Skip to content

P
px3
Commit fc4a957c authored by wang's avatar wang
Browse files
Options

解密脚本编写

parent 74229dc6
Show whitespace changes
Inline Side-by-side
Showing with 19420 additions and 29227 deletions
ast/111.js
View file @ fc4a957c
This source diff could not be displayed because it is too large. You can view the blob instead.
ast/decode2.js
View file @ fc4a957c
......@@ -86,9 +86,12 @@ const renameFunc =
allNewNames.clear();
function getBinding(scope, name, func) {
let binding = scope.getBinding(name);
console.log(`scope.get(${name}).length = ${binding.references}`)
// console.log(`scope.get(${name}).length = ${binding.references}`)
if (binding.references > 0) {
for (const referencePath of binding.referencePaths) {
func(referencePath)
......@@ -123,6 +126,7 @@ function restoreValue(inName, scope, funcName) {
for (let i = 0; i < 1; i++) {
traverse(ast, {
FunctionDeclaration(path) {
// 先找
// function ip() {
// var t = ["NjR0QllZTQ", "bind", "reload", "NjR0QltQTw", "NjR0QV1dTw", "pxInit", "uid", "pxvid", "length", "72630ywVgnM", "platform", "vid", "trigger", "NjR0QVxRSA", "random", "67349mopHGY", "NjR0Ql9cQg", "306744MLTLsI", "NjR0QV9fTw", "_pxvid", "getTime", "xhrFailure", "527700doOldY", "_pxRootUrl", "_pxmvid", "top", "NjR0QVNQQg", "xhrResponse", "NjR0QVhbSg", "NjR0QV5QSg", "getItem", "_pxVid", "removeItem", "one", "NjR0QllfTg", "_asyncInit", "NjQ", "3060155IbqKSZ", "subscribe", "1026255lNKhiL", "self", "588762aejAEn", "xhrSuccess"];
......@@ -141,8 +145,9 @@ for (let i = 0; i < 1; i++) {
let name = id.name;
let code = generator(path.node).code;
// if (name !== 'Ur') return;
// if (name !== 'nv') return;
let binding = path.parentPath.scope.getBinding(name);
if (!binding)return;
console.log(`scope.get(${name}).length = ${binding.references}`)
if (binding.references > 0) {
let code1, code2, funcName;
......@@ -151,11 +156,11 @@ for (let i = 0; i < 1; i++) {
// console.log('111',referencePath.parentPath.parent.type)
if (types.isUnaryExpression(referencePath.parentPath.parent)) {
code1 = generator(referencePath.parentPath.parent).code;
console.groupCollapsed(['改变顺序', code1])
// console.groupCollapsed(['改变顺序', code1])
} else if (types.isVariableDeclarator(referencePath.parentPath.parent)) {
code2 = generator(referencePath.parentPath.parentPath.parentPath.parentPath.parent).code;
funcName = referencePath.parentPath.parentPath.parentPath.parentPath.parent.id.name
console.groupCollapsed(['使用', code2])
// console.groupCollapsed(['使用', code2])
}
}
......@@ -163,8 +168,12 @@ for (let i = 0; i < 1; i++) {
resCode += `
globalFuncs['${funcName}'] = ${funcName}
`
console.groupCollapsed([funcName, resCode])
// console.groupCollapsed([funcName, resCode])
if (!globalFuncs[funcName]) {
eval(resCode)
}
// console.log(eval(`${funcName}(195)`))
let binding2 = path.parentPath.scope.getBinding(funcName);
// 找到Tp 的引用地方
......@@ -179,11 +188,11 @@ for (let i = 0; i < 1; i++) {
if (types.isCallExpression(referencePath.parent)) {
let {arguments} = referencePath.parent
if (arguments.length !== 1) continue
let res = eval(`${funcName}(arguments[0].value)`)
let res = globalFuncs[funcName](arguments[0].value)
// console.log(funcName,inName,arguments[0].value,res)
referencePath.parentPath.replaceWith(types.valueToNode(res))
} else {
if (!referencePath.parent.id)continue;
if (!referencePath.parent.id) continue;
// 继续找引用
let inName = referencePath.parent.id.name;
let binding3 = referencePath.scope.getBinding(inName);
......@@ -194,9 +203,18 @@ for (let i = 0; i < 1; i++) {
if (types.isCallExpression(inReferencePath.parent)) {
let {arguments} = inReferencePath.parent
if (arguments.length !== 1) continue
let res = eval(`${funcName}(arguments[0].value)`)
// console.log(funcName,inName,arguments[0].value,res)
let res = globalFuncs[funcName](arguments[0].value)
console.log('444', funcName, inName, arguments[0].value, res)
if (res === 'getTime') {
let {code} = generator(ast, opts = {jsescOption: {"minimal": true}});
fs.writeFile('./tmp.js', code, (err) => {
});
}
console.log('before', res, generator(inReferencePath.parent).code)
inReferencePath.parentPath.replaceWith(types.valueToNode(res))
console.log('afterr', res, generator(inReferencePath.parent).code)
inReferencePath.skip()
} else if (types.isVariableDeclarator(inReferencePath.parent)) {
// 如果是继续引用 直接再找
let inName2 = inReferencePath.parent.id.name;
......@@ -221,6 +239,91 @@ for (let i = 0; i < 1; i++) {
}
// 字符串还原铭文
var o = {};
var a = function () {
try {
if (atob && "test" === atob("dGVzdA==")) {
return atob;
}
} catch (t) {
}
function t(t) {
this["message"] = t;
}
t["prototype"] = new Error();
t["prototype"]["name"] = "InvalidCharacterError";
return function (e) {
var n = String(e)["replace"](/[=]+$/, "");
if (n["length"] % 4 == 1) {
throw new t("'atob' failed: The string to be decoded is not correctly encoded.");
}
for (var r, a, o = 0, i = 0, c = ""; a = n["charAt"](i++); ~a && (r = o % 4 ? 64 * r + a : a, o++ % 4) ? c += String["fromCharCode"](255 & r >> (-2 * o & 6)) : 0) {
a = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="["indexOf"](a);
}
return c;
};
}();
function i(n) {
if (o[n]) {
u = o[n];
} else {
for (var c = a(n), u = "", f = 0; f < c["length"]; ++f) {
var s = "bhDTSyS"["charCodeAt"](f % 7);
u += String["fromCharCode"](s ^ c["charCodeAt"](f));
}
o[n] = u;
}
return u;
}
traverse(ast, {
FunctionDeclaration(path) {
let {id, body} = path.node;
if (id.name !== 'i') return;
if (body.body.length !== 4) return
let binding = path.scope.getBinding(id.name)
console.log(id.name, binding.references)
for (const referencePath of binding.referencePaths) {
// console.log(generator(referencePath.parent).code, referencePath.parent.type)
if (types.isVariableDeclarator(referencePath.parent)) {
let idName = referencePath.parent.id.name;
getBinding(referencePath.scope, idName, function (p) {
if (types.isCallExpression(p.parent)) {
let arguments = p.parent.arguments;
if (arguments.length !== 1) return
try {
let res = i(arguments[0].value);
if (res === 'PX12571') debugger;
p.parentPath.replaceWith(types.valueToNode((res)))
} catch (e) {
// console.error(generator(p.parent).code)
}
}
})
} else if (types.isCallExpression(referencePath.parent)) {
let arguments = referencePath.parent.arguments;
if (arguments.length !== 1) continue
try {
let res = i(arguments[0].value);
referencePath.parentPath.replaceWith(types.valueToNode((res)))
} catch (e) {
// console.error(generator(p.parent).code)
}
}
}
}
})
//end
console.timeEnd("处理完毕,耗时");
......
ast/decodeResult22.js
View file @ fc4a957c
This source diff could not be displayed because it is too large. You can view the blob instead.
ast/main.js
View file @ fc4a957c
This source diff could not be displayed because it is too large. You can view the blob instead.
ast/main_ok.js
View file @ fc4a957c
This source diff could not be displayed because it is too large. You can view the blob instead.
ast/yuchuli.js
View file @ fc4a957c
......@@ -357,44 +357,43 @@ const restoreVarDeclarator = {
traverse(ast, restoreVarDeclarator)
//还原object
traverse(ast, {
VariableDeclaration(path) {
let {scope, node} = path;
let {declarations} = node;
if (!declarations) return
if (declarations.length !== 1) return;
function isBaseLiteral(node) {
if (types.isLiteral(node)) {
return true;
}
if (types.isUnaryExpression(node, {operator: "-"}) ||
types.isUnaryExpression(node, {operator: "+"})) {
return isBaseLiteral(node.argument);
}
let {id, init} = declarations[0]
if (!types.isObjectExpression(init)) return
let {properties} = init;
return false;
}
if (properties.length === 0) return;
for (let i = 0; i < properties.length; i++) {
let {key, value} = properties[i];
if (!types.isNumericLiteral(value)) return
}
const decodeValueOfObject =
{//当一个object里面的value全部为字面量时的还原,没有考虑单个key重新赋值的情况。
VariableDeclarator(path) {
let { node, scope } = path;
const { id, init } = node;
if (!types.isObjectExpression(init)) return;
let properties = init.properties;
if (properties.length == 0 || !properties.every(property => isBaseLiteral(property.value)))
return;
let binding = scope.getBinding(id.name);
if (!binding) return
let {constant, referencePaths, constantViolations} = binding;
if (!constant) {//新版本的babel库,在循环里面的变量定义,默认非常量
if (constantViolations.length != 1 || constantViolations[0] != path) //旧版本屏蔽该行即可
{
return;
}
}
if (!binding)return;
let { constant, referencePaths } = binding;
if (!constant) return;
let newMap = new Map();
for (const property of properties) {
let {key, value} = property;
newMap.set(key.name, value);
let { key, value } = property;
newMap.set(key.value, value);
}
let canBeRemoved = true;
for (const referPath of referencePaths) {
let {parentPath} = referPath;
let { parentPath } = referPath;
if (!parentPath.isMemberExpression()) {
canBeRemoved = false;
return;
......@@ -402,16 +401,18 @@ traverse(ast, {
let AncestorPath = parentPath.parentPath;
if (AncestorPath.isAssignmentExpression({"left": parentPath.node})) {
if (AncestorPath.isAssignmentExpression({"left":parentPath.node}))
{
canBeRemoved = false;
return;
}
if (AncestorPath.isUpdateExpression() && ['++', '--'].includes(AncestorPath.node.operator)) {
if (AncestorPath.isUpdateExpression() && ['++','--'].includes(AncestorPath.node.operator))
{
canBeRemoved = false;
return;
}
let curKey = parentPath.node.property.name;
let curKey = parentPath.node.property.value;
if (!newMap.has(curKey)) {
canBeRemoved = false;
break;
......@@ -420,8 +421,11 @@ traverse(ast, {
}
canBeRemoved && path.remove();
newMap.clear();
}
})
},
}
traverse(ast, decodeValueOfObject);
console.timeEnd("处理完毕,耗时");
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment