Home > Web Front-end > JS Tutorial > Solving javascript to obfuscate encrypted collection_javascript skills

Solving javascript to obfuscate encrypted collection_javascript skills

WBOY
Release: 2016-05-16 18:56:32
Original
1080 people have browsed it

Decrypting it manually was much simpler than expected, and it took less than half an hour to do it.
The most critical part of JS deobfuscation:
l eval or document.write, VBS's EXECUTE, execScript and other functions that can run js
l unescape
There are generally several ways to obfuscate js :
1. Convert the code into hex form code through escape, which is incomprehensible
2. Perform simple reversible encryption on the code, and then provide a decryption function to decrypt the code and use Calls such as eval hand the code string to the js engine for execution.
3. Filter out comments and spaces in the code, modify the names of internal functions/internal variables in the js code, and change them to very difficult to understand numbers or easily confused strings, such as a string of mixed numbers 0 and letters O. Makes it difficult to identify.
A more advanced method is to combine the above methods.
Therefore, the way to restore it is
1. Use unescape to decode the visible %XX string
2. Find eval or similar interpretation function entry
3. Put the parameters passed into eval Find the strings
4. If these strings are also in hex form, use unescape to solve them
5. Loop through the process of 2-4 until all the codes are found
6. At this time it is very likely that It was found that there are still some variables used in the solved function, and these variables are some large strings. In this case, these strings should be the encrypted source code. Insert the code into the appropriate position at the end of the function that uses them, and display their decrypted string to get the source code.
The most important thing to note here is to clearly see the variable names. Many of the codes in the decryption part are formed by adding names such as 000O and 0O00. See clearly the real names of these variables.
Be careful to preserve the order of declaration and definition of functions and variables to avoid not being able to find functions or variables due to moving locations.
In addition, obfuscation tools will also add a lot of junk code to the code, which can be deleted.
If you have a stronger obfuscation tool, you can also insert some useful code into the generated garbage-like code to provide some variables for the garbled function that follows, such as the decrypted key, so you need to Be careful not to disrupt the order of the code. If you are not sure whether it is junk code, leave it first.
It seems that method 3 is the simplest and the most retarded, but in fact this method has the greatest impact on us. Trying to read code without comments, in a confusing format and with a bunch of identifiers with messy names is very difficult for any normal person. It's all a nightmare. However, it is probably because the "internal" standard is not easy to judge, and some obfuscation tools do not provide such a function.
Another: Decrypt the webpage
In the address bar or press Ctrl O, enter:

Copy the code The code is as follows:

javascript:s=document.documentElement.outerHTML;document.write('');document.body.innerText=s;

The source code is out. No matter how complicated the encryption is, it must eventually be restored to HTML code that the browser can parse, and documentElement.outerHTML is the final result.
Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template