How to parse compressed JS files? Eval (function (P, A, C, K, E, D ){....., {}))

With the popularity of Ajax, we all suddenly understand that javascript can accomplish such a powerful function, and then JavascriptCodeThe more complicated the original, the larger the JS file size, and the increased security risks.

Some common code obfuscation and code compression tools are available on the Internet:

Jsconfusion code obfuscation tool, developed by myself

The javascript compressor code compression tool provides a unique compression ToolAlgorithmLosing weight on JS Code is also an early tool I have seen. It is often used in combination with jsconfusion (of course, obfuscation and compression)

Jsobfuscator is a obfuscation/compression tool with many functions, but the compression performance is not very good. After my tests, sometimes the compressed code cannot run.

These are some of the better tools you have ever seen. If you have also seen some good functional tools, you can add them later ~~~~

Everyone should know this theory: Encryption can be reversed, but obfuscation cannot be reversed.

Hybrid
It can also be called "invert" or "reverse" or "Black and White". It is nothing more than removing indentation, spaces, blank lines, and comments, and changing non-reserved words in the table code to simple letters, symbols, and garbled characters, this is just to increase the reading of the Code.
Read difficulty and increase reading costs. Therefore, anti-obfuscation only replaces variables, methods, attributes, and classes based on your understanding of JavaScript. Of course, you can do this if the code is less than yours.
Project after obfuscation), you will know what is "angry, angry, crazy, crying"

The basic knowledge above is as follows:

Alert ("Welcome idoall.org ");

After being compressed, it looks like the following:

Eval (function (P, A, C, K, E, D) {e = function (c) {return
C}; If (! ''. Replace (/^/, string) {While (c --) d [c] = K [
C] | C; k = [function (e) {return d [
E]}]; E = function () {return '\ W +'}; C = 1}; while (c --) if (K [c]) P = P. replace (New
Regexp ('\ B' + E (c) + '\ B', 'G'), K [c]); Return p} ('3 ("2
1.0 "); ', 'org | idoall | welcome | alert'. Split ('|'), 0 ,{}))

So how can we extract the original text from the compressed code?

No matter what it looks like, it will eventually be recognized, parsed, and executed by the browser. We can track code execution and find the most critical position here ..... P = P. replace (New Regexp ('\ B' + E (c) + '\ B', 'G'), k); Return P

The Variable P here is used to save the final code. We can output the value before the return P to get alert ("Welcome idoall.org ");

The purpose of this article is to answer a netizen's question. By the way, we provide relevant ideas to help you think about it.