共计 3256 个字符,预计需要花费 9 分钟才能阅读完成。
0x0. 背景
敌人是做跨境电商的,他们属于第一批吃瓜人,赚的盆满钵满的,最近又有新我的项目找我帮忙,手头有一份很有价值的 js 须要我帮忙解密,拿到手一看,是 FB 的 js,这些跨境电商人,每时每刻都在和脸书做奋斗。废话不多说了,因为数据敏感,只上局部代码。
0x1.JS 加密代码
function _0x43d021(_0x2ab70a) {
const _0x433021 = _0x5380;
try {
let _0x583dc2 = '';
if (msgInput != null) {InputTipsMsg('', _0x433021(0xba), _0x2ab70a['target']);
if (_0x2ab70a['target']['className'] === _0x433021(0x85)) {_0x583dc2 = _0x2ab70a['target']['children'][0x3ab29 ^ 0x3ab29]['children'][0x0]['children'][0x61b16 ^ 0x61b16]['children'][0xcce8b ^ 0xcce8b]['children'][0xa1ac9 ^ 0xa1ac9]['innerText'];
} else {_0x583dc2 = msgInput['value'];
}
if (__DisableSendTT || _0x583dc2 === '') {setTimeout(() => {sendButton['click']();
sendLock = ![];}, 0x1);
}
InputTipsMsg(_0x433021(0x27), _0x433021(0xba), _0x2ab70a['target']);
TranslateMessagesDirectly(_0x583dc2, function (_0x23bd0f) {
const _0x53514b = _0x5380;
const _0x137e18 = _0x84c3;
let _0x550106 = GetRetStr(_0x23bd0f);
if (_0x550106['indexOf'](_0x137e18(0x8d, 'd5pL')) === 0x0) {InputTipsMsg(_0x23bd0f['msg'] === undefined ? _0x137e18(0x12, 'IooP') : _0x23bd0f['msg'], _0x53514b(0x8e));
sendLock = ![];} else {if (_0x2ab70a['target']['className'] === _0x137e18(0xa2, '7$^@')) {_0x2ab70a['target']['children'][0xf0130 ^ 0xf0130]['children'][0x0]['children'][0x0]['children'][0x0]['children'][0x0]['innerText'] = _0x550106;
FireMessageInputEvent(_0x2ab70a['target']);
setTimeout(() => {sendLock = ![];
if (![] === detectChinese(_0x550106) || zh_translation_switch) {OnEnterKeyDown(_0x550106, _0x2ab70a['target']['children'][0x85e48 ^ 0x85e48]['children'][0x8d7d3 ^ 0x8d7d3]['children'][0x0]['children'][0x0]['children'][0x0]);
}
}, 0x5);
} else {changeReactInputValue(msgInput, _0x550106);
sendLock = ![];
setTimeout(() => {if (![] === detectChinese(msgInput['innerText']) || zh_translation_switch) {sendButton['click']();}
}, 0x5);
}
InputTipsMsg(_0x137e18(0x79, 'myO('), _0x137e18(0x89, '4JF4'), _0x2ab70a['target']);
}
}, send_from, send_to);
}
} catch (_0x596ece) {sendLock = ![];
console['error'](_0x596ece);
}
}0x3. 代码剖析
从这部分代码能够看进去,变量名和办法名都通过了混同,属于中等难度的加密混同。
0x4. 代码解密
function enterKeyDown(el) {
try {
let text = '';
if (msgInput != null) {InputTipsMsg('',"info", el.target);
if (el.target.className === "notranslate _5rpu") {text = el.target.children[0].children[0].children[0].children[0].children[0].innerText;
} else {text = msgInput.value;}
if (__DisableSendTT || text === '') {setTimeout(() => {sendButton.click();
sendLock = false;
}, 1);
}
InputTipsMsg("正在翻译中... 请勿频繁回车发送", "info", el.target);
TranslateMessagesDirectly(text, function (res) {let retStr = GetRetStr(res);
if (retStr.indexOf("error:") === 0) {InputTipsMsg(res.msg === undefined ? "服务谬误" : res.msg, "error");
sendLock = false;
} else {if (el.target.className === "notranslate _5rpu") {el.target.children[0].children[0].children[0].children[0].children[0].innerText = retStr;
FireMessageInputEvent(el.target);
setTimeout(() => {
sendLock = false;
if (false === detectChinese(retStr) || zh_translation_switch) {OnEnterKeyDown(retStr, el.target.children[0].children[0].children[0].children[0].children[0]);
}
}, 5);
} else {changeReactInputValue(msgInput, retStr);
sendLock = false;
setTimeout(() => {if (false === detectChinese(msgInput.innerText) || zh_translation_switch) {sendButton.click();
}
}, 5);
}
InputTipsMsg("翻译胜利", "info", el.target);
}
}, send_from, send_to);
}
} catch (e) {
sendLock = false;
console.error(e);
}
}0x5. 结语
贴出来的这部分是不波及敏感信息的,这种 JS 加密属于中等难度的加密,须要人工手动去解,比拟费时费力。
如果你须要企业级的 JS 加密爱护,能够试试 jsjiami.com,里边收费的加密服务就曾经很厉害了,还有环境检测等更厉害的,不过须要 VIP。
如果有其余须要其余 JS 解密等 JS 相干的货色的也能够找站长定制。
正文完
发表至: javascript
2022-10-21
