某盾BLACKBOX逆向关键点

需要准备的东西：

1、原JS码

2、AST解混淆码

3、token(来源于JSON)

一、原JS码很好获取，每次页面刷新，混淆的代码都会变，这是正常，以下为部分代码

    while (Qooo0) {switch (Qooo0) {case 110 + 14 - 55: {function O0o00O(OQooQ) {OQooQ = OQooQ[QQQQoo[227]](/\r\n/g, QQQQoo[1253]);var O0oQQ = QQQQoo[333];for (var Qooo0 = 0; oo0Ooo(Qooo0, OQooQ[QQQQoo[1283]]); Qooo0++) {var QQQoo = OQooQ[QQQQoo[1555]](Qooo0);if (oo0Ooo(QQQoo, 128)) {O0oQQ += window[QQQQoo[1208]][QQQQoo[1500]](QQQoo);} else if (OOo0oQ(QQQoo, 127) && oo0Ooo(QQQoo, 2048)) {O0oQQ += window[QQQQoo[1208]][QQQQoo[1500]](o000O0(o00oOo(QQQoo, 6), 192)),O0oQQ += window[QQQQoo[1208]][QQQQoo[1500]](o000O0(QoO0oO(QQQoo, 63), 128));} else {O0oQQ += window[QQQQoo[1208]][QQQQoo[1500]](o000O0(o00oOo(QQQoo, 12), 224)),O0oQQ += window[QQQQoo[1208]][QQQQoo[1500]](o000O0(QoO0oO(o00oOo(QQQoo, 6), 63), 128)),O0oQQ += window[QQQQoo[1208]][QQQQoo[1500]](o000O0(QoO0oO(QQQoo, 63), 128));}}return O0oQQ;}

二、AST解混淆，从原代码中抠出还原函数

编写AST,生成混淆还原代码

// 3. 定义 AST 转换函数
const decodeOb = {MemberExpression(path) {node = path.node;if (node.type === "MemberExpression" && node.object && node.object.name == 'QQQQoo') {console.log(path.toString())val = QQQQoo[node.property.value]path.replaceWith(types.stringLiteral(val))}}
};

还原后的代码

三 获取token,来源于json请求，每次请求都会变

https://fp.xxxdun.net/web3_8/profile.json?partner=tongdun&app_name=x_tongdun2_web&token_id=tongdun-1714874683694-ef1d0816878f8.............

_1714874684980_2969({"code": "000","result": {"tokenId": "0WPS1714874686ZQ4VisB07","xxid": "5qRJHQOJHPRmAkU8g+jCjtyDZS40YwiptTdsoY1Qsyic0g51ikOVw8ILu1uWcF4sc6FlRyff6WaR8hvd2x2zjQ==","xdid": "l0K6kEi+J5wxRC99GTN0HziEqsuQt8RXrljMAeqn9Eg=","bxid": "T9j2S2ENdX/TT8YOCMG+5qc1WVqrLa9Q6Be9sV+M6rAvMlxNZsixBuXvdFavlP7RdymHuwhRt6Y+XxNWskDHTQ==","c": {"factor": 0,"op": 0,"cm": 0,"vt": 1296000,"pi": 795749755}},"desc": ""
})

数据准备完毕，开始blackbox逆向，一路跟进，抠出代码

window = globalThis;var OQooQ = '0WPS1714874686ZQ4VisB07'var OQQOoQ = []function Oo0o00(OQooQ) {var O0oQQ = 100;while (O0oQQ) {switch (O0oQQ) {case 132 + 11 - 43: {if (QO00o0(OQooQ["length"], 23)) {return OQooQ;}var Qooo0 = "";O0oQQ = 101;break;}case 157 + 12 - 67: {var QQQoo = [];var O0oO0 = 0;O0oQQ = 103;break;}case 179 + 19 - 95: {var QOo0O = 76;while (QOo0O) {switch (QOo0O) {case 124 + 5 - 52: {QQQoo = [oOOQ0[parseInt(o00oO0(window["Math"]["random"](), 62))], oOOQ0[parseInt(o00oO0(window["Math"]["random"](), 62))], oOOQ0[parseInt(o00oO0(window["Math"]["random"](), 62))]];if (OOo0oQ(OQQOoQ["length"], 1000) || OQ0O00(OQQOoQ["indexOf"](Q0Q00o(Q0Q00o(Q0Q00o("", QQQoo[0]), QQQoo[1]), QQQoo[2])), -1)) {O0oO0 = 1000, OQQOoQ["push"](Q0Q00o(Q0Q00o(Q0Q00o("", QQQoo[0]), QQQoo[1]), QQQoo[2])), Qooo0 = Q0Q00o(Q0Q00o(Q0Q00o(Q0Q00o(Q0Q00o(Q0Q00o(Q0Q00o(Q0Q00o("", o00OQ[0]), o00OQ[1]), QQQoo[0]), o00OQ[2]), QQQoo[1]), o00OQ[3]), QQQoo[2]), o00OQ[4]);}QOo0O = 78;break;}case 114 + 9 - 45: {O0oO0++;QOo0O = 76;break;}case 132 + 17 - 73: {QOo0O = oo0Ooo(O0oO0, 1000) ? 77 : 0;break;}}}if (QO00o0(Qooo0["length"], 26)) {Qooo0 = Q0Q00o(Q0Q00o(Q0Q00o(Q0Q00o(Q0Q00o(Q0Q00o(Q0Q00o(Q0Q00o("", o00OQ[0]), o00OQ[1]), QQQoo[0]), o00OQ[2]), QQQoo[1]), o00OQ[3]), QQQoo[2]), o00OQ[4]);}return Qooo0;}case 150 + 5 - 54: {var o00OQ = ["ghijklmnopqrstuv"["charAt"]("0123456789abcdef"["indexOf"](OQooQ["substring"](0, 1))), OQooQ["substring"](1, 4), OQooQ["substring"](4, 14), OQooQ["substring"](14, 22), OQooQ["substring"](22, 23)];var oOOQ0 = ["A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z", "a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "0", "1", "2", "3", "4", "5", "6", "7", "8", "9"];O0oQQ = 102;break;}}}
}let blackbox = Oo0o00(OQooQ)
console.log(blackbox)

输出blackbox:gWPSN1714874686HZQ4VisB047