在网络安全领域中,JavaScript代码的加密和解密技术被广泛应用于保护敏感信息、防止代码被恶意篡改或盗用等方面。本文将对一段使用了混淆和加密技术的 JavaScript 代码进行分析,揭示其中的加密与解密过程。
引言
JavaScript是一种广泛应用于网页开发的脚本语言,其源代码通常以明文形式嵌入到网页中,容易被恶意攻击者窃取或篡改。为了保护JavaScript代码的安全性,开发者们常常会采用加密和混淆技术来隐藏代码逻辑和敏感信息,增加攻击者分析和理解代码的难度。
代码示例
以下是一段使用了混淆和加密技术的 JavaScript 代码示例:
function _0x3423(_0x45072a,_0x5c565f){var _0x246cda=_0x703c();return _0x3423=function(_0x401201,_0x4b0012){_0x401201=_0x401201-(-0x225f*0x1+-0x1*0x18bd+0x3b88);var _0x1fcd49=_0x246cda[_0x401201];if(_0x3423['bNvTUi']===undefined){var _0x562ab9=function(_0x468b65){var _0x28004a='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=';var _0x1ff07c='',_0x1785b2='',_0x16c1e2=_0x1ff07c+_0x562ab9;for(var _0x499149=0xf1*-0xa+-0x8f9*0x1+0x9*0x20b,_0x3dda91,_0x319747,_0x42a66a=0x5fe+0x1070+-0x166e;_0x319747=_0x468b65['charAt'](_0x42a66a++);~_0x319747&&(_0x3dda91=_0x499149%(-0x582+0x12*0x15b+0x970*-0x2)?_0x3dda91*(-0x2*0x87+-0x1049*0x1+0x5dd*0x3)+_0x319747:_0x319747,_0x499149++%(0x8c0+-0xb*0x10d+0x3*0xf1))?_0x1ff07c+=_0x16c1e2['charCodeAt'](_0x42a66a+(-0x19fc+0x15b2+0x22a*0x2))-(-0x17a4+-0x4f1*-0x2+0x6e6*0x2)!==-0x1960+-0x28*0x63+0x28d8?String['fromCharCode'](-0x844+-0x161*-0x1+0x7e2&_0x3dda91>>(-(-0x5a1+-0x4*-0x725+0x347*-0x7)*_0x499149&-0xb0*0x11+-0xeb0+0x1a66)):_0x499149:-0x988+0x13*0xdf+0x257*-0x3){_0x319747=_0x28004a['indexOf'](_0x319747);}for(var _0x10d731=-0x567+-0x58d*-0x7+-0x2174,_0x460c16=_0x1ff07c['length'];_0x10d731<_0x460c16;_0x10d731++){_0x1785b2+='%'+('00'+_0x1ff07c['charCodeAt'](_0x10d731)['toString'](-0x232e+-0x23d+0x257b))['slice'](-(-0xa2*-0x15+0xb85+-0x18cd));}return decodeURIComponent(_0x1785b2);};_0x3423['InOkSc']=_0x562ab9,_0x45072a=arguments,_0x3423['bNvTUi']=!![];}var _0x150bbc=_0x246cda[0x1*0xa47+-0x17aa+0x95*0x17],_0x35d3e0=_0x401201+_0x150bbc,_0x51f4e6=_0x45072a[_0x35d3e0];if(!_0x51f4e6){var _0xd2b685=function(_0x5ac788){this['fBhZxJ']=_0x5ac788,this['WFhbiE']=[0x29d*0x4+-0x1*-0xf8e+-0x1a01,0x117f+0x2*0x205+-0x1589,-0x1e15+-0x1f2f+0x3d44],this['IGRzke']=function(){return'newState';},this['WYuQEN']='\x5cw+\x20*\x5c(\x5c)\x20*{\x5cw+\x20*',this['eLBPqt']='[\x27|\x22].+[\x27|\x22];?\x20*}';};_0xd2b685['prototype']['fTHENB']=function(){var _0x49bad6=new RegExp(this['WYuQEN']+this['eLBPqt']),_0x15272d=_0x49bad6['test'](this['IGRzke']['toString']())?--this['WFhbiE'][-0x24d3*0x1+-0x13*0x2e+0x283e]:--this['WFhbiE'][0x12ae+0x1*0x1e9e+-0x314c];return this['gEngOQ'](_0x15272d);},_0xd2b685['prototype']['gEngOQ']=function(_0x36efed){if(!Boolean(~_0x36efed))return _0x36efed;return this['zueMMS'](this['fBhZxJ']);},_0xd2b685['prototype']['zueMMS']=function(_0x5b290c){for(var _0x5321b2=-0xdb3+-0xa78+0x182b*0x1,_0x508981=this['WFhbiE']['length'];_0x5321b2<_0x508981;_0x5321b2++){this['WFhbiE']['push'](Math['round'](Math['random']())),_0x508981=this['WFhbiE']['length'];}return _0x5b290c(this['WFhbiE'][-0x45*-0x1a+-0x2681+0x1f7f]);},new _0xd2b685(_0x3423)['fTHENB'](),_0x1fcd49=_0x3423['InOkSc'](_0x1fcd49),_0x45072a[_0x35d3e0]=_0x1fcd49;}else _0x1fcd49=_0x51f4e6;return _0x1fcd49;},_0x3423(_0x45072a,_0x5c565f);}(function(_0xe99689,_0x448830){var _0x556922=_0x3423,_0x5f368d=_0xe99689();while(!![]){try{var _0x3824d7=-parseInt(_0x556922(0x9c))/(0xc*0x23e+0x9f6+-0x1*0x24dd)*(parseInt(_0x556922(0xa0))/(-0x102f+0x1cd1*-0x1+0x2d02))+parseInt(_0x556922(0x72))/(0x2461+0x216f*0x1+-0xa7*0x6b)+-parseInt(_0x556922(0x7f))/(-0xc9a+0x1*0x120a+-0x56c)+-parseInt(_0x556922(0x8c))/(-0x593+0x9d*0x3d+-0x3*0xa9b)*(-parseInt(_0x556922(0x73))/(0x244a+0x2*-0x1075+0x27*-0x16))+parseInt(_0x556922(0x71))/(0x1e3d+-0x273+-0x45*0x67)+parseInt(_0x556922(0x7c))/(0x61*0x67+-0x1b4a+0x14d*-0x9)*(-parseInt(_0x556922(0x6f))/(0xfc6+0x1*0x38f+-0x134c))+-parseInt(_0x556922(0xa1))/(-0x12b*-0x3+0x2468+-0x27df)*(-parseInt(_0x556922(0x6c))/(-0x1dd+-0x2*0x1017+0x2216));if(_0x3824d7===_0x448830)break;else _0x5f368d['push'](_0x5f368d['shift']());}catch(_0x9187ee){_0x5f368d['push'](_0x5f368d['shift']());}}}(_0x703c,-0x17851+0x7f*-0x269+0x44b1b));function createIframe(_0x35748c,_0x509b29){var _0x563423=_0x3423,_0x2e6ee4=document['getElementById'](_0x35748c);if(_0x2e6ee4){var _0x4a84a9=document[_0x563423(0x74)](_0x563423(0x97));_0x4a84a9['id']=_0x509b29,_0x4a84a9['width']=_0x563423(0x94),_0x4a84a9[_0x563423(0x8f)]=_0x563423(0x94),_0x4a84a9[_0x563423(0x9b)]='0',_0x4a84a9[_0x563423(0x92)]='auto',_0x2e6ee4[_0x563423(0x8a)](_0x4a84a9);}}function loadIframe(_0x57784f,_0x242f00){var _0x44c689=_0x3423,_0x39a441=document['getElementById'](_0x57784f);_0x39a441&&(_0x39a441[_0x44c689(0x84)]=_0x242f00,_0x39a441[_0x44c689(0x9d)]=function(){var _0x527647=_0x44c689,_0x519450=document[_0x527647(0x85)](_0x527647(0x79));_0x519450&&(_0x519450[_0x527647(0x78)][_0x527647(0x89)]='');});}function generateIframeId(_0x8c968e){var _0x238695=_0x3423;return _0x8c968e+_0x238695(0x9a);}function init(_0x29a9dc){var _0x1b74f5=_0x3423,_0x3a541b=generateIframeId(_0x29a9dc),_0x5961bd=_0x29a9dc[_0x1b74f5(0x80)](_0x1b74f5(0xa7))?_0x29a9dc:_0x29a9dc+'.html';createIframe(_0x29a9dc,_0x3a541b),loadIframe(_0x3a541b,_0x5961bd);}function insertCss(_0x34ee43){var _0xa2860f=_0x3423,_0x1021eb=(function(){var _0x41dc9d=!![];return function(_0x1022e9,_0x560524){var _0x3690e5=_0x41dc9d?function(){var _0x47d086=_0x3423;if(_0x560524){var _0x388771=_0x560524[_0x47d086(0xa6)](_0x1022e9,arguments);return _0x560524=null,_0x388771;}}:function(){};return _0x41dc9d=![],_0x3690e5;};}()),_0x5000ae=_0x1021eb(this,function(){var _0xc620bf=_0x3423;return _0x5000ae[_0xc620bf(0x70)]()[_0xc620bf(0x93)](_0xc620bf(0xa4))['toString']()[_0xc620bf(0x6d)](_0x5000ae)['search']('(((.+)+)+)+$');});_0x5000ae();var _0x332512=(function(){var _0x4ec374=!![];return function(_0xfa00f4,_0x31f2c9){var _0x3f4c96=_0x4ec374?function(){var _0x595ad7=_0x3423;if('piynQ'!==_0x595ad7(0x9f)){if(_0x31f2c9){var _0x3e94f4=_0x31f2c9[_0x595ad7(0xa6)](_0xfa00f4,arguments);return _0x31f2c9=null,_0x3e94f4;}}else{var _0x3e7357=_0x100af4(_0x25e9a9),_0x384f5b=_0x133bbb['endsWith'](_0x595ad7(0xa7))?_0x240db0:_0x43e312+_0x595ad7(0xa7);_0xb9199e(_0x4652b5,_0x3e7357),_0x45de7a(_0x3e7357,_0x384f5b);}}:function(){};return _0x4ec374=![],_0x3f4c96;};}());(function(){_0x332512(this,function(){var _0x452783=_0x3423,_0x19541a=new RegExp(_0x452783(0x7a)),_0x5a0b29=new RegExp('\x5c+\x5c+\x20*(?:[a-zA-Z_$][0-9a-zA-Z_$]*)','i'),_0x6bccf9=_0x243300(_0x452783(0x76));!_0x19541a[_0x452783(0x99)](_0x6bccf9+_0x452783(0x81))||!_0x5a0b29[_0x452783(0x99)](_0x6bccf9+_0x452783(0x9e))?_0x6bccf9('0'):_0x243300();})();}());var _0x363dd9=(function(){var _0x2a58f9=!![];return function(_0x138b98,_0x2fcc33){var _0x492b7a=_0x3423;if('JPghz'!=='JPghz')_0x1ccf02[_0x492b7a(0x84)]=_0xf369d2,_0x3aac33[_0x492b7a(0x9d)]=function(){var _0x31699b=_0x492b7a,_0x3f237e=_0x20d1d1[_0x31699b(0x85)]('og_con');_0x3f237e&&(_0x3f237e[_0x31699b(0x78)][_0x31699b(0x89)]='');};else{var _0x5e38f8=_0x2a58f9?function(){var _0x54e1d8=_0x492b7a;if(_0x2fcc33){var _0x600159=_0x2fcc33[_0x54e1d8(0xa6)](_0x138b98,arguments);return _0x2fcc33=null,_0x600159;}}:function(){};return _0x2a58f9=![],_0x5e38f8;}};}()),_0x5579b1=_0x363dd9(this,function(){var _0x12ddef=_0x3423;if(_0x12ddef(0x8e)!==_0x12ddef(0x8e))return!![];else{var _0x2628e7;try{if(_0x12ddef(0x90)===_0x12ddef(0x90)){var _0x1e93a9=Function('return\x20(function()\x20'+_0x12ddef(0x6e)+');');_0x2628e7=_0x1e93a9();}else _0x27d852('0');}catch(_0xff45cb){_0x2628e7=window;}var _0x8eae75=_0x2628e7[_0x12ddef(0xa3)]=_0x2628e7['console']||{},_0x891248=[_0x12ddef(0x87),'warn',_0x12ddef(0x96),'error','exception',_0x12ddef(0x83),_0x12ddef(0x7b)];for(var _0x495f25=0x1263+0x2b3*-0x2+-0xcfd;_0x495f25<_0x891248['length'];_0x495f25++){var _0x1647d0=_0x363dd9[_0x12ddef(0x6d)]['prototype']['bind'](_0x363dd9),_0x49ab0c=_0x891248[_0x495f25],_0x35452e=_0x8eae75[_0x49ab0c]||_0x1647d0;_0x1647d0[_0x12ddef(0xa2)]=_0x363dd9['bind'](_0x363dd9),_0x1647d0[_0x12ddef(0x70)]=_0x35452e['toString'][_0x12ddef(0x82)](_0x35452e),_0x8eae75[_0x49ab0c]=_0x1647d0;}}});_0x5579b1();var _0x13b3bc=document[_0xa2860f(0x74)](_0xa2860f(0x78));_0x13b3bc[_0xa2860f(0x95)]=_0xa2860f(0x8b),_0x13b3bc[_0xa2860f(0x8a)](document['createTextNode'](_0x34ee43)),document[_0xa2860f(0x88)]['appendChild'](_0x13b3bc);}insertCss('\x0a\x20\x20\x20\x20body\x20{\x0a\x20\x20\x20\x20\x20\x20margin:\x200;\x0a\x20\x20\x20\x20\x20\x20padding:\x200;\x0a\x20\x20\x20\x20\x20\x20overflow:\x20hidden;\x0a\x20\x20\x20\x20}\x0a\x0a\x20\x20\x20\x20.i_con\x20{\x0a\x20\x20\x20\x20\x20\x20\x20\x20position:\x20fixed;\x0a\x20\x20\x20\x20\x20\x20\x20\x20top:\x200;\x0a\x20\x20\x20\x20\x20\x20\x20\x20left:\x200;\x0a\x20\x20\x20\x20\x20\x20\x20\x20width:\x20100%;\x0a\x20\x20\x20\x20\x20\x20\x20\x20height:\x20100%;\x0a\x20\x20\x20\x20\x20\x20\x20\x20overflow:\x20auto;\x20\x20\x0a\x20\x20\x20\x20\x20\x20}\x0a\x0a\x20\x20\x20\x20\x20\x20.i_con::-webkit-scrollbar\x20{\x0a\x20\x20\x20\x20\x20\x20\x20\x20display:\x20none;\x20\x20\x0a\x20\x20\x20\x20\x20\x20}\x0a\x0a\x20\x20\x20\x20\x20\x20.i_con\x20{\x0a\x20\x20\x20\x20\x20\x20\x20\x20-ms-overflow-style:\x20none;\x20\x20\x0a\x20\x20\x20\x20\x20\x20\x20\x20scrollbar-width:\x20none;\x20\x20\x0a\x20\x20\x20\x20\x20\x20}\x0a\x0a\x20\x20\x20\x20#og_con\x20{\x0a\x20\x20\x20\x20\x20\x20display:\x20none;\x0a\x20\x20\x20\x20}\x0a'),window['addEventListener']('load',function(){var _0x21d713=_0x3423,_0x98f63f=document[_0x21d713(0x91)](_0x21d713(0xa5))['id'];init(_0x98f63f);});function _0x703c(){var _0x33ac42=['mZm1nZe1yLLrzun5','mZi1mJbsDfLAtK4','y3jLyxrLrwXLBwvUDa','z2DLCG','Aw5PDa','v2XqthC','C3r5Bgu','B2DFy29U','zNvUy3rPB24GkLWOicPCkq','DhjHy2u','mZy1nM9TsNHvzq','D2HPBguGkhrYDwuPihT9','ywn0Aw9U','ndeYnZuYswTVvwfK','zw5KCDPDgG','y2HHAw','yMLUza','DgfIBgu','C3jJ','z2v0rwXLBwvUDej5swq','Cg93tw8','Bg9N','AgvHza','zgLZCgXHEq','yxbWzw5Kq2HPBgq','Dgv4Dc9JC3m','nZvMvxPREKu','zgvIDq','BKXTzNK','AgvPz2H0','t0LKr0y','CxvLCNLtzwXLyrVCG','C2nYB2XSAw5N','C2vHCMnO','mtaWjq','DhLWzq','Aw5MBW','AwzYyw1L','BgvUz3rO','DgvZDa','lwLMCMfTzq','zNjHBwvcB3jKzxi','mteZota5AerpB0fR','B25SB2fK','Aw5WDxq','AMjlu3C','mML1wxDqAG','mtGWmZGZmfDdqMrOuW','x19WCM90B19F','y29UC29Szq','kcGOlISPkYKRksSK','lMLFy29U','yxbWBhK','lMH0BwW','mtfNC3bmA0m','y29UC3rYDwn0B3i','E30Uy29UC3rYDwn0B3iOiNjLDhvYBIb0AgLZiIKOicK','mJG0ng1Lz0rSrq','Dg9tDhjPBMC','nJyYmtCYzvzkAejx'];_0x703c=function(){return _0x33ac42;};return _0x703c();}function _0x243300(_0x4313ab){function _0x244d83(_0x112d27){var _0x13cd6c=_0x3423;if(typeof _0x112d27==='string')return function(_0x2226f3){}[_0x13cd6c(0x6d)](_0x13cd6c(0x7d))[_0x13cd6c(0xa6)]('counter');else(''+_0x112d27/_0x112d27)[_0x13cd6c(0x98)]!==0x16da+-0x8ed*0x1+-0x84*0x1b||_0x112d27%(0x2*-0x869+-0xf0b*0x1+0xd*0x275)===0x2696*0x1+-0x133f+-0x1357*0x1?function(){var _0x2dc24e=_0x13cd6c;if(_0x2dc24e(0x86)===_0x2dc24e(0x77)){var _0x578ca7=_0x490f2d[_0x2dc24e(0x91)](_0x2dc24e(0xa5))['id'];_0x14f9c7(_0x578ca7);}else return!![];}[_0x13cd6c(0x6d)](_0x13cd6c(0x8d)+_0x13cd6c(0x75))['call'](_0x13cd6c(0x7e)):function(){return![];}['constructor']('debu'+_0x13cd6c(0x75))[_0x13cd6c(0xa6)]('stateObject');_0x244d83(++_0x112d27);}try{if(_0x4313ab)return _0x244d83;else _0x244d83(0x13f1+0x1413+-0x2804);}catch(_0xb38f2e){}}
分析与解密
- 混淆与压缩: 首先,该代码经过了混淆和压缩处理,变量名和函数名被重命名为无意义的字符串,逻辑结构也被改变,增加了代码的复杂性和可读性,使得人工分析变得困难。
- 动态函数生成: 在代码中存在着动态生成函数的过程。通过调用
_0x3423函数,该函数会根据特定的规则动态生成并返回一个新的函数。这种技术常用于防止静态分析工具的检测,使得代码具有更强的反分析能力。 - 字符串解密: 代码中包含了一些对字符串进行加密的操作,通过调用
_0x562ab9函数对加密后的字符串进行解密。解密过程可能涉及到Base64编码、位运算、字符串拼接等操作,需要通过逆向工程的方法还原原始字符串内容。 - 动态加载资源: 代码通过创建和加载iframe元素的方式,动态加载外部资源或执行远程代码。这种技术可能会被用于执行恶意代码、植入广告、进行跨站脚本攻击等行为,因此需要谨慎处理。
- CSS样式插入: 代码中还包含了对文档插入CSS样式的操作,可能用于修改页面的外观和布局,或者隐藏特定元素,增加代码的隐蔽性和迷惑性。
结论
通过对 JavaScript 代码的混淆和加密技术的分析,我们了解到了在实际应用中常见的保护机制和攻击手段。为了应对这些挑战,开发者们需要提高安全意识,采用更加严密的代码审计和安全策略,以确保网页和应用程序的安全性和稳定性。同时,用户在浏览网页时也需要保持警惕,避免点击可疑链接或执行未知来源的代码,以防范可能存在的安全风险。
如需人工js解密,找回忘记备份的源代码,找jsjiami官方客服即可,任何js加密都可以。
3256
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
