-
-
[原创]231解混淆
-
发表于: 2025-9-12 17:01
-
不是专业前端,代码潦草勿喷,思路大概就是下面这些,想要解混淆后的文件可以私我,去混淆脚本就不提供了,新版本字符串解密只能解一部分有很多没解出来但流程还是通的,替换之后也是能正常过的同理et开头的文件也是这个流程解混淆
遍历 AST 并查找逗号表达式, 逗号转分号
最后压缩到了这么多case
void (...)
searchVoid = function (path) {
if (path.node.operator === 'void') {
// 获取 void 表达式中的内部表达式
const innerExpression = path.node.argument;
if (t.isNumericLiteral(innerExpression)) {
if (innerExpression.value === 0) {
return
}
}
path.replaceWith(innerExpression);
}
}B > 14 && (T_ = "", a = 14) : 18 == B
andToExpression = function (path) {
const node = path.node if (t.isBinaryExpression(node.left)) {
const ExpressionStatement = {
type: "ConditionalExpression",
test: node.left,
consequent: node.right,
alternate: {
type: "UnaryExpression",
operator: "void",
prefix: true,
argument: {
type: "NumericLiteral",
value: 0
}
}
}
path.replaceWith(ExpressionStatement)
}
}l = Nv ? 265472 : 8660480
l = Nv ? l = 265472 : l = 8660480
if (t.isConditionalExpression(node.right)) {
const ifStatement = t.ifStatement(
node.right.test,
t.blockStatement([t.expressionStatement(t.assignmentExpression(
node.operator,
node.left,
node.right.consequent
))]),
t.blockStatement([t.expressionStatement(t.assignmentExpression(
node.operator,
node.left,
node.right.alternate
))]),
);
// path.parent = ifStatement
// 替换原有的赋值表达式为 if...else 语句
path.replaceWithMultiple(ifStatement);
}const ternaryToIfElse = function (path) {
const {node} = path;
if (t.isConditionalExpression(node.expression)) {
path.replaceWith(t.ifStatement(
node.expression.test,
t.blockStatement([t.expressionStatement(node.expression.consequent)]),
t.blockStatement([t.expressionStatement(node.expression.alternate)])
))
}
};if (t.isExpressionStatement(path.parentPath)) {
if (t.isBlockStatement(path.parentPath.parentPath.node)) {
path.parentPath.parentPath.remove()
}
} [培训]Windows内核深度攻防:从Hook技术到Rootkit实战!
最后于 2025-9-12 19:24
被wbwnnx编辑
,原因:
|
|
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
