JShaman JS代码混淆加密效果
关键字:js加密、js混淆、js代码混淆加密
JShaman是专业的JS代码混淆加密平台,拥有数十种自研JS代码保护技术。
以下展示部分功能效果。
注1:代码中红色、绿色字符为加密前后差异内容。
注2:本文代码,皆可实测,复制粘贴即可运行。
一、局部变量名、函数名混淆
示例JS代码:
1 | function demo(){
2 | var a=1;
3 | function a(){
4 | }
5 | a();
6 | }
选项配置:
局部变量名、函数名混淆
混淆加密后的JS代码:
function demo() {
var _0xf = 1;
function _0xf() {}
_0xf();
}
二、全局变量名混淆
示例JS代码:
1 | var global_a = 0;
2 | function demo(){
3 | }
选项配置:
全局变量名混淆
混淆加密后的JS代码:
var _0x704g = 0;
function demo() {}
三、全局函数名混淆
示例JS代码:
1 | function demo(){
2 | }
3 | demo();
选项配置:
全局函数名混淆
混淆加密后的JS代码:
function _0xe611c() {}
_0xe611c();
四、成员表达式加密
示例JS代码:
1 | console.log("hello world");
选项配置:
成员表达式加密
混淆加密后的JS代码:
console['\x6c\x6f\x67']("hello world");
五、数值常量加密
示例JS代码:
1 | var a=1;
选项配置:
数值常量加密
混淆加密后的JS代码:
var a = 540245 ^ 540244;
六、二进制表达式混淆
示例JS代码:
1 | var a=1+2;
选项配置:
二进制表达式混淆
混淆加密后的JS代码:
var a = function (s, h) {
return s + h;
}(1, 2);
七、布尔型常量加密
示例JS代码:
1 | var a=true;
选项配置:
布尔型常量加密
混淆加密后的JS代码:
var a = !![];
八、JSON数据加密
示例JS代码:
1 | var a={"password":"123456"};
选项配置:
JSON数据加密
字符串阵列化
阵列字符串加密
混淆加密后的JS代码:
var _0x483a8b=["114.3.41.41.43.121.104.122.122.126.102.123.109.43.51.41.43.56.59.58.61.60.63.43.3.116."];function _0x561e1b(str,dy_key){dy_key=9;var i,k,str2="";k=str.split(".");for(i=0;i<k.length-1;i++){str2+=String.fromCharCode(k[i]^dy_key);}return str2;}var a=JSON.parse(_0x561e1b(_0x483a8b[0]));
九、字符串加密
示例JS代码:
1 | var str = "jshaman.com";
选项配置:
字符串加密
混淆加密后的JS代码:
var str = "\u006a\u0073\u0068\u0061\u006d\u0061\u006e\u002e\u0063\u006f\u006d";
十、僵尸代码植入
示例JS代码:
1 | var a=1;
2 | var b=2;
3 | var c=3
选项配置:
僵尸代码植入
混淆加密后的JS代码:
var _0x4d = 9 + 3;
var a = 1;
_0x4d = 3;
var _0x = 6 + 8;
var b = 2;
_0x = 5 + 7;
var _0xaeb;
var c = 3;
_0xaeb = "fckk";
十一、Eval加密
示例JS代码:
1 | var a=2+3;
选项配置:
Eval加密
混淆加密后的JS代码:
var a=eval(String.fromCharCode(50,32,43,32,51));
十二、平展控制流
示例JS代码:
1 | function demo(){
2 | var a=1;
3 | a=a+1;
4 | console.log(a);
5 | }
选项配置:
平展控制流
混淆加密后的JS代码:
function demo() {
var _array = "2|1|0".split("|"),
_index = 0;
while (!![]) {
switch (+_array[_index++]) {
case 0:
console.log(a);
continue;
case 1:
a = a + 1;
continue;
case 2:
var a = 1;
continue;
}
break;
}
}
十三、虚拟机执行保护
示例JS代码:
1 | console.log(1+2);
选项配置:
虚拟机执行保护
混淆加密后的JS代码:
function _0xe670c(vm_opcode){var op={push:32,add:33,sub:34,mul:35,div:36,pop:37,xor:38};var stack=[];var ip=-1;var sp=-1;while(ip<vm_opcode.length){ip++;switch(vm_opcode[ip]){case op.push:{ip++;stack.push(vm_opcode[ip]);sp++;break;}case op.add:{var op_1=stack[sp-1];var op_2=stack[sp];var value=op_1+op_2;stack.push(value);sp++;break;}case op.sub:{var op_1=stack[sp-1];var op_2=stack[sp];var value=op_1-op_2;stack.push(value);sp++;break;}case op.mul:{var op_1=stack[sp-1];var op_2=stack[sp];var value=op_1*op_2;stack.push(value);sp++;break;}case op.div:{var op_1=stack[sp-1];var op_2=stack[sp];var value=op_1/op_2;stack.push(value);sp++;break;}case op.xor:{var op_1=stack[sp-1];var op_2=stack[sp];var value=op_1^op_2;stack.push(value);sp++;break;}case op.pop:{return stack[sp];}}}}console.log(_0xe670c([32,1,32,2,33,37]));
十四、AST加密
示例JS代码:
1 | console.log("JShaman专注于JS混淆加密");
选项配置:
AST加密
混淆加密后的JS代码:
var visitors={File(node,scope){ast_excute(node.program,scope);},Program(program,scope){for(i=0;i<program.body.length;i++){ast_excute(program.body[i],scope);}},ExpressionStatement(node,scope){return ast_excute(node.expression,scope);},CallExpression(node,scope){var func=ast_excute(node.callee,scope);var args=node.arguments.map(function(arg){return ast_excute(arg,scope);});var value;if(node.callee.type==='MemberExpression'){value=ast_excute(node.callee.object,scope);}return func.apply(value,args);},MemberExpression(node,scope){var obj=ast_excute(node.object,scope);var name=node.property.name;return obj[name];},Identifier(node,scope){return scope[node.name];},StringLiteral(node){return node.value;},NumericLiteral(node){return node.value;}};function ast_excute(node,scope){var evalute=visitors[node.type];if(!evalute){throw new Error("Unknown AST type:",node.type);}return evalute(node,scope);}ast_excute({"type":"CallExpression","callee":{"type":"MemberExpression","object":{"type":"Identifier","name":"console"},"property":{"type":"Identifier","name":"log"}},"arguments":[{"type":"StringLiteral","value":"JShaman专注于JS混淆加密"}]},{console:console});
十五、字符串阵列化
示例JS代码:
1 | var a="abc";
2 | var b="def";
选项配置:
字符串阵列化
混淆加密后的JS代码:
var _0xef = ["abc", "def"];
var a = _0xef[0];
var b = _0xef[1];
十六、阵列字符串加密
示例JS代码:
1 | var a="abc";
2 | var b="def";
选项配置:
字符串阵列化
阵列字符串加密
混淆加密后的JS代码:
var _0xa1e6a=["104.107.106.","109.108.111."];function _0x34c(str,dy_key){dy_key=9;var i,k,str2="";k=str.split(".");for(i=0;i<k.length-1;i++){str2+=String.fromCharCode(k[i]^dy_key);}return str2;}var a=_0x34c(_0xa1e6a[0]);var b=_0x34c(_0xa1e6a[1]);
在实际工作中,当对JS代码进行混淆加密时,通常不会单独的使用某个以上所展示的功能选项,而是会混合使用,加密效果更是比单独展示的好很多倍。如下示例JS代码:
1 |
2 | var a = "jshaman.com是专业的Javascript代码混淆加密平台";
3 | function demo(){
4 | var b = 1;
5 | var c = 1+2;
6 | var d = true;
7 | var e = {"e":"123456"};
8 | return e;
9 | }
10 | var f = demo();
11 | console.log(f);
12 |
选项配置:
JSON数据加密
僵尸代码植入
局部变量名、函数名混淆
全局变量名混淆
全局函数名混淆
函数名混淆补充处理
AST加密
成员表达式加密
数值常量加密
虚拟机执行保护
二进制表达式混淆
布尔型常量加密
Eval加密
字符串加密
平展控制流
收缩控制流
反格式化
字符串阵列化
阵列字符串加密
代码防篡改
混淆加密后的JS代码:
var _0x9edadg=["3.","117.","68.108.100.107.108.123.76.113.121.123.108.122.122.96.102.103.","117.","92.103.98.103.102.126.103.41.72.90.93.41.125.112.121.108.51.","99.122.97.104.100.104.103.39.106.102.100.26150.19994.19987.30349.67.104.127.104.122.106.123.96.121.125.20202.30728.28158.28111.21161.23503.24186.21497.","117.","108.111.104.97.","114.3.41.41.43.108.43.51.41.43.56.59.58.61.60.63.43.3.116."];function _0xda(str,dy_key){if(arguments.callee.toString().length!=parseFloat('0000000242')){throw Error('Tamper proof');}dy_key=9;var i,k,str2="";k=str.split(".");for(i=0;i<k.length-1;i++){str2+=String.fromCharCode(k[i]^dy_key);}return str2;}function _0x431fe(){if(arguments.callee.toString().length!=parseFloat('0000000200')){throw Error('Tamper proof');}if(arguments.callee.toString().indexOf(_0xda(_0x9edadg[0]))!=-1){arguments.callee();}}{_0x431fe();}function _0x39ge(vm_opcode){if(arguments.callee.toString().length!=parseFloat('0000002073')){throw Error('Tamper proof');}function _0x431fe(){if(arguments.callee.toString().length!=parseFloat('0000000200')){throw Error('Tamper proof');}if(arguments.callee.toString().indexOf(_0xda(_0x9edadg[0]))!=-1){arguments.callee();}}{_0x431fe();}var _array="4|0|2|1|3".split(_0xda(_0x9edadg[1])),_index=0;while(!![]){switch(+_array[_index++]){case 0:var stack=[];continue;case 1:var sp=-1;continue;case 2:var ip=-1;continue;case 3:while(eval(String.fromCharCode(105,112,32,60,32,118,109,95,111,112,99,111,100,101,46,108,101,110,103,116,104))){eval(String.fromCharCode(105,112,43,43));switch(vm_opcode[ip]){case op.push:{eval(String.fromCharCode(105,112,43,43));stack.push(vm_opcode[ip]);eval(String.fromCharCode(115,112,43,43));break;}case op.add:{var op_1=stack[eval(String.fromCharCode(115,112,32,45,32,49))];var op_2=stack[sp];var value=function(s,h){return eval(String.fromCharCode(115,32,43,32,104));}(op_1,op_2);stack.push(value);eval(String.fromCharCode(115,112,43,43));break;}case op.sub:{var op_1=stack[eval(String.fromCharCode(115,112,32,45,32,49))];var op_2=stack[sp];var value=function(s,h){return eval(String.fromCharCode(115,32,45,32,104));}(op_1,op_2);stack.push(value);eval(String.fromCharCode(115,112,43,43));break;}case op.mul:{var op_1=stack[sp-1];var op_2=stack[sp];var value=function(s,h){return s*h;}(op_1,op_2);stack.push(value);eval(String.fromCharCode(115,112,43,43));break;}case op.div:{var op_1=stack[eval(String.fromCharCode(115,112,32,45,32,49))];var op_2=stack[sp];var value=function(s,h){return s/h;}(op_1,op_2);stack.push(value);eval(String.fromCharCode(115,112,43,43));break;}case op.xor:{var op_1=stack[eval(String.fromCharCode(115,112,32,45,32,49))];var op_2=stack[sp];var value=function(s,h){return eval(String.fromCharCode(115,32,94,32,104));}(op_1,op_2);stack.push(value);eval(String.fromCharCode(115,112,43,43));break;}case op.pop:{return stack[sp];}}}continue;case 4:var op={push:32,add:33,sub:34,mul:35,div:36,pop:37,xor:38};continue;}break;}}var visitors={File(node,scope){ast_excute(node['\x70\x72\x6f\x67\x72\x61\x6d'],scope);},Program(program,scope){for(i=_0x39ge([32,743147,32,743147,38,37]);eval(String.fromCharCode(105,32,60,32,112,114,111,103,114,97,109,91,39,92,120,54,50,92,120,54,102,92,120,54,52,92,120,55,57,39,93,91,39,92,120,54,99,92,120,54,53,92,120,54,101,92,120,54,55,92,120,55,52,92,120,54,56,39,93));i++){ast_excute(program['\x62\x6f\x64\x79'][i],scope);}},ExpressionStatement(node,scope){return ast_excute(node['\x65\x78\x70\x72\x65\x73\x73\x69\x6f\x6e'],scope);},CallExpression(node,scope){var func=ast_excute(node['\x63\x61\x6c\x6c\x65\x65'],scope);var args=node['\x61\x72\x67\x75\x6d\x65\x6e\x74\x73']['\x6d\x61\x70'](function(arg){return ast_excute(arg,scope);});var value;if(node['\x63\x61\x6c\x6c\x65\x65']['\x74\x79\x70\x65']===_0xda(_0x9edadg[2])){value=ast_excute(node['\x63\x61\x6c\x6c\x65\x65']['\x6f\x62\x6a\x65\x63\x74'],scope);}return func['\x61\x70\x70\x6c\x79'](value,args);},MemberExpression(node,scope){var obj=ast_excute(node['\x6f\x62\x6a\x65\x63\x74'],scope);var name=node['\x70\x72\x6f\x70\x65\x72\x74\x79']['\x6e\x61\x6d\x65'];return obj[name];},Identifier(node,scope){return scope[node['\x6e\x61\x6d\x65']];},StringLiteral(node){return node['\x76\x61\x6c\x75\x65'];},NumericLiteral(node){return node['\x76\x61\x6c\x75\x65'];}};function ast_excute(node,scope){if(arguments.callee.toString().length!=parseFloat('0000000426')){throw Error('Tamper proof');}var _array="0|1|2".split(_0xda(_0x9edadg[3])),_index=0;while(!![]){switch(+_array[_index++]){case 0:var evalute=visitors[node['\x74\x79\x70\x65']];continue;case 1:if(!evalute){throw new Error(_0xda(_0x9edadg[4]),node['\x74\x79\x70\x65']);}continue;case 2:return evalute(node,scope);continue;}break;}}var _0xe1e;var _0xac=_0xda(_0x9edadg[5]);_0xe1e=_0x39ge([32,859516,32,859516,38,37])+_0x39ge([32,944312,32,944316,38,37]);function _0x573fa(){if(arguments.callee.toString().length!=parseFloat('0000000670')){throw Error('Tamper proof');}var _array="0|1|3|5|2|4|6".split(_0xda(_0x9edadg[6])),_index=0;while(!![]){switch(+_array[_index++]){case 0:var _0x39fb=_0x39ge([32,255147,32,255146,38,37]);continue;case 1:var _0x=function(s,h){return eval(String.fromCharCode(115,32,43,32,104));}(_0x39ge([32,923561,32,923560,38,37]),_0x39ge([32,495327,32,495325,38,37]));continue;case 2:_0x7e=_0xda(_0x9edadg[7]);continue;case 3:var _0x7e;continue;case 4:var _0x88c21g=JSON['\x70\x61\x72\x73\x65'](_0xda(_0x9edadg[8]));continue;case 5:var _0x537ac=!![];continue;case 6:return _0x88c21g;continue;}break;}}var _0xd;var _0x2f=_0x573fa();_0xd=_0x39ge([32,688155,32,688158,38,37]);console['\x6c\x6f\x67'](_0x2f);