JS逆向基础知识个人总结

函数相关

函数自动执行-1

(function auto(){
   console.log("自动执行");
})();
1
2
3

函数自动执行-2

$(function auto(){
   console.log("自动执行");
})
1
2
3

函数调用

function second(){
   console.log(first());
}
 
function first(){
   return "hi there.";
}
1
2
3
4
5
6
7

函数的定义-1

function say(){
   return "定义函数";
}
1
2
3

函数的定义-2

var say = function(){
   return "定义函数";
}
1
2
3

函数的定义-3

var obj = {
   "say":function(){
       return "对象内的成员";
   }
};
1
2
3
4
5

Base64 编码函数

内置base64编码函数 btoa,output : aGVsbG8=

let value = 'hello';
console.log(btoa(value));
1
2

内置base64解码函数 atob,output : hello

let value = 'aGVsbG8=';
console.log(atob(value));
1
2

第三方库实现（CryptoJS)

const CryptoJS = require("crypto-js");
let value="hello";
let trans=CryptoJS.enc.Utf8.parse(value);
let encrypted=CryptoJS.enc.Base64.stringify(trans);
console.log(encrypted)
1
2
3
4
5

自己编写base64编码算法和解码算法

function Base64(){
   this.encode = function(val){
       //编码逻辑
       return val
   }
   this.decode = function(val){
       //解码逻辑
       return val
   }
}
encrypt = new Base64();
console.log(encrypt.encode("encode"));
1
2
3
4
5
6
7
8
9
10
11
12

JSON 对象

将对象转换为字符串

var params={
   "username":"null119",
   "password":"123456"
}
console.log(JSON.stringify(params));
1
2
3
4
5

将字符串转换为JSON对象

var params='{"username":"null119","password":"123456"}';
console.log(JSON.parse(parms));
1
2

Array 数组基本操作

定义一个空数组-1
```
let mousePos=[];
1
```
定义一个空数组-2
```
let mousePos=new Array();
1
```

向数组添加元素

mousePos.push([100,50,200]);
console.log(mousePos);
1
2

删除并返回一个元素
```
console.log(mousePos.pop());
1
```

数组转字符串-1

let mousePos = new Array();
mousePos.push([100,50,123]);
console.log(mousePos.join(";"));
1
2
3

数组转字符串-2

let mousePos = new Array();
mousePos.push([100,50,123]);
console.log(mousePos.toString());
1
2
3

字符和Unicode编码值互转

编码转字符

let value=String.fromCharCode(72,69,76,76,79); //HELLO
console.log(value);
1
2

字符转编码

let value='h';
console.log(value.charCodeAt());
1
2

toString 函数

对象转字符串

let param=[5,6,8];
console.log(param.toString());
1
2

字符转二进制

let value=6;
console.log(value.toString(2));
1
2

字符转十六进制

let value=6;
console.log(value.toString(16));
1
2

布尔值转字符串

let value=false;
console.log(value.toString());
1
2

判断类型

let arr=[1,2,3];
console.log(toString.call(arr));
1
2

Val取值和设置值

设置对象的值

返回对象的值







FirstName:

LastName:




1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

return也是有语法的

单行return

function _tokenValue(v){
   //.....
   let _token= v.join("-");
   return _token
}
console.log(_tokenValue([56,78,33]));
1
2
3
4
5
6

多行return-1 (return处给了多个值，但真正返回的只有最后一个)

function first(){
   console.log("调用1");
   return "first";
}
let second = function(){
   console.log("调用2");
   return "second";
}
function _tokenValue(v){
   let _token= v.join("-");
   return first(),
       second(),
       _token;
}
console.log(_tokenValue([56,78,33]));
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

多行return-2 (返回依旧是最后一个)

function first(){
   console.log("调用1");
   return "first";
}
let second = function(){
   console.log("调用2");
   return "second";
}
function _tokenValue(v){
   let _token= v.join("-");
   return first(),
       _token,
       second();
}
console.log(_tokenValue([56,78,33]));
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

代码混淆

十六进制混淆

let objects = {
   "\x66\x69\x6c\x74\x65\x72": function(){
       return "\x6c\x74\x65";
   }
}
1
2
3
4
5

Unicode 混淆

let objects = {
   "\u0073\u0069\u0067\u006e\u0056": function(){
       return "ENG987KJS732njH7273NH23";
   }
}
1
2
3
4
5

数组混淆：将字符串存放到数组中，通过下标访问

let vales = ["sign","publicKey","Base64","encrypt","toString","decode","atob","btoa"];
let url = "http://www.null119.cn"
vales[0] ="SI209U+230D86+7NB=";
let full = url+"?"+vales[0]+"_";
console.log(vales[0]);
console.log(full);
1
2
3
4
5
6

变量名硬混淆

let _sh78x6 = ["sign","publicKey","Base64","encrypt","toString","decode","atob","btoa"];
let _ac87x5 = "http://www.null119.cn"
_sh78x6[0] ="SI209U+230D86+7NB=";
let _sh87x6 = _ac87x5+"?"+_sh78x6[0]+"_";
console.log(_sh78x6[0]);
console.log(_sh87x6);
 
1
2
3
4
5
6
7

数组+十六进制+Unicode+变量名硬混淆
```
...
1
```

XHR 和 Ajax请求方式

Ajax

$.ajax({
   //构造请求头
   url: loginurl + "?uuid=" + uuid +"&r=" + Math.random(),
   type: 'POST',
   dataType: "text",
   contentType: "application/x-www-form-urlencoded; charset=utf-8",
   data: {
       uuid:$('#uuid').val()
   },
   error: function(){
       //错误触发
   },
   success: function(result){
       //成功返回响应正文时触发
   }
});
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

XHR (XMLHttpRequest)

function SendXHR(){
   var xhr = new XMLHttpRequest();    //实例化xhr对象
   xhr.open('GET','http://www.null119.cn/index.html?p=123') //设置发送方法、URL
   xhr.send(null);//发送数据
   xhr.onreadystatechange = function(){    //回调函数，拿到数据后执行相关操作
       if (xhr.readyState==4){
           console.log(xhr.responseText);
       }
   };
}
1
2
3
4
5
6
7
8
9
10

逆向中偶有，Hook常用

apply : 重定义指定对象，参数用数组传递

let person = {
   fullInfo: function(city,country){
       return this.name + "-" + this.age +"-"+country+"-"+city;
   }
}
let person1 = {
   name:"Jor",
   age:"25"
}
console.log(person.fullInfo.apply(person1,["Oslo","Norway"]));
1
2
3
4
5
6
7
8
9
10

call : 重定义指定对象，可以直接传参数

let person = {
   fullInfo: function(city,country){
       return this.name + "-" + this.age +"-"+country+"-"+city;
   }
}
let person1 = {
   name:"Jor",
   age:"25"
}
console.log(person.fullInfo.call(person1,"Oslo","Norway"));
1
2
3
4
5
6
7
8
9
10

AES

window = this;
navigator = {};

const JSEncrypt = require("jsencrypt")
const value = "123456781";
const key="......"

let encrypt = new JSEncrypt.JSEncrypt();
encrypt.setPublicKey(key)
let res = encrypt.encrypt(value);
console.log(res)
1
2
3
4
5
6
7
8
9
10
11

RSA

const NodeRSA = require("node-rsa");
const key = new NodeRSA({b:512});

const text='hello RSA';
const encrypted = key.encrypt(text,'base64');
const decrypted = key.decrypt(encrypted,'utf8');

console.log('encryted:',encrypted);
console.log('decryted:',decrypted);
1
2
3
4
5
6
7
8
9

CryptoJS 加密库

AES

const CryptoJS = require("crypto-js");

let value = '123456'  //待加密字符串
let secret_value = 'af25-87hk=a35v-5';  //密钥16位
let iv_value = 'af25-87hk=a35v-5';  //初始向量IV 16位

//密钥和向量处理
let secret = CryptoJS.enc.Utf8.parse(secret_value);
let iv = CryptoJS.enc.Utf8.parse(iv_value);

//加密
let encrypted = CryptoJS.AES.encrypt(value,secret,{
  iv: iv,
  //加密模式: CBC,CFB,CTR,ECB,OFB  默认CBC
  mode: CryptoJS.mode.CBC,
  //填充模式: Pkcs7,Pkcs5
  padding: CryptoJS.pad.Pkcs7
});

//加密结果转字符串
encrypted = encrypted.toString();

//解密，传入密文、密钥、向量并设置加密与填充模式
let decrypted = CryptoJS.AES.decrypt(encrypted,secret,{
  iv: iv,
  mode:CryptoJS.mode.CBC,
  padding: CryptoJS.pad.Pkcs7
});

//解密结果转字符串
decrypted = CryptoJS.enc.Utf8.stringify(decrypted);

//打印明文、密文、解密结果
console.log(value);
console.log(encrypted);
console.log(decrypted);
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36

Base64

const CryptoJS = require("crypto-js");

//编码
let value = "http//www.nul119.cn";
let trans = CryptoJS.enc.Utf8.parse(value);
let encrypted = CryptoJS.enc.Base64.stringify(trans);

//解码
let trans_encrypted= CryptoJS.enc.Base64.parse(encrypted);
let decrypted = trans_encrypted.toString(CryptoJS.enc.Utf8);

//打印明文、编码结果、解码结果
console.log(value);
console.log(encrypted);
console.log(decrypted);
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

MD5

const CryptoJS = require("crypto-js");

let value="Message";
let encrypted = CryptoJS.MD5(value);
console.log(encrypted.toString());
1
2
3
4
5

SHA

const CryptoJS = require("crypto-js");

let value="message";

//加密可切换 SHA1/SHA224/SHA256/SHA384/SHA512
let hash = CryptoJS.SHA256(value);

console.log(value);
console.log(hash.toString()) //结果与CryptoJS.enc.Hex相同
console.log(hash.toString(CryptoJS.enc.Hex));
console.log(hash.toString(CryptoJS.enc.Base64));
1
2
3
4
5
6
7
8
9
10
11

相关阅读:
Python 利用pandas 和 matplotlib绘制柱状图
 MeterSphere压测，出现HttpHostConnectException
如何实现LIN多通道测试
 什么是多进程-多线程-多协程 ----进程和多线程
 实现单点登录的方式
 properties文件
 DC50V/1.5A高调光比降压恒流LED驱动芯片SL6115兼容PT4115E
【idea】win 10 / win 11：idea 、Alibaba Dragonwell 11、maven、git 下载与安装
 朗强：紧跟时代步伐！HDMI分布式矩阵可以通过手机来控制！
基于SSM的高校社团管理系统
原文地址：https://blog.csdn.net/huangbangqing12/article/details/127793557