JS混淆详解

1. OB混淆（注意！V6类似于OB）

开头定义了一个大数组，然后对这个大数组里的内容进行位移，再定义一个解密函数。后面大部分的值都调用了这个解密函数，以达到混淆的效果。这种代码即为ob混淆，不仅变量名混淆了，运行逻辑等也高度混淆，难以理解。

例如：混淆前代码（如果没有特殊标记，都以此为混淆前代码）

1. var a = 1
2. var b = 2
3. var c = a + 3
4. console.log(c)

混淆后

var _0x447a7d = _0xe658

function _0xe658(_0x5cadee, _0x5801b1) { var _0x507c39 = _0x3dfa(); return _0xe658 = function(_0x2eec29, _0x4da818) { _0x2eec29 = _0x2eec29 - 0x142; var _0x2246a5 = _0x507c39[_0x2eec29]; return _0x2246a5; }, _0xe658(_0x5cadee, _0x5801b1); }(function(_0x401059, _0x420733) {

    var _0x35792c = _0xe658,

        _0x55538d = _0x401059();

    while (!![]) {

        try {

            var _0x3f8fdb = parseInt(_0x35792c(0x156)) / 0x1 * (-parseInt(_0x35792c(0x146)) / 0x2) + -parseInt(_0x35792c(0x15b)) / 0x3 + -parseInt(_0x35792c(0x14d)) / 0x4 + parseInt(_0x35792c(0x15c)) / 0x5 * (parseInt(_0x35792c(0x14e)) / 0x6) + parseInt(_0x35792c(0x148)) / 0x7 * (parseInt(_0x35792c(0x157)) / 0x8) + parseInt(_0x35792c(0x147)) / 0x9 + -parseInt(_0x35792c(0x14a)) / 0xa;

            if (_0x3f8fdb === _0x420733) break;

            else _0x55538d['push'](_0x55538d['shift']());

        } catch (_0x55dbb3) { _0x55538d['push'](_0x55538d['shift']()); }

    }

}(_0x3dfa, 0xa5d6a));

var _0x14281a = (function() { var _0x330afc = !![]; return function(_0x30ea9f, _0x3b3154) { var _0x26bfff = _0x330afc ? function() { if (_0x3b3154) { var _0x390801 = _0x3b3154['apply'](_0x30ea9f, arguments); return _0x3b3154 = null, _0x390801; } } : function() {}; return _0x330afc = ![], _0x26bfff; }; }()),

    _0x31a440 = _0x14281a(this, function() { var _0x171791 = _0xe658; return _0x31a440['toString']()[_0x171791(0x153)](_0x171791(0x149))[_0x171791(0x145)]()[_0x171791(0x144)](_0x31a440)['search'](_0x171791(0x149)); });

_0x31a440();

var _0x4da818 = (function() { var _0x31cd92 = !![]; return function(_0x2758b8, _0x469b43) { var _0x38d297 = _0x31cd92 ? function() { if (_0x469b43) { var _0x357a03 = _0x469b43['apply'](_0x2758b8, arguments); return _0x469b43 = null, _0x357a03; } } : function() {}; return _0x31cd92 = ![], _0x38d297; }; }()),

    _0x2eec29 = _0x4da818(this, function() {

        var _0x971fcb = _0xe658,

            _0x1f4534;

        try {

            var _0x24ddd1 = Function(_0x971fcb(0x14b) + _0x971fcb(0x155) + ');');

            _0x1f4534 = _0x24ddd1();

        } catch (_0x5d6e05) { _0x1f4534 = window; }

        var _0xcb5be2 = _0x1f4534[_0x971fcb(0x151)] = _0x1f4534[_0x971fcb(0x151)] || {},

            _0x28ac73 = [_0x971fcb(0x152), _0x971fcb(0x143), _0x971fcb(0x14c), _0x971fcb(0x142), _0x971fcb(0x15a), 'table', _0x971fcb(0x158)];

        for (var _0x41ecf2 = 0x0; _0x41ecf2 < _0x28ac73[_0x971fcb(0x14f)]; _0x41ecf2++) {

            var _0x2d4918 = _0x4da818[_0x971fcb(0x144)][_0x971fcb(0x159)]['bind'](_0x4da818),

                _0x4d1917 = _0x28ac73[_0x41ecf2],

                _0x34837e = _0xcb5be2[_0x4d1917] || _0x2d4918;

            _0x2d4918[_0x971fcb(0x150)] = _0x4da818[_0x971fcb(0x154)](_0x4da818), _0x2d4918[_0x971fcb(0x145)] = _0x34837e['toString']['bind'](_0x34837e), _0xcb5be2[_0x4d1917] = _0x2d4918;

        }

    });

function _0x3dfa() {

    var _0x173989 = ['search', 'bind', '{}.constructor(\x22return\x20this\x22)(\x20)', '674xctZhB', '10469656ZsKjXV', 'trace', 'prototype', 'exception', '945303QiUqAN', '310640lNznBh', 'error', 'warn', 'constructor', 'toString', '532sCVxfj', '10929969mHzZdp', '7uEUzYa', '(((.+)+)+)+$', '4934830lkVUfZ', 'return\x20(function()\x20', 'info', '3921048bsgHVW', '12KXrglR', 'length', '__proto__', 'console', 'log'];

    _0x3dfa = function() { return _0x173989; };

    return _0x3dfa();

}

_0x2eec29();

var a = 0x1,

    b = 0x2,

    c = a + 0x3;

console[_0x447a7d(0x152)](c)

2，AA加密:

又称为表情包加密

加密后：

ﾟωﾟﾉ= /｀ｍ´）ﾉ ~┻━┻   //*´∇｀sojson.com*/ ['_']; o=(ﾟｰﾟ)  =_=3; c=(ﾟΘﾟ) =(ﾟｰﾟ)-(ﾟｰﾟ); (ﾟДﾟ) =(ﾟΘﾟ)= (o^_^o)/ (o^_^o);(ﾟДﾟ)={ﾟΘﾟ: '_' ,ﾟωﾟﾉ : ((ﾟωﾟﾉ==3) +'_') [ﾟΘﾟ] ,ﾟｰﾟﾉ :(ﾟωﾟﾉ+ '_')[o^_^o -(ﾟΘﾟ)] ,ﾟДﾟﾉ:((ﾟｰﾟ==3) +'_')[ﾟｰﾟ] }; (ﾟДﾟ) [ﾟΘﾟ] =((ﾟωﾟﾉ==3) +'_') [c^_^o];(ﾟДﾟ) ['c'] = ((ﾟДﾟ)+'_') [ (ﾟｰﾟ)+(ﾟｰﾟ)-(ﾟΘﾟ) ];(ﾟДﾟ) ['o'] = ((ﾟДﾟ)+'_') [ﾟΘﾟ];(ﾟoﾟ)=(ﾟДﾟ) ['c']+(ﾟДﾟ) ['o']+(ﾟωﾟﾉ +'_')[ﾟΘﾟ]+ ((ﾟωﾟﾉ==3) +'_') [ﾟｰﾟ] + ((ﾟДﾟ) +'_') [(ﾟｰﾟ)+(ﾟｰﾟ)]+ ((ﾟｰﾟ==3) +'_') [ﾟΘﾟ]+((ﾟｰﾟ==3) +'_') [(ﾟｰﾟ) - (ﾟΘﾟ)]+(ﾟДﾟ) ['c']+((ﾟДﾟ)+'_') [(ﾟｰﾟ)+(ﾟｰﾟ)]+ (ﾟДﾟ) ['o']+((ﾟｰﾟ==3) +'_') [ﾟΘﾟ];(ﾟДﾟ) ['_'] =(o^_^o) [ﾟoﾟ] [ﾟoﾟ];(ﾟεﾟ)=((ﾟｰﾟ==3) +'_') [ﾟΘﾟ]+ (ﾟДﾟ) .ﾟДﾟﾉ+((ﾟДﾟ)+'_') [(ﾟｰﾟ) + (ﾟｰﾟ)]+((ﾟｰﾟ==3) +'_') [o^_^o -ﾟΘﾟ]+((ﾟｰﾟ==3) +'_') [ﾟΘﾟ]+ (ﾟωﾟﾉ +'_') [ﾟΘﾟ]; (ﾟｰﾟ)+=(ﾟΘﾟ); (ﾟДﾟ)[ﾟεﾟ]='\\'; (ﾟДﾟ).ﾟΘﾟﾉ=(ﾟДﾟ+ ﾟｰﾟ)[o^_^o -(ﾟΘﾟ)];(oﾟｰﾟo)=(ﾟωﾟﾉ +'_')[c^_^o];(ﾟДﾟ) [ﾟoﾟ]='\"';(ﾟДﾟ) ['_'] ( (ﾟДﾟ) ['_'] (ﾟεﾟ+(ﾟДﾟ)[ﾟoﾟ]+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ ((o^_^o) +(o^_^o))+ ((o^_^o) +(o^_^o))+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ (ﾟｰﾟ)+ (ﾟΘﾟ)+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ ((o^_^o) +(o^_^o))+ ((o^_^o) - (ﾟΘﾟ))+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟｰﾟ)+ (c^_^o)+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ (ﾟｰﾟ)+ (ﾟΘﾟ)+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟｰﾟ)+ (c^_^o)+ (ﾟДﾟ)[ﾟεﾟ]+((ﾟｰﾟ) + (o^_^o))+ ((ﾟｰﾟ) + (ﾟΘﾟ))+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟｰﾟ)+ (c^_^o)+ (ﾟДﾟ)[ﾟεﾟ]+((o^_^o) +(o^_^o))+ (ﾟΘﾟ)+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ ((o^_^o) - (ﾟΘﾟ))+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ ((o^_^o) +(o^_^o))+ ((o^_^o) +(o^_^o))+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ (ﾟｰﾟ)+ (ﾟΘﾟ)+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ ((o^_^o) +(o^_^o))+ ((o^_^o) - (ﾟΘﾟ))+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟｰﾟ)+ (c^_^o)+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ (ﾟｰﾟ)+ ((o^_^o) - (ﾟΘﾟ))+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟｰﾟ)+ (c^_^o)+ (ﾟДﾟ)[ﾟεﾟ]+((ﾟｰﾟ) + (o^_^o))+ ((ﾟｰﾟ) + (ﾟΘﾟ))+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟｰﾟ)+ (c^_^o)+ (ﾟДﾟ)[ﾟεﾟ]+((o^_^o) +(o^_^o))+ ((o^_^o) - (ﾟΘﾟ))+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ ((o^_^o) - (ﾟΘﾟ))+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ ((o^_^o) +(o^_^o))+ ((o^_^o) +(o^_^o))+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ (ﾟｰﾟ)+ (ﾟΘﾟ)+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ ((o^_^o) +(o^_^o))+ ((o^_^o) - (ﾟΘﾟ))+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟｰﾟ)+ (c^_^o)+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ (ﾟｰﾟ)+ (o^_^o)+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟｰﾟ)+ (c^_^o)+ (ﾟДﾟ)[ﾟεﾟ]+((ﾟｰﾟ) + (o^_^o))+ ((ﾟｰﾟ) + (ﾟΘﾟ))+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟｰﾟ)+ (c^_^o)+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ (ﾟｰﾟ)+ (ﾟΘﾟ)+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟｰﾟ)+ (c^_^o)+ (ﾟДﾟ)[ﾟεﾟ]+((ﾟｰﾟ) + (ﾟΘﾟ))+ (o^_^o)+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟｰﾟ)+ (c^_^o)+ (ﾟДﾟ)[ﾟεﾟ]+((o^_^o) +(o^_^o))+ (o^_^o)+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ ((o^_^o) - (ﾟΘﾟ))+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ (ﾟｰﾟ)+ (o^_^o)+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ ((ﾟｰﾟ) + (ﾟΘﾟ))+ ((ﾟｰﾟ) + (o^_^o))+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ ((ﾟｰﾟ) + (ﾟΘﾟ))+ ((o^_^o) +(o^_^o))+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ ((o^_^o) +(o^_^o))+ (o^_^o)+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ ((ﾟｰﾟ) + (ﾟΘﾟ))+ ((ﾟｰﾟ) + (o^_^o))+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ ((ﾟｰﾟ) + (ﾟΘﾟ))+ (ﾟｰﾟ)+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ (ﾟｰﾟ)+ ((ﾟｰﾟ) + (ﾟΘﾟ))+ (ﾟДﾟ)[ﾟεﾟ]+((ﾟｰﾟ) + (ﾟΘﾟ))+ ((o^_^o) +(o^_^o))+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ ((ﾟｰﾟ) + (ﾟΘﾟ))+ (ﾟｰﾟ)+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ ((ﾟｰﾟ) + (ﾟΘﾟ))+ ((ﾟｰﾟ) + (o^_^o))+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ (ﾟｰﾟ)+ ((ﾟｰﾟ) + (o^_^o))+ (ﾟДﾟ)[ﾟεﾟ]+((ﾟｰﾟ) + (ﾟΘﾟ))+ (c^_^o)+ (ﾟДﾟ)[ﾟεﾟ]+(ﾟΘﾟ)+ (ﾟｰﾟ)+ (o^_^o)+ (ﾟДﾟ)[ﾟεﾟ]+((ﾟｰﾟ) + (ﾟΘﾟ))+ (ﾟΘﾟ)+ (ﾟДﾟ)[ﾟoﾟ])(ﾟΘﾟ))((ﾟΘﾟ)+(ﾟДﾟ)[ﾟεﾟ]+((ﾟｰﾟ)+(ﾟΘﾟ))+(ﾟΘﾟ)+(ﾟДﾟ)[ﾟoﾟ]);

3，JJ加密

加密后

sojson=~[];/*sojson.com*/sojson={___:++sojson,/*sojson.com*/$$$$:(![]+"")[sojson],__$:++sojson,$_$_:(![]+"")[sojson],_$_:++sojson,$_$$:({}+"")[sojson],$$_$:(sojson[sojson]+"")[sojson],_$$:++sojson,$$$_:(!""+"")[sojson],$__:++sojson,$_$:++sojson,$$__:({}+"")[sojson],$$_:++sojson,$$$:++sojson,$___:++sojson,$__$:++sojson};sojson.$_=(sojson.$_=sojson+"")[sojson.$_$]+(sojson._$=sojson.$_[sojson.__$])+(sojson.$$/*sojson.com*/=(sojson.$+"")[sojson.__$])+((!sojson)+"")[sojson._$$]+(sojson.__=sojson.$_[sojson.$$_])+(sojson.$=(!""+"")[sojson.__$])+(sojson._=(!""+"")[sojson._$_])+sojson.$_[sojson.$_$]+sojson.__+sojson._$+sojson.$;/*sojson.com*/sojson.$$=sojson.$+(!""+"")[sojson._$$]+sojson.__+sojson._+sojson.$+sojson.$$/*sojson.com*/;sojson.$=(sojson.___)[sojson.$_][sojson.$_];sojson.$(sojson.$(sojson.$$+"\""+"\\"+sojson.__$+sojson.$$_+sojson.$$_+sojson.$_$_+"\\"+sojson.__$+sojson.$$_+sojson._$_+" "+sojson.$_$_+" \\"+sojson.$$$+sojson.$_$+" "+sojson.__$+"\\"+sojson.__$+sojson._$_+"\\"+sojson.__$+sojson.$$_+sojson.$$_+sojson.$_$_+"\\"+sojson.__$+sojson.$$_+sojson._$_+" "+sojson.$_$$+" \\"+sojson.$$$+sojson.$_$+" "+sojson._$_+"\\"+sojson.__$+sojson._$_+"\\"+sojson.__$+sojson.$$_+sojson.$$_+sojson.$_$_+"\\"+sojson.__$+sojson.$$_+sojson._$_+" "+sojson.$$__+" \\"+sojson.$$$+sojson.$_$+" "+sojson.$_$_+" + "+sojson._$$+"\\"+sojson.__$+sojson._$_+sojson.$$__+sojson._$+"\\"+sojson.__$+sojson.$_$+sojson.$$_+"\\"+sojson.__$+sojson.$$_+sojson._$$+sojson._$+(![]+"")[sojson._$_]+sojson.$$$_+"."+(![]+"")[sojson._$_]+sojson._$+"\\"+sojson.__$+sojson.$__+sojson.$$$+"("+sojson.$$__+")"+"\"")())(sojson={___:++sojson,$$$$:(![]+"")[sojson]});

4，jsfuck混淆

形似下图

1. DM5

理论上不可逆，

4C5D2F33A5F3ACF66CB89BC540DE8719

6，16进制加密

\x76\x61\x72\x20\x61\x20\x3d\x20\x31\xa\x76\x61\x72\x20\x62\x20\x3d\x20\x32\xa\x76\x61\x72\x20\x63\x20\x3d\x20\x61\x20\x2b\x20\x33\xa\x63\x6f\x6e\x73\x6f\x6c\x65\x2e\x6c\x6f\x67\x28\x63\x29

7，base64

dmFyIGEgPSAxCnZhciBiID0gMgp2YXIgYyA9IGEgKyAzCmNvbnNvbGUubG9nKGMp

8，eval

eval(function(p,a,c,k,e,r){e=String;if(!''.replace(/^/,String)){while(c--)r[c]=k[c]||c;k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('0 4=1 0 6=2 0 5=4+3 7.8(5)',9,9,'var||||a|c|b|console|log'.split('|'),0,{}))