某点数据逆向分析教学文档<\/h1>

前言<\/h2>
本文详细分析某点数据排行榜接口的逆向过程，提供3种解决方案：手动Webpack+补环境、自动扣Webpack模块和算法还原。目标接口为`aHR0cHM6Ly9hcHAuZGlhbmRpYW4uY29tL3JhbmsvaW9zLw==<\/code>（Base64解码后为某点数据排行榜地址）。<\/p>`

逆向目标<\/h2>

接口：\/pc\/app\/v1\/rank<\/code><\/li>
关键参数：k<\/code>参数（动态生成）<\/li>
其他参数：time<\/code>、country_id<\/code>等（固定或简单参数）<\/li>
<\/ul>
逆向过程<\/h2>
1. 抓包分析<\/h3>

打开开发者工具，访问排行榜页面<\/li>
在Network中抓取\/pc\/app\/v1\/rank<\/code>接口<\/li>
观察请求参数，发现k<\/code>参数每次请求都会变化<\/li>
<\/ol>
2. XHR断点分析<\/h3>

在Sources面板下XHR断点：api.diandian.com\/pc\/app\/v1\/rank<\/code><\/li>
刷新页面，断点触发后通过调用堆栈找到m.request<\/code><\/li>
在m<\/code>变量中查找回调方法，重点关注onRequest<\/code><\/li>
发现k<\/code>参数在t<\/code>函数中生成<\/li>
<\/ol>
3. k参数生成逻辑<\/h3>
var<\/span> r<\/span> =<\/span> h<\/span>()(t<\/span>.params<\/span>, !<\/span>1<\/span>);
<\/span><\/span>o<\/span> =<\/span> Object(y<\/span>.a<\/span>)(r<\/span>, path<\/span>, { 
<\/span><\/span>    s<\/span>:<\/span> n<\/span>.s<\/span>, 
<\/span><\/span>    k<\/span>:<\/span> n<\/span>.k<\/span>, 
<\/span><\/span>    l<\/span>:<\/span> n<\/span>.l<\/span>, 
<\/span><\/span>    d<\/span>:<\/span> n<\/span>.d<\/span>, 
<\/span><\/span>    sort<\/span>:<\/span> n<\/span>.sort<\/span>, 
<\/span><\/span>    num<\/span>:<\/span> n<\/span>.num<\/span>
<\/span><\/span>}, "get"<\/span>);
<\/span><\/span>t<\/span>.params<\/span>.k<\/span> =<\/span> o<\/span>
<\/span><\/span><\/code><\/pre>y.a<\/code>函数来自Webpack模块2294，其内部逻辑：<\/p>

使用Object(l.b)<\/code>进行加密（AES）<\/li>
通过t.from<\/code>方法编码为Base64<\/li>
<\/ol>
解决方案<\/h2>
方案1：手动Webpack+补环境<\/h3>
步骤1：获取分发器<\/h4>

在y=n(2294)<\/code>处下断点<\/li>
获取runtime.js（Webpack分发器）<\/li>
将分发器导出：window.kk=r<\/code><\/li>
<\/ol>
步骤2：查找模块<\/h4>
\/\/ 控制台查找模块
<\/span><\/span><\/span><\/span>n<\/span>.m<\/span>[模块名<\/span>]
<\/span><\/span>
<\/span><\/span>\/\/ 示例调用
<\/span><\/span><\/span><\/span>a<\/span> =<\/span> window.kk<\/span>(2294<\/span>)
<\/span><\/span>r<\/span> =<\/span> { "start_time"<\/span>:<\/span> 1717776000<\/span>, "end_time"<\/span>:<\/span> 1718345618<\/span> }
<\/span><\/span>n<\/span> =<\/span> { 
<\/span><\/span>    "proxy"<\/span>:<\/span> "\/app"<\/span>, 
<\/span><\/span>    "target"<\/span>:<\/span> ""<\/span>, 
<\/span><\/span>    "sort"<\/span>:<\/span> "dd"<\/span>, 
<\/span><\/span>    "num"<\/span>:<\/span> 10<\/span>, 
<\/span><\/span>    "s"<\/span>:<\/span> "d044bec62c1c9f9eee1ebd567e501719"<\/span>, 
<\/span><\/span>    "k"<\/span>:<\/span> "93086c0e7c41cf46"<\/span>, 
<\/span><\/span>    "l"<\/span>:<\/span> "091043cf5d1393af"<\/span>, 
<\/span><\/span>    "d"<\/span>:<\/span> 0<\/span> 
<\/span><\/span>}
<\/span><\/span>path<\/span> =<\/span> "\/v2\/user\/monitor\/msg"<\/span>
<\/span><\/span>o<\/span> =<\/span> Object(a<\/span>.a<\/span>)(r<\/span>, path<\/span>, { 
<\/span><\/span>    s<\/span>:<\/span> n<\/span>.s<\/span>, 
<\/span><\/span>    k<\/span>:<\/span> n<\/span>.k<\/span>, 
<\/span><\/span>    l<\/span>:<\/span> n<\/span>.l<\/span>, 
<\/span><\/span>    d<\/span>:<\/span> n<\/span>.d<\/span>, 
<\/span><\/span>    sort<\/span>:<\/span> n<\/span>.sort<\/span>, 
<\/span><\/span>    num<\/span>:<\/span> n<\/span>.num<\/span>
<\/span><\/span>}, "get"<\/span>);
<\/span><\/span>console<\/span>.log<\/span>(o<\/span>)
<\/span><\/span><\/code><\/pre>步骤3：补环境<\/h4>

根据报错信息补全缺失模块<\/li>
补全常见环境如document<\/code>、navigator<\/code><\/li>
最终代码量约6万行<\/li>
<\/ol>
方案2：自动扣Webpack模块<\/h3>
步骤1：重写分发器<\/h4>
window.code<\/span> =<\/span> ''<\/span>;
<\/span><\/span>r<\/span> =<\/span> function<\/span> (e<\/span>) {
<\/span><\/span>    if<\/span> (r<\/span>[e<\/span>]) return<\/span> r<\/span>[e<\/span>].exports<\/span>;
<\/span><\/span>    var<\/span> d<\/span> =<\/span> r<\/span>[e<\/span>] =<\/span> { i<\/span>:<\/span> e<\/span>, l<\/span>:<\/span> !<\/span>1<\/span>, exports<\/span>:<\/span> {} };
<\/span><\/span>    console<\/span>.log<\/span>(e<\/span>)
<\/span><\/span>    window.code<\/span> +=<\/span> e<\/span> +<\/span> ':'<\/span> +<\/span> o<\/span>[e<\/span>] +<\/span> ',\r\n'<\/span>
<\/span><\/span>    return<\/span> o<\/span>[e<\/span>].call<\/span>(d<\/span>.exports<\/span>, d<\/span>, d<\/span>.exports<\/span>, r<\/span>), d<\/span>.l<\/span> =<\/span> !<\/span>0<\/span>, d<\/span>.exports<\/span>
<\/span><\/span>}
<\/span><\/span><\/code><\/pre>步骤2：导出模块<\/h4>

刷新页面并操作排行榜<\/li>
控制台执行copy(window.code)<\/code>导出模块<\/li>
将导出的模块放入本地分发器<\/li>
<\/ol>
方案3：算法还原<\/h3>
关键函数分析<\/h4>

Object(l.b)<\/code>：AES加密<\/li>
t.from<\/code>：UTF8编码<\/li>
<\/ol>
算法实现<\/h4>
\/\/ UTF8编码实现
<\/span><\/span><\/span><\/span>t<\/span> =<\/span> []
<\/span><\/span>t<\/span>.from<\/span> =<\/span> function<\/span> (hexString<\/span>, encoding<\/span>) {
<\/span><\/span>    if<\/span> (encoding<\/span> !==<\/span> "utf8"<\/span>) {
<\/span><\/span>        throw<\/span> new<\/span> Error("Unsupported encoding"<\/span>);
<\/span><\/span>    }
<\/span><\/span>    let<\/span> byteArray<\/span> =<\/span> new<\/span> Uint8Array<\/span>(hexString<\/span>.split<\/span>(''<\/span>).map<\/span>(char<\/span> => char<\/span>.charCodeAt<\/span>(0<\/span>)));
<\/span><\/span>    return<\/span> byteArray<\/span>;
<\/span><\/span>}
<\/span><\/span>
<\/span><\/span>\/\/ AES加密实现（Node.js）
<\/span><\/span><\/span><\/span>const<\/span> crypto<\/span> =<\/span> require<\/span>('crypto'<\/span>);
<\/span><\/span>var<\/span> c<\/span> =<\/span> crypto<\/span>.createDecipheriv<\/span>("aes-128-cbc"<\/span>, n<\/span>, o<\/span>);
<\/span><\/span>return<\/span> d<\/span> +=<\/span> c<\/span>.update<\/span>(e<\/span>, "hex"<\/span>, "utf8"<\/span>), d<\/span> +=<\/span> c<\/span>.final<\/span>("utf8"<\/span>);
<\/span><\/span>
<\/span><\/span>\/\/ 辅助函数
<\/span><\/span><\/span><\/span>function<\/span> c<\/span>(a<\/span>) {
<\/span><\/span>    return<\/span> function<\/span>(t<\/span>) {
<\/span><\/span>        return<\/span> t<\/span>;
<\/span><\/span>    };
<\/span><\/span>}
<\/span><\/span>var<\/span> n<\/span> =<\/span> c<\/span>()(t<\/span>);
<\/span><\/span>
<\/span><\/span>function<\/span> _<\/span>(n<\/span>) {
<\/span><\/span>    return<\/span> typeof<\/span> n<\/span> ===<\/span> 'object'<\/span> &&<\/span> n<\/span> !==<\/span> null<\/span>;
<\/span><\/span>}
<\/span><\/span><\/code><\/pre>完整实现<\/h4>
约70行代码即可完成k参数生成，相比Webpack方案更简洁。<\/p>
八爪鱼采集方案（无代码方案）<\/h2>
使用步骤<\/h3>

下载安装八爪鱼采集器<\/li>
新建任务，输入目标网址<\/li>
使用"自动识别"功能生成采集模板<\/li>
调整识别结果，删除多余字段或添加需要的字段<\/li>
设置代理（推荐快代理的私密代理或独享代理）<\/li>
保存并开始采集<\/li>
<\/ol>
进阶功能<\/h3>

自动打码<\/li>
点击翻页<\/li>
定时采集<\/li>
<\/ol>
总结<\/h2>



方案<\/th>
难度<\/th>
代码量<\/th>
适用场景<\/th>
<\/tr>
<\/thead>


手动Webpack+补环境<\/td>
高<\/td>
~6万行<\/td>
需要完整环境<\/td>
<\/tr>

自动扣Webpack模块<\/td>
中<\/td>
~6万行<\/td>
多JS文件模块<\/td>
<\/tr>

算法还原<\/td>
高<\/td>
~70行<\/td>
追求简洁<\/td>
<\/tr>

八爪鱼采集<\/td>
低<\/td>
无<\/td>
无编程基础<\/td>
<\/tr>
<\/tbody>
<\/table>
选择方案时应根据自身技术水平和需求场景决定。对于初学者推荐从算法还原开始尝试，有经验者可选择Webpack方案获取更完整的功能。<\/p>

方案<\/th>	难度<\/th>	代码量<\/th>	适用场景<\/th> <\/tr> <\/thead>
手动Webpack+补环境<\/td>	高<\/td>	~6万行<\/td>	需要完整环境<\/td> <\/tr>
自动扣Webpack模块<\/td>	中<\/td>	~6万行<\/td>	多JS文件模块<\/td> <\/tr>
算法还原<\/td>	高<\/td>	~70行<\/td>	追求简洁<\/td> <\/tr>
八爪鱼采集<\/td>	低<\/td>	无<\/td>	无编程基础<\/td> <\/tr> <\/tbody> <\/table> 选择方案时应根据自身技术水平和需求场景决定。对于初学者推荐从算法还原开始尝试，有经验者可选择Webpack方案获取更完整的功能。<\/p>

某点数据逆向分析教学文档<\/h1>

前言<\/h2> 本文详细分析某点数据排行榜接口的逆向过程，提供3种解决方案：手动Webpack+补环境、自动扣Webpack模块和算法还原。目标接口为aHR0cHM6Ly9hcHAuZGlhbmRpYW4uY29tL3JhbmsvaW9zLw==<\/code>（Base64解码后为某点数据排行榜地址）。<\/p>

逆向过程<\/h2>

解决方案<\/h2>

方案1：手动Webpack+补环境<\/h3>

方案2：自动扣Webpack模块<\/h3>

方案3：算法还原<\/h3>

完整实现<\/h4> 约70行代码即可完成k参数生成，相比Webpack方案更简洁。<\/p>

八爪鱼采集方案（无代码方案）<\/h2>

前言<\/h2>
本文详细分析某点数据排行榜接口的逆向过程，提供3种解决方案：手动Webpack+补环境、自动扣Webpack模块和算法还原。目标接口为`aHR0cHM6Ly9hcHAuZGlhbmRpYW4uY29tL3JhbmsvaW9zLw==<\/code>（Base64解码后为某点数据排行榜地址）。<\/p>`

完整实现<\/h4>
约70行代码即可完成k参数生成，相比Webpack方案更简洁。<\/p>