JavaScript obfuscation code restoration-JavaScript obfuscation: Using js to assign values

 

In the morning, you need to modify a js file and find that it has been obfuscated. If there is any "source code", and no suitable tool has been found on the internet for anti-obfuscation, you have studied and sorted out the following two methods:

[Method 2 without using tools]

 

Method 1: Use the IE Developer tool (IE 8 has already come with it, and IE Developer Toolbar needs to be downloaded and installed before IE7) for anti-obfuscation. I often use Chrome, but there is no way to use Chrome's built-in developer tools to implement anti-obfuscation... I hope you will be informed of this...

Don't worry, directly

 

 

 

 

Method 2: code implementation (ps. well, as a common resentment among some developers, many developers want to use their own developed things most often, so they can't wait for the OS to go on their own, when I implemented it myself, I implemented method 2 first, and then I used IE again... -_-|)

 

First paste a obfuscated test code

Eval (function (p, a, c, k, e, d) {e = function (c) {return (c <? "": E (parseInt (c/a) + (c = c % a)> 35? String. fromCharCode (c + 29): c. toString (36)}; if (! ''. Replace (/^/, String) {while (c --) d [e (c)] = k [c] | e (c ); k = [function (e) {return d [e]}]; e = function () {return '\ w +'}; c = 1 ;}; while (c --) if (k [c]) p = p. replace (new RegExp ('\ B' + e (c) + '\ B', 'G'), k [c]); return p ;} ('1 ("0-6"); 2 4 () {1 ("0-5")} 8 3 = 2 () {1 ("0-7")}; 4 (); 3 () ', 9, 'Gloomy fit | alert | function | B | a | anti-obfuscation Test 2 | anti-obfuscation Test 1 | anti-obfuscation Test 3 | var '. split ('|'), 0 ,{}))

 

 

Implementation: www.2cto.com

1.create a new webpage xxx.html

2. Add a div container id = "divTest"

3. the most critical step is to execute the Value assignment: (in the obfuscated code above, extract the content in eval () and assign a value (or print it directly) to the document. getElementById ('divtest '). innerText)

Document. getElementById ('divtest'). innerText = function (p, a, c, k, e, d) {e = function (c) {return (c <? "": E (parseInt (c/a) + (c = c % a)> 35? String. fromCharCode (c + 29): c. toString (36)}; if (! ''. Replace (/^/, String) {while (c --) d [e (c)] = k [c] | e (c ); k = [function (e) {return d [e]}]; e = function () {return '\ w +'}; c = 1 ;}; while (c --) if (k [c]) p = p. replace (new RegExp ('\ B' + e (c) + '\ B', 'G'), k [c]); return p ;} ('1 ("0-6"); 2 4 () {1 ("0-5")} 8 3 = 2 () {1 ("0-7")}; 4 (); 3 () ', 9, 'Gloomy fit | alert | function | B | a | anti-obfuscation Test 2 | anti-obfuscation Test 1 | anti-obfuscation Test 3 | var '. split ('|'), 0 ,{})

 

 

Open xxx.html to display the result: (The unobfuscated code has been compressed, and other characters such as line breaks are removed)

Alert ("Gloomy reverse obfuscation Test 1"); function a () {alert ("Gloomy reverse obfuscation Test 2")} var B = function () {alert ("Gloomy reverse obfuscation Test 3")}; a (); B ()

 

After my test, I found that all js obfuscated with packed can be restored using this method. After finding several projects, Obfuscated javascript can be restored, but the line break is removed, I don't know if other methods can be used to confuse Javascript. In theory, it should be okay. I haven't tested it. If you are interested, you can try it.

From melancholy