梦幻西游 珍宝阁参数解密

靶场：
https://xyq.cbg.163.com/equip?s=159&eid=202108232100113-159-YIGRMN4DWGT1&equip_refer=33&view_loc=search_cond|%7B%22tag%22%3A%20%22softmax_fm_slim_with_c_h_price_dynamic%22%7D
经过分析，参数的对desc_value的内容，进行解密渲染返回json

分析后解密JS如下：

var window = (function (){
   return this
})();
var Base64={_keyStr:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",encode:function(e){var t="";var n,r,i,s,o,u,a;var f=0;e=Base64._utf8_encode(e);while(f<e.length){n=e.charCodeAt(f++);r=e.charCodeAt(f++);i=e.charCodeAt(f++);s=n>>2;o=(n&3)<<4|r>>4;u=(r&15)<<2|i>>6;a=i&63;if(isNaN(r)){u=a=64}else if(isNaN(i)){a=64}t=t+this._keyStr.charAt(s)+this._keyStr.charAt(o)+this._keyStr.charAt(u)+this._keyStr.charAt(a)}return t},decode:function(e){var t="";var n,r,i;var s,o,u,a;var f=0;e=e.replace(/[^A-Za-z0-9+/=]/g,"");while(f<e.length){s=this._keyStr.indexOf(e.charAt(f++));o=this._keyStr.indexOf(e.charAt(f++));u=this._keyStr.indexOf(e.charAt(f++));a=this._keyStr.indexOf(e.charAt(f++));n=s<<2|o>>4;r=(o&15)<<4|u>>2;i=(u&3)<<6|a;t=t+String.fromCharCode(n);if(u!=64){t=t+String.fromCharCode(r)}if(a!=64){t=t+String.fromCharCode(i)}}t=Base64._utf8_decode(t);return t},_utf8_encode:function(e){e=e.replace(/rn/g,"n");var t="";for(var n=0;n<e.length;n++){var r=e.charCodeAt(n);if(r<128){t+=String.fromCharCode(r)}else if(r>127&&r<2048){t+=String.fromCharCode(r>>6|192);t+=String.fromCharCode(r&63|128)}else{t+=String.fromCharCode(r>>12|224);t+=String.fromCharCode(r>>6&63|128);t+=String.fromCharCode(r&63|128)}}return t},_utf8_decode:function(e){var t="";var n=0;var r=c1=c2=0;while(n<e.length){r=e.charCodeAt(n);if(r<128){t+=String.fromCharCode(r);n++}else if(r>191&&r<224){c2=e.charCodeAt(n+1);t+=String.fromCharCode((r&31)<<6|c2&63);n+=2}else{c2=e.charCodeAt(n+1);c3=e.charCodeAt(n+2);t+=String.fromCharCode((r&15)<<12|(c2&63)<<6|c3&63);n+=3}}return t}}
var _0xcbc80b=window;
    var _0x3012 = ['substring', 'atob', 'charCodeAt', 'push', 'test'];
    (function(_0x3ed35c, _0x48b8fe) {
        var _0x1ad9d9 = function(_0x8eeda7) {
            while (--_0x8eeda7) {
                _0x3ed35c['push'](_0x3ed35c['shift']());
            }
        };
        _0x1ad9d9(++_0x48b8fe);
    }(_0x3012, 0x153));
    var _0x3a8e = function(_0xc40c11, _0x32bbb2) {
        _0xc40c11 = _0xc40c11 - 0x0;
        var _0x4e269a = _0x3012[_0xc40c11];
        return _0x4e269a;
    };
        function decode_desc(_0x1c0cdf) {
    
            if (_0x1c0cdf = _0x1c0cdf['replace'](/^\s+|\s+$/g, ''),
            !/^@[\s\S]*@$/[_0x3a8e('0x0')](_0x1c0cdf))
                return _0x1c0cdf;
            var _0x36ab38 =  '';
            if (_0x1c0cdf = _0x1c0cdf['replace'](/^@|@$/g, ''),
            /^[^@]+@[\s\S]+/['test'](_0x1c0cdf)) {
                var _0x33c80e = _0x1c0cdf['indexOf']('@');
                _0x36ab38 = _0x1c0cdf[_0x3a8e('0x1')](0x0, _0x33c80e),
                _0x1c0cdf = _0x1c0cdf['substring'](_0x33c80e + 0x1);
            }
            _0x1b3f48 =JSON.parse(Base64.decode(_0x1c0cdf));
       _0x1c0cdf=_0x1b3f48;
            _0x1b3f48 && 'object' == typeof _0x1b3f48 && _0x1b3f48['d'] && (_0x1b3f48 = _0x1b3f48['d']);
            for (var _0x20b9fa = [], _0x10503c = 0x0, _0x1a524d = 0x0; _0x1a524d < _0x1b3f48['length']; _0x1a524d++) {
                var _0x3641ed = _0x1b3f48['charCodeAt'](_0x1a524d)
                  , _0x341952 = _0x36ab38["charCodeAt"](_0x10503c % _0x36ab38['length']);
                _0x10503c += 0x1,
                _0x3641ed = 0x1 * _0x3641ed ^ _0x341952,
                _0x20b9fa[_0x3a8e('0x4')](_0x3641ed['toString'](0x2));
            }
            return function d(_0x1c0cdf) {
                for (var _0x36ab38 = [], _0x33c80e = 0x0; _0x33c80e < _0x1c0cdf['length']; _0x33c80e++)
                    _0x36ab38['push'](_0xcbc80b['String']['fromCharCode'](_0xcbc80b['parseInt'](_0x1c0cdf[_0x33c80e], 0x2)));
        var end = _0x36ab38.slice(-10);
        return end['join']('');
            }(_0x20b9fa);
        };

由于是使用js调试工具进行调试，无window对象，使用window.atob改用了base64解密

食用方法：

decode_desc($('desc_value').value)