源代碼:
// Paste your JavaScript code here
function hi() {
console.log("Hello World!");
var d = new Date();
var time = d.getHours();
if (time<10)
{
document.write("<b>早上好</b>");
}
else if (time>=10 && time<16)
{
document.write("<b>今天好</b>");
}
else
{
document.write("<b>晚上好!</b>");
}
}
hi();
1.使用選項[control Flow Flattening]
混淆後:
function hi() {
var _0x29d3c3 = {
'YWsuC': 'Hello\x20World!',
'uBqYv': function (_0x1916c0, _0x469971) {
return _0x1916c0 < _0x469971;
},
'OanhF': '<b>早上好</b>',
'OpZmd': function (_0xedcf58, _0xe936c5) {
return _0xedcf58 >= _0xe936c5;
},
'PqDrG': function (_0x4b2e1a, _0xa837d3) {
return _0x4b2e1a < _0xa837d3;
},
'mfcQa': '<b>今天好</b>',
'EMBnE': '<b>晚上好!</b>'
};
console['log'](_0x29d3c3['YWsuC']);
var _0x1027e6 = new Date();
var _0x4e412a = _0x1027e6['getHours']();
if (_0x29d3c3['uBqYv'](_0x4e412a, 0xa)) {
document['write'](_0x29d3c3['OanhF']);
} else if (_0x29d3c3['OpZmd'](_0x4e412a, 0xa) && _0x29d3c3['PqDrG'](_0x4e412a, 0x10)) {
document['write'](_0x29d3c3['mfcQa']);
} else {
document['write'](_0x29d3c3['EMBnE']);
}
}
hi();
多了幾個函數,估計是源代碼質量不太行,混淆後的質量也不太行。
2.使用選項[control Flow Flattening:1][Dead Code Injection:1]
混淆後:
var _0x36c9 = [
'plEdE',
'xbJjg',
'KKDGt',
'<b>晚上好!</b>',
'<b>早上好</b>',
'getHours',
'write',
'dkEbm',
'GqpFt',
'nLJzY',
'wnTqJ',
'Hello\x20World!',
'<b>今天好</b>',
'log'
];
(function (_0x3b7110, _0x36c98e) {
var _0x4fced0 = function (_0x188ed0) {
while (--_0x188ed0) {
_0x3b7110['push'](_0x3b7110['shift']());
}
};
_0x4fced0(++_0x36c98e);
}(_0x36c9, 0x15d));
var _0x4fce = function (_0x3b7110, _0x36c98e) {
_0x3b7110 = _0x3b7110 - 0x0;
var _0x4fced0 = _0x36c9[_0x3b7110];
return _0x4fced0;
};
function hi() {
var _0x121ab4 = {
'nLJzY': _0x4fce('0xc'),
'KKDGt': function (_0x4f90eb, _0x238b3c) {
return _0x4f90eb < _0x238b3c;
},
'wnTqJ': _0x4fce('0x5'),
'plEdE': function (_0x41ca2b, _0x98e8b) {
return _0x41ca2b >= _0x98e8b;
},
'xbJjg': function (_0x148291, _0x5250c7) {
return _0x148291 < _0x5250c7;
},
'GqpFt': _0x4fce('0xd'),
'dkEbm': _0x4fce('0x4')
};
console[_0x4fce('0x0')](_0x121ab4[_0x4fce('0xa')]);
var _0x1e0574 = new Date();
var _0x169185 = _0x1e0574[_0x4fce('0x6')]();
if (_0x121ab4[_0x4fce('0x3')](_0x169185, 0xa)) {
document[_0x4fce('0x7')](_0x121ab4[_0x4fce('0xb')]);
} else if (_0x121ab4[_0x4fce('0x1')](_0x169185, 0xa) && _0x121ab4[_0x4fce('0x2')](_0x169185, 0x10)) {
document[_0x4fce('0x7')](_0x121ab4[_0x4fce('0x9')]);
} else {
document[_0x4fce('0x7')](_0x121ab4[_0x4fce('0x8')]);
}
}
hi();
看起來變化不大,這個代碼調試者還原問題不大。
這兩個自動化還原有點難度,這裏就不演示了。
再看個火力全開的情況:
var _0x1d6f=['ZkxtZWY=','d3JpdGU=','PGI+5pep5LiK5aW9PC9iPg==','Z2V0SG91cnM=','SGVsbG8gV29ybGQh','Q3RWeEo=','PGI+5LuK5aSp5aW9PC9iPg==','bHpzT3E=','PGI+5pma5LiK5aW9ITwvYj4=','bG9n','WVJUdUc='];(function(_0x34ba7d,_0x1d6f33){var _0x3e8883=function(_0x1000c2){while(--_0x1000c2){_0x34ba7d['push'](_0x34ba7d['shift']());}};_0x3e8883(++_0x1d6f33);}(_0x1d6f,0x141));var _0x3e88=function(_0x34ba7d,_0x1d6f33){_0x34ba7d=_0x34ba7d-0x0;var _0x3e8883=_0x1d6f[_0x34ba7d];if(_0x3e88['nmlcyF']===undefined){(function(){var _0x2e2a91=function(){var _0x2c6dae;try{_0x2c6dae=Function('return\x20(function()\x20'+'{}.constructor(\x22return\x20this\x22)(\x20)'+');')();}catch(_0x5322a5){_0x2c6dae=window;}return _0x2c6dae;};var _0x4a00e3=_0x2e2a91();var _0xa5b33c='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';_0x4a00e3['atob']||(_0x4a00e3['atob']=function(_0x4d148a){var _0x5b42ac=String(_0x4d148a)['replace'](/=+$/,'');var _0x59e7b2='';for(var _0x35b841=0x0,_0x580b57,_0x5f0f5c,_0x312a82=0x0;_0x5f0f5c=_0x5b42ac['charAt'](_0x312a82++);~_0x5f0f5c&&(_0x580b57=_0x35b841%0x4?_0x580b57*0x40+_0x5f0f5c:_0x5f0f5c,_0x35b841++%0x4)?_0x59e7b2+=String['fromCharCode'](0xff&_0x580b57>>(-0x2*_0x35b841&0x6)):0x0){_0x5f0f5c=_0xa5b33c['indexOf'](_0x5f0f5c);}return _0x59e7b2;});}());_0x3e88['AJMSIE']=function(_0xd9ba3a){var _0x112be1=atob(_0xd9ba3a);var _0x339b58=[];for(var _0x24aa86=0x0,_0x56c09c=_0x112be1['length'];_0x24aa86<_0x56c09c;_0x24aa86++){_0x339b58+='%'+('00'+_0x112be1['charCodeAt'](_0x24aa86)['toString'](0x10))['slice'](-0x2);}return decodeURIComponent(_0x339b58);};_0x3e88['IlmgHX']={};_0x3e88['nmlcyF']=!![];}var _0x1000c2=_0x3e88['IlmgHX'][_0x34ba7d];if(_0x1000c2===undefined){_0x3e8883=_0x3e88['AJMSIE'](_0x3e8883);_0x3e88['IlmgHX'][_0x34ba7d]=_0x3e8883;}else{_0x3e8883=_0x1000c2;}return _0x3e8883;};function hi(){var _0x271920={'CtVxJ':_0x3e88('0x2'),'lzsOq':function(_0x3e2050,_0x14f63f){return _0x3e2050<_0x14f63f;},'zSIDm':_0x3e88('0x0'),'fLmef':function(_0xfec8a7,_0x37262e){return _0xfec8a7>=_0x37262e;},'BrAke':function(_0x2a4235,_0x17ba27){return _0x2a4235<_0x17ba27;},'YRTuG':_0x3e88('0x4')};console[_0x3e88('0x7')](_0x271920[_0x3e88('0x3')]);var _0x3ced62=new Date();var _0x1a616b=_0x3ced62[_0x3e88('0x1')]();if(_0x271920[_0x3e88('0x5')](_0x1a616b,0xa)){document['write'](_0x271920['zSIDm']);}else if(_0x271920[_0x3e88('0x9')](_0x1a616b,0xa)&&_0x271920['BrAke'](_0x1a616b,0x10)){document[_0x3e88('0xa')](_0x271920[_0x3e88('0x8')]);}else{document[_0x3e88('0xa')](_0x3e88('0x6'));}}hi();
美化之後:
'use strict';
/** @type {!Array} */
var _0x1d6f = ["ZkxtZWY=", "d3JpdGU=", "PGI+5pep5LiK5aW9PC9iPg==", "Z2V0SG91cnM=", "SGVsbG8gV29ybGQh", "Q3RWeEo=", "PGI+5LuK5aSp5aW9PC9iPg==", "bHpzT3E=", "PGI+5pma5LiK5aW9ITwvYj4=", "bG9n", "WVJUdUc="];
(function(data, i) {
/**
* @param {number} isLE
* @return {undefined}
*/
var write = function(isLE) {
for (; --isLE;) {
data["push"](data["shift"]());
}
};
write(++i);
})(_0x1d6f, 321);
/**
* @param {string} k
* @param {?} init_using_data
* @return {?}
*/
var _0x3e88 = function(k, init_using_data) {
/** @type {number} */
k = k - 0;
var text = _0x1d6f[k];
if (_0x3e88["nmlcyF"] === undefined) {
(function() {
/**
* @return {?}
*/
var unescape = function() {
var source;
try {
source = Function("return (function() " + '{}.constructor("return this")( )' + ");")();
} catch (_0x5322a5) {
/** @type {!Window} */
source = window;
}
return source;
};
var s_utf8 = unescape();
/** @type {string} */
var listeners = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
if (!s_utf8["atob"]) {
/**
* @param {?} i
* @return {?}
*/
s_utf8["atob"] = function(i) {
var str = String(i)["replace"](/=+$/, "");
/** @type {string} */
var pix_color = "";
/** @type {number} */
var bc = 0;
var bs;
var buffer;
/** @type {number} */
var Y = 0;
for (; buffer = str["charAt"](Y++); ~buffer && (bs = bc % 4 ? bs * 64 + buffer : buffer, bc++ % 4) ? pix_color = pix_color + String["fromCharCode"](255 & bs >> (-2 * bc & 6)) : 0) {
buffer = listeners["indexOf"](buffer);
}
return pix_color;
};
}
})();
/**
* @param {?} dataString
* @return {?}
*/
_0x3e88["AJMSIE"] = function(dataString) {
/** @type {string} */
var data = atob(dataString);
/** @type {!Array} */
var escapedString = [];
/** @type {number} */
var val = 0;
var key = data["length"];
for (; val < key; val++) {
escapedString = escapedString + ("%" + ("00" + data["charCodeAt"](val)["toString"](16))["slice"](-2));
}
return decodeURIComponent(escapedString);
};
_0x3e88["IlmgHX"] = {};
/** @type {boolean} */
_0x3e88["nmlcyF"] = !![];
}
var b = _0x3e88["IlmgHX"][k];
if (b === undefined) {
text = _0x3e88["AJMSIE"](text);
_0x3e88["IlmgHX"][k] = text;
} else {
text = b;
}
return text;
};
/**
* @return {undefined}
*/
function hi() {
var a = {
"CtVxJ" : _0x3e88("0x2"),
"lzsOq" : function(progressOld, progressNew) {
return progressOld < progressNew;
},
"zSIDm" : _0x3e88("0x0"),
"fLmef" : function(nTilesLoaded, nTilesToLoad) {
return nTilesLoaded >= nTilesToLoad;
},
"BrAke" : function(progressOld, progressNew) {
return progressOld < progressNew;
},
"YRTuG" : _0x3e88("0x4")
};
console[_0x3e88("0x7")](a[_0x3e88("0x3")]);
/** @type {!Date} */
var expected_date2 = new Date;
var event = expected_date2[_0x3e88("0x1")]();
if (a[_0x3e88("0x5")](event, 10)) {
document["write"](a["zSIDm"]);
} else {
if (a[_0x3e88("0x9")](event, 10) && a["BrAke"](event, 16)) {
document[_0x3e88("0xa")](a[_0x3e88("0x8")]);
} else {
document[_0x3e88("0xa")](_0x3e88("0x6"));
}
}
}
hi();
由於找的例子不太行。這兩種威力最大的混淆方法沒有展現出來。。。。。。。