求大神解下混淆代码拼接字符串流程

dmvip · 发表于 2023-4-7 14:05

本帖最后由 dmvip 于 2023-4-7 15:48 编辑

需要解密的界面

[Java] 纯文本查看 复制代码

aHR0cHM6Ly93d3cuaGRtb2xpLmNvbS9wbGF5LzE4MDMtMS0wLmh0bWw

需要解密的界面的js 地址

[Java] 纯文本查看 复制代码

aHR0cHM6Ly93d3cuaGRtb2xpLmNvbS9zdGF0aWMvanMvam0uanM6Zm9ybWF0dGVkIA

[Java] 纯文本查看 复制代码

function ldg_decode(_0x582fe5) {
    var _0x2adbe4 = {
        'JiMbC': _0xe2f6('&#8238;0', 'TAch'),
        'uYLVY': function(_0x5a3c4b, _0x12e939) {
            return _0x5a3c4b(_0x12e939);
        },
        'YbLhp': function(_0x1ef0a5, _0x2047a4) {
            return _0x1ef0a5 < _0x2047a4;
        },
        'lXWdz': function(_0x394cdb, _0xae3a76) {
            return _0x394cdb % _0xae3a76;
        },
        'ufvte': function(_0x427d26, _0xe03a78) {
            return _0x427d26 ^ _0xe03a78;
        }
    };
    const _0x59c006 = _0x2adbe4[_0xe2f6('&#8235;1', 'LN^K')];
    _0x582fe5 = _0x2adbe4[_0xe2f6('&#8238;2', '!b&K')](base64_decode, _0x582fe5);
    const _0x27f6e9 = _0x59c006[_0xe2f6('&#8235;3', '5k4m')];
    let _0xeb6bd2 = '';
    for (i = 0x0; _0x2adbe4[_0xe2f6('&#8235;4', 'S8J]')](i, _0x582fe5[_0xe2f6('&#8238;5', 'AGYA')]); i++) {
        let _0x41b975 = _0x2adbe4['lXWdz'](i, _0x27f6e9);
        _0xeb6bd2 += String[_0xe2f6('&#8235;6', 'ke40')](_0x2adbe4['ufvte'](_0x582fe5[_0xe2f6('&#8235;7', '!s0V')](i), _0x59c006[_0xe2f6('&#8235;8', 'rLmC')](_0x41b975)));
    }
    return base64_decode(_0xeb6bd2);
}

由于刚刚学习前端逆向，对应这一块混淆的代码不知道改怎么看或者把这个js 混淆解出来让他可用读，求大神解答

目前只知道重新组成字符串最后在 base64_decode ，

重新组成字符串，是如何组成的，求大神解答

外酥内嫩 · 发表于 2023-4-7 16:36

混淆的一般硬干，AST反混淆毕竟也不容易

dmvip · 发表于 2023-4-7 18:05

外酥内嫩发表于 2023-4-7 16:36
混淆的一般硬干，AST反混淆毕竟也不容易

不知道改怎么解密

y761110576 · 发表于 2023-4-7 18:32

菜鸟认为，这种混淆，手动解的话，就是调试➕解嵌套方法
一般是把加减乘除大于等于与或之类的混淆了
一般从最里面函数开始，从里到外，在调试的时候，可以看到方法名
跟着逻辑动手写，也就差不多解开了
要善用调试，当然大佬随意，大佬们会使用工具

Arcticlyc · 发表于 2023-4-7 19:18

[Python] 纯文本查看 复制代码

import base64

def ldg_decode(_0x582fe5):
    _0x59c006 = 'ItLdg666'
    _0x582fe5 = base64.b64decode(_0x582fe5.encode()).decode()
    _0x27f6e9 = len(_0x59c006)

    _0xeb6bd2 = ''
    for i in range(len(_0x582fe5)):
        _0x41b975 = i % _0x27f6e9
        _0xeb6bd2 += chr(ord(_0x582fe5[i]) ^ ord(_0x59c006[_0x41b975]))
    return base64.b64decode(_0xeb6bd2).decode()

Mr.救赎 · 发表于 2023-4-7 20:31

本帖最后由 Mr.救赎于 2023-4-7 20:33 编辑

微信截图_20230407203240.png

才两百多行代码，全部扣下来，然后解密不就得带地址了

inks · 发表于 2023-4-9 11:56

就是扣这个呗

inks · 发表于 2023-4-9 12:01

[JavaScript] 纯文本查看 复制代码

function ldg_decode(_0x582fe5) {
    var _0x2adbe4 = {
        'JiMbC': 'ItLdg666',
        'uYLVY': function (_0x5a3c4b, _0x12e939) {
            return _0x5a3c4b(_0x12e939);
        },
        'YbLhp': function (_0x1ef0a5, _0x2047a4) {
            return _0x1ef0a5 < _0x2047a4;
        },
        'lXWdz': function (_0x394cdb, _0xae3a76) {
            return _0x394cdb % _0xae3a76;
        },
        'ufvte': function (_0x427d26, _0xe03a78) {
            return _0x427d26 ^ _0xe03a78;
        }
    };
    const _0x59c006 = _0x2adbe4.JiMbC;
    _0x582fe5 = _0x2adbe4.uYLVY(base64_decode, _0x582fe5);
    const _0x27f6e9 = _0x59c006.length;
    let _0xeb6bd2 = '';
    for (i = 0; _0x2adbe4.YbLhp(i, _0x582fe5.length); i++) {
        let _0x41b975 = _0x2adbe4.lXWdz(i, _0x27f6e9);
        _0xeb6bd2 += String.fromCharCode(_0x2adbe4.ufvte(_0x582fe5.charCodeAt(i), _0x59c006.charCodeAt(_0x41b975)));
    }
    return base64_decode(_0xeb6bd2);
}
function base64_decode(_0x52c3c0) {
    var _0x41673c = {
        'fXgxm': function (_0x2a684f, _0x252612) {
            return _0x2a684f >> _0x252612;
        },
        'smTJQ': function (_0x4951b3, _0x4c24a7) {
            return _0x4951b3 == _0x4c24a7;
        },
        'eiriy': function (_0x53ba04, _0x1ade1b) {
            return _0x53ba04 | _0x1ade1b;
        },
        'CEksf': function (_0x4622b1, _0x54f286) {
            return _0x4622b1 << _0x54f286;
        },
        'NTeKW': function (_0x52d852, _0xa7b1fa) {
            return _0x52d852 & _0xa7b1fa;
        },
        'TdWNv': 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=',
        'eOOXH': function (_0x20ff16, _0x56b0fa) {
            return _0x20ff16 !== _0x56b0fa;
        },
        'JuXtC': 'PJjdJ',
        'arsSb': 'OMUIU',
        'BNzfk': function (_0x188471, _0x43b46c) {
            return _0x188471 | _0x43b46c;
        },
        'XXAtA': function (_0x5029f2, _0xd04562) {
            return _0x5029f2 << _0xd04562;
        },
        'YlWLO': function (_0x5d653e, _0x2d5b36) {
            return _0x5d653e & _0x2d5b36;
        },
        'EMSDr': function (_0x149c5d, _0xa596e6) {
            return _0x149c5d >> _0xa596e6;
        },
        'kBQNb': function (_0x56e101, _0x3249a2) {
            return _0x56e101 == _0x3249a2;
        },
        'pEXoL': function (_0x3ad6f9, _0x448cf5) {
            return _0x3ad6f9 === _0x448cf5;
        },
        'GjsAP': 'hHRwq',
        'NQSuh': function (_0x1a41b9, _0x594be5) {
            return _0x1a41b9 == _0x594be5;
        },
        'asGGF': function (_0xee32cb, _0x4004ed) {
            return _0xee32cb !== _0x4004ed;
        },
        'pBAdL': 'wWjYd',
        'iTeQJ': function (_0x6bef35, _0x179dd2) {
            return _0x6bef35 < _0x179dd2;
        }
    };
    var _0x10299c = _0x41673c.TdWNv;
    var _0x562022, _0x18f580, _0xb5dcdd, _0x23a1eb, _0x388d10, _0x4755b8, _0x5dc030, _0x28a17c, _0x532363 = 0,
        _0x189027 = 0, _0x23d4bc = '', _0x57a76b = [];
    if (!_0x52c3c0) {
        if (_0x41673c.eOOXH(_0x41673c.JuXtC, _0x41673c.arsSb)) {
            return _0x52c3c0;
        } else {
            _0x57a76b[_0x189027++] = String.fromCharCode(_0x562022);
        }
    }
    _0x52c3c0 += '';
    do {
        _0x23a1eb = _0x10299c.indexOf(_0x52c3c0.charAt(_0x532363++));
        _0x388d10 = _0x10299c.indexOf(_0x52c3c0.charAt(_0x532363++));
        _0x4755b8 = _0x10299c.indexOf(_0x52c3c0.charAt(_0x532363++));
        _0x5dc030 = _0x10299c.indexOf(_0x52c3c0.charAt(_0x532363++));
        _0x28a17c = _0x41673c.eiriy(_0x41673c.eiriy(_0x41673c.BNzfk(_0x41673c.CEksf(_0x23a1eb, 18), _0x41673c.CEksf(_0x388d10, 12)), _0x41673c.XXAtA(_0x4755b8, 6)), _0x5dc030);
        _0x562022 = _0x41673c.YlWLO(_0x41673c.fXgxm(_0x28a17c, 16), 255);
        _0x18f580 = _0x41673c.YlWLO(_0x41673c.EMSDr(_0x28a17c, 8), 255);
        _0xb5dcdd = _0x41673c.YlWLO(_0x28a17c, 255);
        if (_0x41673c.kBQNb(_0x4755b8, 64)) {
            if (_0x41673c.pEXoL(_0x41673c.GjsAP, 'RZDWn')) {
                _0x57a76b[_0x189027++] = String.fromCharCode(_0x562022, _0x18f580);
            } else {
                _0x57a76b[_0x189027++] = String.fromCharCode(_0x562022);
            }
        } else if (_0x41673c.NQSuh(_0x5dc030, 64)) {
            _0x57a76b[_0x189027++] = String.fromCharCode(_0x562022, _0x18f580);
        } else {
            if (_0x41673c.asGGF('OAAQa', _0x41673c.pBAdL)) {
                _0x57a76b[_0x189027++] = String.fromCharCode(_0x562022, _0x18f580, _0xb5dcdd);
            } else {
                var _0x2fffb0 = '6|0|3|5|4|7|1|8|2'.split('|')
                    , _0x3a0cc1 = 0;
                while (true) {
                    switch (_0x2fffb0[_0x3a0cc1++]) {
                        case '0':
                            _0x388d10 = _0x10299c.indexOf(_0x52c3c0.charAt(_0x532363++));
                            continue;
                        case '1':
                            _0x18f580 = _0x41673c.fXgxm(_0x28a17c, 8) & 255;
                            continue;
                        case '2':
                            if (_0x41673c.smTJQ(_0x4755b8, 64)) {
                                _0x57a76b[_0x189027++] = String.fromCharCode(_0x562022);
                            } else if (_0x5dc030 == 64) {
                                _0x57a76b[_0x189027++] = String.fromCharCode(_0x562022, _0x18f580);
                            } else {
                                _0x57a76b[_0x189027++] = String.fromCharCode(_0x562022, _0x18f580, _0xb5dcdd);
                            }
                            continue;
                        case '3':
                            _0x4755b8 = _0x10299c.indexOf(_0x52c3c0.charAt(_0x532363++));
                            continue;
                        case '4':
                            _0x28a17c = _0x41673c.eiriy(_0x23a1eb << 18, _0x41673c.CEksf(_0x388d10, 12)) | _0x41673c.CEksf(_0x4755b8, 6) | _0x5dc030;
                            continue;
                        case '5':
                            _0x5dc030 = _0x10299c.indexOf(_0x52c3c0.charAt(_0x532363++));
                            continue;
                        case '6':
                            _0x23a1eb = _0x10299c.indexOf(_0x52c3c0.charAt(_0x532363++));
                            continue;
                        case '7':
                            _0x562022 = _0x41673c.fXgxm(_0x28a17c, 16) & 255;
                            continue;
                        case '8':
                            _0xb5dcdd = _0x41673c.NTeKW(_0x28a17c, 255);
                            continue;
                    }
                    break;
                }
            }
        }
    } while (_0x41673c.iTeQJ(_0x532363, _0x52c3c0.length));
    _0x23d4bc = _0x57a76b.join('');
    return _0x23d4bc;
}
console.log(ldg_decode("KDweVAR+ewAFDXUePVxdQhM8IA49cQJCLTN1HitYdEwtMwpUBHUDXCtGfBIFBHxHBUceEgRPB1wrHX0UK2JeWC0gAVcEXFpdEyMrEipbZFwEGR4OKHJ4XxMwHgwpclpeECArVT4EZF0HIA1RKXFwXgcZHRMpTG8ZExkgFz1hA14rIxldKmUDQiowHVk="))

帐号		自动登录	找回密码
密码			注册[Register]

[求助] 求大神解下混淆代码拼接字符串流程