是否可以对JavaScript进行去模糊处理
Is it possible de-obfuscate JavaScript?
我需要你的帮助
有可能在JavaScript中消除混淆吗?
var_0xeda3=["'x62'x3D'x5B'x27'x30...
jsfiddle演示
这个呢?
var bcd140526_id = '|||]|||||]||]]]]|||]|||]|]]|]]]]|||]|||]|]]|]]]]|||]|||]||]|]]]]|]|]]|||]]]]|]|||]]]]]]]|]|||]]]]]]]|||]|||||]]]]]]]|||]|||||]]|]]]]|||]|||||]]]]]]]|||]||||]|||]]]]|||]|||]||||]]]]|||]|||||]]]]]]]|||]||||]|||]]]]|||]|||||]]|]]]]|||]|||||]]]]]]]|||]||||]|||]]]]|||]|||||]]|]]]]|]|||]]|]]]]]||]]|||]]]]|||]||||]|||]]]]|||]|||]|||]]]]]|||]||||||]]]]]]|||]|||]|]|]]]]]|||]|||]||]|]]]]|||]|||]|||]]]]]|||]|||]|]]|]]]]|]|||]]|]]]]]||]]||]]]]]|||]|||]|||]]]]]|||]||||]||]]]]]|]|||]]]';
逆向工程需要付出很多努力。然而,在面对混淆JS时,您可以从几个步骤开始。
首先,除臭,然后美容。在这一点上,代码仍然是不可读的,但这些步骤将降低整体复杂性。
大多数JavaScript模糊处理程序都使用一种策略:提取静态值,将其放入数组中,然后用数组查找替换静态值。
例如
注意:我省略了对变量名的篡改。
var url = 'www.google.com';
将变成:
var allStaticValues = ['www.google.com'];
var url = allStaticValues[0];
这种模式通常很容易识别和逆转。
var allStaticValues = ['www.google.com'];
var obfusactedCode = 'var url = allStaticValues[0];';
var clearerCode = obfusactedCode.replace(/allStaticValues'[(.+?)']/g, function ($0, $1) {
return ("'" + allStaticValues[$1] + "'");
}); //var url = 'www.google.com';
以下是它为您的模糊代码提供的内容:
function _fPnA(number) {
switch (number) {
case '||||':
return '0';
break;
case '|||]':
return '1';
break;
case '||]|':
return '2';
break;
case '||]]':
return '3';
break;
case '|]||':
return '4';
break;
case '|]|]':
return '5';
break;
case '|]]|':
return '6';
break;
case '|]]]':
return '7';
break;
case ']|||':
return '8';
break;
case ']||]':
return '9';
break;
default:
return 'separate';
break
}
return 'separate'
}
function _fKhU(code) {
var _vTcN = window.location.hostname;
var _vMgJ = '';
var _vNfU = '';
_vTcN = _vTcN.replace('http://', '');
_vTcN = _vTcN.replace('https://', '');
_vTcN = _vTcN.replace('www.', '');
_vTcN = _vTcN.split('.')[0];
for (var _vXnG = 0; _vXnG < code.length / 4; _vXnG++) {
var _vKxS = code.substring(_vXnG * 4, (_vXnG + 1) * 4);
if (_fPnA(_vKxS) == 'separate') {
_vMgJ += String.fromCharCode(Number(_vNfU));
_vNfU = ''
} else {
_vNfU += _fPnA(_vKxS)
}
}
_vMgJ += String.fromCharCode(Number(_vNfU));
if (_vMgJ.indexOf(_vTcN) == -1) {
document.write('You got Post Feed widget for <em>' + _vMgJ + '</em> but you are using it for <em>' + window.location.hostname + '</em>. PLEASE REMOVE IT AND THEN <strong><a href="http://bloggercando.blogspot.com/2014/05/all-in-one-post-feed-widget-for-blogger.html" target="_blank">GET IT AGAIN</a></strong>');
return false
}
return true
}
function _fNuC(_vMgJ) {
document.write('<script type="text/javascript" src="' + _vMgJ + '"></script>')
}
function _fLiX(pub_date, format) {
pub_date = pub_date.split('-');
date = new Date(pub_date[0], pub_date[1] - 1, pub_date[2].substring(0, 2));
dd = date.getDate();
mm = date.getMonth() + 1;
yyyy = date.getFullYear();
format = format.replace('dd', dd);
format = format.replace('mm', mm);
format = format.replace('yyyy', yyyy);
return format
}
function _fJmO(content) {
var _vUcB = '';
var _vSiC = '<img ';
var _vOaY = 'src="';
var _vQlK = '"';
index0 = content.indexOf(_vSiC);
if (index0 != -1) {
index1 = content.indexOf(_vOaY, index0);
if (index0 != -1) {
index2 = content.indexOf(_vQlK, index1 + _vOaY.length);
if (index0 != -1) {
_vUcB = content.substring(index1 + _vOaY.length, index2)
}
}
}
if (_vUcB == '') {
_vSiC = 'data-thumbnail-src="';
_vOaY = '"';
index0 = content.indexOf(_vSiC);
if (index0 != -1) {
index1 = content.indexOf(_vOaY, index0 + _vSiC.length);
if (index0 != -1) {
_vUcB = content.substring(index0 + _vSiC.length, index1)
}
}
}
if (_vUcB == '') {
_vSiC = '<iframe ';
_vOaY = 'src="';
_vQlK = '"';
index0 = content.indexOf(_vSiC);
if (index0 != -1) {
index1 = content.indexOf(_vOaY, index0);
if (index0 != -1) {
index2 = content.indexOf(_vQlK, index1 + _vOaY.length);
if (index0 != -1) {
_vUcB = content.substring(index1 + _vOaY.length, index2);
_vUcB = _vUcB.replace('http://www.youtube.com/watch?v=', '');
_vUcB = _vUcB.replace('http://www.youtube.com/embed/', '');
_vUcB = _vUcB.replace('?rel=0', '');
_vUcB = 'http://img.youtube.com/vi/' + _vUcB + '/mqdefault.jpg'
}
}
}
}
return _vUcB
}
function _fIyU(json) {
var _vJdM = new Object();
var _vHbI = /<'S[^>]*>/g;
_vJdM.id = json.feed.id.$t;
key = 'blog-';
index = _vJdM.id.indexOf(key);
_vJdM.id = _vJdM.id.substring(index + key.length);
_vJdM.id = _vJdM.id.replace('.comments', '');
_vJdM.cate = new Array();
if ('category' in json.feed) {
for (_vXnG = 0; _vXnG < json.feed.category.length; _vXnG++) {
_vJdM.cate[_vXnG] = json.feed.category[_vXnG].term
}
}
_vJdM.title = '';
if ('title' in json.feed) {
_vJdM.title = json.feed.title.$t
}
_vJdM.subtitle = '';
if ('subtitle' in json.feed) {
_vJdM.subtitle = json.feed.subtitle.$t
}
_vJdM.admin = new Object();
_vJdM.admin.name = 'Anonymous';
_vJdM.admin.uri = '';
_vJdM.admin.avatar = 'http://img1.blogblog.com/img/anon36.png';
if ('name' in json.feed.author[0]) {
_vJdM.admin.name = json.feed.author[0].name.$t
}
if ('uri' in json.feed.author[0]) {
_vJdM.admin.uri = json.feed.author[0].uri.$t
}
if ('gd$image' in json.feed.author[0]) {
if (json.feed.author[0].gd$image.src != 'http://img1.blogblog.com/img/blank.gif') {
_vJdM.admin.avatar = json.feed.author[0].gd$image.src
}
}
_vJdM.total_entry = Number(json.feed.openSearch$totalResults.$t);
_vJdM.start_index = Number(json.feed.openSearch$startIndex.$t);
_vJdM.item_per_page = Number(json.feed.openSearch$itemsPerPage.$t);
_vJdM.entry_number = 0;
if ('entry' in json.feed) {
_vJdM.entry_number = json.feed.entry.length
}
_vJdM.entry = new Array();
for (_vXnG = 0; _vXnG < _vJdM.entry_number; _vXnG++) {
_vJdM.entry[_vXnG] = new Object();
temp = new Object();
entry = json.feed.entry[_vXnG];
temp.id = entry.id.$t;
key = 'post-';
index = temp.id.indexOf(key);
temp.id = temp.id.substring(index + key.length);
temp.published = '';
if ('published' in entry) {
temp.published = entry.published.$t
}
temp.cate = new Array();
if ('category' in entry) {
for (j = 0; j < entry.category.length; j++) {
temp.cate[j] = entry.category[j].term
}
}
temp.title = '';
if ('title' in entry) {
temp.title = entry.title.$t
}
temp.content = '';
if ('content' in entry) {
temp.content = entry.content.$t
}
temp.summary = '';
if ('summary' in entry) {
temp.summary = entry.summary.$t
}
if (temp.summary == '') {
temp.summary = temp.content.replace(_vHbI, '')
}
if (temp.content == '') {
temp.content = temp.summary
}
temp.link = '';
temp.reply_label = 'comments';
if ('link' in entry) {
for (j = 0; j < entry.link.length; j++) {
if (entry.link[j].rel == 'alternate') {
temp.link = entry.link[j].href
}
if (entry.link[j].rel == 'replies') {
temp.reply_label = entry.link[j].title
}
}
}
temp.author = new Object();
temp.author.name = 'Anonymous';
temp.author.uri = '';
temp.author.avatar = 'http://img1.blogblog.com/img/anon36.png';
a0 = entry.author[0];
if ('name' in a0) {
temp.author.name = a0.name.$t
}
if ('uri' in a0) {
temp.author.uri = a0.uri.$t
}
if ('gd$image' in a0) {
if (a0.gd$image.src != 'http://img1.blogblog.com/img/blank.gif') {
temp.author.avatar = a0.gd$image.src
}
}
temp.thumbnail = '';
if ('media$thumbnail' in entry) {
temp.thumbnail = entry.media$thumbnail.url
}
temp.reply_number = 0;
if ('thr$total' in entry) {
temp.reply_number = Number(entry.thr$total.$t)
}
temp.reply_label = temp.reply_label.replace(temp.reply_number + ' ', '');
temp.reply_to = '';
temp.reply_json = '';
temp.reply_title = '';
if ('thr$in-reply-to' in entry) {
temp.reply_to = entry['thr$in-reply-to'].href;
temp.reply_json = entry['thr$in-reply-to'].source;
temp.reply_json = temp.reply_json.replace('/default/', '/summary/');
temp.reply_json = temp.reply_json + '?alt=json-in-script'
}
temp.pid = '';
if ('gd$extendedProperty' in entry) {
for (j = 0; j < entry.gd$extendedProperty.length; j++) {
if (entry.gd$extendedProperty[j].name == 'blogger.itemClass') {
temp.pid = entry.gd$extendedProperty[j].value
}
}
}
temp.pid = temp.pid.replace('pid-', '');
_vJdM.entry[_vXnG] = temp
}
return _vJdM
}
if (typeof(jquery_included) == 'undefined') {
jquery_included = false
}
function _fQdH() {
if (typeof(jQuery) == 'undefined') {
if (!jquery_included) {
jquery_included = true;
var _vZpT = document.createElement('script');
_vZpT.setAttribute('src', 'http://ajax.googleapis.com/ajax/libs/jquery/1.9.0/jquery.min.js');
_vZpT.setAttribute('type', 'text/javascript');
document.getElementsByTagName('head')[0].appendChild(_vZpT)
}
setTimeout(function() {
_fQdH()
}, 50)
} else {
if (!($('link[href*="font-awesome.css"]').length)) {
_vZpT = document.createElement('link');
_vZpT.setAttribute('href', 'http://netdna.bootstrapcdn.com/font-awesome/4.0.3/css/font-awesome.css');
_vZpT.setAttribute('rel', 'stylesheet');
document.getElementsByTagName('head')[0].appendChild(_vZpT)
}
}
}
_fQdH();
function _fIhA(str) {
document.write(str)
}
function _fRcS(str) {
if (typeof(console) != 'undefined') {
if ('log' in console) {}
}
}
function _fYtG(json) {
if (_fKhU(bcd140526_id) == false) return;
var _vAyB = '<div style="clear:both!important;float:none;!important;line-height:0!important"></div>';
var _vMuA = _fIyU(json);
var _vDyO = '';
if (_vMuA.total_entry) {
_vDyO += ('<div class="bcd140526_post_feed ' + bcd140526_design_style + ' ' + ((bcd140526_show_thumbnail) ? 'thumb' : 'no-thumb') + '"><ul>');
for (var _vXnG = 0; _vXnG < _vMuA.total_entry && _vXnG < bcd140526_post_count; _vXnG++) {
p = _vMuA.entry[_vXnG];
_vDyO += ('<li class="item item-' + _vXnG + '">');
_fRcS(p.thumbnail);
if (!p.thumbnail) {
p.thumbnail = _fJmO(p.content)
}
if (bcd140526_show_thumbnail && p.thumbnail) {
if (bcd140526_design_style === 'column') {
var _vUcB = p.thumbnail;
if (_vUcB.indexOf('/s72-c/') != -1) {
_vUcB = _vUcB.replace('/s72-c/', '/s1600/')
} else if (_vUcB.indexOf('youtube.com') != -1) {
if (_vUcB.indexOf('/default.') != -1) {
_vUcB = _vUcB.replace('/default.', '/mqdefault.')
}
}
p.thumbnail = _vUcB
} else {
var _vUcB = p.thumbnail;
if (_vUcB.indexOf('/s72-c/') != -1) {
_vUcB = _vUcB.replace('/s72-c/', '/s' + bcd140526_thumbnail_size + '-c/')
} else if (_vUcB.indexOf('youtube.com') != -1) {
if (_vUcB.indexOf('/default.') != -1) {
_vUcB = _vUcB.replace('/default.', '/mqdefault.')
}
}
p.thumbnail = _vUcB
}
_vDyO += ('<a class="thumbnail" style="width:' + bcd140526_thumbnail_size + 'px;height:' + bcd140526_thumbnail_size + 'px;" href="' + p.link + '"><img src="' + p.thumbnail + '"/></a>')
}
_vDyO += ('<div class="item-body">');
if (bcd140526_show_label && (typeof(p.cate[0]) != 'undefined')) {
_vDyO += ('<a class="cate" href="' + HOST + '/search/label/' + p.cate[0] + '">' + p.cate[0] + '</a>')
}
_vDyO += ('<h3 class="title"><a href="' + p.link + '">' + p.title + '</a></h3>');
if (bcd140526_show_author_name || bcd140526_show_comment_numbers || bcd140526_show_date) {
_vDyO += ('<div class="meta">');
if (bcd140526_show_author_name) {
_vDyO += ('<span class="meta-item author-name"><i class="fa fa-user"></i> ' + p.author.name + '</span>')
}
if (bcd140526_show_comment_numbers) {
_vDyO += ('<span class="meta-item comment-number"><i class="fa fa-comment"></i> ' + p.reply_number + '</span>')
}
if (bcd140526_show_comment_numbers) {
_vDyO += ('<span class="meta-item date-time"><i class="fa fa-clock-o"></i> ' + _fLiX(p.published, bcd140526_date_format) + '</span>')
}
_vDyO += (_vAyB + '</div>' + _vAyB)
}
if (bcd140526_show_snippet) {
if (p.summary.length > bcd140526_snippet_length) {
p.summary = p.summary.substring(0, bcd140526_snippet_length) + '...'
}
if (bcd140526_show_readmore) {
p.summary += ' <a href="' + p.link + '#more">' + lang_readmore + '</a>'
}
_vDyO += ('<p class="snippet">' + p.summary + '</p>')
}
_vDyO += (_vAyB + '</div>' + _vAyB);
_vDyO += ('</li>')
}
_vDyO += ('</ul>');
if (!bcd140526_hide_copyright) {
_vDyO += (_vAyB);
_vDyO += ('<a target="_blank" class="copyright" href="http://bloggercando.blogspot.com/2014/05/all-in-one-post-feed-widget-for-blogger.html" style="font-size: 11px!important;text-align:right;visibility: visible;!important;text-indent:0!important;height:auto!important;width:100%!important;position:static!important;color:#999!important;display:block!important;opacity:1!important;">BloggerWidget</a>')
}
_vDyO += ('</div>' + _vAyB)
} else {
_vDyO += ('<p><em>Have no posts</em></p>')
}
_fIhA(_vDyO)
}
function _fXzN(json) {
if (bcd140526_sort_by == 'random') {
var _vOsU = _fIyU(json);
rand = Math.floor((Math.random() * _vOsU.total_entry) + 1);
if (rand + bcd140526_post_count > _vOsU.total_entry) {
rand = _vOsU.total_entry - bcd140526_post_count + 1
}
if (rand < 1) {
rand = 1
}
var _vXmZ = HOST + '/feeds/posts/default';
if (bcd140526_index_label) {
_vXmZ += '/-/' + encodeURIComponent(bcd140526_index_label)
}
_vXmZ += '?alt=json-in-script&max-result=' + bcd140526_post_count + '&start-index=' + rand + '&callback=_fYtG';
_fRcS(_vXmZ);
_fNuC(_vXmZ)
} else {
_fRcS('show');
if (_fKhU(bcd140526_id)) {
_fYtG(json)
}
}
}
var _vXmZ = HOST + '/feeds/posts/default';
if (bcd140526_index_label) {
_vXmZ += '/-/' + encodeURIComponent(bcd140526_index_label)
}
_vXmZ += '?alt=json-in-script';
if (bcd140526_sort_by == 'random') {
_vXmZ += '&max-results=0'
} else {
_vXmZ += '&max-results=' + bcd140526_post_count
}
_vXmZ += '&callback=_fXzN';
_fRcS(_vXmZ);
if (_fKhU(bcd140526_id)) {
_fNuC(_vXmZ)
}
在这一点上,了解代码是在哪个上下文中运行的以及它最初产生的内容将有助于逆向工程。在没有深入分析的情况下,您可以对代码进行第一次遍历,并尽可能解开变量名。
例如,我们可以将var _vTcN = window.location.hostname;
更改为var hostName = window.location.hostname;
,并在有意义的地方将_vTcN
重命名为hostName
。
经过几次之后,当您觉得代码更可读时,您可以找到执行入口点并从那里解决它。
相关文章:
- javascript中的模糊处理
- javascript去模糊处理-这段代码的作用
- 在调用窗口模糊(浏览器失去焦点)时避免元素模糊处理程序
- 轮换代码以进行模糊处理
- 如何在nodejs的浏览器中对http GET上的客户端js文件进行模糊处理
- 在输入框上进行模糊处理后,将不再看到keydown事件
- javascript双重模糊处理
- 是否可以在使用soma.js依赖项注入时进行模糊处理
- Javascript缩小和模糊处理更改了代码中的数字
- Javascript模糊处理程序,它重用变量名,使搜索和替换无效
- 客户端数据结构的JavaScript加密(或模糊处理)
- 是否可以对JavaScript进行去模糊处理
- VisualStudio javascript模糊处理程序窗口
- 对body元素及其内容进行模糊处理,然后在顶部显示未模糊的元素
- jQuery对相同名称的输入进行模糊处理,而不是单独的单选按钮
- 如何在angularjs代码中模糊URL,而不是使用base64编码和gullow模糊处理
- PHP获取字符串/电子邮件模糊处理的数字实体
- 什么是用来混淆这个Javascript的,或者我如何去模糊它
- 模糊元素及其父元素,在元素的模糊处理程序运行之前
- Jquery源模糊处理程序