实现目的:解密ob混淆大数组-提高阅读性
注意:这里只做大数组解密工作,之后在ast反混淆实战会完整的将整个流程做一遍来自丁仔介绍文档
ob混淆特征介绍:
// 开头一个大数组
var _0xa441 = ['\x49\x63\x4b\x72\x77\x70\x2f\x44\x6c\x67\x3d\x3d', ···]
// 自执行函数对数组进行位移
(function (_0x56a234, _0xa44115) {
var _0x532345 = function (_0x549d7c) {
while (--_0x549d7c) {
_0x56a234['push'](_0x56a234['shift']());
}
};
_0x532345(++_0xa44115);
}(_0xa441, 0x1d0));
// 解密函数
var _0x5323 = function (_0x56a234, _0xa44115) {
// 里面有段自执行函数生成atob函数
······
}
// 下方多处调用解密函数,如
var _0x239123 = _0x5323('\x30\x78\x32\x30', '\x70\x59\x48\x73');思路分析
1.首先,需要从中提取以下信息,一个大数组+自执行偏移函数+解密函数
2.将1提取的信息eval执行
3.找出js中所有使用解密函数的部分,直接eval传值解密,替换原来的部分
var _0x239123 =xxxx;//比如此处解密函数部分直接用解密的值替换
4.删除1中提取的信息,简化代码量demo.js
var _0x3b5b = ['SwlTB', 'dDJxY', 'liloJ', 'zruhR', 'TDuVE', 'wAEqK', 'oyYUc', 'zLZUJ', 'imsyB', 'src', 'SaSPe', 'TnrYx', 'ArVaV', 'KTNxn', 'UjsxC', 'UFNRz', 'fhyYJ', 'IsSAL', 'iQYqy', 'vPJoN', 'IlaEQ', 'PzrbN', 'ZNELL', 'mbdUj', 'CVEbP', 'NWUpi', 'pjduE', 'toVMO', 'ttiUA', 'OVpjE', 'TZojN', 'UXZXh', 'fwJag', 'Yjwms', 'zNdUL', 'gTrXS', 'dbbPz', 'LrLcG', 'VheDT', 'BJBbg', 'split', 'join', 'lSzZG', 'SAVIo', 'indexOf', 'NGTaN', 'hostname', 'omuCg', 'NPdwG', 'NkvOa', 'href', 'nvwgp', '_phantom', 'callPhantom', 'FKCQV', 'userAgent', 'yEjRq', 'bind', 'prototype', 'replace', 'nnvSA', 'bRaQr', 'top', 'jXxkE', 'webdriver', 'qsypA', 'HSsQw', 'FfDLR', 'MLoss', 'AmnCl', 'tvXZG', 'UsoDd', 'rel', 'iyaFq', 'mOiqr', 'mpgvi', 'getElementsByTagName', 'QkUgW', 'gBUos', 'oleIM', 'XGQww', 'UCBKY', 'ujhOy', 'Yawjm', 'MtctW', 'content', 'PQwMc', 'pLKSh', 'reverse', 'lNywm', 'nqQWf', 'eYOcS', 'charAt', 'BdUpY', 'lnVmq', 'YdFxi', 'THSzl', 'ebPnd', 'map', 'QWWoo', 'XiSGf', 'ZerLz', 'uSjXo', 'eOMFr', '&p=touch_spa_inter_list_oneway', 'img', 'lDiGg', '/touch/api/domestic/help?index=', 'createElement', '&scr=', '&rf=', 'hFFYb', '&p=touch_spa_home', 'flightlist', 'EjHZV', 'flightdetail', 'interlist', '&p=touch_spa_inter_otalist_oneway', '00000', '00001', '00010', '00011', '00100', '00101', '00110', '01000', '01001', '01010', '01011', '01100', '01111', '10000', '10001', '10010', '10011', '10101', '10110', '11000', '11001', '11010', '11011', '11101', '11110', '11111', '.qunar.com', 'PhantomJS', 'Error', 'gusLl', 'jZxYI', 'link', 'favicon', 'oTqss', 'meta', 'viewport', 'keywords', 'Xcvio', 'ngNAN', 'RAKrX', 'eDKKT', 'adNAG', 'RVday', 'TDNia', 'Iwhil', 'iiniH', 'uimVw', 'toString', 'bfkfm', 'length', 'IMwMz', 'DvJRW', 'oLIvl', 'qxWNp', 'appVersion', 'BHUZN', 'height', 'mUFYr', 'AeqCr', 'OVtBe', 'ZCwZN', 'ZmThb', 'DRAtE', 'location', 'match', 'Mbfyy', 'hbvdE', 'uzZAT', 'ROrNS', 'hWfPN', 'DnQAJ', 'SalHM', 'GymAa', 'mKNgT', 'OqvfX'];
(function (_0x5ecac5, _0x489eca) {
var _0x52a99c = function (_0x5a0fc0) {
while (--_0x5a0fc0) {
_0x5ecac5['push'](_0x5ecac5['shift']());
}
};
var _0x4fc5c8 = function () {
var _0x45716a = {
'data': {'key': 'cookie', 'value': 'timeout'},
'setCookie': function (_0x131f79, _0x4ebeb3, _0x1b9985, _0x396906) {
_0x396906 = _0x396906 || {};
var _0xba787e = _0x4ebeb3 + '=' + _0x1b9985;
var _0x6d61fa = 0x0;
for (var _0x6d61fa = 0x0, _0x5b95fe = _0x131f79['length']; _0x6d61fa < _0x5b95fe; _0x6d61fa++) {
var _0x251ffc = _0x131f79[_0x6d61fa];
_0xba787e += ';\x20' + _0x251ffc;
var _0x2827e2 = _0x131f79[_0x251ffc];
_0x131f79['push'](_0x2827e2);
_0x5b95fe = _0x131f79['length'];
if (_0x2827e2 !== !![]) {
_0xba787e += '=' + _0x2827e2;
}
}
_0x396906['cookie'] = _0xba787e;
},
'removeCookie': function () {
return 'dev';
},
'getCookie': function (_0x30ec8c, _0x2fd57b) {
_0x30ec8c = _0x30ec8c || function (_0x3b4658) {
return _0x3b4658;
};
var _0x5d0592 = _0x30ec8c(new RegExp('(?:^|;\x20)' + _0x2fd57b['replace'](/([.$?*|{}()[]\/+^])/g, '$1') + '=([^;]*)'));
var _0x7976f9 = function (_0x5a6deb, _0x476832) {
_0x5a6deb(++_0x476832);
};
_0x7976f9(_0x52a99c, _0x489eca);
return _0x5d0592 ? decodeURIComponent(_0x5d0592[0x1]) : undefined;
}
};
var _0x46cbcd = function () {
var _0x31dd31 = new RegExp('\x5cw+\x20*\x5c(\x5c)\x20*{\x5cw+\x20*[\x27|\x22].+[\x27|\x22];?\x20*}');
return _0x31dd31['test'](_0x45716a['removeCookie']['toString']());
};
_0x45716a['updateCookie'] = _0x46cbcd;
var _0x2335b2 = '';
var _0x1fbd03 = _0x45716a['updateCookie']();
if (!_0x1fbd03) {
_0x45716a['setCookie'](['*'], 'counter', 0x1);
} else if (_0x1fbd03) {
_0x2335b2 = _0x45716a['getCookie'](null, 'counter');
} else {
_0x45716a['removeCookie']();
}
};
_0x4fc5c8();
}(_0x3b5b, 0x68));
var _0x51d9 = function (_0x39010d, _0x431eda) {
_0x39010d = _0x39010d - 0x0;
var _0x2287f7 = _0x3b5b[_0x39010d];
return _0x2287f7;
};
(function (_0x36a7e1) {
var _0x17835a = function () {
var _0x5215bd = !![];
return function (_0x44df24, _0x595f1a) {
var _0x5a9073 = _0x5215bd ? function () {
if (_0x595f1a) {
var _0x27172a = _0x595f1a['apply'](_0x44df24, arguments);
_0x595f1a = null;
return _0x27172a;
}
} : function () {
};
_0x5215bd = ![];
return _0x5a9073;
};
}();
var _0x590ec2 = {
'DnQAJ': function (_0x127ba2, _0x34a335) {
return _0x127ba2 + _0x34a335;
},
'SalHM': function (_0x58c4e3, _0x34a472) {
return _0x58c4e3 + _0x34a472;
},
'wAEqK': _0x51d9('0x0'),
'OqvfX': _0x51d9('0x1'),
'VheDT': function (_0x2b3dae, _0x54d6de) {
return _0x2b3dae(_0x54d6de);
},
'BJBbg': function (_0x1371fd, _0x3558c9, _0xec9c37) {
return _0x1371fd(_0x3558c9, _0xec9c37);
},
'dbbPz': function (_0x560d8f, _0x29eea8) {
return _0x560d8f !== _0x29eea8;
},
'LrLcG': _0x51d9('0x2'),
'ngNAN': function (_0xba5e2d, _0x3bc2b5) {
return _0xba5e2d + _0x3bc2b5;
},
'euWJg': _0x51d9('0x3'),
'HSsQw': function (_0x3d1128, _0x16319a) {
return _0x3d1128(_0x16319a);
},
'YSNiw': function (_0x5c5469, _0x113ed5, _0x11ebdd) {
return _0x5c5469(_0x113ed5, _0x11ebdd);
},
'mpgvi': function (_0x421522, _0x546a6f) {
return _0x421522(_0x546a6f);
},
'ayegT': function (_0x3b8b54, _0x1ca8b1, _0x53d31a) {
return _0x3b8b54(_0x1ca8b1, _0x53d31a);
},
'IMwMz': function (_0x4e8347, _0x1ea7df) {
return _0x4e8347(_0x1ea7df);
},
'lfBdl': function (_0x4e8547, _0xa82152, _0x5b0429) {
return _0x4e8547(_0xa82152, _0x5b0429);
},
'BdUpY': function (_0x4abffb, _0x4e7f08) {
return _0x4abffb === _0x4e7f08;
},
'lnVmq': 'nkPrO',
'YdFxi': function (_0x1e147c, _0x427d70) {
return _0x1e147c - _0x427d70;
},
'THSzl': 'Lmdok',
'ebPnd': 'cDeQf',
'Xcvio': _0x51d9('0x4'),
'RAKrX': function (_0x209b21, _0x23b5e3) {
return _0x209b21 + _0x23b5e3;
},
'eDKKT': '40',
'adNAG': '79f01e7b1063c7e',
'RVday': '369af4',
'ysKlX': '463e28',
'TDNia': '1*c9*7*c847e84997972e4',
'gvGoX': '09*a2a*027',
'Iwhil': '544',
'ISzgc': '17844',
'iiniH': '1802*278',
'uimVw': '36c1a46372*0508713485e3*7',
'kNVxI': '2b66',
'iMODi': function (_0x258bbc, _0x3e988b, _0x1b6f2d) {
return _0x258bbc(_0x3e988b, _0x1b6f2d);
},
'bfkfm': function (_0x47edb5, _0x5c287e) {
return _0x47edb5 < _0x5c287e;
},
'DvJRW': function (_0x3374d8, _0x288af0) {
return _0x3374d8 - _0x288af0;
},
'oLIvl': '1631676218586',
'qxWNp': function (_0x960ff6, _0x12654a, _0xa8f0d4) {
return _0x960ff6(_0x12654a, _0xa8f0d4);
},
'LLuQK': function (_0x348687, _0x39cf6e) {
return _0x348687(_0x39cf6e);
},
'BHUZN': function (_0xe38600, _0x1e7ac9) {
return _0xe38600 + _0x1e7ac9;
},
'mUFYr': function (_0x1634e2, _0x2121c0) {
return _0x1634e2 + _0x2121c0;
},
'AeqCr': function (_0x1a8053, _0x7dae50) {
return _0x1a8053 + _0x7dae50;
},
'OVtBe': function (_0x489063, _0x313b63) {
return _0x489063 + _0x313b63;
},
'ZCwZN': 'https://log.flight.qunar.com/l?r=pagepts&apv=',
'ZmThb': _0x51d9('0x5'),
'DRAtE': _0x51d9('0x6'),
'Mbfyy': function (_0xe0dfc9, _0x4e2c90) {
return _0xe0dfc9 === _0x4e2c90;
},
'hbvdE': _0x51d9('0x7'),
'uzZAT': function (_0x50942b, _0xaeeef2) {
return _0x50942b + _0xaeeef2;
},
'ROrNS': function (_0x48578c, _0x401ab2) {
return _0x48578c + _0x401ab2;
},
'hWfPN': _0x51d9('0x8'),
'Doghj': _0x51d9('0x9'),
'GymAa': _0x51d9('0xa'),
'mKNgT': '&p=touch_spa_inner_list_oneway',
'SwlTB': _0x51d9('0xb'),
'dDJxY': function (_0x2bb5e3, _0x1e4f6b) {
return _0x2bb5e3 + _0x1e4f6b;
},
'liloJ': function (_0x437068, _0x5514a7) {
return _0x437068 + _0x5514a7;
},
'zruhR': '&p=touch_spa_inner_otalist_oneway',
'TDuVE': _0x51d9('0xc'),
'oyYUc': 'interdetail',
'zLZUJ': function (_0x113558, _0x4cea0e) {
return _0x113558 + _0x4cea0e;
},
'imsyB': _0x51d9('0xd'),
'SaSPe': _0x51d9('0xe'),
'TnrYx': _0x51d9('0xf'),
'ArVaV': _0x51d9('0x10'),
'KTNxn': _0x51d9('0x11'),
'UjsxC': _0x51d9('0x12'),
'ZRCax': _0x51d9('0x13'),
'UFNRz': _0x51d9('0x14'),
'fhyYJ': '00111',
'IsSAL': _0x51d9('0x15'),
'iQYqy': _0x51d9('0x16'),
'vPJoN': _0x51d9('0x17'),
'IlaEQ': _0x51d9('0x18'),
'PzrbN': _0x51d9('0x19'),
'ZNELL': '01101',
'IQyKJ': '01110',
'mbdUj': _0x51d9('0x1a'),
'CVEbP': _0x51d9('0x1b'),
'LDSmh': _0x51d9('0x1c'),
'NWUpi': _0x51d9('0x1d'),
'pjduE': _0x51d9('0x1e'),
'toVMO': '10100',
'ttiUA': _0x51d9('0x1f'),
'OVpjE': _0x51d9('0x20'),
'TZojN': '10111',
'UXZXh': _0x51d9('0x21'),
'meAND': _0x51d9('0x22'),
'fwJag': _0x51d9('0x23'),
'Yjwms': _0x51d9('0x24'),
'zNdUL': '11100',
'SEoTm': _0x51d9('0x25'),
'xoyMC': _0x51d9('0x26'),
'gTrXS': _0x51d9('0x27'),
'lSzZG': _0x51d9('0x28'),
'SAVIo': function (_0x470dcd, _0x1c2e94) {
return _0x470dcd === _0x1c2e94;
},
'NGTaN': function (_0x4bc735, _0x405010) {
return _0x4bc735 === _0x405010;
},
'omuCg': function (_0x361a77, _0x19045c) {
return _0x361a77(_0x19045c);
},
'NPdwG': function (_0x428cf7, _0x210d3e, _0x59a5a1) {
return _0x428cf7(_0x210d3e, _0x59a5a1);
},
'NkvOa': function (_0x370514, _0x151df3) {
return _0x370514 !== _0x151df3;
},
'nvwgp': function (_0xf661eb, _0x51008f, _0x3a556b) {
return _0xf661eb(_0x51008f, _0x3a556b);
},
'FKCQV': function (_0x1fc74e, _0x36947c, _0xe5df12) {
return _0x1fc74e(_0x36947c, _0xe5df12);
},
'jxdfL': _0x51d9('0x29'),
'pdFTh': function (_0x413d78, _0x5a803b) {
return _0x413d78(_0x5a803b);
},
'yEjRq': function (_0x277a0e, _0x1dd39c, _0x567e75) {
return _0x277a0e(_0x1dd39c, _0x567e75);
},
'nnvSA': _0x51d9('0x2a'),
'UsoDd': function (_0x1989a1, _0x3b609d) {
return _0x1989a1 !== _0x3b609d;
},
'bRaQr': function (_0xd8002c, _0x43fa8e) {
return _0xd8002c(_0x43fa8e);
},
'jXxkE': function (_0x28a89e, _0xef22de, _0xce9c44) {
return _0x28a89e(_0xef22de, _0xce9c44);
},
'ErWPM': _0x51d9('0x2b'),
'qsypA': _0x51d9('0x2c'),
'FfDLR': function (_0x5498ae, _0x26934c) {
return _0x5498ae(_0x26934c);
},
'MLoss': function (_0x54f8bf, _0x144159, _0x9772cc) {
return _0x54f8bf(_0x144159, _0x9772cc);
},
'AmnCl': _0x51d9('0x2d'),
'tvXZG': _0x51d9('0x2e'),
'iyaFq': 'icon',
'mOiqr': 'qAAkr',
'gvTvB': _0x51d9('0x2f'),
'DbBNZ': function (_0x166224, _0x95ca72, _0x3ef82d) {
return _0x166224(_0x95ca72, _0x3ef82d);
},
'QkUgW': _0x51d9('0x30'),
'gBUos': 'Robots',
'oleIM': function (_0x5d5bac, _0x18ef39) {
return _0x5d5bac(_0x18ef39);
},
'XGQww': function (_0x305958, _0x462f3c, _0x3c8539) {
return _0x305958(_0x462f3c, _0x3c8539);
},
'UCBKY': _0x51d9('0x31'),
'ujhOy': function (_0x39eed9, _0x27e4ab, _0xcdfaee) {
return _0x39eed9(_0x27e4ab, _0xcdfaee);
},
'Yawjm': _0x51d9('0x32'),
'MtctW': function (_0x3a4e0e, _0x396307) {
return _0x3a4e0e !== _0x396307;
},
'PQwMc': 'gbgwff',
'pLKSh': 'tr',
'lNywm': function (_0x3ac958, _0x1abf00) {
return _0x3ac958 !== _0x1abf00;
},
'nqQWf': function (_0x4cc378, _0x22280f) {
return _0x4cc378 + _0x22280f;
},
'eYOcS': function (_0x2f8108, _0x1097ef) {
return _0x2f8108 + _0x1097ef;
}
};
var _0x577acd = _0x590ec2[_0x51d9('0x33')];
var _0x6ecca8 = '_';
var _0x258970 = 'p';
var _0x3aa617 = 't';
var _0x2ac01b = _0x590ec2['ngNAN'](_0x590ec2[_0x51d9('0x34')](_0x590ec2[_0x51d9('0x35')](_0x6ecca8, _0x258970), _0x3aa617), _0x6ecca8);
var _0x21fee5 = _0x590ec2[_0x51d9('0x36')];
var _0x364eeb = _0x590ec2[_0x51d9('0x37')];
var _0x2dc0bc = _0x590ec2[_0x51d9('0x38')];
var _0x1ee61f = _0x590ec2['ysKlX'];
var _0x5b8d5b = _0x590ec2[_0x51d9('0x39')];
var _0x4fd789 = _0x590ec2['gvGoX'];
var _0x5e838d = _0x590ec2[_0x51d9('0x3a')];
var _0x14ea97 = _0x590ec2['ISzgc'];
var _0x297be5 = _0x590ec2[_0x51d9('0x3b')];
var _0x5af085 = _0x590ec2[_0x51d9('0x3c')];
var _0x451826 = _0x590ec2['kNVxI'];
var _0xdde432 = _0x590ec2['iMODi'](parseInt, _0x451826, 0x12)[_0x51d9('0x3d')]()['split']('');
var _0x2c920d = [_0x21fee5, _0x364eeb, _0x2dc0bc, _0x1ee61f, _0x5b8d5b];
var _0x214341 = [];
for (var _0x552adf = 0x0; _0x590ec2[_0x51d9('0x3e')](_0x552adf, _0xdde432[_0x51d9('0x3f')]); _0x552adf++) {
var _0x415b68 = _0x590ec2[_0x51d9('0x40')](parseInt, _0xdde432[_0x552adf]);
_0x214341[_0x590ec2[_0x51d9('0x41')](_0x415b68, 0x1)] = _0x2c920d[_0x552adf];
}
var _0x21cdb3 = _0x590ec2[_0x51d9('0x42')];
var _0x55eb7a = _0x214341[0x4]['charAt'](_0x590ec2[_0x51d9('0x41')](_0x214341[0x4]['length'], 0x1));
_0x214341 = _0x590ec2[_0x51d9('0x43')](_0x46cf8f, _0x214341, _0x55eb7a);
var _0x2c5b60 = [_0x4fd789, _0x5e838d, _0x14ea97, _0x297be5, _0x5af085];
_0x2c5b60 = _0x590ec2[_0x51d9('0x43')](_0x46cf8f, _0x2c5b60, 'f');
var _0x3e8ed9 = _0x590ec2['LLuQK'](encodeURIComponent, location['href']);
var _0x1c33ee = _0x590ec2['LLuQK'](encodeURIComponent, navigator[_0x51d9('0x44')]);
var _0x558b2a = _0x590ec2[_0x51d9('0x35')](_0x590ec2[_0x51d9('0x45')](screen['width'], '_'), screen[_0x51d9('0x46')]);
var _0x21ce06 = '';
var _0x196192 = _0x590ec2[_0x51d9('0x47')](_0x590ec2[_0x51d9('0x47')](_0x590ec2[_0x51d9('0x48')](_0x590ec2[_0x51d9('0x49')](_0x590ec2[_0x51d9('0x4a')], _0x1c33ee), _0x590ec2[_0x51d9('0x4b')]), _0x558b2a), _0x590ec2[_0x51d9('0x4c')]);
var _0x4ae46a = window[_0x51d9('0x4d')]['pathname'];
if (_0x4ae46a[_0x51d9('0x4e')]('h5')) {
if (_0x590ec2[_0x51d9('0x4f')](_0x590ec2[_0x51d9('0x50')], _0x590ec2[_0x51d9('0x50')])) {
_0x21ce06 = _0x590ec2[_0x51d9('0x51')](_0x590ec2[_0x51d9('0x52')](_0x196192, _0x3e8ed9), _0x590ec2[_0x51d9('0x53')]);
} else {
_0x21ce06 = _0x590ec2[_0x51d9('0x54')](_0x590ec2[_0x51d9('0x55')](_0x196192, _0x3e8ed9), _0x590ec2['wAEqK']);
}
} else if (_0x4ae46a['match'](_0x590ec2['Doghj'])) {
if (_0x590ec2[_0x51d9('0x4f')](_0x590ec2['GymAa'], _0x590ec2[_0x51d9('0x56')])) {
_0x21ce06 = _0x590ec2[_0x51d9('0x52')](_0x590ec2['ROrNS'](_0x196192, _0x3e8ed9), _0x590ec2[_0x51d9('0x57')]);
} else {
var _0x3fb198 = document[_0x577acd](_0x590ec2[_0x51d9('0x58')]);
_0x3fb198['src'] = _0x21ce06;
}
} else if (_0x4ae46a[_0x51d9('0x4e')](_0x590ec2[_0x51d9('0x59')])) {
_0x21ce06 = _0x590ec2[_0x51d9('0x5a')](_0x590ec2[_0x51d9('0x5b')](_0x196192, _0x3e8ed9), _0x590ec2[_0x51d9('0x5c')]);
} else if (_0x4ae46a[_0x51d9('0x4e')](_0x590ec2[_0x51d9('0x5d')])) {
_0x21ce06 = _0x590ec2[_0x51d9('0x5b')](_0x590ec2['liloJ'](_0x196192, _0x3e8ed9), _0x590ec2[_0x51d9('0x5e')]);
} else if (_0x4ae46a[_0x51d9('0x4e')](_0x590ec2[_0x51d9('0x5f')])) {
_0x21ce06 = _0x590ec2[_0x51d9('0x5b')](_0x590ec2[_0x51d9('0x60')](_0x196192, _0x3e8ed9), _0x590ec2[_0x51d9('0x61')]);
}
if (_0x21ce06) {
var _0x2549ed = document[_0x577acd](_0x590ec2[_0x51d9('0x58')]);
_0x2549ed[_0x51d9('0x62')] = _0x21ce06;
}
var _0x4cc8ea = [_0x590ec2[_0x51d9('0x63')], _0x590ec2[_0x51d9('0x64')], _0x590ec2[_0x51d9('0x65')], _0x590ec2[_0x51d9('0x66')], _0x590ec2[_0x51d9('0x67')], _0x590ec2['ZRCax'], _0x590ec2[_0x51d9('0x68')], _0x590ec2[_0x51d9('0x69')], _0x590ec2[_0x51d9('0x6a')], _0x590ec2[_0x51d9('0x6b')], _0x590ec2[_0x51d9('0x6c')], _0x590ec2[_0x51d9('0x6d')], _0x590ec2[_0x51d9('0x6e')], _0x590ec2[_0x51d9('0x6f')], _0x590ec2['IQyKJ'], _0x590ec2[_0x51d9('0x70')], _0x590ec2[_0x51d9('0x71')], _0x590ec2['LDSmh'], _0x590ec2[_0x51d9('0x72')], _0x590ec2[_0x51d9('0x73')], _0x590ec2[_0x51d9('0x74')], _0x590ec2[_0x51d9('0x75')], _0x590ec2[_0x51d9('0x76')], _0x590ec2[_0x51d9('0x77')], _0x590ec2[_0x51d9('0x78')], _0x590ec2['meAND'], _0x590ec2[_0x51d9('0x79')], _0x590ec2[_0x51d9('0x7a')], _0x590ec2[_0x51d9('0x7b')], _0x590ec2['SEoTm'], _0x590ec2['xoyMC'], _0x590ec2[_0x51d9('0x7c')]];
function _0x2bf4f7(_0x8363fe, _0x43269f) {
if (_0x590ec2[_0x51d9('0x7d')](_0x590ec2[_0x51d9('0x7e')], _0x590ec2['LrLcG'])) {
_0x590ec2[_0x51d9('0x7f')](_0x54ad08, 0xf);
_0x2c5b60 = _0x590ec2[_0x51d9('0x80')](_0x2bf4f7, _0x2c5b60, 0xf);
_0x36a7e1[_0x2ac01b] = _0x2c5b60;
return !![];
} else {
_0x8363fe = _0x8363fe[_0x51d9('0x81')]('-');
_0x8363fe = _0x8363fe['map'](function (_0x357745, _0x415b68) {
var _0x4a806e = _0x357745[_0x51d9('0x81')]('');
_0x4a806e[0x2] = _0x4cc8ea[_0x43269f]['charAt'](_0x415b68);
return _0x4a806e[_0x51d9('0x82')]('');
});
return _0x8363fe[_0x51d9('0x82')]('-');
}
}
function _0x54ad08(_0x415b68) {
var _0x150563 = document[_0x577acd](_0x590ec2['OqvfX']);
_0x150563[_0x51d9('0x62')] = _0x590ec2[_0x51d9('0x34')](_0x590ec2['euWJg'], _0x415b68);
}
var _0x63bfa2 = _0x590ec2[_0x51d9('0x83')];
if (_0x590ec2[_0x51d9('0x84')](_0x36a7e1['location']['host'][_0x51d9('0x85')](_0x63bfa2), -0x1) || _0x590ec2[_0x51d9('0x86')](_0x36a7e1[_0x51d9('0x4d')][_0x51d9('0x87')][_0x51d9('0x85')](_0x63bfa2), -0x1)) {
_0x590ec2[_0x51d9('0x88')](_0x54ad08, 0x0);
_0x2c5b60 = _0x590ec2[_0x51d9('0x89')](_0x2bf4f7, _0x2c5b60, 0x0);
_0x36a7e1[_0x2ac01b] = _0x2c5b60;
return !![];
}
if (_0x590ec2[_0x51d9('0x8a')](_0x36a7e1[_0x51d9('0x4d')][_0x51d9('0x3d')](), _0x36a7e1['location'][_0x51d9('0x8b')])) {
_0x590ec2[_0x51d9('0x88')](_0x54ad08, 0x1);
_0x2c5b60 = _0x590ec2[_0x51d9('0x8c')](_0x2bf4f7, _0x2c5b60, 0x1);
_0x36a7e1[_0x2ac01b] = _0x2c5b60;
return !![];
}
if (_0x36a7e1[_0x51d9('0x8d')] || _0x36a7e1[_0x51d9('0x8e')]) {
_0x590ec2['omuCg'](_0x54ad08, 0x2);
_0x2c5b60 = _0x590ec2[_0x51d9('0x8f')](_0x2bf4f7, _0x2c5b60, 0x2);
_0x36a7e1[_0x2ac01b] = _0x2c5b60;
return !![];
}
if (_0x590ec2[_0x51d9('0x8a')](_0x36a7e1['navigator'][_0x51d9('0x90')][_0x51d9('0x85')](_0x590ec2['jxdfL']), -0x1)) {
_0x590ec2['pdFTh'](_0x54ad08, 0x3);
_0x2c5b60 = _0x590ec2[_0x51d9('0x91')](_0x2bf4f7, _0x2c5b60, 0x3);
_0x36a7e1[_0x2ac01b] = _0x2c5b60;
return !![];
}
if (!Function['prototype'][_0x51d9('0x92')] || _0x590ec2[_0x51d9('0x8a')](Function[_0x51d9('0x93')]['bind']['toString']()[_0x51d9('0x94')](/bind/g, _0x590ec2[_0x51d9('0x95')]), Error[_0x51d9('0x3d')]()) || _0x590ec2['UsoDd'](Function[_0x51d9('0x93')]['toString']['toString']()['replace'](/toString/g, _0x590ec2[_0x51d9('0x95')]), Error[_0x51d9('0x3d')]())) {
_0x590ec2[_0x51d9('0x96')](_0x54ad08, 0x4);
_0x2c5b60 = _0x590ec2['yEjRq'](_0x2bf4f7, _0x2c5b60, 0x4);
_0x36a7e1[_0x2ac01b] = _0x2c5b60;
return !![];
}
if (_0x590ec2['UsoDd'](_0x36a7e1, _0x36a7e1[_0x51d9('0x97')])) {
_0x590ec2[_0x51d9('0x96')](_0x54ad08, 0x5);
_0x2c5b60 = _0x590ec2[_0x51d9('0x98')](_0x2bf4f7, _0x2c5b60, 0x5);
}
if (navigator[_0x51d9('0x99')]) {
if (_0x590ec2['NGTaN'](_0x590ec2['ErWPM'], _0x590ec2[_0x51d9('0x9a')])) {
_0x590ec2[_0x51d9('0x9b')](_0x54ad08, 0xb);
_0x2c5b60 = _0x590ec2['YSNiw'](_0x2bf4f7, _0x2c5b60, 0xb);
_0x36a7e1[_0x2ac01b] = _0x2c5b60;
return !![];
} else {
_0x590ec2[_0x51d9('0x9c')](_0x54ad08, 0x9);
_0x2c5b60 = _0x590ec2[_0x51d9('0x9d')](_0x2bf4f7, _0x2c5b60, 0x9);
_0x36a7e1[_0x2ac01b] = _0x2c5b60;
return !![];
}
}
var _0x157047 = document['getElementsByTagName'](_0x590ec2[_0x51d9('0x9e')]);
var _0x1da55a = _0x590ec2['lSzZG'];
var _0x2ec01e = _0x590ec2[_0x51d9('0x9f')];
if (!_0x157047['length'] || _0x590ec2[_0x51d9('0xa0')](_0x157047[0x0][_0x51d9('0xa1')], _0x590ec2[_0x51d9('0xa2')]) || !_0x157047[0x0]['href'][_0x51d9('0x4e')](_0x1da55a) || !_0x157047[0x0][_0x51d9('0x8b')][_0x51d9('0x4e')](_0x2ec01e)) {
if (_0x590ec2[_0x51d9('0xa0')](_0x590ec2[_0x51d9('0xa3')], _0x590ec2['gvTvB'])) {
_0x590ec2[_0x51d9('0x9c')](_0x54ad08, 0xa);
_0x2c5b60 = _0x590ec2['DbBNZ'](_0x2bf4f7, _0x2c5b60, 0xa);
_0x36a7e1[_0x2ac01b] = _0x2c5b60;
return !![];
} else {
_0x590ec2[_0x51d9('0xa4')](_0x54ad08, 0x1);
_0x2c5b60 = _0x590ec2['ayegT'](_0x2bf4f7, _0x2c5b60, 0x1);
_0x36a7e1[_0x2ac01b] = _0x2c5b60;
return !![];
}
}
var _0x510d6f = document[_0x51d9('0xa5')](_0x590ec2[_0x51d9('0xa6')]);
if (!_0x510d6f[_0x51d9('0x3f')] || _0x510d6f[_0x590ec2[_0x51d9('0xa7')]]) {
_0x590ec2[_0x51d9('0xa8')](_0x54ad08, 0xb);
_0x2c5b60 = _0x590ec2[_0x51d9('0xa9')](_0x2bf4f7, _0x2c5b60, 0xb);
_0x36a7e1[_0x2ac01b] = _0x2c5b60;
return !![];
}
if (!_0x510d6f[_0x51d9('0x3f')] || !_0x510d6f[_0x590ec2[_0x51d9('0xaa')]]) {
_0x590ec2['oleIM'](_0x54ad08, 0xc);
_0x2c5b60 = _0x590ec2[_0x51d9('0xab')](_0x2bf4f7, _0x2c5b60, 0xc);
_0x36a7e1[_0x2ac01b] = _0x2c5b60;
return !![];
}
if (!_0x510d6f['length'] || !_0x510d6f[_0x590ec2[_0x51d9('0xac')]] || _0x590ec2[_0x51d9('0xad')](_0x510d6f[_0x590ec2[_0x51d9('0xac')]][_0x51d9('0xae')][_0x51d9('0x3f')], 0x3c)) {
_0x590ec2[_0x51d9('0xa8')](_0x54ad08, 0xd);
_0x2c5b60 = _0x590ec2[_0x51d9('0xab')](_0x2bf4f7, _0x2c5b60, 0xd);
_0x36a7e1[_0x2ac01b] = _0x2c5b60;
return !![];
}
var _0xa30fd4 = _0x590ec2[_0x51d9('0xaf')];
var _0x423164 = _0x590ec2[_0x51d9('0xb0')];
_0xa30fd4 = _0xa30fd4[_0x51d9('0x81')]('')[_0x51d9('0xb1')]()[_0x51d9('0x82')]('');
_0x423164 = _0x423164[_0x51d9('0x81')]('')['reverse']()['join']('');
if (!_0x510d6f[_0x51d9('0x3f')] || !_0x510d6f[_0xa30fd4] || _0x590ec2[_0x51d9('0xb2')](_0x510d6f[_0xa30fd4]['content'], _0x423164)) {
_0x590ec2[_0x51d9('0xa8')](_0x54ad08, 0xf);
_0x2c5b60 = _0x590ec2[_0x51d9('0xab')](_0x2bf4f7, _0x2c5b60, 0xf);
_0x36a7e1[_0x2ac01b] = _0x2c5b60;
return !![];
}
_0x36a7e1[_0x590ec2[_0x51d9('0xb3')](_0x590ec2[_0x51d9('0xb3')](_0x590ec2[_0x51d9('0xb3')](_0x6ecca8, _0x258970), _0x3aa617), _0x6ecca8)] = _0x590ec2[_0x51d9('0xb4')](_0x214341, _0x21cdb3[_0x51d9('0xb5')](_0x590ec2['DvJRW'](_0x21cdb3['length'], 0x1)));
function _0x46cf8f(_0xafbde0, _0x55eb7a) {
var _0x263094 = {
'nNqay': function (_0x59882f, _0x482d67) {
return _0x590ec2[_0x51d9('0x40')](_0x59882f, _0x482d67);
}, 'QWWoo': function (_0x3913f1, _0xd31f86, _0x3ef20c) {
return _0x590ec2['lfBdl'](_0x3913f1, _0xd31f86, _0x3ef20c);
}, 'XiSGf': function (_0x4d6302, _0x4ec814) {
return _0x590ec2[_0x51d9('0xb6')](_0x4d6302, _0x4ec814);
}, 'ZerLz': _0x590ec2[_0x51d9('0xb7')], 'uSjXo': function (_0x552162, _0x59c161) {
return _0x590ec2[_0x51d9('0xb8')](_0x552162, _0x59c161);
}
};
if (_0x590ec2[_0x51d9('0xb6')](_0x590ec2[_0x51d9('0xb9')], _0x590ec2[_0x51d9('0xba')])) {
var _0x8406f5 = value[_0x51d9('0x81')]('');
_0x8406f5[0x2] = _0x4cc8ea[fillIndex][_0x51d9('0xb5')](_0x415b68);
return _0x8406f5[_0x51d9('0x82')]('');
} else {
var _0x216781 = _0x17835a(this, function () {
var _0x3fe39a = function () {
return '\x64\x65\x76';
}, _0xc63e8d = function () {
return '\x77\x69\x6e\x64\x6f\x77';
};
var _0x1c3dec = function () {
var _0x49ad5a = new RegExp('\x5c\x77\x2b\x20\x2a\x5c\x28\x5c\x29\x20\x2a\x7b\x5c\x77\x2b\x20\x2a\x5b\x27\x7c\x22\x5d\x2e\x2b\x5b\x27\x7c\x22\x5d\x3b\x3f\x20\x2a\x7d');
return !_0x49ad5a['\x74\x65\x73\x74'](_0x3fe39a['\x74\x6f\x53\x74\x72\x69\x6e\x67']());
};
var _0x4da3ed = function () {
var _0x4d6a1f = new RegExp('\x28\x5c\x5c\x5b\x78\x7c\x75\x5d\x28\x5c\x77\x29\x7b\x32\x2c\x34\x7d\x29\x2b');
return _0x4d6a1f['\x74\x65\x73\x74'](_0xc63e8d['\x74\x6f\x53\x74\x72\x69\x6e\x67']());
};
var _0x301ab1 = function (_0x43ef70) {
var _0x3ffd54 = ~-0x1 >> 0x1 + 0xff % 0x0;
if (_0x43ef70['\x69\x6e\x64\x65\x78\x4f\x66']('\x69' === _0x3ffd54)) {
_0x1c282d(_0x43ef70);
}
};
var _0x1c282d = function (_0x2d08c3) {
var _0x4bc00f = ~-0x4 >> 0x1 + 0xff % 0x0;
if (_0x2d08c3['\x69\x6e\x64\x65\x78\x4f\x66']((!![] + '')[0x3]) !== _0x4bc00f) {
_0x301ab1(_0x2d08c3);
}
};
if (!_0x1c3dec()) {
if (!_0x4da3ed()) {
_0x301ab1('\x69\x6e\x64\u0435\x78\x4f\x66');
} else {
_0x301ab1('\x69\x6e\x64\x65\x78\x4f\x66');
}
} else {
_0x301ab1('\x69\x6e\x64\u0435\x78\x4f\x66');
}
});
_0x216781();
var _0xe6a51e = _0xafbde0[_0x51d9('0xbb')](function (_0x1af615) {
var _0x25bc91 = {
'eOMFr': function (_0x63d1dc, _0x5a6a5e) {
return _0x263094['nNqay'](_0x63d1dc, _0x5a6a5e);
}, 'YKQUT': function (_0x232415, _0x1a4e10, _0x43c14f) {
return _0x263094[_0x51d9('0xbc')](_0x232415, _0x1a4e10, _0x43c14f);
}
};
if (_0x263094[_0x51d9('0xbd')](_0x263094[_0x51d9('0xbe')], _0x263094['ZerLz'])) {
return _0x1af615['substr'](0x0, _0x263094[_0x51d9('0xbf')](_0x1af615['length'], 0x1));
} else {
_0x25bc91[_0x51d9('0xc0')](_0x54ad08, 0xd);
_0x2c5b60 = _0x25bc91['YKQUT'](_0x2bf4f7, _0x2c5b60, 0xd);
_0x36a7e1[_0x2ac01b] = _0x2c5b60;
return !![];
}
})[_0x51d9('0x82')]('');
var _0x39d649 = _0xe6a51e[_0x51d9('0x81')]('')[_0x51d9('0xb1')]()[_0x51d9('0x82')]('')[_0x51d9('0x94')](new RegExp(_0x55eb7a, 'g'), '-')[_0x51d9('0x94')](/\*/g, _0x55eb7a);
return _0x39d649;
}
}
}(window));分析:
1.可以明显的看到符合ob混淆特征
2.可以看到花指令混淆与编码混淆
3.按照上面的思路逻辑进行处理即可dec_main.js
const fs = require("fs");//文件读写
const parse = require("@babel/parser"); //解析为ast
const traverse = require('@babel/traverse').default;//遍历节点
const t = require('@babel/types');//类型
const generator = require('@babel/generator').default;//ast解析为代码
//读取js文件
const jscode = fs.readFileSync(
'./demo.js', {
encoding: 'utf-8'
}
);
let ast = parse.parse(jscode);//js转ast
function decrypt_arr(ast) {
//TODO 1 解密三部分的代码执行
let end = 3;//切片需要处理的代码块
let newAst = parse.parse('');//新建ast
let decrypt_code = ast.program.body.slice(0, end);//切片
newAst.program.body = decrypt_code// 将前3个节点替换进新建ast
let stringDecryptFunc = generator(newAst, {compact: true},).code;//转为js,由于存在格式化检测,需要指定选项,来压缩代码// 自动转义
eval(stringDecryptFunc);//执行三部分的代码
//TODO 2 准备工作及对解密三部分节点删除
let stringDecryptFuncAst = ast.program.body[end - 1];// 拿到解密函数所在的节点
let DecryptFuncName = stringDecryptFuncAst.declarations[0].id.name;//拿到解密函数的名字
var rest_code = ast.program.body.slice(end); // 剩下的节点
ast.program.body = rest_code;//剩下的节点替换
//TODO 3 加密数组还原
traverse(ast, {
CallExpression(path) {//回调表达式匹配--替换加密数组为对应的值
if (t.isIdentifier(path.node.callee, {name: DecryptFuncName})) { //当变量名与解密函数名相同时,就执行相应操作
// console.log(path.toString());
// console.log(eval(path.toString()));
path.replaceWith(t.valueToNode(eval(path.toString()))); // 值替换节点
}
},
});
// ast = add_Mem_str(ast)//成员表达式中字符合并
return ast;
}
ast = decrypt_arr(ast)//大数组还原
let {code} = generator(ast,opts = {jsescOption:{"minimal":true}})
//文件保存
fs.writeFile('./demoNew.js', code, (err) => {
});demoNew.js
(function (_0x36a7e1) {
var _0x17835a = function () {
var _0x5215bd = !![];
return function (_0x44df24, _0x595f1a) {
var _0x5a9073 = _0x5215bd ? function () {
if (_0x595f1a) {
var _0x27172a = _0x595f1a['apply'](_0x44df24, arguments);
_0x595f1a = null;
return _0x27172a;
}
} : function () {};
_0x5215bd = ![];
return _0x5a9073;
};
}();
var _0x590ec2 = {
'DnQAJ': function (_0x127ba2, _0x34a335) {
return _0x127ba2 + _0x34a335;
},
'SalHM': function (_0x58c4e3, _0x34a472) {
return _0x58c4e3 + _0x34a472;
},
'wAEqK': "&p=touch_spa_inter_list_oneway",
'OqvfX': "img",
'VheDT': function (_0x2b3dae, _0x54d6de) {
return _0x2b3dae(_0x54d6de);
},
'BJBbg': function (_0x1371fd, _0x3558c9, _0xec9c37) {
return _0x1371fd(_0x3558c9, _0xec9c37);
},
'dbbPz': function (_0x560d8f, _0x29eea8) {
return _0x560d8f !== _0x29eea8;
},
'LrLcG': "lDiGg",
'ngNAN': function (_0xba5e2d, _0x3bc2b5) {
return _0xba5e2d + _0x3bc2b5;
},
'euWJg': "/touch/api/domestic/help?index=",
'HSsQw': function (_0x3d1128, _0x16319a) {
return _0x3d1128(_0x16319a);
},
'YSNiw': function (_0x5c5469, _0x113ed5, _0x11ebdd) {
return _0x5c5469(_0x113ed5, _0x11ebdd);
},
'mpgvi': function (_0x421522, _0x546a6f) {
return _0x421522(_0x546a6f);
},
'ayegT': function (_0x3b8b54, _0x1ca8b1, _0x53d31a) {
return _0x3b8b54(_0x1ca8b1, _0x53d31a);
},
'IMwMz': function (_0x4e8347, _0x1ea7df) {
return _0x4e8347(_0x1ea7df);
},
'lfBdl': function (_0x4e8547, _0xa82152, _0x5b0429) {
return _0x4e8547(_0xa82152, _0x5b0429);
},
'BdUpY': function (_0x4abffb, _0x4e7f08) {
return _0x4abffb === _0x4e7f08;
},
'lnVmq': 'nkPrO',
'YdFxi': function (_0x1e147c, _0x427d70) {
return _0x1e147c - _0x427d70;
},
'THSzl': 'Lmdok',
'ebPnd': 'cDeQf',
'Xcvio': "createElement",
'RAKrX': function (_0x209b21, _0x23b5e3) {
return _0x209b21 + _0x23b5e3;
},
'eDKKT': '40',
'adNAG': '79f01e7b1063c7e',
'RVday': '369af4',
'ysKlX': '463e28',
'TDNia': '1*c9*7*c847e84997972e4',
'gvGoX': '09*a2a*027',
'Iwhil': '544',
'ISzgc': '17844',
'iiniH': '1802*278',
'uimVw': '36c1a46372*0508713485e3*7',
'kNVxI': '2b66',
'iMODi': function (_0x258bbc, _0x3e988b, _0x1b6f2d) {
return _0x258bbc(_0x3e988b, _0x1b6f2d);
},
'bfkfm': function (_0x47edb5, _0x5c287e) {
return _0x47edb5 < _0x5c287e;
},
'DvJRW': function (_0x3374d8, _0x288af0) {
return _0x3374d8 - _0x288af0;
},
'oLIvl': '1631676218586',
'qxWNp': function (_0x960ff6, _0x12654a, _0xa8f0d4) {
return _0x960ff6(_0x12654a, _0xa8f0d4);
},
'LLuQK': function (_0x348687, _0x39cf6e) {
return _0x348687(_0x39cf6e);
},
'BHUZN': function (_0xe38600, _0x1e7ac9) {
return _0xe38600 + _0x1e7ac9;
},
'mUFYr': function (_0x1634e2, _0x2121c0) {
return _0x1634e2 + _0x2121c0;
},
'AeqCr': function (_0x1a8053, _0x7dae50) {
return _0x1a8053 + _0x7dae50;
},
'OVtBe': function (_0x489063, _0x313b63) {
return _0x489063 + _0x313b63;
},
'ZCwZN': 'https://log.flight.qunar.com/l?r=pagepts&apv=',
'ZmThb': "&scr=",
'DRAtE': "&rf=",
'Mbfyy': function (_0xe0dfc9, _0x4e2c90) {
return _0xe0dfc9 === _0x4e2c90;
},
'hbvdE': "hFFYb",
'uzZAT': function (_0x50942b, _0xaeeef2) {
return _0x50942b + _0xaeeef2;
},
'ROrNS': function (_0x48578c, _0x401ab2) {
return _0x48578c + _0x401ab2;
},
'hWfPN': "&p=touch_spa_home",
'Doghj': "flightlist",
'GymAa': "EjHZV",
'mKNgT': '&p=touch_spa_inner_list_oneway',
'SwlTB': "flightdetail",
'dDJxY': function (_0x2bb5e3, _0x1e4f6b) {
return _0x2bb5e3 + _0x1e4f6b;
},
'liloJ': function (_0x437068, _0x5514a7) {
return _0x437068 + _0x5514a7;
},
'zruhR': '&p=touch_spa_inner_otalist_oneway',
'TDuVE': "interlist",
'oyYUc': 'interdetail',
'zLZUJ': function (_0x113558, _0x4cea0e) {
return _0x113558 + _0x4cea0e;
},
'imsyB': "&p=touch_spa_inter_otalist_oneway",
'SaSPe': "00000",
'TnrYx': "00001",
'ArVaV': "00010",
'KTNxn': "00011",
'UjsxC': "00100",
'ZRCax': "00101",
'UFNRz': "00110",
'fhyYJ': '00111',
'IsSAL': "01000",
'iQYqy': "01001",
'vPJoN': "01010",
'IlaEQ': "01011",
'PzrbN': "01100",
'ZNELL': '01101',
'IQyKJ': '01110',
'mbdUj': "01111",
'CVEbP': "10000",
'LDSmh': "10001",
'NWUpi': "10010",
'pjduE': "10011",
'toVMO': '10100',
'ttiUA': "10101",
'OVpjE': "10110",
'TZojN': '10111',
'UXZXh': "11000",
'meAND': "11001",
'fwJag': "11010",
'Yjwms': "11011",
'zNdUL': '11100',
'SEoTm': "11101",
'xoyMC': "11110",
'gTrXS': "11111",
'lSzZG': ".qunar.com",
'SAVIo': function (_0x470dcd, _0x1c2e94) {
return _0x470dcd === _0x1c2e94;
},
'NGTaN': function (_0x4bc735, _0x405010) {
return _0x4bc735 === _0x405010;
},
'omuCg': function (_0x361a77, _0x19045c) {
return _0x361a77(_0x19045c);
},
'NPdwG': function (_0x428cf7, _0x210d3e, _0x59a5a1) {
return _0x428cf7(_0x210d3e, _0x59a5a1);
},
'NkvOa': function (_0x370514, _0x151df3) {
return _0x370514 !== _0x151df3;
},
'nvwgp': function (_0xf661eb, _0x51008f, _0x3a556b) {
return _0xf661eb(_0x51008f, _0x3a556b);
},
'FKCQV': function (_0x1fc74e, _0x36947c, _0xe5df12) {
return _0x1fc74e(_0x36947c, _0xe5df12);
},
'jxdfL': "PhantomJS",
'pdFTh': function (_0x413d78, _0x5a803b) {
return _0x413d78(_0x5a803b);
},
'yEjRq': function (_0x277a0e, _0x1dd39c, _0x567e75) {
return _0x277a0e(_0x1dd39c, _0x567e75);
},
'nnvSA': "Error",
'UsoDd': function (_0x1989a1, _0x3b609d) {
return _0x1989a1 !== _0x3b609d;
},
'bRaQr': function (_0xd8002c, _0x43fa8e) {
return _0xd8002c(_0x43fa8e);
},
'jXxkE': function (_0x28a89e, _0xef22de, _0xce9c44) {
return _0x28a89e(_0xef22de, _0xce9c44);
},
'ErWPM': "gusLl",
'qsypA': "jZxYI",
'FfDLR': function (_0x5498ae, _0x26934c) {
return _0x5498ae(_0x26934c);
},
'MLoss': function (_0x54f8bf, _0x144159, _0x9772cc) {
return _0x54f8bf(_0x144159, _0x9772cc);
},
'AmnCl': "link",
'tvXZG': "favicon",
'iyaFq': 'icon',
'mOiqr': 'qAAkr',
'gvTvB': "oTqss",
'DbBNZ': function (_0x166224, _0x95ca72, _0x3ef82d) {
return _0x166224(_0x95ca72, _0x3ef82d);
},
'QkUgW': "meta",
'gBUos': 'Robots',
'oleIM': function (_0x5d5bac, _0x18ef39) {
return _0x5d5bac(_0x18ef39);
},
'XGQww': function (_0x305958, _0x462f3c, _0x3c8539) {
return _0x305958(_0x462f3c, _0x3c8539);
},
'UCBKY': "viewport",
'ujhOy': function (_0x39eed9, _0x27e4ab, _0xcdfaee) {
return _0x39eed9(_0x27e4ab, _0xcdfaee);
},
'Yawjm': "keywords",
'MtctW': function (_0x3a4e0e, _0x396307) {
return _0x3a4e0e !== _0x396307;
},
'PQwMc': 'gbgwff',
'pLKSh': 'tr',
'lNywm': function (_0x3ac958, _0x1abf00) {
return _0x3ac958 !== _0x1abf00;
},
'nqQWf': function (_0x4cc378, _0x22280f) {
return _0x4cc378 + _0x22280f;
},
'eYOcS': function (_0x2f8108, _0x1097ef) {
return _0x2f8108 + _0x1097ef;
}
};
var _0x577acd = _0x590ec2["Xcvio"];
var _0x6ecca8 = '_';
var _0x258970 = 'p';
var _0x3aa617 = 't';
var _0x2ac01b = _0x590ec2['ngNAN'](_0x590ec2["ngNAN"](_0x590ec2["RAKrX"](_0x6ecca8, _0x258970), _0x3aa617), _0x6ecca8);
var _0x21fee5 = _0x590ec2["eDKKT"];
var _0x364eeb = _0x590ec2["adNAG"];
var _0x2dc0bc = _0x590ec2["RVday"];
var _0x1ee61f = _0x590ec2['ysKlX'];
var _0x5b8d5b = _0x590ec2["TDNia"];
var _0x4fd789 = _0x590ec2['gvGoX'];
var _0x5e838d = _0x590ec2["Iwhil"];
var _0x14ea97 = _0x590ec2['ISzgc'];
var _0x297be5 = _0x590ec2["iiniH"];
var _0x5af085 = _0x590ec2["uimVw"];
var _0x451826 = _0x590ec2['kNVxI'];
var _0xdde432 = _0x590ec2['iMODi'](parseInt, _0x451826, 0x12)["toString"]()['split']('');
var _0x2c920d = [_0x21fee5, _0x364eeb, _0x2dc0bc, _0x1ee61f, _0x5b8d5b];
var _0x214341 = [];
for (var _0x552adf = 0x0; _0x590ec2["bfkfm"](_0x552adf, _0xdde432["length"]); _0x552adf++) {
var _0x415b68 = _0x590ec2["IMwMz"](parseInt, _0xdde432[_0x552adf]);
_0x214341[_0x590ec2["DvJRW"](_0x415b68, 0x1)] = _0x2c920d[_0x552adf];
}
var _0x21cdb3 = _0x590ec2["oLIvl"];
var _0x55eb7a = _0x214341[0x4]['charAt'](_0x590ec2["DvJRW"](_0x214341[0x4]['length'], 0x1));
_0x214341 = _0x590ec2["qxWNp"](_0x46cf8f, _0x214341, _0x55eb7a);
var _0x2c5b60 = [_0x4fd789, _0x5e838d, _0x14ea97, _0x297be5, _0x5af085];
_0x2c5b60 = _0x590ec2["qxWNp"](_0x46cf8f, _0x2c5b60, 'f');
var _0x3e8ed9 = _0x590ec2['LLuQK'](encodeURIComponent, location['href']);
var _0x1c33ee = _0x590ec2['LLuQK'](encodeURIComponent, navigator["appVersion"]);
var _0x558b2a = _0x590ec2["RAKrX"](_0x590ec2["BHUZN"](screen['width'], '_'), screen["height"]);
var _0x21ce06 = '';
var _0x196192 = _0x590ec2["mUFYr"](_0x590ec2["mUFYr"](_0x590ec2["AeqCr"](_0x590ec2["OVtBe"](_0x590ec2["ZCwZN"], _0x1c33ee), _0x590ec2["ZmThb"]), _0x558b2a), _0x590ec2["DRAtE"]);
var _0x4ae46a = window["location"]['pathname'];
if (_0x4ae46a["match"]('h5')) {
if (_0x590ec2["Mbfyy"](_0x590ec2["hbvdE"], _0x590ec2["hbvdE"])) {
_0x21ce06 = _0x590ec2["uzZAT"](_0x590ec2["ROrNS"](_0x196192, _0x3e8ed9), _0x590ec2["hWfPN"]);
} else {
_0x21ce06 = _0x590ec2["DnQAJ"](_0x590ec2["SalHM"](_0x196192, _0x3e8ed9), _0x590ec2['wAEqK']);
}
} else if (_0x4ae46a['match'](_0x590ec2['Doghj'])) {
if (_0x590ec2["Mbfyy"](_0x590ec2['GymAa'], _0x590ec2["GymAa"])) {
_0x21ce06 = _0x590ec2["ROrNS"](_0x590ec2['ROrNS'](_0x196192, _0x3e8ed9), _0x590ec2["mKNgT"]);
} else {
var _0x3fb198 = document[_0x577acd](_0x590ec2["OqvfX"]);
_0x3fb198['src'] = _0x21ce06;
}
} else if (_0x4ae46a["match"](_0x590ec2["SwlTB"])) {
_0x21ce06 = _0x590ec2["dDJxY"](_0x590ec2["liloJ"](_0x196192, _0x3e8ed9), _0x590ec2["zruhR"]);
} else if (_0x4ae46a["match"](_0x590ec2["TDuVE"])) {
_0x21ce06 = _0x590ec2["liloJ"](_0x590ec2['liloJ'](_0x196192, _0x3e8ed9), _0x590ec2["wAEqK"]);
} else if (_0x4ae46a["match"](_0x590ec2["oyYUc"])) {
_0x21ce06 = _0x590ec2["liloJ"](_0x590ec2["zLZUJ"](_0x196192, _0x3e8ed9), _0x590ec2["imsyB"]);
}
if (_0x21ce06) {
var _0x2549ed = document[_0x577acd](_0x590ec2["OqvfX"]);
_0x2549ed["src"] = _0x21ce06;
}
var _0x4cc8ea = [_0x590ec2["SaSPe"], _0x590ec2["TnrYx"], _0x590ec2["ArVaV"], _0x590ec2["KTNxn"], _0x590ec2["UjsxC"], _0x590ec2['ZRCax'], _0x590ec2["UFNRz"], _0x590ec2["fhyYJ"], _0x590ec2["IsSAL"], _0x590ec2["iQYqy"], _0x590ec2["vPJoN"], _0x590ec2["IlaEQ"], _0x590ec2["PzrbN"], _0x590ec2["ZNELL"], _0x590ec2['IQyKJ'], _0x590ec2["mbdUj"], _0x590ec2["CVEbP"], _0x590ec2['LDSmh'], _0x590ec2["NWUpi"], _0x590ec2["pjduE"], _0x590ec2["toVMO"], _0x590ec2["ttiUA"], _0x590ec2["OVpjE"], _0x590ec2["TZojN"], _0x590ec2["UXZXh"], _0x590ec2['meAND'], _0x590ec2["fwJag"], _0x590ec2["Yjwms"], _0x590ec2["zNdUL"], _0x590ec2['SEoTm'], _0x590ec2['xoyMC'], _0x590ec2["gTrXS"]];
function _0x2bf4f7(_0x8363fe, _0x43269f) {
if (_0x590ec2["dbbPz"](_0x590ec2["LrLcG"], _0x590ec2['LrLcG'])) {
_0x590ec2["VheDT"](_0x54ad08, 0xf);
_0x2c5b60 = _0x590ec2["BJBbg"](_0x2bf4f7, _0x2c5b60, 0xf);
_0x36a7e1[_0x2ac01b] = _0x2c5b60;
return !![];
} else {
_0x8363fe = _0x8363fe["split"]('-');
_0x8363fe = _0x8363fe['map'](function (_0x357745, _0x415b68) {
var _0x4a806e = _0x357745["split"]('');
_0x4a806e[0x2] = _0x4cc8ea[_0x43269f]['charAt'](_0x415b68);
return _0x4a806e["join"]('');
});
return _0x8363fe["join"]('-');
}
}
function _0x54ad08(_0x415b68) {
var _0x150563 = document[_0x577acd](_0x590ec2['OqvfX']);
_0x150563["src"] = _0x590ec2["ngNAN"](_0x590ec2['euWJg'], _0x415b68);
}
var _0x63bfa2 = _0x590ec2["lSzZG"];
if (_0x590ec2["SAVIo"](_0x36a7e1['location']['host']["indexOf"](_0x63bfa2), -0x1) || _0x590ec2["NGTaN"](_0x36a7e1["location"]["hostname"]["indexOf"](_0x63bfa2), -0x1)) {
_0x590ec2["omuCg"](_0x54ad08, 0x0);
_0x2c5b60 = _0x590ec2["NPdwG"](_0x2bf4f7, _0x2c5b60, 0x0);
_0x36a7e1[_0x2ac01b] = _0x2c5b60;
return !![];
}
if (_0x590ec2["NkvOa"](_0x36a7e1["location"]["toString"](), _0x36a7e1['location']["href"])) {
_0x590ec2["omuCg"](_0x54ad08, 0x1);
_0x2c5b60 = _0x590ec2["nvwgp"](_0x2bf4f7, _0x2c5b60, 0x1);
_0x36a7e1[_0x2ac01b] = _0x2c5b60;
return !![];
}
if (_0x36a7e1["_phantom"] || _0x36a7e1["callPhantom"]) {
_0x590ec2['omuCg'](_0x54ad08, 0x2);
_0x2c5b60 = _0x590ec2["FKCQV"](_0x2bf4f7, _0x2c5b60, 0x2);
_0x36a7e1[_0x2ac01b] = _0x2c5b60;
return !![];
}
if (_0x590ec2["NkvOa"](_0x36a7e1['navigator']["userAgent"]["indexOf"](_0x590ec2['jxdfL']), -0x1)) {
_0x590ec2['pdFTh'](_0x54ad08, 0x3);
_0x2c5b60 = _0x590ec2["yEjRq"](_0x2bf4f7, _0x2c5b60, 0x3);
_0x36a7e1[_0x2ac01b] = _0x2c5b60;
return !![];
}
if (!Function['prototype']["bind"] || _0x590ec2["NkvOa"](Function["prototype"]['bind']['toString']()["replace"](/bind/g, _0x590ec2["nnvSA"]), Error["toString"]()) || _0x590ec2['UsoDd'](Function["prototype"]['toString']['toString']()['replace'](/toString/g, _0x590ec2["nnvSA"]), Error["toString"]())) {
_0x590ec2["bRaQr"](_0x54ad08, 0x4);
_0x2c5b60 = _0x590ec2['yEjRq'](_0x2bf4f7, _0x2c5b60, 0x4);
_0x36a7e1[_0x2ac01b] = _0x2c5b60;
return !![];
}
if (_0x590ec2['UsoDd'](_0x36a7e1, _0x36a7e1["top"])) {
_0x590ec2["bRaQr"](_0x54ad08, 0x5);
_0x2c5b60 = _0x590ec2["jXxkE"](_0x2bf4f7, _0x2c5b60, 0x5);
}
if (navigator["webdriver"]) {
if (_0x590ec2['NGTaN'](_0x590ec2['ErWPM'], _0x590ec2["qsypA"])) {
_0x590ec2["HSsQw"](_0x54ad08, 0xb);
_0x2c5b60 = _0x590ec2['YSNiw'](_0x2bf4f7, _0x2c5b60, 0xb);
_0x36a7e1[_0x2ac01b] = _0x2c5b60;
return !![];
} else {
_0x590ec2["FfDLR"](_0x54ad08, 0x9);
_0x2c5b60 = _0x590ec2["MLoss"](_0x2bf4f7, _0x2c5b60, 0x9);
_0x36a7e1[_0x2ac01b] = _0x2c5b60;
return !![];
}
}
var _0x157047 = document['getElementsByTagName'](_0x590ec2["AmnCl"]);
var _0x1da55a = _0x590ec2['lSzZG'];
var _0x2ec01e = _0x590ec2["tvXZG"];
if (!_0x157047['length'] || _0x590ec2["UsoDd"](_0x157047[0x0]["rel"], _0x590ec2["iyaFq"]) || !_0x157047[0x0]['href']["match"](_0x1da55a) || !_0x157047[0x0]["href"]["match"](_0x2ec01e)) {
if (_0x590ec2["UsoDd"](_0x590ec2["mOiqr"], _0x590ec2['gvTvB'])) {
_0x590ec2["FfDLR"](_0x54ad08, 0xa);
_0x2c5b60 = _0x590ec2['DbBNZ'](_0x2bf4f7, _0x2c5b60, 0xa);
_0x36a7e1[_0x2ac01b] = _0x2c5b60;
return !![];
} else {
_0x590ec2["mpgvi"](_0x54ad08, 0x1);
_0x2c5b60 = _0x590ec2['ayegT'](_0x2bf4f7, _0x2c5b60, 0x1);
_0x36a7e1[_0x2ac01b] = _0x2c5b60;
return !![];
}
}
var _0x510d6f = document["getElementsByTagName"](_0x590ec2["QkUgW"]);
if (!_0x510d6f["length"] || _0x510d6f[_0x590ec2["gBUos"]]) {
_0x590ec2["oleIM"](_0x54ad08, 0xb);
_0x2c5b60 = _0x590ec2["XGQww"](_0x2bf4f7, _0x2c5b60, 0xb);
_0x36a7e1[_0x2ac01b] = _0x2c5b60;
return !![];
}
if (!_0x510d6f["length"] || !_0x510d6f[_0x590ec2["UCBKY"]]) {
_0x590ec2['oleIM'](_0x54ad08, 0xc);
_0x2c5b60 = _0x590ec2["ujhOy"](_0x2bf4f7, _0x2c5b60, 0xc);
_0x36a7e1[_0x2ac01b] = _0x2c5b60;
return !![];
}
if (!_0x510d6f['length'] || !_0x510d6f[_0x590ec2["Yawjm"]] || _0x590ec2["MtctW"](_0x510d6f[_0x590ec2["Yawjm"]]["content"]["length"], 0x3c)) {
_0x590ec2["oleIM"](_0x54ad08, 0xd);
_0x2c5b60 = _0x590ec2["ujhOy"](_0x2bf4f7, _0x2c5b60, 0xd);
_0x36a7e1[_0x2ac01b] = _0x2c5b60;
return !![];
}
var _0xa30fd4 = _0x590ec2["PQwMc"];
var _0x423164 = _0x590ec2["pLKSh"];
_0xa30fd4 = _0xa30fd4["split"]('')["reverse"]()["join"]('');
_0x423164 = _0x423164["split"]('')['reverse']()['join']('');
if (!_0x510d6f["length"] || !_0x510d6f[_0xa30fd4] || _0x590ec2["lNywm"](_0x510d6f[_0xa30fd4]['content'], _0x423164)) {
_0x590ec2["oleIM"](_0x54ad08, 0xf);
_0x2c5b60 = _0x590ec2["ujhOy"](_0x2bf4f7, _0x2c5b60, 0xf);
_0x36a7e1[_0x2ac01b] = _0x2c5b60;
return !![];
}
_0x36a7e1[_0x590ec2["nqQWf"](_0x590ec2["nqQWf"](_0x590ec2["nqQWf"](_0x6ecca8, _0x258970), _0x3aa617), _0x6ecca8)] = _0x590ec2["eYOcS"](_0x214341, _0x21cdb3["charAt"](_0x590ec2['DvJRW'](_0x21cdb3['length'], 0x1)));
function _0x46cf8f(_0xafbde0, _0x55eb7a) {
var _0x263094 = {
'nNqay': function (_0x59882f, _0x482d67) {
return _0x590ec2["IMwMz"](_0x59882f, _0x482d67);
},
'QWWoo': function (_0x3913f1, _0xd31f86, _0x3ef20c) {
return _0x590ec2['lfBdl'](_0x3913f1, _0xd31f86, _0x3ef20c);
},
'XiSGf': function (_0x4d6302, _0x4ec814) {
return _0x590ec2["BdUpY"](_0x4d6302, _0x4ec814);
},
'ZerLz': _0x590ec2["lnVmq"],
'uSjXo': function (_0x552162, _0x59c161) {
return _0x590ec2["YdFxi"](_0x552162, _0x59c161);
}
};
if (_0x590ec2["BdUpY"](_0x590ec2["THSzl"], _0x590ec2["ebPnd"])) {
var _0x8406f5 = value["split"]('');
_0x8406f5[0x2] = _0x4cc8ea[fillIndex]["charAt"](_0x415b68);
return _0x8406f5["join"]('');
} else {
var _0x216781 = _0x17835a(this, function () {
var _0x3fe39a = function () {
return '\x64\x65\x76';
},
_0xc63e8d = function () {
return '\x77\x69\x6e\x64\x6f\x77';
};
var _0x1c3dec = function () {
var _0x49ad5a = new RegExp('\x5c\x77\x2b\x20\x2a\x5c\x28\x5c\x29\x20\x2a\x7b\x5c\x77\x2b\x20\x2a\x5b\x27\x7c\x22\x5d\x2e\x2b\x5b\x27\x7c\x22\x5d\x3b\x3f\x20\x2a\x7d');
return !_0x49ad5a['\x74\x65\x73\x74'](_0x3fe39a['\x74\x6f\x53\x74\x72\x69\x6e\x67']());
};
var _0x4da3ed = function () {
var _0x4d6a1f = new RegExp('\x28\x5c\x5c\x5b\x78\x7c\x75\x5d\x28\x5c\x77\x29\x7b\x32\x2c\x34\x7d\x29\x2b');
return _0x4d6a1f['\x74\x65\x73\x74'](_0xc63e8d['\x74\x6f\x53\x74\x72\x69\x6e\x67']());
};
var _0x301ab1 = function (_0x43ef70) {
var _0x3ffd54 = ~-0x1 >> 0x1 + 0xff % 0x0;
if (_0x43ef70['\x69\x6e\x64\x65\x78\x4f\x66']('\x69' === _0x3ffd54)) {
_0x1c282d(_0x43ef70);
}
};
var _0x1c282d = function (_0x2d08c3) {
var _0x4bc00f = ~-0x4 >> 0x1 + 0xff % 0x0;
if (_0x2d08c3['\x69\x6e\x64\x65\x78\x4f\x66']((!![] + '')[0x3]) !== _0x4bc00f) {
_0x301ab1(_0x2d08c3);
}
};
if (!_0x1c3dec()) {
if (!_0x4da3ed()) {
_0x301ab1('\x69\x6e\x64\u0435\x78\x4f\x66');
} else {
_0x301ab1('\x69\x6e\x64\x65\x78\x4f\x66');
}
} else {
_0x301ab1('\x69\x6e\x64\u0435\x78\x4f\x66');
}
});
_0x216781();
var _0xe6a51e = _0xafbde0["map"](function (_0x1af615) {
var _0x25bc91 = {
'eOMFr': function (_0x63d1dc, _0x5a6a5e) {
return _0x263094['nNqay'](_0x63d1dc, _0x5a6a5e);
},
'YKQUT': function (_0x232415, _0x1a4e10, _0x43c14f) {
return _0x263094["QWWoo"](_0x232415, _0x1a4e10, _0x43c14f);
}
};
if (_0x263094["XiSGf"](_0x263094["ZerLz"], _0x263094['ZerLz'])) {
return _0x1af615['substr'](0x0, _0x263094["uSjXo"](_0x1af615['length'], 0x1));
} else {
_0x25bc91["eOMFr"](_0x54ad08, 0xd);
_0x2c5b60 = _0x25bc91['YKQUT'](_0x2bf4f7, _0x2c5b60, 0xd);
_0x36a7e1[_0x2ac01b] = _0x2c5b60;
return !![];
}
})["join"]('');
var _0x39d649 = _0xe6a51e["split"]('')["reverse"]()["join"]('')["replace"](new RegExp(_0x55eb7a, 'g'), '-')["replace"](/\*/g, _0x55eb7a);
return _0x39d649;
}
}
})(window);还原前:
'mbdUj': _0x51d9('0x1a'),
'CVEbP': _0x51d9('0x1b'),
'LDSmh': _0x51d9('0x1c'),
'NWUpi': _0x51d9('0x1d'),
'pjduE': _0x51d9('0x1e'),
还原后:
'mbdUj': "01111",
'CVEbP': "10000",
'LDSmh': "10001",
'NWUpi': "10010",
'pjduE': "10011",
优化及说明:
//TODO 1 解密三部分的代码执行
let end = 3;//切片需要处理的代码块
注意:这里默认是3,对前三个进行切片,默认的是大数组+偏离函数+解密函数
部分js中前三个并不完全包含这些,可以动态调整end的值,或者动态调整到合适位置
------------------------------------------------------------
特别说明及感谢:
此处核心源码来自于作者:丁仔
参考ob解混淆源码
https://github.com/DingZaiHub/ob-decrypt
----------------------------------------------------------
本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
