实现目的:自执行实参替换形参
处理前:
(function(_0xb28de8) {
_0xb28de8.bbb = ccc;
}(window))
处理后:
(function() {
window.bbb = ccc;
}())
demo.js
function s() {
let arr = [1, 2, 3, 4, 5, 6, 7, 8];
return arr;
}
(function (_0xb28de8, _0xb28de9,_0xb28de10) {
if(!_0xb28de10)_0xb28de10=10;
function aa() {
return _0xb28de8()[_0xb28de9];
}
let kk=_0xb28de8().length;
console.log(aa(),kk,_0xb28de10);
})(s, 5);
dec_main.js
const fs = require("fs");
const parse = require("@babel/parser");
const traverse = require('@babel/traverse').default;
const t = require('@babel/types');
const generator = require('@babel/generator').default;
const jscode = fs.readFileSync(
'./demo.js', {
encoding: 'utf-8'
}
);
let ast = parse.parse(jscode);
function convParam(path) {
var node = path.node;
if (!t.isCallExpression(node.expression))
return;
if (node.expression.arguments == undefined || node.expression.callee.params == undefined || node.expression.arguments.length > node.expression.callee.params.length)
return;
var argumentList = node.expression.arguments;
var paramList = node.expression.callee.params;
for (var i = 0; i < argumentList.length; i++) {
var paramName = paramList[i].name;
let argumentName = generator(argumentList[i]).code
path.traverse({
Identifier: function (_path) {
if(_path.node.name.length!=paramName.length)return;
if (_path.node.name!==paramName)return;
_path.node.name=argumentName;
}
});
}
node.expression.arguments = [];
node.expression.callee.params = paramList.slice(argumentList.length,);
}
traverse(ast, {ExpressionStatement: convParam,});
let {code} = generator(ast,opts = {jsescOption:{"minimal":true}})
fs.writeFile('./demoNew.js', code, (err) => {
});
function s() {
let arr = [1, 2, 3, 4, 5, 6, 7, 8];
return arr;
}
(function (_0xb28de10) {
if (!_0xb28de10) _0xb28de10 = 10;
function aa() {
return s()[5];
}
let kk = s().length;
console.log(aa(), kk, _0xb28de10);
})();
优化及说明:
一、优化形参与实参的置空逻辑
原来:实参列表与形参列表均置空
现在:若实参数小于形参数,则实参数置空,形参保留多出的
二、实参替换形参逻辑修改
原来:只匹配满足条件的成员表达式,进行实参替换形参,存在死角
现在:标识符匹配,无死角实参替换形参
三、尽可能维护上下文,不修改执行逻辑依赖的变量,更安全
------------------------------------------------------------
特别说明及感谢:
此处核心源码来自于作者:丁仔
参考ob解混淆源码
https://github.com/DingZaiHub/ob-decrypt
----------------------------------------------------------