【AST 混淆】八、总结

总结

不同的混淆，可以搭配使用，有 增加代码量、使执行流程混乱、使眼睛看起来花 … ，但它们都是给逆向者 增加分析难度

完整代码：https://pan.bigdataboy.cn/s/G2Msx

验证

源代码未混淆

Date.prototype.format = function (formatStr) {
    var str = formatStr;
    str = str.replace(/yyyy|YYYY/, this.getFullYear());
    str = str.replace(/MM/, this.getMonth() + 1 > 9 ? (this.getMonth() + 1).toString() : '0' + (this.getMonth() + 1)); // encryptAscii
    str = str.replace(/dd|DD/, this.getDate() > 9 ? this.getDate().toString() : '0' + this.getDate()); // encrypt
    return str;
};

console.log(new Date().format('yyyy-MM-dd'));

混淆后

var arr = ["cHJvdG90eXBl", "Zm9ybWF0", "cmVwbGFjZQ==", "Z2V0RnVsbFllYXI=", "Z2V0TW9udGg=", "dG9TdHJpbmc=", "MA==", "Z2V0RGF0ZQ==", "Y29uc29sZQ==", "bG9n", "eXl5eS1NTS1kZA==", "RGF0ZQ=="];

((arr, nums) => {
  while (--nums) {
    arr["\x70\x75\x73\x68"](arr["\x73\x68\x69\x66\x74"]());
  }
})(arr, arr["\x6c\x65\x6e\x67\x74\x68"]);

window[atob(arr[0])][atob(arr[1])][atob(arr[2])] = function (OOOOOO) {
  var _array = "6|14|4|13|15|5|8|0|12|1|16|7|10|3|2|9|11".split("|"),
      _index = 0;

  while (!![]) {
    switch (+_array[_index++]) {
      case 0:
        function _xxx5(a, b) {
          return a + b;
        }

        continue;

      case 1:
        function _xxx3(a, b) {
          return a ^ b;
        }

        continue;

      case 2:
        eval(String.fromCharCode(79, 79, 79, 79, 79, 111, 32, 61, 32, 79, 79, 79, 79, 79, 111, 91, 97, 116, 111, 98, 40, 97, 114, 114, 91, 51, 93, 41, 93, 40, 47, 77, 77, 47, 44, 32, 95, 120, 120, 120, 40, 95, 120, 120, 120, 50, 40, 116, 104, 105, 115, 91, 97, 116, 111, 98, 40, 97, 114, 114, 91, 53, 93, 41, 93, 40, 41, 44, 32, 95, 120, 120, 120, 51, 40, 54, 48, 56, 56, 54, 51, 44, 32, 54, 48, 56, 56, 54, 50, 41, 41, 44, 32, 95, 120, 120, 120, 52, 40, 54, 57, 53, 55, 54, 48, 44, 32, 54, 57, 53, 55, 54, 57, 41, 41, 32, 63, 32, 95, 120, 120, 120, 53, 40, 116, 104, 105, 115, 91, 97, 116, 111, 98, 40, 97, 114, 114, 91, 53, 93, 41, 93, 40, 41, 44, 32, 95, 120, 120, 120, 54, 40, 49, 56, 53, 56, 57, 55, 44, 32, 49, 56, 53, 56, 57, 54, 41, 41, 91, 97, 116, 111, 98, 40, 97, 114, 114, 91, 54, 93, 41, 93, 40, 41, 32, 58, 32, 95, 120, 120, 120, 55, 40, 97, 116, 111, 98, 40, 97, 114, 114, 91, 55, 93, 41, 44, 32, 95, 120, 120, 120, 56, 40, 116, 104, 105, 115, 91, 97, 116, 111, 98, 40, 97, 114, 114, 91, 53, 93, 41, 93, 40, 41, 44, 32, 95, 120, 120, 120, 57, 40, 53, 51, 49, 48, 54, 54, 44, 32, 53, 51, 49, 48, 54, 55, 41, 41, 41, 41, 59));
        continue;

      case 3:
        OOOOOo = OOOOOo[atob(arr[3])](/yyyy|YYYY/, this[atob(arr[4])]());
        continue;

      case 4:
        function _xxx10(a, b) {
          return a > b;
        }

        continue;

      case 5:
        function _xxx7(a, b) {
          return a + b;
        }

        continue;

      case 6:
        function _xxx12(a, b) {
          return a + b;
        }

        continue;

      case 7:
        function _xxx(a, b) {
          return a > b;
        }

        continue;

      case 8:
        function _xxx6(a, b) {
          return a ^ b;
        }

        continue;

      case 9:
        eval(atob("T09PT09vID0gT09PT09vW2F0b2IoYXJyWzNdKV0oL2RkfERELywgX3h4eDEwKHRoaXNbYXRvYihhcnJbOF0pXSgpLCBfeHh4MTEoMjAxOTEyLCAyMDE5MDUpKSA/IHRoaXNbYXRvYihhcnJbOF0pXSgpW2F0b2IoYXJyWzZdKV0oKSA6IF94eHgxMihhdG9iKGFycls3XSksIHRoaXNbYXRvYihhcnJbOF0pXSgpKSk7"));
        continue;

      case 10:
        var OOOOOo = OOOOOO;
        continue;

      case 11:
        // encrypt
        return OOOOOo;
        continue;

      case 12:
        function _xxx4(a, b) {
          return a ^ b;
        }

        continue;

      case 13:
        function _xxx9(a, b) {
          return a ^ b;
        }

        continue;

      case 14:
        function _xxx11(a, b) {
          return a ^ b;
        }

        continue;

      case 15:
        function _xxx8(a, b) {
          return a + b;
        }

        continue;

      case 16:
        function _xxx2(a, b) {
          return a + b;
        }

        continue;
    }
  }
};

window[atob(arr[9])][atob(arr[10])](new window[atob(arr[0])]()[atob(arr[2])](atob(arr[11])));

上一篇
【AST 还原】一、还原数值常量

下一篇
【AST 混淆】七、实现流程平坦化

版权声明：《【AST 混淆】八、总结》为明妃原创文章，转载请注明出处！
最后编辑:2022-4-19 08:04:07

总结

验证

相关推荐

【Vue 案例】记事本

mui 之 窗口切换

HTML5 之 meta 标签

mui 之 表单

LayUI 选项卡

mui 之窗口切换

mui 之表单