国庆节没什么事情干,研究研究JS解密,好多站都是用这个sojson.com中的sojson.v5的加密工具加密的,所以尝试了下对sojson.v5进行破解。
这个所谓做牛逼加密的链接:https://www.sojson.com/jsobfuscator.html
但是这个sojson.v5 我发现了好多政府网站和大公司也在使用,我知道的就有“中国人民法院最高检-文书网”,“中国人民银行”。如中国人民银行使用图如下:
人民法院文书网在使用sojson.v5
用户还是挺多的。下面我们来研究研究吧
提供免费工具是好的,并且提供了这么多年,我们下面来对这个JS研究一下。
网上也有很多对这个进行破解的,但都是只能破解简单的。
(function (js_body) {
// 脱壳 && 解密
let js_arr = js_body.split("\n").pop().split(';'),
fun_name = /var\s+(_0x[a-z0-9]+)=/.exec(js_arr[6])[1],
reg_str = fun_name + ' \\(' + "'([^']+)',\s*'([^']+)'" + '\\)',
js_str = js_arr.slice(54, js_arr.length - 4).join(';'),
code_shell = js_arr.slice(0, 54).join(' ;'),
shell_obj = eval("(function(){" + code_shell + ";return " + fun_name + "})()");
js_str = js_str.replace(new RegExp(reg_str, 'i'), function (str, id, key) {
return '"' + shell_obj(id, key) + '"';
}).replace(/([a-z0-9\-_A-Z)\]]+)\s?\[["'](["']+)["']\]/g, '$1.$2').replace(/(?<!_)(0x[0-9a-f]+)/g, function (hex) {
return parseInt(hex).toString();
});
// 还原混淆
let obj = null, name = '';
js_str = js_str.replace(/{(va r\s+(_0x[0-9a-z]+)= (\{(.*)\}));/g, function (str, code_str, _name, obj_str) {
obj = eval("(function () {return " + obj_str + "})()");
name = _name;
return '{';
});
if (obj) {
let i = 5;
while (js_str.indexOf(name) && --i > 0) {
for (const key in obj) {
if (!obj.hasOwnProperty(key)) continue;
if (typeof obj[key] == 'function') {
let fun_info = /function \s*_0x[0-9]+\(([^)]*)\){return\s*([^;]+);}/.exec(obj[key].toString());
js_str = js_str.replace(new RegExp(name + '\\.' + key + '\\([^()]*)\\)', 'g'), function (string, args_str) {
let args = args_str.split(','),
fun_args = fun_info[1].split(','),
fun_body = fun_info[2];
fun_args.forEach(function (item, index) {
fun_body = fun_body.replace(item, args[index]);
});
return fun_body;
});
} else if (typeof obj[key] == 'string') {
js_str = js_str.replace(name + '.' + key, '"' + obj[key] + '"');
} else {
js_str = js_str.replace(name + '.' + key, obj[key].toString());
}
}
}
}
return js_str;
})($('#resultSource').val() || $('#jsdata').val());
下面我们来一个复杂的sojson.v5加密的JS,进行sojson.v5解密。
随便网上找一个SOJOSNV5加密的代码。我没有源码的。
;var encode_version = 'sojson.v5', tnyms = '__0x46202', __0x46202=['wotIHVoL','wpLCrsK3WwrbClMKbe1iJBw4Irw6Uv','O8ODQsOsw7/DusOjw6s=','wpglw6ZoGw==','RnLDl18=','w69TDQwS3wohfRsOgacKqSlTCnCTCig==','ZE/ChcONZw==','wqjDmRQmw78=','woJ6HV8E','wqnDjRM3w5Jge38K+','wq5Dw5rCm3A=','wqRyw5jCrg==','DcK3BXnDmg==','wozDtcOVKcKr','RcK4OwnDqA==','ImXDixjCmQVgS8KUw7c=','woPDjHpvDw==','wrxDw4nChG0=','ZyvCp3UO','HMOIwrdvw7M=','FsKIw2RrVQ==','wprDmH3R0Ng==','L8ODdMO0w4k=','woBiN1IP','LcKMUcK/Dw==','wqEmwpTDlyM=','WsKKcsK0w4c=','Q3fDg05p','w7DCrhxDw4I=','wqAQGwwF','5LmU6IGL5YiR6Zuxw4DDusOow7wlwrdJFyg=','wrbCokzDg3k=','w5jCmMKVWwXCscKATQ==','wpsXw7hXEw==','w5hp3w4Bx','TsKXBhbDtA==','w5nCjMKwC8Oc','csKdH2zCssOjw6nCmsOpOwnDqsKHP3wA','w5Ryw5d5woTCisKz','w7NEwqFNw5U=','TWzDnUpP','w6XCj8OPwpfCpAsRaTg=','BMKWw4d0fcOvOFvCvw==','a3lMTsOi','5Lqr6IKu5YmE6ZqUXmFUwp/CrVbCm82OiCQ==','w6DCgMOfwpo=','wqAYE1MLw45G','L8KLHHrDuMOmw7g=','w5zDlVHDvFhfNsOdwpXDv8KsUH5E','WMKKw59kPcO0ZknDqxrDtzPCqMOTfA==','F8K/w48=','XAIVwofDmW04w5jCkQJUSRrCu38KT','5Y6D542b5pWA54mo5p+U77yj57GR57qY5pqV5pSt5Li2','wqPDkQQr','RcKoeg==','TMKYw5jCusOzw7DDnAYpVCwHw7Y=','w6Ivw47Culx3CPMKRwoh9HUnDqsKgwrBx','57+g57iB5b+75buj77+96K2B5qOf5p6r572157mz5ZGA6YWG5per5om25byQ63L+D5LmY77+Q','CcKnJhnCosKteMONYMO0wpZfHyrDhQ==','w7nDvcOQew8=','P8K4w4PCjcOj','w4BfFU4Mw73cCwrzCosOeAg==','w4bCvAl0w4Q=','w78AB8KjdA==','w4dTwqlE','CMOJw6DD3hMKx','w57CqsKKWyU=','bMOmw43DrxzChTPCkwca','w7M1HMK2Sw==','FcOUw6I=','w4ZBwqzDvAs=','bG1ZT8Ow','J8KpZMKH','Nik5wpvDhQ==','LsOuwp/Dp1nCikLCgFc=','w6zChcK3KaCE=','HMKbw35vCvsOi','w6XCtS1+w5d7OsK6w53XCnhjDkQ==','wobDvcOvMcKfwpbDvA==','RB3Cg8K3wptj','w6pYw7DDssKSwoY6VcOwIzvDrcOZ','bkXCpMO3HZw==','JDpaTsO1RjXCvG4aw47CqMKmdk/DuA==','wq1Vw63Ch14=','GcOLwrZ5','K8Kiw67CuMOz','wp/ClG3Du08=','SDHCnVg=','w615w33rbDvATDpQTCoMKXcT91CsKZYwM=','OMKWGX3DvMO2w7jCqcO2PjLDqw==','woXCiFHDpVo2M82OewpHDiM3O7WXQ=','w4V1w4l+wovCjA==','O8KFYMKhGQ==','w7LClMOYwovCjg0eaA==','wqgRNisl','X8KPZsKl'];(function(_0x231fd0,_0x4f680a){var _0x5b4826=function(_0x4a3682){while(--_0x4a3682){_0x231fd0['push'](_0x231fd0['shift']());}};_0x5b4826(++_0x4f680a);}(__0x46202,0x8d));var _0x5bbd=function(_0x2e014c,_0x3c4d90){_0x2e014c=_0x2e014c-0x0;var _0x1d7798=__0x46202[_0x2e014c];if(_0x5bbd['initialized']===undefined){(function(){var _0x986553=typeof window!=='undefined'?window:typeof process==='object'&&typeof require==='function'&&typeof global==='object'?global:this;var _0x3a9fe3='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';_0x986553['atob']||(_0x986553['atob']=function(_0x3362fc){var _0x222f76=String(_0x3362fc)['replace'](/=+$/,'');for(var _0x1c1bae=0x0,_0x13fcfc,_0x75d67b,_0x5276f9=0x0,_0x5120c6='';_0x75d67b=_0x222f76['charAt'](_0x5276f9++);~_0x75d67b&&(_0x13fcfc=_0x1c1bae%0x4?_0x13fcfc*0x40+_0x75d67b:_0x75d67b,_0x1c1bae++%0x4)?_0x5120c6+=String['fromCharCode'](0xff&_0x13fcfc>>(-0x2*_0x1c1bae&0x6)):0x0){_0x75d67b=_0x3a9fe3['indexOf'](_0x75d67b);}return _0x5120c6;});}());var _0x1f098a=function(_0x36bfb3,_0x54d2d5){var _0x523f0f=[],_0x287336=0x0,_0x3056e0,_0x4f9aec='',_0x489de9='';_0x36bfb3=atob(_0x36bfb3);for(var _0x223c85=0x0,_0x1058d1=_0x36bfb3['length'];_0x223c85<_0x1058d1;_0x223c85++){_0x489de9+='%'+('00'+_0x36bfb3['charCodeAt'](_0x223c85)['toString'](0x10))['slice'](-0x2);}_0x36bfb3=decodeURIComponent(_0x489de9);for(var _0x46837b=0x0;_0x46837b<0x100;_0x46837b++){_0x523f0f[_0x46837b]=_0x46837b;}for(_0x46837b=0x0;_0x46837b<0x100;_0x46837b++){_0x287336=(_0x287336+_0x523f0f[_0x46837b]+_0x54d2d5['charCodeAt'](_0x46837b%_0x54d2d5['length']))%0x100;_0x3056e0=_0x523f0f[_0x46837b];_0x523f0f[_0x46837b]=_0x523f0f[_0x287336];_0x523f0f[_0x287336]=_0x3056e0;}_0x46837b=0x0;_0x287336=0x0;for(var _0x3f940e=0x0;_0x3f940e<_0x36bfb3['length'];_0x3f940e++){_0x46837b=(_0x46837b+0x1)%0x100;_0x287336=(_0x287336+_0x523f0f[_0x46837b])%0x100;_0x3056e0=_0x523f0f[_0x46837b];_0x523f0f[_0x46837b]=_0x523f0f[_0x287336];_0x523f0f[_0x287336]=_0x3056e0;_0x4f9aec+=String['fromCharCode'](_0x36bfb3['charCodeAt'](_0x3f940e)^_0x523f0f[(_0x523f0f[_0x46837b]+_0x523f0f[_0x287336])%0x100]);}return _0x4f9aec;};_0x5bbd['rc4']=_0x1f098a;_0x5bbd['data']={};_0x5bbd['initialized']=!![];}var _0x456967=_0x5bbd['data'][_0x2e014c];if(_0x456967===undefined){if(_0x5bbd['once']===undefined){_0x5bbd['once']=!![];}_0x1d7798=_0x5bbd['rc4'](_0x1d7798,_0x3c4d90);_0x5bbd['data'][_0x2e014c]=_0x1d7798;}else{_0x1d7798=_0x456967;}return _0x1d7798;};var soft_Path=process['cwd']();var path=require(_0x5bbd('0x0','6isv'));var pkg=require('./../package.json');var adm_zip=require(_0x5bbd('0x1','Khhr'));var request=require(_0x5bbd('0x2','sT%!'));var fs=require('fs');function update(){var _0x3789e0={'dgChb':'5|1|4|0|7|9|8|2|6|3','PStZu':function _0x7dcf3e(_0x16ac73,_0x55b753){return _0x16ac73(_0x55b753);},'FqPxr':'LOADING\x20...','YScSY':'bottom','sriwF':'slide','lOSkJ':_0x5bbd('0x3','D#8u'),'eIzSx':function _0x5e6bf1(_0x3abb9e,_0x164969){return _0x3abb9e+_0x164969;},'dGlyl':_0x5bbd('0x4','mK]7'),'iwKTM':function _0x4cb531(_0x3a3b6b,_0x5aa308){return _0x3a3b6b===_0x5aa308;},'pCtLR':_0x5bbd('0x5','6P[k'),'Wlxqi':_0x5bbd('0x6','wg(N'),'cxiMg':_0x5bbd('0x7','H3Y*'),'mwlzF':function _0x2641ab(_0x468f18,_0x2e5f37,_0x5b507b,_0x56980f){return _0x468f18(_0x2e5f37,_0x5b507b,_0x56980f);},'aqylG':_0x5bbd('0x8','agQo'),'pcEOt':function _0x2edfd8(_0x4da704,_0x22f5fe){return _0x4da704!==_0x22f5fe;},'vuEaz':_0x5bbd('0x9','T5HQ'),'cHRxb':_0x5bbd('0xa','6P[k'),'bQXTY':_0x5bbd('0xb','PDoq'),'bpQYD':_0x5bbd('0xc','RiSE'),'mwqwC':function _0x3a0232(_0x1fa8cb,_0x1e1df9){return _0x1fa8cb==_0x1e1df9;},'snsJv':'gYW','GyFcD':function _0x23e7d6(_0x45161b,_0x583aa4){return _0x45161b(_0x583aa4);},'DXtRF':'#updateBody','hCRly':_0x5bbd('0xd','8d#p')};var _0x83d8eb=_0x3789e0[_0x5bbd('0xe','&W1t')]['split']('|'),_0x43336d=0x0;while(!![]){switch(_0x83d8eb[_0x43336d++]){case'0':var _0x293a9e=pkg['downLoadUrl'];continue;case'1':_0x3789e0[_0x5bbd('0xf','6P[k')]($,_0x5bbd('0x10','kAM#'))['busyLoad']('show',{'text':_0x3789e0[_0x5bbd('0x11','dm)x')],'textPosition':_0x3789e0[_0x5bbd('0x12','MQEK')],'spinner':_0x5bbd('0x13','2O6B'),'animation':_0x3789e0['sriwF'],'image':_0x3789e0['lOSkJ']});continue;case'2':var _0x6a3873=_0x3789e0[_0x5bbd('0x14','(xMu')](_0x40e68c,_0x3789e0[_0x5bbd('0x15','AQYR')]);continue;case'3':request(_0x1e6998,function(_0x12b6f2,_0x3004f3,_0x1473ac){if(!_0x12b6f2&&_0x3004f3[_0x5bbd('0x16','IYq6')]==0xc8){if(_0x1473ac!=_0x5118ea){if(_0x203663[_0x5bbd('0x17','MQEK')](_0x203663['VlVlR'],_0x5bbd('0x18','(xMu'))){_0x203663[_0x5bbd('0x19','oC[H')]($,_0x203663[_0x5bbd('0x1a','O27I')])[_0x5bbd('0x1b','CC1Y')](_0x203663[_0x5bbd('0x1c','wg(N')]);downloadFile(_0x293a9e,_0x6a3873,function(){var _0x2783e7={'VhlJh':_0x5bbd('0x1d','IYq6')};var _0x4118db=_0x2783e7[_0x5bbd('0x1e','AQYR')][_0x5bbd('0x1f','6P[k')]('|'),_0x4bdbe2=0x0;while(!![]){switch(_0x4118db[_0x4bdbe2++]){case'0':new adm_zip(_0x3c765f)[_0x5bbd('0x20','dm)x')](soft_Path,!![]);continue;case'1':var _0x2178b9={'GhHPB':'hide'};continue;case'2':fs['writeFileSync'](_0x4da1db,_0x1473ac);continue;case'3':var _0x3c765f=_0x6a3873[_0x5bbd('0x21','5A()')](/\\/g,'/');continue;case'4':fs[_0x5bbd('0x22','MsyD')](_0x6a3873,function(){$(_0x5bbd('0x23','VLHZ'))['busyLoad'](_0x2178b9[_0x5bbd('0x24','IomQ')]);location['href']=_0x5bbd('0x25','O27I');});continue;}break;}});}else{_0x203663[_0x5bbd('0x26','PDoq')]($,_0x203663['fxpsf'])[_0x5bbd('0x27','yY3G')](_0x203663[_0x5bbd('0x28','6P[k')]);_0x203663[_0x5bbd('0x29','D#8u')](downloadFile,_0x293a9e,_0x6a3873,function(){var mpcdsb={'tXiJO':function _0x2503fe(_0x441d18,_0x5c0ceb){return _0x441d18(_0x5c0ceb);},'imHUT':_0x5bbd('0x2a','@CaH'),'hbxpf':_0x5bbd('0x2b','O6yI')};var _0x597c95=_0x6a3873['replace'](/\\/g,'/');new adm_zip(_0x597c95)[_0x5bbd('0x2c','sT%!')](soft_Path,!![]);fs[_0x5bbd('0x2d','D#8u')](_0x4da1db,_0x1473ac);fs[_0x5bbd('0x2e','E]4k')](_0x6a3873,function(){mpcdsb[_0x5bbd('0x2f','CC1Y')]($,_0x5bbd('0x23','VLHZ'))[_0x5bbd('0x30','6isv')](mpcdsb[_0x5bbd('0x31','Khhr')]);location[_0x5bbd('0x32','T5HQ')]=mpcdsb[_0x5bbd('0x33','kAM#')];});});}}else{_0x203663['catha']($,_0x5bbd('0x34','RiSE'))[_0x5bbd('0x35','mQaH')](_0x203663[_0x5bbd('0x36','*(jo')]);location[_0x5bbd('0x37','Z44s')]=_0x5bbd('0x38','Khhr');}}else{if(_0x203663['sEhfd'](_0x203663[_0x5bbd('0x39','IomQ')],'rUy')){_0x203663[_0x5bbd('0x3a','agQo')]($,_0x203663[_0x5bbd('0x3b','kAM#')])[_0x5bbd('0x3c','agQo')](_0x203663[_0x5bbd('0x3d','PDoq')]);location[_0x5bbd('0x3e','PDoq')]=_0x203663[_0x5bbd('0x3f','sT%!')];}else{_0x203663['catha'](alert,_0x203663[_0x5bbd('0x40','5A()')]);window[_0x5bbd('0x41','8d#p')]();}}});continue;case'4':var _0x1e6998=pkg[_0x5bbd('0x42','Q30n')];continue;case'5':var _0x203663={'UfxFf':function _0xef0d61(_0x1fed85,_0x482b5c){return _0x3789e0[_0x5bbd('0x43','8Pdp')](_0x1fed85,_0x482b5c);},'VlVlR':_0x3789e0[_0x5bbd('0x44','PDoq')],'aUPOa':function _0x5d31fe(_0x8a63e8,_0x4c8c02){return _0x3789e0[_0x5bbd('0x45','S6YE')](_0x8a63e8,_0x4c8c02);},'fxpsf':_0x3789e0['Wlxqi'],'DIYoe':_0x3789e0['cxiMg'],'mnUjp':function _0x18cbbd(_0x527d89,_0x51fc85,_0x2ad31e,_0x248f89){return _0x3789e0[_0x5bbd('0x46','yY3G')](_0x527d89,_0x51fc85,_0x2ad31e,_0x248f89);},'catha':function _0x2d90ff(_0x513e23,_0x45939f){return _0x3789e0['PStZu'](_0x513e23,_0x45939f);},'bCgSO':_0x3789e0[_0x5bbd('0x47','mK]7')],'sEhfd':function _0x5360b7(_0x5a466c,_0x1eeb19){return _0x3789e0[_0x5bbd('0x48','8Pdp')](_0x5a466c,_0x1eeb19);},'MbiZB':_0x3789e0[_0x5bbd('0x49','mQaH')],'aPxui':_0x3789e0[_0x5bbd('0x4a','kAM#')],'PYhvG':_0x3789e0[_0x5bbd('0x4b','CC1Y')],'xmJtU':_0x3789e0[_0x5bbd('0x4c','O6yI')]};continue;case'6':if(_0x3789e0[_0x5bbd('0x4d','T5HQ')](_0x293a9e,'')||_0x3789e0[_0x5bbd('0x4e','Z44s')](_0x5118ea,'')||_0x1e6998==''){if(_0x3789e0[_0x5bbd('0x4f','dm)x')](_0x3789e0['snsJv'],'gYW')){window[_0x5bbd('0x50','Khhr')](_0x5bbd('0x51','mQaH'));}else{_0x3789e0['GyFcD']($,_0x3789e0[_0x5bbd('0x52','D#8u')])[_0x5bbd('0x53','AQYR')](_0x3789e0[_0x5bbd('0x54','*(jo')]);location[_0x5bbd('0x55','E]4k')]=_0x3789e0[_0x5bbd('0x56','8d#p')];return;}}continue;case'7':var _0x4da1db=_0x3789e0[_0x5bbd('0x57','9YTU')](soft_Path,_0x5bbd('0x58','sT%!'));continue;case'8':var _0x40e68c=path[_0x5bbd('0x59','E]4k')](process['execPath']);continue;case'9':var _0x5118ea=fs['readFileSync'](_0x4da1db);continue;}break;}}function downloadFile(_0x3d019c,_0x5a72c6,_0x18cca5){var _0xdf37b6={'WbjlQ':function _0x1e577e(_0x2b41de,_0xf7c150){return _0x2b41de(_0xf7c150);}};var _0x3f3e9b=fs['createWriteStream'](_0x5a72c6);_0xdf37b6[_0x5bbd('0x5a','2O6B')](request,_0x3d019c)['pipe'](_0x3f3e9b)['on'](_0x5bbd('0x5b','Z44s'),_0x18cca5);};if(!(typeof encode_version!==_0x5bbd('0x5c','6isv')&&encode_version===_0x5bbd('0x5d','mK]7'))){window[_0x5bbd('0x5e','O27I')](_0x5bbd('0x5f','MQEK'));};encode_version = 'sojson.v5';
测试下100%解密
request(versionUrl, function (error, response, newVersion) {
if (!error && response.statusCode == 200) {
if(newVersion != localVersion){
$(".busy-load-text").html("发现新版本,系统更新中");
downloadFile(downLoadUrl, filename, function(){
var path1 = filename.replace(/\\/g,"\/")
new adm_zip(path1).extractAllTo(soft_Path, true);
fs.writeFileSync(localVersionPath,newVersion);
fs.unlink(filename, function(){
$("#some-element").busyLoad("hide");
location.href="./src/index.html";
});
});
}else{
$("#some-element").busyLoad("hide");
location.href="./src/index.html";
}
}else{
alert("网络异常,请检查网络后重新打开软件!");
window.close();
}
})
为了方便大家使用,开始编写工具。
工具地址:jsjiemi.com
效果如下:
还有别人写的一些代码。
解密代码如下:
;(function (js_body) {
// 脱壳 && 解密
let js_arr = js_body.split("\n").pop().split(';'),
fun_name = /var\s+(_0x[a-z0-9]+)=/.exec(js_arr[6])[1],
reg_str = fun_name + '\\(' + "'([^']+)',\s*'([^']+)'" + '\\)',
js_str = js_arr.slice(54, js_arr.length - 4).join(' ;'),
code_shell = js_arr.slice(0, 54).join(';'),
shell_obj = eval("(function(){" + code_shell + "return " + fun_name + "})()");
js_str = js_str.replace(new RegExp(reg_str, 'g'), function (str, id, key) {
return '"' + shell_obj(id, key) + '"';
}).replace(/([a-z0-9\-_A-Z)\]]+)\s?\[["']([^"']+)["']\]/g, '$1.$2').replace(/\\(?<!_\\)(0x[0-9a-f]+)/g, function (hex) {
return parseInt(hex).toString();
});
// 还原混淆
let obj = null, name = '';
js_str = js_str.replace(/{(var \s+(_0x[0-9a-z]+)=(\{(.*)\}));/g, function (str, code_str, _name, obj_str) {
obj = eval("(function () {return" + obj_str + "})()");
name = name;
return '{';
});
if (obj) {
let i = 5;
while (js_str.indexOf(name) && --i > 0) {
for (const key in obj) {
if (!obj.hasOwnProperty(key)) continue;
if (typeof obj[key] == 'function') {
let fun_info = /function \s*_0x[0-9a-z]+\(([^)]*)\){return \s*([^;]+);}/.exec(obj[key].toString());
js_str = js_str.replace(new RegExp(name + '\\. ' + key + '\\(([^())]* )\\)', 'g'), function (string, args_str) {
let args = args_str.split(','),
fun_args = fun_info[1].split(','),
fun_body = fun_info[2];
fun_args.forEach(function (item, index) {
fun_body = fun_body.replace(item, args[index]);
});
return fun_body;
});
} else if (typeof obj[key] == 'string ') {
js_str = js_str.replace(name + '.' + key, '"' + obj[key] + '"');
} else {
js_str = js_str.replace(name + '.' + key, obj[key].toString());
}
}
}
}
return js_str;
})($('#resultSource').val() || $('#jsdata').val());
也测试下是可以的。
转载:https://blog.csdn.net/sojsonv5/article/details/101845533
查看评论