Disclaimer: This article is only for learning and communication, and it is prohibited to be used for illegal purposes, commercial activities, etc. Otherwise, do so at your own risk. If there is any infringement, please inform and delete, thank you! This tutorial is not written specifically for a certain website, purely technical research
Table of contents
case analysis
Target case: aHR0cHM6Ly9tdXNpYy4xNjMuY29tLw==
1. Corresponding interface
2. Corresponding difficulties
You can see that both parameters, params and encSecKey, are encrypted
Parametric analysis
In this case, I searched directly, so let’s continue to search.
The old rule is to take a look at the breakpoint. After checking, you
can see that it is an array. By traversing the array, you can extract the values in the dictionary
and generate
the corresponding values. It is also extracted as above.
Here you can see that it is converted by randomly generated charat. It is
encrypted by the b function and found by entering the b function. It is encrypted by aes.
The value of params is passed twice The encecKey generated by aes
is encrypted by random value and bsi3x(["tear", "strong"]) plus bsi3x(Vx8p.md).
It is clear at a glance here.
The case is very simple, suitable for beginners to quickly understand reverse engineering! ! !
That's all for this issue! ! !
Bye-Bye! !