(原创)解密JScript.Encode加密过的脚本

Public Class JSDecoder
    '=============JS脚本的解密类===========
    '说明: 此类用来解密JScript.Encode加密过的脚本代码!
    '作者: 哇哇鱼
    '版本: VB.NET版
    '日期: 2005年3月21日
 '注释: 此类是参考"李辉煌"的JavaScript(ASP)解密脚本代码而编写.
    '======================================
    Private Const STATE_COPY_INPUT = 100
    Private Const STATE_READLEN = 101
    Private Const STATE_DECODE = 102
    Private Const STATE_UNESCAPE = 103

    Private Pick_Encoding, rawData As Integer()
    Private Transformed(2, 287), Digits(122) As Integer

    Public Sub New()
        InitArrayData()
    End Sub

    Private Sub InitArrayData()
        Dim i, j As Integer
        Pick_Encoding = New Integer() { _
        1, 2, 0, 1, 2, 0, 2, 0, 0, 2, 0, 2, 1, 0, 2, 0, _
        1, 0, 2, 0, 1, 1, 2, 0, 0, 2, 1, 0, 2, 0, 0, 2, _
        1, 1, 0, 2, 0, 2, 0, 1, 0, 1, 1, 2, 0, 1, 0, 2, _
        1, 0, 2, 0, 1, 1, 2, 0, 0, 1, 1, 2, 0, 1, 0, 2 _
        }

        rawData = New Integer() { _
        &H64, &H37, &H69, &H50, &H7E, &H2C, &H22, &H5A, &H65, &H4A, &H45, &H72, _
        &H61, &H3A, &H5B, &H5E, &H79, &H66, &H5D, &H59, &H75, &H5B, &H27, &H4C, _
        &H42, &H76, &H45, &H60, &H63, &H76, &H23, &H62, &H2A, &H65, &H4D, &H43, _
        &H5F, &H51, &H33, &H7E, &H53, &H42, &H4F, &H52, &H20, &H52, &H20, &H63, _
        &H7A, &H26, &H4A, &H21, &H54, &H5A, &H46, &H71, &H38, &H20, &H2B, &H79, _
        &H26, &H66, &H32, &H63, &H2A, &H57, &H2A, &H58, &H6C, &H76, &H7F, &H2B, _
        &H47, &H7B, &H46, &H25, &H30, &H52, &H2C, &H31, &H4F, &H29, &H6C, &H3D, _
        &H69, &H49, &H70, &H3F, &H3F, &H3F, &H27, &H78, &H7B, &H3F, &H3F, &H3F, _
        &H67, &H5F, &H51, &H3F, &H3F, &H3F, &H62, &H29, &H7A, &H41, &H24, &H7E, _
        &H5A, &H2F, &H3B, &H66, &H39, &H47, &H32, &H33, &H41, &H73, &H6F, &H77, _
        &H4D, &H21, &H56, &H43, &H75, &H5F, &H71, &H28, &H26, &H39, &H42, &H78, _
        &H7C, &H46, &H6E, &H53, &H4A, &H64, &H48, &H5C, &H74, &H31, &H48, &H67, _
        &H72, &H36, &H7D, &H6E, &H4B, &H68, &H70, &H7D, &H35, &H49, &H5D, &H22, _
        &H3F, &H6A, &H55, &H4B, &H50, &H3A, &H6A, &H69, &H60, &H2E, &H23, &H6A, _
        &H7F, &H9, &H71, &H28, &H70, &H6F, &H35, &H65, &H49, &H7D, &H74, &H5C, _
        &H24, &H2C, &H5D, &H2D, &H77, &H27, &H54, &H44, &H59, &H37, &H3F, &H25, _
        &H7B, &H6D, &H7C, &H3D, &H7C, &H23, &H6C, &H43, &H6D, &H34, &H38, &H28, _
        &H6D, &H5E, &H31, &H4E, &H5B, &H39, &H2B, &H6E, &H7F, &H30, &H57, &H36, _
        &H6F, &H4C, &H54, &H74, &H34, &H34, &H6B, &H72, &H62, &H4C, &H25, &H4E, _
        &H33, &H56, &H30, &H56, &H73, &H5E, &H3A, &H68, &H73, &H78, &H55, &H9, _
        &H57, &H47, &H4B, &H77, &H32, &H61, &H3B, &H35, &H24, &H44, &H2E, &H4D, _
        &H2F, &H64, &H6B, &H59, &H4F, &H44, &H45, &H3B, &H21, &H5C, &H2D, &H37, _
        &H68, &H41, &H53, &H36, &H61, &H58, &H58, &H7A, &H48, &H79, &H22, &H2E, _
        &H9, &H60, &H50, &H75, &H6B, &H2D, &H38, &H4E, &H29, &H55, &H3D, &H3F _
        }

        For i = 31 To 126
            For j = 0 To 2
                Transformed(j, rawData((i - 31) * 3 + j)) = IIf(i = 31, 9, i)
            Next
        Next

        For i = 0 To 25
            Digits(65 + i) = i
            Digits(97 + i) = i + 26
        Next
        For i = 0 To 9
            Digits(48 + i) = i + 52
        Next
        Digits(43) = 62
        Digits(47) = 63
    End Sub

    Private Function UnEscape(ByVal strChar As String) As String
        Dim escapes As String
        Dim escaped As String
        Dim iIndex As Integer
        escapes = "#&!*$"
        escaped = Chr(13) & Chr(10) & "<>@"
        If AscW(strChar.Substring(0, 1)) > 126 Then Return strChar
        iIndex = escapes.IndexOf(strChar)
        If iIndex <> -1 Then Return escaped.Substring(iIndex, 1)
        Return "?"
    End Function

    Private Function DecodeBase64(ByVal strString As String) As Integer
        Dim iVal As Integer = 0
        iVal += (Digits(AscW(strString.Substring(0, 1))) << 2)
        iVal += (Digits(AscW(strString.Substring(1, 1))) >> 4)
        iVal += (Digits(AscW(strString.Substring(1, 1))) And &HF) << 12
        iVal += ((Digits(AscW(strString.Substring(2, 1))) >> 2) << 8)
        iVal += ((Digits(AscW(strString.Substring(2, 1))) And &H3) << 22)
        iVal += (Digits(AscW(strString.Substring(3, 1))) << 16)
        Return iVal
    End Function

    Public Function Decode(ByRef encodingString As String) As String
        Dim marker As String = "#@~^"
        Dim stringIndex As Integer = 0
        Dim scriptIndex As Integer = -1
        Dim unEncodingIndex As Integer = 0
        Dim strChar As String = ""
        Dim getCodeString As String = ""
        Dim unEncodinglength As Integer = 0

        Dim state As Integer = STATE_COPY_INPUT
        Dim unEncodingString As String = ""

        While state <> 0
            Select Case state
                Case STATE_COPY_INPUT
                    scriptIndex = encodingString.IndexOf(marker, stringIndex)
                    If scriptIndex <> -1 Then
                        unEncodingString &= Mid(encodingString, stringIndex + 1, scriptIndex - stringIndex)
                        scriptIndex += marker.Length
                        state = STATE_READLEN
                    Else
                        stringIndex = IIf(stringIndex = 0, 0, stringIndex)
                        unEncodingString &= Mid(encodingString, stringIndex + 1)
                        state = 0
                    End If
                Case STATE_READLEN
                    getCodeString = Mid(encodingString, scriptIndex + 1, 6)
                    unEncodinglength = DecodeBase64(getCodeString)
                    scriptIndex += 8
                    state = STATE_DECODE
                Case STATE_DECODE
                    If unEncodinglength = 0 Then
                        stringIndex = scriptIndex + "DQgAAA==^#~@".Length
                        unEncodingIndex = 0
                        state = STATE_COPY_INPUT
                    Else
                        strChar = Mid(encodingString, scriptIndex + 1, 1)
                        If strChar = "@" Then
                            state = STATE_UNESCAPE
                            unEncodingString &= UnEscape(Mid(encodingString, scriptIndex + 2, 1))
                            scriptIndex += 2
                            unEncodinglength -= 2
                            unEncodingIndex += 1
                            state = STATE_DECODE
                        Else
                            If AscW(strChar) < &HFF Then
                                unEncodingString &= Chr(Transformed(Pick_Encoding(unEncodingIndex Mod 64), AscW(strChar)))
                                unEncodingIndex += 1
                            Else
                                unEncodingString &= strChar
                            End If
                            scriptIndex += 1
                            unEncodinglength -= 1
                        End If
                    End If
                Case STATE_UNESCAPE
                    unEncodingString &= UnEscape(Mid(encodingString, ++scriptIndex, 1))
                    scriptIndex += 1
                    unEncodinglength -= 2
                    unEncodingIndex += 1
                    state = STATE_DECODE
            End Select
        End While
        Dim Pattern As String
        Pattern = "(JScript|VBscript).encode"
        unEncodingString = System.Text.RegularExpressions.Regex.Replace(unEncodingString, Pattern, "$1", System.Text.RegularExpressions.RegexOptions.IgnoreCase)
        Return unEncodingString
    End Function
End Class

阅读更多

JScript.Encode解密

07-21

#@~^XQAAAA== 8*XR*W~Ryvyq*l*SNKm;hxYcADbY+vE@!/1DbwOPsC o;lTn'x?^.bwY 3 mGN@*[@$=%\42bzbxqOJbicGqRGF+kBsAAA==^#~@W^!:xYchMrY`v-@!CP\d-@*'@!CAbf'@*w@!t+DlwPHCs+w'AUmKNn.'PZGUD+UY'x_K\d?_qn'@*'U-M-@!/1Dr2D-P^CxTElTnw'x?1DrwOwc2UmK[+'@*w:'@$-=w%(Lbz)z-x'''P-3-LwQH\]-L-=^'eI6^I'eF'=1'7'id-QaG-~ttV5'Q^3'@$-ZVsHV Iw?/hXSA:S'_'`,N-?H0h6w,b6'?Ox-@$wMl'@$'^wgj("4.a-E-'wB2-:2"0we\o7w/X4/bzb'x--?-[-=w@$-@!'&?;IkhPw@*q-%-Z-lw/6em4\DI-gw#\-Rw@$-Z-Jw%- (hI-B'U'R-B-Rn'7/iK-"^P-3h-EwR%0:'RVl6w -@$-CwO'UAwB-OKA`-vfks0rqq-]-Q'O'`-e-R-B-RwBhn'v6SfvAiw7G3q-7hKwEnwO'S-p-?Ot-O-w'hwaSw?-vhhh-B`- \3qhw~'OKA'UG'R-@$-ewwQK'Bhhw~wR'~eY'g6'Bw='O-Sw -=- wi-R'RMv- n'v-?-R-B.sV-7q1-3-BhAKh'U'Bw@$wZS-@$-CwB'UwR'~-Rw?KwBhw -=S-B5c'_'7h'~wO'Uwvh-BXwOt2FW9wBhhh-vnAa'BK- w~SnqOG-B^d^3eFqw]-QSHH-e'Q'R&'OwO'ewR'Uh'S- nh`wvfkV0rqw,'QwO'`-e-RwB-OwSSnwBXAG-g+D-Bh- w~Sn2XF6.q-d'R-B-O'=wO'US-7-Rwc-Q-%[-3-vKS-Uwvh-RjS\jZwJf'7|gx'v-EGwOh-vK'B-?wO'd- w 28Y'RA-`w 9wBAwO'~wRh-Bw=S6wBGw/6w]- -US-BwO'UVvSnwvhh-?wBX-O' U(0r'Ow~AwB-R-?2'dhe(-7Ah-vnSK'BaS-c-QX1'v-?-R-B-RK(hhwBh-BhAah'R'"hc9wE-=- w~'Ow=S- wRhhwU'vh-?DHS\-'h'M- -S- nwvh-B`wOt-_`HwBhh'UwBKT'"i:GV'dAw?-OwS'Ow~'R`-R'RS-@$'"'R-L-&F'RVCIh-@$we'B6'RwRS-i-R- w -@$-e[FGDCe'BnwR'~wO'SkVwiW'iV:-3A6'BBSs-Rs0:f(+r'OD'Rw@$'e'OwUwR'UA-BwO`-R\q2-7hDF6'R'UA'~'O-?-=1('Bw=9f9wE-a'Rn'O-BAK-EnS6wB9w Z\- K-E-=w -~A 0has'vb-vhhhh-?-EahGG/f'BKA'U-EK-'h6'vBhx-EqwBKA'~wO'S- 6wvGGZ9wEnAn'vh- 3'_fFxg%Vj-v6:-R2'O-BwO'U- w=h'd'OwR4*M.wQ'Rmy|w&'O-@$weN9fS]'7U'dKrc'O'M- -7-Enwv'U- w~'Oj'R\-'Z'RwBKw -Shhqs'O$w%-_wR~:+- js-MSw'O-?- w~SnwBXhw FVfSwU'BnSKV;'B'U[XwR~-&-LwB'UVwC-O2w -=- wB-R'US-d'OGZG-vn'OwSS-USVs'B-?+wz'_SAANw''Bjh0^h&-vK'O-=A'~wO`w H[R- 63'P'v-E-& 'Ow`9m-EwB:-OawR-?h'~wOKwEjwOths'Baw%-Pwv'Bq-LA'Bw%-C-B'BSB-E2wOa-Rw?h-BwOhhj'v9-%s'BwUwvhhw~'R-P-RK'Bnwv'UwzG9SIqDZ'RyI- - q3wO'awv&hn'vn'BnSaA-cl'zAnwv'UwO'S- 6AwB-OKA'Ut- w?-R'~S-~'O`wBG4T- \h0S-B'v-Eh9'vwO`hM-R-:wE-|- w~'OKwE-UAa'B9lq['OS&'Oq'O'Shh-vnSjwvG:M`93`2-/A2- -?-vnwvh-R-iwOth0wEnhKwEnAj'vG3S-#Fs'OA6'O.- DwR(-O'|h'~- w=- -Bha-v9yN0- Kh'Uwvhh-vwE-=-EKS-SK-/5xn-JwB1:0- 4wRa-O'=h'~- KwB'U'Ow~wRX-v-c.!'Bw|m-z5w 6A-Pw Io'B(-Oh- wUS-S- nAi'Bfy 3S&- wBb-EnwOwS'Ow~Sa-Efw '_f3wcjwBbw -SSn'Bn'O'7h'RwO'#wR'~- wU'O-?Awd'O'Rwz0Ah-vnSwU'Bwv'O-=A'~wO'=S35'Bhh-B- w~'Ow@$'"wv'@$-ewB'U- wS- -?s]-R(S-S- K-E-=w -dwRG-v1SK'BK'Bhh6S-cq-,hK-E-=w -~'R6S-~'RKh'U05wRwR1-?c^wR.5wv'=hFwJ-vpwwE-:Sk'BnS-?wBh-R-ih98Z-O7w7'_- nwO' 'O3-R3S-M- w='OwSSn-vKSjwBGA9-Q'Bhhn'B'=-E-vh'~wR'~- KK'_fn V- msXwO8Aa-Rn'v-?-RwB-OKwE-=hhwE6wEfM!h1l'&-3-R-Phwv'Br$A-Ch-JwQh' '"Akwv'UwBhA-B-Rwi-O9V'PwB'='OwB- -U'O'`- -=h'~wRhlN'~-En- wSh'U'Ow@$wZ'Ow@$'Z- -=w -UAwBsw_'RahK'Bhh-?-Ea- - h'#wR'U- w~S-~'Ri-Ef8-'-RwB-R-BAn'BwvSn-vKS-=3I9'Bw,:WVf.rSw=mV- pw~S4-Erhh-B'=wO'~'Oih\VZh^F''h'JwvX-BBAM-R-Cw -7'Bh-B'U'R-B-Rj'O\A90-EK- -~SKwB'B'Ow~Aw?-R-BG-/5F 9h\hW'OweSr'BKS-?-Bh- iht3 - \+V'[h'`- - 'R6%'O'e+-&+'Oa-ewBbhw='BnwR'~A6'vG-&yh'U- -BwO'~wOX-Rw?h-BwO'Uh0WwO'~'OwUAwB-R-@$w"S-@$we-BKAh-v-?w3-R&-En-En'R-B-R-ih9wE%hhwBhh-?wv6'Ot-?mwvh-R-BA-?-RwP-OwS'OwU'R'U[GfSIFWVt8rS\A9hfwLh-[wB&-BhAw~'O'~wOawEf8'R\s-Mw +-RaSDwOxwE4w n'On'B'=hh-v6'B9+'z-CA-B-O'=wO'~S-v-vKS-=-EKW r4 9-O-w%wO(wEkwEn'O-B- w~SnwBhhKwE6h' 4Z-O7+wzq- -v-vaSr0- weSN^AX-R('Ow~SK'BKSj'Bf'z'Mh'~wO'UwR'~h'`- -U'vK-EnS3^-v('Ow~'R-?-RwB-OiAt-R%'v'Uw -B-Oh-EihG-vy'B".'OpSf- q- wShh-EnAjwvG6UbFwO'UwR'~hwS'Oa-EK'BK'O'~-J%SK-EnAn'B;A'U-EK- -~9w~-En'Ow~Aw?-R- wO'~wR'U-Rw?N+- w?-R'~Sn-EESwU'BK- -=[q-O&wO'~h'SwO'U'Ba-v9'-hf'v-?-RwB-Ow=g3oh'='BK'O'~h'B'vn'Ow~S-=a'QtFwO'U- w=h'~'Ow@$wM'Ow@$'Mhh-vKS-U0-'O(h'S'Ow?- -~S-iwO'R- &wR'B-ehc'R- -HNw-E-:h(wEnwO'Shh-va'OHwR;fwBhwEnAh-]NX'O'=- -Shh-vwEh-?wBh-O'=i-/t'OwOwSS-S- wU'Bw@$'e-vw@$-M- wB-R'~SnI'O'=- -S- -=Ad-OhwB'U- wS-ev\KP-ZAk-vkSKh'Uwvhh6wv'Rw-'v'AX-e:Y'RS-19-~-E4wvbh-BwO'~- KwBX-E- -whGhK-EKh'U1wJ-[wv'UwO'S'OK'BXhn'BhwBhjw_z-RwEnhhwB'U- JwO'US-S-RK:lt-eP-ehGwEkhwS'Ow~'Rh-vX-E-R'-'v-|hwB'"h*'R-Ew=g30'Rwe'Ob-v-=Ah-vn'v6Sf+!0-Ow -`-Cw ww -?h-B- Kh`-vfS%wv`-BGA-i-Otww.'B'Bh]w%-QjK9YSqwvX-O\w -w-EwE-w'B'PNA-vwzGf.6dh-oS-UFd- -e'R(hb- nA-=wE6AftUfA- wi-OwS'OK-EKF-R'Oa-O'U'R-B-R-?hw7'Of'v1'O-BwRn'B'UA6wvG-v6S9'iw7sr3Fi'Ow~'R'UA'~K-_|nwzS-|FS-Mw -='vn'Bn'Rw~'O'dAfs'RwO'S- -=A'~5*w%hK-EK'OwBhX-O'~'R-B-R-?-R3'#-?t,yh-e/w[OsxYqDFw)-E-QKLN-7GlY:*qg-QvK*MSTjtX|hl-cV5AG)v_XwZR-_6^V7s-uqwO5hx-R2wRahK-EKh'UwvX-Ow q|9h'|FZ\'O'U-En'vn0-v-EAr(-O'@$-e5-v#A-,-%-Q6P6D-vk0wB5hwm'B-:wEnAnSw?-vXhG4'O7e%k-vI'zwIR35' - \D'vwU$-E-:-vwE-R-Ph-E49w/5-I9'dwO'=S-S'Oh4hb-EK- -Sh'UwR'd- \f 5-pw -i- -=-RwBhK-E6;SwwRhh-=wEnA6'v'RwE%S-~'O'S- nwBX-vwc-O'7- -R'Rwd'O'RA-@$we-Ry0w7G4Ae'B-@$wChK-Ea'B97-[cV5fz)--x-%-:w?-@$'@!-J/mMr2Y'@*'@!wzu3zfw@*'@!Afew@*-@!w&~r95'@*'@!wJC:HS'@*Eb4IcFAA==^#~@

没有更多推荐了,返回首页