关于javascript:facebook的js解密实战

46次阅读

共计 3256 个字符,预计需要花费 9 分钟才能阅读完成。

0x0. 背景

敌人是做跨境电商的,他们属于第一批吃瓜人,赚的盆满钵满的,最近又有新我的项目找我帮忙,手头有一份很有价值的 js 须要我帮忙解密,拿到手一看,是 FB 的 js,这些跨境电商人,每时每刻都在和脸书做奋斗。废话不多说了,因为数据敏感,只上局部代码。

0x1.JS 加密代码

function _0x43d021(_0x2ab70a) {
    const _0x433021 = _0x5380;
    try {
        let _0x583dc2 = '';
        if (msgInput != null) {InputTipsMsg('', _0x433021(0xba), _0x2ab70a['target']);
            if (_0x2ab70a['target']['className'] === _0x433021(0x85)) {_0x583dc2 = _0x2ab70a['target']['children'][0x3ab29 ^ 0x3ab29]['children'][0x0]['children'][0x61b16 ^ 0x61b16]['children'][0xcce8b ^ 0xcce8b]['children'][0xa1ac9 ^ 0xa1ac9]['innerText'];
            } else {_0x583dc2 = msgInput['value'];
            }
            if (__DisableSendTT || _0x583dc2 === '') {setTimeout(() => {sendButton['click']();
                    sendLock = ![];}, 0x1);
            }
            InputTipsMsg(_0x433021(0x27), _0x433021(0xba), _0x2ab70a['target']);
            TranslateMessagesDirectly(_0x583dc2, function (_0x23bd0f) {
                const _0x53514b = _0x5380;
                const _0x137e18 = _0x84c3;
                let _0x550106 = GetRetStr(_0x23bd0f);
                if (_0x550106['indexOf'](_0x137e18(0x8d, 'd5pL')) === 0x0) {InputTipsMsg(_0x23bd0f['msg'] === undefined ? _0x137e18(0x12, 'IooP') : _0x23bd0f['msg'], _0x53514b(0x8e));
                    sendLock = ![];} else {if (_0x2ab70a['target']['className'] === _0x137e18(0xa2, '7$^@')) {_0x2ab70a['target']['children'][0xf0130 ^ 0xf0130]['children'][0x0]['children'][0x0]['children'][0x0]['children'][0x0]['innerText'] = _0x550106;
                        FireMessageInputEvent(_0x2ab70a['target']);
                        setTimeout(() => {sendLock = ![];
                            if (![] === detectChinese(_0x550106) || zh_translation_switch) {OnEnterKeyDown(_0x550106, _0x2ab70a['target']['children'][0x85e48 ^ 0x85e48]['children'][0x8d7d3 ^ 0x8d7d3]['children'][0x0]['children'][0x0]['children'][0x0]);
                            }
                        }, 0x5);
                    } else {changeReactInputValue(msgInput, _0x550106);
                        sendLock = ![];
                        setTimeout(() => {if (![] === detectChinese(msgInput['innerText']) || zh_translation_switch) {sendButton['click']();}
                        }, 0x5);
                    }
                    InputTipsMsg(_0x137e18(0x79, 'myO('), _0x137e18(0x89, '4JF4'), _0x2ab70a['target']);
                }
            }, send_from, send_to);
        }
    } catch (_0x596ece) {sendLock = ![];
        console['error'](_0x596ece);
    }
}

0x3. 代码剖析

从这部分代码能够看进去,变量名和办法名都通过了混同,属于中等难度的加密混同。

0x4. 代码解密

function enterKeyDown(el) {
  try {
    let text = '';

    if (msgInput != null) {InputTipsMsg('',"info", el.target);

      if (el.target.className === "notranslate _5rpu") {text = el.target.children[0].children[0].children[0].children[0].children[0].innerText;
      } else {text = msgInput.value;}

      if (__DisableSendTT || text === '') {setTimeout(() => {sendButton.click();
          sendLock = false;
        }, 1);
      }

      InputTipsMsg("正在翻译中... 请勿频繁回车发送", "info", el.target);
      TranslateMessagesDirectly(text, function (res) {let retStr = GetRetStr(res);

        if (retStr.indexOf("error:") === 0) {InputTipsMsg(res.msg === undefined ? "服务谬误" : res.msg, "error");
          sendLock = false;
        } else {if (el.target.className === "notranslate _5rpu") {el.target.children[0].children[0].children[0].children[0].children[0].innerText = retStr;
            FireMessageInputEvent(el.target);
            setTimeout(() => {
              sendLock = false;

              if (false === detectChinese(retStr) || zh_translation_switch) {OnEnterKeyDown(retStr, el.target.children[0].children[0].children[0].children[0].children[0]);
              }
            }, 5);
          } else {changeReactInputValue(msgInput, retStr);
            sendLock = false;
            setTimeout(() => {if (false === detectChinese(msgInput.innerText) || zh_translation_switch) {sendButton.click();
              }
            }, 5);
          }

          InputTipsMsg("翻译胜利", "info", el.target);
        }
      }, send_from, send_to);
    }
  } catch (e) {
    sendLock = false;
    console.error(e);
  }
}

0x5. 结语

贴出来的这部分是不波及敏感信息的,这种 JS 加密属于中等难度的加密,须要人工手动去解,比拟费时费力。

如果你须要企业级的 JS 加密爱护,能够试试 jsjiami.com,里边收费的加密服务就曾经很厉害了,还有环境检测等更厉害的,不过须要 VIP。

如果有其余须要其余 JS 解密等 JS 相干的货色的也能够找站长定制。

正文完
 0