共计 3256 个字符,预计需要花费 9 分钟才能阅读完成。
0x0. 背景
敌人是做跨境电商的,他们属于第一批吃瓜人,赚的盆满钵满的,最近又有新我的项目找我帮忙,手头有一份很有价值的 js 须要我帮忙解密,拿到手一看,是 FB 的 js,这些跨境电商人,每时每刻都在和脸书做奋斗。废话不多说了,因为数据敏感,只上局部代码。
0x1.JS 加密代码
| function _0x43d021(_0x2ab70a) { | |
| const _0x433021 = _0x5380; | |
| try { | |
| let _0x583dc2 = ''; | |
| if (msgInput != null) {InputTipsMsg('', _0x433021(0xba), _0x2ab70a['target']); | |
| if (_0x2ab70a['target']['className'] === _0x433021(0x85)) {_0x583dc2 = _0x2ab70a['target']['children'][0x3ab29 ^ 0x3ab29]['children'][0x0]['children'][0x61b16 ^ 0x61b16]['children'][0xcce8b ^ 0xcce8b]['children'][0xa1ac9 ^ 0xa1ac9]['innerText']; | |
| } else {_0x583dc2 = msgInput['value']; | |
| } | |
| if (__DisableSendTT || _0x583dc2 === '') {setTimeout(() => {sendButton['click'](); | |
| sendLock = ![];}, 0x1); | |
| } | |
| InputTipsMsg(_0x433021(0x27), _0x433021(0xba), _0x2ab70a['target']); | |
| TranslateMessagesDirectly(_0x583dc2, function (_0x23bd0f) { | |
| const _0x53514b = _0x5380; | |
| const _0x137e18 = _0x84c3; | |
| let _0x550106 = GetRetStr(_0x23bd0f); | |
| if (_0x550106['indexOf'](_0x137e18(0x8d, 'd5pL')) === 0x0) {InputTipsMsg(_0x23bd0f['msg'] === undefined ? _0x137e18(0x12, 'IooP') : _0x23bd0f['msg'], _0x53514b(0x8e)); | |
| sendLock = ![];} else {if (_0x2ab70a['target']['className'] === _0x137e18(0xa2, '7$^@')) {_0x2ab70a['target']['children'][0xf0130 ^ 0xf0130]['children'][0x0]['children'][0x0]['children'][0x0]['children'][0x0]['innerText'] = _0x550106; | |
| FireMessageInputEvent(_0x2ab70a['target']); | |
| setTimeout(() => {sendLock = ![]; | |
| if (![] === detectChinese(_0x550106) || zh_translation_switch) {OnEnterKeyDown(_0x550106, _0x2ab70a['target']['children'][0x85e48 ^ 0x85e48]['children'][0x8d7d3 ^ 0x8d7d3]['children'][0x0]['children'][0x0]['children'][0x0]); | |
| } | |
| }, 0x5); | |
| } else {changeReactInputValue(msgInput, _0x550106); | |
| sendLock = ![]; | |
| setTimeout(() => {if (![] === detectChinese(msgInput['innerText']) || zh_translation_switch) {sendButton['click']();} | |
| }, 0x5); | |
| } | |
| InputTipsMsg(_0x137e18(0x79, 'myO('), _0x137e18(0x89, '4JF4'), _0x2ab70a['target']); | |
| } | |
| }, send_from, send_to); | |
| } | |
| } catch (_0x596ece) {sendLock = ![]; | |
| console['error'](_0x596ece); | |
| } | |
| } |
0x3. 代码剖析
从这部分代码能够看进去,变量名和办法名都通过了混同,属于中等难度的加密混同。
0x4. 代码解密
| function enterKeyDown(el) { | |
| try { | |
| let text = ''; | |
| if (msgInput != null) {InputTipsMsg('',"info", el.target); | |
| if (el.target.className === "notranslate _5rpu") {text = el.target.children[0].children[0].children[0].children[0].children[0].innerText; | |
| } else {text = msgInput.value;} | |
| if (__DisableSendTT || text === '') {setTimeout(() => {sendButton.click(); | |
| sendLock = false; | |
| }, 1); | |
| } | |
| InputTipsMsg("正在翻译中... 请勿频繁回车发送", "info", el.target); | |
| TranslateMessagesDirectly(text, function (res) {let retStr = GetRetStr(res); | |
| if (retStr.indexOf("error:") === 0) {InputTipsMsg(res.msg === undefined ? "服务谬误" : res.msg, "error"); | |
| sendLock = false; | |
| } else {if (el.target.className === "notranslate _5rpu") {el.target.children[0].children[0].children[0].children[0].children[0].innerText = retStr; | |
| FireMessageInputEvent(el.target); | |
| setTimeout(() => { | |
| sendLock = false; | |
| if (false === detectChinese(retStr) || zh_translation_switch) {OnEnterKeyDown(retStr, el.target.children[0].children[0].children[0].children[0].children[0]); | |
| } | |
| }, 5); | |
| } else {changeReactInputValue(msgInput, retStr); | |
| sendLock = false; | |
| setTimeout(() => {if (false === detectChinese(msgInput.innerText) || zh_translation_switch) {sendButton.click(); | |
| } | |
| }, 5); | |
| } | |
| InputTipsMsg("翻译胜利", "info", el.target); | |
| } | |
| }, send_from, send_to); | |
| } | |
| } catch (e) { | |
| sendLock = false; | |
| console.error(e); | |
| } | |
| } |
0x5. 结语
贴出来的这部分是不波及敏感信息的,这种 JS 加密属于中等难度的加密,须要人工手动去解,比拟费时费力。
如果你须要企业级的 JS 加密爱护,能够试试 jsjiami.com,里边收费的加密服务就曾经很厉害了,还有环境检测等更厉害的,不过须要 VIP。
如果有其余须要其余 JS 解密等 JS 相干的货色的也能够找站长定制。
正文完
发表至: javascript
2022-10-21
