Skip to content

某在线翻译js破解

字数
2100 字
阅读时间
13 分钟
更新日期
4/17/2021

想给信息流( i.hacking 8.com )换一个翻译引擎,于是看到这个。

它的翻译效果感觉挺不错的,所以就来分析一下怎么调用。

经过调试,它会发两个包,第一个包用于生成游客的jwt token

POST /v1/user/jwt/generate HTTP/1.1
Host: api.interpreter.caiyunai.com
Connection: close
Content-Length: 49
Pragma: no-cache
Cache-Control: no-cache
sec-ch-ua: "Google Chrome";v="89", "Chromium";v="89", ";Not A Brand";v="99"
os-version: 
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 11_2_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
app-name: xy
Content-Type: application/json;charset=UTF-8
Accept: application/json, text/plain, */*
device-id: 
os-type: web
X-Authorization: token:qgemv4jr1y38jyq6vhvi
version: 1.8.0
Origin: https://fanyi.caiyunapp.com
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://fanyi.caiyunapp.com/
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8

{"browser_id":"6d3a8a9d1e39302beb6fca2dd1310954"}

返回

HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Sat, 17 Apr 2021 04:10:16 GMT
Content-Type: application/json
Connection: close
Access-Control-Allow-Origin: https://fanyi.caiyunapp.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,X-Authorization,app-name,version,os-type,os-version,device-id
Content-Length: 286

{"jwt":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJicm93c2VyX2lkIjoiNmQzYThhOWQxZTM5MzAyYmViNmZjYTJkZDEzMTA5NTQiLCJ2ZXJzaW9uIjoxLCJpcF9hZGRyZXNzIjoiMTIzLjExNy4xNzMuMTc1IiwidG9rZW4iOiJxZ2VtdjRqcjF5MzhqeXE2dmh2aSIsImV4cCI6MTYxODYzMzUxNn0.0vkqXovbGTHE8JW_a31CsAKA4yUWBmkvgfxyC2Axfqk","rc":0}

第二个包,发出翻译请求

POST /v1/translator HTTP/1.1
Host: api.interpreter.caiyunai.com
Connection: close
Content-Length: 201
sec-ch-ua: "Google Chrome";v="89", "Chromium";v="89", ";Not A Brand";v="99"
os-version: 
sec-ch-ua-mobile: ?0
X-Authorization: token:qgemv4jr1y38jyq6vhvi
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 11_2_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
app-name: xy
Content-Type: application/json;charset=UTF-8
Accept: application/json, text/plain, */*
device-id: 
os-type: web
T-Authorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJicm93c2VyX2lkIjoiNmQzYThhOWQxZTM5MzAyYmViNmZjYTJkZDEzMTA5NTQiLCJ2ZXJzaW9uIjoxLCJpcF9hZGRyZXNzIjoiMTIzLjExNy4xNzMuMTc1IiwidG9rZW4iOiJxZ2VtdjRqcjF5MzhqeXE2dmh2aSIsImV4cCI6MTYxODYzMzUxNn0.0vkqXovbGTHE8JW_a31CsAKA4yUWBmkvgfxyC2Axfqk
version: 1.8.0
Origin: https://fanyi.caiyunapp.com
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://fanyi.caiyunapp.com/
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8

{"source":"heelo","trans_type":"auto2zh","request_id":"web_fanyi","media":"text","os_type":"web","dict":true,"cached":true,"replaced":true,"detect":true,"browser_id":"6d3a8a9d1e39302beb6fca2dd1310954"}

收到

HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Sat, 17 Apr 2021 04:17:45 GMT
Content-Type: application/json
Connection: close
Access-Control-Allow-Origin: https://fanyi.caiyunapp.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,X-Authorization,app-name,version,os-type,os-version,device-id,T-Authorization
Content-Length: 66

{"confidence":0.8642611644,"target":"FTIyoT8=","isdict":0,"rc":0}

target解密

可以看到"target":"FTIyoT8="是一个密文,但是前台是明文显示的,所以翻翻js找解密的算法。

通关监视变量,找到这个解密函数

js
function Le(t) {
            var e;
            return function(t) {
                return ke.decode(t)
            }((e = function(t) {
                return "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz".indexOf(t)
            }
            ,
            t.split("").map(function(t) {
                return e(t) > -1 ? "NOPQRSTUVWXYZABCDEFGHIJKLMnopqrstuvwxyzabcdefghijklm"[e(t)] : t
            }).join("")))
        }

百度了一下关键字符串,这就是一个rot13+base64解密算法

发包的参数

发包的请求头上有几个参数

X-AuthorizationT-Authorizationbrowser_id,知道它们怎么来的就能自己构造了。

T-Authorization就是生成的jwt token

X-Authorization在js中直接就硬编码了

image-20210417145454067

browser_id

追踪到生成jwt这里

image-20210417144642259

browser_id = e,e已经被赋值了,跟踪堆栈向上回溯

image-20210417144757249

这就是它的生成算法了,可以看到它是先合并数组i,然后对ix64hash128运算来着。i是啥,打印一下

image-20210417144942057

它就是从e中获取valuee是啥,看旁边的监视器

image-20210417145047587

js
[
    {
        "key": "userAgent",
        "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 11_2_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36"
    },
    {
        "key": "webdriver",
        "value": false
    },
    {
        "key": "language",
        "value": "zh-CN"
    },
    {
        "key": "colorDepth",
        "value": 30
    },
    {
        "key": "deviceMemory",
        "value": 8
    },
    {
        "key": "hardwareConcurrency",
        "value": 8
    },
    {
        "key": "screenResolution",
        "value": [
            900,
            1440
        ]
    },
    {
        "key": "availableScreenResolution",
        "value": [
            875,
            1385
        ]
    },
    {
        "key": "timezoneOffset",
        "value": -480
    },
    {
        "key": "timezone",
        "value": "Asia/Shanghai"
    },
    {
        "key": "sessionStorage",
        "value": true
    },
    {
        "key": "localStorage",
        "value": true
    },
    {
        "key": "indexedDb",
        "value": true
    },
    {
        "key": "addBehavior",
        "value": false
    },
    {
        "key": "openDatabase",
        "value": true
    },
    {
        "key": "cpuClass",
        "value": "not available"
    },
    {
        "key": "platform",
        "value": "MacIntel"
    },
    {
        "key": "plugins",
        "value": [
            [
                "Chrome PDF Plugin",
                "Portable Document Format",
                [
                    [
                        "application/x-google-chrome-pdf",
                        "pdf"
                    ]
                ]
            ],
            [
                "Chrome PDF Viewer",
                "",
                [
                    [
                        "application/pdf",
                        "pdf"
                    ]
                ]
            ],
            [
                "Native Client",
                "",
                [
                    [
                        "application/x-nacl",
                        ""
                    ],
                    [
                        "application/x-pnacl",
                        ""
                    ]
                ]
            ]
        ]
    },
    {
        "key": "canvas",
        "value": [
            "canvas winding:yes",
            "canvas fp:"
        ]
    },
    {
        "key": "webgl",
        "value": [
            "",
            "extensions:ANGLE_instanced_arrays;EXT_blend_minmax;EXT_color_buffer_half_float;EXT_disjoint_timer_query;EXT_float_blend;EXT_frag_depth;EXT_shader_texture_lod;EXT_texture_compression_rgtc;EXT_texture_filter_anisotropic;WEBKIT_EXT_texture_filter_anisotropic;EXT_sRGB;OES_element_index_uint;OES_fbo_render_mipmap;OES_standard_derivatives;OES_texture_float;OES_texture_float_linear;OES_texture_half_float;OES_texture_half_float_linear;OES_vertex_array_object;WEBGL_color_buffer_float;WEBGL_compressed_texture_s3tc;WEBKIT_WEBGL_compressed_texture_s3tc;WEBGL_compressed_texture_s3tc_srgb;WEBGL_debug_renderer_info;WEBGL_debug_shaders;WEBGL_depth_texture;WEBKIT_WEBGL_depth_texture;WEBGL_draw_buffers;WEBGL_lose_context;WEBKIT_WEBGL_lose_context;WEBGL_multi_draw",
            "webgl aliased line width range:[1, 1]",
            "webgl aliased point size range:[1, 255.875]",
            "webgl alpha bits:8",
            "webgl antialiasing:yes",
            "webgl blue bits:8",
            "webgl depth bits:24",
            "webgl green bits:8",
            "webgl max anisotropy:16",
            "webgl max combined texture image units:80",
            "webgl max cube map texture size:16384",
            "webgl max fragment uniform vectors:1024",
            "webgl max render buffer size:16384",
            "webgl max texture image units:16",
            "webgl max texture size:16384",
            "webgl max varying vectors:15",
            "webgl max vertex attribs:16",
            "webgl max vertex texture image units:16",
            "webgl max vertex uniform vectors:1024",
            "webgl max viewport dims:[16384, 16384]",
            "webgl red bits:8",
            "webgl renderer:WebKit WebGL",
            "webgl shading language version:WebGL GLSL ES 1.0 (OpenGL ES GLSL ES 1.0 Chromium)",
            "webgl stencil bits:0",
            "webgl vendor:WebKit",
            "webgl version:WebGL 1.0 (OpenGL ES 2.0 Chromium)",
            "webgl unmasked vendor:Intel Inc.",
            "webgl unmasked renderer:Intel(R) Iris(TM) Plus Graphics 655",
            "webgl vertex shader high float precision:23",
            "webgl vertex shader high float precision rangeMin:127",
            "webgl vertex shader high float precision rangeMax:127",
            "webgl vertex shader medium float precision:23",
            "webgl vertex shader medium float precision rangeMin:127",
            "webgl vertex shader medium float precision rangeMax:127",
            "webgl vertex shader low float precision:23",
            "webgl vertex shader low float precision rangeMin:127",
            "webgl vertex shader low float precision rangeMax:127",
            "webgl fragment shader high float precision:23",
            "webgl fragment shader high float precision rangeMin:127",
            "webgl fragment shader high float precision rangeMax:127",
            "webgl fragment shader medium float precision:23",
            "webgl fragment shader medium float precision rangeMin:127",
            "webgl fragment shader medium float precision rangeMax:127",
            "webgl fragment shader low float precision:23",
            "webgl fragment shader low float precision rangeMin:127",
            "webgl fragment shader low float precision rangeMax:127",
            "webgl vertex shader high int precision:0",
            "webgl vertex shader high int precision rangeMin:31",
            "webgl vertex shader high int precision rangeMax:30",
            "webgl vertex shader medium int precision:0",
            "webgl vertex shader medium int precision rangeMin:31",
            "webgl vertex shader medium int precision rangeMax:30",
            "webgl vertex shader low int precision:0",
            "webgl vertex shader low int precision rangeMin:31",
            "webgl vertex shader low int precision rangeMax:30",
            "webgl fragment shader high int precision:0",
            "webgl fragment shader high int precision rangeMin:31",
            "webgl fragment shader high int precision rangeMax:30",
            "webgl fragment shader medium int precision:0",
            "webgl fragment shader medium int precision rangeMin:31",
            "webgl fragment shader medium int precision rangeMax:30",
            "webgl fragment shader low int precision:0",
            "webgl fragment shader low int precision rangeMin:31",
            "webgl fragment shader low int precision rangeMax:30"
        ]
    },
    {
        "key": "webglVendorAndRenderer",
        "value": "Intel Inc.~Intel(R) Iris(TM) Plus Graphics 655"
    },
    {
        "key": "adBlock",
        "value": false
    },
    {
        "key": "hasLiedLanguages",
        "value": false
    },
    {
        "key": "hasLiedResolution",
        "value": false
    },
    {
        "key": "hasLiedOs",
        "value": false
    },
    {
        "key": "hasLiedBrowser",
        "value": false
    },
    {
        "key": "touchSupport",
        "value": [
            0,
            false,
            false
        ]
    },
    {
        "key": "fonts",
        "value": [
            "Andale Mono",
            "Arial",
            "Arial Black",
            "Arial Hebrew",
            "Arial Narrow",
            "Arial Rounded MT Bold",
            "Arial Unicode MS",
            "Comic Sans MS",
            "Courier",
            "Courier New",
            "Geneva",
            "Georgia",
            "Helvetica",
            "Helvetica Neue",
            "Impact",
            "LUCIDA GRANDE",
            "Microsoft Sans Serif",
            "Monaco",
            "Palatino",
            "Tahoma",
            "Times",
            "Times New Roman",
            "Trebuchet MS",
            "Verdana",
            "Wingdings",
            "Wingdings 2",
            "Wingdings 3"
        ]
    },
    {
        "key": "audio",
        "value": "124.0434806260746"
    }
]

将它转换为string类型,然后做x64sha128运算

image-20210417145230102

browser_id长度是32位,我们也可以完全伪造一个32位的,用个随机数+md5就可以了。

image-20210417145248157

Python调用代码

最后给出python调用的代码

python
import base64
import hashlib
import json

import requests
from django.utils.crypto import get_random_string


def rot13(params):
    t = "NOPQRSTUVWXYZABCDEFGHIJKLMnopqrstuvwxyzabcdefghijklm"
    o = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
    s = []
    for i in list(params):
        index = o.find(i)
        if index > -1:
            s.append(t[index])
        else:
            s.append(i)
    return ''.join(s)


def caiyun_decode(s):
    s = rot13(s)
    s2 = base64.b64decode(s).decode('utf-8')
    return s2


def generate_jwt():
    url = "https://api.interpreter.caiyunai.com/v1/user/jwt/generate"
    headers = {
        "X-Authorization": "token:qgemv4jr1y38jyq6vhvi",
        "Content-Type": "application/json;charset=UTF-8",
        "app-name": "xy"
    }
    encrypt = hashlib.md5()
    encrypt.update(get_random_string(10, "qweasdzxcrtyfghvbnuiopjklm1234567890").encode())
    result = encrypt.hexdigest()
    data = {"browser_id": result}
    r = requests.post(url, data=json.dumps(data), headers=headers)
    return r.json()["jwt"], result


def translater(s, jwt, brower_id):
    url = "https://api.interpreter.caiyunai.com/v1/translator"
    headers = {
        "X-Authorization": "token:qgemv4jr1y38jyq6vhvi",
        "Content-Type": "application/json;charset=UTF-8",
        "app-name": "xy",
        "T-Authorization": jwt,
    }
    data = {"source": s.splitlines(), "trans_type": "en2zh", "request_id": "web_fanyi", "media": "text",
            "os_type": "web",
            "dict": False, "cached": True, "replaced": True, "browser_id": brower_id}
    r = requests.post(url, data=json.dumps(data), headers=headers)
    return r.json()


if __name__ == '__main__':
    s = caiyun_decode("5bvE55Fb5YvN5Yvd5oPC5bdN5ora6Xrw5Lnm5YdT6Y+M5Yvd6Mrh6nXL77lZ5bvE5LnM5YdT6Y+M5Yvd57T7Bt==")
    print(s)
    s, s1 = generate_jwt()
    print(s)
    s = translater("hello", s, s1)
    print(s)
    for item in s["target"]:
        print(caiyun_decode(item))
    # "5oiR55So5LiA5Liq5bCP5oqA5ben6Kej5Yaz5LqG6L+Z5Liq6Zeu6aKY77yM5oiR5YaZ5LqG6L+Z5Liq57G7Og=="

输出结果

image-20210417145824095

撰写