前言很网络冲浪当你看到某个站,手抽筋一不小心按了F12,然后就一堆是生的JS代码functionODDDoDDOOoDoDDDOODDOODDDDD(){varr=DoDoDODODoODDDDOODDOODDOODDOOOoOo.ODDDoOOoOoOOOOoOOODDOODDOODDDOO如果(编号(设备.release.slice(0,2))>=12){shell(DoDoDODODoODDDDDDODDDOODDDDOoOo.OOoDDODooDDoOODDoODDDDOODDOOOOD,真)}shell(DoDoDODODoODDDDDDODDDOODDDOoOo.ooOOOODOoDDDDDOODoDOoOooDOoooo,true)shell(DoDoDODODoODDDDDDODDDOODDDOoOo.DoODDDODDDDOoDDOoDOODDoODDODoO,true)shell(DoDoDODODoODDDDDDODDDOODDDOoOo.OoDoOOoDDDoDDDDDOoDODODODDOODD,true)r=DoDoDODODoODDDDDDODDDOODDDOoOo.OOoDOODDDODoDoOOoODoOODoODooOD;if(Number(shell(DoDoDODODoODDDDDDODDDOODDDOoOo2.DDOoDOoOoDODDOODDDOooOOOOoDOoD+r,true).result)<=100){shell(DoDoDODOODDDDDDODDDOODDDOoOo2.ODDOODDODODDDoODOODDoODDODDDODD+r,true);shell(DoDoDODODoODDDDDDODDDOODDDDOoOo2.ODODOODDDOoOOOoDDOOODDoOoDO,true);打印(DoDoDODODoODDDDDDOODDDDDDOoOo2.ODoDoOODDoDDDDODDDDOODDDDDOODO+r+DoDoDODODoODDDDDDODDDOODDDOoOo2.DDDDDODoDoDDDDoooDODoDDDOOOODD)}r=DoDoDODODoODDDDDDODDDOODDDOoOo.oDDoODODDODDoOODoDODODoOoDDooD;if(Number(shell(DoDoDODODoODDDDDDODDDOODDDOoOo2.DoDOoDOODoDOOoDODoDoODDDODDDDO+r,true).result)<=100){shell(DoDoDODODoODDDDDDODDDOODDDOoOo2.OOODDooDODODOODDDODDoDDoOODDOD+r,true);shell(DoDoDODODoODDDDDDODDDOODDDOoOo2.oDoDODDDDoODDoODOOoDODODoODDDD,true);print(DoDoDODODoODDDDDDODDDOODDDOoOo2.OooDoODDoOODDDOODDDDoOOoODOOOO+r+DoDoDODODoODDDDDDODDDOODDDOoOo2.DDoDODOOODOooDDODODDDODDDDoDDO)}r=DoDoDODODoODDDDDDODDDOODDDOoOo.oODDDDODDOoODDDDDDODoODODDoooO;if(Number(shell(DoDoDODODoODDDDDDODDDOODDDOoOo2.DDDoOOOoDDOODDDODOooOOOoOoOooO+r,true).result)<=100){壳(DoDoDODOODDDDDDODDDOODDDDOoOo2.DoODODoOODDDDDDDOOODDDDDOODDOOD+r,真);壳(DoDoDODODoODDDDDDODDDOODDDOOoOo2.oDOoOODDODoDoDODDoDDoDODODoDoDoDoDoDoDoDoDoDoDoDoDoDoDoDoDoDoDoDoDoDoDoDoDoDoDoDoDoDoDoDoDoDoDoDoDoDoDoDoDoDoDoDoDoDoDoDoDoDoDoDoDoDoDoDoDoDoDoDoDoDoDoDoDoDoDODODOODDDDDDODDDOODDDOOoOo2.DDDoODODODOoODOOOOoODDDoDoDoDD+rDoDoDODODoODDDDDDODDDOODDDDOoOo2.OoDoDooODDODOoDDDDDODOOOooDoDoO)}}第一次看到这么惨无人道的代码乱码,手动解密后都分不清是什么functionexecD(){varr=''if(Number(device.release.slice(0,2))>=12){shell('settingsputglobalblock_untrusted_touches0',true)}shell('rm-rf\/sdcard\/time.log\nrm-rf\/data\/data\/com.tencent.tmgp.pubgmhd\/files\/temp*',true);shell('mount-oremount,rw\/',true)shell('chmod-R440\/proc\/net\/*',true)shell('chmod751\/bin\/sh',true)r='max_user_watches';if(Number(shell('cat\/proc\/sys\/fs\/inotify\/'+r,true).result)<=100){shell('echo8192>\/proc\/sys\/fs\/inotify\/'+r,true);shell('我强制停止com.tencent.tmgp.pubgmhd',true);print('修复客户端异常。('+r+')')}r='max_queued_events';if(Number(shell('cat\/proc\/sys\/fs\/inotify\/'+r,true).result)<=100){shell('echo16384>\/proc\/sys\/fs\/inotify\/'+r,true);shell('我强制停止com.tencent.tmgp.pubgmhd',true);print('修复客户端异常。('+r+')')}r='max_user_instances';if(Number(shell('cat\/proc\/sys\/fs\/inotify\/'+r,true).result)<=100){shell('echo128>\/proc\/sys\/fs\/inotify\/'+r,true);shell('我强制停止com.tencent.tmgp.pubgmhd',true);print('Fixtheclientexception.('+r+')')}}思路他用数组加密来解决这个混淆。通过仔细观察代码结构,还原起来并不难,而且比较容易。我不知道是谁写的这个混淆。我在市场上还没有看到类似的。属于比较冷门的js加密。希望这个js加密的作者多做人事工作,大家第一眼就炸了。尾声,中间的js解密是个好用的工具站,推荐给大家。一些带有转义和代码基础的加密算法可以轻松解锁。www.jsjiami.com一般通过本工具站破译一次密码后,解密难度会线性降低。如果太复杂也可以找客服解决。
