解析藏宝阁密文

发表于

以下内容仅作为技术讨论使用,务商业使用。

在查看梦幻藏宝阁的时,像了解下对于数据的展示,这种平台是如何操作,于是对网页数据进行了分析,以下是分析出数据的方法。

对于一些敏感数据,网站就需要对其进行混淆,增加爬虫的成本。

例如网页https://xyq.cbg.163.com/equip?s=212&eid=201908132100113-212-AQYRMWM0DU8U&o&equip_refer=58

分析其返回的response,发现返回值并没有直接赋值上去。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
<tr>
		<th>气血:</th>
		<td><%= pet.blood %>/<%= pet.max_blood %></td>
		<th>体质:</th>
		<td><%= pet.soma %></td>
	</tr>
	<tr>
		<th>魔法:</th>
		<td><%= pet.magic %>/<%= pet.max_magic %></td>
		<th>法力:</th>
		<td><%= pet.magic_powner %></td>
	</tr>
	<tr>
		<th>攻击:</th>
		<td><%= pet.attack %></td>
		<th>力量:</th>
		<td><%= pet.strength %></td>
	</tr>

由pet对象来获取,则在网页中查找这个对象

1
2
3
4
<%
   var pet = this.pet_attrs;
   var enhance_info = this.enhance_info || {};
%>

继续查找pet_attrs

1
2
var pet_desc = parse_desc_info($("equip_desc_" + el.getAttribute("data_equipid")).value);
var pet_attrs = get_pet_attrs_info(pet_desc, true);

这串代码中,根据equip_desc_查到到了这个网页的主要信息内容。

1
2
3
<textarea id="equip_desc_value" style="display:none">
超级神兔;102273;169;3269;1920;2425;964;280;100;300;189;1092;189;189;0;956;3269;1920;65432;1;1600;1600;5500;3500;1400;1400;1300;425|404|416|405|422;0;1;0;2;0;0;(["tmp_lingxing":0,"core_close":0,"lastchecksubzz":0,"summon_core":([901:({5,0,([]),}),924:({5,0,([]),}),932:({5,0,([]),}),]),"left_qlxl":7,"weaken":0,"growthMax":1236,"iJjFeedCd":0,"summon_equip4_type":0,"carrygradezz":0,"MP_MAX":3050,"sjg":0,"summon_color":0,"csavezz":"1600|1600|1400|1400|5500|3500","MS_MAX":1800,"jj_extra_add":0,"iRealColor":0,"SPD_MAX":1550,"DEF_MAX":1550,"summon_equip4_desc":"","HP_MAX":5500,"jinjie":(["core":([]),"cnt":0,"lx":0,]),"ATK_MAX":1550,"strengthen":0,])
</textarea>

过程有些顺利

接下来在解析角色时,发现equip_desc_value的value值并没有直接体现出来。
如:https://xyq.cbg.163.com/equip?s=579&eid=201907212200113-579-5ZF1WK0H3GFP&equip_refer=26&view_loc=reco_left

1
<textarea id="equip_desc_value" style="display:none"><textarea id="equip_desc_value" style="display:none">@VB38(因内容太多,此处省略)DAxOSJ9@</textarea>

继续追本溯源查找equip_desc_value,查找到以下代码

1
var role_info = js_eval(lpc_2_js(get_equip_desc('equip_desc_value')));

通过打断点的方式发现get_equip_desc方法为解析加密的内容的核心方法。(lpc_2_js是将字符串转为对象字符串的方法,并不是核心方法)
继续往下查找get_equip_desc方法

1
2
3
function get_equip_desc(elemId) {
    return decode_desc($(elemId).value);
}

好吧,继续查看decode_desc方法,看到这种代码,终于进入主题了。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
!function(_0xcbc80b) {
        _0xcbc80b['\x64\x65\x63\x6f\x64\x65\x5f\x64\x65\x73\x63'] = function g(_0x1c0cdf) {
            if (_0x1c0cdf = _0x1c0cdf['\x72\x65\x70\x6c\x61\x63\x65'](/^\s+|\s+$/g, ''),
            !/^@[\s\S]*@$/[_0x3a8e('0x0')](_0x1c0cdf))
                return _0x1c0cdf;
            var _0x36ab38 = (/\b_k=([^;]*)/['\x65\x78\x65\x63'](document['\x63\x6f\x6f\x6b\x69\x65']) || [])[0x1] || '';
            if (_0x1c0cdf = _0x1c0cdf['\x72\x65\x70\x6c\x61\x63\x65'](/^@|@$/g, ''),
            /^[^@]+@[\s\S]+/['\x74\x65\x73\x74'](_0x1c0cdf)) {
                var _0x33c80e = _0x1c0cdf['\x69\x6e\x64\x65\x78\x4f\x66']('\x40');
                _0x36ab38 = _0x1c0cdf[_0x3a8e('0x1')](0x0, _0x33c80e),
                _0x1c0cdf = _0x1c0cdf['\x73\x75\x62\x73\x74\x72\x69\x6e\x67'](_0x33c80e + 0x1);
            }
            var _0x1b3f48 = function s(_0x1c0cdf) {
                try {
                    return _0xcbc80b['\x65\x76\x61\x6c']('\x28' + _0x1c0cdf + '\x29');
                } catch (_0x40b9c3) {
                    return null;
                }
            }(_0x1c0cdf = _0xcbc80b[_0x3a8e('0x2')](_0x1c0cdf));
            _0x1b3f48 && '\x6f\x62\x6a\x65\x63\x74' == typeof _0x1b3f48 && _0x1b3f48['\x64'] && (_0x1b3f48 = _0x1b3f48['\x64']);
            for (var _0x20b9fa = [], _0x10503c = 0x0, _0x1a524d = 0x0; _0x1a524d < _0x1b3f48['\x6c\x65\x6e\x67\x74\x68']; _0x1a524d++) {
                var _0x3641ed = _0x1b3f48['\x63\x68\x61\x72\x43\x6f\x64\x65\x41\x74'](_0x1a524d)
                  , _0x341952 = _0x36ab38[_0x3a8e('0x3')](_0x10503c % _0x36ab38['\x6c\x65\x6e\x67\x74\x68']);
                _0x10503c += 0x1,
                _0x3641ed = 0x1 * _0x3641ed ^ _0x341952,
                _0x20b9fa[_0x3a8e('0x4')](_0x3641ed['\x74\x6f\x53\x74\x72\x69\x6e\x67'](0x2));
            }
            return function d(_0x1c0cdf) {
                for (var _0x36ab38 = [], _0x33c80e = 0x0; _0x33c80e < _0x1c0cdf['\x6c\x65\x6e\x67\x74\x68']; _0x33c80e++)
                    _0x36ab38['\x70\x75\x73\x68'](_0xcbc80b['\x53\x74\x72\x69\x6e\x67']['\x66\x72\x6f\x6d\x43\x68\x61\x72\x43\x6f\x64\x65'](_0xcbc80b['\x70\x61\x72\x73\x65\x49\x6e\x74'](_0x1c0cdf[_0x33c80e], 0x2)));
                return _0x36ab38['\x6a\x6f\x69\x6e']('');
            }(_0x20b9fa);
        }
        ;
    }(window);

对此先将方法去混淆.刚开始看到 _0x1c0cdf[_0x3a8e(‘0x1’)](0x0, _0x33c80e) 这种写法我还懵圈了老半天,这是种什么写法。后来在去混淆的过程中发现 _0x3a8e(‘0x1’) 的值是substring,这不就是方法名吗,然后意识到,这不就是js调用方法的另一种写法吗 ,只是很久不用这种写法第一眼没有认出来。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
function decode_desc(ciphertext) {
            if (ciphertext = ciphertext.replace(/^\s+|\s+$/g, ''),
            !/^@[\s\S]*@$/.test(ciphertext))
                return ciphertext;
            var _0x36ab38 = "";//(/\b_k=([^;]*)/.exec(document.cookie) || [])[0x1] || '';
            if (ciphertext = ciphertext.replace(/^@|@$/g, ''),
            /^[^@]+@[\s\S]+/.test(ciphertext)) {
                var num = ciphertext.indexOf('@');
                _0x36ab38 = ciphertext.substring(0, num),
                ciphertext = ciphertext.substring(num + 0x1);
            }
			debugger;
            var _0x1b3f48 = function s(ciphertext) {
                try {
                    return window.eval('(' + ciphertext + ')');//
                } catch (_0x40b9c3) {
                    return null;
                }
            }(ciphertext = window.atob(ciphertext));//解码
            _0x1b3f48 && 'object' == typeof _0x1b3f48 && _0x1b3f48['d'] && (_0x1b3f48 = _0x1b3f48['d']);//从对象{'d':'xxx'} 取到xxx
			var  str=_0x1b3f48;
			//numList 是二进制数字的集合
            for (var numList = [], j = 0, i =0; i < str.length; i++) {
                var charCode = str.charCodeAt(i)
                  , _0x341952 = _0x36ab38.charCodeAt(j % _0x36ab38.length);//_0x36ab38 是一个短的字符串 如 QOGBzhZ8hvVKgka8
                j ++,
                charCode = 0x1 * charCode ^ _0x341952,
                numList.push(charCode.toString(2));
            }
            return function d(ciphertext) {
                for (var arr = [], i = 0; i < ciphertext.length; i++)
                    arr.push(window.String.fromCharCode(window.parseInt(ciphertext[i], 2)));
                return arr.join('');
            }(numList);
        }

至此提供一个完整版js解密代码

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
function decodeObject(){
var role_info = js_eval(lpc_2_js(decode_desc( "@QOGBzhZ8hvVKgka8@eyJkIjogInlcdTAwMTRlMVx1MDAxMlxyNElcdTAwMDFUbGM8NkhcdTAwMTRzJlx1MDAwNSdcdTAwMWJcdTAwMWIua1x1MDAwM1x1MDAxZmdpXVtNXHUwMDFhOFxmJjFcdTAwMTJKYFxmXkZufF9HQ1FcdTAwMTk/XHUwMDE4XHUwMDBmXHUwMDFiXHUwMDEweFx1MDAwMllAbnJLSTV5XHUwMDBlJlx1MDAwNi5cdTAwMTYmP084XHUwMDE5PyVcdTAwMTNJW1x0fW1cdTAwMDYhXHUwMDEyODVRXHUwMDA2XHUwMDAyXHUwMDAyJFx1MDAxM1xuXHJcdTAwMWFreHZ3Vkozdlx1MDAxZFx1MDAwMiVcdTAwMDVcdTAwMTJcdTAwMDZDXHUwMDAyYWNlK1x1MDAxZFx1MDAwNzVcXFx1MDAwNlx1MDAxMyU4OFx1MDAxOFx1MDAwME5zdXV2TFxcdlx1MDAxYVx1MDAwMTs3LDgqXHJUc3V2dEpEeEpcclx1MDAxOFwiXHUwMDE0XHUwMDBiXHUwMDBlXHUwMDE3XT1tfXJWSjNsXHUwMDA3XHUwMDAyNycqXG5cdTAwMDZ8NClcdTAwMTgjXHUwMDE2XHUwMDA0eFx1MDAwMlxcRGJnRVxiL1k8KmV4WFx1NWE1OVx1NGUwYVxmXFxCdGdFXHUwMDAyMls5ICguWFJrXHJEVD9cdTAwMDZcdTAwMTdJW1x1MDAwZmV9a2AuKVx1MDAwNVEpXHUwMDFhOlx1MDAxYlxiXHUwMDAyXHUwMDBmTHN1d25YXHUwMDAxXHRTXHUwMDAxJjlcIlx0XHUwMDFmQ1x1MDAwMmJcdTAwN2ZrYFx1MDAxMyE5V1x1MDAwNlRsel5HQ30pP1xyNVhSalx1MDAxNEpcdTAwMWZcdTAwMTMzXHUwMDE3XHUwMDFmMlM4e2V4SkR4UTpcdTAwMTMlXHUwMDE0Jlx1MDAwN1xyXHUwMDFha35ydlZKPFlcdTAwMWFcdTAwMWJcdCdcdTAwMDJcdTAwMWRcdTAwMDRUc3V3blhcdTAwMDFcYllcdTAwMGJcdTAwMTN0cVVHQ1FcdTAwMTJcYlx1MDAxMy1cdTAwMGVcdDZ5XHUwMDA1XHUwMDE5IyVcdTAwMTNJW1xifW0uXHUwMDA3XHUwMDAyXHUwMDE4LmtcdTAwMDNcdTAwMWZjaV1bTVx1MDAxYThcdTAwMWNcIjVcdFx1MDAwMzNcdTAwMWFSRnppXHUwMDBlL1x1MDAwNF5cdTAwMGVcdTAwMGUrLlhSb1xiWVp0OVx1MDAwMlx1MDAwNVx1MDAxNVx1MDAxYWtcdTAwN2ZrYFx1MDAxOVx1MDAwNzdVXHUwMDFkKTFcIlx1MDAwM0lbXGJ9bVwiLFx1MDAxZlx1MDAxYT1BSkxie0tJXGJ9Iz0mLFx1MDAwZVx1MDAxYSNcdTAwMWFSRnppXHUwMDBlL1x1MDAwNEBcdTAwMGVcdTAwMGUrLlhSb1x1MDAwZVFadFwiJVx1MDAwZVx1MDAwMEslXHUwMDFjLCtJSmBcYkRUP1x1MDAwZVx1MDAxZlx1MDAxYlx1MDAxNWs6JnZgQFh2XHUwMDFhXHRcdTAwMTIyXHUwMDFiXGJcdTAwMDJcdTAwMGZMc3V3blhcbjNcXEpMZmdFXHUwMDAyLko2XHUwMDAwISRcdTAwMWZcdTAwMWF4XHUwMDAyWFp0M1x1MDAwZVxuXHUwMDBmQSRtfXJWSjRXXHUwMDFhXHUwMDFiNyc4XHUwMDAzXHUwMDBlSlwiKmV4SkR4WydcdTAwMDQxaV1JXHU3MDJkXHU3YmQ2XHU5YTg5XHU2MjA0ZW5YXHUwMDE4P0xKTH4wXHUwMDFhQk1cdTAwMWE+PS5cdTAwMWRcYlx0OV1KTGRnRVx1MDAwMiVdXCIsZXhKRHhwXHUwMDFkXHUwMDExM1x1MDAwM1xiXHUwMDE5XHUwMDEyXXN1b1x1MDAxOSdBdlx1MDAxYVx1MDAwMSYkXCJcdTAwMDNcdTAwMGVDXHUwMDAyZ3Z2blhcdTAwMDFcdTAwMTdZXHUwMDFhXHUwMDA0L2ldW01cdTAwMWE4XHUwMDBiJi9cdTAwMWJcdTAwMGY/ZylcdTAwMWE6aV1aUVxyaWNlXHUwMDA3XHUwMDAyKSxMSkx+XHUwMDEwOkJNXHUwMDFhOFx1MDAxYig2XHUwMDFiXHUwMDA0XHUwMDE3WVx1MDAwZjI3JjhcblxyVHN1cnJDRHhROFx1MDAxNT0/N1xuXHUwMDA2XXN1d25YXHUwMDA0M1ZcdTAwMGZcdTAwMTQ3JEVRSWNcZmZrYFx1MDAxMyU7Slx1MDAxYVx1MDAwZmRpXVtNXHUwMDFhOFx1MDAwMiY6P1x1MDAxMCpMWlRseVdHQ1FcdTAwMTJcYlx1MDAwNS1cdTAwMDIpN1dcdTAwMWRcdTAwMThcImldW01cdTAwMWE+PS5cdTAwMWRcdTAwMWVccilbSkxke1NTTVx1MDAxYSE9KDIxXHIqTEpMflx1MDAxMDpCTVx1MDAxYThcdTAwMWMkKjVcdTAwMGU8XVx1MDAxYVRse0tJXGJ1MChcdTAwMDMnXHUwMDFjN1x1MDAxYlRcdTAwMDRUbFx1MDA3ZlVfTVx1MDAxYThcZlx1MDAwMFx1MDAwMFx1MDAxNVxmI3lcdTAwMDVcdTAwMTkjJVx1MDAxM0lbXGJ9bVx1MDAwNi5cdTAwMTY6M1xcXHJcdTAwMDR0cU8wPFx1MDAxMX1tLlx1MDAxMVx1MDAwZVx1MDAxYVx1MDAwNXlcdTAwMDRcdTAwMWF0cVZfUVx1MDAxNHNcbj8yMFx1MDAxZlx1MDAxOFlcdTAwMWJcdTAwMTN0cVZbUVxiYVx1MDA3ZndySlh2XHUwMDFhXHUwMDBlXHUwMDE3NCpcYklbXHUwMDEwXG5cdTAwMTJublhcdTAwMDFcdTAwMTJISkxnfV9fTVx1MDAxYThcdTAwMTUvN1x1MDAxYlx1MDAwNlx1MDAwMFBcdTAwMDFUbHpLSVxiez49XHUwMDE4XHUwMDAzXHUwMDE2XHUwMDA0eFx1MDAwMllBZ2dFXHUwMDAyMlU4Oy8xXHUwMDExXHUwMDAxeFx1MDAwMlhadFwiJVx1MDAwZVx1MDAwMEslXHUwMDFjLCtISmBcYkRUP1xmXGJcdTAwMDRcdTAwMDVWNDw0YEBZalxyXlp0Klx1MDAwYlx1MDAwNz5LOiYrLlx0SmBcdTAwMTAzVGdyUUlbXHR9bXR2QlhuXHUwMDFhUkd6aVVaV1x1MDAxYWt7cm5YWWpcdTAwMGVKTGd4V0dDXG5gfmV4SFh2XHUwMDFhWUZjaV1aUlxifW12dEpKYFx0RFRnfFNJW1x0fW11c0pKYFx0XVp0eldcXENcdTAwMDJgfHduWFpqXHUwMDAxSkxlfUtJUFx1MDAwZmFtfXNWSmtcYlBUbHpUW01cdTAwMWFkfXdxSEpgXHREVGd7XklbXHRiXHUwMDdma2BIWWhcdTAwMWFSRGZnRVpUXHUwMDAwc3V0blhZbFx1MDAwZkpMZ2dFXlNcYmJ+ZXhLRHhcdFlGdHFWWFFcdTAwMTRzenVyS154XHUwMDAyWVp0el5SQ1x1MDAwMmBjZXNDX3hcdTAwMDJZWnR4U1NRXG5zdXZuWFlrXHRKTGdnRVpYXHUwMDAwc3V2blhZbFx1MDAwMUpMZ2dFWVFcbnN1dHdWSmhcYllUbH5XR0NcdGZ2ZXhLRFx1MDAwN1x1MDAxMURUP3ghXHUwMDA3XHUwMDE4dCdtfXJWSjN0XHJcdTAwMTckJSRcblx1MDAxMlBzdXJ3SFtiXHUwMDBiRFQ8XCJcdTAwMWVcdTAwMWVcdTAwMDBWc3V3blhcdTAwMWQpXVx1MDAxYVx1MDAxOCMmRVFVXG5ifHZ3Tlxcdlx1MDAxYVx1MDAwMTMuO1x1MDAxMzhcblFibX11Vkoza1x1MDAxOFx1MDAxM1x0XG5cdTAwMGJcdTAwMDdDXHUwMDAyZntwblhcdTAwMDFcbldcdTAwMDFcdTAwMThcImldW01cdTAwMWE4XHUwMDFjMi87XHUwMDA1NU1cdTAwMDZcdTAwMDJ0cV9HQ1FcdTAwMTk/XHUwMDE4XHUwMDA3XHUwMDFjXHUwMDBleFx1MDAwMllAbnJLSVxiXHUwMDdmIy4jJ1hSa1xuUVp0XCIlXG5cdTAwMDVWNDw0YEBYdlx1MDAxYVx1MDAwN1x1MDAwM1wiL1xiXHUwMDA0XHUwMDEzZz0qMSdcdTAwMTZKYFxiRFQ/XHUwMDA2XHUwMDE3NCxZKW19dU5adlx1MDAxYVx1MDAwMTI5LzgqXHJUc3Vwd01EeFEpXHUwMDAyXCJcdTAwMTQmXHUwMDA3XHJcdTAwMWFreHRyVkoza1x0XHUwMDAwPyVcdTAwMDBJW1xifW0uXHUwMDA3XHUwMDAyXHUwMDE4LmtcdTAwMDNcdTAwMWZkaV1bTVx1MDAxYTInJixcdTAwMWRccilbXHUwMDAwVGxjXHUwMDFjXHUwMDE2SFx1MDAxNHMsKC9cdTAwMTdcdTAwMWRcdTAwMDVWXHRcdTAwMWIzaV1bTVx1MDAxYThcdTAwMDImOj9cdTAwMTAqTFtUbHlXR0NRXHUwMDEzKiYxXHUwMDBlOzFRXFxUbHtLSVx1MDAxMk08XHUwMDEwXCI6XG5KYFx1MDAwMURUXCIkXHUwMDEzXG5ccmc5IDUxXHUwMDFmSmBcYkRUP1x1MDAwNlx1MDAwNlx1MDAxMyRAITt2YEBaalx1MDAxNEpcdTAwMWZcdTAwMDM7XCJcdTAwMTNcdTAwMTFcdTAwMWFrenVxSFpvXHRYWnQ4XHUwMDBmXHUwMDBlXHUwMDBmSThcdTAwMTA+J1x1MDAxNlx1MDAwNDVPSkx0aUtJXHUwMDA1WSUuKSUlXHUwMDBlP1lcdTAwMWNUbHlfUlJcdTAwMTRzPDAtXGJcZlx1MDAwNUtcdTAwMGJcdTAwMTkkLkVRUVx1MDAxNHNcIigwXHUwMDFmNztMXHUwMDFjXHUwMDA0dHFPMENZJTs1MVhSckNALXRcIlx1MDAwM1x1MDAxM0NcdTAwMDJgfmtgXHUwMDE2XHUwMDFleFx1MDAwMlhaXHUwMDBiYktDOlx1MDAxYTgrP2BAXnZcdTAwMWFcdTAwMDRcdTAwMDB0cVdHPFx1MDAxMX1nXHUwMDFjYFx1MDAxM1xmXCJcdTAwMWFSQnppXHUwMDBiXHUwMDFkQ1x1MDAwMmFjXHUwMDFha1ZAXHUwMDAxXHUwMDFhXHUwMDAxXHUwMDEyLmldWU1cdTAwMWE9OWV4SkRcdTAwMDdcdTAwMTFEXlxyaVx1MDAwZVx1MDAwZlx1MDAxOVx1MDAxYWt+dW5YXHUwMDA0LFx1MDAxYVJGelx1MDAxNk5HSWNzJiM6WFJrXHUwMDE0Slx1MDAxYSBpXVtNZXhjb1x1MDAxOVhcdTAwMDE+QEpMZWdFXHUwMDA3XHUwMDE3XHUwMDFha1x1MDA3ZmtcdTAwMWZTRHJjSlx1MDAxZjIzRVFQXGJ9bSs0WFJqXHUwMDE0NV96YzxJXGJcXCltfXdWSjZOSkxmZzpCTVx1MDAxMFxubS4mXHUwMDAySmBcdTAwMDBEVDo9RVFRXHUwMDE0XGZma2ohSjNcXFx1MDAxMFRscktJXHJOc3V3bidBdlx1MDAxMDNUPy9cdTAwMWZJW1x1MDAwZn1tKzRYUmpcdTAwMTQ1X3pjPElcYlxcKW19c0lEeFRcdTAwMWVUbHxSXFxNZXhjb1x1MDAxOVhcdTAwMDE+QEpMZ1x1MDA3ZktJXHJOc3VzcE5EXHUwMDA3XHUwMDExRFx1MDAwYlx1MDA3Zmc6Qk1cdTAwMWE4KyUrXHUwMDFlNz5dXHUwMDFiXHUwMDE1dHFPXHUwMDEwXHUwMDFjXHUwMDExfW1cdTAwMDYuXHUwMDE2Oy9VXHUwMDA1XHUwMDE5OGldQ1x1MDAxYVx1MDAxMFxubS5cdTAwMTBcdTAwMWZcdTAwMWJcdTAwMDVZXHUwMDA0XHUwMDFhdHFVXU1cdTAwMWE9LjQ2XHUwMDE5XHUwMDAwP1tcdTAwMDNcdTAwMDUjKVx1MDAxZFx1MDAxMUNcdTAwMDJjXHUwMDdmdntWSjN1XHUwMDE4VGx+UEdDVDguKTFcdTAwMTJcdTAwMDcvXHUwMDFhUkZ6aVx1MDAwM1x1MDAwNFx1MDAwNVx1MDAxYWt+dnZORHhZXHUwMDFjXHUwMDAyXHQ5XHUwMDA2XHUwMDFmXHUwMDA0XHUwMDFha1x1MDA3ZmtgXHRcdTAwMWQ3VVx1MDAwN1x1MDAxOFx0KFxiXHUwMDA3XHUwMDBlSnN1d25YXHUwMDAxXHUwMDFlXVx1MDAwZSlcdTAwMTcnXHUwMDBiSVtcZmVjZTBcdTAwMGZcdTAwMTEzXFxcdFx1MDAxOHRxV0dDUVx1MDAxYy4gXHUwMDA2XHUwMDFmXHUwMDBlXHUwMDA1WVx1MDAwNFx1MDAxYXRxVFpNXHUwMDFhOFx1MDAwMiYlJVx0NlRKTGdcdTAwN2ZLSVxifDQ3XHUwMDE4XHUwMDAzXHUwMDE2XHUwMDA0eFx1MDAwMlxcR3ppXHUwMDE0XHUwMDFlXGZVPiFcdTAwMTgnXHUwMDBiXHUwMDFkM0hcXCkyLlx1MDAxNFxiQ1x1MDAwMnNta2BcdTAwMTMpLkw3MHRxX0dDSyRcIiotXHUwMDE0NzlXXHUwMDFhXHUwMDEzdHFPMDxcdTAwMTF9bS0rXHUwMDE0XHUwMDAyM11KTH5cdTAwMTBFXGJcdTAwMGVKNG19aiE1c1x1MDAxNEpcdTAwMTU4P0VRUVx1MDAxNHMjP2BAWHZlQVp0XHUwMDAzNzQseVx0bX13T1hqXHUwMDE0Slx1MDAxMSQkXHUwMDEwSVtcdGF4cm5YXHUwMDBiKVlcdTAwMWVcdTAwMTMsMUVRQ1x0Y353PktablxuXHUwMDE0R2RcdTAwN2ZUXHUwMDE3UFx0ZXs7cUJdakRaRmVcdTAwN2ZFR0NfIyAwNlx1MDAxMiU7QEpMZ3tUW01cdTAwMWE4XHUwMDFiPjJcdTAwMWZKYFx0WERme1NHQ1FcdTAwMTYqKStcdTAwMGZcdTAwMWJ4XHUwMDAyWFp0KFx1MDAwNlx1MDAxOVx1MDAxM0E2PSYmXHUwMDFmXHUwMDEyIFx1MDAxYVJGemlcdTAwMGUqXHUwMDE1TFx1MDAwZS4rLlhSaFx1MDAwMURUNz9cdTAwMTNJW1x0Y353blhcdTAwMDUqXHUwMDFhUkRmeFNHQ0s7KGV4SkR4azgyXHRcdTAwMDYmM0NcdTAwMDJgenJyVkojTVx0XHUwMDE4LlwiXHUwMDA2XHUwMDA0Q1x1MDAwMmFjZSspXHUwMDFjKGdcdFx1MDAxYTppXVpZXHUwMDE0cyZcbjIlXHUwMDA1O0BKTGN8S0lcYnAhbX1zTF12XHUwMDFhXHUwMDAxJSYuOFxuXHJUc3V0cVZKM3pcdFx1MDAxOTQqXGJJW1x0fW0mLlx1MDAxNjcpU1x1MDAwMVx1MDAxYTo4RVFJY3N8d3dYUmtcdTAwMTRKQmd8RVFQXHUwMDE0XGZma2BcdFx1MDAxOD9cdTAwMWFSR2RcdTAwN2ZUR0NRXHUwMDEyIDVcdTAwMWRcdTAwMWJcdTAwMDQ2XHUwMDFhUkRiZ0VcdTAwMDIxVzghM2BAWW9cdTAwMTRKXHUwMDA3PypcdFx1MDAwMVxiVj06ZXhKRHhRIFx1MDAwNlx0Jlx1MDAwNlx1MDAxM0NcdTAwMDJgeXJuWFx1MDAwMVxiXVx0XHUwMDFhXHUwMDE1JFx1MDAwYlx1MDAwNFx1MDAxM1x1MDAxYWtcdTAwN2ZrYFx1MDAxMy8oWVxmXHUwMDEzdHFUR0NbPj1cIlx1MDAxZFx1MDAxOVx1MDAwNDVLXHJUbHtLSVxyXTc7XHUwMDE4M1x1MDAxNlx1MDAxMDZcdTAwMWFSQXppXHUwMDBlL1x1MDAwZVxcXHUwMDBlXHUwMDBlKy5YUmlcdTAwMGZEVFwiJlx1MDAxNzRcclE/KD8rXHUwMDE0XHUwMDBmeFx1MDAwMlhadCdcdTAwMGVcclx1MDAwNFx1MDAxYWt2dXZNRHh5PD1cdFx1MDAwNiYzQ1x1MDAwMmB6cnJWSjJISkxlc1JbTVx1MDAxYVwiOiovXHUwMDE1XHUwMDA2XHUwMDA1XVx1MDAxOVx1MDAwMz87UzRcdTAwMTVBISpleEpEeFxcXHJcdTAwMTB0cVZZVVxufW1cdTAwMDNcdTAwMDc8N1x1MDAxN3kwVGx6Ul5RXHUwMDE0c1x1MDAwMlx1MDAxNFx1MDAxZDcpXHUwMDAyXHUwMDFhUkdue1dHQ3VcdTAwMDFcdTAwMTBcblx1MDAwM1wiSmBcdTAwMGJYQ2ZnRVx1MDAwMVx1MDAwYmc0NzMwXHUwMDFiNztcXFxmVGx7S0lcYnI7XHRcIidcdTAwMWUrPlx1MDAxYVJGelx1MDAxNk5HSWNzJlx1MDAxNSdcdDc7VFx1MDAwNFRsel9HQ1QwPDMhXHUwMDEyXHI5U1x1MDAxYlx1MDAwMzQxXHUwMDFkSVtcbmF+fm5YXHUwMDAxXHUwMDE3SEpMYn5LSVxyUTAhNCpcdTAwMTVcdTAwMWR4XHUwMDAyWFp0L1xiXHUwMDBmQ1x1MDAwMmBcdTAwN2Z1dFZKO0xcdTAwMWMpJCpcdTAwMTNcdTAwMGVDXHUwMDAyYWNlMVx1MDAwZlx1MDAwNTdXXHUwMDA2KTUkXHUwMDBiXHUwMDA0XHUwMDEzXHUwMDFha1x1MDA3ZmtgXHUwMDEzLD9eNzc6J0VRU1x1MDAwZn1tNTdcdTAwMDNcdTAwMDE+WVx1MDAwNlRse0tJXGJ1MChcdTAwMDMnXHUwMDFjNztUXHUwMDA0VGx5UEdDUVx1MDAxYy4gXHUwMDFkXHUwMDFiXHUwMDA0Nlx1MDAxYVJHZWdFXHUwMDAyJV0pXHUwMDEwXHUwMDA2Llx1MDAxNkpgXHUwMDBiWVp0OFx1MDAxMlx1MDAwNlxmVz9cdTAwMTBcIjNcdTAwMGZcdTAwMDEqXGY3XHUwMDEyMzhcdTAwMDRJW1x1MDAxYXNjZSs7XHUwMDFjLmcuVGx5S0lcdTAwMTJNPFwiKCwlXHUwMDBiNUpcclRsYzw2SFx1MDAxNHMlLixcdTAwMTBcdTAwMDE/XHUwMDFhUl5ccmlcdTAwMDRcdTAwMDRcdTAwMTNdc3VvXHUwMDE5J0F2XHUwMDFhXHUwMDBiXHUwMDE4XCJpXVtNXHUwMDFhPTdleEpEXHUwMDA3XHUwMDExRFRcdTAwMWVcdTAwMWI4JiBgc3Vyd0pYdlx1MDAxYVx1MDAwZlx1MDAwNDk8RVFQXHRnfmtgXHUwMDE5XHUwMDFiO05cclxmLGldSVBcdGNcdTAwN2Y7c0tcXGpEWUJnfVx1MDAxYlpRXG5nM3NyQ10mXHRfRG5pS0lcdTAwMDZKPjgzKjdcdFwiXHUwMDFhUkdnc1NHQ1FcdTAwMDU2NydYUmtcYlpGZHhLSVxiXHUwMDdmNCEuN1x0SmBcYkRUNSpcdTAwMTVcdTAwMTlcdTAwMThfIy4jJ1x1MDAwMFx1MDAxMnhcdTAwMDJYWnRcIiZcdTAwMWZcdTAwMTVnMCMrYEBaalx1MDAxNEpcdTAwMTdcIj9FUVBcdGNcdTAwN2ZrYFx1MDAxN1x1MDAxOHhcdTAwMDJZQWRzS0lcdTAwMTJSNm19clZKXHRoLClcdTAwMWJcbj9JW1x0ZHp3blhcdTAwMTEvWVx1MDAwNlx1MDAwZT8qXGJJW1xifW0uXHUwMDExXHUwMDBlXHUwMDFhXHUwMDA1WVx1MDAwNFx1MDAxYXRxVlNNXHUwMDFhOFx1MDAwMjdcdTAwMWRcdTAwMTdcdFwiXHUwMDFhUkJjZ0VcdTAwMDIpSHN1dXJIRHhRO1x1MDAwNjNcdTAwMTRcdTAwMDZcdTAwMDdcclx1MDAxYWt9dW5YXHUwMDAxXHUwMDE4WVx1MDAwN1x1MDAxNDckRVFQXHUwMDE0cy4rLiVcdTAwMWIxUVx1MDAwNFx1MDAxYSVpXUM6XHUwMDFhZXx3YEBZdlx1MDAxYVtEYGldWk1cdTAwMWFkXHUwMDdmdWBAWXZcdTAwMWFbRmBpXVpNZXhjZTFcblxyeFx1MDAwMllCZ31LSVxiez49XHUwMDE4I1x1MDAxNlx1MDAwNHhcdTAwMDJaT3ppXHUwMDBlO1x1MDAwZVE/O2V4SkR4SVx1MDAwMVx1MDAxNzghXHUwMDBlXHUwMDA1XHJNc3V3blhcdTAwMDFcdTAwMTJIN1x1MDAxYjczRVFTXGJjY2UrKFxyO1QrXHUwMDE5OiRcdTAwMTVJW1xifW0uXHUwMDA1XGJcdD5dSkxmZ0VcYlx1MDAwZUo0XHUwMDEwJC5cdTAwMTVcdTAwMWI/XHUwMDFhUkZ6aVx1MDAwYlx1MDAwZVx1MDAwN0xcdTAwMGU+KzpcdTAwMTZKYFx1MDAwZkRUP1x1MDAwZlxiXHUwMDBmPnk9I2V4SFp2XHUwMDFhXHUwMDFjXHUwMDFiJlx1MDAxNFx1MDAwYlx1MDAwMlx1MDAwZl8pJiklWFJqXHUwMDE0Slx1MDAxYT8tXHUwMDAySVtcdGF7cnJWSlx1MDAxYmwjKVx1MDAxYlxuP0lbXHRkenduWFx1MDAwMCpcdTAwMWFSQmZyUkdDSyRcIiotXHUwMDE0Nz9JXHUwMDFkXHUwMDFmJlx1MDA3ZjhcdTAwMWZcdTAwMThING19clZKPl1cdTAwMGVUbHpWX1FcdTAwMTRzXHUwMDBiXHUwMDAyXHUwMDA0JSVcdTAwMWJgSkxnflJbTVx1MDAxYVx1MDAxY1x1MDAxY1x1MDAxOFx1MDAwZjsweFx1MDAwMllOZntLSSxoXHUwMDBlXHUwMDAyXHUwMDA2XHUwMDFhWFJpXGJdRnppXHJcdTAwMDE+XSk7NSMlXHQ+XFxKTGZnRVx1MDAwMitSXHUwMDE3KlwiJjlcZnhcdTAwMDJYWlx1MDAwYmJLXHUwMDE2SFx1MDAxNHMmXG4jXHUwMDAyLVwiSFx1MDAxY0J0cVVbTVx1MDAxYVwiJ1wiLFx1MDAwYlx1MDAwMVx1MDAwNUhcdTAwMDdcdTAwMDV0cU9cdTAwMTBRXHUwMDE0YWM6a1ZKXHUwMDFiVFx1MDAwNDMnPlx1MDAwZVx1MDAxYkNcdTAwMDJ5XHUwMDE0dnhSM3hRPFx1MDAwZiYuRVFTXHJgeGtgXHUwMDE5LD9LXHUwMDBiVGxpRFx1MDAxOVx1N2IyOFx1N2U5ZnF4d2JaSyhcdTliNmNcdTZjYmRWfXxXS1x1OTY1M1x1NWY5OXFkdHtZXHUwMDFhXHU4MDRhXHU0ZTdkXHU1ZWNlVmV5Vkg4XHUwMDE4cW1rXHUwMDFmU0RiXHUwMDAyQC10XCIzXHUwMDEyXHUwMDExXXN1dXRLX3ZcdTAwMWFcdTAwMGIyMzhcdTAwMDRJW1x1MDAxYXI9XHU3YjBlXHU3ZWU1Wl9qXHUwMDE4SFx1NGVlMlx1ODgxYWtcdTU3NzhIXHUwMDEzXHUwMDFiI1x1NmM1Ylx1ODgwN2JRUGpcdTAwMThcdTk2NWFcdTVmZDd2YFZbVlx1MDAxYiNcdTgwNWZcdTRlMDJcdTVlZTRaWm9cdTAwMDBIVlx1NGZiOFx1NzQ0ZFx1NTk1Nlx1OGQ0ZUFcdFx1NmI3MGw1XHU5NTc5XHU3MGM2XHU3YjIxXHU3ZWZkXHUwMDE4WlZ2XHU5NTNkXHU1ZDJiXHU1YmY2XHU3NzkyXHUwMDE4XHU1MTE4XHU4MmRkXHU3N2I0YVxiS1x1MDAxZFx1MDAxYi9cdTRmMjVcdThkN2VrTFpTXHUwMDFiXGJsXHUwMDFlYlpKdmVBWmJxTzBDUVx1MDAwNTY3J1hSaFx1MDAwMFhAemlcdTAwMDQvXHUwMDA0SzJtfWBZXHUwMDFhXHU3YjEzXHU3ZTlmSEJma0dIXHUwMDEzXHU3MDRkXHU1MmNhb2xxTksoXHU4MDI4XHU0ZTJkXHU1ZWQwdnpXWEJhcj1kIU4sXHUwMDE4eS5CXHU3MjJmXHU2NTAzXHVmZjdkSFx1MDAwMlxmXHUwMDE1XHJcdTAwMDZcdTAwMDROXHU0ZTdiXHU2Y2IyXHUwMDFiMVZ2aUs2SFx1MDAxNGd1b1x1MDAxOVhcdTAwMDFcdTAwMGVBXHUwMDE4XHUwMDEzdHFWWFRcYn1tJFx1MDAwNlx1MDAxZlx1MDAxYjlcdTAwMWFSVHU5XHU3YjJlXHU3ZWNjQVx0YVx1MDA3ZmdiXHU0ZWVlXHU4ODI0elx1NTcyN0tcdTAwMDR1OVx1NGY0M1x1NWJkOEFcdTAwMTNie3ZiXHU1NDA3XHU0ZTQ1elx1MDAxM1tBbmhcdTAwMTVcdTgwN2JcdTRlMjRcdTVlOWVxeWQwXHU5NTQxXHU3MGQ0XHU3YjEzXHU3ZTlmSER2a1x1OTUxMVx1NWQyN1x1NWJmY1x1NzdjYnFcdTU5NjVcdTk2NzRcdTc3YjFZXHUwMDFheVx1MDA3ZksxXHU4MDQ2XHU1MmQwR0BQXHUwMDBmclx1MDAxNmRcdTAwMWJZXHUwMDFheW9cdTUyNWVcdTkwNTZcdTgwNTNcdWZmNTEoJFFcdTViYzNcdTI1ZjFcdTY4ZTlcYlxyNVx1NWY1Mlx1NTM0Y1x1NjI2Ylx1OTA0OFVcdTAwMGZrR0lNZXhjXHUwMDFha1ZKM2tcdTAwMWRcdTAwMWJcdTAwMTcmXGJcdTAwMWVcdTAwMGZMXHUwMDE0N2V4SkR4cFxyXHUwMDA0OVx1MDAxOFx1MDAwNFx1MDAwNFx1MDAxM11zdXZ1VkouV1x1MDAxY1x1MDAxNzpcdTAwMTRcdTAwMDZcdTAwMWRcdTAwMDBMMD1leEpEeFFcdTAwMGJcdTAwMTk6JFx1MDAxNTRcdTAwMDRAc3V3bidBIn0=@")));    
console.log(role_info);
return role_info;
}

function js_eval(js_str) {
    return eval("(" + js_str + ")");
}

function lpc_2_js(lpc_str) {
    var convert_dict = {
        "([": "{",
        "])": "}",
        ",])": "}",
        "({": "[",
        "})": "]",
        ",})": "]"
    };
    function convert($1) {
        var match_str = $1.replace(/\s+/g, '');
        return convert_dict[match_str];
    }
    var parser = new RegExp("\\(\\[|,?\s*\\]\\)|\\({|,?\\s*}\\)",'g');
    return lpc_str.replace(parser, convert);
}


function decode_desc(ciphertext) {
            if (ciphertext = ciphertext.replace(/^\s+|\s+$/g, ''),
            !/^@[\s\S]*@$/.test(ciphertext))
                return ciphertext;
            var _0x36ab38 = "";//(/\b_k=([^;]*)/.exec(document.cookie) || [])[0x1] || '';
            if (ciphertext = ciphertext.replace(/^@|@$/g, ''),
            /^[^@]+@[\s\S]+/.test(ciphertext)) {
                var num = ciphertext.indexOf('@');
                _0x36ab38 = ciphertext.substring(0, num),
                ciphertext = ciphertext.substring(num + 0x1);
            }
			debugger;
            var _0x1b3f48 = function s(ciphertext) {
                try {
                    return window.eval('(' + ciphertext + ')');//
                } catch (_0x40b9c3) {
                    return null;
                }
            }(ciphertext = window.atob(ciphertext));//解码
            _0x1b3f48 && 'object' == typeof _0x1b3f48 && _0x1b3f48['d'] && (_0x1b3f48 = _0x1b3f48['d']);//从对象{'d':'xxx'} 取到xxx
			var  str=_0x1b3f48;
			//numList 是二进制数字的集合
            for (var numList = [], j = 0, i =0; i < str.length; i++) {
                var charCode = str.charCodeAt(i)
                  , _0x341952 = _0x36ab38.charCodeAt(j % _0x36ab38.length);//_0x36ab38 是一个短的字符串 如 QOGBzhZ8hvVKgka8
                j ++,
                charCode = 0x1 * charCode ^ _0x341952,
                numList.push(charCode.toString(2));
            }
            return function d(ciphertext) {
                for (var arr = [], i = 0; i < ciphertext.length; i++)
                    arr.push(window.String.fromCharCode(window.parseInt(ciphertext[i], 2)));
                return arr.join('');
            }(numList);
        }

另外附上依照此js写的java版本(仅核心代码,其他缺失部分可以自己手动填加)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
private static String decodeStr(String ciphertext) throws UnsupportedEncodingException, ScriptException {
		// 去除前后空格,判断先后字符是否符号特定规则
		ciphertext = ciphertext.trim();
		if (!(ciphertext.startsWith("@") && ciphertext.endsWith("@"))) {
			return ciphertext;
		}
		ciphertext = replace(ciphertext, "^@|@$", "");
		// 将字符串分成两部分
		int index = ciphertext.indexOf("@");
		String ciphertextPrefix = ciphertext.substring(0, index);
		String ciphertextSuffix = ciphertext.substring(index + 1);
		// 对ciphertextSuffix解码
		ciphertextSuffix = BtoAAtoB.atob(ciphertextSuffix);
		Object ciphertextSuffixObj = evalJS('(' + ciphertextSuffix + ')');
		ciphertextSuffix = JSONObject.toJSONString(ciphertextSuffixObj);
		JSONObject jsonObject = JSONObject.parseObject(ciphertextSuffix);
		// 从对象{'d':'xxx'} 取到xxx
		ciphertextSuffix = jsonObject.get("d").toString();
		// 转二进制
		List<String> numList2 = new ArrayList<String>();
		for (int i = 0, j = 0; i < ciphertextSuffix.length(); i++) {
			char charCode = ciphertextSuffix.charAt(i);
			char charCode2 = ciphertextPrefix.charAt(j % ciphertextPrefix.length());
			j++;
			int charCodeInt = 1 * (int) charCode ^ (int) charCode2;
			numList2.add(Integer.toBinaryString(charCodeInt));
		}
		// 转字符串
		String byteArrayStr=listTobyte2(numList2);
		System.out.println("--------------");
		return lpc_2_js(byteArrayStr);
	}