猿人学第二题AST还原代码

const fs = require('fs');
const {parse} = require('@babel/parser');
const traverse = require('@babel/traverse').default;
var AST_code = fs.readFileSync('data.js',{encoding:'utf-8'});
const generator = require('@babel/generator').default;
const types = require('@babel/types');

let AST_parse = parse(AST_code);
//切片获取解密函数
let member_decode_js = '';
for (let i=0;i<=2;i++){
    member_decode_js += generator(AST_parse.program.body[i],{compact:true}).code
}
eval(member_decode_js);
//检验是否能替换
console.log($dbsm_0x1837('\x30\x78\x34\x64\x38', '\x5a\x42\x4e\x56'));


//解密函数替换
traverse(AST_parse,{
    //解密函数还原
    CallExpression(path){
        if (path.node.callee.name == '$dbsm_0x1837'){
            // console.log(path.toString());
            path.replaceInline(types.valueToNode((eval(path.toString()))))
        }
    },
    //字符串美化
    StringLiteral(path){
        if (path.node.extra && path.node.extra.raw.indexOf('\\') !== -1){
            delete path.node.extra

        }},
        //字符串合并
         exit: function(path){
                if (path.node.left && path.node.left.type === 'StringLiteral' && path.node.right.type === 'StringLiteral'){
                    path.replaceInline(types.valueToNode(path.node.left.value+path.node.right.value))
                }
            }

});
// console.log(generator(AST_parse).code);
//字符串还原
// 将y写入对象
const y = {};
traverse(AST_parse,{
    AssignmentExpression(path){
        if(path.node.right.type === 'FunctionExpression' || path.node.right.type === 'StringLiteral'){
            y[path.node.left.property.value] = path.node.right
        }
    }

});
// console.log(y);
// console.log(generator(AST_parse).code);

// 还原
const js_code = generator(AST_parse,{compact:true}).code;
AST_code = parse(js_code);
traverse(AST_code,{
    //将大赋值中等于遍历的进行替换
    MemberExpression(path){
        if (path.node.object.name === '_0x34fb2c' && (path.inList || path.parent.type === 'AssignmentExpression')){
             path.replaceInline(y[path.node.property.value]);

        }
    },
    //将大赋值中两个值进行简单运算的进行替换
     CallExpression(path){
        if(path.node.callee.object && path.node.callee.object.name ==='_0x34fb2c'){
            const y_node = y[path.node.callee.property.value];
            if(y_node && y_node.body.body[0].argument.type === 'BinaryExpression'){
                const operator = y_node.body.body[0].argument.operator;
                // console.log(path.node.arguments[0]);
                path.replaceInline(types.binaryExpression(operator,path.node.arguments[0],path.node.arguments[1]))
            }
            //将大赋值中是运行函数的进行替换xxx()
            else if (y_node && y_node.body.body[0].argument.type == 'CallExpression'){
                 const arg = path.node.arguments.slice(1);
                 path.replaceInline(types.callExpression(path.node.arguments[0],arg))
            }
        }
    }
});
//中括号换成点
traverse(AST_code,{
    MemberExpression:{
        exit:function(path){
            if (path.node.property.type === 'StringLiteral'){
                path.node.computed = false;
                path.node.property.type = 'Identifier';
                path.node.property.name = path.node.property.value;
                delete path.node.property.value
            }
        }

    }
});



console.log(generator(AST_code).code);
// console.log( y);
//最后将脱出来的代码用fiddler进行替换可测试代码是否可正常运行