Nascondere (offuscamento) Javascript [chiuso]

Question

Nascondere (offuscamento) Javascript [chiuso]

#1 da (9 voti)
#2 da (5 voti)

0

Quindi ho sentito che l'offuscamento del java script è inutile e una perdita di tempo perché chiunque abbia un po 'di abilità può decodificare il tuo codice. Quindi voglio testarlo. Questo codice mostrerà una finestra di avviso che dice hey se lo si esegue. Ma c'è più codice di quello lì dentro. Quindi, qui il codice viene nascosto più volte in grado di decodificarlo?

eval(function(e,r,n,c,t,i){if(t=function(e){return(r>e?"":t(e/r))+String.fromCharCode(e%r+161)},!"".replace(/^/,String)){for(;n--;)i[t(n)]=c[n]||t(n);c=[function(e){return i[e]}],t=function(){return"[¡-ÿ]+"},n=1}for(;n--;)c[n]&&(e=e.replace(RegExp(t(n),"g"),c[n]));return e}("õ(¬(p,a,c,k,e,d){e=¬(c){³ c};º(!''.Í(/^/,Ö)){¾(c--){d[c]=k[c]||c}k=[¬(e){³ d[e]}];e=¬(){³'\\w+'};c=1};¾(c--){º(k[c]){p=p.Í(ö ð('\\b'+e(c)+'\\b','g'),k[c])}}³ p}('¢«(µ(¥,¤,¡,£,¢,§){¢=µ(¡){¶(¡<¤?\'\':¢(Ý(¡/¤)))+((¡=¡%¤)>ò?Á.ÿ(¡+Ä):¡.â(ã))};È(!\'\'.¼(/^/,Á)){Ì(¡--){§[¢(¡)]=£[¡]||¢(¡)}£=[µ(¢){¶ §[¢]}];¢=µ(){¶\'\\\\©+\'};¡=1};Ì(¡--){È(£[¡]){¥=¥.¼(¢¤ ø(\'\\\\¦\'+¢(¡)+\'\\\\¦\',\'ª\'),£[¡])}}¶ ¥}(\'÷(²(¥,¤,¡,£,¢,¨){¢=²(¡){´(¡<¤?\\\'\\\':¢(ù(¡/¤)))+((¡=¡%¤)>ú?Ê.û(¡+Ä):¡.ô(ó))};Â(!\\\'\\\'.¹(/^/,Ê)){Ã(¡--)¨[¢(¡)]=£[¡]||¢(¡);£=[²(¢){´ ¨[¢]}];¢=²(){´\\\'\\\\\\\\©+\\\'};¡=1};Ã(¡--)Â(£[¡])¥=¥.¹(ü ¢¨(\\\'\\\\\\\\¦\\\'+¢(¡)+\\\'\\\\\\\\¦\\\',\\\'ª\\\'),£[¡]);´ ¥}(\\\'è(«(¥,¤,¡,£,¢,¨){¢=«(¡){(¡<¤?\\\\\\\'\\\\\\\':¢(í(¡/¤)))+((¡=¡%¤)>Þ?Ë.Ó(¡+Ô):¡.Õ(Û))};Ç(!\\\\\\\'\\\\\\\'.Æ(/^/,Ë)){É(¡--)¨[¢(¡)]=£[¡]||¢(¡);£=[«(¢){ ¨[¢]}];¢=«(){\\\\\\\'\\\\\\\\\\\\\\\\©+\\\\\\\'};¡=1};É(¡--)Ç(£[¡])¥=¥.Æ(Ù ¢¡(\\\\\\\'\\\\\\\\\\\\\\\\¦\\\\\\\'+¢(¡)+\\\\\\\'\\\\\\\\\\\\\\\\¦\\\\\\\',\\\\\\\'ª\\\\\\\'),£[¡]); ¥}(\\\\\\\'î(¯(¥,¤,¡,£,¢,§){¢=¯(¡){°(¡<¤?\\\\\\\\\\\\\\\'\\\\\\\\\\\\\\\':¢(ë(¡/¤)))+((¡=¡%¤)>×?¿.Ú(¡+Ò):¡.¢£(é))};½(!\\\\\\\\\\\\\\\'\\\\\\\\\\\\\\\'.À(/^/,¿)){»(¡--){§[¢(¡)]=£[¡]||¢(¡)}£=[¯(¢){° §[¢]}];¢=¯(){°\\\\\\\\\\\\\\\'\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\©+\\\\\\\\\\\\\\\'};¡=1};»(¡--){½(£[¡]){¥=¥.À(¢¬ ¢¢(\\\\\\\\\\\\\\\'\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\¦\\\\\\\\\\\\\\\'+¢(¡)+\\\\\\\\\\\\\\\'\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\¦\\\\\\\\\\\\\\\',\\\\\\\\\\\\\\\'ª\\\\\\\\\\\\\\\'),£[¡])}}° ¥}(\\\\\\\\\\\\\\\'¢§(®(¥,¤,¡,£,¢,§){¢=®(¡){±(¡<¤?\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\':¢(¢³(¡/¤)))+((¡=¡%¤)>¢´?Å.¢²(¡+¢±):¡.¢¦(ý))};Ï(!\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'.Ñ(/^/,Å)){Î(¡--){§[¢(¡)]=£[¡]||¢(¡)}£=[®(¢){± §[¢]}];¢=®(){±\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\©+\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'};¡=1};Î(¡--){Ï(£[¡]){¥=¥.Ñ(ñ ï(\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\¦\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'+¢(¡)+\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\¦\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\',\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'ª\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'),£[¡])}}± ¥}(\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'¢®(·(¥,¤,¡,£,¢,§){¢=·(¡){¸ ¡.Ð(¢¯)};æ(!\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'.á(/^/,¢¸)){ç(¡--){§[¡.Ð(¤)]=£[¡]||¡.Ð(¤)}£=[·(¢){¸ §[¢]}];¢=·(){¸\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\©+\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'};¡=1};ç(¡--){æ(£[¡]){¥=¥.á(¢½ ¢Ù(\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\¦\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'+¢(¡)+\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\¦\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\',\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'ª\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'),£[¡])}}¸ ¥}(\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'5 2=[\"\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\9\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\4\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\8\",\"\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\7\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\6\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\4\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\¡\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\¤\"];5 3=[2[0],2[1]];¦[3[1]](3[0]);\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\',ä,ä,\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'||¢¾|¢Ö|¢×|¢Ø|¢Þ|¨|¢ß|¢Å|¢Æ|¢Ç|¢À\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'.¢Á(\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'|\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'),0,{}))\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\',¢¥,¢¥,\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'|||||||||||||||®||±|¢¦|Î||Ñ|Ï|¢Õ|¢Í||¢Ì|¢Ë|¢Ê|¢Î|¢©|ï||ñ|Å|¢Ï|¢Ò|¢Ñ|à|¢Ð|ý|¢É|¢§\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'.¢©(\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'|\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'),0,{}))\\\\\\\\\\\\\\\',¢È,¢Â,\\\\\\\\\\\\\\\'|||||||||||||||||||||||||||||||||||||||||||¯|°|½|¿|À|»|¢¿|¢¢|î|¢£|¢¬|ì|é|¢Ã|¢Ä|×|Ú|¢Ó|Ò|¢Ô|¢â|¢á||¢à|¢ã|¢ä|¢ç|ë|¢æ\\\\\\\\\\\\\\\'.ì(\\\\\\\\\\\\\\\'|\\\\\\\\\\\\\\\'),0,{}))\\\\\\\',þ,¢å,\\\\\\\'||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||«||Ë|Ç|Æ|É|è|í|Þ|Ó|Ô|Õ|Û|Ù|¢¡|Ø|þ|¢Ú|¢Ý|¢Ü|¢Û|¢è|¢·|¢¹|¢º|¢¼|¢»|¢¶|¢|¢µ\\\\\\\'.Ø(\\\\\\\'|\\\\\\\'),0,{}))\\\',¢ª,¢°,\\\'||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||²|´|Ê|Â|¹|Ã|÷|ù|ú|û|Ä|ô|ó|ü|¢¨|¢ª|ß|¤ª|£ß|£à|£Þ|£Ý|£Û|£Ü|£á|¢é|£â|£ç|£è|£æ|£å\\\'.ß(\\\'|\\\'),0,{}))\',å,£ã,\'||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||¶|µ|¼|Ì|Á|È|â|ã|å|¢¤|ÿ|¢«|ê|ò|ø|Ý|£ä|£Ú|£Ù|£Ï|£Ð|£Î|£Í|£Ë|£Ì|£Ñ|£Ò|£×|£Ø|£Ö|£Õ\'.ê(\'|\'),0,{}))',à,£Ó,'||||||||||||||||||||||||||||||c|e|k|p|a|||b|d|r|g|w|H||£Ô|£é|£ê|£ÿ|I|¬|¤¡|³|£þ|f|h|K|£ý|£û|£ü|¤¢|¤£|¤¨||¤©|¤§|¤¦|¤¤|¤¥|i|£ú|M|Ö||¾|º|J|L|Í|£ù|£ï|£ð|£î|£í|£ë|£ì|£ñ|£ò|S|Q|O|R|T|N|n|j|m|l|P|£÷|£ø|£ö|£õ||£ó|£ô|£Ê|£É|¢þ|¢ÿ|¢ý|¢ü|¢ú|¢û|£¡|£¢|£§|£¨|£¦|£¥|Ü|ð|õ|ö|££|£¤|¢ù|¢ø|¢î|x|U|v|¢ï|¢í||¢ì|¢ê|Y|¢ë|¢ð|¢ñ|V|¢ö|¢÷|¢õ|¢ô|¢ò|B|C|D|A|F|¢ó|£©|£ª|z|u|£¿|t|s|q|o|£À|£¾|£½|£»||£¼|£Á|G|£Â|£Ç|£È|£Æ|£Å|W|£Ã|X|£Ä|£º|Z|y|E|£¹|£¯|£°|£®|£|£«|£¬|£±|£²|£·|£¸|£¶|£µ|£³|£´'.Ü('|'),0,{}))",95,295,"30|31|32|34|33|37|38|39|41|40|52|function|50|42|45|44|48|46|return|47|49|51|53|54|56|if|60|77|57|while|59|58|71|61|63|29|55|64|66|74|65|69|67|73|replace|70|75|68|76|101|85|83|82|String|99|127|80|100|79|split|118|78|125|10|96|117|36|93|62|95|94|86|103|119|109|108|84|106|89|RegExp|90|35|112|113|eval|new|126|120|124|114|115|110|91|98|123|81|105|107|122|92|88|97|111|87|116|121|104|27|168|181|175|179|176|18|174|28|26|21|180|22|23|25|24|128|150|184|157|155|192|191|194|159|160|158|169|11|17|14|12|16|129|136|140|15|19|170|167|13|149|146|147|130|145|162|153|156|148|154|166|164|163|171|172|173|177|178|20|186|var|2q|window|x65|1U|x74|x68|2z|1W|_0x5424|x79|x6C|x72|x61|2l|2m|2o|2h|2j|1h|1l|1p|2g|2n|fromCharCode|2p|parseInt|toString|2k|2i|_0xd2ba|1Y|2v|2u|2s|2t|2A|1s|2E|2D|2B|2w|1u|2C|1t|1r|2y|1C|1y|1z|1x|1Z|1X|2x|1w|1q|2r|1D|1V|1B|1v|1A|1g|1o|131|135|102|132|151|142|134|144|197|1b|141|143|43|72|138|133|183|182|190|189|193|195|185|188|165|152|137|139|187|161|1a|2b|1O|1L|1P|1S|1Q|1R|1N|1K|1m|1n|1k|1j|1T|1i|1M|2e|1d|1e|2c|1E|2a|1F|1c|1f|1H|1G|1J|1I|2f|2d|196".split("|"),0,{}));

javascript obfuscation

posta Mark 30.06.2015 - 13:17

fonte

2 risposte

Leggi altre domande sui tag javascript obfuscation

La sicurezza di Google Drive è stata compromessa? Tieni traccia del computer rubato della mia ragazza

score 9 · Answer 1

Per dimostrarti che è facile de-offuscare il tuo codice e quindi inutile da offuscare in primo luogo , ti presenterò come ho fatto per de-offuscarlo in un moda rapida e sporca:

Ho preso il tuo codice e ho sostituito il primo "eval" con "console.log". Questo mi ha dato un altro codice (più piccolo) che inizia con "eval". Così ho ripetuto questa procedura 9 volte, poiché il tuo codice è stato oscurato tante volte nello stesso modo. Questo potrebbe essere stato automatizzato, ma non è stato giustificato per il tuo esempio.

Poi ho ricevuto questo codice:

var _0x5424=["\x68\x65\x79","\x61\x6C\x65\x72\x74"];var _0xd2ba=[_0x5424[0],_0x5424[1]];window[_0xd2ba[1]](_0xd2ba[0]);

Che è equivalente a:

var _0x5424 = [ "hey", "alert" ];
var _0xd2ba = [ _0x5424[0], _0x5424[1] ];
window[_0xd2ba[1]](_0xd2ba[0]);

(Un beautifier JS mi ha analizzato "\ x68 \ x65 \ x79".) Questo codice equivale a:

var strings = [ "hey", "alert" ];
var stringsCopy = [ strings[0], strings[1] ]; 
window[stringsCopy[1]](stringsCopy[0]);

Che significa solo:

window["alert"]("hey");

Quale altro modo di scrivere:

alert("hey");

Ecco fatto. È stato facile e non mi considero un esperto di reverse engineering, sono solo uno sviluppatore medio. Come consiglio, non sprecare tempo con l'offuscamento del codice JavaScript, ma ri-architettura la tua applicazione per fare il tuo lavoro sensibile sul lato server.

score 5 · Answer 2

Penso che il tuo 'test' sia ridondante. L'offuscamento non è crittografia ed è completamente possibile de-offuscare anche se richiede un'indagine manuale e molta pazienza. Ci sono molti strumenti là fuori per aiutare e non vi è alcuna ragione logica per cui questo esempio non possa essere ridotto a un blocco più semplice di codice relativamente rapidamente.

Qualunque sforzo per decodificarlo potrebbe essere istruttivo (per loro), ma come test, o dimostrazione di sicurezza o altro, è praticamente una perdita di tempo.