纯人工手解jsjiami.v5|jsjiami.v6过程分析记录
2023-04-23 本文已影响0人
麻瓜三号
JSJiami.v6是一种JavaScript代码混淆工具,它可以将JavaScript代码转化为难以理解和阅读的形式,从而增强代码的保密性和安全性。在本文中,我们将介绍JSJiami.v6的工作原理,并提供一些实际的案例代码。
JSJiami.v6的工作原理 JSJiami.v6采用了多种混淆技术,包括代码结构转化、变量重命名、字符串加密、控制流混淆等。具体而言,JSJiami.v6将原始JavaScript代码分析成一个抽象语法树(AST),然后通过对AST进行各种混淆操作来生成混淆后的代码。下面是一些混淆技术的例子:
代码结构转化:将原始代码中的一些语句重组成不同的结构,以使代码更难以理解和分析。 变量重命名:将原始代码中的变量名称替换为不相关的名称,从而增加代码的混淆度。 字符串加密:将原始代码中的字符串转换为加密的形式,以使它们更难以被识别和解码。 控制流混淆:修改代码中的控制流结构,如if语句、while循环等,以使代码的执行流程更难以预测。
案例代码
下面是一个简单的JavaScript代码段:
function add(a, b) {
return a + b;
}
使用JSJiami.v6进行混淆后,代码如下所示:
var _0xodF='jsjiami.com.v6',_0xodF_=['_0xodF'],_0x2a22=[_0xodF,'wqnDucOtwoTDvg==','jWpsjYiapmgiUJ.com.v6TXhVwQnXg=='];if(function(_0x485a00,_0x5bd606,_0x411d47){function _0x22ad00(_0x515f50,_0x37487a,_0x1ba3ad,_0x562901,_0x53c014,_0x37d0fb){_0x37487a=_0x37487a>>0x8,_0x53c014='po';var _0x1ba2cf='shift',_0x2cad2e='push',_0x37d0fb='';if(_0x37487a<_0x515f50){while(--_0x515f50){_0x562901=_0x485a00[_0x1ba2cf]();if(_0x37487a===_0x515f50&&_0x37d0fb===''&&_0x37d0fb['length']===0x1){_0x37487a=_0x562901,_0x1ba3ad=_0x485a00[_0x53c014+'p']();}else if(_0x37487a&&_0x1ba3ad['replace'](/[WpYpgUJTXhVwQnXg=]/g,'')===_0x37487a){_0x485a00[_0x2cad2e](_0x562901);}}_0x485a00[_0x2cad2e](_0x485a00[_0x1ba2cf]());}return 0x12c353;};return _0x22ad00(++_0x5bd606,_0x411d47)>>_0x5bd606^_0x411d47;}(_0x2a22,0x19c,0x19c00),_0x2a22){_0xodF_=_0x2a22['length']^0x19c;};function _0x25c1(_0x30b8ca,_0x106a6f){_0x30b8ca=~~'0x'['concat'](_0x30b8ca['slice'](0x1));var _0x34480d=_0x2a22[_0x30b8ca];if(_0x25c1['EFCvym']===undefined){(function(){var _0x29fb0a=typeof window!=='undefined'?window:typeof process==='object'&&typeof require==='function'&&typeof global==='object'?global:this;var _0x3454ef='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';_0x29fb0a['atob']||(_0x29fb0a['atob']=function(_0xfc9141){var _0x539cc3=String(_0xfc9141)['replace'](/=+$/,'');for(var _0x33708b=0x0,_0x5c0be1,_0x197903,_0x5e33ea=0x0,_0x160b4c='';_0x197903=_0x539cc3['charAt'](_0x5e33ea++);~_0x197903&&(_0x5c0be1=_0x33708b%0x4?_0x5c0be1*0x40+_0x197903:_0x197903,_0x33708b++%0x4)?_0x160b4c+=String['fromCharCode'](0xff&_0x5c0be1>>(-0x2*_0x33708b&0x6)):0x0){_0x197903=_0x3454ef['indexOf'](_0x197903);}return _0x160b4c;});}());function _0x45a369(_0x17f0e3,_0x106a6f){var _0x7e9608=[],_0x88e29=0x0,_0x418b04,_0x4c87ee='',_0x484fed='';_0x17f0e3=atob(_0x17f0e3);for(var _0x1d20ac=0x0,_0x3e8cbc=_0x17f0e3['length'];_0x1d20ac<_0x3e8cbc;_0x1d20ac++){_0x484fed+='%'+('00'+_0x17f0e3['charCodeAt'](_0x1d20ac)['toString'](0x10))['slice'](-0x2);}_0x17f0e3=decodeURIComponent(_0x484fed);for(var _0x7715=0x0;_0x7715<0x100;_0x7715++){_0x7e9608[_0x7715]=_0x7715;}for(_0x7715=0x0;_0x7715<0x100;_0x7715++){_0x88e29=(_0x88e29+_0x7e9608[_0x7715]+_0x106a6f['charCodeAt'](_0x7715%_0x106a6f['length']))%0x100;_0x418b04=_0x7e9608[_0x7715];_0x7e9608[_0x7715]=_0x7e9608[_0x88e29];_0x7e9608[_0x88e29]=_0x418b04;}_0x7715=0x0;_0x88e29=0x0;for(var _0x4bae48=0x0;_0x4bae48<_0x17f0e3['length'];_0x4bae48++){_0x7715=(_0x7715+0x1)%0x100;_0x88e29=(_0x88e29+_0x7e9608[_0x7715])%0x100;_0x418b04=_0x7e9608[_0x7715];_0x7e9608[_0x7715]=_0x7e9608[_0x88e29];_0x7e9608[_0x88e29]=_0x418b04;_0x4c87ee+=String['fromCharCode'](_0x17f0e3['charCodeAt'](_0x4bae48)^_0x7e9608[(_0x7e9608[_0x7715]+_0x7e9608[_0x88e29])%0x100]);}return _0x4c87ee;}_0x25c1['xZXAoo']=_0x45a369;_0x25c1['OTcLRZ']={};_0x25c1['EFCvym']=!![];}var _0x2feba0=_0x25c1['OTcLRZ'][_0x30b8ca];if(_0x2feba0===undefined){if(_0x25c1['EzxfHq']===undefined){_0x25c1['EzxfHq']=!![];}_0x34480d=_0x25c1['xZXAoo'](_0x34480d,_0x106a6f);_0x25c1['OTcLRZ'][_0x30b8ca]=_0x34480d;}else{_0x34480d=_0x2feba0;}return _0x34480d;};function add(_0x1cfed8,_0x30dfda){var _0x2d8685={'BfAzx':function(_0x50c4e3,_0x351826){return _0x50c4e3+_0x351826;}};return _0x2d8685[_0x25c1('0','*J5B')](_0x1cfed8,_0x30dfda);};
混淆后的代码包括一个eval函数,该函数将一个字符串作为参数,并将其解释为JavaScript代码。字符串本身包含一个匿名函数,该函数包含原始代码的混淆版本。该匿名函数使用字符串加密技术将原始代码的参数和返回值重命名为1、2和3,并将其重新组合成一个新的函数。该函数的返回值也被字符串加密为一个字符串。
总结 JSJiami.v6是一种强大的JavaScript代码混淆工具,它可以有效地保护JavaScript代码。