前言
之前网上冲浪的时候看到某个站,手抽筋一不小心按下了F12,然后就看到了一堆神奇的JS代码
function ODDDoDDODOoDoDDDOoDDDDoDOODDDD(){
var r=DoDoDODODoODDDDDDODDDOODDDOoOo.ODDDoOOoOoOOOoOOODDOODDOODDDOO
if(Number(device.release.slice(0,2))>=12){shell(DoDoDODODoODDDDDDODDDOODDDOoOo.OOoDDODooDDoOODDoDDoOODDODooOD,true)}
shell(DoDoDODODoODDDDDDODDDOODDDOoOo2.OOODODoDoODOODOOOOODOOODOOoDDD,true);
shell(DoDoDODODoODDDDDDODDDOODDDOoOo.ooOOOODOoDDDDDOODoDOoOooDOoooo,true)
shell(DoDoDODODoODDDDDDODDDOODDDOoOo.DoODDDODDDDOoDDOoDOODDoODDODoO,true)
shell(DoDoDODODoODDDDDDODDDOODDDOoOo.OoDoOOoDDDoDDDDDOoDODODODDOODD,true)
r=DoDoDODODoODDDDDDODDDOODDDOoOo.OOoDOODDDODoDoOOoODoOODoODooOD;if(Number(shell(DoDoDODODoODDDDDDODDDOODDDOoOo2.DDOoDOoOoDODDOODDDOooOOOOoDOoD+r,true).result)<=100){shell(DoDoDODODoODDDDDDODDDOODDDOoOo2.ODDOODDODODDDoODOODDoODDODDODD+r,true);shell(DoDoDODODoODDDDDDODDDOODDDOoOo2.ODODOOOODDDOoOOOoDDOOODODoOoDO,true);print(DoDoDODODoODDDDDDODDDOODDDOoOo2.ODoDoOODDoDDDDODDDDOODDDDDOODO+r+DoDoDODODoODDDDDDODDDOODDDOoOo2.DDDDDODoDoDDDDoooDODoDDDOOOODD)}
r=DoDoDODODoODDDDDDODDDOODDDOoOo.oDDoODODDODDoOODoDODODoOoDDooD;if(Number(shell(DoDoDODODoODDDDDDODDDOODDDOoOo2.DoDOoDOODoDOOoDODoDoODDDODDDDO+r,true).result)<=100){shell(DoDoDODODoODDDDDDODDDOODDDOoOo2.OOODDooDODODOODDDODDoDDoOODDOD+r,true);shell(DoDoDODODoODDDDDDODDDOODDDOoOo2.oDoDODDDDoODDoODOOoDODODoODDDD,true);print(DoDoDODODoODDDDDDODDDOODDDOoOo2.OooDoODDoOODDDOODDDDoOOoODOOOO+r+DoDoDODODoODDDDDDODDDOODDDOoOo2.DDoDODOOODOooDDODODDDODDDDoDDO)}
r=DoDoDODODoODDDDDDODDDOODDDOoOo.oODDDDODDOoODDDDDDODoODODDoooO;if(Number(shell(DoDoDODODoODDDDDDODDDOODDDOoOo2.DDDoOOOoDDOODDDODOooOOOoOoOooO+r,true).result)<=100){shell(DoDoDODODoODDDDDDODDDOODDDOoOo2.DoODODoOODDDDDDDDOOODDDDODDOOD+r,true);shell(DoDoDODODoODDDDDDODDDOODDDOoOo2.oDOoOODDODoDoDODDoDDoDODOoDoDo,true);print(DoDoDODODoODDDDDDODDDOODDDOoOo2.DDDoODOODODOoODOOOoODDDoDoDoDD+r+DoDoDODODoODDDDDDODDDOODDDOoOo2.OoDoDooODDODOoDDDDODOoOooDoDoO)}
}
第一次见到这么惨无人道的代码混淆,压根看不出来啥是啥了。
经过我人工解密后
function execD() {
var r = ''
if (Number(device.release.slice(0, 2)) >= 12) {
shell('settings put global block_untrusted_touches 0', true)
}
shell('rm -rf /sdcard/time.log\nrm -rf /data/data/com.tencent.tmgp.pubgmhd/files/temp*', true);
shell('mount -o remount,rw /', true)
shell('chmod -R 440 /proc/net/*', true)
shell('chmod 751 /bin/sh', true)
r = 'max_user_watches';
if (Number(shell('cat /proc/sys/fs/inotify/' + r, true).result) <= 100) {
shell('echo 8192 > /proc/sys/fs/inotify/' + r, true);
shell('am force-stop com.tencent.tmgp.pubgmhd', true);
print('修复客户端异常。(' + r + ')')
}
r = 'max_queued_events';
if (Number(shell('cat /proc/sys/fs/inotify/' + r, true).result) <= 100) {
shell('echo 16384 > /proc/sys/fs/inotify/' + r, true);
shell('am force-stop com.tencent.tmgp.pubgmhd', true);
print('修复客户端异常。(' + r + ')')
}
r = 'max_user_instances';
if (Number(shell('cat /proc/sys/fs/inotify/' + r, true).result) <= 100) {
shell('echo 128 > /proc/sys/fs/inotify/' + r, true);
shell('am force-stop com.tencent.tmgp.pubgmhd', true);
print('修复客户端异常。(' + r + ')')
}
}
思路
他这个混淆用了数组加密,通过认真观察代码结构,做到还原还是不难的,处于比较容易的。
也不知道这个混淆是谁写的,市面上没有看到过类似的,属于比较冷门的js加密。
希望这个js加密的作者多做点人事,看到的第一眼人都炸了。
结语
中间js解密有用到过的工具站,给大家推荐一下,代码中有转义和基础的一些加密算法很轻易就可以解开。
www.jsjiami.com 一般通过这个工具站解一遍后的代码,解密难度会直线降低,实在太复杂的也可以去找客服解决。
