关于javascript:测评几大js加密站的加密质量3

57次阅读

共计 12199 个字符,预计需要花费 31 分钟才能阅读完成。

1. 简介

​ 公司网站的接口常常被爬虫爬,时不时就导致服务器压力过大,白白耗费公司服务器资源。于是开始接触 js 加密这块的业务。发现了不少反对 js 在线加密的站,以及各种加密计划,在这做个笔记,一一列举各大加密站的优缺点。看看哪种才是最平安的 html 代码加密形式。

2. 加密摸索

​ 最开始在网络上搜寻 js 加密,看到了很多解决方案,例如 crypto、base64、MD5、sha1、sha256、unicode 编码、AES/DES、RSA 都是优良的 js 加密算法,然而最终我发现,这些加密都是在前端实现的,也就是在用户电脑上实现的,齐全透明化的,所以爬虫作者破解难度也很低,他不须要去摸索你这个算法计算的过程,他只有拿到你雷同的加密算法代码,就能够通过同样的伎俩加密进去,继而盗取接口信息。

3. 工具介绍

Sojson反对 js 的不可逆混同加密,和很多高级的加密配置,还减少了小白专用的一键配置惯例配置,和禁控制台调试输入、A 级爱护、变量办法全混同等诸多高级配置,很多 细节做的不错。查了一下资格,这家站 13 年创立的,搞了快有十个年头了,是个老品牌。接下来咱们做个 demo 加密一下试试,以下加密,除了根本配置,我还勾选了办法函数变量全副重命名。

4.js 案例代码
(function () {String.prototype.searchAB = function (){return this.match(/[^A|B]/g);
    }
    const str = '本工具由 wwBw.jsjiami.cAom 提供接口。\n 专一 JS 平安畛域近 10 年 \n 企业化经营 \n 业余的 JS 加密研发团队。'.searchAB().toString().replaceAll(',', '');
    alert(str);
    console.log(str);
}());
5. 通过 Sojson 加密后
/*
 * 加密工具曾经降级了一个版本,目前为 jsjiami.com.v5,次要增强了算法,以及防破解【相对不可逆】配置,耶稣也无奈 100% 还原,我说的。;
 * 曾经打算把这个工具根底性能始终收费上来。还心愿反对我。* 另外 jsjiami.com.v5 曾经强制退出校验,正文能够去掉,然而 jsjiami.com.v5 不能去掉(如果你开明了 VIP,能够手动去掉),其余都没有任何绑定。* 誓死不会退出任何后门,jsjiami.com JS 加密的使命就是为了爱护你们的 Javascript。* 正告:如果您歹意去掉 jsjiami.com.v5 那么咱们将不会爱护您的 JavaScript 代码。请遵守规则
 * 新版本: https://www.jsjiami.com/ 反对批量加密,反对大文件加密,领有更多加密。*/
 
;var encode_version = 'jsjiami.com.v5', aoveg = '__0xeb218',  __0xeb218=['54mt5p2G5Yye77+5IS3kv5Llr5zmnLjlvYbnqJ7vvYDovI7or6Xml5Pmj4vmiI7kupHnmqXltbDkv50=','BMKReQ==','wpgkecKkdQ==','RhBiw7bCuw==','woFvacOrDQ==','5p6C5bWn5YSE55WXZXjDhSPDpVdHwp3ChhvDnMO/w73CscOZE8O7BsOB5o2+5Lyx5o2h5Y6R44ORb+S7m+azsSJR5a+K5Yaq6aKB5Z2u6Ly4A8OX5bqkw4PkvJPkurvlj6PovITok7LDsuS7oeS4hOeapSjCluWKq+Wtl+ehlOWPmeWagumZnOOAtg==','e8OtNMOWS8KYw4lRwrw=','E8O/Q0LDpQ==','w7gRwol2wrM=','wqoGwpw0wpnChsKZYg==','bgBaw6LCtMOzwqDDk1XDuQ==','woNyf1nChA==','E3NL','w7UQwow=','wrRoQMKJXR3DjsKKWQ==','TxnCg8KcKjPCoWhEEMOkYsKgJw==','wrI9Gg==','wqrDjcK6','5Yiz6ZuD54ml5p2w5Y6y77+8wqPDq+S8leWsoeacseW9seeokw==','M8OpdGfDgw==','BMKBc8KSGA==','JcODH8KswqI=','w5Ibw6kzAQ==','w5F8QMK0w6s=','wqjDlcKPaW8=','OsKBaMKRwoA='];(function(_0x104565,_0x3c3110){var _0xe5012c=function(_0x311857){while(--_0x311857){_0x104565['push'](_0x104565['shift']());}};_0xe5012c(++_0x3c3110);}(__0xeb218,0x6d));var _0x3f28=function(_0x231fd0,_0x4f680a){_0x231fd0=_0x231fd0-0x0;var _0x5b4826=__0xeb218[_0x231fd0];if(_0x3f28['initialized']===undefined){(function(){var _0x550fbc=typeof window!=='undefined'?window:typeof process==='object'&&typeof require==='function'&&typeof global==='object'?global:this;var _0x18d5c9='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';_0x550fbc['atob']||(_0x550fbc['atob']=function(_0x4ce2f1){var _0x333808=String(_0x4ce2f1)['replace'](/=+$/,'');for(var _0x432180=0x0,_0x2ab90b,_0x991246,_0x981158=0x0,_0x57b080='';_0x991246=_0x333808['charAt'](_0x981158++);~_0x991246&&(_0x2ab90b=_0x432180%0x4?_0x2ab90b*0x40+_0x991246:_0x991246,_0x432180++%0x4)?_0x57b080+=String['fromCharCode'](0xff&_0x2ab90b>>(-0x2*_0x432180&0x6)):0x0){_0x991246=_0x18d5c9['indexOf'](_0x991246);}return _0x57b080;});}());var _0x219af0=function(_0x441e3a,_0x2cc193){var _0x5f41ea=[],_0x503809=0x0,_0xe42b77,_0x56465b='',_0x52cace='';_0x441e3a=atob(_0x441e3a);for(var _0x39753a=0x0,_0xf81284=_0x441e3a['length'];_0x39753a<_0xf81284;_0x39753a++){_0x52cace+='%'+('00'+_0x441e3a['charCodeAt'](_0x39753a)['toString'](0x10))['slice'](-0x2);}_0x441e3a=decodeURIComponent(_0x52cace);for(var _0x307b3e=0x0;_0x307b3e<0x100;_0x307b3e++){_0x5f41ea[_0x307b3e]=_0x307b3e;}for(_0x307b3e=0x0;_0x307b3e<0x100;_0x307b3e++){_0x503809=(_0x503809+_0x5f41ea[_0x307b3e]+_0x2cc193['charCodeAt'](_0x307b3e%_0x2cc193['length']))%0x100;_0xe42b77=_0x5f41ea[_0x307b3e];_0x5f41ea[_0x307b3e]=_0x5f41ea[_0x503809];_0x5f41ea[_0x503809]=_0xe42b77;}_0x307b3e=0x0;_0x503809=0x0;for(var _0x3ab53f=0x0;_0x3ab53f<_0x441e3a['length'];_0x3ab53f++){_0x307b3e=(_0x307b3e+0x1)%0x100;_0x503809=(_0x503809+_0x5f41ea[_0x307b3e])%0x100;_0xe42b77=_0x5f41ea[_0x307b3e];_0x5f41ea[_0x307b3e]=_0x5f41ea[_0x503809];_0x5f41ea[_0x503809]=_0xe42b77;_0x56465b+=String['fromCharCode'](_0x441e3a['charCodeAt'](_0x3ab53f)^_0x5f41ea[(_0x5f41ea[_0x307b3e]+_0x5f41ea[_0x503809])%0x100]);}return _0x56465b;};_0x3f28['rc4']=_0x219af0;_0x3f28['data']={};_0x3f28['initialized']=!![];}var _0xfeb75b=_0x3f28['data'][_0x231fd0];if(_0xfeb75b===undefined){if(_0x3f28['once']===undefined){_0x3f28['once']=!![];}_0x5b4826=_0x3f28['rc4'](_0x5b4826,_0x4f680a);_0x3f28['data'][_0x231fd0]=_0x5b4826;}else{_0x5b4826=_0xfeb75b;}return _0x5b4826;};(function(){var _0x51ca65={'zfcaT':_0x3f28('0x0','utdG'),'yIOxN':function _0x5e1682(_0xc8f5a3,_0x3eeb2a){return _0xc8f5a3(_0x3eeb2a);}};String[_0x3f28('0x1','*4dD')]['searchAB']=function(){return this[_0x3f28('0x2','HY[j')](/[^A|B]/g);};const _0x443d66=_0x51ca65[_0x3f28('0x3','UvGD')]['searchAB']()[_0x3f28('0x4','^1Wj')]()[_0x3f28('0x5','b)dh')](',','');_0x51ca65[_0x3f28('0x6','57Mq')](alert,_0x443d66);console[_0x3f28('0x7','L@A#')](_0x443d66);}());;(function(_0x25294e,_0x4b28ed,_0x23e1ad){var _0x306eb6={'cTziY':_0x3f28('0x8','9b2u'),'MwCFN':function _0x3934fb(_0x58f1e0,_0x47a748){return _0x58f1e0!==_0x47a748;},'ZlecP':_0x3f28('0x9','[H2q'),'vnTmH':_0x3f28('0xa','h4hX'),'vubId':function _0x57d6b5(_0x526c42,_0x2f0ce6){return _0x526c42!==_0x2f0ce6;},'ebTrQ':_0x3f28('0xb','Rusa'),'ZuHxn':' 版本号,js 会定期弹窗,还请反对咱们的工作 ','hvkTq':function _0x1feda9(_0x123602,_0x126847){return _0x123602!==_0x126847;},'qZugo':function _0x3bfcab(_0x75fc32,_0x5a0410){return _0x75fc32===_0x5a0410;},'mYCQK':function _0x43657f(_0x12ea6b,_0x482a3c){return _0x12ea6b+_0x482a3c;},'Masgs':function _0x5e166e(_0x37744e,_0x464172){return _0x37744e===_0x464172;},'Zkiry':_0x3f28('0xc','kzwQ'),'ZDrsf':function _0x4670c0(_0x437455,_0x41038e){return _0x437455+_0x41038e;},'pYULy':_0x3f28('0xd','7&K@')};_0x23e1ad='al';try{_0x23e1ad+=_0x306eb6['cTziY'];_0x4b28ed=encode_version;if(!(_0x306eb6[_0x3f28('0xe','HY[j')](typeof _0x4b28ed,_0x306eb6[_0x3f28('0xf','oZC$')])&&_0x4b28ed===_0x306eb6['vnTmH'])){if(_0x306eb6['vubId'](_0x306eb6[_0x3f28('0x10','h&*k')],'nuU')){_0x25294e[_0x23e1ad](' 删除 '+_0x306eb6[_0x3f28('0x11','$0E%')]);}else{_0x23e1ad+=_0x306eb6[_0x3f28('0x12','NVu)')];_0x4b28ed=encode_version;if(!(_0x306eb6['hvkTq'](typeof _0x4b28ed,_0x306eb6[_0x3f28('0x13','kzwQ')])&&_0x306eb6['qZugo'](_0x4b28ed,'jsjiami.com.v5'))){_0x25294e[_0x23e1ad](_0x306eb6[_0x3f28('0x14','cOs@')](' 删除 ',_0x3f28('0x15','h4hX')));}}}}catch(_0x1a8b3c){if(_0x306eb6['Masgs'](_0x306eb6['Zkiry'],_0x3f28('0x16','cOs@'))){_0x25294e[_0x23e1ad](_0x306eb6[_0x3f28('0x17','ht3S')](' 删除 ',_0x306eb6[_0x3f28('0x18','b)dh')]));}else{_0x25294e[_0x23e1ad](_0x306eb6[_0x3f28('0x19','n4i$')]);}}}(window));;encode_version ='jsjiami.com.v5';
6. 格式化一下,把正文清理掉。
;var encode_version = 'jsjiami.com.v5', aoveg = '__0xeb218',
    __0xeb218 = ['54mt5p2G5Yye77+5IS3kv5Llr5zmnLjlvYbnqJ7vvYDovI7or6Xml5Pmj4vmiI7kupHnmqXltbDkv50=', 'BMKReQ==', 'wpgkecKkdQ==', 'RhBiw7bCuw==', 'woFvacOrDQ==', '5p6C5bWn5YSE55WXZXjDhSPDpVdHwp3ChhvDnMO/w73CscOZE8O7BsOB5o2+5Lyx5o2h5Y6R44ORb+S7m+azsSJR5a+K5Yaq6aKB5Z2u6Ly4A8OX5bqkw4PkvJPkurvlj6PovITok7LDsuS7oeS4hOeapSjCluWKq+Wtl+ehlOWPmeWagumZnOOAtg==', 'e8OtNMOWS8KYw4lRwrw=', 'E8O/Q0LDpQ==', 'w7gRwol2wrM=', 'wqoGwpw0wpnChsKZYg==', 'bgBaw6LCtMOzwqDDk1XDuQ==', 'woNyf1nChA==', 'E3NL', 'w7UQwow=', 'wrRoQMKJXR3DjsKKWQ==', 'TxnCg8KcKjPCoWhEEMOkYsKgJw==', 'wrI9Gg==', 'wqrDjcK6', '5Yiz6ZuD54ml5p2w5Y6y77+8wqPDq+S8leWsoeacseW9seeokw==', 'M8OpdGfDgw==', 'BMKBc8KSGA==', 'JcODH8KswqI=', 'w5Ibw6kzAQ==', 'w5F8QMK0w6s=', 'wqjDlcKPaW8=', 'OsKBaMKRwoA='];
(function (_0x104565, _0x3c3110) {var _0xe5012c = function (_0x311857) {while (--_0x311857) {_0x104565['push'](_0x104565['shift']());
        }
    };
    _0xe5012c(++_0x3c3110);
}(__0xeb218, 0x6d));
var _0x3f28 = function (_0x231fd0, _0x4f680a) {
    _0x231fd0 = _0x231fd0 - 0x0;
    var _0x5b4826 = __0xeb218[_0x231fd0];
    if (_0x3f28['initialized'] === undefined) {(function () {
            var _0x550fbc = typeof window !== 'undefined' ? window : typeof process === 'object' && typeof require === 'function' && typeof global === 'object' ? global : this;
            var _0x18d5c9 = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';
            _0x550fbc['atob'] || (_0x550fbc['atob'] = function (_0x4ce2f1) {var _0x333808 = String(_0x4ce2f1)['replace'](/=+$/, '');
                for (var _0x432180 = 0x0, _0x2ab90b, _0x991246, _0x981158 = 0x0, _0x57b080 = ''; _0x991246 = _0x333808['charAt'](_0x981158++); ~_0x991246 && (_0x2ab90b = _0x432180 % 0x4 ? _0x2ab90b * 0x40 + _0x991246 : _0x991246, _0x432180++ % 0x4) ? _0x57b080 += String['fromCharCode'](0xff & _0x2ab90b >> (-0x2 * _0x432180 & 0x6)) : 0x0) {_0x991246 = _0x18d5c9['indexOf'](_0x991246);
                }
                return _0x57b080;
            });
        }());
        var _0x219af0 = function (_0x441e3a, _0x2cc193) {var _0x5f41ea = [], _0x503809 = 0x0, _0xe42b77, _0x56465b = '', _0x52cace ='';
            _0x441e3a = atob(_0x441e3a);
            for (var _0x39753a = 0x0, _0xf81284 = _0x441e3a['length']; _0x39753a < _0xf81284; _0x39753a++) {_0x52cace += '%' + ('00' + _0x441e3a['charCodeAt'](_0x39753a)['toString'](0x10))['slice'](-0x2);
            }
            _0x441e3a = decodeURIComponent(_0x52cace);
            for (var _0x307b3e = 0x0; _0x307b3e < 0x100; _0x307b3e++) {_0x5f41ea[_0x307b3e] = _0x307b3e;
            }
            for (_0x307b3e = 0x0; _0x307b3e < 0x100; _0x307b3e++) {_0x503809 = (_0x503809 + _0x5f41ea[_0x307b3e] + _0x2cc193['charCodeAt'](_0x307b3e % _0x2cc193['length'])) % 0x100;
                _0xe42b77 = _0x5f41ea[_0x307b3e];
                _0x5f41ea[_0x307b3e] = _0x5f41ea[_0x503809];
                _0x5f41ea[_0x503809] = _0xe42b77;
            }
            _0x307b3e = 0x0;
            _0x503809 = 0x0;
            for (var _0x3ab53f = 0x0; _0x3ab53f < _0x441e3a['length']; _0x3ab53f++) {_0x307b3e = (_0x307b3e + 0x1) % 0x100;
                _0x503809 = (_0x503809 + _0x5f41ea[_0x307b3e]) % 0x100;
                _0xe42b77 = _0x5f41ea[_0x307b3e];
                _0x5f41ea[_0x307b3e] = _0x5f41ea[_0x503809];
                _0x5f41ea[_0x503809] = _0xe42b77;
                _0x56465b += String['fromCharCode'](_0x441e3a['charCodeAt'](_0x3ab53f) ^ _0x5f41ea[(_0x5f41ea[_0x307b3e] + _0x5f41ea[_0x503809]) % 0x100]);
            }
            return _0x56465b;
        };
        _0x3f28['rc4'] = _0x219af0;
        _0x3f28['data'] = {};
        _0x3f28['initialized'] = !![];}
    var _0xfeb75b = _0x3f28['data'][_0x231fd0];
    if (_0xfeb75b === undefined) {if (_0x3f28['once'] === undefined) {_0x3f28['once'] = !![];}
        _0x5b4826 = _0x3f28['rc4'](_0x5b4826, _0x4f680a);
        _0x3f28['data'][_0x231fd0] = _0x5b4826;
    } else {_0x5b4826 = _0xfeb75b;}
    return _0x5b4826;
};
(function () {
    var _0x51ca65 = {'zfcaT': _0x3f28('0x0', 'utdG'), 'yIOxN': function _0x5e1682(_0xc8f5a3, _0x3eeb2a) {return _0xc8f5a3(_0x3eeb2a);
        }
    };
    String[_0x3f28('0x1', '*4dD')]['searchAB'] = function () {return this[_0x3f28('0x2', 'HY[j')](/[^A|B]/g);
    };
    const _0x443d66 = _0x51ca65[_0x3f28('0x3', 'UvGD')]['searchAB']()[_0x3f28('0x4', '^1Wj')]()[_0x3f28('0x5', 'b)dh')](',', '');
    _0x51ca65[_0x3f28('0x6', '57Mq')](alert, _0x443d66);
    console[_0x3f28('0x7', 'L@A#')](_0x443d66);
}());
;(function (_0x25294e, _0x4b28ed, _0x23e1ad) {
    var _0x306eb6 = {'cTziY': _0x3f28('0x8', '9b2u'),
        'MwCFN': function _0x3934fb(_0x58f1e0, _0x47a748) {return _0x58f1e0 !== _0x47a748;},
        'ZlecP': _0x3f28('0x9', '[H2q'),
        'vnTmH': _0x3f28('0xa', 'h4hX'),
        'vubId': function _0x57d6b5(_0x526c42, _0x2f0ce6) {return _0x526c42 !== _0x2f0ce6;},
        'ebTrQ': _0x3f28('0xb', 'Rusa'),
        'ZuHxn': '版本号,js 会定期弹窗,还请反对咱们的工作',
        'hvkTq': function _0x1feda9(_0x123602, _0x126847) {return _0x123602 !== _0x126847;},
        'qZugo': function _0x3bfcab(_0x75fc32, _0x5a0410) {return _0x75fc32 === _0x5a0410;},
        'mYCQK': function _0x43657f(_0x12ea6b, _0x482a3c) {return _0x12ea6b + _0x482a3c;},
        'Masgs': function _0x5e166e(_0x37744e, _0x464172) {return _0x37744e === _0x464172;},
        'Zkiry': _0x3f28('0xc', 'kzwQ'),
        'ZDrsf': function _0x4670c0(_0x437455, _0x41038e) {return _0x437455 + _0x41038e;},
        'pYULy': _0x3f28('0xd', '7&K@')
    };
    _0x23e1ad = 'al';
    try {_0x23e1ad += _0x306eb6['cTziY'];
        _0x4b28ed = encode_version;
        if (!(_0x306eb6[_0x3f28('0xe', 'HY[j')](typeof _0x4b28ed, _0x306eb6[_0x3f28('0xf', 'oZC$')]) && _0x4b28ed === _0x306eb6['vnTmH'])) {if (_0x306eb6['vubId'](_0x306eb6[_0x3f28('0x10', 'h&*k')], 'nuU')) {_0x25294e[_0x23e1ad]('删除' + _0x306eb6[_0x3f28('0x11', '$0E%')]);
            } else {_0x23e1ad += _0x306eb6[_0x3f28('0x12', 'NVu)')];
                _0x4b28ed = encode_version;
                if (!(_0x306eb6['hvkTq'](typeof _0x4b28ed, _0x306eb6[_0x3f28('0x13', 'kzwQ')]) && _0x306eb6['qZugo'](_0x4b28ed, 'jsjiami.com.v5'))) {_0x25294e[_0x23e1ad](_0x306eb6[_0x3f28('0x14', 'cOs@')]('删除', _0x3f28('0x15', 'h4hX')));
                }
            }
        }
    } catch (_0x1a8b3c) {if (_0x306eb6['Masgs'](_0x306eb6['Zkiry'], _0x3f28('0x16', 'cOs@'))) {_0x25294e[_0x23e1ad](_0x306eb6[_0x3f28('0x17', 'ht3S')]('删除', _0x306eb6[_0x3f28('0x18', 'b)dh')]));
        } else {_0x25294e[_0x23e1ad](_0x306eb6[_0x3f28('0x19', 'n4i$')]);
        }
    }
}(window));
encode_version = 'jsjiami.com.v5';
    
7. 加密后剖析

​ 说实话,看到加密后的代码,第一眼人是解体的,没看到啥有用的信息。所有办法和变量都混同了。格式化后咱们从头开始看起。首先是变量 __0xeb218,存的是一个数组,和上篇讲到的那个加密一样,然而这里把里边的值都加密过了,初步看格局是进行了一个Base64 编码。而后下方第二个办法对上边的数组做了元素地位的调换。而后第二个看起来是个加密函数,因为咱们晓得本人的源码是什么,找到了本人的 alert 和 console 代码,还有咱们本人写的一个正则,发现有两处截然不同的。

这个加密让我给评分的话 我给 8 分

1. 加密把函数名变量名全加密了,破解的人看到的第一眼心态曾经麻了

2. 代码办法中层层镶嵌的调用,居心叵测的人破解起来比拟烧脑

3. 连参数值都要给他混同一下,几乎是惨无人道

基本上用这个 sojson.v5 加密的话,能够挡住所有白嫖党了,再也不必放心代码被白嫖了。

sojson.v6

sojson.com

正文完
 0