关于javascript:纯手工解密几大在线js加密网站3

270次阅读

共计 12861 个字符,预计需要花费 33 分钟才能阅读完成。

0x0. 结尾

​ 续接上章,灵机一动想挨个破解一下各大 js 加密的网站,理解一下现有的 js 加密的逻辑。

0x1. 介绍

Sojson反对 js 的不可逆混同加密,和很多高级的加密配置,还减少了小白专用的一键配置惯例配置,和禁控制台调试输入、A 级爱护、变量办法全混同等诸多高级配置,很多 细节做的不错。查了一下资格,这家站 13 年创立的,搞了快有十个年头了,是个老品牌。接下来咱们做个 demo 加密一下试试,以下加密,除了根本配置,我还勾选了办法函数变量全副重命名。

0x2. 源代码
(function () {String.prototype.searchAB = function (){return this.match(/[^A|B]/g);
    }
    const str = '本工具由 wwBw.jsjiami.cAom 提供接口。\n 专一 JS 平安畛域近 10 年 \n 企业化经营 \n 业余的 JS 加密研发团队。'.searchAB().toString().replaceAll(',', '');
    alert(str);
    console.log(str);
}());
0x3. 加密后
/*
 * 加密工具曾经降级了一个版本,目前为 jsjiami.com.v5,次要增强了算法,以及防破解【相对不可逆】配置,耶稣也无奈 100% 还原,我说的。;
 * 曾经打算把这个工具根底性能始终收费上来。还心愿反对我。* 另外 jsjiami.com.v5 曾经强制退出校验,正文能够去掉,然而 jsjiami.com.v5 不能去掉(如果你开明了 VIP,能够手动去掉),其余都没有任何绑定。* 誓死不会退出任何后门,jsjiami.com JS 加密的使命就是为了爱护你们的 Javascript。* 正告:如果您歹意去掉 jsjiami.com.v5 那么咱们将不会爱护您的 JavaScript 代码。请遵守规则
 * 新版本: https://www.jsjiami.com/ 反对批量加密,反对大文件加密,领有更多加密。*/

;var encode_version = 'jsjiami.com.v5', nayxk = '__0xeb23e',  __0xeb23e=['IXYRHEI=','CCYiIcOu','GsK8wowTHQ==','54mM5p2X5YyJ77+CaHbkvbzlrJPmnpDlv6XnqrLvv5rovLHorLvmlbbmj7bmi53kuoHnmoLltobkvpo=','woPDvz0=','5p+W5bWs5Ya+55SSw6LCoggiLEM/woXCr8ONwqHCvcKXacK0Y8KDSTPmjazkv7DmjIDljZjjg7TCjeS4lOayhMKawrflr43lh5npobzlnozovIPDrsKE5bqJw6/kv4/ku4Dlj5zovabok4HDieS5muS4kueblxER5Yim5ayS56OQ5Y2U5ZqX6ZmQ44G+','SgBZNxA=','wpHDhhvDumI=','w6vDsy7CusOJ','wqAJw7VaNMOZwpPCmMO1','w48dwrXCtMOQ','K3jDi8ODw5tMwrfChg==','woTDmQ/DjQQ=','wojDqDTDjFDDocOfwpY=','wpIAMiPDvgptwoQ=','KcO/N1tcSEViwqHCrA==','w4nDgMOr','54qC5p+/5Y+Q77y6WsOY5L2N5ayf5p6w5byq56ms77276L226K6i5paq5oya5oin5LuK55qC5bW95Lyh','5Yuz6ZqH54qh5p2Y5Y6d77+QwpRy5L2s5a6n5p+F5byU56qQ','PCjDoDkawr5gcXDDrMKDwq7ChFE=','wrjDtzLDjxE=','w7J+IcOlwok=','RHkTYC4=','LMKlwo0pBw==','LmBfa8Kh','MDAeOMOq','wp/DmyvDmyU=','cFrCvSDCnQ=='];(function(_0x4fe50f,_0x1873df){var _0x13858f=function(_0x5e0bfd){while(--_0x5e0bfd){_0x4fe50f['push'](_0x4fe50f['shift']());}};_0x13858f(++_0x1873df);}(__0xeb23e,0x1a8));var _0x283e=function(_0x27a5bc,_0x101af3){_0x27a5bc=_0x27a5bc-0x0;var _0x10bb4e=__0xeb23e[_0x27a5bc];if(_0x283e['initialized']===undefined){(function(){var _0x3a7cff=typeof window!=='undefined'?window:typeof process==='object'&&typeof require==='function'&&typeof global==='object'?global:this;var _0x132a83='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';_0x3a7cff['atob']||(_0x3a7cff['atob']=function(_0x1eb12d){var _0x106424=String(_0x1eb12d)['replace'](/=+$/,'');for(var _0x4a2000=0x0,_0x4726be,_0x4b15c7,_0x18229a=0x0,_0xb6f8e4='';_0x4b15c7=_0x106424['charAt'](_0x18229a++);~_0x4b15c7&&(_0x4726be=_0x4a2000%0x4?_0x4726be*0x40+_0x4b15c7:_0x4b15c7,_0x4a2000++%0x4)?_0xb6f8e4+=String['fromCharCode'](0xff&_0x4726be>>(-0x2*_0x4a2000&0x6)):0x0){_0x4b15c7=_0x132a83['indexOf'](_0x4b15c7);}return _0xb6f8e4;});}());var _0x5bdc07=function(_0x334a5b,_0x1635b7){var _0x43421f=[],_0x216485=0x0,_0xa7d60d,_0x5b8f1e='',_0x792d05='';_0x334a5b=atob(_0x334a5b);for(var _0xc451ca=0x0,_0xc846a3=_0x334a5b['length'];_0xc451ca<_0xc846a3;_0xc451ca++){_0x792d05+='%'+('00'+_0x334a5b['charCodeAt'](_0xc451ca)['toString'](0x10))['slice'](-0x2);}_0x334a5b=decodeURIComponent(_0x792d05);for(var _0x430013=0x0;_0x430013<0x100;_0x430013++){_0x43421f[_0x430013]=_0x430013;}for(_0x430013=0x0;_0x430013<0x100;_0x430013++){_0x216485=(_0x216485+_0x43421f[_0x430013]+_0x1635b7['charCodeAt'](_0x430013%_0x1635b7['length']))%0x100;_0xa7d60d=_0x43421f[_0x430013];_0x43421f[_0x430013]=_0x43421f[_0x216485];_0x43421f[_0x216485]=_0xa7d60d;}_0x430013=0x0;_0x216485=0x0;for(var _0x5bff45=0x0;_0x5bff45<_0x334a5b['length'];_0x5bff45++){_0x430013=(_0x430013+0x1)%0x100;_0x216485=(_0x216485+_0x43421f[_0x430013])%0x100;_0xa7d60d=_0x43421f[_0x430013];_0x43421f[_0x430013]=_0x43421f[_0x216485];_0x43421f[_0x216485]=_0xa7d60d;_0x5b8f1e+=String['fromCharCode'](_0x334a5b['charCodeAt'](_0x5bff45)^_0x43421f[(_0x43421f[_0x430013]+_0x43421f[_0x216485])%0x100]);}return _0x5b8f1e;};_0x283e['rc4']=_0x5bdc07;_0x283e['data']={};_0x283e['initialized']=!![];}var _0x52f150=_0x283e['data'][_0x27a5bc];if(_0x52f150===undefined){if(_0x283e['once']===undefined){_0x283e['once']=!![];}_0x10bb4e=_0x283e['rc4'](_0x10bb4e,_0x101af3);_0x283e['data'][_0x27a5bc]=_0x10bb4e;}else{_0x10bb4e=_0x52f150;}return _0x10bb4e;};(function(){var _0x555370={'wNKpT':function _0x5d77c1(_0x50f6c6,_0x50079e){return _0x50f6c6(_0x50079e);}};String['prototype']['searchAB']=function(){var _0x433705={'nczMX':function _0x36f6e4(_0x16f977,_0x13c64e){return _0x16f977===_0x13c64e;},'jKNDQ':_0x283e('0x0','ch)&'),'qfYEY':_0x283e('0x1','b6lp'),'Jjmrt':function _0x2094cd(_0x3a122a,_0xbf7144){return _0x3a122a(_0xbf7144);}};if(_0x433705[_0x283e('0x2','Bv8b')](_0x433705[_0x283e('0x3','ch)&')],_0x433705['jKNDQ'])){return this[_0x283e('0x4','2C5f')](/[^A|B]/g);}else{String[_0x283e('0x5','5npl')]['searchAB']=function(){return this[_0x283e('0x6','o@1r')](/[^A|B]/g);};const _0x2afd9f=_0x433705['qfYEY']['searchAB']()[_0x283e('0x7','b10M')]()['replaceAll'](',','');_0x433705[_0x283e('0x8','cuhX')](alert,_0x2afd9f);console['log'](_0x2afd9f);}};const _0x493c6e=' 本工具由 \x20wwBw.jsjiami.cAom\x20 提供接口。\x0a 专一 JS 平安畛域近 10 年 \x0a 企业化经营 \x0a 业余的 JS 加密研发团队。'[_0x283e('0x9','ch)&')]()[_0x283e('0xa','^Rl*')]()[_0x283e('0xb','FEg@')](',','');_0x555370['wNKpT'](alert,_0x493c6e);console['log'](_0x493c6e);}());;(function(_0x26a8bf,_0x1b3d22,_0x57167a){var _0x1ecaea={'vDPpa':function _0x4bbe24(_0x196798,_0x28ae00){return _0x196798===_0x28ae00;},'wVdMw':_0x283e('0xc','299L'),'HXEbb':'jGZ','YTjTR':'ert','Nhlic':function _0x59eb7e(_0x3ce965,_0x6ad683){return _0x3ce965!==_0x6ad683;},'oVWCQ':'undefined','QhIdU':function _0x3e047a(_0x218201,_0x37678c){return _0x218201+_0x37678c;},'WmmUB':_0x283e('0xd','9%A%'),'PfMev':_0x283e('0xe','eU!)'),'EZyiI':function _0x18d526(_0x187205,_0x1c45b1){return _0x187205===_0x1c45b1;},'NRlie':_0x283e('0xf','PVfY'),'xqmSy':function _0x51338a(_0x1ca5e1,_0x4fcbee){return _0x1ca5e1+_0x4fcbee;}};_0x57167a='al';try{if(_0x1ecaea[_0x283e('0x10','cuhX')](_0x1ecaea['wVdMw'],_0x1ecaea[_0x283e('0x11','ns*5')])){_0x57167a='al';try{_0x57167a+=_0x1ecaea[_0x283e('0x12','#xjn')];_0x1b3d22=encode_version;if(!(_0x1ecaea[_0x283e('0x13','AM@r')](typeof _0x1b3d22,_0x1ecaea[_0x283e('0x14','Ak*G')])&&_0x1ecaea[_0x283e('0x15','k4b2')](_0x1b3d22,'jsjiami.com.v5'))){_0x26a8bf[_0x57167a](_0x1ecaea[_0x283e('0x16','cuhX')]('删除',_0x1ecaea['WmmUB']));}}catch(_0x2c780a){_0x26a8bf[_0x57167a](_0x1ecaea[_0x283e('0x17','UwAd')]);}}else{_0x57167a+='ert';_0x1b3d22=encode_version;if(!(typeof _0x1b3d22!=='undefined'&&_0x1ecaea[_0x283e('0x18','jwV3')](_0x1b3d22,_0x1ecaea[_0x283e('0x19','k4b2')]))){_0x26a8bf[_0x57167a](_0x1ecaea[_0x283e('0x1a','AM@r')]('删除',_0x283e('0x1b','ge&n')));}}}catch(_0x46de5d){_0x26a8bf[_0x57167a]('删除版本号,js 会定期弹窗');}}(window));;encode_version = 'jsjiami.com.v5';
0x4. 格式化一下,去除正文。
;var encode_version = 'jsjiami.com.v5', nayxk = '__0xeb23e',
    __0xeb23e = ['IXYRHEI=', 'CCYiIcOu', 'GsK8wowTHQ==', '54mM5p2X5YyJ77+CaHbkvbzlrJPmnpDlv6XnqrLvv5rovLHorLvmlbbmj7bmi53kuoHnmoLltobkvpo=', 'woPDvz0=', '5p+W5bWs5Ya+55SSw6LCoggiLEM/woXCr8ONwqHCvcKXacK0Y8KDSTPmjazkv7DmjIDljZjjg7TCjeS4lOayhMKawrflr43lh5npobzlnozovIPDrsKE5bqJw6/kv4/ku4Dlj5zovabok4HDieS5muS4kueblxER5Yim5ayS56OQ5Y2U5ZqX6ZmQ44G+', 'SgBZNxA=', 'wpHDhhvDumI=', 'w6vDsy7CusOJ', 'wqAJw7VaNMOZwpPCmMO1', 'w48dwrXCtMOQ', 'K3jDi8ODw5tMwrfChg==', 'woTDmQ/DjQQ=', 'wojDqDTDjFDDocOfwpY=', 'wpIAMiPDvgptwoQ=', 'KcO/N1tcSEViwqHCrA==', 'w4nDgMOr', '54qC5p+/5Y+Q77y6WsOY5L2N5ayf5p6w5byq56ms77276L226K6i5paq5oya5oin5LuK55qC5bW95Lyh', '5Yuz6ZqH54qh5p2Y5Y6d77+QwpRy5L2s5a6n5p+F5byU56qQ', 'PCjDoDkawr5gcXDDrMKDwq7ChFE=', 'wrjDtzLDjxE=', 'w7J+IcOlwok=', 'RHkTYC4=', 'LMKlwo0pBw==', 'LmBfa8Kh', 'MDAeOMOq', 'wp/DmyvDmyU=', 'cFrCvSDCnQ=='];
(function (_0x4fe50f, _0x1873df) {var _0x13858f = function (_0x5e0bfd) {while (--_0x5e0bfd) {_0x4fe50f['push'](_0x4fe50f['shift']());
        }
    };
    _0x13858f(++_0x1873df);
}(__0xeb23e, 0x1a8));
var _0x283e = function (_0x27a5bc, _0x101af3) {
    _0x27a5bc = _0x27a5bc - 0x0;
    var _0x10bb4e = __0xeb23e[_0x27a5bc];
    if (_0x283e['initialized'] === undefined) {(function () {
            var _0x3a7cff = typeof window !== 'undefined' ? window : typeof process === 'object' && typeof require === 'function' && typeof global === 'object' ? global : this;
            var _0x132a83 = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';
            _0x3a7cff['atob'] || (_0x3a7cff['atob'] = function (_0x1eb12d) {var _0x106424 = String(_0x1eb12d)['replace'](/=+$/, '');
                for (var _0x4a2000 = 0x0, _0x4726be, _0x4b15c7, _0x18229a = 0x0, _0xb6f8e4 = ''; _0x4b15c7 = _0x106424['charAt'](_0x18229a++); ~_0x4b15c7 && (_0x4726be = _0x4a2000 % 0x4 ? _0x4726be * 0x40 + _0x4b15c7 : _0x4b15c7, _0x4a2000++ % 0x4) ? _0xb6f8e4 += String['fromCharCode'](0xff & _0x4726be >> (-0x2 * _0x4a2000 & 0x6)) : 0x0) {_0x4b15c7 = _0x132a83['indexOf'](_0x4b15c7);
                }
                return _0xb6f8e4;
            });
        }());
        var _0x5bdc07 = function (_0x334a5b, _0x1635b7) {var _0x43421f = [], _0x216485 = 0x0, _0xa7d60d, _0x5b8f1e = '', _0x792d05 ='';
            _0x334a5b = atob(_0x334a5b);
            for (var _0xc451ca = 0x0, _0xc846a3 = _0x334a5b['length']; _0xc451ca < _0xc846a3; _0xc451ca++) {_0x792d05 += '%' + ('00' + _0x334a5b['charCodeAt'](_0xc451ca)['toString'](0x10))['slice'](-0x2);
            }
            _0x334a5b = decodeURIComponent(_0x792d05);
            for (var _0x430013 = 0x0; _0x430013 < 0x100; _0x430013++) {_0x43421f[_0x430013] = _0x430013;
            }
            for (_0x430013 = 0x0; _0x430013 < 0x100; _0x430013++) {_0x216485 = (_0x216485 + _0x43421f[_0x430013] + _0x1635b7['charCodeAt'](_0x430013 % _0x1635b7['length'])) % 0x100;
                _0xa7d60d = _0x43421f[_0x430013];
                _0x43421f[_0x430013] = _0x43421f[_0x216485];
                _0x43421f[_0x216485] = _0xa7d60d;
            }
            _0x430013 = 0x0;
            _0x216485 = 0x0;
            for (var _0x5bff45 = 0x0; _0x5bff45 < _0x334a5b['length']; _0x5bff45++) {_0x430013 = (_0x430013 + 0x1) % 0x100;
                _0x216485 = (_0x216485 + _0x43421f[_0x430013]) % 0x100;
                _0xa7d60d = _0x43421f[_0x430013];
                _0x43421f[_0x430013] = _0x43421f[_0x216485];
                _0x43421f[_0x216485] = _0xa7d60d;
                _0x5b8f1e += String['fromCharCode'](_0x334a5b['charCodeAt'](_0x5bff45) ^ _0x43421f[(_0x43421f[_0x430013] + _0x43421f[_0x216485]) % 0x100]);
            }
            return _0x5b8f1e;
        };
        _0x283e['rc4'] = _0x5bdc07;
        _0x283e['data'] = {};
        _0x283e['initialized'] = !![];}
    var _0x52f150 = _0x283e['data'][_0x27a5bc];
    if (_0x52f150 === undefined) {if (_0x283e['once'] === undefined) {_0x283e['once'] = !![];}
        _0x10bb4e = _0x283e['rc4'](_0x10bb4e, _0x101af3);
        _0x283e['data'][_0x27a5bc] = _0x10bb4e;
    } else {_0x10bb4e = _0x52f150;}
    return _0x10bb4e;
};
(function () {
    var _0x555370 = {'wNKpT': function _0x5d77c1(_0x50f6c6, _0x50079e) {return _0x50f6c6(_0x50079e);
        }
    };
    String['prototype']['searchAB'] = function () {
        var _0x433705 = {'nczMX': function _0x36f6e4(_0x16f977, _0x13c64e) {return _0x16f977 === _0x13c64e;},
            'jKNDQ': _0x283e('0x0', 'ch)&'),
            'qfYEY': _0x283e('0x1', 'b6lp'),
            'Jjmrt': function _0x2094cd(_0x3a122a, _0xbf7144) {return _0x3a122a(_0xbf7144);
            }
        };
        if (_0x433705[_0x283e('0x2', 'Bv8b')](_0x433705[_0x283e('0x3', 'ch)&')], _0x433705['jKNDQ'])) {return this[_0x283e('0x4', '2C5f')](/[^A|B]/g);
        } else {String[_0x283e('0x5', '5npl')]['searchAB'] = function () {return this[_0x283e('0x6', 'o@1r')](/[^A|B]/g);
            };
            const _0x2afd9f = _0x433705['qfYEY']['searchAB']()[_0x283e('0x7', 'b10M')]()['replaceAll'](',', '');
            _0x433705[_0x283e('0x8', 'cuhX')](alert, _0x2afd9f);
            console['log'](_0x2afd9f);
        }
    };
    const _0x493c6e = '本工具由 \x20wwBw.jsjiami.cAom\x20 提供接口。\x0a 专一 JS 平安畛域近 10 年 \x0a 企业化经营 \x0a 业余的 JS 加密研发团队。'[_0x283e('0x9', 'ch)&')]()[_0x283e('0xa', '^Rl*')]()[_0x283e('0xb', 'FEg@')](',', '');
    _0x555370['wNKpT'](alert, _0x493c6e);
    console['log'](_0x493c6e);
}());
;(function (_0x26a8bf, _0x1b3d22, _0x57167a) {
    var _0x1ecaea = {'vDPpa': function _0x4bbe24(_0x196798, _0x28ae00) {return _0x196798 === _0x28ae00;},
        'wVdMw': _0x283e('0xc', '299L'),
        'HXEbb': 'jGZ',
        'YTjTR': 'ert',
        'Nhlic': function _0x59eb7e(_0x3ce965, _0x6ad683) {return _0x3ce965 !== _0x6ad683;},
        'oVWCQ': 'undefined',
        'QhIdU': function _0x3e047a(_0x218201, _0x37678c) {return _0x218201 + _0x37678c;},
        'WmmUB': _0x283e('0xd', '9%A%'),
        'PfMev': _0x283e('0xe', 'eU!)'),
        'EZyiI': function _0x18d526(_0x187205, _0x1c45b1) {return _0x187205 === _0x1c45b1;},
        'NRlie': _0x283e('0xf', 'PVfY'),
        'xqmSy': function _0x51338a(_0x1ca5e1, _0x4fcbee) {return _0x1ca5e1 + _0x4fcbee;}
    };
    _0x57167a = 'al';
    try {if (_0x1ecaea[_0x283e('0x10', 'cuhX')](_0x1ecaea['wVdMw'], _0x1ecaea[_0x283e('0x11', 'ns*5')])) {
            _0x57167a = 'al';
            try {_0x57167a += _0x1ecaea[_0x283e('0x12', '#xjn')];
                _0x1b3d22 = encode_version;
                if (!(_0x1ecaea[_0x283e('0x13', 'AM@r')](typeof _0x1b3d22, _0x1ecaea[_0x283e('0x14', 'Ak*G')]) && _0x1ecaea[_0x283e('0x15', 'k4b2')](_0x1b3d22, 'jsjiami.com.v5'))) {_0x26a8bf[_0x57167a](_0x1ecaea[_0x283e('0x16', 'cuhX')]('删除', _0x1ecaea['WmmUB']));
                }
            } catch (_0x2c780a) {_0x26a8bf[_0x57167a](_0x1ecaea[_0x283e('0x17', 'UwAd')]);
            }
        } else {
            _0x57167a += 'ert';
            _0x1b3d22 = encode_version;
            if (!(typeof _0x1b3d22 !== 'undefined' && _0x1ecaea[_0x283e('0x18', 'jwV3')](_0x1b3d22, _0x1ecaea[_0x283e('0x19', 'k4b2')]))) {_0x26a8bf[_0x57167a](_0x1ecaea[_0x283e('0x1a', 'AM@r')]('删除', _0x283e('0x1b', 'ge&n')));
            }
        }
    } catch (_0x46de5d) {_0x26a8bf[_0x57167a]('删除版本号,js 会定期弹窗');
    }
}(window));
encode_version = 'jsjiami.com.v5';
0x5. 加密后的代码剖析

大抵剖析一下加密后的代码都做了啥。将加密前后的代码做比照,代码体积从 9 行变成了 159 行,看起来还是不错的,比拟精简。__0xeb23e中的参数显著通过了加密,看字面量像是 base64,而后将 23e 的数组元素变换了地位。后边将代码打乱混同了。

0x6. 开始解密

首先咱们尝试将加密后的代码运行一遍,如果发现能够胜利运行,弹出了咱们想要的值,那加密就没问题,保障了功能性始终统一。各位能够将加密前后的代码,F12 调出浏览器开发者工具运行一下试试 结尾对数组参数的调整没什么看的,咱们先将结尾数组进行一个简略的解密,base64 解进去都是乱码。而后看后边的一个加密函数,看到那种 a~z 的串,根本都是加密函数了。而后剖析他的加密函数进行一个逆向。查看他做了什么。

大抵解密流程就是这样子

1. 剖析代码构造

2. 依据教训找到加密函数,剖析加密函数做了什么

3. 解出加密函数后就开始找代码主体,哪一块才是真正的业务代码。

0x7. 捷径

如果有小白看不懂的也没关系,其实也能够通过反对在线混同解密收费的工具 jsjiami.com 间接一键解密,能够说是 js 解密最快形式了。

正文完
 0