js 字符串替换_JS逆向|使用pyexecjs库替换加密字符串
window = {};window.atob = function(r) { e = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="; var o = String(r).replace(/=+$/, ""); if(o.length % 4 == 1) throw new t("'atob' failed: The string to be decoded is not correctly encoded."); for(var n, a, i = 0, c = 0, d = ""; a = o.charAt(c++); ~a && (n = i % 4 ? 64 * n + a : a, i++ % 4) ? d += String.fromCharCode(255 & n >> (-2 * i & 6)) : 0) a = e.indexOf(a); return d}window.btoa = function(r) { e = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="; for(var o, n, a = String(r), i = 0, c = e, d = ""; a.charAt(0 | i) || (c = "=", i % 1); d += c.charAt(63 & o >> 8 - i % 1 * 8)) { if(n = a.charCodeAt(i += .75), n > 255) throw new t("'btoa' failed: The string to be encoded contains characters outside of the Latin1 range."); o = o << 8 | n } return d}
var _0x2075 = ['wrw3EMKc', 'BBdBHWk=', 'wplgd8O5dHbDtFfDucK9CsOS', 'f8KvAcKewoDClg==', 'XcKowo9uOyfChw==', 'XcKowpRzOzDCgMKuw5vCtH8=', 'HmQkw5vDt8OIBDbCpMKdw6Aaw7HDmcKb', 'wpxzdMO4', 'R8KHF1k1w5A=', 'w4LDgcOowrjDhg==', 'w6RKw6PCmVDDpw==', 'w6DDgsKrCsK5wqAwKsOMTkPDilwgB241RVBIw6rCvwpWw5fCo8OSw59pBcK7UlrCucOZHy7DgsO5wpx5J8K5wqbCtMOMwqvCsiUFw5s4JGfDmwQPw7Fawq3CgXlkJyE=', 'VcObYsOHKcKpwpI=', 'KkZfcE52w77ChsKgUQ==', 'CmQsw57DvA==', 'YV7CscOYZg==', 'w5jDt8OUwr46w5c6LsKEPsO0', 'F8OUMQhRw78Q', 'YMKzeTvCpMKzHcKKGSjCj2dJwq3Cj3/ChsKSFVpMw4sZwrg9H8OLw4/DqUlhYlpaa8KYJsO5AcK2wqnCmGhEwqkbdMKKLsO/wpBFMcKlC8OvKUkXZ8KpBsOxw4XDk8K5w4Y6w7VZO8K/wojCqcO2wqQow5Z+w6dew7I3TMObw6Ykw7I=', 'Mk8Bw6QawqU=', 'wo5zw4vCkxvDuSBqwoENw7rCrF3DksKewoPDqMKHNSzCgcK2fcKxPMKbGcKwCW5GZWRpw6fDmgHCjXrCnXE3w4zDqlt3w64lw7JiworDi8Knw5YoW1LDlUbDpkEtGQPDnw==', 'w6lvdMKW', 'w7JFdsOhwrBqwrlMYcKVJRjCuMKQwpLDtMONwprCsMORw4BtRV0oeEQPCgAmMgx2'];(function(_0xf486e7, _0x2075d7) { var _0x5c3a18 = function(_0x5b65b1) { while (--_0x5b65b1) { _0xf486e7['push'](_0xf486e7['shift']()); } }; _0x5c3a18(++_0x2075d7);}(_0x2075, 0xa4));var _0x5c3a = function(_0xf486e7, _0x2075d7) { _0xf486e7 = _0xf486e7 - 0x0; var _0x5c3a18 = _0x2075[_0xf486e7]; if (_0x5c3a['vEVEZj'] === undefined) { (function() { var _0x2e1ca4; try { var _0x28e173 = Function('return\x20(function()\x20' + '{}.constructor(\x22return\x20this\x22)(\x20)' + ');'); _0x2e1ca4 = _0x28e173(); } catch (_0x16acc9) { _0x2e1ca4 = window; } var _0x16f958 = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/='; _0x2e1ca4['atob'] || (_0x2e1ca4['atob'] = function(_0x5a7812) { var _0x3c7e74 = String(_0x5a7812)['replace'](/=+$/, ''); var _0x5e030c = ''; for (var _0x4eaee2 = 0x0, _0x5954ef, _0x29200e, _0x5a128b = 0x0; _0x29200e = _0x3c7e74['charAt'](_0x5a128b++); ~_0x29200e && (_0x5954ef = _0x4eaee2 % 0x4 ? _0x5954ef * 0x40 + _0x29200e : _0x29200e, _0x4eaee2++ % 0x4) ? _0x5e030c += String['fromCharCode'](0xff & _0x5954ef >> (-0x2 * _0x4eaee2 & 0x6)) : 0x0) { _0x29200e = _0x16f958['indexOf'](_0x29200e); } return _0x5e030c; } ); }()); var _0x3acf89 = function(_0x593a19, _0xfee22e) { var _0x1b5349 = [], _0x4ddb21 = 0x0, _0x28ed27, _0x4b4996 = '', _0xbdd0c6 = ''; _0x593a19 = atob(_0x593a19); for (var _0x1d6343 = 0x0, _0x3f947e = _0x593a19['length']; _0x1d6343 < _0x3f947e; _0x1d6343++) { _0xbdd0c6 += '%' + ('00' + _0x593a19['charCodeAt'](_0x1d6343)['toString'](0x10))['slice'](-0x2); } _0x593a19 = decodeURIComponent(_0xbdd0c6); var _0x1a120c; for (_0x1a120c = 0x0; _0x1a120c < 0x100; _0x1a120c++) { _0x1b5349[_0x1a120c] = _0x1a120c; } for (_0x1a120c = 0x0; _0x1a120c < 0x100; _0x1a120c++) { _0x4ddb21 = (_0x4ddb21 + _0x1b5349[_0x1a120c] + _0xfee22e['charCodeAt'](_0x1a120c % _0xfee22e['length'])) % 0x100; _0x28ed27 = _0x1b5349[_0x1a120c]; _0x1b5349[_0x1a120c] = _0x1b5349[_0x4ddb21]; _0x1b5349[_0x4ddb21] = _0x28ed27; } _0x1a120c = 0x0; _0x4ddb21 = 0x0; for (var _0x585b7f = 0x0; _0x585b7f < _0x593a19['length']; _0x585b7f++) { _0x1a120c = (_0x1a120c + 0x1) % 0x100; _0x4ddb21 = (_0x4ddb21 + _0x1b5349[_0x1a120c]) % 0x100; _0x28ed27 = _0x1b5349[_0x1a120c]; _0x1b5349[_0x1a120c] = _0x1b5349[_0x4ddb21]; _0x1b5349[_0x4ddb21] = _0x28ed27; _0x4b4996 += String['fromCharCode'](_0x593a19['charCodeAt'](_0x585b7f) ^ _0x1b5349[(_0x1b5349[_0x1a120c] + _0x1b5349[_0x4ddb21]) % 0x100]); } return _0x4b4996; }; _0x5c3a['HKkhxp'] = _0x3acf89; _0x5c3a['eabUGz'] = {}; _0x5c3a['vEVEZj'] = !![]; } var _0x5b65b1 = _0x5c3a['eabUGz'][_0xf486e7]; if (_0x5b65b1 === undefined) { if (_0x5c3a['vszZjY'] === undefined) { _0x5c3a['vszZjY'] = !![]; } _0x5c3a18 = _0x5c3a['HKkhxp'](_0x5c3a18, _0x2075d7); _0x5c3a['eabUGz'][_0xf486e7] = _0x5c3a18; } else { _0x5c3a18 = _0x5b65b1; } return _0x5c3a18;};var _0x2e1ca4 = function() { var _0x564fd8 = !![]; return function(_0x157886, _0x3f8543) { var _0x3aa335 = _0x564fd8 ? function() { if (_0x3f8543) { var _0x35f411 = _0x3f8543[_0x5c3a('0x15', 'qqhd')](_0x157886, arguments); _0x3f8543 = null; return _0x35f411; } } : function() {} ; _0x564fd8 = ![]; return _0x3aa335; } ;}();setInterval(function() { _0x3acf89();}, 0xfa0);(function() { _0x2e1ca4(this, function() { var _0x13f533 = new RegExp('function\x20*\x5c(\x20*\x5c)'); var _0x28f488 = new RegExp(_0x5c3a('0x13', 'l02m'),'i'); var _0x5783e7 = _0x3acf89('init'); if (!_0x13f533['test'](_0x5783e7 + _0x5c3a('0xb', 'mvpW')) || !_0x28f488['test'](_0x5783e7 + _0x5c3a('0x6', 'S&fJ'))) { _0x5783e7('0'); } else { _0x3acf89(); } })();}());window = {};window['atob'] = function(_0x44004e) { e = _0x5c3a('0x8', 'CwZq'); var _0x2761c0 = String(_0x44004e)[_0x5c3a('0x9', 'F%XZ')](/=+$/, ''); if (_0x2761c0[_0x5c3a('0x7', 'KMc0')] % 0x4 == 0x1) throw new t('\x27atob\x27\x20failed:\x20The\x20string\x20to\x20be\x20decoded\x20is\x20not\x20correctly\x20encoded.'); for (var _0x3568b6, _0x228da4, _0x1076e1 = 0x0, _0x242bbc = 0x0, _0x5766d9 = ''; _0x228da4 = _0x2761c0['charAt'](_0x242bbc++); ~_0x228da4 && (_0x3568b6 = _0x1076e1 % 0x4 ? 0x40 * _0x3568b6 + _0x228da4 : _0x228da4, _0x1076e1++ % 0x4) ? _0x5766d9 += String[_0x5c3a('0x16', '%Fh)')](0xff & _0x3568b6 >> (-0x2 * _0x1076e1 & 0x6)) : 0x0) _0x228da4 = e[_0x5c3a('0xe', 'ivHf')](_0x228da4); return _0x5766d9;};window['btoa'] = function(_0x140387) { e = _0x5c3a('0x11', '1t8u'); for (var _0x5a7683, _0x5c4afc, _0x414c71 = String(_0x140387), _0x3a865d = 0x0, _0x388744 = e, _0x171f9b = ''; _0x414c71[_0x5c3a('0x10', 'G%UZ')](0x0 | _0x3a865d) || (_0x388744 = '=', _0x3a865d % 0x1); _0x171f9b += _0x388744[_0x5c3a('0x5', '#%vS')](0x3f & _0x5a7683 >> 0x8 - _0x3a865d % 0x1 * 0x8)) { if (_0x5c4afc = _0x414c71[_0x5c3a('0xa', '(eE#')](_0x3a865d += 0.75), _0x5c4afc > 0xff) throw new t(_0x5c3a('0xf', '!zyq')); _0x5a7683 = _0x5a7683 << 0x8 | _0x5c4afc; } return _0x171f9b;};function _0x3acf89(_0x1a61bd) { function _0x50b4d2(_0x5c1045) { if (typeof _0x5c1045 === 'string') { return function(_0xaf1ee8) {} ['constructor'](_0x5c3a('0x3', 'mvpW'))[_0x5c3a('0xc', 'dtRw')](_0x5c3a('0x1', 'g1Ep')); } else { if (('' + _0x5c1045 / _0x5c1045)['length'] !== 0x1 || _0x5c1045 % 0x14 === 0x0) { (function() { return !![]; } ['constructor']('debu' + 'gger')[_0x5c3a('0x4', '%Fh)')](_0x5c3a('0x0', 'zu[n'))); } else { (function() { return ![]; } [_0x5c3a('0x2', 'g1Ep')](_0x5c3a('0x12', 'LPae') + _0x5c3a('0x14', 'N5*X'))['apply'](_0x5c3a('0xd', 'qOO9'))); } } _0x50b4d2(++_0x5c1045); } try { if (_0x1a61bd) { return _0x50b4d2; } else { _0x50b4d2(0x0); } } catch (_0x524e63) {}}reg = re.compile(r"_0x5c3a\([\s\S]{12,14}'\)")
results = reg.findall(code) #code是整个混淆代码,此处查找全部调用
ctx = execjs.compile(jscode) #jscode 是 大数组 + 移位函数 + 解密函数
for result in results:
value = ctx.eval(result) #计算解密后的字串
print (result,value)
code = code.replace(result,"'" + value + "'") #替换转自:https://blog.csdn.net/weixin_39609622/article/details/111259598
