js逆向-ast混淆还原进阶案例(1)
我啥也不说,⾃⾏领悟。
混淆代码:
var  _0x1491 = ['\x77\x35\x58\x43\x6a\x33\x54\x43\x6b\x77\x77\x3d', '\x63\x63\x4f\x6e\x4a\x56\x30\x6d', '\x77\x36\x59\x53\x57\x38\x4f\x4f\x77\x6f\x6f\x3d (function (_0x3dfc24, _0x4bf57f) {
var _0x479f23 = function (_0x151040) {
while (--_0x151040) {
_0x3dfc24['push'](_0x3dfc24['shift']());
}
};
var _0x2667ef = function () {
js arguments
var _0x19882c = {
'data': {'key': 'cookie', 'value': 'timeout'},
'setCookie': function (_0x38a396, _0x198d9c, _0x53d2fc, _0x40f314) {
_0x40f314 = _0x40f314 || {};
var _0x1d0db3 = _0x198d9c + '=' + _0x53d2fc;
var _0x1c23d9 = 0x0;
for (var _0x1c23d9 = 0x0, _0x3c6a59 = _0x38a396['length']; _0x1c23d9 < _0x3c6a59; _0x1c23d9++) {
var _0x1a8423 = _0x38a396[_0x1c23d9];
_0x1d0db3 += ';\x20' + _0x1a8423;
var _0x504757 = _0x38a396[_0x1a8423];
_0x38a396['push'](_0x504757);
_0x3c6a59 = _0x38a396['length'];
if (_0x504757 !== !![]) {
_0x1d0db3 += '=' + _0x504757;
}
}
_0x40f314['cookie'] = _0x1d0db3;
},
'removeCookie': function () {
return 'dev';
},
'getCookie': function (_0x5ac218, _0x334887) {
_0x5ac218 = _0x5ac218 || function (_0x16cbc0) {
return _0x16cbc0;
};
var _0x1c3d23 = _0x5ac218(new RegExp('(?:^|;\x20)' + _0x334887['replace'](/([.$?*|{}()[]\/+^])/g, '$1') + '=([^;]*)'));
var _0x1aa17e = function (_0x39f8d3, _0x4de5a6) {
_0x39f8d3(++_0x4de5a6);
};
_0x1aa17e(_0x479f23, _0x4bf57f);
return _0x1c3d23 ? decodeURIComponent(_0x1c3d23[0x1]) : undefined;
}
};
var _0x17cb94 = function () {
var _0x4d8f44 = new RegExp('\x5cw+\x20*\x5c(\x5c)\x20*{\x5cw+\x20*[\x27|\x22].+[\x27|\x22];?\x20*}');
return _0x4d8f44['test'](_0x19882c['removeCookie']['toString']());
};
_0x19882c['updateCookie'] = _0x17cb94;
var _0x30b075 = '';
var _0x3744e8 = _0x19882c['updateCookie']();
if (!_0x3744e8) {
_0x19882c['setCookie'](['*'], 'counter', 0x1);
} else if (_0x3744e8) {
_0x30b075 = _0x19882c['getCookie'](null, 'counter');
} else {
_0x19882c['removeCookie']();
}
};
_0x2667ef();
}(_0x1491, 0x7b));
var _0x1f81 = function (_0x2c0c46, _0x5b2ac3) {
_0x2c0c46 = _0x2c0c46 - 0x0;
var _0x3b87dc = _0x1491[_0x2c0c46];
if (_0x1f81['initialized'] === undefined) {
(function () {
var _0xb97df9 = typeof window !== 'undefined' ? window : typeof process === 'object' && typeof require === 'function' && typeof global === 'object' ? globa            var _0x1acb97 = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';
_0xb97df9['atob'] || (_0xb97df9['atob'] = function (_0x3fcea8) {
var _0x1ee370 = String(_0x3fcea8)['replace'](/=+$/, '');
for (var _0x1d8de6 = 0x0, _0x22ae7a, _0x2206eb, _0x131a86 = 0x0, _0x675d6d = ''; _0x2206eb = _0x1ee370['charAt'](_0x131a86++); ~_0x2206eb &                    _0x2206eb = _0x1acb97['indexOf'](_0x2206eb);
}
return _0x675d6d;
});
}());
var _0x3e5e2d = function (_0x17adfb, _0x13df9b) {
var _0x377757 = [], _0xaaa979 = 0x0, _0x3b3a8a, _0x4dab2b = '', _0x25adf3 = '';
_0x17adfb = atob(_0x17adfb);
for (var _0x3c558f = 0x0, _0x1d2ebf = _0x17adfb['length']; _0x3c558f < _0x1d2ebf; _0x3c558f++) {
_0x25adf3 += '%' + ('00' + _0x17adfb['charCodeAt'](_0x3c558f)['toString'](0x10))['slice'](-0x2);
}
_0x17adfb = decodeURIComponent(_0x25adf3);
for (var _0x1f2b2f = 0x0; _0x1f2b2f < 0x100; _0x1f2b2f++) {
_0x377757[_0x1f2b2f] = _0x1f2b2f;
}
for (_0x1f2b2f = 0x0; _0x1f2b2f < 0x100; _0x1f2b2f++) {
_0xaaa979 = (_0xaaa979 + _0x377757[_0x1f2b2f] + _0x13df9b['charCodeAt'](_0x1f2b2f % _0x13df9b['length'])) % 0x100;
_0x3b3a8a = _0x377757[_0x1f2b2f];
_0x377757[_0x1f2b2f] = _0x377757[_0xaaa979];
_0x377757[_0xaaa979] = _0x3b3a8a;
}
_0x1f2b2f = 0x0;
_0xaaa979 = 0x0;
for (var _0x2e1891 = 0x0; _0x2e1891 < _0x17adfb['length']; _0x2e1891++) {
_0x1f2b2f = (_0x1f2b2f + 0x1) % 0x100;
_0xaaa979 = (_0xaaa979 + _0x377757[_0x1f2b2f]) % 0x100;
_0x3b3a8a = _0x377757[_0x1f2b2f];
_0x377757[_0x1f2b2f] = _0x377757[_0xaaa979];
_0x377757[_0xaaa979] = _0x3b3a8a;
_0x4dab2b += String['fromCharCode'](_0x17adfb['charCodeAt'](_0x2e1891) ^ _0x377757[(_0x377757[_0x1f2b2f] + _0x377757[_0xaaa979]) % 0x100]            }
return _0x4dab2b;
};
_0x1f81['rc4'] = _0x3e5e2d;
_0x1f81['data'] = {};
_0x1f81['initialized'] = !![];
}
var _0x7cb0ee = _0x1f81['data'][_0x2c0c46];
if (_0x7cb0ee === undefined) {
if (_0x1f81['once'] === undefined) {
var _0x6c2e85 = function (_0x3bde69) {
this['rc4Bytes'] = _0x3bde69;
this['states'] = [0x1, 0x0, 0x0];
this['newState'] = function () {
return 'newState';
};
this['firstState'] = '\x5cw+\x20*\x5c(\x5c)\x20*{\x5cw+\x20*';
this['secondState'] = '[\x27|\x22].+[\x27|\x22];?\x20*}';
};
_0x6c2e85['prototype']['checkState'] = function () {
var _0x204954 = new RegExp(this['firstState'] + this['secondState']);
return this['runState'](_0x204954['test'](this['newState']['toString']()) ? --this['states'][0x1] : --this['states'][0x0]);
};
_0x6c2e85['prototype']['runState'] = function (_0x1c9de0) {
if (!Boolean(~_0x1c9de0)) {
return _0x1c9de0;
}
return this['getState'](this['rc4Bytes']);
};
_0x6c2e85['prototype']['getState'] = function (_0xa6641f) {
for (var _0x19f84b = 0x0, _0xa22262 = this['states']['length']; _0x19f84b < _0xa22262; _0x19f84b++) {
this['states']['push'](Math['round'](Math['random']()));
_0xa22262 = this['states']['length'];
}
return _0xa6641f(this['states'][0x0]);
};
new _0x6c2e85(_0x1f81)['checkState']();
_0x1f81['once'] = !![];
}
_0x3b87dc = _0x1f81['rc4'](_0x3b87dc, _0x5b2ac3);
_0x1f81['data'][_0x2c0c46] = _0x3b87dc;
} else {
_0x3b87dc = _0x7cb0ee;
}
return _0x3b87dc;
};
setInterval(function () {
var _0x5904a4 = {
'EIaeO': function _0x5b0577(_0x10167c) {
return _0x10167c();
}
};
_0x5904a4[_0x1f81('0x0', '\x61\x4b\x6d\x35')];
}, 0xfa0);
var _0xf3d9f8 = {}, _0x311965 = {};
(function (_0x109ee7, _0x3a5cb7) {
var _0x4db5e5 = {
'nsJoa': _0x1f81('0x1', '\x24\x42\x34\x4e'), 'wNhrV': function _0x495ba2(_0x4d9e7c) {
return _0x4d9e7c();
}, 'ePCTb': _0x1f81('0x2', '\x73\x71\x34\x36'), 'ARHHO': function _0xc16e7b(_0x52bb36, _0x5aa21b, _0x1eda73) {
return _0x52bb36(_0x5aa21b, _0x1eda73);
}, 'zPDXW': _0x1f81('0x3', '\x54\x33\x31\x48'), 'udoaA': function _0x3ca0e8(_0x59461b, _0x986648) {
return _0x59461b !== _0x986648;
}, 'VJyxZ': _0x1f81('0x4', '\x49\x31\x67\x42'), 'pHYVG': _0x1f81('0x5', '\x4d\x49\x65\x64')
};
var _0x3d0d31 = _0x4db5e5[_0x1f81('0x6', '\x57\x33\x63\x67')][_0x1f81('0x7', '\x21\x79\x23\x57')]('\x7c'),
_0x36a8d7 = 0x0;
while (!![]) {
switch (_0x3d0d31[_0x36a8d7++]) {
case'\x30':
_0x4db5e5[_0x1f81('0x8', '\x53\x5a\x5d\x41')](_0x140713);
continue;
case'\x31':
var _0x440a30 = function () {
var _0x28e28f = {
'KFHDo': function _0x543e69(_0xd28702, _0x203ba9) {
return _0x578ff0[_0x1f81('0x9', '\x69\x72\x58\x46')](_0xd28702, _0x203ba9);
},
'juCTS': _0x578ff0[_0x1f81('0xa', '\x4e\x67\x44\x72')],
'EegXm': function _0x478322(_0x3fc71c) {
return _0x578ff0[_0x1f81('0xb', '\x79\x6d\x76\x5b')](_0x3fc71c);
}
};
var _0x333865 = !![];
return function (_0x3bb96b, _0x442e92) {
var _0x24e638 = _0x333865 ? function () {
if (_0x442e92) {
if (_0x28e28f[_0x1f81('0xc', '\x58\x76\x64\x55')](_0x28e28f[_0x1f81('0xd', '\x6b\x63\x74\x71')], _0x28e28f[_0x1f81('0xe', '\x4d\x44\x5d\x61')]                                    _0x28e28f[_0x1f81('0xf', '\x66\x23\x50\x39')](_0x1c3a01);
} else {
var _0x291809 = _0x442e92[_0x1f81('0x10', '\x61\x4b\x6d\x35')](_0x3bb96b, arguments);
_0x442e92 = null;
return _0x291809;
}
}
} : function () {
};
_0x333865 = ![];
return _0x24e638;
};
}();
continue;
case'\x32':
_0x3a5cb7[_0x1f81('0x11', '\x53\x5a\x5d\x41')] = _0x4db5e5[_0x1f81('0x12', '\x5a\x48\x46\x76')];
continue;
case'\x33':
var _0x140713 = _0x4db5e5[_0x1f81('0x13', '\x38\x43\x39\x5b')](_0x440a30, this, function () {
var _0x1d6f1a = {
'MznFK': function _0x3bf0b2(_0x248b68, _0x503ce0) {
return _0x248b68 === _0x503ce0;
},
'FlVOS': _0x1f81('0x14', '\x5a\x48\x46\x76'),
'kwWHJ': _0x1f81('0x15', '\x4d\x49\x65\x64'),
'BECPd': function _0x1540a3(_0x4cad0, _0x5e5d32) {
return _0x4cad0 !== _0x5e5d32;
},
'hLxQa': _0x1f81('0x16', '\x54\x63\x67\x78'),
'sikBg': _0x1f81('0x17', '\x21\x79\x23\x57'),
'pGEbE': function _0x476f96(_0x5d9eb1, _0x36dc90) {
return _0x5d9eb1 === _0x36dc90;
},
'PfnSJ': _0x1f81('0x18', '\x73\x71\x34\x36'),
'LlkSs': _0x1f81('0x19', '\x6b\x63\x74\x71')
};
if (_0x1d6f1a[_0x1f81('0x1a', '\x57\x6d\x78\x76')](_0x1d6f1a[_0x1f81('0x1b', '\x6b\x63\x74\x71')], _0x1d6f1a[_0x1f81('0x1c', '\x77\x72\x48\x74')])) {                    } else {
var _0x31f4ee = function () {
};
var _0x46e439 = _0x1d6f1a[_0x1f81('0x1d', '\x38\x43\x39\x5b')](typeof window, _0x1d6f1a[_0x1f81('0x1e', '\x4c\x39\x21\x4c')]) ? window : _0x1d                        if (!_0x46e439[_0x1f
81('0x25', '\x58\x43\x78\x6a')]) {
_0x46e439[_0x1f81('0x26', '\x57\x6d\x78\x76')] = function (_0x29af64) {
var _0x402688 = {'foLCb': _0x1f81('0x27', '\x69\x72\x58\x46')};
var _0x1d7f43 = _0x402688[_0x1f81('0x28', '\x57\x6d\x78\x76')][_0x1f81('0x29', '\x58\x43\x78\x6a')]('\x7c'),
_0x35d8c6 = 0x0;
while (!![]) {
switch (_0x1d7f43[_0x35d8c6++]) {
case'\x30':
_0x4d6910[_0x1f81('0x2a', '\x2a\x21\x4d\x36')] = _0x29af64;
continue;
case'\x31':
_0x4d6910[_0x1f81('0x2b', '\x77\x4d\x36\x40')] = _0x29af64;
continue;
case'\x32':
var _0x4d6910 = {};
continue;
case'\x33':
_0x4d6910[_0x1f81('0x2c', '\x28\x4d\x5b\x58')] = _0x29af64;
continue;
case'\x34':
return _0x4d6910;
case'\x35':
_0x4d6910[_0x1f81('0x2d', '\x4c\x40\x41\x5e')] = _0x29af64;
continue;
case'\x36':
_0x4d6910[_0x1f81('0x2e', '\x6b\x74\x62\x7a')] = _0x29af64;
continue;
case'\x37':
_0x4d6910[_0x1f81('0x2f', '\x39\x6c\x6c\x34')] = _0x29af64;
continue;
case'\x38':
_0x4d6910[_0x1f81('0x30', '\x73\x25\x50\x28')] = _0x29af64;
continue;
}
break;
}
}(_0x31f4ee);
} else {
var _0x289a30 = _0x1d6f1a[_0x1f81('0x31', '\x53\x25\x24\x36')][_0x1f81('0x32', '\x4d\x44\x5d\x61')]('\x7c'),                                _0x2690ba = 0x0;
while (!![]) {
switch (_0x289a30[_0x2690ba++]) {
case'\x30':
_0x46e439[_0x1f81('0x33', '\x41\x79\x6e\x75')][_0x1f81('0x34', '\x57\x33\x63\x67')] = _0x31f4ee;                                        continue;
case'\x31':
_0x46e439[_0x1f81('0x35', '\x4c\x40\x41\x5e')][_0x1f81('0x36', '\x58\x43\x78\x6a')] = _0x31f4ee;                                        continue;
case'\x32':
_0x46e439[_0x1f81('0x37', '\x69\x72\x58\x46')][_0x1f81('0x38', '\x32\x4e\x73\x26')] = _0x31f4ee;                                        continue;
case'\x33':
_0x46e439[_0x1f81('0x33', '\x41\x79\x6e\x75')][_0x1f81('0x39', '\x49\x64\x26\x45')] = _0x31f4ee;                                        continue;
case'\x34':
_0x46e439[_0x1f81('0x3a', '\x5e\x55\x35\x68')][_0x1f81('0x3b', '\x41\x79\x6e\x75')] = _0x31f4ee;                                        continue;
case'\x35':
_0x46e439[_0x1f81('0x3c', '\x5a\x28\x41\x31')][_0x1f81('0x3d', '\x5a\x28\x41\x31')] = _0x31f4ee;                                        continue;
case'\x36':
_0x46e439[_0x1f81('0x3e', '\x73\x25\x50\x28')][_0x1f81('0x3f', '\x21\x6a\x28\x34')] = _0x31f4ee;
continue;
}
break;
}
}
}
});
continue;
case'\x34':
_0x109ee7[_0x1f81('0x40', '\x2a\x29\x51\x32')] = _0x4db5e5[_0x1f81('0x41', '\x38\x43\x39\x5b')];
continue;
case'\x35':
var _0x578ff0 = {
'Rcwmu': function _0x1c8960(_0x585fbe, _0x2d92a6) {
return _0x4db5e5[_0x1f81('0x42', '\x4d\x44\x5d\x61')](_0x585fbe, _0x2d92a6);
}, 'SpBHG': _0x4db5e5[_0x1f81('0x43', '\x28\x4d\x5b\x58')], 'Sjxzi': function _0x5c3bb5(_0x2708a5) {
return _0x4db5e5[_0x1f81('0x44', '\x66\x23\x50\x39')](_0x2708a5);
}
};
continue;
case'\x36':
_0x3a5cb7[_0x1f81('0x45', '\x2a\x7a\x30\x2a')] = _0x4db5e5[_0x1f81('0x46', '\x5a\x48\x46\x76')];
continue;
}
break;
}
}(_0xf3d9f8, _0x311965));
;(function (_0x4aa907, _0x2751cd, _0x56d2cc) {
var _0x56f8b2 = {
'blhFx': _0x1f81('0x47', '\x77\x4d\x36\x40'),

版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。