求大神解下混淆代码拼接字符串流程
本帖最后由 dmvip 于 2023-4-7 15:48 编辑需要解密的界面aHR0cHM6Ly93d3cuaGRtb2xpLmNvbS9wbGF5LzE4MDMtMS0wLmh0bWw
需要解密的界面 的js 地址
aHR0cHM6Ly93d3cuaGRtb2xpLmNvbS9zdGF0aWMvanMvam0uanM6Zm9ybWF0dGVkIA
function ldg_decode(_0x582fe5) {
var _0x2adbe4 = {
'JiMbC': _0xe2f6('0', 'TAch'),
'uYLVY': function(_0x5a3c4b, _0x12e939) {
return _0x5a3c4b(_0x12e939);
},
'YbLhp': function(_0x1ef0a5, _0x2047a4) {
return _0x1ef0a5 < _0x2047a4;
},
'lXWdz': function(_0x394cdb, _0xae3a76) {
return _0x394cdb % _0xae3a76;
},
'ufvte': function(_0x427d26, _0xe03a78) {
return _0x427d26 ^ _0xe03a78;
}
};
const _0x59c006 = _0x2adbe4;
_0x582fe5 = _0x2adbe4(base64_decode, _0x582fe5);
const _0x27f6e9 = _0x59c006;
let _0xeb6bd2 = '';
for (i = 0x0; _0x2adbe4')](i, _0x582fe5); i++) {
let _0x41b975 = _0x2adbe4['lXWdz'](i, _0x27f6e9);
_0xeb6bd2 += String(_0x2adbe4['ufvte'](_0x582fe5(i), _0x59c006(_0x41b975)));
}
return base64_decode(_0xeb6bd2);
}
由于刚刚学习前端逆向,对应这一块混淆的代码不知道改怎么看或者把这个js 混淆解出来让他可用读,求大神解答
目前只知道 重新组成 字符串 最后在base64_decode,
重新组成字符串,是如何组成的,求大神解答 混淆的一般硬干,AST反混淆毕竟也不容易 外酥内嫩 发表于 2023-4-7 16:36
混淆的一般硬干,AST反混淆毕竟也不容易
不知道改怎么解密 菜鸟认为,这种混淆,手动解的话,就是调试➕解嵌套方法
一般是把加减乘除大于等于与或之类的混淆了
一般从最里面函数开始,从里到外,在调试的时候,可以看到方法名
跟着逻辑动手写,也就差不多解开了
要善用调试,当然大佬随意,大佬们会使用工具{:301_971:} import base64
def ldg_decode(_0x582fe5):
_0x59c006 = 'ItLdg666'
_0x582fe5 = base64.b64decode(_0x582fe5.encode()).decode()
_0x27f6e9 = len(_0x59c006)
_0xeb6bd2 = ''
for i in range(len(_0x582fe5)):
_0x41b975 = i % _0x27f6e9
_0xeb6bd2 += chr(ord(_0x582fe5) ^ ord(_0x59c006))
return base64.b64decode(_0xeb6bd2).decode() 本帖最后由 Mr.救赎 于 2023-4-7 20:33 编辑
才两百多行代码,全部扣下来, 然后解密不就得带地址了 就是扣这个呗 function ldg_decode(_0x582fe5) {
var _0x2adbe4 = {
'JiMbC': 'ItLdg666',
'uYLVY': function (_0x5a3c4b, _0x12e939) {
return _0x5a3c4b(_0x12e939);
},
'YbLhp': function (_0x1ef0a5, _0x2047a4) {
return _0x1ef0a5 < _0x2047a4;
},
'lXWdz': function (_0x394cdb, _0xae3a76) {
return _0x394cdb % _0xae3a76;
},
'ufvte': function (_0x427d26, _0xe03a78) {
return _0x427d26 ^ _0xe03a78;
}
};
const _0x59c006 = _0x2adbe4.JiMbC;
_0x582fe5 = _0x2adbe4.uYLVY(base64_decode, _0x582fe5);
const _0x27f6e9 = _0x59c006.length;
let _0xeb6bd2 = '';
for (i = 0; _0x2adbe4.YbLhp(i, _0x582fe5.length); i++) {
let _0x41b975 = _0x2adbe4.lXWdz(i, _0x27f6e9);
_0xeb6bd2 += String.fromCharCode(_0x2adbe4.ufvte(_0x582fe5.charCodeAt(i), _0x59c006.charCodeAt(_0x41b975)));
}
return base64_decode(_0xeb6bd2);
}
function base64_decode(_0x52c3c0) {
var _0x41673c = {
'fXgxm': function (_0x2a684f, _0x252612) {
return _0x2a684f >> _0x252612;
},
'smTJQ': function (_0x4951b3, _0x4c24a7) {
return _0x4951b3 == _0x4c24a7;
},
'eiriy': function (_0x53ba04, _0x1ade1b) {
return _0x53ba04 | _0x1ade1b;
},
'CEksf': function (_0x4622b1, _0x54f286) {
return _0x4622b1 << _0x54f286;
},
'NTeKW': function (_0x52d852, _0xa7b1fa) {
return _0x52d852 & _0xa7b1fa;
},
'TdWNv': 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=',
'eOOXH': function (_0x20ff16, _0x56b0fa) {
return _0x20ff16 !== _0x56b0fa;
},
'JuXtC': 'PJjdJ',
'arsSb': 'OMUIU',
'BNzfk': function (_0x188471, _0x43b46c) {
return _0x188471 | _0x43b46c;
},
'XXAtA': function (_0x5029f2, _0xd04562) {
return _0x5029f2 << _0xd04562;
},
'YlWLO': function (_0x5d653e, _0x2d5b36) {
return _0x5d653e & _0x2d5b36;
},
'EMSDr': function (_0x149c5d, _0xa596e6) {
return _0x149c5d >> _0xa596e6;
},
'kBQNb': function (_0x56e101, _0x3249a2) {
return _0x56e101 == _0x3249a2;
},
'pEXoL': function (_0x3ad6f9, _0x448cf5) {
return _0x3ad6f9 === _0x448cf5;
},
'GjsAP': 'hHRwq',
'NQSuh': function (_0x1a41b9, _0x594be5) {
return _0x1a41b9 == _0x594be5;
},
'asGGF': function (_0xee32cb, _0x4004ed) {
return _0xee32cb !== _0x4004ed;
},
'pBAdL': 'wWjYd',
'iTeQJ': function (_0x6bef35, _0x179dd2) {
return _0x6bef35 < _0x179dd2;
}
};
var _0x10299c = _0x41673c.TdWNv;
var _0x562022, _0x18f580, _0xb5dcdd, _0x23a1eb, _0x388d10, _0x4755b8, _0x5dc030, _0x28a17c, _0x532363 = 0,
_0x189027 = 0, _0x23d4bc = '', _0x57a76b = [];
if (!_0x52c3c0) {
if (_0x41673c.eOOXH(_0x41673c.JuXtC, _0x41673c.arsSb)) {
return _0x52c3c0;
} else {
_0x57a76b = String.fromCharCode(_0x562022);
}
}
_0x52c3c0 += '';
do {
_0x23a1eb = _0x10299c.indexOf(_0x52c3c0.charAt(_0x532363++));
_0x388d10 = _0x10299c.indexOf(_0x52c3c0.charAt(_0x532363++));
_0x4755b8 = _0x10299c.indexOf(_0x52c3c0.charAt(_0x532363++));
_0x5dc030 = _0x10299c.indexOf(_0x52c3c0.charAt(_0x532363++));
_0x28a17c = _0x41673c.eiriy(_0x41673c.eiriy(_0x41673c.BNzfk(_0x41673c.CEksf(_0x23a1eb, 18), _0x41673c.CEksf(_0x388d10, 12)), _0x41673c.XXAtA(_0x4755b8, 6)), _0x5dc030);
_0x562022 = _0x41673c.YlWLO(_0x41673c.fXgxm(_0x28a17c, 16), 255);
_0x18f580 = _0x41673c.YlWLO(_0x41673c.EMSDr(_0x28a17c, 8), 255);
_0xb5dcdd = _0x41673c.YlWLO(_0x28a17c, 255);
if (_0x41673c.kBQNb(_0x4755b8, 64)) {
if (_0x41673c.pEXoL(_0x41673c.GjsAP, 'RZDWn')) {
_0x57a76b = String.fromCharCode(_0x562022, _0x18f580);
} else {
_0x57a76b = String.fromCharCode(_0x562022);
}
} else if (_0x41673c.NQSuh(_0x5dc030, 64)) {
_0x57a76b = String.fromCharCode(_0x562022, _0x18f580);
} else {
if (_0x41673c.asGGF('OAAQa', _0x41673c.pBAdL)) {
_0x57a76b = String.fromCharCode(_0x562022, _0x18f580, _0xb5dcdd);
} else {
var _0x2fffb0 = '6|0|3|5|4|7|1|8|2'.split('|')
, _0x3a0cc1 = 0;
while (true) {
switch (_0x2fffb0) {
case '0':
_0x388d10 = _0x10299c.indexOf(_0x52c3c0.charAt(_0x532363++));
continue;
case '1':
_0x18f580 = _0x41673c.fXgxm(_0x28a17c, 8) & 255;
continue;
case '2':
if (_0x41673c.smTJQ(_0x4755b8, 64)) {
_0x57a76b = String.fromCharCode(_0x562022);
} else if (_0x5dc030 == 64) {
_0x57a76b = String.fromCharCode(_0x562022, _0x18f580);
} else {
_0x57a76b = String.fromCharCode(_0x562022, _0x18f580, _0xb5dcdd);
}
continue;
case '3':
_0x4755b8 = _0x10299c.indexOf(_0x52c3c0.charAt(_0x532363++));
continue;
case '4':
_0x28a17c = _0x41673c.eiriy(_0x23a1eb << 18, _0x41673c.CEksf(_0x388d10, 12)) | _0x41673c.CEksf(_0x4755b8, 6) | _0x5dc030;
continue;
case '5':
_0x5dc030 = _0x10299c.indexOf(_0x52c3c0.charAt(_0x532363++));
continue;
case '6':
_0x23a1eb = _0x10299c.indexOf(_0x52c3c0.charAt(_0x532363++));
continue;
case '7':
_0x562022 = _0x41673c.fXgxm(_0x28a17c, 16) & 255;
continue;
case '8':
_0xb5dcdd = _0x41673c.NTeKW(_0x28a17c, 255);
continue;
}
break;
}
}
}
} while (_0x41673c.iTeQJ(_0x532363, _0x52c3c0.length));
_0x23d4bc = _0x57a76b.join('');
return _0x23d4bc;
}
console.log(ldg_decode("KDweVAR+ewAFDXUePVxdQhM8IA49cQJCLTN1HitYdEwtMwpUBHUDXCtGfBIFBHxHBUceEgRPB1wrHX0UK2JeWC0gAVcEXFpdEyMrEipbZFwEGR4OKHJ4XxMwHgwpclpeECArVT4EZF0HIA1RKXFwXgcZHRMpTG8ZExkgFz1hA14rIxldKmUDQiowHVk="))
页:
[1]