Ast实战:反混淆解析经典ob混淆
一、混淆demo获取
ob混淆源码
来自猿人学14题
https://match.yuanrenxue.com/api/match/14/m
demo.js
//为便于阅读,仅进行格式化处理
var $_0x5b3f = ['\x77\x34\x6a\x43\x68\x38\x4f\x4d', '\x77\x36\x44\x44\x6a\x6c\x34\x3d', '\x77\x71\x2f\x43\x67\x73\x4f\x74', '\x77\x37\x37\x43\x69\x73\x4b\x4f', '\x77\x36\x35\x46\x50\x77\x3d\x3d', '\x77\x72\x72\x44\x6d\x63\x4f\x45', '\x77\x35\x46\x65\x48\x51\x3d\x3d', '\x54\x32\x48\x44\x71\x77\x3d\x3d', '\x59\x63\x4f\x75\x56\x51\x3d\x3d', '\x77\x36\x7a\x44\x6a\x42\x34\x3d', '\x4e\x63\x4b\x61\x77\x34\x34\x3d', '\x58\x55\x7a\x43\x6e\x77\x3d\x3d', '\x77\x71\x56\x7a\x54\x51\x3d\x3d', '\x58\x4d\x4b\x76\x77\x70\x4d\x3d', '\x52\x33\x54\x43\x6d\x77\x3d\x3d', '\x77\x36\x44\x43\x6e\x78\x59\x3d', '\x77\x71\x6f\x32\x51\x77\x3d\x3d', '\x4f\x73\x4f\x39\x77\x6f\x30\x3d', '\x4e\x38\x4f\x45\x46\x51\x3d\x3d', '\x77\x34\x5a\x47\x77\x34\x41\x3d', '\x42\x54\x50\x44\x6f\x51\x3d\x3d', '\x77\x35\x6e\x43\x6e\x4d\x4b\x30', '\x77\x70\x55\x6d\x77\x36\x6b\x3d', '\x41\x56\x74\x37', '\x48\x51\x6c\x42', '\x47\x6c\x33\x43\x76\x51\x3d\x3d', '\x77\x34\x48\x44\x67\x53\x67\x3d', '\x77\x36\x56\x6a\x56\x67\x3d\x3d', '\x47\x4d\x4f\x6a\x77\x37\x30\x3d', '\x77\x71\x6b\x4a\x65\x67\x3d\x3d', '\x77\x70\x67\x78\x77\x70\x38\x3d', '\x77\x71\x30\x33\x51\x77\x3d\x3d', '\x56\x47\x41\x48', '\x77\x35\x44\x44\x71\x6d\x34\x3d', '\x53\x73\x4b\x76\x77\x71\x55\x3d', '\x52\x69\x66\x44\x70\x77\x3d\x3d', '\x77\x71\x73\x2b\x77\x37\x55\x3d', '\x44\x67\x7a\x43\x6b\x51\x3d\x3d', '\x47\x6c\x72\x44\x68\x41\x3d\x3d', '\x4f\x77\x51\x52', '\x77\x70\x33\x44\x70\x58\x77\x3d', '\x77\x36\x58\x43\x76\x42\x4d\x3d', '\x77\x72\x62\x43\x70\x63\x4b\x46', '\x77\x35\x2f\x44\x75\x51\x6b\x3d', '\x77\x37\x51\x34\x55\x67\x3d\x3d', '\x77\x6f\x66\x43\x6a\x51\x67\x3d', '\x77\x72\x30\x6e\x55\x77\x3d\x3d', '\x44\x38\x4b\x59\x4a\x41\x3d\x3d', '\x4b\x42\x77\x32', '\x53\x73\x4b\x5a\x77\x71\x6f\x3d', '\x77\x37\x6a\x44\x6b\x6a\x34\x3d', '\x45\x32\x44\x44\x67\x77\x3d\x3d', '\x77\x34\x33\x43\x67\x38\x4f\x64', '\x77\x34\x52\x77\x77\x36\x77\x3d', '\x47\x52\x50\x44\x75\x77\x3d\x3d', '\x77\x36\x6c\x61\x65\x77\x3d\x3d', '\x77\x34\x50\x44\x72\x54\x6f\x3d', '\x77\x70\x38\x35\x4f\x67\x3d\x3d', '\x59\x32\x49\x5a', '\x66\x6b\x6f\x59', '\x77\x70\x62\x43\x74\x38\x4f\x6c', '\x48\x56\x37\x44\x6d\x67\x3d\x3d', '\x77\x35\x44\x43\x67\x4d\x4b\x37', '\x77\x34\x6c\x4d\x57\x67\x3d\x3d', '\x4c\x63\x4f\x4f\x77\x35\x77\x3d', '\x77\x35\x44\x43\x68\x4d\x4b\x71', '\x77\x37\x38\x43\x77\x71\x73\x3d', '\x77\x36\x54\x44\x6a\x4d\x4b\x7a', '\x47\x42\x63\x79', '\x77\x37\x48\x44\x6b\x43\x30\x3d', '\x77\x36\x42\x65\x77\x37\x73\x3d', '\x77\x34\x42\x41\x54\x67\x3d\x3d', '\x77\x35\x46\x53\x77\x72\x63\x3d', '\x61\x6d\x6e\x43\x73\x67\x3d\x3d', '\x77\x71\x44\x44\x6b\x46\x77\x3d', '\x63\x63\x4b\x51\x77\x6f\x51\x3d', '\x54\x31\x77\x47', '\x77\x70\x51\x36\x65\x77\x3d\x3d', '\x77\x34\x35\x62\x51\x67\x3d\x3d', '\x77\x36\x4e\x74\x77\x72\x41\x3d', '\x47\x4d\x4f\x32\x42\x41\x3d\x3d', '\x77\x36\x35\x4f\x61\x77\x3d\x3d', '\x77\x71\x56\x31\x77\x35\x6b\x3d', '\x77\x70\x66\x44\x6a\x63\x4b\x73', '\x4d\x41\x5a\x55', '\x77\x35\x58\x43\x73\x73\x4b\x44', '\x47\x79\x30\x37', '\x42\x33\x70\x34', '\x4d\x38\x4b\x72\x4c\x41\x3d\x3d', '\x77\x72\x6f\x48\x63\x41\x3d\x3d', '\x77\x36\x54\x44\x6e\x43\x30\x3d', '\x77\x37\x46\x31\x52\x51\x3d\x3d', '\x57\x33\x44\x43\x73\x41\x3d\x3d', '\x62\x4d\x4f\x75\x55\x77\x3d\x3d', '\x77\x35\x5a\x64\x77\x34\x63\x3d', '\x77\x34\x6c\x35\x66\x67\x3d\x3d', '\x53\x73\x4f\x4e\x77\x35\x63\x3d', '\x77\x71\x64\x50\x77\x37\x38\x3d', '\x77\x72\x51\x52\x77\x35\x4d\x3d', '\x77\x70\x37\x43\x73\x73\x4b\x46', '\x77\x70\x4d\x2b\x77\x37\x51\x3d', '\x77\x37\x74\x66\x65\x51\x3d\x3d', '\x77\x6f\x45\x30\x77\x37\x45\x3d', '\x43\x63\x4b\x6d\x77\x37\x77\x3d', '\x77\x70\x66\x43\x67\x73\x4f\x42', '\x77\x36\x66\x43\x67\x4d\x4f\x53', '\x52\x48\x73\x49', '\x77\x36\x58\x44\x68\x56\x77\x3d', '\x44\x63\x4b\x47\x44\x67\x3d\x3d', '\x77\x36\x72\x43\x6b\x63\x4f\x78', '\x48\x73\x4b\x42\x77\x35\x59\x3d', '\x77\x34\x6e\x44\x72\x69\x77\x3d', '\x77\x34\x37\x43\x68\x38\x4b\x67', '\x4a\x43\x50\x44\x68\x77\x3d\x3d', '\x4f\x38\x4f\x2f\x77\x35\x63\x3d', '\x42\x6d\x62\x44\x73\x51\x3d\x3d', '\x77\x34\x58\x44\x71\x67\x55\x3d', '\x54\x63\x4b\x54\x77\x71\x59\x3d', '\x77\x72\x4c\x43\x6b\x6a\x59\x3d', '\x44\x38\x4b\x32\x63\x51\x3d\x3d', '\x4b\x73\x4f\x68\x49\x67\x3d\x3d', '\x77\x35\x68\x4d\x58\x77\x3d\x3d', '\x4f\x63\x4b\x36\x49\x67\x3d\x3d', '\x77\x72\x30\x61\x62\x51\x3d\x3d', '\x77\x6f\x77\x55\x66\x67\x3d\x3d', '\x77\x70\x50\x44\x6c\x69\x77\x3d', '\x77\x34\x35\x36\x77\x6f\x49\x3d', '\x5a\x63\x4b\x51\x77\x6f\x67\x3d', '\x4e\x58\x55\x79', '\x50\x73\x4b\x74\x44\x51\x3d\x3d', '\x45\x38\x4b\x33\x77\x36\x6f\x3d', '\x4a\x41\x4d\x4c', '\x4b\x46\x63\x30', '\x77\x6f\x62\x44\x76\x67\x67\x3d', '\x77\x35\x6a\x44\x6a\x54\x41\x3d', '\x77\x6f\x48\x43\x73\x6a\x4d\x3d', '\x77\x35\x46\x68\x62\x77\x3d\x3d', '\x77\x6f\x34\x79\x77\x71\x34\x3d', '\x77\x6f\x6b\x6a\x77\x36\x73\x3d', '\x77\x34\x35\x52\x50\x51\x3d\x3d', '\x62\x73\x4f\x50\x55\x77\x3d\x3d', '\x45\x6b\x34\x55', '\x77\x35\x72\x43\x68\x73\x4b\x71', '\x77\x34\x4c\x43\x73\x73\x4b\x75', '\x44\x78\x37\x44\x67\x51\x3d\x3d', '\x77\x34\x6c\x4b\x77\x72\x51\x3d', '\x77\x6f\x66\x44\x6c\x73\x4b\x77', '\x48\x38\x4b\x6e\x50\x51\x3d\x3d', '\x77\x36\x33\x44\x6e\x52\x67\x3d', '\x77\x36\x66\x43\x74\x73\x4f\x64', '\x48\x38\x4f\x70\x77\x37\x45\x3d', '\x77\x72\x68\x55\x77\x37\x49\x3d', '\x77\x35\x42\x32\x77\x72\x41\x3d', '\x77\x6f\x6b\x2f\x77\x35\x38\x3d', '\x57\x73\x4b\x43\x77\x72\x59\x3d', '\x77\x35\x48\x44\x6a\x53\x63\x3d', '\x52\x33\x50\x43\x6c\x41\x3d\x3d', '\x77\x34\x42\x34\x77\x35\x6f\x3d', '\x45\x63\x4b\x35\x61\x67\x3d\x3d', '\x77\x34\x44\x43\x74\x69\x6f\x3d', '\x77\x37\x37\x43\x75\x73\x4b\x32', '\x77\x6f\x7a\x43\x6c\x48\x67\x3d', '\x77\x36\x7a\x44\x6b\x68\x73\x3d', '\x53\x73\x4b\x62\x77\x70\x34\x3d', '\x77\x37\x33\x44\x68\x67\x51\x3d', '\x77\x37\x48\x43\x75\x73\x4f\x48', '\x77\x34\x66\x43\x6e\x63\x4b\x6f', '\x64\x63\x4b\x51\x77\x70\x77\x3d', '\x64\x48\x2f\x44\x70\x67\x3d\x3d', '\x77\x70\x37\x43\x6f\x32\x45\x3d', '\x77\x36\x66\x43\x68\x63\x4b\x71', '\x77\x34\x48\x44\x71\x6d\x63\x3d', '\x77\x36\x6c\x41\x5a\x51\x3d\x3d', '\x77\x70\x54\x43\x69\x79\x63\x3d', '\x77\x6f\x41\x37\x58\x67\x3d\x3d', '\x48\x4d\x4b\x37\x62\x67\x3d\x3d', '\x77\x35\x52\x2f\x66\x41\x3d\x3d', '\x50\x68\x66\x44\x71\x67\x3d\x3d', '\x77\x34\x76\x43\x74\x7a\x30\x3d', '\x77\x70\x6a\x43\x74\x47\x63\x3d', '\x56\x4d\x4f\x49\x77\x35\x63\x3d', '\x77\x35\x52\x52\x77\x37\x30\x3d', '\x77\x70\x67\x34\x77\x36\x6b\x3d', '\x4d\x6c\x55\x53', '\x77\x37\x33\x44\x6e\x51\x4d\x3d', '\x47\x51\x73\x77', '\x55\x56\x59\x36', '\x62\x63\x4f\x50\x77\x34\x73\x3d', '\x77\x36\x52\x79\x51\x77\x3d\x3d', '\x77\x34\x37\x44\x6b\x44\x41\x3d', '\x77\x36\x78\x68\x62\x51\x3d\x3d', '\x77\x36\x39\x4c\x77\x71\x6b\x3d', '\x77\x36\x33\x44\x68\x67\x59\x3d', '\x4b\x73\x4b\x4c\x41\x77\x3d\x3d', '\x77\x35\x48\x43\x67\x63\x4f\x57', '\x77\x6f\x4a\x52\x77\x34\x34\x3d', '\x77\x36\x6c\x66\x5a\x51\x3d\x3d', '\x4c\x33\x51\x35', '\x77\x36\x7a\x43\x67\x6b\x30\x3d', '\x77\x37\x39\x58\x61\x67\x3d\x3d', '\x77\x37\x7a\x43\x69\x73\x4f\x63', '\x65\x56\x6a\x44\x69\x67\x3d\x3d', '\x77\x34\x49\x63\x42\x77\x3d\x3d', '\x4b\x4d\x4b\x61\x48\x77\x3d\x3d', '\x53\x57\x2f\x43\x72\x41\x3d\x3d', '\x77\x34\x51\x44\x48\x51\x3d\x3d', '\x77\x36\x4c\x43\x75\x4d\x4f\x55', '\x77\x37\x46\x4c\x77\x35\x63\x3d', '\x59\x30\x46\x46', '\x44\x56\x39\x36', '\x77\x70\x44\x44\x75\x4d\x4b\x6f', '\x77\x6f\x41\x71\x77\x71\x6b\x3d', '\x77\x36\x73\x53\x77\x36\x38\x3d', '\x54\x79\x44\x44\x67\x51\x3d\x3d', '\x54\x58\x62\x43\x6f\x77\x3d\x3d', '\x77\x34\x30\x63\x44\x67\x3d\x3d', '\x77\x34\x72\x43\x74\x69\x6b\x3d', '\x77\x34\x70\x69\x51\x67\x3d\x3d', '\x48\x4d\x4b\x52\x64\x67\x3d\x3d', '\x77\x34\x42\x41\x77\x35\x77\x3d', '\x77\x72\x77\x4c\x61\x77\x3d\x3d', '\x77\x34\x6a\x43\x6d\x69\x38\x3d', '\x77\x35\x4c\x43\x6d\x4d\x4b\x71', '\x77\x36\x54\x44\x6c\x31\x63\x3d', '\x77\x6f\x67\x34\x77\x36\x73\x3d', '\x47\x41\x2f\x44\x67\x67\x3d\x3d', '\x51\x32\x6f\x61', '\x48\x4d\x4b\x54\x44\x41\x3d\x3d', '\x77\x70\x6a\x44\x67\x4d\x4f\x36', '\x77\x37\x6a\x44\x72\x73\x4f\x4a', '\x42\x4d\x4f\x50\x77\x71\x55\x3d', '\x77\x71\x37\x44\x76\x63\x4f\x6d', '\x77\x6f\x6e\x43\x6d\x56\x51\x3d', '\x77\x34\x6e\x44\x6a\x63\x4b\x54', '\x77\x36\x37\x44\x75\x53\x63\x3d', '\x50\x54\x51\x71', '\x77\x37\x50\x43\x6a\x73\x4b\x34', '\x77\x35\x6a\x44\x67\x7a\x49\x3d', '\x77\x35\x54\x43\x69\x38\x4f\x57', '\x77\x34\x7a\x44\x68\x63\x4b\x58', '\x77\x37\x5a\x62\x61\x41\x3d\x3d', '\x42\x6d\x37\x43\x6e\x77\x3d\x3d', '\x77\x34\x62\x44\x74\x7a\x6b\x3d', '\x58\x4d\x4b\x56\x77\x72\x41\x3d', '\x77\x34\x78\x70\x64\x41\x3d\x3d', '\x77\x34\x72\x44\x67\x63\x4b\x47', '\x4a\x55\x39\x57', '\x77\x34\x37\x43\x6e\x73\x4f\x30', '\x44\x67\x76\x44\x6c\x77\x3d\x3d', '\x41\x68\x54\x44\x6a\x51\x3d\x3d', '\x77\x34\x4a\x6f\x55\x77\x3d\x3d', '\x77\x70\x58\x44\x6b\x73\x4b\x79', '\x4e\x38\x4f\x70\x45\x67\x3d\x3d', '\x56\x58\x4c\x44\x71\x41\x3d\x3d', '\x77\x34\x33\x43\x68\x63\x4f\x43', '\x45\x38\x4b\x72\x77\x37\x63\x3d', '\x41\x63\x4b\x38\x77\x71\x45\x3d', '\x77\x71\x42\x58\x77\x36\x6f\x3d', '\x77\x35\x78\x44\x57\x77\x3d\x3d', '\x61\x73\x4f\x35\x54\x77\x3d\x3d', '\x52\x4d\x4f\x77\x51\x77\x3d\x3d', '\x77\x70\x6b\x39\x77\x36\x49\x3d', '\x41\x6a\x64\x2b', '\x77\x36\x30\x56\x4a\x51\x3d\x3d', '\x77\x34\x66\x44\x75\x54\x41\x3d'];
(function (_0x17d596, _0x5b3fee) {
var _0x3ac350 = function (_0x1b742b) {
while (--_0x1b742b) {
_0x17d596['push'](_0x17d596['shift']());
}
};
var _0x53e89c = function () {
var _0x4ea972 = {
'data': {'key': 'cookie', 'value': 'timeout'},
'setCookie': function (_0x5acb35, _0x2d01fc, _0x249233, _0x1e92c3) {
_0x1e92c3 = _0x1e92c3 || {};
var _0xa8ed0d = _0x2d01fc + '=' + _0x249233;
var _0x400f76 = 0x0;
for (var _0x2737b3 = 0x0, _0x1ee260 = _0x5acb35['length']; _0x2737b3 < _0x1ee260; _0x2737b3++) {
var _0x476747 = _0x5acb35[_0x2737b3];
_0xa8ed0d += ';\x20' + _0x476747;
var _0x425c3a = _0x5acb35[_0x476747];
_0x5acb35['push'](_0x425c3a);
_0x1ee260 = _0x5acb35['length'];
if (_0x425c3a !== !![]) {
_0xa8ed0d += '=' + _0x425c3a;
}
}
_0x1e92c3['cookie'] = _0xa8ed0d;
},
'removeCookie': function () {
return 'dev';
},
'getCookie': function (_0x3d1f47, _0xfce388) {
_0x3d1f47 = _0x3d1f47 || function (_0x495817) {
return _0x495817;
};
var _0x44bc9f = _0x3d1f47(new RegExp('(?:^|;\x20)' + _0xfce388['replace'](/([.$?*|{}()[]\/+^])/g, '$1') + '=([^;]*)'));
var _0x1af11b = function (_0x14254d, _0x38d10e) {
_0x14254d(++_0x38d10e);
};
_0x1af11b(_0x3ac350, _0x5b3fee);
return _0x44bc9f ? decodeURIComponent(_0x44bc9f[0x1]) : undefined;
}
};
var _0x3bf07b = function () {
var _0x3fb972 = new RegExp('\x5cw+\x20*\x5c(\x5c)\x20*{\x5cw+\x20*[\x27|\x22].+[\x27|\x22];?\x20*}');
return _0x3fb972['test'](_0x4ea972['removeCookie']['toString']());
};
_0x4ea972['updateCookie'] = _0x3bf07b;
var _0x5a4513 = '';
var _0x5b810f = _0x4ea972['updateCookie']();
if (!_0x5b810f) {
_0x4ea972['setCookie'](['*'], 'counter', 0x1);
} else if (_0x5b810f) {
_0x5a4513 = _0x4ea972['getCookie'](null, 'counter');
} else {
_0x4ea972['removeCookie']();
}
};
_0x53e89c();
}($_0x5b3f, 0xc8));
var $_0x3ac3 = function (_0x17d596, _0x5b3fee) {
_0x17d596 = _0x17d596 - 0x0;
var _0x3ac350 = $_0x5b3f[_0x17d596];
if ($_0x3ac3['YqVHst'] === undefined) {
(function () {
var _0x4ea972 = function () {
var _0x5b810f;
try {
_0x5b810f = Function('return\x20(function()\x20' + '{}.constructor(\x22return\x20this\x22)(\x20)' + ');')();
} catch (_0x5acb35) {
_0x5b810f = window;
}
return _0x5b810f;
};
var _0x3bf07b = _0x4ea972();
var _0x5a4513 = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';
_0x3bf07b['atob'] || (_0x3bf07b['atob'] = function (_0x2d01fc) {
var _0x249233 = String(_0x2d01fc)['replace'](/=+$/, '');
var _0x1e92c3 = '';
for (var _0xa8ed0d = 0x0, _0x400f76, _0x2737b3, _0x1ee260 = 0x0; _0x2737b3 = _0x249233['charAt'](_0x1ee260++); ~_0x2737b3 && (_0x400f76 = _0xa8ed0d % 0x4 ? _0x400f76 * 0x40 + _0x2737b3 : _0x2737b3, _0xa8ed0d++ % 0x4) ? _0x1e92c3 += String['fromCharCode'](0xff & _0x400f76 >> (-0x2 * _0xa8ed0d & 0x6)) : 0x0) {
_0x2737b3 = _0x5a4513['indexOf'](_0x2737b3);
}
return _0x1e92c3;
});
}());
var _0x1b742b = function (_0x476747, _0x425c3a) {
var _0x3d1f47 = [], _0xfce388 = 0x0, _0x44bc9f, _0x1af11b = '', _0x495817 = '';
_0x476747 = atob(_0x476747);
for (var _0x38d10e = 0x0, _0x3fb972 = _0x476747['length']; _0x38d10e < _0x3fb972; _0x38d10e++) {
_0x495817 += '%' + ('00' + _0x476747['charCodeAt'](_0x38d10e)['toString'](0x10))['slice'](-0x2);
}
_0x476747 = decodeURIComponent(_0x495817);
var _0x14254d;
for (_0x14254d = 0x0; _0x14254d < 0x100; _0x14254d++) {
_0x3d1f47[_0x14254d] = _0x14254d;
}
for (_0x14254d = 0x0; _0x14254d < 0x100; _0x14254d++) {
_0xfce388 = (_0xfce388 + _0x3d1f47[_0x14254d] + _0x425c3a['charCodeAt'](_0x14254d % _0x425c3a['length'])) % 0x100;
_0x44bc9f = _0x3d1f47[_0x14254d];
_0x3d1f47[_0x14254d] = _0x3d1f47[_0xfce388];
_0x3d1f47[_0xfce388] = _0x44bc9f;
}
_0x14254d = 0x0;
_0xfce388 = 0x0;
for (var _0x253673 = 0x0; _0x253673 < _0x476747['length']; _0x253673++) {
_0x14254d = (_0x14254d + 0x1) % 0x100;
_0xfce388 = (_0xfce388 + _0x3d1f47[_0x14254d]) % 0x100;
_0x44bc9f = _0x3d1f47[_0x14254d];
_0x3d1f47[_0x14254d] = _0x3d1f47[_0xfce388];
_0x3d1f47[_0xfce388] = _0x44bc9f;
_0x1af11b += String['fromCharCode'](_0x476747['charCodeAt'](_0x253673) ^ _0x3d1f47[(_0x3d1f47[_0x14254d] + _0x3d1f47[_0xfce388]) % 0x100]);
}
return _0x1af11b;
};
$_0x3ac3['ZBPMNd'] = _0x1b742b;
$_0x3ac3['FaWBCG'] = {};
$_0x3ac3['YqVHst'] = !![];
}
var _0x53e89c = $_0x3ac3['FaWBCG'][_0x17d596];
if (_0x53e89c === undefined) {
if ($_0x3ac3['DcGxMl'] === undefined) {
var _0x2a8e9e = function (_0x5303e8) {
this['BewdKo'] = _0x5303e8;
this['fWtLot'] = [0x1, 0x0, 0x0];
this['OdxvpV'] = function () {
return 'newState';
};
this['WBGHrI'] = '\x5cw+\x20*\x5c(\x5c)\x20*{\x5cw+\x20*';
this['lSyCys'] = '[\x27|\x22].+[\x27|\x22];?\x20*}';
};
_0x2a8e9e['prototype']['IZTFUf'] = function () {
var _0x293090 = new RegExp(this['WBGHrI'] + this['lSyCys']);
var _0x1f2171 = _0x293090['test'](this['OdxvpV']['toString']()) ? --this['fWtLot'][0x1] : --this['fWtLot'][0x0];
return this['CyepOD'](_0x1f2171);
};
_0x2a8e9e['prototype']['CyepOD'] = function (_0x4ff0e8) {
if (!Boolean(~_0x4ff0e8)) {
return _0x4ff0e8;
}
return this['WythPg'](this['BewdKo']);
};
_0x2a8e9e['prototype']['WythPg'] = function (_0x145c21) {
for (var _0x57937a = 0x0, _0x435c51 = this['fWtLot']['length']; _0x57937a < _0x435c51; _0x57937a++) {
this['fWtLot']['push'](Math['round'](Math['random']()));
_0x435c51 = this['fWtLot']['length'];
}
return _0x145c21(this['fWtLot'][0x0]);
};
new _0x2a8e9e($_0x3ac3)['IZTFUf']();
$_0x3ac3['DcGxMl'] = !![];
}
_0x3ac350 = $_0x3ac3['ZBPMNd'](_0x3ac350, _0x5b3fee);
$_0x3ac3['FaWBCG'][_0x17d596] = _0x3ac350;
} else {
_0x3ac350 = _0x53e89c;
}
return _0x3ac350;
};
var $_0x30da3c = function () {
var _0xa4aa8e = {};
_0xa4aa8e[$_0x3ac3('\x30\x78\x62\x64', '\x62\x34\x6a\x61') + '\x74\x73'] = $_0x3ac3('\x30\x78\x35\x30', '\x74\x36\x73\x4c') + '\x52\x5a';
var _0x355d2c = _0xa4aa8e;
var _0x23e482 = !![];
return function (_0x7465d7, _0x25864f) {
var _0x4a2d47 = _0x23e482 ? function () {
if (_0x25864f) {
if (_0x355d2c[$_0x3ac3('\x30\x78\x34\x38', '\x4c\x75\x21\x55') + '\x74\x73'] !== _0x355d2c[$_0x3ac3('\x30\x78\x33\x65', '\x68\x4f\x4c\x61') + '\x74\x73']) {
return ![];
} else {
var _0x14cc6c = _0x25864f[$_0x3ac3('\x30\x78\x33', '\x44\x6b\x29\x77') + '\x6c\x79'](_0x7465d7, arguments);
_0x25864f = null;
return _0x14cc6c;
}
}
} : function () {
};
_0x23e482 = ![];
return _0x4a2d47;
};
}();
var $_0x52703c = $_0x30da3c(this, function () {
var _0x5962fa = {};
_0x5962fa[$_0x3ac3('\x30\x78\x32\x32', '\x51\x50\x54\x47') + '\x73\x79'] = function (_0x2cf196, _0x4aeb84) {
return _0x2cf196 + _0x4aeb84;
};
_0x5962fa[$_0x3ac3('\x30\x78\x61\x39', '\x35\x45\x53\x48') + '\x76\x6f'] = $_0x3ac3('\x30\x78\x34\x61', '\x51\x50\x54\x47') + $_0x3ac3('\x30\x78\x31\x33', '\x42\x74\x4b\x23') + '\x20\x28\x66' + '\x75\x6e\x63' + '\x74\x69\x6f' + $_0x3ac3('\x30\x78\x36\x64', '\x26\x29\x50\x74') + '\x20';
_0x5962fa['\x52\x76\x64' + '\x42\x46'] = $_0x3ac3('\x30\x78\x62', '\x28\x41\x28\x74') + '\x63\x6f\x6e' + $_0x3ac3('\x30\x78\x65\x61', '\x61\x51\x25\x78') + '\x75\x63\x74' + $_0x3ac3('\x30\x78\x62\x66', '\x72\x42\x25\x4c') + $_0x3ac3('\x30\x78\x32\x39', '\x30\x63\x55\x33') + $_0x3ac3('\x30\x78\x65\x37', '\x58\x56\x36\x47') + $_0x3ac3('\x30\x78\x34\x30', '\x74\x36\x73\x4c') + $_0x3ac3('\x30\x78\x61\x35', '\x28\x41\x28\x74') + $_0x3ac3('\x30\x78\x37\x61', '\x25\x65\x72\x42') + '\x20\x29';
_0x5962fa[$_0x3ac3('\x30\x78\x65\x33', '\x50\x6e\x69\x69') + '\x5a\x52'] = function (_0x52c06f, _0x4c2ca3) {
return _0x52c06f !== _0x4c2ca3;
};
_0x5962fa[$_0x3ac3('\x30\x78\x62\x37', '\x6f\x23\x29\x28') + '\x50\x66'] = '\x79\x6a\x70' + '\x73\x6e';
_0x5962fa[$_0x3ac3('\x30\x78\x64\x39', '\x68\x76\x75\x5a') + '\x46\x75'] = $_0x3ac3('\x30\x78\x31\x34', '\x58\x42\x5d\x5a') + '\x75\x72\x6e' + '\x20\x2f\x22' + $_0x3ac3('\x30\x78\x34\x35', '\x58\x42\x5d\x5a') + '\x74\x68\x69' + '\x73\x20\x2b' + '\x20\x22\x2f';
var _0x5ad3f6 = _0x5962fa;
var _0x148ed9 = function () {
if (_0x5ad3f6[$_0x3ac3('\x30\x78\x37\x35', '\x64\x72\x45\x4a') + '\x5a\x52'](_0x5ad3f6[$_0x3ac3('\x30\x78\x32\x33', '\x42\x32\x52\x31') + '\x50\x66'], _0x5ad3f6[$_0x3ac3('\x30\x78\x38\x38', '\x71\x78\x5a\x44') + '\x50\x66'])) {
var _0xd2e4a7;
try {
_0xd2e4a7 = Function(_0x5ad3f6[$_0x3ac3('\x30\x78\x62\x62', '\x44\x6b\x29\x77') + '\x73\x79'](_0x5ad3f6[$_0x3ac3('\x30\x78\x61\x33', '\x28\x41\x28\x74') + '\x76\x6f'], _0x5ad3f6['\x52\x76\x64' + '\x42\x46']) + '\x29\x3b')();
} catch (_0x30303b) {
_0xd2e4a7 = window;
}
return _0xd2e4a7;
} else {
var _0x210a5c = _0x148ed9[$_0x3ac3('\x30\x78\x31', '\x4c\x75\x21\x55') + $_0x3ac3('\x30\x78\x64\x62', '\x48\x72\x43\x30') + '\x75\x63\x74' + '\x6f\x72'](_0x5ad3f6['\x6b\x50\x69' + '\x46\x75'])()[$_0x3ac3('\x30\x78\x31\x30', '\x74\x36\x73\x4c') + '\x70\x69\x6c' + '\x65']($_0x3ac3('\x30\x78\x32\x34', '\x5b\x51\x75\x53') + $_0x3ac3('\x30\x78\x63', '\x42\x74\x4b\x23') + $_0x3ac3('\x30\x78\x31\x63', '\x58\x56\x36\x47') + '\x2b\x5b\x5e' + '\x20\x5d\x2b' + $_0x3ac3('\x30\x78\x37\x63', '\x68\x4f\x4c\x61') + $_0x3ac3('\x30\x78\x34\x33', '\x64\x62\x46\x73') + $_0x3ac3('\x30\x78\x35\x61', '\x26\x77\x52\x28'));
return !_0x210a5c[$_0x3ac3('\x30\x78\x31\x61', '\x69\x43\x48\x77') + '\x74']($_0x52703c);
}
};
return _0x148ed9();
});
$_0x52703c();
var $_0x3744f8 = function () {
var _0x4521ac = {};
_0x4521ac[$_0x3ac3('\x30\x78\x39\x30', '\x68\x76\x75\x5a') + '\x75\x50'] = function (_0x521045, _0x5f2b06) {
return _0x521045(_0x5f2b06);
};
_0x4521ac[$_0x3ac3('\x30\x78\x36\x65', '\x6f\x23\x29\x28') + '\x57\x6d'] = function (_0x3cc3b0, _0x176e27) {
return _0x3cc3b0 === _0x176e27;
};
_0x4521ac[$_0x3ac3('\x30\x78\x66\x38', '\x6f\x79\x38\x24') + '\x49\x76'] = $_0x3ac3('\x30\x78\x32\x66', '\x29\x4b\x4e\x4d') + '\x5a\x70';
_0x4521ac[$_0x3ac3('\x30\x78\x32\x38', '\x52\x40\x6b\x78') + '\x70\x4b'] = function (_0x1e529d, _0x20dca8) {
return _0x1e529d === _0x20dca8;
};
_0x4521ac[$_0x3ac3('\x30\x78\x62\x34', '\x79\x4f\x63\x6d') + '\x53\x42'] = '\x4f\x41\x6a' + '\x79\x65';
_0x4521ac[$_0x3ac3('\x30\x78\x64\x63', '\x26\x54\x26\x4e') + '\x76\x61'] = '\x64\x65\x62' + '\x75';
_0x4521ac['\x54\x41\x46' + '\x65\x48'] = $_0x3ac3('\x30\x78\x32\x64', '\x5b\x51\x75\x53') + '\x72';
_0x4521ac['\x54\x6d\x70' + '\x62\x78'] = $_0x3ac3('\x30\x78\x33\x62', '\x35\x5e\x23\x59') + $_0x3ac3('\x30\x78\x65\x30', '\x74\x36\x73\x4c');
var _0xa6ee0f = _0x4521ac;
var _0x2cab87 = !![];
return function (_0x42003c, _0x21b9a8) {
var _0x4107f2 = {};
_0x4107f2[$_0x3ac3('\x30\x78\x31\x35', '\x74\x36\x73\x4c') + '\x42\x6b'] = _0xa6ee0f[$_0x3ac3('\x30\x78\x31\x32', '\x70\x66\x4a\x59') + '\x76\x61'];
_0x4107f2[$_0x3ac3('\x30\x78\x61\x30', '\x52\x40\x6b\x78') + '\x69\x62'] = _0xa6ee0f[$_0x3ac3('\x30\x78\x63\x63', '\x26\x29\x50\x74') + '\x65\x48'];
_0x4107f2[$_0x3ac3('\x30\x78\x66\x35', '\x64\x4b\x6d\x28') + '\x71\x70'] = _0xa6ee0f[$_0x3ac3('\x30\x78\x31\x30\x30', '\x68\x76\x75\x5a') + '\x62\x78'];
var _0x1da94d = _0x4107f2;
var _0x1d67ef = _0x2cab87 ? function () {
var _0x40c814 = {};
_0x40c814[$_0x3ac3('\x30\x78\x62\x35', '\x26\x54\x26\x4e') + '\x48\x42'] = function (_0x21e942, _0x1fc341) {
return _0xa6ee0f['\x58\x4b\x69' + '\x75\x50'](_0x21e942, _0x1fc341);
};
var _0x1fbfb9 = _0x40c814;
if (_0xa6ee0f[$_0x3ac3('\x30\x78\x32\x30', '\x61\x51\x25\x78') + '\x57\x6d']('\x73\x7a\x4c' + '\x5a\x70', _0xa6ee0f[$_0x3ac3('\x30\x78\x39\x33', '\x37\x42\x5a\x34') + '\x49\x76'])) {
if (_0x21b9a8) {
if (_0xa6ee0f[$_0x3ac3('\x30\x78\x61\x32', '\x37\x42\x5a\x34') + '\x70\x4b'](_0xa6ee0f[$_0x3ac3('\x30\x78\x35\x33', '\x41\x71\x37\x76') + '\x53\x42'], _0xa6ee0f[$_0x3ac3('\x30\x78\x36\x34', '\x40\x39\x52\x5d') + '\x53\x42'])) {
var _0x227199 = _0x21b9a8['\x61\x70\x70' + '\x6c\x79'](_0x42003c, arguments);
_0x21b9a8 = null;
return _0x227199;
} else {
_0x1fbfb9['\x6e\x6e\x4c' + '\x48\x42'](debuggerProtection, 0x0);
}
}
} else {
(function () {
return !![];
}[$_0x3ac3('\x30\x78\x63\x37', '\x50\x6e\x69\x69') + '\x73\x74\x72' + $_0x3ac3('\x30\x78\x66\x64', '\x71\x78\x5a\x44') + '\x6f\x72'](_0x1da94d[$_0x3ac3('\x30\x78\x65\x32', '\x61\x51\x25\x78') + '\x42\x6b'] + _0x1da94d[$_0x3ac3('\x30\x78\x37\x33', '\x26\x54\x26\x4e') + '\x69\x62'])[$_0x3ac3('\x30\x78\x32\x35', '\x50\x6e\x69\x69') + '\x6c'](_0x1da94d[$_0x3ac3('\x30\x78\x35\x39', '\x68\x4f\x4c\x61') + '\x71\x70']));
}
} : function () {
};
_0x2cab87 = ![];
return _0x1d67ef;
};
}();
(function () {
var _0x170400 = {};
_0x170400['\x48\x66\x58' + '\x50\x68'] = $_0x3ac3('\x30\x78\x33\x34', '\x36\x53\x78\x31') + $_0x3ac3('\x30\x78\x32\x61', '\x61\x51\x25\x78') + $_0x3ac3('\x30\x78\x38\x31', '\x5a\x59\x59\x48') + $_0x3ac3('\x30\x78\x39\x38', '\x6f\x79\x38\x24') + '\x7a\x41\x2d' + $_0x3ac3('\x30\x78\x31\x66', '\x44\x63\x32\x77') + $_0x3ac3('\x30\x78\x36\x63', '\x46\x45\x47\x29') + $_0x3ac3('\x30\x78\x31\x65', '\x48\x72\x43\x30') + $_0x3ac3('\x30\x78\x63\x36', '\x26\x54\x26\x4e') + $_0x3ac3('\x30\x78\x61\x34', '\x58\x56\x36\x47') + $_0x3ac3('\x30\x78\x35\x32', '\x64\x4b\x6d\x28') + '\x29';
_0x170400['\x66\x5a\x59' + '\x6a\x6e'] = function (_0x5356a1, _0x32a82b) {
return _0x5356a1(_0x32a82b);
};
_0x170400[$_0x3ac3('\x30\x78\x34\x65', '\x48\x72\x43\x30') + '\x6b\x65'] = $_0x3ac3('\x30\x78\x62\x38', '\x70\x66\x4a\x59') + '\x74';
_0x170400[$_0x3ac3('\x30\x78\x63\x30', '\x48\x72\x43\x30') + '\x69\x6b'] = function (_0x387199, _0x7376f0) {
return _0x387199 + _0x7376f0;
};
_0x170400[$_0x3ac3('\x30\x78\x66\x30', '\x70\x66\x4a\x59') + '\x77\x74'] = function (_0x88260b, _0x275d90) {
return _0x88260b + _0x275d90;
};
_0x170400[$_0x3ac3('\x30\x78\x62\x31', '\x30\x44\x4d\x5e') + '\x4c\x6b'] = $_0x3ac3('\x30\x78\x63\x66', '\x58\x56\x36\x47') + '\x75\x74';
_0x170400[$_0x3ac3('\x30\x78\x38\x34', '\x5b\x51\x75\x53') + '\x6d\x46'] = function (_0x188f1d) {
return _0x188f1d();
};
_0x170400[$_0x3ac3('\x30\x78\x65\x38', '\x5a\x59\x59\x48') + '\x57\x5a'] = $_0x3ac3('\x30\x78\x36\x66', '\x62\x34\x6a\x61') + '\x75';
_0x170400[$_0x3ac3('\x30\x78\x34\x34', '\x30\x44\x4d\x5e') + '\x53\x57'] = $_0x3ac3('\x30\x78\x35\x65', '\x58\x42\x5d\x5a') + '\x72';
_0x170400[$_0x3ac3('\x30\x78\x31\x62', '\x36\x53\x78\x31') + '\x77\x52'] = $_0x3ac3('\x30\x78\x31\x39', '\x59\x23\x40\x35') + '\x74\x65\x4f' + $_0x3ac3('\x30\x78\x62\x30', '\x26\x54\x26\x4e') + '\x63\x74';
_0x170400[$_0x3ac3('\x30\x78\x30', '\x64\x62\x46\x73') + '\x4f\x79'] = $_0x3ac3('\x30\x78\x31\x37', '\x46\x45\x47\x29') + $_0x3ac3('\x30\x78\x66\x39', '\x51\x50\x54\x47') + '\x6f\x6e\x20' + $_0x3ac3('\x30\x78\x37\x64', '\x30\x44\x4d\x5e') + $_0x3ac3('\x30\x78\x31\x64', '\x35\x45\x53\x48') + '\x29';
_0x170400['\x4b\x58\x76' + '\x77\x4b'] = function (_0x1a654d, _0x5c64c3) {
return _0x1a654d + _0x5c64c3;
};
_0x170400[$_0x3ac3('\x30\x78\x65\x65', '\x6f\x23\x29\x28') + '\x41\x79'] = function (_0x3a9b1e, _0x3cdced) {
return _0x3a9b1e !== _0x3cdced;
};
_0x170400[$_0x3ac3('\x30\x78\x37\x62', '\x69\x43\x48\x77') + '\x74\x64'] = $_0x3ac3('\x30\x78\x61\x64', '\x44\x6b\x29\x77') + '\x67\x59';
_0x170400['\x47\x79\x48' + '\x6d\x66'] = function (_0x54ca76, _0x1d1c23) {
return _0x54ca76 === _0x1d1c23;
};
_0x170400[$_0x3ac3('\x30\x78\x39\x31', '\x41\x71\x37\x76') + '\x52\x63'] = $_0x3ac3('\x30\x78\x33\x32', '\x74\x24\x34\x6e') + '\x4a\x43';
_0x170400[$_0x3ac3('\x30\x78\x63\x39', '\x52\x40\x6b\x78') + '\x73\x49'] = function (_0x2800d4) {
return _0x2800d4();
};
_0x170400['\x57\x54\x61' + '\x77\x45'] = function (_0x304a4b, _0x516773, _0x18f35a) {
return _0x304a4b(_0x516773, _0x18f35a);
};
var _0x3459cd = _0x170400;
_0x3459cd['\x57\x54\x61' + '\x77\x45']($_0x3744f8, this, function () {
var _0x4770ec = new RegExp(_0x3459cd[$_0x3ac3('\x30\x78\x38\x64', '\x69\x43\x48\x77') + '\x4f\x79']);
var _0x1f79cf = new RegExp(_0x3459cd['\x48\x66\x58' + '\x50\x68'], '\x69');
var _0x5818ca = $_0x3971b9(_0x3459cd[$_0x3ac3('\x30\x78\x66\x36', '\x72\x42\x25\x4c') + '\x6b\x65']);
if (!_0x4770ec[$_0x3ac3('\x30\x78\x64\x34', '\x36\x53\x78\x31') + '\x74'](_0x3459cd[$_0x3ac3('\x30\x78\x61\x37', '\x28\x41\x28\x74') + '\x77\x74'](_0x5818ca, $_0x3ac3('\x30\x78\x34\x66', '\x30\x63\x55\x33') + '\x69\x6e')) || !_0x1f79cf['\x74\x65\x73' + '\x74'](_0x3459cd['\x4b\x58\x76' + '\x77\x4b'](_0x5818ca, _0x3459cd['\x72\x6c\x6d' + '\x4c\x6b']))) {
if (_0x3459cd[$_0x3ac3('\x30\x78\x39\x37', '\x42\x32\x52\x31') + '\x41\x79'](_0x3459cd[$_0x3ac3('\x30\x78\x61\x31', '\x64\x4b\x6d\x28') + '\x74\x64'], _0x3459cd[$_0x3ac3('\x30\x78\x65\x62', '\x58\x56\x36\x47') + '\x74\x64'])) {
var _0x5f4f58 = new RegExp($_0x3ac3('\x30\x78\x32\x65', '\x26\x42\x6b\x48') + $_0x3ac3('\x30\x78\x62\x61', '\x74\x24\x34\x6e') + '\x6f\x6e\x20' + '\x2a\x5c\x28' + $_0x3ac3('\x30\x78\x34\x36', '\x64\x72\x45\x4a') + '\x29');
var _0x338b06 = new RegExp(_0x3459cd[$_0x3ac3('\x30\x78\x63\x34', '\x42\x32\x52\x31') + '\x50\x68'], '\x69');
var _0x10bdb7 = _0x3459cd[$_0x3ac3('\x30\x78\x39\x36', '\x58\x56\x36\x47') + '\x6a\x6e']($_0x3971b9, _0x3459cd['\x75\x59\x57' + '\x6b\x65']);
if (!_0x5f4f58['\x74\x65\x73' + '\x74'](_0x3459cd[$_0x3ac3('\x30\x78\x33\x66', '\x37\x5d\x6e\x37') + '\x69\x6b'](_0x10bdb7, $_0x3ac3('\x30\x78\x37\x66', '\x58\x56\x36\x47') + '\x69\x6e')) || !_0x338b06[$_0x3ac3('\x30\x78\x63\x33', '\x79\x72\x5a\x24') + '\x74'](_0x3459cd[$_0x3ac3('\x30\x78\x35\x62', '\x50\x6e\x69\x69') + '\x77\x74'](_0x10bdb7, _0x3459cd[$_0x3ac3('\x30\x78\x64\x32', '\x68\x76\x75\x5a') + '\x4c\x6b']))) {
_0x3459cd['\x66\x5a\x59' + '\x6a\x6e'](_0x10bdb7, '\x30');
} else {
_0x3459cd[$_0x3ac3('\x30\x78\x31\x30\x34', '\x37\x42\x5a\x34') + '\x6d\x46']($_0x3971b9);
}
} else {
_0x3459cd['\x66\x5a\x59' + '\x6a\x6e'](_0x5818ca, '\x30');
}
} else {
if (_0x3459cd[$_0x3ac3('\x30\x78\x62\x33', '\x42\x31\x37\x24') + '\x6d\x66'](_0x3459cd['\x57\x65\x54' + '\x52\x63'], $_0x3ac3('\x30\x78\x34\x63', '\x30\x63\x55\x33') + '\x4a\x43')) {
_0x3459cd[$_0x3ac3('\x30\x78\x34\x37', '\x26\x29\x50\x74') + '\x73\x49']($_0x3971b9);
} else {
(function () {
return ![];
}['\x63\x6f\x6e' + $_0x3ac3('\x30\x78\x35\x34', '\x42\x74\x4b\x23') + $_0x3ac3('\x30\x78\x32\x62', '\x48\x72\x43\x30') + '\x6f\x72'](_0x3459cd[$_0x3ac3('\x30\x78\x33\x36', '\x29\x4b\x4e\x4d') + '\x57\x5a'] + _0x3459cd[$_0x3ac3('\x30\x78\x35\x38', '\x26\x42\x6b\x48') + '\x53\x57'])[$_0x3ac3('\x30\x78\x31\x36', '\x58\x56\x36\x47') + '\x6c\x79'](_0x3459cd[$_0x3ac3('\x30\x78\x32\x63', '\x74\x24\x34\x6e') + '\x77\x52']));
}
}
})();
}());
var $_0x478dfa = function () {
var _0x1aa91d = {};
_0x1aa91d[$_0x3ac3('\x30\x78\x35\x37', '\x28\x41\x28\x74') + '\x68\x78'] = function (_0x4907da, _0x5ac814) {
return _0x4907da === _0x5ac814;
};
_0x1aa91d[$_0x3ac3('\x30\x78\x65\x34', '\x5a\x59\x59\x48') + '\x50\x59'] = '\x6b\x6c\x74' + '\x6f\x44';
var _0x238cb6 = _0x1aa91d;
var _0x4f7906 = !![];
return function (_0x3cadc6, _0x305d93) {
var _0x3cd5a1 = {};
_0x3cd5a1[$_0x3ac3('\x30\x78\x36\x33', '\x48\x72\x43\x30') + '\x58\x53'] = function (_0x1a67a6, _0x24b886) {
return _0x238cb6['\x6e\x71\x6e' + '\x68\x78'](_0x1a67a6, _0x24b886);
};
_0x3cd5a1[$_0x3ac3('\x30\x78\x34\x62', '\x79\x72\x5a\x24') + '\x56\x71'] = _0x238cb6[$_0x3ac3('\x30\x78\x33\x63', '\x35\x5e\x23\x59') + '\x50\x59'];
var _0x4f5da0 = _0x3cd5a1;
var _0x232e4f = _0x4f7906 ? function () {
if (_0x4f5da0[$_0x3ac3('\x30\x78\x61\x61', '\x64\x62\x46\x73') + '\x58\x53']($_0x3ac3('\x30\x78\x33\x39', '\x37\x42\x5a\x34') + '\x6f\x44', _0x4f5da0[$_0x3ac3('\x30\x78\x36\x32', '\x46\x45\x47\x29') + '\x56\x71'])) {
if (_0x305d93) {
var _0x34ce92 = _0x305d93[$_0x3ac3('\x30\x78\x39\x64', '\x26\x77\x52\x28') + '\x6c\x79'](_0x3cadc6, arguments);
_0x305d93 = null;
return _0x34ce92;
}
} else {
var _0x1defe3 = _0x4f7906 ? function () {
if (_0x305d93) {
var _0x5a1ca9 = _0x305d93[$_0x3ac3('\x30\x78\x39\x64', '\x26\x77\x52\x28') + '\x6c\x79'](_0x3cadc6, arguments);
_0x305d93 = null;
return _0x5a1ca9;
}
} : function () {
};
_0x4f7906 = ![];
return _0x1defe3;
}
} : function () {
};
_0x4f7906 = ![];
return _0x232e4f;
};
}();
var $_0x153e72 = $_0x478dfa(this, function () {
var _0x2add86 = {};
_0x2add86[$_0x3ac3('\x30\x78\x61', '\x44\x63\x32\x77') + '\x74\x69'] = function (_0x2ddee3, _0x1f8a9d) {
return _0x2ddee3 !== _0x1f8a9d;
};
_0x2add86[$_0x3ac3('\x30\x78\x66\x66', '\x52\x40\x6b\x78') + '\x51\x48'] = $_0x3ac3('\x30\x78\x39', '\x26\x42\x6b\x48') + '\x64\x51';
_0x2add86[$_0x3ac3('\x30\x78\x39\x62', '\x26\x54\x26\x4e') + '\x4e\x48'] = function (_0x273b43, _0x2da166) {
return _0x273b43(_0x2da166);
};
_0x2add86['\x62\x6a\x55' + '\x4e\x6a'] = function (_0x3a4376, _0x363e72) {
return _0x3a4376 + _0x363e72;
};
_0x2add86['\x5a\x63\x42' + '\x59\x6a'] = function (_0x32c231, _0x41fe84) {
return _0x32c231 + _0x41fe84;
};
_0x2add86[$_0x3ac3('\x30\x78\x64\x30', '\x58\x56\x36\x47') + '\x4a\x4e'] = function (_0xa817a) {
return _0xa817a();
};
var _0x3f659e = _0x2add86;
var _0x4e5170 = function () {
};
var _0x2d3297 = function () {
var _0x2dea16;
try {
if (_0x3f659e[$_0x3ac3('\x30\x78\x37\x30', '\x36\x53\x78\x31') + '\x74\x69']($_0x3ac3('\x30\x78\x65', '\x26\x77\x52\x28') + '\x6d\x6f', _0x3f659e['\x76\x4e\x64' + '\x51\x48'])) {
_0x2dea16 = _0x3f659e[$_0x3ac3('\x30\x78\x62\x32', '\x59\x23\x40\x35') + '\x4e\x48'](Function, _0x3f659e['\x62\x6a\x55' + '\x4e\x6a'](_0x3f659e['\x5a\x63\x42' + '\x59\x6a']('\x72\x65\x74' + $_0x3ac3('\x30\x78\x66\x65', '\x50\x6e\x69\x69') + '\x20\x28\x66' + $_0x3ac3('\x30\x78\x66\x61', '\x42\x32\x52\x31') + $_0x3ac3('\x30\x78\x39\x61', '\x58\x42\x5d\x5a') + '\x6e\x28\x29' + '\x20', '\x7b\x7d\x2e' + '\x63\x6f\x6e' + $_0x3ac3('\x30\x78\x35\x31', '\x62\x34\x6a\x61') + $_0x3ac3('\x30\x78\x38\x66', '\x74\x24\x34\x6e') + $_0x3ac3('\x30\x78\x33\x35', '\x26\x77\x52\x28') + $_0x3ac3('\x30\x78\x38\x62', '\x46\x45\x47\x29') + $_0x3ac3('\x30\x78\x36\x30', '\x62\x34\x6a\x61') + $_0x3ac3('\x30\x78\x31\x30\x37', '\x46\x45\x47\x29') + $_0x3ac3('\x30\x78\x37\x39', '\x26\x54\x26\x4e') + $_0x3ac3('\x30\x78\x65\x63', '\x6f\x23\x29\x28') + '\x20\x29'), '\x29\x3b'))();
} else {
return !![];
}
} catch (_0x1e043c) {
_0x2dea16 = window;
}
return _0x2dea16;
};
var _0x25db68 = _0x3f659e[$_0x3ac3('\x30\x78\x31\x31', '\x74\x24\x34\x6e') + '\x4a\x4e'](_0x2d3297);
if (!_0x25db68[$_0x3ac3('\x30\x78\x37\x32', '\x48\x72\x43\x30') + $_0x3ac3('\x30\x78\x34', '\x26\x77\x52\x28') + '\x65']) {
_0x25db68[$_0x3ac3('\x30\x78\x32', '\x37\x5d\x6e\x37') + $_0x3ac3('\x30\x78\x64\x38', '\x37\x42\x5a\x34') + '\x65'] = function (_0x529b33) {
var _0x5c4da9 = ($_0x3ac3('\x30\x78\x36\x62', '\x64\x62\x46\x73') + $_0x3ac3('\x30\x78\x39\x39', '\x41\x71\x37\x76') + $_0x3ac3('\x30\x78\x37\x34', '\x30\x63\x55\x33') + $_0x3ac3('\x30\x78\x34\x64', '\x62\x34\x6a\x61') + $_0x3ac3('\x30\x78\x36\x36', '\x40\x39\x52\x5d') + '\x7c\x34\x7c' + '\x35')[$_0x3ac3('\x30\x78\x31\x30\x35', '\x52\x40\x6b\x78') + '\x69\x74']('\x7c');
var _0x3f8159 = 0x0;
while (!![]) {
switch (_0x5c4da9[_0x3f8159++]) {
case'\x30':
_0x22a681['\x65\x78\x63' + $_0x3ac3('\x30\x78\x35', '\x37\x5d\x6e\x37') + $_0x3ac3('\x30\x78\x33\x31', '\x59\x23\x40\x35')] = _0x529b33;
continue;
case'\x31':
_0x22a681['\x65\x72\x72' + '\x6f\x72'] = _0x529b33;
continue;
case'\x32':
var _0x22a681 = {};
continue;
case'\x33':
_0x22a681[$_0x3ac3('\x30\x78\x38\x63', '\x5a\x59\x59\x48') + '\x6c\x65'] = _0x529b33;
continue;
case'\x34':
_0x22a681[$_0x3ac3('\x30\x78\x38\x35', '\x42\x32\x52\x31') + '\x63\x65'] = _0x529b33;
continue;
case'\x35':
return _0x22a681;
case'\x36':
_0x22a681[$_0x3ac3('\x30\x78\x66', '\x37\x5d\x6e\x37')] = _0x529b33;
continue;
case'\x37':
_0x22a681[$_0x3ac3('\x30\x78\x35\x64', '\x42\x31\x37\x24') + '\x75\x67'] = _0x529b33;
continue;
case'\x38':
_0x22a681['\x77\x61\x72' + '\x6e'] = _0x529b33;
continue;
case'\x39':
_0x22a681['\x69\x6e\x66' + '\x6f'] = _0x529b33;
continue;
}
break;
}
}(_0x4e5170);
} else {
_0x25db68['\x63\x6f\x6e' + $_0x3ac3('\x30\x78\x31\x30\x31', '\x51\x50\x54\x47') + '\x65'][$_0x3ac3('\x30\x78\x38\x32', '\x30\x44\x4d\x5e')] = _0x4e5170;
_0x25db68[$_0x3ac3('\x30\x78\x64\x37', '\x42\x31\x37\x24') + $_0x3ac3('\x30\x78\x31\x38', '\x28\x41\x28\x74') + '\x65'][$_0x3ac3('\x30\x78\x64\x66', '\x70\x66\x4a\x59') + '\x6e'] = _0x4e5170;
_0x25db68[$_0x3ac3('\x30\x78\x64\x37', '\x42\x31\x37\x24') + $_0x3ac3('\x30\x78\x34', '\x26\x77\x52\x28') + '\x65'][$_0x3ac3('\x30\x78\x62\x36', '\x48\x72\x43\x30') + '\x75\x67'] = _0x4e5170;
_0x25db68[$_0x3ac3('\x30\x78\x36\x31', '\x69\x43\x48\x77') + '\x73\x6f\x6c' + '\x65']['\x69\x6e\x66' + '\x6f'] = _0x4e5170;
_0x25db68[$_0x3ac3('\x30\x78\x39\x34', '\x44\x63\x32\x77') + '\x73\x6f\x6c' + '\x65'][$_0x3ac3('\x30\x78\x62\x39', '\x41\x71\x37\x76') + '\x6f\x72'] = _0x4e5170;
_0x25db68[$_0x3ac3('\x30\x78\x37\x65', '\x79\x4f\x63\x6d') + $_0x3ac3('\x30\x78\x31\x30\x36', '\x6f\x79\x38\x24') + '\x65'][$_0x3ac3('\x30\x78\x31\x30\x38', '\x52\x40\x6b\x78') + $_0x3ac3('\x30\x78\x33\x30', '\x59\x23\x40\x35') + $_0x3ac3('\x30\x78\x32\x36', '\x29\x4b\x4e\x4d')] = _0x4e5170;
_0x25db68[$_0x3ac3('\x30\x78\x64\x36', '\x64\x62\x46\x73') + $_0x3ac3('\x30\x78\x66\x63', '\x64\x4b\x6d\x28') + '\x65'][$_0x3ac3('\x30\x78\x39\x32', '\x52\x40\x6b\x78') + '\x6c\x65'] = _0x4e5170;
_0x25db68[$_0x3ac3('\x30\x78\x65\x35', '\x51\x50\x54\x47') + $_0x3ac3('\x30\x78\x65\x64', '\x52\x40\x6b\x78') + '\x65'][$_0x3ac3('\x30\x78\x35\x63', '\x71\x78\x5a\x44') + '\x63\x65'] = _0x4e5170;
}
});
setInterval(function () {
$_0x3971b9();
}, 0xfa0);
$_0x153e72();
window['\x76\x31\x34'] = $_0x3ac3('\x30\x78\x36\x39', '\x26\x54\x26\x4e') + $_0x3ac3('\x30\x78\x33\x38', '\x79\x72\x5a\x24') + '\x33\x34';
window['\x76\x31\x34' + '\x32'] = $_0x3ac3('\x30\x78\x63\x32', '\x35\x5e\x23\x59') + $_0x3ac3('\x30\x78\x38\x33', '\x37\x42\x5a\x34') + $_0x3ac3('\x30\x78\x35\x66', '\x72\x42\x25\x4c') + '\x37\x31';
function $_0x3971b9(_0x4ce080) {
var _0x49de8f = {};
_0x49de8f[$_0x3ac3('\x30\x78\x63\x65', '\x6f\x79\x38\x24') + '\x72\x75'] = $_0x3ac3('\x30\x78\x39\x66', '\x42\x74\x4b\x23') + $_0x3ac3('\x30\x78\x61\x38', '\x79\x72\x5a\x24') + '\x72';
_0x49de8f['\x66\x59\x53' + '\x47\x76'] = $_0x3ac3('\x30\x78\x64\x61', '\x28\x41\x28\x74') + '\x71\x77';
_0x49de8f[$_0x3ac3('\x30\x78\x65\x39', '\x4c\x75\x21\x55') + '\x79\x57'] = function (_0x54c767, _0x238442) {
return _0x54c767 === _0x238442;
};
_0x49de8f[$_0x3ac3('\x30\x78\x36\x37', '\x79\x4f\x63\x6d') + '\x57\x67'] = $_0x3ac3('\x30\x78\x62\x63', '\x58\x42\x5d\x5a') + $_0x3ac3('\x30\x78\x63\x31', '\x6f\x79\x38\x24');
_0x49de8f[$_0x3ac3('\x30\x78\x38\x65', '\x58\x42\x5d\x5a') + '\x43\x6c'] = $_0x3ac3('\x30\x78\x33\x37', '\x67\x45\x6e\x41') + $_0x3ac3('\x30\x78\x36\x38', '\x68\x4f\x4c\x61') + $_0x3ac3('\x30\x78\x66\x33', '\x6f\x23\x29\x28') + $_0x3ac3('\x30\x78\x63\x61', '\x28\x41\x28\x74') + $_0x3ac3('\x30\x78\x38', '\x26\x42\x6b\x48');
_0x49de8f['\x7a\x42\x48' + '\x7a\x68'] = function (_0xd0fe0, _0x3257db) {
return _0xd0fe0 !== _0x3257db;
};
_0x49de8f[$_0x3ac3('\x30\x78\x34\x32', '\x46\x45\x47\x29') + '\x66\x49'] = $_0x3ac3('\x30\x78\x31\x30\x33', '\x29\x4b\x4e\x4d') + $_0x3ac3('\x30\x78\x39\x65', '\x35\x5e\x23\x59');
_0x49de8f[$_0x3ac3('\x30\x78\x37', '\x42\x74\x4b\x23') + '\x70\x77'] = function (_0x69cddf, _0x4bd834) {
return _0x69cddf !== _0x4bd834;
};
_0x49de8f['\x71\x50\x63' + '\x4d\x66'] = $_0x3ac3('\x30\x78\x39\x63', '\x25\x65\x72\x42') + '\x6c\x78';
_0x49de8f['\x4f\x57\x54' + '\x48\x4d'] = function (_0x21e0c9, _0x180e5d) {
return _0x21e0c9 + _0x180e5d;
};
_0x49de8f[$_0x3ac3('\x30\x78\x35\x36', '\x58\x56\x36\x47') + '\x45\x4d'] = $_0x3ac3('\x30\x78\x64\x31', '\x59\x23\x40\x35') + '\x75';
_0x49de8f[$_0x3ac3('\x30\x78\x36', '\x64\x72\x45\x4a') + '\x6d\x51'] = $_0x3ac3('\x30\x78\x32\x37', '\x5b\x51\x75\x53') + $_0x3ac3('\x30\x78\x66\x31', '\x25\x65\x72\x42');
_0x49de8f[$_0x3ac3('\x30\x78\x65\x31', '\x58\x56\x36\x47') + '\x68\x51'] = $_0x3ac3('\x30\x78\x37\x36', '\x72\x42\x25\x4c') + '\x76\x68';
_0x49de8f[$_0x3ac3('\x30\x78\x38\x61', '\x26\x77\x52\x28') + '\x79\x68'] = function (_0x2e080b, _0x1eb95d) {
return _0x2e080b + _0x1eb95d;
};
_0x49de8f['\x74\x4c\x61' + '\x72\x4a'] = $_0x3ac3('\x30\x78\x61\x63', '\x46\x45\x47\x29') + '\x72';
_0x49de8f['\x4c\x7a\x66' + '\x49\x53'] = $_0x3ac3('\x30\x78\x61\x62', '\x69\x43\x48\x77') + '\x74\x65\x4f' + $_0x3ac3('\x30\x78\x33\x64', '\x28\x41\x28\x74') + '\x63\x74';
_0x49de8f[$_0x3ac3('\x30\x78\x66\x32', '\x59\x23\x40\x35') + '\x71\x49'] = function (_0x26592c, _0x15fe20) {
return _0x26592c(_0x15fe20);
};
var _0x3c186a = _0x49de8f;
function _0x4c5216(_0x1391b3) {
var _0x5d9b44 = {};
_0x5d9b44[$_0x3ac3('\x30\x78\x63\x62', '\x28\x41\x28\x74') + '\x44\x47'] = _0x3c186a[$_0x3ac3('\x30\x78\x65\x66', '\x58\x42\x5d\x5a') + '\x72\x75'];
var _0x4ed680 = _0x5d9b44;
if (_0x3c186a[$_0x3ac3('\x30\x78\x66\x62', '\x69\x43\x48\x77') + '\x47\x76'] !== $_0x3ac3('\x30\x78\x37\x37', '\x59\x23\x40\x35') + '\x71\x77') {
var _0x594c31 = firstCall ? function () {
if (fn) {
var _0x351229 = fn['\x61\x70\x70' + '\x6c\x79'](context, arguments);
fn = null;
return _0x351229;
}
} : function () {
};
firstCall = ![];
return _0x594c31;
} else {
if (_0x3c186a[$_0x3ac3('\x30\x78\x35\x35', '\x59\x23\x40\x35') + '\x79\x57'](typeof _0x1391b3, _0x3c186a[$_0x3ac3('\x30\x78\x32\x31', '\x5b\x51\x75\x53') + '\x57\x67'])) {
return function (_0x4bceeb) {
}['\x63\x6f\x6e' + $_0x3ac3('\x30\x78\x64\x35', '\x51\x50\x54\x47') + $_0x3ac3('\x30\x78\x66\x34', '\x61\x51\x25\x78') + '\x6f\x72'](_0x3c186a[$_0x3ac3('\x30\x78\x38\x36', '\x26\x54\x26\x4e') + '\x43\x6c'])[$_0x3ac3('\x30\x78\x33\x33', '\x44\x63\x32\x77') + '\x6c\x79'](_0x3c186a['\x4e\x55\x41' + '\x72\x75']);
} else {
if (_0x3c186a[$_0x3ac3('\x30\x78\x61\x66', '\x67\x45\x6e\x41') + '\x7a\x68'](('' + _0x1391b3 / _0x1391b3)[_0x3c186a['\x62\x6c\x67' + '\x66\x49']], 0x1) || _0x3c186a[$_0x3ac3('\x30\x78\x61\x65', '\x64\x62\x46\x73') + '\x79\x57'](_0x1391b3 % 0x14, 0x0)) {
if (_0x3c186a[$_0x3ac3('\x30\x78\x37\x31', '\x42\x32\x52\x31') + '\x70\x77'](_0x3c186a[$_0x3ac3('\x30\x78\x64', '\x40\x39\x52\x5d') + '\x4d\x66'], $_0x3ac3('\x30\x78\x36\x61', '\x74\x36\x73\x4c') + '\x6c\x78')) {
$_0x3971b9();
} else {
(function () {
return !![];
}[$_0x3ac3('\x30\x78\x66\x37', '\x28\x41\x28\x74') + $_0x3ac3('\x30\x78\x64\x33', '\x44\x63\x32\x77') + $_0x3ac3('\x30\x78\x66\x64', '\x71\x78\x5a\x44') + '\x6f\x72'](_0x3c186a['\x4f\x57\x54' + '\x48\x4d'](_0x3c186a[$_0x3ac3('\x30\x78\x34\x39', '\x35\x5e\x23\x59') + '\x45\x4d'], $_0x3ac3('\x30\x78\x39\x35', '\x68\x4f\x4c\x61') + '\x72'))[$_0x3ac3('\x30\x78\x31\x30\x32', '\x44\x6b\x29\x77') + '\x6c'](_0x3c186a[$_0x3ac3('\x30\x78\x37\x38', '\x71\x78\x5a\x44') + '\x6d\x51']));
}
} else {
if (_0x3c186a[$_0x3ac3('\x30\x78\x33\x61', '\x71\x78\x5a\x44') + '\x68\x51'] !== $_0x3ac3('\x30\x78\x63\x64', '\x35\x5e\x23\x59') + '\x49\x74') {
(function () {
return ![];
}[$_0x3ac3('\x30\x78\x36\x31', '\x69\x43\x48\x77') + '\x73\x74\x72' + $_0x3ac3('\x30\x78\x34\x31', '\x29\x4b\x4e\x4d') + '\x6f\x72'](_0x3c186a[$_0x3ac3('\x30\x78\x36\x35', '\x28\x41\x28\x74') + '\x79\x68'](_0x3c186a[$_0x3ac3('\x30\x78\x38\x39', '\x68\x76\x75\x5a') + '\x45\x4d'], _0x3c186a[$_0x3ac3('\x30\x78\x63\x35', '\x6f\x79\x38\x24') + '\x72\x4a']))[$_0x3ac3('\x30\x78\x64\x65', '\x72\x42\x25\x4c') + '\x6c\x79'](_0x3c186a['\x4c\x7a\x66' + '\x49\x53']));
} else {
return function (_0x57930f) {
}[$_0x3ac3('\x30\x78\x64\x64', '\x30\x63\x55\x33') + '\x73\x74\x72' + $_0x3ac3('\x30\x78\x65\x36', '\x64\x62\x46\x73') + '\x6f\x72']('\x77\x68\x69' + $_0x3ac3('\x30\x78\x63\x38', '\x61\x51\x25\x78') + $_0x3ac3('\x30\x78\x62\x65', '\x50\x6e\x69\x69') + '\x75\x65\x29' + '\x20\x7b\x7d')[$_0x3ac3('\x30\x78\x61\x36', '\x52\x40\x6b\x78') + '\x6c\x79'](_0x4ed680[$_0x3ac3('\x30\x78\x38\x30', '\x74\x24\x34\x6e') + '\x44\x47']);
}
}
}
_0x3c186a[$_0x3ac3('\x30\x78\x38\x37', '\x42\x74\x4b\x23') + '\x71\x49'](_0x4c5216, ++_0x1391b3);
}
}
try {
if (_0x4ce080) {
return _0x4c5216;
} else {
_0x4c5216(0x0);
}
} catch (_0x2cfea0) {
}
}
二、反混淆流程
第一步:解密三要素检查
1.这里默认符合,无需调整
2.不符合,参考如下
AST反混淆实战-低级难度(二、混淆demo说明,三、混淆demo整理)部分
https://jia666666.blog.csdn.net/article/details/120369644
第二步:return多级回调检查
1.这里无return多级回调,无操作
2.存在多级回调,参考解决方法
AST反混淆实战-中级难度(四、难点说明-难点一)部分
https://jia666666.blog.csdn.net/article/details/120370610
处理流程:return多级回调处理-->大数组解密
前者无则不操作
以上主要为大数组解密服务
难点解决1
AST反混淆进阶--字符解码
https://jia666666.blog.csdn.net/article/details/120202376
难点解决2
ast反混淆进阶--大数组解密
https://jia666666.blog.csdn.net/article/details/120304802
注意!注意!!注意!!!
针对解密函数的提取,因解密函数的类型不一,
故提取解密函数名的操作不同,需要针对性的进行部分改写
否则会报错,无法进行后续操作
难点解决3:
AST反混淆进阶-对象合并
https://jia666666.blog.csdn.net/article/details/120203074
难点解决4:
AST反混淆进阶-对象属性字符合并
https://jia666666.blog.csdn.net/article/details/120367419
难点解决5:
ast反混淆进阶--花指令处理
https://jia666666.blog.csdn.net/article/details/120287559
难点6
AST反混淆进阶-禁用console输出功能删减
https://jia666666.blog.csdn.net/article/details/120354257
难点7
AST反混淆进阶-debugger保护及定时器删减
https://jia666666.blog.csdn.net/article/details/120368087
优化1
ast反混淆进阶--自执行空实参替换顺序语句
https://jia666666.blog.csdn.net/article/details/120303435
优化二
AST反混淆进阶-常量计算
https://jia666666.blog.csdn.net/article/details/120268075
三、反混淆处理结果
四、解混淆
const fs = require("fs");//文件读写
const parse = require("@babel/parser"); //解析为ast
const traverse = require('@babel/traverse').default;//遍历节点
const t = require('@babel/types');//类型
const generator = require('@babel/generator').default;//ast解析为代码
//读取js文件
const jscode = fs.readFileSync(
'./demo.js', {
encoding: 'utf-8'
}
);
let ast = parse.parse(jscode);//js转ast
try {
// //TODO 1 字符还原
ast = decry_str(ast)//16进制数字还原与字符还原
console.log('第一步:准备工作已完成')
//TODO 2 大数组解密
ast = parse.parse(generator(ast).code);//刷新ast
ast = decrypt_arr(ast)//大数组还原
console.log('第二步:大数组解密已完成')
//TODO 3 拆分对象合并
ast = parse.parse(generator(ast).code);//刷新ast
traverse(ast, {VariableDeclarator: {exit: [merge_obj]},}); // 将拆分的对象重新合并-花指令还原准备工作
console.log('第三步:拆分对象合并已完成')
//TODO 4 对象表达式字符串合并
traverse(ast, {ObjectProperty: {exit: [AddObjPro]},}); //
console.log('第四步:对象表达式字符串合并已完成')
//TODO 5 花指令函数处理
ast = parse.parse(generator(ast).code);//刷新ast
traverse(ast, {VariableDeclarator: {exit: [callToStr]},}); // 对象替换
console.log('第五步:花指令处理已完成')
//
//TODO 6 禁用console删减
ast = parse.parse(generator(ast).code)//刷新ast
traverse(ast, {VariableDeclarator: {exit: [DelConsole_one]},});
ast = parse.parse(generator(ast).code)//刷新ast
traverse(ast, {VariableDeclarator: {exit: [DelConsole_two]},});
console.log('第六步:禁用console删减已完成')
//TODO 8 删除定时器部分
traverse(ast, {CallExpression: {exit: [del_setInterval]},}); // 删减定时器
// //TODO 9 删减debugger部分
traverse(ast, {VariableDeclarator: {exit: [DelDebuger_one]}}); //禁用debugger删减
ast = parse.parse(generator(ast).code);
traverse(ast, {FunctionDeclaration: {enter: [DelDebuger_two]}}); //禁用debugger删减
//TODO 10 替换空参数的自执行方法为顺序语句
traverse(ast, {ExpressionStatement: delConvParam,}) // 替换空参数的自执行方法为顺序语句
//TODO 11 常量计算
traverse(ast, { // 常量计算,慎用!
"UnaryExpression|BinaryExpression|ConditionalExpression|CallExpression": eval_constant,
});
} catch (e) {
console.log(e);
} finally {
//TODO Finally ast还原js
code = generator(ast, opts = {jsescOption: {"minimal": true}}).code// 处理中文Unicode
//文件保存
fs.writeFile('./demoNew.js', code, (err) => {
});
}
function add_Mem_str(path) {
let node = path.node;
if (node.computed && t.isBinaryExpression(node.property) && node.property.operator == '+') {
let BinNode = node.property;//属性节点
let tmpast = parse.parse(generator(BinNode).code);
let addstr = '';
traverse(tmpast, {
BinaryExpression: {
exit: function (_p) {
if (t.isStringLiteral(_p.node.right) && t.isStringLiteral(_p.node.left)) {//二进制表达式左右有一个类型为字符型
_p.replaceWith(t.StringLiteral(eval(generator(_p.node).code))) // 值替换节点
}
addstr = _p.toString();
}
}
})
node.property = t.Identifier(addstr);
}
}
function decrypt_arr(ast) {
//TODO 1 解密三部分的代码执行
let end = 3;//切片需要处理的代码块
let newAst = parse.parse('');//新建ast
let decrypt_code = ast.program.body.slice(0, end);//切片
newAst.program.body = decrypt_code// 将前3个节点替换进新建ast
let stringDecryptFunc = generator(newAst, {compact: true},).code;//转为js,由于存在格式化检测,需要指定选项,来压缩代码// 自动转义
eval(stringDecryptFunc);//执行三部分的代码
//TODO 2 准备工作及对解密三部分节点删除
let stringDecryptFuncAst = ast.program.body[end - 1];// 拿到解密函数所在的节点
let DecryptFuncName = stringDecryptFuncAst.declarations[0].id.name;//拿到解密函数的名字
var rest_code = ast.program.body.slice(end); // 剩下的节点
ast.program.body = rest_code;//剩下的节点替换
//TODO 3 加密数组还原
traverse(ast, {
CallExpression(path) {//回调表达式匹配--替换加密数组为对应的值
if (t.isIdentifier(path.node.callee, {name: DecryptFuncName})) { //当变量名与解密函数名相同时,就执行相应操作
path.replaceWith(t.valueToNode(eval(path.toString()))); // 值替换节点
}
},
});
traverse(ast, {MemberExpression: {exit: [add_Mem_str]},}); // 成员表达式字符串合并
return ast;
}
function merge_obj(path) {
// 将拆分的对象重新合并
const {id, init} = path.node;//提取节点指定的值
if (!t.isObjectExpression(init))//如果指定属性不是对象表达式,退出
return;
let name = id.name;//获取id的名称
let properties = init.properties;//获取初始属性数组
let scope = path.scope;//获取路径的作用域
let binding = scope.getBinding(name);//
if (!binding || binding.constantViolations.length > 0) {//检查该变量的值是否被修改--一致性检测
return;
}
let paths = binding.referencePaths;//绑定引用的路径
paths.map(function (refer_path) {
let bindpath = refer_path.parentPath;//父路径
if (!t.isVariableDeclarator(bindpath.node)) return;//变量声明
let bindname = bindpath.node.id.name;//获取变量节点声明的值
bindpath.scope.rename(bindname, name, bindpath.scope.block);//变量名重命名,传作用域参数
bindpath.remove();//删除节点
});
scope.traverse(scope.block, {
AssignmentExpression: function (_path) {//赋值表达式
const left = _path.get("left");//节点路径左侧信息
const right = _path.get("right");//节点路径右侧信息
if (!left.isMemberExpression())//左侧是否为成员表达式
return;
const object = left.get("object");//获取左侧信息的对象
const property = left.get("property");//获取左侧信息的属性
//a={},a['b']=5;合并后a={'b':5}
if (object.isIdentifier({name: name}) && property.isStringLiteral() && _path.scope == scope) {
properties.push(t.ObjectProperty(t.valueToNode(property.node.value), right.node));
_path.remove();
}
//a={},a.b=5;合并后a={'b':5}
if (object.isIdentifier({name: name}) && property.isIdentifier() && _path.scope == scope) {
properties.push(t.ObjectProperty(t.valueToNode(property.node.name), right.node));
_path.remove();
}
}
})
}
function callToStr(path) {
// 将对象进行替换
var node = path.node;//获取路径节点
if (!t.isObjectExpression(node.init))//不是对象表达式则退出
return;
var objPropertiesList = node.init.properties; // 获取对象内所有属性
if (objPropertiesList.length == 0) // 对象内属性列表为0则退出
return;
var objName = node.id.name; // 对象名
let scope = path.scope;//获取路径的作用域
let binding = scope.getBinding(objName);//
if (!binding || binding.constantViolations.length > 0) {//检查该变量的值是否被修改--一致性检测
return;
}
let paths = binding.referencePaths;//绑定引用的路径
let paths_sums = 0;//路径计数
objPropertiesList.forEach(prop => {
var key = prop.key.value;//属性名
if (t.isFunctionExpression(prop.value))//属性值为函数表达式
{
var retStmt = prop.value.body.body[0];//定位到ReturnStatement
path.scope.traverse(path.scope.block, {
CallExpression: function (_path) {//调用表达式匹配
let _path_binding = _path.scope.getBinding(objName);//当前作用域获取绑定
if (_path_binding != binding) return;//两者绑定对比
if (!t.isMemberExpression(_path.node.callee))//成员表达式判定
return;
var _node = _path.node.callee;//回调函数节点
if (!t.isIdentifier(_node.object) || _node.object.name !== objName)//非标识符检测||节点对象名全等验证
return;
if (!(t.isStringLiteral(_node.property) || t.isIdentifier(_node.property)))//节点属性非可迭代字符验证||节点属性标识符验证
return;
if (!(_node.property.value == key || _node.property.name == key))//节点属性值与名称等于指定值验证
return;
if (!t.isStringLiteral(_node.property) || _node.property.value != key)//节点属性可迭代字符验证与节点属性值与指定值等于验证
return;
var args = _path.node.arguments;//获取节点的参数
// 二元运算
if (t.isBinaryExpression(retStmt.argument) && args.length === 2)//二进制表达式判定且参数为两个
{
_path.replaceWith(t.binaryExpression(retStmt.argument.operator, args[0], args[1]));//二进制表达式替换当前节点
}
// 逻辑运算
else if (t.isLogicalExpression(retStmt.argument) && args.length == 2)//与二元运算一样
{
_path.replaceWith(t.logicalExpression(retStmt.argument.operator, args[0], args[1]));
}
// 函数调用
else if (t.isCallExpression(retStmt.argument) && t.isIdentifier(retStmt.argument.callee))//回调函数表达式判定及回调参数部分判定
{
_path.replaceWith(t.callExpression(args[0], args.slice(1)))
}
paths_sums += 1;//删除计数标志
}
})
} else if (t.isStringLiteral(prop.value)) {//属性值为可迭代字符类型
var retStmt = prop.value.value;//属性值的值即A:B中的B部分
path.scope.traverse(path.scope.block, {
MemberExpression: function (_path) {//成员表达式
let _path_binding = _path.scope.getBinding(objName);//当前作用域获取绑定
if (_path_binding != binding) return;//两者绑定对比
var _node = _path.node;
if (!t.isIdentifier(_node.object) || _node.object.name !== objName)//节点对象标识符验证|节点对象名验证
return;
if (!(t.isStringLiteral(_node.property) || t.isIdentifier(_node.property)))//节点属性可迭代字符验证|标识符验证
return;
if (!(_node.property.value == key || _node.property.name == key))//节点属性值与名称等于指定值验证
return;
if (!t.isStringLiteral(_node.property) || _node.property.value != key)//节点属性可迭代字符判定|节点属性值等于指定值验证
return;
_path.replaceWith(t.stringLiteral(retStmt))//节点替换
paths_sums += 1;//删除计数标志
}
})
}
});
if (paths_sums == paths.length) {//若绑定的每个路径都已处理 ,则移除当前路径
path.remove();//删除路径
}
}
function DelConsole_one(path) {
// 删除console
let node = path.node;//获取路径节点
if (!t.isCallExpression(node.init)) return;//不是回调表达式,退出
if (node.init.arguments.length !== 2) return;//形参不等于2个
if (!t.isThisExpression(node.init.arguments[0])) return;//this表达式
let thisname = node.id.name;//节点名称
let scope = path.scope;//获取路径的作用域
let binding = scope.getBinding(thisname);//获取绑定
if (!binding || binding.constantViolations.length > 0) {//检查该变量的值是否被修改--一致性检测
return;
}
let paths = binding.referencePaths;//绑定引用的路径
paths.map(function (refer_path) {
let bindpath = refer_path.parentPath;//父路径
if (!t.isCallExpression(bindpath)) return;//回调表达式判断
if (!t.isIdentifier(bindpath.node.callee)) return;//标识符判定
bindpath.remove();//删除路径
});
path.remove();//删除路径
}
function DelConsole_two(path) {
// 删除console遗留下列未使用的定义变量
let node = path.node;//获取路径节点
if (!t.isCallExpression(node.init)) return;//不是回调表达式,退出
if (node.init.arguments.length !== 0) return;//形参不等于0个
if (!t.isFunctionExpression(node.init.callee)) return;//this表达式
let thisname = node.id.name;//节点名称
let scope = path.scope;//获取路径的作用域
let binding = scope.getBinding(thisname);//获取绑定
if (!binding || binding.constantViolations.length > 0) {//检查该变量的值是否被修改--一致性检测
return;
}
let paths = binding.referencePaths;//绑定引用的路径
if (paths.length !== 0) return;
path.remove();//删除路径
}
function remove_comma(path) {
// 去除逗号表达式
let {expression} = path.node
if (!t.isSequenceExpression(expression))
return;
let body = []
expression.expressions.forEach(
express => {
body.push(t.expressionStatement(express))
}
)
path.replaceInline(body)
}
function del_setInterval(path) {
// 将对象进行替换
var node = path.node;//获取路径节点
if (!t.isIdentifier(node.callee))//不是标识符则退出
return;
if (node.callee.name != 'setInterval') return;//不是定时器退出
if (node.arguments.length !== 2) return;
if (!t.isFunctionExpression(node.arguments[0]) || node.arguments[0].params.length !== 0) return;
let InterNode = node.arguments[0].body.body[0];
if (!t.isExpressionStatement(InterNode)) return;
if (!t.isCallExpression(InterNode.expression)) return;
if (!t.isIdentifier(InterNode.expression.callee)) return;
let InterName = InterNode.expression.callee.name;
let scope = path.scope;//获取路径的作用域
let binding = scope.getBinding(InterName);//
if (!binding || binding.constantViolations.length > 0) {//检查该变量的值是否被修改--一致性检测
return;
}
let paths = binding.referencePaths;//绑定引用的路径
// if(paths.length==0)return;//引用路径必须等于1
let paths_sums = 0;//路径计数
paths.map(function (refer_path) {
let bindpath = refer_path.parentPath;//父路径
let break_sign = true;//while循环控制
while (break_sign) {
try {
bindpath.remove();//路径删除
paths_sums += 1;//处理数+1
break_sign = false;//while循环终止
} catch (e) {
bindpath = bindpath.parentPath;
}
}
});
if (paths_sums == paths.length) {//若绑定的每个路径都已处理 ,则移除当前路径
path.remove();//删除路径
}
}
function DelDebuger_one(path) {
// 将对象进行替换
var node = path.node;//获取路径节点
if (!t.isCallExpression(node.init)) return;//回调表达式过滤
if (node.init.arguments.length !== 0) return;//实参个数为0
if (!t.isFunctionExpression(node.init.callee)) return;//函数表达式过滤
if (node.init.callee.params.length !== 0) return;//形参个数过滤
let varName = node.id.name;//定义的变量名称
let scope = path.scope;//获取路径的作用域
let binding = scope.getBinding(varName);//
if (!binding || binding.constantViolations.length > 0) {//检查该变量的值是否被修改--一致性检测
return;
}
let paths = binding.referencePaths;//绑定引用的路径
// if(paths.length===0)return;//引用路径必须等于1
let paths_sums = 0;//路径计数
paths.map(function (refer_path) {
let bindpath = refer_path.parentPath;//父路径
let BinNode = bindpath.node;//获取路径节点
if (!t.isCallExpression(BinNode)) return;//不是回调表达式,退出
if (BinNode.arguments.length !== 2) return;//形参不等于2个
if (!t.isThisExpression(BinNode.arguments[0])) return;//this表达式
let thisname = BinNode.callee.name;//节点名称
if (thisname !== varName) return;//二次确认,名称不等退出
let break_sign = true;//while循环控制
while (break_sign) {
try {
bindpath.remove();//路径删除
paths_sums += 1;//处理数+1
break_sign = false;//while循环终止
} catch (e) {
bindpath = bindpath.parentPath;
}
}
});
if (paths_sums == paths.length) {//若绑定的每个路径都已处理 ,则移除当前路径
path.remove();//删除路径
}
}
function DelDebuger_two(path) {
//删减deugger未引用的函数
var node = path.node;//获取路径节点
let varName = node.id.name;//定义的变量名称
let scope = path.scope;//获取路径的作用域
let binding = scope.getBinding(varName);//
if (!binding || binding.constantViolations.length > 0) {//检查该变量的值是否被修改--一致性检测
return;
}
let paths = binding.referencePaths;//绑定引用的路径
if (paths.length !== 0) return;//引用路径必须等于1
path.remove();//删除路径
}
function AddObjPro(path) {
if (t.isBinaryExpression(path.node.value)) {
let BinNode = path.node.value;//属性节点
if (!t.isBinaryExpression(BinNode)) return;//二相式表达式验证
try {
path.node.value = t.StringLiteral(eval(generator(BinNode).code)); // 值替换节点
} catch (e) {
}
}
}
function delConvParam(path) {
// 替换空参数的自执行方法为顺序语句
let node = path.node;//路径节点
let node_exp = node.expression;//节点表达式
//回调表达式|一元表达式
if (!t.isCallExpression(node_exp) && !t.isUnaryExpression(node_exp))
return;
//实参列表为空且长度不大于0
if (node.expression.arguments !== undefined && node.expression.arguments.length > 0)
return;
if (t.isUnaryExpression(node_exp) && node_exp.operator == '!') {//第二种自执行修改为第一种类型
node_exp = node_exp.argument;
}
if (t.isCallExpression(node_exp)) {//第一种自执行
if (!t.isFunctionExpression(node_exp.callee))//函数表达式判断
return;
let paramsList = node_exp.callee.params//形参列表
if (paramsList.length > 0) {
paramsList.map(function (letname) {
if (t.isIdentifier(letname)) {
//定义一个变量,并添加到结构体中
let varDec = t.VariableDeclarator(t.identifier(letname.name))//
let localAST = t.VariableDeclaration('var', [varDec]);//
node_exp.callee.body.body.unshift(localAST);//添加
}
})
}
// 替换节点
path.replaceInline(node_exp.callee.body.body);
}
}
function eval_constant(path) {
// 常量计算
if (path.type == "UnaryExpression") {
const {operator, argument} = path.node;
if (operator == "-" && t.isLiteral(argument)) {
return;
}
}
const {confident, value} = path.evaluate();
// 无限计算则退出,如1/0与-(1/0)
if (value == Infinity || value == -Infinity)
return;
confident && path.replaceWith(t.valueToNode(value));
}
function decry_str(ast) {
//数字与字符还原
traverse(ast, {
'StringLiteral|NumericLiteral|DirectiveLiteral'(path) {//迭代字符串|迭代数组匹配--16进制文本还原
delete path.node.extra; //删除节点的额外部分-触发原始值处理
},
});
return ast;
}
五、解混淆完成
window["v14"] = "6a5fn834";
window["v142"] = "57649599571";
六、建议
在解混淆源码中,可以逐步一个个的开启功能解析
对比解析前后的情况,更好的明白每个功能解析达到的目的