微博热搜时光机逆向(js逆向）

首先网络里选择日期，观察出现的包

可以看到文本是一个加密的

搜索decrypt，随便找一个刷新一下

加个断点之后，看一下堆栈，往下找
可以看到这里面大致就是加密逻辑


扣出来的js代码

var CryptoJS = require('crypto-js');
let s = CryptoJS.SHA1(CryptoJS.enc.Utf8.parse("tSdGtmwh49BcR1irt18mxG41dGsBuGKS"))
          , a = CryptoJS.enc.Hex.parse(s.toString(CryptoJS.enc.Hex).substr(0, 32));
function h(t) {
            let e = (i = t = String(t),
            o = CryptoJS.enc.Base64.parse(i),
            r = a,
            CryptoJS.AES.decrypt({
                ciphertext: o
            }, r, {
                mode: CryptoJS.mode.ECB,
                padding: CryptoJS.pad.Pkcs7
            }).toString(CryptoJS.enc.Utf8));
            var i, o, r;
            return JSON.parse(e)
        }

function main(t){
    return h(t)
}
//源代码处理一遍之后才能进入t，需要对t进行处理

py code

import requests
import execjs
# 发送请求
headers = {
    "accept": "*/*",
    "accept-language": "zh-CN,zh;q=0.9,oc;q=0.8",
    "cache-control": "no-cache",
    "origin": "https://www.weibotop.cn",
    "pragma": "no-cache",
    "priority": "u=1, i",
    "referer": "https://www.weibotop.cn/",
    "sec-ch-ua": "\"Not A(Brand\";v=\"8\", \"Chromium\";v=\"132\", \"Google Chrome\";v=\"132\"",
    "sec-ch-ua-mobile": "?0",
    "sec-ch-ua-platform": "\"Windows\"",
    "sec-fetch-dest": "empty",
    "sec-fetch-mode": "cors",
    "sec-fetch-site": "same-site",
    "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36"
}
url = "https://api.weibotop.cn/currentitems"
params = {
    "timeid": "B8V2zFYlt3VMPuhu9HARLQ=="
}
response = requests.get(url, headers=headers, params=params)
print(response.text)
try:
    # 将 encoding 改为 'gbk'
    result = execjs.compile(open("时光机.js", 'r', encoding='utf-8').read()).call("main", response.text)
except Exception as e:
    result = "时光机出错了，请稍后再试"
    print(result)
    print(f"错误详情: {e}")