desc参数分析

某某航司的des参数,这个参数我看到有四个航司都有

参数生成定位

这里不细说,直接搜索 \x5c+ 进行定位

加密算法与环境值分析

加密算法分析

上图可以看到,这个是一个des加密

DES加密
	秘钥:'52D2841A3485DFFBCF2EA6A0515077CD'
	加密模式:CBC
	填充模式:Nopk
	明文:'{"xy":[{"x":1165,"y":398,"t":1714964023704},{"x":1164,"y":398,"t":1714964023720},{"x":1162,"y":396,"t":1714964023760},{"x":1106,"y":395,"t":1714964023864},{"x":1106,"y":395,"t":1714964023955}],"fingerprint":3689427594,"prevent_pev":null,"prevent_cid":"fc8bded2#5a037aac#Netscape&Google Inc.#0#0#Netscape&getBattery&8&12&Gecko&20030107#0#0#0#0#1080,1920#20210715#false#true#true#true#fc8bded220210715fc8bded2","t":1714964088617}'

经过分析,这是一个魔改过的des

解决方法也比较简单

把_0x43cc91这个对象扣出来导出就行

环境值分析

环境数组

{
    "xy": [
        {
            "x": 1165,
            "y": 398,
            "t": 1714964023704
        },
        {
            "x": 1164,
            "y": 398,
            "t": 1714964023720
        },
        {
            "x": 1162,
            "y": 396,
            "t": 1714964023760
        },
        {
            "x": 1106,
            "y": 395,
            "t": 1714964023864
        },
        {
            "x": 1106,
            "y": 395,
            "t": 1714964023955
        }
    ],
    "fingerprint": 3689427594,
    "prevent_pev": null,
    "prevent_cid": "fc8bded2#5a037aac#Netscape&Google Inc.#0#0#Netscape&getBattery&8&12&Gecko&20030107#0#0#0#0#1080,1920#20210715#false#true#true#true#fc8bded220210715fc8bded2",
    "t": 1714964088617
}

按照下图去逐个分析就行

xy

从上面的环境数组可以猜出,这是五个点的坐标位置加上时间戳

追栈仔细看看

{
    "x": 1165,             // MouseEvent['pageX']
    "y": 398,              // MouseEvent['pageY']
    "t": 1714964023704     // MouseEvent['timestamp'] || new Date()["valueOf"]() 
}

当数组长度大于5时,就会shift出去

fingerprint

这是一个环境指纹

环境数组

// 生成逻辑
function get_arr() {
    var _0x3385a2 = [];

    if (_0x3385a2.push(navigator.userAgent),
    _0x3385a2.push(navigator.language),
    _0x3385a2.push(screen.colorDepth),
    this.screen_resolution) {
        var _0x362e50 = this.getScreenResolution();

        if ("undefined" != typeof _0x362e50) {
            _0x3385a2.push(this.getScreenResolution().join("x"));
        }
    }

    return _0x3385a2.push(new Date().getTimezoneOffset()),
    _0x3385a2.push(this.hasSessionStorage()),
    _0x3385a2.push(this.hasLocalStorage()),
    _0x3385a2.push(!!_0x102f4c.indexedDB),
    _0x575963.body ? _0x3385a2.push(typeof _0x575963.body.addBehavior) : _0x3385a2.push("undefined"),
    _0x3385a2.push(typeof _0x102f4c.openDatabase),
    _0x3385a2.push("cpuClass:" + navigator.cpuClass),
    _0x3385a2.push("platform:" + navigator.platform),
    _0x3385a2.push("doNotTrack:" + navigator.doNotTrack),
    _0x3385a2.push("Plugin:" + this.getPluginsString()),
    this.isCanvasSupported() ? _0x3385a2.push("1") : _0x3385a2.push("0"),
    _0x3385a2.push(this.getNodeJsEv()),
    _0x3385a2.push(this.getWebDriverEv()),
    _0x3385a2.push(this.isPhantomJSEv()),
    _0x3385a2.push(this.isChromeHeadless()),
    _0x3385a2.push(this.isChromeEv()),
    _0x3385a2.push(this.isFireFoxEv()),
    _0x3385a2.push(this.isSafariEv()),
    _0x3385a2.push(this.getAppNameAndVendor()),
    _0x3385a2.push(this.getCanvasFingerprint()),
    _0x3385a2;
}
// 结果
[
    "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36",
    "zh-CN",
    24,
    -480,
    true,
    true,
    true,
    "undefined",
    "undefined",
    "cpuClass:undefined",
    "platform:Win32",
    "doNotTrack:null",
    "Plugin:PDF Viewer::Portable Document Format::application/pdf~pdf,text/pdf~pdf;Chrome PDF Viewer::Portable Document Format::application/pdf~pdf,text/pdf~pdf;Chromium PDF Viewer::Portable Document Format::application/pdf~pdf,text/pdf~pdf;Microsoft Edge PDF Viewer::Portable Document Format::application/pdf~pdf,text/pdf~pdf;WebKit built-in PDF::Portable Document Format::application/pdf~pdf,text/pdf~pdf",
    "1",
    "0",
    "0",
    "0",
    "0",
    "Netscape&getBattery&8&12&Gecko&20030107",
    "0",
    "0",
    "Netscape&Google Inc.",
    "fc8bded2"
]

prevent_cid

// 生成值流程
var _0x1d119d = _0x51f4be.getCanvasFingerprint() + "#" + md5(_0xae9c3 + "you are good!" + Math.floor(Math.random() * 10).toString()).substring(24) + "#" + _0x51f4be.getAppNameAndVendor() + "#" + _0x51f4be.isSafariEv() + "#" + _0x51f4be.isFireFoxEv() + "#" + _0x51f4be.isChromeEv() + "#" + _0x51f4be.isPhantomJSEv() + "#" + _0x51f4be.isChromeHeadless() + "#" + _0x51f4be.getWebDriverEv() + "#" + _0x51f4be.getNodeJsEv() + "#" + _0x51f4be.getScreenResolution() + "#" + _0x525c47 + "#" + _0x51f4be.isIE() + "#" + _0x51f4be.isCanvasSupported() + "#" + _0x51f4be.hasSessionStorage() + "#" + _0x51f4be.hasLocalStorage() + "#" + _0x51f4be.getCanvasFingerprint() + _0x525c47 + _0x51f4be.getCanvasFingerprint();

// 结果
"fc8bded2#5a037aac#Netscape&Google Inc.#0#0#Netscape&getBattery&8&12&Gecko&20030107#0#0#0#0#1080,1920#20210715#false#true#true#true#fc8bded220210715fc8bded2"

需要注意的是,这个是动态的值

md5(_0xae9c3 + "you are good!" + Math.floor(Math.random() * 10).toString()).substring(24)

结束

这个航司请求太快会触发风控,dx滑块、ip风控(检测比较严格,用了两个隧道不行)。