Direct manual decryption, more simple than imagined, took less than half an hour to get out.
The most critical part of JS solution obfuscation:
L eval or document.write, VBS EXECUTE, EXECSCRIPT, etc. functions that can run JS
L Unescape
JS confusion generally has several methods:
1. Transform the code into hex form code through escape, so that people can not understand
2. The code for simple reversible encryption, and then provide a decryption function, through the decryption function to solve the code, and such as Eval call to the code to the JS engine run.
3. Filter out the comments and spaces in the code, modify the name of the internal function/internal variable in the JS code, and modify it into very difficult numbers or confusing strings such as the number 0 and the letter O mixed string, making it difficult to identify.
A more advanced approach, naturally, is to combine the above several methods.
So the way to restore is
1.%xx the visible string of strings with unescape
2. Find an eval or similar interpretation function entry
3. Find out the parameter string of the incoming eval
4. If these strings are also hex form, solve them with unescape
5. Loop 2-4 process until all code is found
6. It is likely that there are still some variables that are used in the solution, and that these variables are large strings, in which case the strings should be the encrypted source code. Insert the code at the last appropriate place of their function, displaying the decrypted string and then getting the source.
The most noticeable thing here is to see the variable name, the decryption part of the code is a lot of similar to the 000O, 0o00, such as the addition of names, see the real names of these variables.
Note You want to keep the order of functions and variable declarations and definitions, avoiding the fact that the function or variable cannot be found because of the move location.
In addition, the obfuscation tool will also add a lot of garbage code inside the code, you can delete it.
If the more powerful the obfuscation tool, you can also insert some useful code in the generated code similar to garbage code, for the following garbled function to provide some variables, such as decryption key and so on, so pay attention to the order of the code can not be messed up, if not confirm is not the garbage code, save first.
It looks like Method 3 is the simplest and the most retarded, but in fact this method has the greatest impact on us, and trying to read code that has no annotations, is in a messy format and has a bunch of hash names is a nightmare for any normal person. However, it is estimated that the "internal" standard is not very well judged, and some obfuscation tools do not provide such a function.
another: To solve the Web page encryption
In the address bar or press Ctrl+o, enter:
Copy Code code as follows:
Javascript:s=document.documentelement.outerhtml;document.write (' <body></body> '); Document.body.innertext=s;
The source code comes out. No matter how complex encryption is, it will eventually revert to the HTML code that the browser can parse, and documentelement.outerhtml is the end result.
