Skip to content

S
shein_login
Commit d53770d4 by yexing
Options

up

parent cbe58aaf
Showing with 0 additions and 380 deletions
jt/blackbox/dec.js deleted 100644 → 0
This source diff could not be displayed because it is too large. You can view the blob instead.
jt/blackbox/decAst.js deleted 100644 → 0
This source diff could not be displayed because it is too large. You can view the blob instead.
jt/rev/ast.js deleted 100644 → 0
// eslint-disable-next-line no-unused-vars
import { traverse, parse, types as t, template } from "@babel/core";
import { generate } from "@babel/generator";
import fs from "fs";
// //static.tongdun.net/us/fm.js?t= (new Date().getTime() / 3600000).toFixed(0)
const jsCode = fs.readFileSync("jt/blackbox/dec.js") + '';
const stringMap = JSON.parse(fs.readFileSync("jt/blackbox/stringMap.json") + '');
const ast = parse(jsCode);
traverse(ast, {
"BinaryExpression": (path) => {
// console.log(path.toString());
const { confident, value } = path.evaluate();
if (confident && isFinite(value)) {
path.replaceWith(t.valueToNode(value));
}
},
"MemberExpression": (path) => {
// console.log(path.toString());
if (
t.isIdentifier(path.node.object, { name: "ZE" })
&& t.isNumericLiteral(path.node.property)
) {
const value = stringMap[path.node.property.value];
const ppath = path.parentPath;
if (ppath.isMemberExpression()
&& path.key === "property"
&& !(/\.|^\d/.test(value))
) {
path.replaceWith(t.identifier(value));
ppath.node.computed = false;
} else {
path.replaceWith(t.stringLiteral(value));
}
}
},
});
traverse(ast, {
"WhileStatement": (path) => {
// console.log(path.toString());
const switchStmt = path.get("body.body.0");
if (!switchStmt.isSwitchStatement()) return;
const varDec = path.getPrevSibling();
const name = varDec.get("declarations.0.id").node.name;
varDec.remove();
// if (name === 'y') debugger;
const caseMap = new Map();
let test; // Ternary expression
for (const casePath of switchStmt.get("cases")) {
const testValue = casePath.node.test?.value;
const blockStmt = casePath.get("consequent.0");
blockStmt.traverse({
"AssignmentExpression": (ipath) => {
if (
t.isIdentifier(ipath.node.left, { name })
&& (t.isNumericLiteral(ipath.node.right)
|| t.isNumericLiteral(ipath.node.right?.consequent))
) {
test ??= ipath.get("right.test").node;
ipath.remove();
}
},
"BreakStatement": (ipath) => {
ipath.remove();
}
});
caseMap.set(testValue, blockStmt.node.body);
}
const value = Array.from(caseMap)
.sort(([a], [b]) => a - b)
.flatMap(([, node]) => node);
if (test) {
path.replaceWith(t.whileStatement(test, t.blockStatement(value)));
} else {
path.replaceWithMultiple(value);
}
}
});
const output = generate(ast).code;
fs.writeFileSync("js/blackbox/decAst.js", output);
jt/rev/debug.js deleted 100644 → 0
/* eslint-disable no-undef */
wasm = i.instance.exports;
memories = [wasm.memory]
viewDWORD = (addr) =>{
const arr = new Uint32Array(memories[0].buffer.slice(addr, addr + 16));
return arr;
};
viewChar = (addr, size = 16) =>{
const arr = new Uint8Array(memories[0].buffer.slice(addr, addr + size));
return String.fromCharCode.apply(null, arr);
};
viewHEX = (addr, size = 16) =>{
const arr = new Uint8Array(memories[0].buffer.slice(addr, addr + size));
return (Array.from(arr, x =>x.toString(16).padStart(2, '0')).join(' '));
};
viewHexCode = (addr, size = 16) =>{
const arr = new Uint8Array(memories[0].buffer.slice(addr, addr + size));
return (Array.from(arr, x =>'0x' + x.toString(16).padStart(2, '0')).join(', '));
};
dumpMemory = (addr, size = 16) =>{
const arr = new Uint8Array(memories[0].buffer.slice(addr, addr + size));
return arr;
};
viewString = (addr, size = 16) =>{
const arr = new Uint8Array(memories[0].buffer.slice(addr, addr + size));
let max = size;
for (let i = 0; i < size; i++) {
if (arr[i] === 0) {
max = i;
break;
}
}
return String.fromCharCode.apply(null, arr.slice(0, max));
};
search = function(stirng) {
const m = new Uint8Array(memories[0].buffer);
const k = Array.from(stirng, x =>x.charCodeAt());
const match = (j) =>{
return k.every((b, i) =>m[i + j] === b);
};
const max = Math.min(10_000_000, m.byteLength || m.length);
for (let i = 0; i < max; i++) {
if (match(i)) {
console.info(i);
}
}
console.info('done');
}
\ No newline at end of file
jt/rev/enc.js deleted 100644 → 0
// 浏览器环境
import JSEncrypt from "jsencrypt";
// eslint-disable-next-line no-unused-vars
const fnencrypt = (password) => {
const publicKey = '-----BEGIN PUBLIC KEY-----\n' + 'MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVgVY+s5P31zLTKrTc7Kk3F6Si\n' + 'BmeQpGY5+f4ldvj2lffvrwrh+PrERJY1JrsZbtASzzFzcyPw7eE8YNYff3KV5bVe\n' + 'gE49WtqDv84JWpvkp3QpsH2mW0ro74BF/dyAE6LYq29H2fYTTsxMH7Ey/cE41Nu1\n' + 'abQ6vV5WZiHPKHychQIDAQAB\n' + '-----END PUBLIC KEY-----';
const encryptor = new JSEncrypt();
encryptor.setPublicKey(publicKey);
const rsaPassWord = encryptor.encrypt(password);
return rsaPassWord;
}
jt/rev/hook.js deleted 100644 → 0
/* eslint-disable no-unused-vars */
/* eslint-disable no-global-assign */
/* eslint-disable no-debugger */
!(function(){
"use strict";
const hook_fmOpt = () => {
// const _success = window._fmOpt.success;
// window._fmOpt.success = function () {
// debugger;
// return _success.apply(this, arguments);
// }
const _fmOpt = window._fmOpt;
window._fmOpt = new Proxy(_fmOpt, {
set() {
debugger;
return Reflect.set(...arguments);
},
get() {
return Reflect.get(...arguments);
}
});
}
hook_fmOpt();
const hookEval = () => {
const _eval = window.eval;
window.eval = function () {
debugger;
return _eval.apply(this, arguments);
}
}
const hookFunction = () => {
const _constructor = Function.prototype.constructor;
Function.prototype.constructor = function () {
debugger;
return _constructor.apply(this, arguments);
}
const _Function = Function;
Function = function () {
debugger;
return _Function.apply(this, arguments);
}
Function.prototype = _Function.prototype;
}
})();
jt/rev/wj.js deleted 100644 → 0
import fs from "fs";
import wasm2js from "wasm2js";
function U(A) {
try {
var I = atob(A);
var g = I.length;
var B = new Uint8Array(g);
for (var Q = 0; Q < g; Q++) {
B[Q] = I.charCodeAt(Q);
}
return B.buffer;
} catch (A) {
console.error(A);
return null;
}
}
const extWasm = () => {
const cjsFp = "./js/wasm.cjs";
const wasmFp = "./jt/blackbox/dec.wasm";
const desFp = "./jt/blackbox/dec.js";
const jsCode = fs.readFileSync(desFp) + ''
const wasmCode = /AGFzbQEAAAABowE[A-Za-z0-9+_=/]+/g.exec(jsCode)[0];
fs.writeFileSync(wasmFp, Buffer.from(U(wasmCode)));
fs.writeFileSync(cjsFp, wasm2js(fs.readFileSync(wasmFp)));
}
extWasm();
jt/v8/cat.js deleted 100644 → 0
import { VM, VMScript } from "vm2";
import fs from "fs";
import { dirname } from "path";
import { fileURLToPath } from "url";
const __filename = fileURLToPath(import.meta.url);
const __dirname = dirname(__filename);
const jsCode = [`${__dirname}/proxy.js`, `${__dirname}/env.js`, `${__dirname}/../blackbox/dec.js`]
.map(x => fs.readFileSync(x))
.join("\r\n");
try {
const jsScript = new VMScript(jsCode, `${__dirname}/vm.js`);
const blackbox = new VM().run(jsScript);
console.log(blackbox);
} catch (e) {
console.trace(e);
}
\ No newline at end of file
jt/v8/env.js deleted 100644 → 0
/* eslint-disable no-unused-vars */
/* eslint-disable no-undef */
var window = dtavm.proxy(this, "window");
var document = dtavm.proxy({}, "document");
var navigator = dtavm.proxy({}, "navigator");
var location = dtavm.proxy({}, "location");
var localStorage = dtavm.proxy({}, "localStorage");
var sessionStorage = dtavm.proxy({}, "sessionStorage");
jt/v8/proxy.js deleted 100644 → 0
dtavm = {}
rawlog = console.log
dtavm.log = rawlog
delete rawlog
// 保护伪造函数toString
; (() => {
const $toString = Function.toString
const myFunction_toString_symbol = Symbol('('.concat('', ')_', (Math.random()) + '').toString(36))
const myToString = function () {
return typeof this === 'function' && this[myFunction_toString_symbol] || $toString.call(this)
}
function set_native(func, key, value) {
Object.defineProperty(func, key, {
enumerable: false,
configurable: true,
writable: true,
value: value
})
}
delete Function.prototype.toString
set_native(Function.prototype, "toString", myToString)
set_native(Function.prototype.toString, myFunction_toString_symbol, "function toString() { [native code] }")
globalThis.dtavm.func_set_native = (func, name) => {
//todo 系统函数没名字 native code
set_native(func, myFunction_toString_symbol, `function ${func.name || name || ''}() { [native code] }`)
}
}).call(this);
for (let key in Object.getOwnPropertyDescriptors(console)) {
if (typeof console[key] == "function") {
console[key] = function () { }
dtavm.func_set_native(console[key], key)
}
}
dtavm.proxy = function (obj, objname, type) {
function getMethodHandler(WatchName, target_obj) {
let methodhandler = {
apply(target, thisArg, argArray) {
if (this.target_obj) {
thisArg = this.target_obj
}
let result = Reflect.apply(target, thisArg, argArray)
if (target.name !== "toString") {
if (WatchName === "window.console") {
} else if (result instanceof Promise) {
result.then((data) => {
dtavm.log(`[${WatchName}] apply function name is [${target.name}], argArray is `, argArray, `result is `, data);
})
} else {
dtavm.log(`[${WatchName}] apply function name is [${target.name}], argArray is `, argArray, `result is `, result);
}
} else {
dtavm.log(`[${WatchName}] apply function name is [${target.name}], argArray is `, argArray, `result is `, result);
}
return result
},
construct(target, argArray, newTarget) {
var result = Reflect.construct(target, argArray, newTarget)
dtavm.log(`[${WatchName}] construct function name is [${target.name}], argArray is `, argArray, `result is `, result);
return result;
}
}
methodhandler.target_obj = target_obj
return methodhandler
}
function getObjhandler(WatchName) {
let handler = {
get(target, propKey, receiver) {
let result = target[propKey]
if (result instanceof Object) {
if (typeof result === "function") {
if (propKey !== "String") { // exclude
dtavm.log(`[${WatchName}] getting propKey is [`, propKey, `] , it is function`)
}
return new Proxy(result, getMethodHandler(WatchName, target))
}
else {
dtavm.log(`[${WatchName}] getting propKey is [`, propKey, `], result is [`, result, `]`);
}
return new Proxy(result, getObjhandler(`${WatchName}.${propKey}`))
}
if (typeof (propKey) !== "symbol") {
dtavm.log(`[${WatchName}] getting propKey is [`, propKey, `], result is [`, result, `]`);
}
return result;
},
set(target, propKey, value, receiver) {
if (value instanceof Object) {
dtavm.log(`[${WatchName}] setting propKey is [`, propKey, `], value is [`, value, `]`);
} else {
dtavm.log(`[${WatchName}] setting propKey is [`, propKey, `], value is [`, value, `]`);
}
try {
var result = Reflect.set(target, propKey, value, receiver);
return result;
} catch (e) {
// target[propKey] = value;
// return value;
}
},
has(target, propKey) {
var result = Reflect.has(target, propKey);
dtavm.log(`[${WatchName}] has propKey [`, propKey, `], result is [`, result, `]`)
return result;
},
deleteProperty(target, propKey) {
var result = Reflect.deleteProperty(target, propKey);
dtavm.log(`[${WatchName}] delete propKey [`, propKey, `], result is [`, result, `]`)
return result;
},
defineProperty(target, propKey, attributes) {
var result = Reflect.defineProperty(target, propKey, attributes);
dtavm.log(`[${WatchName}] defineProperty propKey [`, propKey, `] attributes is [`, attributes, `], result is [`, result, `]`)
return result
},
getPrototypeOf(target) {
var result = Reflect.getPrototypeOf(target)
dtavm.log(`[${WatchName}] getPrototypeOf result is [`, result, `]`)
return result;
},
setPrototypeOf(target, proto) {
dtavm.log(`[${WatchName}] setPrototypeOf proto is [`, proto, `]`)
return Reflect.setPrototypeOf(target, proto);
},
// preventExtensions(target) {
// dtavm.log(`[${WatchName}] preventExtensions`)
// return Reflect.preventExtensions(target);
// },
// isExtensible(target) {
// var result = Reflect.isExtensible(target)
// dtavm.log(`[${WatchName}] isExtensible, result is [`, result, `]`)
// return result;
// },
}
return handler;
}
if (type === "method") {
return new Proxy(obj, getMethodHandler(objname, obj));
}
return new Proxy(obj, getObjhandler(objname));
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment