好友
阅读权限10
听众
最后登录1970-1-1
|
25吾爱币
最近碰到了一个搞不定的wasm,地址:https://gm.99.com/MyQuestion/DefaultV2.aspx?GameCode=110&qTypeID=52&ActionType=
在点击登录滑动成功验证码之后会出现俩个请求,一个https://aq.99.com/handshake,用来和服务器交互密钥的应该是
请求载荷计算的位置在文件:solar-risk-sdk.min.js中,
82165: (A,g,C,B,Q,E,w,i,o,R,D,F,M,U)=>{
var G = new Uint8Array(K.buffer,A,g);
fetch(IA(C), {
method: "POST",
mode: "cors",
credentials: "include",
headers: {
"Content-Type": "application/octet-stream"
},
body: G
}).then(A=>A.arrayBuffer()).then(A=>{
const g = new Uint8Array(A);
let C = "";
for (let A = 0; A < g.byteLength; A++)
C += String.fromCharCode(g[A]);
const U = btoa(C);
I.ccall("OnHandshakeRecvSuccess", "void", ["string", "number", "string", "string", "string", "string", "number", "string", "string", "string", "string", "number"], [U, U.length, IA(B), IA(Q), IA(E), IA(w), i, IA(o), IA(R), IA(D), IA(F), M])
}
).catch(A=>{
const g = {
code: U,
data: A.toString()
};
I.ccall("OnHandshakeRecvError", "void", ["string", "number"], [JSON.stringify(g), M])
}
)
}
其中var G = new Uint8Array(K.buffer,A,g);就是计算的位置,但是往上接着分析就搞不懂到底是怎么操作了 我进行补环境node测试也没法成功的计算出G值,
https://aq.99.com/handshake请求后还会返回一个二进制的信息,通过交互得到的密钥对登录请求的提交载荷进行加密以及对登录请求返回的信息进行解密
研究几天属实搞不定了 |
|
发表于 2026-4-19 00:10
