使用音訊和圖形指紋技術在瀏覽器中生成極其持久的Cookie
阿新 • • 發佈:2020-07-21
使用音訊和圖形指紋技術在瀏覽器中生成極其持久的Cookie。
原理:通過getClientRects和AudioContext進行瀏覽器指紋識別
附上核心程式碼:
(function() { // helper functions for that ctx function write(buffer, offs) { for (var i = 2; i < arguments.length; i++) { for (var j = 0; j < arguments[i].length; j++) { buffer[offs++] = arguments[i].charAt(j); } } } function byte2(w) { return String.fromCharCode((w >> 8) & 255, w & 255); } function byte4(w) { return String.fromCharCode((w >> 24) & 255, (w >> 16) & 255, (w >> 8) & 255, w & 255); } function byte2lsb(w) { return String.fromCharCode(w & 255, (w >> 8) & 255); } window.PNGlib = function(width, height, depth) { this.width = width; this.height = height; this.depth = depth; // pixel data and row filter identifier size this.pix_size = height * (width + 1); // deflate header, pix_size, block headers, adler32 checksum this.data_size = 2 + this.pix_size + 5 * Math.floor((0xfffe + this.pix_size) / 0xffff) + 4; // offsets and sizes of Png chunks this.ihdr_offs = 0; // IHDR offset and size this.ihdr_size = 4 + 4 + 13 + 4; this.plte_offs = this.ihdr_offs + this.ihdr_size; // PLTE offset and size this.plte_size = 4 + 4 + 3 * depth + 4; this.trns_offs = this.plte_offs + this.plte_size; // tRNS offset and size this.trns_size = 4 + 4 + depth + 4; this.idat_offs = this.trns_offs + this.trns_size; // IDAT offset and size this.idat_size = 4 + 4 + this.data_size + 4; this.iend_offs = this.idat_offs + this.idat_size; // IEND offset and size this.iend_size = 4 + 4 + 4; this.buffer_size = this.iend_offs + this.iend_size; // total PNG size this.buffer = new Array(); this.palette = new Object(); this.pindex = 0; var _crc32 = new Array(); // initialize buffer with zero bytes for (var i = 0; i < this.buffer_size; i++) { this.buffer[i] = "\x00"; } // initialize non-zero elements write(this.buffer, this.ihdr_offs, byte4(this.ihdr_size - 12), 'IHDR', byte4(width), byte4(height), "\x08\x03"); write(this.buffer, this.plte_offs, byte4(this.plte_size - 12), 'PLTE'); write(this.buffer, this.trns_offs, byte4(this.trns_size - 12), 'tRNS'); write(this.buffer, this.idat_offs, byte4(this.idat_size - 12), 'IDAT'); write(this.buffer, this.iend_offs, byte4(this.iend_size - 12), 'IEND'); // initialize deflate header var header = ((8 + (7 << 4)) << 8) | (3 << 6); header += 31 - (header % 31); write(this.buffer, this.idat_offs + 8, byte2(header)); // initialize deflate block headers for (var i = 0; (i << 16) - 1 < this.pix_size; i++) { var size, bits; if (i + 0xffff < this.pix_size) { size = 0xffff; bits = "\x00"; } else { size = this.pix_size - (i << 16) - i; bits = "\x01"; } write(this.buffer, this.idat_offs + 8 + 2 + (i << 16) + (i << 2), bits, byte2lsb(size), byte2lsb(~size)); } /* Create crc32 lookup table */ for (var i = 0; i < 256; i++) { var c = i; for (var j = 0; j < 8; j++) { if (c & 1) { c = -306674912 ^ ((c >> 1) & 0x7fffffff); } else { c = (c >> 1) & 0x7fffffff; } } _crc32[i] = c; } // compute the index into a png for a given pixel this.index = function(x, y) { var i = y * (this.width + 1) + x + 1; var j = this.idat_offs + 8 + 2 + 5 * Math.floor((i / 0xffff) + 1) + i; return j; } // convert a color and build up the palette this.color = function(red, green, blue, alpha) { alpha = alpha >= 0 ? alpha : 255; var color = (((((alpha << 8) | red) << 8) | green) << 8) | blue; if (typeof this.palette[color] == "undefined") { if (this.pindex == this.depth) return "\x00"; var ndx = this.plte_offs + 8 + 3 * this.pindex; this.buffer[ndx + 0] = String.fromCharCode(red); this.buffer[ndx + 1] = String.fromCharCode(green); this.buffer[ndx + 2] = String.fromCharCode(blue); this.buffer[this.trns_offs + 8 + this.pindex] = String.fromCharCode(alpha); this.palette[color] = String.fromCharCode(this.pindex++); } return this.palette[color]; } // output a PNG string, Base64 encoded this.getBase64 = function() { var s = this.getDump(); var ch = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="; var c1, c2, c3, e1, e2, e3, e4; var l = s.length; var i = 0; var r = ""; do { c1 = s.charCodeAt(i); e1 = c1 >> 2; c2 = s.charCodeAt(i + 1); e2 = ((c1 & 3) << 4) | (c2 >> 4); c3 = s.charCodeAt(i + 2); if (l < i + 2) { e3 = 64; } else { e3 = ((c2 & 0xf) << 2) | (c3 >> 6); } if (l < i + 3) { e4 = 64; } else { e4 = c3 & 0x3f; } r += ch.charAt(e1) + ch.charAt(e2) + ch.charAt(e3) + ch.charAt(e4); } while ((i += 3) < l); return r; } // output a PNG string this.getDump = function() { // compute adler32 of output pixels + row filter bytes var BASE = 65521; /* largest prime smaller than 65536 */ var NMAX = 5552; /* NMAX is the largest n such that 255n(n+1)/2 + (n+1)(BASE-1) <= 2^32-1 */ var s1 = 1; var s2 = 0; var n = NMAX; for (var y = 0; y < this.height; y++) { for (var x = -1; x < this.width; x++) { s1 += this.buffer[this.index(x, y)].charCodeAt(0); s2 += s1; if ((n -= 1) == 0) { s1 %= BASE; s2 %= BASE; n = NMAX; } } } s1 %= BASE; s2 %= BASE; write(this.buffer, this.idat_offs + this.idat_size - 8, byte4((s2 << 16) | s1)); // compute crc32 of the PNG chunks function crc32(png, offs, size) { var crc = -1; for (var i = 4; i < size - 4; i += 1) { crc = _crc32[(crc ^ png[offs + i].charCodeAt(0)) & 0xff] ^ ((crc >> 8) & 0x00ffffff); } write(png, offs + size - 4, byte4(crc ^ -1)); } crc32(this.buffer, this.ihdr_offs, this.ihdr_size); crc32(this.buffer, this.plte_offs, this.plte_size); crc32(this.buffer, this.trns_offs, this.trns_size); crc32(this.buffer, this.idat_offs, this.idat_size); crc32(this.buffer, this.iend_offs, this.iend_size); // convert PNG to string return "\211PNG\r\n\032\n" + this.buffer.join(''); } } })(); (function() { var PNGlib; if (typeof module !== 'undefined' && typeof module.exports !== 'undefined') { PNGlib = require('./pnglib'); } else { PNGlib = window.PNGlib; } var Identicon = function(hash, options) { this.defaults = { background: [255, 255, 255, 255], hash: this.createHashFromString((new Date()).toISOString()), margin: 0.08, size: 64 }; this.options = typeof(options) === 'object' ? options : this.defaults; // backward compatibility with old constructor (hash, size, margin) if (arguments[1] && typeof(arguments[1]) === 'number') { this.options.size = arguments[1]; } if (arguments[2]) { this.options.margin = arguments[2]; } this.hash = hash || this.defaults.hash; this.background = this.options.background || this.defaults.background; this.margin = this.options.margin || this.defaults.margin; this.size = this.options.size || this.defaults.size; }; Identicon.prototype = { background: null, hash: null, margin: null, size: null, render: function() { var hash = this.hash, size = this.size, baseMargin = Math.floor(size * this.margin), cell = Math.floor((size - (baseMargin * 2)) / 5), margin = Math.floor((size - cell * 5) / 2), image = new PNGlib(size, size, 256); // light-grey background var bg = image.color(this.background[0], this.background[1], this.background[2], this.background[3]); // foreground is last 7 chars as hue at 50% saturation, 70% brightness var rgb = this.hsl2rgb(parseInt(hash.substr(-7), 16) / 0xefefef, 0.8, 0.6), fg = image.color(rgb[0] * 255, rgb[1] * 255, rgb[2] * 255); // the first 15 characters of the hash control the pixels (even/odd) // they are drawn down the middle first, then mirrored outwards var i, color; for (i = 0; i < 15; i++) { color = parseInt(hash.charAt(i), 16) % 2 ? bg : fg; if (i < 5) { this.rectangle(2 * cell + margin, i * cell + margin, cell, cell, color, image); } else if (i < 10) { this.rectangle(1 * cell + margin, (i - 5) * cell + margin, cell, cell, color, image); this.rectangle(3 * cell + margin, (i - 5) * cell + margin, cell, cell, color, image); } else if (i < 15) { this.rectangle(0 * cell + margin, (i - 10) * cell + margin, cell, cell, color, image); this.rectangle(4 * cell + margin, (i - 10) * cell + margin, cell, cell, color, image); } } return image; }, rectangle: function(x, y, w, h, color, image) { var i, j; for (i = x; i < x + w; i++) { for (j = y; j < y + h; j++) { image.buffer[image.index(i, j)] = color; } } }, // adapted from: https://gist.github.com/aemkei/1325937 hsl2rgb: function(h, s, b) { h *= 6; s = [ b += s *= b < .5 ? b : 1 - b, b - h % 1 * s * 2, b -= s *= 2, b, b + h % 1 * s, b + s ]; return [ s[~~h % 6], // red s[(h | 16) % 6], // green s[(h | 8) % 6] // blue ]; }, toString: function() { return this.render().getBase64(); }, // Creates a consistent-length hash from a string createHashFromString: function(str) { var hash = '0', salt = 'identicon', i, chr, len; if (!str) { return hash; } str += salt + str; // Better randomization for short inputs. for (i = 0, len = str.length; i < len; i++) { chr = str.charCodeAt(i); hash = ((hash << 5) - hash) + chr; hash |= 0; // Convert to 32bit integer } return hash.toString(); } }; if (typeof module !== 'undefined' && typeof module.exports !== 'undefined') { module.exports = Identicon; } else { window.Identicon = Identicon; } })(); function updateIdenticon(elem, hash, size, color) { var options = { background : color, size : size ? size : 256 } //hash = hash.hexEncode(); var data = new Identicon(hash, options).toString(); // write to a data URI elem.src = 'data:image/png;base64,' + data; } /* CryptoJS v3.1.2 code.google.com/p/crypto-js (c) 2009-2013 by Jeff Mott. All rights reserved. code.google.com/p/crypto-js/wiki/License */ var CryptoJS=CryptoJS||function(e,m){var p={},j=p.lib={},l=function(){},f=j.Base={extend:function(a){l.prototype=this;var c=new l;a&&c.mixIn(a);c.hasOwnProperty("init")||(c.init=function(){c.$super.init.apply(this,arguments)});c.init.prototype=c;c.$super=this;return c},create:function(){var a=this.extend();a.init.apply(a,arguments);return a},init:function(){},mixIn:function(a){for(var c in a)a.hasOwnProperty(c)&&(this[c]=a[c]);a.hasOwnProperty("toString")&&(this.toString=a.toString)},clone:function(){return this.init.prototype.extend(this)}}, n=j.WordArray=f.extend({init:function(a,c){a=this.words=a||[];this.sigBytes=c!=m?c:4*a.length},toString:function(a){return(a||h).stringify(this)},concat:function(a){var c=this.words,q=a.words,d=this.sigBytes;a=a.sigBytes;this.clamp();if(d%4)for(var b=0;b<a;b++)c[d+b>>>2]|=(q[b>>>2]>>>24-8*(b%4)&255)<<24-8*((d+b)%4);else if(65535<q.length)for(b=0;b<a;b+=4)c[d+b>>>2]=q[b>>>2];else c.push.apply(c,q);this.sigBytes+=a;return this},clamp:function(){var a=this.words,c=this.sigBytes;a[c>>>2]&=4294967295<< 32-8*(c%4);a.length=e.ceil(c/4)},clone:function(){var a=f.clone.call(this);a.words=this.words.slice(0);return a},random:function(a){for(var c=[],b=0;b<a;b+=4)c.push(4294967296*e.random()|0);return new n.init(c,a)}}),b=p.enc={},h=b.Hex={stringify:function(a){var c=a.words;a=a.sigBytes;for(var b=[],d=0;d<a;d++){var f=c[d>>>2]>>>24-8*(d%4)&255;b.push((f>>>4).toString(16));b.push((f&15).toString(16))}return b.join("")},parse:function(a){for(var c=a.length,b=[],d=0;d<c;d+=2)b[d>>>3]|=parseInt(a.substr(d, 2),16)<<24-4*(d%8);return new n.init(b,c/2)}},g=b.Latin1={stringify:function(a){var c=a.words;a=a.sigBytes;for(var b=[],d=0;d<a;d++)b.push(String.fromCharCode(c[d>>>2]>>>24-8*(d%4)&255));return b.join("")},parse:function(a){for(var c=a.length,b=[],d=0;d<c;d++)b[d>>>2]|=(a.charCodeAt(d)&255)<<24-8*(d%4);return new n.init(b,c)}},r=b.Utf8={stringify:function(a){try{return decodeURIComponent(escape(g.stringify(a)))}catch(c){throw Error("Malformed UTF-8 data");}},parse:function(a){return g.parse(unescape(encodeURIComponent(a)))}}, k=j.BufferedBlockAlgorithm=f.extend({reset:function(){this._data=new n.init;this._nDataBytes=0},_append:function(a){"string"==typeof a&&(a=r.parse(a));this._data.concat(a);this._nDataBytes+=a.sigBytes},_process:function(a){var c=this._data,b=c.words,d=c.sigBytes,f=this.blockSize,h=d/(4*f),h=a?e.ceil(h):e.max((h|0)-this._minBufferSize,0);a=h*f;d=e.min(4*a,d);if(a){for(var g=0;g<a;g+=f)this._doProcessBlock(b,g);g=b.splice(0,a);c.sigBytes-=d}return new n.init(g,d)},clone:function(){var a=f.clone.call(this); a._data=this._data.clone();return a},_minBufferSize:0});j.Hasher=k.extend({cfg:f.extend(),init:function(a){this.cfg=this.cfg.extend(a);this.reset()},reset:function(){k.reset.call(this);this._doReset()},update:function(a){this._append(a);this._process();return this},finalize:function(a){a&&this._append(a);return this._doFinalize()},blockSize:16,_createHelper:function(a){return function(c,b){return(new a.init(b)).finalize(c)}},_createHmacHelper:function(a){return function(b,f){return(new s.HMAC.init(a, f)).finalize(b)}}});var s=p.algo={};return p}(Math); (function(){var e=CryptoJS,m=e.lib,p=m.WordArray,j=m.Hasher,l=[],m=e.algo.SHA1=j.extend({_doReset:function(){this._hash=new p.init([1732584193,4023233417,2562383102,271733878,3285377520])},_doProcessBlock:function(f,n){for(var b=this._hash.words,h=b[0],g=b[1],e=b[2],k=b[3],j=b[4],a=0;80>a;a++){if(16>a)l[a]=f[n+a]|0;else{var c=l[a-3]^l[a-8]^l[a-14]^l[a-16];l[a]=c<<1|c>>>31}c=(h<<5|h>>>27)+j+l[a];c=20>a?c+((g&e|~g&k)+1518500249):40>a?c+((g^e^k)+1859775393):60>a?c+((g&e|g&k|e&k)-1894007588):c+((g^e^ k)-899497514);j=k;k=e;e=g<<30|g>>>2;g=h;h=c}b[0]=b[0]+h|0;b[1]=b[1]+g|0;b[2]=b[2]+e|0;b[3]=b[3]+k|0;b[4]=b[4]+j|0},_doFinalize:function(){var f=this._data,e=f.words,b=8*this._nDataBytes,h=8