一直以来,JS前端代码因为必须经过IE明文解析,某些加密的JS如:JScript.Encode也因为树大招风,早就被人破解了。还有些加密的手段,通过复杂的变换,改变源码,但最终都逃不脱最后的审判,像unescape,document.write,eval语句来还原。对于JS代码的保护,最好的手段就是混淆,混淆的目的就是让读懂代码的成本比直接写代码的成本高,混淆不是不可破解的,只是增加破解成本,JAVA,C#的加密都是采用混淆。这样对于非常核心的代码,混淆起不到保护代码的作用,不过JS有这样的代码么?本程序没有用到编译原理,其分词解析思想是基于mechiland(
http://www.jzchen.net)的代码高亮程序,参考了蓝色经典的
加密混淆专题讨论。
<HTML><HEAD><TITLE>Cunfusion</TITLE>
<META content="MSHTML 6.00.2800.1528" name=GENERATOR>
<META content="" name=Author>
<META content="" name=Keywords>
<META content="" name=Description></HEAD>
<BODY>
<SCRIPT language=JavaScript>
<!--
/**//**//**//**
** ==================================================================================================
** 类名:CLASS_CONFUSION
** 功能:JS混淆
** 示例:
---------------------------------------------------------------------------------------------------
var xx = new CLASS_CONFUSION(code);
document.getElementById("display").innerHTML = xx.confusion();
---------------------------------------------------------------------------------------------------
** 作者:ttyp
** 邮件:ttyp@21cn.com
** 日期:2006-3-20
** 版本:0.12
** ==================================================================================================
**/
function CLASS_CONFUSION(code){
//哈希表类
function Hashtable(){
this._hash = new Object();
this.add = function(key,value){
if(typeof(key)!="undefined"){
if(this.contains(key)==false){
this._hash[key]=typeof(value)=="undefined"?null:value;
return true;
} else {
return false;
}
} else {
return false;
}
}
this.remove = function(key){delete this._hash[key];}
this.count = function(){var i=0;for(var k in this._hash){i++;} return i;}
this.items = function(key){return this._hash[key];}
this.contains = function(key){return typeof(this._hash[key])!="undefined";}
this.clear = function(){for(var k in this._hash){delete this._hash[k];}}
}
function VariableMap(parent){
this.table = new Hashtable();
this.level = parent?parent.level+1:0;
this.parent= parent;
this.add = function(key,value){this.table.add(key,value)};
this.items = function(key){return this.table.items(key)};
this.count = function(){return this.table.count()};
this.contains = function(key){return this.table.contains(key);}
this.isParameter = false;
}
this._caseSensitive = true;
//字符串转换为哈希表
this.str2hashtable = function(key,cs){
var _key = key.split(/,/g);
var _hash = new Hashtable();
var _cs = true;
if(typeof(cs)=="undefined"||cs==null){
_cs = this._caseSensitive;
} else {
_cs = cs;
}
for(var i in _key){
if(_cs){
_hash.add(_key[i]);
} else {
_hash.add((_key[i]+"").toLowerCase());
}
}
return _hash;
}
//获得需要转换的代码
this._codetxt = code;
if(typeof(syntax)=="undefined"){
syntax = "";
}
this._deleteComment = false;
//是否大小写敏感
this._caseSensitive = true;
//得到关键字哈希表
this._keywords = this.str2hashtable("switch,case,delete,default,typeof,for,in,function,void,this,boolean,while,if,return,new,true,false,try,catch,throw,null,else,do,var");
this._function = this.str2hashtable("function");
this._var = "var";
this._beginBlock = "{";
this._endBlock = "}";
this._window = this.str2hashtable("alert,escape,unescape,document,parseInt,parseFloat");
//得到内建对象哈希表
this._commonObjects = this.str2hashtable("String,Number,Boolean,RegExp,Error,Math,Date,Object,Array,Global");
//得到分割字符
this._wordDelimiters= " ,.?!;:\\/<>(){}[]\"'\r\n\t=+-|*%@#$^&";
//引用字符
this._quotation = this.str2hashtable("\",'");
//行注释字符
this._lineComment = "//";
//转义字符
this._escape = "\\";
//多行引用开始
this._commentOn = "/*";
//多行引用结束
this._commentOff = "*/";
this._execute = "eval";
//引用调用字符
this._call = ".";
this._varPause = "=";
this._varContinue = ",";
//变量个数
this._varNum = 0;
this.confusion = function() {
var codeArr = new Array();
var word_index = 0;
var htmlTxt = new Array();
//得到分割字符数组(分词)
for (var i = 0; i < this._codetxt.length; i++) {
if (this._wordDelimiters.indexOf(this._codetxt.charAt(i)) == -1) { //找不到关键字
if (codeArr[word_index] == null || typeof(codeArr[word_index]) == 'undefined') {
codeArr[word_index] = "";
}
codeArr[word_index] += this._codetxt.charAt(i);
} else {
if (typeof(codeArr[word_index]) != 'undefined' && codeArr[word_index].length > 0)
word_index++;
codeArr[word_index++] = this._codetxt.charAt(i);
}
}
var quote_opened = false; //引用标记
var slash_star_comment_opened = false; //多行注释标记
var slash_slash_comment_opened = false; //单行注释标记
var line_num = 1; //行号
var quote_char = ""; //引用标记类型
var call_opened = false;
var call_string = "";
var var_opened = false;
var var_pause = false;
var function_opened = false;
var parameter_opened = false;
var var_map = new VariableMap();
var cur_var_map = var_map;
var execute_opened = false;
//按分割字,分块显示