0x0.开头

续接上章,心血来潮想挨个破解一下各大js加密的网站,了解一下现有的js加密的逻辑。

0x1.介绍

Sojson支持js的不可逆混淆加密,和很多高级的加密配置,还增加了小白专用的一键配置常规配置,和禁控制台调试输出、A级保护、变量方法全混淆等诸多高级配置,很多细节做的不错。查了一下资历,这家站13年创建的,搞了快有十个年头了,是个老品牌。接下来我们做个demo加密一下试试,以下加密,除了基本配置,我还勾选了方法函数变量全部重命名。

0x2.源代码
(function () {
    String.prototype.searchAB = function (){
        return this.match(/[^A|B]/g);
    }
    const str = '本工具由 wwBw.jsjiami.cAom 提供接口。\n专注JS安全领域近10年\n企业化运营\n专业的JS加密研发团队。'.searchAB().toString().replaceAll(',', '');
    alert(str);
    console.log(str);
}());
0x3.加密后
/*
 * 加密工具已经升级了一个版本,目前为 jsjiami.com.v5 ,主要加强了算法,以及防破解【绝对不可逆】配置,耶稣也无法100%还原,我说的。;
 * 已经打算把这个工具基础功能一直免费下去。还希望支持我。
 * 另外 jsjiami.com.v5 已经强制加入校验,注释可以去掉,但是 jsjiami.com.v5 不能去掉(如果你开通了VIP,可以手动去掉),其他都没有任何绑定。
 * 誓死不会加入任何后门,jsjiami.com JS 加密的使命就是为了保护你们的Javascript 。
 * 警告:如果您恶意去掉 jsjiami.com.v5 那么我们将不会保护您的JavaScript代码。请遵守规则
 * 新版本: https://www.jsjiami.com/ 支持批量加密,支持大文件加密,拥有更多加密。 */

;var encode_version = 'jsjiami.com.v5', nayxk = '__0xeb23e',  __0xeb23e=['IXYRHEI=','CCYiIcOu','GsK8wowTHQ==','54mM5p2X5YyJ77+CaHbkvbzlrJPmnpDlv6XnqrLvv5rovLHorLvmlbbmj7bmi53kuoHnmoLltobkvpo=','woPDvz0=','5p+W5bWs5Ya+55SSw6LCoggiLEM/woXCr8ONwqHCvcKXacK0Y8KDSTPmjazkv7DmjIDljZjjg7TCjeS4lOayhMKawrflr43lh5npobzlnozovIPDrsKE5bqJw6/kv4/ku4Dlj5zovabok4HDieS5muS4kueblxER5Yim5ayS56OQ5Y2U5ZqX6ZmQ44G+','SgBZNxA=','wpHDhhvDumI=','w6vDsy7CusOJ','wqAJw7VaNMOZwpPCmMO1','w48dwrXCtMOQ','K3jDi8ODw5tMwrfChg==','woTDmQ/DjQQ=','wojDqDTDjFDDocOfwpY=','wpIAMiPDvgptwoQ=','KcO/N1tcSEViwqHCrA==','w4nDgMOr','54qC5p+/5Y+Q77y6WsOY5L2N5ayf5p6w5byq56ms77276L226K6i5paq5oya5oin5LuK55qC5bW95Lyh','5Yuz6ZqH54qh5p2Y5Y6d77+QwpRy5L2s5a6n5p+F5byU56qQ','PCjDoDkawr5gcXDDrMKDwq7ChFE=','wrjDtzLDjxE=','w7J+IcOlwok=','RHkTYC4=','LMKlwo0pBw==','LmBfa8Kh','MDAeOMOq','wp/DmyvDmyU=','cFrCvSDCnQ=='];(function(_0x4fe50f,_0x1873df){var _0x13858f=function(_0x5e0bfd){while(--_0x5e0bfd){_0x4fe50f['push'](_0x4fe50f['shift']());}};_0x13858f(++_0x1873df);}(__0xeb23e,0x1a8));var _0x283e=function(_0x27a5bc,_0x101af3){_0x27a5bc=_0x27a5bc-0x0;var _0x10bb4e=__0xeb23e[_0x27a5bc];if(_0x283e['initialized']===undefined){(function(){var _0x3a7cff=typeof window!=='undefined'?window:typeof process==='object'&&typeof require==='function'&&typeof global==='object'?global:this;var _0x132a83='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';_0x3a7cff['atob']||(_0x3a7cff['atob']=function(_0x1eb12d){var _0x106424=String(_0x1eb12d)['replace'](/=+$/,'');for(var _0x4a2000=0x0,_0x4726be,_0x4b15c7,_0x18229a=0x0,_0xb6f8e4='';_0x4b15c7=_0x106424['charAt'](_0x18229a++);~_0x4b15c7&&(_0x4726be=_0x4a2000%0x4?_0x4726be*0x40+_0x4b15c7:_0x4b15c7,_0x4a2000++%0x4)?_0xb6f8e4+=String['fromCharCode'](0xff&_0x4726be>>(-0x2*_0x4a2000&0x6)):0x0){_0x4b15c7=_0x132a83['indexOf'](_0x4b15c7);}return _0xb6f8e4;});}());var _0x5bdc07=function(_0x334a5b,_0x1635b7){var _0x43421f=[],_0x216485=0x0,_0xa7d60d,_0x5b8f1e='',_0x792d05='';_0x334a5b=atob(_0x334a5b);for(var _0xc451ca=0x0,_0xc846a3=_0x334a5b['length'];_0xc451ca<_0xc846a3;_0xc451ca++){_0x792d05+='%'+('00'+_0x334a5b['charCodeAt'](_0xc451ca)['toString'](0x10))['slice'](-0x2);}_0x334a5b=decodeURIComponent(_0x792d05);for(var _0x430013=0x0;_0x430013<0x100;_0x430013++){_0x43421f[_0x430013]=_0x430013;}for(_0x430013=0x0;_0x430013<0x100;_0x430013++){_0x216485=(_0x216485+_0x43421f[_0x430013]+_0x1635b7['charCodeAt'](_0x430013%_0x1635b7['length']))%0x100;_0xa7d60d=_0x43421f[_0x430013];_0x43421f[_0x430013]=_0x43421f[_0x216485];_0x43421f[_0x216485]=_0xa7d60d;}_0x430013=0x0;_0x216485=0x0;for(var _0x5bff45=0x0;_0x5bff45<_0x334a5b['length'];_0x5bff45++){_0x430013=(_0x430013+0x1)%0x100;_0x216485=(_0x216485+_0x43421f[_0x430013])%0x100;_0xa7d60d=_0x43421f[_0x430013];_0x43421f[_0x430013]=_0x43421f[_0x216485];_0x43421f[_0x216485]=_0xa7d60d;_0x5b8f1e+=String['fromCharCode'](_0x334a5b['charCodeAt'](_0x5bff45)^_0x43421f[(_0x43421f[_0x430013]+_0x43421f[_0x216485])%0x100]);}return _0x5b8f1e;};_0x283e['rc4']=_0x5bdc07;_0x283e['data']={};_0x283e['initialized']=!![];}var _0x52f150=_0x283e['data'][_0x27a5bc];if(_0x52f150===undefined){if(_0x283e['once']===undefined){_0x283e['once']=!![];}_0x10bb4e=_0x283e['rc4'](_0x10bb4e,_0x101af3);_0x283e['data'][_0x27a5bc]=_0x10bb4e;}else{_0x10bb4e=_0x52f150;}return _0x10bb4e;};(function(){var _0x555370={'wNKpT':function _0x5d77c1(_0x50f6c6,_0x50079e){return _0x50f6c6(_0x50079e);}};String['prototype']['searchAB']=function(){var _0x433705={'nczMX':function _0x36f6e4(_0x16f977,_0x13c64e){return _0x16f977===_0x13c64e;},'jKNDQ':_0x283e('0x0','ch)&'),'qfYEY':_0x283e('0x1','b6lp'),'Jjmrt':function _0x2094cd(_0x3a122a,_0xbf7144){return _0x3a122a(_0xbf7144);}};if(_0x433705[_0x283e('0x2','Bv8b')](_0x433705[_0x283e('0x3','ch)&')],_0x433705['jKNDQ'])){return this[_0x283e('0x4','2C5f')](/[^A|B]/g);}else{String[_0x283e('0x5','5npl')]['searchAB']=function(){return this[_0x283e('0x6','o@1r')](/[^A|B]/g);};const _0x2afd9f=_0x433705['qfYEY']['searchAB']()[_0x283e('0x7','b10M')]()['replaceAll'](',','');_0x433705[_0x283e('0x8','cuhX')](alert,_0x2afd9f);console['log'](_0x2afd9f);}};const _0x493c6e='本工具由\x20wwBw.jsjiami.cAom\x20提供接口。\x0a专注JS安全领域近10年\x0a企业化运营\x0a专业的JS加密研发团队。'[_0x283e('0x9','ch)&')]()[_0x283e('0xa','^Rl*')]()[_0x283e('0xb','FEg@')](',','');_0x555370['wNKpT'](alert,_0x493c6e);console['log'](_0x493c6e);}());;(function(_0x26a8bf,_0x1b3d22,_0x57167a){var _0x1ecaea={'vDPpa':function _0x4bbe24(_0x196798,_0x28ae00){return _0x196798===_0x28ae00;},'wVdMw':_0x283e('0xc','299L'),'HXEbb':'jGZ','YTjTR':'ert','Nhlic':function _0x59eb7e(_0x3ce965,_0x6ad683){return _0x3ce965!==_0x6ad683;},'oVWCQ':'undefined','QhIdU':function _0x3e047a(_0x218201,_0x37678c){return _0x218201+_0x37678c;},'WmmUB':_0x283e('0xd','9%A%'),'PfMev':_0x283e('0xe','eU!)'),'EZyiI':function _0x18d526(_0x187205,_0x1c45b1){return _0x187205===_0x1c45b1;},'NRlie':_0x283e('0xf','PVfY'),'xqmSy':function _0x51338a(_0x1ca5e1,_0x4fcbee){return _0x1ca5e1+_0x4fcbee;}};_0x57167a='al';try{if(_0x1ecaea[_0x283e('0x10','cuhX')](_0x1ecaea['wVdMw'],_0x1ecaea[_0x283e('0x11','ns*5')])){_0x57167a='al';try{_0x57167a+=_0x1ecaea[_0x283e('0x12','#xjn')];_0x1b3d22=encode_version;if(!(_0x1ecaea[_0x283e('0x13','AM@r')](typeof _0x1b3d22,_0x1ecaea[_0x283e('0x14','Ak*G')])&&_0x1ecaea[_0x283e('0x15','k4b2')](_0x1b3d22,'jsjiami.com.v5'))){_0x26a8bf[_0x57167a](_0x1ecaea[_0x283e('0x16','cuhX')]('删除',_0x1ecaea['WmmUB']));}}catch(_0x2c780a){_0x26a8bf[_0x57167a](_0x1ecaea[_0x283e('0x17','UwAd')]);}}else{_0x57167a+='ert';_0x1b3d22=encode_version;if(!(typeof _0x1b3d22!=='undefined'&&_0x1ecaea[_0x283e('0x18','jwV3')](_0x1b3d22,_0x1ecaea[_0x283e('0x19','k4b2')]))){_0x26a8bf[_0x57167a](_0x1ecaea[_0x283e('0x1a','AM@r')]('删除',_0x283e('0x1b','ge&n')));}}}catch(_0x46de5d){_0x26a8bf[_0x57167a]('删除版本号,js会定期弹窗');}}(window));;encode_version = 'jsjiami.com.v5';
0x4.格式化一下,去除注释。
;var encode_version = 'jsjiami.com.v5', nayxk = '__0xeb23e',
    __0xeb23e = ['IXYRHEI=', 'CCYiIcOu', 'GsK8wowTHQ==', '54mM5p2X5YyJ77+CaHbkvbzlrJPmnpDlv6XnqrLvv5rovLHorLvmlbbmj7bmi53kuoHnmoLltobkvpo=', 'woPDvz0=', '5p+W5bWs5Ya+55SSw6LCoggiLEM/woXCr8ONwqHCvcKXacK0Y8KDSTPmjazkv7DmjIDljZjjg7TCjeS4lOayhMKawrflr43lh5npobzlnozovIPDrsKE5bqJw6/kv4/ku4Dlj5zovabok4HDieS5muS4kueblxER5Yim5ayS56OQ5Y2U5ZqX6ZmQ44G+', 'SgBZNxA=', 'wpHDhhvDumI=', 'w6vDsy7CusOJ', 'wqAJw7VaNMOZwpPCmMO1', 'w48dwrXCtMOQ', 'K3jDi8ODw5tMwrfChg==', 'woTDmQ/DjQQ=', 'wojDqDTDjFDDocOfwpY=', 'wpIAMiPDvgptwoQ=', 'KcO/N1tcSEViwqHCrA==', 'w4nDgMOr', '54qC5p+/5Y+Q77y6WsOY5L2N5ayf5p6w5byq56ms77276L226K6i5paq5oya5oin5LuK55qC5bW95Lyh', '5Yuz6ZqH54qh5p2Y5Y6d77+QwpRy5L2s5a6n5p+F5byU56qQ', 'PCjDoDkawr5gcXDDrMKDwq7ChFE=', 'wrjDtzLDjxE=', 'w7J+IcOlwok=', 'RHkTYC4=', 'LMKlwo0pBw==', 'LmBfa8Kh', 'MDAeOMOq', 'wp/DmyvDmyU=', 'cFrCvSDCnQ=='];
(function (_0x4fe50f, _0x1873df) {
    var _0x13858f = function (_0x5e0bfd) {
        while (--_0x5e0bfd) {
            _0x4fe50f['push'](_0x4fe50f['shift']());
        }
    };
    _0x13858f(++_0x1873df);
}(__0xeb23e, 0x1a8));
var _0x283e = function (_0x27a5bc, _0x101af3) {
    _0x27a5bc = _0x27a5bc - 0x0;
    var _0x10bb4e = __0xeb23e[_0x27a5bc];
    if (_0x283e['initialized'] === undefined) {
        (function () {
            var _0x3a7cff = typeof window !== 'undefined' ? window : typeof process === 'object' && typeof require === 'function' && typeof global === 'object' ? global : this;
            var _0x132a83 = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';
            _0x3a7cff['atob'] || (_0x3a7cff['atob'] = function (_0x1eb12d) {
                var _0x106424 = String(_0x1eb12d)['replace'](/=+$/, '');
                for (var _0x4a2000 = 0x0, _0x4726be, _0x4b15c7, _0x18229a = 0x0, _0xb6f8e4 = ''; _0x4b15c7 = _0x106424['charAt'](_0x18229a++); ~_0x4b15c7 && (_0x4726be = _0x4a2000 % 0x4 ? _0x4726be * 0x40 + _0x4b15c7 : _0x4b15c7, _0x4a2000++ % 0x4) ? _0xb6f8e4 += String['fromCharCode'](0xff & _0x4726be >> (-0x2 * _0x4a2000 & 0x6)) : 0x0) {
                    _0x4b15c7 = _0x132a83['indexOf'](_0x4b15c7);
                }
                return _0xb6f8e4;
            });
        }());
        var _0x5bdc07 = function (_0x334a5b, _0x1635b7) {
            var _0x43421f = [], _0x216485 = 0x0, _0xa7d60d, _0x5b8f1e = '', _0x792d05 = '';
            _0x334a5b = atob(_0x334a5b);
            for (var _0xc451ca = 0x0, _0xc846a3 = _0x334a5b['length']; _0xc451ca < _0xc846a3; _0xc451ca++) {
                _0x792d05 += '%' + ('00' + _0x334a5b['charCodeAt'](_0xc451ca)['toString'](0x10))['slice'](-0x2);
            }
            _0x334a5b = decodeURIComponent(_0x792d05);
            for (var _0x430013 = 0x0; _0x430013 < 0x100; _0x430013++) {
                _0x43421f[_0x430013] = _0x430013;
            }
            for (_0x430013 = 0x0; _0x430013 < 0x100; _0x430013++) {
                _0x216485 = (_0x216485 + _0x43421f[_0x430013] + _0x1635b7['charCodeAt'](_0x430013 % _0x1635b7['length'])) % 0x100;
                _0xa7d60d = _0x43421f[_0x430013];
                _0x43421f[_0x430013] = _0x43421f[_0x216485];
                _0x43421f[_0x216485] = _0xa7d60d;
            }
            _0x430013 = 0x0;
            _0x216485 = 0x0;
            for (var _0x5bff45 = 0x0; _0x5bff45 < _0x334a5b['length']; _0x5bff45++) {
                _0x430013 = (_0x430013 + 0x1) % 0x100;
                _0x216485 = (_0x216485 + _0x43421f[_0x430013]) % 0x100;
                _0xa7d60d = _0x43421f[_0x430013];
                _0x43421f[_0x430013] = _0x43421f[_0x216485];
                _0x43421f[_0x216485] = _0xa7d60d;
                _0x5b8f1e += String['fromCharCode'](_0x334a5b['charCodeAt'](_0x5bff45) ^ _0x43421f[(_0x43421f[_0x430013] + _0x43421f[_0x216485]) % 0x100]);
            }
            return _0x5b8f1e;
        };
        _0x283e['rc4'] = _0x5bdc07;
        _0x283e['data'] = {};
        _0x283e['initialized'] = !![];
    }
    var _0x52f150 = _0x283e['data'][_0x27a5bc];
    if (_0x52f150 === undefined) {
        if (_0x283e['once'] === undefined) {
            _0x283e['once'] = !![];
        }
        _0x10bb4e = _0x283e['rc4'](_0x10bb4e, _0x101af3);
        _0x283e['data'][_0x27a5bc] = _0x10bb4e;
    } else {
        _0x10bb4e = _0x52f150;
    }
    return _0x10bb4e;
};
(function () {
    var _0x555370 = {
        'wNKpT': function _0x5d77c1(_0x50f6c6, _0x50079e) {
            return _0x50f6c6(_0x50079e);
        }
    };
    String['prototype']['searchAB'] = function () {
        var _0x433705 = {
            'nczMX': function _0x36f6e4(_0x16f977, _0x13c64e) {
                return _0x16f977 === _0x13c64e;
            },
            'jKNDQ': _0x283e('0x0', 'ch)&'),
            'qfYEY': _0x283e('0x1', 'b6lp'),
            'Jjmrt': function _0x2094cd(_0x3a122a, _0xbf7144) {
                return _0x3a122a(_0xbf7144);
            }
        };
        if (_0x433705[_0x283e('0x2', 'Bv8b')](_0x433705[_0x283e('0x3', 'ch)&')], _0x433705['jKNDQ'])) {
            return this[_0x283e('0x4', '2C5f')](/[^A|B]/g);
        } else {
            String[_0x283e('0x5', '5npl')]['searchAB'] = function () {
                return this[_0x283e('0x6', 'o@1r')](/[^A|B]/g);
            };
            const _0x2afd9f = _0x433705['qfYEY']['searchAB']()[_0x283e('0x7', 'b10M')]()['replaceAll'](',', '');
            _0x433705[_0x283e('0x8', 'cuhX')](alert, _0x2afd9f);
            console['log'](_0x2afd9f);
        }
    };
    const _0x493c6e = '本工具由\x20wwBw.jsjiami.cAom\x20提供接口。\x0a专注JS安全领域近10年\x0a企业化运营\x0a专业的JS加密研发团队。'[_0x283e('0x9', 'ch)&')]()[_0x283e('0xa', '^Rl*')]()[_0x283e('0xb', 'FEg@')](',', '');
    _0x555370['wNKpT'](alert, _0x493c6e);
    console['log'](_0x493c6e);
}());
;(function (_0x26a8bf, _0x1b3d22, _0x57167a) {
    var _0x1ecaea = {
        'vDPpa': function _0x4bbe24(_0x196798, _0x28ae00) {
            return _0x196798 === _0x28ae00;
        },
        'wVdMw': _0x283e('0xc', '299L'),
        'HXEbb': 'jGZ',
        'YTjTR': 'ert',
        'Nhlic': function _0x59eb7e(_0x3ce965, _0x6ad683) {
            return _0x3ce965 !== _0x6ad683;
        },
        'oVWCQ': 'undefined',
        'QhIdU': function _0x3e047a(_0x218201, _0x37678c) {
            return _0x218201 + _0x37678c;
        },
        'WmmUB': _0x283e('0xd', '9%A%'),
        'PfMev': _0x283e('0xe', 'eU!)'),
        'EZyiI': function _0x18d526(_0x187205, _0x1c45b1) {
            return _0x187205 === _0x1c45b1;
        },
        'NRlie': _0x283e('0xf', 'PVfY'),
        'xqmSy': function _0x51338a(_0x1ca5e1, _0x4fcbee) {
            return _0x1ca5e1 + _0x4fcbee;
        }
    };
    _0x57167a = 'al';
    try {
        if (_0x1ecaea[_0x283e('0x10', 'cuhX')](_0x1ecaea['wVdMw'], _0x1ecaea[_0x283e('0x11', 'ns*5')])) {
            _0x57167a = 'al';
            try {
                _0x57167a += _0x1ecaea[_0x283e('0x12', '#xjn')];
                _0x1b3d22 = encode_version;
                if (!(_0x1ecaea[_0x283e('0x13', 'AM@r')](typeof _0x1b3d22, _0x1ecaea[_0x283e('0x14', 'Ak*G')]) && _0x1ecaea[_0x283e('0x15', 'k4b2')](_0x1b3d22, 'jsjiami.com.v5'))) {
                    _0x26a8bf[_0x57167a](_0x1ecaea[_0x283e('0x16', 'cuhX')]('删除', _0x1ecaea['WmmUB']));
                }
            } catch (_0x2c780a) {
                _0x26a8bf[_0x57167a](_0x1ecaea[_0x283e('0x17', 'UwAd')]);
            }
        } else {
            _0x57167a += 'ert';
            _0x1b3d22 = encode_version;
            if (!(typeof _0x1b3d22 !== 'undefined' && _0x1ecaea[_0x283e('0x18', 'jwV3')](_0x1b3d22, _0x1ecaea[_0x283e('0x19', 'k4b2')]))) {
                _0x26a8bf[_0x57167a](_0x1ecaea[_0x283e('0x1a', 'AM@r')]('删除', _0x283e('0x1b', 'ge&n')));
            }
        }
    } catch (_0x46de5d) {
        _0x26a8bf[_0x57167a]('删除版本号,js会定期弹窗');
    }
}(window));
encode_version = 'jsjiami.com.v5';
0x5.加密后的代码分析

大致分析一下加密后的代码都做了啥。将加密前后的代码做对比,代码体积从9行变成了159行,看起来还是不错的,比较精简。__0xeb23e中的参数明显经过了加密,看字面量像是base64,然后将23e的数组元素变换了位置。后边将代码打乱混淆了。

0x6.开始解密

首先我们尝试将加密后的代码运行一遍,如果发现可以成功运行,弹出了我们想要的值,那加密就没问题,保证了功能性始终一致。各位可以将加密前后的代码,F12调出浏览器开发者工具运行一下试试开头对数组参数的调整没什么看的,我们先将开头数组进行一个简单的解密,base64解出来都是乱码。然后看后边的一个加密函数,看到那种a~z的串,基本都是加密函数了。然后分析他的加密函数进行一个逆向。查看他做了什么。

大致解密流程就是这样子

1.分析代码结构

2.根据经验找到加密函数,分析加密函数做了什么

3.解出加密函数后就开始找代码主体,哪一块才是真正的业务代码。

0x7.捷径

如果有小白看不懂的也没关系,其实也可以通过支持在线混淆解密免费的工具jsjiami.com直接一键解密,可以说是js解密最快方式了。

java js混淆解密 js混淆在线解密_前端


java js混淆解密 js混淆在线解密_开发语言_02

java js混淆解密 js混淆在线解密_开发语言_03