前言

　　又是一年馬上結束，今年一年研究技術的時間都非常少，除了家庭原因，還有自身的原因。2018很不順，理財各種雷，幣圈與股市跌的慘不忍睹。自身還沾染了社會三大毒瘤之一的賭，一夜回到解放前。讓我好多天精神恍惚，差點崩潰。好久才走出來，刪掉各類app，開啟vs，認真寫點程式碼換錢。

我有一顆想分享的心，但苦於文采不好，語言表達能力不行，更重要的患有嚴重懶癌，導致這篇文章寫了很久都沒結束。

騰訊防水牆的介紹

官網：https://007.qq.com

介紹：專注業務安全服務，用領先的人工智慧技術解決業務欺詐、薅羊毛、刷單、爬蟲、撞庫等問題，讓您的企業零投入也能有微信/QQ級別的業務安全服務  

其實就是類似極驗的驗證碼，相對於以前的圖形驗證碼，多了行為等一些識別。從圖片上來說，就是要找到缺口的位置，我想對於專業做識別的來說，找這個缺口位置應該比以前騰訊的四點陣圖形驗證碼更容易。難就難在裡面亂七八糟的js加密。下面讓我給大家一一講述分析過程，加密過程。

騰訊防水牆的分析

   一、http協議抓包

　　在防水牆官網看到有一些防水牆的使用者，看到了手機廠商oppo。應用防水牆的地方無非就是他的商城，論壇，雲空間之類的。在商城上沒發現，開啟雲空間登入頁面，隨便輸入賬號，錯誤次數過多了，果然出現了防水牆

開啟Fiddler，重新整理下頁面完成一組操作，發現主要請求有這幾個

  二、資料包分析

 　　去除載入的js與log上傳，真正的一組操作有三個：

1. cap_union_prehandle
2. cap_union_new_show
3. cap_union_new_verify

開始詳細分析這三個請求資料包的組成（我根據我的分析與理解進行講述）

1是初始化驗證碼。詳細請求為

GET https://captcha.guard.qcloud.com/cap_union_prehandle?aid=1253408289&asig=Ad3GYD9Dn99U0xOPiOOhnEpB7citHdzqa98umEP2Whvl-OngFl18y4Q_bSgYFxtm6dWiT67ngBe1x7vbI9RPE-HSJh8phx2h&captype=&protocol=https&clientype=2&disturblevel=&apptype=&curenv=open&ua=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS82OS4wLjM0OTcuMTAwIFNhZmFyaS81MzcuMzY=&uid=&cap_cd=&lang=2052&callback=_aq_517127&subsid=1 HTTP/1.1
 

Host: captcha.guard.qcloud.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36
Accept: */*
Referer: https://cloud.oppo.com/login.html
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Cookie: qcmainCSRFToken=ByB1lOw1G4; intl=; qcloud_from=qcloud.360.seo-1546778388303

引數的詳細介紹（猜想）,僅僅介紹需要變動的引數，不介紹的固定就可以：
aid：專案的ID，不同網站的aid不同
asig：這個驗證碼請求的id，每次驗證碼不同。這個asig在前面幾個http請求中，網站都會返回
ua：瀏覽器的user-agent,進行了base64編碼
uid：登入賬號，在有些網站可能這個需要

其他引數固定就可以。

返回內容為：
_aq_517127({"state":"1","ticket":"","capclass":"2","subcapclass":"9","src_1":"cap_union_new_show","src_2":"template/new_placeholder.html","src_3":"template/new_slide_placeholder.html","sess":"mH-vlJ-CUtT4IjZhBaXnUw1eOMnpNPKHFJwVl_yEGGkO-ZhxabjuVs9gNML4dXb8tvjP1spte6EEKlOCdxrlzhOd2oGK0w3OFw9z2odtQjOoq3OyAdIr0b1cnajkR06N3qgMqKeBWmI2zFR5CCslK-5RmrlVY2vnV-W_frBhrIWt80ALXQzi4M_V3JGsUwCaDzBKfy5bURo*","sid":"6643363502555941855"})
都是驗證碼需要的一些引數，後面會用到

2是驗證碼的顯示頁面，主要以iframe形式顯示驗證碼的html頁面

GET https://captcha.guard.qcloud.com/cap_union_new_show?aid=1253408289&asig=Ad3GYD9Dn99U0xOPiOOhnEpB7citHdzqa98umEP2Whvl-OngFl18y4Q_bSgYFxtm6dWiT67ngBe1x7vbI9RPE-HSJh8phx2h&captype=&protocol=https&clientype=2&disturblevel=&apptype=&curenv=open&ua=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS82OS4wLjM0OTcuMTAwIFNhZmFyaS81MzcuMzY=&sess=mH-vlJ-CUtT4IjZhBaXnUw1eOMnpNPKHFJwVl_yEGGkO-ZhxabjuVs9gNML4dXb8tvjP1spte6EEKlOCdxrlzhOd2oGK0w3OFw9z2odtQjOoq3OyAdIr0b1cnajkR06N3qgMqKeBWmI2zFR5CCslK-5RmrlVY2vnV-W_frBhrIWt80ALXQzi4M_V3JGsUwCaDzBKfy5bURo*&theme=&sid=6643363502555941855&noBorder=noborder&fb=0&forcestyle=undefined&subsid=2&showtype=embed&uid=&cap_cd=&lang=2052&rnd=498672&TCapIframeLoadTime=10&prehandleLoadTime=101&createIframeStart=1546778599893 HTTP/1.1
Host: captcha.guard.qcloud.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: https://cloud.oppo.com/login.html
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Cookie: qcmainCSRFToken=ByB1lOw1G4; intl=; qcloud_from=qcloud.360.seo-1546778388303

aid：同上
asig：同上
ua：同上
sess：第一步http請求返回的資料
sid：第一步http請求返回的資料
rnd：隨機數，可以生產一個六位隨機數，後面的請求還會要用到
TCapIframeLoadTime：iframe載入的時間，隨機生產就可以
prehandleLoadTime：第一步請求的時間，隨機生產就可以
createIframeStart：建立iframe的時間，以當前時間轉換成毫秒單位的時間戳就可以

其他的同樣固定就可以

返回內容：
太多了，不貼了，不過裡面有一些重要的引數需要用到，下面提到的引數可以自行在你測試的http資料中查詢
返回的內容就是顯示驗證碼與一些js演算法

驗證碼圖片請求：
驗證碼分為兩個，一個是有缺口的圖片，一個是缺口位置的圖片。
兩個驗證碼請求基本一致，只是最後面的img_index不同，1為有缺口圖片，2為缺口位置圖片。（0為完整圖片，一般人我不告訴他）

驗證碼請求：
https://captcha.guard.qcloud.com/cap_union_new_getcapbysig?aid=1253408289&asig=Ad3GYD9Dn99U0xOPiOOhnEpB7citHdzqa98umEP2Whvl-OngFl18y4Q_bSgYFxtm6dWiT67ngBe1x7vbI9RPE-HSJh8phx2h&captype=&protocol=https&clientype=2&disturblevel=&apptype=&curenv=open&ua=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS82OS4wLjM0OTcuMTAwIFNhZmFyaS81MzcuMzY=&sess=mH-vlJ-CUtT4IjZhBaXnUw1eOMnpNPKHFJwVl_yEGGkO-ZhxabjuVs9gNML4dXb8tvjP1spte6EEKlOCdxrlzhOd2oGK0w3OFw9z2odtQjOoq3OyAdIr0b1cnajkR06N3qgMqKeBWmI2zFR5CCslK-5RmrlVY2vnV-W_frBhrIWt80ALXQzi4M_V3JGsUwCaDzBKfy5bURo*&theme=&sid=6643363502555941855&noBorder=noborder&fb=0&forcestyle=undefined&subsid=3&showtype=embed&uid=&cap_cd=&lang=2052&rnd=498672&TCapIframeLoadTime=10&prehandleLoadTime=101&createIframeStart=1546778599893&rand=0.4427548655911022&vsig=b01j5Nf7g8tU487jjS2st9qjKBc_Jj_japTZmaYQoJ9Fs_HIpRZY62YWBsqKjsq17A9iNe2cfX6gtor4OFb0wZI4nA7wDjKkuu0ASDEvyJB4o1x4VMf3T-RyQ**&img_index=1

裡面所有引數同上，唯一一個是vsig，在第二步的返回資料中，可自行查詢。上面提到的隨機生產的，下面所有請求請統一

3提交驗證碼獲取ticket

POST https://captcha.guard.qcloud.com/cap_union_new_verify?random=1546778607362 HTTP/1.1
Host: captcha.guard.qcloud.com
Connection: keep-alive
Content-Length: 4134
Accept: application/json, text/javascript, */*; q=0.01
Origin: https://captcha.guard.qcloud.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: https://captcha.guard.qcloud.com/cap_union_new_show?aid=1253408289&asig=Ad3GYD9Dn99U0xOPiOOhnEpB7citHdzqa98umEP2Whvl-OngFl18y4Q_bSgYFxtm6dWiT67ngBe1x7vbI9RPE-HSJh8phx2h&captype=&protocol=https&clientype=2&disturblevel=&apptype=&curenv=open&ua=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS82OS4wLjM0OTcuMTAwIFNhZmFyaS81MzcuMzY=&sess=mH-vlJ-CUtT4IjZhBaXnUw1eOMnpNPKHFJwVl_yEGGkO-ZhxabjuVs9gNML4dXb8tvjP1spte6EEKlOCdxrlzhOd2oGK0w3OFw9z2odtQjOoq3OyAdIr0b1cnajkR06N3qgMqKeBWmI2zFR5CCslK-5RmrlVY2vnV-W_frBhrIWt80ALXQzi4M_V3JGsUwCaDzBKfy5bURo*&theme=&sid=6643363502555941855&noBorder=noborder&fb=0&forcestyle=undefined&subsid=2&showtype=embed&uid=&cap_cd=&lang=2052&rnd=498672&TCapIframeLoadTime=10&prehandleLoadTime=101&createIframeStart=1546778599893
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Cookie: qcmainCSRFToken=ByB1lOw1G4; intl=; qcloud_from=qcloud.360.seo-1546778388303

aid=1253408289&asig=Ad3GYD9Dn99U0xOPiOOhnEpB7citHdzqa98umEP2Whvl-OngFl18y4Q_bSgYFxtm6dWiT67ngBe1x7vbI9RPE-HSJh8phx2h&captype=&protocol=https&clientype=2&disturblevel=&apptype=&curenv=open&ua=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS82OS4wLjM0OTcuMTAwIFNhZmFyaS81MzcuMzY&sess=mH-vlJ-CUtT4IjZhBaXnUw1eOMnpNPKHFJwVl_yEGGkO-ZhxabjuVs9gNML4dXb8tvjP1spte6EEKlOCdxrlzhOd2oGK0w3OFw9z2odtQjOoq3OyAdIr0b1cnajkR06N3qgMqKeBWmI2zFR5CCslK-5RmrlVY2vnV-W_frBhrIWt80ALXQzi4M_V3JGsUwCaDzBKfy5bURo*&theme=&sid=6643363502555941855&noBorder=noborder&fb=0&forcestyle=undefined&subsid=6&showtype=embed&uid=&cap_cd=&lang=2052&rnd=498672&TCapIframeLoadTime=10&prehandleLoadTime=101&createIframeStart=1546778599893&subcapclass=9&vsig=b01j5Nf7g8tU487jjS2st9qjKBc_Jj_japTZmaYQoJ9Fs_HIpRZY62YWBsqKjsq17A9iNe2cfX6gtor4OFb0wZI4nA7wDjKkuu0ASDEvyJB4o1x4VMf3T-RyQ**&ans=164,19;&cdata=69&babedc=xV6XnEXCTYbfMkq3nBXtS0c%2FV5AAZtsYtOqYjNBVDwvu0DT8YIl0%2BdlKp2UjKu0nw9G%2FTRvlmFAxGhorC%2BMq4MBMdkhfEnITqxh7Bad0q7e0ffClmuKkyX15QuZqT42Ej1RCgowaxr6ltGKYPgkVX6Fx%2B9pf6brr%2FIXbyp5trWwsrVIuN%2BFhux6NpC3Zxnsy6%2ByKF5meARiu3xzCloOeMxR5nKIe4psSLIBdW8nq315CsYPnUYQqMZzEfcRwI4%2BZCerBM9InDZwlGDYm3VBBqTU8Sr9acPY2o4a%2B3Vjlckc7tQnZQzmdXR0yVRSoPVINu8pS86Ovs%2B%2BlSg2RJReqJ%2BMaqhcvXykmwWcJeDRDBTPil7t1EsgCgzpdHxAY5%2F%2FyvSHOXL8QAA34WBQqv5XAft76FkOuF9mQ0AEYgy0WVW90wtlu4G0YGVdr6kjKW1jEVqcErwDTRYCDqr01iBK0IEmTBIQZv2yZoQ1rjqonJo%2FAz0UpRYmKFTG%2BkHJoj6ym5JilETggn2WTtDeUVqk16cHzduPsNuVaDMQHAE5rqBynhwE2HTWtLF9eord5FqPEgZWUwcqclSefB%2FnLGKAz%2FYTuqPCiYbdl2zK%2B7%2Bjw7t4S%2BbKWETkZCQLoYmM1Hd7x58C4sBE04f5z50T3Wj1FmvrFBv4KQ%2FuITxeT84ggcUn%2FQmUDVW5AyE7KGMz6wsvwl3Vxv1aieT3Zggyu6NR96YaFialm6RTKe9KACcs3JLDk32Aj0oIKWIXZ4ffnljD828e0N6Wp65m0dJ%2ByWR31ziF7u9fttENgN9ewopOKz8x00qB%2FhQm%2BpqD26BLoStIlwkqcpAehqe2yH8uvEIdV7Ybyk7tWHhEUVAR8anSG4whOM9kbsGQ%2BZMdfhSRmtvqOHruHdbNHfEZ5N5UP6A9OQGYNCiA9RhluhHYRxKTCDaPUfyPNEtmxXDopjXDHdpre%2FqfsHTKlTW4UnXTi9iuZAcZW0CMFgv9c7qQ7tnirfZoFAoKV4GGudMIfV6L7b9utnLiAGgfXHnN6ip3J32j%2Fd4KfdD0UZVhEuS3Yb%2BzlBg3eKL4EA8OSEKaDVHkuh5odwP6IALOJfUNNYahxppjJondXOBe9auPDPCBnByJYUj2axNZgq2c8cuwpykYZhT2q9rm3AVBhEEAK3IaANqYB2myxwKFvyed6mHADNUPdhf3T5QkEDnc9xmqG7MmbrPtKLbDEssJupxtDQX7jusTjnVO03KC%2BK1WHmP%2B9lHU1KGlv1nlNqBEUUVKbGzzPU63%2F7K8oeauXpNdE6nwg4BPtrotYs0NlYDFLMBakGEKNe%2BBRe%2F9SueJ8WMN8N1FZiiBa2j4ZMZVe%2FzeIK6AFJ2zeIVsSYThIZl0eqMJudmMe8f%2F%2BFgQYOcT4iwXTEPQw5NuVu%2Fmd9mZdQvp2k%2FtXtdhbWTHiYMygXWvVwVRwk0SP8mRolL9U8n%2FEKqgQ0FTpkNM866%2BBb8%2FithnwOeoe5yMZQhelibtWQOxdHOykWuU95ZJ%2Fgcp7DnIjOj7Q61AQcZ2tZOecwnHYEvZy5p85aUepeYp7yuipc45dbZgrSeccLsj4peXKYJyNs6Lsu05d%2BVQkP%2BxH37yDjEs8p%2B4X%2BUAXSrwjrmZxdFLL1VoYk5gfrSpjBdJ8G6J1sQd8EwpdCPRyskS1uULi20voGvH1MjRzKXGmZk5PoSeWC2K4c2neaZfF1b7Tl%2F%2BQsPq87EioixgXEIlXsJigJLVSl2iSkUZ1L86f7qE%2FtvTfIYKni8JcRLgG9yGFeyxm05audIzWzhkdwmWfKWhLuwBf9B8BI2CDiEyCGsG%2BEKxHSP5KP%2FIp%2BYJmy9BelZUxUK%2B6LJHsqb0YhH9kUIQki5bM3d7hU7jFnERHe%2BgMDoY5NbdBZeDeXXJnN30jc6c30awXJJDCQVkZ6bo0ASG2NRa1Vjc9Em9xFMt8WfKcZSNN4Se2WogO%2FUPxH84PRa%2Bo1z%2FZEremf4XnV0L6My4xEugmmX%2B0uJZg7VrX2eu6V5BMaJxPW6FuSFpsEc9HYx5QuvT%2B12VlS9UU0wWxMLXvTRHP9qrjEFODUy%2FOqijDQOIKEeEY4WQFBwwH1VLLnYZR%2BarIdips6xiVTC4AfiB6RZs%2BCG9tVc2obk3U15GU8F53HvnPdvYc3Sn2OA6tKgpjy9zzyPpWG8TNBY1iZm2MlZTNTumAJ6K5xHPQQLgQ57VkxtTj7MOMDDs7RP32iFvkb2cFdQZ5SerKkmKHOh403rcVQEzuxUeEmfU%2FNOyZuEqMlo31RZM2zaTlWLjjlze4tFZo9QyohbDmKmSqPTSzyLLZ3lVIAIzzXEkjfBQpH26GrbVwUf8lHnAfIqz0VmfQoeF%2FycUVq%2FwnBQRhTpz6azHqg23XnuhNFpiGAnqDjRD9yrQBuzELTa4I7AvaH7DKcSqHKZHQ24f7sg9lLqE8cDyIrViCWsO6h42PqkvuXXIvpj0xHfejI2ZL1YHPhquAxzaebrhdXF6t%2FxfU7mLP%2Bl7H4Htn0otpyiFkk9yAkN4XOXenPkvot7FTL0xXfnQx0YVp9b%2FI9uAmaAD4xbjIsHA9XMTdfAh42RnPsCl4hAJLOpBOMhDRFuX6TLARDXJjg8LGhdysvv2ujoJjSxBg9OEWJwT1sWzMOTe7X1BwmTPQ3wpPOBZ9vt05T0Wzii%2F%2F%2FSfqXwgm8K3U8kYsJHrXUhqbSA6zkRlmCCderWRxwgdV6fM%2FpJo%2BnjwmPZfrsS7ZCo9OP81o5cEMFiVCegjegScZ1h7ku2STcXCk2nQkZXaBjFz%2BfJ%2Bo1G%2F4%2BVQO2BDF8aeKMP9dcXmtWH6Q%2FDl%2ByR5AgXmnfmbQrTsVDFhxHpn3aJTs8BIPmSUEJkcV3B1CO%2BLUs0mUpvm9&websig=fc60f30eb8eef18d2997d5756d13b466a69836890f80a2eed4232d7249b2675f9a8349e40867b6ecd068ad580738d503a9d89f515608eb71fc14b1454d2d7f7e&fpinfo=undefined&tlg=1


引數分析：
ans：驗證碼最後位置的座標
cdata：一個驗證資料，後面會講到
babedc：此處注意，每次可能引數名稱不同，需要從第二步返回資料中獲取引數名。此引數的值是你滑鼠，鍵盤事件的加密資料，後面會講到
websig：第二步返回資料中獲取
fpinfo：此處是空，在qq登入中，需要上傳瀏覽器ua與其他瀏覽器特性從而獲取一個數據，瀏覽器屬性不變，返回的資料不變。
其他引數參照上面或者預設

  三、驗證碼識別

圖一   圖二 

懂的大神直接就可以識別缺口位置了。如果不懂識別，我教給你現在可以用的簡單的方法。上面提到，http請求可以獲取上面兩個驗證碼，但當img_index為0時候，可以獲取    

 圖三 

沒錯，就是原圖。你直接對比下兩張圖就能獲取到座標了。（以前圖一缺口部分是白色的，看這個圖片好像改了）

四、加密分析

babedc引數：引數名稱從第二步獲取的內容中查詢，正則表示式 ：cdata:l,"(.+?)":_

至於此引數的值就是：

{"mouseclick":[{"t":2273,"x":269,"y":148}],"keyvalue":[],"user_Agent":"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36","resolutionx":1920,"resolutiony":1080,"winSize":[300,232],"url":"https://captcha.guard.qcloud.com/cap_union_new_show","refer":"https://cloud.oppo.com/login.html","begintime":1546782787,"endtime":1546785066,"platform":1,"os":"other","keyboards":0,"flash":1,"pluginNum":50,"index":1,"ptcz":"","tokenid":1596750647,"a":1596750647,"btokenid":null,"tokents":1546775906,"ips":{"in":["192.168.50.125"]},"colorDepth":24,"cookieEnabled":true,"timezone":8,"wDelta":0,"mousemove":[[265,148,2273707],[-14,5,12],[-19,8,16],[-16,7,17],[-18,7,15],[-17,6,18],[-7,2,17],[-11,3,16],[-9,1,17],[-6,0,17],[-6,0,15],[-7,0,17],[-7,1,16],[-11,0,17],[-10,0,17],[-8,0,20],[-6,0,15],[-4,0,15],[-5,0,17],[-5,0,17],[-3,0,17],[-2,0,34],[-3,0,32],[-2,0,17],[-6,0,18],[-1,0,15],[-1,0,36],[-2,0,16],[-1,0,15],[-2,0,16],[-1,0,20],[-1,0,32],[-1,0,15],[-2,2,17],[-2,1,18],[-3,2,15],[-2,3,16],[-2,1,17],[-1,1,33],[4,0,217],[2,0,18],[4,0,15],[1,0,19],[3,0,16],[2,0,16],[3,0,17],[4,0,17],[2,0,16],[2,0,17],[2,0,16],[2,0,18],[3,0,15],[2,0,16],[2,0,17],[3,0,33],[3,0,37],[2,0,16],[2,0,15],[2,0,16],[2,0,17],[2,0,16],[2,0,17],[1,0,17],[2,0,17],[3,0,16],[1,0,18],[2,0,16],[1,0,50],[1,0,18],[1,0,18],[1,0,14],[1,0,19],[1,1,15],[1,0,33],[1,0,16],[1,0,18],[1,0,32],[1,0,89],[1,0,29],[1,0,15],[1,0,18],[1,0,17],[1,0,15],[-1,-1,352],[-1,0,32],[0,-1,18],[-1,0,17],[-1,0,682],[-1,0,16],[0,-1,84],[-1,0,33],[1,0,518],[1,0,16],[1,0,33],[2,0,33],[-1,-1,618]],"keyUpCnt":0,"keyUpValue":[],"mouseUpValue":[{"t":2279,"x":120,"y":195}],"mouseUpCnt":1,"mouseDownValue":[],"mouseDownCnt":0,"orientation":[],"bSimutor":0,"focusBlur":{"in":[],"out":[],"t":[]},"fVersion":31,"charSet":"UTF-8","resizeCnt":0,"errors":[],"screenInfo":"1920-1080-1040-24-*-*-*","elapsed":0,"ft":"qf_7P_n_H","coordinate":[10,9,0.5],"clientType":"2","trycnt":1,"refreshcnt":3,"slideValue":[[45,198,127],[2,0,15],[4,0,16],[1,0,19],[3,0,16],[2,0,16],[3,0,17],[4,0,17],[2,0,16],[2,0,16],[2,0,16],[2,0,18],[3,0,16],[2,0,16],[2,0,16],[3,0,34],[3,0,36],[2,0,16],[2,0,15],[2,0,16],[2,0,17],[2,0,16],[2,0,17],[1,0,18],[2,0,16],[3,0,18],[1,0,16],[2,0,17],[1,0,50],[1,0,17],[1,0,18],[1,0,15],[1,0,19],[1,1,15],[1,0,33],[1,0,16],[1,0,18],[1,0,31],[1,0,89],[1,0,29],[1,0,16],[1,0,18],[1,0,16],[1,0,16],[-1,-1,351],[-1,0,33],[0,-1,18],[-1,0,17],[-1,0,682],[-1,0,16],[0,-1,84],[-1,0,34],[1,0,517],[1,0,15],[1,0,33],[2,0,34],[-1,-1,617],[0,0,5]],"dragobj":0} 

裡面是滑鼠，滑動的座標。然後aes加密，模式是cbc，金鑰跟偏移都是0123456789abcdef。上面是解密後資料，裡面一些東西自動生成就行，tokenid是瀏覽器一些引數生成的，這個很重要。mousemove裡面的是跟前一個座標的相減值

孩子哭了，奶爸要看孩子了。文筆不好，思想也比較跳躍，打字也馬虎，如有錯別字儘量看吧，有問題後面留言。

後面解密部分沒細說，下次文章詳細各類解密。