侧边栏壁纸
博主头像
BeiFeng博主等级

  • 累计撰写 10 篇文章
  • 累计创建 6 个标签
  • 累计收到 0 条评论

目 录CONTENT

文章目录
学习笔记

AST小记

BeiFeng
BeiFeng
2024-04-03 / 0 评论 / 3 点赞 / 18 阅读 / 6851 字

AST用到的网址

  1. AST explorer
  2. babeljs
  3. obfuscator

安装babel包

npm  install @babel/parser	js解析成语法树
npm  install @babel/generator	语法树转为js
npm  install @babel/traverse	循环组件

小试牛刀

let parse = require("@babel/parser").parse;  
let generator = require("@babel/generator").default  
  
let ast = parse("var a=1;")  
 
ast.program.body[0].kind = "let"  
ast.program.body[0].declarations[0].id.name = "b"  
ast.program.body[0].declarations[0].init.value = 10  
  
let out_code = generator(ast).code  
console.log(out_code)

##输出
let b = 10;

解析字符串

let parse = require("@babel/parser").parse;  
let generator = require("@babel/generator").default  
let traverse = require("@babel/traverse").default;  
  
  
var js = "function hi(){console['\x6c\x6f\x67']('\x48\x65\x6c\x6c\x6f\x20\x57\x6f\x72\x6c\x64\x21')};hi();"  
var ast = parse(js)  
  
decodeReplace = {  
    StringLiteral(path){  
        console.log(path.toString())  
        path.node.extra.raw = ast.value  
  }  
}  
  
traverse(ast, decodeReplace)  
  
let out_code = generator(ast).code  
console.log(out_code)

####输出结果
##path.toString()输出
'log'
'Hello World!'

###out_code结果
function hi() {
  console["log"]("Hello World!");
}
;
hi();

解ob混淆

###js代码

(function (_0x1417a6, _0x1c1a1e) {  
    var _0x27b6c2 = _0x58e4, _0x47cdf6 = _0x1417a6();  
 while (!![]) {  
        try {  
            var _0x30f457 = parseInt(_0x27b6c2(0x130)) / 0x1 + -parseInt(_0x27b6c2(0x12c)) / 0x2 * (parseInt(_0x27b6c2(0x133)) / 0x3) + -parseInt(_0x27b6c2(0x134)) / 0x4 + parseInt(_0x27b6c2(0x12f)) / 0x5 + -parseInt(_0x27b6c2(0x12e)) / 0x6 * (parseInt(_0x27b6c2(0x135)) / 0x7) + parseInt(_0x27b6c2(0x131)) / 0x8 + -parseInt(_0x27b6c2(0x12d)) / 0x9;  
 if (_0x30f457 === _0x1c1a1e) break; else _0x47cdf6['push'](_0x47cdf6['shift']());  
  } catch (_0xa41774) {  
            _0x47cdf6['push'](_0x47cdf6['shift']());  
  }  
    }  
}(_0x41ec, 0x6fd59));  
  
function _0x41ec() {  
    var _0x54b765 = ['6JYeGDW', '1536748dNCuCz', '78344OYgSLl', '59714xTsrYF', '3482055bBWHeq', '30vjvvdD', '1442130utuPMm', '330532ZJINSM', '5806968XxVEin', 'log'];  
  _0x41ec = function () {  
        return _0x54b765;  
  };  
 return _0x41ec();  
}  
  
function _0x58e4(_0x2d92bd, _0x2efbb2) {  
    var _0x41ecda = _0x41ec();  
 return _0x58e4 = function (_0x58e4d6, _0x5746be) {  
        _0x58e4d6 = _0x58e4d6 - 0x12c;  
 var _0x182c34 = _0x41ecda[_0x58e4d6];  
 return _0x182c34;  
  }, _0x58e4(_0x2d92bd, _0x2efbb2);  
}

function hi() {  
 var _0x438dc0 = _0x58e4, a = 0; console[_0x438dc0(0x132)]('Hello\x20World!');  
}  
  
hi();

###ast解混淆代码

let parse = require("@babel/parser").parse;  
let generator = require("@babel/generator").default  
let traverse = require("@babel/traverse").default;  
  
  
(function (_0x1417a6, _0x1c1a1e) {  
    var _0x27b6c2 = _0x58e4, _0x47cdf6 = _0x1417a6();  
 while (!![]) {  
        try {  
            var _0x30f457 = parseInt(_0x27b6c2(0x130)) / 0x1 + -parseInt(_0x27b6c2(0x12c)) / 0x2 * (parseInt(_0x27b6c2(0x133)) / 0x3) + -parseInt(_0x27b6c2(0x134)) / 0x4 + parseInt(_0x27b6c2(0x12f)) / 0x5 + -parseInt(_0x27b6c2(0x12e)) / 0x6 * (parseInt(_0x27b6c2(0x135)) / 0x7) + parseInt(_0x27b6c2(0x131)) / 0x8 + -parseInt(_0x27b6c2(0x12d)) / 0x9;  
 if (_0x30f457 === _0x1c1a1e) break; else _0x47cdf6['push'](_0x47cdf6['shift']());  
  } catch (_0xa41774) {  
            _0x47cdf6['push'](_0x47cdf6['shift']());  
  }  
    }  
}(_0x41ec, 0x6fd59));  
  
function _0x41ec() {  
    var _0x54b765 = ['6JYeGDW', '1536748dNCuCz', '78344OYgSLl', '59714xTsrYF', '3482055bBWHeq', '30vjvvdD', '1442130utuPMm', '330532ZJINSM', '5806968XxVEin', 'log'];  
  _0x41ec = function () {  
        return _0x54b765;  
  };  
 return _0x41ec();  
}  
  
function _0x58e4(_0x2d92bd, _0x2efbb2) {  
    var _0x41ecda = _0x41ec();  
 return _0x58e4 = function (_0x58e4d6, _0x5746be) {  
        _0x58e4d6 = _0x58e4d6 - 0x12c;  
 var _0x182c34 = _0x41ecda[_0x58e4d6];  
 return _0x182c34;  
  }, _0x58e4(_0x2d92bd, _0x2efbb2);  
}  
  
  
var ast = parse(`function hi() {  
 var _0x438dc0 = _0x58e4, a = 0; console[_0x438dc0(0x132)]('Hello\x20World!');  
}  
  
hi();`)  
var_dict = {},  
decodeReplace = {  
    VariableDeclarator(path){  
        var node = path.node  
  var id_name = path.node.id.name  
  var init_name = path.node.init.name  
        var_dict[id_name] = init_name  
        if(init_name){  
            path.remove()  
        }  
    },  
  CallExpression(path){  
        var node = path.node  
  var call_name = node.callee.name  
  if (call_name in var_dict) {  
            console.log(path.toString(), '========>', eval(var_dict[call_name] + "(path.node.arguments[0].value)"))  
            path.replaceWith({  
                type: 'StringLiteral',  
  value: eval(var_dict[call_name] + "(path.node.arguments[0].value)")  
            })  
        }  
    }  
}  
  
traverse(ast, decodeReplace)  
  
let out_code = generator(ast).code  
eval(out_code)  
console.log(out_code)

###输出结果
_0x438dc0(0x132) ========> log
Hello World!
function hi() {
  var a = 0;
  console["log"]('Hello World!');
}
hi();
3
AST
版权归属: BeiFeng
本文链接: https://www.beifeng.asia/archives/1712073600
许可协议: 本文使用《署名-非商业性使用-相同方式共享 4.0 国际 (CC BY-NC-SA 4.0)》协议授权

评论区