as test

cf86a6e1 · wang · c6bbbee5 · cf86a6e1 · cf86a6e1 · cf86a6e1
Commit cf86a6e1 authored Dec 22, 2023 by wang
10 changed files
--- a/ast/decode2.js
+++ b/ast/decode2.js
@@ -7,7 +7,7 @@ const generator = require("@babel/generator").default;
 //js混淆代码读取
-process.argv.length > 2 ? encodeFile = process.argv[2] : encodeFile = "./main_ok_ok.js";
+process.argv.length > 2 ? encodeFile = process.argv[2] : encodeFile = "./main_ok.js";
 process.argv.length > 3 ? decodeFile = process.argv[3] : decodeFile = "./decodeResult22.js";
 //将源代码解析为AST
@@ -284,9 +284,8 @@ function i(n) {
 traverse(ast, {
    FunctionDeclaration(path) {
        let {id, body} = path.node;
-        if (id.name !== 'i') return;
+        if (id.name !== 'J') return;
-        if (body.body.length !== 4) return
+        let binding = path.parentPath.scope.getBinding(id.name)
-        let binding = path.scope.getBinding(id.name)
        console.log(id.name, binding.references)
        for (const referencePath of binding.referencePaths) {
            // console.log(generator(referencePath.parent).code, referencePath.parent.type)
@@ -297,7 +296,7 @@ traverse(ast, {
                        let arguments = p.parent.arguments;
                        if (arguments.length !== 1) return
                        try {
-                            let res = i(arguments[0].value);
+                            let res = J(arguments[0].value);
                            if (res === 'PX12571') debugger;
                            p.parentPath.replaceWith(types.valueToNode((res)))
                        } catch (e) {
@@ -312,7 +311,7 @@ traverse(ast, {
                let arguments = referencePath.parent.arguments;
                if (arguments.length !== 1) continue
                try {
-                    let res = i(arguments[0].value);
+                    let res = U(arguments[0].value);
                    referencePath.parentPath.replaceWith(types.valueToNode((res)))
                } catch (e) {
                    // console.error(generator(p.parent).code)
@@ -372,8 +371,8 @@ function f(t) {
 traverse(ast, {
    FunctionDeclaration(path) {
        let {id, body} = path.node;
-        if (id.name !== 'J') return;
+        if (id.name !== 'i') return;
-        let binding = path.scope.getBinding(id.name)
+        let binding = path.parentPath.scope.getBinding(id.name)
        console.log(id.name, binding.references)
        for (const referencePath of binding.referencePaths) {
            // console.log(generator(referencePath.parent).code, referencePath.parent.type)
@@ -412,6 +411,100 @@ traverse(ast, {
 })
 //end
 console.timeEnd("处理完毕，耗时");
+function isNodePure(node, scope) {
+    if (types.isLiteral(node)) {
+        return true;
+    }
+return false
+    if (types.isUnaryExpression(node)) {
+        return isNodePure(node.argument, scope)
+    }
+    if (types.isIdentifier(node)) {//处理 var c = String;
+        if (scope && scope.isPure(node, true)) {
+            return true;
+        }
+        if (typeof this[node.name] != 'undefined') {
+            return true;
+        }
+        return false;
+    }
+    if (types.isMemberExpression(node)) {//处理 var d = String.fromCharCode;
+        let {object, property, computed} = node;
+        if (computed && !isNodePure(property, scope)) {
+            return false;
+        }
+        if (isNodePure(object, scope)) {
+            return true;
+        }
+        if (types.isIdentifier(object)) {
+            let name = object.name;
+            if (typeof this[name] != 'undefined' && name != 'window') {//注意object为window时，可能会还原出错
+                return true;
+            }
+            return false;
+        }
+        if (types.isMemberExpression(object)) {
+            return isNodePure(object, scope);
+        }
+        return false;
+    }
+    if (types.isBinary(node) && scope) {
+        return isNodePure(node.left, scope) && isNodePure(node.right, scope);
+    }
+    return false;
+}
+const restoreVarDeclarator = {
+    VariableDeclarator(path) {
+        let scope = path.scope;
+        let {id, init} = path.node;
+        if (!init && (!types.isNumericLiteral(init) || !types.isStringLiteral(init))) return
+        if (id.name === 'c' && init.value === 0) return
+        if (!types.isIdentifier(id) || !isNodePure(init, scope)) {
+            return;
+        }
+        const binding = scope.getBinding(id.name);
+        try {
+            var {
+                constant, referencePaths, constantViolations
+            } = binding;  //变量的定义一定会有binding.
+        } catch (e) {
+            return;
+        }
+        if (constantViolations.length > 1) {
+            return;
+        }
+		if (init.name === 'i')return
+        if (constant || constantViolations[0] == path) {
+            for (let referPath of referencePaths) {
+                // console.log(init.value)
+                // console.log(id.name, referPath.type, generator(referPath.container).code,  generator(init).code)
+                referPath.replaceWith(init);
+            }
+            // console.log(path.toString())
+            // path.remove();//没有被引用，或者替换完成，可直接删除
+        }
+    },
+}
+traverse(ast, restoreVarDeclarator)
 let {code} = generator(ast, opts = {jsescOption: {"minimal": true}});

--- a/ast/decodeResult22.js
+++ b/ast/decodeResult22.js
--- a/ast/main.js
+++ b/ast/main.js
--- a/ast/main_ok.js
+++ b/ast/main_ok.js
--- a/ast/tmp.js
+++ b/ast/tmp.js
--- a/ast/yuchuli.js
+++ b/ast/yuchuli.js
@@ -7,7 +7,7 @@ const generator = require("@babel/generator").default;
 //js混淆代码读取
-process.argv.length > 2 ? encodeFile = process.argv[2] : encodeFile = "./main_ok.js";  //默认的js文件
+process.argv.length > 2 ? encodeFile = process.argv[2] : encodeFile = "./main.js";  //默认的js文件
 // process.argv.length > 2 ? encodeFile = process.argv[2] : encodeFile = "./decodeResult22.js";  //默认的js文件
 process.argv.length > 3 ? decodeFile = process.argv[3] : decodeFile = encodeFile.replace(".js", "") + "_ok.js";
@@ -247,7 +247,7 @@ function isNodePure(node, scope) {
    if (types.isLiteral(node)) {
        return true;
    }
+	return false
    if (types.isUnaryExpression(node)) {
        return isNodePure(node.argument, scope)
    }
@@ -360,7 +360,7 @@ const restoreVarDeclarator = {
        if (constantViolations.length > 1) {
            return;
        }
+		if (init.name === 'i')return
        if (constant || constantViolations[0] == path) {
            for (let referPath of referencePaths) {
                // console.log(init.value)

--- a/index.html
+++ b/index.html
@@ -10,18 +10,18 @@
 <body>
    <script>
        window._pxVid = '';
-        window._pxUuid = 'ed2129e0-a09c-11ee-ba1c-ddae2caca4aa';
+        window._pxUuid = '01b767c0-a0ac-11ee-bdc6-dbf20fe8416a';
        window._pxAppId = 'PXVb73hTEg';
        window._pxHostUrl = 'https://collector-PXVb73hTEg.perimeterx.net';
        window._pxCustomLogo = '';
        window._pxJsClientSrc = '//client.perimeterx.net/PXVb73hTEg/main.min.js';
        window._pxFirstPartyEnabled = 'false';
        var script = document.createElement('script');
-        script.src = '//captcha.perimeterx.net/PXVb73hTEg/captcha.js?a=c&u=ed2129e0-a09c-11ee-ba1c-ddae2caca4aa&v=&m=0';
+        script.src = '//captcha.perimeterx.net/PXVb73hTEg/captcha.js?a=c&u=01b767c0-a0ac-11ee-bdc6-dbf20fe8416a&v=&m=0';
        document.head.appendChild(script);
        script.onerror = function () {
            script = document.createElement('script');
-            script.src = 'https://captcha.px-cloud.net/PXVb73hTEg/captcha.js?a=c&u=ed2129e0-a09c-11ee-ba1c-ddae2caca4aa&v=&m=0';
+            script.src = 'https://captcha.px-cloud.net/PXVb73hTEg/captcha.js?a=c&u=01b767c0-a0ac-11ee-bdc6-dbf20fe8416a&v=&m=0';
            script.onerror = window._pxDisplayErrorMessage;
            document.head.appendChild(script);
        };

--- a/src/px.js
+++ b/src/px.js
@@ -4630,7 +4630,8 @@ export class PxEnv {
            "PX11517": true,
            "PX12520": true,
            "PX12524": "4YC14YCd4YCd4YCV4YCe4YCX4YGS5J256aus7r266YaI5oCR7r27", // Pu = speechSynthesis.getVoices()  is(Pu[161].voiceURI)
-            "PX12527": "3207084bd110f1ac964863e23aa78e04",  // '1970/1/1'
+            // todo
+            "PX12527": "ca0dc24cff53faf236dd00d529550f57",  // '1970/1/1'
            "PX12260": this.navigator.useragent,
            "PX12249": false,

--- a/src/run.js
+++ b/src/run.js
@@ -296,7 +296,9 @@ class PxBypass {
        //     this.str1, this.uuid,
        //     this.startTs, this.startTs2, this.performanceNow, this.px12280)
        this.pxenv.performanceNow = this.performanceNow
-        let data = [this.pxenv.get_px12123(), this.pxenv.get_px11891(), this.pxenv.get_px11547()]
+        let data = [this.pxenv.get_px12123(),
+            this.pxenv.get_px11891(),
+            this.pxenv.get_px11547()]
        let res = await this.do_collector(data)
    }

--- a/test_url.py
+++ b/test_url.py
@@ -13,9 +13,7 @@ prox = 'http://user-uni001-region-us-sessid-1111-sesstime-5-keep-true:q39CEBTs5A
 # prox = 'http://unfflcc:76cc14-47b8dd-1f8ace-827836-0c740e@usa.rotating.proxyrack.net:12019'
-cks = '_gcl_au=1.1.812825041.1703229922; _gid=GA1.2.1424999786.1703229922; wisepops=%7B%22csd%22%3A1%2C%22popups%22%3A%7B%7D%2C%22sub%22%3A0%2C%22ucrn%22%3A75%2C%22cid%22%3A%2278471%22%2C%22v%22%3A4%2C%22bandit%22%3A%7B%22recos%22%3A%7B%7D%7D%7D; wisepops_visits=%5B%222023-12-22T07%3A25%3A21.864Z%22%5D; wisepops_session=%7B%22arrivalOnSite%22%3A%222023-12-22T07%3A25%3A21.864Z%22%2C%22mtime%22%3A1703229922021%2C%22pageviews%22%3A1%2C%22popups%22%3A%7B%7D%2C%22bars%22%3A%7B%7D%2C%22sticky%22%3A%7B%7D%2C%22countdowns%22%3A%7B%7D%2C%22src%22%3Anull%2C%22utm%22%3A%7B%7D%2C%22testIp%22%3Anull%7D; _fbp=fb.1.1703229922056.1006607791; _pxvid=4463fe4f-a09b-11ee-9c33-09f00e21ea5f; pxcts=4464090b-a09b-11ee-9c33-be53543893c0; _rdt_uuid=1703229922636.e256ecce-e878-445b-824c-8cf35de7b7d4; _tt_enable_cookie=1; _ttp=6JRjsKzLL2xPK4GG9yPz8Cap2ku; _pin_unauth=dWlkPU5UZ3laRGMyT1dVdE56ZGxOUzAwTjJRMkxXRTRZek10TTJVMlpHWTVOalkxWXpGag; _pxhd=1792a79882d8806bcfeede78c396eb9981643cf31a1b12b4dfcb2838847fd328:44d80ba4-a09b-11ee-a577-351d61b8f1ed; _up=1.2.794281163.1703229925; _ga_XXXX=GS1.1.1703229921.1.1.1703230630.0.0.0; _ga_P2WLKWBNNW=GS1.1.1703229922.1.1.1703230630.58.0.0; _ga=GA1.2.632527837.1703229922; _gat_UA-2678252-1=1; dtCookie=v_4_srv_-2D95_sn_A1O0LK87BVMFLJBLPPECN4Q5DSEUQIN7; rxVisitor=1703223638052KDOF9E8NVCSRF51QO8HE9R11LKSGBA8S; dtSa=-; _uetsid=443e5a50a09b11eeaf53ff5d89a4b0e0; _uetvid=443e53e0a09b11ee8b22114863767564; _pin_unauth=dWlkPU5UZ3laRGMyT1dVdE56ZGxOUzAwTjJRMkxXRTRZek10TTJVMlpHWTVOalkxWXpGag; _px2=eyJ1IjoiZWQyMTI5ZTAtYTA5Yy0xMWVlLWJhMWMtZGRhZTJjYWNhNGFhIiwidiI6IjQ0ZDgwYmE0LWEwOWItMTFlZS1hNTc3LTM1MWQ2MWI4ZjFlZCIsInQiOjE3MDMyMzA5MzYyNjcsImgiOiI5ZGIzMmI2NTI4NTFjOGI1YTI0ZjAwNDQ2YTZlMjEzYzUwM2Q2ODU3ZTFkOTU5YjQyMjkzZDkxMGUzZmUyNWVmIn0=; rxvt=1703232436642|1703230632653; dtPC=-95$430632650_356h11vFLREOHOGLDSPCJFIKGCFCDBPGDUATKRN-0e0'
+cks = '_gcl_au=1.1.1116693815.1703237112; pxcts=0212cc6e-a0ac-11ee-88f2-be53543893c0; _pxvid=0212c27e-a0ac-11ee-88f2-f15c063793b6; _uetsid=02478dc0a0ac11eeb166331d2cc0e235; _uetvid=0247b560a0ac11ee98050fa9b1146819; _gid=GA1.2.469486537.1703237113; _ga_XXXX=GS1.1.1703237112.1.0.1703237112.0.0.0; _ga=GA1.1.903446873.1703237113; wisepops=%7B%22csd%22%3A1%2C%22popups%22%3A%7B%7D%2C%22sub%22%3A0%2C%22ucrn%22%3A67%2C%22cid%22%3A%2278471%22%2C%22v%22%3A4%2C%22bandit%22%3A%7B%22recos%22%3A%7B%7D%7D%7D; wisepops_visits=%5B%222023-12-22T09%3A25%3A12.027Z%22%5D; wisepops_session=%7B%22arrivalOnSite%22%3A%222023-12-22T09%3A25%3A12.027Z%22%2C%22mtime%22%3A1703237113217%2C%22pageviews%22%3A1%2C%22popups%22%3A%7B%7D%2C%22bars%22%3A%7B%7D%2C%22sticky%22%3A%7B%7D%2C%22countdowns%22%3A%7B%7D%2C%22src%22%3Anull%2C%22utm%22%3A%7B%7D%2C%22testIp%22%3Anull%7D; _rdt_uuid=1703237113232.2606cfc5-96ad-44be-87e9-8f73e408af8f; _fbp=fb.1.1703237114642.1729860690; _pin_unauth=dWlkPU1qQTNaR1ZqWWpJdE1qWmxNUzAwTVdNd0xUazNNVEF0TXpRd1kyVTJOMkU1Tm1VMw; _tt_enable_cookie=1; _ttp=kB4eSSu9K3fSQ61a5q4PWvjEen8; _up=1.2.935388638.1703237118; _ga_P2WLKWBNNW=GS1.1.1703237112.1.0.1703237119.53.0.0; _px2=eyJ1IjoiMDFiNzY3YzAtYTBhYy0xMWVlLWJkYzYtZGJmMjBmZTg0MTZhIiwidiI6IjAyMTJjMjdlLWEwYWMtMTFlZS04OGYyLWYxNWMwNjM3OTNiNiIsInQiOjE3MDMyMzg3ODU3NTksImgiOiI3OTdhZDlhNTM2MTQzZDQ3MWZjMWEwMmY1Mjg5MzRhYTNlMjUxYmVlNTE0ZWVjZGU0YTg3M2E5YTVmZDViN2JlIn0='
 # cks = '_pxvid=568dad46-943f-11ee-97cd-fc5e04cd8e29; pxcts=568dbb9e-943f-11ee-97cd-a3273e57225d; _px2=eyJ1IjoiNTRhNDJjODAtOTQzZi0xMWVlLWJjYjUtYTkwODI5MTk5MTNiIiwidiI6IjU2OGRhZDQ2LTk0M2YtMTFlZS05N2NkLWZjNWUwNGNkOGUyOSIsInQiOjE3MDE4NzEzMjg3MjEsImgiOiIxYzNlNmVhNmI5NDQ4ZjE1YjA2MDA1OGU5MDJhN2UyMTJmMzk2Yzc5YmMwMWM0NmUxYWJlZDVmNzU2ZWI4NjQ4In0='