,137,106,250,172,138,237,127,19,107,148,194,89,48,254,113,231,185,28,224,87,73,184,9,6,13,131,149]
tmp = 0
// 猜想开始 i = 0
// (i + 1) % 256 --> (0 + 1) % 256 = 1  结果1
// (arr + arr[结果1]) % 256 --> (0 + 218) % 256 = 218 结果2  (这里记录 tmp = 218)
// "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 Edg/135.0.0.0".charCodeAt(i)  = 77 --> 结果3
// arr[结果1](arr[1] = 218) 和 arr[结果2](arr[218] = 2) 互换位置,变成如下数组
变化[0,2,17,20,25,23,95,116,236,14,146,5,3,151,128,186,32,114,244,80,4,46,36,85,213,108,174,201,63,129,47,99,38,81,150,242,69,60,72,55,192,52,10,77,96,141,59,62,165,204,67,120,90,240,200,94,164,221,229,98,37,145,57,230,8,232,169,212,132,115,209,54,110,170,39,91,167,225,207,31,210,182,152,83,144,195,211,161,65,29,147,183,42,97,153,50,223,43,188,79,158,187,166,179,68,121,44,155,75,173,252,249,11,159,27,133,58,124,243,198,239,45,241,217,1,74,162,103,136,226,112,199,191,21,180,163,196,157,71,56,143,234,33,205,233,34,181,139,119,64,193,102,76,61,15,109,160,222,111,247,202,104,70,84,178,171,86,140,53,238,88,255,228,175,22,118,177,197,105,82,7,154,92,190,248,246,214,203,135,126,123,78,18,30,35,245,12,168,51,100,227,251,235,93,49,122,208,206,219,142,101,176,215,130,66,117,40,134,218,253,216,189,156,125,24,16,26,41,220,137,106,250,172,138,237,127,19,107,148,194,89,48,254,113,231,185,28,224,87,73,184,9,6,13,131,149]
// 变化位置的二者相加mod256 (2 + 218) % 256 = 220
// 结果3 ^ arr[220] = 149
// String.fromCharCode(149)
[加法] 1 + 1
[结果] 2
[取模] 2 % 256
[结果] 2
[加法] 218 + 17
[结果] 235
[取模] 235 % 256
[结果] 235
[调用 apply] {函数: 'charCodeAt', 上下文: 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWeb…cko) Chrome/135.0.0.0 Safari/537.36 Edg/135.0.0.0', 参数: '[1]'}
[apply 结果] 111
[加法] 127 + 17
[结果] 144
[取模] 144 % 256
[结果] 144
[异或] 111 ^ 233
[结果] 134
[调用 apply] {函数: 'fromCharCode', 上下文: 'function String() { [native code] }', 参数: '[134]'}
[apply 结果]
[加法] "" + ""
[结果] ""
[赋值] 对象: [{"0":"\u0000\u0001\u000e","1":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 Edg/135.0.0.0"},"\u0000\u0001\u000e","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 Edg/135.0.0.0",[0,2,127,20,25,23,95,116,236,14,146,5,3,151,128,186,32,114,244,80,4,46,36,85,213,108,174,201,63,129,47,99,38,81,150,242,69,60,72,55,192,52,10,77,96,141,59,62,165,204,67,120,90,240,200,94,164,221,229,98,37,145,57,230,8,232,169,212,132,115,209,54,110,170,39,91,167,225,207,31,210,182,152,83,144,195,211,161,65,29,147,183,42,97,153,50,223,43,188,79,158,187,166,179,68,121,44,155,75,173,252,249,11,159,27,133,58,124,243,198,239,45,241,217,1,74,162,103,136,226,112,199,191,21,180,163,196,157,71,56,143,234,33,205,233,34,181,139,119,64,193,102,76,61,15,109,160,222,111,247,202,104,70,84,178,171,86,140,53,238,88,255,228,175,22,118,177,197,105,82,7,154,92,190,248,246,214,203,135,126,123,78,18,30,35,245,12,168,51,100,227,251,235,93,49,122,208,206,219,142,101,176,215,130,66,117,40,134,218,253,216,189,156,125,24,16,26,41,220,137,106,250,172,138,237,17,19,107,148,194,89,48,254,113,231,185,28,224,87,73,184,9,6,13,131,149],235,17,"",256,256,2,1] 键: 6 值:
[结果]
[自增] 对象: [{"0":"\u0000\u0001\u000e","1":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 Edg/135.0.0.0"},"\u0000\u0001\u000e","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 Edg/135.0.0.0",[0,2,127,20,25,23,95,116,236,14,146,5,3,151,128,186,32,114,244,80,4,46,36,85,213,108,174,201,63,129,47,99,38,81,150,242,69,60,72,55,192,52,10,77,96,141,59,62,165,204,67,120,90,240,200,94,164,221,229,98,37,145,57,230,8,232,169,212,132,115,209,54,110,170,39,91,167,225,207,31,210,182,152,83,144,195,211,161,65,29,147,183,42,97,153,50,223,43,188,79,158,187,166,179,68,121,44,155,75,173,252,249,11,159,27,133,58,124,243,198,239,45,241,217,1,74,162,103,136,226,112,199,191,21,180,163,196,157,71,56,143,234,33,205,233,34,181,139,119,64,193,102,76,61,15,109,160,222,111,247,202,104,70,84,178,171,86,140,53,238,88,255,228,175,22,118,177,197,105,82,7,154,92,190,248,246,214,203,135,126,123,78,18,30,35,245,12,168,51,100,227,251,235,93,49,122,208,206,219,142,101,176,215,130,66,117,40,134,218,253,216,189,156,125,24,16,26,41,220,137,106,250,172,138,237,17,19,107,148,194,89,48,254,113,231,185,28,224,87,73,184,9,6,13,131,149],235,17,"",256,256,2,1] 键: 10 原始值: 1
[结果: 自增前值] 1 新值: 2
[小于比较] 2
[0,2,17,20,25,23,95,116,236,14,146,5,3,151,128,186,32,114,244,80,4,46,36,85,213,108,174,201,63,129,47,99,38,81,150,242,69,60,72,55,192,52,10,77,96,141,59,62,165,204,67,120,90,240,200,94,164,221,229,98,37,145,57,230,8,232,169,212,132,115,209,54,110,170,39,91,167,225,207,31,210,182,152,83,144,195,211,161,65,29,147,183,42,97,153,50,223,43,188,79,158,187,166,179,68,121,44,155,75,173,252,249,11,159,27,133,58,124,243,198,239,45,241,217,1,74,162,103,136,226,112,199,191,21,180,163,196,157,71,56,143,234,33,205,233,34,181,139,119,64,193,102,76,61,15,109,160,222,111,247,202,104,70,84,178,171,86,140,53,238,88,255,228,175,22,118,177,197,105,82,7,154,92,190,248,246,214,203,135,126,123,78,18,30,35,245,12,168,51,100,227,251,235,93,49,122,208,206,219,142,101,176,215,130,66,117,40,134,218,253,216,189,156,125,24,16,26,41,220,137,106,250,172,138,237,127,19,107,148,194,89,48,254,113,231,185,28,224,87,73,184,9,6,13,131,149]
tmp = 218
// 验证猜想 i = 1
// (i + 1) % 256 --> (1 + 1) % 256 = 2  结果1
// (tmp + arr[结果1]) % 256 --> (218 + 17) % 256 = 235 结果2 (这里记录tmp=235)
// "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 Edg/135.0.0.0".charCodeAt(i)  = 111 --> 结果3
// arr[结果1](arr[2] = 17) 和 arr[235](arr[218] = 127) 互换位置,变成如下数组
[0,2,127,20,25,23,95,116,236,14,146,5,3,151,128,186,32,114,244,80,4,46,36,85,213,108,174,201,63,129,47,99,38,81,150,242,69,60,72,55,192,52,10,77,96,141,59,62,165,204,67,120,90,240,200,94,164,221,229,98,37,145,57,230,8,232,169,212,132,115,209,54,110,170,39,91,167,225,207,31,210,182,152,83,144,195,211,161,65,29,147,183,42,97,153,50,223,43,188,79,158,187,166,179,68,121,44,155,75,173,252,249,11,159,27,133,58,124,243,198,239,45,241,217,1,74,162,103,136,226,112,199,191,21,180,163,196,157,71,56,143,234,33,205,233,34,181,139,119,64,193,102,76,61,15,109,160,222,111,247,202,104,70,84,178,171,86,140,53,238,88,255,228,175,22,118,177,197,105,82,7,154,92,190,248,246,214,203,135,126,123,78,18,30,35,245,12,168,51,100,227,251,235,93,49,122,208,206,219,142,101,176,215,130,66,117,40,134,218,253,216,189,156,125,24,16,26,41,220,137,106,250,172,138,237,17,19,107,148,194,89,48,254,113,231,185,28,224,87,73,184,9,6,13,131,149]
// 变化位置的二者相加mod256 (17 + 127) % 256 = 144
// 结果3 ^ arr[144] = 134
// String.fromCharCode(134)
// 这里基本就可以确定有两个数组相互配合了
[加法] 2 + 1
[结果] 3
[取模] 3 % 256
[结果] 3
[加法] 235 + 20
[结果] 255
[取模] 255 % 256
[结果] 255
[调用 apply] {函数: 'charCodeAt', 上下文: 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWeb…cko) Chrome/135.0.0.0 Safari/537.36 Edg/135.0.0.0', 参数: '[2]'}
[apply 结果] 122
[加法] 149 + 20
[结果] 169
[取模] 169 % 256
[结果] 169
[异或] 122 ^ 238
[结果] 148
[调用 apply] {函数: 'fromCharCode', 上下文: 'function String() { [native code] }', 参数: '[148]'}
[apply 结果]
[加法] "" + ""
[结果] ""
[赋值] 对象: [{"0":"\u0000\u0001\u000e","1":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 Edg/135.0.0.0"},"\u0000\u0001\u000e","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 Edg/135.0.0.0",[0,2,127,149,25,23,95,116,236,14,146,5,3,151,128,186,32,114,244,80,4,46,36,85,213,108,174,201,63,129,47,99,38,81,150,242,69,60,72,55,192,52,10,77,96,141,59,62,165,204,67,120,90,240,200,94,164,221,229,98,37,145,57,230,8,232,169,212,132,115,209,54,110,170,39,91,167,225,207,31,210,182,152,83,144,195,211,161,65,29,147,183,42,97,153,50,223,43,188,79,158,187,166,179,68,121,44,155,75,173,252,249,11,159,27,133,58,124,243,198,239,45,241,217,1,74,162,103,136,226,112,199,191,21,180,163,196,157,71,56,143,234,33,205,233,34,181,139,119,64,193,102,76,61,15,109,160,222,111,247,202,104,70,84,178,171,86,140,53,238,88,255,228,175,22,118,177,197,105,82,7,154,92,190,248,246,214,203,135,126,123,78,18,30,35,245,12,168,51,100,227,251,235,93,49,122,208,206,219,142,101,176,215,130,66,117,40,134,218,253,216,189,156,125,24,16,26,41,220,137,106,250,172,138,237,17,19,107,148,194,89,48,254,113,231,185,28,224,87,73,184,9,6,13,131,20],255,20,"",256,256,3,2] 键: 6 值:
[结果]
[自增] 对象: [{"0":"\u0000\u0001\u000e","1":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 Edg/135.0.0.0"},"\u0000\u0001\u000e","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 Edg/135.0.0.0",[0,2,127,149,25,23,95,116,236,14,146,5,3,151,128,186,32,114,244,80,4,46,36,85,213,108,174,201,63,129,47,99,38,81,150,242,69,60,72,55,192,52,10,77,96,141,59,62,165,204,67,120,90,240,200,94,164,221,229,98,37,145,57,230,8,232,169,212,132,115,209,54,110,170,39,91,167,225,207,31,210,182,152,83,144,195,211,161,65,29,147,183,42,97,153,50,223,43,188,79,158,187,166,179,68,121,44,155,75,173,252,249,11,159,27,133,58,124,243,198,239,45,241,217,1,74,162,103,136,226,112,199,191,21,180,163,196,157,71,56,143,234,33,205,233,34,181,139,119,64,193,102,76,61,15,109,160,222,111,247,202,104,70,84,178,171,86,140,53,238,88,255,228,175,22,118,177,197,105,82,7,154,92,190,248,246,214,203,135,126,123,78,18,30,35,245,12,168,51,100,227,251,235,93,49,122,208,206,219,142,101,176,215,130,66,117,40,134,218,253,216,189,156,125,24,16,26,41,220,137,106,250,172,138,237,17,19,107,148,194,89,48,254,113,231,185,28,224,87,73,184,9,6,13,131,20],255,20,"",256,256,3,2] 键: 10 原始值: 2
[结果: 自增前值] 2 新值: 3
[小于比较] 3
[0,2,127,20,25,23,95,116,236,14,146,5,3,151,128,186,32,114,244,80,4,46,36,85,213,108,174,201,63,129,47,99,38,81,150,242,69,60,72,55,192,52,10,77,96,141,59,62,165,204,67,120,90,240,200,94,164,221,229,98,37,145,57,230,8,232,169,212,132,115,209,54,110,170,39,91,167,225,207,31,210,182,152,83,144,195,211,161,65,29,147,183,42,97,153,50,223,43,188,79,158,187,166,179,68,121,44,155,75,173,252,249,11,159,27,133,58,124,243,198,239,45,241,217,1,74,162,103,136,226,112,199,191,21,180,163,196,157,71,56,143,234,33,205,233,34,181,139,119,64,193,102,76,61,15,109,160,222,111,247,202,104,70,84,178,171,86,140,53,238,88,255,228,175,22,118,177,197,105,82,7,154,92,190,248,246,214,203,135,126,123,78,18,30,35,245,12,168,51,100,227,251,235,93,49,122,208,206,219,142,101,176,215,130,66,117,40,134,218,253,216,189,156,125,24,16,26,41,220,137,106,250,172,138,237,17,19,107,148,194,89,48,254,113,231,185,28,224,87,73,184,9,6,13,131,149]
tmp = 235
// 再次验证猜想 i = 2
// (i + 1) % 256 --> (2 + 1) % 256 = 3  结果1
// (tmp + arr[结果1]) % 256 --> (235 + 20) % 256 = 255 结果2 (tmp = 255)
// "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 Edg/135.0.0.0".charCodeAt(i)  = 122 --> 结果3
// arr[结果1](arr[3] = 20) 和 arr[tmp](arr[tmp] = 149) 互换位置,变成如下数组
[0,2,127,149,25,23,95,116,236,14,146,5,3,151,128,186,32,114,244,80,4,46,36,85,213,108,174,201,63,129,47,99,38,81,150,242,69,60,72,55,192,52,10,77,96,141,59,62,165,204,67,120,90,240,200,94,164,221,229,98,37,145,57,230,8,232,169,212,132,115,209,54,110,170,39,91,167,225,207,31,210,182,152,83,144,195,211,161,65,29,147,183,42,97,153,50,223,43,188,79,158,187,166,179,68,121,44,155,75,173,252,249,11,159,27,133,58,124,243,198,239,45,241,217,1,74,162,103,136,226,112,199,191,21,180,163,196,157,71,56,143,234,33,205,233,34,181,139,119,64,193,102,76,61,15,109,160,222,111,247,202,104,70,84,178,171,86,140,53,238,88,255,228,175,22,118,177,197,105,82,7,154,92,190,248,246,214,203,135,126,123,78,18,30,35,245,12,168,51,100,227,251,235,93,49,122,208,206,219,142,101,176,215,130,66,117,40,134,218,253,216,189,156,125,24,16,26,41,220,137,106,250,172,138,237,17,19,107,148,194,89,48,254,113,231,185,28,224,87,73,184,9,6,13,131,20]
// 变化位置的二者相加mod256 (20 + 149) % 256 = 169
// 结果3 ^ arr[169] = 148
// String.fromCharCode(148)
[加法] 3 + 1
[结果] 4
[取模] 4 % 256
[结果] 4
[加法] 255 + 25
[结果] 280
[取模] 280 % 256
[结果] 24
[调用 apply] {函数: 'charCodeAt', 上下文: 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWeb…cko) Chrome/135.0.0.0 Safari/537.36 Edg/135.0.0.0', 参数: '[3]'}
[apply 结果] 105
[加法] 213 + 25
[结果] 238
[取模] 238 % 256
[结果] 238
[异或] 105 ^ 148
[结果] 253
[调用 apply] {函数: 'fromCharCode', 上下文: 'function String() { [native code] }', 参数: '[253]'}
[apply 结果] ý
[加法] "" + "ý"
[结果] "ý"
[赋值] 对象: [{"0":"\u0000\u0001\u000e","1":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 Edg/135.0.0.0"},"\u0000\u0001\u000e","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 Edg/135.0.0.0",[0,2,127,149,213,23,95,116,236,14,146,5,3,151,128,186,32,114,244,80,4,46,36,85,25,108,174,201,63,129,47,99,38,81,150,242,69,60,72,55,192,52,10,77,96,141,59,62,165,204,67,120,90,240,200,94,164,221,229,98,37,145,57,230,8,232,169,212,132,115,209,54,110,170,39,91,167,225,207,31,210,182,152,83,144,195,211,161,65,29,147,183,42,97,153,50,223,43,188,79,158,187,166,179,68,121,44,155,75,173,252,249,11,159,27,133,58,124,243,198,239,45,241,217,1,74,162,103,136,226,112,199,191,21,180,163,196,157,71,56,143,234,33,205,233,34,181,139,119,64,193,102,76,61,15,109,160,222,111,247,202,104,70,84,178,171,86,140,53,238,88,255,228,175,22,118,177,197,105,82,7,154,92,190,248,246,214,203,135,126,123,78,18,30,35,245,12,168,51,100,227,251,235,93,49,122,208,206,219,142,101,176,215,130,66,117,40,134,218,253,216,189,156,125,24,16,26,41,220,137,106,250,172,138,237,17,19,107,148,194,89,48,254,113,231,185,28,224,87,73,184,9,6,13,131,20],24,25,"",256,256,4,3] 键: 6 值: ý
[结果] ý
[自增] 对象: [{"0":"\u0000\u0001\u000e","1":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 Edg/135.0.0.0"},"\u0000\u0001\u000e","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 Edg/135.0.0.0",[0,2,127,149,213,23,95,116,236,14,146,5,3,151,128,186,32,114,244,80,4,46,36,85,25,108,174,201,63,129,47,99,38,81,150,242,69,60,72,55,192,52,10,77,96,141,59,62,165,204,67,120,90,240,200,94,164,221,229,98,37,145,57,230,8,232,169,212,132,115,209,54,110,170,39,91,167,225,207,31,210,182,152,83,144,195,211,161,65,29,147,183,42,97,153,50,223,43,188,79,158,187,166,179,68,121,44,155,75,173,252,249,11,159,27,133,58,124,243,198,239,45,241,217,1,74,162,103,136,226,112,199,191,21,180,163,196,157,71,56,143,234,33,205,233,34,181,139,119,64,193,102,76,61,15,109,160,222,111,247,202,104,70,84,178,171,86,140,53,238,88,255,228,175,22,118,177,197,105,82,7,154,92,190,248,246,214,203,135,126,123,78,18,30,35,245,12,168,51,100,227,251,235,93,49,122,208,206,219,142,101,176,215,130,66,117,40,134,218,253,216,189,156,125,24,16,26,41,220,137,106,250,172,138,237,17,19,107,148,194,89,48,254,113,231,185,28,224,87,73,184,9,6,13,131,20],24,25,"ý",256,256,4,3] 键: 10 原始值: 3
[结果: 自增前值] 3 新值: 4
[小于比较] 4
[加法] 4 + 1
[结果] 5
[取模] 5 % 256
[结果] 5
[加法] 24 + 23
[结果] 47
[取模] 47 % 256
[结果] 47
[调用 apply] {函数: 'charCodeAt', 上下文: 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWeb…cko) Chrome/135.0.0.0 Safari/537.36 Edg/135.0.0.0', 参数: '[4]'}
[apply 结果] 108
[加法] 62 + 23
[结果] 85
[取模] 85 % 256
[结果] 85
[异或] 108 ^ 195
[结果] 175
[调用 apply] {函数: 'fromCharCode', 上下文: 'function String() { [native code] }', 参数: '[175]'}
[apply 结果] ¯
[加法] "ý" + "¯"
[结果] "ý¯"
[赋值] 对象: [{"0":"\u0000\u0001\u000e","1":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 Edg/135.0.0.0"},"\u0000\u0001\u000e","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 Edg/135.0.0.0",[0,2,127,149,213,62,95,116,236,14,146,5,3,151,128,186,32,114,244,80,4,46,36,85,25,108,174,201,63,129,47,99,38,81,150,242,69,60,72,55,192,52,10,77,96,141,59,23,165,204,67,120,90,240,200,94,164,221,229,98,37,145,57,230,8,232,169,212,132,115,209,54,110,170,39,91,167,225,207,31,210,182,152,83,144,195,211,161,65,29,147,183,42,97,153,50,223,43,188,79,158,187,166,179,68,121,44,155,75,173,252,249,11,159,27,133,58,124,243,198,239,45,241,217,1,74,162,103,136,226,112,199,191,21,180,163,196,157,71,56,143,234,33,205,233,34,181,139,119,64,193,102,76,61,15,109,160,222,111,247,202,104,70,84,178,171,86,140,53,238,88,255,228,175,22,118,177,197,105,82,7,154,92,190,248,246,214,203,135,126,123,78,18,30,35,245,12,168,51,100,227,251,235,93,49,122,208,206,219,142,101,176,215,130,66,117,40,134,218,253,216,189,156,125,24,16,26,41,220,137,106,250,172,138,237,17,19,107,148,194,89,48,254,113,231,185,28,224,87,73,184,9,6,13,131,20],47,23,"ý",256,256,5,4] 键: 6 值: ý¯
[结果] ý¯
[自增] 对象: [{"0":"\u0000\u0001\u000e","1":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 Edg/135.0.0.0"},"\u0000\u0001\u000e","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 Edg/135.0.0.0",[0,2,127,149,213,62,95,116,236,14,146,5,3,151,128,186,32,114,244,80,4,46,36,85,25,108,174,201,63,129,47,99,38,81,150,242,69,60,72,55,192,52,10,77,96,141,59,23,165,204,67,120,90,240,200,94,164,221,229,98,37,145,57,230,8,232,169,212,132,115,209,54,110,170,39,91,167,225,207,31,210,182,152,83,144,195,211,161,65,29,147,183,42,97,153,50,223,43,188,79,158,187,166,179,68,121,44,155,75,173,252,249,11,159,27,133,58,124,243,198,239,45,241,217,1,74,162,103,136,226,112,199,191,21,180,163,196,157,71,56,143,234,33,205,233,34,181,139,119,64,193,102,76,61,15,109,160,222,111,247,202,104,70,84,178,171,86,140,53,238,88,255,228,175,22,118,177,197,105,82,7,154,92,190,248,246,214,203,135,126,123,78,18,30,35,245,12,168,51,100,227,251,235,93,49,122,208,206,219,142,101,176,215,130,66,117,40,134,218,253,216,189,156,125,24,16,26,41,220,137,106,250,172,138,237,17,19,107,148,194,89,48,254,113,231,185,28,224,87,73,184,9,6,13,131,20],47,23,"ý¯",256,256,5,4] 键: 10 原始值: 4
[结果: 自增前值] 4 新值: 5
[小于比较] 5
这里乱码逆向就完成了
接着根据最初的日志去定位乱码还原，这个地方其实就是一个魔改的base64。根据日志可以还原
```log
[调用 apply] {函数: 'function charCodeAt() { [native code] }', 上下文: "\x95\x86\x94ý¯ä\x10§1\x1EÙ,m@Ä\x9B¯]g`\x17zVé\x9CöÀ\x80\x14\x17ÎcOåÿýÎç\x02\x02\x8A> 18
[结果] 37
[调用 apply] {函数: 'function charAt() { [native code] }', 上下文: 'ckdp1h4ZKsUB80/Mfvw36XIgR25+WQAlEi7NLboqYTOPuzmFjJnryx9HVGDaStCe', 参数: '[37]'}
[返回值] b
[加法]  + b
[结果] b
[按位与] 9799316 & 258048
[结果] 98304
[右移] 98304 >> 12
[结果] 24
[调用 apply] {函数: 'function charAt() { [native code] }', 上下文: 'ckdp1h4ZKsUB80/Mfvw36XIgR25+WQAlEi7NLboqYTOPuzmFjJnryx9HVGDaStCe', 参数: '[24]'}
[返回值] R
[加法] b + R
[结果] bR
[按位与] 9799316 & 4032
[结果] 1664
[右移] 1664 >> 6
[结果] 26
[调用 apply] {函数: 'function charAt() { [native code] }', 上下文: 'ckdp1h4ZKsUB80/Mfvw36XIgR25+WQAlEi7NLboqYTOPuzmFjJnryx9HVGDaStCe', 参数: '[26]'}
[返回值] 5
[加法] bR + 5
[结果] bR5
[按位与] 9799316 & 63
[结果] 20
[调用 apply] {函数: 'function charAt() { [native code] }', 上下文: 'ckdp1h4ZKsUB80/Mfvw36XIgR25+WQAlEi7NLboqYTOPuzmFjJnryx9HVGDaStCe', 参数: '[20]'}
[返回值] 6
[加法] bR5 + 6
[结果] bR56
[加法] 3 + 3
[结果] 6
[调用 apply] {函数: 'function charCodeAt() { [native code] }', 上下文: "\x95\x86\x94ý¯ä\x10§1\x1EÙ,m@Ä\x9B¯]g`\x17zVé\x9CöÀ\x80\x14\x17ÎcOåÿýÎç\x02\x02\x8A> 18
[结果] 63
[调用 apply] {函数: 'function charAt() { [native code] }', 上下文: 'ckdp1h4ZKsUB80/Mfvw36XIgR25+WQAlEi7NLboqYTOPuzmFjJnryx9HVGDaStCe', 参数: '[63]'}
[返回值] e
[加法] bR56 + e
[结果] bR56e
[按位与] 16625636 & 258048
[结果] 106496
[右移] 106496 >> 12
[结果] 26
[调用 apply] {函数: 'function charAt() { [native code] }', 上下文: 'ckdp1h4ZKsUB80/Mfvw36XIgR25+WQAlEi7NLboqYTOPuzmFjJnryx9HVGDaStCe', 参数: '[26]'}
[返回值] 5
[加法] bR56e + 5
[结果] bR56e5
[按位与] 16625636 & 4032
[结果] 4032
[右移] 4032 >> 6
[结果] 63
[调用 apply] {函数: 'function charAt() { [native code] }', 上下文: 'ckdp1h4ZKsUB80/Mfvw36XIgR25+WQAlEi7NLboqYTOPuzmFjJnryx9HVGDaStCe', 参数: '[63]'}
[返回值] e
[加法] bR56e5 + e
[结果] bR56e5e
[按位与] 16625636 & 63
[结果] 36
[调用 apply] {函数: 'function charAt() { [native code] }', 上下文: 'ckdp1h4ZKsUB80/Mfvw36XIgR25+WQAlEi7NLboqYTOPuzmFjJnryx9HVGDaStCe', 参数: '[36]'}
[返回值] L
[加法] bR56e5e + L
[结果] bR56e5eL
[加法] 6 + 3
[结果] 9
[调用 apply] {函数: 'function charCodeAt() { [native code] }', 上下文: "\x95\x86\x94ý¯ä\x10§1\x1EÙ,m@Ä\x9B¯]g`\x17zVé\x9CöÀ\x80\x14\x17ÎcOåÿýÎç\x02\x02\x8A> 18
[结果] 4
[调用 apply] {函数: 'function charAt() { [native code] }', 上下文: 'ckdp1h4ZKsUB80/Mfvw36XIgR25+WQAlEi7NLboqYTOPuzmFjJnryx9HVGDaStCe', 参数: '[4]'}
[返回值] 1
[加法] bR56e5eL + 1
[结果] bR56e5eL1
[按位与] 1091377 & 258048
[结果] 40960
[右移] 40960 >> 12
[结果] 10
[调用 apply] {函数: 'function charAt() { [native code] }', 上下文: 'ckdp1h4ZKsUB80/Mfvw36XIgR25+WQAlEi7NLboqYTOPuzmFjJnryx9HVGDaStCe', 参数: '[10]'}
[返回值] U
[加法] bR56e5eL1 + U
[结果] bR56e5eL1U
[按位与] 1091377 & 4032
[结果] 1792
[右移] 1792 >> 6
[结果] 28
[调用 apply] {函数: 'function charAt() { [native code] }', 上下文: 'ckdp1h4ZKsUB80/Mfvw36XIgR25+WQAlEi7NLboqYTOPuzmFjJnryx9HVGDaStCe', 参数: '[28]'}
[返回值] W
[加法] bR56e5eL1U + W
[结果] bR56e5eL1UW
[按位与] 1091377 & 63
[结果] 49
[调用 apply] {函数: 'function charAt() { [native code] }', 上下文: 'ckdp1h4ZKsUB80/Mfvw36XIgR25+WQAlEi7NLboqYTOPuzmFjJnryx9HVGDaStCe', 参数: '[49]'}
[返回值] J
[加法] bR56e5eL1UW + J
[结果] bR56e5eL1UWJ
[加法] 9 + 3
[结果] 12
[调用 apply] {函数: 'function charCodeAt() { [native code] }', 上下文: "\x95\x86\x94ý¯ä\x10§1\x1EÙ,m@Ä\x9B¯]g`\x17zVé\x9CöÀ\x80\x14\x17ÎcOåÿýÎç\x02\x02\x8A> 18
[结果] 7
[调用 apply] {函数: 'function charAt() { [native code] }', 上下文: 'ckdp1h4ZKsUB80/Mfvw36XIgR25+WQAlEi7NLboqYTOPuzmFjJnryx9HVGDaStCe', 参数: '[7]'}
[返回值] Z
[加法] bR56e5eL1UWJ + Z
[结果] bR56e5eL1UWJZ
[按位与] 2021676 & 258048
[结果] 184320
[右移] 184320 >> 12
[结果] 45
[调用 apply] {函数: 'function charAt() { [native code] }', 上下文: 'ckdp1h4ZKsUB80/Mfvw36XIgR25+WQAlEi7NLboqYTOPuzmFjJnryx9HVGDaStCe', 参数: '[45]'}
[返回值] z
[加法] bR56e5eL1UWJZ + z
[结果] bR56e5eL1UWJZz
[按位与] 2021676 & 4032
[结果] 2304
[右移] 2304 >> 6
[结果] 36
[调用 apply] {函数: 'function charAt() { [native code] }', 上下文: 'ckdp1h4ZKsUB80/Mfvw36XIgR25+WQAlEi7NLboqYTOPuzmFjJnryx9HVGDaStCe', 参数: '[36]'}
[返回值] L
[加法] bR56e5eL1UWJZz + L
[结果] bR56e5eL1UWJZzL
[按位与] 2021676 & 63
[结果] 44
[调用 apply] {函数: 'function charAt() { [native code] }', 上下文: 'ckdp1h4ZKsUB80/Mfvw36XIgR25+WQAlEi7NLboqYTOPuzmFjJnryx9HVGDaStCe', 参数: '[44]'}
[返回值] u
[加法] bR56e5eL1UWJZzL + u
[结果] bR56e5eL1UWJZzLu
[加法] 12 + 3
[结果] 15
[调用 apply] {函数: 'function charCodeAt() { [native code] }', 上下文: "\x95\x86\x94ý¯ä\x10§1\x1EÙ,m@Ä\x9B¯]g`\x17zVé\x9CöÀ\x80\x14\x17ÎcOåÿýÎç\x02\x02\x8A> 18
[结果] 27
[调用 apply] {函数: 'function charAt() { [native code] }', 上下文: 'ckdp1h4ZKsUB80/Mfvw36XIgR25+WQAlEi7NLboqYTOPuzmFjJnryx9HVGDaStCe', 参数: '[27]'}
[返回值] +
[加法] bR56e5eL1UWJZzLu + +
[结果] bR56e5eL1UWJZzLu+
[按位与] 7160004 & 258048
[结果] 81920
[右移] 81920 >> 12
[结果] 20
[调用 apply] {函数: 'function charAt() { [native code] }', 上下文: 'ckdp1h4ZKsUB80/Mfvw36XIgR25+WQAlEi7NLboqYTOPuzmFjJnryx9HVGDaStCe', 参数: '[20]'}
[返回值] 6
[加法] bR56e5eL1UWJZzLu+ + 6
[结果] bR56e5eL1UWJZzLu+6
[按位与] 7160004 & 4032
[结果] 192
[右移] 192 >> 6
[结果] 3
[调用 apply] {函数: 'function charAt() { [native code] }', 上下文: 'ckdp1h4ZKsUB80/Mfvw36XIgR25+WQAlEi7NLboqYTOPuzmFjJnryx9HVGDaStCe', 参数: '[3]'}
[返回值] p
[加法] bR56e5eL1UWJZzLu+6 + p
[结果] bR56e5eL1UWJZzLu+6p
[按位与] 7160004 & 63
[结果] 4
[调用 apply] {函数: 'function charAt() { [native code] }', 上下文: 'ckdp1h4ZKsUB80/Mfvw36XIgR25+WQAlEi7NLboqYTOPuzmFjJnryx9HVGDaStCe', 参数: '[4]'}
[返回值] 1
[加法] bR56e5eL1UWJZzLu+6p + 1
[结果] bR56e5eL1UWJZzLu+6p1
[加法] 15 + 3
[结果] 18
[调用 apply] {函数: 'function charCodeAt() { [native code] }', 上下文: "\x95\x86\x94ý¯ä\x10§1\x1EÙ,m@Ä\x9B¯]g`\x17zVé\x9CöÀ\x80\x14\x17ÎcOåÿýÎç\x02\x02\x8A> 18
[结果] 38
[调用 apply] {函数: 'function charAt() { [native code] }', 上下文: 'ckdp1h4ZKsUB80/Mfvw36XIgR25+WQAlEi7NLboqYTOPuzmFjJnryx9HVGDaStCe', 参数: '[38]'}
[返回值] o
[加法] bR56e5eL1UWJZzLu+6p1 + o
[结果] bR56e5eL1UWJZzLu+6p1o
[按位与] 10202973 & 258048
[结果] 237568
[右移] 237568 >> 12
[结果] 58
[调用 apply] {函数: 'function charAt() { [native code] }', 上下文: 'ckdp1h4ZKsUB80/Mfvw36XIgR25+WQAlEi7NLboqYTOPuzmFjJnryx9HVGDaStCe', 参数: '[58]'}
[返回值] D
[加法] bR56e5eL1UWJZzLu+6p1o + D
[结果] bR56e5eL1UWJZzLu+6p1oD
[按位与] 10202973 & 4032
[结果] 3904
[右移] 3904 >> 6
[结果] 61
[调用 apply] {函数: 'function charAt() { [native code] }', 上下文: 'ckdp1h4ZKsUB80/Mfvw36XIgR25+WQAlEi7NLboqYTOPuzmFjJnryx9HVGDaStCe', 参数: '[61]'}
[返回值] t
[加法] bR56e5eL1UWJZzLu+6p1oD + t
[结果] bR56e5eL1UWJZzLu+6p1oDt
[按位与] 10202973 & 63
[结果] 29
[调用 apply] {函数: 'function charAt() { [native code] }', 上下文: 'ckdp1h4ZKsUB80/Mfvw36XIgR25+WQAlEi7NLboqYTOPuzmFjJnryx9HVGDaStCe', 参数: '[29]'}
[返回值] Q
[加法] bR56e5eL1UWJZzLu+6p1oDt + Q
[结果] bR56e5eL1UWJZzLu+6p1oDtQ
可以还原出如下代码：
function base64(encrypted,key) {
const alphabet = key
let out = '';
let i = 0;
/* -------- 每 3 字节 -> 4 字符 -------- */
for (; i + 2 > 18) & 0x3f];
      out += alphabet[(v >> 12) & 0x3f];
      out += alphabet[(v >>  6) & 0x3f];
      out += alphabet[ v       & 0x3f];
}
/* -------- 余数处理 -------- */
const rem = encrypted.length - i;
if (rem === 2) {
      const v = ((encrypted.charCodeAt(i) & 0xff) > 18) & 0x3f];
      out += alphabet[(v >> 12) & 0x3f];
      out += alphabet[(v >>  6) & 0x3f];
      out += '=';                   // 只补 1 个 '='
} else if (rem === 1) {
      const v = (encrypted.charCodeAt(i) & 0xff) > 18) & 0x3f];
      out += alphabet[(v >> 12) & 0x3f];
      out += '==';                // 补 2 个 '='
}
return out;
}
那么基本上加密的算法我们就解决了，最难的部分就是这个小数组的生成。这个数组因为部分原因暂时无法开源。我会把插桩放到这里，大家根据这个插桩日志可以还原。
本文的关键在于你通过ai去解决原先认为耗时，且易错的地方，你甚至可以将日志喂给ai让他帮你还原处算法，当你分析遇到瓶颈的时候，不妨去问问ai。因为这个算法的敏感性，我暂时无法提供完整代码只能给大伙提供思路和日志。
资料在附件。

资料.zip
(550.49 KB, 下载次数: 106)
2025-4-27 15:34 上传
点击文件名下载附件
阅读权限: 10下载积分: 吾爱币 -1 CB

参数, 函数

AI与JSVMP的初次结合-深入浅出的逆向JSVMP

相关帖子

浏览过的版块

热门主题

腾讯桌面整理工具DeskGo_4_1_1582_127_S150

摄像头分身工具【CamSplitter_v2.1.3】

Human body（female）V 1.0 人体解剖系统女

花瓣测速 4.8.0.311

哔哩哔哩第三方TV-BBLL最新版1.5.2版本，原

电脑自动备份插入的U盘数据

求CCtalk 三分屏下载方法

求高压电工证理论培训资料

帮忙下载一个文献

百金求类似iMazing的软件，不想用iTunes

热门板块

公告

网站帮助 - Yoo趣儿

我们的愿景

在 Yoo趣儿投放广告

Yoo趣儿网站用户应遵守规则

AI与JSVMP的初次结合-深入浅出的逆向JSVMP

相关帖子

浏览过的版块

热门主题

腾讯桌面整理工具DeskGo_4_1_1582_127_S150

摄像头分身工具【CamSplitter_v2.1.3】

Human body（female）V 1.0 人体解剖系统女

花瓣测速 4.8.0.311

哔哩哔哩第三方TV-BBLL最新版1.5.2版本，原

电脑自动备份插入的U盘数据

求CCtalk 三分屏下载方法

求高压电工证理论培训资料

帮忙下载一个文献

百金求类似iMazing的软件，不想用iTunes

热门板块

公告

网站帮助 - Yoo趣儿

我们的愿景

在 Yoo趣儿 投放广告

Yoo趣儿网站用户应遵守规则

在 Yoo趣儿投放广告