一、http get获取封包源代码(如果需要相关算法代码我可以补充,感觉源代码逻辑不通)
ScriptRuntime.setName(ScriptRuntime.bind(p1, scriptable, "line"), "http://cdnw.no1s8.com/", p1, scriptable, "line");
Object[] objArray1 = new Object[]{"lb_card"};
ScriptRuntime.setName(ScriptRuntime.bind(p1, scriptable, "card"), OptRuntime.callName(objArray1, "readConfigString", p1, scriptable), p1, scriptable, "card");
objArray1 = new Object[]{"lb_gps"};
ScriptRuntime.setName(ScriptRuntime.bind(p1, scriptable, "gprs"), OptRuntime.callName(objArray1, "readConfigString", p1, scriptable), p1, scriptable, "gprs");
ScriptRuntime.setName(ScriptRuntime.bind(p1, scriptable, "androidId"), OptRuntime.callProp0(ScriptRuntime.name(p1, scriptable, "device"), "getAndroidId", p1, scriptable), p1, scriptable, "androidId");
Object[] objArray2 = new Object[4];
objArray2[0] = ScriptRuntime.add(ScriptRuntime.add(ScriptRuntime.add(ScriptRuntime.add(ScriptRuntime.name(p1, scriptable, "line"), "/api.php?ml=buindkami&skey=ftx3frwa1d&kami="), ScriptRuntime.name(p1, scriptable, "card"), p1), "&imei="), ScriptRuntime.name(p1, scriptable, "androidId"), p1);
objArray2[1] = "";
objArray2[2] = main._k0;
Object[] objArray3 = new Object[]{"User-Agent"};
Object[] objArray4 = new Object[]{"test"};
objArray2[3] = ScriptRuntime.newObjectLiteral(objArray3, objArray4, null, p1, scriptable);
ScriptRuntime.setName(ScriptRuntime.bind(p1, scriptable, "kmget"), OptRuntime.callN(ScriptRuntime.getPropFunctionAndThis(ScriptRuntime.name(p1, scriptable, "http"), "httpGet", p1, scriptable), ScriptRuntime.lastStoredScriptable(p1), objArray2, p1, scriptable), p1, scriptable, "kmget");
objArray1 = new Object[]{OptRuntime.callName(objArray2, "base64_decode", p1, scriptable), "DECODE", "blf0rankhcxvtm5e"};
objArray2 = new Object[]{ScriptRuntime.name(p1, scriptable, "kmget")};
ScriptRuntime.setName(ScriptRuntime.bind(p1, scriptable, "end"), OptRuntime.callName(objArray1, "ajaxcode", p1, scriptable), p1, scriptable, "end");
ScriptRuntime.setName(ScriptRuntime.bind(p1, scriptable, "jsonkm"), OptRuntime.call1(ScriptRuntime.getPropFunctionAndThis(ScriptRuntime.name(p1, scriptable, "JSON"), "parse", p1, scriptable), ScriptRuntime.lastStoredScriptable(p1), ScriptRuntime.name(p1, scriptable, "end"), p1, scriptable), p1, scriptable, "jsonkm");
ScriptRuntime.setName(ScriptRuntime.bind(p1, scriptable, "kmcode"), ScriptRuntime.getObjectProp(ScriptRuntime.name(p1, scriptable, "jsonkm"), "code", p1, scriptable), p1, scriptable, "kmcode");
ScriptRuntime.setName(ScriptRuntime.bind(p1, scriptable, "kmmsg"), ScriptRuntime.getObjectProp(ScriptRuntime.name(p1, scriptable, "jsonkm"), "msg", p1, scriptable), p1, scriptable, "kmmsg");
二、这是抓包内容(skey、kami、ime均为固定值)
GET //api.php?ml=buindkami&skey=ftx3frwa1d&kami=05wtxfew46ikwdf&imei=280af084edacbbc0 HTTP/1.1
User-Agent: test
Host: cdnw.no1s8.com
Connection: Keep-Alive
Accept-Encoding: gzip
HTTP/1.1 200 OK
Server: You Xi Dun
Date: Tue, 19 Sep 2023 14:24:52 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Vary: Accept-Encoding
Set-Cookie: PHPSESSID=hh8dv9ecq9lv65kfnflthba2cb; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Encoding: gzip
NjBjZVlrK1cwZTZ2MFhONzNLVTZvTG5kKzVGWmJmOHdUcmxLRHJzSWRwQ2NidXBmVTFnUU53b0VZTS9ZMEFWaUV6UXc4aWRyclprVVd6RU11UDNrbkJ3ZXowOXZEcERnR0dWRjd2WnVKNmJnWHJRd0d6Tk5zZ0JqRWtmSVNqanl6SHloN1Q4cWJsZGVzUlVXd0pYTi84Q2hTREUwbjZNVmNYbVplUjQ5eDlmM0xoaE1VSTBIUk9VaXBoZzc1T2h1cVJXbDNnMGptQ2JlY1hpY2N0RnNvUFlQdmc=
请教下解密过程,得出解密结果。