在谈小红书混淆

前言

前几个星期,做了小红书初步的解混淆发现还是有一些混淆没有解掉那么现在我就开始解析下

花指令回填

https://img.131213.xyz/api/cfile/AgACAgUAAx0Eflp52gAC1CVoTTrJ8pa6pXbYT-zrmZZS9hNh6QACF8UxG00ncFYCQVjfYRXMGAEAAwIAA3gAAzYE
让我们拆开来分析这个花指令

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
var C = {
    'nwOLN': function(R, S, E, i, N) {
        return R(S, E, i, N);
    },
    'kSUUe': function(R, S, E, i, N) {
        var FZ = L;
        return h["aMltr"](R, S, E, i, N);
    },
    'eTZYs': function(R, S) {
        var FV = L;
        return h["MmaEG"](R, S);
    },
    'lGvVL': function(R, S, E) {
        return h['GKtmp'](R, S, E);
    },
    'SROLQ': function(R, S) {
        var FM = L;
        return h["eDqxI"](R, S);
    },
    'fJlXY': function(R, S) {
        var FU = L;
        return h["ENgsj"](R, S);
    },
    'PUCdd': h["wWSUD"],
    'FGzOP': function(R, S) {
        return R >> S;
    },
    'afgyW': function(R, S) {
        var FT = FK;
        return h["AryJI"](R, S);
    },
    'kHKev': h["prjDE"],
    'zGaFk': '2|0|4|3|1',
    'RRNkR': function(R, S) {
        var FP = FK;
        return h["kgeUA"](R, S);
    },
    'fAOHV': function(R, S) {
        var Fp = FK;
        return h["jHxlb"](R, S);
    },
    'pCEKQ': function(R, S) {
        var Fq = FK;
        return h["XDorZ"](R, S);
    },
    'sHzOh': function(R, S) {
        var FI = FK;
        return h["AryJI"](R, S);
    },
    'GGXmC': function(R, S) {
        var Fs = FK;
        return h["hgTCW"](R, S);
    },
    'NVYmF': function(R, S) {
        var Fw = FK;
        return h["kRdje"](R, S);
    },
    'XwdTh': h["OzdlV"],
    'PHsGL': function(R, S) {
        var Fz = FK;
        return h["eDqxI"](R, S);
    },
    'hxqUd': h["vpgNZ"],
    'GrgCd': function(R, S) {
        return h['BNqwn'](R, S);
    },
    'kzPnv': function(R, S) {
        var FO = FK;
        return h["XDorZ"](R, S);
    },
    'FrWRh': function(R, S) {
        return R !== S;
    },
    'TByEj': h["wCzTn"],
    'FAcyL': function(R, S) {
        return h['vQQUk'](R, S);
    },
    'AleBJ': function(R, S) {
        var FJ = FK;
        return h["cAlyE"](R, S);
    },
    'huAES': h['rKKzw'],
    'DGWOU': function(R, S) {
        var L0 = FK;
        return h["ENgsj"](R, S);
    },
    'jXFeA': h["LLEzS"],
    'uLSjZ': h["mjdDi"],
    'zaGpL': function(R, S, E, i, N) {
        var L1 = FK;
        return h["aMltr"](R, S, E, i, N);
    },
    'OChTg': function(R, S) {
        return R(S);
    },
    'zCLPb': h["umXpK"],
    'WHsCZ': function(R, S, E, i, N) {
        var L2 = FK;
        return h["jTwuf"](R, S, E, i, N);
    },
    'quyBc': function(R, S, E, i, N) {
        var L3 = FK;
        return h["CZeXt"](R, S, E, i, N);
    },
    'DBWWn': h["xblso"],
    'rCmpM': h["qehkP"],
    'HRfcg': function(R, S) {
        return h['ENgsj'](R, S);
    },
    'bdltS': "GlBWa",
    'wMDXH': h["pRDMG"],
    'WwqmJ': function(R, S, E, i, N) {
        return h['AWvMp'](R, S, E, i, N);
    },
    'BWpPZ': function(R, S) {
        var L4 = FK;
        return h["bEIcG"](R, S);
    },
    'snVSB': h["nMMxv"],
    'RlxEZ': h["NLzhS"],
    'SmgXY': function(R, S, E, i, N, g, x, r) {
        return R(S, E, i, N, g, x, r);
    },
    'zCPbZ': function(R, S, E) {
        var L5 = FK;
        return h["GKtmp"](R, S, E);
    },
    'UEaJS': h["kcAaU"],
    'YqyTm': function(R, S) {
        var L6 = FK;
        return h["lUoXu"](R, S);
    },
    'aSIKX': function(R, S) {
        var L7 = FK;
        return h["DaRdU"](R, S);
    },
    'xnNmv': "NNfMe",
    'QgjFq': h["NEMiU"],
    'ldnrr': h['TNZwf'],
    'ZvPja': function(R, S, E, i, N, g, x, r) {
        return R(S, E, i, N, g, x, r);
    },
    'uLFqi': function(R, S) {
        var L8 = FK;
        return h["cIovd"](R, S);
    },
    'MRQGa': function(R, S) {
        return R === S;
    },
    'dfxVY': h['VkNzq'],
    'MBgMf': h['poQoR'],
    'hyZoA': function(R, S) {
        return R - S;
    },
    'LJyjj': function(R, S) {
        var L9 = FK;
        return h["MmaEG"](R, S);
    },
    'aLwwx': function(R, S) {
        var LF = FK;
        return h["KHzzB"](R, S);
    },
    'WqSKX': function(R, S, E, i, N) {
        var LL = FK;
        return h["aMltr"](R, S, E, i, N);
    },
    'gPDFl': function(R, S) {
        var Lh = FK;
        return h["NTrbI"](R, S);
    },
    'iZTGz': "YIEGq",
    'TNAaC': function(R, S) {
        var Lb = FK;
        return h["watuf"](R, S);
    },
    'odVfd': function(R, S, E) {
        var LC = FK;
        return h["tBAUu"](R, S, E);
    },
    'yMgIH': function(R, S, E) {
        return R(S, E);
    },
    'PGxhU': "bApKG",
    'SvIPY': h["nAdsq"],
    'AfBYF': function(R, S) {
        var Lf = FK;
        return h["vfuFM"](R, S);
    },
    'RGcqc': function(R) {
        return R();
    },
    'zJdLz': function(R, S, E) {
        var Lv = FK;
        return h["GKtmp"](R, S, E);
    },
    'oXgav': h["ikzvH"],
    'sMIQH': function(R, S, E, i, N) {
        return h['AWvMp'](R, S, E, i, N);
    },
    'gFinC': h["mTPIJ"],
    'orFnF': function(R, S) {
        return R !== S;
    },
    'HlDqZ': function(R, S, E, i, N) {
        return R(S, E, i, N);
    },
    'rKNGe': function(R, S) {
        return R != S;
    },
    'gUbAP': function(R, S) {
        return h['AENql'](R, S);
    },
    'OMccf': "SKkEN",
    'oeJmh': function(R, S) {
        return h['BNqwn'](R, S);
    },
    'WIitv': function(R, S, E) {
        var Lt = FK;
        return h["GKtmp"](R, S, E);
    },
    'XNrHe': function(R, S, E) {
        var Lc = FK;
        return h["QOeak"](R, S, E);
    },
    'lHsxx': function(R, S) {
        var LW = FK;
        return h["QSewX"](R, S);
    },
    'ckdoI': function(R, S) {
        var LR = FK;
        return h["cAlyE"](R, S);
    },
    'IgyrF': h["pMsaX"],
    'zryFJ': function(R, S, E) {
        var LS = FK;
        return h["QOeak"](R, S, E);
    },
    'SOakV': function(R, S, E) {
        return h['wurWF'](R, S, E);
    },
    'QcqJP': function(R, S, E, i, N) {
        return h['eOFNg'](R, S, E, i, N);
    },
    'IdiaC': function(R, S, E, i, N) {
        var LE = FK;
        return h["oBnDc"](R, S, E, i, N);
    },
    'sioDi': function(R, S, E) {
        return R(S, E);
    },
    'DHUPP': function(R, S) {
        return h['cbnsj'](R, S);
    },
    'NJFpJ': function(R, S, E) {
        var Li = FK;
        return h["tBAUu"](R, S, E);
    },
    'yHiCc': function(R, S, E) {
        return h['GKtmp'](R, S, E);
    },
    'uNwcj': h["qlpXf"],
    'ciJml': function(R, S, E) {
        var LN = FK;
        return h["CcYre"](R, S, E);
    },
    'NcKvK': function(R, S, E, i, N) {
        return R(S, E, i, N);
    },
    'YVUIV': function(R, S) {
        return R / S;
    },
    'qfltV': function(R, S) {
        return R - S;
    },
    'yzhnN': function(R, S, E) {
        return h['ySQYi'](R, S, E);
    },
    'sRVor': function(R, S) {
        return R === S;
    },
    'ODGrw': function(R, S, E) {
        return R(S, E);
    },
    'APjhA': function(R, S) {
        var Lg = FK;
        return h["DaRdU"](R, S);
    },
    'GKBtV': h['GTknR'],
    'AKXKb': function(R, S, E) {
        var Lx = FK;
        return h["CcYre"](R, S, E);
    },
    'FJREI': function(R, S, E, i, N) {
        return R(S, E, i, N);
    },
    'gnqzd': function(R, S, E) {
        var Lr = FK;
        return h["dJeju"](R, S, E);
    },
    'atDry': function(R, S, E, i, N) {
        return R(S, E, i, N);
    },
    'ELHrH': function(R, S) {
        return R - S;
    },
    'vQqZP': function(R, S, E) {
        var Lm = FK;
        return h["MrzJy"](R, S, E);
    },
    'ocRxu': function(R, S, E, i, N) {
        var Le = FK;
        return h["AWvMp"](R, S, E, i, N);
    },
    'dvFSE': function(R, S) {
        return R !== S;
    },
    'ABTJb': h['piLdu'],
    'MGiPt': h["qMPgm"],
    'gQkLB': function(R, S, E, i, N) {
        return R(S, E, i, N);
    },
    'ahuAk': function(R, S) {
        return R > S;
    },
    'AMBCI': function(R, S, E) {
        return R(S, E);
    },
    'RRAzt': function(R, S, E) {
        return h['ySQYi'](R, S, E);
    },
    'MqBmP': function(R, S) {
        var LB = FK;
        return h["zzwfi"](R, S);
    },
    'tGZGI': function(R, S, E, i, N) {
        var Ly = FK;
        return h["eOFNg"](R, S, E, i, N);
    },
    'JZLvj': h['EsoLm'],
    'vEcMv': h["QNaSf"],
    'fIDlR': function(R, S, E, i, N) {
        return h['CZeXt'](R, S, E, i, N);
    },
    'HAyBd': function(R, S, E) {
        return R(S, E);
    },
    'xCAJf': h["awHpc"],
    'kmutF': function(R, S) {
        return h['uCZeD'](R, S);
    },
    'wQhwE': h["IvpwU"],
    'hVFPT': h['qCvbJ'],
    'bHZSF': h["JYyAi"],
    'JmIJf': h['YpQLH'],
    'tXtzn': function(R, S, E) {
        var LY = FK;
        return h["GKtmp"](R, S, E);
    },
    'HIswS': function(R, S) {
        var LD = FK;
        return h["vQQUk"](R, S);
    },
    'vtWFF': function(R, S, E) {
        var Lj = FK;
        return h["YqUuj"](R, S, E);
    },
    'WTylz': function(R, S) {
        return R - S;
    },
    'ImoXf': h["hXCqG"],
    'ljrRl': h["PXTBo"],
    'CcUsi': function(R, S, E, i, N) {
        var Ll = FK;
        return h["tItQY"](R, S, E, i, N);
    },
    'hoXih': function(R, S) {
        var LA = FK;
        return h["GkjFS"](R, S);
    },
    'Qkaka': h['jkiDJ'],
    'Ufprf': function(R, S, E, i, N) {
        return h['CZeXt'](R, S, E, i, N);
    },
    'TcDxS': function(R, S, E) {
        var LG = FK;
        return h["tBAUu"](R, S, E);
    },
    'Uiemt': h["PPfJp"],
    'tRJfx': function(R, S) {
        return R + S;
    },
    'jksMW': function(R, S, E) {
        return h['QOeak'](R, S, E);
    },
    'OIQJh': function(R, S) {
        var Lo = FK;
        return h["epJNI"](R, S);
    },
    'WAmru': function(R, S) {
        var Lk = FK;
        return h["eDqxI"](R, S);
    },
    'Wxdrg': h['YckUU'],
    'QImRg': h['iEKgt'],
    'rpzig': function(R, S, E, i, N) {
        var La = FK;
        return h["eOFNg"](R, S, E, i, N);
    },
    'FjvPb': function(R) {
        return h['LTTNI'](R);
    },
    'EhpkL': function(R, S, E, i, N) {
        return h['aMltr'](R, S, E, i, N);
    },
    'ngarZ': function(R, S, E, i, N) {
        var Ld = FK;
        return h["gSDNx"](R, S, E, i, N);
    },
    'JcTTq': function(R, S, E) {
        var LX = FK;
        return h["GKtmp"](R, S, E);
    },
    'KdPNG': function(R, S) {
        var LH = FK;
        return h["dBKVS"](R, S);
    },
    'MLjuz': h["GNxQH"],
    'tVHze': function(R, S, E, i, N) {
        var Lu = FK;
        return h["oBnDc"](R, S, E, i, N);
    },
    'ybgJn': function(R, S, E) {
        return h['ucOWm'](R, S, E);
    },
    'bRryP': h["ucaVm"],
    'vSFPC': function(R, S) {
        var Ln = FK;
        return h["zHUzN"](R, S);
    },
    'KECwk': h["sVuBy"],
    'fSmTE': function(R, S, E, i, N) {
        return R(S, E, i, N);
    },
    'UPxpr': "4|1|2|0|5|9|6|3|8|7",
    'aiVyO': function(R, S) {
        var LQ = FK;
        return h["AryJI"](R, S);
    },
    'mMONc': function(R, S) {
        var LZ = FK;
        return h["BNqwn"](R, S);
    },
    'mNQYE': h["dAAVb"],
    'goMdg': function(R, S, E, i, N) {
        return R(S, E, i, N);
    },
    'uEfBT': function(R, S, E, i, N) {
        var LV = FK;
        return h["eOFNg"](R, S, E, i, N);
    },
    'kweEL': function(R, S, E, i, N) {
        var LM = FK;
        return h["aMltr"](R, S, E, i, N);
    }
};
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
var i = {
     'eXpUz': function(p, q, I, s, w) {
         return p(q, I, s, w);
     },
     'GTnDt': function(p, q, I) {
         var LU = L;
         return C["zryFJ"](p, q, I);
     },
     'FqByk': function(p, q, I, s, w) {
         return p(q, I, s, w);
     },
     'tRAuT': function(p, q) {
         var LK = L;
         return C["orFnF"](p, q);
     },
     'JNcQS': C["JZLvj"],
     'nzYNo': 'ByABT',
     'vsGkJ': function(p, q, I) {
         return C['NJFpJ'](p, q, I);
     },
     'OoSWq': 'XrElB',
     'XEyPA': C["vEcMv"],
     'VLqYs': function(p, q, I, s, w) {
         var LP = LT;
         return C["fIDlR"](p, q, I, s, w);
     },
     'kPfVf': function(p, q) {
         var Lp = LT;
         return C["AleBJ"](p, q);
     },
     'ECpKE': function(p, q, I) {
         return C['HAyBd'](p, q, I);
     },
     'ALpNt': function(p, q) {
         var Lq = LT;
         return C["MRQGa"](p, q);
     },
     'blfSb': C["xCAJf"],
     'hakVh': function(p, q, I, s, w) {
         var LI = LT;
         return C["zaGpL"](p, q, I, s, w);
     },
     'BllIK': function(p, q) {
         var Ls = LT;
         return C["kmutF"](p, q);
     },
     'jqmtI': C["wQhwE"],
     'VRBVo': C['hVFPT'],
     'qbJjB': C["bHZSF"],
     'OoaGy': function(p, q, I, s, w) {
         return p(q, I, s, w);
     },
     'dOPfp': function(p, q) {
         return p === q;
     },
     'YsXRR': C['JmIJf'],
     'QmRpf': function(p, q, I) {
         var Lw = LT;
         return C["tXtzn"](p, q, I);
     },
     'uWAZn': function(p, q) {
         var Lz = LT;
         return C["HIswS"](p, q);
     },
     'mXOEa': function(p, q, I) {
         return C['vtWFF'](p, q, I);
     },
     'sqlMq': function(p, q) {
         var LO = LT;
         return C["WTylz"](p, q);
     },
     'hMwnk': function(p, q) {
         var LJ = LT;
         return C["HIswS"](p, q);
     },
     'lbZOY': function(p, q) {
         return p === q;
     },
     'LjgZY': C["ImoXf"],
     'Vdmrg': C['ljrRl'],
     'YqBZK': function(p, q, I, s, w) {
         return p(q, I, s, w);
     },
     'XvVud': function(p, q, I, s, w) {
         var h0 = LT;
         return C["IdiaC"](p, q, I, s, w);
     },
     'svANh': function(p, q, I, s, w) {
         var h1 = LT;
         return C["CcUsi"](p, q, I, s, w);
     },
     'HLABO': function(p, q) {
         var h2 = LT;
         return C["hoXih"](p, q);
     },
     'fRDpO': function(p, q, I) {
         var h3 = LT;
         return C["zJdLz"](p, q, I);
     },
     'ZWORk': function(p) {
         var h4 = LT;
         return C["RGcqc"](p);
     },
     'CnNTH': function(p, q) {
         return p < q;
     },
     'XjCEE': 'vnGmT',
     'wBccl': C['Qkaka'],
     'ysQKL': function(p, q) {
         return p - q;
     },
     'SEoiV': function(p, q, I, s, w) {
         var h5 = LT;
         return C["Ufprf"](p, q, I, s, w);
     },
     'Efzgp': function(p, q) {
         var h6 = LT;
         return C["RRNkR"](p, q);
     },
     'ijFaB': function(p, q, I) {
         return p(q, I);
     },
     'PVQkv': function(p, q) {
         return p <= q;
     },
     'TnYHa': function(p, q, I, s, w) {
         return p(q, I, s, w);
     },
     'uDAFK': function(p, q, I) {
         return p(q, I);
     },
     'oahov': function(p, q, I) {
         return C['TcDxS'](p, q, I);
     },
     'ERHkq': function(p, q, I) {
         return p(q, I);
     },
     'hEIFf': C["Uiemt"],
     'YULRE': function(p, q) {
         var h7 = LT;
         return C["tRJfx"](p, q);
     },
     'OGgZX': function(p, q, I) {
         return C['jksMW'](p, q, I);
     },
     'qfOel': function(p, q, I) {
         return p(q, I);
     },
     'oJfRr': function(p, q, I, s, w, z) {
         return p(q, I, s, w, z);
     },
     'HozPp': function(p) {
         var h8 = LT;
         return C["RGcqc"](p);
     },
     'BvKJu': function(p, q) {
         var h9 = LT;
         return C["OIQJh"](p, q);
     },
     'pisTm': "vqEeQ",
     'JbvFu': function(p) {
         return p();
     },
     'PHGCq': function(p, q) {
         return C['WAmru'](p, q);
     },
     'oWFrJ': function(p) {
         return C['RGcqc'](p);
     },
     'oxiGH': function(p, q, I, s, w, z, O, J) {
         return p(q, I, s, w, z, O, J);
     },
     'DinAD': function(p, q) {
         var hF = LT;
         return C["OChTg"](p, q);
     },
     'YAvpt': C["Wxdrg"],
     'yAZPc': C["QImRg"],
     'QnhQH': function(p, q, I, s, w) {
         var hL = LT;
         return C["rpzig"](p, q, I, s, w);
     },
     'hhbCq': function(p, q, I, s, w) {
         return C['WHsCZ'](p, q, I, s, w);
     },
     'ijCbw': function(p, q, I, s, w) {
         var hh = LT;
         return C["NcKvK"](p, q, I, s, w);
     },
     'rtvbE': function(p, q) {
         return p(q);
     },
     'icctW': function(p) {
         return C['FjvPb'](p);
     },
     'iEAsQ': function(p, q, I) {
         return p(q, I);
     },
     'wSOnE': function(p, q, I, s, w) {
         var hb = LT;
         return C["EhpkL"](p, q, I, s, w);
     },
     'IWYXF': function(p, q, I, s, w) {
         var hC = LT;
         return C["ngarZ"](p, q, I, s, w);
     },
     'Lkyuv': function(p, q, I) {
         var hf = LT;
         return C["gnqzd"](p, q, I);
     },
     'twOao': function(p, q, I) {
         var hv = LT;
         return C["JcTTq"](p, q, I);
     },
     'QMMxd': function(p, q, I) {
         var ht = LT;
         return C["ciJml"](p, q, I);
     },
     'yrndN': function(p, q, I, s, w) {
         return p(q, I, s, w);
     },
     'ShWNE': function(p, q) {
         var hc = LT;
         return C["KdPNG"](p, q);
     },
     'SIhNg': C["MLjuz"],
     'dMFQI': function(p, q, I, s, w) {
         var hW = LT;
         return C["tVHze"](p, q, I, s, w);
     },
     'KAEds': function(p, q, I) {
         return C['ybgJn'](p, q, I);
     },
     'byFQy': C['bRryP'],
     'ZHwyQ': function(p, q) {
         var hR = LT;
         return C["vSFPC"](p, q);
     },
     'Dqqnv': C["KECwk"],
     'uQaTs': function(p, q, I) {
         return C['gnqzd'](p, q, I);
     },
     'udbjY': function(p, q, I, s, w) {
         return C['fSmTE'](p, q, I, s, w);
     },
     'lGKwN': function(p, q) {
         return p >>> q;
     },
     'Mzwla': function(p, q, I) {
         return p(q, I);
     },
     'mhMSh': C["UPxpr"],
     'RjPbU': function(p, q) {
         return p | q;
     },
     'JBdED': function(p, q) {
         var hS = LT;
         return C["aiVyO"](p, q);
     },
     'oNTxv': function(p, q) {
         var hE = LT;
         return C["mMONc"](p, q);
     },
     'qyZqB': function(p, q) {
         var hi = LT;
         return C["kmutF"](p, q);
     },
     'JiTri': C["mNQYE"],
     'vyrbl': function(p, q, I, s, w) {
         var hN = LT;
         return C["goMdg"](p, q, I, s, w);
     }
 };

发现C属性是原始的属性而i属性调用了c对象的方法,相当于给i套了个代理
https://img.131213.xyz/api/cfile/AgACAgUAAx0Eflp52gAC1CVoTTrJ8pa6pXbYT-zrmZZS9hNh6QACF8UxG00ncFYCQVjfYRXMGAEAAwIAA3gAAzYE

AST解混淆源码

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
const fs = require('fs');
const path = require('path');
const parser = require('@babel/parser');
const traverse = require('@babel/traverse').default;
const t = require('@babel/types');
const generate = require('@babel/generator').default;

// 配置
const config = {
  inputFile: 'demo23.js',
  outputFile: 'demo23_restored.js',
  debugMode: true
};

// 日志函数
const log = {
  info: (...args) => console.log('[INFO]', ...args),
  debug: (...args) => config.debugMode && console.log('[DEBUG]', ...args),
  warn: (...args) => console.warn('[WARN]', ...args),
  error: (...args) => console.error('[ERROR]', ...args)
};

// 主函数
async function main() {
  try {
    log.info('开始解析混淆的JavaScript代码');
    
    // 读取混淆后的代码
    const code = fs.readFileSync(config.inputFile, 'utf-8');
    log.info(`成功读取文件: ${config.inputFile}`);
    
    // 解析代码生成AST
    log.info('解析JavaScript代码为AST');
    const ast = parser.parse(code);
    
    // 存储对象映射
    const objectMappings = {
      'h': {}, // 存储h对象的属性映射
      'C': {}  // 存储C对象的属性映射
    };
    
    // 第一阶段:提取对象属性
    log.info('第一阶段: 提取对象属性和函数');
    extractObjectProperties(ast, objectMappings);
    
    // 打印提取的对象属性
    if (config.debugMode) {
      log.debug(`提取了 ${Object.keys(objectMappings.h).length} 个h对象属性`);
      log.debug(`提取了 ${Object.keys(objectMappings.C).length} 个C对象属性`);
      
      // 打印一些示例属性
      const hKeys = Object.keys(objectMappings.h);
      if (hKeys.length > 0) {
        for (let i = 0; i < Math.min(5, hKeys.length); i++) {
          const key = hKeys[i];
          log.debug(`h['${key}'] = ${objectMappings.h[key].description}`);
        }
      }
    }
    
    // 第二阶段:替换对象属性引用
    log.info('第二阶段: 替换对象属性引用');
    replaceObjectReferences(ast, objectMappings);
    
    // 第三阶段:内联函数调用
    log.info('第三阶段: 内联函数调用');
    inlineFunctionCalls(ast, objectMappings);
    
    // 生成还原后的代码
    log.info('生成还原后的代码');
    const { code: restoredCode } = generate(ast, {
      comments: true,
      retainLines: true,
      compact: false
    });
    
    // 保存还原后的代码
    fs.writeFileSync(config.outputFile, restoredCode);
    log.info(`还原后的代码已保存到: ${config.outputFile}`);
    
    // 打印还原的概要信息
    log.info('代码还原完成!');
  } catch (error) {
    log.error('处理过程中出现错误:', error);
  }
}

// 提取对象属性
function extractObjectProperties(ast, objectMappings) {
  traverse(ast, {
    VariableDeclarator(path) {
      const { id, init } = path.node;
      
      // 检查是否是h对象或C对象的定义
      if (t.isIdentifier(id) && objectMappings.hasOwnProperty(id.name) && t.isObjectExpression(init)) {
        log.debug(`找到 ${id.name} 对象定义`);
        
        // 遍历对象属性
        init.properties.forEach(property => {
          if (!t.isObjectProperty(property)) return;
          
          // 获取属性键
          let key = '';
          if (t.isStringLiteral(property.key)) {
            key = property.key.value;
          } else if (t.isIdentifier(property.key) && !property.computed) {
            key = property.key.name;
          } else {
            return;
          }
          
          // 处理属性值
          if (t.isFunctionExpression(property.value)) {
            // 处理函数
            const params = property.value.params.map(param => param.name);
            let returnExpr = null;
            
            // 获取函数体内的返回语句
            for (const stmt of property.value.body.body) {
              if (t.isReturnStatement(stmt)) {
                returnExpr = stmt.argument;
                break;
              }
            }
            
            // 创建函数信息
            if (returnExpr) {
              const funcInfo = {
                type: 'function',
                params,
                returnExpr,
                description: getFunctionDescription(params, returnExpr)
              };
              objectMappings[id.name][key] = funcInfo;
            }
          } else if (t.isStringLiteral(property.value)) {
            // 处理字符串
            objectMappings[id.name][key] = {
              type: 'string',
              value: property.value.value,
              description: `"${property.value.value}"`
            };
          } else if (t.isNumericLiteral(property.value)) {
            // 处理数字
            objectMappings[id.name][key] = {
              type: 'number',
              value: property.value.value,
              description: `${property.value.value}`
            };
          }
        });
        
        log.debug(`处理完 ${id.name} 对象, 提取了 ${Object.keys(objectMappings[id.name]).length} 个属性`);
      }
    }
  });
}

// 替换对象属性引用
function replaceObjectReferences(ast, objectMappings) {
  let stringReplaceCount = 0;
  
  traverse(ast, {
    MemberExpression(path) {
      const { object, property, computed } = path.node;
      
      // 检查是否是h[xxx]或C[xxx]形式
      if (computed && 
          t.isIdentifier(object) && 
          objectMappings.hasOwnProperty(object.name) && 
          t.isStringLiteral(property)) {
        
        const objectName = object.name;
        const key = property.value;
        const mapping = objectMappings[objectName][key];
        
        // 替换字符串和数字属性
        if (mapping && (mapping.type === 'string' || mapping.type === 'number')) {
          if (mapping.type === 'string') {
            path.replaceWith(t.stringLiteral(mapping.value));
          } else {
            path.replaceWith(t.numericLiteral(mapping.value));
          }
          stringReplaceCount++;
        }
      }
    }
  });
  
  log.info(`替换了 ${stringReplaceCount} 个字符串/数字引用`);
}

// 内联函数调用
function inlineFunctionCalls(ast, objectMappings) {
  let functionReplaceCount = 0;
  let commentCount = 0;
  
  traverse(ast, {
    CallExpression(path) {
      const { callee, arguments: args } = path.node;
      
      // 检查是否是h[xxx](...) 或 C[xxx](...) 形式的调用
      if (t.isMemberExpression(callee) &&
          t.isIdentifier(callee.object) &&
          objectMappings.hasOwnProperty(callee.object.name) &&
          callee.computed &&
          t.isStringLiteral(callee.property)) {
        
        const objectName = callee.object.name;
        const key = callee.property.value;
        const mapping = objectMappings[objectName][key];
        
        // 处理函数调用
        if (mapping && mapping.type === 'function' && mapping.returnExpr) {
          const params = mapping.params;
          const returnExpr = mapping.returnExpr;
          
          try {
            // 创建参数映射 (形参 -> 实参)
            const paramMapping = {};
            for (let i = 0; i < params.length && i < args.length; i++) {
              paramMapping[params[i]] = args[i];
            }
            
            // 内联简单的二元表达式
            if (t.isBinaryExpression(returnExpr)) {
              const { left, operator, right } = returnExpr;
              
              // 替换参数
              const newLeft = t.isIdentifier(left) && paramMapping[left.name] 
                             ? paramMapping[left.name] 
                             : t.cloneDeep(left);
              
              const newRight = t.isIdentifier(right) && paramMapping[right.name]
                              ? paramMapping[right.name]
                              : t.cloneDeep(right);
              
              // 创建新的二元表达式
              const newExpr = t.binaryExpression(operator, newLeft, newRight);
              
              // 添加注释,标记原函数调用
              const comment = ` 原混淆: ${objectName}["${key}"](${args.map((arg) => generate(arg).code).join(', ')}) `;
              t.addComment(newExpr, 'leading', comment, true);
              
              // 替换节点
              path.replaceWith(newExpr);
              functionReplaceCount++;
            }
            
            // 内联函数调用表达式
            else if (t.isCallExpression(returnExpr)) {
              const { callee: innerCallee, arguments: innerArgs } = returnExpr;
              
              // 替换参数
              const newCallee = t.isIdentifier(innerCallee) && paramMapping[innerCallee.name]
                              ? paramMapping[innerCallee.name]
                              : t.cloneDeep(innerCallee);
              
              const newArgs = innerArgs.map(arg => {
                return t.isIdentifier(arg) && paramMapping[arg.name]
                      ? paramMapping[arg.name]
                      : t.cloneDeep(arg);
              });
              
              // 创建新的函数调用
              const newExpr = t.callExpression(newCallee, newArgs);
              
              // 添加注释
              const comment = ` 原混淆: ${objectName}["${key}"](${args.map((arg) => generate(arg).code).join(', ')}) `;
              t.addComment(newExpr, 'leading', comment, true);
              
              // 替换节点
              path.replaceWith(newExpr);
              functionReplaceCount++;
            }
            else {
              // 为其他类型的函数调用添加注释
              const comment = ` ${objectName}["${key}"] 函数定义: ${mapping.description} `;
              t.addComment(path.node, 'leading', comment, true);
              commentCount++;
            }
          } catch (err) {
            log.warn(`处理函数 ${objectName}["${key}"] 出错:`, err);
          }
        }
      }
    }
  });
  
  log.info(`内联替换了 ${functionReplaceCount} 个函数调用`);
  log.info(`为 ${commentCount} 个复杂函数添加了注释`);
}

// 获取函数的描述
function getFunctionDescription(params, returnExpr) {
  try {
    // 获取返回表达式的代码
    const returnCode = generate(returnExpr).code;
    return `function(${params.join(', ')}) { return ${returnCode}; }`;
  } catch (err) {
    return `function(${params.join(', ')}) { /* 复杂表达式 */ }`;
  }
}

// 执行主函数
main().catch(err => {
  log.error('程序执行失败:', err);
});

以上就是AST反混淆的源码掌握AST可以更方便的熟悉jsvmp的代码