• 周六. 8月 20th, 2022

5G编程聚合网

5G时代下一个聚合的编程学习网

热门标签

ast 对象还原

admin

11月 28, 2021

https://www.cnblogs.com/hanyanling/p/13472711.html

const fs = require('fs');
const { parse } = require("@babel/parser");
const traverse = require("@babel/traverse").default;
const t = require("@babel/types");
const generator = require("@babel/generator").default;



let jscode = `var angdh = {
    "YJJox": "object",
    "sbTga": function (b, c) {
      return b | c;
    },
    "iwvEK": function (b, c) {
      return b << c;
    },
    "HqkiD": function (b, c) {
      return b(c);
    }
  };
  b = angdh["iwvEK"](1, 3), c = angdh["sbTga"](111, 222), d = angdh["YJJox"], e = angdh["HqkiD"](String.fromCharCode, 49);`

let ast = parse(jscode);

const visitor =
{
    VariableDeclarator(path) {
        const { id, init } = path.node;

        //特征判断,对象为空则不处理
        if (!t.isObjectExpression(init) || init.properties.length == 0) return;

        let name = id.name;
        let scope = path.scope;

        for (const property of init.properties) {//遍历key、value
            let key = property.key.value;
            let value = property.value;

            //一般ob混淆,key长度都是5,也有是3的,大家调整即可。
            if (key.length !== 5) return;

            //如果是字面量
            if (t.isLiteral(value)) {
                scope.traverse(scope.block, {
                    //遍历MemberExpression,找出与key相同的表达式
                    MemberExpression(_path) {
                        let _node = _path.node;
                        if (!t.isIdentifier(_node.object, { name: name })) return;
                        if (!t.isLiteral(_node.property, { value: key })) return;
                        _path.replaceWith(value);
                    },
                })
            }
            //如果是函数表达式
            else if (t.isFunctionExpression(value)) {
                let ret_state = value.body.body[0];

                //特征判断,如果不是return表达式
                if (!t.isReturnStatement(ret_state)) continue;

                scope.traverse(scope.block, {
                    CallExpression: function (_path) {

                        //遍历CallExpression
                        let { callee, arguments } = _path.node;
                        if (!t.isMemberExpression(callee)) return;
                        if (!t.isIdentifier(callee.object, { name: name })) return;
                        if (!t.isLiteral(callee.property, { value: key })) return;
                        if (t.isCallExpression(ret_state.argument) && arguments.length > 0) {

                            //构造节点
                            _path.replaceWith(t.CallExpression(arguments[0], arguments.slice(1)));
                        } else if (t.isBinaryExpression(ret_state.argument) && arguments.length === 2) {

                            //构造节点
                            let replace_node = t.BinaryExpression(ret_state.argument.operator, arguments[0], arguments[1]);
                            _path.replaceWith(replace_node);
                        } else if (t.isLogicalExpression(ret_state.argument) && arguments.length === 2) {

                            //构造节点
                            let replace_node = t.LogicalExpression(ret_state.argument.operator, arguments[0], arguments[1]);
                            _path.replaceWith(replace_node);
                        }
                    }
                })
            }
        }
    },
}




traverse(ast, visitor);
let { code } = generator(ast);

// console.log(code);

fs.writeFile('decode.js', code, (err) => { });

发表回复

您的电子邮箱地址不会被公开。