From 0871cb074f668e723e6330201e78fe77b0f0db5f Mon Sep 17 00:00:00 2001 From: aiyingfeng Date: Tue, 22 Aug 2023 11:01:01 +0800 Subject: [PATCH] =?UTF-8?q?11.AST=E6=93=8D=E4=BD=9C=E4=B9=8B=E5=88=A0?= =?UTF-8?q?=E9=99=A4=E8=8A=82=E7=82=B9-pop-delete-remove?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../README.md | 109 ++++++++++++++++++ .../decode_obfuscator.js | 0 .../decode_obfuscator1.js} | 28 ++--- .../decode_obfuscator2.js | 26 +++++ .../encode.js | 0 .../encode1.js | 1 + .../encode2.js | 5 + .../img/1.png | Bin 8 files changed, 148 insertions(+), 21 deletions(-) create mode 100644 AST抽象语法树/11.AST操作之删除节点-pop-delete-remove/README.md rename AST抽象语法树/{11.AST操作之删除节点 => 11.AST操作之删除节点-pop-delete-remove}/decode_obfuscator.js (100%) rename AST抽象语法树/{11.AST操作之删除节点/README.md => 11.AST操作之删除节点-pop-delete-remove/decode_obfuscator1.js} (50%) create mode 100644 AST抽象语法树/11.AST操作之删除节点-pop-delete-remove/decode_obfuscator2.js rename AST抽象语法树/{11.AST操作之删除节点 => 11.AST操作之删除节点-pop-delete-remove}/encode.js (100%) create mode 100644 AST抽象语法树/11.AST操作之删除节点-pop-delete-remove/encode1.js create mode 100644 AST抽象语法树/11.AST操作之删除节点-pop-delete-remove/encode2.js rename AST抽象语法树/{11.AST操作之删除节点 => 11.AST操作之删除节点-pop-delete-remove}/img/1.png (100%) diff --git a/AST抽象语法树/11.AST操作之删除节点-pop-delete-remove/README.md b/AST抽象语法树/11.AST操作之删除节点-pop-delete-remove/README.md new file mode 100644 index 0000000..b3e0a4c --- /dev/null +++ b/AST抽象语法树/11.AST操作之删除节点-pop-delete-remove/README.md @@ -0,0 +1,109 @@ +# AST操作之删除节点 + +需求:还原十六进制字符串,比如需要处理的这样一个字串 + +```javascript +var a = "\x31\x32\x33\x34\x35\x36"; +``` + +这里可以看到raw字段显示的是十六进制字符串 + +![debugger](./img/1.png) + +删除raw字段,就恢复十进制字符串 + +```javascript +const fs = require('fs'); +const {parse} = require("@babel/parser"); +const traverse = require("@babel/traverse").default; +const generator = require("@babel/generator").default; +let encode_file = "./encode.js"; + +let js_code = fs.readFileSync(encode_file, {encoding: "utf-8"}); +let ast = parse(js_code, { + sourceType: 'module', +}); + + +const visitor = { + StringLiteral(path) { + // 删除多余字段 + delete path.node.extra.raw; + }, +}; + +traverse(ast, visitor); + +// 将修改后的AST重新生成为代码 +const modifiedCode = generator(ast).code; +console.log(modifiedCode); +``` + +需求:将`var a = "123", b = 123;`中的`a = "123"`删除 + +```javascript +const fs = require('fs'); +const {parse} = require("@babel/parser"); +const traverse = require("@babel/traverse").default; +const generator = require("@babel/generator").default; +let encode_file = "./encode1.js"; + +let js_code = fs.readFileSync(encode_file, {encoding: "utf-8"}); +let ast = parse(js_code, { + sourceType: 'module', +}); + +const visitor = { + VariableDeclarator(path) { + let init = path.get('init') + if(init.isStringLiteral()){ + // 判断将整个节点删除 + path.remove() + } + }, +}; + +traverse(ast, visitor); + +// 将修改后的AST重新生成为代码 +const modifiedCode = generator(ast).code; +console.log(modifiedCode); +``` + +需求:将如下代码中的`crack();`删除 +```javascript +function test(){ + var a = 123; + c = a + b; + crack(); +} +``` +实现代码 +```javascript +const fs = require('fs'); +const {parse} = require("@babel/parser"); +const traverse = require("@babel/traverse").default; +const generator = require("@babel/generator").default; +let encode_file = "./encode2.js"; + +let js_code = fs.readFileSync(encode_file, {encoding: "utf-8"}); +let ast = parse(js_code, { + sourceType: 'module', +}); + +const visitor = { + BlockStatement(path) { + // path.node.body 是直接访问当前节点的 body 属性的值,返回一个数组(通常是一组语句节点)。 + // path.get('body') 是通过路径对象的方法获取当前节点的 body 属性的子路径,你可以在这个子路径上进行更多的操作。 + let body = path.node.body; + console.log(body); + body.pop() + }, +}; + +traverse(ast, visitor); + +// 将修改后的AST重新生成为代码 +const modifiedCode = generator(ast).code; +console.log(modifiedCode); +``` \ No newline at end of file diff --git a/AST抽象语法树/11.AST操作之删除节点/decode_obfuscator.js b/AST抽象语法树/11.AST操作之删除节点-pop-delete-remove/decode_obfuscator.js similarity index 100% rename from AST抽象语法树/11.AST操作之删除节点/decode_obfuscator.js rename to AST抽象语法树/11.AST操作之删除节点-pop-delete-remove/decode_obfuscator.js diff --git a/AST抽象语法树/11.AST操作之删除节点/README.md b/AST抽象语法树/11.AST操作之删除节点-pop-delete-remove/decode_obfuscator1.js similarity index 50% rename from AST抽象语法树/11.AST操作之删除节点/README.md rename to AST抽象语法树/11.AST操作之删除节点-pop-delete-remove/decode_obfuscator1.js index beeb082..2f4b598 100644 --- a/AST抽象语法树/11.AST操作之删除节点/README.md +++ b/AST抽象语法树/11.AST操作之删除节点-pop-delete-remove/decode_obfuscator1.js @@ -1,33 +1,20 @@ -# AST操作之删除节点 - -需求:还原十六进制字符串,比如需要处理的这样一个字串: - -```javascript -var a = "\x31\x32\x33\x34\x35\x36"; -``` - -这里可以看到raw字段显示的是十六进制字符串 - -![debugger](./img/1.png) - -删除raw字段,就恢复十进制字符串 - -```javascript const fs = require('fs'); const {parse} = require("@babel/parser"); const traverse = require("@babel/traverse").default; const generator = require("@babel/generator").default; -let encode_file = "./encode.js"; +let encode_file = "./encode1.js"; let js_code = fs.readFileSync(encode_file, {encoding: "utf-8"}); let ast = parse(js_code, { sourceType: 'module', }); - const visitor = { - StringLiteral(path) { - delete path.node.extra.raw; + VariableDeclarator(path) { + let init = path.get('init') + if(init.isStringLiteral()){ + path.remove() + } }, }; @@ -35,5 +22,4 @@ traverse(ast, visitor); // 将修改后的AST重新生成为代码 const modifiedCode = generator(ast).code; -console.log(modifiedCode); -``` \ No newline at end of file +console.log(modifiedCode); \ No newline at end of file diff --git a/AST抽象语法树/11.AST操作之删除节点-pop-delete-remove/decode_obfuscator2.js b/AST抽象语法树/11.AST操作之删除节点-pop-delete-remove/decode_obfuscator2.js new file mode 100644 index 0000000..174d6f8 --- /dev/null +++ b/AST抽象语法树/11.AST操作之删除节点-pop-delete-remove/decode_obfuscator2.js @@ -0,0 +1,26 @@ +const fs = require('fs'); +const {parse} = require("@babel/parser"); +const traverse = require("@babel/traverse").default; +const generator = require("@babel/generator").default; +let encode_file = "./encode2.js"; + +let js_code = fs.readFileSync(encode_file, {encoding: "utf-8"}); +let ast = parse(js_code, { + sourceType: 'module', +}); + +const visitor = { + BlockStatement(path) { + // path.node.body 是直接访问当前节点的 body 属性的值,返回一个数组(通常是一组语句节点)。 + // path.get('body') 是通过路径对象的方法获取当前节点的 body 属性的子路径,你可以在这个子路径上进行更多的操作。 + let body = path.node.body; + console.log(body); + body.pop() + }, +}; + +traverse(ast, visitor); + +// 将修改后的AST重新生成为代码 +const modifiedCode = generator(ast).code; +console.log(modifiedCode); \ No newline at end of file diff --git a/AST抽象语法树/11.AST操作之删除节点/encode.js b/AST抽象语法树/11.AST操作之删除节点-pop-delete-remove/encode.js similarity index 100% rename from AST抽象语法树/11.AST操作之删除节点/encode.js rename to AST抽象语法树/11.AST操作之删除节点-pop-delete-remove/encode.js diff --git a/AST抽象语法树/11.AST操作之删除节点-pop-delete-remove/encode1.js b/AST抽象语法树/11.AST操作之删除节点-pop-delete-remove/encode1.js new file mode 100644 index 0000000..32e56d8 --- /dev/null +++ b/AST抽象语法树/11.AST操作之删除节点-pop-delete-remove/encode1.js @@ -0,0 +1 @@ +var a = "123", b = 123; \ No newline at end of file diff --git a/AST抽象语法树/11.AST操作之删除节点-pop-delete-remove/encode2.js b/AST抽象语法树/11.AST操作之删除节点-pop-delete-remove/encode2.js new file mode 100644 index 0000000..b8ab990 --- /dev/null +++ b/AST抽象语法树/11.AST操作之删除节点-pop-delete-remove/encode2.js @@ -0,0 +1,5 @@ +function test(){ + var a = 123; + c = a + b; + crack(); +} \ No newline at end of file diff --git a/AST抽象语法树/11.AST操作之删除节点/img/1.png b/AST抽象语法树/11.AST操作之删除节点-pop-delete-remove/img/1.png similarity index 100% rename from AST抽象语法树/11.AST操作之删除节点/img/1.png rename to AST抽象语法树/11.AST操作之删除节点-pop-delete-remove/img/1.png