AST反混淆实战|猿人学第二届比赛第四题代码片段还原(去控制流)
本文章中所有内容仅供学习交流,不可用于任何商业用途和非法用途,否则后果自负,如有侵权,请联系作者立即删除!2.冗余语句的删除,确保return语句后面只有break语句,也是为了代码统一方便处理。1.代码统一,确保每个case后面都有break语句,发现这里没有break语句.这是一个很 见得的for-switch语句,只比ob混淆的控制流难那么一点点。3.指向下一个case的值要明确,赋值语句的
·
关注它,不迷路。
本文章中所有内容仅供学习交流,不可用于任何商业用途和非法用途,否则后果自负,如有侵权,请联系作者立即删除!
1.代码demo:
var _$cW = function (_$a, _$e) { var _$r, _$c, _$v, _$s, _$n, _$f, _$t, _$i, _$o, _$k, _$b, _$l, _$h, _$g, _$u, _$p, _$y, _$w, _$d, _$M, _$I, _$A, _$S, _$m; _$r = 13; _$c = 13; while (true) { switch (_$c) { case 1: _$M = _$d[4] + _$d[6]; _$c += 5; break; case 2: _$v = []; _$c += 15; break; case 3: _$M = _$M / _$d[8]; _$c += 4; break; case 4: _$M = _$M / _$d[4]; _$c += 21; break; case 5: _$M = _$M + _$d[6]; _$c += 4; break; case 6: for (_$s = 0; _$s < _$a.length; _$s++) { _$r = _$w; _$n = _$a; _$f = _$s; _$t = _$n[_$f]; _$i = _$r[_$t]; _$o = !_$i; if (_$o) { _$r = _$w; _$n = _$a; _$f = _$s; _$t = _$n[_$f]; _$i = 1; _$r[_$t] = 1; } else { _$r = _$w; _$n = _$a; _$f = _$s; _$t = _$n[_$f]; _$i = _$w; _$o = _$a; _$k = _$s; _$b = _$o[_$k]; _$l = _$i[_$b]; _$h = 1; _$g = _$l + 1; _$r[_$t] = _$g; } } _$c -= 1; break; case 7: for (_$s = _$y.length - 1; _$s >= 0; _$s--) { _$r = _$y; _$n = _$s; _$f = _$r[_$n]; _$u = _$f; _$r = _$u; if (_$r) { for (_$p = 0; _$p < _$u.length; _$p++) { _$r = _$I; _$n = _$e; _$f = _$r === _$n; if (_$f) { _$r = _$v; return _$r; } _$r = _$v; _$n = "p"; _$f = _$u; _$t = _$p; _$i = _$f[_$t]; _$r["p"](_$i); _$I++; } } } _$c += 16; break; case 8: _$y = []; _$c += 6; break; case 9: _$M = _$M * _$d[7]; _$c += 3; break; case 10: _$M = _$M - _$d[2]; _$c -= 8; break; case 11: _$M = _$M - _$d[2]; _$c -= 8; break; case 12: if (_$d[6] - _$d[5] > 0) { _$r = _$M; _$n = _$d; _$t = _$n[3]; _$i = _$r + _$t; _$M = _$i; _$r = _$M; _$n = _$d; _$f = 2; _$t = _$n[2]; _$i = _$r + _$t; _$o = _$d; _$k = 5; _$b = _$o[5]; _$l = _$i - _$b; _$M = _$l; } else { _$r = _$M; _$n = _$d; _$t = _$n[6]; _$i = _$r * _$t; _$M = _$i; _$r = _$M; _$n = _$d; _$f = 2; _$t = _$n[2]; _$i = _$r - _$t; _$M = _$i; } _$c -= 4; break; case 13: _$w = {}; _$d = []; _$c += 9; break; case 14: _$d[8] = _$M / _$d[4]; _$c += 4; break; case 15: _$d[4] = _$M - _$d[5]; _$c -= 4; break; case 16: _$M = _$M + _$d[8]; _$c += 5; break; case 17: _$M = _$M * _$d[6]; _$c += 9; break; case 18: _$M = _$M - _$d[6]; _$c -= 2; break; case 19: _$I = 0; _$c -= 4; break; case 20: if (_$d[8] - _$d[5] > 0) { _$r = _$M; _$n = _$d; _$t = _$n[4]; _$i = _$r + _$t; _$M = _$i; _$r = _$M; _$n = _$d; _$f = 6; _$t = _$n[6]; _$i = _$r + _$t; _$o = _$d; _$k = 5; _$b = _$o[5]; _$l = _$i - _$b; _$M = _$l; } else { _$r = _$M; _$n = _$d; _$t = _$n[0]; _$i = _$r * _$t; _$M = _$i; _$r = _$M; _$n = _$d; _$f = 2; _$t = _$n[2]; _$i = _$r - _$t; _$M = _$i; } _$c -= 1; break; case 21: for (var _$T in _$w) { _$r = _$w; _$n = _$T; _$f = _$r[_$n]; _$A = _$f; _$r = _$y; _$n = _$A; _$f = 1; _$t = _$n - 1; _$i = _$r[_$t]; _$o = !_$i; if (_$o) { _$r = _$y; _$n = _$A; _$f = 1; _$t = _$n - 1; _$i = _$T; _$o = 10; _$k = parseInt(_$i, 10); _$b = [_$k]; _$r[_$t] = _$b; } else { _$r = _$y; _$n = _$A; _$f = 1; _$t = _$n - 1; _$i = _$r[_$t]; _$o = "p"; _$k = _$T; _$b = 10; _$l = parseInt(_$k, 10); _$i["p"](_$l); } } _$c -= 17; break; case 22: for (_$S = 0; _$S < 10; _$S++) { _$r = _$d; _$n = "p"; _$f = _$S; _$t = 6; _$i = _$f + 6; _$r["p"](_$i); } _$c -= 21; break; case 23: _$M = _$M - _$d[2]; case 24: return _$v; _$c -= NaN; break; case 25: if (_$M - _$d[6]) { _$r = _$M; _$n = _$d; _$f = 3; _$t = _$n[3]; _$i = _$r + _$t; _$M = _$i; } _$c -= 15; break; case 26: _$m = _$d[0]; _$c -= 6; break; } }};2.还原分析:
1.代码统一,确保每个case后面都有break语句,发现这里没有break语句.
处理前:
处理后:
2.冗余语句的删除,确保return语句后面只有break语句,也是为了代码统一方便处理。
处理前:
处理后:
3.指向下一个case的值要明确,赋值语句的操作符变更。
处理前:
处理后:
3.去控制流:
经过上面的统一处理后,再写反混淆代码就轻松多了。
这是一个很 见得的for-switch语句,只比ob混淆的控制流难那么一点点。
没有多余的条件表达式,也不用处理循环语句。
完整代码请参考:
https://t.zsxq.com/gQsk9今天的分享就到这里,感谢阅读。
欢迎加入知识星球,学习更多AST和爬虫技巧。
开源鸿蒙跨平台开发社区汇聚开发者与厂商,共建“一次开发,多端部署”的开源生态,致力于降低跨端开发门槛,推动万物智联创新。
更多推荐
7
0- 0
已为社区贡献1条内容
所有评论(0)