search

echo094 / decode-js

JS混淆代码的AST分析工具 AST analysis tool for obfuscated JS code
MIT License
717 stars 336 forks source link

sojsonv7: exception occured while excuting purifyFunction and missing method for domain-lock #75

Closed horsley closed 9 months ago

horsley commented 9 months ago

此处我先给出样本,还在研究大佬的代码中,有结论也会在此处同步

var version_ = 'jsjiami.com.v7';
var _0x108288 = _0x49ba;
function _0x49ba(_0x3c17ab, _0x4ea373) {
    var _0x535aca = _0x1f5b();
    return _0x49ba = function(_0x2c5f78, _0x1619b2) {
        _0x2c5f78 = _0x2c5f78 - 0x7d;
        var _0x5e2a2e = _0x535aca[_0x2c5f78];
        if (_0x49ba['ZoTXai'] === undefined) {
            var _0x41a156 = function(_0x300996) {
                var _0x4af0af = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=';
                var _0x57b23b = ''
                  , _0x3a44c8 = '';
                for (var _0x4d3a67 = 0x0, _0x2a8078, _0x5ab76b, _0x31ee10 = 0x0; _0x5ab76b = _0x300996['charAt'](_0x31ee10++); ~_0x5ab76b && (_0x2a8078 = _0x4d3a67 % 0x4 ? _0x2a8078 * 0x40 + _0x5ab76b : _0x5ab76b,
                _0x4d3a67++ % 0x4) ? _0x57b23b += String['fromCharCode'](0xff & _0x2a8078 >> (-0x2 * _0x4d3a67 & 0x6)) : 0x0) {
                    _0x5ab76b = _0x4af0af['indexOf'](_0x5ab76b);
                }
                for (var _0x1d04a3 = 0x0, _0x49cdd8 = _0x57b23b['length']; _0x1d04a3 < _0x49cdd8; _0x1d04a3++) {
                    _0x3a44c8 += '%' + ('00' + _0x57b23b['charCodeAt'](_0x1d04a3)['toString'](0x10))['slice'](-0x2);
                }
                return decodeURIComponent(_0x3a44c8);
            };
            var _0x544179 = function(_0x5b48e6, _0x3c76d1) {
                var _0x69a658 = [], _0x1a6fd4 = 0x0, _0x4bfa1e, _0x173c05 = '';
                _0x5b48e6 = _0x41a156(_0x5b48e6);
                var _0x35edf4;
                for (_0x35edf4 = 0x0; _0x35edf4 < 0x100; _0x35edf4++) {
                    _0x69a658[_0x35edf4] = _0x35edf4;
                }
                for (_0x35edf4 = 0x0; _0x35edf4 < 0x100; _0x35edf4++) {
                    _0x1a6fd4 = (_0x1a6fd4 + _0x69a658[_0x35edf4] + _0x3c76d1['charCodeAt'](_0x35edf4 % _0x3c76d1['length'])) % 0x100,
                    _0x4bfa1e = _0x69a658[_0x35edf4],
                    _0x69a658[_0x35edf4] = _0x69a658[_0x1a6fd4],
                    _0x69a658[_0x1a6fd4] = _0x4bfa1e;
                }
                _0x35edf4 = 0x0,
                _0x1a6fd4 = 0x0;
                for (var _0x3e71dc = 0x0; _0x3e71dc < _0x5b48e6['length']; _0x3e71dc++) {
                    _0x35edf4 = (_0x35edf4 + 0x1) % 0x100,
                    _0x1a6fd4 = (_0x1a6fd4 + _0x69a658[_0x35edf4]) % 0x100,
                    _0x4bfa1e = _0x69a658[_0x35edf4],
                    _0x69a658[_0x35edf4] = _0x69a658[_0x1a6fd4],
                    _0x69a658[_0x1a6fd4] = _0x4bfa1e,
                    _0x173c05 += String['fromCharCode'](_0x5b48e6['charCodeAt'](_0x3e71dc) ^ _0x69a658[(_0x69a658[_0x35edf4] + _0x69a658[_0x1a6fd4]) % 0x100]);
                }
                return _0x173c05;
            };
            _0x49ba['FeCIZY'] = _0x544179,
            _0x3c17ab = arguments,
            _0x49ba['ZoTXai'] = !![];
        }
        var _0x366359 = _0x535aca[0x0]
          , _0xb1a9b5 = _0x2c5f78 + _0x366359
          , _0x3839ae = _0x3c17ab[_0xb1a9b5];
        return !_0x3839ae ? (_0x49ba['ujjcRo'] === undefined && (_0x49ba['ujjcRo'] = !![]),
        _0x5e2a2e = _0x49ba['FeCIZY'](_0x5e2a2e, _0x1619b2),
        _0x3c17ab[_0xb1a9b5] = _0x5e2a2e) : _0x5e2a2e = _0x3839ae,
        _0x5e2a2e;
    }
    ,
    _0x49ba(_0x3c17ab, _0x4ea373);
}
(function(_0x4899f2, _0x291bc4, _0x18a327, _0x2cf451, _0x553706, _0x36abab, _0x1250eb) {
    return _0x4899f2 = _0x4899f2 >> 0x9,
    _0x36abab = 'hs',
    _0x1250eb = 'hs',
    function(_0x41fb73, _0x421803, _0x4c13d4, _0xa10fb8, _0x288ecb) {
        var _0xef1b6e = _0x49ba;
        _0xa10fb8 = 'tfi',
        _0x36abab = _0xa10fb8 + _0x36abab,
        _0x288ecb = 'up',
        _0x1250eb += _0x288ecb,
        _0x36abab = _0x4c13d4(_0x36abab),
        _0x1250eb = _0x4c13d4(_0x1250eb),
        _0x4c13d4 = 0x0;
        var _0x4c5099 = _0x41fb73();
        while (!![] && --_0x2cf451 + _0x421803) {
            try {
                _0xa10fb8 = parseInt(_0xef1b6e(0xf1, ')rZK')) / 0x1 * (parseInt(_0xef1b6e(0x107, ')p$x')) / 0x2) + parseInt(_0xef1b6e(0x106, 'dToq')) / 0x3 * (parseInt(_0xef1b6e(0xe1, 'P@%*')) / 0x4) + parseInt(_0xef1b6e(0x144, 'jyVl')) / 0x5 * (parseInt(_0xef1b6e(0x82, 'P@%*')) / 0x6) + -parseInt(_0xef1b6e(0xec, 'dToq')) / 0x7 * (parseInt(_0xef1b6e(0x86, 'USv[')) / 0x8) + -parseInt(_0xef1b6e(0x138, '9dDq')) / 0x9 + parseInt(_0xef1b6e(0xfc, 'iQjF')) / 0xa + parseInt(_0xef1b6e(0xfb, '16*I')) / 0xb * (-parseInt(_0xef1b6e(0x150, 'pBbA')) / 0xc);
            } catch (_0x7e7421) {
                _0xa10fb8 = _0x4c13d4;
            } finally {
                _0x288ecb = _0x4c5099[_0x36abab]();
                if (_0x4899f2 <= _0x2cf451)
                    _0x4c13d4 ? _0x553706 ? _0xa10fb8 = _0x288ecb : _0x553706 = _0x288ecb : _0x4c13d4 = _0x288ecb;
                else {
                    if (_0x4c13d4 == _0x553706['replace'](/[OLfdnxyQMpSDhrquPt=]/g, '')) {
                        if (_0xa10fb8 === _0x421803) {
                            _0x4c5099['un' + _0x36abab](_0x288ecb);
                            break;
                        }
                        _0x4c5099[_0x1250eb](_0x288ecb);
                    }
                }
            }
        }
    }(_0x18a327, _0x291bc4, function(_0x1abd2d, _0x469bba, _0x51df09, _0x98ef99, _0x38a7a0, _0x47951f, _0x2dee05) {
        return _0x469bba = '\x73\x70\x6c\x69\x74',
        _0x1abd2d = arguments[0x0],
        _0x1abd2d = _0x1abd2d[_0x469bba](''),
        _0x51df09 = '\x72\x65\x76\x65\x72\x73\x65',
        _0x1abd2d = _0x1abd2d[_0x51df09]('\x76'),
        _0x98ef99 = '\x6a\x6f\x69\x6e',
        (0x12f04f,
        _0x1abd2d[_0x98ef99](''));
    });
}(0x18600, 0xe27ef, _0x1f5b, 0xc5),
_0x1f5b) && (version_ = _0x1f5b);
(function() {
    var _0xb3a662 = _0x49ba
      , _0x5443aa = {
        'ECJlq': function(_0x5f3110, _0x100d1e) {
            return _0x5f3110 !== _0x100d1e;
        },
        'keWuG': _0xb3a662(0x90, '^ZcF'),
        'FbCbc': function(_0x45ef5e, _0x12e94e) {
            return _0x45ef5e === _0x12e94e;
        },
        'ZjHDV': function(_0x3f4601, _0x381a68) {
            return _0x3f4601 === _0x381a68;
        }
    }
      , _0x4c674a = _0x5443aa[_0xb3a662(0xb1, 'ZJxd')](typeof window, _0x5443aa[_0xb3a662(0xce, 'Qjmz')]) ? window : _0x5443aa[_0xb3a662(0x12d, 'iQjF')](typeof process, 'object') && _0x5443aa[_0xb3a662(0x12e, 'XX1&')](typeof require, _0xb3a662(0xa8, 'Tpie')) && _0x5443aa[_0xb3a662(0xb7, 'g)PM')](typeof global, _0xb3a662(0xd4, 'NEqA')) ? global : this;
    _0x4c674a[_0xb3a662(0xe5, 'TDLl')](_0x41a156, 0x7d0);
}()),
eval(function(_0x2bd393, _0x437b06, _0x4c0587, _0x5b8e15, _0x21150c, _0x309f1a) {
    var _0x20b869 = _0x49ba
      , _0x4d707d = {
        'jtlpn': function(_0x1393d4, _0x55bd7a) {
            return _0x1393d4 === _0x55bd7a;
        },
        'nKXeI': _0x20b869(0x112, 'ZJxd'),
        'wyNUS': function(_0x57c4fe, _0x503332) {
            return _0x57c4fe != _0x503332;
        },
        'rAyhH': function(_0x11c75f, _0x4fcc93) {
            return _0x11c75f !== _0x4fcc93;
        },
        'IOCaG': 'POamK',
        'VanaM': _0x20b869(0xc0, 'g)PM'),
        'mZwEX': _0x20b869(0xa2, 'jyVl'),
        'ZaHJE': function(_0xf0ec04, _0x5a8ee3) {
            return _0xf0ec04 < _0x5a8ee3;
        },
        'RSIrc': function(_0x48a426, _0x35649d) {
            return _0x48a426 == _0x35649d;
        },
        'RNBoe': function(_0x3d6f43, _0x1b7fde, _0x557a7d, _0x360338) {
            return _0x3d6f43(_0x1b7fde, _0x557a7d, _0x360338);
        },
        'QzKaK': 'FDeLH',
        'Cgzod': function(_0x303320, _0x1b874e, _0xe612ea, _0x5b2c99) {
            return _0x303320(_0x1b874e, _0xe612ea, _0x5b2c99);
        },
        'lPtWr': '\x5cw+',
        'pbNFQ': function(_0x497ceb, _0x49ca03, _0x27cf5a) {
            return _0x497ceb(_0x49ca03, _0x27cf5a);
        },
        'bYYtO': _0x20b869(0xa3, ')rZK'),
        'rLtwk': function(_0x1d7db6, _0x1921de) {
            return _0x1d7db6 / _0x1921de;
        },
        'AxPOh': _0x20b869(0xd6, '^ZcF'),
        'ZqldK': function(_0x397f58, _0x1d1c5c) {
            return _0x397f58 % _0x1d1c5c;
        },
        'zwEOE': _0x20b869(0xa7, 'P@%*'),
        'kOGFQ': function(_0x2d1311, _0x4418a4) {
            return _0x2d1311 !== _0x4418a4;
        },
        'dApuX': 'undefined',
        'qZSal': function(_0x340317, _0x450ab9) {
            return _0x340317 === _0x450ab9;
        },
        'ffGhj': 'object',
        'HVvtY': '[OVFQxXBOdGdPDIYhxXYrdRbDYUEjUAdJXCDPyGCuDSZOyFqAdbHRExXhYQjyWuPdWFzTByZULaGsajOXIhbGPKWMgdBrIGEuWSHhwIKEarBhRGGqUxDwPgNETEWaShMLeNYARQsJgqDAgRkGwQKnxGYxDElXXFdIqyTgZxXCjZsPq]',
        'bVwxU': _0x20b869(0x99, 'Hl$x'),
        'lkGQT': function(_0x2ef711, _0x251e2b, _0x255ff5, _0x5ba945) {
            return _0x2ef711(_0x251e2b, _0x255ff5, _0x5ba945);
        },
        'CtJyi': 'YKUAa',
        'ZpjfF': _0x20b869(0x103, 'b1$3'),
        'GZGpP': _0x20b869(0xb0, '1llb'),
        'ukvcq': function(_0x2402bf, _0xcd9af0) {
            return _0x2402bf || _0xcd9af0;
        },
        'whsTR': function(_0x1342d1, _0x29f7bf) {
            return _0x1342d1 !== _0x29f7bf;
        },
        'rBWiK': _0x20b869(0xc4, 'NEqA'),
        'ZPdgF': function(_0x51c5cd, _0x3ff130) {
            return _0x51c5cd - _0x3ff130;
        },
        'voJwj': function(_0x45b629, _0x2f2513) {
            return _0x45b629 === _0x2f2513;
        },
        'ruOUx': function(_0x2053fc, _0x5760be) {
            return _0x2053fc === _0x5760be;
        },
        'zgcld': _0x20b869(0x117, 'Hl$x'),
        'bkbDa': _0x20b869(0x10e, 'Y)EN'),
        'nPdPi': _0x20b869(0xf5, '#tXa'),
        'jiusc': function(_0x5b3675, _0x37c944) {
            return _0x5b3675(_0x37c944);
        },
        'sHiBy': 'init',
        'WDjao': function(_0xb5ba16, _0x5392ba) {
            return _0xb5ba16 + _0x5392ba;
        },
        'oBprf': 'input',
        'Zxtcz': function(_0x33c955) {
            return _0x33c955();
        },
        'kBWRu': function(_0x53b40c, _0x33ec62, _0x44b530) {
            return _0x53b40c(_0x33ec62, _0x44b530);
        },
        'zVDHH': function(_0x48476b, _0x252217) {
            return _0x48476b == _0x252217;
        },
        'pYaKU': function(_0x32c7e5, _0x2c9da1) {
            return _0x32c7e5 != _0x2c9da1;
        },
        'MJYSp': function(_0x2948bb, _0x11600a) {
            return _0x2948bb === _0x11600a;
        },
        'UVpJs': 'function',
        'ppFSs': _0x20b869(0x104, '1#Ky'),
        'JgaFr': 'error',
        'TyIvC': function(_0x17c510, _0x37b241) {
            return _0x17c510 < _0x37b241;
        },
        'IpWbE': function(_0x3b177a, _0x2ba0f9) {
            return _0x3b177a(_0x2ba0f9);
        },
        'cEcyb': function(_0x542929, _0x29736a) {
            return _0x542929 > _0x29736a;
        },
        'koDST': function(_0x9de545, _0x45baa3) {
            return _0x9de545 !== _0x45baa3;
        },
        'sgqLG': _0x20b869(0x14a, 'FBUS'),
        'lqwuY': function(_0x5b7062, _0x36d016) {
            return _0x5b7062(_0x36d016);
        },
        'PaMQB': function(_0x32cf1d, _0x314e95) {
            return _0x32cf1d(_0x314e95);
        }
    }
      , _0x9d8061 = (function() {
        var _0x1aa163 = _0x20b869
          , _0x24829d = {
            'pNpKC': function(_0x16703a, _0x188511) {
                return _0x16703a(_0x188511);
            },
            'Adjme': function(_0x7733d5, _0xa08b7b) {
                var _0x1f3bc4 = _0x49ba;
                return _0x4d707d[_0x1f3bc4(0xf4, 'dCWS')](_0x7733d5, _0xa08b7b);
            },
            'kIvSR': _0x4d707d[_0x1aa163(0xfa, '#w9X')]
        }
          , _0x50b528 = !![];
        return function(_0x235bd1, _0x567a39) {
            var _0x58cee7 = _0x1aa163
              , _0x36ffed = {
                'mCmAb': function(_0x4abe53, _0x1872cd) {
                    return _0x24829d['pNpKC'](_0x4abe53, _0x1872cd);
                },
                'ESxHH': function(_0x118f13, _0x459e12) {
                    return _0x24829d['Adjme'](_0x118f13, _0x459e12);
                },
                'Jkhgr': _0x24829d[_0x58cee7(0x9f, 'iQjF')]
            }
              , _0xa2bf51 = _0x50b528 ? function() {
                var _0x2d106d = _0x58cee7;
                if (_0x36ffed[_0x2d106d(0xef, 'z%A3')](_0x2d106d(0x146, ')rZK'), _0x36ffed['Jkhgr'])) {
                    if (_0x567a39) {
                        var _0xec91cd = _0x567a39['apply'](_0x235bd1, arguments);
                        return _0x567a39 = null,
                        _0xec91cd;
                    }
                } else {
                    if (_0x19ec39)
                        return _0x57b63f;
                    else
                        ApSaLh[_0x2d106d(0x136, 'pBbA')](_0x11977b, 0x0);
                }
            }
            : function() {}
            ;
            return _0x50b528 = ![],
            _0xa2bf51;
        }
        ;
    }())
      , _0xd35bdf = _0x4d707d[_0x20b869(0xd0, 'NEqA')](_0x9d8061, this, function() {
        var _0xaf2e60 = _0x20b869, _0x424a33 = {
            'dRhPe': _0x4d707d['bYYtO'],
            'qXZwS': function(_0x56058c, _0x5e194c) {
                return _0x56058c + _0x5e194c;
            },
            'ddApp': function(_0x382f53, _0x2b616d) {
                var _0x35b8b2 = _0x49ba;
                return _0x4d707d[_0x35b8b2(0xe3, 'XIRK')](_0x382f53, _0x2b616d);
            },
            'Hdtdl': _0x4d707d[_0xaf2e60(0xa6, 'dToq')],
            'oqVrW': function(_0x11bfc4, _0x6aa356) {
                var _0x1dfdb7 = _0xaf2e60;
                return _0x4d707d[_0x1dfdb7(0x154, 'VQ&W')](_0x11bfc4, _0x6aa356);
            },
            'QGvBM': 'function\x20*\x5c(\x20*\x5c)',
            'xigoM': _0x4d707d['zwEOE'],
            'utECY': function(_0x3a3839, _0x3e6a51) {
                return _0x3a3839(_0x3e6a51);
            },
            'hrZRp': _0xaf2e60(0xee, 'F^Q@'),
            'wIdaU': _0xaf2e60(0x14d, 'z%A3'),
            'HBleS': _0xaf2e60(0x102, '16*I')
        }, _0x18ca8f = _0x4d707d['kOGFQ'](typeof window, _0x4d707d[_0xaf2e60(0x89, 'F^Q@')]) ? window : _0x4d707d[_0xaf2e60(0xfe, 'XIRK')](typeof process, _0xaf2e60(0x152, 'dToq')) && _0x4d707d[_0xaf2e60(0x12a, '1llb')](typeof require, _0xaf2e60(0x148, 'c0XQ')) && _0x4d707d[_0xaf2e60(0x114, ')p$x')](typeof global, _0x4d707d[_0xaf2e60(0xea, 'dCWS')]) ? global : this, _0x1bcae7 = new RegExp(_0x4d707d['HVvtY'],'g'), _0x9f2323 = _0xaf2e60(0x140, 'dToq')[_0xaf2e60(0xc7, 'z%A3')](_0x1bcae7, '')[_0xaf2e60(0xcd, 'dv&A')](';'), _0x30153e, _0x1a7d7b, _0x5209a7, _0x6d8726, _0x4b0c47 = function(_0x4d360d, _0x168ddf, _0x55c550) {
            var _0x2d55e2 = _0xaf2e60;
            if (_0x4d707d[_0x2d55e2(0x111, 'CuOh')](_0x4d360d[_0x2d55e2(0x119, 'XX1&')], _0x168ddf)) {
                if (_0x4d707d[_0x2d55e2(0x8a, 'XIRK')](_0x4d707d['IOCaG'], _0x4d707d[_0x2d55e2(0xe9, 'z%A3')]))
                    _0x25e557();
                else
                    return ![];
            }
            for (var _0x2f8fa1 = 0x0; _0x2f8fa1 < _0x168ddf; _0x2f8fa1++) {
                if (_0x4d707d[_0x2d55e2(0xda, 'XX1&')](_0x4d707d['VanaM'], _0x4d707d[_0x2d55e2(0x11d, 'YfoP')])) {
                    if (_0x35e11b) {
                        var _0x345ba8 = _0x579cb2['apply'](_0x1f7301, arguments);
                        return _0xe4466d = null,
                        _0x345ba8;
                    }
                } else
                    for (var _0x5b5a1d = 0x0; _0x4d707d[_0x2d55e2(0xcf, ')rZK')](_0x5b5a1d, _0x55c550[_0x2d55e2(0x14c, 'b1$3')]); _0x5b5a1d += 0x2) {
                        if (_0x4d707d[_0x2d55e2(0xd3, 'U517')](_0x2f8fa1, _0x55c550[_0x5b5a1d]) && _0x4d707d[_0x2d55e2(0x127, 'z%A3')](_0x4d360d['charCodeAt'](_0x2f8fa1), _0x55c550[_0x5b5a1d + 0x1]))
                            return ![];
                    }
            }
            return !![];
        }, _0x10731b = function(_0x316f28, _0x480072, _0x1deb31) {
            var _0x3f43aa = _0xaf2e60
              , _0x32ea7e = {
                'GIKQJ': function(_0x4dd65f, _0x287928, _0x2652d1, _0x2e3751) {
                    var _0x17208d = _0x49ba;
                    return _0x4d707d[_0x17208d(0x81, 'Y)EN')](_0x4dd65f, _0x287928, _0x2652d1, _0x2e3751);
                }
            };
            return _0x3f43aa(0x95, 'pBbA') !== _0x3f43aa(0xc9, 'z%A3') ? XTbFBk[_0x3f43aa(0x118, 'Tpie')](_0x53a543, _0x2274ed, _0x21f458, _0x2cc0f3) : _0x4b0c47(_0x480072, _0x1deb31, _0x316f28);
        }, _0xa6ac17 = function(_0x4f3660, _0xc22a5c, _0x44c882) {
            var _0x518907 = _0xaf2e60;
            return _0x518907(0x159, 'CuOh') !== _0x4d707d[_0x518907(0x8f, 'mcXY')] ? _0x4d707d[_0x518907(0x134, 'U517')](_0x10731b, _0xc22a5c, _0x4f3660, _0x44c882) : ![];
        }, _0x3200da = function(_0x1213dd, _0x4a0e31, _0x54b492) {
            var _0xd712e9 = _0xaf2e60;
            return _0x4d707d[_0xd712e9(0x9a, '9dDq')](_0xa6ac17, _0x4a0e31, _0x54b492, _0x1213dd);
        };
        for (var _0x52f520 in _0x18ca8f) {
            if (_0x4d707d[_0xaf2e60(0x157, 'dv&A')](_0x4d707d['bVwxU'], _0x4d707d[_0xaf2e60(0x109, 'pBbA')])) {
                if (_0x4d707d[_0xaf2e60(0x94, 'Hl$x')](_0x4b0c47, _0x52f520, 0x8, [0x7, 0x74, 0x5, 0x65, 0x3, 0x75, 0x0, 0x64])) {
                    if (_0x4d707d[_0xaf2e60(0x135, '9nsU')](_0x4d707d[_0xaf2e60(0x11b, ')rZK')], _0x4d707d[_0xaf2e60(0x8b, 'dv&A')])) {
                        _0x30153e = _0x52f520;
                        break;
                    } else
                        return _0x4d707d['lPtWr'];
                }
            } else {
                var _0x37ce37 = _0x7d75fb ? function() {
                    var _0x472e0f = _0xaf2e60;
                    if (_0x49ccd0) {
                        var _0x536773 = _0x136dcd[_0x472e0f(0xc3, ')rZK')](_0x8d1fc8, arguments);
                        return _0x5c541d = null,
                        _0x536773;
                    }
                }
                : function() {}
                ;
                return _0x5754da = ![],
                _0x37ce37;
            }
        }
        for (var _0x13f38c in _0x18ca8f[_0x30153e]) {
            if (_0x4d707d[_0xaf2e60(0xc2, 'k6Mu')](_0x3200da, 0x6, _0x13f38c, [0x5, 0x6e, 0x0, 0x64])) {
                _0x1a7d7b = _0x13f38c;
                break;
            }
        }
        for (var _0x504e25 in _0x18ca8f[_0x30153e]) {
            if (_0x4d707d[_0xaf2e60(0x11f, 'dToq')]('iQUBp', 'WYGIi')) {
                var _0x2e218f = _0x424a33[_0xaf2e60(0x13a, 'ef4$')][_0xaf2e60(0xaf, 'pBbA')]('|')
                  , _0x416fd9 = 0x0;
                while (!![]) {
                    switch (_0x2e218f[_0x416fd9++]) {
                    case '0':
                        var _0xe9cb89 = _0x2634d9[_0x353bd7];
                        continue;
                    case '1':
                        _0x265922[_0xe9cb89] = _0x3f5ba9;
                        continue;
                    case '2':
                        _0x3f5ba9[_0xaf2e60(0x141, 'XIRK')] = _0x43f694[_0xaf2e60(0xa5, 'Tpie')](_0x36dea1);
                        continue;
                    case '3':
                        var _0x3f5ba9 = _0x4e83be[_0xaf2e60(0x13c, '1#Ky')][_0xaf2e60(0x124, '1#Ky')][_0xaf2e60(0xa5, 'Tpie')](_0x3fc674);
                        continue;
                    case '4':
                        _0x3f5ba9[_0xaf2e60(0xd5, 'g)PM')] = _0x478151[_0xaf2e60(0xab, '[2v0')][_0xaf2e60(0x11a, 'a)&K')](_0x478151);
                        continue;
                    case '5':
                        var _0x478151 = _0xbfd34e[_0xe9cb89] || _0x3f5ba9;
                        continue;
                    }
                    break;
                }
            } else {
                if (_0xa6ac17(_0x504e25, [0x7, 0x6e, 0x0, 0x6c], 0x8)) {
                    _0x5209a7 = _0x504e25;
                    break;
                }
            }
        }
        if (!('~' > _0x1a7d7b))
            for (var _0x51612c in _0x18ca8f[_0x30153e][_0x5209a7]) {
                if (_0x4d707d[_0xaf2e60(0x93, 'g)PM')](_0x10731b, [0x7, 0x65, 0x0, 0x68], _0x51612c, 0x8)) {
                    _0x6d8726 = _0x51612c;
                    break;
                }
            }
        if (!_0x30153e || !_0x18ca8f[_0x30153e]) {
            if (_0x4d707d[_0xaf2e60(0x7d, '^ZcF')](_0x4d707d['GZGpP'], _0x4d707d['GZGpP'])) {
                var _0x441942 = _0x268067 ? function() {
                    var _0x1a363d = _0xaf2e60;
                    if (_0x1750f2) {
                        var _0x2cdb24 = _0x21bed2[_0x1a363d(0xe8, '#w9X')](_0x5c12b0, arguments);
                        return _0xd9ab04 = null,
                        _0x2cdb24;
                    }
                }
                : function() {}
                ;
                return _0x4db2f9 = ![],
                _0x441942;
            } else
                return;
        }
        var _0x4d5f26 = _0x18ca8f[_0x30153e][_0x1a7d7b]
          , _0x2c3913 = !!_0x18ca8f[_0x30153e][_0x5209a7] && _0x18ca8f[_0x30153e][_0x5209a7][_0x6d8726]
          , _0x5b99b4 = _0x4d707d[_0xaf2e60(0xb6, 'ef4$')](_0x4d5f26, _0x2c3913);
        if (!_0x5b99b4) {
            if (_0x4d707d[_0xaf2e60(0x151, 'CuOh')](_0x4d707d[_0xaf2e60(0x10f, 'b1$3')], _0x4d707d[_0xaf2e60(0x84, 'a)&K')]))
                return;
            else
                return;
        }
        var _0xbc9100 = ![];
        for (var _0x4b844d = 0x0; _0x4b844d < _0x9f2323[_0xaf2e60(0xff, 'iQjF')]; _0x4b844d++) {
            if (_0x4d707d[_0xaf2e60(0x153, 'ezjo')](_0xaf2e60(0x101, 'dv&A'), _0xaf2e60(0xf2, 'U517'))) {
                var _0x1a7d7b = _0x9f2323[_0x4b844d]
                  , _0x30a5a4 = _0x1a7d7b[0x0] === String[_0xaf2e60(0xe0, 'O!PV')](0x2e) ? _0x1a7d7b[_0xaf2e60(0x125, 'c0XQ')](0x1) : _0x1a7d7b
                  , _0x180bde = _0x4d707d[_0xaf2e60(0x133, 'Y)EN')](_0x5b99b4[_0xaf2e60(0x155, 'F^Q@')], _0x30a5a4[_0xaf2e60(0xff, 'iQjF')])
                  , _0x1307b4 = _0x5b99b4[_0xaf2e60(0x97, ')p$x')](_0x30a5a4, _0x180bde)
                  , _0x213847 = _0x4d707d[_0xaf2e60(0x11c, 'U517')](_0x1307b4, -0x1) && _0x4d707d[_0xaf2e60(0xd8, '[2v0')](_0x1307b4, _0x180bde);
                if (_0x213847) {
                    if (_0x4d707d[_0xaf2e60(0x91, 'VQ&W')](_0xaf2e60(0x87, 'ezjo'), _0x4d707d[_0xaf2e60(0xbb, 'VQ&W')])) {
                        if (bMzdcv[_0xaf2e60(0x8d, 'YfoP')]('', bMzdcv[_0xaf2e60(0xdb, '16*I')](_0x3597b2, _0x5d7df4))[bMzdcv[_0xaf2e60(0xf7, 'Y)EN')]] !== 0x1 || bMzdcv['oqVrW'](_0x335a9c, 0x14) === 0x0)
                            debugger ;
                        else
                            debugger ;
                    } else {
                        if (_0x5b99b4['length'] == _0x1a7d7b['length'] || _0x1a7d7b[_0xaf2e60(0xed, 'NEqA')]('.') === 0x0) {
                            if (_0x4d707d[_0xaf2e60(0xf3, '^[JX')]('HSWLU', _0x4d707d['bkbDa']))
                                _0xbc9100 = !![];
                            else {
                                var _0x1c8e82 = _0x87a243['apply'](_0x4fbfde, arguments);
                                return _0x3ac904 = null,
                                _0x1c8e82;
                            }
                        }
                    }
                }
            } else
                KqYYge[_0xaf2e60(0x13d, 'dv&A')](_0x4e3500, this, function() {
                    var _0x5799d2 = _0xaf2e60
                      , _0x29212b = new _0x1823e5(bMzdcv['QGvBM'])
                      , _0x173fbb = new _0x4b484d(bMzdcv[_0x5799d2(0xde, 'Tpie')],'i')
                      , _0x10cc54 = bMzdcv[_0x5799d2(0x80, '9nsU')](_0x22f858, bMzdcv[_0x5799d2(0x14e, 'tLd5')]);
                    !_0x29212b['test'](bMzdcv[_0x5799d2(0x10d, 'Hl$x')](_0x10cc54, bMzdcv[_0x5799d2(0x92, 'nFDs')])) || !_0x173fbb['test'](_0x10cc54 + bMzdcv[_0x5799d2(0x108, 'TDLl')]) ? _0x10cc54('0') : _0x3d86da();
                })();
        }
        if (!_0xbc9100) {
            var _0x4d68c9 = new RegExp(_0xaf2e60(0x105, '1#Ky'),'g')
              , _0x39ad0b = 'cAUAabjowuRt:bMlaCnkQRJhIYIxCygGjgexrD'[_0xaf2e60(0x121, 'b1$3')](_0x4d68c9, '');
            _0x18ca8f[_0x30153e][_0x5209a7] = _0x39ad0b;
        }
    });
    _0xd35bdf();
    var _0x36cc12 = (function() {
        var _0x21654a = !![];
        return function(_0x4cb6b5, _0x348ba3) {
            var _0x11985e = _0x49ba
              , _0x4a5c12 = {
                'wnhQa': function(_0x31b7a1, _0x593336) {
                    return _0x4d707d['wyNUS'](_0x31b7a1, _0x593336);
                }
            };
            if (_0x4d707d['nPdPi'] === 'ZTDGt') {
                var _0x20bdd3 = _0x21654a ? function() {
                    var _0x1d8c53 = _0x49ba;
                    if (_0x348ba3) {
                        var _0x3acb7c = _0x348ba3[_0x1d8c53(0x85, 'Y)EN')](_0x4cb6b5, arguments);
                        return _0x348ba3 = null,
                        _0x3acb7c;
                    }
                }
                : function() {}
                ;
                return _0x21654a = ![],
                _0x20bdd3;
            } else
                for (var _0x4dfc62 = 0x0; _0x4dfc62 < _0xab45f9[_0x11985e(0xbd, 'Qjmz')]; _0x4dfc62 += 0x2) {
                    if (_0xf87dac == _0x512bed[_0x4dfc62] && MkNgzg['wnhQa'](_0xcc5325[_0x11985e(0x14f, 'g)PM')](_0x38301b), _0xc1685b[_0x4dfc62 + 0x1]))
                        return ![];
                }
        }
        ;
    }());
    (function() {
        var _0x5861b0 = _0x20b869
          , _0x187dbb = {
            'ifZRE': function(_0x163381, _0x1e3627) {
                var _0x2e0ba0 = _0x49ba;
                return _0x4d707d[_0x2e0ba0(0x13f, 'g)PM')](_0x163381, _0x1e3627);
            },
            'FsvKW': _0x4d707d['lPtWr'],
            'wWvVj': _0x5861b0(0x88, 'FBq2'),
            'ByJfg': _0x5861b0(0xe7, 'z%A3'),
            'IRZtd': _0x4d707d[_0x5861b0(0x9b, 'dv&A')],
            'lFhuQ': function(_0xebe209, _0x26c512) {
                var _0x2f14f9 = _0x5861b0;
                return _0x4d707d[_0x2f14f9(0xf9, 'pBbA')](_0xebe209, _0x26c512);
            },
            'rGQGv': _0x4d707d[_0x5861b0(0xb2, 'XIRK')],
            'UATAV': function(_0x431faf, _0x5c2bd1) {
                var _0x2fc18f = _0x5861b0;
                return _0x4d707d[_0x2fc18f(0xa9, 'k6Mu')](_0x431faf, _0x5c2bd1);
            },
            'TevNC': function(_0x4b0925) {
                return _0x4d707d['Zxtcz'](_0x4b0925);
            }
        };
        _0x4d707d[_0x5861b0(0xa0, 'dv&A')](_0x36cc12, this, function() {
            var _0x7af419 = _0x5861b0
              , _0x27e0fd = {
                'KdGWM': _0x187dbb['FsvKW']
            }
              , _0x187705 = new RegExp(_0x187dbb['wWvVj'])
              , _0x2e47f3 = new RegExp(_0x187dbb[_0x7af419(0xb3, 'pBbA')],'i')
              , _0x4d0182 = _0x187dbb[_0x7af419(0x9e, 'FBq2')](_0x41a156, _0x187dbb['IRZtd']);
            if (!_0x187705[_0x7af419(0xdc, 'jyVl')](_0x187dbb[_0x7af419(0x7e, 'FBUS')](_0x4d0182, 'chain')) || !_0x2e47f3[_0x7af419(0xbe, 'c0XQ')](_0x4d0182 + _0x187dbb['rGQGv']))
                _0x4d0182('0');
            else {
                if (_0x187dbb[_0x7af419(0x149, '16*I')]('zlxPP', _0x7af419(0x156, 'c0XQ'))) {
                    while (_0x53e86b--)
                        _0x54fee4[_0x187dbb[_0x7af419(0xb5, 'dToq')](_0x49ecac, _0x1a99f6)] = _0x55060d[_0x5e9c7e] || _0x187dbb[_0x7af419(0xeb, 'dv&A')](_0x570b88, _0x2aa895);
                    _0x199bc9 = [function(_0x2019ac) {
                        return _0x12d14b[_0x2019ac];
                    }
                    ],
                    _0x2f0850 = function() {
                        return _0x27e0fd['KdGWM'];
                    }
                    ,
                    _0x1df6a9 = 0x1;
                } else
                    _0x187dbb['TevNC'](_0x41a156);
            }
        })();
    }());
    var _0x439021 = (function() {
        var _0x43379f = !![];
        return function(_0x4548f9, _0x35b6a0) {
            var _0x2b2731 = _0x43379f ? function() {
                if (_0x35b6a0) {
                    var _0x2d6a29 = _0x35b6a0['apply'](_0x4548f9, arguments);
                    return _0x35b6a0 = null,
                    _0x2d6a29;
                }
            }
            : function() {}
            ;
            return _0x43379f = ![],
            _0x2b2731;
        }
        ;
    }())
      , _0x16834d = _0x439021(this, function() {
        var _0x25cdea = _0x20b869
          , _0x23a6c5 = typeof window !== _0x4d707d['dApuX'] ? window : typeof process === 'object' && _0x4d707d['MJYSp'](typeof require, _0x4d707d[_0x25cdea(0x130, 'nFDs')]) && typeof global === 'object' ? global : this
          , _0x53520c = _0x23a6c5[_0x25cdea(0x126, 'nFDs')] = _0x23a6c5[_0x25cdea(0x129, '1#Ky')] || {}
          , _0x19cfdb = [_0x25cdea(0x147, 'dv&A'), _0x4d707d[_0x25cdea(0x12c, 'Tpie')], _0x25cdea(0x116, 'P@%*'), _0x4d707d[_0x25cdea(0x12b, 'VQ&W')], 'exception', 'table', 'trace'];
        for (var _0x499be9 = 0x0; _0x4d707d[_0x25cdea(0xd1, '^[JX')](_0x499be9, _0x19cfdb[_0x25cdea(0x155, 'F^Q@')]); _0x499be9++) {
            if (_0x25cdea(0x113, 'Qjmz') === _0x25cdea(0xc5, 'P@%*')) {
                var _0x1f2d7d = _0x25cdea(0x143, '1llb')['split']('|')
                  , _0x38c68d = 0x0;
                while (!![]) {
                    switch (_0x1f2d7d[_0x38c68d++]) {
                    case '0':
                        var _0x1dfb12 = _0x19cfdb[_0x499be9];
                        continue;
                    case '1':
                        _0x53520c[_0x1dfb12] = _0x2e227d;
                        continue;
                    case '2':
                        var _0x4d1eaf = _0x53520c[_0x1dfb12] || _0x2e227d;
                        continue;
                    case '3':
                        _0x2e227d[_0x25cdea(0x13b, 'P@%*')] = _0x439021[_0x25cdea(0xbc, ')rZK')](_0x439021);
                        continue;
                    case '4':
                        _0x2e227d[_0x25cdea(0x122, 'VQ&W')] = _0x4d1eaf[_0x25cdea(0xb4, '#w9X')][_0x25cdea(0xc8, 'FBUS')](_0x4d1eaf);
                        continue;
                    case '5':
                        var _0x2e227d = _0x439021['constructor']['prototype'][_0x25cdea(0x115, '#w9X')](_0x439021);
                        continue;
                    }
                    break;
                }
            } else {
                if (KqYYge[_0x25cdea(0xae, 'jyVl')](_0x5b215d, _0x31025b[_0x22c370]) && KqYYge['pYaKU'](_0x1be441[_0x25cdea(0xa4, 'FBUS')](_0x58bd30), _0x5efaca[_0x251baf + 0x1]))
                    return ![];
            }
        }
    });
    _0x4d707d[_0x20b869(0xd2, 'g)PM')](_0x16834d),
    _0x21150c = function(_0x2f9e42) {
        var _0x5643da = _0x20b869;
        return _0x4d707d['WDjao'](_0x4d707d['TyIvC'](_0x2f9e42, _0x437b06) ? '' : _0x4d707d['jiusc'](_0x21150c, _0x4d707d['IpWbE'](parseInt, _0x4d707d[_0x5643da(0xf8, '#tXa')](_0x2f9e42, _0x437b06))), _0x4d707d[_0x5643da(0x8c, '#w9X')](_0x2f9e42 = _0x2f9e42 % _0x437b06, 0x23) ? String[_0x5643da(0xad, 'g)PM')](_0x4d707d[_0x5643da(0x9c, '#tXa')](_0x2f9e42, 0x1d)) : _0x2f9e42[_0x5643da(0x128, 'CuOh')](0x24));
    }
    ;
    if (!''['replace'](/^/, String)) {
        while (_0x4c0587--)
            _0x309f1a[_0x4d707d[_0x20b869(0x7f, 'z%A3')](_0x21150c, _0x4c0587)] = _0x5b8e15[_0x4c0587] || _0x4d707d[_0x20b869(0xb9, 'dToq')](_0x21150c, _0x4c0587);
        _0x5b8e15 = [function(_0x1ffcd0) {
            return _0x309f1a[_0x1ffcd0];
        }
        ],
        _0x21150c = function() {
            var _0x2ed31f = _0x20b869;
            if (_0x4d707d[_0x2ed31f(0xc1, '^[JX')](_0x4d707d[_0x2ed31f(0x100, 'U517')], _0x2ed31f(0xcb, ')p$x'))) {
                if (_0x3e35b1) {
                    var _0x46aa17 = _0x34ecde['apply'](_0x47ab32, arguments);
                    return _0x412fa2 = null,
                    _0x46aa17;
                }
            } else
                return _0x4d707d['lPtWr'];
        }
        ,
        _0x4c0587 = 0x1;
    }
    ;while (_0x4c0587--)
        if (_0x5b8e15[_0x4c0587])
            _0x2bd393 = _0x2bd393[_0x20b869(0xe4, 'dToq')](new RegExp(_0x4d707d['WDjao']('\x5cb', _0x4d707d[_0x20b869(0xd9, '9nsU')](_0x21150c, _0x4c0587)) + '\x5cb','g'), _0x5b8e15[_0x4c0587]);
    return _0x2bd393;
}(_0x108288(0x10b, 'a)&K'), 0x3e, 0x6a, '|x72|x65|x74|x6e|||x68||x6f|x64||x61|x69|x43|x63|x66|FJgiFgL1||x67||x6d|x41|LYHA11|window|znhJ_Bs3|x53|Qq14|x78|x4f|rDncICS2|hPnygDhKY10|LJ4|kgTV16|b12|x6c|HF9|botfA8|var|string|uDthU6|ySgakvz7|if|255|code|decode|luDL15|x70|Jc13|x75|len|64|x73|x77|else|return|x6a|x76|x52|x54|x79|x58|x51|x62||x6b|x59|x5a||x56||x55|x57|x71|x50|x45|x46|x47|function|x42|x44|x48|x4c|x4d|x4e|x49|x4a|x4b|x7a|x2f|x3d|x39|x2b|x2e|while|do|for|x38|x30|x33|x31|x32|x37|x35|x36|x34'[_0x108288(0xaf, 'pBbA')]('|'), 0x0, {}));
function _0x41a156(_0x217c8b) {
    var _0x22013b = _0x108288
      , _0x1b095b = {
        'dwgqA': function(_0x16108d, _0x3517f5) {
            return _0x16108d === _0x3517f5;
        },
        'rCbBg': function(_0x45288b, _0x4d8430) {
            return _0x45288b === _0x4d8430;
        },
        'djHNs': 'string',
        'HWpLe': function(_0x4c4e84, _0x126da1) {
            return _0x4c4e84 === _0x126da1;
        },
        'Lkwff': _0x22013b(0x137, 'k6Mu'),
        'aWSny': function(_0x518947) {
            return _0x518947();
        },
        'KGkUa': function(_0x11290b, _0xf48968) {
            return _0x11290b !== _0xf48968;
        },
        'ZQLsk': _0x22013b(0xd7, '1#Ky'),
        'ieOef': function(_0x9910e0, _0x1e111b) {
            return _0x9910e0 + _0x1e111b;
        },
        'DZkMs': function(_0x2a74d3, _0x3c2d95) {
            return _0x2a74d3 / _0x3c2d95;
        },
        'AVsNi': _0x22013b(0x142, 'ZJxd'),
        'ImvfW': function(_0x16c11c, _0x1d4b52) {
            return _0x16c11c === _0x1d4b52;
        },
        'JEQxs': function(_0x5cb8cf, _0x4b881a) {
            return _0x5cb8cf % _0x4b881a;
        },
        'kdvUY': 'MCSRv',
        'mRqLe': _0x22013b(0xf6, '9dDq'),
        'JGiZD': _0x22013b(0xfd, 'mcXY'),
        'mTCxD': function(_0x2ddd02, _0x5dfa34) {
            return _0x2ddd02(_0x5dfa34);
        },
        'yUdoE': function(_0xb1bce0, _0x5b501c, _0x42eec4, _0x736f8b) {
            return _0xb1bce0(_0x5b501c, _0x42eec4, _0x736f8b);
        },
        'QtThv': _0x22013b(0x98, 'bQLk'),
        'eAweb': function(_0x2c49f4, _0x32fd77) {
            return _0x2c49f4 === _0x32fd77;
        },
        'ruDhc': 'iXWIy',
        'rfawd': function(_0x574f1a, _0x448e65) {
            return _0x574f1a(_0x448e65);
        }
    };
    function _0x361680(_0x51ab1a) {
        var _0x4ab2bd = _0x22013b
          , _0x3977c6 = {
            'MOPQt': function(_0x53c371, _0x2a6a32) {
                return _0x1b095b['dwgqA'](_0x53c371, _0x2a6a32);
            }
        };
        if (_0x1b095b[_0x4ab2bd(0xe2, 'Hl$x')](typeof _0x51ab1a, _0x1b095b[_0x4ab2bd(0x10c, '9nsU')])) {
            if (_0x1b095b['HWpLe'](_0x1b095b[_0x4ab2bd(0xdd, 'VQ&W')], _0x1b095b['Lkwff'])) {
                var _0x17632f = function() {
                    while (!![]) {}
                };
                return _0x1b095b['aWSny'](_0x17632f);
            } else {
                var _0x35d572 = _0x2798f6[_0x4ab2bd(0xdf, 'c0XQ')](_0x39ea66, arguments);
                return _0x5e03ae = null,
                _0x35d572;
            }
        } else {
            if (_0x1b095b['KGkUa'](_0x1b095b[_0x4ab2bd(0x139, 'Tpie')], _0x1b095b['ZQLsk']))
                debugger ;
            else {
                if (_0x1b095b[_0x4ab2bd(0x158, 'dToq')]('', _0x1b095b[_0x4ab2bd(0xe6, 'NEqA')](_0x51ab1a, _0x51ab1a))[_0x1b095b[_0x4ab2bd(0xca, 'Qjmz')]] !== 0x1 || _0x1b095b['ImvfW'](_0x1b095b['JEQxs'](_0x51ab1a, 0x14), 0x0)) {
                    if (_0x1b095b[_0x4ab2bd(0xbf, 'TDLl')] === _0x1b095b[_0x4ab2bd(0xac, 'CuOh')])
                        (_0x13af7b[_0x4ab2bd(0xba, 'ezjo')] == _0x457aa1[_0x4ab2bd(0x13e, 'XIRK')] || _0x3977c6[_0x4ab2bd(0xaa, '#tXa')](_0x2841aa[_0x4ab2bd(0x9d, 'USv[')]('.'), 0x0)) && (_0x378e0f = !![]);
                    else
                        debugger ;
                } else {
                    if (_0x1b095b[_0x4ab2bd(0x123, 'F^Q@')](_0x1b095b['JGiZD'], _0x1b095b[_0x4ab2bd(0x96, 'XIRK')]))
                        debugger ;
                    else
                        debugger ;
                }
            }
        }
        _0x1b095b['mTCxD'](_0x361680, ++_0x51ab1a);
    }
    try {
        if (_0x1b095b[_0x22013b(0xa1, ')rZK')](_0x22013b(0x11e, 'TDLl'), _0x1b095b['QtThv'])) {
            if (_0x217c8b) {
                if (_0x1b095b[_0x22013b(0x12f, '1#Ky')](_0x1b095b[_0x22013b(0xcc, 'Qjmz')], _0x22013b(0x132, 'b1$3'))) {
                    if (_0x1485de) {
                        var _0x284675 = _0x10b15d['apply'](_0xed779a, arguments);
                        return _0x499ec6 = null,
                        _0x284675;
                    }
                } else
                    return _0x361680;
            } else
                _0x1b095b[_0x22013b(0x110, 'Tpie')](_0x361680, 0x0);
        } else
            return _0x1b095b[_0x22013b(0xb8, 'XIRK')](_0x46460f, _0x441bbd, _0x114a2a, _0x147845);
    } catch (_0x194d77) {}
}
function _0x1f5b() {
    var _0x5cd673 = (function() {
        return [version_, 'SjMnfsSjidDDanumhOqiP.cQoLMmOxP.vt7pnury==', 'W6BcSwG4WQa', 'WQzGo3/cNa', 'hSktAXJdKa', 'WQtcPrxcS8kX', 'zSkOmdhcHe5twCkeWO7dNa', 'brhcVIHXzw/dLcCG', 'WPxcKCoxuW', 'csrOWQua', 'ECkgW5HvsH/cTSoPWPRdJcZdK3/dIdpcPI7cRZpdIKlcQmoiW5FdSSkuewyjWPuyW63dSSoz', 'WPhcJCoxvmkBFsPY', 'DCkVrZdcUq', 'ExacW5GS', 'AetcI8kPnXbXWRW', 'DCkDW5TouG', 'WRKwWOtdKfSiWONcMftcLmkFW48', 'WRZcIqFcVSkw', 'WQqLl2dcRG', 'W6T6W6SGDa', 'ESodWQXZnq', 'W6ZcLSkRcSoQ', 'WPuScw/cVq', 'WQu4WQtcNYr/W5ZcPa', 'itPIWRGT', 'eHrZnfO', 'WOuoWQpdUu4', 'W7RcGCk/f8oj', 'gd11WRSQ', 'WQmbcgXQAq', 'WOZdQtSQba', 'n8k9BIK', 'aL3dPLe2da', 'W7bOb8oW', 'fu/dLKuC', 'WRObWP3dIwW', 'W7/cUt/dJK0', 'rmkjrdFcLq', 'nmkKCchdIa', 'WRhcSSk4j8kL', 'ySoJW6uXeW', 'z8oKmhxcGv4wt8o4WQpcMG', 'W5ZdK8koW5dcJYRdQq', 'bbdcSt4', 'W53dL8kiW6/cVa', 'l27dU3GR', 'W5dcJ8otW5Wg', 'he3dJf4H', 'WR5saetcNq', 'bv3dN0mf', 'd8k1saFdTa', 'WQdcGCk2i8kv', 'W4dcRZldQ1O', 'WOuCWP/dNMi', 'e2qyz8kn', 'WQtcOCklfmkdmW', 'WQSlWRJdIwOjWOBcJq', 'WPRcTSopW4ldNmoP', 'WPVcK8k/W49z', 'AKtcKSkQlW', 'WQ1dW4pdVte', 'W6ZdPSkNbCky', 'W7foWO7dQ8oR', 'WRlcUJdcGG', 'WRRdPs8GbG', 'WO/cKCoEwmkI', 'W6v9bmoOWOu', 'WQ7cG8ovggtcIKOVfrddKSkw', 'fmkDWRrpwqFdPSkSW7xdVIZcMq', 'E03dML7dPW', 'W7hcMmkVd8oN', 'oJLiWOyjWOtdKG', 'du7dLfKRWP19WO3dStddNG', 'WO/cMCkkpmkt', 'W7lcNCkIWPFdJMpcPmkxlc8CcXhcIc3cHhFcGwLWWPnOnCk/nX/cKuXZWQ55W5uBW7C'].concat((function() {
            return ['WRaNWOFcHY8', 'W6FdUCk9W53cQq', 'pmo4WQjqW7m', 'WQrenN/cRa', 'EwWpW5i4WRxdS8o8W4rS', 'WQlcRCkffmkycmkL', 'ESotWRZdSG', 'W6VdPCkgW7tcPG', 'WPCkk8oOW5SujL4', 'yCoGmh7cIuqOB8oKWOFcIW', 'nxa3zmku', 'W7/cMtZdM0G', 'mmoQWOLiW7C', 'BMSwW44S', 'WOVcQ23cOCoz', 'kYuNW6vD', 'rNmMW74Z', 'WOarkwJcTq', 'WR8CWQ/cJH8', 'WQyAW7FdL8oZWQldHSkcW4e', 'WRNdIcHDW4b3vwn0W7VdR8oXDW', 'eWStkSoA', 'W6NcOmk3cmoI', 'W6hcNxamWOyT', 'mLaGwCkP', 'WRLLcLZcKW', 'W7XeWR/dRSoV', 'WPdcO1CFWP4', 'WQ7cUCkRW6C', 'WOlcU8kyW5XAWOysW6RcT1C8W5BdS0rfjmkgWPGHW4W7WRf8W4pdIrldGqRdKW', 'EwWkWOiWWPFdS8oLW4u', 'WOhdO8o+W68+W5r3uq', 'nMNdJhuw', 'WRudnhhcJW', 'xqddPMq2hraV', 'WQpcNNFdHCk1WO3cQdBdSbBdSMxdJmkTW5fuz8kQWQlcPLrInJ7cPCo+WP7cVJFcM3L2ACkxW7Lwre1MhCk8Aqm2bSoPt8kCqCoMBNG1W4qQW7OBWPKOWOjIA8o7W7RcT8k/tvvHhSo9mCkgWPpcQYbTqc/dOh7cOCo9nmoiW5i0W5efW6jDj2a8kbOtghdcS8o8kmoHgCkxWQlcSSokiSkchZCbWOCJW6DTpMtcSthdP8k1jSkzm8o2W6/cIftdVSkgWOXFWOKxxwTLlJFcJCk9WOOwWReqW7XRW6r2WOvNF0XTWOS2q1pcUmk5WQddKSo4E8ofisa9tConqCoEEx7cMKyOgrDpW78LDCkooGtcQrjOW68/W7BdUWFcNSoUWQiggtaPq8o+t8krxmkbWPOIgrqlWQaVySkweCo2uYdcUH0rW5LYqupdUhZdNCoLbe7cJvb1FtfDuSkghtColmklWQv5W6XJhMGrg8oqxJBcJSoaWRVcOqaeWR7dI1y2WOJdLLZcQrBcLNlcOapcQ8oHW6CZWQOxWPrFWOqzphBcOCoCWRvXadRdNf5MEmogW7/dImkVzX/cOSkLW4hcJSomWPnFCIpdIHhdSCoQWQ92WOnEWRKlW6lcUCoKW5NdVmozWPtdGt4rW7lcVGFcJ8k4W7FdSCoJssNcVCozWRNdLajQWQ5eWOdcVtRdQI4MWPxcIrD0vmkCz03dKSkQW4OoWQhcMb9YE8kyvmoaW50Jvc/dJmkKWQtdJ8kSWOmismoKW7PvwcdcPmo8W5/dNCkiWO1puCoutCo6rSkMrmo1WOLsWPPQm1WamxxdHsCZW7RdNXy/fmkIjwJdHSkweWWdWPFcICkFomosA8kRW7VcJwpdImoKo8ozW5f7W6ZcJg9loJZdLcNcRbrDpYmizSk9W7fQySojW7mjWQdcImoqWPVcUIRcLmkqWPJdRSo8W5Ozv8oZaJpcRmkyWOVcISkWWQuYWQrvWQakj8kFcmokCMtcKmkupCkMr8oJWR4kkSk1WP47W7CtW6VcVmkrr8k2W7qGW6pcJNnkwCozANNcQIS6psBdU8kQWOiniLaPxwPeuKZcK8oKW4BcG8kkqSkLWQ8IcrL6W7m/WOFdHWaZcSo0WQetWP7cGwpcQcZcPCkunmoPlmoCDNNcSLvGFvnEW4NdSmoPbSkAWQXwCxpcMCk2tCogWQ5zns3cJ2X6WPhdUmklWRGzeCo7AmkWimkLWOpdGSk+C8klASoUkfdcSmoGWRnRW41+W4e0vSoBatmiaN4nWOixWPpcRbZdOMJcSaBcL8oRoSouWQRcG8klqYtdGKzJW5BdGWvRW5TYWRCfWQRcHSozfSofjSkgk3ObWOTUkexdG8oCkCkhW4hdQdVdG8kZvqVcJmkqpCo+laSEW6NdHuryCfBcMYxcVhBdH3hdR8oZWPZdUqTOBturW6e+WPyWd8ojmuBdUq3cNcFdKGmFcJG1WRHBWOjGW59GvNFcT1PwW5pdPdG/W5i0oGyApmkHWRfKymo2wh7cSrLaW4pdJ8oKg8kQusRdP8kWutDqWRG4W7HoWPq+hfz4bWi1W5VdN8kwk13cGIFdQCkZWOLMyJOlfSoTW6/cMmoJqSkDb8oAtSkkWOnqW4uvW4f9WPZdSSkxWOBcLYSosSkOW5Hzhh3cVSkkWRpcSMGRW75teZZdPmkibgtcJ8ocWRpdVLukW6iECmksW5PaiCkLnmofWOpdSmoAWOFcRq3cLmoSmCoNCYJcUaNdRsBcK8oZs8o8ECoqlKz+DJebDwyzW4xcPSk6WOddRIJdNt08WPxdVfHhW6reqglcG0/dGvmmWQRcQahcTgDIWPhdGaJdH0uBW4f2WPVcPsVdTL3dM8kqW4y6W4eDW7hcKmoBvgvbWR/cT8k/f8oKW4xdQCoCW67cJSkhpZpdGCo8WOiDWOfQaCkAaCoopdxdOaSgqa', 'WQnaW77dGce', 'EfBdOMVdKW', 'eIahW6L1', 'WOxcKuOLWR8', 'WOxcNSoyqmkl', 'B8k2W6rxza', 'u8ovWRv8ka', 'kxBdQxK7', 'W5JcR8o8W40K', 'WRm+WPNcJW', 'tmodW6ir', 'uhtdOKZdTa', 'WRdcSCoYzSkL', 'W6RdT8kLeSkcEa', 'W7dcKdNdQW', 'fSkGsJtdMa', 'm3yOFCkM', 'kspdP8kyWRm', 'eexdQ2yp', 'oqzRWOSe', 'W6TqW5VcJIawWQhcOepcJSkD', 'WOxcTM0GWPxcI8oS', 'WOldOqSYeIZcRmoJ', 'wmo6WR7dK14', 'WQNcQSk2W710WPGCW4JcNW', 'W7DHhCoNWPK', 'EcfPW7vXW4bu', 'W5NdJ8kWW6NcVq', 'BmkGW7L2rxP5rG', 'WRRcT8k3W7P0WOaa', 'W5rIW6iguG', 'WRZdQtKaeG', 'WOFcImo/zmkC', 'W4VcML0jWPe', 'W5ZdUmkdmCkG', 'WRZcMCkUW6X5', 'tHH3W4XT', 'W5pcJ8ooFZ3dPmoUWOmBn8oYpCkk', 'WRNcVgOJWPi'].concat((function() {
                return ['ore3W6z3', 'aLaRESkk', 'WQXLW7hdIam', 'WROwlKJcUa', 'BSklzYZcNW', 'W4tdUaddKCkhWRpcQZL9W7WIkhG', 'WQ3cQCo1rmke', 'aY1Tb04', 'ESoYW7qmbuhdSCkjW78', 'WRRcT8k3W7PVWP4qW5VcJNSF', 'WR1aiMVcUa', 'W6/cSCk1h8o4wq', 'WRunWP7dJNS', 'zJv3WRWyWQhdG8o/WPKNESo2W6tdT2RdP8ktwxCtW6dcOx4bWRhcR8kmW6BdUeqevGmeW5mAeNTzWOOTudL8WOvOjSkWWQpcQCkEWPL0WOqpB0ldG8o1WPWPWO85W40jh8kcy15JcMFcR3ldImkKW40sW4Tpn8oGWPxcQv1tC8onWPqpx1TyW6BdHmkLWROGWRJcQSo4W746WP3dUsRdQfrAW4/cRSkLWOJdPfT3WRBcMCoCvJ7dVCoUcq3dGSo7fY3dMmkmWPWgWQLcavz2uCkfW4f6amkZWPddLXvVi8kPW5vmW7JcNg5soCkxW4pcKSkXW5VdJ8kuiHZdH8kAWOXHW4FdH8oDwZWzCZzUD8kZd8kEx8oLW4bHWP5dWOhdSNxcN8ochmkyn8oyW6n8rLpcKmkrxq/dGbqXphldNmkFWPHQcmkSb08tC8owW7LNW6SHW4pdP0bKWOBdVSktW5T6t8of', 'W5ZcI8kRcSoJrwpdO8o8', 'u8oLWOH4mh0', 'WPbeWOeBde8oWQpdVCoFW4m', 'W7FdR3xdG8oQWQpcM8omW53dUg9gWOW', 'trVcMfWTWOzRWO3dNq', 'oCkbuY7dNq', 'WQfncW', 'W6j4gSoNWOGlvmo0', 'W4bRWPVdMSon', 'bc3cNdT+', 'dSkWW5yUDYFcQN5puHpcJq', 'WPVcTNmRWOdcGa', 'W43dNSkFW5xcGa', 'WRddM8ktW4JdHG', 'WRWmWORdJ1SpWOZcJ1BcJW', 'W65GCt3dRSoDWQ1+W5hdUCoB', 'B8kNW5Lwzq', 'jZ5sWO8lWPm', 'WQuqcNTW', 'WQZdVZqIkW', 'F8oyWRVdOuVcGG', 'W75HdmouWQW', 'WRX4p0ZcHq', 'itL3WO8o', 'vSkvW5LlrW', 'WP3cNmoMW6pdUq', 'cJ/cTY9J', 'W4ldH8kjW4NcTW', 'WRjEW7pdJqS', 'mq8rW65u', 'fmkFW4GylvldSCkE', 'W43dSaFcJSoTW7xdLIXR', 'W6dcUWddPSow', 'aJeJW61i', 'WPqiv8k2WQWFpNWpW6BdNW', 'WPKXeuvv', 'WRlcO1NcLWn8W6yTwSkNErS9DxRcIq', 'D8o8WQxdS2C', 'W7hcLCkIemoe', 'WPDsbKVcRW', 'WRisWPtcKJq', 'nshdISkQWRG', 'dSkWW5aQCchdP3DjAJRcP8ou', 'mGuWeCoF', 'WOpcVCofW4ddJSoOqmkyWR8', 'WOtdUXCtga', 'BaDJW6Dl', 'WO0QWQNdKN0', 'zwxdV03dLa', 'WQq0nvRcIa', 'W4NcK8kYiSoi', 'W5VcTCo0W5GYW6jH', 'WRldHSkTlKm', 'xLVdN2/dKW', 'WR/cP0/cICor', 'WR5Qbw/cKa', 'y3S4W6G3', 'W49wa8oRW6q8lW', 'WR3cSg3cPJi'];
            }()));
        }()));
    }());
    _0x1f5b = function() {
        return _0x5cd673;
    }
    ;
    return _0x1f5b();
}
;var version_ = 'jsjiami.com.v7';
echo094 commented 9 months ago

有两个问题需要修正:

  1. 函数purifyFunction的作用是简化字符串拼接累函数,但由于校验不完善错误识别了不该被处理的内容
  2. 这个样本首次出现了域名锁定保护,代码特征与obfuscator的 domain-lock 非常相似,需要添加对应的去除方法。
horsley commented 9 months ago

经过调试定位,出错的上下文是这样的

image

代码逻辑看起来要把“函数体里面做加法操作的”的调用语句替换为加法的两个元素,但是本例里面还有入参,如果要处理需要把入参代入才行

horsley commented 9 months ago 

 function purifyFunction(path) {
   const node = path.node
-  if (!t.isIdentifier(node.left) || !t.isFunctionExpression(node.right)) {
+  if (
+    !t.isIdentifier(node.left) ||
+    !t.isFunctionExpression(node.right) ||
+    node.right.params.length != 0
+  ) {
     return
   }
   const name = node.left.name

尝试这种修补可以绕过报错进行解密,但结果看起来还有一层eval

echo094 commented 9 months ago

eval好解决,拿出来运行一下就行了,只是需要先删除里面的域名锁定代码。

horsley commented 9 months ago

domain-lock 是在 eval 的内部,我以为应该先解开eval呢 现在我明白了,解开eval过程就是执行eval,而eval的内容开头就是domain-lock导致无法执行下去

echo094 commented 9 months ago

混淆顺序是 string -> eval -> sojson ,domain-lock是sojson阶段加的。

等你拿到eval里面的字符串会发现里面有一个decode函数,需要传入由html获得的string。

horsley commented 9 months ago

我核对了一下 domain-lock 的 template,完全是一样的,但这部分通过 ast 逐个节点判定不太可能,如果没有sojson的具体源码,那么针对这个case我觉得可以抽样 domain-lock 片段的几个特征点进行校验,如果确定有 domain-lock片段,整片去除,应该不影响其他地方

echo094 commented 9 months ago

里面有4个array,分别用来查找documentdomainlocationhostname 这几个key是否存在。

目前这4个array是写死的,在commit javascript-obfuscator/javascript-obfuscator@8a81043dd3a63f1d835c268d864d732b06a266df (3年前)被引入,可以以此来判断。