记录一次js分析破解过程（二）（jsjiami 的破解）

加密文件1~5 的加密方式是雷同的

我们拿代码1做例子！手动格式化代码。

var _0xodG='xxxpan.com',_0x550c=[_0xodG,'5Yap6ZST6aO46Z2U6YWw5pS56K2f6ZeC','w50UcMOQw5o=','w7XDi8Oiw4A=','w4/Dm8OIw7HClg==','wqjCrCnCjcOPNQ==','W8OTXMKbwrs=','wqbClHcnw70=','WsOyT8K6wpU=','BcK1w6tnwo/Ckg==','XsKswp/Di8K/','dAHDjsKTwoQ=','wod4QMK3wrw=','w7MLWS/Dhw==','fsO0QsKmwrs=','wqnCuhYASw==','Ai88w4I=','wo5LQ8KPTMKewpnCqsKm','wrzCkcO/c8Ocw6rCiA==','w5x5KB0=','wpRRQsKa','wqNfRsKSwocYwoNLSsOxwoQ=','w5N3JxAiw5zDp8Or','NsK7K8KTUMKb','OsKLOcO/Lj8qwp0=','wpTCoCbDihELwow7cw==','wpTCnVDDpsOrw5RuG0A=','ZcKWVTw=','w63DjMO0w44=','VHLDviUN','w5DChALDvsKtw4EpAgA=','6K+q5YqM55m/6ZCn5p+h56qq6LaM5ruJ','PxxxpVavOsrnuevOWgq.cXomL=='];
(function(_0x23e18f,_0x31f469,_0x2c2e27){
	var _0x17dbc0=function(_0x331e14,_0x5518e9,_0x444dfa,_0x23a3ea,_0x326368){
		_0x5518e9=_0x5518e9>>0x8,_0x326368='po',asdfds='shift',afew1='push';
		if(_0x5518e9<_0x331e14){
			while(--_0x331e14){
				_0x23a3ea=_0x23e18f[asdfds]();
				if(_0x5518e9===_0x331e14){
					_0x5518e9=_0x23a3ea;
					_0x444dfa=_0x23e18f[_0x326368+'p']();
				}else if(_0x5518e9&&_0x444dfa['replace'](/[PVvOsruevOWgqXL=]/g,'')===_0x5518e9){
					_0x23e18f[afew1](_0x23a3ea);
				}
			}_0x23e18f[afew1](_0x23e18f[asdfds]());
		}
		return 0x32d76;
	};
	var _0x250c8c=function(){
		var _0x5bcc0c={'data':{'key':'cookie','value':'timeout'},
			'setCookie':function(_0x15a544,_0x532664,_0x140855,_0x2e431c){
				_0x2e431c=_0x2e431c||{};
				var _0x5bc146=_0x532664+'='+_0x140855;
				var _0x5ad6bd=0x0;
				for(var _0x5ad6bd=0x0,_0x4e3d87=_0x15a544['length'];_0x5ad6bd<_0x4e3d87;_0x5ad6bd++){
					var _0x3a8b87=_0x15a544[_0x5ad6bd];
					_0x5bc146+=';\x20'+_0x3a8b87;
					var _0x8e90dc=_0x15a544[_0x3a8b87];
					_0x15a544['push'](_0x8e90dc);
					_0x4e3d87=_0x15a544['length'];
					if(_0x8e90dc!==!![]){
						_0x5bc146+='='+_0x8e90dc;
					}
				}_0x2e431c['cookie']=_0x5bc146;
			},'removeCookie':function(){return'dev';},'getCookie':function(_0x3af33c,_0x234b30){
				_0x3af33c=_0x3af33c||function(_0x571a26){
					return _0x571a26;
				};
				var _0x3ed26f=_0x3af33c(new RegExp('(?:^|;\x20)'+_0x234b30['replace'](/([.$?*|{}()[]\/+^])/g,'$1')+'=([^;]*)'));
				var _0x650c02=function(_0x37d558,_0x1f96d2,_0x4fdceb){
					_0x37d558(++_0x1f96d2,_0x4fdceb);
				};
				_0x650c02(_0x17dbc0,_0x31f469,_0x2c2e27);
				return _0x3ed26f?decodeURIComponent(_0x3ed26f[0x1]):undefined;
			}
		};
		var _0x991d49=function(){
			var _0x3c21fb=new RegExp('\x5cw+\x20*\x5c(\x5c)\x20*{\x5cw+\x20*[\x27|\x22].+[\x27|\x22];?\x20*}');
			return _0x3c21fb['test'](_0x5bcc0c['removeCookie']['toString']());
		};
		_0x5bcc0c['updateCookie']=_0x991d49;
		var _0x2cb897='';
		var _0xa060fe=_0x5bcc0c['updateCookie']();
		if(!_0xa060fe){
			_0x5bcc0c['setCookie'](['*'],'counter',0x1);
		}else if(_0xa060fe){
			_0x2cb897=_0x5bcc0c['getCookie'](null,'counter');
		}else{
			_0x5bcc0c['removeCookie']();
		}
	};
	_0x250c8c();
}(_0x550c,0xd1,0xd100));


var _0x56ae=function(_0xd47042,_0x63080){
  _0xd47042=~~'0x'['concat'](_0xd47042);
  var _0x5996ba=_0x550c[_0xd47042];
  if(_0x56ae['ECexVT']===undefined){
  	(function(){
  		var _0x12dc1f=typeof window!=='undefined'?window:typeof process==='object'&&typeof require==='function'&&typeof global==='object'?global:this;
  		var _0x1eeaa4='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';
  		_0x12dc1f['atob']||(_0x12dc1f['atob']=function(_0x290a53){
  			var _0x3e25f5=String(_0x290a53)['replace'](/=+$/,'');
  			for(var _0x4b988b=0x0,_0x1ad26d,_0x379637,_0x498d41=0x0,_0x27b6c0='';_0x379637=_0x3e25f5['charAt'](_0x498d41++);~_0x379637&&(_0x1ad26d=_0x4b988b%0x4?_0x1ad26d*0x40+_0x379637:_0x379637,_0x4b988b++%0x4)?_0x27b6c0+=String['fromCharCode'](0xff&_0x1ad26d>>(-0x2*_0x4b988b&0x6)):0x0){
  				_0x379637=_0x1eeaa4['indexOf'](_0x379637);
  			}
  			return _0x27b6c0;
  		});
  	}());
  	var _0x1f8eb7=function(_0x4b8a01,_0x63080){
  		var _0x3071b5=[],_0x9c5f63=0x0,_0x78c351,_0x2acf7e='',_0x600b11='';
  			_0x4b8a01=atob(_0x4b8a01);
 			for(var _0x39cfba=0x0,_0x40cd16=_0x4b8a01['length'];_0x39cfba<_0x40cd16;_0x39cfba++){
 				_0x600b11+='%'+('00'+_0x4b8a01['charCodeAt'](_0x39cfba)['toString'](0x10))['slice'](-0x2);
  		}
  		_0x4b8a01=decodeURIComponent(_0x600b11);
  		for(var _0x5e4d62=0x0;_0x5e4d62<0x100;_0x5e4d62++){
  			_0x3071b5[_0x5e4d62]=_0x5e4d62;
  		}
  		for(_0x5e4d62=0x0;_0x5e4d62<0x100;_0x5e4d62++){
  			_0x9c5f63=(_0x9c5f63+_0x3071b5[_0x5e4d62]+_0x63080['charCodeAt'](_0x5e4d62%_0x63080['length']))%0x100;
  			_0x78c351=_0x3071b5[_0x5e4d62];_0x3071b5[_0x5e4d62]=_0x3071b5[_0x9c5f63];_0x3071b5[_0x9c5f63]=_0x78c351;
  		}
  		_0x5e4d62=0x0;
  		_0x9c5f63=0x0;
  		for(var _0x1a7c7e=0x0;_0x1a7c7e<_0x4b8a01['length'];_0x1a7c7e++){
  			_0x5e4d62=(_0x5e4d62+0x1)%0x100;
  			_0x9c5f63=(_0x9c5f63+_0x3071b5[_0x5e4d62])%0x100;
  			_0x78c351=_0x3071b5[_0x5e4d62];
  			_0x3071b5[_0x5e4d62]=_0x3071b5[_0x9c5f63];
  			_0x3071b5[_0x9c5f63]=_0x78c351;
  			_0x2acf7e+=String['fromCharCode'](_0x4b8a01['charCodeAt'](_0x1a7c7e)^_0x3071b5[(_0x3071b5[_0x5e4d62]+_0x3071b5[_0x9c5f63])%0x100]);
  		}
  		return _0x2acf7e;
  	};
  	_0x56ae['xPLTue']=_0x1f8eb7;
  	_0x56ae['wJyKEr']={};
  	_0x56ae['ECexVT']=!![];
  }
  var _0x362eaf=_0x56ae['wJyKEr'][_0xd47042];
  if(_0x362eaf===undefined){
  	if(_0x56ae['NbHMmN']===undefined){
  		var _0x5cf2a5=function(_0x5a560e){
  			this['jAPecI']=_0x5a560e;
  			this['kOSOJn']=[0x1,0x0,0x0];
  			this['tdEaoU']=function(){return'newState';};
  			this['gkOxWc']='\x5cw+\x20*\x5c(\x5c)\x20*{\x5cw+\x20*';
  			this['PzeyAT']='[\x27|\x22].+[\x27|\x22];?\x20*}';
  		};
  		_0x5cf2a5['prototype']['zEvXjH']=function(){
  			var _0x43bec9=new RegExp(this['gkOxWc']+this['PzeyAT']);
  			var _0x2750c5=_0x43bec9['test'](this['tdEaoU']['toString']())?--this['kOSOJn'][0x1]:--this['kOSOJn'][0x0];
  			return this['bOwCAi'](_0x2750c5);
  		};
  		_0x5cf2a5['prototype']['bOwCAi']=function(_0x265212){
  			if(!Boolean(~_0x265212)){return _0x265212;}
  			return this['hJHoCg'](this['jAPecI']);
  		};
  		_0x5cf2a5['prototype']['hJHoCg']=function(_0x48db87){
  			for(var _0x5f20c3=0x0,_0x53546a=this['kOSOJn']['length'];_0x5f20c3<_0x53546a;_0x5f20c3++){
  				this['kOSOJn']['push'](Math['round'](Math['random']()));
  				_0x53546a=this['kOSOJn']['length'];
  			}
  			return _0x48db87(this['kOSOJn'][0x0]);
  		};
  		new _0x5cf2a5(_0x56ae)['zEvXjH']();
  		_0x56ae['NbHMmN']=!![];
  	}
  	_0x5996ba=_0x56ae['xPLTue'](_0x5996ba,_0x63080);
  	_0x56ae['wJyKEr'][_0xd47042]=_0x5996ba;
  }else{
  	_0x5996ba=_0x362eaf;
  }
  return _0x5996ba;
};


  	var oooo=0xf23d4,ooe;
  	if(oooo=oooo>>0xc^0xd5,ooe=window[_0x56ae('0','XMuj')]&&window[_0x56ae('1','Fq%k')][_0x56ae('2','Ysge')]){
  		var i=0x9;
  		for(oooo=oooo^i;i<oooo|0x9;i>0x0){
  			ooe[_0x56ae('3','[BTn')]=ooe[_0x56ae('4','KjA1')]+'?'+i;
  		};
  	};
  	(function(){
  		var _0x5be702=function(){
  			var _0x3fbf2c=!![];
  			return function(_0x5510b,_0x342b9d){
  				var _0x4f97f7=_0x3fbf2c?function(){
  					if(_0x342b9d){
  						var _0x3c1367=_0x342b9d['apply'](_0x5510b,arguments);
  						_0x342b9d=null;
  						return _0x3c1367;
  					}
  				}:function(){};
  				_0x3fbf2c=![];
  				return _0x4f97f7;
  			};
  		}();
  		var _0x20c668=_0x5be702(this,function(){
  			var _0x3dfc67=function(){return'\x64\x65\x76';},_0x5a434c=function(){return'\x77\x69\x6e\x64\x6f\x77';};
  			var _0x5c2c7d=function(){var _0x3a7bcc=new RegExp('\x5c\x77\x2b\x20\x2a\x5c\x28\x5c\x29\x20\x2a\x7b\x5c\x77\x2b\x20\x2a\x5b\x27\x7c\x22\x5d\x2e\x2b\x5b\x27\x7c\x22\x5d\x3b\x3f\x20\x2a\x7d');return!_0x3a7bcc['\x74\x65\x73\x74'](_0x3dfc67['\x74\x6f\x53\x74\x72\x69\x6e\x67']());};
  			var _0x1cf834=function(){var _0x18fc40=new RegExp('\x28\x5c\x5c\x5b\x78\x7c\x75\x5d\x28\x5c\x77\x29\x7b\x32\x2c\x34\x7d\x29\x2b');return _0x18fc40['\x74\x65\x73\x74'](_0x5a434c['\x74\x6f\x53\x74\x72\x69\x6e\x67']());};
  			var _0x3181f8=function(_0x4a3a1d){var _0x1296a8=~-0x1>>0x1+0xff%0x0;if(_0x4a3a1d['\x69\x6e\x64\x65\x78\x4f\x66']('\x69'===_0x1296a8)){_0x53db87(_0x4a3a1d);}};
  			var _0x53db87=function(_0x476ccd){var _0x100043=~-0x4>>0x1+0xff%0x0;if(_0x476ccd['\x69\x6e\x64\x65\x78\x4f\x66']((!![]+'')[0x3])!==_0x100043){_0x3181f8(_0x476ccd);}};
  			if(!_0x5c2c7d()){
  				if(!_0x1cf834()){
  					_0x3181f8('\x69\x6e\x64\u0435\x78\x4f\x66');
  				}else{
  					_0x3181f8('\x69\x6e\x64\x65\x78\x4f\x66');
  				}
  			}else{
  				_0x3181f8('\x69\x6e\x64\u0435\x78\x4f\x66');
  			}
  		});
  		_0x20c668();
  		var _0x13f44d={'HiZHE':_0x56ae('5','[b@r'),'irfJI':function(_0x16f976,_0x409789){return _0x16f976!==_0x409789;},'JeYYT':function(_0x992c77,_0x6054ee){return _0x992c77!==_0x6054ee;},'ECbiR':_0x56ae('6','Ysge'),'mNDuE':_0x56ae('7','vCT3'),'UXJxx':_0x56ae('8','(MIb'),'ABXlH':function(_0x4ae14b,_0x5ddf84,_0x1adfee){return _0x4ae14b(_0x5ddf84,_0x1adfee);}};
  		var _0x4317e3=[],_0x37edaa=0x32,_0x11545a=![];
  		_0x13f44d[_0x56ae('9','qnq*')](setInterval,_0x5ce9ac,0x1);
  		return{'addListener':function(_0x2e5165){_0x4317e3[_0x56ae('a','KjA1')](_0x2e5165);},'cancleListenr':function(_0x4b1b9f){
  			var _0x53975a={'IHIik':function(_0x39d77d,_0x204173){
  				return _0x13f44d[_0x56ae('b','KjA1')](_0x39d77d,_0x204173);}
  			};
  			_0x4317e3=_0x4317e3[_0x56ae('c','EQkE')](function(_0x53d113){
  				if(_0x13f44d[_0x56ae('d','xPDp')]!==_0x13f44d[_0x56ae('e','%CVR')]){
  					var _0x2e5e62={'hFlGu':function(_0x3c20b2,_0x439340){
  						return _0x53975a[_0x56ae('f','xPDp')](_0x3c20b2,_0x439340);
  					}};
  					_0x4317e3=_0x4317e3[_0x56ae('10','plF2')](function(_0x32719f){
  						return _0x2e5e62[_0x56ae('11','b@e3')](_0x32719f,_0x4b1b9f);
  					});
  				}else{
  					return _0x13f44d[_0x56ae('12','vCT3')](_0x53d113,_0x4b1b9f);
  				}
  			});
  		}};
  		function _0x5ce9ac(){
  			var _0x211ef9=new Date();
  			debugger;
  			if(new Date()-_0x211ef9>_0x37edaa){
  				var _0x523cd2=_0x13f44d[_0x56ae('13','c433')][_0x56ae('14','@R32')]('|'),_0xe22ccc=0x0;
  				while(!![]){
  					switch(_0x523cd2[_0xe22ccc++]){
  						case'0':
  							_0x11545a=!![];
  							continue;
  						case'1':
  							while(!![]){
  								alert(_0x13f44d[_0x56ae('15','xPDp')]);
  								alert(_0x13f44d[_0x56ae('16','JHYN')]);
  							}
  							continue;
  						case'2':
  							document[_0x56ae('17','6Iq#')][_0x56ae('18','7N0H')]='';
  							continue;
  						case'3':
  							if(!_0x11545a){
  								_0x4317e3[_0x56ae('19','(MIb')](function(_0x1c693e){
  									_0x1c693e[_0x56ae('1a','c5mL')](null);
  								});
  							}
  							continue;
  						case'4':
  							window[_0x56ae('1b','7N0H')]();
  							continue;
  					}
  					break;
  				}
  			}else{
  				_0x11545a=![];
  			}
  		}
  	}()[_0x56ae('1c','c433')](function(){
  			window[_0x56ae('1d','c5mL')][_0x56ae('1e','GKx$')]();
  	}));
	
	
	
	document.write("test! this run! this js is ok");

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

var _0xodG='xxxpan.com',_0x550c=[_0xodG,'5Yap6ZST6aO46Z2U6YWw5pS56K2f6ZeC','w50UcMOQw5o=','w7XDi8Oiw4A=','w4/Dm8OIw7HClg==','wqjCrCnCjcOPNQ==','W8OTXMKbwrs=','wqbClHcnw70=','WsOyT8K6wpU=','BcK1w6tnwo/Ckg==','XsKswp/Di8K/','dAHDjsKTwoQ=','wod4QMK3wrw=','w7MLWS/Dhw==','fsO0QsKmwrs=','wqnCuhYASw==','Ai88w4I=','wo5LQ8KPTMKewpnCqsKm','wrzCkcO/c8Ocw6rCiA==','w5x5KB0=','wpRRQsKa','wqNfRsKSwocYwoNLSsOxwoQ=','w5N3JxAiw5zDp8Or','NsK7K8KTUMKb','OsKLOcO/Lj8qwp0=','wpTCoCbDihELwow7cw==','wpTCnVDDpsOrw5RuG0A=','ZcKWVTw=','w63DjMO0w44=','VHLDviUN','w5DChALDvsKtw4EpAgA=','6K+q5YqM55m/6ZCn5p+h56qq6LaM5ruJ','PxxxpVavOsrnuevOWgq.cXomL=='];

(function(_0x23e18f,_0x31f469,_0x2c2e27){

var _0x17dbc0=function(_0x331e14,_0x5518e9,_0x444dfa,_0x23a3ea,_0x326368){

_0x5518e9=_0x5518e9>>0x8,_0x326368='po',asdfds='shift',afew1='push';

if(_0x5518e9<_0x331e14){

while(--_0x331e14){

_0x23a3ea=_0x23e18f[asdfds]();

if(_0x5518e9===_0x331e14){

_0x5518e9=_0x23a3ea;

_0x444dfa=_0x23e18f[_0x326368+'p']();

}else if(_0x5518e9&&_0x444dfa['replace'](/[PVvOsruevOWgqXL=]/g,'')===_0x5518e9){

_0x23e18f[afew1](_0x23a3ea);

}

}_0x23e18f[afew1](_0x23e18f[asdfds]());

}

return 0x32d76;

};

var _0x250c8c=function(){

var _0x5bcc0c={'data':{'key':'cookie','value':'timeout'},

'setCookie':function(_0x15a544,_0x532664,_0x140855,_0x2e431c){

_0x2e431c=_0x2e431c||{};

var _0x5bc146=_0x532664+'='+_0x140855;

var _0x5ad6bd=0x0;

for(var _0x5ad6bd=0x0,_0x4e3d87=_0x15a544['length'];_0x5ad6bd<_0x4e3d87;_0x5ad6bd++){

var _0x3a8b87=_0x15a544[_0x5ad6bd];

_0x5bc146+=';\x20'+_0x3a8b87;

var _0x8e90dc=_0x15a544[_0x3a8b87];

_0x15a544['push'](_0x8e90dc);

_0x4e3d87=_0x15a544['length'];

if(_0x8e90dc!==!![]){

_0x5bc146+='='+_0x8e90dc;

}

}_0x2e431c['cookie']=_0x5bc146;

},'removeCookie':function(){return'dev';},'getCookie':function(_0x3af33c,_0x234b30){

_0x3af33c=_0x3af33c||function(_0x571a26){

return _0x571a26;

};

var _0x3ed26f=_0x3af33c(new RegExp('(?:^|;\x20)'+_0x234b30['replace'](/([.$?*|{}()[]\/+^])/g,'$1')+'=([^;]*)'));

var _0x650c02=function(_0x37d558,_0x1f96d2,_0x4fdceb){

_0x37d558(++_0x1f96d2,_0x4fdceb);

};

_0x650c02(_0x17dbc0,_0x31f469,_0x2c2e27);

return _0x3ed26f?decodeURIComponent(_0x3ed26f[0x1]):undefined;

}

};

var _0x991d49=function(){

var _0x3c21fb=new RegExp('\x5cw+\x20*\x5c(\x5c)\x20*{\x5cw+\x20*[\x27|\x22].+[\x27|\x22];?\x20*}');

return _0x3c21fb['test'](_0x5bcc0c['removeCookie']['toString']());

};

_0x5bcc0c['updateCookie']=_0x991d49;

var _0x2cb897='';

var _0xa060fe=_0x5bcc0c['updateCookie']();

if(!_0xa060fe){

_0x5bcc0c['setCookie'](['*'],'counter',0x1);

}else if(_0xa060fe){

_0x2cb897=_0x5bcc0c['getCookie'](null,'counter');

}else{

_0x5bcc0c['removeCookie']();

}

};

_0x250c8c();

}(_0x550c,0xd1,0xd100));

var _0x56ae=function(_0xd47042,_0x63080){

_0xd47042=~~'0x'['concat'](_0xd47042);

var _0x5996ba=_0x550c[_0xd47042];

if(_0x56ae['ECexVT']===undefined){

(function(){

var _0x12dc1f=typeof window!=='undefined'?window:typeof process==='object'&&typeof require==='function'&&typeof global==='object'?global:this;

var _0x1eeaa4='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';

_0x12dc1f['atob']||(_0x12dc1f['atob']=function(_0x290a53){

var _0x3e25f5=String(_0x290a53)['replace'](/=+$/,'');

for(var _0x4b988b=0x0,_0x1ad26d,_0x379637,_0x498d41=0x0,_0x27b6c0='';_0x379637=_0x3e25f5['charAt'](_0x498d41++);~_0x379637&&(_0x1ad26d=_0x4b988b%0x4?_0x1ad26d*0x40+_0x379637:_0x379637,_0x4b988b++%0x4)?_0x27b6c0+=String['fromCharCode'](0xff&_0x1ad26d>>(-0x2*_0x4b988b&0x6)):0x0){

_0x379637=_0x1eeaa4['indexOf'](_0x379637);

}

return _0x27b6c0;

});

}());

var _0x1f8eb7=function(_0x4b8a01,_0x63080){

var _0x3071b5=[],_0x9c5f63=0x0,_0x78c351,_0x2acf7e='',_0x600b11='';

_0x4b8a01=atob(_0x4b8a01);

for(var _0x39cfba=0x0,_0x40cd16=_0x4b8a01['length'];_0x39cfba<_0x40cd16;_0x39cfba++){

_0x600b11+='%'+('00'+_0x4b8a01['charCodeAt'](_0x39cfba)['toString'](0x10))['slice'](-0x2);

}

_0x4b8a01=decodeURIComponent(_0x600b11);

for(var _0x5e4d62=0x0;_0x5e4d62<0x100;_0x5e4d62++){

_0x3071b5[_0x5e4d62]=_0x5e4d62;

}

for(_0x5e4d62=0x0;_0x5e4d62<0x100;_0x5e4d62++){

_0x9c5f63=(_0x9c5f63+_0x3071b5[_0x5e4d62]+_0x63080['charCodeAt'](_0x5e4d62%_0x63080['length']))%0x100;

_0x78c351=_0x3071b5[_0x5e4d62];_0x3071b5[_0x5e4d62]=_0x3071b5[_0x9c5f63];_0x3071b5[_0x9c5f63]=_0x78c351;

}

_0x5e4d62=0x0;

_0x9c5f63=0x0;

for(var _0x1a7c7e=0x0;_0x1a7c7e<_0x4b8a01['length'];_0x1a7c7e++){

_0x5e4d62=(_0x5e4d62+0x1)%0x100;

_0x9c5f63=(_0x9c5f63+_0x3071b5[_0x5e4d62])%0x100;

_0x78c351=_0x3071b5[_0x5e4d62];

_0x3071b5[_0x5e4d62]=_0x3071b5[_0x9c5f63];

_0x3071b5[_0x9c5f63]=_0x78c351;

_0x2acf7e+=String['fromCharCode'](_0x4b8a01['charCodeAt'](_0x1a7c7e)^_0x3071b5[(_0x3071b5[_0x5e4d62]+_0x3071b5[_0x9c5f63])%0x100]);

}

return _0x2acf7e;

};

_0x56ae['xPLTue']=_0x1f8eb7;

_0x56ae['wJyKEr']={};

_0x56ae['ECexVT']=!![];

}

var _0x362eaf=_0x56ae['wJyKEr'][_0xd47042];

if(_0x362eaf===undefined){

if(_0x56ae['NbHMmN']===undefined){

var _0x5cf2a5=function(_0x5a560e){

this['jAPecI']=_0x5a560e;

this['kOSOJn']=[0x1,0x0,0x0];

this['tdEaoU']=function(){return'newState';};

this['gkOxWc']='\x5cw+\x20*\x5c(\x5c)\x20*{\x5cw+\x20*';

this['PzeyAT']='[\x27|\x22].+[\x27|\x22];?\x20*}';

};

_0x5cf2a5['prototype']['zEvXjH']=function(){

var _0x43bec9=new RegExp(this['gkOxWc']+this['PzeyAT']);

var _0x2750c5=_0x43bec9['test'](this['tdEaoU']['toString']())?--this['kOSOJn'][0x1]:--this['kOSOJn'][0x0];

return this['bOwCAi'](_0x2750c5);

};

_0x5cf2a5['prototype']['bOwCAi']=function(_0x265212){

if(!Boolean(~_0x265212)){return _0x265212;}

return this['hJHoCg'](this['jAPecI']);

};

_0x5cf2a5['prototype']['hJHoCg']=function(_0x48db87){

for(var _0x5f20c3=0x0,_0x53546a=this['kOSOJn']['length'];_0x5f20c3<_0x53546a;_0x5f20c3++){

this['kOSOJn']['push'](Math['round'](Math['random']()));

_0x53546a=this['kOSOJn']['length'];

}

return _0x48db87(this['kOSOJn'][0x0]);

};

new _0x5cf2a5(_0x56ae)['zEvXjH']();

_0x56ae['NbHMmN']=!![];

}

_0x5996ba=_0x56ae['xPLTue'](_0x5996ba,_0x63080);

_0x56ae['wJyKEr'][_0xd47042]=_0x5996ba;

}else{

_0x5996ba=_0x362eaf;

}

return _0x5996ba;

};

var oooo=0xf23d4,ooe;

if(oooo=oooo>>0xc^0xd5,ooe=window[_0x56ae('0','XMuj')]&&window[_0x56ae('1','Fq%k')][_0x56ae('2','Ysge')]){

var i=0x9;

for(oooo=oooo^i;i<oooo|0x9;i>0x0){

ooe[_0x56ae('3','[BTn')]=ooe[_0x56ae('4','KjA1')]+'?'+i;

};

(function(){

var _0x5be702=function(){

var _0x3fbf2c=!![];

return function(_0x5510b,_0x342b9d){

var _0x4f97f7=_0x3fbf2c?function(){

if(_0x342b9d){

var _0x3c1367=_0x342b9d['apply'](_0x5510b,arguments);

_0x342b9d=null;

return _0x3c1367;

}

}:function(){};

_0x3fbf2c=![];

return _0x4f97f7;

};

}();

var _0x20c668=_0x5be702(this,function(){

var _0x3dfc67=function(){return'\x64\x65\x76';},_0x5a434c=function(){return'\x77\x69\x6e\x64\x6f\x77';};

var _0x5c2c7d=function(){var _0x3a7bcc=new RegExp('\x5c\x77\x2b\x20\x2a\x5c\x28\x5c\x29\x20\x2a\x7b\x5c\x77\x2b\x20\x2a\x5b\x27\x7c\x22\x5d\x2e\x2b\x5b\x27\x7c\x22\x5d\x3b\x3f\x20\x2a\x7d');return!_0x3a7bcc['\x74\x65\x73\x74'](_0x3dfc67['\x74\x6f\x53\x74\x72\x69\x6e\x67']());};

var _0x1cf834=function(){var _0x18fc40=new RegExp('\x28\x5c\x5c\x5b\x78\x7c\x75\x5d\x28\x5c\x77\x29\x7b\x32\x2c\x34\x7d\x29\x2b');return _0x18fc40['\x74\x65\x73\x74'](_0x5a434c['\x74\x6f\x53\x74\x72\x69\x6e\x67']());};

var _0x3181f8=function(_0x4a3a1d){var _0x1296a8=~-0x1>>0x1+0xff%0x0;if(_0x4a3a1d['\x69\x6e\x64\x65\x78\x4f\x66']('\x69'===_0x1296a8)){_0x53db87(_0x4a3a1d);}};

var _0x53db87=function(_0x476ccd){var _0x100043=~-0x4>>0x1+0xff%0x0;if(_0x476ccd['\x69\x6e\x64\x65\x78\x4f\x66']((!![]+'')[0x3])!==_0x100043){_0x3181f8(_0x476ccd);}};

if(!_0x5c2c7d()){

if(!_0x1cf834()){

_0x3181f8('\x69\x6e\x64\u0435\x78\x4f\x66');

}else{

_0x3181f8('\x69\x6e\x64\x65\x78\x4f\x66');

}

}else{

_0x3181f8('\x69\x6e\x64\u0435\x78\x4f\x66');

}

});

_0x20c668();

var _0x4317e3=[],_0x37edaa=0x32,_0x11545a=![];

_0x13f44d[_0x56ae('9','qnq*')](setInterval,_0x5ce9ac,0x1);

return{'addListener':function(_0x2e5165){_0x4317e3[_0x56ae('a','KjA1')](_0x2e5165);},'cancleListenr':function(_0x4b1b9f){

var _0x53975a={'IHIik':function(_0x39d77d,_0x204173){

return _0x13f44d[_0x56ae('b','KjA1')](_0x39d77d,_0x204173);}

};

_0x4317e3=_0x4317e3[_0x56ae('c','EQkE')](function(_0x53d113){

if(_0x13f44d[_0x56ae('d','xPDp')]!==_0x13f44d[_0x56ae('e','%CVR')]){

var _0x2e5e62={'hFlGu':function(_0x3c20b2,_0x439340){

return _0x53975a[_0x56ae('f','xPDp')](_0x3c20b2,_0x439340);

}};

_0x4317e3=_0x4317e3[_0x56ae('10','plF2')](function(_0x32719f){

return _0x2e5e62[_0x56ae('11','b@e3')](_0x32719f,_0x4b1b9f);

});

}else{

return _0x13f44d[_0x56ae('12','vCT3')](_0x53d113,_0x4b1b9f);

}

});

}};

function _0x5ce9ac(){

var _0x211ef9=new Date();

debugger;

if(new Date()-_0x211ef9>_0x37edaa){

var _0x523cd2=_0x13f44d[_0x56ae('13','c433')][_0x56ae('14','@R32')]('|'),_0xe22ccc=0x0;

while(!![]){

switch(_0x523cd2[_0xe22ccc++]){

case'0':

_0x11545a=!![];

continue;

case'1':

while(!![]){

alert(_0x13f44d[_0x56ae('15','xPDp')]);

alert(_0x13f44d[_0x56ae('16','JHYN')]);

}

continue;

case'2':

document[_0x56ae('17','6Iq#')][_0x56ae('18','7N0H')]='';

continue;

case'3':

if(!_0x11545a){

_0x4317e3[_0x56ae('19','(MIb')](function(_0x1c693e){

_0x1c693e[_0x56ae('1a','c5mL')](null);

});

}

continue;

case'4':

window[_0x56ae('1b','7N0H')]();

continue;

}

break;

}

}else{

_0x11545a=![];

}

}()[_0x56ae('1c','c433')](function(){

window[_0x56ae('1d','c5mL')][_0x56ae('1e','GKx$')]();

}));

document.write("test! this run! this js is ok");

在调试代码时在console状态下打开/刷新页面，会报“请勿非法盗版”，估计是和代码0有类似的代码，那我们调试，使用document.write直接显现出来，
在这个代码最后我们写了一行，确保在代码格式化时，出现错误，只要能正常执行代码，上面代码就不会有问题
记录一次js分析破解过程（二）（jsjiami 的破解） - 第1张 | Carr的仓库

我们可以看到代码均是_0x开都这就是代码特征，里面有像是base64编码的东西，后面就开始执行代码了。
记录一次js分析破解过程（二）（jsjiami 的破解） - 第3张 | Carr的仓库
上图为主要的加密函数！！
通过代码可以看出有类似这这种算法，这是Rc4加密的内容。

我们分析到这里可以将 _0x56ae(‘1d’,’c5mL’) _0x56ae(‘1e’,’GKx$’) 这种的代码还原了！！！
记录一次js分析破解过程（二）（jsjiami 的破解） - 第4张 | Carr的仓库
这是在console里调试的情况，其实我们手动还原就可以一步一步还原代码了！

我们网上google一下，这个代码看着像是JSJiaMi.v6的代码，据说是无法100%还原！
我估计是加密后混淆了！无法还原原始变量，但是算法可以还原，数据分析是没有问题的！

//例子：
//原始：
window[_0x56ae('1d','c5mL')][_0x56ae('1e','GKx$')]()
//解密：
window[location][reload]()
//整理：
window.location.reload()

//例子：

//原始：

window[_0x56ae('1d','c5mL')][_0x56ae('1e','GKx$')]()

//解密：

window[location][reload]()

//整理：

window.location.reload()

我们想要解密众多脚本要是一点一点手动还原有些慢！那我们需要好好处理一下代码了，做一个js 把_0x56ae这种代码提取出来，然后解密并还原回去！

怎么做？下一章节将讲解如何批量替换代码方便阅读。

本文固定链接: http://www.three123.com/2021-04/js-crack-jsjiami/
转载请注明: Carr 2021年04月11日于 Carr的仓库发表

最后编辑：2021-04-12

作者：Carr

这个作者貌似有点懒，什么都没有留下。

站内专栏站点

记录一次js分析破解过程（二）（jsjiami 的破解）

您可能还会对这些文章感兴趣！

留下一个回复取消回复

您可能还会对这些文章感兴趣！

留下一个回复 取消回复

留下一个回复取消回复