猪头签到 js分析
作者:inks | 发布时间: | 更新时间:
分析入口
用 wasm-decompile cap.wasm -o 1.txt 执行返回
丢gemini 分析秒了
import requests
from loguru import logger
import hashlib
def r(c: str, l: int) -> str:
m = 2166136261
for ch in c:
m ^= ord(ch)
m = (m + (m << 1) + (m << 4) + (m << 7) + (m << 8) + (m << 24)) & 0xffffffff
u = m
d = ""
def h():
nonlocal u
u ^= (u << 13) & 0xffffffff
u ^= (u >> 17) & 0xffffffff
u ^= (u << 5) & 0xffffffff
return u & 0xffffffff
while len(d) < l:
d += format(h(), "08x")
return d[:l]
from concurrent.futures import ProcessPoolExecutor
def get_solutions(d, u):
ret = []
with ProcessPoolExecutor(max_workers=16) as tb:
features = []
for i in range(1, u["c"] + 1):
feature = tb.submit(solve_pow, r(f"{d}{i}", u["s"]), r(f"{d}{i}d", u["d"]))
features.append(feature)
for i in features:
ret.append(i.result())
return ret
def solve_pow(prefix_hex: str, target_hex: str):
prefix = prefix_hex.encode() # wasm里是ASCII拼接
target = bytes.fromhex(target_hex) # 前缀匹配
nonce = 0
while True:
data = prefix + str(nonce).encode()
digest = hashlib.sha256(data).digest()
if digest.startswith(target):
return nonce
nonce += 1
class Zz:
def __init__(self):
self.session = requests.session()
self.session.headers = {
'accept': 'application/json, text/plain, */*',
'accept-language': 'zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6',
'content-type': 'application/json',
'origin': 'https://www.pigsec.cn',
'referer': 'https://www.pigsec.cn/planet-post/42022',
'sec-ch-ua': '"Microsoft Edge";v="143", "Chromium";v="143", "Not A(Brand";v="24"',
'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36 Edg/143.0.0.0',
}
def get_header_token(self):
resp = self.session.post('https://www.pigsec.cn/v1/auth/guest/token', json={}).json()
trace_id = resp['trace_id']
token = resp['data']['token']
self.session.headers['authorization'] = f'Bearer {token}'
logger.info(f"trace_id:{trace_id} token:{token}")
def get_login(self,phone):
self.get_header_token()
json_data = {
'phone': phone,
'scene': 'login',
}
# 检查状态
response = self.session.post('https://www.pigsec.cn/v1/auth/send-phone-code', json=json_data).json()
challenge_id = response['data']['challenge_id']
# print(response)
# 验证码
response = self.session.post('https://www.pigsec.cn/v1/verification/challenge').json()
token = response['data']['token']
challenge = response['data']['challenge']
# print(response)
json_data = {
'token': token,
'solutions': get_solutions(token, challenge),
}
response = self.session.post('https://www.pigsec.cn/v1/verification/redeem', json=json_data).json()
logger.info (response)
cap_redeem = response['data']['token']
json_data = {
'challenge_id': challenge_id,
'action': 'sms',
'cap_redeem': cap_redeem,
}
response = self.session.post('https://www.pigsec.cn/v1/risk/verify', json=json_data).json()
logger.info(response)
risk_pass = response['data']['risk_pass']
json_data = {
'phone': phone,
'scene': 'login',
}
self.session.headers['pig-captcha-response'] = risk_pass
response = self.session.post('https://www.pigsec.cn/v1/auth/send-phone-code', json=json_data).json()
logger.info(response)
code_num = input('请输入: ')
json_data = {
'captcha_type': 'phone',
'captcha_code': code_num,
'phone': phone,
}
response = self.session.post('https://www.pigsec.cn/v1/auth/login/no-password', json=json_data).json()
logger.info(response)
acc_token = response['data']['access_token']
self.session.headers['authorization'] = f'Bearer {acc_token}'
response = self.session.post('https://www.pigsec.cn/v1/checkin').json()
logger.info(response)
if __name__ == '__main__':
x = Zz()
x.get_login(phone='xxxxxx')