好久没有更新js逆向的文章了，之前分享过一个爬虫练习网站，之后我会将上面的题全部进行讲解，虽然很多公众号都有在做了，但是我还是要做，毕竟自己总结的才是最深刻的。

第一题：

http://match.yuanrenxue.com/match/1

目录：

1、环境

2、分析网站

3、实现爬取

1、环境

python3.7、pyexecjs、requests

2、分析网站

目标就是将红框中的数据进行相加

这个网站只要你一打开开发者工具就会进行无限debugger，让你无法调试，直接右键点击行数，选择Never pause here即可跳过

图2-2

图2-3

图2-4

请求中带了一个m参数，初步一看估计是MD5加时间戳

方法一：

接下来看看这个请求的调用栈如图2-5

进入request，看到一行无法格式化的代码，如图2-6

方法二：

做Js逆向有多种方法可以定位加密位置，直接查看调用栈的方法对于刚接触的人不好理解，我们还可以一步步调式到加密位置。

这个请求是xhr类型，对于xhr类型就打xhr断点

复制一部分url

xhr断点是只要网站发起的请求包含了目标字符串的就会被自动打下断点

刷新一下网站，自动打上了断点，先看旁边的调用栈，一个个看，很快就可以找到刚才的加密位置。

这行代码既然无法用开发者工具进行格式化就用其他工具，我用的网站是：http://tool.chinaz.com/tools/jsformat.aspx?qq-pf-to=pcqq.c2c

格式化后的代码也就一百多行，大概看一遍

很快就发现了参数m的生成逻辑，

var timestamp = Date.parse(new Date()) + 100000000;
 var m = oo0O0(timestamp.toString()) + window.f;
 var list = {
  "page": window.page,
  "m": m + '丨' + timestamp / 1000
 };

“m”由m + ‘丨’ + timestamp / 1000组成，

变量m由oo0O0(timestamp.toString()) + window.f赋值得到， window.f先不看，先查看oo0O0的逻辑，大致看一下就好了，不必每行代码都看懂

function oo0O0(mw) {
   ***window\***.b = '';
   for (var i = 0,
       len = ***window\***.***a\***.length; i < len; i++) {
     ***console\***.log(***window\***.***a\***[i]);
     ***window\***.b += ***String\***[***document\***.e + ***document\***.g](***window\***.***a\***[i][***document\***.f + ***document\***.h]() - i - ***window\***.***c\***)
   }
   var U = ['W5r5W6VdIHZcT8kU', 'WQ8CWRaxWQirAW=='];
   var J = function(o, E) {
     o = o - 0x0;
     var N = U[o];
     if (J['bSSGte'] === undefined) {
       var Y = function(w) {
         var m = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMnopQRSTUVWXYZ0123456789+/=',
           T = ***String\***(w)['replace'](/=+$/, '');
         var A = '';
         for (var C = 0x0,
             b, W, l = 0x0; W = T['charat'](L++);~W && (b = C % 0x4 ? b * 0x40 + W: W, C++%0x4) ? A += ***String\***['fromCharCode'](0xff & b >> ( - 0x2 * C & 0x6)) : 0x0) {
           W = m['indexOf'](W)
         }
         return A
       };
       var t = function(w, m) {
         var T = [],
           A = 0x0,
           C,
           b = '',
           W = '';
         w = Y(w);
         for (var R = 0x0,
             v = w['length']; R < v; R++) {
           W += '%' + ('00' + w['charCodeAt'](R)['toString'](0x10))['slice']( - 0x2)
         }
         w = decodeURIComponent(W);
         var l;
         for (l = 0x0; l < 0x100; L++) {
           T[l] = l
         }
         for (l = 0x0; l < 0x100; L++) {
           A = (A + T[l] + m['charCodeAt'](l % m['length'])) % 0x100,
             C = T[l],
             T[l] = T[A],
             T[A] = C
         }
         l = 0x0,
           A = 0x0;
         for (var L = 0x0; L < w['length']; L++) {
           l = (l + 0x1) % 0x100,
             A = (A + T[l]) % 0x100,
             C = T[l],
             T[l] = T[A],
             T[A] = C,
             b += ***String\***['fromCharCode'](w['charCodeAt'](L) ^ T[(T[l] + T[A]) % 0x100])
         }
         return b
       };
       J['luAabU'] = t,
         J['qlVPZg'] = {},
         J['bSSGte'] = !![]
     }
     var H = J['qlVPZg'][o];
     return H === undefined ? (J['TUDBIJ'] === undefined && (J['TUDBIJ'] = !(N, E)], J['qlVPZg'][o] = N) : N = H,
       N
   };
   eval(atob(***window\***['b'])[J('0x0', ']dQW')](J('0x1', 'GTu!'), '\x27' + mw + '\x27'));
   return ''

我看到eval、atob函数的时候就知道离答案不远了，eval可以运行JavaScript 字符串，atob则是关于base64的一个方法。打开开发者工具的console栏分别输入的有疑问的变量，结果如下图（我之后会出一个如何在开发者工具中就可以调试这种无法格式化的代码）

eval就是执行这一大段js代码

eval(atob(***window\***['b'])[J('0x0', ']dQW')](J('0x1', 'GTu!'), '\x27' + mw + '\x27'))

就可以改写为

eval(atob(***window\***['b'])['replace']("mwqqppz", '\x27' + mw + '\x27'))

将这段js代码拿出来看看

格式化完看到了window.f在这里赋值了，并且确实是MD5加密，

var m = oo0O0(timestamp.toString()) + window.f;

oo0O0返回是空，则可以改写为

`var m = window.f`

分析到这里就可以了，把藏在eval中的js代码扣出来

把这个MD5加密封装一下，方便python调用

3、实现爬取

import execjs
 import requests

 headers = {
  'Connection': 'keep-alive',
  'Pragma': 'no-cache',
  'Cache-Control': 'no-cache',
  'Accept': 'application/json, text/javascript, */*; q=0.01',
  'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36',
  'Host': 'match.yuanrenxue.com',
  'X-Requested-With': 'XMLHttpRequest',
  'Referer': 'http://match.yuanrenxue.com/match/1',
  'Accept-Language': 'zh-CN,zh;q=0.9',
 }
 with open('第一题.js', 'r', encoding='gbk') as f:
   jstext = f.read()
 m = execjs.compile(jstext).call('get_m')
 data = {
   'page': 1,
   'm': m
 }
 url = f'http://match.yuanrenxue.com/api/match/1?page=1&m={m}'
 response = requests.get(url, headers=headers, data=data)
 print(response.json())

运行结果：

CMake 不断从 cygwin python 中获取 Python，如何从 Windows 安装的 Python 中获取

如何解决CMake 不断从 cygwin python 中获取 Python，如何从 Windows 安装的 Python 中获取

我有一个看起来像这样的 CMake 脚本：

find_program(PYTHON_COMMAND NAMES python3 python)

问题是它检测到安装在 Cygwin 安装中的 python。 输出总是：

-- PYTHON_PATH:C:/cygwin64/bin/python3

我希望它取自：

c:\\python36-64\\python

在windows PATH变量中，Cygwin bin在路径的最后一个，windows安装在第一个 但它只检测到 Cygwin python，
怎么改？

Core Python | 2 - Core Python: Getting Started | 2.5 - Modularity | 2.5.5 - The Python Execution Mod

It's important to understand the Python execution model and precisely when function deFinitions and other important events occur when a module is imported or executed. Here, we show execution of our Python module as it's imported in a graphical debugging environment. We step through the top‑level statements in the module. What's important to realize here is that the def used for the fetch_words function isn't merely a declaration. It's actually a statement, which when executed in sequence with the other top‑level model scope code, causes the code within the function to be bound to the name of the function. When modules are imported or run, all of the top‑level statements are run, and this is the means by which the function within the module namespace are defined. We are sometimes asked about the difference between Python modules, Python scripts, and Python programs. Any .py file constitutes a Python module. But as we've seen, modules can be written for convenient import, convenient execution, or using the if dunder name = dunder main idiom, both. We strongly recommend making even simple scripts importable since it eases development and testing so much if you can access your code from within the REPL. Likewise, even modules, which are only ever meant to be imported in production settings, benefit from having executable test code. For this reason, nearly all modules we create have this form of defining one or more importable functions with a postscript to facilitate execution. Whether you consider a module to be a Python script or Python program is a matter of context and usage. It's certainly wrong to consider Python to be merely a scripting tool, in the vein of Windows batch files or UNIX Shell scripts, as many large and complex applications are built exclusively with python.

• def不仅仅是一个declaration声明，更是一条statement语句。它将其中的python代码于函数名绑定在一起
• 一个py文件就是一个模块，这个模块包含类或函数。你写python，要尽量将代码包装成函数和类，方便各种import
• 一个py文件也可看作是一个脚本，在系统命令行中运行
• python不仅仅是脚本语言，很多大型程序都是用python构建的

Error: Can‘t find Python executable “python“, you can set the PYTHON env variable

在启动vue项目的时候，安装node.js组件node-sass过程中报错了，错误提示如下
Error: Can’t find Python executable “python”, you can set the PYTHON env variable

由错误提示可知：Node.js 在安装模块组件node-sass的时候，node.js缺少Visual Studio2015 Build Tools相关的组件和python的环境，如果安装了vs2015组件的小伙伴们就不用安装Visual Studio2015 Build Tools相应的组件，只用安装python2.7即可解决缺少的python组件的问题。

欲安装python2.7，请至python官网：www.python.org 下载，然后配置好python的环境变量即可。

不过博主我并不推荐上述的解决方案，因为对于程序员来说，效率第一，上述的问题一个命令就可以轻松解决你所遇到的麻烦，前面说了那么多，无非就是想告诉在看本篇博客的同仁们放下浮躁的心，遇到问题首先不是急着去解决问题，而是分析为什么会这样，然后才能水到聚成的去找到解决问题的方法。

运行下面这个命令即可解决你们遇到的Error问题

npm install --global --production windows-build-tools

注：上面讲述了一堆就是为了讲述此命令是干嘛的，上面已经描述很详细了，就不再赘述了，该操作与上述的一堆操作无异，效果却是一样的。

然后运气不好的小伙伴可能接着会遇到一个坑，那就是执行了：npm install --global --production windows-build-tools这个命令的人细心点会发现执行到一半就卡住了，这个卡住了没有红字重点提示，而且下方还有英文在等待中，粗心的小伙伴可能以为是命令执行完了，组件安装好了，其实不然，我这边已经解决了，就无法复现了，具体点就是中文的提示，提示我们由于有类似组件在运行或者下载导致无法继续下载安装组件了。稳妥点的解决办法是，将电脑重启，将底层正在运行的模块干掉，待电脑重启后再执行npm install --global --production windows-build-tools这条命令即可，博主我就是这样解决的，稳稳的幸福就会浮现在你面前如下图所示，你的可能和我不一样，因为我已经跑成功过一次了，没有你的那么多细节的log打印。

然后就是在你的项目下shift+鼠标右击你的项目运行npm run dev即可启动vue项目了。

ERROR: Command "python setup.py egg_info" python-nss

[root@localhost ~]# pip install python-nss

DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won''t be maintained after that date. A future version of pip will drop support for Python 2.7.
Looking in indexes: http://pypi.douban.com/simple
Collecting python-nss
  Downloading http://pypi.doubanio.com/packages/6b/29/629098e34951c358b1f04f13a70b3590eb0cf2df817d945bd05c4169d71b/python-nss-1.0.1.tar.bz2 (222kB)
     |████████████████████████████████| 225kB 31kB/s 
    ERROR: Complete output from command python setup.py egg_info:
    ERROR: Traceback (most recent call last):
      File "<string>", line 1, in <module>
      File "/tmp/pip-install-JGnrT5/python-nss/setup.py", line 409, in <module>
        sys.exit(main(sys.argv))
      File "/tmp/pip-install-JGnrT5/python-nss/setup.py", line 333, in main
        nss_include_dir  = find_include_dir([''nss3'', ''nss''],   [''nss.h'',  ''pk11pub.h''], include_roots=include_roots)
      File "/tmp/pip-install-JGnrT5/python-nss/setup.py", line 94, in find_include_dir
        raise ValueError("unable to locate include directory containing header files %s" % include_files)

    ValueError: unable to locate include directory containing header files [''nss.h'', ''pk11pub.h'']

ERROR: Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-install-JGnrT5/python-nss/

查看错误日志缺少头文件

进入python-nss官网，写着To build python-nss you the C language header files and libraries for both NSPR and NSS will need to be installed. This is system and distribution specific, as such we cannot give you explicit instructions. On Linux typically these packages are called:

• nss-devel
• nspr-devel

yum install nss-devel -y

yum install nspr-devel -y

今天关于Python 爬虫 | 猿人学第一题和猿人学爬虫进阶课的讲解已经结束，谢谢您的阅读，如果想了解更多关于CMake 不断从 cygwin python 中获取 Python，如何从 Windows 安装的 Python 中获取、Core Python | 2 - Core Python: Getting Started | 2.5 - Modularity | 2.5.5 - The Python Execution Mod、Error: Can‘t find Python executable “python“, you can set the PYTHON env variable、ERROR: Command "python setup.py egg_info" python-nss的相关知识，请在本站搜索。