FreeHost AES.js Python 实现

FreeHost AES.js Python 实现，以实现脚本化的内容获取。

背景

FreeHost 创建网站因为防爬等原因，在首次访问时会执行一段 js 代码，通过 js 执行 aes 算法获取到一个 token __test 放入cookie中 。

比如首次无 token 访问会返回：

<html>

<body>
<script type="text/javascript" src="/aes.js"></script>
<script>
    function toNumbers(d){var e=[];d.replace(/(..)/g,function(d){e.push(parseInt(d,16))});return e}function toHex(){for(var d=[],d=1==arguments.length&&arguments[0].constructor==Array?arguments[0]:arguments,e="",f=0;f<d.length;f++)e+=(16>d[f]?"0":"")+d[f].toString(16);return e.toLowerCase()}var a=toNumbers("f655ba9d09a112d4968c63579db590b4"),b=toNumbers("98344c2eee86c3994890592585b49f80"),c=toNumbers("e608f03ce30dc91a3412ddbede0ceff1");document.cookie="__test="+toHex(slowAES.decrypt(c,2,a,b))+"; max-age=21600; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/"; location.href="https://forgives.my-place.us/1.txt?i=2";
</script><noscript>This site requires Javascript to work, please enable Javascript in your browser or use a browser
    with Javascript support</noscript>
</body>

</html>

加载了 /aes.js 文件，该文件实现了 aes 算法（slowAES）。

python 实现

通过 AI 的逆向，得出了 Python 实现

"""
Python implementation of the slowAES JavaScript library
"""
import copy

class SlowAES:
    class AES:
        class KeySize:
            SIZE_128 = 16
            SIZE_192 = 24
            SIZE_256 = 32
        
        # S-box
        sbox = [
            99, 124, 119, 123, 242, 107, 111, 197, 48, 1, 103, 43, 254, 215, 171, 118,
            202, 130, 201, 125, 250, 89, 71, 240, 173, 212, 162, 175, 156, 164, 114, 192,
            183, 253, 147, 38, 54, 63, 247, 204, 52, 165, 229, 241, 113, 216, 49, 21,
            4, 199, 35, 195, 24, 150, 5, 154, 7, 18, 128, 226, 235, 39, 178, 117,
            9, 131, 44, 26, 27, 110, 90, 160, 82, 59, 214, 179, 41, 227, 47, 132,
            83, 209, 0, 237, 32, 252, 177, 91, 106, 203, 190, 57, 74, 76, 88, 207,
            208, 239, 170, 251, 67, 77, 51, 133, 69, 249, 2, 127, 80, 60, 159, 168,
            81, 163, 64, 143, 146, 157, 56, 245, 188, 182, 218, 33, 16, 255, 243, 210,
            205, 12, 19, 236, 95, 151, 68, 23, 196, 167, 126, 61, 100, 93, 25, 115,
            96, 129, 79, 220, 34, 42, 144, 136, 70, 238, 184, 20, 222, 94, 11, 219,
            224, 50, 58, 10, 73, 6, 36, 92, 194, 211, 172, 98, 145, 149, 228, 121,
            231, 200, 55, 109, 141, 213, 78, 169, 108, 86, 244, 234, 101, 122, 174, 8,
            186, 120, 37, 46, 28, 166, 180, 198, 232, 221, 116, 31, 75, 189, 139, 138,
            112, 62, 181, 102, 72, 3, 246, 14, 97, 53, 87, 185, 134, 193, 29, 158,
            225, 248, 152, 17, 105, 217, 142, 148, 155, 30, 135, 233, 206, 85, 40, 223,
            140, 161, 137, 13, 191, 230, 66, 104, 65, 153, 45, 15, 176, 84, 187, 22
        ]
        
        # Inverse S-box
        rsbox = [
            82, 9, 106, 213, 48, 54, 165, 56, 191, 64, 163, 158, 129, 243, 215, 251,
            124, 227, 57, 130, 155, 47, 255, 135, 52, 142, 67, 68, 196, 222, 233, 203,
            84, 123, 148, 50, 166, 194, 35, 61, 238, 76, 149, 11, 66, 250, 195, 78,
            8, 46, 161, 102, 40, 217, 36, 178, 118, 91, 162, 73, 109, 139, 209, 37,
            114, 248, 246, 100, 134, 104, 152, 22, 212, 164, 92, 204, 93, 101, 182, 146,
            108, 112, 72, 80, 253, 237, 185, 218, 94, 21, 70, 87, 167, 141, 157, 132,
            144, 216, 171, 0, 140, 188, 211, 10, 247, 228, 88, 5, 184, 179, 69, 6,
            208, 44, 30, 143, 202, 63, 15, 2, 193, 175, 189, 3, 1, 19, 138, 107,
            58, 145, 17, 65, 79, 103, 220, 234, 151, 242, 207, 206, 240, 180, 230, 115,
            150, 172, 116, 34, 231, 173, 53, 133, 226, 249, 55, 232, 28, 117, 223, 110,
            71, 241, 26, 113, 29, 41, 197, 137, 111, 183, 98, 14, 170, 24, 190, 27,
            252, 86, 62, 75, 198, 210, 121, 32, 154, 219, 192, 254, 120, 205, 90, 244,
            31, 221, 168, 51, 136, 7, 199, 49, 177, 18, 16, 89, 39, 128, 236, 95,
            96, 81, 127, 169, 25, 181, 74, 13, 45, 229, 122, 159, 147, 201, 156, 239,
            160, 224, 59, 77, 174, 42, 245, 176, 200, 235, 187, 60, 131, 83, 153, 97,
            23, 43, 4, 126, 186, 119, 214, 38, 225, 105, 20, 99, 85, 33, 12, 125
        ]
        
        # Round constants
        Rcon = [
            141, 1, 2, 4, 8, 16, 32, 64, 128, 27, 54, 108, 216, 171, 77, 154,
            47, 94, 188, 99, 198, 151, 53, 106, 212, 179, 125, 250, 239, 197, 145, 57,
            114, 228, 211, 189, 97, 194, 159, 37, 74, 148, 51, 102, 204, 131, 29, 58,
            116, 232, 203, 141, 1, 2, 4, 8, 16, 32, 64, 128, 27, 54, 108, 216,
            171, 77, 154, 47, 94, 188, 99, 198, 151, 53, 106, 212, 179, 125, 250, 239,
            197, 145, 57, 114, 228, 211, 189, 97, 194, 159, 37, 74, 148, 51, 102, 204,
            131, 29, 58, 116, 232, 203, 141, 1, 2, 4, 8, 16, 32, 64, 128, 27,
            54, 108, 216, 171, 77, 154, 47, 94, 188, 99, 198, 151, 53, 106, 212, 179,
            125, 250, 239, 197, 145, 57, 114, 228, 211, 189, 97, 194, 159, 37, 74, 148,
            51, 102, 204, 131, 29, 58, 116, 232, 203, 141, 1, 2, 4, 8, 16, 32,
            64, 128, 27, 54, 108, 216, 171, 77, 154, 47, 94, 188, 99, 198, 151, 53,
            106, 212, 179, 125, 250, 239, 197, 145, 57, 114, 228, 211, 189, 97, 194, 159,
            37, 74, 148, 51, 102, 204, 131, 29, 58, 116, 232, 203, 141, 1, 2, 4,
            8, 16, 32, 64, 128, 27, 54, 108, 216, 171, 77, 154, 47, 94, 188, 99,
            198, 151, 53, 106, 212, 179, 125, 250, 239, 197, 145, 57, 114, 228, 211, 189,
            97, 194, 159, 37, 74, 148, 51, 102, 204, 131, 29, 58, 116, 232, 203
        ]
        
        # Galois multiplication tables
        G2X = [
            0, 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30,
            32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62,
            64, 66, 68, 70, 72, 74, 76, 78, 80, 82, 84, 86, 88, 90, 92, 94,
            96, 98, 100, 102, 104, 106, 108, 110, 112, 114, 116, 118, 120, 122, 124, 126,
            128, 130, 132, 134, 136, 138, 140, 142, 144, 146, 148, 150, 152, 154, 156, 158,
            160, 162, 164, 166, 168, 170, 172, 174, 176, 178, 180, 182, 184, 186, 188, 190,
            192, 194, 196, 198, 200, 202, 204, 206, 208, 210, 212, 214, 216, 218, 220, 222,
            224, 226, 228, 230, 232, 234, 236, 238, 240, 242, 244, 246, 248, 250, 252, 254,
            27, 25, 31, 29, 19, 17, 23, 21, 11, 9, 15, 13, 3, 1, 7, 5,
            59, 57, 63, 61, 51, 49, 55, 53, 43, 41, 47, 45, 35, 33, 39, 37,
            91, 89, 95, 93, 83, 81, 87, 85, 75, 73, 79, 77, 67, 65, 71, 69,
            123, 121, 127, 125, 115, 113, 119, 117, 107, 105, 111, 109, 99, 97, 103, 101,
            155, 153, 159, 157, 147, 145, 151, 149, 139, 137, 143, 141, 131, 129, 135, 133,
            187, 185, 191, 189, 179, 177, 183, 181, 171, 169, 175, 173, 163, 161, 167, 165,
            219, 217, 223, 221, 211, 209, 215, 213, 203, 201, 207, 205, 195, 193, 199, 197,
            251, 249, 255, 253, 243, 241, 247, 245, 235, 233, 239, 237, 227, 225, 231, 229
        ]
        
        G3X = [
            0, 3, 6, 5, 12, 15, 10, 9, 24, 27, 30, 29, 20, 23, 18, 17,
            48, 51, 54, 53, 60, 63, 58, 57, 40, 43, 46, 45, 36, 39, 34, 33,
            96, 99, 102, 101, 108, 111, 106, 105, 120, 123, 126, 125, 116, 119, 114, 113,
            80, 83, 86, 85, 92, 95, 90, 89, 72, 75, 78, 77, 68, 71, 66, 65,
            192, 195, 198, 197, 204, 207, 202, 201, 216, 219, 222, 221, 212, 215, 210, 209,
            240, 243, 246, 245, 252, 255, 250, 249, 232, 235, 238, 237, 228, 231, 226, 225,
            160, 163, 166, 165, 172, 175, 170, 169, 184, 187, 190, 189, 180, 183, 178, 177,
            144, 147, 150, 149, 156, 159, 154, 153, 136, 139, 142, 141, 132, 135, 130, 129,
            155, 152, 157, 158, 151, 148, 145, 146, 131, 128, 133, 134, 143, 140, 137, 138,
            171, 168, 173, 174, 167, 164, 161, 162, 179, 176, 181, 182, 191, 188, 185, 186,
            251, 248, 253, 254, 247, 244, 241, 242, 227, 224, 229, 230, 239, 236, 233, 234,
            203, 200, 205, 206, 199, 196, 193, 194, 211, 208, 213, 214, 223, 220, 217, 218,
            91, 88, 93, 94, 87, 84, 81, 82, 67, 64, 69, 70, 79, 76, 73, 74,
            107, 104, 109, 110, 103, 100, 97, 98, 115, 112, 117, 118, 127, 124, 121, 122,
            59, 56, 61, 62, 55, 52, 49, 50, 35, 32, 37, 38, 47, 44, 41, 42,
            11, 8, 13, 14, 7, 4, 1, 2, 19, 16, 21, 22, 31, 28, 25, 26
        ]
        
        @staticmethod
        def rotate(arr):
            """Rotate array to the left by one position"""
            temp = arr[0]
            for i in range(3):
                arr[i] = arr[i+1]
            arr[3] = temp
            return arr
        
        @classmethod
        def core(cls, word, iteration):
            """Core operation for key expansion"""
            word = cls.rotate(word)
            for i in range(4):
                word[i] = cls.sbox[word[i]]
            word[0] ^= cls.Rcon[iteration]
            return word
        
        @classmethod
        def expand_key(cls, key, key_size):
            """Expand the key to the required size"""
            rounds = cls.number_of_rounds(key_size)
            if rounds is None:
                raise ValueError("Invalid key size")
            rounds += 1
            expanded_key_size = 16 * rounds
            expanded_key = [0] * expanded_key_size
            
            # Copy initial key
            for i in range(key_size):
                expanded_key[i] = key[i]
            
            current_index = key_size
            round_num = 1
            
            while current_index < expanded_key_size:
                # Create temporary word from last 4 bytes
                temp_word = [0] * 4
                for i in range(4):
                    temp_word[i] = expanded_key[current_index - 4 + i]
                
                # Apply core function every key_size bytes
                if current_index % key_size == 0:
                    temp_word = cls.core(temp_word, round_num)
                    round_num += 1
                
                # Extra transformation for 256-bit keys
                if key_size == cls.KeySize.SIZE_256 and (current_index % key_size) == 16:
                    for i in range(4):
                        temp_word[i] = cls.sbox[temp_word[i]]
                
                # XOR with earlier part of key
                for i in range(4):
                    expanded_key[current_index] = expanded_key[current_index - key_size] ^ temp_word[i]
                    current_index += 1
            
            return expanded_key
        
        @staticmethod
        def add_round_key(state, round_key):
            """Add round key to state (XOR operation)"""
            for i in range(16):
                state[i] ^= round_key[i]
            return state
        
        @staticmethod
        def create_round_key(expanded_key, round_index):
            """Create a round key from the expanded key"""
            round_key = [0] * 16
            for i in range(4):
                for j in range(4):
                    round_key[4*j + i] = expanded_key[round_index + 4*i + j]
            return round_key
        
        @classmethod
        def sub_bytes(cls, state, is_inv=False):
            """Substitute bytes using S-box or inverse S-box"""
            box = cls.rsbox if is_inv else cls.sbox
            for i in range(16):
                state[i] = box[state[i]]
            return state
        
        @classmethod
        def shift_rows(cls, state, is_inv=False):
            """Shift rows of the state matrix"""
            for i in range(4):
                state = cls.shift_row(state, 4*i, i, is_inv)
            return state
        
        @staticmethod
        def shift_row(state, start_index, row_number, is_inv=False):
            """Shift a single row"""
            for _ in range(row_number):
                if is_inv:
                    # Right shift
                    temp = state[start_index + 3]
                    for j in range(3, 0, -1):
                        state[start_index + j] = state[start_index + j - 1]
                    state[start_index] = temp
                else:
                    # Left shift
                    temp = state[start_index]
                    for j in range(3):
                        state[start_index + j] = state[start_index + j + 1]
                    state[start_index + 3] = temp
            return state
        
        @classmethod
        def galois_multiplication(cls, a, b):
            """Perform Galois field multiplication"""
            result = 0
            for _ in range(8):
                if b & 1:
                    result ^= a
                hi_bit_set = a & 0x80
                a <<= 1
                if a & 0x100:
                    a ^= 0x100
                if hi_bit_set:
                    a ^= 0x1B
                if a & 0x100:
                    a ^= 0x100
                b >>= 1
                if b & 0x80:
                    b ^= 0x80
            return result
        
        @classmethod
        def mix_columns(cls, state, is_inv=False):
            """Mix columns of the state matrix"""
            for i in range(4):
                column = [0] * 4
                for j in range(4):
                    column[j] = state[4*j + i]
                column = cls.mix_column(column, is_inv)
                for j in range(4):
                    state[4*j + i] = column[j]
            return state
        
        @classmethod
        def mix_column(cls, column, is_inv=False):
            """Mix a single column"""
            if is_inv:
                mul = [14, 9, 13, 11]
            else:
                mul = [2, 1, 1, 3]
            
            temp = column[:]
            
            column[0] = cls.galois_multiplication(temp[0], mul[0]) ^ \
                       cls.galois_multiplication(temp[3], mul[1]) ^ \
                       cls.galois_multiplication(temp[2], mul[2]) ^ \
                       cls.galois_multiplication(temp[1], mul[3])
            
            column[1] = cls.galois_multiplication(temp[1], mul[0]) ^ \
                       cls.galois_multiplication(temp[0], mul[1]) ^ \
                       cls.galois_multiplication(temp[3], mul[2]) ^ \
                       cls.galois_multiplication(temp[2], mul[3])
            
            column[2] = cls.galois_multiplication(temp[2], mul[0]) ^ \
                       cls.galois_multiplication(temp[1], mul[1]) ^ \
                       cls.galois_multiplication(temp[0], mul[2]) ^ \
                       cls.galois_multiplication(temp[3], mul[3])
            
            column[3] = cls.galois_multiplication(temp[3], mul[0]) ^ \
                       cls.galois_multiplication(temp[2], mul[1]) ^ \
                       cls.galois_multiplication(temp[1], mul[2]) ^ \
                       cls.galois_multiplication(temp[0], mul[3])
            
            return column
        
        @classmethod
        def round(cls, state, round_key):
            """Perform one encryption round"""
            state = cls.sub_bytes(state, False)
            state = cls.shift_rows(state, False)
            state = cls.mix_columns(state, False)
            state = cls.add_round_key(state, round_key)
            return state
        
        @classmethod
        def inv_round(cls, state, round_key):
            """Perform one decryption round"""
            state = cls.shift_rows(state, True)
            state = cls.sub_bytes(state, True)
            state = cls.add_round_key(state, round_key)
            state = cls.mix_columns(state, True)
            return state
        
        @classmethod
        def main(cls, state, expanded_key, rounds):
            """Main encryption process"""
            # Initial round
            state = cls.add_round_key(state, cls.create_round_key(expanded_key, 0))
            
            # Main rounds
            for i in range(1, rounds):
                state = cls.round(state, cls.create_round_key(expanded_key, 16*i))
            
            # Final round
            state = cls.sub_bytes(state, False)
            state = cls.shift_rows(state, False)
            state = cls.add_round_key(state, cls.create_round_key(expanded_key, 16*rounds))
            
            return state
        
        @classmethod
        def inv_main(cls, state, expanded_key, rounds):
            """Main decryption process"""
            # Initial round
            state = cls.add_round_key(state, cls.create_round_key(expanded_key, 16*rounds))
            
            # Main rounds
            for i in range(rounds-1, 0, -1):
                state = cls.inv_round(state, cls.create_round_key(expanded_key, 16*i))
            
            # Final round
            state = cls.shift_rows(state, True)
            state = cls.sub_bytes(state, True)
            state = cls.add_round_key(state, cls.create_round_key(expanded_key, 0))
            
            return state
        
        @classmethod
        def number_of_rounds(cls, key_size):
            """Determine number of rounds based on key size"""
            if key_size == cls.KeySize.SIZE_128:
                return 10
            elif key_size == cls.KeySize.SIZE_192:
                return 12
            elif key_size == cls.KeySize.SIZE_256:
                return 14
            else:
                return None
        
        @classmethod
        def encrypt(cls, input_bytes, key, key_size):
            """Encrypt input bytes with given key"""
            # Convert input to state matrix
            state = [0] * 16
            for i in range(4):
                for j in range(4):
                    state[i + 4*j] = input_bytes[4*i + j]
            
            # Expand key
            expanded_key = cls.expand_key(key, key_size)
            
            # Perform encryption
            rounds = cls.number_of_rounds(key_size)
            if rounds is None:
                raise ValueError("Invalid key size")
            state = cls.main(state, expanded_key, rounds)
            
            # Convert state back to output
            output = [0] * 16
            for i in range(4):
                for j in range(4):
                    output[4*i + j] = state[i + 4*j]
            
            return output
        
        @classmethod
        def decrypt(cls, input_bytes, key, key_size):
            """Decrypt input bytes with given key"""
            # Convert input to state matrix
            state = [0] * 16
            for i in range(4):
                for j in range(4):
                    state[i + 4*j] = input_bytes[4*i + j]
            
            # Expand key
            expanded_key = cls.expand_key(key, key_size)
            
            # Perform decryption
            rounds = cls.number_of_rounds(key_size)
            if rounds is None:
                raise ValueError("Invalid key size")
            state = cls.inv_main(state, expanded_key, rounds)
            
            # Convert state back to output
            output = [0] * 16
            for i in range(4):
                for j in range(4):
                    output[4*i + j] = state[i + 4*j]
            
            return output
    
    # Mode of operation constants
    class ModeOfOperation:
        OFB = 0
        CFB = 1
        CBC = 2
    
    @staticmethod
    def get_block(data, start, end, mode):
        """Get a block of data, limiting to 16 bytes for modes other than CBC"""
        if mode != SlowAES.ModeOfOperation.CBC and end - start > 16:
            end = start + 16
        return data[start:end]
    
    @classmethod
    def pad_bytes_in(cls, data):
        """Pad bytes for CBC mode"""
        padding_needed = 16 - (len(data) % 16)
        for _ in range(padding_needed):
            data.append(padding_needed)
    
    @classmethod
    def unpad_bytes_out(cls, data):
        """Remove padding from decrypted data"""
        if len(data) <= 16:
            return
        
        padding_value = -1
        padding_count = 0
        
        # Check last 16 bytes for padding
        for i in range(len(data)-1, max(len(data)-1-16, -1), -1):
            if data[i] <= 16:
                if padding_value == -1:
                    padding_value = data[i]
                if data[i] == padding_value:
                    padding_count += 1
                else:
                    padding_count = 0
                    break
                
                if padding_count == padding_value:
                    break
            else:
                padding_count = 0
                break
        
        if padding_count > 0:
            del data[-padding_count:]
    
    @classmethod
    def encrypt(cls, data, mode, key, iv):
        """Encrypt data using specified mode"""
        key_size = len(key)
        
        if len(iv) % 16 != 0:
            raise ValueError("IV length must be 128 bits.")
        
        if isinstance(data, str):
            data = list(data.encode('utf-8'))
        elif not isinstance(data, list):
            data = list(data)
        
        # For CBC mode, pad the data
        if mode == cls.ModeOfOperation.CBC:
            cls.pad_bytes_in(data)
        
        result = []
        if data is not None:
            first_block = True
            prev_block = None
            
            for block_index in range(0, len(data), 16):
                # Get current block
                block_end = min(block_index + 16, len(data))
                block = cls.get_block(data, block_index, block_end, mode)
                
                # Pad block to 16 bytes if needed
                if len(block) < 16:
                    block.extend([0] * (16 - len(block)))
                
                if mode == cls.ModeOfOperation.CFB:
                    if first_block:
                        encrypted_iv = cls.AES.encrypt(iv, key, key_size)
                        first_block = False
                    else:
                        encrypted_iv = cls.AES.encrypt(prev_block, key, key_size)
                    
                    output_block = [0] * 16
                    for i in range(16):
                        output_block[i] = block[i] ^ encrypted_iv[i]
                    
                    result.extend(output_block[:block_end-block_index])
                    prev_block = output_block
                
                elif mode == cls.ModeOfOperation.OFB:
                    if first_block:
                        encrypted_iv = cls.AES.encrypt(iv, key, key_size)
                        first_block = False
                    else:
                        encrypted_iv = cls.AES.encrypt(prev_block, key, key_size)
                    
                    output_block = [0] * 16
                    for i in range(16):
                        output_block[i] = block[i] ^ encrypted_iv[i]
                    
                    result.extend(output_block[:block_end-block_index])
                    prev_block = encrypted_iv
                
                elif mode == cls.ModeOfOperation.CBC:
                    xor_block = [0] * 16
                    if first_block:
                        for i in range(16):
                            xor_block[i] = block[i] ^ iv[i]
                    else:
                        if prev_block is None:
                            raise ValueError("Previous block is None")
                        for i in range(16):
                            xor_block[i] = block[i] ^ prev_block[i]
                    
                    first_block = False
                    encrypted_block = cls.AES.encrypt(xor_block, key, key_size)
                    result.extend(encrypted_block)
                    prev_block = encrypted_block
        
        return result
    
    @classmethod
    def decrypt(cls, data, mode, key, iv):
        """Decrypt data using specified mode"""
        key_size = len(key)
        
        if len(iv) % 16 != 0:
            raise ValueError("IV length must be 128 bits.")
        
        result = []
        if data is not None:
            first_block = True
            prev_block = None
            
            for block_index in range(0, len(data), 16):
                # Get current block
                block_end = min(block_index + 16, len(data))
                block = cls.get_block(data, block_index, block_end, mode)
                
                # Pad block to 16 bytes if needed
                if len(block) < 16:
                    block.extend([0] * (16 - len(block)))
                
                if mode == cls.ModeOfOperation.CFB:
                    if first_block:
                        encrypted_iv = cls.AES.encrypt(iv, key, key_size)
                        first_block = False
                    else:
                        encrypted_iv = cls.AES.encrypt(prev_block, key, key_size)
                    
                    output_block = [0] * 16
                    for i in range(16):
                        output_block[i] = encrypted_iv[i] ^ block[i]
                    
                    result.extend(output_block[:block_end-block_index])
                    prev_block = block
                
                elif mode == cls.ModeOfOperation.OFB:
                    if first_block:
                        encrypted_iv = cls.AES.encrypt(iv, key, key_size)
                        first_block = False
                    else:
                        encrypted_iv = cls.AES.encrypt(prev_block, key, key_size)
                    
                    output_block = [0] * 16
                    for i in range(16):
                        output_block[i] = encrypted_iv[i] ^ block[i]
                    
                    result.extend(output_block[:block_end-block_index])
                    prev_block = encrypted_iv
                
                elif mode == cls.ModeOfOperation.CBC:
                    decrypted_block = cls.AES.decrypt(block, key, key_size)
                    output_block = [0] * 16
                    if first_block:
                        for i in range(16):
                            output_block[i] = iv[i] ^ decrypted_block[i]
                    else:
                        if prev_block is None:
                            raise ValueError("Previous block is None")
                        for i in range(16):
                            output_block[i] = prev_block[i] ^ decrypted_block[i]
                    
                    first_block = False
                    result.extend(output_block[:block_end-block_index])
                    prev_block = block
        
        # For CBC mode, remove padding
        if mode == cls.ModeOfOperation.CBC:
            cls.unpad_bytes_out(result)
        
        return result

测试脚本如下：

"""
Test file for slowAES implementation
"""
import requests
import re
from slowAES import SlowAES

def to_numbers(hex_string):
    """Convert hex string to array of integers"""
    result = []
    for i in range(0, len(hex_string), 2):
        result.append(int(hex_string[i:i+2], 16))
    return result

def to_hex(numbers):
    """Convert array of integers to hex string"""
    result = ""
    for num in numbers:
        hex_part = hex(num)[2:]  # Remove '0x' prefix
        if len(hex_part) < 2:
            hex_part = '0' + hex_part
        result += hex_part
    return result.lower()

def simulate_web_page_logic(a_hex, b_hex, c_hex):
    """Simulate the logic from the web page"""
    # These values are from the web page JavaScript
    a = to_numbers(a_hex)  # Key
    b = to_numbers(b_hex)  # IV
    c = to_numbers(c_hex)  # Encrypted data
    
    # Decrypt using the slowAES
    decrypted = SlowAES.decrypt(c, 2, a, b)  # Mode 2 is CBC
    
    # Convert to hex for cookie
    cookie_value = to_hex(decrypted)
    
    return cookie_value

def extract_js_values(html_content):
    """Extract a, b, c values from JavaScript in HTML"""
    pattern = r'var a=toNumbers\("([0-9a-f]+)"\),b=toNumbers\("([0-9a-f]+)"\),c=toNumbers\("([0-9a-f]+)"\)'
    match = re.search(pattern, html_content)
    if match:
        return match.groups()  # Returns (a, b, c) hex values
    return None

def fetch_content_with_decryption(url):
    """
    Fetch content from URL by handling JavaScript AES decryption.
    
    Args:
        url: Target URL to fetch content from
        
    Returns:
        Content from the final URL after handling all decryption steps
    """
    # Initial request to get the first set of values
    headers = {
        "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
    }
    
    try:
        response = requests.get(url, headers=headers)
    except requests.exceptions.RequestException as e:
        print(f"Error accessing URL: {e}")
        return None
    
    if response.status_code != 200:
        print(f"Failed to get initial page, status code: {response.status_code}")
        return None
    
    # Extract a, b, c values from the response
    values = extract_js_values(response.text)
    if not values:
        print("No JavaScript values found in response")
        print(f"Response Content:\n{response.text}")
        return None
    
    print(f"Found values: a={values[0]}, b={values[1]}, c={values[2]}")
    
    # Generate cookie with the extracted values
    cookie_value = simulate_web_page_logic(values[0], values[1], values[2])
    print(f"Generated cookie: __test={cookie_value}")
    
    # Check if there's a redirect URL in the response
    redirect_match = re.search(r'location\.href="([^"]+)"', response.text)
    if not redirect_match:
        print("No redirect URL found in response")
        return None
    
    redirect_url = redirect_match.group(1)
    print(f"Redirecting to: {redirect_url}")
    
    # Make second request with the generated cookie
    headers["Cookie"] = f"__test={cookie_value}"
    
    try:
        final_response = requests.get(redirect_url, headers=headers)
        if final_response.status_code == 200:
            return final_response.text
        else:
            print(f"Failed to get final content, status code: {final_response.status_code}")
            return None
    except requests.exceptions.RequestException as e:
        print(f"Error accessing redirect URL: {e}")
        return None


if __name__ == "__main__":
    
    print("\n=== Testing with requests ===")
    url = "https://forgives.my-place.us/1.txt?i=1"
    content = fetch_content_with_decryption(url)
    if content:
        print(f"\nFinal content:\n{content}")
    else:
        print("Failed to fetch content")