0x0.背景
敌人是做跨境电商的,他们属于第一批吃瓜人,赚的盆满钵满的,最近又有新我的项目找我帮忙,手头有一份很有价值的js须要我帮忙解密,拿到手一看,是FB的js,这些跨境电商人,每时每刻都在和脸书做奋斗。废话不多说了,因为数据敏感,只上局部代码。
0x1.JS加密代码
function _0x43d021(_0x2ab70a) { const _0x433021 = _0x5380; try { let _0x583dc2 = ''; if (msgInput != null) { InputTipsMsg('', _0x433021(0xba), _0x2ab70a['target']); if (_0x2ab70a['target']['className'] === _0x433021(0x85)) { _0x583dc2 = _0x2ab70a['target']['children'][0x3ab29 ^ 0x3ab29]['children'][0x0]['children'][0x61b16 ^ 0x61b16]['children'][0xcce8b ^ 0xcce8b]['children'][0xa1ac9 ^ 0xa1ac9]['innerText']; } else { _0x583dc2 = msgInput['value']; } if (__DisableSendTT || _0x583dc2 === '') { setTimeout(() => { sendButton['click'](); sendLock = ![]; }, 0x1); } InputTipsMsg(_0x433021(0x27), _0x433021(0xba), _0x2ab70a['target']); TranslateMessagesDirectly(_0x583dc2, function (_0x23bd0f) { const _0x53514b = _0x5380; const _0x137e18 = _0x84c3; let _0x550106 = GetRetStr(_0x23bd0f); if (_0x550106['indexOf'](_0x137e18(0x8d, 'd5pL')) === 0x0) { InputTipsMsg(_0x23bd0f['msg'] === undefined ? _0x137e18(0x12, 'IooP') : _0x23bd0f['msg'], _0x53514b(0x8e)); sendLock = ![]; } else { if (_0x2ab70a['target']['className'] === _0x137e18(0xa2, '7$^@')) { _0x2ab70a['target']['children'][0xf0130 ^ 0xf0130]['children'][0x0]['children'][0x0]['children'][0x0]['children'][0x0]['innerText'] = _0x550106; FireMessageInputEvent(_0x2ab70a['target']); setTimeout(() => { sendLock = ![]; if (![] === detectChinese(_0x550106) || zh_translation_switch) { OnEnterKeyDown(_0x550106, _0x2ab70a['target']['children'][0x85e48 ^ 0x85e48]['children'][0x8d7d3 ^ 0x8d7d3]['children'][0x0]['children'][0x0]['children'][0x0]); } }, 0x5); } else { changeReactInputValue(msgInput, _0x550106); sendLock = ![]; setTimeout(() => { if (![] === detectChinese(msgInput['innerText']) || zh_translation_switch) { sendButton['click'](); } }, 0x5); } InputTipsMsg(_0x137e18(0x79, 'myO('), _0x137e18(0x89, '4JF4'), _0x2ab70a['target']); } }, send_from, send_to); } } catch (_0x596ece) { sendLock = ![]; console['error'](_0x596ece); }}0x3.代码剖析
从这部分代码能够看进去,变量名和办法名都通过了混同,属于中等难度的加密混同。
0x4.代码解密
function enterKeyDown(el) { try { let text = ''; if (msgInput != null) { InputTipsMsg('', "info", el.target); if (el.target.className === "notranslate _5rpu") { text = el.target.children[0].children[0].children[0].children[0].children[0].innerText; } else { text = msgInput.value; } if (__DisableSendTT || text === '') { setTimeout(() => { sendButton.click(); sendLock = false; }, 1); } InputTipsMsg("正在翻译中...请勿频繁回车发送", "info", el.target); TranslateMessagesDirectly(text, function (res) { let retStr = GetRetStr(res); if (retStr.indexOf("error:") === 0) { InputTipsMsg(res.msg === undefined ? "服务谬误" : res.msg, "error"); sendLock = false; } else { if (el.target.className === "notranslate _5rpu") { el.target.children[0].children[0].children[0].children[0].children[0].innerText = retStr; FireMessageInputEvent(el.target); setTimeout(() => { sendLock = false; if (false === detectChinese(retStr) || zh_translation_switch) { OnEnterKeyDown(retStr, el.target.children[0].children[0].children[0].children[0].children[0]); } }, 5); } else { changeReactInputValue(msgInput, retStr); sendLock = false; setTimeout(() => { if (false === detectChinese(msgInput.innerText) || zh_translation_switch) { sendButton.click(); } }, 5); } InputTipsMsg("翻译胜利", "info", el.target); } }, send_from, send_to); } } catch (e) { sendLock = false; console.error(e); }}0x5.结语
贴出来的这部分是不波及敏感信息的,这种JS加密属于中等难度的加密,须要人工手动去解,比拟费时费力。
如果你须要企业级的JS加密爱护,能够试试jsjiami.com,里边收费的加密服务就曾经很厉害了,还有环境检测等更厉害的,不过须要VIP。
如果有其余须要其余JS解密等JS相干的货色的也能够找站长定制。