基于AST 手撕OB混淆

猿人学题目2:

提取全部5页发布日热度的值,计算所有值的加和,并提交答案 (感谢蔡老板为本题提供混淆方案)

参考资料:

OB 混淆官网 JavaScript Obfuscator Tool https://obfuscator.io/

AST 节点属性详解 https://github.com/babel/babel/blob/main/packages/babel-parser/ast/spec.md#unaryexpression

AST 在线结构解析 https://astexplorer.net/

特别鸣谢 为我提供思路的下面6篇文章的作者 渔滒 https://blog.csdn.net/zjq592767809

猿人学 web第二题混淆对抗 2021-10-18 https://blog.csdn.net/zjq592767809/article/details/120854404

《JavaScript AST其实很简单》一、相关基础知识与环境配置 https://blog.csdn.net/zjq592767809/article/details/111404402

《JavaScript AST其实很简单》二、Step1-函数调用还原 https://blog.csdn.net/zjq592767809/article/details/111562259

《JavaScript AST其实很简单》三、Step2-对象调用还原 https://blog.csdn.net/zjq592767809/article/details/111711339

《JavaScript AST其实很简单》四、Step3-分支流程判断 https://blog.csdn.net/zjq592767809/article/details/111936396

《JavaScript AST其实很简单》五、Step4-平坦化控制流 https://blog.csdn.net/zjq592767809/article/details/112055713

猿人学第二题难点有二,一个是抓包,二个是反混淆.

因为网页会自动刷新,在浏览器上看不到设置cookie的那个包,

需要使用fiddller之类的抓包软件,就能很清楚的看到页面被请求了两次,

第一次返回的是一个JS文件,

第二次在请求头的cookie中加入了 m 值,才返回了HTML页面

很显然,m值就是第一次请求返回的JS文件执行而来.

这个JS 是一个混淆之后的文件,而且在2021/10月份的时候对混淆方式进行了更新升级,

现有的工具(猿人学自己的解OB工具, de4js 在线解混淆)均无法直接解开这个JS文件

网上帖子几乎均已失效(因为他们都是用工具直接解的混淆)

环境配置

  1. python:我是用的是3.10版本,并需要设置环境变量

  2. PyCharm:集成环境的编辑器,2021.2版本

  3. nodejs:16.14.0版本,并需要设置环境变量

  4. node三方库:esprima 和 escodegen,分别是将js代码转换为AST和将AST转换为js代码

  5. python三方库:execjs用于在python中调用js代码,需要使用pip3 install PyExecJS安装

已知问题及其解决方法

execjs模块可能会出现编码问题,如果报GBK编码错误,可以顺着报错信息点进去,

将构造函数里面的 encoding=None 改为 encoding=“utf-8” ,保存即可.

就猿人学第二题的JS而言,在触发其报错的地方可能会发现一个彩蛋!

文件准备

一. 编写两个工具文件

JsToJson.js 用来将JS文件转为json

// JsToJson.js
// js 转 json
const fs = require('fs');
const esprima = require('esprima')
const escodegen = require('escodegen')const input_text = process.argv[2];
const output_text = process.argv[3];const data = fs.readFileSync(input_text);
const ast = esprima.parseScript(data.toString());
const ast_to_json = JSON.stringify(ast);
fs.writeFileSync(output_text, ast_to_json);

JsonToJs.js 将json转为js

// JsonToJs.js
// json 转 js
const fs = require('fs');
const esprima = require('esprima')
const escodegen = require('escodegen')const input_text = process.argv[2];
const output_text = process.argv[3];const data = fs.readFileSync(input_text);
const ast = JSON.parse(data.toString());
const code = escodegen.generate(ast, {format: {compact: true,escapeless: true}
});
fs.writeFileSync(output_text, code);

二. 获取混淆JS文件

直接用python请求目标网址,不带请求头,就可以拿到混淆过后的JS文件

# my_spider.py
import copy
import json
import os
import sysimport requests
import config
import execjsdef get_02_ob_js():res = requests.get(f'{config.host}/match/2')with open('./02_ob.js', 'wb') as f:f.write(res.content[8:-9])os.system('node JsToJson 02_ob.js 02_ob.json')# 总文件分为6个部分,将前三个与后三个部分拆开with open('./02_ob.json', 'r', encoding='utf8') as f:node = json.loads(f.read())left_3_node = {'type': 'Program','body': node['body'][:3],'sourceType': 'script'}right_3_node = {'type': 'Program','body': node['body'][3:],'sourceType': 'script'}with open('02_ob_left_3.json', 'w', encoding='utf8') as f1, open('02_ob_right_3.json', 'w', encoding='utf8') as f2:f1.write(json.dumps(left_3_node))f2.write(json.dumps(right_3_node))os.system('node JsonToJs 02_ob_left_3.json 02_ob_left_3.js')os.system('node JsonToJs 02_ob_right_3.json 02_ob_right_3.js')

将JS文件,放进 AST 在线结构解析中可以发现,整个JS文件分为6个部分

序号 作用
1 大数组
2 自执行还原大数组
3 解密函数组
4 原函数体
5 检测函数
6 定时启动检测函数

大致上来看是一种ob混淆的变形,通过分析如下图

在函数调用还原前,字符串被提取了出来,所以相对于ob混淆多了一个步骤

  1. 字符串与数字回填

  2. 函数调用还原

  3. 对象调用还原

  4. 分支流程判断

  5. 控制流平坦化

每一步的详细过程,将在之后的文章中写出,因为篇幅很长,准备做成一个系列专题,每步一篇文章

将上面5步最后剩余的代码经过手动删减(剔除影响调试的代码,暴露接口)之后,

得到以下可使用python 直接调用的代码:

调用方式:

# my_spider.py
def get_m():with open('02_ob_sort_reload.js', 'r', encoding='utf8') as f:data = f.read()value = execjs.eval(data)print(value)return value

附件:

最后的JS 文件内容

// 02_ob_sort_reload.js
(function $dbsm_0x37d29a() {function _0x112208(_0x5b69d8, _0x3de4a1) {{_0x448c2f = (65535 & _0x5b69d8) + (65535 & _0x3de4a1);return (_0x5b69d8 >> 16) + (_0x3de4a1 >> 16) + (_0x448c2f >> 16) << 16 | 65535 & _0x448c2f;}}function _0x101700(_0x19c5f2, _0x40c04f) {{return _0x19c5f2 << _0x40c04f | _0x19c5f2 >>> 32 - _0x40c04f;}}function _0x4d9052(_0x2ad611, _0x12667c, _0x4e5444, _0x21c32c, _0x2ca7da, _0x44626f) {;{return _0x112208(_0x101700(_0x112208(_0x112208(_0x12667c, _0x2ad611), _0x112208(_0x21c32c, _0x44626f)), _0x2ca7da), _0x4e5444);}}function _0x5624ba(_0x173d50, _0x1eb601, _0x3e80e6, _0x27ae79, _0x196272, _0x352dd6, _0x315a43) {{return _0x4d9052(_0x1eb601 & _0x3e80e6 | ~_0x1eb601 & _0x27ae79, _0x173d50, _0x1eb601, _0x196272, _0x352dd6, _0x315a43);}}function _0x2d8b1d(_0x32a9d0, _0x585bb5, _0x19b9f2, _0x53bbfb, _0x1cbfed, _0x34200c, _0x5135ca) {;{return _0x4d9052(_0x585bb5 & _0x53bbfb | _0x19b9f2 & ~_0x53bbfb, _0x32a9d0, _0x585bb5, _0x1cbfed, _0x34200c, _0x5135ca);}}function _0x21cf21(_0x5f0db4, _0x560b61) {;{_0x45ae5c = [99, 111, 110, 115, 111, 108, 101], _0x7cdad8 = '';for (_0x5d58e6 = 0; _0x5d58e6 < _0x45ae5c['length']; _0x5d58e6++) {{_0x7cdad8 += String['fromCharCode'](_0x45ae5c[_0x5d58e6]);}}return _0x7cdad8;}}function _0x3316ae(_0x5c1f3b, _0xdee360, _0x251700, _0x2a047e, _0x4ea0af, _0x62d9e8, _0x1edd4c) {;{return _0x4d9052(_0xdee360 ^ _0x251700 ^ _0x2a047e, _0x5c1f3b, _0xdee360, _0x4ea0af, _0x62d9e8, _0x1edd4c);}}function _0x160619(_0x2afda5, _0x4cf1da, _0x354d4e, _0x2c2702, _0x4b938d, _0x58d9fb, _0x5b82c0) {{return _0x4d9052(_0x354d4e ^ (_0x4cf1da | ~_0x2c2702), _0x2afda5, _0x4cf1da, _0x4b938d, _0x58d9fb, _0x5b82c0);}}function _0x1a8c0e(_0x4b49f3, _0x31923d, _0xbd3204, _0x693550, _0x540797, _0x5dacc8, _0x22f03d, _0x5b3e7f, _0x2ee10b, _0x30b068, _0x3a35a4) {;{_0x4b49f3[_0x31923d >> 5] |= 128 << _0x31923d % 32, _0x4b49f3[14 + (_0x31923d + 64 >>> 9 << 4)] = _0x31923d;_0x5b3e7f = 1732584193, _0x2ee10b = -271733879, _0x30b068 = -1732584194, _0x3a35a4 = _0x5b3e7f - 1460850315;for (_0xbd3204 = 0; _0xbd3204 < _0x4b49f3['length']; _0xbd3204 += 16) _0x693550 = _0x5b3e7f, _0x540797 = _0x2ee10b, _0x5dacc8 = _0x30b068, _0x22f03d = _0x3a35a4, _0x5b3e7f = _0x5624ba(_0x5b3e7f, _0x2ee10b, _0x30b068, _0x3a35a4, _0x4b49f3[_0xbd3204], 7, -680876936), _0x3a35a4 = _0x5624ba(_0x3a35a4, _0x5b3e7f, _0x2ee10b, _0x30b068, _0x4b49f3[_0xbd3204 + 1], 12, -389564586), _0x30b068 = _0x5624ba(_0x30b068, _0x3a35a4, _0x5b3e7f, _0x2ee10b, _0x4b49f3[_0xbd3204 + 2], 17, 606105819), _0x2ee10b = _0x5624ba(_0x2ee10b, _0x30b068, _0x3a35a4, _0x5b3e7f, _0x4b49f3[_0xbd3204 + 3], 22, -1044525330), _0x5b3e7f = _0x5624ba(_0x5b3e7f, _0x2ee10b, _0x30b068, _0x3a35a4, _0x4b49f3[_0xbd3204 + 4], 7, -176418897), _0x3a35a4 = _0x5624ba(_0x3a35a4, _0x5b3e7f, _0x2ee10b, _0x30b068, _0x4b49f3[_0xbd3204 + 5], 12, 1200080426), _0x30b068 = _0x5624ba(_0x30b068, _0x3a35a4, _0x5b3e7f, _0x2ee10b, _0x4b49f3[_0xbd3204 + 6], 17, -1473231341), _0x2ee10b = _0x5624ba(_0x2ee10b, _0x30b068, _0x3a35a4, _0x5b3e7f, _0x4b49f3[_0xbd3204 + 7], 22, -45705983), _0x5b3e7f = _0x5624ba(_0x5b3e7f, _0x2ee10b, _0x30b068, _0x3a35a4, _0x4b49f3[_0xbd3204 + 8], 7, 1770010416), _0x3a35a4 = _0x5624ba(_0x3a35a4, _0x5b3e7f, _0x2ee10b, _0x30b068, _0x4b49f3[_0xbd3204 + 9], 12, -1958414417), _0x30b068 = _0x5624ba(_0x30b068, _0x3a35a4, _0x5b3e7f, _0x2ee10b, _0x4b49f3[_0xbd3204 + 10], 17, -42063), _0x2ee10b = _0x5624ba(_0x2ee10b, _0x30b068, _0x3a35a4, _0x5b3e7f, _0x4b49f3[_0xbd3204 + 11], 22, -1990404162), _0x5b3e7f = _0x5624ba(_0x5b3e7f, _0x2ee10b, _0x30b068, _0x3a35a4, _0x4b49f3[_0xbd3204 + 12], 7, 1804603682), _0x3a35a4 = _0x5624ba(_0x3a35a4, _0x5b3e7f, _0x2ee10b, _0x30b068, _0x4b49f3[_0xbd3204 + 13], 12, -40341101), _0x30b068 = _0x5624ba(_0x30b068, _0x3a35a4, _0x5b3e7f, _0x2ee10b, _0x4b49f3[_0xbd3204 + 14], 17, -1502882290), _0x2ee10b = _0x5624ba(_0x2ee10b, _0x30b068, _0x3a35a4, _0x5b3e7f, _0x4b49f3[_0xbd3204 + 15], 22, 1236535329), _0x5b3e7f = _0x2d8b1d(_0x5b3e7f, _0x2ee10b, _0x30b068, _0x3a35a4, _0x4b49f3[_0xbd3204 + 1], 5, -165796510), _0x3a35a4 = _0x2d8b1d(_0x3a35a4, _0x5b3e7f, _0x2ee10b, _0x30b068, _0x4b49f3[_0xbd3204 + 6], 9, -1069501632), _0x30b068 = _0x2d8b1d(_0x30b068, _0x3a35a4, _0x5b3e7f, _0x2ee10b, _0x4b49f3[_0xbd3204 + 11], 14, 643717713), _0x2ee10b = _0x2d8b1d(_0x2ee10b, _0x30b068, _0x3a35a4, _0x5b3e7f, _0x4b49f3[_0xbd3204], 20, -373897302), _0x5b3e7f = _0x2d8b1d(_0x5b3e7f, _0x2ee10b, _0x30b068, _0x3a35a4, _0x4b49f3[_0xbd3204 + 5], 5, -701558691), _0x3a35a4 = _0x2d8b1d(_0x3a35a4, _0x5b3e7f, _0x2ee10b, _0x30b068, _0x4b49f3[_0xbd3204 + 10], 9, 38016083), _0x30b068 = _0x2d8b1d(_0x30b068, _0x3a35a4, _0x5b3e7f, _0x2ee10b, _0x4b49f3[_0xbd3204 + 15], 14, -660478335), _0x2ee10b = _0x2d8b1d(_0x2ee10b, _0x30b068, _0x3a35a4, _0x5b3e7f, _0x4b49f3[_0xbd3204 + 4], 20, -405537848), _0x5b3e7f = _0x2d8b1d(_0x5b3e7f, _0x2ee10b, _0x30b068, _0x3a35a4, _0x4b49f3[_0xbd3204 + 9], 5, 568446438), _0x3a35a4 = _0x2d8b1d(_0x3a35a4, _0x5b3e7f, _0x2ee10b, _0x30b068, _0x4b49f3[_0xbd3204 + 14], 9, -1019803690), _0x30b068 = _0x2d8b1d(_0x30b068, _0x3a35a4, _0x5b3e7f, _0x2ee10b, _0x4b49f3[_0xbd3204 + 3], 14, -187363961), _0x2ee10b = _0x2d8b1d(_0x2ee10b, _0x30b068, _0x3a35a4, _0x5b3e7f, _0x4b49f3[_0xbd3204 + 8], 20, 1163531501), _0x5b3e7f = _0x2d8b1d(_0x5b3e7f, _0x2ee10b, _0x30b068, _0x3a35a4, _0x4b49f3[_0xbd3204 + 13], 5, -1444681467), _0x3a35a4 = _0x2d8b1d(_0x3a35a4, _0x5b3e7f, _0x2ee10b, _0x30b068, _0x4b49f3[_0xbd3204 + 2], 9, -51403784), _0x30b068 = _0x2d8b1d(_0x30b068, _0x3a35a4, _0x5b3e7f, _0x2ee10b, _0x4b49f3[_0xbd3204 + 7], 14, 1735328473), _0x2ee10b = _0x2d8b1d(_0x2ee10b, _0x30b068, _0x3a35a4, _0x5b3e7f, _0x4b49f3[_0xbd3204 + 12], 20, -1926607734), _0x5b3e7f = _0x3316ae(_0x5b3e7f, _0x2ee10b, _0x30b068, _0x3a35a4, _0x4b49f3[_0xbd3204 + 5], 4, -378558), _0x3a35a4 = _0x3316ae(_0x3a35a4, _0x5b3e7f, _0x2ee10b, _0x30b068, _0x4b49f3[_0xbd3204 + 8], 11, -2022574463), _0x30b068 = _0x3316ae(_0x30b068, _0x3a35a4, _0x5b3e7f, _0x2ee10b, _0x4b49f3[_0xbd3204 + 11], 16, 1839030562), _0x2ee10b = _0x3316ae(_0x2ee10b, _0x30b068, _0x3a35a4, _0x5b3e7f, _0x4b49f3[_0xbd3204 + 14], 23, -35309556), _0x5b3e7f = _0x3316ae(_0x5b3e7f, _0x2ee10b, _0x30b068, _0x3a35a4, _0x4b49f3[_0xbd3204 + 1], 4, -1530992060), _0x3a35a4 = _0x3316ae(_0x3a35a4, _0x5b3e7f, _0x2ee10b, _0x30b068, _0x4b49f3[_0xbd3204 + 4], 11, 1272893353), _0x30b068 = _0x3316ae(_0x30b068, _0x3a35a4, _0x5b3e7f, _0x2ee10b, _0x4b49f3[_0xbd3204 + 7], 16, -155497632), _0x2ee10b = _0x3316ae(_0x2ee10b, _0x30b068, _0x3a35a4, _0x5b3e7f, _0x4b49f3[_0xbd3204 + 10], 23, -1094730640), _0x5b3e7f = _0x3316ae(_0x5b3e7f, _0x2ee10b, _0x30b068, _0x3a35a4, _0x4b49f3[_0xbd3204 + 13], 4, 681279174), _0x3a35a4 = _0x3316ae(_0x3a35a4, _0x5b3e7f, _0x2ee10b, _0x30b068, _0x4b49f3[_0xbd3204], 11, -358537222), _0x30b068 = _0x3316ae(_0x30b068, _0x3a35a4, _0x5b3e7f, _0x2ee10b, _0x4b49f3[_0xbd3204 + 3], 16, -722521979), _0x2ee10b = _0x3316ae(_0x2ee10b, _0x30b068, _0x3a35a4, _0x5b3e7f, _0x4b49f3[_0xbd3204 + 6], 23, 76029189), _0x5b3e7f = _0x3316ae(_0x5b3e7f, _0x2ee10b, _0x30b068, _0x3a35a4, _0x4b49f3[_0xbd3204 + 9], 4, -640364487), _0x3a35a4 = _0x3316ae(_0x3a35a4, _0x5b3e7f, _0x2ee10b, _0x30b068, _0x4b49f3[_0xbd3204 + 12], 11, -421815835), _0x30b068 = _0x3316ae(_0x30b068, _0x3a35a4, _0x5b3e7f, _0x2ee10b, _0x4b49f3[_0xbd3204 + 15], 16, 530742520), _0x2ee10b = _0x3316ae(_0x2ee10b, _0x30b068, _0x3a35a4, _0x5b3e7f, _0x4b49f3[_0xbd3204 + 2], 23, -995338651), _0x5b3e7f = _0x160619(_0x5b3e7f, _0x2ee10b, _0x30b068, _0x3a35a4, _0x4b49f3[_0xbd3204], 6, -198630844), _0x3a35a4 = _0x160619(_0x3a35a4, _0x5b3e7f, _0x2ee10b, _0x30b068, _0x4b49f3[_0xbd3204 + 7], 10, 1126891415), _0x30b068 = _0x160619(_0x30b068, _0x3a35a4, _0x5b3e7f, _0x2ee10b, _0x4b49f3[_0xbd3204 + 14], 15, -1416354905), _0x2ee10b = _0x160619(_0x2ee10b, _0x30b068, _0x3a35a4, _0x5b3e7f, _0x4b49f3[_0xbd3204 + 5], 21, -57434055), _0x5b3e7f = _0x160619(_0x5b3e7f, _0x2ee10b, _0x30b068, _0x3a35a4, _0x4b49f3[_0xbd3204 + 12], 6, 1700485571), _0x3a35a4 = _0x160619(_0x3a35a4, _0x5b3e7f, _0x2ee10b, _0x30b068, _0x4b49f3[_0xbd3204 + 3], 10, -1894986606), _0x30b068 = _0x160619(_0x30b068, _0x3a35a4, _0x5b3e7f, _0x2ee10b, _0x4b49f3[_0xbd3204 + 10], 15, -1051523), _0x2ee10b = _0x160619(_0x2ee10b, _0x30b068, _0x3a35a4, _0x5b3e7f, _0x4b49f3[_0xbd3204 + 1], 21, -2054922799), _0x5b3e7f = _0x160619(_0x5b3e7f, _0x2ee10b, _0x30b068, _0x3a35a4, _0x4b49f3[_0xbd3204 + 8], 6, 1873313359), _0x3a35a4 = _0x160619(_0x3a35a4, _0x5b3e7f, _0x2ee10b, _0x30b068, _0x4b49f3[_0xbd3204 + 15], 10, -30611744), _0x30b068 = _0x160619(_0x30b068, _0x3a35a4, _0x5b3e7f, _0x2ee10b, _0x4b49f3[_0xbd3204 + 6], 15, -1560198380), _0x2ee10b = _0x160619(_0x2ee10b, _0x30b068, _0x3a35a4, _0x5b3e7f, _0x4b49f3[_0xbd3204 + 13], 21, 1309151649), _0x5b3e7f = _0x160619(_0x5b3e7f, _0x2ee10b, _0x30b068, _0x3a35a4, _0x4b49f3[_0xbd3204 + 4], 6, -145523070), _0x3a35a4 = _0x160619(_0x3a35a4, _0x5b3e7f, _0x2ee10b, _0x30b068, _0x4b49f3[_0xbd3204 + 11], 10, -1120210379), _0x30b068 = _0x160619(_0x30b068, _0x3a35a4, _0x5b3e7f, _0x2ee10b, _0x4b49f3[_0xbd3204 + 2], 15, 718787259), _0x2ee10b = _0x160619(_0x2ee10b, _0x30b068, _0x3a35a4, _0x5b3e7f, _0x4b49f3[_0xbd3204 + 9], 21, -343485441), _0x5b3e7f = _0x112208(_0x5b3e7f, _0x693550), _0x2ee10b = _0x112208(_0x2ee10b, _0x540797), _0x30b068 = _0x112208(_0x30b068, _0x5dacc8), _0x3a35a4 = _0x112208(_0x3a35a4, _0x22f03d);return [_0x5b3e7f, _0x2ee10b, _0x30b068, _0x3a35a4];}}function _0xb8fd83(_0x28b0d4) {;{_0x18d4aa = '', _0x630f0 = 32 * _0x28b0d4['length'];for (_0x24362f = 0; _0x24362f < _0x630f0; _0x24362f += 8) _0x18d4aa += String['fromCharCode'](_0x28b0d4[_0x24362f >> 5] >>> _0x24362f % 32 & 255);return _0x18d4aa;}}function _0x44ecf2(_0x12f7d8) {;{var _0x4a27a3 = [];for (_0x4a27a3[(_0x12f7d8['length'] >> 2) - 1] = void 0, _0x4d24a7 = 0; _0x4d24a7 < _0x4a27a3['length']; _0x4d24a7 += 1) _0x4a27a3[_0x4d24a7] = 0;var _0x4fa8f0 = 8 * _0x12f7d8['length'];for (_0x4d24a7 = 0; _0x4d24a7 < _0x4fa8f0; _0x4d24a7 += 8) _0x4a27a3[_0x4d24a7 >> 5] |= (255 & _0x12f7d8['charCodeAt'](_0x4d24a7 / 8)) << _0x4d24a7 % 32;return _0x4a27a3;}}function _0x57fdd5(_0x2ace3b) {{return _0xb8fd83(_0x1a8c0e(_0x44ecf2(_0x2ace3b), 8 * _0x2ace3b['length']));}}function _0x3781b2(_0x5802aa, _0x324521, _0x33c9ff, _0x5d4f74, _0x344078, _0x385415, _0x160dd3, _0x61f2ad, _0x5a2d55, _0x47bfff) {{_0x1548fd = '0123456789abcdef', _0x54f778 = '';for (_0x5da9b5 = 0; _0x5da9b5 < _0x5802aa['length']; _0x5da9b5 += 1) _0xd26743 = _0x5802aa['charCodeAt'](_0x5da9b5), _0x54f778 += _0x1548fd['charAt'](_0xd26743 >>> 4 & 15) + _0x1548fd['charAt'](15 & _0xd26743);return _0x54f778;}}function _0x45dccd(_0x5b4c95) {{return unescape(encodeURIComponent(_0x5b4c95));}}function _0x443ca7(_0x48561e) {;{return _0x57fdd5(_0x45dccd(_0x48561e));}}function _0x184fb0(_0x49a1f3) {;{return _0x3781b2(_0x443ca7(_0x49a1f3));}}function _0x313b78(_0x575158, _0x1fa91a, _0x1cf5de) {{return _0x1fa91a ? _0x1cf5de ? _0x21cf21(_0x1fa91a, _0x575158) : y(_0x1fa91a, _0x575158) : _0x1cf5de ? _0x443ca7(_0x575158) : _0x184fb0(_0x575158);}}function _0xdad69f(_0x160e3a, _0x3818c5) {{return 'm' + '=' + _0x313b78(_0x160e3a) + '|' + _0x160e3a;}}function _0x3e5ed0(_0x133a8b, _0x27a18b) {{return Date['parse'](new Date());}}return _0xdad69f(_0x3e5ed0());
}())

猿人学第二题,手撕OB混淆给你看(Step1-开篇)相关推荐

  1. 猿人学第二题,手撕OB混淆给你看(step06-控制流平坦化)

    前情回顾: 猿人学第二题,手撕OB混淆给你看(Step1-开篇) 猿人学第二题,手撕OB混淆给你看(step2-字符串数字回填) 猿人学第二题,手撕OB混淆给你看(step3-函数调用还原) 猿人学第 ...

  2. 猿人学试题(非常简单js混淆、雪碧图、样式干扰 css加密、js混淆源码乱码、js混淆动态cookie、访问逻辑)

    学习目标: python学习-猿人学试题 学习内容: 1.非常简单js混淆 2.雪碧图.样式干扰 css加密 3.js混淆源码乱码 4.js混淆动态cookie 5.访问逻辑 1.非常简单js混淆 试 ...

  3. 猿人学第一题超详细-JS逆向过程

    转自 [ 不止于python ] 目标网站 https://match.yuanrenxue.com/match/1 目标要求 抓取所有(5页)机票的价格,并计算所有机票价格的平均值,填入答案. 网站 ...

  4. 机器学习必刷题-手撕推导篇(2):BP算法推导

    本系列文章对常见的机器学习面试题进行了搜集.分类和整理,主要包括"手撕推导篇"."模型比较篇"."工程经验篇"以及"基础概念篇&q ...

  5. WASM进阶-猿人学第二十题

    目标是 sign 参数的生成,直接搜 进入sign函数内部查看 这里 _index_bg_wasm__WEBPACK_IMPORTED_MODULE_0__ 名字很长,其实就是 wasm 模块的意思 ...

  6. js逆向案例-猿人学比赛题(中等及以下难度的)

    目录 1.注意 1.js混淆-源码乱码尝试hook window属性 2.js混淆-动态cookie 3.请求头顺序与请求规律检测 4.css样式style偏移干扰 5.js混淆-用hook定位与埋坑 ...

  7. 《封号码罗》关于js逆向猿人学第一题m值的获取[纯补环境](二十四)

    网上有很多资料,包括视频都讲解了m值的生成方式,但是我自己总是看过之后,有很多疑惑,所以我自己再总结一遍. 抓包看看请求 m值得生成位置 用AST简单解混淆一下,源码就是整个混淆的js复制到本地文件 ...

  8. [007]爬虫系列 | 猿人学爬虫攻防大赛 | 第二题: js 混淆 - 动态Cookie

    一.题目 链接: <猿人学爬虫攻防大赛 | 第二题: js 混淆 - 动态Cookie> 二.分析 按照以往习惯,我们先按F12打开控制台,Network抓包,勾选preserve log ...

  9. AST反混淆实战:猿人学爬虫比赛第二题详细题解

    缘起 应星友要求,写下此文,哎,有钱能使鬼推磨. 实战地址: http://match.yuanrenxue.com/match/2 抓包分析 由于谷歌浏览器某些请求不会显示,建议使用火狐浏览器来抓包 ...

  10. 猿人学题库第一题——无混淆js加密

    猿人学题库第一题--无混淆js加密 1.  首先 进入 浏览器的开发者工具, 进入后直接 查看请求,可以找到 一个 json?page=1&count=14 的网址,查看response 就是 ...

最新文章

  1. 软件开发人员能力模型
  2. Python攻克之路-random模块
  3. Citrix xenapp
  4. AngularDart4.0 指南- 显示数据
  5. 文献记录(part57)--半监督学习方法
  6. java字符串拼接例子_Java详解【String】+【StringBuilder vs StringBuffer】+【字符串拼接】...
  7. 程序员的春天来了,赏花去!说走就走
  8. ACL2020 奇葩论文标题大赏
  9. Http协议--Get和Post区别
  10. 将sql 结果导出到文件
  11. Spring学习之旅(一):Bean的基础装配
  12. php调用第三方接口代码,PHP接口编程——调用第三方接口获取天气
  13. 在win7上对ipad录屏
  14. 智慧路灯解决方案-最新全套文件
  15. linux网络使用情况分析工具
  16. [JavaScript]45 Fresh Useful JavaScript and jQuery Techniques and Tools
  17. 霍纳法则c语言算法代码,霍纳法则(Horner Rule)介绍及C语言实现
  18. 对异地工作的一些看法
  19. 谈古论津丨天津杨柳青年画为何要用娃娃作主题?
  20. 关于DAG共识的调研

热门文章

  1. GJB用于试验的计算机软件,GJB9001C-2017版标准培训课件(最新修正版).ppt
  2. 飞机大战(源码+素材)
  3. 如何把几张图片合成一个pdf?
  4. 阿里巴巴编码规范认证之步骤详解
  5. android开发动画和壁纸,Android静态壁纸和动态壁纸的使用和理解
  6. MOOC 研究生学术与职业素养 课后答案
  7. JS实现文件的上传与下载
  8. android sdk的封装,Android封装SDK的使用
  9. linux卸载apache服务器,centos 7 安装卸载apache(httpd)服务的详细步骤
  10. 计算机键盘无法使用 怎么办,电脑键盘失灵怎么办?4个小技巧解决电脑键盘失灵问题...