某壁纸网站JS逆向+混淆代码扣取AST修复+Python批量下载教程+完整代码

由于内容相对较多，无限debugger、JS逆向、混淆代码扣取修复、Python爬虫，篇幅较长，文字教程就不提供了，视频已上传至B站，大家直接去B站观看。

视频教程

https://www.bilibili.com/video/BV1Pi4y1271a

完整python代码

# -*- coding: utf-8 -*-
# @Author: Null119
# @Desc: { 模块描述 }
# @Date: 2022/02/16 12:37
import requests,json,execjs,jsonpath,urllib3,os,cv2,base64,random,time,hashlib
from Crypto.Cipher import AES
import numpy as np
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

ctx = execjs.compile(open('./decrypt.js').read())

def pad_byte(b):
    bytes_num_to_pad = 16 - (len(b) % 16)
    byte_to_pad = bytes([bytes_num_to_pad])
    padding = byte_to_pad * bytes_num_to_pad
    padded = b + padding
    return padded

def aesEcbEncode(data, key):
    padded = pad_byte(data.encode('utf-8'))
    key = bytes(key, encoding='utf-8')
    naes = AES.new(key, AES.MODE_ECB)
    en_text = naes.encrypt(padded)
    return base64.b64encode(en_text).decode()

def getImgPos(bg, tp):
    '''
    bg: 背景图片
    tp: 缺口图片
    out:输出图片
    '''
    # 读取背景图片和缺口图片
    bg_img = cv2.imdecode(np.frombuffer(bg, np.uint8), cv2.IMREAD_COLOR) # 背景图片
    tp_img = cv2.imdecode(np.frombuffer(tp, np.uint8), cv2.IMREAD_COLOR)  # 缺口图片
    # 识别图片边缘
    bg_edge = cv2.Canny(bg_img, 155, 310)
    tp_edge = cv2.Canny(tp_img, 155, 47)
    # 转换图片格式
    bg_pic = cv2.cvtColor(bg_edge, cv2.COLOR_GRAY2RGB)
    tp_pic = cv2.cvtColor(tp_edge, cv2.COLOR_GRAY2RGB)
    # 缺口匹配
    res = cv2.matchTemplate(bg_pic, tp_pic, cv2.TM_CCOEFF_NORMED)
    min_val, max_val, min_loc, max_loc = cv2.minMaxLoc(res)  # 寻找最优匹配
    # 绘制方框
    th, tw = tp_pic.shape[:2]
    tl = max_loc  # 左上角点的坐标
    br = (tl[0] + tw, tl[1] + th)  # 右下角点的坐标
    cv2.rectangle(bg_img, tl, br, (0, 0, 255), 2)  # 绘制矩形
    #cv2.imwrite(out, bg_img)  # 保存在本地
    # 返回缺口的X坐标
    return tl[0]

def getKey(id,filetype):
    ts=str(ctx.eval('getTS()'))
    md5str=hashlib.md5(ts.encode(encoding='UTF-8')).hexdigest()
    enstr='/wallpaper/origin/'+id+'.'+filetype + '-' + ts + '-' + md5str + '-0-TPV4hi7wIeM7DPv35457O8poVyUJRX0o'
    enstr=hashlib.md5(enstr.encode(encoding='UTF-8')).hexdigest()
    return ts + '-' + md5str + '-0-' + enstr

def download(num):
    r=requests.session()
    pagenum=1
    downNum = 0
    headers = {
        'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36',
        'Referer': 'https://bz.zzzmh.cn/index',
        'Content-Type': 'application/json'
    }
    print('*' * 50)
    while True:
        #size:请求返回图片数，最小12，最大96  current:页码
        pdat={"size":96,"current":pagenum,"sort":0,"category":0,"resolution":0,"color":0,"categoryId":0}
        url='https://api.zzzmh.cn/bz/v3/getData'
        htm=r.post(url,data=json.dumps(pdat),headers=headers,verify=False)
        if '身份验证' in htm.json()['msg']:
            print('滑块验证...')
            pverdat={"captchaType":"blockPuzzle","clientUid":"slider-b1b91406-281d-4f22-b835-4de06c216572","ts":str(int(time.time() * 1000))}
            htm=r.post('https://api.zzzmh.cn/captcha/get',data=json.dumps(pverdat),headers=headers,verify=False)
            rbgimg=htm.json()['repData']['originalImageBase64']
            rhkimg = htm.json()['repData']['jigsawImageBase64']
            token=htm.json()['repData']['token']
            secretKey=htm.json()['repData']['secretKey']
            bg_data = base64.b64decode(rbgimg)
            hk_data = base64.b64decode(rhkimg)
            pos = getImgPos(bg_data,hk_data)
            pos=pos+random.random()
            posStr='{"x":'+ str(pos) +',"y":5}'
            pointjson=aesEcbEncode(posStr,secretKey)
            pverdat={"captchaType":"blockPuzzle","pointJson":pointjson,"token":token}
            htm=r.post('https://api.zzzmh.cn/captcha/check',data=json.dumps(pverdat),headers=headers,verify=False)
            if htm.json()['success']:
                captcha = aesEcbEncode(token + '---' + posStr, secretKey)
                headers['captcha'] = captcha
                pdat = {"size": 96, "current": pagenum, "sort": 0, "category": 0, "resolution": 0, "color": 0,"categoryId": 0}
                url = 'https://api.zzzmh.cn/bz/v3/getData'
                htm = r.post(url, data=json.dumps(pdat), headers=headers, verify=False)
            else:
                print('需要验证.')
                exit()
        rdata=htm.json()['result']
        rjson=ctx.eval('decrypt("'+rdata+'")')
        ilist=jsonpath.jsonpath(json.loads(rjson),'$.list..i')
        tlist=jsonpath.jsonpath(json.loads(rjson),'$.list..t')
        for id in range(len(ilist)):
            print('开始下载第',downNum+1,'张壁纸...')
            if tlist[id]==2:filetype='jpg'
            if tlist[id]==1:filetype='png'
            url='https://doge.zzzmh.cn/wallpaper/origin/%s.%s?response-content-disposition=attachment&auth_key=%s' % (ilist[id],filetype,getKey(ilist[id],filetype))
            img=r.get(url,headers=headers,verify=False)
            if not os.path.exists('./image/'):os.mkdir('./image/')
            with open('./image/'+str(downNum+1)+'.'+filetype, 'wb') as f:
                f.write(img.content)
            downNum+=1
            if downNum>=num:break
        if downNum >= num: break
        pagenum+=1
    print('*' * 50)
    print(num,'张壁纸下载完成.')

if __name__ == '__main__':
    pagenum=input('输入需要下载的壁纸数量：')
    download(int(pagenum.strip()))

constructor hook

(()=>{
    Function.prototype.__constructor = Function.prototype.constructor;
    Function.prototype.constructor = function(){
        if(arguments && typeof arguments[0]==='string'){
            if("debugger"===arguments[0]){
                return
            }
            return Function.prototype.__constructor.apply(this,arguments);
        }
    }
})()

JS代码

function deBase64(input) {
    var _keyStr = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
    output = "";
    var chr1, chr2, chr3;
    var enc1, enc2, enc3, enc4;
    i = 0;
    input = input.replace(/[^A-Za-z0-9+\/=]/g, "");
    while (i < input.length) {
        enc1 = _keyStr.indexOf(input.charAt(i++));
        enc2 = _keyStr.indexOf(input.charAt(i++));
        enc3 = _keyStr.indexOf(input.charAt(i++));
        enc4 = _keyStr.indexOf(input.charAt(i++));
        chr1 = (enc1 << 2) | (enc2 >> 4);
        chr2 = ((enc2 & 15) << 4) | (enc3 >> 2);
        chr3 = ((enc3 & 3) << 6) | enc4;
        output = output + String.fromCharCode(chr1);
        if (enc3 !== 64) {
            output = output + String.fromCharCode(chr2);
        }
        if (enc4 !== 64) {
            output = output + String.fromCharCode(chr3);
        }
    }
    return output;
}

function _0x23ddbb(_0x44d85b) {
    for (var _0x1e1503 = deBase64(_0x44d85b), _0x5012cf = new Int8Array(_0x1e1503.length), _0x449558 = 0x0; _0x449558 < _0x1e1503.length; _0x449558++) _0x5012cf[_0x449558] = _0x1e1503.charCodeAt(_0x449558);
    return _0x5012cf;
}

function _0x482aff(_0x44d85b) {
    for (var _0x1e1503 = [ - 0x6f, 0x34, 0x5b, 0x41, -0x41, 0x74, 0x77, 0x6a, -0x79, -0x52, -0x5, 0x50, 0x33, 0x61, 0x44, -0x53, -0x70, -0x33, 0x17, -0x2e, -0x22, -0x72, -0x37, -0xb, -0x7f, 0x5a, 0x21, 0x16, -0x1f, 0x32, -0x11, 0x14, -0x2c, 0xf, -0x5e, -0x7b, 0x76, -0x17, -0x3d, 0x72, 0x47, -0x68, -0x7e, -0x75, -0x51, -0x36, -0x12, -0x6e, -0x4, -0x5f, -0x5b, 0x5e, -0x50, -0xe, 0x78, 0x69, 0x55, 0x68, -0x56, -0x6c, 0x43, 0x19, 0x65, 0x6c, 0x10, -0x69, 0x6f, -0xa, 0x75, -0x49, 0x4d, 0x59, -0x1d, -0x62, -0x44, 0x70, 0x6b, -0x1, 0x56, 0x79, 0x58, -0x65, -0x7c, 0x45, -0x1e, -0x8, -0x71, -0x4a, -0x76, 0x39, -0x19, 0xc, -0x73, -0x6a, 0x5f, 0x7f, 0x54, 0x7c, -0x66, -0x1c, 0x49, 0x2b, -0x3c, 0x1c, 0x2e, 0x73, 0x1e, 0x7a, -0x4b, 0x7d, -0x43, -0x4d, 0x3, -0x7, -0x35, -0xd, 0x35, 0x4e, -0x48, 0x1, 0xb, -0x47, -0x27, -0x4f, -0x3, 0x13, 0x29, 0x7e, -0x2b, -0x7d, -0x1b, 0x22, 0x3f, 0x8, 0x48, -0x23, -0x29, -0x3f, 0x3c, -0x18, 0x66, 0x2f, -0x77, -0x67, -0x16, 0x2d, 0x3b, 0x40, -0x60, 0x31, 0x53, -0x6b, -0x78, -0x39, -0x46, 0x0, -0x26, -0x54, -0x28, 0x18, 0xe, 0x30, 0x1d, 0x2c, -0x24, -0x2f, 0x38, -0x5c, 0x26, 0x25, 0x4, -0x32, 0x67, 0xa, -0x59, 0x37, 0x71, -0x1a, 0x6e, 0x36, 0x24, -0x14, -0x4e, -0xc, -0x74, 0x46, -0x25, 0x5, -0x3e, -0x4c, -0x30, -0x40, 0x4f, 0x64, 0x28, 0x6, -0x3a, -0x5a, -0x13, -0x9, 0x27, 0x5d, -0x63, 0x15, 0x7, 0x1a, -0x2, 0x1b, -0x2d, 0x51, 0x3a, -0x7a, 0x4c, -0x42, 0x2, 0x5c, -0x2a, 0x62, -0x10, 0x9, 0x3d, 0x3e, -0xf, 0x63, -0x15, 0x1f, -0x38, 0x57, 0x11, -0x34, -0x45, -0x21, -0x3b, -0x55, 0x42, 0x4a, 0x12, -0x5d, -0x80, -0x57, -0x20, 0x2a, 0x20, -0x58, 0x6d, 0x60, 0xd, -0x6, 0x4b, -0x64, -0x31, 0x23, -0x61, 0x52, -0x6d, 0x7b], _0x5012cf = 0x0, _0x449558 = 0x0, _0x2c930a = 0x0, _0x16910c = new Array(), _0x575163 = 0x0; _0x575163 < _0x44d85b.length; _0x575163++) {
        _0x5012cf = _0x5012cf + 0x1 & 0xff,
            _0x449558 = (0xff & _0x1e1503[_0x5012cf]) + _0x449558 & 0xff;
        var _0x482aff = _0x1e1503[_0x5012cf];
        _0x1e1503[_0x5012cf] = _0x1e1503[_0x449558],
            _0x1e1503[_0x449558] = _0x482aff,
            _0x2c930a = (0xff & _0x1e1503[_0x5012cf]) + (0xff & _0x1e1503[_0x449558]) & 0xff,
            _0x16910c.push(_0x44d85b[_0x575163] ^ _0x1e1503[_0x2c930a]);
    }

    return _0x16910c;
}

function _0x3598dd(_0x44d85b) {
    for (var _0x1e1503, _0x5012cf, _0x449558 = '',
             _0x2c930a = 0x0; _0x2c930a < _0x44d85b.length;) _0x1e1503 = _0x44d85b[_0x2c930a],
        _0x5012cf = 0x0,
        _0x1e1503 >>> 0x7 === 0x0 ? (_0x449558 += String.fromCharCode(_0x44d85b[_0x2c930a]), _0x2c930a += 0x1) : 0xfc === (0xfc & _0x1e1503) ? (_0x5012cf = (0x3 & _0x44d85b[_0x2c930a]) << 0x1e, _0x5012cf |= (0x3f & _0x44d85b[_0x2c930a + 0x1]) << 0x18, _0x5012cf |= (0x3f & _0x44d85b[_0x2c930a + 0x2]) << 0x12, _0x5012cf |= (0x3f & _0x44d85b[_0x2c930a + 0x3]) << 0xc, _0x5012cf |= (0x3f & _0x44d85b[_0x2c930a + 0x4]) << 0x6, _0x5012cf |= 0x3f & _0x44d85b[_0x2c930a + 0x5], _0x449558 += String.fromCharCode(_0x5012cf), _0x2c930a += 0x6) : 0xf8 === (0xf8 & _0x1e1503) ? (_0x5012cf = (0x7 & _0x44d85b[_0x2c930a]) << 0x18, _0x5012cf |= (0x3f & _0x44d85b[_0x2c930a + 0x1]) << 0x12, _0x5012cf |= (0x3f & _0x44d85b[_0x2c930a + 0x2]) << 0xc, _0x5012cf |= (0x3f & _0x44d85b[_0x2c930a + 0x3]) << 0x6, _0x5012cf |= 0x3f & _0x44d85b[_0x2c930a + 0x4], _0x449558 += String.fromCharCode(_0x5012cf), _0x2c930a += 0x5) : 0xf0 === (0xf0 & _0x1e1503) ? (_0x5012cf = (0xf & _0x44d85b[_0x2c930a]) << 0x12, _0x5012cf |= (0x3f & _0x44d85b[_0x2c930a + 0x1]) << 0xc, _0x5012cf |= (0x3f & _0x44d85b[_0x2c930a + 0x2]) << 0x6, _0x5012cf |= 0x3f & _0x44d85b[_0x2c930a + 0x3], _0x449558 += String.fromCharCode(_0x5012cf), _0x2c930a += 0x4) : 0xe0 === (0xe0 & _0x1e1503) ? (_0x5012cf = (0x1f & _0x44d85b[_0x2c930a]) << 0xc, _0x5012cf |= (0x3f & _0x44d85b[_0x2c930a + 0x1]) << 0x6, _0x5012cf |= 0x3f & _0x44d85b[_0x2c930a + 0x2], _0x449558 += String.fromCharCode(_0x5012cf), _0x2c930a += 0x3) : 0xc0 === (0xc0 & _0x1e1503) ? (_0x5012cf = (0x3f & _0x44d85b[_0x2c930a]) << 0x6, _0x5012cf |= 0x3f & _0x44d85b[_0x2c930a + 0x1], _0x449558 += String.fromCharCode(_0x5012cf), _0x2c930a += 0x2) : (_0x449558 += String.fromCharCode(_0x44d85b[_0x2c930a]), _0x2c930a += 0x1);
    return _0x449558;
}

function getTS(){
    var _0x44d85b = new Date();
    _0x44d85b['setMonth'](_0x44d85b['getMonth']() + 0x1),
        _0x44d85b['setDate'](0xf),
        _0x44d85b['setHours'](0x0),
        _0x44d85b['setMinutes'](0x0),
        _0x44d85b['setSeconds'](0x0),
        _0x44d85b['setMilliseconds'](0x0);
    var _0x1e1503 = Math['ceil'](_0x44d85b['getTime']() / 0x3e8);
    return _0x1e1503
}

function decrypt(str){
    return _0x3598dd(_0x482aff(_0x23ddbb(str)));
}