js逆向-ast混淆还原入门案例(1)
2024-06-06 00:01:57
recast资料太少,在大佬的建议下转到babel了。
搬运各个地方的案例学习后,分享给大家,也给自己一个记录。
案例需2个文件:运行文件1_run.js 源码文件1_read.js
1_read.js
var _0x2075 = ['wrw3EMKc', 'BBdBHWk=', 'wplgd8O5dHbDtFfDucK9CsOS', 'f8KvAcKewoDClg==', 'XcKowo9uOyfChw==', 'XcKowpRzOzDCgMKuw5vCtH8=', 'HmQkw5vDt8OIBDbCpMKdw6Aaw7HDmcKb', 'wpxzdMO4', 'R8KHF1k1w5A=', 'w4LDgcOowrjDhg==', 'w6RKw6PCmVDDpw==', 'w6DDgsKrCsK5wqAwKsOMTkPDilwgB241RVBIw6rCvwpWw5fCo8OSw59pBcK7UlrCucOZHy7DgsO5wpx5J8K5wqbCtMOMwqvCsiUFw5s4JGfDmwQPw7Fawq3CgXlkJyE=', 'VcObYsOHKcKpwpI=', 'KkZfcE52w77ChsKgUQ==', 'CmQsw57DvA==', 'YV7CscOYZg==', 'w5jDt8OUwr46w5c6LsKEPsO0', 'F8OUMQhRw78Q', 'YMKzeTvCpMKzHcKKGSjCj2dJwq3Cj3/ChsKSFVpMw4sZwrg9H8OLw4/DqUlhYlpaa8KYJsO5AcK2wqnCmGhEwqkbdMKKLsO/wpBFMcKlC8OvKUkXZ8KpBsOxw4XDk8K5w4Y6w7VZO8K/wojCqcO2wqQow5Z+w6dew7I3TMObw6Ykw7I=', 'Mk8Bw6QawqU=', 'wo5zw4vCkxvDuSBqwoENw7rCrF3DksKewoPDqMKHNSzCgcK2fcKxPMKbGcKwCW5GZWRpw6fDmgHCjXrCnXE3w4zDqlt3w64lw7JiworDi8Knw5YoW1LDlUbDpkEtGQPDnw==', 'w6lvdMKW', 'w7JFdsOhwrBqwrlMYcKVJRjCuMKQwpLDtMONwprCsMORw4BtRV0oeEQPCgAmMgx2'];
(function(_0xf486e7, _0x2075d7) {var _0x5c3a18 = function(_0x5b65b1) {while (--_0x5b65b1) {_0xf486e7['push'](_0xf486e7['shift']());}};_0x5c3a18(++_0x2075d7);
}(_0x2075, 0xa4));
var _0x5c3a = function(_0xf486e7, _0x2075d7) {_0xf486e7 = _0xf486e7 - 0x0;var _0x5c3a18 = _0x2075[_0xf486e7];if (_0x5c3a['vEVEZj'] === undefined) {(function() {var _0x2e1ca4;try {var _0x28e173 = Function('return\x20(function()\x20' + '{}.constructor(\x22return\x20this\x22)(\x20)' + ');');_0x2e1ca4 = _0x28e173();} catch (_0x16acc9) {_0x2e1ca4 = window;}var _0x16f958 = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';_0x2e1ca4['atob'] || (_0x2e1ca4['atob'] = function(_0x5a7812) {var _0x3c7e74 = String(_0x5a7812)['replace'](/=+$/, '');var _0x5e030c = '';for (var _0x4eaee2 = 0x0, _0x5954ef, _0x29200e, _0x5a128b = 0x0; _0x29200e = _0x3c7e74['charAt'](_0x5a128b++); ~_0x29200e && (_0x5954ef = _0x4eaee2 % 0x4 ? _0x5954ef * 0x40 + _0x29200e : _0x29200e,_0x4eaee2++ % 0x4) ? _0x5e030c += String['fromCharCode'](0xff & _0x5954ef >> (-0x2 * _0x4eaee2 & 0x6)) : 0x0) {_0x29200e = _0x16f958['indexOf'](_0x29200e);}return _0x5e030c;});}());var _0x3acf89 = function(_0x593a19, _0xfee22e) {var _0x1b5349 = [], _0x4ddb21 = 0x0, _0x28ed27, _0x4b4996 = '', _0xbdd0c6 = '';_0x593a19 = atob(_0x593a19);for (var _0x1d6343 = 0x0, _0x3f947e = _0x593a19['length']; _0x1d6343 < _0x3f947e; _0x1d6343++) {_0xbdd0c6 += '%' + ('00' + _0x593a19['charCodeAt'](_0x1d6343)['toString'](0x10))['slice'](-0x2);}_0x593a19 = decodeURIComponent(_0xbdd0c6);var _0x1a120c;for (_0x1a120c = 0x0; _0x1a120c < 0x100; _0x1a120c++) {_0x1b5349[_0x1a120c] = _0x1a120c;}for (_0x1a120c = 0x0; _0x1a120c < 0x100; _0x1a120c++) {_0x4ddb21 = (_0x4ddb21 + _0x1b5349[_0x1a120c] + _0xfee22e['charCodeAt'](_0x1a120c % _0xfee22e['length'])) % 0x100;_0x28ed27 = _0x1b5349[_0x1a120c];_0x1b5349[_0x1a120c] = _0x1b5349[_0x4ddb21];_0x1b5349[_0x4ddb21] = _0x28ed27;}_0x1a120c = 0x0;_0x4ddb21 = 0x0;for (var _0x585b7f = 0x0; _0x585b7f < _0x593a19['length']; _0x585b7f++) {_0x1a120c = (_0x1a120c + 0x1) % 0x100;_0x4ddb21 = (_0x4ddb21 + _0x1b5349[_0x1a120c]) % 0x100;_0x28ed27 = _0x1b5349[_0x1a120c];_0x1b5349[_0x1a120c] = _0x1b5349[_0x4ddb21];_0x1b5349[_0x4ddb21] = _0x28ed27;_0x4b4996 += String['fromCharCode'](_0x593a19['charCodeAt'](_0x585b7f) ^ _0x1b5349[(_0x1b5349[_0x1a120c] + _0x1b5349[_0x4ddb21]) % 0x100]);}return _0x4b4996;};_0x5c3a['HKkhxp'] = _0x3acf89;_0x5c3a['eabUGz'] = {};_0x5c3a['vEVEZj'] = !![];}var _0x5b65b1 = _0x5c3a['eabUGz'][_0xf486e7];if (_0x5b65b1 === undefined) {if (_0x5c3a['vszZjY'] === undefined) {_0x5c3a['vszZjY'] = !![];}_0x5c3a18 = _0x5c3a['HKkhxp'](_0x5c3a18, _0x2075d7);_0x5c3a['eabUGz'][_0xf486e7] = _0x5c3a18;} else {_0x5c3a18 = _0x5b65b1;}return _0x5c3a18;
};
var _0x2e1ca4 = function() {var _0x564fd8 = !![];return function(_0x157886, _0x3f8543) {var _0x3aa335 = _0x564fd8 ? function() {if (_0x3f8543) {var _0x35f411 = _0x3f8543[_0x5c3a('0x15', 'qqhd')](_0x157886, arguments);_0x3f8543 = null;return _0x35f411;}}: function() {};_0x564fd8 = ![];return _0x3aa335;};
}();
setInterval(function() {_0x3acf89();
}, 0xfa0);
(function() {_0x2e1ca4(this, function() {var _0x13f533 = new RegExp('function\x20*\x5c(\x20*\x5c)');var _0x28f488 = new RegExp(_0x5c3a('0x13', 'l02m'),'i');var _0x5783e7 = _0x3acf89('init');if (!_0x13f533['test'](_0x5783e7 + _0x5c3a('0xb', 'mvpW')) || !_0x28f488['test'](_0x5783e7 + _0x5c3a('0x6', 'S&fJ'))) {_0x5783e7('0');} else {_0x3acf89();}})();
}());
window = {};
window['atob'] = function(_0x44004e) {e = _0x5c3a('0x8', 'CwZq');var _0x2761c0 = String(_0x44004e)[_0x5c3a('0x9', 'F%XZ')](/=+$/, '');if (_0x2761c0[_0x5c3a('0x7', 'KMc0')] % 0x4 == 0x1)throw new t('\x27atob\x27\x20failed:\x20The\x20string\x20to\x20be\x20decoded\x20is\x20not\x20correctly\x20encoded.');for (var _0x3568b6, _0x228da4, _0x1076e1 = 0x0, _0x242bbc = 0x0, _0x5766d9 = ''; _0x228da4 = _0x2761c0['charAt'](_0x242bbc++); ~_0x228da4 && (_0x3568b6 = _0x1076e1 % 0x4 ? 0x40 * _0x3568b6 + _0x228da4 : _0x228da4,_0x1076e1++ % 0x4) ? _0x5766d9 += String[_0x5c3a('0x16', '%Fh)')](0xff & _0x3568b6 >> (-0x2 * _0x1076e1 & 0x6)) : 0x0)_0x228da4 = e[_0x5c3a('0xe', 'ivHf')](_0x228da4);return _0x5766d9;
}
window['btoa'] = function(_0x140387) {e = _0x5c3a('0x11', '1t8u');for (var _0x5a7683, _0x5c4afc, _0x414c71 = String(_0x140387), _0x3a865d = 0x0, _0x388744 = e, _0x171f9b = ''; _0x414c71[_0x5c3a('0x10', 'G%UZ')](0x0 | _0x3a865d) || (_0x388744 = '=',_0x3a865d % 0x1); _0x171f9b += _0x388744[_0x5c3a('0x5', '#%vS')](0x3f & _0x5a7683 >> 0x8 - _0x3a865d % 0x1 * 0x8)) {if (_0x5c4afc = _0x414c71[_0x5c3a('0xa', '(eE#')](_0x3a865d += 0.75),_0x5c4afc > 0xff)throw new t(_0x5c3a('0xf', '!zyq'));_0x5a7683 = _0x5a7683 << 0x8 | _0x5c4afc;}return _0x171f9b;
}
function _0x3acf89(_0x1a61bd) {function _0x50b4d2(_0x5c1045) {if (typeof _0x5c1045 === 'string') {return function(_0xaf1ee8) {}['constructor'](_0x5c3a('0x3', 'mvpW'))[_0x5c3a('0xc', 'dtRw')](_0x5c3a('0x1', 'g1Ep'));} else {if (('' + _0x5c1045 / _0x5c1045)['length'] !== 0x1 || _0x5c1045 % 0x14 === 0x0) {(function() {return !![];}['constructor']('debu' + 'gger')[_0x5c3a('0x4', '%Fh)')](_0x5c3a('0x0', 'zu[n')));} else {(function() {return ![];}[_0x5c3a('0x2', 'g1Ep')](_0x5c3a('0x12', 'LPae') + _0x5c3a('0x14', 'N5*X'))['apply'](_0x5c3a('0xd', 'qOO9')));}}_0x50b4d2(++_0x5c1045);}try {if (_0x1a61bd) {return _0x50b4d2;} else {_0x50b4d2(0x0);}} catch (_0x524e63) {}
}1_run.js
/*
* 安装 npm install @babel/core
* */// 将JS源码转换成语法树
const parser = require("@babel/parser");
// 为parser提供模板引擎
const template = require("@babel/template").default;
// 遍历AST
const traverse = require("@babel/traverse").default;
// 操作节点,比如判断节点类型,生成新的节点等
const t = require("@babel/types");
// 将语法树转换为源代码
const generator = require("@babel/generator").default;
// 操作文件
const fs = require("fs");
//
const path = require('path');var file_path = 'F:\\FILE\\Python\\Exercises\\js\\js-ast混淆还原\\'
var jscode = fs.readFileSync(file_path+"1_read.js", {encoding: "utf-8"
});var _0x2075 = ['wrw3EMKc', 'BBdBHWk=', 'wplgd8O5dHbDtFfDucK9CsOS', 'f8KvAcKewoDClg==', 'XcKowo9uOyfChw==', 'XcKowpRzOzDCgMKuw5vCtH8=', 'HmQkw5vDt8OIBDbCpMKdw6Aaw7HDmcKb', 'wpxzdMO4', 'R8KHF1k1w5A=', 'w4LDgcOowrjDhg==', 'w6RKw6PCmVDDpw==', 'w6DDgsKrCsK5wqAwKsOMTkPDilwgB241RVBIw6rCvwpWw5fCo8OSw59pBcK7UlrCucOZHy7DgsO5wpx5J8K5wqbCtMOMwqvCsiUFw5s4JGfDmwQPw7Fawq3CgXlkJyE=', 'VcObYsOHKcKpwpI=', 'KkZfcE52w77ChsKgUQ==', 'CmQsw57DvA==', 'YV7CscOYZg==', 'w5jDt8OUwr46w5c6LsKEPsO0', 'F8OUMQhRw78Q', 'YMKzeTvCpMKzHcKKGSjCj2dJwq3Cj3/ChsKSFVpMw4sZwrg9H8OLw4/DqUlhYlpaa8KYJsO5AcK2wqnCmGhEwqkbdMKKLsO/wpBFMcKlC8OvKUkXZ8KpBsOxw4XDk8K5w4Y6w7VZO8K/wojCqcO2wqQow5Z+w6dew7I3TMObw6Ykw7I=', 'Mk8Bw6QawqU=', 'wo5zw4vCkxvDuSBqwoENw7rCrF3DksKewoPDqMKHNSzCgcK2fcKxPMKbGcKwCW5GZWRpw6fDmgHCjXrCnXE3w4zDqlt3w64lw7JiworDi8Knw5YoW1LDlUbDpkEtGQPDnw==', 'w6lvdMKW', 'w7JFdsOhwrBqwrlMYcKVJRjCuMKQwpLDtMONwprCsMORw4BtRV0oeEQPCgAmMgx2'];
(function(_0xf486e7, _0x2075d7) {var _0x5c3a18 = function(_0x5b65b1) {while (--_0x5b65b1) {_0xf486e7['push'](_0xf486e7['shift']());}};_0x5c3a18(++_0x2075d7);
}(_0x2075, 0xa4));
var _0x5c3a = function(_0xf486e7, _0x2075d7) {_0xf486e7 = _0xf486e7 - 0x0;var _0x5c3a18 = _0x2075[_0xf486e7];if (_0x5c3a['vEVEZj'] === undefined) {(function() {var _0x2e1ca4;try {var _0x28e173 = Function('return\x20(function()\x20' + '{}.constructor(\x22return\x20this\x22)(\x20)' + ');');_0x2e1ca4 = _0x28e173();} catch (_0x16acc9) {_0x2e1ca4 = window;}var _0x16f958 = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';_0x2e1ca4['atob'] || (_0x2e1ca4['atob'] = function(_0x5a7812) {var _0x3c7e74 = String(_0x5a7812)['replace'](/=+$/, '');var _0x5e030c = '';for (var _0x4eaee2 = 0x0, _0x5954ef, _0x29200e, _0x5a128b = 0x0; _0x29200e = _0x3c7e74['charAt'](_0x5a128b++); ~_0x29200e && (_0x5954ef = _0x4eaee2 % 0x4 ? _0x5954ef * 0x40 + _0x29200e : _0x29200e,_0x4eaee2++ % 0x4) ? _0x5e030c += String['fromCharCode'](0xff & _0x5954ef >> (-0x2 * _0x4eaee2 & 0x6)) : 0x0) {_0x29200e = _0x16f958['indexOf'](_0x29200e);}return _0x5e030c;});}());var _0x3acf89 = function(_0x593a19, _0xfee22e) {var _0x1b5349 = [], _0x4ddb21 = 0x0, _0x28ed27, _0x4b4996 = '', _0xbdd0c6 = '';_0x593a19 = atob(_0x593a19);for (var _0x1d6343 = 0x0, _0x3f947e = _0x593a19['length']; _0x1d6343 < _0x3f947e; _0x1d6343++) {_0xbdd0c6 += '%' + ('00' + _0x593a19['charCodeAt'](_0x1d6343)['toString'](0x10))['slice'](-0x2);}_0x593a19 = decodeURIComponent(_0xbdd0c6);var _0x1a120c;for (_0x1a120c = 0x0; _0x1a120c < 0x100; _0x1a120c++) {_0x1b5349[_0x1a120c] = _0x1a120c;}for (_0x1a120c = 0x0; _0x1a120c < 0x100; _0x1a120c++) {_0x4ddb21 = (_0x4ddb21 + _0x1b5349[_0x1a120c] + _0xfee22e['charCodeAt'](_0x1a120c % _0xfee22e['length'])) % 0x100;_0x28ed27 = _0x1b5349[_0x1a120c];_0x1b5349[_0x1a120c] = _0x1b5349[_0x4ddb21];_0x1b5349[_0x4ddb21] = _0x28ed27;}_0x1a120c = 0x0;_0x4ddb21 = 0x0;for (var _0x585b7f = 0x0; _0x585b7f < _0x593a19['length']; _0x585b7f++) {_0x1a120c = (_0x1a120c + 0x1) % 0x100;_0x4ddb21 = (_0x4ddb21 + _0x1b5349[_0x1a120c]) % 0x100;_0x28ed27 = _0x1b5349[_0x1a120c];_0x1b5349[_0x1a120c] = _0x1b5349[_0x4ddb21];_0x1b5349[_0x4ddb21] = _0x28ed27;_0x4b4996 += String['fromCharCode'](_0x593a19['charCodeAt'](_0x585b7f) ^ _0x1b5349[(_0x1b5349[_0x1a120c] + _0x1b5349[_0x4ddb21]) % 0x100]);}return _0x4b4996;};_0x5c3a['HKkhxp'] = _0x3acf89;_0x5c3a['eabUGz'] = {};_0x5c3a['vEVEZj'] = !![];}var _0x5b65b1 = _0x5c3a['eabUGz'][_0xf486e7];if (_0x5b65b1 === undefined) {if (_0x5c3a['vszZjY'] === undefined) {_0x5c3a['vszZjY'] = !![];}_0x5c3a18 = _0x5c3a['HKkhxp'](_0x5c3a18, _0x2075d7);_0x5c3a['eabUGz'][_0xf486e7] = _0x5c3a18;} else {_0x5c3a18 = _0x5b65b1;}return _0x5c3a18;
};function traverse_all(ast) {// 遍历节点,当遇到下列类型的时候会调用函数traverse(ast, {CallExpression: {enter: [replace_function_to_string]}})traverse(ast, {MemberExpression: {enter: [replace]}})}
// a["length"]转变为a.length
function replace(path)
{const node = path.node;let property = path.get('property')if(t.isStringLiteral(node.property)) {let value = node.property.value;console.log(value)//原为true,改后的效果把[]变为.node.computed = false//如果写成path.replaceWith是将整个MemberExpression节点换为value,节点类型也变为Identifier,例:window.btoa变为btoa//我们仅需要替换property节点property.replaceWith(t.Identifier(value))}
}//调用_0x5c3a进行解密,在替换原来的
function replace_function_to_string(path)
{//对节点进行处理const node = path.node;//判断节点类型及函数名,不是则返回if (!t.isIdentifier(node.callee,{name:"_0x5c3a"})) return;//取实参值let first_arg = node.arguments[0].value;let second_arg = node.arguments[1].value;//调用本地的_0x5c3a函数let value = _0x5c3a(first_arg,second_arg);//打印看结果console.log(node.callee.name,first_arg,second_arg,value);//替换CallExpression节点,为StringLiteral类型的valuepath.replaceWith(t.StringLiteral(value));
}let ast = parser.parse(jscode);
traverse_all(ast);
let {code} = generator(ast);
fs.writeFile(file_path+'1_decoded.js', code, (err)=>{});生成1_decoded.js
var _0x2075 = ['wrw3EMKc', 'BBdBHWk=', 'wplgd8O5dHbDtFfDucK9CsOS', 'f8KvAcKewoDClg==', 'XcKowo9uOyfChw==', 'XcKowpRzOzDCgMKuw5vCtH8=', 'HmQkw5vDt8OIBDbCpMKdw6Aaw7HDmcKb', 'wpxzdMO4', 'R8KHF1k1w5A=', 'w4LDgcOowrjDhg==', 'w6RKw6PCmVDDpw==', 'w6DDgsKrCsK5wqAwKsOMTkPDilwgB241RVBIw6rCvwpWw5fCo8OSw59pBcK7UlrCucOZHy7DgsO5wpx5J8K5wqbCtMOMwqvCsiUFw5s4JGfDmwQPw7Fawq3CgXlkJyE=', 'VcObYsOHKcKpwpI=', 'KkZfcE52w77ChsKgUQ==', 'CmQsw57DvA==', 'YV7CscOYZg==', 'w5jDt8OUwr46w5c6LsKEPsO0', 'F8OUMQhRw78Q', 'YMKzeTvCpMKzHcKKGSjCj2dJwq3Cj3/ChsKSFVpMw4sZwrg9H8OLw4/DqUlhYlpaa8KYJsO5AcK2wqnCmGhEwqkbdMKKLsO/wpBFMcKlC8OvKUkXZ8KpBsOxw4XDk8K5w4Y6w7VZO8K/wojCqcO2wqQow5Z+w6dew7I3TMObw6Ykw7I=', 'Mk8Bw6QawqU=', 'wo5zw4vCkxvDuSBqwoENw7rCrF3DksKewoPDqMKHNSzCgcK2fcKxPMKbGcKwCW5GZWRpw6fDmgHCjXrCnXE3w4zDqlt3w64lw7JiworDi8Knw5YoW1LDlUbDpkEtGQPDnw==', 'w6lvdMKW', 'w7JFdsOhwrBqwrlMYcKVJRjCuMKQwpLDtMONwprCsMORw4BtRV0oeEQPCgAmMgx2'];(function (_0xf486e7, _0x2075d7) {var _0x5c3a18 = function (_0x5b65b1) {while (--_0x5b65b1) {_0xf486e7.push(_0xf486e7.shift());}};_0x5c3a18(++_0x2075d7);
})(_0x2075, 0xa4);var _0x5c3a = function (_0xf486e7, _0x2075d7) {_0xf486e7 = _0xf486e7 - 0x0;var _0x5c3a18 = _0x2075[_0xf486e7];if (_0x5c3a.vEVEZj === undefined) {(function () {var _0x2e1ca4;try {var _0x28e173 = Function('return\x20(function()\x20' + '{}.constructor(\x22return\x20this\x22)(\x20)' + ');');_0x2e1ca4 = _0x28e173();} catch (_0x16acc9) {_0x2e1ca4 = window;}var _0x16f958 = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';_0x2e1ca4.atob || (_0x2e1ca4.atob = function (_0x5a7812) {var _0x3c7e74 = String(_0x5a7812).replace(/=+$/, '');var _0x5e030c = '';for (var _0x4eaee2 = 0x0, _0x5954ef, _0x29200e, _0x5a128b = 0x0; _0x29200e = _0x3c7e74.charAt(_0x5a128b++); ~_0x29200e && (_0x5954ef = _0x4eaee2 % 0x4 ? _0x5954ef * 0x40 + _0x29200e : _0x29200e, _0x4eaee2++ % 0x4) ? _0x5e030c += String.fromCharCode(0xff & _0x5954ef >> (-0x2 * _0x4eaee2 & 0x6)) : 0x0) {_0x29200e = _0x16f958.indexOf(_0x29200e);}return _0x5e030c;});})();var _0x3acf89 = function (_0x593a19, _0xfee22e) {var _0x1b5349 = [],_0x4ddb21 = 0x0,_0x28ed27,_0x4b4996 = '',_0xbdd0c6 = '';_0x593a19 = atob(_0x593a19);for (var _0x1d6343 = 0x0, _0x3f947e = _0x593a19.length; _0x1d6343 < _0x3f947e; _0x1d6343++) {_0xbdd0c6 += '%' + ('00' + _0x593a19.charCodeAt(_0x1d6343).toString(0x10)).slice(-0x2);}_0x593a19 = decodeURIComponent(_0xbdd0c6);var _0x1a120c;for (_0x1a120c = 0x0; _0x1a120c < 0x100; _0x1a120c++) {_0x1b5349[_0x1a120c] = _0x1a120c;}for (_0x1a120c = 0x0; _0x1a120c < 0x100; _0x1a120c++) {_0x4ddb21 = (_0x4ddb21 + _0x1b5349[_0x1a120c] + _0xfee22e.charCodeAt(_0x1a120c % _0xfee22e.length)) % 0x100;_0x28ed27 = _0x1b5349[_0x1a120c];_0x1b5349[_0x1a120c] = _0x1b5349[_0x4ddb21];_0x1b5349[_0x4ddb21] = _0x28ed27;}_0x1a120c = 0x0;_0x4ddb21 = 0x0;for (var _0x585b7f = 0x0; _0x585b7f < _0x593a19.length; _0x585b7f++) {_0x1a120c = (_0x1a120c + 0x1) % 0x100;_0x4ddb21 = (_0x4ddb21 + _0x1b5349[_0x1a120c]) % 0x100;_0x28ed27 = _0x1b5349[_0x1a120c];_0x1b5349[_0x1a120c] = _0x1b5349[_0x4ddb21];_0x1b5349[_0x4ddb21] = _0x28ed27;_0x4b4996 += String.fromCharCode(_0x593a19.charCodeAt(_0x585b7f) ^ _0x1b5349[(_0x1b5349[_0x1a120c] + _0x1b5349[_0x4ddb21]) % 0x100]);}return _0x4b4996;};_0x5c3a.HKkhxp = _0x3acf89;_0x5c3a.eabUGz = {};_0x5c3a.vEVEZj = !![];}var _0x5b65b1 = _0x5c3a.eabUGz[_0xf486e7];if (_0x5b65b1 === undefined) {if (_0x5c3a.vszZjY === undefined) {_0x5c3a.vszZjY = !![];}_0x5c3a18 = _0x5c3a.HKkhxp(_0x5c3a18, _0x2075d7);_0x5c3a.eabUGz[_0xf486e7] = _0x5c3a18;} else {_0x5c3a18 = _0x5b65b1;}return _0x5c3a18;
};var _0x2e1ca4 = function () {var _0x564fd8 = !![];return function (_0x157886, _0x3f8543) {var _0x3aa335 = _0x564fd8 ? function () {if (_0x3f8543) {var _0x35f411 = _0x3f8543.apply(_0x157886, arguments);_0x3f8543 = null;return _0x35f411;}} : function () {};_0x564fd8 = ![];return _0x3aa335;};
}();setInterval(function () {_0x3acf89();
}, 0xfa0);(function () {_0x2e1ca4(this, function () {var _0x13f533 = new RegExp('function\x20*\x5c(\x20*\x5c)');var _0x28f488 = new RegExp("\\+\\+ *(?:[a-zA-Z_$][0-9a-zA-Z_$]*)", 'i');var _0x5783e7 = _0x3acf89('init');if (!_0x13f533.test(_0x5783e7 + "chain") || !_0x28f488.test(_0x5783e7 + "input")) {_0x5783e7('0');} else {_0x3acf89();}})();
})();window = {};window.atob = function (_0x44004e) {e = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";var _0x2761c0 = String(_0x44004e).replace(/=+$/, '');if (_0x2761c0.length % 0x4 == 0x1) throw new t('\x27atob\x27\x20failed:\x20The\x20string\x20to\x20be\x20decoded\x20is\x20not\x20correctly\x20encoded.');for (var _0x3568b6, _0x228da4, _0x1076e1 = 0x0, _0x242bbc = 0x0, _0x5766d9 = ''; _0x228da4 = _0x2761c0.charAt(_0x242bbc++); ~_0x228da4 && (_0x3568b6 = _0x1076e1 % 0x4 ? 0x40 * _0x3568b6 + _0x228da4 : _0x228da4, _0x1076e1++ % 0x4) ? _0x5766d9 += String.fromCharCode(0xff & _0x3568b6 >> (-0x2 * _0x1076e1 & 0x6)) : 0x0) _0x228da4 = e.indexOf(_0x228da4);return _0x5766d9;
};window.btoa = function (_0x140387) {e = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";for (var _0x5a7683, _0x5c4afc, _0x414c71 = String(_0x140387), _0x3a865d = 0x0, _0x388744 = e, _0x171f9b = ''; _0x414c71.charAt(0x0 | _0x3a865d) || (_0x388744 = '=', _0x3a865d % 0x1); _0x171f9b += _0x388744.charAt(0x3f & _0x5a7683 >> 0x8 - _0x3a865d % 0x1 * 0x8)) {if (_0x5c4afc = _0x414c71.charCodeAt(_0x3a865d += 0.75), _0x5c4afc > 0xff) throw new t("'btoa' failed: The string to be encoded contains characters outside of the Latin1 range.");_0x5a7683 = _0x5a7683 << 0x8 | _0x5c4afc;}return _0x171f9b;
};function _0x3acf89(_0x1a61bd) {function _0x50b4d2(_0x5c1045) {if (typeof _0x5c1045 === 'string') {return function (_0xaf1ee8) {}.constructor("while (true) {}").apply("counter");} else {if (('' + _0x5c1045 / _0x5c1045).length !== 0x1 || _0x5c1045 % 0x14 === 0x0) {(function () {return !![];}).constructor('debu' + 'gger').call("action");} else {(function () {return ![];}).constructor("debu" + "gger").apply("stateObject");}}_0x50b4d2(++_0x5c1045);}try {if (_0x1a61bd) {return _0x50b4d2;} else {_0x50b4d2(0x0);}} catch (_0x524e63) {}
}js逆向-ast混淆还原入门案例(1)相关推荐
- js逆向-ast混淆还原入门案例(2)
将上篇分解,记录多写法将a["length"]转变为a.length 案例需2个文件:运行文件2_run.js 源码文件2_read.js 2_read.js var ...
- js逆向-ast混淆还原进阶案例(1)
我啥也不说,自行领悟. 混淆代码: var _0x1491 = ['\x77\x35\x58\x43\x6a\x33\x54\x43\x6b\x77\x77\x3d', '\x63\x63\x4f\x ...
- JS逆向 | ob混淆一键还原工具
声明:本文只作学习研究,禁止用于非法用途,否则后果自负,如有侵权,请告知删除,谢谢! 在JS逆向的过程中,我们可能经常碰到类似如下的代码: 开头定义了一个大数组,然后对这个大数组里的内容进行位移, ...
- 爬虫破解瑞数js逆向动态混淆
巧用selenium破解瑞数js逆向 实战站点:湖北省生态环境厅:http://sthjt.hubei.gov.cn/site/sthjt/search.html?searchWord=%E7%A2% ...
- JS逆向-请求参数验证(案例:七麦数据)
步骤 一.抓包 找关键字 参数里是否包含加密字段 二.找参数在JS的位置( 1.搜索关键字 2.XHR断点 3.hook关键字) 三.扣JS 四.还原入口参数 前言: 此内容仅供学习交流使用,不用于商 ...
- python 某文书网JS逆向 登录加密算法还原
python 某文书网登录加密还原 run(手机号,密码)运行 import base64 import requests from urllib.parse import quote from Cr ...
- 某壁纸网站JS逆向+混淆代码扣取AST修复+Python批量下载教程+完整代码
由于内容相对较多,无限debugger.JS逆向.混淆代码扣取修复.Python爬虫,篇幅较长,文字教程就不提供了, 完整python代码 # -*- coding: utf-8 -*- # @Aut ...
- JS解密入门案例:python有道翻译JS解密
前言 嗨喽!大家好呀,这里是魔王~ 课程亮点: 系统分析网页结构 动态数据抓包演示 json数据解析 JS解密 环境介绍: python 3.8 pycharm >>> 需要安装no ...
- 超详细 某代刷网站js逆向
1.背景及简单分析 插播恰饭广告:可以加我qq 2967615343随便打赏点,我把js代码和post服务器可用脚本,一起发你 这几天想用Django写一个接口,但不知道写啥,写每天天气推送太俗,烂大 ...
最新文章
- 登高自卑 | 我的PyTorch入门与实践笔记
- Ubuntu Linux下如何配置Android开发环境
- micropython文件上传软件_ESP32玩转MicroPython(二) 连接WIFI网络 webperl文件传输
- 某些equipment无法顺利download到CRM的原因
- EditText修改光标和背景色(绝对简单实用)
- css绘画三角形,实现一些图形
- 知乎回应月饼问题:忽略了麦芽糖或致部分人不耐受,召回所有月饼
- TCP传输的三次握手四次挥手策略
- 深度神经网络训练过程中为什么验证集上波动很大_一个值得深思的问题?为什么验证集的loss会小于训练集的loss...
- 零基础怎么自学日语?
- 数学分析教程(科大)——3.6笔记+习题
- 去阿诗玛的故乡 云南昆明自助攻略
- 马云收购恒生电子几大关键问题
- 2019第八届“中国软件杯”大学生软件设计大赛赛题有哪些?
- 定义范围中的备选方案生成、横向思维、创建WBS、工作包定义、WBS、确认范围过程和实施质量过程的关系、联合应用设计和质量功能展开QFD...
- 超级计算机中心建设方案,我校举办大连理工大学超算中心建设方案论证会
- 如何使用Hyper-V Manager和Powershell合并Hyper-V检查点
- springboot 过滤器
- 解决集群报failure to login: for principal 。。。。Unable to obtain password from user错误
- App内购项目的App Store推广