JS代码混淆初步
一直以来,JS前端代码因为必须经过IE明文解析,某些加密的JS如:JScript.Encode也因为树大招风,早就被人破解了。还有些加密的手段,通过复杂的变换,改变源码,但最终都逃不脱最后的审判,像unescape,document.write,eval语句来还原。对于JS代码的保护,最好的手段就是混淆,混淆的目的就是让读懂代码的成本比直接写代码的成本高,混淆不是不可破解的,只是增加破解成本,JAVA,C#的加密都是采用混淆。这样对于非常核心的代码,混淆起不到保护代码的作用,不过JS有这样的代码么?本程序没有用到编译原理,其分词解析思想是基于mechiland(http://www.jzchen.net)的代码高亮程序,参考了蓝色经典的加密混淆专题讨
<HTML><HEAD><TITLE>Cunfusion</TITLE>
<META content="MSHTML 6.00.2800.1528" name=GENERATOR>
<META content="" name=Author>
<META content="" name=Keywords>
<META content="" name=Description></HEAD>
<BODY>
<SCRIPT language=JavaScript>
<!--
/**//**
** ======================================================
** 类名:CLASS_CONFUSION
** 功能:JS混淆
** 示例:
------------------------------------------------------------
var xx = new CLASS_CONFUSION(code);
document.getElementById("display").innerHTML = xx.confusion();
-------------------------------------------------------------
** 作者:ttyp
** 邮件:ttyp@21cn.com
** 日期:2006-3-20
** 版本:0.12
** =====================================================
**/
function CLASS_CONFUSION(code){
//哈希表类
function Hashtable(){
this._hash = new Object();
this.add = function(key,value){
if(typeof(key)!="undefined"){
if(this.contains(key)==false){
this._hash[key]=typeof(value)=="undefined"?null:value;
return true;
} else {
return false;
}
} else {
return false;
}
}
this.remove = function(key){delete this._hash[key];}
this.count = function(){var i=0;for(var k in this._hash){i++;} return i;}
this.items = function(key){return this._hash[key];}
this.contains = function(key){return typeof(this._hash[key])!="undefined";}
this.clear = function(){for(var k in this._hash){delete this._hash[k];}}
}
function VariableMap(parent){
this.table = new Hashtable();
this.level = parent?parent.level+1:0;
this.parent= parent;
this.add = function(key,value){this.table.add(key,value)};
this.items = function(key){return this.table.items(key)};
this.count = function(){return this.table.count()};
this.contains = function(key){return this.table.contains(key);}
this.isParameter = false;
}
this._caseSensitive = true;
//字符串转换为哈希表
this.str2hashtable = function(key,cs){
var _key = key.split(/,/g);
var _hash = new Hashtable();
var _cs = true;
if(typeof(cs)=="undefined"||cs==null){
_cs = this._caseSensitive;
} else {
_cs = cs;
}
for(var i in _key){
if(_cs){
_hash.add(_key[i]);
} else {
_hash.add((_key[i]+"").toLowerCase());
}
}
return _hash;
}
//获得需要转换的代码
this._codetxt = code;
if(typeof(syntax)=="undefined"){
syntax = "";
}
this._deleteComment = false;
//是否大小写敏感
this._caseSensitive = true;
//得到关键字哈希表
this._keywords = this.str2hashtable("switch,case,delete,default,typeof,for,in,function,void,this,boolean,while,if,return,new,true,false,try,catch,throw,null,else,do,var");
this._function = this.str2hashtable("function");
this._var = "var";
this._beginBlock = "{";
this._endBlock = "}";
this._window = this.str2hashtable("alert,escape,unescape,document,parseInt,parseFloat");
//得到内建对象哈希表
this._commonObjects = this.str2hashtable("String,Number,Boolean,RegExp,Error,Math,Date,Object,Array,Global");
//得到分割字符
this._wordDelimiters= " ,.?!;:\\/<>(){}[]\"'\r\n\t=+-|*%@#$^&";
//引用字符
this._quotation = this.str2hashtable("\",'");
//行注释字符
this._lineComment = "//";
//转义字符
this._escape = "\\";
//多行引用开始
this._commentOn = "/*";
//多行引用结束
this._commentOff = "*/";
this._execute = "eval";
//引用调用字符
this._call = ".";
this._varPause = "=";
this._varContinue = ",";
//变量个数
this._varNum = 0;
this.confusion = function() {
var codeArr = new Array();
var word_index = 0;
var htmlTxt = new Array();
//得到分割字符数组(分词)
for (var i = 0; i < this._codetxt.length; i++) {
if (this._wordDelimiters.indexOf(this._codetxt.charAt(i)) == -1) { //找不到关键字
if (codeArr[word_index] == null || typeof(codeArr[word_index]) == 'undefined') {
codeArr[word_index] = "";
}
codeArr[word_index] += this._codetxt.charAt(i);
} else {
if (typeof(codeArr[word_index]) != 'undefined' && codeArr[word_index].length > 0)
word_index++;
codeArr[word_index++] = this._codetxt.charAt(i);
}
}
var quote_opened = false; //引用标记
var slash_star_comment_opened = false; //多行注释标记
var slash_slash_comment_opened = false; //单行注释标记
var line_num = 1; //行号
var quote_char = ""; //引用标记类型
var call_opened = false;
var call_string = "";
var var_opened = false;
var var_pause = false;
var function_opened = false;
var parameter_opened = false;
var var_map = new VariableMap();
var cur_var_map = var_map;
var execute_opened = false;
//按分割字,分块显示
for (var i=0; i <=word_index; i++){
//单独处理指针引用
if(call_opened&&typeof(codeArr[i])!="undefined"){
if(call_string.length==0){
if(this.isVar(codeArr[i])){
call_string +=codeArr[i];
}else{
htmlTxt[htmlTxt.length] = "[\"" + this.toHex(call_string) + "\"]";
if(codeArr[i]!=this._call){
htmlTxt[htmlTxt.length] = codeArr[i];
call_opened = false;
}
call_string = "";
}
} else {
if(!this.isVar(codeArr[i])){
htmlTxt[htmlTxt.length] = "[\"" + this.toHex(call_string) + "\"]";
if(codeArr[i]!=this._call){
htmlTxt[htmlTxt.length] = codeArr[i];
call_opened = false;
}
call_string = "";
}else{
htmlTxt[htmlTxt.length] = "[\"" + this.toHex(call_string) + "\"]";
}
}
continue;
}
//处理空行(由于转义带来)
if(typeof(codeArr[i])=="undefined"||codeArr[i].length==0){
continue;
} else if(codeArr[i]==" "){
htmlTxt[htmlTxt.length] = " ";
} else if(codeArr[i]=="\n"){
//处理换行
} else if (codeArr[i] == "\r"){
slash_slash_comment_opened = false;
quote_opened = false;
var_opened = false;
htmlTxt[htmlTxt.length] = "\r\n";
line_num++;
//处理function里的参数标记
} else if (!slash_slash_comment_opened&&!slash_star_comment_opened && !quote_opened &&this.isFunction(codeArr[i])){
htmlTxt[htmlTxt.length] = codeArr[i];
function_opened = true;
} else if (!slash_slash_comment_opened&&!slash_star_comment_opened && !quote_opened &&codeArr[i]=="("){
htmlTxt[htmlTxt.length] = codeArr[i];
if(function_opened == true){
function_opened =false;
var_opened = true;
cur_var_map = new VariableMap(cur_var_map);
cur_var_map.isParameter = true;
}
} else if (!slash_slash_comment_opened&&!slash_star_comment_opened && !quote_opened &&codeArr[i]==")"){
htmlTxt[htmlTxt.length] = codeArr[i];
//处理var a = new Class(),b=new Date();类似的问题
if(cur_var_map.isParameter){
var_opened = false;
var_pause = false;
}
} else if (!slash_slash_comment_opened&&!slash_star_comment_opened && !quote_opened &&codeArr[i]==";"){
htmlTxt[htmlTxt.length] = codeArr[i];
var_opened = false;
var_pause = false;
if(execute_opened){
execute_opened = false;
}
} else if (!slash_slash_comment_opened&&!slash_star_comment_opened && !quote_opened &&codeArr[i]==this._var){
htmlTxt[htmlTxt.length] = codeArr[i];
var_opened = true;
var_pause = false;
} else if(!slash_slash_comment_opened&&!slash_star_comment_opened && !quote_opened &&codeArr[i]==this._varPause){
htmlTxt[htmlTxt.length] = codeArr[i];
var_pause = true;
} else if(!slash_slash_comment_opened&&!slash_star_comment_opened && !quote_opened &&codeArr[i]==this._varContinue){
htmlTxt[htmlTxt.length] = codeArr[i];
var_pause = false;
} else if(!slash_slash_comment_opened&&!slash_star_comment_opened && !quote_opened &&codeArr[i]==this._beginBlock){
cur_var_map = new VariableMap(cur_var_map);
var_opened = false;
htmlTxt[htmlTxt.length] = codeArr[i];
} else if(!slash_slash_comment_opened&&!slash_star_comment_opened && !quote_opened &&codeArr[i]==this._endBlock){
cur_var_map = cur_var_map.parent;
if(cur_var_map.isParameter){
cur_var_map = cur_var_map.parent;
}
htmlTxt[htmlTxt.length] = codeArr[i];
//处理引用调用
} else if (!slash_slash_comment_opened&&!slash_star_comment_opened && !quote_opened &&codeArr[i]==this._call){
//判断引用(.)后面第一个是否为字母货_$
if(i<word_index-1){
if(this.isVar(codeArr[i+1])){
if(call_opened){
htmlTxt[htmlTxt.length] = this.toHex(call_string);
}
call_opened = true;
}else{
htmlTxt[htmlTxt.length] = this._call;
}
}else{
htmlTxt[htmlTxt.length] = this._call;
}
//处理关键字
} else if (!slash_slash_comment_opened&&!slash_star_comment_opened && !quote_opened && this.isKeyword(codeArr[i])){
htmlTxt[htmlTxt.length] = codeArr[i];
//处理eval后的字符串
} else if (!slash_slash_comment_opened&&!slash_star_comment_opened && !quote_opened && codeArr[i]==this._execute){
htmlTxt[htmlTxt.length] = "window[\"" + this.toHex(codeArr[i]) + "\"]";
execute_opened = true;
//window内置对象
} else if (!slash_slash_comment_opened&&!slash_star_comment_opened && !quote_opened && this.isWindow(codeArr[i])){
htmlTxt[htmlTxt.length] = "window[\"" + this.toHex(codeArr[i]) + "\"]";
//处理普通对象
} else if (!slash_slash_comment_opened&&!slash_star_comment_opened && !quote_opened && this.isCommonObject(codeArr[i])){
htmlTxt[htmlTxt.length] = "window[\"" + this.toHex(codeArr[i]) + "\"]";
//处理双引号(引号前不能为转义字符)
} else if (!slash_star_comment_opened&&!slash_slash_comment_opened&&this._quotation.contains(codeArr[i])){
if (quote_opened){
//是相应的引号
if(quote_char==codeArr[i]){
htmlTxt[htmlTxt.length] = codeArr[i];
quote_opened = false;
quote_char = "";
} else {
htmlTxt[htmlTxt.length] = this.toHex(codeArr[i]);
}
} else {
htmlTxt[htmlTxt.length] = codeArr[i];
quote_opened = true;
quote_char = codeArr[i];
}
//处理转义字符
} else if(codeArr[i] == this._escape){
htmlTxt[htmlTxt.length] = codeArr[i];
if(i<word_index-1){
if(codeArr[i+1].charCodeAt(0)>=32&&codeArr[i+1].charCodeAt(0)<=127){
htmlTxt[htmlTxt.length] = codeArr[i+1].substr(0,1);
&nb
- 上一篇: AJAX基础教程
- 下一篇: window.open()的所有参数列表