源代码如下,拿到手按照惯例先到JS在线一键解密工具站解一遍。
(function (_0x5cfea0, _0x511d4e) {
var _0x2bedf7 = a0_0x2407, _0xe15b1c = _0x5cfea0();
while (!![]) {
try {
var _0x4dc616 = parseInt(_0x2bedf7(0xc4)) / 0x1 + -parseInt(_0x2bedf7(0xad)) / 0x2 * (-parseInt(_0x2bedf7(0x9c)) / 0x3) + -parseInt(_0x2bedf7(0xc5)) / 0x4 * (-parseInt(_0x2bedf7(0xa9)) / 0x5) + parseInt(_0x2bedf7(0xc6)) / 0x6 * (parseInt(_0x2bedf7(0xbd)) / 0x7) + parseInt(_0x2bedf7(0xb1)) / 0x8 + -parseInt(_0x2bedf7(0xb9)) / 0x9 + -parseInt(_0x2bedf7(0xb7)) / 0xa;
if (_0x4dc616 === _0x511d4e) break; else _0xe15b1c['push'](_0xe15b1c['shift']());
} catch (_0x4fe599) {
_0xe15b1c['push'](_0xe15b1c['shift']());
}
}
}(a0_0x5a3b, 0xc561a), (function () {
var _0x23e01e = a0_0x2407, _0x4294d1 = {
'./src/index.js': function () {
eval('这里是又一次加密过的js.......');
}
}, _0x3a95a0 = {};
_0x4294d1[_0x23e01e(0xc2)]();
}()));
function a0_0x2407(_0x45eb65, _0x29fa5e) {
var _0x5a3b05 = a0_0x5a3b();
return a0_0x2407 = function (_0x240731, _0x4ce8fc) {
_0x240731 = _0x240731 - 0x9a;
var _0x4a3c64 = _0x5a3b05[_0x240731];
return _0x4a3c64;
}, a0_0x2407(_0x45eb65, _0x29fa5e);
}
function a0_0x5a3b() {
var _0x4a6970 = ['8284Vamlun', '893514UMNaFf', 'isAutoClick', 'indexOf', '1074HyjfHy', 'ks12tiao2', '230390kesVgX', 'AD_ITEM_CLICK_1', 'appCodeName', '374901yViwTV', 'openAppStore', 'visibilityState', 'Index', '12KiguRR', 'appName', 'KSADSDK', '973YRIpWS', 'shift', 'visible', 'QUICK_APP_ST_CHANNEL', '15530CwqFyU', '1250238KpCoFX', '3035RafOqd', 'length', 'AD_TRY_PLAY_GAME_START', 'isGuiYinSuccess', '14yGmeUt', 'ksNebula', 'push', 'navigator', '6648048jSBrQF', 'userAgent', 'ConvertType', '175108hUfmTB', 'EventType', 'ks12tiao1', '40994090BAyNcb', 'load', '1356804XtZmey', 'vendor', 'kyy_source', 'addEventListener', '28ktvATI', 'playableSDK', 'bookid', '6148978ZMyfoo', 'marketCode', './src/index.js', '828iXQfVg', '1500091zruHDw'];
a0_0x5a3b = function () {
return _0x4a6970;
};
return a0_0x5a3b();
}
看到这个js的第一眼,感觉挺简单的,于是随手解了一下,变成如下这个样子
(function () {
var _0x4294d1 = {
'./src/index.js': function () {
eval('这里是又一次加密过的js.......');
}
},
_0x3a95a0 = {};
_0x4294d1["./src/index.js"]();
})();
然后接下去解,发现最后解出来的代码是错的(不要问我为什么知道是错的,凭感觉。。)
最后花时间重新研究了一遍,发现问题在于第一次解密的时候解掉了重要的代码,又重新解了一次。最后解成了下边这样,代码敏感,只贴部分出来
function prmAppRouter() {
var prm = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {},
autoClick = prm.isAutoClick,
type = prm.type,
libraryId = prm.libraryId,
bookid = prm.bookid,
urlToJson1 = urlToJson(),
navigator = window.navigator;
urlToJson1.kyy_source = JSON.stringify({
'kyy_type': type || "click",
'appcode': navigator.appCodeName,
'appname': navigator.appName,
'platform': navigator.platform,
'useragent': navigator.userAgent,
'vendor': navigator.vendor
});
urlToJson1.QUICK_APP_ST_CHANNEL = appConfig.marketCode ? appConfig.marketCode : 'kuaishou';
autoClick && (urlToJson1.isGuiYinSuccess = true);
libraryId && bookid && (urlToJson1.libraryId = libraryId, urlToJson1.bookid = bookid);
urlToJson1.libraryId = 'xxxxx';
urlToJson1.bookid = "xxxxxxxxxx";
appRouter(appConfig.appCode, "Index", urlToJson1);
}
搞定收工。
如果有更好的解密思路,或者对我文章内容有疑问的可以通过以下方式联系我,或者点赞评论哦
JS加密工具站 底部有我联系方式