z 发布的文章 - hliang的个人博客

首页关于

1 pyinstaller打包小记 213 阅读 2 经典的execjs打开js编码错误 197 阅读 3 screen 188 阅读 4 linux pyenv+nvm nodejs 175 阅读 5 gif验证码识别 125 阅读

javascript python spider app逆向 other

登录 / 注册

标签搜索

逆向
opencv

hliang

累计撰写 25 篇文章
累计收到 31 条评论

首页
栏目
- javascript
- python
- spider
- app逆向
- other
页面
- 关于

搜索到 25 篇与的结果

2022-01-03
frida使用查看cpu架构adb shell getprop ro.product.cpu.abi 下载手机的frida服务：https://github.com/frida/frida/releasesadb push ./frida-server-15.1.14-android-arm64 /data/local/tmp启动服务adb shell su //然后手机给root权限 cd /data/local/tmp chmod 777 ./frida-server-15.1.14-android-arm64 ./frida-server-15.1.14-android-arm64 端口转发adb forward tcp:27042 tcp:27042adb forward tcp:27043 tcp:27043frida hook小例子 server版本15以后不是用包名了是用进程名，这里要注意一下不然会报错frida.ProcessNotFoundError：unable to find process with nameimport frida,sys def on_message(message, data): if message['type'] == 'send': print("???") print("[*] {0}".format(message['payload'])) else: print(message) test = ''' Java.perform( function (){ console.log("11111") var MainActivity=Java.use('com.example.seccon2015.rock_paper_scissors.MainActivity') MainActivity.onClick.implementation=function (v){ this.onClick(v) this.n.value=2 this.m.value=1 console.log("m",this.m.value) console.log("n",this.n.value) } /*var TT=Java.use('com.example.seccon2015.rock_paper_scissors.MainActivity$1') TT.run.implementation=function (){ console.log("123123") //this.this$0.value.m.value=1 //this.this$0.value.n.vlaue=2 this.run() }*/ } ) ''' fv= frida.get_usb_device(-1) #获取在前台运行的APP 这样就不需要每次去改 front_app = fv.get_frontmost_application() print("===正在运行的应用为：", front_app) # process =fv.attach(front_app.pid)#frida版本15之后这里传进程名或者进程id script = process.create_script(test_sig) script.on('message', on_message) script.load() sys.stdin.read() ##启动方式2 spawn 重启APP 可以hook APP启动阶段 # device = frida.get_usb_device(-1) # pid = device.spawn([front_app.identifier])#这里包名 # process = device.attach(pid) # script = process.create_script(test_sig) # script.on('message', on_message) # script.load() # device.resume(pid) # sys.stdin.read()内部类访问外部类名写法：this.this$0.value."外部类名".vlaue=2
- 2022年01月03日
- 90 阅读
- 0 评论
- 1 点赞
2021-12-23
爬取数据的优化与另类技巧优化：爬虫访问一个url 比如小红书[https://www.baidu.com]这其中进行的操作会有：分发cdn 网络域名解析ip 其中域名解析IP可能需要几十上百毫秒每次如果我们拿它的IP直接访问每次就可以节省这个时间ping www.baidu.com 得到 14.215.177.39 访问这个IP就和直接访问域名一样（这个有些网站不适用有的限制不允许这样）关于分发的cdn服务器有的IP拉黑可能是在cdn上的然后一个网站可能有很多个cdn 服务器一个IP黑了可以再访问下其他cdn的节点看能不能爬这样可以实现IP利用率最大华推荐一个检测cdn IP的网站：https://www.17ce.com/ 站点也分3个pc端,m端,app端网站可能也有sitemap有的话可以访问它得到某些好用的数据网站扫描有的可能有测试站点，扫描一下它的子域名看看有没有啥好东东
- 2021年12月23日
- 40 阅读
- 0 评论
- 0 点赞
2021-12-13
OpenCV笔记之阈值(二值化)处理一共有5个方法• cv2.THRESH_BINARY（超过阈值部分取最大值, 如超过了阈值127变为255）• cv2.THRESH_BINARY_INV（反转上面的，可以理解为上面的颜色反转）• cv2.THRESH_TRUNC （截断，大于阈值部分设置阈值，比如大于127的就设置为127）• cv2.THRESH_TOZERO (大于阈值部分保持不变，小于等于阈值的全为0)• cv2.THRESH_TOZERO_INV（反转上面的,小于阈值不变，大于等于阈值为0）ret,thresh1 = cv2.threshold(gray,127,255,cv2.THRESH_BINARY) ret,thresh2 = cv2.threshold(gray,127,255,cv2.THRESH_BINARY_INV) ret,thresh3 = cv2.threshold(gray,127,255,cv2.THRESH_TRUNC) ret,thresh4 = cv2.threshold(gray,127,255,cv2.THRESH_TOZERO) ret,thresh5 = cv2.threshold(gray,127,255,cv2.THRESH_TOZERO_INV)from matplotlib import pyplot as plt #thresh1在上面 titles = ['BINARY','BINARY_INV','TRUNC','TOZERO','TOZERO_INV'] images = [thresh1, thresh2, thresh3, thresh4, thresh5] for i in range(5): plt.subplot(2, 3, i+1) plt.imshow(images[i]) plt.title(titles[i]) plt.show() 滤波：#均值滤波对一个3*3的像素颜色进行平均化 img=cv2.blur(img,(3,3)) #方框滤波和均值滤波基本一样，-1是固定写法(颜色通道),normalize是处理像素颜色加起来不会越界 #不做处理的话越界大于255就会用255来处理 img2=cv2.boxFilter(img,-1,(3,3),normalize=True) #高斯滤波的卷积核里的数值是满足高斯分布，相当于更重视中间的 img3=cv2.GaussianBlur(img,(3,3),1) # cv_show(img3) #中值滤波取3*3范围内的中间数 img4=cv2.medianBlur(img,3)
- 2021年12月13日
- 26 阅读
- 2 评论
- 0 点赞
2021-12-07
python加密库Crypto AES和rsa 先安装Cryptopip install pycryptodome演示mode模式为ecb的key要16位或者key和data都要byte类型import base64 from Crypto.Cipher import AES from Crypto.Util.Padding import pad def encrypt_data(text): cry = AES.new(key=("227V2xYeHTARSh1R").encode("utf-8"), mode=AES.MODE_ECB) res=(cry.encrypt(pad(text.encode("utf-8"),AES.block_size, style='pkcs7'))) print(base64.b64encode(res).decode("utf-8")) def decrypt_data(text): key = ("aiding6666666666").encode("utf-8") cry = AES.new(key=key, mode=AES.MODE_ECB) result = str(cry.decrypt(base64.b64decode(text)),"utf-8") return resultAes key长度不固定加密实现-库推荐-aes-everywhere安装pip install aes-everywhere用法 from AesEverywhere import aes256 # encryption encrypted = aes256.encrypt('TEXT', 'key') print(encrypted) # decryption print(aes256.decrypt(encrypted, 'key'))rsafrom Crypto.PublicKey import RSA from Crypto.Cipher import PKCS1_v1_5 as Cipher_pkcs1_v1_5 pk="-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEAy5R1R2yM5jPPvkO2F47qVqMkYj7o92DF8y1yMkCSxY1WwqG0\ndCdUZTnaoBuAz99wGt55oGLcdalV71nPUiGWs/b6GzVN5v72baz/Q2OxHtkrFKqL\nVX16LW31cW9hAntN84RCbvTeB0MNV+SHmXjIf17OQLCtDKHBZWZ5NKyqFstO+KOd\nu32d2jsw+DT5lOBzDUBk/wUw2KyFJVx7eK6sSXEyWqBk2nxMRDNYixIEN1V1EBSq\nf+OwKK5Mxi04r38+Qog8z03/t/u6CfAOWVmi+MdrD1VHXv/P7bnFlgRcLzKwK1QL\nTSLBE1PrMmNNj0oRjByhMoI9tY5X6mRBqLyDhwIDAQABAoIBAGO++RmGO6D9CNAJ\n4Bm52eKaK5UBiubOIR8NiNLLZb5qinRxg3eX35d7Wb2xzBLNwOFBWSl21trFncfY\n4qY0s+C4ZYHYQ7Om/7nsFeQAYAOj1yJYj01TXf4NTsGGF2t+W8qxZlV0H6dCOLL0\nU2YkUmRp4Le8eQVj6dyTcVaYNPxWQBnb9ZOEIEvEjeoO/DD7CCmt7LDCey9KrTQl\nAvuc2nN6uRV1Wfm0P8conKPJtVdgzMvJujNdpz+bBDqwsqgeCICjs/hSCNO81VH3\nDD7J0mG2OHqowOVqagoDHpBprHOUKxAeTs9I0KEL+hEI4zXCDL69+Xs6azuts733\nzSOmwxkCgYEA25czfPVxxcK685LhaAvwbmzWHqNp07ytRNGf+Aww6OdgWkdgPy0n\n20Gkg0HAqsxGcgZJk6cAkOy5hBLNHpHlGbeWFi+62lVNYUv3hAxumtiPyBMu7avE\nZQCTXND1H1f/2enRDJRxQsR8y/SX1ivmC5U6fx7hbpKxnXyRHnvSlk8CgYEA7VWp\nhLNkn4AEaPPW0TknwKG40At/hjecX2zWAyZVt4ydDSeKgMEOUdmvGGlSCrefAl0n\nPTfM9SdIDcO5OTa2wUayKLIsrb6TDnG6KXXN6z3HR3Q4qKJbG83eaMYDqqziPPV+\nxzRVWShI3EGwkLczASmiYy+sEAT0OkxP59xTKUkCgYBgaGjFkukJfy4fJDxsNtmv\nUX9MYkhjGrIjxbjq6UdL6dGGsVGTSxr1i0NUETkqg5bmFtaUybxY5GWqk6qUok8o\nVE7DnN73Xn4jmnun8OFagHvXxnxTApeuFGueU2tbAIKmxJ3wXPfA7Y0w6kkDUbCl\nIzZUe1VT+3mZgAgijxBsxwKBgQDNytiJ62/V6hBo3P6pPtEcdF6nb0DtpazfBaVw\n572twaywqlermzsKeCIenbx49I1ZZGLQ72C2NpCA9vTWCn5fiyiSpyScp0ImZTDS\nIIckctYoPDug5d7wdgtjeEfXp78osopyuwtCmu7Kpd8vLNt6J5raPI0K+vC22FL1\nLpOhmQKBgQCFeU448fL87N1MjMyusi8wJ5MLcn+kHbLTtpskTpfQM2p3Cnp4oL+7\nBI4AlXlKItV37rJIjZxQgLWhGoTZPplZaW4ooJCFJbazce5ua5fnsFS0oXhDN7uw\njaq+v5t8G6gFS09hEa4kz9O53t/7UGuQqh0Bxb0cJ9iNeAlhagvBDQ==\n-----END RSA PRIVATE KEY-----" # rsa长加密 def rsa_long_encrypt(msg, pub_key_str, length=100): """ 单次加密串的长度最大为 (key_size/8)-11 1024bit的证书用100， 2048bit的证书用 200 """ pubobj = RSA.importKey(pub_key_str) pubobj = Cipher_pkcs1_v1_5.new(pubobj) res = [] for i in range(0, len(msg), length): res.append( str( base64.b64encode(pubobj.encrypt( msg[i:i + length].encode(encoding="utf-8"))), 'utf-8' ) ) return "".join(res) if __name__ == '__main__': str1='{"currency":"USD","departureDate":"2022-09-01","daysBeforeDeparture":0,"daysAfterDeparture":0,"departurePlace":"BKK","arrival":"FUK","oneway":1,"adultCount":1,"childCount":0,"infantCount":0,"returnDate":"","requestId":"1GOL7USNECUC-1660567920922","sessionId":"","_signature":"d5f6afe8c65d58543e3baf55518939a4c4d509ae2d6ee97a74f0d7059f9b9416"}' pubkey = '-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAok58IrYXjeFjb6hPgrcv\nKis43ARDVIqowS2AJKivDp4+8uKDCWnjzBZTsuVvwKPzvVCxBzON2/DPpHU3wnRt\ndKSVzWju7HMKhuLxe04FsVw8+xvZTmguBj4jTczNLSLjK13lQr46J8j7JrmVUlPq\nGxIL/Bd3HNAIFuarZQkDsgx5fvdNrMbmT4edr1b3A8wRkhfo9tuE5Tmlx0YVUwyb\nzcI6hgLggCfNwwaClXyBt08NbGSIBcKYKjiQErND0EOnWcGyto7EhkpgGRfAeESo\n3hbmsiabThLd4t9iOWVHFSl+7B0q+1IGFjSo9qkvNdMUI4ZYdIKq+nCHufpuFMl7\nSwIDAQAB\n-----END PUBLIC KEY-----' print(str1) cipher_text = rsa_long_encrypt(str1,pubkey) print(cipher_text) # rsa长解密 def rsa_long_decrypt(msg,priv_key_str, length=172): """ 1024bit的证书用128，2048bit证书用256位 """ privobj = RSA.importKey(priv_key_str) privobj = Cipher_pkcs1_v1_5.new(privobj) res = [] for i in range(0, len(msg), length): res.append( str( privobj.decrypt( base64.b64decode(msg[i:i + length]) , 'xyz'), 'utf-8' ) ) print(res) return "".join(res) # 解密 def rsaDecrypt(text): decodeStr = base64.b64decode(text) # cipher_text是上面rsa加密的内容 prikey = Cipher_pkcs1_v1_5.new(RSA.importKey(pk)) encry_text = prikey.decrypt(decodeStr, b'rsa') encry_value = encry_text.decode('utf8') print(encry_value)
- 2021年12月07日
- 18 阅读
- 0 评论
- 0 点赞
2021-11-10
逆向之TLS指纹大概过tls的思路1.最主要的设置requests tls指纹 requests.packages.urllib3.util.ssl_.DEFAULT_CIPHERS2.看发tls带了啥，一般有 http1.1和User-Agent 有的要弄上这两个有的没检测这requests发的tls默认写http1.0 要改源码为1.1教程：先用fd抓包，看每次发请求前都有一个Tunnel,甚至还有一把小锁的图标点进来看写的version 3.3(TLS/1.2) 这个就是了先搞TLS指纹吧图中的Ciphers就是指纹key 但是这个是假的用小鲨鱼 wireshark抓包点Client Hello然后Cipher Suites里面的Cipher Suite 显示有16个第一个去掉，复制后面15个就行了复制先备用打开官方的密码表网址：https://www.openssl.org/docs/man1.1.1/man1/openssl-ciphers.html循环搜索你复制的N个 Cipher Suite 然后再把右边的value粘贴下来如图只要右边的最后以value:value:... 拼凑成一串再在python里import requests.packages.urllib3.util.ssl_ requests.packages.urllib3.util.ssl_.DEFAULT_CIPHERS = "TLS_AES_128_GCM_SHA256:xxx:xxx:xxx" #xxx粘贴你自己弄的那些第一步就完事了可以尝试下能跑吗不能就继续第二步右边的CONNECT 网址 HTTP1.1 和Headers{Connecton User-Agent} 都弄上位置在源码 python/Lib/http/client.py//可以在python里直接写这个 import http.client http.client.HTTPConnection //然后ctrl+鼠标左键单击HTTPConnection 跳转到源码位置 //第886行的这个函数->_tunnel(self) //改成下面这样 headres按需扩展 def _tunnel(self): connect_str = "CONNECT %s:%d HTTP/1.1\r\n" % (self._tunnel_host, self._tunnel_port) connect_bytes = connect_str.encode("ascii") self.send(connect_bytes) self._tunnel_headers={ "Connection":"keep-alive", "User-Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.71 Safari/537.36" } for header, value in self._tunnel_headers.items(): header_str = "%s: %s\r\n" % (header, value) header_bytes = header_str.encode("latin-1") self.send(header_bytes) self.send(b'\r\n')改完了记得把import源码那个删除掉可以了，不写了，该干饭了
- 2021年11月10日
- 22 阅读
- 1 评论
- 0 点赞

1
...
3
4
5

hliang

25 文章数

31 评论量

2020 - 2023 ©