关于被京东打年兽的LOG参数整破防这件事

破解蕉哥

[15:28:24] 登陆成功 XXXXX，欢迎使用京东年兽助手。本助手完全免费，盗卖可耻！
[15:29:39] {"code":"1"}
[15:29:39] {"code":0,"data":{"bizCode":0,"bizMsg":"success","result":{"taskToken":"P12yocclaiZIOBYFjRWn6W7zh4JCGD43XxIlHvr","taskType":7},"success":true},"msg":"调用成功"}
[15:29:49] {"msg":"query success!","toast":{"subTitle":"任务已完成，获得8000爆竹","mainTitle":"","toastPic":""},"returnMsg":"query success!","code":"0","refreshKey":[{"name":"$result.floatingLayerCopy","value":"获得8000爆竹"}],"activeState":"ac77737e1454476ff49f26a6b539d1be","transParam":"","channelPoint":{"babelChannel":"","greytp":"1","rec_broker":"","loginCellularNetwork":0,"pageId":""},"showToast":"1"}
[15:29:49] {"code":"1"}
[15:29:49] {"code":0,"data":{"bizCode":0,"bizMsg":"success","result":{"taskToken":"P12yocclaiZIOBYFjRWn6W7zh4JCGD43XtCluRK","taskType":7},"success":true},"msg":"调用成功"}
[15:29:59] {"msg":"query success!","toast":{"subTitle":"任务已完成，获得8000爆竹","mainTitle":"","toastPic":""},"returnMsg":"query success!","code":"0","refreshKey":[{"name":"$result.floatingLayerCopy","value":"获得8000爆竹"}],"activeState":"ac77737e1454476ff49f26a6b539d1be","transParam":"","channelPoint":{"babelChannel":"","greytp":"1","rec_broker":"","loginCellularNetwork":0,"pageId":""},"showToast":"1"}
[15:30:00] {"code":"1"}
[15:30:00] {"code":0,"data":{"bizCode":0,"bizMsg":"success","result":{"taskToken":"P12yocclaiZIOBYFjRWn6W7zh4JCGD43X1OncZo","taskType":7},"success":true},"msg":"调用成功"}
[15:30:10] {"msg":"query success!","toast":{"subTitle":"任务已完成，获得8000爆竹","mainTitle":"","toastPic":""},"returnMsg":"query success!","code":"0","refreshKey":[{"name":"$result.floatingLayerCopy","value":"获得8000爆竹"}],"activeState":"ac77737e1454476ff49f26a6b539d1be","transParam":"","channelPoint":{"babelChannel":"","greytp":"1","rec_broker":"","loginCellularNetwork":0,"pageId":""},"showToast":"1"}
[15:30:10] {"code":"1"}
[15:30:10] {"code":0,"data":{"bizCode":-1002,"bizMsg":"啊哦，活动太火爆了，请稍后再试~","success":false},"msg":"调用成功"}
[15:30:21] {"msg":"query success!","toast":{"subTitle":"活动异常啦，请稍后再试~","mainTitle":"","toastPic":""},"returnMsg":"query success!","code":"0","refreshKey":[],"activeState":"76bb38df2cb0ab7b58a8464e4adb140e","transParam":"","channelPoint":{"babelChannel":"","greytp":"1","rec_broker":"","loginCellularNetwork":0,"pageId":""},"showToast":"1"}
[15:30:21] {"code":"1"}
[15:30:21] {"code":0,"data":{"bizCode":-1002,"bizMsg":"啊哦，活动太火爆了，请稍后再试~","success":false},"msg":"调用成功"}


经过测试发现抓包获得的log参数有效期仅为4次。没错，就是四次。用完失效

然后尝试修改浏览器 User-Agent 为手机的设备码，结果这样子生成的log无法使用，直接火爆...
还是老老实实手动吧...


最后有没有大佬分享下log处理思路？？
经过网页断点分析，知道log的计算方式存在于这个js文件内
https://storage.360buyimg.com/babel/01144582/3251773/production/dev/index.f79cd0827eff23460b27.js

[JavaScript] 纯文本查看 复制代码

 function Rp(e) {
                var t = e.secretp
                  , n = e.sceneId
                  , r = void 0 === n ? Cp : n
                  , e = Ip()
                  , n = e.log
                  , e = e.random;
                return JSON.stringify({
                    extraData: {
                        log: encodeURIComponent(n),
                        sceneid: r
                    },
                    secretp: t,
                    random: e
                })
            }

破解蕉哥

破防啦，不整了。京东把我号火爆了。溜了溜了

fjcqv

log用了 smashUtils.get_risk_result计算。
开始会运行smashUtils.init()，内部会调用getAppOsInformation和getPhoneBasicInfo，在浏览器会跳出异常


分析有误 太多加密，

幽溪左畔

RPC暂时能用= = 但是过程比较复杂很难对外开放 效率还不是很高   。。。。 再加上活动快结束也没什么研究兴趣了

bceyk

上次环游，有大佬解出来了，必须要app开头的ck。这次解散群了。直接在浏览器里生成的log都会火爆，不知道要验app里面什么参数。

破解蕉哥

好像发错区了，版主可以帮忙移动到求助区吗？

eddiecgc

期待大佬的成品啊，这几天还都是人工手动做任务的。

ucvsv

大佬成果能分享下么

fjcqv

浏览器怎么调整到页面不显示用京东app打开？

fjcqv

Ryanyan 发表于 2022-1-12 16:25
f12   CTRL+shift+M

https://wbbny.m.jd.com/babelDiy/Zeus/41AJZXRUJeTqdBK9bPoPgUJiodcU/index.html
地址这个，切换到手机模式，显示来京东app参与