前言

1
aHR0cHM6Ly93d3cubm1wYS5nb3YuY24vZGF0YXNlYXJjaC9zZWFyY2gtcmVzdWx0Lmh0bWw=
1
先绕过debugg,进来发现加密参数

1

开始

1
进来打上断点,关键位置

1

扣代码

1
直接开扣吧,ajax部分我就扣这么多。md5全部复制下来

1

1
pajax里面只有hasTokenGet方法 hasTokenGet方法有点小改动,参考网上的
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
'hasTokenGet': function(_0x194f10, _0x20d400) {
       var _0x30b6f6 = {
           'inoTo': _0xdfc7('f5', 'f[WA'),
           'wyNxZ': function(_0x2d025f, _0x2003c1) {
               return _0x2d025f + _0x2003c1;
           },
           'AlzcX': _0xdfc7('f6', 'C0n&'),
           'rgvgy': function(_0x53dd9b, _0x31ed1e) {
               return _0x53dd9b || _0x31ed1e;
           },
           'azOWI': function(_0x37bbec) {
               return _0x37bbec();
           },
           'HUDdP': function(_0x3b1a0f, _0x198aca) {
               return _0x3b1a0f === _0x198aca;
           },
           'kNYKd': _0xdfc7('f7', ')nUr'),
           'AlUdj': 'pMSzI',
           'GmLgF': function(_0x326050, _0x182779) {
               return _0x326050(_0x182779);
           },
           'yWqYp': _0xdfc7('f8', 'A^Px'),
           'ycJHx': function(_0x5e7cd7, _0x282811) {
               return _0x5e7cd7(_0x282811);
           }
       };
       _0x20d400 = _0x30b6f6[_0xdfc7('f9', '(TPJ')](_0x20d400, {});
       var _0x37cd60 = false;
       _0x20d400[_0xdfc7('fb', 'e4PG')] = _0x20d400['timestamp'];
       let _0x2cd4d6 = getSign(_0x20d400);
       for (let _0x1a609b in _0x2cd4d6) {
           if (_0x30b6f6[_0xdfc7('fd', 'VfYA')](_0x30b6f6[_0xdfc7('fe', 'A8L]')], _0x30b6f6[_0xdfc7('ff', 'lios')])) {
               app = _0x30b6f6[_0xdfc7('100', 'FE9r')];
               let _0x3306b1 = _0x30b6f6[_0xdfc7('101', 'A8L]')](_0x30b6f6['wyNxZ'](app, _0x30b6f6['AlzcX']), _0x20d400);
               location[_0xdfc7('102', 'n7gq')] = _0x3306b1;
           } else {
               if (_0x2cd4d6[_0x1a609b] == '') {
                   delete _0x2cd4d6[_0x1a609b];
               }
           }
       }
      let sign =  _0x30b6f6[_0xdfc7('105', 'OmpI')](jsonMD5ToStr, _0x2cd4d6)
      return sign
   },
1
接着我们写方法调用
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21

function getsign() {
    var timestamp =  Date.parse(new Date);
    url = 'https://xxxxx/datasearch/data/nmpadata/search'
    data = {
        'itemId': 'ff80808183cad75001840881f848179f',
        'isSenior': 'N',
        'searchValue': '布洛芬',
        'pageNum': '1',
        'pageSize': '10',
        'timestamp': '1762949962000',
    }
    var sign = pajax.hasTokenGet(url, data)
    console.log(sign)
    console.log(timestamp)
     return {
        "timestamp": timestamp,
        "sign": sign,
    }
}
getsign()

运行结果

1
我们运行一下代码和网页的sign对比一下,哈,一样

1