热门标签
热门文章
- 1Koa:下一代Node.js应用框架的选择
- 2【C&C++】C程序内存布局_text data bss dec hex
- 3进阶--AI绘画里你必须要直到的controlnet模型使用方法
- 4mac通过brew安装nvm_source $(brew --prefix nvm)/nvm.sh
- 5墨者——内部文件上传系统漏洞分析溯源 内部文件上传系统漏洞分析溯源_墨者内部文件上传
- 6chatgpt 正面案例 2018-11-13T20:20:39+00:00 后面的 +00:00 代表什么意思
- 72024最佳5 个矢量数据库
- 8宇视摄像头ip搜索软件_实战演示安卓木马程序监控手机摄像头
- 920230109测试ToyBrick的RK3588开发板运行Buildroot的V20220811版本_unrecognized jedec id:00,00,00
- 10ArrayList和LinkedList、Vector的区别_arraylist和linkedlist和vector的区别
当前位置: article > 正文
JS逆向基础知识个人总结_js 逆向基础只是
作者:笔触狂放9 | 2024-04-09 10:09:30
赞
踩
js 逆向基础只是
函数相关
函数自动执行-1
(function auto(){ console.log("自动执行"); })();
- 1
- 2
- 3
函数自动执行-2
$(function auto(){ console.log("自动执行"); })
- 1
- 2
- 3
函数调用
function second(){ console.log(first()); } function first(){ return "hi there."; }
- 1
- 2
- 3
- 4
- 5
- 6
- 7
函数的定义-1
function say(){ return "定义函数"; }
- 1
- 2
- 3
函数的定义-2
var say = function(){ return "定义函数"; }
- 1
- 2
- 3
函数的定义-3
var obj = { "say":function(){ return "对象内的成员"; } };
- 1
- 2
- 3
- 4
- 5
Base64 编码函数
内置base64编码函数 btoa,output : aGVsbG8=
let value = 'hello'; console.log(btoa(value));
- 1
- 2
内置base64解码函数 atob,output : hello
let value = 'aGVsbG8='; console.log(atob(value));
- 1
- 2
第三方库实现(CryptoJS)
const CryptoJS = require("crypto-js"); let value="hello"; let trans=CryptoJS.enc.Utf8.parse(value); let encrypted=CryptoJS.enc.Base64.stringify(trans); console.log(encrypted)
- 1
- 2
- 3
- 4
- 5
自己编写base64编码算法和解码算法
function Base64(){ this.encode = function(val){ //编码逻辑 return val } this.decode = function(val){ //解码逻辑 return val } } encrypt = new Base64(); console.log(encrypt.encode("encode"));
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
JSON 对象
将对象转换为字符串
var params={ "username":"null119", "password":"123456" } console.log(JSON.stringify(params));
- 1
- 2
- 3
- 4
- 5
将字符串转换为JSON对象
var params='{"username":"null119","password":"123456"}'; console.log(JSON.parse(parms));
- 1
- 2
Array 数组基本操作
定义一个空数组-1
let mousePos=[];
- 1
定义一个空数组-2
let mousePos=new Array();
- 1
向数组添加元素
mousePos.push([100,50,200]); console.log(mousePos);
- 1
- 2
删除并返回一个元素
console.log(mousePos.pop());
- 1
数组转字符串-1
let mousePos = new Array(); mousePos.push([100,50,123]); console.log(mousePos.join(";"));
- 1
- 2
- 3
数组转字符串-2
let mousePos = new Array(); mousePos.push([100,50,123]); console.log(mousePos.toString());
- 1
- 2
- 3
字符和Unicode编码值互转
编码转字符
let value=String.fromCharCode(72,69,76,76,79); //HELLO console.log(value);
- 1
- 2
字符转编码
let value='h'; console.log(value.charCodeAt());
- 1
- 2
toString 函数
对象转字符串
let param=[5,6,8]; console.log(param.toString());
- 1
- 2
字符转二进制
let value=6; console.log(value.toString(2));
- 1
- 2
字符转十六进制
let value=6; console.log(value.toString(16));
- 1
- 2
布尔值转字符串
let value=false; console.log(value.toString());
- 1
- 2
判断类型
let arr=[1,2,3]; console.log(toString.call(arr));
- 1
- 2
Val取值和设置值
设置对象的值
<html> <head> <script type="text/javascript" src="/jquery/jquery.js"></script> <script type="text/javascript"> $(document).ready(function(){ $("button").click(function(){ $(":text").val("hello"); }); }); </script> </head> <body> <p>Name:<input type="text" name="user" value="Hello world" /></p> <button>改变文本域值</button> </body> </html>
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
返回对象的值
<html> <head> <script type="text/javascript" src="/jquery/jquery.js"></script> <script type="text/javascript"> $(document).ready(function(){ $("button").click(function(){ alert($("input:text").val()); }); }); </script> </head> <body> FirstName:<input type="text" name="fname" value="Bill" /><br/> LastName:<input type="text" name="lname" value="Gates" /><br/> <button>获得第一个文本域的值</button> </body> </html>
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
return也是有语法的
单行return
function _tokenValue(v){ //..... let _token= v.join("-"); return _token } console.log(_tokenValue([56,78,33]));
- 1
- 2
- 3
- 4
- 5
- 6
多行return-1 (return处给了多个值,但真正返回的只有最后一个)
function first(){ console.log("调用1"); return "first"; } let second = function(){ console.log("调用2"); return "second"; } function _tokenValue(v){ let _token= v.join("-"); return first(), second(), _token; } console.log(_tokenValue([56,78,33]));
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
多行return-2 (返回依旧是最后一个)
function first(){ console.log("调用1"); return "first"; } let second = function(){ console.log("调用2"); return "second"; } function _tokenValue(v){ let _token= v.join("-"); return first(), _token, second(); } console.log(_tokenValue([56,78,33]));
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
代码混淆
十六进制混淆
let objects = { "\x66\x69\x6c\x74\x65\x72": function(){ return "\x6c\x74\x65"; } }
- 1
- 2
- 3
- 4
- 5
Unicode 混淆
let objects = { "\u0073\u0069\u0067\u006e\u0056": function(){ return "ENG987KJS732njH7273NH23"; } }
- 1
- 2
- 3
- 4
- 5
数组混淆:将字符串存放到数组中,通过下标访问
let vales = ["sign","publicKey","Base64","encrypt","toString","decode","atob","btoa"]; let url = "http://www.null119.cn" vales[0] ="SI209U+230D86+7NB="; let full = url+"?"+vales[0]+"_"; console.log(vales[0]); console.log(full);
- 1
- 2
- 3
- 4
- 5
- 6
变量名硬混淆
let _sh78x6 = ["sign","publicKey","Base64","encrypt","toString","decode","atob","btoa"]; let _ac87x5 = "http://www.null119.cn" _sh78x6[0] ="SI209U+230D86+7NB="; let _sh87x6 = _ac87x5+"?"+_sh78x6[0]+"_"; console.log(_sh78x6[0]); console.log(_sh87x6);
- 1
- 2
- 3
- 4
- 5
- 6
- 7
数组+十六进制+Unicode+变量名硬混淆
...
- 1
XHR 和 Ajax请求方式
Ajax
$.ajax({ //构造请求头 url: loginurl + "?uuid=" + uuid +"&r=" + Math.random(), type: 'POST', dataType: "text", contentType: "application/x-www-form-urlencoded; charset=utf-8", data: { uuid:$('#uuid').val() }, error: function(){ //错误触发 }, success: function(result){ //成功返回响应正文时触发 } });
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
XHR (XMLHttpRequest)
function SendXHR(){ var xhr = new XMLHttpRequest(); //实例化xhr对象 xhr.open('GET','http://www.null119.cn/index.html?p=123') //设置发送方法、URL xhr.send(null);//发送数据 xhr.onreadystatechange = function(){ //回调函数,拿到数据后执行相关操作 if (xhr.readyState==4){ console.log(xhr.responseText); } }; }
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
逆向中偶有,Hook常用
apply : 重定义指定对象,参数用数组传递
let person = { fullInfo: function(city,country){ return this.name + "-" + this.age +"-"+country+"-"+city; } } let person1 = { name:"Jor", age:"25" } console.log(person.fullInfo.apply(person1,["Oslo","Norway"]));
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
call : 重定义指定对象,可以直接传参数
let person = { fullInfo: function(city,country){ return this.name + "-" + this.age +"-"+country+"-"+city; } } let person1 = { name:"Jor", age:"25" } console.log(person.fullInfo.call(person1,"Oslo","Norway"));
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
AES
window = this; navigator = {}; const JSEncrypt = require("jsencrypt") const value = "123456781"; const key="......" let encrypt = new JSEncrypt.JSEncrypt(); encrypt.setPublicKey(key) let res = encrypt.encrypt(value); console.log(res)
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
RSA
const NodeRSA = require("node-rsa"); const key = new NodeRSA({b:512}); const text='hello RSA'; const encrypted = key.encrypt(text,'base64'); const decrypted = key.decrypt(encrypted,'utf8'); console.log('encryted:',encrypted); console.log('decryted:',decrypted);
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
CryptoJS 加密库
AES
const CryptoJS = require("crypto-js"); let value = '123456' //待加密字符串 let secret_value = 'af25-87hk=a35v-5'; //密钥16位 let iv_value = 'af25-87hk=a35v-5'; //初始向量IV 16位 //密钥和向量处理 let secret = CryptoJS.enc.Utf8.parse(secret_value); let iv = CryptoJS.enc.Utf8.parse(iv_value); //加密 let encrypted = CryptoJS.AES.encrypt(value,secret,{ iv: iv, //加密模式: CBC,CFB,CTR,ECB,OFB 默认CBC mode: CryptoJS.mode.CBC, //填充模式: Pkcs7,Pkcs5 padding: CryptoJS.pad.Pkcs7 }); //加密结果转字符串 encrypted = encrypted.toString(); //解密,传入密文、密钥、向量并设置加密与填充模式 let decrypted = CryptoJS.AES.decrypt(encrypted,secret,{ iv: iv, mode:CryptoJS.mode.CBC, padding: CryptoJS.pad.Pkcs7 }); //解密结果转字符串 decrypted = CryptoJS.enc.Utf8.stringify(decrypted); //打印明文、密文、解密结果 console.log(value); console.log(encrypted); console.log(decrypted);
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
Base64
const CryptoJS = require("crypto-js"); //编码 let value = "http//www.nul119.cn"; let trans = CryptoJS.enc.Utf8.parse(value); let encrypted = CryptoJS.enc.Base64.stringify(trans); //解码 let trans_encrypted= CryptoJS.enc.Base64.parse(encrypted); let decrypted = trans_encrypted.toString(CryptoJS.enc.Utf8); //打印明文、编码结果、解码结果 console.log(value); console.log(encrypted); console.log(decrypted);
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
MD5
const CryptoJS = require("crypto-js"); let value="Message"; let encrypted = CryptoJS.MD5(value); console.log(encrypted.toString());
- 1
- 2
- 3
- 4
- 5
SHA
const CryptoJS = require("crypto-js"); let value="message"; //加密可切换 SHA1/SHA224/SHA256/SHA384/SHA512 let hash = CryptoJS.SHA256(value); console.log(value); console.log(hash.toString()) //结果与CryptoJS.enc.Hex相同 console.log(hash.toString(CryptoJS.enc.Hex)); console.log(hash.toString(CryptoJS.enc.Base64));
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/笔触狂放9/article/detail/391993
推荐阅读
相关标签
