2021-09-29 microblog code scanning login to obtain cookie s, with account password js reverse decryption process (end)

Posted by livvylove on Wed, 29 Sep 2021 21:53:17 +0200

1, Foreword

Author: tiezhu
The next step is the js reverse of microblog. WebStorm needs to be used here
WebStorm Download
This article is only for study and research. If it infringes your company's rights and interests, please contact us 229456906@qq.com Delete at the first time; Dear friends, do not use it in any illegal way, otherwise you will bear the consequences yourself!
Libraries to use

import base64
import requests
import re
import os
import http.cookiejar as cookielib
# import pickle
import execjs
import time
import json
from PIL import Image
from urllib import parse

2, Analysis process

  1. Go to the microblog home page Microblog home page
  2. F12 open the chrome developer mode and enter the account password. Here, take 138888123456 as an example
    After clicking login, you can see the login interface and a pile of parameters on the right
    You can see it more times
    su
    servertime
    nonce
    rsakv
    sp
    Only these are changing. All we need to crack is the account and password
    Looking at other interfaces, you can find such an interface containing su

    Let's analyze this su and press Ctrl+shift+f
    Search su directly. There are many parameters. You can find them slowly and finally lock the following one

    After formatting, search su:
    Discovery su: d
    d = sinaSSOEncoder.base64.encode(urlencode(d));
    Hit the breakpoint and start debugging. Check it. This is the account encryption we need

    And the su is calculated by base64
    You can write it directly through pycharm
    self.username is the incoming account code, as follows:
su = base64.b64encode(parse.quote(self.username).encode('utf-8')).decode('utf-8')
print('Account encrypted:',su)

Operation results:

Directly, and the data returned from this interface are as follows:

Compare with the first step and find the parameters required in the post form
su
servertime
nonce
rsakv
Then there is sp left. Can this sp be a password?
Still Ctrl+shift+f to search for sp, there are many js files. After formatting, search for sp and find the following one

e.sp = b;
I found such a sentence on it
b = f.encrypt([me.servertime, me.nonce].join("\t") + "\n" + b)
Make a break and debug it

Here we see the encrypted data of sp
Now you are ready to deduct the code. Open WebStorm and copy this code

Print out the three parameters here
me.rsaPubkey
me.servertime
me.nonce

It is obtained through su that interface
Continue to look at this encrypted code

b = f.encrypt([me.servertime, me.nonce].join("\t") + "\n" + b)

In the debugging interface, place the mouse over f.encrypt and it will display as shown in the figure below

Click in f bt(a) and have a look

Copy this code into WebStorm, comment out the encrypted section and run it


Prompt ReferenceError: sinaSSOEncoder is not defined
If sinaSSOEncoder is not defined, please run it at the beginning


Then navigator is not defined
In this case, I can directly give you a navigator code, which can be written directly at the beginning

navigator = {
    // WT-JS_DEBUG
    appCodeName: "Mozilla",
    appMinorVersion: "0",
    appName: "Netscape",
    appVersion: "5.0 (Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; InfoPath.3; rv:11.0) like Gecko",
    browserLanguage: "zh-CN",
    cookieEnabled: true,
    cpuClass: "x86",
    language: "zh-CN",
    maxTouchPoints: 0,
    msManipulationViewsEnabled: true,
    msMaxTouchPoints: 0,
    msPointerEnabled: true,
    onLine: true,
    platform: "Win32",
    pointerEnabled: true,
    product: "Gecko",
    systemLanguage: "zh-CN",
    userAgent: "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; InfoPath.3; rv:11.0) like Gecko",
    userLanguage: "zh-CN",
    vendor: "",
    vendorSub: "",
    webdriver: false
}, window = global, window.navigator = navigator;

There is no error during operation

Now you can rewrite the encrypted code block

If we want to print the password to check, we must first write a function declaration

function pwd() {

    var f = new sinaSSOEncoder.RSAKey;
    f.setPublic(me.rsaPubkey, "10001");
    b = f.encrypt([me.servertime, me.nonce].join("\t") + "\n" + b)
    console.log(b)
    
}

If you run it directly, an error will be reported. The four parameters have not been passed in
me.rsaPubkey
me.servertime
me.nonce
b

b = f.encrypt([me.servertime, me.nonce].join("\t") + "\n" + b)

b in parentheses is the initial password passed in. Change it to p
Remove the other three from me. and finally call the pwd() function.
When calling, where is the page
me.rsaPubkey
me.servertime
me.nonce
Copy these parameter data
This is what happens when you write a function by passing parameters

function pwd(p,servertime,nonce,Pubkey) {

    var f = new sinaSSOEncoder.RSAKey;
    f.setPublic(Pubkey, "10001");
    b = f.encrypt([servertime, nonce].join("\t") + "\n" + p)
    console.log(b)

}
pwd('123456',
    '1632898111',
    '7UMHW2',
    'EB2A38568661887FA180BDDB5CABD5F21C7BFD59C090CB2D245A87AC253062882729293E5506350508E7F9AA3BB77F4333231490F915F6D63C55FE2F08A49B353F444AD3993CACC02DB784ABBB8E42A9B1BBFFFB38BE18D78E87A0E41B9B8F73A928EE0CCEE1F6739884B9777E4FE9E88A1BBE495927AC4A799B3181D6442443')

The operation results are as follows

Here, the account password will be analyzed
pycharm is different after writing
You need to call the js file through execjs

import execjs

Before that, you need to obtain the following parameters through pre login
servertime
nonce
rsakv
pubkey
pcid

Pre login url

'https://login.sina.com.cn/sso/prelogin.php'

Some codes are as follows:

    def pre_login(self):
        '''Pre login to obtain data. There is anti climbing here, which needs to be added“ Referer"'''
        self.params = {
            'entry': 'weibo',
            'callback': 'sinaSSOController.preloginCallBack',
            'su': self.su,
            'rsakt': 'mod',
            'client': 'ssologin.js(v1.4.19)',
            '_': self.time,
        }
        response = s.get(self.pre_url,params=self.params,headers = self.headers)
        # . content is a bytecode and needs to be encoded, but. text is not displayed normally at all times, so it needs to be encoded manually with. Content.
        # How to modify the encoding method: response.content.decode("utf8")
        # The eval() function executes a string expression and returns the value of the expression.
        res = eval(response.content.decode('utf-8').replace('sinaSSOController.preloginCallBack', ''))
        #print(res)
        return res

It should be noted that there is an anti crawling mechanism, and "Referer" should be added to the headers

self.headers = {'Referer': 'https://weibo.com/',
            'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36'}

You can take out the following parameters

pcid = res['pcid']
pubkey = res['pubkey']
rsakv = res['rsakv']
nonce = res['nonce']
servertime = res['servertime']

Copy the previously rewritten js code into pycharm. pwd() needs to rewrite the following code as follows:

navigator = {
    // WT-JS_DEBUG
    appCodeName: "Mozilla",
    appMinorVersion: "0",
    appName: "Netscape",
    appVersion: "5.0 (Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; InfoPath.3; rv:11.0) like Gecko",
    browserLanguage: "zh-CN",
    cookieEnabled: true,
    cpuClass: "x86",
    language: "zh-CN",
    maxTouchPoints: 0,
    msManipulationViewsEnabled: true,
    msMaxTouchPoints: 0,
    msPointerEnabled: true,
    onLine: true,
    platform: "Win32",
    pointerEnabled: true,
    product: "Gecko",
    systemLanguage: "zh-CN",
    userAgent: "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; InfoPath.3; rv:11.0) like Gecko",
    userLanguage: "zh-CN",
    vendor: "",
    vendorSub: "",
    webdriver: false
}, window = global, window.navigator = navigator;


var sinaSSOEncoder = {};
(function() {
        function bt(a) {
            var b = bp(a, this.n.bitLength() + 7 >> 3);
            if (b == null)
                return null;
            var c = this.doPublic(b);
            if (c == null)
                return null;
            var d = c.toString(16);
            return (d.length & 1) == 0 ? d : "0" + d
        }
        function bs(a) {
            return a.modPowInt(this.e, this.n)
        }
        function br(a, b) {
            if (a != null && b != null && a.length > 0 && b.length > 0) {
                this.n = bm(a, 16);
                this.e = parseInt(b, 16)
            } else
                alert("Invalid RSA public key")
        }
  
            c[--b] = 0;
            var g = new bl
                , h = [];
            while (b > 2) {
                h[0] = 0;
                while (h[0] == 0)
                    g.nextBytes(h);
                c[--b] = h[0]
            }
            c[--b] = 2;
            c[--b] = 0;
            return new d(c)
        }
        function bo(a) {
            return a < 16 ? "0" + a.toString(16) : a.toString(16)
        }
        function bn(a, b) {
            var c = ""
                , d = 0;
            while (d + b < a.length) {
                c += a.substring(d, d + b) + "\n";
                d += b
            }
            return c + a.substring(d, a.length)
        }
        function bm(a, b) {
            return new d(a,b)
        }
        function bl() {}
        function bk(a) {
            var b;
            for (b = 0; b < a.length; ++b)
                a[b] = bj()
        }
        function bj() {
            if (bc == null) {
                bg();
                bc = ba();
                bc.init(bd);
                for (be = 0; be < bd.length; ++be)
                    bd[be] = 0;
                be = 0
            }
            return bc.next()
        }
        function bg() {
            bf((new Date).getTime())
        }
        function bf(a) {
            bd[be++] ^= a & 255;
            bd[be++] ^= a >> 8 & 255;
            bd[be++] ^= a >> 16 & 255;
            bd[be++] ^= a >> 24 & 255;
            be >= bb && (be -= bb)
        }
        function ba() {
            return new Z
        }
        function _() {
            var a;
            this.i = this.i + 1 & 255;
            this.j = this.j + this.S[this.i] & 255;
            a = this.S[this.i];
            this.S[this.i] = this.S[this.j];
            this.S[this.j] = a;
            return this.S[a + this.S[this.i] & 255]
        }
        function $(a) {
            var b, c, d;
            for (b = 0; b < 256; ++b)
                this.S[b] = b;
            c = 0;
            for (b = 0; b < 256; ++b) {
                c = c + this.S[b] + a[b % a.length] & 255;
                d = this.S[b];
                this.S[b] = this.S[c];
                
            }
            this.i = 0;
            this.j = 0
        }
        function Z() {
            this.i = 0;
            this.j = 0;
            this.S = []
        }
        function Y(a, b) {
            var c;
            a < 256 || b.isEven() ? c = new J(b) : c = new Q(b);
            return this.exp(a, c)
        }
        function X(a, b) {
            if (a > 4294967295 || a < 1)
                return d.ONE;
            var c = e()
                , f = e()
                , g = b.convert(this)
                , h = y(a) - 1;
            g.copyTo(c);
            while (--h >= 0) {
                b.sqrTo(c, f);
                if ((a & 1 << h) > 0)
                    b.mulTo(f, g, c);
                else {
                    var i = c;
                    c = f;
                    f = i
                }
            }
            return b.revert(c)
        }
        function W() {
            return (this.t > 0 ? this[0] & 1 : this.s) == 0
        }
        function V(a, b, c) {
            a.multiplyTo(b, c);
            this.reduce(c)
        }
        function U(a, b) {
            a.squareTo(b);
            this.reduce(b)
        }
        function T(a) {
            while (a.t <= this.mt2)
                a[a.t++] = 0;
            for (var b = 0; b < this.m.t; ++b) {
                var c = a[b] & 32767
                    , d = c * this.mpl + ((c * this.mph + (a[b] >> 15) * this.mpl & this.um) << 15) & a.DM;
                c = b + this.m.t;
                a[c] += this.m.am(0, d, a, b, 0, this.m.t);
                while (a[c] >= a.DV) {
                    a[c] -= a.DV;
                    a[++c]++
                }
            }
            a.clamp();
            a.drShiftTo(this.m.t, a);
            a.compareTo(this.m) >= 0 && a.subTo(this.m, a)
        }
        function S(a) {
            var b = e();
            a.copyTo(b);
            this.reduce(b);
            return b
        }
        function R(a) {
            var b = e();
            a.abs().dlShiftTo(this.m.t, b);
            b.divRemTo(this.m, null, b);
            a.s < 0 && b.compareTo(d.ZERO) > 0 && this.m.subTo(b, b);
            return b
        }
        function Q(a) {
            this.m = a;
            this.mp = a.invDigit();
            this.mpl = this.mp & 32767;
            this.mph = this.mp >> 15;
            this.um = (1 << a.DB - 15) - 1;
            this.mt2 = 2 * a.t
        }
        function P() {
            if (this.t < 1)
                return 0;
            var a = this[0];
            if ((a & 1) == 0)
                return 0;
            var b = a & 3;
            b = b * (2 - (a & 15) * b) & 15;
            b = b * (2 - (a & 255) * b) & 255;
            b = b * (2 - ((a & 65535) * b & 65535)) & 65535;
            b = b * (2 - a * b % this.DV) % this.DV;
            return b > 0 ? this.DV - b : -b
        }
        function O(a, b) {
            a.squareTo(b);
            this.reduce(b)
        }
        function N(a, b, c) {
            a.multiplyTo(b, c);
            this.reduce(c)
        }
        function M(a) {
            a.divRemTo(this.m, null, a)
        }
        function L(a) {
            return a
        }
        function K(a) {
            return a.s < 0 || a.compareTo(this.m) >= 0 ? a.mod(this.m) : a
        }
        function J(a) {
            this.m = a
        }
        function I(a) {
            var b = e();
            this.abs().divRemTo(a, null, b);
            this.s < 0 && b.compareTo(d.ZERO) > 0 && a.subTo(b, b);
            return b
        }
        function H(a, b, c) {
            var f = a.abs();
            if (!(f.t <= 0)) {
                var g = this.abs();
                if (g.t < f.t) {
                    b != null && b.fromInt(0);
                    c != null && this.copyTo(c);
                    return
                }
                c == null && (c = e());
                var h = e()
                    , i = this.s
                    , j = a.s
                    , k = this.DB - y(f[f.t - 1]);
                if (k > 0) {
                    f.lShiftTo(k, h);
                    g.lShiftTo(k, c)
                } else {
                    f.copyTo(h);
                    g.copyTo(c)
                }
                var l = h.t
                    , m = h[l - 1];
                if (m == 0)
                    return;
                var n = m * (1 << this.F1) + (l > 1 ? h[l - 2] >> this.F2 : 0)
                    , o = this.FV / n
                    , p = (1 << this.F1) / n
                    , q = 1 << this.F2
                    , r = c.t
                    , s = r - l
                    , t = b == null ? e() : b;
                h.dlShiftTo(s, t);
                if (c.compareTo(t) >= 0) {
                    c[c.t++] = 1;
                    c.subTo(t, c)
                }
                d.ONE.dlShiftTo(l, t);
                t.subTo(h, h);
                while (h.t < l)
                    h[h.t++] = 0;
                while (--s >= 0) {
                    var u = c[--r] == m ? this.DM : Math.floor(c[r] * o + (c[r - 1] + q) * p);
                    if ((c[r] += h.am(0, u, c, s, 0, l)) < u) {
                        h.dlShiftTo(s, t);
                        c.subTo(t, c);
                        while (c[r] < --u)
                            c.subTo(t, c)
                    }
                }
                if (b != null) {
                    c.drShiftTo(l, b);
                    i != j && d.ZERO.subTo(b, b)
                }
                c.t = l;
                c.clamp();
                k > 0 && c.rShiftTo(k, c);
                i < 0 && d.ZERO.subTo(c, c)
            }
        }
        function G(a) {
            var b = this.abs()
                , c = a.t = 2 * b.t;
            while (--c >= 0)
                a[c] = 0;
            for (c = 0; c < b.t - 1; ++c) {
                var d = b.am(c, b[c], a, 2 * c, 0, 1);
                if ((a[c + b.t] += b.am(c + 1, 2 * b[c], a, 2 * c + 1, d, b.t - c - 1)) >= b.DV) {
                    a[c + b.t] -= b.DV;
                    a[c + b.t + 1] = 1
                }
            }
            a.t > 0 && (a[a.t - 1] += b.am(c, b[c], a, 2 * c, 0, 1));
            a.s = 0;
            a.clamp()
        }
        function F(a, b) {
            var c = this.abs()
                , e = a.abs()
                , f = c.t;
            b.t = f + e.t;
            while (--f >= 0)
                b[f] = 0;
            for (f = 0; f < e.t; ++f)
                b[f + c.t] = c.am(0, e[f], b, f, 0, c.t);
            b.s = 0;
            b.clamp();
            this.s != a.s && d.ZERO.subTo(b, b)
        }
        function E(a, b) {
            var c = 0
                , d = 0
                , e = Math.min(a.t, this.t);
            while (c < e) {
                d += this[c] - a[c];
                b[c++] = d & this.DM;
                d >>= this.DB
            }
            if (a.t < this.t) {
                d -= a.s;
                while (c < this.t) {
                    d += this[c];
                    b[c++] = d & this.DM;
                    d >>= this.DB
                }
                d += this.s
            } else {
                d += this.s;
                while (c < a.t) {
                    d -= a[c];
                    b[c++] = d & this.DM;
                    d >>= this.DB
                }
                d -= a.s
            }
            b.s = d < 0 ? -1 : 0;
            d < -1 ? b[c++] = this.DV + d : d > 0 && (b[c++] = d);
            b.t = c;
            b.clamp()
        }
        function D(a, b) {
            b.s = this.s;
            var c = Math.floor(a / this.DB);
            if (c >= this.t)
                b.t = 0;
            else {
                var d = a % this.DB
                    , e = this.DB - d
                    , f = (1 << d) - 1;
                b[0] = this[c] >> d;
                for (var g = c + 1; g < this.t; ++g) {
                    b[g - c - 1] |= (this[g] & f) << e;
                    b[g - c] = this[g] >> d
                }
                d > 0 && (b[this.t - c - 1] |= (this.s & f) << e);
                b.t = this.t - c;
                b.clamp()
            }
        }
        function C(a, b) {
            var c = a % this.DB, d = this.DB - c, e = (1 << d) - 1, f = Math.floor(a / this.DB), g = this.s << c & this.DM, h;
            for (h = this.t - 1; h >= 0; --h) {
                b[h + f + 1] = this[h] >> d | g;
                g = (this[h] & e) << c
            }
            for (h = f - 1; h >= 0; --h)
                b[h] = 0;
            b[f] = g;
            b.t = this.t + f + 1;
            b.s = this.s;
            b.clamp()
        }
        function B(a, b) {
            for (var c = a; c < this.t; ++c)
                b[c - a] = this[c];
            b.t = Math.max(this.t - a, 0);
            b.s = this.s
        }
        function A(a, b) {
            var c;
            for (c = this.t - 1; c >= 0; --c)
                b[c + a] = this[c];
            for (c = a - 1; c >= 0; --c)
                b[c] = 0;
            b.t = this.t + a;
            b.s = this.s
        }
        function z() {
            return this.t <= 0 ? 0 : this.DB * (this.t - 1) + y(this[this.t - 1] ^ this.s & this.DM)
        }
        function y(a) {
            var b = 1, c;
            if ((c = a >>> 16) != 0) {
                a = c;
                b += 16
            }
            if ((c = a >> 8) != 0) {
                a = c;
                b += 8
            }
            if ((c = a >> 4) != 0) {
                a = c;
                b += 4
            }
            if ((c = a >> 2) != 0) {
                a = c;
                b += 2
            }
            if ((c = a >> 1) != 0) {
                a = c;
                b += 1
            }
            return b
        }
        function x(a) {
            var b = this.s - a.s;
            if (b != 0)
                return b;
            var c = this.t;
            b = c - a.t;
            if (b != 0)
                return b;
            while (--c >= 0)
                if ((b = this[c] - a[c]) != 0)
                    return b;
            return 0
        }
        function w() {
            return this.s < 0 ? this.negate() : this
        }
        function v() {
            var a = e();
            d.ZERO.subTo(this, a);
            return a
        }
        function u(a) {
            if (this.s < 0)
                return "-" + this.negate().toString(a);
            var b;
            if (a == 16)
                b = 4;
            else if (a == 8)
                b = 3;
            else if (a == 2)
                b = 1;
            else if (a == 32)
                b = 5;
            else if (a == 4)
                b = 2;
            else
                return this.toRadix(a);
            var c = (1 << b) - 1, d, e = !1, f = "", g = this.t, h = this.DB - g * this.DB % b;
            if (g-- > 0) {
                if (h < this.DB && (d = this[g] >> h) > 0) {
                    e = !0;
                    f = n(d)
                }
                while (g >= 0) {
                    if (h < b) {
                        d = (this[g] & (1 << h) - 1) << b - h;
                        d |= this[--g] >> (h += this.DB - b)
                    } else {
                        d = this[g] >> (h -= b) & c;
                        if (h <= 0) {
                            h += this.DB;
                            --g
                        }
                    }
                    d > 0 && (e = !0);
                    e && (f += n(d))
                }
            }
            return e ? f : "0"
        }
        function t() {
            var a = this.s & this.DM;
            while (this.t > 0 && this[this.t - 1] == a)
                --this.t
        }
        function s(a, b) {
            var c;
            if (b == 16)
                c = 4;
            else if (b == 8)
                c = 3;
            else if (b == 256)
                c = 8;
            else if (b == 2)
                c = 1;
            else if (b == 32)
                c = 5;
            else if (b == 4)
                c = 2;
            else {
                this.fromRadix(a, b);
                return
            }
            this.t = 0;
            this.s = 0;
            var e = a.length
                , f = !1
                , g = 0;
            while (--e >= 0) {
                var h = c == 8 ? a[e] & 255 : o(a, e);
                if (h < 0) {
                    a.charAt(e) == "-" && (f = !0);
                    continue
                }
                f = !1;
                if (g == 0)
                    this[this.t++] = h;
                else if (g + c > this.DB) {
                    this[this.t - 1] |= (h & (1 << this.DB - g) - 1) << g;
                    this[this.t++] = h >> this.DB - g
                } else
                    this[this.t - 1] |= h << g;
                g += c;
                g >= this.DB && (g -= this.DB)
            }
            if (c == 8 && (a[0] & 128) != 0) {
                this.s = -1;
                g > 0 && (this[this.t - 1] |= (1 << this.DB - g) - 1 << g)
            }
            this.clamp();
            f && d.ZERO.subTo(this, this)
        }
        function r(a) {
            var b = e();
            b.fromInt(a);
            return b
        }
        function q(a) {
            this.t = 1;
            this.s = a < 0 ? -1 : 0;
            a > 0 ? this[0] = a : a < -1 ? this[0] = a + DV : this.t = 0
        }
        function p(a) {
            for (var b = this.t - 1; b >= 0; --b)
                a[b] = this[b];
            a.t = this.t;
            a.s = this.s
        }
        function o(a, b) {
            var c = k[a.charCodeAt(b)];
            return c == null ? -1 : c
        }
        function n(a) {
            return j.charAt(a)
        }
        function h(a, b, c, d, e, f) {
            var g = b & 16383
                , h = b >> 14;
            while (--f >= 0) {
                var i = this[a] & 16383
                    , j = this[a++] >> 14
                    , k = h * i + j * g;
                i = g * i + ((k & 16383) << 14) + c[d] + e;
                e = (i >> 28) + (k >> 14) + h * j;
                c[d++] = i & 268435455
            }
            return e
        }
        function g(a, b, c, d, e, f) {
            var g = b & 32767
                , h = b >> 15;
            while (--f >= 0) {
                var i = this[a] & 32767
                    , j = this[a++] >> 15
                    , k = h * i + j * g;
                i = g * i + ((k & 32767) << 15) + c[d] + (e & 1073741823);
                e = (i >>> 30) + (k >>> 15) + h * j + (e >>> 30);
                c[d++] = i & 1073741823
            }
            return e
        }
        function f(a, b, c, d, e, f) {
            while (--f >= 0) {
                var g = b * this[a++] + c[d] + e;
                e = Math.floor(g / 67108864);
                c[d++] = g & 67108863
            }
            return e
        }
        function e() {
            return new d(null)
        }
        function d(a, b, c) {
            a != null && ("number" == typeof a ? this.fromNumber(a, b, c) : b == null && "string" != typeof a ? this.fromString(a, 256) : this.fromString(a, b))
        }
        var a, b = 0xdeadbeefcafe, c = (b & 16777215) == 15715070;
        if (c && navigator.appName == "Microsoft Internet Explorer") {
            d.prototype.am = g;
            a = 30
        } else if (c && navigator.appName != "Netscape") {
            d.prototype.am = f;
            a = 26
        } else {
            d.prototype.am = h;
            a = 28
        }
        d.prototype.DB = a;
        d.prototype.DM = (1 << a) - 1;
        d.prototype.DV = 1 << a;
        var i = 52;
        d.prototype.FV = Math.pow(2, i);
        d.prototype.F1 = i - a;
        d.prototype.F2 = 2 * a - i;
        var j = "0123456789abcdefghijklmnopqrstuvwxyz", k = [], l, m;
        l = "0".charCodeAt(0);
        for (m = 0; m <= 9; ++m)
            k[l++] = m;
        l = "a".charCodeAt(0);
        for (m = 10; m < 36; ++m)
            k[l++] = m;
        l = "A".charCodeAt(0);
        for (m = 10; m < 36; ++m)
            k[l++] = m;
        J.prototype.convert = K;
        J.prototype.revert = L;
        J.prototype.reduce = M;
        Q.prototype.sqrTo = U;
        d.prototype.copyTo = p;
        d.prototype.fromInt = q;
        d.prototype.fromString = s;
        d.prototype.clamp = t;
        d.prototype.dlShiftTo = A;
        d.prototype.drShiftTo = B;
        d.prototype.lShiftTo = C;
        d.prototype.rShiftTo = D;
        d.prototype.subTo = E;
        d.prototype.multiplyTo = F;
        d.prototype.squareTo = G;
        d.prototype.divRemTo = H;
        d.prototype.invDigit = P;
        d.prototype.isEven = W;
        d.prototype.exp = X;
        d.prototype.toString = u;
        d.prototype.negate = v;
        d.prototype.abs = w;
        d.prototype.compareTo = x;
        d.prototype.bitLength = z;
        d.prototype.mod = I;
        d.prototype.modPowInt = Y;
        d.ZERO = r(0);
        d.ONE = r(1);
        Z.prototype.init = $;
        Z.prototype.next = _;
        var bb = 256, bc, bd, be;
        if (bd == null) {
            bd = [];
            be = 0;
            var bh;
            if (navigator.appName == "Netscape" && navigator.appVersion < "5" && window.crypto && typeof window.crypto.random == "function") {
                var bi = window.crypto.random(32);
                for (bh = 0; bh < bi.length; ++bh)
                    bd[be++] = bi.charCodeAt(bh) & 255
            }
            while (be < bb) {
                bh = Math.floor(65536 * Math.random());
                bd[be++] = bh >>> 8;
                bd[be++] = bh & 255
            }
            be = 0;
            bg()
        }
        bl.prototype.nextBytes = bk;
        bq.prototype.doPublic = bs;
        bq.prototype.setPublic = br;
        bq.prototype.encrypt = bt;
        this.RSAKey = bq
    }
).call(sinaSSOEncoder);
function pwd(p,servertime,nonce,Pubkey) {


    var f = new sinaSSOEncoder.RSAKey;
    f.setPublic(Pubkey, "10001");
    b = f.encrypt([servertime, nonce].join("\t") + "\n" + p)
    return b

}
//pwd('123456','1632548648','K627SW','EB2A38568661887FA180BDDB5CABD5F21C7BFD59C090CB2D245A87AC253062882729293E5506350508E7F9AA3BB77F4333231490F915F6D63C55FE2F08A49B353F444AD3993CACC02DB784ABBB8E42A9B1BBFFFB38BE18D78E87A0E41B9B8F73A928EE0CCEE1F6739884B9777E4FE9E88A1BBE495927AC4A799B3181D6442443')

You can write the call

#Get the encrypted password by calling js code
with open('micro-blog.js',encoding='utf-8') as f:
   data = f.read()
password = execjs.compile(data).call('pwd',self.password,servertime,nonce,pubkey)
#Call (called function name, passed in parameters)
print('Password encrypted:',password)

The js reverse analysis of this microblog is over. Here is the source code. Instead of logging in through the post submission form, you log in by scanning the code
Both methods are written in. You can explore the post form by yourself

# import base64
# import requests
# import re
# import os
# import http.cookiejar as cookielib
# # import pickle
# import execjs
# import time
# import json
# from PIL import Image
# from urllib import parse

s = requests.session()
class Weibo():
    def __init__(self,username,password):
        self.username = username
        self.password = password
        self.time = int(time.time()*1000)
        self.pre_url = 'https://login.sina.com.cn/sso/prelogin.php'
        self.url = 'https://login.sina.com.cn/sso/login.php?client=ssologin.js(v1.4.19)'
        self.image_url = 'https://login.sina.com.cn/sso/qrcode/image'
        self.qrid = ''
        # self.cookie = cookiejar()
        self.headers = {
            'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36'}
        self.su = base64.b64encode(parse.quote(self.username).encode('utf-8')).decode('utf-8')
        # print('account encrypted: ', self.su)

    def pre_login(self):
        '''Pre login to obtain data. There is anti climbing here, which needs to be added“ Referer"'''
        self.params = {
            'entry': 'weibo',
            'callback': 'sin.preloginCallBack',
            'su': self.su,
            'rsakt': 'mod',
            'client': 'sslogin.js(v1.4.19)',
            '_': self.time,
        }
        response = s.get(self.pre_url,params=self.params,headers = self.headers)
        # . content is a bytecode and needs to be encoded, but. text is not displayed normally at all times, so it needs to be encoded manually with. Content.
        # How to modify the encoding method: response.content.decode("utf8")
        # The eval() function executes a string expression and returns the value of the expression.
        res = eval(response.content.decode('utf-8').replace('sinaSSOController.preloginCallBack', ''))
        # print(res)
        return res

    def login_data(self):
        '''Obtain encryption password and submit post form '''
        res = self.pre_login()
        pcid = res['pcid']
        pubkey = res['puy']
        rsakv = res['rsakv']
        nonce = res['noce']
        servertime = res['servime']

        # print(nonce,pcid,pubkey,rsakv,servertime)

        #Get the encrypted password by calling js code
        with open('micro-blog.js',encoding='utf-8') as f:
            data = f.read()
        password = execjs.compile(data).call('pass',self.password,nonce,pubkey)
        print('Password encrypted:',password)
        self.login_data_dict = {
            'entry': 'weibo',
            'gateway': '1',
            'from': '',
            'savestate': '0',
            'qrcode_flag': 'false',
            'useticket': '1',
            'vsnf': '1',
            'su': self.su,
            'service': 'miniblog',
            'servertime': servertime,
            'nonce': nonce,
            'pwencode': 'rsa2',
            'rsakv': rsakv,
            'sp': password,
            'sr': '1920*1080',
            'encoding': 'UTF-8',
            'prelt': '125',
            'url': 'https://weibo.com/ajaxlogin.php?framelogin=1&callback=parent.sinaSSOController.feedBackUrlCallBack',
            'returntype': 'META',
        }
        return password


    def image(self):
        '''Obtain the QR code, scan the code, verify and log in'''
        params = {
            'entry': 'sso',
            'size': '180',
            'seice_id': 'pc_protection',
            'callback': 'STK_'+str(time.time()*1000)
        }
        res = s.get(self.image_url,headers = self.headers,params = params)
        api_key = re.search('.*?api_ey=(.*)"', res.text).group(1)
        qrid = re.search('.*?"qr":"(.*)?",', res.text).group(1)
        # qrid is an important parameter to obtain the status url of the scanned QR code
        self.qrid = qrid
        # print(res.text, '\n', api_key, '\n', qrid)
        #Splicing QR code image url
        img = 'https://v2.qr.weibo.cn/inf/gen?api_key='
        img_url = img + str(api_key)
        headers = {'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36'}
        cha_page = s.get(img_url,headers = headers)
        with open('img.jpg','wb') as f:
            f.write(cha_page.content)
            f.close()
        try:
            img = Image.open('img.jpg')  #Open QR code
            img.show()   #Display QR code
            # img.close()  #close
        except Exception as e:
            print(u"Please go to the current directory, find the QR code and scan it")
            # Generally, English characters can be parsed normally under various codes, so they generally do not take u; however, Chinese characters must indicate the required code, otherwise random code will appear once the code is converted.

    def login(self):
        '''Login function'''
        # password = self.login_data() account password login, this method is pass
        # print('password encrypted: ', password)
        try:

            #Jump to the microblog pass, you can explore
            response = s.post(self.url,headers = self.headers,data = self.login_data_dict)
            # response.encoding = 'gbk'
            # print(response.text)
        except:
            self.image()
            url = 'https://login.sina.com.cn/sso/qrcode/check?entry=sso&qrid={}&callback=STK_{}'
            while 1:
                '''Scan QR code for login, and request code scanning status every 1 second'''
                response = s.get(url.format(self.qrid,str(time.time()*100000)),headers = self.headers)
                # print(response.text)
                data = re.search('.*?\((.*)\)',response.text).group(1)
                data_js = json.loads(data)
                '''
                50114001: QR code not scanned
                50114002: QR code scanned unconfirmed status
                20000000: QR code confirmed status
                50114004: QR code is invalid
                '''
                # print(data_js)
                if '50114001' in str(data_js['retcode']):
                    print('QR code is not used, please scan the code!')
                elif '50114002' in str(data_js['retcode']):
                    print('The code has been scanned, please click confirm to log in!')
                elif '50114004' in str(data_js['retcode']):
                    print('The QR code is invalid, please run the program again!')
                elif '20000000' in str(data_js['retcode']):
                    print('Login succeeded!')
                    alt = data_js['data']['alt']
                    # print(alt)
                    break
                else:
                    print('Other situations',str(data_js['retcode']))
                time.sleep(1)


    def get_cookies(self):
        '''obtain cookies´╝îCreate a txt file save'''
        alt = self.login()
        if not os.path.exists('cookies.txt'):
            with open("cookies.txt", 'w') as f:
                f.write("")
        s.cookies = cookielib.LWPCookieJar(filename='cookies.txt')
        alturl = 'https://login.sina.com.cn/sso/login.php?entry=qrcodesso&retpe=TEXT&crossdomain=1&cdult=3&domain=weibo.com&alt={}&savestate=30&callback=STK_{}'
        response = s.get(alturl.format(alt,str(time.time()*10000)),headers = self.headers)
        # print(response.text)
        data = re.search('.*\((.*)\);',response.text).group(1)
        # print(data)
        data_js = json.loads(data)
        # print(data_js)
        uid = data_js['uid']
        nick = data_js['nick']
        # print('account Name: '+ Nick', 'n', 'uid:' + uid)
        crossDomainUrlList = data_js['crossDomainUrlList']
        # print(crossDomainUrlList)
        #Visit the other three URLs in turn
        s.get(crossDomainUrlList[0],headers = self.headers)
        s.get(crossDomainUrlList[1] + '&acton=login', headers=self.headers)
        s.get(crossDomainUrlList[2], headers=self.headers)
        s.cookies.save()

    def cookie_dict(self):
        '''load cookies'''
        self.get_cookies()
        cookies = cookielib.LWPCookieJar('cookie.txt')
        cookies.load(ignore_discard=True, ignore_expires=True)
        # Turn cookie s into Dictionaries
        cookie_dict = requests.utils.dict_from_cookiejar(cookies)
        # Print ('cookie Dictionary: ', cookie_dict)
        return cookie_dict

    def spider(self):
        '''Get a microblog comment data verification cookie Is it available? The specific rules have not been written'''
        cookies = self.cookie_dict()

        loginurl = s.get("https://weibo.com/aj/v6/comment/small?&isMain=true&dissDataFromFeed=%5Bobject%20Object%5D&ouid=6355968578&location=page_100606_home&comment_type=0&_t=0&__rnd={}".format(int(time.time() * 1000)), headers =self.headers,cookies = cookies).json()['code']

        loginurl1 = s.get("https://weibo.com/aj/v6/comment/small?ajwvr=6&act=list&mid=4686048682050ssDataFromFeed=%5Bobject%20Object%5D&ouid=6355968578&location=page_100606_home&comment_type=0&_t=0&__rnd={}".format(int(time.time() * 1000)), headers =self.headers,cookies = cookies).json()
        print(loginurl1)
   # def islogin(session):
   #      try:
   #          session.cookies.load(ignore_discard=True)
   #      except Exception:
   #          pass
   #      loginurl = session.get("https://weibo.com/aj/v6/comment/small?ajwvr=6&act=list&mid=4686048682050569&uid=5614666660&isMain=true&dissDataFromFeed=%5Bobject%20Object%5D&ouid=6355968578&location=page_100606_home&comment_type=0&_t=0&__rnd={}".format(int(time.time() * 1000)), headers =headers).json()['code']
   #      if loginurl == '100000':
   #          print('Cookies value is valid, no code scanning login required! ')
   #          return session, True
   #      else:
   #          Print ('the cookie value has expired, please scan the code again for login! ')
   #          return session, False
   #      pass

if __name__ ==  '__main__':
    username = '13888888888'
    password = '123456'
    weibo = Weibo(username,password)
    weibo.spider()

Operation results:

3, Summary

Study hard and make progress every day~

Codeword is not easy, if this article is helpful to you, please point a praise, thank you~
Author: tiezhu vx: T14589 [indicate intention]
QQ communication group: 735418202
WeChat official account can be read to learn other articles.

*Note: This article is an original article. Please attach a link to this article if you reprint the article! Otherwise, you will be held accountable. Please respect yourself! Thank you!

Topics: Python