js ast 函数调用替换为值
目标
替换ob文件中形如_0x55f3('0x19', "Pg54")的代码为具体的值。
const types = require("@babel/types");
const str_to_str = {
StringLiteral(path){
const {node} = path;
node.extra = null;
}
}
var _0x4818 = [
"wqImMT0tw6RNw5k=",
"DMKcU0JmUwUv",
"VjHDlMOHVcONX3fDicKJHQ==",
"wqhBH8Knw4TDhSDDgMOdwrjCncOWwphhN8KCGcKqw6dHAU5+wrg2JcKaw4IEJcOcwrRJwoZ0wqF9YgAV",
"dzd2w5bDm3jDpsK3wpY=",
"w4PDgcKXwo3CkcKLwr5qwrY=",
"wrJOTcOQWMOg",
"wqTDvcOjw447wr4=",
"w5XDqsKhMF1/",
"wrAyHsOfwppc",
"J3dVPcOxLg==",
"wrdHw7p9Zw==",
"w4rDo8KmNEw=",
"IMKAUkBt",
"w6bDrcKQwpVHwpNQwqU=",
"d8OsWhAUw7YzwrU=",
"wqnCksOeezrDhw==",
"UsKnIMKWV8K/",
"w4zDocK8NUZv",
"c8OxZhAJw6skwqJj",
"PcKIw4nCkkVb",
"KHgodMO2VQ==",
"wpsmwqvDnGFq",
"wqLDt8Okw4c=",
"w7w1w4PCpsO4wqA=",
"wq9FRsOqWMOq",
"byBhw7rDm34=",
"LHg+S8OtTw==",
"wqhOw715dsOH",
"U8O7VsO0wqvDvcKuKsOqX8Kr",
"Yittw5DDnWnDrA==",
"YMKIwqUUfgIk",
"aB7DlMODTQ==",
"wpfDh8Orw6kk",
"w7vCqMOrY8KAVk5OwpnCu8OaXsKZP3DClcKyw6HDrQ==",
"wow+w6vDmHpsw7Rtwo98LC7CiG7CksORT8KlW8O5wr3Di8OTHsODeHjDmcKlJsKqVA==",
"NwV+",
"w7HDrcKtwpJawpZb",
"wpQswqvDiHpuw6I=",
"YMKUwqMJZQ==",
"KH1VKcOqKsK1",
"fQ5sFUkkwpI=",
"wrvCrcOBR8Kk",
"M3w0fQ==",
"w6xXwqPDvMOFwo5d",
"csKHwqMI",
"ZsKJwr8VeAsy",
"UcKiN8O/wplwMA==",
"JR8CTg==",
"YsOnbSEQw7ozwqZKesKUw7kwX8ORIQ==",
"w7oVS8OSwoPCl3jChMKhw6HDlsKXw4s/YsOG",
"fwVmI1AtwplaY8Otw5cNfSgpw6M=",
"OcONwrjCqsKxTGTChsOjEWE8PcOcJ8K6",
"U8K5LcOtwpV0EMOkw47DrMOX",
"HMO2woHCiMK9SlXClcOoC1k=",
"asKIwqMDdgMuPsOKBMKcwrrCtkLDrMKBw64d"
]
var _0x55f3 = function (_0x4c97f0, _0x1742fd) {
var _0x4c97f0 = parseInt(_0x4c97f0, 0x10);
var _0x48181e = _0x4818[_0x4c97f0];
if (!_0x55f3["atobPolyfillAppended"]) {
(function () {
var _0xdf49c6 = Function("return (function () " + "{}.constructor(\"return this\")()" + ");");
var _0xb8360b = _0xdf49c6();
var _0x389f44 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
_0xb8360b["atob"] || (_0xb8360b["atob"] = function (_0xba82f0) {
var _0xec6bb4 = String(_0xba82f0)["replace"](/=+$/, "");
for (var _0x1a0f04 = 0x0, _0x18c94e, _0x41b2ff, _0xd79219 = 0x0, _0x5792f7 = ""; _0x41b2ff = _0xec6bb4["charAt"](_0xd79219++); ~_0x41b2ff && (_0x18c94e = _0x1a0f04 % 0x4 ? _0x18c94e * 0x40 + _0x41b2ff : _0x41b2ff, _0x1a0f04++ % 0x4) ? _0x5792f7 += String["fromCharCode"](0xff & _0x18c94e >> (-0x2 * _0x1a0f04 & 0x6)) : 0x0) {
_0x41b2ff = _0x389f44["indexOf"](_0x41b2ff);
}
return _0x5792f7;
});
})();
_0x55f3["atobPolyfillAppended"] = !![];
}
if (!_0x55f3["rc4"]) {
var _0x232678 = function (_0x401af1, _0x532ac0) {
var _0x45079a = [],
_0x52d57c = 0x0,
_0x105f59,
_0x3fd789 = "",
_0x4a2aed = "";
_0x401af1 = atob(_0x401af1);
for (var _0x124d17 = 0x0, _0x1b9115 = _0x401af1["length"]; _0x124d17 < _0x1b9115; _0x124d17++) {
_0x4a2aed += "%" + ("00" + _0x401af1["charCodeAt"](_0x124d17)["toString"](0x10))["slice"](-0x2);
}
_0x401af1 = decodeURIComponent(_0x4a2aed);
for (var _0x2d67ec = 0x0; _0x2d67ec < 0x100; _0x2d67ec++) {
_0x45079a[_0x2d67ec] = _0x2d67ec;
}
for (_0x2d67ec = 0x0; _0x2d67ec < 0x100; _0x2d67ec++) {
_0x52d57c = (_0x52d57c + _0x45079a[_0x2d67ec] + _0x532ac0["charCodeAt"](_0x2d67ec % _0x532ac0["length"])) % 0x100;
_0x105f59 = _0x45079a[_0x2d67ec];
_0x45079a[_0x2d67ec] = _0x45079a[_0x52d57c];
_0x45079a[_0x52d57c] = _0x105f59;
}
_0x2d67ec = 0x0;
_0x52d57c = 0x0;
for (var _0x4e5ce2 = 0x0; _0x4e5ce2 < _0x401af1["length"]; _0x4e5ce2++) {
_0x2d67ec = (_0x2d67ec + 0x1) % 0x100;
_0x52d57c = (_0x52d57c + _0x45079a[_0x2d67ec]) % 0x100;
_0x105f59 = _0x45079a[_0x2d67ec];
_0x45079a[_0x2d67ec] = _0x45079a[_0x52d57c];
_0x45079a[_0x52d57c] = _0x105f59;
_0x3fd789 += String["fromCharCode"](_0x401af1["charCodeAt"](_0x4e5ce2) ^ _0x45079a[(_0x45079a[_0x2d67ec] + _0x45079a[_0x52d57c]) % 0x100]);
}
return _0x3fd789;
};
_0x55f3["rc4"] = _0x232678;
}
if (!_0x55f3["data"]) {
_0x55f3["data"] = {};
}
if (_0x55f3["data"][_0x4c97f0] === undefined) {
if (!_0x55f3["once"]) {
var _0x5f325c = function (_0x23a392) {
this["rc4Bytes"] = _0x23a392;
this["states"] = [0x1, 0x0, 0x0];
this["newState"] = function () {
return "newState";
};
this["firstState"] = "\\w+ *\\(\\) *{\\w+ *";
this["secondState"] = "['|\"].+['|\"];? *}";
};
_0x5f325c["prototype"]["checkState"] = function () {
var _0x19f809 = new RegExp(this["firstState"] + this["secondState"]);
// return this["runState"](_0x19f809["test"](this["newState"]["toString"]()) ? --this["states"][0x1] : --this["states"][0x0]);
return --this["states"][0x1]
};
_0x5f325c["prototype"]["runState"] = function (_0x4380bd) {
if (!Boolean(~_0x4380bd)) {
return _0x4380bd;
}
return this["getState"](this["rc4Bytes"]);
};
_0x5f325c["prototype"]["getState"] = function (_0x58d85e) {
for (var _0x1c9f5b = 0x0, _0x1ce9e0 = this["states"]["length"]; _0x1c9f5b < _0x1ce9e0; _0x1c9f5b++) {
this["states"]["push"](Math["round"](Math["random"]()));
_0x1ce9e0 = this["states"]["length"];
}
return _0x58d85e(this["states"][0x0]);
};
new _0x5f325c(_0x55f3)["checkState"]();
_0x55f3["once"] = !![];
}
_0x48181e = _0x55f3["rc4"](_0x48181e, _0x1742fd);
_0x55f3["data"][_0x4c97f0] = _0x48181e;
} else {
_0x48181e = _0x55f3["data"][_0x4c97f0];
}
return _0x48181e;
};
// console.log(_0x55f3("0x21", "KN)F"))
const call_to_str = {
}
const call_to_const = {
CallExpression(path) {
const {node} = path;
if (node.callee.name === "_0x55f3") {
if (node.arguments[0].type === "StringLiteral" && node.arguments[0].type === "StringLiteral") {
// console.log("here")
path.replaceWith(types.valueToNode(_0x55f3(node.arguments[0].value, node.arguments[1].value)))
}
}
}
}
global.str_to_str = str_to_str;
global.call_to_const = call_to_const;
