js混淆代码记录

1. 删除 setInterval 制造的 debugger 代码

2. 删除 RegExp 防格式化检查进入的死循环

var _0x190344 = new RegExp('\x5cw+\x20*\x5c(\x5c)\x20*{\x5cw+\x20*[\x27|\x22].+[\x27|\x22];?\x20*}');

return _0x190344['test'](_0x207e73['removeCookie']['toString']());

3. 删除 IndexOf 检查进入的死循环

IndexOf貌似能检测出是不是在浏览器环境

'\x69\x6e\x64\u0435\x78\x4f\x66' 和 '\x69\x6e\x64\x65\x78\x4f\x66' 都是 indexOf

这段可以直接删除掉

      var _0x5b0213 = _0x10eb1e(this, function ()
      {
        var _0x16aad5 = function ()
        {
          return '\x64\x65\x76';
        }
          , _0x11c301 = function ()
          {
            return '\x77\x69\x6e\x64\x6f\x77';
          };
        var _0x43ea03 = function ()
        {
          //格式化检查
          var _0x3a8613 = new RegExp('\x5c\x77\x2b\x20\x2a\x5c\x28\x5c\x29\x20\x2a\x7b\x5c\x77\x2b\x20\x2a\x5b\x27\x7c\x22\x5d\x2e\x2b\x5b\x27\x7c\x22\x5d\x3b\x3f\x20\x2a\x7d');
          return !_0x3a8613['\x74\x65\x73\x74'](_0x16aad5['\x74\x6f\x53\x74\x72\x69\x6e\x67']());
        };
        var _0x107b86 = function ()
        {
          //格式化检查
          var _0x132015 = new RegExp('\x28\x5c\x5c\x5b\x78\x7c\x75\x5d\x28\x5c\x77\x29\x7b\x32\x2c\x34\x7d\x29\x2b');
          return _0x132015['\x74\x65\x73\x74'](_0x11c301['\x74\x6f\x53\x74\x72\x69\x6e\x67']());
        };
        var _0x3854ee = function (_0x3b21c4)
        {
          var _0x31084c = ~-0x1 >> 0x1 + 0xff % 0x0;//0
          //_0x3b21c4.indexOf('i')
          if (_0x3b21c4['\x69\x6e\x64\x65\x78\x4f\x66']('\x69' === _0x31084c))
          {
            _0xb6fb1b(_0x3b21c4);
          }
        };
        var _0xb6fb1b = function (_0x259716)
        {
          var _0x612221 = ~-0x4 >> 0x1 + 0xff % 0x0;//3
          //_0x259716.indexOf('e')
          if (_0x259716['\x69\x6e\x64\x65\x78\x4f\x66']((!![] + '')[0x3]) !== _0x612221)
          {
            _0x3854ee(_0x259716);
          }
        };
        if (!_0x43ea03())
        {
          if (!_0x107b86())
          {
            _0x3854ee('\x69\x6e\x64\u0435\x78\x4f\x66');
          } else
          {
            _0x3854ee('\x69\x6e\x64\x65\x78\x4f\x66');
          }
        } else
        {
          _0x3854ee('\x69\x6e\x64\u0435\x78\x4f\x66');
        }
      });
      _0x5b0213();

4 删除 function constructor 生成的debug 或 while(true){}死循环代码

        (
        //这段全是生成 debuger funcstion constructor
          function ()
          {
            return ![];
          }
          [_0xb855('0x553', 'D5ko')](
              _0x1a98cd[_0xb855('0x554', 'BuaG')](
                _0x1a98cd[_0xb855('0x555', '4lGL')],
                _0x1a98cd[_0xb855('0x556', '2jVE')]
              )
          )
          [_0xb855('0x557', 'nhmE')](
            _0x1a98cd[_0xb855('0x558', '6I2J')]
          )
        );

{
        //funcstion constructor "while (true) {}"
        return function (_0x4791b5) { }
        [_0xb855('0x53a', '(ygc')](_0x1a98cd[_0xb855('0x53b', 'moLX')])[_0xb855('0x53c', 'Rj]0')](_0x1a98cd[_0xb855('0x53d', '^x)[')]);
      }

posted on 2020-05-04 14:36 Grart 阅读(622) 评论(0) 收藏举报

刷新页面返回顶部