AST|【2021-09-24】Babel AST for-switch简单控制流
【AST|【2021-09-24】Babel AST for-switch简单控制流】学习文章:https://mp.weixin.qq.com/s/nzbKgYEyE1AhJ3v82rxtkA
文章图片
js混淆和ast反混淆脚本
const fs = require('fs');
const TNT = require("@babel/types");
const {
parse } = require("@babel/parser");
const traverse = require("@babel/traverse").default;
const generator = require("@babel/generator").default;
let ast = parse(`
function $_FIn(e, t, r) {
var $_CGFHG = 10;
for (;
$_CGFHG !== 9;
) {
switch ($_CGFHG) {
case 10:
var n = e["split"]("."),
i = n[0] || "div",
o = new $_EHB(n)["$_GFS"](1)["$_GGD"](function(e, t, r) {
var $_DBIK = cZBsG.$_CN,
$_DBHT = ["$_DCBG"].cancat($_DBIK);
$_DBHT.shift();
return PREFIX + e;
})["$_GHx"](" "),
s = new $_EJo(i);
return r("." + n[1], s),
"input" == i && s["$_GIU"]({
"type": "hidden",
"name": o
}),
s["$_GJa"]({ "className": o }),
$_DHf(t) ? s["$_HAZ"](t) : new $_EIz(t)["$_HBY"](function(e, t) {
var $_DCDu = cZBsG.$_CN,
$_DCCF = ["$_DCGs"].concat(s_DCDu);
$_DCCF.shift();
s["$_HCj"]($_FIn(e, t, r));
}), s;
$_CGFHG = 9;
break;
}}
}`)
traverse(ast, {FunctionDeclaration(path) {let Body = path.get('body').node.body
// 第一步:判断函数下面两个子节点是否是var for
if (!Body || Body.length != 2 || !TNT.isVariableDeclaration(Body[0]) || !TNT.isForStatement(Body[1])) return;
let num = Body[1].test.right.value;
// 9 【for语句: $_CGFHG !== 9】
let forBlockName = Body[1].test.left.name;
// $_CGFHG 【for语句: $_CGFHG !== 9】// 第二步:查看for语句前面是否存在该变量
let isExist = Body[0].declarations.filter(item => item.id.name === forBlockName)
let switchBody = Body[1].body.body;
if (!isExist || switchBody.length !== 1 || switchBody[0].cases.length !== 1 || switchBody[0].discriminant.name !== forBlockName) return;
// 第三步:【case语句: $_CGFHG = 9;
】
let consequents = switchBody[0].cases[0].consequent;
// case语句下面的全部节点
let lastNode = consequents[consequents.length - 2] // 排除break语句后当作最后一个节点
if (TNT.isExpressionStatement(lastNode)) {
// 排除 【$_CGFHG = 9;
】 和 break语句
var {
operator, left, right } = lastNode.expression;
if (operator == "=" && left.name == forBlockName && right.value =https://www.it610.com/article/= num) {path.get("body").node.body = consequents.slice(0, consequents.indexOf(lastNode));
}
}
},
})let {
code } = generator(ast, {
retainLines: false, jsescOption: {
minimal: true, } })
fs.writeFileSync("_result_.js", code, "utf-8")
学习目标【还没写出来】
还原前:function Y3s(L8s, T8s, B8s) {var g8s = 2;
for (;
g8s !== 17;
) {switch (g8s) {case 11:
k3s[O3s] = r3s(k3s[O3s - 1], k3s[O3s - 1])[q8s[86]]();
g8s = 10;
break;
case 20:
c3s = h3s[q8s[88]][q8s[89]](L8s[q8s[90]](V3s) ^ k3s[O3s][q8s[91]](Z3s)) + c3s;
g8s = 19;
break;
case 13:
O3s = 0;
g8s = 12;
break;
case 6:
Z3s = 0;
g8s = 14;
break;
case 9:
var V3s = L8s[q8s[84]] - 1
, Z3s = 0;
g8s = 8;
break;
case 7:
g8s = Z3s === u3s ? 6 : 20;
break;
case 12:
g8s = k3s[q8s[85]] < B8s ? 11 : 10;
break;
case 2:
var c3s = q8s[81];
var O3s = 0;
var k3s = [];
k3s[O3s] = T8s[q8s[82]]();
var u3s = k3s[O3s][q8s[83]];
g8s = 9;
break;
case 10:
u3s = k3s[O3s][q8s[87]];
g8s = 20;
break;
case 8:
g8s = V3s >= 0 ? 7 : 18;
break;
case 14:
g8s = ++O3s === B8s ? 13 : 12;
break;
case 18:
return c3s;
break;
case 19:
--V3s,
++Z3s;
g8s = 8;
break;
}
}
}还原后:function Y3s(L8s, T8s, B8s) {var c3s = q8s[81];
var O3s = 0;
var k3s = [];
k3s[O3s] = T8s[q8s[82]]();
var u3s = k3s[O3s][q8s[83]];
var V3s = L8s[q8s[84]] - 1
, Z3s = 0;
while (V3s >= 0) {if (Z3s === u3s) {Z3s = 0;
if (++O3s === B8s) {O3s = 0;
}if (k3s[q8s[85]] < B8s) {k3s[O3s] = r3s(k3s[O3s - 1], k3s[O3s - 1])[q8s[86]]();
}u3s = k3s[O3s][q8s[87]];
}c3s = h3s[q8s[88]][q8s[89]](L8s[q8s[90]](V3s) ^ k3s[O3s][q8s[91]](Z3s)) + c3s;
--V3s,
++Z3s;
}return c3s;
}推荐阅读
- 宽容谁
- 我要做大厨
- 增长黑客的海盗法则
- 画画吗()
- 2019-02-13——今天谈梦想()
- 远去的风筝
- 三十年后的广场舞大爷
- 叙述作文
- 20190302|20190302 复盘翻盘
- 学无止境,人生还很长