教你開發一個JS代碼加密工具
作者:JShaman.com w2sft
本文,教你開發一個JS代碼加密工具。
工具可實作:把正常的JS代碼,轉化為加密代碼,并且加密後的JS代碼能直接運作。
效果展示
加密前的JS代碼:
function get_copyright(){
var domain = "jshaman.com";
var from_year = 2017;
var copyright = "(c)" + from_year + "-" + (new Date).getFullYear() + "," + domain;
return copyright;
}
console.log(get_copyright());
代碼運作輸出:
加密後的代碼:
此代碼可複制并在JS環境中運作,如浏覽器控制台。
var b=['function','get_copyright(){','var','domain','\x22jshaman.com\x22;','from_year','2017;','copyright','\x22(c)\x22','\x22-\x22','(new','Date).getFullYear()','\x22,\x22','domain;','return','copyright;','console.log(get_copyright());'];
var i=[0x866cb^0x866cb,0x32d88^0x32d89,0x4e909^0x4e90b,0x89f22^0x89f21,0x4a5c5^0x4a5c0,0xd9943^0xd9944,0xe9b87^0xe9b8e,0x27fa7^0x27fac,0x8f43c^0x8f431,0x280a0^0x280b1,0x78277^0x78264,0x14,0x16,0x18,0x83ff5^0x83fd2,0x28,0x3eaff^0x3ead5];
var c='\x0a_[0]\x20_[1]\x0a_[2]\x20_[3]\x20=\x20_[5]\x0a_[2]\x20_[7]\x20=\x20_[9]\x0a_[2]\x20_[11]\x20=\x20_[13]\x20+\x20_[7]\x20+\x20_[17]\x20+\x20_[19]\x20_[20]\x20+\x20_[22]\x20+\x20_[24]\x0a_[11]\x20=\x20_[13]\x20+\x20_[7]\x20+\x20_[17]\x20+\x20_[19]\x20_[20]\x20+\x20_[22]\x20+\x20_[24]\x0a_[39]\x20_[40]\x0a}\x0a_[42]\x0a';for(j=0x0;j<b['length'];j++){c=c['replace'](new RegExp('_\x5c['+i[j]+'\x5c]','g'),b[j]['replace']('`','')['replace']('`',''));}
[]['constructor']['constructor'](c)();
加密後的代碼運作輸出:
加密後代碼運作正常,且輸出結果與加密前相同。
加密原理
本文設計的JS代碼加密工具,原理較為簡單:
将JS代碼以空格進行分隔,提取出各個代碼塊放到數組中,并用數組名替換代碼。
替換之後,代碼可能形似:
_[0] _[1]
_[2] _[3] = _[5]
_[2] _[7] = _[9]
_[2] _[11] = _[13] + _[7] + _[17] + _[19] _[20] + _[22] + _[24]
_[11] = _[13] + _[7] + _[17] + _[19] _[20] + _[22] + _[24]
_[39] _[40]
在運作前,進行自解密,以還原為原始代碼。
程式設計實作
直接上源碼,代碼中含注釋,對關鍵處有詳細說明:
//要加密的JS代碼
var js_code =`
function get_copyright(){
var domain = "jshaman.com";
var from_year = 2017;
var copyright = "(c)" + from_year + "-" + (new Date).getFullYear() + "," + domain;
copyright = "(c)" + from_year + "-" + (new Date).getFullYear() + "," + domain;
return copyright;
}
console.log(get_copyright());
`;
//把代碼以空格分割,放入數組
var str_arr = js_code.trim().split(/\s+/);
var str_obj = {};
var min_str_arr = [];
var min_str_arr_index = [];
var index = 0;
//周遊代碼數組
for(i=0; i<str_arr.length; i++){
//長度大于3的數組内容
if(str_arr[i].length >= 3){
像中是否存在,用對像不用數組是因為效率更高
if(str_obj[str_arr[i]] == null){
index = i;
str_obj[str_arr[i]] = i;
//縮小的數組
min_str_arr.push("`" + str_arr[i] + "`");
//縮小的數組索引,解密用
min_str_arr_index.push(index);
}else{
//索引,解密用
index = str_obj[str_arr[i]];
}
//将代碼進行替換加密
js_code = js_code.replace(str_arr[i],"_["+ index +"]");
}
}
/*
//還原
for(i=0; i<min_str_arr.length; i++){
js_code = js_code.replace(new RegExp("b\\["+min_str_arr_index[i]+"\\]","g"), min_str_arr[i].replace("`","").replace("`",""));
}
*/
//代碼數組
var b = "var b= [" + min_str_arr + "];";
//代碼數組索引
var i = "var i= [" + min_str_arr_index + "];";
//加密的代碼
var c = "var c= `" + js_code + "`";
//解密并執行代碼
var d = `
for(j=0; j<b.length; j++){
c = c.replace(new RegExp("_\\\\["+i[j]+"\\\\]","g"), b[j].replace("\`","").replace("\`",""));
}
[].constructor.constructor(c)();
`;
//組合,使可以自動執行加密代碼
e = b+"\n"+i+"\n"+c+d;
console.log(e);
在Node.JS環境中運作,可直接輸出加密代碼如下:
var b= [`function`,`get_copyright(){`,`var`,`domain`,`"jshaman.com";`,`from_year`,`2017;`,`copyright`,`"(c)"`,`"-"`,`(new`,`Date).getFullYear()`,`","`,`domain;`,`return`,`copyright;`,`console.log(get_copyright());`];
var i= [0,1,2,3,5,7,9,11,13,17,19,20,22,24,39,40,42];
var c= `
_[0] _[1]
_[2] _[3] = _[5]
_[2] _[7] = _[9]
_[2] _[11] = _[13] + _[7] + _[17] + _[19] _[20] + _[22] + _[24]
_[11] = _[13] + _[7] + _[17] + _[19] _[20] + _[22] + _[24]
_[39] _[40]
}
_[42]
`
for(j=0; j<b.length; j++){
c = c.replace(new RegExp("_\\["+i[j]+"\\]","g"), b[j].replace("`","").replace("`",""));
}
[].constructor.constructor(c)();
這時,與前文給出的加密代碼還有些差别。
将此代碼,經JShaman平台再進行一次混淆加密:
這個環節,是對數值、字元等再次進行加密。
即可得到最終的代碼:
本文技術及源碼,由JShaman團隊原創提供。JShaman是國内專業的混淆加密平台。