小红书x-s参数逆向解析(第二期)【X-s参数补环境】

原创 已于 2025-03-15 23:05:12 修改 · 5.4k 阅读 · 35
标签
#android
于 2025-03-15 23:02:56 首次发布
该文章已生成可运行项目,

开发板推荐:天空星STM32F407VET6开发板

超高性价比 STM32主控 | 超高主频 | 一板兼容百芯 | 比赛神器 | 沉金彩色丝印

点击查看

往期回归

承接上一期内容,我们已经成功定位到 x-s 参数的加密入口。经过探索发现,该参数是通过调用 window._webmsxyw 函数进行加密处理后生成的,而这个加密后的结果正是我们所需要的 x-s 参数。

补环境过程

通过调试与分析,我们步入了 v(即 window._webmsxyw)函数的内部逻辑。在这个过程中,我们发现 JavaScript 的加密逻辑被封装在一个名为 04b29480233f4def5c875875b6bdc3b1.js 的文件里。

这个加密文件对于我们获取准确的 x - s 参数至关重要。为了能够在本地环境中复现其加密过程,我们需要将整个 04b29480233f4def5c875875b6bdc3b1.js 文件的代码提取出来。在提取时,要确保代码的完整性,避免遗漏任何关键的加密逻辑或辅助函数。

然而,仅仅扣下代码文件还不足以让其在本地环境中正常运行。由于该加密代码通常是在特定的浏览器环境或者服务器环境中编写和运行的,它依赖于许多环境变量和全局对象。所以,我们需要对其进行补环境操作。补环境的工作包括模拟浏览器的全局对象,像 windowdocumentnavigator 等;

调用代码如下

p = '/api/sns/web/v1/homefeed'
u = {
  'cursor_score': '1.7416781639690022E9',
  'num': 31,
  'refresh_type': 3,
  'note_index': 200,
  'unread_begin_note_id': '',
  'unread_end_note_id': '',
  'unread_note_count': 0,
  'category': 'homefeed_recommend',
  'search_key': '',
  'need_num': 6,
  'image_formats': [
    'jpg',
    'webp',
    'avif',
  ],
  'need_filter_image': false,
}
a = window._webmsxyw(p, u)
function getXs(api, params) {
  return window._webmsxyw(api, params)
}

补上基础的环境,并挂上proxy代理


window = global
window.Buffer = Buffer
delete global
delete Buffer
document = {}
location = {}
navigator = {}
history = {}
screen = {}
let setProxyArr = function (proxyObjArr) {
  for (let i = 0; i < proxyObjArr.length; i++) {
    const handler = `{
    get:function(target,property,receiver){
    console.log("方法:","get","对象","${proxyObjArr[i]}","属性:",
property,"属性类型:",typeof property,"属性值:",target[property],"属性值类型:",typeof target[property]);
return Reflect.get(...arguments)
debugger
    },
    set:function(target,property,value,receiver){
    console.log("方法:","set","对象:","${proxyObjArr[i]}","属性:",
property,"属性类型:",typeof property,"属性值:",value,"属性值类型:",typeof target[property]);
    return Reflect.set(...arguments);
    }
  }`;
    eval(`try{
        ${proxyObjArr[i]};
        ${proxyObjArr[i]} = new Proxy(${proxyObjArr[i]},${handler});
        } catch (e){
         ${proxyObjArr[i]} = {};
         ${proxyObjArr[i]} = new Proxy(${proxyObjArr[i]},${handler});
         }`);
  }
}

setProxyArr(['window', 'document'])

运行并查看控制台信息,发现调用了window.toString以及document.createElement

我们补上window.toStirng方法以及document.createElement方法

window.toString = function () { return '[object Window]' }
document = {
  createElement: function (arg) { console.log('document.createElement===>' + arg) }
}

再次运行并观察控制台,发现缺少了documentElement属性

documetElement是一个Element对象,我们在document对象中再补上一个对象,并给这个对象挂上代理

const handler = {
  get: function (target, property, receiver) {
    if (property !== 'isNaN' && property !== 'encodeURI' && property !== "Uint8Array" && property !== 'undefined' && property !== 'JSON') {
      console.log("方法:", "get", "对象", target, "属性:",
        property, "属性类型:", typeof property, "属性值:", target[property], "属性值类型:", typeof target[property]);
    }
    debugger;
    return Reflect.get(...arguments)

  },
  set: function (target, property, value, receiver) {
    console.log("方法:", "set", "对象:", target, "属性:",
      property, "属性类型:", typeof property, "属性值:", value, "属性值类型:", typeof target[property]);
    return Reflect.set(...arguments);
  }
}
class HTMLElement {

}
document = {
  createElement: function (arg) { console.log('document.createElement===>' + arg) },
  documentElement: new Proxy(new HTMLElement(), handler)
}

再次运行

发现createElement方法返回的对象中缺少了一个getContext方法,我们把它补上并挂上代理

class HTMLCanvasElement {
  getContext(arg) { console.log("HTMLCanvasElement.getContext===>" + arg) }
}
document = {
  createElement: function (arg) { if (arg === "canvas") { return new Proxy(new HTMLCanvasElement(), handler) } else { console.log('document.createElement===>' + arg) } },
  documentElement: new Proxy(new HTMLElement(), handler)
}

再次运行,发现少了document.cookie

我们在浏览器输出并补上,最后调用了window.localStorage,我们也在浏览器输出并补上

OraginlocalStorage = class {
  constructor() {
    this.storage = {
      "MF_STATISTICS": "{\"timestamp\":1741611106233,\"visitTimes\":6,\"readFeedCount\":0}",
      "redmoji": "{\"version\":3,\"redmojiTabs\":[{\"name\":\"小红薯表情\",\"emoji\":[{\"imageName\":\"[微笑R]\",\"image\":\"https://picasso-static.xiaohongshu.com/fe-platform/9366d16631e3e208689cbc95eefb7cfb0901001e.png\"},{\"imageName\":\"[害羞R]\",\"image\":\"https://picasso-static.xiaohongshu.com/fe-platform/219fe9d7e40b14dd7a6712203143bb1f9972bc5c.png\"},{\"imageName\":\"[失望R]\",\"image\":\"https://picasso-static.xiaohongshu.com/fe-platform/b862c8f94da375f55805a97c152efeeb5099c149.png\"},{\"imageName\":\"[汗颜R]\",\"image\":\"https://picasso-static.xiaohongshu.com/fe-platform/87e23e577662f3268362518f7f4e90e30b4ea284.png\"},{\"imageName\":\"[哇R]\",\"image\":\"https://picasso-static.xiaohongshu.com/fe-platform/e0771182c12362d41f70356f714d84dccc4d07bc.png\"},{\"imageName\":\"[喝奶茶R]\",\"image\":\"https://picasso-static.xiaohongshu.com/fe-platform/364ad5d3e0d5c3b1aa101c9243f488be97d9e8d7.png\"},{\"imageName\":\"[自拍R]\",\"image\":\"https://picasso-static.xiaohongshu.com/fe-platform/d4fe00be555964ddf8301e256cd906b9032679a5.png\"},{\"image\":\"https://picasso-static.xiaohongshu.com/fe-platform/d1a34cf8aeac526d36890d3e8f727192a6808ecf.png\",\"imageName\":\"[偷笑R]\"},{\"imageName\":\"[飞吻R]\",\"image\":\"https://picasso-static.xiaohongshu.com/fe-platform/81cedd016ad9d8bef38b2cd0c1e725454df53598.png\"},{\"imageName\":\"[石化R]\",\"image\":\"https://picasso-static.xiaohongshu.com/fe-platform/a61db6b1917b6c5c1e8f30bbeea9118a7bdbbe74.png\"},{\"image\":\"https://picasso-static.xiaohongshu.com/fe-platform/ca75b2fc85b0a3e171fe5df1cbf90efdcd3ba571.png\",\"imageName\":\"[笑哭R]\"},{\"imageName\":\"[赞R]\",\"image\":\"https://picasso-static.xiaohongshu.com/fe-platform/1b81c5ec3f7006f6b8baf7c006773f5f9d1ab6d7.png\"},{\"imageName\":\"[蹲后续H]\",\"image\":\"https://picasso-static.xiaohongshu.com/fe-platform/a633dcf8d48c500ae11532d0583c529b89286c66.webp\"},{\"image\":\"https://picasso-static.xiaohongshu.com/fe-platform/0a9cd643452c7b717b9735a23c550295baa69f02.png\",\"imageName\":\"[暗中观察R]\"},{\"imageName\":\"[买爆R]\",\"image\":\"https://picasso-static.xiaohongshu.com/fe-platform/c402c10ac31e2e024393cfa7ca61d014579d9191.png\"},{\"imageName\":\"[大笑R]\",\"image\":\"https://picasso-static.xiaohongshu.com/fe-platform/aed28089f6578522cd490f636955efe6dd27da38.png\"},{\"imageName\":\"[色色R]\",\"image\":\"https://picasso-static.xiaohongshu.com/fe-platform/913a9e2c42916a338b9fa20cf780ae435f51acac.png\"},{\"imageName\":\"[生气R]\",\"image\":\"https://picasso-static.xiaohongshu.com/fe-platform/91515ae9718d8cce4f8de909683011b538d35327.png\"},{\"imageName\":\"[哭惹R]\",\"image\":\"https://picasso-static.xiaohongshu.com/fe-platform/14b005f7afd5f7c88620478b610bf1de90c4ceab.png\"},{\"imageName\":\"[萌萌哒R]\",\"image\":\"https://picasso-static.xiaohongshu.com/fe-platform/c255f0ae809f8045561a80737b6aec25139f7607.png\"},{\"image\":\"https://picasso-static.xiaohongshu.com/fe-platform/6062be312a922da7998f99fb773e06cea0a640df.png\",\"imageName\":\"[斜眼R]\"},{\"imageName\":\"[可怜R]\",\"image\":\"https://picasso-static.xiaohongshu.com/fe-platform/36338a7a39e27341b34e845e28561378e9ad1ede.png\"},{\"imageName\":\"[鄙视R]\",\"image\":\"https://picasso-static.xiaohongshu.com/fe-platform/0dbbe487e5157d9fb720df7e59fe45a7927af647.png\"},{\"imageName\":\"[皱眉R]\",\"image\":\"https://picasso-static.xiaohongshu.com/fe-platform/fd82d69014a4a50397e20fc6b23ae8dba1c74998.png\"},{\"imageName\":\"[抓狂R]\",\"image\":\"https://picasso-static.xiaohongshu.com/fe-platform/13619bff18deffe1d2dcc4be0a6ba7ee0394926b.png\"},{\"imageName\":\"[捂脸R]\",\"image\":\"https://picasso-static.xiaohongshu.com/fe-platform/83278234fdeb5c36682334f6eb756d243ee62201.png\"},{\"imageName\":\"[派对R]\",\"image\":\"https://picasso-static.xiaohongshu.com/fe-platform/7a6287c7f65fabdc15fa8f06b2696cccc21e86f2.png\"},{\"imageName\":\"[吧唧R]\",\"image\":\"https://picasso-static.xiaohongshu.com/fe-platform/238271771c806047fc928b6ba49a6d8e7a741e5e.png\"},{\"imageName\":\"[惊恐R]\",\"image\":\"https://picasso-static.xiaohongshu.com/fe-platform/114d21cd3f1b4a1591cc997ddd5976bb0cec8f4c.png\"},{\"imageName\":\"[抠鼻R]\",\"image\":\"https://picasso-static.xiaohongshu.com/fe-platform/5fd4922d00a004260912247dad6ca7149d8a1f75.png\"},{\"imageName\":\"[再见R]\",\"image\":\"https://picasso-static.xiaohongshu.com/fe-platform/c34602650951342f09ca6e00d6f4c4ac57208a07.png\"},{\"imageName\":\"[叹气R]\",\"image\":\"https://picasso-static.xiaohongshu.com/fe-platform/5ce63c6024defb2f6334aa153fd0fd238a683779.png\"},{\"imageName\":\"[睡觉R]\",\"image\":\"https://picasso-static.xiaohongshu.com/fe-platform/d98472a962e744dd238f2b4f5dba2665dcb8360b.png\"},{\"imageName\":\"[得意R]\",\"image\":\"https://picasso-static.xiaohongshu.com/fe-platform/b02bf85f97acbd6be1749148e163b36920655f92.png\"},{\"imageName\":\"[吃瓜R]\",\"image\":\"https://picasso-static.xiaohongshu.com/fe-platform/a38d15b09910f65756d521f1f46031c44694214a.png\"},{\"imageName\":\"[扶墙R]\",\"image\":\"https://picasso-static.xiaohongshu.com/fe-platform/6eb56b590b5c70e4559cf5bd93056a6e74ffc474.png\"},{\"imageName\":\"[黑薯问号R]\",\"image\":\"https://picasso-static.xiaohongshu.com/fe-platform/e4835a534cddad71286ad4e8f0514fded208360d.png\"},{\"imageName\":\"[黄金薯R]\",\"image\":\"https://picasso-static.xiaohongshu.com/fe-platform/08b0e51ac813a53bebeb0b9391df5094d4777951.png\"},{\"image\":\"https://picasso-static.xiaohongshu.com/fe-platform/e4533cbaa5829c6ffd9299241
本文章已经生成可运行项目

开发板推荐:天空星STM32F407VET6开发板

超高性价比 STM32主控 | 超高主频 | 一板兼容百芯 | 比赛神器 | 沉金彩色丝印

点击查看
最低0.47元/天 解锁文章
评论 21
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

小爬菜…

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值