Fatal编程技术网
  • javascript/
  • 如何使用“清除javascript代码中的污点”;[]筛选器][构造函数]…”;?

如何使用“清除javascript代码中的污点”;[]筛选器][构造函数]…”;?

javascript

如何使用“清除javascript代码中的污点”;[]筛选器][构造函数]…”;?,javascript,obfuscation,deobfuscation,Javascript,Obfuscation,Deobfuscation,我们都知道,通过互联网上提供的各种工具,可以很容易地对带有“packer”和“eval”之类的模糊javascript代码进行解码,但最近我遇到了一段javascript代码,它被诸如[['filter']['constructor'].[/code>之类的东西模糊化,似乎没有解码的解决方案。示例如下: []["filter"]["constructor"]("r" + "e" + "t" + "u" + "r" + "n" + " " + "e" + "s" + "c" + "a" + 211

我们都知道,通过互联网上提供的各种工具,可以很容易地对带有“packer”和“eval”之类的模糊javascript代码进行解码,但最近我遇到了一段javascript代码,它被诸如
[['filter']['constructor'].[/code>之类的东西模糊化,似乎没有解码的解决方案。示例如下:


[]["filter"]["constructor"]("r" + "e" + "t" + "u" + "r" + "n" + " " + "e" + "s" + "c" + "a" + 211["toString"]("!0!0!01")[+true] + "e")()("" ["italics"]()[0])[true + true] + "N" + "S" + "S" + "{" + "I" + []["filter"]["constructor"]("r" + "e" + "t" + "u" + "r" + "n" + " " + "u" + "n" + "e" + "s" + "c" + "a" + 211["toString"]("!0!0!01")[+true] + "e")()([]["filter"]["constructor"]("r" + "e" + "t" + "u" + "r" + "n" + " " + "e" + "s" + "c" + "a" + 211["toString"]("!0!0!01")[+true] + "e")()("" ["italics"]()[0])[0] +
    "5" + "f") + 101["toString"]("!0!01")[+true] + "a" + (+"false" + []["filter"]["constructor"]("r" + "e" + "t" + "u" + "r" + "n" + " " + []["filter"]["constructor"]("r" + "e" + "t" + "u" + "r" + "n" + " " + "e" + "s" + "c" + "a" + 211["toString"]("!0!0!01")[+true] + "e")()("" ["fontcolor"]()["!01"])[true + true] + "a" + "t" + "e")()())["!0!0!00"] + "e" + []["filter"]["constructor"]("r" + "e" + "t" + "u" + "r" + "n" + " " + "u" + "n" + "e" + "s" + "c" + "a" + 211["toString"]("!0!0!01")[+true] + "e")()([]["filter"]["constructor"]("r" +
    "e" + "t" + "u" + "r" + "n" + " " + "e" + "s" + "c" + "a" + 211["toString"]("!0!0!01")[+true] + "e")()("" ["italics"]()[0])[0] + "5" + "f") + []["filter"]["constructor"]("r" + "e" + "t" + "u" + "r" + "n" + " " + "u" + "n" + "e" + "s" + "c" + "a" + 211["toString"]("!0!0!01")[+true] + "e")()([]["filter"]["constructor"]("r" + "e" + "t" + "u" + "r" + "n" + " " + "e" + "s" + "c" + "a" + 211["toString"]("!0!0!01")[+true] + "e")()("" ["italics"]()[0])[0] + "59" + "") + "o" + "u" + []["filter"]["constructor"]("r" +
    "e" + "t" + "u" + "r" + "n" + " " + "u" + "n" + "e" + "s" + "c" + "a" + 211["toString"]("!0!0!01")[+true] + "e")()([]["filter"]["constructor"]("r" + "e" + "t" + "u" + "r" + "n" + " " + "e" + "s" + "c" + "a" + 211["toString"]("!0!0!01")[+true] + "e")()("" ["italics"]()[0])[0] + "7" + "d");



如何像那样解码javascript?
这看起来非常像非字母数字混淆,但只是一种中间形式。请看一个例子

原则是一样的:
1.它依赖于对代码求值的另一种形式,在您的例子中是数组过滤器构造函数
2.使用下标表示法(将对象名称转换为字符串)
3.将字符串拆分为单个字符字符串,然后使用类型强制将每个字符转换为非字母数字符号序列

解码这是非常容易的,但如果您手动执行,则需要艰苦的工作。我认为写一个工具来自动恢复它只需要不到一个小时。
一开始,这似乎是一个很好的混淆,但它没有弹性,很容易被击败

没有一种模糊处理是100%防弹的,但是像JScrambler这样的现代JS模糊处理程序比基本的编码技术(无论是eval还是eval-less)要深入得多

有关非字母数字混淆的更多详细信息,请参阅(幻灯片33-38)。

如果您对JavaScript混淆感兴趣,请参阅其余部分。
当然,没有解决方案对其进行解码,该代码会抛出
范围错误(
)肯定有比你所说的更多的东西。