AI逆向|逆向反混淆练习平台第一题加密参数并获取数据

admin
admin
admin
0
文章
0
评论
2026-04-02 04:47:37 网络安全文章 来源:ZONE.CI 全球网 0 阅读模式

文章总结: 本文记录使用AI工具(CodeXCLI配合Gpt-5.4模型及JSReverser-MCP)逆向猿人学反混淆练习平台第一题的加密参数m的完整过程。通过抓包定位接口中的加密参数m,利用AI辅助生成Python纯算MD5源码实现参数构造并成功获取数据,整个AI逆向过程约耗时30分钟。作者认为设计好提示词后AI可大幅简化JS逆向工作,但指出该题混淆难度较低,新手亦可手动完成。 综合评分: 58 文章分类: 爬虫,AI安全,逆向分析,WEB安全

cover_image

AI逆向|逆向反混淆练习平台第一题加密参数并获取数据

原创

悦来客栈的老板 悦来客栈的老板

菜鸟学Python编程

2026年3月26日 21:00 湖北

关注它,不迷路。

  • 本文章中所有内容仅供学习交流,不可用于任何商业用途和非法用途,否则后果自负,如有侵权,请联系作者立即删除!

一.题目地址

https://match.yuanrenxue.cn/match/1

二.抓包分析

打开控制台后,抓包分析,看看所要的数据在哪里:

数据在上面这个接口,有个m的加密参数

古法逆向,到此结束。

三.AI工具

我这里使用codeX的cli工具 + Gpt-5.4 xhigh 的AI模型。

使用的MCP则是 JSReverser-MCP

四.提示词

https://t.zsxq.com/5TbAy

如果需要,可以私下和我交流。

五.AI提供的Python纯算源码

import ctypesimport time
import requests

API_URL = "https://match.yuanrenxue.cn/api/question/1"SESSION_ID = "你的ID"USER_AGENT = "yuanrenxue"SEPARATOR = "\u4e28"
# 固定样本来自离线插桩后的 JS 运行结果:# ts = 1710100000000 -> f = 008f6fa3eb5dd36069d29a8ea3d77bb5SAMPLE_TS = "1710100000000"SAMPLE_HASH = "008f6fa3eb5dd36069d29a8ea3d77bb5"

def _to_int32(value: int) -> int:    return ctypes.c_int32(value).value

def _urshift(value: int, bits: int) -> int:    return (value & 0xFFFFFFFF) >> bits

def&nbsp;_safe_add(a:&nbsp;int, b:&nbsp;int) ->&nbsp;int:&nbsp; &nbsp; low = (a &&nbsp;0xFFFF) + (b &&nbsp;0xFFFF)&nbsp; &nbsp; high = (a >>&nbsp;16) + (b >>&nbsp;16) + (low >>&nbsp;16)&nbsp; &nbsp;&nbsp;return&nbsp;_to_int32((high <<&nbsp;16) | (low &&nbsp;0xFFFF))

def&nbsp;_bit_rol(value:&nbsp;int, bits:&nbsp;int) ->&nbsp;int:&nbsp; &nbsp;&nbsp;return&nbsp;_to_int32((value << bits) | _urshift(value,&nbsp;32&nbsp;- bits))

def&nbsp;_md5_cmn(h:&nbsp;int, e:&nbsp;int, d:&nbsp;int, c:&nbsp;int, g:&nbsp;int, f:&nbsp;int) ->&nbsp;int:&nbsp; &nbsp;&nbsp;return&nbsp;_safe_add(_bit_rol(_safe_add(_safe_add(e, h), _safe_add(c, f)), g), d)

def&nbsp;_md5_ff(g:&nbsp;int, f:&nbsp;int, k:&nbsp;int, j:&nbsp;int, e:&nbsp;int, i:&nbsp;int, h:&nbsp;int) ->&nbsp;int:&nbsp; &nbsp;&nbsp;return&nbsp;_md5_cmn((f & k) | ((~f) & j), g, f, e, i, h)

def&nbsp;_md5_gg(g:&nbsp;int, f:&nbsp;int, k:&nbsp;int, j:&nbsp;int, e:&nbsp;int, i:&nbsp;int, h:&nbsp;int) ->&nbsp;int:&nbsp; &nbsp;&nbsp;return&nbsp;_md5_cmn((f & j) | (k & (~j)), g, f, e, i, h)

def&nbsp;_md5_hh(g:&nbsp;int, f:&nbsp;int, k:&nbsp;int, j:&nbsp;int, e:&nbsp;int, i:&nbsp;int, h:&nbsp;int) ->&nbsp;int:&nbsp; &nbsp;&nbsp;return&nbsp;_md5_cmn(f ^ k ^ j, g, f, e, i, h)

def&nbsp;_md5_ii(g:&nbsp;int, f:&nbsp;int, k:&nbsp;int, j:&nbsp;int, e:&nbsp;int, i:&nbsp;int, h:&nbsp;int) ->&nbsp;int:&nbsp; &nbsp;&nbsp;return&nbsp;_md5_cmn(k ^ (f | (~j)), g, f, e, i, h)

def&nbsp;_str2binl(text:&nbsp;str, chrsz:&nbsp;int&nbsp;=&nbsp;16) ->&nbsp;list[int]:&nbsp; &nbsp; words:&nbsp;list[int] = []&nbsp; &nbsp; mask = (1&nbsp;<< chrsz) -&nbsp;1&nbsp; &nbsp;&nbsp;for&nbsp;bit&nbsp;in&nbsp;range(0,&nbsp;len(text) * chrsz, chrsz):&nbsp; &nbsp; &nbsp; &nbsp; index = bit >>&nbsp;5&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;while&nbsp;len(words) <= index:&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; words.append(0)&nbsp; &nbsp; &nbsp; &nbsp; words[index] = _to_int32(words[index] | ((ord(text[bit // chrsz]) & mask) << (bit %&nbsp;32)))&nbsp; &nbsp;&nbsp;return&nbsp;words

def&nbsp;_binl2hex(words:&nbsp;list[int]) ->&nbsp;str:&nbsp; &nbsp; table =&nbsp;"0123456789abcdef"&nbsp; &nbsp; output:&nbsp;list[str] = []&nbsp; &nbsp;&nbsp;for&nbsp;i&nbsp;in&nbsp;range(len(words) *&nbsp;4):&nbsp; &nbsp; &nbsp; &nbsp; value = words[i >>&nbsp;2]&nbsp; &nbsp; &nbsp; &nbsp; output.append(table[(_urshift(value, (i %&nbsp;4) *&nbsp;8&nbsp;+&nbsp;4)) &&nbsp;0xF])&nbsp; &nbsp; &nbsp; &nbsp; output.append(table[(_urshift(value, (i %&nbsp;4) *&nbsp;8)) &&nbsp;0xF])&nbsp; &nbsp;&nbsp;return&nbsp;"".join(output)

def&nbsp;_core_md5(words:&nbsp;list[int], bit_length:&nbsp;int) ->&nbsp;list[int]:&nbsp; &nbsp; index = bit_length >>&nbsp;5&nbsp; &nbsp;&nbsp;while&nbsp;len(words) <= index:&nbsp; &nbsp; &nbsp; &nbsp; words.append(0)&nbsp; &nbsp; words[index] = _to_int32(words[index] | (128&nbsp;<< (bit_length %&nbsp;32)))
&nbsp; &nbsp; index = (((bit_length +&nbsp;64) >>&nbsp;9) <<&nbsp;4) +&nbsp;14&nbsp; &nbsp;&nbsp;while&nbsp;len(words) <= index:&nbsp; &nbsp; &nbsp; &nbsp; words.append(0)&nbsp; &nbsp; words[index] = _to_int32(bit_length)
&nbsp; &nbsp; o, n, m, l =&nbsp;1732584193, -271733879, -1732584194,&nbsp;271733878
&nbsp; &nbsp;&nbsp;for&nbsp;g&nbsp;in&nbsp;range(0,&nbsp;len(words),&nbsp;16):&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;while&nbsp;len(words) < g +&nbsp;16:&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; words.append(0)
&nbsp; &nbsp; &nbsp; &nbsp; j, h, f, e = o, n, m, l
&nbsp; &nbsp; &nbsp; &nbsp; o = _md5_ff(o, n, m, l, words[g +&nbsp;0],&nbsp;7, -680976936)&nbsp; &nbsp; &nbsp; &nbsp; l = _md5_ff(l, o, n, m, words[g +&nbsp;1],&nbsp;12, -389564586)&nbsp; &nbsp; &nbsp; &nbsp; m = _md5_ff(m, l, o, n, words[g +&nbsp;2],&nbsp;17,&nbsp;606105819)&nbsp; &nbsp; &nbsp; &nbsp; n = _md5_ff(n, m, l, o, words[g +&nbsp;3],&nbsp;22, -1044525330)&nbsp; &nbsp; &nbsp; &nbsp; o = _md5_ff(o, n, m, l, words[g +&nbsp;4],&nbsp;7, -176418897)&nbsp; &nbsp; &nbsp; &nbsp; l = _md5_ff(l, o, n, m, words[g +&nbsp;5],&nbsp;12,&nbsp;1200080426)&nbsp; &nbsp; &nbsp; &nbsp; m = _md5_ff(m, l, o, n, words[g +&nbsp;6],&nbsp;17, -1473231341)&nbsp; &nbsp; &nbsp; &nbsp; n = _md5_ff(n, m, l, o, words[g +&nbsp;7],&nbsp;22, -45705983)&nbsp; &nbsp; &nbsp; &nbsp; o = _md5_ff(o, n, m, l, words[g +&nbsp;8],&nbsp;7,&nbsp;1770035416)&nbsp; &nbsp; &nbsp; &nbsp; l = _md5_ff(l, o, n, m, words[g +&nbsp;9],&nbsp;12, -1958414417)&nbsp; &nbsp; &nbsp; &nbsp; m = _md5_ff(m, l, o, n, words[g +&nbsp;10],&nbsp;17, -42063)&nbsp; &nbsp; &nbsp; &nbsp; n = _md5_ff(n, m, l, o, words[g +&nbsp;11],&nbsp;22, -1990404162)&nbsp; &nbsp; &nbsp; &nbsp; o = _md5_ff(o, n, m, l, words[g +&nbsp;12],&nbsp;7,&nbsp;1804660682)&nbsp; &nbsp; &nbsp; &nbsp; l = _md5_ff(l, o, n, m, words[g +&nbsp;13],&nbsp;12, -40341101)&nbsp; &nbsp; &nbsp; &nbsp; m = _md5_ff(m, l, o, n, words[g +&nbsp;14],&nbsp;17, -1502002290)&nbsp; &nbsp; &nbsp; &nbsp; n = _md5_ff(n, m, l, o, words[g +&nbsp;15],&nbsp;22,&nbsp;1236535329)
&nbsp; &nbsp; &nbsp; &nbsp; o = _md5_gg(o, n, m, l, words[g +&nbsp;1],&nbsp;5, -165796510)&nbsp; &nbsp; &nbsp; &nbsp; l = _md5_gg(l, o, n, m, words[g +&nbsp;6],&nbsp;9, -1069501632)&nbsp; &nbsp; &nbsp; &nbsp; m = _md5_gg(m, l, o, n, words[g +&nbsp;11],&nbsp;14,&nbsp;643717713)&nbsp; &nbsp; &nbsp; &nbsp; n = _md5_gg(n, m, l, o, words[g +&nbsp;0],&nbsp;20, -373897302)&nbsp; &nbsp; &nbsp; &nbsp; o = _md5_gg(o, n, m, l, words[g +&nbsp;5],&nbsp;5, -701558691)&nbsp; &nbsp; &nbsp; &nbsp; l = _md5_gg(l, o, n, m, words[g +&nbsp;10],&nbsp;9,&nbsp;38016083)&nbsp; &nbsp; &nbsp; &nbsp; m = _md5_gg(m, l, o, n, words[g +&nbsp;15],&nbsp;14, -660478335)&nbsp; &nbsp; &nbsp; &nbsp; n = _md5_gg(n, m, l, o, words[g +&nbsp;4],&nbsp;20, -405537848)&nbsp; &nbsp; &nbsp; &nbsp; o = _md5_gg(o, n, m, l, words[g +&nbsp;9],&nbsp;5,&nbsp;568446438)&nbsp; &nbsp; &nbsp; &nbsp; l = _md5_gg(l, o, n, m, words[g +&nbsp;14],&nbsp;9, -1019803690)&nbsp; &nbsp; &nbsp; &nbsp; m = _md5_gg(m, l, o, n, words[g +&nbsp;3],&nbsp;14, -187363961)&nbsp; &nbsp; &nbsp; &nbsp; n = _md5_gg(n, m, l, o, words[g +&nbsp;8],&nbsp;20,&nbsp;1163531501)&nbsp; &nbsp; &nbsp; &nbsp; o = _md5_gg(o, n, m, l, words[g +&nbsp;13],&nbsp;5, -1444681467)&nbsp; &nbsp; &nbsp; &nbsp; l = _md5_gg(l, o, n, m, words[g +&nbsp;2],&nbsp;9, -51403784)&nbsp; &nbsp; &nbsp; &nbsp; m = _md5_gg(m, l, o, n, words[g +&nbsp;7],&nbsp;14,&nbsp;1735328473)&nbsp; &nbsp; &nbsp; &nbsp; n = _md5_gg(n, m, l, o, words[g +&nbsp;12],&nbsp;20, -1921207734)
&nbsp; &nbsp; &nbsp; &nbsp; o = _md5_hh(o, n, m, l, words[g +&nbsp;5],&nbsp;4, -378558)&nbsp; &nbsp; &nbsp; &nbsp; l = _md5_hh(l, o, n, m, words[g +&nbsp;8],&nbsp;11, -2022574463)&nbsp; &nbsp; &nbsp; &nbsp; m = _md5_hh(m, l, o, n, words[g +&nbsp;11],&nbsp;16,&nbsp;1839030562)&nbsp; &nbsp; &nbsp; &nbsp; n = _md5_hh(n, m, l, o, words[g +&nbsp;14],&nbsp;23, -35309556)&nbsp; &nbsp; &nbsp; &nbsp; o = _md5_hh(o, n, m, l, words[g +&nbsp;1],&nbsp;4, -1530992060)&nbsp; &nbsp; &nbsp; &nbsp; l = _md5_hh(l, o, n, m, words[g +&nbsp;4],&nbsp;11,&nbsp;1272893353)&nbsp; &nbsp; &nbsp; &nbsp; m = _md5_hh(m, l, o, n, words[g +&nbsp;7],&nbsp;16, -155497632)&nbsp; &nbsp; &nbsp; &nbsp; n = _md5_hh(n, m, l, o, words[g +&nbsp;10],&nbsp;23, -1094730640)&nbsp; &nbsp; &nbsp; &nbsp; o = _md5_hh(o, n, m, l, words[g +&nbsp;13],&nbsp;4,&nbsp;681279174)&nbsp; &nbsp; &nbsp; &nbsp; l = _md5_hh(l, o, n, m, words[g +&nbsp;0],&nbsp;11, -358537222)&nbsp; &nbsp; &nbsp; &nbsp; m = _md5_hh(m, l, o, n, words[g +&nbsp;3],&nbsp;16, -722881979)&nbsp; &nbsp; &nbsp; &nbsp; n = _md5_hh(n, m, l, o, words[g +&nbsp;6],&nbsp;23,&nbsp;76029189)&nbsp; &nbsp; &nbsp; &nbsp; o = _md5_hh(o, n, m, l, words[g +&nbsp;9],&nbsp;4, -640364487)&nbsp; &nbsp; &nbsp; &nbsp; l = _md5_hh(l, o, n, m, words[g +&nbsp;12],&nbsp;11, -421815835)&nbsp; &nbsp; &nbsp; &nbsp; m = _md5_hh(m, l, o, n, words[g +&nbsp;15],&nbsp;16,&nbsp;530742520)&nbsp; &nbsp; &nbsp; &nbsp; n = _md5_hh(n, m, l, o, words[g +&nbsp;2],&nbsp;23, -995338651)
&nbsp; &nbsp; &nbsp; &nbsp; o = _md5_ii(o, n, m, l, words[g +&nbsp;0],&nbsp;6, -198630844)&nbsp; &nbsp; &nbsp; &nbsp; l = _md5_ii(l, o, n, m, words[g +&nbsp;7],&nbsp;10,&nbsp;11261161415)&nbsp; &nbsp; &nbsp; &nbsp; m = _md5_ii(m, l, o, n, words[g +&nbsp;14],&nbsp;15, -1416354905)&nbsp; &nbsp; &nbsp; &nbsp; n = _md5_ii(n, m, l, o, words[g +&nbsp;5],&nbsp;21, -57434055)&nbsp; &nbsp; &nbsp; &nbsp; o = _md5_ii(o, n, m, l, words[g +&nbsp;12],&nbsp;6,&nbsp;1700485571)&nbsp; &nbsp; &nbsp; &nbsp; l = _md5_ii(l, o, n, m, words[g +&nbsp;3],&nbsp;10, -1894446606)&nbsp; &nbsp; &nbsp; &nbsp; m = _md5_ii(m, l, o, n, words[g +&nbsp;10],&nbsp;15, -1051523)&nbsp; &nbsp; &nbsp; &nbsp; n = _md5_ii(n, m, l, o, words[g +&nbsp;1],&nbsp;21, -2054922799)&nbsp; &nbsp; &nbsp; &nbsp; o = _md5_ii(o, n, m, l, words[g +&nbsp;8],&nbsp;6,&nbsp;1873313359)&nbsp; &nbsp; &nbsp; &nbsp; l = _md5_ii(l, o, n, m, words[g +&nbsp;15],&nbsp;10, -30611744)&nbsp; &nbsp; &nbsp; &nbsp; m = _md5_ii(m, l, o, n, words[g +&nbsp;6],&nbsp;15, -1560198380)&nbsp; &nbsp; &nbsp; &nbsp; n = _md5_ii(n, m, l, o, words[g +&nbsp;13],&nbsp;21,&nbsp;1309151649)&nbsp; &nbsp; &nbsp; &nbsp; o = _md5_ii(o, n, m, l, words[g +&nbsp;4],&nbsp;6, -145523070)&nbsp; &nbsp; &nbsp; &nbsp; l = _md5_ii(l, o, n, m, words[g +&nbsp;11],&nbsp;10, -1120210379)&nbsp; &nbsp; &nbsp; &nbsp; m = _md5_ii(m, l, o, n, words[g +&nbsp;2],&nbsp;15,&nbsp;718787259)&nbsp; &nbsp; &nbsp; &nbsp; n = _md5_ii(n, m, l, o, words[g +&nbsp;9],&nbsp;21, -343485551)
&nbsp; &nbsp; &nbsp; &nbsp; o = _safe_add(o, j)&nbsp; &nbsp; &nbsp; &nbsp; n = _safe_add(n, h)&nbsp; &nbsp; &nbsp; &nbsp; m = _safe_add(m, f)&nbsp; &nbsp; &nbsp; &nbsp; l = _safe_add(l, e)
&nbsp; &nbsp;&nbsp;return&nbsp;[o, n, m, l]

def&nbsp;yrx_hex_md5(text:&nbsp;str) ->&nbsp;str:&nbsp; &nbsp;&nbsp;return&nbsp;_binl2hex(_core_md5(_str2binl(text),&nbsp;len(text) *&nbsp;16))

def&nbsp;build_m() ->&nbsp;str:&nbsp; &nbsp;&nbsp;# 页面源码使用 Date.parse(new Date()),精度只有秒,因此这里取整秒后再补 000。&nbsp; &nbsp; ts =&nbsp;int(time.time()) *&nbsp;1000&nbsp;+&nbsp;100000000&nbsp; &nbsp;&nbsp;return&nbsp;f"{yrx_hex_md5(str(ts))}{SEPARATOR}{ts //&nbsp;1000}"

def&nbsp;self_check() ->&nbsp;None:&nbsp; &nbsp; actual = yrx_hex_md5(SAMPLE_TS)&nbsp; &nbsp;&nbsp;if&nbsp;actual != SAMPLE_HASH:&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;raise&nbsp;RuntimeError(f"local hash mismatch:&nbsp;{actual}&nbsp;!=&nbsp;{SAMPLE_HASH}")

def&nbsp;fetch_page(session: requests.Session, page:&nbsp;int) ->&nbsp;list[int]:&nbsp; &nbsp; params = {&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;"page": page,&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;"pageSize":&nbsp;10,&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;"kw":&nbsp;"",&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;"m": build_m(),&nbsp; &nbsp; }&nbsp; &nbsp; response = session.get(API_URL, params=params, timeout=10)&nbsp; &nbsp; response.raise_for_status()&nbsp; &nbsp; payload = response.json()&nbsp; &nbsp;&nbsp;if&nbsp;"data"&nbsp;not&nbsp;in&nbsp;payload:&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;raise&nbsp;RuntimeError(f"unexpected response:&nbsp;{payload}")&nbsp; &nbsp;&nbsp;return&nbsp;payload["data"]

def&nbsp;main() ->&nbsp;None:&nbsp; &nbsp; self_check()
&nbsp; &nbsp; session = requests.Session()&nbsp; &nbsp; session.headers.update({"User-Agent": USER_AGENT})&nbsp; &nbsp; session.cookies.set("sessionid", SESSION_ID, domain="match.yuanrenxue.cn")
&nbsp; &nbsp; total =&nbsp;0&nbsp; &nbsp;&nbsp;for&nbsp;page&nbsp;in&nbsp;range(1,&nbsp;6):&nbsp; &nbsp; &nbsp; &nbsp; data = fetch_page(session, page)&nbsp; &nbsp; &nbsp; &nbsp; total +=&nbsp;sum(data)&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;print(f"page&nbsp;{page}:&nbsp;{data}")
&nbsp; &nbsp;&nbsp;print(f"total:&nbsp;{total}")

if&nbsp;__name__ ==&nbsp;"__main__":&nbsp; &nbsp; main()

结果如下图:

从AI开始分析到结束,大约耗时30分钟左右。

六.后记

不难看出,当你设计好提示词以后,AI会根据你这个提示进行逆向分析。

对于一般的网站逆向,你只需要抓包分析一下加密参数即可,其他的似乎已经不用操心了。

当然,这题目的混淆代码也不难,对于新手朋友还是挺友好的。

还不需要使用AI这么强的工具。

今天的分享就到这里,感谢阅读。

欢迎加入知识星球,学习更多AST和爬虫技巧。

免责声明:

本文所载程序、技术方法仅面向合法合规的安全研究与教学场景,旨在提升网络安全防护能力,具有明确的技术研究属性。

任何单位或个人未经授权,将本文内容用于攻击、破坏等非法用途的,由此引发的全部法律责任、民事赔偿及连带责任,均由行为人独立承担,本站不承担任何连带责任。

本站内容均为技术交流与知识分享目的发布,若存在版权侵权或其他异议,请通过邮件联系处理,具体联系方式可点击页面上方的联系我

本文转载自:菜鸟学Python编程 悦来客栈的老板 悦来客栈的老板《AI逆向|逆向反混淆练习平台第一题加密参数并获取数据》

版权声明

本站仅做备份收录,仅供研究与教学参考之用。
读者将信息用于其他用途的,全部法律及连带责任由读者自行承担,本站不承担任何责任。

ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
ZONE.CI 全球网
安全领域涉猎者-乌云独行地带
ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
安全领域涉猎者-乌云独行地带
ZONE.CI 全球网
评论:0   参与:  0