京东h5st逆向 python代码算法还原逆向分析 h5st代码

【京东h5st逆向 python代码算法还原逆向分析 h5st代码】废话不多说直接开干!
知识点 node
上才艺
京东抓包遇到h5st算法
# coding=utf-8import jsonimport mathimport randomimport timefrom tkinter import filedialog, messagebox, ttkimport urllibfrom urllib.parse import quote, unquotefrom urllib import parseimport pymysqlimport requestsimport xlrdfrom tkinter.ttk import Labelfrom tkinter import *import urllib3import xlwtfrom xlwt import Workbookimport threadingimport tkinter as tkfrom tkinter import *from tkinter.ttk import *# 为了让按钮更加美观,所以使用tkinter.ttkfrom tkinter.simpledialog import *# 输入邮箱账号需要用到from tkinter.messagebox import *import smtplib# 发送字符串的邮件from email.mime.text import MIMEText# 处理多种形态的邮件主体我们需要 MIMEMultipart 类from email.mime.multipart import MIMEMultipart# 处理图片需要 MIMEImage 类from email.mime.image import MIMEImageimport random# 随机生成激活码import osimport datetime# 获取WMI接口urllib3.disable_warnings()def logic():sku = 100064564679cookie ='shshshfpa=4b770525-82d6-9dc2-191f-49213e2808af-1693276292; shshshfpx=4b770525-82d6-9dc2-191f-49213e2808af-1693276292; pinId=LxgJESmodokf_AhbrnKClw; pin=jinshiyuan1123; unick=jinshiyuan1123; _tp=qTmSS0pjZ%2BpSltacjzri4w%3D%3D; _pst=jinshiyuan1123; __jdv=76161171|direct|-|none|-|1697592319693; mba_muid=16934744924511616091388; user-key=11a484e2-f35f-4a4f-9827-c95f59dd47eb; __jdu=16983895067841432816868; TrackID=1HFZlWtgARPlbI1mTVFpwZ3u_SB09-1Q_bI6WyUS8IpkISJ6MmmNv6LbsWxET-X7MWNjLiNaACNKV-1Vht0fWcs89QNcw4qXk4Rqhs0xYx08; thor=EEFDDDF33A2E1B1574F38D3AEF89005246E4DF7F7341012C233F05A1CE1050707F2B2C7784309754BA0DF8532A4DF03135775FD5699D900B1443BD2FB2076E4CE284DDE4DF56071F679BE3AC90F368F539C29EBBA1F6CAEB5149648AA360E7948AB67D04395B9891D618EC1E696E8BC2635F84B0B83609EB90421520EB98293C7DF602769976770087AF3D1CBA2510AB; flash=2_7fZdpf_i3XDxiQCGotfuowSRGt_716ZFdTPZqfOjcmExH9AiqitrXU-JV6KP5hIbOio7x8_X8iS7NHJGVpeQRnyZjGY7IVA643W1OyW4DRq*; areaId=12; ipLoc-djd=12-904-907-50559; joyya=1698717531.1698727780.24.0oyeyhv; 3AB9D23F7A4B3C9B=7XKWKVW52FZTKEZTBRHLN5KSUEOMU4POIZAQBRA6ZODCWLPXFZ3VTUJEEWD6VNMV5C6RX3F4J4JIIGCLO65JD33MS4; 3AB9D23F7A4B3CSS=jdd037XKWKVW52FZTKEZTBRHLN5KSUEOMU4POIZAQBRA6ZODCWLPXFZ3VTUJEEWD6VNMV5C6RX3F4J4JIIGCLO65JD33MS4AAAAMLRDXCJ6YAAAAAD7HKTBXNJK6MCMX; __jda=122270672.16983895067841432816868.1698389507.1698735389.1698809391.6; __jdc=122270672; shshshfpb=AAjAp7oiLEncFJYLWncIZH0khPigIrxaTJ2KSSQAAAAA'# body ={"skuId":'{}'.format(sku),"cat":"670,686,694","area":"12_904_907_50559","shopId":"1000000193","venderId":1000000193,"paramJson":"{\"platform2\":\"100000000001\",\"specialAttrStr\":\"p0ppp1ppppppp1p1ppp1pppppppppp\",\"skuMarkStr\":\"00\"}","num":1,"bbTraffic":""}body = {'skuId': '{}'.format(sku), 'cat': '670,686,694', 'area': '12_904_907_50559', 'shopId': '1000000193','venderId': 1000000193,'paramJson': '{"platform2":"100000000001","specialAttrStr":"p0ppp1ppppppp1p1ppp1pppppppppp","skuMarkStr":"00"}','num': 1, 'bbTraffic': ''}body = str(body)body = urllib.parse.quote(body)print(body)# arr = []url = f'http://api.m.jd.com/?appid=pc-item-soa&functionId=pc_detailpage_wareBusiness&client=pc&clientVersion=1.0.0&t=1698750510309&body={body}&h5st=20231031190830356%3Bi6m6tn59gzim6id4%3Bfb5df%3Btk03w7a7f1b7f18n8a22ELMyzM0mwOM-PwhM63p7VR8R1fnZ_heth5R0NWngch5F1PA3t8gNeNnYDPPLyXNvB0gioGhe%3Ba04c942331d89ec5716f4426106ada2d%3B4.1%3B1698750510356%3Bee3cf7f6b94dc20e9265d83066bb9ceece4bb89e2b7e8bf5afb1bfd928788174bfa06c210ddd4437d8a2e234330c3a3980b96c3953b1ab788029ae792b39e113fdb0afe561ae12a73f3af9b8a64728f57c630d34f84ca87accc9a23f00b0184bd98829b8be46bd20b9e731ced214f78760d3b8ca56d6109ac4d4ecd6978787def74cdfbd40842c3cc5bdbb0080705528e358fc8607e931c023ddcf687b0c8e22be28e589ea6fdf726a7b00bce26101fea466541de03f731e24eebb4a913a6b50db014840a7a4f2c58ed091816e030cec3502d2fa30190a346ee5d64f65b4b5e83139a1fefc5e77bd99c2db61685d6dc651257be1e39cf8831fb7ac74816b6ac8d9e5830318daa925cb5d37dece35a3c932de7bb820ef044e65bf57eda47f600e218ab3f26faa55011219797d2c637f1a&x-api-eid-token=jdd03WLRBUSCQ54JFTSTWBWXLTWRCF5VI2SDVQQU5FBSYI6HL7RDY7WWNH5WNDDQK7XUEDI25TMLP623GF3ITSQRVSDB4C4AAAAMLQVVW7WIAAAAADKIC3UH3MNPZCMX&loginType=3&uuid=122270672.1697946179154327479288.1697946179.1697946179.1698750210.2'print(url)# headers = {## 'Accept':'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9',#'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36',##'cookie': cookie,#'Content-Type': "application/json",#'Origin': 'https://item.jd.com',#'X-Referer-Page': f"https://item.jd.com/{sku}.html",## }headers = {"Authority": "api.m.jd.com","Accept": "application / json, text / javascript, * / *; q = 0.01","Accept - Encoding": "gzip, deflate, br","Accept - Language": "zh - CN, zh;q = 0.9","Cookie": cookie,"Origin": "https://item.jd.com","Referer": "https://item.jd.com/","Sec-Ch-Ua": "\"Not.A/Brand\";v=\"8\", \"Chromium\";v=\"114\", \"Google Chrome\";v=\"114\"","Sec-Ch-Ua-Mobile": "?0","Sec-Ch-Ua-Platform": "\"Windows\"","Sec-Fetch-Dest": "empty","Sec-Fetch-Mode": "cors","Sec-Fetch-Site": "same-site","User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36","X-Referer-Page": f"https://item.jd.com/{sku}.html","X-Rp-Client": "h5_1.0.0"}print(headers)req = requests.get(url, headers=headers, timeout=2)print(req.text)da = re.findall('"promise":".*预(.*?).*",', req.text)print(da)try:if da[0] == '计':print('succ')except Exception:print('fail')passlogic()
参数分析 做爬虫最重要的事就是抓包,抓到想要的包之后发现某东新增了两个参数 。
经过测试发现x-api-eid-token不是非必须校验参数,有兴趣得小伙伴可以自行分析 。
接着看目标参数,可以看见该参数组成部分非常得多,肉眼可见的有时间戳得格式化日期和时间戳,其他的暂时不知 。
全局搜索h5st发现意义不大,在这里主要采用xhr断点 。
我这里选择的是处打下断点,重新刷新页面后断点就断下了 。
此时发现h5st已经生成了,向上跟栈查看哪里调用了该函数 。
向上追了一层调用栈后发现此处出现了目标参数,依旧是打下断点进行分析 。
跳到断点处,首先是将n进行json进行序列化和反序列化以便后续操作,然后进行处理,看到then就知道是一个异步处理 。
如果猜的不错的话,加密逻辑应该是放在了这个异步中,完成加密后赋值给n对象,此时就完成了参数的组装 。
分析完成后分别看一下n、a.body是什么 。
n是请求参数的一部分,body是哈希后的值,在后面生成h5st需要用到 。
扣代码
分析完成后,就是扣代码了 。对于异步的逻辑在跟值得时候经常后跟丢,在这里讲一个小技巧,遇到异步标识时使用F9去步入,这样可以有效的进入每一层,能够少走很多冤枉路 。
单步进入发现在此处强行更改了this的指向,此处比较可疑 。在这里插入图片描述
再观察一下的值 。
可以看到出现了加密后的body值,在这里就要打起十二分的精神了 。此处绝对有问题!
this中的函数追进去,发现是一个字符串的拼接然后进行的加密处理(此时的算法可能会有不同),通过函数名称可以得知生成了一个key,至于有什么用,暂时不得而知 。
在这里插入图片描述 其中tk、fp、ts、ai、algo这五个值的由来分别是:接口处返回、浏览器指纹、格式化的时间戳、appid、加密库 。
tk和fp可以写死,ts可以通过处理 。
继续跟栈,知道出现下图 。
也就是h5st中的关键参数 。
实际上核心逻辑在这里,还原后的结果如下:
s = rr['HmacSHA256'](a, n).toString();
a是之前的对象做了处理,body已经知道是后结果,中间一串固定,最后是一个当前时间戳 。n就是之前的结果 。
其实在这里要进行加密处理的是a,盐是n 。
那么现在就清晰了,借用一下大佬的文章,里面说的很清楚 。
效果图
最后上h5st代码 自行研究
const CryptoJS = require("crypto-js");const axios = require("axios");const ADLER32 = require("adler-32");class h5st {constructor(cookieStr, userAgent, config, url) {this.cookieStr = cookieStr;this.userAgent = userAgent;if (url) {try {this.url = url;this.origin = new URL(url).origin;} catch(e) {console.log('url传递错误')}}this.map = new Map();this.settings = {debug: !1,preRequest: !1,timeout: 2,};var Q_ = {DYNAMIC_TOKEN: "WQ_dy_tk_s_file",DYNAMIC_ALGORITHM: "WQ_dy_algo_s_file",VK: "WQ_vk1_file",FLAG: "WQ_f_v_file",};this.gb = { UNSIGNABLE_PARAMS: 1, APPID_ABSENT: 2, TOKEN_EMPTY: 3, GENERATE_SIGNATURE_FAILED: 4, UNHANDLED_ERROR: -1 };this._storagetokenKey = Q_.DYNAMIC_TOKEN;this._storageAlgnKey = Q_.DYNAMIC_ALGORITHM;this._storageFormatVersionKey = Q_.FLAG;this._version = "4.2";this._storageFpKey = Q_.VK;this._token = "";this._defaultToken = "";this._isNormal = !1;this._appId = "";this._defaultAlgorithm = {local_key_1: CryptoJS.MD5,local_key_2: CryptoJS.SHA256,local_key_3: CryptoJS.HmacSHA256,};this.algos = {MD5: CryptoJS.MD5,SHA256: CryptoJS.SHA256,SHA512: CryptoJS.SHA512,HmacSHA256: CryptoJS.HmacSHA256,HmacSHA512: CryptoJS.HmacSHA512,HmacMD5: CryptoJS.HmacMD5,};this._formatVersion = 4.2;this._fingerprint = "";config = Object.assign({}, this.settings, config);this.__iniConfig(config);}S_(t) {function w_(t, r) {r = r || 0;for (var n = t.length - r, e = new Array(n); n--; ) e[n] = t[n + r];return e;}if (t) {var n = "[sign] ",o = new Array(arguments.length > 1 ? arguments.length - 1 : 0),i = 1;for (var i = 1; i < arguments.length; i++) {o[i - 1] = arguments[i];}var a = w_(o);console.log([n].concat(a));}}x_(params) {// console.log(JSON.stringify(params));}async __iniConfig(t) {var i = t.appId,a = t.preRequest,u = t.debug,c = t.timeout,f = t.onSign,s = t.onRequestToken,v = t.onRequestTokenRemotely;(!("string" == typeof t.appId) || !t.appId) && console.error("settings.appId must be a non-empty string");this._appId = i || "";if (this._appId) {this._storagetokenKey = "".concat(this._storagetokenKey, "_").concat(this._appId);this._storageAlgnKey = "".concat(this._storageAlgnKey, "_").concat(this._appId);this._storageFormatVersionKey = "".concat(this._storageFormatVersionKey, "_").concat(this._appId);this._storageFpKey = "".concat(this._storageFpKey, "_").concat(this._appId);}this._timeout = Number(c);this._debug = Boolean(u);this._onSign = "function" == typeof f ? f : this.x_;this._onRequestToken = "function" == typeof s ? s : this.x_;this._onRequestTokenRemotely = "function" == typeof v ? v : this.x_;this.S_(this._debug, "create instance with appId=".concat(this._appId));this.S_(this._debug, "create instance with timeout=".concat(this._timeout));if (a) await this.__requestDeps();}__genDefaultKey(t, r, n, e) {function C_(t) {return (t + "===".slice((t.length + 3) % 4)).replace(/-/g, "+").replace(/_/g, "/");}var z = this,D = "",B = "9>5*t5";var L = "".concat(t).concat(r).concat(n).concat(e).concat(B),M = CryptoJS.enc.Utf8.stringify(CryptoJS.enc.Base64.parse(C_(this.__parseToken(t, 16, 28))));var E = M.match(/^[123]([x+][123])+/);if (E) {var k = E[0].split(""),T = this._defaultAlgorithm,P = "";k.forEach(function (r) {var e = ["+", "x"];if (isNaN(r)) e.indexOf(r) >= 0 && (P = r);else {var u = "".concat("local_key_").concat(r);if (T[u])switch (P) {case "+":D = "".concat(D).concat(z.__algorithm(u, L, t));break;case "x":D = z.__algorithm(u, D, t);break;default:D = z.__algorithm(u, L, t);}}});}this.S_(this._debug, "__genDefaultKey input=" + L + ",express=" + M + ",key=" + D);return D;}__algorithm(t, r, n) {var o = this._defaultAlgorithm[t];return t === "local_key_3" ? o(r, n).toString(CryptoJS.enc.Hex) : o(r).toString(CryptoJS.enc.Hex);}__parseToken(t, r, n) {return t ? t.slice(r, n) : "";}__parseAlgorithm(t, r) {if (t && r) {this._token = t || "";this.__genKey = (r && new Function("return ".concat(r))()) || null;var a = this._token && this.__genKey;this._isNormal = a;return a;}return !1;}__genSignParams(t, r, n, e) {return ["".concat(n),"".concat(this._fingerprint),"".concat(this._appId),"".concat(this._isNormal ? this._token : this._defaultToken),"".concat(t),"".concat(this._version),"".concat(r),"".concat(e),].join(";");}__genSign(t, r) {var l = r.map(function (t) {return t.key + ":" + t.value;}).join("&");var h = CryptoJS.SHA256(t + l + t).toString(CryptoJS.enc.Hex);this.S_(this._debug, "__genSign, paramsStr:".concat(l, ", signedStr:").concat(h));return h;}async __requestDeps() {function Xb() {var U = "6d0jhqw3pa";var nt = Vb(U, 4);var rt = Jb();var Q = tw(U, nt);var tt =Qb({ size: rt, num: Q }) +nt +Qb({size: 11 - rt,num: Q,}) +rt;var Z = tt.split("");var X = Z.slice(0, 14);var J = Z.slice(14);var V = [];for (; X.length > 0; ) V.push((35 - parseInt(X.pop(), 36)).toString(36));V = V.concat(J);var Y = V.join("");return Y;}function Vb(t, r) {var b,C = [],A = t.length,S = (function (t, r) {var lt;if (typeof Ld === "undefined" || t[Symbol.iterator] == null) {if (Array.isArray(t) || (lt = Yb(t)) || (r && t && typeof t.length === "number")) {lt && (t = lt);var dt = 0;return {s: function () {},n: function () {if (dt >= t.length) {return {done: !0,};}return {done: !1,value: t[dt++],};},e: function (t) {throw t;},f: function () {},};}throw new TypeError("Invalid attempt to iterate non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.");}var st,vt = !0,ht = !1;return {s: function () {lt = t[Symbol.iterator]();},n: function () {var r = lt.next();return (vt = r.done), r;},e: function (t) {(ht = !0), (st = t);},f: function () {try {!vt && lt.return != null && lt.return();} finally {if (ht) throw st;}},};})(t);try {for (S.s(); !(b = S.n()).done; ) {var z = b.value;if (Math.random() * A < r && (C.push(z), --r == 0)) break;A--;}} catch (t) {S.e(t);} finally {S.f();}for (var D = "", B = 0; B < C.length; B++) {var j = (Math.random() * (C.length - B)) | 0;(D += C[j]), (C[j] = C[C.length - B - 1]);}return D;}function Yb(t, r) {if (!t) return;if (typeof t === "string") return Ub(t, r);var D = t.slice(8, -1);D === "Object" && t.constructor && (D = t.constructor.name);if (D === "Map" || D === "Set") return Array.from(t);if ("Arguments" === D || /^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/["test"](D)) return Ub(t, r);}function Ub(t, r) {(r == null || r > t.length) && (r = t.length);for (var h = 0, l = new Array(r); h < r; h++) l[h] = t[h];return l;}function Jb() {return (Math.random() * 10) | 0;}function tw(t, r) {for (var d = 0; d < r.length; d++) {var x = t.indexOf(r[d]);x !== -1 && (t = t.replace(r[d], ""));}return t;}function Qb(t) {var _ = t.size,g = t.num;for (var y = ""; _--; ) y += g[(Math.random() * g.length) | 0];return y;}var storageFormatVersion = this.getSync(this._storageFormatVersionKey);this.S_(this._debug, "__requestDeps, storageFormatVersion:" + storageFormatVersion + ", _formatVersion:" + this._formatVersion);if (!storageFormatVersion || storageFormatVersion !== this._formatVersion) {this.removeSync(this._storageFpKey);this.removeSync(this._storagetokenKey);this.removeSync(this._storageAlgnKey);this.setSync(this._storageFormatVersionKey, this._formatVersion, { expire: 365 * (3600 * 24) });}this._fingerprint = this.getSync(this._storageFpKey);if (this._fingerprint) {this.S_(this._debug, "__requestDeps use cache fp, fp:" + this._fingerprint);} else {this._fingerprint = Xb();this.setSync(this._storageFpKey, this._fingerprint, { expire: 3600 * 24 * 365 });this.S_(this._debug, "__requestDeps use new fp, fp:" + this._fingerprint);}var token = CryptoJS.enc.Utf8.stringify(CryptoJS.enc.Base64.parse(this.getSync(this._storagetokenKey) || ""));var algorithm = CryptoJS.enc.Utf8.stringify(CryptoJS.enc.Base64.parse(this.getSync(this._storageAlgnKey) || ""));if (this.__parseAlgorithm(token, algorithm)) {var response = {code: 0,message: "use normalToken",};this._onRequestToken(response);this.S_(this._debug, "__requestDeps, use cache token, token:" + this._token);return;}var response = {code: 1,message: "use defaultToken",};this._onRequestToken(response);this.S_(this._debug, "__requestDeps, start __requestAlgorithm, fp:" + this._fingerprint);try {await this.__requestAlgorithm();} catch (error) {this.S_(this._debug, "__requestDeps request token failed, error: " + error);}this.S_(this._debug, "__requestDeps, end __requestAlgorithm, fp:".concat(this._fingerprint));}async __requestAlgorithm() {var Dt = this.Cw(0);Dt.ai = this._appId;Dt.fp = this._fingerprint;var Bt = JSON.stringify(Dt, null, 2);this.S_(this._debug, "__requestAlgorithm envCollect=".concat(Bt));var jt = CryptoJS.AES.encrypt(Bt, CryptoJS.enc.Utf8.parse("wm0!@w-s#ll1flo("), {iv: CryptoJS.enc.Utf8.parse("0102030405060708"),});var fr = {fingerprint: this._fingerprint,appId: this._appId,version: this._version,timeout: this._timeout,env: jt.ciphertext.toString(),debug: this._debug,};var result = await this.im(fr, this._onRequestTokenRemotely);var h = result.algo,l = result.token,p = result.fp;var v = this.__parseAlgorithm(l, h);if (!v) return;var d = this.getSync(this._storageFpKey, 1);if (!p || (d && p === d)) {var w = this.__parseToken(l, 13, 15);var A = parseInt(w, 16);var C = 60 * A * 60;this.setSync(this._storagetokenKey, CryptoJS.enc.Base64.stringify(CryptoJS.enc.Utf8.parse(l)), { expire: C });this.setSync(this._storageAlgnKey, CryptoJS.enc.Base64.stringify(CryptoJS.enc.Utf8.parse(h)), { expire: C });this.S_(this._debug, "__requestAlgorithm request success!, token:".concat(l));} else {this.S_(this._debug, "__requestAlgorithm request success!,but not save token:".concat(l, ", storageFp:").concat(d, ", fp:").concat(p));}return;}async im(t, r) {try {var { data, status } = await axios({url: "https://cactus.jd.com/request_algo",method: "post",data: {version: t.version,fp: t.fingerprint,appId: t.appId,timestamp: Date.now(),platform: "web",expandParams: t.env,fv: "h5_npm_v4.2.0",},headers: {"Content-Type": "application/json;charset=utf-8",Origin: "https://cactus.jd.com",Host: "cactus.jd.com",accept: "*/*","User-Agent": this.userAgent,},});var a = {code: status,message: "",};r && r(a);if (status == 200 && data && data.data && data.data.result) {var f = data.data.result,s = f.algo,v = f.tk,h = f.fp;if (s && v) {var l = {algo: s,token: v,fp: h,};return l;} else {console.log("data.result format error.");}} else {console.log("request params error.");}} catch (e) {var b = e.code,w = e.message;r &&r({code: b,message: w,});console.log("request error, ".concat(b, ", ").concat(w));}return {};}__checkParams(t) {function jm(t) {return "[object Object]" === Object.prototype.toString.call(t);}function Lm(t) {return !!jm(t) && !Object.keys(t).length;}function b_(t) {var _m = ["h5st", "_stk", "_ste"];for (var r = Object.keys(t), n = 0; n < r.length; n++) {var e = r[n];if (_m.indexOf(e) >= 0) {return !0;}}return !1;}var b = null;if (!this._appId) {b = {code: this.gb.APPID_ABSENT,message: "appId is required",};}if (!jm(t)) {b = {code: this.gb.UNSIGNABLE_PARAMS,message: "params is not a plain object",};}if (Lm(t)) {b = {code: this.gb.UNSIGNABLE_PARAMS,message: "params is empty",};}if (b_(t)) {b = {code: this.gb.UNSIGNABLE_PARAMS,message: "params contains reserved param name.",};}if (b) return this._onSign(b), null;var g = Object.keys(t).sort().map(function (r) {return {key: r,value: t[r],};}).filter(function (t) {let type = typeof t.value;return ("number" == type && !isNaN(t.value)) || "string" == type || "boolean" == type;});if (g.length === 0) {var _ = {code: this.gb.UNSIGNABLE_PARAMS,message: 'params is empty after excluding "unsafe" params',};this._onSign(_);return null;}return g;}__makeSign(t, r) {function xb() {var t = arguments.length > 0 && void 0 !== arguments[0] ? arguments[0] : Date.now(),e = arguments.length > 1 && void 0 !== arguments[1] ? arguments[1] : "yyyy-MM-dd",n = new Date(t),r = e,o = {"M+": n.getMonth() + 1,"d+": n.getDate(),"D+": n.getDate(),"h+": n.getHours(),"H+": n.getHours(),"m+": n.getMinutes(),"s+": n.getSeconds(),"w+": n.getDay(),"q+": Math.floor((n.getMonth() + 3) / 3),"S+": n.getMilliseconds(),};return (/(y+)/i.test(r) && (r = r.replace(RegExp.$1, "".concat(n.getFullYear()).substr(4 - RegExp.$1.length))),Object.keys(o).forEach(function (t) {if (new RegExp("(".concat(t, ")")).test(r)) {var e = "S+" === t ? "000" : "00";r = r.replace(RegExp.$1, 1 == RegExp.$1.length ? o[t] : "".concat(e).concat(o[t]).substr("".concat(o[t]).length));}}),r);}function uw(t) {var ht = {magic: "tk",version: "02",platform: "w",expires: "41",producer: "l",expr: gw(),cipher: fw(t),};ht.adler32 = cw(ht.magic + ht.version + ht.platform + ht.expires + ht.producer + ht.expr + ht.cipher);return ht.magic + ht.version + ht.platform + ht.adler32 + ht.expires + ht.producer + ht.expr + ht.cipher;}function gw() {var G = {size: 32,dictType: "max",customDict: null,};var N = d_(G);var R = ["1", "2", "3"];var Y = ["+", "x"];var F = 2 + Math.floor(Math.random() * 4);var K = "";for (var W = 0; W < F; W++) (K += R[Math.floor(3 * Math.random())]), W < F - 1 && (K += Y[Math.floor(2 * Math.random())]);K.length < 9 && (K += N.substr(0, 9 - K.length));var H = CryptoJS.enc.Utf8.parse(K);var q = CryptoJS.enc.Base64.stringify(H);return A_(q);}function d_() {var t,r = arguments.length > 0 && void 0 !== arguments[0] ? arguments[0] : {},n = r.size,e = void 0 === n ? 10 : n,o = r.dictType,i = void 0 === o ? "number" : o,a = r.customDict,u = "";if (a && "string" == typeof a) t = a;elseswitch (i) {case "alphabet":t = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";break;case "max":t = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_-";break;case "number":default:t = "0123456789";}for (; e--; ) u += t[(Math.random() * t.length) | 0];return u;}function A_(t) {return t.replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");}function fw(t) {d_({size: 32,dictType: "max",customDict: null,});var J = "";var Z = Date.now();var V = "z7";var $ = "qem7+)g%Dhw5";var Q = sw(t, Z, V, $);J += lw(Q);J += lw(V);J += lw($);J += xw(Z);J += lw(t);var X = CryptoJS.enc.Hex.parse(J);var tt = CryptoJS.AES.encrypt(X, CryptoJS.enc.Utf8.parse("x6e@RoHi$Fgy7!5k"), { iv: CryptoJS.enc.Utf8.parse("0102030405060708") });return A_(CryptoJS.enc.Base64.stringify(tt.ciphertext));}function sw(t, r, n, e) {var nt = new Uint8Array(16);nt.forEach(function (r, n, e) {e[n] = t.charCodeAt(n);});var et = pw(r),ot = new Uint8Array(2);ot.forEach(function (t, r, e) {e[r] = n.charCodeAt(r);});var at = new Uint8Array(12);at.forEach(function (t, r, n) {n[r] = e.charCodeAt(r);});var ut = new Uint8Array(38);ut.set(ot), ut.set(at, 2), ut.set(et, 14), ut.set(nt, 22);var ct = adler32.buf(ut);var st = "00000000" + (ct = ct >>> 0).toString(16);return st["substr"](st.length - 8);}function pw(t) {var C = (function () {var n = new ArrayBuffer(2);return new DataView(n).setInt16(0, 256, !0), new Int16Array(n)[0] === 256;})(),A = Math.floor(t / Math.pow(2, 32)),S = t % Math.pow(2, 32),z = new ArrayBuffer(8),D = new DataView(z);return C ? (D.setUint32(0, S, C), D.setUint32(4, A, C)) : (D.setUint32(0, A, C), D.setUint32(4, S, C)), new Uint8Array(z);}function xw(t) {return vw(pw(t));}function lw(t) {var h = new Uint8Array(t.length);h.forEach(function (r, n, e) {e[n] = t.charCodeAt(n);});return vw(h);}function vw(t) {return t.map(function (t) {return "00" + (t & 255).toString(16).slice(-2);}).join("");}function cw(t) {var h = ADLER32.str(t);h >>>= 0;var y = "00000000" + h.toString(16);return y["substr"](y.length - 8);}var f = "";var b = Date.now();var s = xb(b, "yyyyMMddhhmmssSSS");var v = s + "74";if (this._isNormal) {f = this.__genKey(this._token, this._fingerprint, v, this._appId, this.algos).toString() || "";} else {this._defaultToken = uw(this._fingerprint);f = this.__genDefaultKey(this._defaultToken, this._fingerprint, v, this._appId);}var h = {};if (f) {var l = this.__genSign(f, t);var p = t.map(function (t) {return t.key;}).join(",");var d = this.__genSignParams(l, b, s, r);var x = {key: f,signStr: l,_stk: p,_ste: 1,h5st: d,};this.S_(this._debug, "__makeSign, result:" + JSON.stringify(x, null, 2));var h = {_stk: p,_ste: 1,h5st: d,};var g = {code: 0,message: "success",};this._onSign(g);return h;}if (this._token || this._defaultToken) {var _ = {code: this.gb.GENERATE_SIGNATURE_FAILED,message: "generate key failed",};this._onSign(_);} else {var m = {code: this.gb.TOKEN_EMPTY,message: "token is empty",};this._onSign(m);}}__collect() {var T = this.Cw(1);T.fp = this._fingerprint;var P = JSON.stringify(T, null, 2);this.S_(this._debug, "__collect envCollect=".concat(P));var I = CryptoJS.AES.encrypt(P, CryptoJS.enc.Utf8.parse("DNiHi703B0&17hh1"), {iv: CryptoJS.enc.Utf8.parse("0102030405060708"),});return I.ciphertext.toString();}async sign(t) {try {var e = Date.now();var o = this.__checkParams(t);if (o == null) {return t;}await this.__requestDeps();var collectedData = http://www.kingceram.com/post/this.__collect();var a = this.__makeSign(o, collectedData);this.S_(this._debug,"sign elapsed time!".concat(Date.now() - e, "ms"));return Object.assign({}, t, a);} catch (e) {var J = {code: this.gb.UNHANDLED_ERROR,message: "unknown error",};this._onSign(J);return t;}}getSync(e) {return this.map.get(e);}removeSync(e) {this.map.delete(e);}setSync(k, v) {this.map.set(k, v);}Cw(o) {var temp = this;function mw(t) {if (temp.cookieStr) {var r = new RegExp("(^| )" + t + "(?:=([^;]*))?(;|$)"),n = temp.cookieStr.match(r);if (!n || !n[2]) return "";var e = n[2];try {return /(%[0-9A-F]{2}){2,}/.test(e) ? decodeURIComponent(e) : unescape(e);} catch (t) {return unescape(e);}}}function d_() {var t,r = arguments.length > 0 && void 0 !== arguments[0] ? arguments[0] : {},n = r.size,e = void 0 === n ? 10 : n,o = r.dictType,i = void 0 === o ? "number" : o,a = r.customDict,u = "";if (a && "string" == typeof a) t = a;elseswitch (i) {case "alphabet":t = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";break;case "max":t = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_-";break;case "number":default:t = "0123456789";}for (; e--; ) u += t[(Math.random() * t.length) | 0];return u;}var ft = ["pp", "sua", "random", "referer", "v", "extend"];var ct = {};var st = function (key, func) {try {if ((o === 1 && ft.includes(key)) || o === 0) {ct[key] = func();}} catch (e) {console.log(e);}};st("wc", function (t) {//return /Chrome/.test(window.navigator.userAgent) && !window.chrome ? 1 : 0;return 0;});st("wd", function (t) {//return navigator.webdriver ? 1 : 0;return 0;});st("l", function (t) {//return navigator.language;return "zh-CN";});st("ls", function (t) {//return navigator.languages.join(",");return "zh-CN,zh";});st("ml", function (t) {//return navigator.mimeTypes.length;return 0;});st("pl", function (t) {//return navigator.plugins.length;return 0;});st("av", function (t) {//return navigator.appVersion;let av = temp.userAgent.match(/(?<=\/)[0-9]\.0[^'"\n]+/g);return av.length > 0 ? av[0] : "";});st("ua", function (t) {//return window.navigator.userAgent;return temp.userAgent;});st("sua", function (t) {var regex = new RegExp("Mozilla/5.0 \\((.*?)\\)");//var matches = window.navigator.userAgent.match(regex);var matches = temp.userAgent.match(regex);return matches && matches[1] ? matches[1] : "";});st("pp", function (t) {var u = {};var i = mw("pwdt_id");var c = mw("pin");var a = mw("pt_pin");i && (u.p1 = i);c && (u.p2 = c);a && (u.p3 = a);return u;});st("extend", function () {// var e = navigator.permissions.query({//name: "notifications"// })// var Y = 0;// ("cdc_adoQpoasnfa76pfcZLmcfl_Array" in window || "cdc_adoQpoasnfa76pfcZLmcfl_Promise" in window || "cdc_adoQpoasnfa76pfcZLmcfl_Symbol" in window) && (Y |= 1);// ("$chrome_asyncScriptInfo" in window.document || "$cdc_asdjflasutopfhvcZLmcfl_" in window.document) && (Y |= 2);// var n = {//pm: Notification.permission === "denied" && e.state === "prompt" ? 1 : 0,//wd: window.navigator.webdriver ? 1 : 0,//l: !navigator.languages || navigator.languages.length === 0 ? 1 : 0,//ls: navigator.plugins.length,//bu1: rm,//wk: Y// }// return n;return { bu1: "0.1.9", l: 0, ls: 0, wd: 0, wk: 0 };});st("pp1", function (t) {var c = mw("pwdt_id");var u = mw("pin");var a = mw("pt_pin");if (!c && !u && !a) {var i = temp.cookieStr;if (i) return i;}return "";});st("pm", function () {//var result = navigator.permissions.query({ name: "notifications" });//return { ps: result.state, np: Notification.permission };return {ps: "prompt",np: "default",};});st("w", function (t) {//return window.screen.width;return 1536;});st("h", function (t) {//return window.screen.height;return 864;});st("ow", function (t) {//return window.outerWidth;return 1536;});st("oh", function (t) {//return window.outerHeight;return 864;});st("url", function (t) {//return location.href;return temp.url;});st("og", function (t) {//return location.origin;return temp.origin;});st("pf", function (t) {//return window.platform;return undefined;});st("pr", function (t) {//return window.devicePixelRatio;return 1.25;});st("re", function (t) {//return document.referrer;return "";});st("random", function (t) {return d_({ size: 10, dictType: "max", customDict: null });});st("referer", function (t) {//var i = new RegExp("[^?]*"),//u = document.referrer.match(i);//if (!u || !u[0]) return "";//return u[0];return "";});st("v", function (t) {return "h5_npm_v4.2.0";});return ct;}}async function main() {var cookieStr = "",userAgent ="";var h5stObj = new h5st(cookieStr, userAgent, {debug: false,preRequest: false,timeout: 2,appId: "ea491", onSign: function onSign(e) {e.code;},onRequestTokenRemotely: function onRequestTokenRemotely(e) {e.code, e.message;},onRequestToken: function onRequestToken(e) {e.code, e.message;},});var a = await h5stObj.sign({functionId: "whx_getShopHomeFloorInfo",appid: "shop_m_jd_com",clientVersion: "12.0.0",client: "wh5",body: CryptoJS.SHA256(JSON.stringify({ shopId: "1000002481", source: "m-shop" })).toString(),});console.log(a);//// var params = `functionId=whx_getShopHomeFloorInfo&body=${encodeURIComponent(JSON.stringify({ shopId: "1000002481", source: "m-shop" }))}&appid=shop_m_jd_com&client=wh5&clientVersion=12.0.0&h5st=${//a.h5st || ""// }`;var params = `pc-item-soa&functionId=pc_detailpage_wareBusiness&client=pc&clientVersion=1.0.0&t=1698813236207&body=${encodeURIComponent(JSON.stringify({"skuId":100064564679,"cat":"1319,11842,14936","area":"12_904_907_50559","shopId":"1000008122","venderId":1000008122,"paramJson":"{'platform2':1,'specialAttrStr':'p0ppppppppp2ppppppppppppppp','skuMarkStr':'00'}","num":1,"bbTraffic":""}))}&h5st=${a.h5st || ""}`;console.log( params);cookie = 'shshshfpa=4b770525-82d6-9dc2-191f-49213e2808af-1693276292; shshshfpx=4b770525-82d6-9dc2-191f-49213e2808af-1693276292; pinId=LxgJESmodokf_AhbrnKClw; pin=jinshiyuan1123; unick=jinshiyuan1123; _tp=qTmSS0pjZ%2BpSltacjzri4w%3D%3D; _pst=jinshiyuan1123; __jdv=76161171|direct|-|none|-|1697592319693; mba_muid=16934744924511616091388; user-key=11a484e2-f35f-4a4f-9827-c95f59dd47eb; __jdu=16983895067841432816868; TrackID=1HFZlWtgARPlbI1mTVFpwZ3u_SB09-1Q_bI6WyUS8IpkISJ6MmmNv6LbsWxET-X7MWNjLiNaACNKV-1Vht0fWcs89QNcw4qXk4Rqhs0xYx08; thor=EEFDDDF33A2E1B1574F38D3AEF89005246E4DF7F7341012C233F05A1CE1050707F2B2C7784309754BA0DF8532A4DF03135775FD5699D900B1443BD2FB2076E4CE284DDE4DF56071F679BE3AC90F368F539C29EBBA1F6CAEB5149648AA360E7948AB67D04395B9891D618EC1E696E8BC2635F84B0B83609EB90421520EB98293C7DF602769976770087AF3D1CBA2510AB; flash=2_7fZdpf_i3XDxiQCGotfuowSRGt_716ZFdTPZqfOjcmExH9AiqitrXU-JV6KP5hIbOio7x8_X8iS7NHJGVpeQRnyZjGY7IVA643W1OyW4DRq*; areaId=12; ipLoc-djd=12-904-907-50559; joyya=1698717531.1698727780.24.0oyeyhv; 3AB9D23F7A4B3C9B=7XKWKVW52FZTKEZTBRHLN5KSUEOMU4POIZAQBRA6ZODCWLPXFZ3VTUJEEWD6VNMV5C6RX3F4J4JIIGCLO65JD33MS4; 3AB9D23F7A4B3CSS=jdd037XKWKVW52FZTKEZTBRHLN5KSUEOMU4POIZAQBRA6ZODCWLPXFZ3VTUJEEWD6VNMV5C6RX3F4J4JIIGCLO65JD33MS4AAAAMLRDXCJ6YAAAAAD7HKTBXNJK6MCMX; __jda=122270672.16983895067841432816868.1698389507.1698735389.1698809391.6; __jdc=122270672; shshshfpb=AAjAp7oiLEncFJYLWncIZH0khPigIrxaTJ2KSSQAAAAA'const { data, status } = await axios({method: "get",url: `https:/api.m.jd.com/?appid=${params}`,headers: {"origin": "https://item.jd.com","cookie":cookie,"x-referer-page":"https://item.jd.com/100064564679.html","User-Agent": userAgent,},});console.log(data);console.log(status);}main();