search

echo094 / decode-js

JS混淆代码的AST分析工具 AST analysis tool for obfuscated JS code
MIT License
620 stars 316 forks source link

大佬,我遇见一个代码解密不了 #106

Closed the-best-richer closed 1 month ago

the-best-richer commented 1 month ago

代码如下:

var _0xod7='jsjiami.com.v7';const _0x3ec436=_0x3dae;function _0x5eb5(){const _0x44b5fa=(function(){return[_0xod7,'IhjdsnMjVdiSlhambi.cVxroCmuL.yCqvN7pteCA==','W4FcJ8oclCoEW44cWPyMegtcUSoN','WRddUSkco8kyomodwIO','W5f4WO0FW7zAfSkJFCo5zW','W6xdVSk4WQhdGCkHfHBcLspdHGxcHda','WP5eW4NcJ0VdTCo+j8k4WPpdIbzsW41SECoUEmkDWO0eW7tcNmoTB8onWQldVCo8W7n+fhT/qvHsWONdRCkHACoxotZcP1jOWORcQsNcS8kvc8om','WP14W4hcQw/dV3VcQSo2W4JcL8o5BG'].concat((function(){return['W4OcW7egW4eIW5ldMX4','jcxcSSoQmSoyW4m','zgSZnJrQtCkzpW','FCkDW4LsWRBcPfaStaK','WRaMvMFcQmo7gs7cLCkbdeRcTLi','WPX8W4tcRgRdUxNcVSonW6NcH8o9qq','jmkcWR7cGSkPnmkHWQFcTHtcTCkNoHS','xmooW5lcHMFdJqG'].concat((function(){return['j8kaWR7cGCkRmmkLW5pcLHtcQmkUeq','yrP/mCoEW7ldNSkkW5C','yX97u8kLWRlcQCouW4JcHmo7W4ZcNse','W5z8WO8FW7a7B8ozz8opCCoWELW','gSorqCkaW6tcO2P2WPGX'];}()));}()));}());_0x5eb5=function(){return _0x44b5fa;};return _0x5eb5();}function _0x3dae(_0x265c7b,_0x3d2f9a){const _0x5eb5f8=_0x5eb5();return _0x3dae=function(_0x3dae96,_0x592254){_0x3dae96=_0x3dae96-0xb5;let _0x3956ef=_0x5eb5f8[_0x3dae96];if(_0x3dae['EnWZeO']===undefined){var _0xbf3c8c=function(_0x26f449){const _0x211f62='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=';let _0x467527='',_0x26b106='';for(let _0x28537d=0x0,_0xa83e13,_0x4e1b96,_0x3ca96e=0x0;_0x4e1b96=_0x26f449['charAt'](_0x3ca96e++);~_0x4e1b96&&(_0xa83e13=_0x28537d%0x4?_0xa83e13*0x40+_0x4e1b96:_0x4e1b96,_0x28537d++%0x4)?_0x467527+=String['fromCharCode'](0xff&_0xa83e13>>(-0x2*_0x28537d&0x6)):0x0){_0x4e1b96=_0x211f62['indexOf'](_0x4e1b96);}for(let _0x21227f=0x0,_0x42c6c4=_0x467527['length'];_0x21227f<_0x42c6c4;_0x21227f++){_0x26b106+='%'+('00'+_0x467527['charCodeAt'](_0x21227f)['toString'](0x10))['slice'](-0x2);}return decodeURIComponent(_0x26b106);};const _0x57f689=function(_0x5a8b88,_0xd5f904){let _0x5323bc=[],_0x1e3509=0x0,_0x138dd3,_0x1ea649='';_0x5a8b88=_0xbf3c8c(_0x5a8b88);let _0x46b5e3;for(_0x46b5e3=0x0;_0x46b5e3<0x100;_0x46b5e3++){_0x5323bc[_0x46b5e3]=_0x46b5e3;}for(_0x46b5e3=0x0;_0x46b5e3<0x100;_0x46b5e3++){_0x1e3509=(_0x1e3509+_0x5323bc[_0x46b5e3]+_0xd5f904['charCodeAt'](_0x46b5e3%_0xd5f904['length']))%0x100,_0x138dd3=_0x5323bc[_0x46b5e3],_0x5323bc[_0x46b5e3]=_0x5323bc[_0x1e3509],_0x5323bc[_0x1e3509]=_0x138dd3;}_0x46b5e3=0x0,_0x1e3509=0x0;for(let _0x39e6d9=0x0;_0x39e6d9<_0x5a8b88['length'];_0x39e6d9++){_0x46b5e3=(_0x46b5e3+0x1)%0x100,_0x1e3509=(_0x1e3509+_0x5323bc[_0x46b5e3])%0x100,_0x138dd3=_0x5323bc[_0x46b5e3],_0x5323bc[_0x46b5e3]=_0x5323bc[_0x1e3509],_0x5323bc[_0x1e3509]=_0x138dd3,_0x1ea649+=String['fromCharCode'](_0x5a8b88['charCodeAt'](_0x39e6d9)^_0x5323bc[(_0x5323bc[_0x46b5e3]+_0x5323bc[_0x1e3509])%0x100]);}return _0x1ea649;};_0x3dae['bjmAFh']=_0x57f689,_0x265c7b=arguments,_0x3dae['EnWZeO']=!![];}const _0x359b7b=_0x5eb5f8[0x0],_0x1fbd63=_0x3dae96+_0x359b7b,_0x28b150=_0x265c7b[_0x1fbd63];return!_0x28b150?(_0x3dae['PqqUpN']===undefined&&(_0x3dae['PqqUpN']=!![]),_0x3956ef=_0x3dae['bjmAFh'](_0x3956ef,_0x592254),_0x265c7b[_0x1fbd63]=_0x3956ef):_0x3956ef=_0x28b150,_0x3956ef;},_0x3dae(_0x265c7b,_0x3d2f9a);};(function(_0x3bc94e,_0x5c80d0,_0x42ef2d,_0xd59c83,_0x29a449,_0x100d67,_0xef4f65){return _0x3bc94e=_0x3bc94e>>0x6,_0x100d67='hs',_0xef4f65='hs',function(_0x51f346,_0x107386,_0x70b2b1,_0x4794fc,_0x3b8f24){const _0x148186=_0x3dae;_0x4794fc='tfi',_0x100d67=_0x4794fc+_0x100d67,_0x3b8f24='up',_0xef4f65+=_0x3b8f24,_0x100d67=_0x70b2b1(_0x100d67),_0xef4f65=_0x70b2b1(_0xef4f65),_0x70b2b1=0x0;const _0x8a17f8=_0x51f346();while(!![]&&--_0xd59c83+_0x107386){try{_0x4794fc=parseInt(_0x148186(0xbe,'pP0]'))/0x1*(-parseInt(_0x148186(0xbc,'4h0V'))/0x2)+-parseInt(_0x148186(0xbd,'j6V3'))/0x3+parseInt(_0x148186(0xb5,'u%wQ'))/0x4*(parseInt(_0x148186(0xb7,'g]Hq'))/0x5)+-parseInt(_0x148186(0xb8,'9oeV'))/0x6+-parseInt(_0x148186(0xb9,'c1OL'))/0x7*(parseInt(_0x148186(0xbf,'5VQU'))/0x8)+-parseInt(_0x148186(0xb6,'9oeV'))/0x9+parseInt(_0x148186(0xbb,'5VQU'))/0xa;}catch(_0xcf4630){_0x4794fc=_0x70b2b1;}finally{_0x3b8f24=_0x8a17f8[_0x100d67]();if(_0x3bc94e<=_0xd59c83)_0x70b2b1?_0x29a449?_0x4794fc=_0x3b8f24:_0x29a449=_0x3b8f24:_0x70b2b1=_0x3b8f24;else{if(_0x70b2b1==_0x29a449['replace'](/[bSnlAIMhptqyeLxrCVNud=]/g,'')){if(_0x4794fc===_0x107386){_0x8a17f8['un'+_0x100d67](_0x3b8f24);break;}_0x8a17f8[_0xef4f65](_0x3b8f24);}}}}}(_0x42ef2d,_0x5c80d0,function(_0x155c9d,_0x52bec4,_0x2bdace,_0xb32914,_0x91e6f,_0x53319d,_0x49a51e){return _0x52bec4='\x73\x70\x6c\x69\x74',_0x155c9d=arguments[0x0],_0x155c9d=_0x155c9d[_0x52bec4](''),_0x2bdace='\x72\x65\x76\x65\x72\x73\x65',_0x155c9d=_0x155c9d[_0x2bdace]('\x76'),_0xb32914='\x6a\x6f\x69\x6e',(0x165785,_0x155c9d[_0xb32914](''));});}(0x3100,0xe3145,_0x5eb5,0xc6),_0x5eb5)&&(_0xod7=_0x3ec436(0xc7,'ILkp'));let recommend=await commonGet(_0x3ec436(0xc1,'bAn2'));var version_ = 'jsjiami.com.v7';

直接丢进input.js的话提示:

    if (!this.options.errorRecovery) throw error;
                                     ^

SyntaxError: 'await' is only allowed within async functions and at the top levels of modules. (1:16)
    at constructor (C:\my-soft\decode-js\node_modules\@babel\parser\lib\index.js:353:19)
    at Parser.raise (C:\my-soft\decode-js\node_modules\@babel\parser\lib\index.js:3277:19)
    at Parser.raiseOverwrite (C:\my-soft\decode-js\node_modules\@babel\parser\lib\index.js:3293:17)
    at Parser.parseMaybeUnary (C:\my-soft\decode-js\node_modules\@babel\parser\lib\index.js:10558:14)
    at Parser.parseMaybeUnaryOrPrivate (C:\my-soft\decode-js\node_modules\@babel\parser\lib\index.js:10405:61)
    at Parser.parseExprOps (C:\my-soft\decode-js\node_modules\@babel\parser\lib\index.js:10410:23)
    at Parser.parseMaybeConditional (C:\my-soft\decode-js\node_modules\@babel\parser\lib\index.js:10387:23)
    at Parser.parseMaybeAssign (C:\my-soft\decode-js\node_modules\@babel\parser\lib\index.js:10348:21)
    at C:\my-soft\decode-js\node_modules\@babel\parser\lib\index.js:10318:39
    at Parser.allowInAnd (C:\my-soft\decode-js\node_modules\@babel\parser\lib\index.js:11931:16) {
  code: 'BABEL_PARSER_SYNTAX_ERROR',
  reasonCode: 'AwaitNotInAsyncContext',
  loc: Position { line: 1, column: 16, index: 16 },
  pos: 16
}

手动放在async代码块里的话提示:

类型: sojsonv7
输入: input.js
输出: output.js
处理全局加密...
Error: code too short

怎么解决呀,求适配

echo094 commented 1 month ago

你可以先把await删了 后面加回去

这代码也真厉害,直接把自己手机号写进去。

the-best-richer commented 1 month ago

你可以先把await删了 后面加回去

这代码也真厉害,直接把自己手机号写进去。

谢谢大佬,原来如此,我还以为是后门,不是后门那就放心了