大众点评js逆向过程（未完）

一、观察mtgsig的值

{"a1":"1.1",
"a2":1718468767104,
"a3":"xuy1zzu91zv25262z3259x8wx343501480981x32u65979585511yvv0",
"a5":"EO/9ybr3Lu84Fo+S/aTJ",
"a6":"hs1.4aOG4x69iuIGtADfqn9IKcfnvTEIjKjY9H6EeuMkKzu5/rXMEfcX4PkryisYfKr+LFobgDNzDmFr3cb73An0DxQ==",
"x0":4,
"d1":"3d8e870992de460f5333124faf50c103"}{"a1":"1.1",
"a2":1718468774352,
"a3":"xuy1zzu91zv25262z3259x8wx343501480981x32u65979585511yvv0",
"a5":"EO/9yMr3Lu84Fo+S/aTJ",
"a6":"hs1.4aOG4x69iuIGtADfqn9IKcfnvTEIjKjY9H6EeuMkKzu5/rXMEfcX4PkryisYfKr+LFobgDNzDmFr3cb73An0DxQ==",
"x0":4,
"d1":"6739982310bed1200c8b526977874905"}{"a1":"1.1","a2":1718469128184,
"a3":"xuy1zzu91zv25262z3259x8wx343501480981x32u65979585511yvv0",
"a5":"EO/98br3Lu84Fo+S/aTJ",
"a6":"hs1.4aOG4x69iuIGtADfqn9IKcfnvTEIjKjY9H6EeuMkKzu5/rXMEfcX4PkryisYfKr+LFobgDNzDmFr3cb73An0DxQ==",
"x0":4,
"d1":"0f681765340220edcd3b4a5b3b6a3781"}

二、断点调试加密过程

仔细观察上面mtgsig的值 发现 a2 是时间戳，a5 需要破解 ， d1需要破解 ， 其他是固定的

var guardOwl, md5 = {md5: function(s) {return hex(md51(s))},md5Array: md51,md5ToHex: hex};md5.s(ik);im  = cee70b7578ff51b84f14efa2efbc7891i5 =hs1.4aOG4x69iuIGtADfqn9IKcfnvTEIjKjY9H6EeuMkKzu5/rXMEfcX4PkryisYfKr+LFobgDNzDmFr3cb73An0DxQ==
对 ik = io进行 md5加密  得到 iq  
fy(null , iq)  得到 ir  , 
is = [0, 17, '2.4.0' , 0 ]
JOSN.stringify(is);
it = h6( null , h8(null , ir , JOSN.stringify(is)))  // "EO/9JriScRkoUfM7cAq9Cc=="

1、这里mtgsig已经被拼到url中

2、进入后mtgsig已经计算完， ir = he(this[b(4326)], !1), 就是加密函数

32 次 796 1143 ->508 -> 754 -> 1151

160 注意IC这个数组

控制流平坦化进行AST 解析

1. AST网址