记录一次js分析破解过程（四）（jsjiami 批量解密的脚本更进一步）

接上文记录一次js分析破解过程（jsjiami 批量解密的脚本制作思路）
系统主要函数已经破解，有了一定可读性，但是还有一些别扭的字符串，是什么呢？分析一下。

记录一次js分析破解过程（四）（jsjiami 批量解密的脚本更进一步） - 第1张 | Carr的仓库

//加密字符串
var _0xodG='xxxpan.com',
	_0x550c=[_0xodG,
	'5Yap6ZST6aO46Z2U6YWw5pS56K2f6ZeC',
	'w50UcMOQw5o=','w7XDi8Oiw4A=','w4/Dm8OIw7HClg==',
	'wqjCrCnCjcOPNQ==','W8OTXMKbwrs=','wqbClHcnw70=','WsOyT8K6wpU=',
	'BcK1w6tnwo/Ckg==','XsKswp/Di8K/','dAHDjsKTwoQ=','wod4QMK3wrw=',
	'w7MLWS/Dhw==','fsO0QsKmwrs=','wqnCuhYASw==','Ai88w4I=','wo5LQ8KPTMKewpnCqsKm',
	'wrzCkcO/c8Ocw6rCiA==','w5x5KB0=','wpRRQsKa','wqNfRsKSwocYwoNLSsOxwoQ=',
	'w5N3JxAiw5zDp8Or','NsK7K8KTUMKb','OsKLOcO/Lj8qwp0=','wpTCoCbDihELwow7cw==',
	'wpTCnVDDpsOrw5RuG0A=','ZcKWVTw=','w63DjMO0w44=','VHLDviUN',
	'w5DChALDvsKtw4EpAgA=','6K+q5YqM55m/6ZCn5p+h56qq6LaM5ruJ',
	'PxxxpVavOsrnuevOWgq.cXomL=='];

//与cookie有关，用于粉条是，做了一些花代码用于反自动格式化，例如';\20'会不会给;家回车？代码里还用了正则表达式，看样子也是反格式化的！

(function(_0x23e18f,_0x31f469,_0x2c2e27){
	var _0x17dbc0=function(_0x331e14,_0x5518e9,_0x444dfa,_0x23a3ea,_0x326368){
		_0x5518e9=_0x5518e9>>0x8,_0x326368='po',asdfds='shift',afew1='push';
		if(_0x5518e9<_0x331e14){
			while(--_0x331e14){
				_0x23a3ea=_0x23e18f[asdfds]();
				if(_0x5518e9===_0x331e14){
					_0x5518e9=_0x23a3ea;
					_0x444dfa=_0x23e18f[_0x326368+'p']();
				}else if(_0x5518e9&&_0x444dfa.replace(/[PVvOsruevOWgqXL=]/g,'')===_0x5518e9){
					_0x23e18f[afew1](_0x23a3ea);
				}
			}_0x23e18f[afew1](_0x23e18f[asdfds]());
		}
		return 0x32d76;
	};
	var _0x250c8c=function(){
		var _0x5bcc0c={'data':{'key':'cookie','value':'timeout'},
			'setCookie':function(_0x15a544,_0x532664,_0x140855,_0x2e431c){
				_0x2e431c=_0x2e431c||{};
				var _0x5bc146=_0x532664+'='+_0x140855;
				var _0x5ad6bd=0x0;
				for(var _0x5ad6bd=0x0,_0x4e3d87=_0x15a544.length;_0x5ad6bd<_0x4e3d87;_0x5ad6bd++){
					var _0x3a8b87=_0x15a544[_0x5ad6bd];
					_0x5bc146+=';\x20'+_0x3a8b87;
					var _0x8e90dc=_0x15a544[_0x3a8b87];
					_0x15a544.push(_0x8e90dc);
					_0x4e3d87=_0x15a544.length;
					if(_0x8e90dc!==!![]){
						_0x5bc146+='='+_0x8e90dc;
					}
				}_0x2e431c.cookie=_0x5bc146;
			},'removeCookie':function(){return'dev';},'getCookie':function(_0x3af33c,_0x234b30){
				_0x3af33c=_0x3af33c||function(_0x571a26){
					return _0x571a26;
				};
				var _0x3ed26f=_0x3af33c(new RegExp('(?:^|;\x20)'+
_0x234b30.replace(/([.$?*|{}()[]\/+^])/g,'$1')+'=([^;]*)'));
				var _0x650c02=function(_0x37d558,_0x1f96d2,_0x4fdceb){
					_0x37d558(++_0x1f96d2,_0x4fdceb);
				};
				_0x650c02(_0x17dbc0,_0x31f469,_0x2c2e27);
				return _0x3ed26f?decodeURIComponent(_0x3ed26f[0x1]):undefined;
			}
		};
		var _0x991d49=function(){
			var _0x3c21fb=new RegExp('\x5cw+\x20*\x5c(\x5c)\x20*{\x5cw+\x20*[\x27|\x22].+[\x27|\x22];?\x20*}');
			return _0x3c21fb.test(_0x5bcc0c.removeCookie.toString());
		};
		_0x5bcc0c.updateCookie=_0x991d49;
		var _0x2cb897='';
		var _0xa060fe=_0x5bcc0c.updateCookie();
		if(!_0xa060fe){
			_0x5bcc0c.setCookie(['*'],'counter',0x1);
		}else if(_0xa060fe){
			_0x2cb897=_0x5bcc0c.getCookie(null,'counter');
		}else{
			_0x5bcc0c.removeCookie();
		}
	};
	_0x250c8c();
}(_0x550c,0xd1,0xd100));

//典型 RC4加密还原方法
var _0x56ae=function(_0xd47042,_0x63080){
  _0xd47042=~~'0x'.concat(_0xd47042);
  var _0x5996ba=_0x550c[_0xd47042];
  if(_0x56ae.ECexVT===undefined){
  	(function(){
  		var _0x12dc1f=typeof window!=='undefined'?window:typeof process==='object'&&typeof require==='function'&&typeof global==='object'?global:this;
  		var _0x1eeaa4='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';
  		_0x12dc1f.atob||(_0x12dc1f.atob=function(_0x290a53){
  			var _0x3e25f5=String(_0x290a53).replace(/=+$/,'');
  			for(var _0x4b988b=0x0,_0x1ad26d,_0x379637,_0x498d41=0x0,_0x27b6c0='';_0x379637=_0x3e25f5.charAt(_0x498d41++);~_0x379637&&(_0x1ad26d=_0x4b988b%0x4?_0x1ad26d*0x40+_0x379637:_0x379637,_0x4b988b++%0x4)?_0x27b6c0+=String.fromCharCode(0xff&_0x1ad26d>>(-0x2*_0x4b988b&0x6)):0x0){
  				_0x379637=_0x1eeaa4.indexOf(_0x379637);
  			}
  			return _0x27b6c0;
  		});
  	}());
  	var _0x1f8eb7=function(_0x4b8a01,_0x63080){
  		var _0x3071b5=[],_0x9c5f63=0x0,_0x78c351,_0x2acf7e='',_0x600b11='';
  			_0x4b8a01=atob(_0x4b8a01);
 			for(var _0x39cfba=0x0,_0x40cd16=_0x4b8a01.length;_0x39cfba<_0x40cd16;_0x39cfba++){
 				_0x600b11+='%'+('00'+_0x4b8a01.charCodeAt(_0x39cfba).toString(0x10)).slice(-0x2);
  		}
  		_0x4b8a01=decodeURIComponent(_0x600b11);
  		for(var _0x5e4d62=0x0;_0x5e4d62<0x100;_0x5e4d62++){
  			_0x3071b5[_0x5e4d62]=_0x5e4d62;
  		}
  		for(_0x5e4d62=0x0;_0x5e4d62<0x100;_0x5e4d62++){
  			_0x9c5f63=(_0x9c5f63+_0x3071b5[_0x5e4d62]+_0x63080.charCodeAt(_0x5e4d62%_0x63080.length))%0x100;
  			_0x78c351=_0x3071b5[_0x5e4d62];_0x3071b5[_0x5e4d62]=_0x3071b5[_0x9c5f63];_0x3071b5[_0x9c5f63]=_0x78c351;
  		}
  		_0x5e4d62=0x0;
  		_0x9c5f63=0x0;
  		for(var _0x1a7c7e=0x0;_0x1a7c7e<_0x4b8a01.length;_0x1a7c7e++){
  			_0x5e4d62=(_0x5e4d62+0x1)%0x100;
  			_0x9c5f63=(_0x9c5f63+_0x3071b5[_0x5e4d62])%0x100;
  			_0x78c351=_0x3071b5[_0x5e4d62];
  			_0x3071b5[_0x5e4d62]=_0x3071b5[_0x9c5f63];
  			_0x3071b5[_0x9c5f63]=_0x78c351;
  			_0x2acf7e+=String.fromCharCode(_0x4b8a01.charCodeAt(_0x1a7c7e)^_0x3071b5[(_0x3071b5[_0x5e4d62]+_0x3071b5[_0x9c5f63])%0x100]);
  		}
  		return _0x2acf7e;
  	};
  	_0x56ae.xPLTue=_0x1f8eb7;
  	_0x56ae.wJyKEr={};
  	_0x56ae.ECexVT=!![];
  }
  var _0x362eaf=_0x56ae.wJyKEr[_0xd47042];
  if(_0x362eaf===undefined){
  	if(_0x56ae.NbHMmN===undefined){
  		var _0x5cf2a5=function(_0x5a560e){
  			this.jAPecI=_0x5a560e;
  			this.kOSOJn=[0x1,0x0,0x0];
  			this.tdEaoU=function(){return'newState';};
  			this.gkOxWc='\x5cw+\x20*\x5c(\x5c)\x20*{\x5cw+\x20*';
  			this.PzeyAT='[\x27|\x22].+[\x27|\x22];?\x20*}';
  		};
  		_0x5cf2a5.prototype.zEvXjH=function(){
  			var _0x43bec9=new RegExp(this.gkOxWc+this.PzeyAT);
  			var _0x2750c5=_0x43bec9.test(this.tdEaoU.toString())?--this.kOSOJn[0x1]:--this.kOSOJn[0x0];
  			return this.bOwCAi(_0x2750c5);
  		};
  		_0x5cf2a5.prototype.bOwCAi=function(_0x265212){
  			if(!Boolean(~_0x265212)){return _0x265212;}
  			return this.hJHoCg(this.jAPecI);
  		};
  		_0x5cf2a5.prototype.hJHoCg=function(_0x48db87){
  			for(var _0x5f20c3=0x0,_0x53546a=this.kOSOJn.length;_0x5f20c3<_0x53546a;_0x5f20c3++){
  				this.kOSOJn.push(Math.round(Math.random()));
  				_0x53546a=this.kOSOJn.length;
  			}
  			return _0x48db87(this.kOSOJn[0x0]);
  		};
  		new _0x5cf2a5(_0x56ae).zEvXjH();
  		_0x56ae.NbHMmN=!![];
  	}
  	_0x5996ba=_0x56ae.xPLTue(_0x5996ba,_0x63080);
  	_0x56ae.wJyKEr[_0xd47042]=_0x5996ba;
  }else{
  	_0x5996ba=_0x362eaf;
  }
  return _0x5996ba;
};


//这里是真正的源码
var oooo=0xf23d4,ooe;
if(oooo=oooo>>0xc^0xd5,ooe=window.location&&window.navigator.webdriver){
  var i=0x9;
	for(oooo=oooo^i;i<oooo|0x9;i>0x0){
		ooe.href=ooe.href+'?'+i;
	};
};

//反调试代码
(function(){
	var _0x5be702=function(){
		var _0x3fbf2c=!![];
		return function(_0x5510b,_0x342b9d){
			var _0x4f97f7=_0x3fbf2c?function(){
				if(_0x342b9d){
					var _0x3c1367=_0x342b9d.apply(_0x5510b,arguments);
					_0x342b9d=null;
					return _0x3c1367;
				}
			}:function(){};
			_0x3fbf2c=![];
			return _0x4f97f7;
		};
	}();
	var _0x20c668=_0x5be702(this,function(){
		var _0x3dfc67=function(){return'\x64\x65\x76';},_0x5a434c=function(){return'\x77\x69\x6e\x64\x6f\x77';};
		var _0x5c2c7d=function(){var _0x3a7bcc=new RegExp('\x5c\x77\x2b\x20\x2a\x5c\x28\x5c\x29\x20\x2a\x7b\x5c\x77\x2b\x20\x2a\x5b\x27\x7c\x22\x5d\x2e\x2b\x5b\x27\x7c\x22\x5d\x3b\x3f\x20\x2a\x7d');return!_0x3a7bcc['\x74\x65\x73\x74'](_0x3dfc67['\x74\x6f\x53\x74\x72\x69\x6e\x67']());};
		var _0x1cf834=function(){var _0x18fc40=new RegExp('\x28\x5c\x5c\x5b\x78\x7c\x75\x5d\x28\x5c\x77\x29\x7b\x32\x2c\x34\x7d\x29\x2b');return _0x18fc40['\x74\x65\x73\x74'](_0x5a434c['\x74\x6f\x53\x74\x72\x69\x6e\x67']());};
		var _0x3181f8=function(_0x4a3a1d){var _0x1296a8=~-0x1>>0x1+0xff%0x0;if(_0x4a3a1d['\x69\x6e\x64\x65\x78\x4f\x66']('\x69'===_0x1296a8)){_0x53db87(_0x4a3a1d);}};
		var _0x53db87=function(_0x476ccd){var _0x100043=~-0x4>>0x1+0xff%0x0;if(_0x476ccd['\x69\x6e\x64\x65\x78\x4f\x66']((!![]+'')[0x3])!==_0x100043){_0x3181f8(_0x476ccd);}};
		if(!_0x5c2c7d()){
			if(!_0x1cf834()){
				_0x3181f8('\x69\x6e\x64\u0435\x78\x4f\x66');
			}else{
				_0x3181f8('\x69\x6e\x64\x65\x78\x4f\x66');
			}
		}else{
			_0x3181f8('\x69\x6e\x64\u0435\x78\x4f\x66');
		}
	});
	_0x20c668();
	var _0x13f44d={'HiZHE':'tRXOh','irfJI':function(_0x16f976,_0x409789){return _0x16f976!==_0x409789;},'JeYYT':function(_0x992c77,_0x6054ee){return _0x992c77!==_0x6054ee;},'ECbiR':'3|0|4|1|2','mNDuE':'请勿盗链本站资源','UXJxx':'关闭页面重新访问','ABXlH':function(_0x4ae14b,_0x5ddf84,_0x1adfee){return _0x4ae14b(_0x5ddf84,_0x1adfee);}};
	var _0x4317e3=[],_0x37edaa=0x32,_0x11545a=![];
	_0x13f44d.ABXlH(setInterval,_0x5ce9ac,0x1);
	return{'addListener':function(_0x2e5165){_0x4317e3.push(_0x2e5165);},'cancleListenr':function(_0x4b1b9f){
		var _0x53975a={'IHIik':function(_0x39d77d,_0x204173){
			return _0x13f44d.JeYYT(_0x39d77d,_0x204173);}
		};
		_0x4317e3=_0x4317e3.filter(function(_0x53d113){
			if(_0x13f44d.HiZHE!==_0x13f44d.HiZHE){
				var _0x2e5e62={'hFlGu':function(_0x3c20b2,_0x439340){
					return _0x53975a.IHIik(_0x3c20b2,_0x439340);
				}};
				_0x4317e3=_0x4317e3.filter(function(_0x32719f){
					return _0x2e5e62.hFlGu(_0x32719f,_0x4b1b9f);
				});
			}else{
				return _0x13f44d.irfJI(_0x53d113,_0x4b1b9f);
			}
		});
	}};
	function _0x5ce9ac(){
		var _0x211ef9=new Date();
		debugger;
		if(new Date()-_0x211ef9>_0x37edaa){
			var _0x523cd2=_0x13f44d.ECbiR.split('|'),_0xe22ccc=0x0;
			while(!![]){
				switch(_0x523cd2[_0xe22ccc++]){
					case'0':
						_0x11545a=!![];
						continue;
					case'1':
						while(!![]){
  						alert(_0x13f44d.mNDuE);
  						alert(_0x13f44d.UXJxx);
						}
						continue;
					case'2':
						document.body.innerHTML='';
						continue;
					case'3':
						if(!_0x11545a){
  						_0x4317e3.forEach(function(_0x1c693e){
  							_0x1c693e.call(null);
  						});
						}
						continue;
					case'4':
						window.stop();
						continue;
				}
				break;
			}
		}else{
			_0x11545a=![];
		}
	}
}().addListener(function(){
		window.location.reload();
}));
	
	
	
	document.write("test! this run! this js is ok");

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

//加密字符串

var _0xodG='xxxpan.com',

_0x550c=[_0xodG,

'5Yap6ZST6aO46Z2U6YWw5pS56K2f6ZeC',

'w50UcMOQw5o=','w7XDi8Oiw4A=','w4/Dm8OIw7HClg==',

'wqjCrCnCjcOPNQ==','W8OTXMKbwrs=','wqbClHcnw70=','WsOyT8K6wpU=',

'BcK1w6tnwo/Ckg==','XsKswp/Di8K/','dAHDjsKTwoQ=','wod4QMK3wrw=',

'w7MLWS/Dhw==','fsO0QsKmwrs=','wqnCuhYASw==','Ai88w4I=','wo5LQ8KPTMKewpnCqsKm',

'wrzCkcO/c8Ocw6rCiA==','w5x5KB0=','wpRRQsKa','wqNfRsKSwocYwoNLSsOxwoQ=',

'w5N3JxAiw5zDp8Or','NsK7K8KTUMKb','OsKLOcO/Lj8qwp0=','wpTCoCbDihELwow7cw==',

'wpTCnVDDpsOrw5RuG0A=','ZcKWVTw=','w63DjMO0w44=','VHLDviUN',

'w5DChALDvsKtw4EpAgA=','6K+q5YqM55m/6ZCn5p+h56qq6LaM5ruJ',

'PxxxpVavOsrnuevOWgq.cXomL=='];

//与cookie有关，用于粉条是，做了一些花代码用于反自动格式化，例如';\20'会不会给;家回车？代码里还用了正则表达式，看样子也是反格式化的！

(function(_0x23e18f,_0x31f469,_0x2c2e27){

var _0x17dbc0=function(_0x331e14,_0x5518e9,_0x444dfa,_0x23a3ea,_0x326368){

_0x5518e9=_0x5518e9>>0x8,_0x326368='po',asdfds='shift',afew1='push';

if(_0x5518e9<_0x331e14){

while(--_0x331e14){

_0x23a3ea=_0x23e18f[asdfds]();

if(_0x5518e9===_0x331e14){

_0x5518e9=_0x23a3ea;

_0x444dfa=_0x23e18f[_0x326368+'p']();

}else if(_0x5518e9&&_0x444dfa.replace(/[PVvOsruevOWgqXL=]/g,'')===_0x5518e9){

_0x23e18f[afew1](_0x23a3ea);

}

}_0x23e18f[afew1](_0x23e18f[asdfds]());

}

return 0x32d76;

};

var _0x250c8c=function(){

var _0x5bcc0c={'data':{'key':'cookie','value':'timeout'},

'setCookie':function(_0x15a544,_0x532664,_0x140855,_0x2e431c){

_0x2e431c=_0x2e431c||{};

var _0x5bc146=_0x532664+'='+_0x140855;

var _0x5ad6bd=0x0;

for(var _0x5ad6bd=0x0,_0x4e3d87=_0x15a544.length;_0x5ad6bd<_0x4e3d87;_0x5ad6bd++){

var _0x3a8b87=_0x15a544[_0x5ad6bd];

_0x5bc146+=';\x20'+_0x3a8b87;

var _0x8e90dc=_0x15a544[_0x3a8b87];

_0x15a544.push(_0x8e90dc);

_0x4e3d87=_0x15a544.length;

if(_0x8e90dc!==!![]){

_0x5bc146+='='+_0x8e90dc;

}

}_0x2e431c.cookie=_0x5bc146;

},'removeCookie':function(){return'dev';},'getCookie':function(_0x3af33c,_0x234b30){

_0x3af33c=_0x3af33c||function(_0x571a26){

return _0x571a26;

};

var _0x3ed26f=_0x3af33c(new RegExp('(?:^|;\x20)'+

_0x234b30.replace(/([.$?*|{}()[]\/+^])/g,'$1')+'=([^;]*)'));

var _0x650c02=function(_0x37d558,_0x1f96d2,_0x4fdceb){

_0x37d558(++_0x1f96d2,_0x4fdceb);

};

_0x650c02(_0x17dbc0,_0x31f469,_0x2c2e27);

return _0x3ed26f?decodeURIComponent(_0x3ed26f[0x1]):undefined;

}

};

var _0x991d49=function(){

var _0x3c21fb=new RegExp('\x5cw+\x20*\x5c(\x5c)\x20*{\x5cw+\x20*[\x27|\x22].+[\x27|\x22];?\x20*}');

return _0x3c21fb.test(_0x5bcc0c.removeCookie.toString());

};

_0x5bcc0c.updateCookie=_0x991d49;

var _0x2cb897='';

var _0xa060fe=_0x5bcc0c.updateCookie();

if(!_0xa060fe){

_0x5bcc0c.setCookie(['*'],'counter',0x1);

}else if(_0xa060fe){

_0x2cb897=_0x5bcc0c.getCookie(null,'counter');

}else{

_0x5bcc0c.removeCookie();

}

};

_0x250c8c();

}(_0x550c,0xd1,0xd100));

//典型 RC4加密还原方法

var _0x56ae=function(_0xd47042,_0x63080){

_0xd47042=~~'0x'.concat(_0xd47042);

var _0x5996ba=_0x550c[_0xd47042];

if(_0x56ae.ECexVT===undefined){

(function(){

var _0x12dc1f=typeof window!=='undefined'?window:typeof process==='object'&&typeof require==='function'&&typeof global==='object'?global:this;

var _0x1eeaa4='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';

_0x12dc1f.atob||(_0x12dc1f.atob=function(_0x290a53){

var _0x3e25f5=String(_0x290a53).replace(/=+$/,'');

for(var _0x4b988b=0x0,_0x1ad26d,_0x379637,_0x498d41=0x0,_0x27b6c0='';_0x379637=_0x3e25f5.charAt(_0x498d41++);~_0x379637&&(_0x1ad26d=_0x4b988b%0x4?_0x1ad26d*0x40+_0x379637:_0x379637,_0x4b988b++%0x4)?_0x27b6c0+=String.fromCharCode(0xff&_0x1ad26d>>(-0x2*_0x4b988b&0x6)):0x0){

_0x379637=_0x1eeaa4.indexOf(_0x379637);

}

return _0x27b6c0;

});

}());

var _0x1f8eb7=function(_0x4b8a01,_0x63080){

var _0x3071b5=[],_0x9c5f63=0x0,_0x78c351,_0x2acf7e='',_0x600b11='';

_0x4b8a01=atob(_0x4b8a01);

for(var _0x39cfba=0x0,_0x40cd16=_0x4b8a01.length;_0x39cfba<_0x40cd16;_0x39cfba++){

_0x600b11+='%'+('00'+_0x4b8a01.charCodeAt(_0x39cfba).toString(0x10)).slice(-0x2);

}

_0x4b8a01=decodeURIComponent(_0x600b11);

for(var _0x5e4d62=0x0;_0x5e4d62<0x100;_0x5e4d62++){

_0x3071b5[_0x5e4d62]=_0x5e4d62;

}

for(_0x5e4d62=0x0;_0x5e4d62<0x100;_0x5e4d62++){

_0x9c5f63=(_0x9c5f63+_0x3071b5[_0x5e4d62]+_0x63080.charCodeAt(_0x5e4d62%_0x63080.length))%0x100;

_0x78c351=_0x3071b5[_0x5e4d62];_0x3071b5[_0x5e4d62]=_0x3071b5[_0x9c5f63];_0x3071b5[_0x9c5f63]=_0x78c351;

}

_0x5e4d62=0x0;

_0x9c5f63=0x0;

for(var _0x1a7c7e=0x0;_0x1a7c7e<_0x4b8a01.length;_0x1a7c7e++){

_0x5e4d62=(_0x5e4d62+0x1)%0x100;

_0x9c5f63=(_0x9c5f63+_0x3071b5[_0x5e4d62])%0x100;

_0x78c351=_0x3071b5[_0x5e4d62];

_0x3071b5[_0x5e4d62]=_0x3071b5[_0x9c5f63];

_0x3071b5[_0x9c5f63]=_0x78c351;

_0x2acf7e+=String.fromCharCode(_0x4b8a01.charCodeAt(_0x1a7c7e)^_0x3071b5[(_0x3071b5[_0x5e4d62]+_0x3071b5[_0x9c5f63])%0x100]);

}

return _0x2acf7e;

};

_0x56ae.xPLTue=_0x1f8eb7;

_0x56ae.wJyKEr={};

_0x56ae.ECexVT=!![];

}

var _0x362eaf=_0x56ae.wJyKEr[_0xd47042];

if(_0x362eaf===undefined){

if(_0x56ae.NbHMmN===undefined){

var _0x5cf2a5=function(_0x5a560e){

this.jAPecI=_0x5a560e;

this.kOSOJn=[0x1,0x0,0x0];

this.tdEaoU=function(){return'newState';};

this.gkOxWc='\x5cw+\x20*\x5c(\x5c)\x20*{\x5cw+\x20*';

this.PzeyAT='[\x27|\x22].+[\x27|\x22];?\x20*}';

};

_0x5cf2a5.prototype.zEvXjH=function(){

var _0x43bec9=new RegExp(this.gkOxWc+this.PzeyAT);

var _0x2750c5=_0x43bec9.test(this.tdEaoU.toString())?--this.kOSOJn[0x1]:--this.kOSOJn[0x0];

return this.bOwCAi(_0x2750c5);

};

_0x5cf2a5.prototype.bOwCAi=function(_0x265212){

if(!Boolean(~_0x265212)){return _0x265212;}

return this.hJHoCg(this.jAPecI);

};

_0x5cf2a5.prototype.hJHoCg=function(_0x48db87){

for(var _0x5f20c3=0x0,_0x53546a=this.kOSOJn.length;_0x5f20c3<_0x53546a;_0x5f20c3++){

this.kOSOJn.push(Math.round(Math.random()));

_0x53546a=this.kOSOJn.length;

}

return _0x48db87(this.kOSOJn[0x0]);

};

new _0x5cf2a5(_0x56ae).zEvXjH();

_0x56ae.NbHMmN=!![];

}

_0x5996ba=_0x56ae.xPLTue(_0x5996ba,_0x63080);

_0x56ae.wJyKEr[_0xd47042]=_0x5996ba;

}else{

_0x5996ba=_0x362eaf;

}

return _0x5996ba;

};

//这里是真正的源码

var oooo=0xf23d4,ooe;

if(oooo=oooo>>0xc^0xd5,ooe=window.location&&window.navigator.webdriver){

var i=0x9;

for(oooo=oooo^i;i<oooo|0x9;i>0x0){

ooe.href=ooe.href+'?'+i;

};

//反调试代码

(function(){

var _0x5be702=function(){

var _0x3fbf2c=!![];

return function(_0x5510b,_0x342b9d){

var _0x4f97f7=_0x3fbf2c?function(){

if(_0x342b9d){

var _0x3c1367=_0x342b9d.apply(_0x5510b,arguments);

_0x342b9d=null;

return _0x3c1367;

}

}:function(){};

_0x3fbf2c=![];

return _0x4f97f7;

};

}();

var _0x20c668=_0x5be702(this,function(){

var _0x3dfc67=function(){return'\x64\x65\x76';},_0x5a434c=function(){return'\x77\x69\x6e\x64\x6f\x77';};

var _0x5c2c7d=function(){var _0x3a7bcc=new RegExp('\x5c\x77\x2b\x20\x2a\x5c\x28\x5c\x29\x20\x2a\x7b\x5c\x77\x2b\x20\x2a\x5b\x27\x7c\x22\x5d\x2e\x2b\x5b\x27\x7c\x22\x5d\x3b\x3f\x20\x2a\x7d');return!_0x3a7bcc['\x74\x65\x73\x74'](_0x3dfc67['\x74\x6f\x53\x74\x72\x69\x6e\x67']());};

var _0x1cf834=function(){var _0x18fc40=new RegExp('\x28\x5c\x5c\x5b\x78\x7c\x75\x5d\x28\x5c\x77\x29\x7b\x32\x2c\x34\x7d\x29\x2b');return _0x18fc40['\x74\x65\x73\x74'](_0x5a434c['\x74\x6f\x53\x74\x72\x69\x6e\x67']());};

var _0x3181f8=function(_0x4a3a1d){var _0x1296a8=~-0x1>>0x1+0xff%0x0;if(_0x4a3a1d['\x69\x6e\x64\x65\x78\x4f\x66']('\x69'===_0x1296a8)){_0x53db87(_0x4a3a1d);}};

var _0x53db87=function(_0x476ccd){var _0x100043=~-0x4>>0x1+0xff%0x0;if(_0x476ccd['\x69\x6e\x64\x65\x78\x4f\x66']((!![]+'')[0x3])!==_0x100043){_0x3181f8(_0x476ccd);}};

if(!_0x5c2c7d()){

if(!_0x1cf834()){

_0x3181f8('\x69\x6e\x64\u0435\x78\x4f\x66');

}else{

_0x3181f8('\x69\x6e\x64\x65\x78\x4f\x66');

}

}else{

_0x3181f8('\x69\x6e\x64\u0435\x78\x4f\x66');

}

});

_0x20c668();

var _0x4317e3=[],_0x37edaa=0x32,_0x11545a=![];

_0x13f44d.ABXlH(setInterval,_0x5ce9ac,0x1);

return{'addListener':function(_0x2e5165){_0x4317e3.push(_0x2e5165);},'cancleListenr':function(_0x4b1b9f){

var _0x53975a={'IHIik':function(_0x39d77d,_0x204173){

return _0x13f44d.JeYYT(_0x39d77d,_0x204173);}

};

_0x4317e3=_0x4317e3.filter(function(_0x53d113){

if(_0x13f44d.HiZHE!==_0x13f44d.HiZHE){

var _0x2e5e62={'hFlGu':function(_0x3c20b2,_0x439340){

return _0x53975a.IHIik(_0x3c20b2,_0x439340);

}};

_0x4317e3=_0x4317e3.filter(function(_0x32719f){

return _0x2e5e62.hFlGu(_0x32719f,_0x4b1b9f);

});

}else{

return _0x13f44d.irfJI(_0x53d113,_0x4b1b9f);

}

});

}};

function _0x5ce9ac(){

var _0x211ef9=new Date();

debugger;

if(new Date()-_0x211ef9>_0x37edaa){

var _0x523cd2=_0x13f44d.ECbiR.split('|'),_0xe22ccc=0x0;

while(!![]){

switch(_0x523cd2[_0xe22ccc++]){

case'0':

_0x11545a=!![];

continue;

case'1':

while(!![]){

alert(_0x13f44d.mNDuE);

alert(_0x13f44d.UXJxx);

}

continue;

case'2':

document.body.innerHTML='';

continue;

case'3':

if(!_0x11545a){

_0x4317e3.forEach(function(_0x1c693e){

_0x1c693e.call(null);

});

}

continue;

case'4':

window.stop();

continue;

}

break;

}

}else{

_0x11545a=![];

}

}().addListener(function(){

window.location.reload();

}));

document.write("test! this run! this js is ok");

这是截图，
记录一次js分析破解过程（四）（jsjiami 批量解密的脚本更进一步） - 第2张 | Carr的仓库
源代码只有几行，其他加密、反调代码没用，也不处理了
最后解密结果为：

var oooo=0xf23d4,ooe;
if(oooo=oooo>>0xc^0xd5,ooe=window.location&&window.navigator.webdriver){
  var i=0x9;
	for(oooo=oooo^i;i<oooo|0x9;i>0x0){
		ooe.href=ooe.href+'?'+i;
	};
};

//if(oooo=39,ooe 确定浏览器 准备跳转，基本就是个花指令，一般不会执行的？！。 
//ie、火狐一般为false，chrome为undefined 都不能执行

//if里面内容是死循环？？
//i=9,我怎么看 都像是 要执行N多次，跳转链接为 当前链接?9
//这是做什么？不是浏览器死循环么？ 
//真没弄懂他的意思

var oooo=0xf23d4,ooe;

if(oooo=oooo>>0xc^0xd5,ooe=window.location&&window.navigator.webdriver){

var i=0x9;

for(oooo=oooo^i;i<oooo|0x9;i>0x0){

ooe.href=ooe.href+'?'+i;

};

//if(oooo=39,ooe 确定浏览器准备跳转，基本就是个花指令，一般不会执行的？！。

//ie、火狐一般为false，chrome为undefined 都不能执行

//if里面内容是死循环？？

//i=9,我怎么看都像是要执行N多次，跳转链接为当前链接?9

//这是做什么？不是浏览器死循环么？

//真没弄懂他的意思

这是破解源码：
decode-jsjiami-01
decode01.html为破解脚本
001.js是手动格式化的代码
001-11.js 是加了简单注释的源码。

本文固定链接: http://www.three123.com/2021-04/s-crack-jsjiami-decode-2/
转载请注明: Carr 2021年04月13日于 Carr的仓库发表

最后编辑：2021-04-12

作者：Carr

这个作者貌似有点懒，什么都没有留下。

站内专栏站点

记录一次js分析破解过程（四）（jsjiami 批量解密的脚本更进一步）

您可能还会对这些文章感兴趣！

留下一个回复取消回复

您可能还会对这些文章感兴趣！

留下一个回复 取消回复

留下一个回复取消回复