经过对压缩混淆的js代码进行分析,得到了加密函数,具体流程如下
- 首先访问 https://www.sgx.com/config/appconfig.json?v=e1be1215 获取"CMS_VERSION"
- 再访问 https://api2.sgx.com/content-api/?queryId=%22CMS_VERSION%22:we_chat_qr_validator ,得到"qrValidator"
- 接着用加密函数对qrValidator加密,就可以得到 authorizationtoken
authorizationtoken = qrValidator.replace(/[a-zA-Z]/g,(function(t){var e=t.charCodeAt(0)+13;return String.fromCharCode((t<="Z"?90:122)>=e?e:e-26)})))
python代码如下
import requests
import re
headers = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36"}
response = requests.get("https://www.sgx.com/config/appconfig.json?v=e1be1215", headers = headers)
CMS_VERSION = response.json()["CMS_VERSION"]
response = requests.get("https://api2.sgx.com/content-api/?queryId=" + CMS_VERSION + ":we_chat_qr_validator", headers = headers)
qrValidator = response.json()["data"]["qrValidator"]
def encrypt(t):
e = ord(t) + 13
code = e if ((90 if t<="Z" else 122) >=e) else e-26
return chr(code)
print(qrValidator)
authorizationtoken=""
for t in qrValidator:
authorizationtoken += (encrypt(t) if re.match("[a-zA-Z]", t) else t)
print(authorizationtoken)