在上一集中,我们已经获得了表单参数加密,请求头参数加密,现在需要对返回的数据进行解密。
跟栈分析,直接进入第三个
在疑似断点位置打上断点,已然发现解密位置。
function接收参数t是加密的密文,接着返回的a.parseData(t)是明文
所以解密函数是a.parseData()
进入这个函数,再打上断点,result是明文
,进入上面的BIRDREPORT_APIJS.decode这个解密函数发现是一个AES解密
前面去找密钥和IV
开始写代码
完整代码:
const CryptoJS = require('crypto-js')
function get_decrypted(encrypted) {
var key = CryptoJS.enc.Utf8.parse('C8EB5514AF5ADDB94B2207B08C66601C')
var iv = CryptoJS.enc.Utf8.parse('55DD79C6F04E1A67')
var decrypted = CryptoJS.AES.decrypt(encrypted, key , {
iv: iv,
mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.Pkcs7,
})
return JSON.parse(decrypted.toString(CryptoJS.enc.Utf8))
};
encrypted_data = 'ncDfst+MbXleweHKbOyKB7gre10rA2aMmrcyL07nR1crexENNnYCrso/uyZFhSIREMhzFyelOdlUueoJccMoTXpDHAMEgQXOBwWtI4Lq82AXd6Ugtqeq6CK1P/g4yHrGqVJw2UABZozScMBnhILeOpdvxD/aNXK3L8kNZjJNOjSabb1rBI0W8K0ESiQi5v2o0GefuTFnExhpyr/V7Ap9lZUkO5hLUVPSd7IFF04maWRELB4RIkLbt4CHMDqo8cNT8afFqoCksdCU+duwqX0D1wrWgV13j077e7DTn3Z8VIZxzOFE5FLpJJgO/3qa6laJWma87X4c2XDUfB9SLA5/nd3+auErBfRr32JPUhpry5LKsYi2AVBuy4s7IePhpvGfTc85rWyTMPkzTM/8W9kQX2c8uibICm6a2QP6RgIvBOptX1h0/0StGyMLC3I0Zehij18HLXp+oyRZmN5XZo16Mh/utqLHgeweNstM3z50zIRTyIteZCYkpFLKZV7/lfWwcLqOLRf4NbXjSSXrc45ojN9u1q3r3SCzXgucDh69z4bAhgvdcyTNRVcPN/9V7l4QehcqXgdEKzU8kyNVQdyv26Z26IkA5EuW7q6ZN1co8Kb4M4CyMakEM7lHAlhIVq8nY/Qp6rHe0c829aY1isBjUAuqwz+h8akx4W0KCvenXbEhopAtsK4x7rOm2h4hbssm6UZp4hx4zI0Q9FvbS3hZhq888i7+H7HewnTXC/QSwoCdQp/2aRkssg6T20vpKTFxyLwwNwWJK/8WBBdYIXCJMc1qj3V08qYYG7Cnrt5yUv+nmauzCP3P/kLWD4LzGsCy/zGA0lML9Y+ylDu+gDP9W4TPc7imszymC1yuRgmcPDTTLP6Tau2TlJVQ/i5RPj2eK9kYvgSj6aRfSNcHCQgYEoIJiZASSxuLxHJJTfodrYUZASE1+QAcZUtVnO/AcKo8wtY3ClVdxRj0o1bY50Tj558EA6YwxWZGTOTCk5rncQzB8I1TgQLDqvJoaPIgCbIZfqJ9TA/TJFoizHR+5VCQb+u5G6K2n0ppaB3G0bTjjCK+gatIx4nAVcowBYtWwSdeAJ8Sk1awjC47h6KLlvJ7jmI5QtWBIj3AbJAzCGQMatrmppZ4O6LEw8+EPlKm0sH+BJhubKmo6H81quhD/c9TC0P+0BHvzIcPgmJR8qhRgoPOcxW44U4bjhzvHNEd8SQ7DVkmEKflVFUu+PNhgF90Rhv5Ray6U2keiwb9wmJzkWyQOVsSOS96UUSV2al7bPYxGRVXsct/XyOB7Z7+uksPpu+LA0CVsQcqabZWe+n934FM8TpKWiO1gcTnDo/I1vq5C2Pe2TjTttKj2zJ38zYBwN04quz7qNa4jPjdPd6YbP0pUgijTwdE3vK8qWTZ4dPsLfBq5y9mhwm3ydbHhJIexASJwHLz/VlOj94UV4ytgC6vpwoVSxABoRvLWL50CfkR9IfdQjVBeEeYrwO3bQIF36JDN+yJ5ThVholJmaK39NzHpRSQbu/CYBN4FBbGhhZDxO2FcMFM5PVINgwlrtNZTyUaCjPfYWJ7yci6ahLxl3aof6lDACT0is5/yNbuT0QtPJKsd/8Xg62pU2zZesM68icWKGu+J4hRQc8/OM2dSDSVMfcq1V2S1I6WLDaAFa9lrPl2QO3qjBoOCPaPisJVuZcD3J2b6+42jwgrLWzLG++48tLwUEmNVnqrrwMD5twBJQ74/AbEkjvXzOYf4rVlak5qeOE3uSW9hxcpKWd5gr8tvEXEdTDHf24t6/NNQmIbq5OlHkTbOyyF2VHVpqXP9Av2v4/15iGrqbINbz50i8SrKfOn7QMpHSL1qnEYp01+/cuzXw58E/Q3wMrZyNCNdfDLkgeHFDop6T2q/8n/lCWhYwfHTU0CDxHGKcwxrvdzn45EzP/s8+j7CkuC4S7CMdy4eX/RXemAeJs8EQogxHkSoRfJYzVj/srgPbEOQ6XvR+lTddNvZdQ/eSjaVmqxGprWTB7ZRpw7xdyGww5Q6Zums6hXCs8AT5Yii+PUUhn3A0sa8tTFvdEaQWpCstXhRP9GewFGIv5bBp/RtQ4co6BzqZqEuB5kVIfmJzHKijOCKObGqylTVMayJ0OjMbIYmrtn6PbEPzaKPH6iIP1UsA/c4D8ov4VZYgzpXEREVU8lygKoEXzc3H98Zz56dWKys1G9wuvCf8ikWY9Q+QU+c9y78dGaFk3m5TF+gBuCAd/CYC2f3FQGL++ma8fuFDoRtEFQt/u/OELA+3IRus084y3TcfamdCxRzV77h4cZ4f5tDDCuAiMl/rgrYQ6o1GdFPCsfF2Ff40VWGJgREvuFLQvCgsTEldvfKawTeRTVQZ/niHk0vLsYeYOTu0S26mU9Rx4XV5T0yKRCNUgUZ8Bh1N37FFYEMQIrLMF4ccX1ChMvfcdNEFDeSe5GA7PuiB0NNYjJ+L2PC5MjWGNIeZmbWomQGsZZk1I+fHuFNqz9DS8Vgsd+qKkBvIZ7OcJp0ALFQMT/9rLNTTpG5bxxCb/tniPesZRRspIkzCpVgAKBjuFsqS4hBq3A8mr5msNT78mg4BXhk7RV1sFuPVaPLRB5ZBcacU8kd3I8xPPNRBn2fw8CtHzOeRS3/TnE8Dued75JXeSSLCaofiOxozvqhgVgz+rbNlznyDkgj3XXvmVrg+byzHTyMcFSFXLFqFEZ/t/HKHkJ6kmoXRh3D4kK6iVyg+Qz3q1bAjYjSICDw5eFh5jomT7PdNd1KvozCObqvFQRym8so45UAvrCjAIil5ZG5h1j66MSDXybcGAE0BRXFiASMDG327+03g5cH1+m6UVG7bCv44QX89Wj2lcOS220CESGWJ2dvhEL5fpGm8m2ikKjVeYQ/EeCUA3eQB3Hq5D8ACmZezX2+MZ+MTBnNid+3DLKN2D48bkUgoz3cvl+NXzjs7aigXi/pHIvS928rgOurkgZaSAcP2G5sreY3IChMyJQjBqjyythWH+jAYqFJeF4OEh84x/ROHh2zV8cKKqIj3o8zl5GzatuzyYAfhaUOGCObqC8ZiCYZVeCfCYNQcVBE6Ydop1XJ7LO/GaiPLpsElBv0VV+WIARANt6fvM3DX+FZUKPnF4dlK7xEKz7W+sAKkzTRaX9UqojW0gcJfd4A+OfwjdA4sZ4bG+Wy3S3rmj98U2J72AonXEIWN7UaAN+wVJQ1RxILb1IJjjSx+p6RruIYPIDGWOEstHa2TF0wCN0zv0OGSsVnxjNmw1SB5AYzPVKxLyVISZemZMd9g/JhWk5dy0JMA20qtOZ68wkOKo6wpk3R7HEiWt97eApygTpqqdf7EpJtOJu+VVgmQCMWhRDVcva4Sq3dRHqCjG+wyuh28/wl5TF7LlF0+eS/zt+2syA5gnjsHSNpIPmnxC4mGihSvBMbu69F+7ElJ7hdtThliNuN4VXxd+qoL3Zntk1Ml31Wccay6DelSNB6qqyp+o+s3wr7PRkF5P689h7Ua6nOhuvcOP5M+6FltnA+g/c5fFW6gmUjXonkWyfp4PpXcKKq7248s/qgHjmEaIu+zbq7vVzY4EOU/szNndDWrcp9wJALJhdBL7Y9usQRH3FNN/r2vc1SdvqJO/6fOg1iz/z0lhzhbGjmZqu2R2Dv8k9LaqMwhzHZSqwFbrwfVs9FJaoDoRwIvr+uptTLpNrjPSGizuWTfoDXTOo0+WATFXdTcyuwWNnfm1S7EuuV/asCO1ULsPdLp/Z2UBIxqZSSqM4tOcyX+TxcoVJNi7Y/ySLNWs7eAo3YX1oHw+0NkPwaAtEEgq8XLAUcRRAvOr8RgHzMqGiZt2UnWYtDzs6E+sVF/YanbOuaUsK6mbaaidUEg1g0fei4yyg3X/kl1gaWS6j4ydkBDSRTw+esC0zO2GQ2Vq2e9xRjq/VOPAVCAkt8xxjhW8aRfjcwVOF2hJwWJ2096DGKZ/u5msbnq2hQ4jab2IWzNpXoJ9luatoFKHPAIqf0e847qUwpFpZlD6ad3oGKEoYG0l0y+mfHkekpo952UkrvJ06fw93UVfw1qmgI1jy/vq2hs7i6KZzpIxS3/iCLDmaaobZIWC/B/3ne4bvPcUQDN+HJeKJwwvjqL1PRNe1RwaiQBawUK4CdKIDuz9psitCYzagMXAwQjblAmpFZqj1ZJJdlhcCAzu8MXFqqh18KQHgDzb73MFTzTn3ATBc3xx8duWU8i5eUmDU9WI0RDZkBMfsBKsgU73byDfRNjG6pPtDSQ6SBPZcQIQbI8RBj9Hrdunas90/PUd4SUPCAAblukQnNAPjDCDPp/UQcrASpFJRjfTJx9Ejma2gWHtn3U96eBZSt5WZlacyaL2utWnPxtkQ01ZWKGvR0p5n97A1V9UPyOgaAIyrirNCItS55JWU353YGmQBTqRQrZZoeLQZk8UDbG0a9ueU2aKM6OgJr7SBH0qmOPf4v+x3IEg92zlN0+o9uplKjthGNNLFOtIBDjCIHRGzfMEzNz1mgZtM70Jd3DvO/1OjvPdv6M+g5ic3mMlCgjOmNgh3inVjZ+AuLOPrG2zoPKuP5BD5BlF6yOoJEJcLNRZnxM2AV+J8nQcHAD9zs2fEH9PmUceaP/kmRY72xUA4WMm2YK+n353sksO1EyzjKahr/jtu4SK09ZOYsDcgzO2ZhRvLV0LXxsL8GExIqtlP4Lbo/jfLQR0bLrrXIDvnomqERlZHxuA+RUFJWAy5HzycBYdhfzttVQt70nYP7ILtBlS1KSJ4fjHeBiRizT4DKu+ch2+ZqglO2nVd0pZrIFBOZpWInR91AJrVQ6eE/b3KLNcETe8+Itzje5wA9VhaU7LBLOEEGuiR7AzV+CAPLqvrj+u+UMLxKLjRnBHrdrWsPFWK0D9LKwlBM98qxn7Px66t0974APPCYOINZzJwD9jzrPLlKh01lohUUZU0y9RvOb3+A7lyPSyO5Xd5PNI0Lp1f7+qThFkDiX+DBKW0le5PybZjShtnWLknVugHTrA479L2esXHGjeSkLO1FrKOGfrq33l6nvCYj3hzbw1HxIIU8X8I7IzgqfN4GDwoteZrXMi3Zkncb8vOApb99iKoODj+Nufc4U75gdJuFqk2WRNLk6zpUu39U5makhp5Zyyx4qKYOJSeeZMrlHY2Hqc0MGVx90rIWtC3OZVErsnvfKoHkyNODvvp55ikLZ5MYLNnA94wR4I0beFi7JgB1Xz/aqGoSR2sGMuJ/ok/KfgkfWWj0n4nUj1yysSId1KFOTfQZQSgASyUIthwj7WNeYPN9FeEhYFlch9eQ8VFekyknwBBeeKwCxOrR1PBlt7eWXY5VRmz2wO5TFyZiWJ0H3376+ofQI2yrijsCJ0gIG3J64mPDVuPeLhKiHdqLrVH63AHKiaMBPRhgI3vQxTAtzvpI2amTZoLtFCjv5FulHSVPthE6fsWYsDlHysQbcjFTIoLdFw3xN95yZ13vYRGMQx7bGHeFnfDsfPp59ZQgPb2fu+G3HtctTjOJl1i1hMNT4vmUmDPnVho7m4CNCUQdN+yb1hwp6muRXn1TN+77A7j/ZrYB4gNOZHa0yB7/qwCd+mAWDETIcO7nOSgQQY7SngUfIDd0wBXWe0l6aBbOUzWEqzU1FftDJh67P9dy45NUCKumBXqUrO8+6MkmuoIoM/g2V3Q8oIbebtH2bWW1kvddJOCYUcqajpCpSiTVHrBnFIUGXk0hAqLgTXD4uLaLuLN+N8yt5g/Q10Nv+PVFxMQRqKDDxwzznutNTeP7z7Ee7n/xGEqbQf4USsc2pGe8g8Ga791gYmdoyCed8uFzNDV5Ea8Q9VQYHsX0YdF3U4ztnY61hSPVcawO6DPLCXTVD4ff67AXs2FPGSbl3bhee6iyaaWTx9iLGunI03r6/ccA3bOPWxY7HlDNm4AXB5g/bEz33coo29m6kDMgNpGy/wz5IIpfuhgY7/dO0m/dI6ljq8hzZCQ84jt5B5130X8cLx32hpq66EVdudK3iQXrF8GbVq5GH/stN7c0c5XUUkEN14fM6qmIgpKdmVX06tIbLNn/y7Qohjhds5ZqSn+Pzt7XGZplIo3TbEFKA46/sA4SRDwCX/o8NybyjTp9oforuTIjIjcDj01B6m49JpxwcNkcKDgfBcY2L7dTphr4k5Pq2sH7cuABhr0cy/CT/3SPgykM4xRGOScm9nudX7LJ7PU5L4W7p9+lggzW2/0lF1H4XEf2Sr0SDOapW1MNlYgvtJHs/1iqYWFDRw/OX0sDBCSK7ISpskBm6F4f0Kgd5bXVK2MQpOpRSBV19lVrzYQk+PyfjS1B4F/WczHi2qH6PoKkl9f3eBhv8GYDh170o4wv2Ea43QVgn9m7Odh4ik1RDBM+/oN/q9KwE4YN8LRTh7SReMwQ+WMmY/2GQTa8v07k0DakZwcO68S5hZpGT5YOCe365AtJBOmU68adxIdfR12VF4dVyMPuG2FMhgobWFiRQ3ieUWUcqDnWMNUo5kAj5bbLzdLwQLDiemCSS0tc5AJW/9qEpLA2Tg4ugeib9RlniWacl/fzfBWS1kcVUVFjn9+T3t+V2wFvW6Qcd366NYtdaKP0dQrm3EutOqGvbTedh4lJZ5ugwoppX35WwOWJY3iSOjh/X2iebeQHizG6+/HVNc7/G/5Dcqxn4+EpWvYne4McHGpm3njYKJP57MYisMKwkUBlDholHyiDt+HzXqCmC6FvNkgbj1gipt7YzxfP2kJQzuzOrYb+Hb7DKjZF/fy6dunTqOpt7fmaJwX42JPSxEDMQe6e4uS1iBYjFZsi6hdm7LQUN3mhtIWg6ngweD+rVnvj4B96DoiToklcsc0rHf/RaBTy/9VFkkQ28lpKkOnZXL7mLk/Jka8Val+KuLTKL8/2ztGYvQvEy8hGD/D9QaDQCzn2aTNpAMFiGymMGT6+spjYpzy6+83vIb46B8p6JGVHdc155SurdHo3md0WbTldZuMOgxnrURfJOwDmy6lI4lXAOvFzdiKdE8zvsDT0ln5g1qFPL7lp3i3qEBhtc/Zhp8IEprMKP7TuwMqItdZn3g7+Z3DSPpZN0eQ6CfGJigIqvxIytdbTVLJELzXqh2EWWP8VwtLUjhzIkELoL8XUJ5xTtopwIqd2e4Gd5Omjc961BkUzw8rF7YWNsJvtbnntTjFEMWS2ye2lgX3gnROUKkr+IklEzCR9aLHRkEG26DoIp7O9kuT24l94SYnmU+ii0hcDRrdr8algMVg4iM1ZSO5ikLD6zDSlV6+U08I1m19wkY12TOXezAygofdsV/2NRN2r+H9xdrj/i3su564BtQ1XWEmB6Zj3tpG/ttOom+l5S5tqnPrLG92TUjkZBR18pSEWsLPglTBFZrYVkETVgrI7QfQNxqpLsPHb1ZPX92D6ExdtZGNz7KlO5bkS/HHGSZwCSkhNNfv5RxXYLR90oUi7ckbZ8XxgYtijsDJxH2WW3xkgYe4De2/bdHzZKCQl7ODOj2jY9FGh7iNrbOdOak42NqfNSQ/itbN29BtmqyrezymrqO558dST1kDA8iOt1R4pHIcjeCIeQqyOmkB5qiYhf8PyPOzEVWwcRRaY4YzIGCcWNPZL+XhtbyB4nPMQhjQNPg1iR19BbNg7EEqqWMEups70OL7x0AaSjhU3LRgD0Gnx+z/jnyBynuOfQTYRHFxs8hIuD9+pXNJ++wnWx0lWly/QX0DRSD4hE1a/8YInYU8oCEGasL/QwPN5rQOiYie606I0mTkPMR+t1aCu3TtTorAzLkABfGINC5d1kosQdkT1zPSqOWZ63ZgUZHcPQDXOQ9Optp6EcLE0YlLT2JusQO3BaB8664inEgYXTq65M5ufFoF/prXA/1FcAACAjRPR0nO4hB6r1ABfm6nlv3zXgHdlUracKqIhpfZ3npfh7GeMMkY1Mmb4oYx9ClwJ1da4eJWrX+vllpe1/ZCD8qqDxAUd5gOmmWY1bTnwPJHLDfBKVsmxDRyR7yzrVVHsObRIsBX9ZxqoJYFRAkru9BwfCeY41CkaaTjrCBlBvm0sMSZlT4DerOFnTr81alsf04q911U27sMJiqdtHXlvYja7khJQCZpRQBZMRpJ1JueJnCeFDS7HML91ZYYGydu4PIKDngeoycIt0FWegq83Hk/7BGSRtceKLahIBCk3e0Ni4F+IAZdpSbtoQzY+QD/snIjB0OUQetRj+EDXZdr09kb3RvOWx1yvZPLdxyHMNcHz5RABYe4YKws4t/AjCNwRabTwD5hqMBrnK/KTvVrQmr6iGUDlBWm1b2rRYgiSpJlVdFJ7QpI5ERVdPxGSTwKjXUBFBut7DjtZj8A4okCvQuDWh3HbSQOA0dQUeRcRsNv/DRwlIbST0N2f2XO/dlWzdYEfEtC8UhhZDJsK3xfGr1uc4f5lGylCN6t2PL4StWM77khoUKj0avTUdkfGYOZRKo0Kz2XstVUOyIyMr3iM/RI5Pvdgr+AYFGPFctMsUasCxHj6Q9t6XxqKi3LSlxAM4ndjOINhYnWK0+CGBwI1NQ2I8fMa9VSbCz2JGRJegDlW0g9qF18I5vITekHWNxuke3LP1gbWnxlqljZa8L5ckGxqYn8d0XGCCOiG8szb1Fq0bkfJJvEsPtdqNpefCynwltClVta5eYG08sh2lppjG8A/iUZbNvOOl/Be5yPLe1/NTRkm/Myk9zgFs1Pg7Y9kWdez3WZu9YA3XpykZtni45Zk+s7K8OHj2lmeV2A76lniMklN7FixFquTOCaETsBFia9v/fckiFe94M3HYar/2kwHB6M1DG4ZbW6//aW9Oc0oirCVJGY6+3P61GaZOvprDojAL+erbF8uWFmXmwdm7vCyowpvMZmbw4NwoKHNShU1hdFv/KoHoZZtfCZr1VTSIe9oJLTmitemhoDn8Esbg6hzq4kPZVyDNh6xfvS1oDz1PEqth77R7G2ZAiu5hS8owm//PjeX02bX6p40AvNw8wve9dpNWWgQrDMbvsstMsdVspIvCai937Li/MmwfllNQIwbT1ZY9wNVGSX3bmGusMSA4wqFWDIvmkoaAM9WBdBalGJ7F2z42ktAxbMbMJ2lN5CJ+vw2lpfeJkVy1GZzc4oPXqOnoINJ52UQcsSKpEG8TEsJE4lrPHq2vEbP9UHUiNWvx8MelDn91wT7TvG4+NPCOo4ubNKNIfDZPVHzDpGptV/igr3EglyDj7jdyDJ7OXIkRcrWLaVLoX9N2jUo7JUEJwbmg1ftKQVOXt2hRPy1HjIH+/Fo1axPsDSsNJG4tHU5vkIzsjfGp3BWF2LsRkaMjZivDnyM6Yag6BwiIkXKxgSF01dXOv2hr7GYbBXCkmICGj7JPKKlGwigyjZ1UrFwX8uDxJJcWTXKbMXlbzI+6e1qHeATRslhdJPW2I/GbAvodJSh398T+iG+qkWBDOh7XRio+t6c7N/aGnGVzSxiyZ/5gtK0Y+DaQKo7ZoUI/VkuzYg9RE2KI+/1cSTy2ztmEAsBesK+ZoHNkNTfOv5q21D5DS9xmIO7q10qdcSG4QXLE3tL9/1ZKSjLxA7m/R0vLSkvY2+iUrIzL8QqnZsBcn4KBYlrfbL/eDu7veTZnt5zH62Xle0XUh3pYBUdmY3naEbgMEYUe6ZOXBA4y8Wt1gkHJs='
console.log(get_decrypted(encrypted_data))