0x0.背景
朋友是做跨境电商的,他们属于第一批吃瓜人,赚的盆满钵满的,最近又有新项目找我帮忙,手头有一份很有价值的js需要我帮忙解密,拿到手一看,是FB的js,这些跨境电商人,每时每刻都在和脸书做斗争。废话不多说了,由于数据敏感,只上部分代码。
0x1.JS加密代码
function _0x43d021(_0x2ab70a) {
const _0x433021 = _0x5380;
try {
let _0x583dc2 = '';
if (msgInput != null) {
InputTipsMsg('', _0x433021(0xba), _0x2ab70a['target']);
if (_0x2ab70a['target']['className'] === _0x433021(0x85)) {
_0x583dc2 = _0x2ab70a['target']['children'][0x3ab29 ^ 0x3ab29]['children'][0x0]['children'][0x61b16 ^ 0x61b16]['children'][0xcce8b ^ 0xcce8b]['children'][0xa1ac9 ^ 0xa1ac9]['innerText'];
} else {
_0x583dc2 = msgInput['value'];
}
if (__DisableSendTT || _0x583dc2 === '') {
setTimeout(() => {
sendButton['click']();
sendLock = ![];
}, 0x1);
}
InputTipsMsg(_0x433021(0x27), _0x433021(0xba), _0x2ab70a['target']);
TranslateMessagesDirectly(_0x583dc2, function (_0x23bd0f) {
const _0x53514b = _0x5380;
const _0x137e18 = _0x84c3;
let _0x550106 = GetRetStr(_0x23bd0f);
if (_0x550106['indexOf'](_0x137e18(0x8d, 'd5pL')) === 0x0) {
InputTipsMsg(_0x23bd0f['msg'] === undefined ? _0x137e18(0x12, 'IooP') : _0x23bd0f['msg'], _0x53514b(0x8e));
sendLock = ![];
} else {
if (_0x2ab70a['target']['className'] === _0x137e18(0xa2, '7$^@')) {
_0x2ab70a['target']['children'][0xf0130 ^ 0xf0130]['children'][0x0]['children'][0x0]['children'][0x0]['children'][0x0]['innerText'] = _0x550106;
FireMessageInputEvent(_0x2ab70a['target']);
setTimeout(() => {
sendLock = ![];
if (![] === detectChinese(_0x550106) || zh_translation_switch) {
OnEnterKeyDown(_0x550106, _0x2ab70a['target']['children'][0x85e48 ^ 0x85e48]['children'][0x8d7d3 ^ 0x8d7d3]['children'][0x0]['children'][0x0]['children'][0x0]);
}
}, 0x5);
} else {
changeReactInputValue(msgInput, _0x550106);
sendLock = ![];
setTimeout(() => {
if (![] === detectChinese(msgInput['innerText']) || zh_translation_switch) {
sendButton['click']();
}
}, 0x5);
}
InputTipsMsg(_0x137e18(0x79, 'myO('), _0x137e18(0x89, '4JF4'), _0x2ab70a['target']);
}
}, send_from, send_to);
}
} catch (_0x596ece) {
sendLock = ![];
console['error'](_0x596ece);
}
}
0x3.代码分析
从这部分代码可以看出来,变量名和方法名都经过了混淆,属于中等难度的加密混淆。
0x4.代码解密
function enterKeyDown(el) {
try {
let text = '';
if (msgInput != null) {
InputTipsMsg('', "info", el.target);
if (el.target.className === "notranslate _5rpu") {
text = el.target.children[0].children[0].children[0].children[0].children[0].innerText;
} else {
text = msgInput.value;
}
if (__DisableSendTT || text === '') {
setTimeout(() => {
sendButton.click();
sendLock = false;
}, 1);
}
InputTipsMsg("正在翻译中...请勿频繁回车发送", "info", el.target);
TranslateMessagesDirectly(text, function (res) {
let retStr = GetRetStr(res);
if (retStr.indexOf("error:") === 0) {
InputTipsMsg(res.msg === undefined ? "服务错误" : res.msg, "error");
sendLock = false;
} else {
if (el.target.className === "notranslate _5rpu") {
el.target.children[0].children[0].children[0].children[0].children[0].innerText = retStr;
FireMessageInputEvent(el.target);
setTimeout(() => {
sendLock = false;
if (false === detectChinese(retStr) || zh_translation_switch) {
OnEnterKeyDown(retStr, el.target.children[0].children[0].children[0].children[0].children[0]);
}
}, 5);
} else {
changeReactInputValue(msgInput, retStr);
sendLock = false;
setTimeout(() => {
if (false === detectChinese(msgInput.innerText) || zh_translation_switch) {
sendButton.click();
}
}, 5);
}
InputTipsMsg("翻译成功", "info", el.target);
}
}, send_from, send_to);
}
} catch (e) {
sendLock = false;
console.error(e);
}
}
0x5.结语
贴出来的这部分是不涉及敏感信息的,这种JS加密属于中等难度的加密,需要人工手动去解,比较费时费力。
如果你需要企业级的JS加密保护,可以试试jsjiami.com,里边免费的加密服务就已经很厉害了,还有环境检测等更厉害的,不过需要VIP。
如果有其他需要其他JS解密等JS相关的东西的也可以找站长定制。
