sojson v5加密(JS 加密) 还原方法
开始加密:
(function(w, d) {
w.update = "2019年09月12日15:24:29更新";
d.info = "这个是一个本站对JavaScript 脚本的一个最牛加密,兼容性适中,解密难度极大";
d.feedback = "有问题请联系QQ xxxx";
})(window, document);
加密后代码:
/*
* 加密工具已经升级了一个版本,目前为 jsjiami.com.v6 ,更新了加密算法,缩减了体积;
* 另外 jsjiami.com.v6 已经强制加入校验,注释可以去掉,但是 jsjiami.com.v6 不能去掉,其他都没有任何绑定。
* 誓死不会加入任何后门,JsJiami.com 加密的使命就是为了保护你们的Javascript 。
*/
var a=['jsjiami.com.v6','ZjsgjilBUDamOPlriw.EVcomBp.lv6==','5p+76Zev6aOL6K2W6ICh57Czw59KXsO7woIUw6fCgMKLw5TCqg==','KFXCvcKCJFM=','IWQXKgw=','Gks8Kg==','w4h1w7oOag=='];(function(c,d,e){var f=function(g,h,i,j){h=h>>0x8;if(h<g){while(--g){j=c['shift']();if(h===g){h=j;i=c['shift']();}else if(i['replace'](/[ZglBUDOPlrwEVBpl=]/g,'')===h){c['push'](j);}}c['push'](c['shift']());}return 0x242ed;};return f(++d,e)>>d^e;}(a,0x1eb,0x1eb00));var b=function(c,d){c=~~'0x'['concat'](c);var e=a[c];if(b['gPvZlv']===undefined){(function(){var f=typeof window!=='undefined'?window:typeof process==='object'&&typeof require==='function'&&typeof global==='object'?global:this;var g='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';f['atob']||(f['atob']=function(h){var i=String(h)['replace'](/=+$/,'');for(var j=0x0,k,l,m=0x0,n='';l=i['charAt'](m++);~l&&(k=j%0x4?k*0x40+l:l,j++%0x4)?n+=String['fromCharCode'](0xff&k>>(-0x2*j&0x6)):0x0){l=g['indexOf'](l);}return n;});}());var o=function(p,d){var r=[],s=0x0,t,u='',v='';p=atob(p);for(var w=0x0,x=p['length'];w<x;w++){v+='%'+('00'+p['charCodeAt'](w)['toString'](0x10))['slice'](-0x2);}p=decodeURIComponent(v);for(var y=0x0;y<0x100;y++){r[y]=y;}for(y=0x0;y<0x100;y++){s=(s+r[y]+d['charCodeAt'](y%d['length']))%0x100;t=r[y];r[y]=r[s];r[s]=t;}y=0x0;s=0x0;for(var z=0x0;z<p['length'];z++){y=(y+0x1)%0x100;s=(s+r[y])%0x100;t=r[y];r[y]=r[s];r[s]=t;u+=String['fromCharCode'](p['charCodeAt'](z)^r[(r[y]+r[s])%0x100]);}return u;};b['fuFDUP']=o;b['uzmgkx']={};b['gPvZlv']=!![];}var A=b['uzmgkx'][c];if(A===undefined){if(b['GkZZBA']===undefined){b['GkZZBA']=!![];}e=b['fuFDUP'](e,d);b['uzmgkx'][c]=e;}else{e=A;}return e;};(function(c,d){var e={'RAMoq':'\x32\x30\x31\x39\u5e74\x30\x39\u6708\x31\x32\u65e5\x31\x35\x3a\x32\x34\x3a\x32\x39\u66f4\u65b0','EaZaN':'\u8fd9\u4e2a\u662f\u4e00\u4e2a\u672c\u7ad9\u5bf9\x4a\x61\x76\x61\x53\x63\x72\x69\x70\x74 \u811a\u672c\u7684\u4e00\u4e2a\u6700\u725b\u52a0\u5bc6\uff0c\u517c\u5bb9\u6027\u9002\u4e2d\uff0c\u89e3\u5bc6\u96be\u5ea6\u6781\u5927'};c[b('0','ZdTU')]=e[b('1','FnxY')];d[b('2','FnxY')]=e[b('3','jPNw')];d['feedback']=b('4','fS%!');}(window,document));
解密第一步, 先对代码简单梳理.
https://tool.lu/js 在这里选择解密,得到如下代码.
/*
* 加密工具已经升级了一个版本,目前为 jsjiami.com.v6 ,更新了加密算法,缩减了体积;
* 另外 jsjiami.com.v6 已经强制加入校验,注释可以去掉,但是 jsjiami.com.v6 不能去掉,其他都没有任何绑定。
* 誓死不会加入任何后门,JsJiami.com 加密的使命就是为了保护你们的Javascript 。
*/
/*1.基本数据开始*/
var a = ['jsjiami.com.v6', 'ZjsgjilBUDamOPlriw.EVcomBp.lv6==', '5p+76Zev6aOL6K2W6ICh57Czw59KXsO7woIUw6fCgMKLw5TCqg==', 'KFXCvcKCJFM=', 'IWQXKgw=', 'Gks8Kg==', 'w4h1w7oOag=='];
/*1.基本数据结束*/
/*2.解密基本数据的函数*/
(function(c, d, e) {
var f = function(g, h, i, j) {
h = h >> 0x8;
if (h < g) {
while (--g) {
j = c['shift']();
if (h === g) {
h = j;
i = c['shift']();
} else if (i['replace'](/[ZglBUDOPlrwEVBpl=]/g, '') === h) {
c['push'](j);
}
}
c['push'](c['shift']());
}
return 0x242ed;
};
return f(++d, e) >> d ^ e;
}(a, 0x1eb, 0x1eb00));
var b = function(c, d) {
c = ~~'0x' ['concat'](c);
var e = a[c];
if (b['gPvZlv'] === undefined) {
(function() {
var f = typeof window !== 'undefined' ? window : typeof process === 'object' && typeof require === 'function' && typeof global === 'object' ? global : this;
var g = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';
f['atob'] || (f['atob'] = function(h) {
var i = String(h)['replace'](/=+$/, '');
for (var j = 0x0, k, l, m = 0x0, n = ''; l = i['charAt'](m++);~l && (k = j % 0x4 ? k * 0x40 + l : l, j++ % 0x4) ? n += String['fromCharCode'](0xff & k >> (-0x2 * j & 0x6)) : 0x0) {
l = g['indexOf'](l);
}
return n;
});
}());
var o = function(p, d) {
var r = [],
s = 0x0,
t, u = '',
v = '';
p = atob(p);
for (var w = 0x0, x = p['length']; w < x; w++) {
v += '%' + ('00' + p['charCodeAt'](w)['toString'](0x10))['slice'](-0x2);
}
p = decodeURIComponent(v);
for (var y = 0x0; y < 0x100; y++) {
r[y] = y;
}
for (y = 0x0; y < 0x100; y++) {
s = (s + r[y] + d['charCodeAt'](y % d['length'])) % 0x100;
t = r[y];
r[y] = r[s];
r[s] = t;
}
y = 0x0;
s = 0x0;
for (var z = 0x0; z < p['length']; z++) {
y = (y + 0x1) % 0x100;
s = (s + r[y]) % 0x100;
t = r[y];
r[y] = r[s];
r[s] = t;
u += String['fromCharCode'](p['charCodeAt'](z) ^ r[(r[y] + r[s]) % 0x100]);
}
return u;
};
b['fuFDUP'] = o;
b['uzmgkx'] = {};
b['gPvZlv'] = !! [];
}
var A = b['uzmgkx'][c];
if (A === undefined) {
if (b['GkZZBA'] === undefined) {
b['GkZZBA'] = !! [];
}
e = b['fuFDUP'](e, d);
b['uzmgkx'][c] = e;
} else {
e = A;
}
return e;
};
/*2.解密基本数据的函数结束*/
/*3.加密的数据主体*/
(function(c, d) {
var e = {
'RAMoq': '2019年09月12日15:24:29更新',
'EaZaN': '这个是一个本站对JavaScript 脚本的一个最牛加密,兼容性适中,解密难度极大'
};
c[b('0', 'ZdTU')] = e[b('1', 'FnxY')];
d[b('2', 'FnxY')] = e[b('3', 'jPNw')];
d['feedback'] = b('4', 'fS%!');
}(window, document));
/*3.加密的数据主体结束*/
其中分为三部份
1\ 是基本数据(字符串加密)
2\解密函数
3\主体部份, 见上代码标注了.
通过观察3部份主体的数据
c[b(‘0’, ‘ZdTU’)] = e[b(‘1’, ‘FnxY’)];
d[b(‘2’, ‘FnxY’)] = e[b(‘3’, ‘jPNw’)];
d[‘feedback’] = b(‘4’, ‘fS%!’);
调用函数b完成解密以上数据, 还原过程是将b函数的数据还原即可.
解密思路过程
1\打开加密的JS文件主体部份.
2\正则提取出b函数的所有数据.
3\执行B函数数据,得到解密后数据
4\替换回加密文件 ,重输出JS文件.
验证方法,采用:php7+v8js (可以在PHP中执行JS 代码)
1\将1基本数据, 解密函数,保存到JS文件:decode.js文件
/*
* 加密工具已经升级了一个版本,目前为 jsjiami.com.v6 ,更新了加密算法,缩减了体积;
* 另外 jsjiami.com.v6 已经强制加入校验,注释可以去掉,但是 jsjiami.com.v6 不能去掉,其他都没有任何绑定。
* 誓死不会加入任何后门,JsJiami.com 加密的使命就是为了保护你们的Javascript 。
*/
var a = ['jsjiami.com.v6', 'ZjsgjilBUDamOPlriw.EVcomBp.lv6==', '5p+76Zev6aOL6K2W6ICh57Czw59KXsO7woIUw6fCgMKLw5TCqg==', 'KFXCvcKCJFM=', 'IWQXKgw=', 'Gks8Kg==', 'w4h1w7oOag=='];
(function(c, d, e) {
var f = function(g, h, i, j) {
h = h >> 0x8;
if (h < g) {
while (--g) {
j = c['shift']();
if (h === g) {
h = j;
i = c['shift']();
} else if (i['replace'](/[ZglBUDOPlrwEVBpl=]/g, '') === h) {
c['push'](j);
}
}
c['push'](c['shift']());
}
return 0x242ed;
};
return f(++d, e) >> d ^ e;
}(a, 0x1eb, 0x1eb00));
var b = function(c, d) {
c = ~~'0x' ['concat'](c);
var e = a[c];
if (b['gPvZlv'] === undefined) {
(function() {
var f = typeof window !== 'undefined' ? window : typeof process === 'object' && typeof require === 'function' && typeof global === 'object' ? global : this;
var g = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';
f['atob'] || (f['atob'] = function(h) {
var i = String(h)['replace'](/=+$/, '');
for (var j = 0x0, k, l, m = 0x0, n = ''; l = i['charAt'](m++);~l && (k = j % 0x4 ? k * 0x40 + l : l, j++ % 0x4) ? n += String['fromCharCode'](0xff & k >> (-0x2 * j & 0x6)) : 0x0) {
l = g['indexOf'](l);
}
return n;
});
}());
var o = function(p, d) {
var r = [],
s = 0x0,
t, u = '',
v = '';
p = atob(p);
for (var w = 0x0, x = p['length']; w < x; w++) {
v += '%' + ('00' + p['charCodeAt'](w)['toString'](0x10))['slice'](-0x2);
}
p = decodeURIComponent(v);
for (var y = 0x0; y < 0x100; y++) {
r[y] = y;
}
for (y = 0x0; y < 0x100; y++) {
s = (s + r[y] + d['charCodeAt'](y % d['length'])) % 0x100;
t = r[y];
r[y] = r[s];
r[s] = t;
}
y = 0x0;
s = 0x0;
for (var z = 0x0; z < p['length']; z++) {
y = (y + 0x1) % 0x100;
s = (s + r[y]) % 0x100;
t = r[y];
r[y] = r[s];
r[s] = t;
u += String['fromCharCode'](p['charCodeAt'](z) ^ r[(r[y] + r[s]) % 0x100]);
}
return u;
};
b['fuFDUP'] = o;
b['uzmgkx'] = {};
b['gPvZlv'] = !! [];
}
var A = b['uzmgkx'][c];
if (A === undefined) {
if (b['GkZZBA'] === undefined) {
b['GkZZBA'] = !! [];
}
e = b['fuFDUP'](e, d);
b['uzmgkx'][c] = e;
} else {
e = A;
}
return e;
};
2\将主体解密部份放到:en.js文件
(function(c, d) {
var e = {
'RAMoq': '2019年09月12日15:24:29更新',
'EaZaN': '这个是一个本站对JavaScript 脚本的一个最牛加密,兼容性适中,解密难度极大'
};
c[b('0', 'ZdTU')] = e[b('1', 'FnxY')];
d[b('2', 'FnxY')] = e[b('3', 'jPNw')];
d['feedback'] = b('4', 'fS%!');
}(window, document));
3\解密PHP代码如下:js.php
<?php
$jscode=file_get_contents("en.js");
preg_match_all("/b\('[^']*'[\s]*,[\s]*'[^']*'\)/i", $jscode, $res);
if(isset($res))
{
$res[0]=array_values(array_unique ($res[0]));
ksort($res[0]);
usort($res[0],function($a,$b){return strlen($b)-strlen($a);});
$JS =file_get_contents("decoded.js");
$v8 = new V8Js();
try
{
$v8->executeString($JS, 'basic.js');
} catch (V8JsException $e)
{
print_r($e);
die();
}
foreach( $res[0] as $k => $v){
preg_match_all("/'([^']*)'[\s]*,[\s]*'([^']*)'/i", $v, $res1);
$JS='b("'.$res1[1][0].'", "'. $res1[2][0] .'");';
$vv = $v8->executeString($JS, 'basic.js');
$jscode=str_ireplace(array('window['.$v.']',$v),array($vv,"'".$vv."'"),$jscode);
}
}
echo "ok!";
file_put_contents("src.js",$jscode);
die();
4\执行js.php 如下:
php.exe -c php.ini js.php
5\得到解密代码:
(function(c, d) { var e = { 'RAMoq': '2019年09月12日15:24:29更新', 'EaZaN': '这个是一个本站对JavaScript 脚本的一个最牛加密,兼容性适中,解密难度极大' }; c['update'] = e['RAMoq']; d['info'] = e['EaZaN']; d['feedback'] = '有问题请联系QQ xxxx'; }(window, document));
完成解密.
写在最后:
1\在加密后变量进行了替换混淆是不可还原 ,比如:var_pojie 这个变量被替换成:_0xdeffab 这个理论不可破解(除非知道算法或者服务器保留了备份)
2\今一天朋友跟我说在作者那边, 花钱解密了一个文件. 数据还原了, 联变量都还原了. 这让我大跌眼镜 ,我了个去. 您是算法还原的还是备份还原的? 左手加密, 右手解密. 您可真是一手好戏?
大佬可否帮解密下
代码发 505097558@qq.com
大佬有研究v6版本吗?
大同小异