接上文记录一次js分析破解过程(jsjiami 批量解密的脚本制作思路 )
系统主要函数已经破解,有了一定可读性,但是还有一些 别扭的字符串,是什么呢?分析一下。
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 |
//加密字符串 var _0xodG='xxxpan.com', _0x550c=[_0xodG, '5Yap6ZST6aO46Z2U6YWw5pS56K2f6ZeC', 'w50UcMOQw5o=','w7XDi8Oiw4A=','w4/Dm8OIw7HClg==', 'wqjCrCnCjcOPNQ==','W8OTXMKbwrs=','wqbClHcnw70=','WsOyT8K6wpU=', 'BcK1w6tnwo/Ckg==','XsKswp/Di8K/','dAHDjsKTwoQ=','wod4QMK3wrw=', 'w7MLWS/Dhw==','fsO0QsKmwrs=','wqnCuhYASw==','Ai88w4I=','wo5LQ8KPTMKewpnCqsKm', 'wrzCkcO/c8Ocw6rCiA==','w5x5KB0=','wpRRQsKa','wqNfRsKSwocYwoNLSsOxwoQ=', 'w5N3JxAiw5zDp8Or','NsK7K8KTUMKb','OsKLOcO/Lj8qwp0=','wpTCoCbDihELwow7cw==', 'wpTCnVDDpsOrw5RuG0A=','ZcKWVTw=','w63DjMO0w44=','VHLDviUN', 'w5DChALDvsKtw4EpAgA=','6K+q5YqM55m/6ZCn5p+h56qq6LaM5ruJ', 'PxxxpVavOsrnuevOWgq.cXomL==']; //与cookie有关,用于粉条是,做了一些花代码用于反自动格式化,例如';\20'会不会给;家回车?代码里还用了正则表达式,看样子也是反格式化的! (function(_0x23e18f,_0x31f469,_0x2c2e27){ var _0x17dbc0=function(_0x331e14,_0x5518e9,_0x444dfa,_0x23a3ea,_0x326368){ _0x5518e9=_0x5518e9>>0x8,_0x326368='po',asdfds='shift',afew1='push'; if(_0x5518e9<_0x331e14){ while(--_0x331e14){ _0x23a3ea=_0x23e18f[asdfds](); if(_0x5518e9===_0x331e14){ _0x5518e9=_0x23a3ea; _0x444dfa=_0x23e18f[_0x326368+'p'](); }else if(_0x5518e9&&_0x444dfa.replace(/[PVvOsruevOWgqXL=]/g,'')===_0x5518e9){ _0x23e18f[afew1](_0x23a3ea); } }_0x23e18f[afew1](_0x23e18f[asdfds]()); } return 0x32d76; }; var _0x250c8c=function(){ var _0x5bcc0c={'data':{'key':'cookie','value':'timeout'}, 'setCookie':function(_0x15a544,_0x532664,_0x140855,_0x2e431c){ _0x2e431c=_0x2e431c||{}; var _0x5bc146=_0x532664+'='+_0x140855; var _0x5ad6bd=0x0; for(var _0x5ad6bd=0x0,_0x4e3d87=_0x15a544.length;_0x5ad6bd<_0x4e3d87;_0x5ad6bd++){ var _0x3a8b87=_0x15a544[_0x5ad6bd]; _0x5bc146+=';\x20'+_0x3a8b87; var _0x8e90dc=_0x15a544[_0x3a8b87]; _0x15a544.push(_0x8e90dc); _0x4e3d87=_0x15a544.length; if(_0x8e90dc!==!![]){ _0x5bc146+='='+_0x8e90dc; } }_0x2e431c.cookie=_0x5bc146; },'removeCookie':function(){return'dev';},'getCookie':function(_0x3af33c,_0x234b30){ _0x3af33c=_0x3af33c||function(_0x571a26){ return _0x571a26; }; var _0x3ed26f=_0x3af33c(new RegExp('(?:^|;\x20)'+ _0x234b30.replace(/([.$?*|{}()[]\/+^])/g,'$1')+'=([^;]*)')); var _0x650c02=function(_0x37d558,_0x1f96d2,_0x4fdceb){ _0x37d558(++_0x1f96d2,_0x4fdceb); }; _0x650c02(_0x17dbc0,_0x31f469,_0x2c2e27); return _0x3ed26f?decodeURIComponent(_0x3ed26f[0x1]):undefined; } }; var _0x991d49=function(){ var _0x3c21fb=new RegExp('\x5cw+\x20*\x5c(\x5c)\x20*{\x5cw+\x20*[\x27|\x22].+[\x27|\x22];?\x20*}'); return _0x3c21fb.test(_0x5bcc0c.removeCookie.toString()); }; _0x5bcc0c.updateCookie=_0x991d49; var _0x2cb897=''; var _0xa060fe=_0x5bcc0c.updateCookie(); if(!_0xa060fe){ _0x5bcc0c.setCookie(['*'],'counter',0x1); }else if(_0xa060fe){ _0x2cb897=_0x5bcc0c.getCookie(null,'counter'); }else{ _0x5bcc0c.removeCookie(); } }; _0x250c8c(); }(_0x550c,0xd1,0xd100)); //典型 RC4加密还原方法 var _0x56ae=function(_0xd47042,_0x63080){ _0xd47042=~~'0x'.concat(_0xd47042); var _0x5996ba=_0x550c[_0xd47042]; if(_0x56ae.ECexVT===undefined){ (function(){ var _0x12dc1f=typeof window!=='undefined'?window:typeof process==='object'&&typeof require==='function'&&typeof global==='object'?global:this; var _0x1eeaa4='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/='; _0x12dc1f.atob||(_0x12dc1f.atob=function(_0x290a53){ var _0x3e25f5=String(_0x290a53).replace(/=+$/,''); for(var _0x4b988b=0x0,_0x1ad26d,_0x379637,_0x498d41=0x0,_0x27b6c0='';_0x379637=_0x3e25f5.charAt(_0x498d41++);~_0x379637&&(_0x1ad26d=_0x4b988b%0x4?_0x1ad26d*0x40+_0x379637:_0x379637,_0x4b988b++%0x4)?_0x27b6c0+=String.fromCharCode(0xff&_0x1ad26d>>(-0x2*_0x4b988b&0x6)):0x0){ _0x379637=_0x1eeaa4.indexOf(_0x379637); } return _0x27b6c0; }); }()); var _0x1f8eb7=function(_0x4b8a01,_0x63080){ var _0x3071b5=[],_0x9c5f63=0x0,_0x78c351,_0x2acf7e='',_0x600b11=''; _0x4b8a01=atob(_0x4b8a01); for(var _0x39cfba=0x0,_0x40cd16=_0x4b8a01.length;_0x39cfba<_0x40cd16;_0x39cfba++){ _0x600b11+='%'+('00'+_0x4b8a01.charCodeAt(_0x39cfba).toString(0x10)).slice(-0x2); } _0x4b8a01=decodeURIComponent(_0x600b11); for(var _0x5e4d62=0x0;_0x5e4d62<0x100;_0x5e4d62++){ _0x3071b5[_0x5e4d62]=_0x5e4d62; } for(_0x5e4d62=0x0;_0x5e4d62<0x100;_0x5e4d62++){ _0x9c5f63=(_0x9c5f63+_0x3071b5[_0x5e4d62]+_0x63080.charCodeAt(_0x5e4d62%_0x63080.length))%0x100; _0x78c351=_0x3071b5[_0x5e4d62];_0x3071b5[_0x5e4d62]=_0x3071b5[_0x9c5f63];_0x3071b5[_0x9c5f63]=_0x78c351; } _0x5e4d62=0x0; _0x9c5f63=0x0; for(var _0x1a7c7e=0x0;_0x1a7c7e<_0x4b8a01.length;_0x1a7c7e++){ _0x5e4d62=(_0x5e4d62+0x1)%0x100; _0x9c5f63=(_0x9c5f63+_0x3071b5[_0x5e4d62])%0x100; _0x78c351=_0x3071b5[_0x5e4d62]; _0x3071b5[_0x5e4d62]=_0x3071b5[_0x9c5f63]; _0x3071b5[_0x9c5f63]=_0x78c351; _0x2acf7e+=String.fromCharCode(_0x4b8a01.charCodeAt(_0x1a7c7e)^_0x3071b5[(_0x3071b5[_0x5e4d62]+_0x3071b5[_0x9c5f63])%0x100]); } return _0x2acf7e; }; _0x56ae.xPLTue=_0x1f8eb7; _0x56ae.wJyKEr={}; _0x56ae.ECexVT=!![]; } var _0x362eaf=_0x56ae.wJyKEr[_0xd47042]; if(_0x362eaf===undefined){ if(_0x56ae.NbHMmN===undefined){ var _0x5cf2a5=function(_0x5a560e){ this.jAPecI=_0x5a560e; this.kOSOJn=[0x1,0x0,0x0]; this.tdEaoU=function(){return'newState';}; this.gkOxWc='\x5cw+\x20*\x5c(\x5c)\x20*{\x5cw+\x20*'; this.PzeyAT='[\x27|\x22].+[\x27|\x22];?\x20*}'; }; _0x5cf2a5.prototype.zEvXjH=function(){ var _0x43bec9=new RegExp(this.gkOxWc+this.PzeyAT); var _0x2750c5=_0x43bec9.test(this.tdEaoU.toString())?--this.kOSOJn[0x1]:--this.kOSOJn[0x0]; return this.bOwCAi(_0x2750c5); }; _0x5cf2a5.prototype.bOwCAi=function(_0x265212){ if(!Boolean(~_0x265212)){return _0x265212;} return this.hJHoCg(this.jAPecI); }; _0x5cf2a5.prototype.hJHoCg=function(_0x48db87){ for(var _0x5f20c3=0x0,_0x53546a=this.kOSOJn.length;_0x5f20c3<_0x53546a;_0x5f20c3++){ this.kOSOJn.push(Math.round(Math.random())); _0x53546a=this.kOSOJn.length; } return _0x48db87(this.kOSOJn[0x0]); }; new _0x5cf2a5(_0x56ae).zEvXjH(); _0x56ae.NbHMmN=!![]; } _0x5996ba=_0x56ae.xPLTue(_0x5996ba,_0x63080); _0x56ae.wJyKEr[_0xd47042]=_0x5996ba; }else{ _0x5996ba=_0x362eaf; } return _0x5996ba; }; //这里是真正的源码 var oooo=0xf23d4,ooe; if(oooo=oooo>>0xc^0xd5,ooe=window.location&&window.navigator.webdriver){ var i=0x9; for(oooo=oooo^i;i<oooo|0x9;i>0x0){ ooe.href=ooe.href+'?'+i; }; }; //反调试代码 (function(){ var _0x5be702=function(){ var _0x3fbf2c=!![]; return function(_0x5510b,_0x342b9d){ var _0x4f97f7=_0x3fbf2c?function(){ if(_0x342b9d){ var _0x3c1367=_0x342b9d.apply(_0x5510b,arguments); _0x342b9d=null; return _0x3c1367; } }:function(){}; _0x3fbf2c=![]; return _0x4f97f7; }; }(); var _0x20c668=_0x5be702(this,function(){ var _0x3dfc67=function(){return'\x64\x65\x76';},_0x5a434c=function(){return'\x77\x69\x6e\x64\x6f\x77';}; var _0x5c2c7d=function(){var _0x3a7bcc=new RegExp('\x5c\x77\x2b\x20\x2a\x5c\x28\x5c\x29\x20\x2a\x7b\x5c\x77\x2b\x20\x2a\x5b\x27\x7c\x22\x5d\x2e\x2b\x5b\x27\x7c\x22\x5d\x3b\x3f\x20\x2a\x7d');return!_0x3a7bcc['\x74\x65\x73\x74'](_0x3dfc67['\x74\x6f\x53\x74\x72\x69\x6e\x67']());}; var _0x1cf834=function(){var _0x18fc40=new RegExp('\x28\x5c\x5c\x5b\x78\x7c\x75\x5d\x28\x5c\x77\x29\x7b\x32\x2c\x34\x7d\x29\x2b');return _0x18fc40['\x74\x65\x73\x74'](_0x5a434c['\x74\x6f\x53\x74\x72\x69\x6e\x67']());}; var _0x3181f8=function(_0x4a3a1d){var _0x1296a8=~-0x1>>0x1+0xff%0x0;if(_0x4a3a1d['\x69\x6e\x64\x65\x78\x4f\x66']('\x69'===_0x1296a8)){_0x53db87(_0x4a3a1d);}}; var _0x53db87=function(_0x476ccd){var _0x100043=~-0x4>>0x1+0xff%0x0;if(_0x476ccd['\x69\x6e\x64\x65\x78\x4f\x66']((!![]+'')[0x3])!==_0x100043){_0x3181f8(_0x476ccd);}}; if(!_0x5c2c7d()){ if(!_0x1cf834()){ _0x3181f8('\x69\x6e\x64\u0435\x78\x4f\x66'); }else{ _0x3181f8('\x69\x6e\x64\x65\x78\x4f\x66'); } }else{ _0x3181f8('\x69\x6e\x64\u0435\x78\x4f\x66'); } }); _0x20c668(); var _0x13f44d={'HiZHE':'tRXOh','irfJI':function(_0x16f976,_0x409789){return _0x16f976!==_0x409789;},'JeYYT':function(_0x992c77,_0x6054ee){return _0x992c77!==_0x6054ee;},'ECbiR':'3|0|4|1|2','mNDuE':'请勿盗链本站资源','UXJxx':'关闭页面重新访问','ABXlH':function(_0x4ae14b,_0x5ddf84,_0x1adfee){return _0x4ae14b(_0x5ddf84,_0x1adfee);}}; var _0x4317e3=[],_0x37edaa=0x32,_0x11545a=![]; _0x13f44d.ABXlH(setInterval,_0x5ce9ac,0x1); return{'addListener':function(_0x2e5165){_0x4317e3.push(_0x2e5165);},'cancleListenr':function(_0x4b1b9f){ var _0x53975a={'IHIik':function(_0x39d77d,_0x204173){ return _0x13f44d.JeYYT(_0x39d77d,_0x204173);} }; _0x4317e3=_0x4317e3.filter(function(_0x53d113){ if(_0x13f44d.HiZHE!==_0x13f44d.HiZHE){ var _0x2e5e62={'hFlGu':function(_0x3c20b2,_0x439340){ return _0x53975a.IHIik(_0x3c20b2,_0x439340); }}; _0x4317e3=_0x4317e3.filter(function(_0x32719f){ return _0x2e5e62.hFlGu(_0x32719f,_0x4b1b9f); }); }else{ return _0x13f44d.irfJI(_0x53d113,_0x4b1b9f); } }); }}; function _0x5ce9ac(){ var _0x211ef9=new Date(); debugger; if(new Date()-_0x211ef9>_0x37edaa){ var _0x523cd2=_0x13f44d.ECbiR.split('|'),_0xe22ccc=0x0; while(!![]){ switch(_0x523cd2[_0xe22ccc++]){ case'0': _0x11545a=!![]; continue; case'1': while(!![]){ alert(_0x13f44d.mNDuE); alert(_0x13f44d.UXJxx); } continue; case'2': document.body.innerHTML=''; continue; case'3': if(!_0x11545a){ _0x4317e3.forEach(function(_0x1c693e){ _0x1c693e.call(null); }); } continue; case'4': window.stop(); continue; } break; } }else{ _0x11545a=![]; } } }().addListener(function(){ window.location.reload(); })); document.write("test! this run! this js is ok"); |
这是截图,
源代码只有几行,其他加密、反调代码没用,也不处理了
最后解密结果为:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
var oooo=0xf23d4,ooe; if(oooo=oooo>>0xc^0xd5,ooe=window.location&&window.navigator.webdriver){ var i=0x9; for(oooo=oooo^i;i<oooo|0x9;i>0x0){ ooe.href=ooe.href+'?'+i; }; }; //if(oooo=39,ooe 确定浏览器 准备跳转,基本就是个花指令,一般不会执行的?!。 //ie、火狐一般为false,chrome为undefined 都不能执行 //if里面内容是死循环?? //i=9,我怎么看 都像是 要执行N多次,跳转链接为 当前链接?9 //这是做什么?不是浏览器死循环么? //真没弄懂他的意思 |
这是破解源码:
decode-jsjiami-01
decode01.html为 破解脚本
001.js是手动格式化的代码
001-11.js 是加了简单注释的源码。
- 本文固定链接: http://www.three123.com/2021-04/s-crack-jsjiami-decode-2/
- 转载请注明: Carr 于 Carr的仓库 发表
