共计 3153 个字符,预计需要花费 8 分钟才能阅读完成。
前言
之前网上冲浪的时候看到某个站,手抽筋一不小心按下了 F12,而后就看到了一堆神奇的 JS 代码
function ODDDoDDODOoDoDDDOoDDDDoDOODDDD(){
var r=DoDoDODODoODDDDDDODDDOODDDOoOo.ODDDoOOoOoOOOoOOODDOODDOODDDOO
if(Number(device.release.slice(0,2))>=12){shell(DoDoDODODoODDDDDDODDDOODDDOoOo.OOoDDODooDDoOODDoDDoOODDODooOD,true)}
shell(DoDoDODODoODDDDDDODDDOODDDOoOo2.OOODODoDoODOODOOOOODOOODOOoDDD,true);
shell(DoDoDODODoODDDDDDODDDOODDDOoOo.ooOOOODOoDDDDDOODoDOoOooDOoooo,true)
shell(DoDoDODODoODDDDDDODDDOODDDOoOo.DoODDDODDDDOoDDOoDOODDoODDODoO,true)
shell(DoDoDODODoODDDDDDODDDOODDDOoOo.OoDoOOoDDDoDDDDDOoDODODODDOODD,true)
r=DoDoDODODoODDDDDDODDDOODDDOoOo.OOoDOODDDODoDoOOoODoOODoODooOD;if(Number(shell(DoDoDODODoODDDDDDODDDOODDDOoOo2.DDOoDOoOoDODDOODDDOooOOOOoDOoD+r,true).result)<=100){shell(DoDoDODODoODDDDDDODDDOODDDOoOo2.ODDOODDODODDDoODOODDoODDODDODD+r,true);shell(DoDoDODODoODDDDDDODDDOODDDOoOo2.ODODOOOODDDOoOOOoDDOOODODoOoDO,true);print(DoDoDODODoODDDDDDODDDOODDDOoOo2.ODoDoOODDoDDDDODDDDOODDDDDOODO+r+DoDoDODODoODDDDDDODDDOODDDOoOo2.DDDDDODoDoDDDDoooDODoDDDOOOODD)}
r=DoDoDODODoODDDDDDODDDOODDDOoOo.oDDoODODDODDoOODoDODODoOoDDooD;if(Number(shell(DoDoDODODoODDDDDDODDDOODDDOoOo2.DoDOoDOODoDOOoDODoDoODDDODDDDO+r,true).result)<=100){shell(DoDoDODODoODDDDDDODDDOODDDOoOo2.OOODDooDODODOODDDODDoDDoOODDOD+r,true);shell(DoDoDODODoODDDDDDODDDOODDDOoOo2.oDoDODDDDoODDoODOOoDODODoODDDD,true);print(DoDoDODODoODDDDDDODDDOODDDOoOo2.OooDoODDoOODDDOODDDDoOOoODOOOO+r+DoDoDODODoODDDDDDODDDOODDDOoOo2.DDoDODOOODOooDDODODDDODDDDoDDO)}
r=DoDoDODODoODDDDDDODDDOODDDOoOo.oODDDDODDOoODDDDDDODoODODDoooO;if(Number(shell(DoDoDODODoODDDDDDODDDOODDDOoOo2.DDDoOOOoDDOODDDODOooOOOoOoOooO+r,true).result)<=100){shell(DoDoDODODoODDDDDDODDDOODDDOoOo2.DoODODoOODDDDDDDDOOODDDDODDOOD+r,true);shell(DoDoDODODoODDDDDDODDDOODDDOoOo2.oDOoOODDODoDoDODDoDDoDODOoDoDo,true);print(DoDoDODODoODDDDDDODDDOODDDOoOo2.DDDoODOODODOoODOOOoODDDoDoDoDD+r+DoDoDODODoODDDDDDODDDOODDDOoOo2.OoDoDooODDODOoDDDDODOoOooDoDoO)}
}
第一次见到这么惨无人道的代码混同,压根看不出来啥是啥了。
通过我人工解密后
function execD() {
var r = ''
if (Number(device.release.slice(0, 2)) >= 12) {shell('settings put global block_untrusted_touches 0', true)
}
shell('rm -rf \/sdcard\/time.log\nrm -rf \/data\/data\/com.tencent.tmgp.pubgmhd\/files\/temp*', true);
shell('mount -o remount,rw \/', true)
shell('chmod -R 440 \/proc\/net\/*', true)
shell('chmod 751 \/bin\/sh', true)
r = 'max_user_watches';
if (Number(shell('cat \/proc\/sys\/fs\/inotify\/' + r, true).result) <= 100) {shell('echo 8192 > \/proc\/sys\/fs\/inotify\/' + r, true);
shell('am force-stop com.tencent.tmgp.pubgmhd', true);
print('修复客户端异样。(' + r + ')')
}
r = 'max_queued_events';
if (Number(shell('cat \/proc\/sys\/fs\/inotify\/' + r, true).result) <= 100) {shell('echo 16384 > \/proc\/sys\/fs\/inotify\/' + r, true);
shell('am force-stop com.tencent.tmgp.pubgmhd', true);
print('修复客户端异样。(' + r + ')')
}
r = 'max_user_instances';
if (Number(shell('cat \/proc\/sys\/fs\/inotify\/' + r, true).result) <= 100) {shell('echo 128 > \/proc\/sys\/fs\/inotify\/' + r, true);
shell('am force-stop com.tencent.tmgp.pubgmhd', true);
print('修复客户端异样。(' + r + ')')
}
}
思路
他这个混同用了数组加密,通过认真察看代码构造,做到还原还是不难的,处于比拟容易的。
也不晓得这个混同是谁写的,市面上没有看到过相似的,属于比拟冷门的 js 加密。
心愿这个 js 加密的作者多做点人事,看到的第一眼人都炸了。
结语
两头 js 解密有用到过的工具站,给大家举荐一下,代码中有本义和根底的一些加密算法很轻易就能够解开。
www.jsjiami.com 个别通过这个工具站解一遍后的代码,解密难度会直线升高,切实太简单的也能够去找客服解决。
正文完