演示代码如下,用JShaman对这段代码进行混淆加密:
function demo(){
alert("hello www.jshaman.com");
}
demo();
一、通用版
1、配置选项:压缩代码。
保护效果:
function demo(){alert('hellox20www.jshaman.com');}demo();
注:压缩代码会把多行代码去回车、换行等,压缩成一行。后续代码为展示效果,不启用此选项。
2、配置选项:平展控制流。
保护效果:
function demo() {
var _0x4a3b8e = {
'XmPVw': function (_0x1355fc, _0x5c2d37) {
return _0x1355fc(_0x5c2d37);
}
};
_0x4a3b8e['XmPVw'](alert, 'hellox20www.jshaman.com');
}
demo();
3、配置选项:平展控制流、字符串阵列化。
保护效果:
var _0x82e5 = [
'nwrbW4FdJX4jWOBdTCoAW6JcSxv3pgdcKCoNsM3cPq',
'W6pcM8kOd8ov'
];
var _0x4590 = function (_0x82e5ae, _0x45902b) {
_0x82e5ae = _0x82e5ae - 0x0;
var _0x587e12 = _0x82e5[_0x82e5ae];
if (_0x4590['XyqpMq'] === undefined) {
var _0x26da87 = function (_0x1e1ad6) {
var _0x274be3 = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=';
var _0xb0c2f9 = '';
for (var _0x1912d0 = 0x0, _0x5c2960, _0x22b5f1, _0x28e8bc = 0x0; _0x22b5f1 = _0x1e1ad6['charAt'](_0x28e8bc++); ~_0x22b5f1 && (_0x5c2960 = _0x1912d0 % 0x4 ? _0x5c2960 * 0x40 + _0x22b5f1 : _0x22b5f1, _0x1912d0++ % 0x4) ? _0xb0c2f9 += String['fromCharCode'](0xff & _0x5c2960 >> (-0x2 * _0x1912d0 & 0x6)) : 0x0) {
_0x22b5f1 = _0x274be3['indexOf'](_0x22b5f1);
}
return _0xb0c2f9;
};
var _0x16b0e0 = function (_0x609832, _0x5c0381) {
var _0x18fd8d = [], _0x32615e = 0x0, _0x582ade, _0x55fd07 = '', _0x1f72ed = '';
_0x609832 = _0x26da87(_0x609832);
for (var _0x314140 = 0x0, _0x5dadb9 = _0x609832['length']; _0x314140 < _0x5dadb9; _0x314140++) {
_0x1f72ed += '%' + ('00' + _0x609832['charCodeAt'](_0x314140)['toString'](0x10))['slice'](-0x2);
}
_0x609832 = decodeURIComponent(_0x1f72ed);
var _0x24999f;
for (_0x24999f = 0x0; _0x24999f < 0x100; _0x24999f++) {
_0x18fd8d[_0x24999f] = _0x24999f;
}
for (_0x24999f = 0x0; _0x24999f < 0x100; _0x24999f++) {
_0x32615e = (_0x32615e + _0x18fd8d[_0x24999f] + _0x5c0381['charCodeAt'](_0x24999f % _0x5c0381['length'])) % 0x100;
_0x582ade = _0x18fd8d[_0x24999f];
_0x18fd8d[_0x24999f] = _0x18fd8d[_0x32615e];
_0x18fd8d[_0x32615e] = _0x582ade;
}
_0x24999f = 0x0;
_0x32615e = 0x0;
for (var _0x10c19b = 0x0; _0x10c19b < _0x609832['length']; _0x10c19b++) {
_0x24999f = (_0x24999f + 0x1) % 0x100;
_0x32615e = (_0x32615e + _0x18fd8d[_0x24999f]) % 0x100;
_0x582ade = _0x18fd8d[_0x24999f];
_0x18fd8d[_0x24999f] = _0x18fd8d[_0x32615e];
_0x18fd8d[_0x32615e] = _0x582ade;
_0x55fd07 += String['fromCharCode'](_0x609832['charCodeAt'](_0x10c19b) ^ _0x18fd8d[(_0x18fd8d[_0x24999f] + _0x18fd8d[_0x32615e]) % 0x100]);
}
return _0x55fd07;
};
_0x4590['NSBhHr'] = _0x16b0e0;
_0x4590['voCAvk'] = {};
_0x4590['XyqpMq'] = !![];
}
var _0x5f28ea = _0x82e5[0x0];
var _0xd67353 = _0x82e5ae + _0x5f28ea;
var _0x2a62d8 = _0x4590['voCAvk'][_0xd67353];
if (_0x2a62d8 === undefined) {
if (_0x4590['MBnVai'] === undefined) {
_0x4590['MBnVai'] = !![];
}
_0x587e12 = _0x4590['NSBhHr'](_0x587e12, _0x45902b);
_0x4590['voCAvk'][_0xd67353] = _0x587e12;
} else {
_0x587e12 = _0x2a62d8;
}
return _0x587e12;
};
function demo() {
var _0x5dadb9 = function (_0x3dc225, _0x42a267, _0x13b98a, _0x11e5f6, _0x7b0b47) {
return _0x4590(_0x3dc225 - 0x2a8, _0x13b98a);
};
var _0x12dd82 = function (_0x2fb53e, _0x921459, _0x1bcee7, _0x3f69f3, _0x2f7a79) {
return _0x4590(_0x2fb53e - 0x2a8, _0x1bcee7);
};
var _0x18fd8d = { 'YswdY': _0x5dadb9(0x2a8, 0x2a9, '^oy&', 0x2a9, 0x2a7) };
alert(_0x18fd8d[_0x12dd82(0x2a9, 0x2aa, 'nOhI', 0x2aa, 0x2a9)]);
}
demo();
4、配置选项:平展控制流、字符串阵列化、字符串加密。
保护效果:
var _0x1d27 = ['AgvSBg8GD3D3lMPZAgfTyw4Uy29T'];
var _0x18ef = function (_0x1d27d2, _0x18ef77) {
_0x1d27d2 = _0x1d27d2 - 0x0;
var _0x239a13 = _0x1d27[_0x1d27d2];
if (_0x18ef['yqPBYS'] === undefined) {
var _0x48eece = function (_0x33f95c) {
var _0x526067 = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=';
var _0x36f0f1 = '';
for (var _0x2c72ea = 0x0, _0x39809e, _0xb8d60b, _0x7deb24 = 0x0; _0xb8d60b = _0x33f95c['charAt'](_0x7deb24++); ~_0xb8d60b && (_0x39809e = _0x2c72ea % 0x4 ? _0x39809e * 0x40 + _0xb8d60b : _0xb8d60b, _0x2c72ea++ % 0x4) ? _0x36f0f1 += String['fromCharCode'](0xff & _0x39809e >> (-0x2 * _0x2c72ea & 0x6)) : 0x0) {
_0xb8d60b = _0x526067['indexOf'](_0xb8d60b);
}
return _0x36f0f1;
};
_0x18ef['uAegLo'] = function (_0x282f57) {
var _0x4110f4 = _0x48eece(_0x282f57);
var _0x4c9168 = [];
for (var _0x46dd40 = 0x0, _0x3512bd = _0x4110f4['length']; _0x46dd40 < _0x3512bd; _0x46dd40++) {
_0x4c9168 += '%' + ('00' + _0x4110f4['charCodeAt'](_0x46dd40)['toString'](0x10))['slice'](-0x2);
}
return decodeURIComponent(_0x4c9168);
};
_0x18ef['PNQUnC'] = {};
_0x18ef['yqPBYS'] = !![];
}
var _0x3cff06 = _0x1d27[0x0];
var _0x55c4f1 = _0x1d27d2 + _0x3cff06;
var _0x4fac92 = _0x18ef['PNQUnC'][_0x55c4f1];
if (_0x4fac92 === undefined) {
_0x239a13 = _0x18ef['uAegLo'](_0x239a13);
_0x18ef['PNQUnC'][_0x55c4f1] = _0x239a13;
} else {
_0x239a13 = _0x4fac92;
}
return _0x239a13;
};
var _0x239a = function (_0x1d27d2, _0x18ef77) {
_0x1d27d2 = _0x1d27d2 - 0x0;
var _0x239a13 = _0x1d27[_0x1d27d2];
if (_0x239a['LehifA'] === undefined) {
var _0x48eece = function (_0x526067) {
var _0x36f0f1 = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=';
var _0x2c72ea = '';
for (var _0x39809e = 0x0, _0xb8d60b, _0x7deb24, _0x282f57 = 0x0; _0x7deb24 = _0x526067['charAt'](_0x282f57++); ~_0x7deb24 && (_0xb8d60b = _0x39809e % 0x4 ? _0xb8d60b * 0x40 + _0x7deb24 : _0x7deb24, _0x39809e++ % 0x4) ? _0x2c72ea += String['fromCharCode'](0xff & _0xb8d60b >> (-0x2 * _0x39809e & 0x6)) : 0x0) {
_0x7deb24 = _0x36f0f1['indexOf'](_0x7deb24);
}
return _0x2c72ea;
};
var _0x33f95c = function (_0x4110f4, _0x4c9168) {
var _0x46dd40 = [], _0x3512bd = 0x0, _0x1a42fb, _0x21563a = '', _0x14c329 = '';
_0x4110f4 = _0x48eece(_0x4110f4);
for (var _0x51d4e6 = 0x0, _0x22faf8 = _0x4110f4['length']; _0x51d4e6 < _0x22faf8; _0x51d4e6++) {
_0x14c329 += '%' + ('00' + _0x4110f4['charCodeAt'](_0x51d4e6)['toString'](0x10))['slice'](-0x2);
}
_0x4110f4 = decodeURIComponent(_0x14c329);
var _0x1721e1;
for (_0x1721e1 = 0x0; _0x1721e1 < 0x100; _0x1721e1++) {
_0x46dd40[_0x1721e1] = _0x1721e1;
}
for (_0x1721e1 = 0x0; _0x1721e1 < 0x100; _0x1721e1++) {
_0x3512bd = (_0x3512bd + _0x46dd40[_0x1721e1] + _0x4c9168['charCodeAt'](_0x1721e1 % _0x4c9168['length'])) % 0x100;
_0x1a42fb = _0x46dd40[_0x1721e1];
_0x46dd40[_0x1721e1] = _0x46dd40[_0x3512bd];
_0x46dd40[_0x3512bd] = _0x1a42fb;
}
_0x1721e1 = 0x0;
_0x3512bd = 0x0;
for (var _0x5a26fa = 0x0; _0x5a26fa < _0x4110f4['length']; _0x5a26fa++) {
_0x1721e1 = (_0x1721e1 + 0x1) % 0x100;
_0x3512bd = (_0x3512bd + _0x46dd40[_0x1721e1]) % 0x100;
_0x1a42fb = _0x46dd40[_0x1721e1];
_0x46dd40[_0x1721e1] = _0x46dd40[_0x3512bd];
_0x46dd40[_0x3512bd] = _0x1a42fb;
_0x21563a += String['fromCharCode'](_0x4110f4['charCodeAt'](_0x5a26fa) ^ _0x46dd40[(_0x46dd40[_0x1721e1] + _0x46dd40[_0x3512bd]) % 0x100]);
}
return _0x21563a;
};
_0x239a['agvFal'] = _0x33f95c;
_0x239a['faAojy'] = {};
_0x239a['LehifA'] = !![];
}
var _0x3cff06 = _0x1d27[0x0];
var _0x55c4f1 = _0x1d27d2 + _0x3cff06;
var _0x4fac92 = _0x239a['faAojy'][_0x55c4f1];
if (_0x4fac92 === undefined) {
if (_0x239a['WNkuzT'] === undefined) {
_0x239a['WNkuzT'] = !![];
}
_0x239a13 = _0x239a['agvFal'](_0x239a13, _0x18ef77);
_0x239a['faAojy'][_0x55c4f1] = _0x239a13;
} else {
_0x239a13 = _0x4fac92;
}
return _0x239a13;
};
function demo() {
var _0x282f57 = function (_0x2ff7bb, _0x1accfc, _0x81ea65, _0xc75723, _0x27134) {
return _0x18ef(_0xc75723 - 0x1e6, _0x27134);
};
alert(_0x282f57(0x1e6, 0x1e5, 0x1e6, 0x1e6, 0x1e6));
}
demo();
安全强度已经很高,平常进行JS代码混淆加密,得到这个效果,已经足够安全。
如有特别需要,可再选用:禁用命令行输出、反浏览器调试、域名锁定、保留关键字等功能。各功能用法,平台均有对其选项的说明。
二、多态版
多态版提交代码后,会将代码密文托管在JShaman服务器,并返回调用地址,每次引用地址,都将获得不同的加密代码。
测试代码同上。
保护成功后返回地址信息,打开地址即可看到效果。
注:保护后返回的地址是双地址,http和https两种,带有两种端口,手动提取一种地址即可。
如,返回的调用地址:
http(s)://www.jshaman.com:800(4430)/polymorphic/?id=1622085106511
通过http访问的地址是:
http://www.jshaman.com:800/polymorphic/?id=1622085106511
通过https访问的地址是:
https://www.jshaman.com:4430/polymorphic/?id=1622085106511
打开地址后,可以看到代码如下:
var _0x11b7=['W4ldUCkWoHBcMXRcOW','gCklfuaNp8ooW5G','umojqXJcPxJcU8klh8o/WRG','WOi7oSoTW7m','BqxcNmoEumo9irpdS8kTimkZ','W47cMSkIq8oD','WP7dHCk/eCkfWRtcNvnoWP3dUG','gdGMW5ldJ8kDCSkMrfZcGmoO','aSkmeK7dVa','W4JcN3pdVH4fWQOjbZvZ','WOFdLbflv2JcRYhcVSkxW5TJ','WRNDNSkUpCk5yG7cJ00','cLRdTYPX','yCoOW7O4WRa5W6NdJGOmva','quPZk8oH','ymoicuxcUZmgs1/dSCoF','W4VcL3BcThKdWR4Hoa','W5pcISkfW4pdRmohjmkSW7ZdP8k3fG','W7WSpcHbCCoJW5a','W5FdSGVdRKddTe4','WOpdMXHlar7cOHRcU8ka','W5RdKtlcUqm','W7xcM2VdNmkzetBcQsZcOCkjW5a','WRNdNSkUDSoAwdZcIxiyra','WOdcQMCKntJcVG','W7RdIc4brvirn8kEW6a','W7NdJ3vVu2alkG','W4G4WOhcLxKjWPRcU1uTt8o5'];var _0x50a5=function(_0x30d89e,_0x262037){_0x30d89e=_0x30d89e-(-0xf0+-0x5*0x316+0x10e8);var _0x20e1f1=_0x11b7[_0x30d89e];if(_0x50a5['xaZYUd']===undefined){var _0x2baf62=function(_0x246ffb){var _0x5cf090='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=';var _0x37fee0='';for(var _0x5935aa=-0x182d+0x17ce+0x5f,_0xd2a99d,_0x81e93a,_0x358165=-0x2*-0x98f+-0x43f*0x9+-0x1*-0x1319;_0x81e93a=_0x246ffb['charAt'](_0x358165++);~_0x81e93a&&(_0xd2a99d=_0x5935aa%(0x1718+0xdc6+-0x24da)?_0xd2a99d*(-0x10c6*0x1+-0x1a7*-0x3+0xc11)+_0x81e93a:_0x81e93a,_0x5935aa++%(-0x5*-0x5e7+-0x192e+-0x55*0xd))?_0x37fee0+=String['fromCharCode'](0x8*-0x293+-0x267e+0x1407*0x3&_0xd2a99d>>(-(0x193c+0x5d*-0x4f+0x379)*_0x5935aa&0x2*0x182+0x23b*0x1+-0x539*0x1)):-0x1*-0xd2b+-0x1*-0x198e+-0x1af*0x17){_0x81e93a=_0x5cf090['indexOf'](_0x81e93a);}return _0x37fee0;};var _0x4695d7=function(_0x22b24e,_0x21050f){var _0x387afc=[],_0xe28d95=0x1af8+0x1*-0x668+0x2f0*-0x7,_0x44ce6d,_0x189635='',_0x13d904='';_0x22b24e=_0x2baf62(_0x22b24e);for(var _0x126533=0x1*-0x1e13+-0x432+-0x1f*-0x11b,_0x14019a=_0x22b24e['length'];_0x126533<_0x14019a;_0x126533++){_0x13d904+='%'+('00'+_0x22b24e['charCodeAt'](_0x126533)['toString'](-0x1*0xfad+-0x1639*-0x1+-0x67c))['slice'](-(-0x19c*-0x16+-0x1a7e+-0x8e8));}_0x22b24e=decodeURIComponent(_0x13d904);var _0x15ec93;for(_0x15ec93=-0x1ed3+0x1b6b*0x1+0x6d*0x8;_0x15ec93<0x925+-0x2*0x8d5+0x985;_0x15ec93++){_0x387afc[_0x15ec93]=_0x15ec93;}for(_0x15ec93=-0x26fe+-0xbcb*-0x1+0x1b33;_0x15ec93<0x36c*-0x9+-0x394*0x1+0x4*0x8d8;_0x15ec93++){_0xe28d95=(_0xe28d95+_0x387afc[_0x15ec93]+_0x21050f['charCodeAt'](_0x15ec93%_0x21050f['length']))%(0x135*-0xf+0x1911+0x1*-0x5f6),_0x44ce6d=_0x387afc[_0x15ec93],_0x387afc[_0x15ec93]=_0x387afc[_0xe28d95],_0x387afc[_0xe28d95]=_0x44ce6d;}_0x15ec93=-0x2*0x1158+0x2b*0x5e+0x29*0x76,_0xe28d95=-0x3*0x2b7+0x10b8+-0x893;for(var _0x142227=-0xb3+0x1*-0x97b+0x517*0x2;_0x142227<_0x22b24e['length'];_0x142227++){_0x15ec93=(_0x15ec93+(0x1837+0x1c90+-0xa*0x547))%(0x1*-0x1cc3+-0x2f*0x7f+-0x56*-0x9e),_0xe28d95=(_0xe28d95+_0x387afc[_0x15ec93])%(0x116*0x11+-0x123f+0xc9),_0x44ce6d=_0x387afc[_0x15ec93],_0x387afc[_0x15ec93]=_0x387afc[_0xe28d95],_0x387afc[_0xe28d95]=_0x44ce6d,_0x189635+=String['fromCharCode'](_0x22b24e['charCodeAt'](_0x142227)^_0x387afc[(_0x387afc[_0x15ec93]+_0x387afc[_0xe28d95])%(0x2011*0x1+-0x98e*-0x1+0x1*-0x289f)]);}return _0x189635;};_0x50a5['HBOYRj']=_0x4695d7,_0x50a5['GTUePj']={},_0x50a5['xaZYUd']=!![];}var _0x277935=_0x11b7[-0x196f+0x19b9+-0x25*0x2],_0x3fe2a7=_0x30d89e+_0x277935,_0x58ad6c=_0x50a5['GTUePj'][_0x3fe2a7];return _0x58ad6c===undefined?(_0x50a5['BMFISK']===undefined&&(_0x50a5['BMFISK']=!![]),_0x20e1f1=_0x50a5['HBOYRj'](_0x20e1f1,_0x262037),_0x50a5['GTUePj'][_0x3fe2a7]=_0x20e1f1):_0x20e1f1=_0x58ad6c,_0x20e1f1;};(function(_0x2b51b4,_0x50dccf){var _0x2711c5=function(_0x5899c3,_0x3d7606,_0x47a5df,_0x22976e){return _0x50a5(_0x5899c3-0x10d,_0x22976e);},_0x50623c=function(_0x4d82c6,_0x11dca9,_0x2a0f50,_0x4a8bf0){return _0x50a5(_0x4d82c6-0x10d,_0x4a8bf0);},_0x134a3c=function(_0x213d8b,_0x519ccd,_0x15a141,_0x5cc2c2){return _0x50a5(_0x213d8b-0x10d,_0x5cc2c2);};while(!![]){try{var _0x54fe3d=-parseInt(_0x2711c5(0x1a9,0x1b2,0x1b4,'IArI'))*-parseInt(_0x50623c(0x1ac,0x1b7,0x1ac,'rgfi'))+-parseInt(_0x134a3c(0x1a3,0x1b1,0x1ad,'A%X5'))*-parseInt(_0x134a3c(0x19f,0x198,0x19a,'ZCWY'))+-parseInt(_0x134a3c(0x1b0,0x1b3,0x1ae,'w35Z'))+-parseInt(_0x134a3c(0x19d,0x1a4,0x1a5,'U*R['))*-parseInt(_0x2711c5(0x1a2,0x1a1,0x1ac,'q60m'))+-parseInt(_0x134a3c(0x1a1,0x1a7,0x195,'uDaA'))+-parseInt(_0x134a3c(0x197,0x18b,0x193,'0oR!'))+parseInt(_0x50623c(0x19b,0x19f,0x1a3,'sqD1'))*parseInt(_0x134a3c(0x1a7,0x19b,0x1a2,'sqD1'));if(_0x54fe3d===_0x50dccf)break;else _0x2b51b4['push'](_0x2b51b4['shift']());}catch(_0x32cdad){_0x2b51b4['push'](_0x2b51b4['shift']());}}}(_0x11b7,-0x3497f*-0x1+-0xa0091+0xc28bd));function demo(){var _0x3a83c6=function(_0x23552b,_0x25b624,_0x15da2a,_0x572f6e){return _0x50a5(_0x572f6e-0x3cd,_0x25b624);},_0x1f3c9b=function(_0x2899cd,_0x3756b3,_0x1da152,_0x895632){return _0x50a5(_0x895632-0x3cd,_0x3756b3);},_0x11211a=function(_0x4612a3,_0x4a0e38,_0x428f3d,_0x36ce01){return _0x50a5(_0x36ce01-0x3cd,_0x4a0e38);},_0x699060={};_0x699060[_0x3a83c6(0x46c,'l)jX',0x457,0x45e)]=_0x1f3c9b(0x471,'0mrD',0x472,0x46f)+_0x1f3c9b(0x464,'%$6i',0x46a,0x465)+_0x1f3c9b(0x462,'$(Y[',0x44b,0x458)+_0x11211a(0x46a,'HejC',0x46d,0x471)+'m';var _0x2afec1=_0x699060;alert(_0x2afec1[_0x11211a(0x451,'Eii9',0x467,0x45c)]);}demo();
每次刷新,代码都会发生变化:
var _0x1e13=['652154WSzQtT','472477hRHGLO','97204FKSZRe','522847XDrzuX','23jdzClu','288310BaBPrX','11303wvRXrI','615285ZiXzaX','1XUkoMx','6RsFWpn'];var _0xbd6a=function(_0x4d0a96,_0x1e1393){_0x4d0a96=_0x4d0a96-0x0;var _0xbd6a89=_0x1e13[_0x4d0a96];return _0xbd6a89;};(function(_0x1c8fe0,_0x525eb6){var _0x351ba9=_0xbd6a;while(!![]){try{var _0x2b8a4d=-parseInt(_0x351ba9(0x9))+-parseInt(_0x351ba9(0x1))*-parseInt(_0x351ba9(0x4))+parseInt(_0x351ba9(0x7))+parseInt(_0x351ba9(0x8))*-parseInt(_0x351ba9(0x6))+parseInt(_0x351ba9(0x5))+parseInt(_0x351ba9(0x0))*-parseInt(_0x351ba9(0x2))+parseInt(_0x351ba9(0x3));if(_0x2b8a4d===_0x525eb6)break;else _0x1c8fe0['push'](_0x1c8fe0['shift']());}catch(_0xe9a829){_0x1c8fe0['push'](_0x1c8fe0['shift']());}}}(_0x1e13,0x52dfa));function demo(){alert('hellox20www.jshaman.com');}demo();
三、文件上传
文件上传方式,与通用版保护效果一样。不同在于,上传的是JS文件经打包后的zip压缩包,可以一次性处理多个文件。