JS解密之新js加密实战(二)

前言

上次发了一篇关于新加密的，只解了前边两层，这中间家里各种事情因素影响，没有继续进一步研究，今天百忙之中抽空发布第二篇，关于其中的一小段加密片段，我认为分割成多个小片段是更容易被理解的。逻辑相对也会清晰很多。这个加密前后关联的地方很多，所以有时候感觉无从下手。但所有加密都是有自己的规律的…

上代码片段

  if (_0x1756 && _0x6386.e_7zrpr > -51) {var _0x2423 = _0x31566(_0x2304 => {var _0x2412, _0x2356, _0x2344, _0x2416, _0x2417;void (_0x2412 = 401, _0x2356 = 335, _0x2344 = -208, _0x2416 = -493, _0x2417 = {["am"]: -4,["ai"]: () => _0x2344 += 212,["e"]: 6,["aj"]: -80,["c"]: 39,b: 0,ae: -106,["d"]: 1,["f"]: -0x11,k: 57,ah: () => {var _0x1832 = _0x31566(_0x1826 => {return _0x4899[_0x1826 < 0x25 ? _0x1826 - 0x1c : _0x1826 > 0x3b1 ? _0x1826 - 0xf : _0x1826 < 0x25 ? _0x1826 + 0x57 : _0x1826 < 0x3b1 ? _0x1826 > 0x25 ? _0x1826 - 0x26 : _0x1826 - 0x3b : _0x1826 - 0x23];}, 0x1);typeof (_0x2417["ad"](), _0x2412 += 139, _0x2356 += 41, _0x2344 -= 0x56, _0x2416 += _0x2417["ae"]);return '\x61\x66';},H: -97,j: () => _0x2416 += 108 == _0x2344 ? _0x2416 + 355 : 106,["av"]: () => {typeof (_0x2356 = -(_0x2412 - 271), _0x2412 *= 0x2, _0x2412 -= 353, _0x2356 *= 2, _0x2356 -= _0x2356 == _0x2417["am"] ? _0x2417["ao"] : 95, _0x2344 += _0x2412 == (_0x2344 == -334 ? -0x56 : _0x2417["aq"]) ? "ar" : 126, _0x2416 -= 242);return '\u0061\u0074';},J: 335,["ad"]: () => _0x2412 = -0x35,m: _0x31566(() => {return (_0x2417.l = _0x2244) < _0x2170;}, 0x0),["aC"]: _0x31497(_0x31566((..._0x1914) => {var _0x1916 = _0x31566(_0x1906 => {return _0x4899[_0x1906 < -0x5a ? _0x1906 + 0x43 : _0x1906 > 0x332 ? _0x1906 + 0x11 : _0x1906 < -0x5a ? _0x1906 + 0x52 : _0x1906 < 0x332 ? _0x1906 > -0x5a ? _0x1906 > -0x5a ? _0x1906 > 0x332 ? _0x1906 - 0x37 : _0x1906 > -0x5a ? _0x1906 + 0x59 : _0x1906 - 0x2b : _0x1906 + 0x62 : _0x1906 - 0x13 : _0x1906 - 0x3a];}, 0x1);typeof (_0x1914["length"] = 1, _0x1914.RsJKWo = _0x1914[0]);return _0x1914.RsJKWo - 211;}, 0x0), 0x1),aD: _0x31497(_0x31566((..._0x1969) => {var _0x1942 = _0x31566(_0x1937 => {return _0x4899[_0x1937 > 0x3c5 ? _0x1937 - 0x1e : _0x1937 < 0x39 ? _0x1937 + 0x3a : _0x1937 > 0x39 ? _0x1937 < 0x39 ? _0x1937 - 0x47 : _0x1937 > 0x39 ? _0x1937 > 0x39 ? _0x1937 - 0x3a : _0x1937 - 0x48 : _0x1937 - 0x11 : _0x1937 + 0x5];}, 0x1);typeof (_0x1969["length"] = 1, _0x1969["QfYIvH"] = 0x6a);if (_0x1969["QfYIvH"] > _0x1969["QfYIvH"] - (_0x1969["QfYIvH"] - 197)) {return _0x1969[_0x1969["QfYIvH"] - 102];} else {var _0x1970 = _0x31566(_0x1964 => {return _0x4899[_0x1964 < 0x361 ? _0x1964 > -0x2b ? _0x1964 > 0x361 ? _0x1964 - 0x43 : _0x1964 + 0x2a : _0x1964 + 0x7 : _0x1964 - 0x16];}, 0x1);return _0x1969[0] != _0x1969["QfYIvH"] + 0xbc && _0x1969[0] - 208;}}, 0x0), 1),["aE"]: _0x31497(_0x31566((..._0x1993) => {var _0x1989 = _0x31566(_0x1983 => {return _0x4899[_0x1983 < 0x5d ? _0x1983 - 0x3d : _0x1983 - 0x5e];}, 0x1);!(_0x1993["length"] = 0x1, _0x1993.qbo4gA3 = _0x1993[0]);return _0x1993.qbo4gA3 != -387 && _0x1993.qbo4gA3 + 0x1ff;}, 0x0), 1)});while (_0x2412 + _0x2356 + _0x2344 + _0x2416 != 0x58 && _0x6386.Tvr4gn > -32) {var _0x2285, _0x2102, _0x2170, _0x2244, _0x2379, _0x2380, _0x2383, _0x2379, _0x2380, _0x2383;function _0x2418(_0x2032) {return _0x4899[_0x2032 > 0xa ? _0x2032 > 0xa ? _0x2032 > 0xa ? _0x2032 < 0xa ? _0x2032 - 0xe : _0x2032 < 0x396 ? _0x2032 > 0xa ? _0x2032 > 0xa ? _0x2032 < 0xa ? _0x2032 - 0x49 : _0x2032 - 0xb : _0x2032 + 0x36 : _0x2032 + 0x6 : _0x2032 - 0x38 : _0x2032 - 0x31 : _0x2032 - 0x19 : _0x2032 - 0x2a];}void (_0x2285 = [_0x31471[_0x31499(578)](undefined, 15), "hasOwnProperty"], _0x2102 = {[_0x31499(0x246)]: "charAt"});switch (_0x2412 + _0x2356 + _0x2344 + _0x2416) {case _0x6386.v1RIIq() ? _0x2412 != 384 && _0x2412 - 366 : null:case !_0x6386.v1RIIq() ? 47 : 0x292:case _0x6386.v1RIIq() ? 0x336 : -202:case 203:typeof (_0x2170 = (_0x2417["i"] = _0x2304).length, _0x2412 -= 17);break;default:_0x2417["az"] = '\u0061\u0041';if (!(_0x6386.e_7zrpr > -0x33)) {_0x2344 += 0x56;break;}return _0x2379;case _0x6386.ZmJ02y["charAt"](4) == "5" ? _0x2417.aC(_0x2356) : void 0x0:case _0x6386.cYdZAA() ? 0x3e : 44:for (_0x2244 = (_0x2304.sort((_0x2092, _0x2093) => _0x31293(_0x2092, _0x2093, _0x31312 = -_0x2417["c"])), 0); _0x2417["m"]() && _0x6386.ZmJ02y[_0x2102[_0x31499(582)]](4) == "5"; _0x2244++) {var _0x2309 = _0x31566(_0x2124 => {return _0x4899[_0x2124 < -0x60 ? _0x2124 + 0xf : _0x2124 > 0x32c ? _0x2124 - 0xe : _0x2124 < -0x60 ? _0x2124 - 0x3b : _0x2124 > -0x60 ? _0x2124 > 0x32c ? _0x2124 + 0x38 : _0x2124 > 0x32c ? _0x2124 - 0x60 : _0x2124 + 0x5f : _0x2124 + 0x3b];}, 0x1);if ((_0x2417["e"] == 6 && _0x2244) > _0x2417["b"] && (_0x2417["f"] == "q" ? encodeURIComponent : _0x2304)[_0x2417["r"] = _0x2244] === (_0x2416 == _0x2417.c - 0x1aa ? _0x2304 : EvalError)[(typeof _0x2417["k"] == _0x2285[0] ? _0x2244 : Boolean) - (_0x2416 == 12 ? isFinite : _0x2417)["d"]]) {continue;}void (_0x2380 = _0x31293(_0x2244, 1, _0x31086((_0x2344 == -0xd0 ? _0x2417 : clearInterval)["e"])), _0x2383 = _0x31293(_0x2417["e"] == 77 ? document : _0x2170, 1, _0x31312 = -39));while ((_0x2417.b == -208 ? Error : _0x2380) < _0x2383 && _0x6386.e_7zrpr > -51) {var _0x2280 = _0x31566(_0x2189 => {return _0x4899[_0x2189 < -0x58 ? _0x2189 + 0x49 : _0x2189 + 0x57];}, 0x1);if ((_0x2416 == -0x183 ? _0x2304 : parseFloat)[_0x2244] + _0x2304[_0x2380] + (_0x2417["b"] == "w" ? Math : _0x2304)[_0x2383] < (_0x2417["z"] = _0x2417)["b"] && _0x6386.Tvr4gn > -32) {_0x2380++;} else {if (_0x2304[_0x2244] + (_0x2417["B"] = _0x2304)[_0x2380] + _0x2304[_0x2383] > _0x2417["b"] && _0x6386.cYdZAA()) {_0x2383--;} else {var _0x2317 = _0x31566(_0x2231 => {return _0x4899[_0x2231 < 0x0 ? _0x2231 - 0x38 : _0x2231 < 0x0 ? _0x2231 - 0xc : _0x2231 - 0x1];}, 0x1);(_0x2356 == (_0x2412 == -12 ? 45 : 335) && _0x2379).push([(_0x2417.k == 384 ? setImmediate : _0x2304)[_0x2244], (_0x2416 == _0x2417["H"] || _0x2304)[_0x2380], _0x2304[_0x2417.f == -17 && _0x2383]]);while (_0x2380 < (_0x2417.f == 14 || _0x2383) && (_0x2416 == (-102 < _0x2344 ? 146 : -387) ? _0x2304 : String)[_0x2417["L"] = _0x2380] === _0x2304[(_0x2417["b"] == -0x45 ? WeakSet : _0x2380) + (typeof _0x2417["c"] == "object" ? setTimeout : _0x2417)["d"]] && _0x6386.v1RIIq()) _0x2380++;while ((_0x2417[_0x2285[1]]("T") ? confirm : _0x2380) < _0x2383 && (_0x2417.c == 39 ? _0x2304 : globalThis)[_0x2383] === (_0x2417[_0x31471[_0x31499(577)](void 0x0, [0x12]) + "Proper" + '\u0074\u0079']("X") || _0x2304)[(_0x2417["ab"] = _0x2383) - (_0x2344 == -208 ? _0x2417 : isNaN)["d"]] && _0x6386.ZmJ02y[_0x31471[_0x31499(578)](undefined, 11)](0x4) == "5") _0x2383--;!(_0x2380++, _0x2383--);}}}}_0x2412 -= 122;break;case _0x6386.e_7zrpr > -0x33 ? 466 : -229:case _0x6386.e_7zrpr > -51 ? 0x3d7 : -154:case 0x54:!(_0x2379 = [], _0x2380 = _0x2417["b"], _0x2383 = 0, _0x2412 += _0x2417.f, _0x2356 += _0x2344 == -208 ? -0x31 : _0x2417["h"], _0x2416 += _0x2412 - 278);break;case _0x6386.e_7zrpr > -51 ? _0x2417.aD(_0x2356) : undefined:case _0x6386.v1RIIq() ? 0x304 : -134:case _0x6386.Tvr4gn > -0x20 ? 715 : -162:if (_0x2417.av() == '\x61\x74' && _0x6386.ZmJ02y["charAt"](0x4) == "5") {break;}case !_0x6386.cYdZAA() ? null : _0x2417.aE(_0x2416):void (delete _0x2417["ay"], _0x2379 = [], _0x2380 = _0x2417.b, _0x2383 = 0x0, _0x2417.j());break;case _0x6386.ZmJ02y["charAt"](4) == "5" ? 0x2f : -0xcd:if (_0x2417["ah"]() == '\x61\x66' && _0x6386.cYdZAA()) {break;}case _0x6386.Tvr4gn > -32 ? 682 : 0x0:case _0x6386.cYdZAA() ? 721 : 125:case 86:case !(_0x6386.Tvr4gn > -32) ? -33 : 951:void (_0x2412 = -87, _0x2412 -= 0x73, _0x2417["ai"](), _0x2416 += _0x2416 == _0x2417["aj"] ? 20 : -136);}}}, 0x1);console.log(_0x2423);}

分析思路

我截取了这个if里的函数体，里面是如下内容

申明了一些变量、以及一个对象体、一个循环体。结构如下。

1. 初始化变量：在循环开始之前，有一系列变量的初始化操作，例如 _0x2285, _0x2102, _0x2170, _0x2244, _0x2379, _0x2380, _0x2383。这些变量可能在后续的逻辑中被使用。
2. 条件判断：循环体的开头是一个条件判断语句，判断 _0x2412 + _0x2356 + _0x2344 + _0x2416 是否等于 0x58，并且 _0x6386.Tvr4gn 是否大于 -32。这个条件可能是用来控制循环的终止条件。
3. 分支逻辑：根据不同的条件，循环体内有多个分支逻辑，每个分支可能执行不同的操作。例如，根据条件判断的结果，可能会执行不同的赋值操作、函数调用或者控制流程跳转。
4. 变量修改：循环体内对多个变量进行了修改，包括增加、减少、赋值等操作。这些操作可能是用来控制程序的状态或者执行特定的逻辑。
5. 循环控制：在循环体内部还有一些语句用来控制循环的继续或者中止，例如 continue 和 break 语句。这些语句可能在特定的条件下执行，影响循环的执行流程。

结论

其实到这一步，懂的人已经很明了了，如果一步步手动还原。但是我要做的是用代码还原，这是一个很有趣的问题。

js加密解密都是可逆的，只要是js都没问题。最终解释权由jsjiami官网所有