f9

ast/decode2.js

@@ -273,7 +273,7 @@ function i(n) {
         u = o[n];
     } else {
         for (var c = a(n), u = "", f = 0; f < c["length"]; ++f) {
-            var s = "Pgc8p6l"["charCodeAt"](f % 7);
+            var s = "EjAWylS"["charCodeAt"](f % 7);
             u += String["fromCharCode"](s ^ c["charCodeAt"](f));
         }
         o[n] = u;

ast/yuchuli.js

@@ -7,7 +7,7 @@ const generator = require("@babel/generator").default;
 
 
 //js混淆代码读取
-process.argv.length > 2 ? encodeFile = process.argv[2] : encodeFile = "./ree.js";  //默认的js文件
+process.argv.length > 2 ? encodeFile = process.argv[2] : encodeFile = "./main.js";  //默认的js文件
 // process.argv.length > 2 ? encodeFile = process.argv[2] : encodeFile = "./decodeResult22.js";  //默认的js文件
 process.argv.length > 3 ? decodeFile = process.argv[3] : decodeFile = encodeFile.replace(".js", "") + "_ok.js";
 

ast2/decode.js

+const fs = require('fs');
+const types = require("@babel/types");
+const parser = require("@babel/parser");
+const template = require("@babel/template").default;
+const traverse = require("@babel/traverse").default;
+const generator = require("@babel/generator").default;
+
+
+//js混淆代码读取
+process.argv.length > 2 ? encodeFile = process.argv[2] : encodeFile = "./init_ok.js";  //默认的js文件
+process.argv.length > 3 ? decodeFile = process.argv[3] : decodeFile = encodeFile.slice(0, encodeFile.length - 3) + "_ok.js";
+
+//将源代码解析为AST
+let sourceCode = fs.readFileSync(encodeFile, {encoding: "utf-8"});
+let ast = parser.parse(sourceCode);
+console.time("处理完毕，耗时");
+
+//还原object
+traverse(ast, {
+    VariableDeclaration(path) {
+        let {node} = path;
+        let declarations = node.declarations;
+        let res = [];
+        if (declarations.length <=1)return;
+        for (const declaration of declarations) {
+            res.push(types.variableDeclaration('var', [declaration]))
+        }
+        path.replaceWithMultiple(res);
+    }
+})
+//还原object
+traverse(ast, {
+    VariableDeclaration(path) {
+        let {scope, node} = path;
+        let {declarations} = node;
+        if (!declarations) return
+
+        if (declarations.length !== 1) return;
+
+        let {id, init} = declarations[0]
+        if (!types.isObjectExpression(init)) return
+        let {properties} = init;
+
+        if (properties.length === 0) return;
+        for (let i = 0; i < properties.length; i++) {
+            let {key, value} = properties[i];
+            if (!types.isNumericLiteral(value)) return
+        }
+
+
+        let binding = scope.getBinding(id.name);
+        if (!binding) return
+        let {constant, referencePaths, constantViolations} = binding;
+        if (!constant) {//新版本的babel库，在循环里面的变量定义，默认非常量
+            if (constantViolations.length != 1 || constantViolations[0] != path) //旧版本屏蔽该行即可
+            {
+                return;
+            }
+        }
+
+        let newMap = new Map();
+        for (const property of properties) {
+            let {key, value} = property;
+            newMap.set(key.name, value);
+        }
+
+        let canBeRemoved = true;
+        for (const referPath of referencePaths) {
+            let {parentPath} = referPath;
+            if (!parentPath.isMemberExpression()) {
+                canBeRemoved = false;
+                return;
+            }
+
+            let AncestorPath = parentPath.parentPath;
+
+            if (AncestorPath.isAssignmentExpression({"left": parentPath.node})) {
+                canBeRemoved = false;
+                return;
+            }
+            if (AncestorPath.isUpdateExpression() && ['++', '--'].includes(AncestorPath.node.operator)) {
+                canBeRemoved = false;
+                return;
+            }
+
+            let curKey = parentPath.node.property.name;
+            if (!newMap.has(curKey)) {
+                canBeRemoved = false;
+                break;
+            }
+            parentPath.replaceWith(newMap.get(curKey));
+        }
+        canBeRemoved && path.remove();
+        newMap.clear();
+    }
+})
+
+console.timeEnd("处理完毕，耗时");
+let {code} = generator(ast, opts = {
+    "compact": false,  // 是否压缩代码
+    "comments": false,  // 是否保留注释
+    "jsescOption": {"minimal": true},  //Unicode转义
+});
+
+fs.writeFile(decodeFile, code, (err) => {
+});
\ No newline at end of file

ast2/main.js

+const fs = require('fs');
+const types = require("@babel/types");
+const parser = require("@babel/parser");
+const template = require("@babel/template").default;
+const traverse = require("@babel/traverse").default;
+const generator = require("@babel/generator").default;
+
+
+//js混淆代码读取
+process.argv.length > 2 ? encodeFile = process.argv[2] : encodeFile = "./main.src.js";  //默认的js文件
+process.argv.length > 3 ? decodeFile = process.argv[3] : decodeFile = encodeFile.slice(0, encodeFile.length - 3) + "_ok.js";
+
+//将源代码解析为AST
+let sourceCode = fs.readFileSync(encodeFile, { encoding: "utf-8" });
+let ast = parser.parse(sourceCode);
+console.time("处理完毕，耗时");
+
+
+
+const callToConditionalExpression =
+{
+	CallExpression: {
+		exit(path) {
+			let { callee, arguments } = path.node;
+			if (arguments.length != 1 || !types.isConditionalExpression(arguments[0])) {
+				return;
+			}
+
+			let { test, consequent, alternate } = arguments[0];
+
+			let consequentCallNode = types.CallExpression(callee, [consequent]);
+			let alternateCallNode = types.CallExpression(callee, [alternate]);
+
+			let ConditionalNode = types.ConditionalExpression(test, consequentCallNode, alternateCallNode);
+
+			path.replaceWith(ConditionalNode);
+		}
+
+	},
+}
+
+traverse(ast, callToConditionalExpression);
+
+
+let window = globalThis;
+let decodeCode = "";
+let funcName = "";
+
+const getAtobSourceCode =
+{
+	FunctionDeclaration(path) {
+		let name = path.node.id.name;
+		let sourceCode = path.toString();
+		if (!sourceCode.includes("fromCharCode") || !sourceCode.includes("charCodeAt")) {
+			return;
+		}
+
+		let allPrevSiblings = path.getAllPrevSiblings();
+		if (allPrevSiblings.length < 1) {
+			return;
+		}
+
+		if (!allPrevSiblings[0].isVariableDeclaration()) {
+			return;
+		}
+
+
+		for (let prevSibling of allPrevSiblings.reverse())  //这里的reverse确保代码的执行流程一致。
+		{
+			decodeCode += prevSibling.toString();
+		}
+
+		decodeCode += sourceCode;
+		eval(decodeCode);
+
+		funcName = name;
+		globalThis[funcName] = eval(funcName);
+
+
+
+		if (true) {//使用块级作用域分离代码
+
+			function calcCallExpression(name, path) {
+
+				let { scope, node } = path;
+
+				if (name != funcName) {
+					return;
+				}
+
+				let binding = undefined;
+				if (path.isVariableDeclarator()) {
+					binding = scope.getBinding(node.id.name);
+					if (!binding || binding.constantViolations.length > 1) {
+
+						return;
+					}
+
+					if (binding.constantViolations.length == 1 && binding.constantViolations[0] != path) {
+
+						return;
+					}
+				}
+				else if (path.isAssignmentExpression() && path.get('left').isIdentifier()) {
+					binding = scope.getBinding(node.left.name);
+					if (!binding || binding.constantViolations.length != 1) {
+
+						return;
+					}
+				}
+
+				if (!binding) return;
+
+				for (let referPath of binding.referencePaths) {
+
+					let { parentPath, node } = referPath;
+
+					if (parentPath.isVariableDeclarator({ "init": node }) || parentPath.isAssignmentExpression({ "right": node })) {
+						calcCallExpression(name, parentPath);
+					}
+
+					if (!parentPath.isCallExpression({ "callee": node })) {
+
+						continue;
+					}
+
+					let { arguments } = parentPath.node;
+
+					if (arguments.length != 1 || !types.isStringLiteral(arguments[0])) {
+
+						continue;
+					}
+					let value = globalThis[funcName](arguments[0].value);
+					console.log(parentPath.toString(), "--->", value);
+					parentPath.replaceWith(types.valueToNode(value));
+				}
+
+			}
+
+			let scope = path.parentPath.scope;
+			let binding = scope.getBinding(name);
+
+			for (let referPath of binding.referencePaths) {
+
+				let { parentPath, node } = referPath;
+
+				if (parentPath.isVariableDeclarator({ "init": node }) || parentPath.isAssignmentExpression({ "right": node })) {
+					calcCallExpression(name, parentPath);
+				}
+
+				if (!parentPath.isCallExpression({ "callee": node })) {
+
+					continue;
+				}
+
+				let { arguments } = parentPath.node;
+
+				if (arguments.length != 1 || !types.isStringLiteral(arguments[0])) {
+
+					continue;
+				}
+				let value = globalThis[funcName](arguments[0].value);
+				console.log(parentPath.toString(), "--->", value);
+				parentPath.replaceWith(types.valueToNode(value));
+			}
+
+		}
+
+		path.stop(); //遍历一次就停止，防止遍历到错误的函数
+
+	},
+
+}
+
+
+traverse(ast, getAtobSourceCode);
+
+console.timeEnd("处理完毕，耗时");
+let { code } = generator(ast, opts = {
+	"compact": false,  // 是否压缩代码
+	"comments": false,  // 是否保留注释
+	"jsescOption": { "minimal": true },  //Unicode转义
+});
+
+fs.writeFile(decodeFile, code, (err) => { });
\ No newline at end of file

ast2/main2.js

+const fs = require('fs');
+const types = require("@babel/types");
+const parser = require("@babel/parser");
+const template = require("@babel/template").default;
+const traverse = require("@babel/traverse").default;
+const generator = require("@babel/generator").default;
+
+
+//js混淆代码读取
+process.argv.length > 2 ? encodeFile = process.argv[2] : encodeFile = "./init_ok_ok.js";  //默认的js文件
+process.argv.length > 3 ? decodeFile = process.argv[3] : decodeFile = encodeFile.slice(0, encodeFile.length - 3) + "_ok.js";
+
+//将源代码解析为AST
+let sourceCode = fs.readFileSync(encodeFile, { encoding: "utf-8" });
+let ast = parser.parse(sourceCode);
+console.time("处理完毕，耗时");
+
+const ShowCallExpression = {
+    CallExpression(path) {
+        let {callee,arguments} = path.node;
+        if (!types.isIdentifier(callee) || arguments.length != 2)
+        {
+            return;
+        }
+        console.log(path.toString());
+
+    },
+}
+
+traverse(ast, ShowCallExpression);
+
+
+function isExpressionConstant(PathOrNode)
+{
+
+    let node = PathOrNode.node || PathOrNode;
+
+    let BrowList = ['window', 'document', 'navigator', 'location', 'history', 'screen',];
+
+    if (types.isLiteral(node) && node.value != null)
+    {
+        return true;
+    }
+
+    if (types.isIdentifier(node) && BrowList.includes(node.name))
+    {
+        return true;
+    }
+
+    if (types.isIdentifier(node) && typeof globalThis[node.name] != "undefined") {
+        return true;
+    }
+
+    if (types.isMemberExpression(node))
+    {
+        let {object,property} = node;
+
+        if (types.isIdentifier(object) && typeof globalThis[object.name] != "undefined")
+        {
+            let properName = types.isIdentifier(property) ? property.name : property.value;
+            if (typeof globalThis[object.name][properName] != "undefined") {
+                return true;
+            }
+        }
+
+        if (types.isMemberExpression(object))
+        {
+            return isExpressionConstant(object);
+        }
+
+    }
+
+    if (types.isUnaryExpression(node) && ["+", "-", "!","typeof","~"].includes(node.operator)) {
+        return isExpressionConstant(node.argument);
+    }
+
+    return false;
+}
+
+const restoreVarDeclarator =
+{
+    VariableDeclarator(path) {
+        let scope = path.scope;
+        let { id, init } = path.node;
+
+        if (!types.isIdentifier(id) || init == null || !isExpressionConstant(init)) {
+            return;
+        }
+
+        const binding = scope.getBinding(id.name);
+
+        if (!binding) return;
+
+        let { constant, referencePaths, constantViolations } = binding;  
+
+        if (constantViolations.length > 1) {
+            return;
+        }
+
+        if (constant || constantViolations[0] == path) {
+            for (let referPath of referencePaths) {
+                referPath.replaceWith(init);
+            }
+        }
+    },
+}
+
+traverse(ast, restoreVarDeclarator);
+
+
+const restoreAssignConstant = 
+{//常量还原插件
+    AssignmentExpression(path)
+    {
+        let {scope,node,parentPath} = path;
+
+        let {left,operator,right} = node;
+
+        if (!types.isIdentifier(left) || operator != "=" || !isExpressionConstant(right))
+        {
+            return;
+        }
+
+        let binding = scope.getBinding(left.name);
+
+        if (!binding || binding.constantViolations.length > 1)
+        {//如果没有binding,或者赋值语句本身改变了它，因此这里判断只有一处改变。
+            return;
+        }
+
+        let {start} = binding.constantViolations[0].node;
+
+        let referStart = start;
+
+        for (let referPath of binding.referencePaths)
+        {
+            if (referPath.node.start < referStart)
+            {
+                referStart = referPath.node.start;
+            }
+        }
+
+        if (start > referStart)
+        {//防止在更改前被引用
+            return;
+        }
+
+        for (let referPath of binding.referencePaths)
+        {
+            referPath.replaceWith(right);
+        }
+
+        if(parentPath.isExpressionStatement() || parentPath.isSequenceExpression())
+        {
+            path.remove();
+        }
+    },
+
+}
+
+// traverse(ast, restoreAssignConstant);
+
+ast = parser.parse(generator(ast).code);  //去除多余的 ()，可以将其屏蔽，看看效果。
+
+const constantFold = {
+    "BinaryExpression|UnaryExpression|MemberExpression|CallExpression"(path) {
+        if (path.isUnaryExpression({ operator: "-" }) ||
+            path.isUnaryExpression({ operator: "void" })) {
+            return;
+        }
+        const { confident, value } = path.evaluate();
+
+        if (!confident)
+            return;
+
+        if (typeof value == 'number' && (!Number.isFinite(value))) {
+            return;
+        }
+
+        path.replaceWith(types.valueToNode(value));
+    },
+}
+
+traverse(ast, constantFold);
+
+
+console.timeEnd("处理完毕，耗时");
+let { code } = generator(ast, opts = {
+	"compact": false,  // 是否压缩代码
+	"comments": false,  // 是否保留注释
+	"jsescOption": { "minimal": true },  //Unicode转义
+});
+
+fs.writeFile(decodeFile, code, (err) => { });
\ No newline at end of file