介紹

在我們開始學習反混淆之前，我們首先要了解一下代碼混淆。如果不了解代碼是如何混淆的，我們可能無法成功對代碼進行反混淆，尤其是使用自定義混淆器對其進行混淆時。uJk28資訊網——每日最新資訊28at.com

什么是混淆

混淆是一種技術，用于使腳本更難以被人類閱讀，但從技術角度來看，它可以發揮相同的功能，盡管性能可能會較慢。這通常是通過使用混淆工具自動實現的，該工具將代碼作為輸入，并嘗試以更難以閱讀的方式重寫代碼，具體取決于其設計。uJk28資訊網——每日最新資訊28at.com

例如，代碼混淆器通常將代碼轉換成代碼中使用的所有單詞和符號的字典，然后在執行期間嘗試通過引用字典中的每個單詞和符號來重建原始代碼。以下是一個簡單的 JavaScript 代碼被混淆的示例：uJk28資訊網——每日最新資訊28at.com

1690198624_64be626039ffce836c934.png!smalluJk28資訊網——每日最新資訊28at.com

為什么用混淆？

開發人員考慮混淆代碼的原因有很多。一個常見的原因是隱藏原始代碼及其功能，以防止在未經開發人員許可的情況下重復使用或復制它，從而使對代碼的原始功能進行逆向工程變得更加困難。另一個原因是在處理身份驗證或加密時提供安全層，以防止對代碼中可能發現的漏洞進行攻擊。uJk28資訊網——每日最新資訊28at.com

必須注意的是，不建議在客戶端進行身份驗證或加密，因為這樣代碼更容易受到攻擊。uJk28資訊網——每日最新資訊28at.com

然而，混淆最常見的用途是用于惡意行為。攻擊者和惡意行為者通常會混淆其惡意腳本，以阻止入侵檢測和防御系統檢測其腳本。uJk28資訊網——每日最新資訊28at.com

基礎混淆

代碼混淆通常不是手動完成的，因為有許多針對各種語言的工具可以自動進行代碼混淆。盡管許多惡意行為者和專業開發人員開發了自己的混淆工具以使反混淆變得更加困難，但許多在線工具都可以這樣做。uJk28資訊網——每日最新資訊28at.com

明文示例uJk28資訊網——每日最新資訊28at.com

讓我們以下面這行代碼為例，嘗試對其進行混淆：uJk28資訊網——每日最新資訊28at.com

console.log('Hello JavaScript Deobfuscation');

明文運行打印出來是：uJk28資訊網——每日最新資訊28at.com

Hello JavaScript DeobfuscationuJk28資訊網——每日最新資訊28at.com

混淆示例uJk28資訊網——每日最新資訊28at.com

現在，讓我們混淆我們的代碼行，使其更加晦澀難懂。首先，我們將嘗試使用BeautifyTools來混淆我們的代碼：uJk28資訊網——每日最新資訊28at.com

console.log('Hello JavaScript Deobfuscation');

混淆輸出uJk28資訊網——每日最新資訊28at.com

eval(function(p,a,c,k,e,d){e=function(c){return c};if(!''.replace(/^/,String)){while(c--){d[c]=k[c]||c}k=[function(e){return d[e]}];e=function(){return'//w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('//b'+e(c)+'//b','g'),k[c])}}return p}('0.1(/'2 3 4/');',5,5,'console|log|Hello|JavaScript|Deobfuscation'.split('|'),0,{}))

我們發現我們的代碼變得更加混亂且難以閱讀。我們可以將此代碼復制到https://jsconsole.com，以驗證它仍然執行其主要功能：uJk28資訊網——每日最新資訊28at.com

1690199186_64be6492e6a86c606b98d.png!small?1690199187437uJk28資訊網——每日最新資訊28at.com

雖然加殼器在降低代碼的可讀性方面做得很好，但我們仍然可以看到它的主要字符串以明文形式編寫，這可能會揭示它的一些功能。這就是為什么我們可能想要尋找更好的方法來混淆我們的代碼。uJk28資訊網——每日最新資訊28at.com

高級混淆工具

到目前為止，我們已經能夠使我們的代碼變得模糊并且更難以閱讀。但是，該代碼仍然包含明文字符串，這可能會揭示其原始功能。我們將嘗試一些工具，它們應該完全混淆代碼并隱藏其原始功能的任何殘留。uJk28資訊網——每日最新資訊28at.com

#0x1 JavaScript Obfuscator Tool - JS混淆工具

有一個在線的混淆工具：JavaScript Obfuscator TooluJk28資訊網——每日最新資訊28at.com

一個免費且高效的 JavaScript 混淆器（包括對 ES2022 的支持）。使您的代碼更難復制，并防止人們竊取您的工作。這個工具是一個由Timofey Kachalov創建的優秀（和開源） javascript-obfuscator@4.0.0的Web UI。uJk28資訊網——每日最新資訊28at.com

讓我們訪問https://obfuscator.io。在單擊 之前obfuscate，我們將更改為:[Strings Transformations]->[String Array Encoding]->Base64如下所示：uJk28資訊網——每日最新資訊28at.com

1690199596_64be662c9cd2a25a95a3a.png!small?1690199597180uJk28資訊網——每日最新資訊28at.com

現在，我們可以粘貼代碼并單擊obfuscate：uJk28資訊網——每日最新資訊28at.com

var _0x1a54f6=_0x5936;function _0x5271(){var _0x3bb17a=['otKWodqYnNfIBgPSua','mtb0vNnJt3q','mtKZnfHYt3vnrW','otH1tMPpBNC','mtG2og9jufLKEa','mtaXyKvOD2TP','mJm1oty1ouzyCwLnzW','ntmYmtu5mLr0rKLYwq','Bg9N','mZe2mdC3m2jgvLjizW','ntG3oduWwwrzqwD4','mtaWBwvpzgjc'];_0x5271=function(){return _0x3bb17a;};return _0x5271();}function _0x5936(_0x25a7d9,_0x1f51f9){var _0x5271e3=_0x5271();return _0x5936=function(_0x593653,_0x103659){_0x593653=_0x593653-0x1e3;var _0x38866e=_0x5271e3[_0x593653];if(_0x5936['CXFyxS']===undefined){var _0x55d0c5=function(_0x417d06){var _0x32ee69='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=';var _0x49cddd='',_0x2f60dc='';for(var _0x22561b=0x0,_0x45c65d,_0x24071e,_0x4b6047=0x0;_0x24071e=_0x417d06['charAt'](_0x4b6047++);~_0x24071e&&(_0x45c65d=_0x22561b%0x4?_0x45c65d*0x40+_0x24071e:_0x24071e,_0x22561b++%0x4)?_0x49cddd+=String['fromCharCode'](0xff&_0x45c65d>>(-0x2*_0x22561b&0x6)):0x0){_0x24071e=_0x32ee69['indexOf'](_0x24071e);}for(var _0x450e46=0x0,_0x71cdac=_0x49cddd['length'];_0x450e46<_0x71cdac;_0x450e46++){_0x2f60dc+='%'+('00'+_0x49cddd['charCodeAt'](_0x450e46)['toString'](0x10))['slice'](-0x2);}return decodeURIComponent(_0x2f60dc);};_0x5936['trxXbR']=_0x55d0c5,_0x25a7d9=arguments,_0x5936['CXFyxS']=!![];}var _0xd2632a=_0x5271e3[0x0],_0x376564=_0x593653+_0xd2632a,_0x6361f9=_0x25a7d9[_0x376564];return!_0x6361f9?(_0x38866e=_0x5936['trxXbR'](_0x38866e),_0x25a7d9[_0x376564]=_0x38866e):_0x38866e=_0x6361f9,_0x38866e;},_0x5936(_0x25a7d9,_0x1f51f9);}(function(_0x4625fd,_0x16a961){var _0x1627a6=_0x5936,_0x5197f8=_0x4625fd();while(!![]){try{var _0x40e3f4=parseInt(_0x1627a6(0x1e7))/0x1*(parseInt(_0x1627a6(0x1e4))/0x2)+parseInt(_0x1627a6(0x1e8))/0x3+-parseInt(_0x1627a6(0x1e6))/0x4*(parseInt(_0x1627a6(0x1ed))/0x5)+-parseInt(_0x1627a6(0x1ec))/0x6*(parseInt(_0x1627a6(0x1e5))/0x7)+parseInt(_0x1627a6(0x1e9))/0x8+-parseInt(_0x1627a6(0x1eb))/0x9+parseInt(_0x1627a6(0x1e3))/0xa*(parseInt(_0x1627a6(0x1ee))/0xb);if(_0x40e3f4===_0x16a961)break;else _0x5197f8['push'](_0x5197f8['shift']());}catch(_0x5f50ba){_0x5197f8['push'](_0x5197f8['shift']());}}}(_0x5271,0xaf4ae),console[_0x1a54f6(0x1ea)]('Hello/x20JavaScript/x20Deobfuscation'));

這段代碼顯然更加混亂，我們看不到原始代碼的任何殘余。我們現在可以嘗試在https://jsconsole.com中運行它，以驗證它是否仍然執行其原始功能。嘗試使用https://obfuscator.io中的混淆設置來生成更多混淆代碼，然后嘗試在https://jsconsole.com中重新運行它以驗證它仍然執行其原始功能。uJk28資訊網——每日最新資訊28at.com

現在我們應該清楚地了解代碼混淆是如何工作的。代碼混淆工具仍然有很多變體，每種工具對代碼的混淆方式都不同。uJk28資訊網——每日最新資訊28at.com

#x02 JSFuck

我們可以嘗試在JSF中使用相同的工具來混淆代碼，然后重新運行它。我們會注意到，代碼可能需要一些時間才能運行，這表明代碼混淆如何影響性能，如前所述。uJk28資訊網——每日最新資訊28at.com

明文代碼：uJk28資訊網——每日最新資訊28at.com

console.log('Hello JavaScript Deobfuscation');

混淆代碼：uJk28資訊網——每日最新資訊28at.com

[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]][([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]((!![]+[])[+!+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+([][[]]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+!+[]]+(+[![]]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+!+[]]]+(!![]+[])[!+[]+!+[]+!+[]]+(+(!+[]+!+[]+!+[]+[+!+[]]))[(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+([]+[])[([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]][([][[]]+[])[+!+[]]+(![]+[])[+!+[]]+((+[])[([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]+[])[+!+[]+[+!+[]]]+(!![]+[])[!+[]+!+[]+!+[]]]](!+[]+!+[]+!+[]+[!+[]+!+[]])+(![]+[])[+!+[]]+(![]+[])[!+[]+!+[]])()([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]][([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]((!![]+[])[+!+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+([][[]]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+!+[]]+([]+[])[(![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(!![]+[])[+[]]+([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]()[+!+[]+[!+[]+!+[]]]+((!![]+[])[+[]]+[+!+[]]+[!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+[+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+[+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]+(![]+[])[!+[]+!+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(+(+!+[]+[+!+[]]+(!![]+[])[!+[]+!+[]+!+[]]+[!+[]+!+[]]+[+[]])+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+[+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]+(!![]+[])[+[]]+[+!+[]]+[!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]+(!![]+[])[+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]]+[+[]]+(!![]+[])[+[]]+[!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]+(!![]+[])[+[]]+[+!+[]]+[+!+[]]+[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+[+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]+(!![]+[])[+[]]+[!+[]+!+[]+!+[]+!+[]]+[+[]]+(!![]+[])[+[]]+[+!+[]]+[+!+[]]+[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]+[+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]+[+!+[]]+[!+[]+!+[]]+[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+[+!+[]]+[!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(!![]+[])[+[]]+[+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]+[+[]]+(!![]+[])[+[]]+[+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]+!+[]]+(!![]+[])[+[]]+[!+[]+!+[]+!+[]+!+[]]+[+[]]+(!![]+[])[+[]]+[+!+[]]+[+[]]+[!+[]+!+[]+!+[]+!+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+[+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]+(!![]+[])[+[]]+[+!+[]]+[!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]]+(![]+[])[+[]]+([][[]]+[])[+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+[+!+[]]+[!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]+[+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]+!+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(!![]+[])[+[]]+[+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]+([][[]]+[])[+!+[]]+(!![]+[])[+[]]+[!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]+(!![]+[])[+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]]+[+!+[]]+(!![]+[])[+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]])[(![]+[])[!+[]+!+[]+!+[]]+(+(!+[]+!+[]+[+!+[]]+[+!+[]]))[(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+([]+[])[([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]][([][[]]+[])[+!+[]]+(![]+[])[+!+[]]+((+[])[([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]+[])[+!+[]+[+!+[]]]+(!![]+[])[!+[]+!+[]+!+[]]]](!+[]+!+[]+!+[]+[+!+[]])[+!+[]]+(![]+[])[!+[]+!+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(!![]+[])[+[]]]((!![]+[])[+[]])[([][(!![]+[])[!+[]+!+[]+!+[]]+([][[]]+[])[+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(!![]+[])[!+[]+!+[]+!+[]]+(![]+[])[!+[]+!+[]+!+[]]]()+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+([![]]+[][[]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]](([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]][([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]((!![]+[])[+!+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+([][[]]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+!+[]]+(![]+[+[]])[([![]]+[][[]])[+!+[]+[+[]]]+(!![]+[])[+[]]+(![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+([![]]+[][[]])[+!+[]+[+[]]]+([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(![]+[])[!+[]+!+[]+!+[]]]()[+!+[]+[+[]]]+![]+(![]+[+[]])[([![]]+[][[]])[+!+[]+[+[]]]+(!![]+[])[+[]]+(![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+([![]]+[][[]])[+!+[]+[+[]]]+([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(![]+[])[!+[]+!+[]+!+[]]]()[+!+[]+[+[]]])()[([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]((![]+[+[]])[([![]]+[][[]])[+!+[]+[+[]]]+(!![]+[])[+[]]+(![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+([![]]+[][[]])[+!+[]+[+[]]]+([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(![]+[])[!+[]+!+[]+!+[]]]()[+!+[]+[+[]]])+[])[+!+[]])+([]+[])[(![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(!![]+[])[+[]]+([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]()[+!+[]+[!+[]+!+[]]])())

#x03 JJ Encode

使用 jjencode 進行實際攻擊并不是一個好主意。它輕松解碼。jjencode 不是功利性的混淆，只是一個編碼器。太有特色了。很容易被發現。取決于瀏覽器。該代碼無法在某些類型的瀏覽器上運行。uJk28資訊網——每日最新資訊28at.com

1690200089_64be6819f1a3f31f82ca4.png!small?1690200090611uJk28資訊網——每日最新資訊28at.com

#x04 AA Encode

aaencode - 將任何 JavaScript 程序編碼為日式表情符號 (^_^) 方式進行混淆，挺有意思的uJk28資訊網——每日最新資訊28at.com

明文代碼：uJk28資訊網——每日最新資訊28at.com

console.log('Hello JavaScript Deobfuscation');

混淆代碼：uJk28資訊網——每日最新資訊28at.com

?ω??= /｀ｍ´）? ~┻━┻   //*´∇｀*/ ['_']; o=(???)  =_=3; c=(?Θ?) =(???)-(???); (?Д?) =(?Θ?)= (o^_^o)/ (o^_^o);(?Д?)={?Θ?: '_' ,?ω?? : ((?ω??==3) +'_') [?Θ?] ,???? :(?ω??+ '_')[o^_^o -(?Θ?)] ,?Д??:((???==3) +'_')[???] }; (?Д?) [?Θ?] =((?ω??==3) +'_') [c^_^o];(?Д?) ['c'] = ((?Д?)+'_') [ (???)+(???)-(?Θ?) ];(?Д?) ['o'] = ((?Д?)+'_') [?Θ?];(?o?)=(?Д?) ['c']+(?Д?) ['o']+(?ω?? +'_')[?Θ?]+ ((?ω??==3) +'_') [???] + ((?Д?) +'_') [(???)+(???)]+ ((???==3) +'_') [?Θ?]+((???==3) +'_') [(???) - (?Θ?)]+(?Д?) ['c']+((?Д?)+'_') [(???)+(???)]+ (?Д?) ['o']+((???==3) +'_') [?Θ?];(?Д?) ['_'] =(o^_^o) [?o?] [?o?];(?ε?)=((???==3) +'_') [?Θ?]+ (?Д?) .?Д??+((?Д?)+'_') [(???) + (???)]+((???==3) +'_') [o^_^o -?Θ?]+((???==3) +'_') [?Θ?]+ (?ω?? +'_') [?Θ?]; (???)+=(?Θ?); (?Д?)[?ε?]='//'; (?Д?).?Θ??=(?Д?+ ???)[o^_^o -(?Θ?)];(o???o)=(?ω?? +'_')[c^_^o];(?Д?) [?o?]='/"';(?Д?) ['_'] ( (?Д?) ['_'] (?ε?+(?Д?)[?o?]+ (?Д?)[?ε?]+(?Θ?)+ (???)+ (o^_^o)+ (?Д?)[?ε?]+(?Θ?)+ ((???) + (?Θ?))+ ((???) + (o^_^o))+ (?Д?)[?ε?]+(?Θ?)+ ((???) + (?Θ?))+ ((o^_^o) +(o^_^o))+ (?Д?)[?ε?]+(?Θ?)+ ((o^_^o) +(o^_^o))+ (o^_^o)+ (?Д?)[?ε?]+(?Θ?)+ ((???) + (?Θ?))+ ((???) + (o^_^o))+ (?Д?)[?ε?]+(?Θ?)+ ((???) + (?Θ?))+ (???)+ (?Д?)[?ε?]+(?Θ?)+ (???)+ ((???) + (?Θ?))+ (?Д?)[?ε?]+((???) + (?Θ?))+ ((o^_^o) +(o^_^o))+ (?Д?)[?ε?]+(?Θ?)+ ((???) + (?Θ?))+ (???)+ (?Д?)[?ε?]+(?Θ?)+ ((???) + (?Θ?))+ ((???) + (o^_^o))+ (?Д?)[?ε?]+(?Θ?)+ (???)+ ((???) + (o^_^o))+ (?Д?)[?ε?]+((???) + (?Θ?))+ (c^_^o)+ (?Д?)[?ε?]+(???)+ ((???) + (o^_^o))+ (?Д?)[?ε?]+(?Θ?)+ (?Θ?)+ (c^_^o)+ (?Д?)[?ε?]+(?Θ?)+ (???)+ ((???) + (?Θ?))+ (?Д?)[?ε?]+(?Θ?)+ ((???) + (?Θ?))+ (???)+ (?Д?)[?ε?]+(?Θ?)+ ((???) + (?Θ?))+ (???)+ (?Д?)[?ε?]+(?Θ?)+ ((???) + (?Θ?))+ ((???) + (o^_^o))+ (?Д?)[?ε?]+(???)+ (c^_^o)+ (?Д?)[?ε?]+(?Θ?)+ (?Θ?)+ ((o^_^o) - (?Θ?))+ (?Д?)[?ε?]+(?Θ?)+ (???)+ (?Θ?)+ (?Д?)[?ε?]+(?Θ?)+ ((o^_^o) +(o^_^o))+ ((o^_^o) +(o^_^o))+ (?Д?)[?ε?]+(?Θ?)+ (???)+ (?Θ?)+ (?Д?)[?ε?]+(?Θ?)+ ((o^_^o) - (?Θ?))+ (o^_^o)+ (?Д?)[?ε?]+(?Θ?)+ (???)+ (o^_^o)+ (?Д?)[?ε?]+(?Θ?)+ ((o^_^o) +(o^_^o))+ ((o^_^o) - (?Θ?))+ (?Д?)[?ε?]+(?Θ?)+ ((???) + (?Θ?))+ (?Θ?)+ (?Д?)[?ε?]+(?Θ?)+ ((o^_^o) +(o^_^o))+ (c^_^o)+ (?Д?)[?ε?]+(?Θ?)+ ((o^_^o) +(o^_^o))+ (???)+ (?Д?)[?ε?]+(???)+ (c^_^o)+ (?Д?)[?ε?]+(?Θ?)+ (c^_^o)+ (???)+ (?Д?)[?ε?]+(?Θ?)+ (???)+ ((???) + (?Θ?))+ (?Д?)[?ε?]+(?Θ?)+ ((???) + (?Θ?))+ ((???) + (o^_^o))+ (?Д?)[?ε?]+(?Θ?)+ (???)+ ((o^_^o) - (?Θ?))+ (?Д?)[?ε?]+(?Θ?)+ (???)+ ((o^_^o) +(o^_^o))+ (?Д?)[?ε?]+(?Θ?)+ ((o^_^o) +(o^_^o))+ ((???) + (?Θ?))+ (?Д?)[?ε?]+(?Θ?)+ ((o^_^o) +(o^_^o))+ (o^_^o)+ (?Д?)[?ε?]+(?Θ?)+ (???)+ (o^_^o)+ (?Д?)[?ε?]+(?Θ?)+ (???)+ (?Θ?)+ (?Д?)[?ε?]+(?Θ?)+ ((o^_^o) +(o^_^o))+ (???)+ (?Д?)[?ε?]+(?Θ?)+ ((???) + (?Θ?))+ (?Θ?)+ (?Д?)[?ε?]+(?Θ?)+ ((???) + (?Θ?))+ ((???) + (o^_^o))+ (?Д?)[?ε?]+(?Θ?)+ ((???) + (?Θ?))+ ((o^_^o) +(o^_^o))+ (?Д?)[?ε?]+(???)+ ((???) + (o^_^o))+ (?Д?)[?ε?]+((???) + (?Θ?))+ (?Θ?)+ (?Д?)[?ε?]+((???) + (o^_^o))+ (o^_^o)+ (?Д?)[?o?]) (?Θ?)) ('_');

然而，此類混淆器通常會使代碼執行/編譯速度非常慢，因此不建議使用它，除非有明顯的原因，例如繞過網絡過濾器或限制。uJk28資訊網——每日最新資訊28at.com

反混淆工具

現在我們了解了代碼混淆的工作原理，讓我們開始學習反混淆。正如有自動混淆代碼的工具一樣，也有自動美化和反混淆代碼的工具。uJk28資訊網——每日最新資訊28at.com

#x01 JSNice

1690200533_64be69d5a8602b1847f67.png!small?1690200534421uJk28資訊網——每日最新資訊28at.com

我們可以找到許多優秀的在線工具來反混淆 JavaScript 代碼并將其轉換為我們可以理解的東西。JSNice是一個很好的工具。讓我們嘗試復制上面的混淆代碼并通過單擊Nicify JavaScript按鈕在 JSNice 中運行它。uJk28資訊網——每日最新資訊28at.com

示例uJk28資訊網——每日最新資訊28at.com

如之前代碼：uJk28資訊網——每日最新資訊28at.com

eval(function(p,a,c,k,e,d){e=function(c){return c};if(!''.replace(/^/,String)){while(c--){d[c]=k[c]||c}k=[function(e){return d[e]}];e=function(){return'//w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('//b'+e(c)+'//b','g'),k[c])}}return p}('0.1(/'2 3 4/');',5,5,'console|log|Hello|JavaScript|Deobfuscation'.split('|'),0,{}))

使用JSNice進行反混淆得到結果：uJk28資訊網——每日最新資訊28at.com

1690200718_64be6a8e096777e56e4ee.png!small?1690200718639uJk28資訊網——每日最新資訊28at.com

混淆注意事項

盡管到目前為止，這些工具在將代碼清理成我們可以理解的內容方面做得很好，但一旦代碼變得更加模糊和編碼，自動化工具清理它就會變得更加困難。如果使用自定義混淆工具對代碼進行混淆，則尤其如此。uJk28資訊網——每日最新資訊28at.com

我們需要手動對代碼進行逆向工程，以了解它是如何被混淆的以及它在這種情況下的功能。uJk28資訊網——每日最新資訊28at.com

本文作者：1cli， 轉載請注明來自FreeBuf.COMuJk28資訊網——每日最新資訊28at.com

本文鏈接：http://www.rrqrq.com/showinfo-26-55-0.htmlJavaScript 混淆及反混淆代碼工具

聲明：本網頁內容旨在傳播知識，若有侵權等問題請及時與本網聯系，我們將在第一時間刪除處理。郵件：2376512515@qq.com

上一篇： 返回列表

下一篇： Raft算法：保障分布式系統共識的穩健之道