码上爬 第10题
本题主要就是获取xooo(),
https://7259.cloudns.ch/tools/ob/,ob反混淆
通过kimi将这个JS方法转为PHP
<?php
$headers[] = 'Cookie:sessionid=acnti2em752v7l48qa9av21r69td509r;';
$sums = 0;
for ($page=5;$page<=20;$page++){
$testString = "/api/problem-detail/10/data/?page={$page}b|s|b|s|b|s|b|s|b|l";
$t = sha256(xooo($testString));
//echo $t;
$url = "https://mashangpa.com/api/problem-detail/10/data/?page={$page}&t={$t}";
//echo $url;echo PHP_EOL;
$code = get_curl_contents($url,$headers);
$json = json_decode($code,true);
echo $page;echo $code;echo '<br><br>';
$sum = 0;
foreach($json['current_array'] as $v){
$sum +=$v;
}
$sums += $sum;
}
echo $sums;
function get_curl_contents($bstrURL, $headers = null, $post = null) {
$ch = curl_init($bstrURL);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
if ($headers) {
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
}
if ($post) {
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
}
$data = curl_exec($ch);
// 关闭CURL会话
curl_close($ch);
return $data;
}
function get_total_millisecond() {
$time = explode(" ", microtime());
$time = ($time[1] + $time[0]) * 1000;
$time = round($time) . '';
return $time;
}
function padPkcs7($data, $blocksize = 16){
$pad = $blocksize - (strlen($data) % $blocksize);
return $data . str_repeat(chr($pad), $pad);
}
function xooo($str) {
$hexChars = '0123456789abcdef';
// 辅助函数:将整数转换为十六进制字符串
$toHex = function($n) use ($hexChars) {
$result = '';
for ($i = 0; $i < 4; $i++) {
$val = ($n >> (8 * $i)) & 0xff;
$result .= $hexChars[($val >> 4) & 0x0f] . $hexChars[$val & 0x0f];
}
return $result;
};
// 字符串预处理
$str = preg_replace('/\\\\r\\\\n/', "\\n", $str);
$processed = '';
$len = strlen($str);
for ($i = 0; $i < $len; $i++) {
$c = ord($str[$i]);
if ($c < 0x80) {
$processed .= chr($c);
} else {
if ($c > 0x7f && $c < 0x800) {
$processed .= chr(($c >> 6) | 0xc0);
} else {
$processed .= chr(($c >> 12) | 0xe0);
$processed .= chr((($c >> 6) & 0x3f) | 0x80);
}
$processed .= chr(($c & 0x3f) | 0x80);
}
}
$str = $processed;
// 数据填充
$len = strlen($str);
$newLen = $len + 8;
$blockCount = (int)(($newLen - ($newLen % 64)) / 64) + 1;
$blocks = array_fill(0, $blockCount * 16 - 1, 0);
$i = 0;
while ($i < $len) {
$blockIdx = (int)(($i - ($i % 4)) / 4);
$shift = ($i % 4) * 8;
$blocks[$blockIdx] |= ord($str[$i]) << $shift;
$i++;
}
$blockIdx = (int)(($i - ($i % 4)) / 4);
$blocks[$blockIdx] |= 0x80 << ($i % 4) * 8;
$blocks[$blockCount * 16 - 2] = $len << 3;
$blocks[$blockCount * 16 - 1] = $len >> 29;
// 初始化变量
$a = 0x10325476;
$b = 0x98badcfe;
$c = 0xefcdab89;
$d = 0x67452301;
// 辅助函数
$h = function($x, $y) {
$x80000000 = $x & 0x80000000;
$y80000000 = $y & 0x80000000;
$x40000000 = $x & 0x40000000;
$y40000000 = $y & 0x40000000;
$sum = ($x & 0x3fffffff) + ($y & 0x3fffffff);
if (($x40000000 & $y40000000) != 0) {
return $sum ^ 0x80000000 ^ $x80000000 ^ $y80000000;
} elseif (($x40000000 | $y40000000) != 0) {
if (($sum & 0x40000000) != 0) {
return $sum ^ 0xc0000000 ^ $x80000000 ^ $y80000000;
} else {
return $sum ^ 0x40000000 ^ $x80000000 ^ $y80000000;
}
} else {
return $sum ^ $x80000000 ^ $y80000000;
}
};
$k = function($a, $b, $c, $d, $x, $s, $t) use ($h) {
$temp = $h($a, $h($h(($b & $c) | (~$b & $d), $x), $t));
return $h((($temp << $s) | ($temp >> (32 - $s))) & 0xffffffff, $b);
};
$l = function($a, $b, $c, $d, $x, $s, $t) use ($h) {
$temp = $h($a, $h($h(($b & $d) | ($c & ~$d), $x), $t));
return $h((($temp << $s) | ($temp >> (32 - $s))) & 0xffffffff, $b);
};
$m = function($a, $b, $c, $d, $x, $s, $t) use ($h) {
$temp = $h($a, $h($h($b ^ $c ^ $d, $x), $t));
return $h((($temp << $s) | ($temp >> (32 - $s))) & 0xffffffff, $b);
};
$n = function($a, $b, $c, $d, $x, $s, $t) use ($h) {
$temp = $h($a, $h($h($c ^ ($b | ~$d), $x), $t));
return $h((($temp << $s) | ($temp >> (32 - $s))) & 0xffffffff, $b);
};
// 主循环
for ($i = 0; $i < count($blocks); $i += 16) {
$aa = $a;
$bb = $b;
$cc = $c;
$dd = $d;
// 第一轮
$a = $k($a, $b, $c, $d, $blocks[$i+0], 7, 0xd76aa478);
$d = $k($d, $a, $b, $c, $blocks[$i+1], 12, 0xe8c7b756);
$c = $k($c, $d, $a, $b, $blocks[$i+2], 17, 0x242070db);
$b = $k($b, $c, $d, $a, $blocks[$i+3], 22, 0xc1bdceee);
$a = $k($a, $b, $c, $d, $blocks[$i+4], 7, 0xf57c0faf);
$d = $k($d, $a, $b, $c, $blocks[$i+5], 12, 0x4787c62a);
$c = $k($c, $d, $a, $b, $blocks[$i+6], 17, 0xa8304613);
$b = $k($b, $c, $d, $a, $blocks[$i+7], 22, 0xfd469501);
$a = $k($a, $b, $c, $d, $blocks[$i+8], 7, 0x698098d8);
$d = $k($d, $a, $b, $c, $blocks[$i+9], 12, 0x8b44f7af);
$c = $k($c, $d, $a, $b, $blocks[$i+10], 17, 0xffff5bb1);
$b = $k($b, $c, $d, $a, $blocks[$i+11], 22, 0x895cd7be);
$a = $k($a, $b, $c, $d, $blocks[$i+12], 7, 0x6b901122);
$d = $k($d, $a, $b, $c, $blocks[$i+13], 12, 0xfd987193);
$c = $k($c, $d, $a, $b, $blocks[$i+14], 17, 0xa679438e);
$b = $k($b, $c, $d, $a, $blocks[$i+15], 22, 0x49b40821);
// 第二轮
$a = $l($a, $b, $c, $d, $blocks[$i+1], 5, 0xf61e2562);
$d = $l($d, $a, $b, $c, $blocks[$i+6], 9, 0xc040b340);
$c = $l($c, $d, $a, $b, $blocks[$i+11], 14, 0x265e5a51);
$b = $l($b, $c, $d, $a, $blocks[$i+0], 20, 0xe9b6c7aa);
$a = $l($a, $b, $c, $d, $blocks[$i+5], 5, 0xd62f105d);
$d = $l($d, $a, $b, $c, $blocks[$i+10], 9, 0x2441453);
$c = $l($c, $d, $a, $b, $blocks[$i+15], 14, 0xd8a1e681);
$b = $l($b, $c, $d, $a, $blocks[$i+4], 20, 0xe7d3fbc8);
$a = $l($a, $b, $c, $d, $blocks[$i+9], 5, 0x21e1cde6);
$d = $l($d, $a, $b, $c, $blocks[$i+14], 9, 0xc33707d6);
$c = $l($c, $d, $a, $b, $blocks[$i+3], 14, 0xf4d50d87);
$b = $l($b, $c, $d, $a, $blocks[$i+8], 20, 0x455a14ed);
$a = $l($a, $b, $c, $d, $blocks[$i+13], 5, 0xa9e3e905);
$d = $l($d, $a, $b, $c, $blocks[$i+2], 9, 0xfcefa3f8);
$c = $l($c, $d, $a, $b, $blocks[$i+7], 14, 0x676f02d9);
$b = $l($b, $c, $d, $a, $blocks[$i+12], 20, 0x8d2a4c8a);
// 第三轮
$a = $m($a, $b, $c, $d, $blocks[$i+5], 4, 0xfffa3942);
$d = $m($d, $a, $b, $c, $blocks[$i+8], 11, 0x8771f681);
$c = $m($c, $d, $a, $b, $blocks[$i+11], 16, 0x6d9d6122);
$b = $m($b, $c, $d, $a, $blocks[$i+14], 23, 0xfde5380c);
$a = $m($a, $b, $c, $d, $blocks[$i+1], 4, 0xa4beea44);
$d = $m($d, $a, $b, $c, $blocks[$i+4], 11, 0x4bdecfa9);
$c = $m($c, $d, $a, $b, $blocks[$i+7], 16, 0xf6bb4b60);
$b = $m($b, $c, $d, $a, $blocks[$i+10], 23, 0xbebfbc70);
$a = $m($a, $b, $c, $d, $blocks[$i+13], 4, 0x289b7ec6);
$d = $m($d, $a, $b, $c, $blocks[$i+0], 11, 0xeaa127fa);
$c = $m($c, $d, $a, $b, $blocks[$i+3], 16, 0xd4ef3085);
$b = $m($b, $c, $d, $a, $blocks[$i+6], 23, 0x4881d05);
$a = $m($a, $b, $c, $d, $blocks[$i+9], 4, 0xd9d4d039);
$d = $m($d, $a, $b, $c, $blocks[$i+12], 11, 0xe6db99e5);
$c = $m($c, $d, $a, $b, $blocks[$i+15], 16, 0x1fa27cf8);
$b = $m($b, $c, $d, $a, $blocks[$i+2], 23, 0xc4ac5665);
// 第四轮
$a = $n($a, $b, $c, $d, $blocks[$i+0], 6, 0xf4292244);
$d = $n($d, $a, $b, $c, $blocks[$i+7], 10, 0x432aff97);
$c = $n($c, $d, $a, $b, $blocks[$i+14], 15, 0xab9423a7);
$b = $n($b, $c, $d, $a, $blocks[$i+5], 21, 0xfc93a039);
$a = $n($a, $b, $c, $d, $blocks[$i+12], 6, 0x655b59c3);
$d = $n($d, $a, $b, $c, $blocks[$i+3], 10, 0x8f0ccc92);
$c = $n($c, $d, $a, $b, $blocks[$i+10], 15, 0xffeff47d);
$b = $n($b, $c, $d, $a, $blocks[$i+1], 21, 0x85845dd1);
$a = $n($a, $b, $c, $d, $blocks[$i+8], 6, 0x6fa87e4f);
$d = $n($d, $a, $b, $c, $blocks[$i+15], 10, 0xfe2ce6e0);
$c = $n($c, $d, $a, $b, $blocks[$i+6], 15, 0xa3014314);
$b = $n($b, $c, $d, $a, $blocks[$i+13], 21, 0x4e0811a1);
$a = $n($a, $b, $c, $d, $blocks[$i+4], 6, 0xf7537e82);
$d = $n($d, $a, $b, $c, $blocks[$i+11], 10, 0xbd3af235);
$c = $n($c, $d, $a, $b, $blocks[$i+2], 15, 0x2ad7d2bb);
$b = $n($b, $c, $d, $a, $blocks[$i+9], 21, 0xeb86d391);
// 累加结果
$a = $h($a, $aa);
$b = $h($b, $bb);
$c = $h($c, $cc);
$d = $h($d, $dd);
}
// 转换为十六进制并返回
return strtolower($toHex($a) . $toHex($b) . $toHex($c) . $toHex($d));
}
// 测试
//$testString = '/api/problem-detail/10/data/?page=5b|s|b|s|b|s|b|s|b|l';
//echo xooo($testString);
/*
* 以下代码实现PHP sha256() sha256_file() sha512() sha512_file() PHP 5.1.2+完美兼容
* @param string $data 要计算散列值的字符串
* @param boolean $rawOutput 为true时返回原始二进制数据,否则返回字符串
* @param string file 要计算散列值的文件名,可以是单独的文件名,也可以包含路径,绝对路径相对路径都可以
* @return boolean | string 参数无效或者文件不存在或者文件不可读时返回false,计算成功则返回对应的散列值
* @notes 使用示例 sha256('mrdede.com') sha512('mrdede.com') sha256_file('index.php') sha512_file('index.php')
*/
/* PHP sha256() */
function sha256($data, $rawOutput=false){
if(!is_scalar($data)){
return false;
}
$data = (string)$data;
$rawOutput = !!$rawOutput;
return hash('sha256', $data, $rawOutput);
}
/* PHP sha256_file() */
function sha256_file($file, $rawOutput=false){
if(!is_scalar($file)){
return false;
}
$file = (string)$file;
if(!is_file($file) || !is_readable($file)){
return false;
}
$rawOutput = !!$rawOutput;
return hash_file('sha256', $file, $rawOutput);
}
/* PHP sha512() */
function sha512($data, $rawOutput=false){
if(!is_scalar($data)){
return false;
}
$data = (string)$data;
$rawOutput = !!$rawOutput;
return hash('sha512', $data, $rawOutput);
}
/* PHP sha512_file()*/
function sha512_file($file, $rawOutput=false){
if(!is_scalar($file)){
return false;
}
$file = (string)$file;
if(!is_file($file) || !is_readable($file)){
return false;
}
$rawOutput = !!$rawOutput;
return hash_file('sha512', $file, $rawOutput);
}
?>