需要准备的东西:
1、原JS码
2、AST解混淆码
3、token(来源于JSON)
一、原JS码很好获取,每次页面刷新,混淆的代码都会变,这是正常,以下为部分代码
while (Qooo0) {
switch (Qooo0) {
case 110 + 14 - 55: {
function O0o00O(OQooQ) {
OQooQ = OQooQ[QQQQoo[227]](/\r\n/g, QQQQoo[1253]);
var O0oQQ = QQQQoo[333];
for (var Qooo0 = 0; oo0Ooo(Qooo0, OQooQ[QQQQoo[1283]]); Qooo0++) {
var QQQoo = OQooQ[QQQQoo[1555]](Qooo0);
if (oo0Ooo(QQQoo, 128)) {
O0oQQ += window[QQQQoo[1208]][QQQQoo[1500]](QQQoo);
} else if (OOo0oQ(QQQoo, 127) && oo0Ooo(QQQoo, 2048)) {
O0oQQ += window[QQQQoo[1208]][QQQQoo[1500]](o000O0(o00oOo(QQQoo, 6), 192)),
O0oQQ += window[QQQQoo[1208]][QQQQoo[1500]](o000O0(QoO0oO(QQQoo, 63), 128));
} else {
O0oQQ += window[QQQQoo[1208]][QQQQoo[1500]](o000O0(o00oOo(QQQoo, 12), 224)),
O0oQQ += window[QQQQoo[1208]][QQQQoo[1500]](o000O0(QoO0oO(o00oOo(QQQoo, 6), 63), 128)),
O0oQQ += window[QQQQoo[1208]][QQQQoo[1500]](o000O0(QoO0oO(QQQoo, 63), 128));
}
}
return O0oQQ;
}二、AST解混淆,从原代码中抠出还原函数
编写AST,生成混淆还原代码
// 3. 定义 AST 转换函数
const decodeOb = {
MemberExpression(path) {
node = path.node;
if (node.type === "MemberExpression" && node.object && node.object.name == 'QQQQoo') {
console.log(path.toString())
val = QQQQoo[node.property.value]
path.replaceWith(types.stringLiteral(val))
}
}
};还原后的代码
三 获取token,来源于json请求,每次请求都会变
https://fp.xxxdun.net/web3_8/profile.json?partner=tongdun&app_name=x_tongdun2_web&token_id=tongdun-1714874683694-ef1d0816878f8............._1714874684980_2969({
"code": "000",
"result": {
"tokenId": "0WPS1714874686ZQ4VisB07",
"xxid": "5qRJHQOJHPRmAkU8g+jCjtyDZS40YwiptTdsoY1Qsyic0g51ikOVw8ILu1uWcF4sc6FlRyff6WaR8hvd2x2zjQ==",
"xdid": "l0K6kEi+J5wxRC99GTN0HziEqsuQt8RXrljMAeqn9Eg=",
"bxid": "T9j2S2ENdX/TT8YOCMG+5qc1WVqrLa9Q6Be9sV+M6rAvMlxNZsixBuXvdFavlP7RdymHuwhRt6Y+XxNWskDHTQ==",
"c": {
"factor": 0,
"op": 0,
"cm": 0,
"vt": 1296000,
"pi": 795749755
}
},
"desc": ""
})数据准备完毕,开始blackbox逆向,一路跟进,抠出代码
window = globalThis;
var OQooQ = '0WPS1714874686ZQ4VisB07'
var OQQOoQ = []
function Oo0o00(OQooQ) {
var O0oQQ = 100;
while (O0oQQ) {
switch (O0oQQ) {
case 132 + 11 - 43: {
if (QO00o0(OQooQ["length"], 23)) {
return OQooQ;
}
var Qooo0 = "";
O0oQQ = 101;
break;
}
case 157 + 12 - 67: {
var QQQoo = [];
var O0oO0 = 0;
O0oQQ = 103;
break;
}
case 179 + 19 - 95: {
var QOo0O = 76;
while (QOo0O) {
switch (QOo0O) {
case 124 + 5 - 52: {
QQQoo = [oOOQ0[parseInt(o00oO0(window["Math"]["random"](), 62))], oOOQ0[parseInt(o00oO0(window["Math"]["random"](), 62))], oOOQ0[parseInt(o00oO0(window["Math"]["random"](), 62))]];
if (OOo0oQ(OQQOoQ["length"], 1000) || OQ0O00(OQQOoQ["indexOf"](Q0Q00o(Q0Q00o(Q0Q00o("", QQQoo[0]), QQQoo[1]), QQQoo[2])), -1)) {
O0oO0 = 1000, OQQOoQ["push"](Q0Q00o(Q0Q00o(Q0Q00o("", QQQoo[0]), QQQoo[1]), QQQoo[2])), Qooo0 = Q0Q00o(Q0Q00o(Q0Q00o(Q0Q00o(Q0Q00o(Q0Q00o(Q0Q00o(Q0Q00o("", o00OQ[0]), o00OQ[1]), QQQoo[0]), o00OQ[2]), QQQoo[1]), o00OQ[3]), QQQoo[2]), o00OQ[4]);
}
QOo0O = 78;
break;
}
case 114 + 9 - 45: {
O0oO0++;
QOo0O = 76;
break;
}
case 132 + 17 - 73: {
QOo0O = oo0Ooo(O0oO0, 1000) ? 77 : 0;
break;
}
}
}
if (QO00o0(Qooo0["length"], 26)) {
Qooo0 = Q0Q00o(Q0Q00o(Q0Q00o(Q0Q00o(Q0Q00o(Q0Q00o(Q0Q00o(Q0Q00o("", o00OQ[0]), o00OQ[1]), QQQoo[0]), o00OQ[2]), QQQoo[1]), o00OQ[3]), QQQoo[2]), o00OQ[4]);
}
return Qooo0;
}
case 150 + 5 - 54: {
var o00OQ = ["ghijklmnopqrstuv"["charAt"]("0123456789abcdef"["indexOf"](OQooQ["substring"](0, 1))), OQooQ["substring"](1, 4), OQooQ["substring"](4, 14), OQooQ["substring"](14, 22), OQooQ["substring"](22, 23)];
var oOOQ0 = ["A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z", "a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "0", "1", "2", "3", "4", "5", "6", "7", "8", "9"];
O0oQQ = 102;
break;
}
}
}
}
let blackbox = Oo0o00(OQooQ)
console.log(blackbox)输出blackbox:gWPSN1714874686HZQ4VisB047
