aaencode颜文字加密JS分析,并使用PHP进行编码解码
0x01 前言
今天在看一个网站JS代码的时候发现,JS代码为一串颜文字,而且还能被解析使用,搜索后得知为aaencode加密,此加密能把js代码转化成颜文字。
原作者的aaencode编码地址 https://utf-8.jp/public/aaencode.html
0x02编码过程
网页源码里可以查看到具体的编码过程,摘录如下。
function aaencode( text )
{
var t;
var b = [
"(c^_^o)",
"(゚Θ゚)",
"((o^_^o) - (゚Θ゚))",
"(o^_^o)",
"(゚ー゚)",
"((゚ー゚) + (゚Θ゚))",
"((o^_^o) +(o^_^o))",
"((゚ー゚) + (o^_^o))",
"((゚ー゚) + (゚ー゚))",
"((゚ー゚) + (゚ー゚) + (゚Θ゚))",
"(゚Д゚) .゚ω゚ノ",
"(゚Д゚) .゚Θ゚ノ",
"(゚Д゚) ['c']",
"(゚Д゚) .゚ー゚ノ",
"(゚Д゚) .゚Д゚ノ",
"(゚Д゚) [゚Θ゚]"
];
var r = "゚ω゚ノ= /`m´)ノ ~┻━┻ //*´∇`*/ ['_']; o=(゚ー゚) =_=3; c=(゚Θ゚) =(゚ー゚)-(゚ー゚); ";
if( /ひだまりスケッチ×(365|356)\s*来週も見てくださいね[!!]/.test( text ) ){
r += "X=_=3; ";
r += "\r\n\r\n X / _ / X < \"来週も見てくださいね!\";\r\n\r\n";
}
r += "(゚Д゚) =(゚Θ゚)= (o^_^o)/ (o^_^o);"+
"(゚Д゚)={゚Θ゚: '_' ,゚ω゚ノ : ((゚ω゚ノ==3) +'_') [゚Θ゚] "+
",゚ー゚ノ :(゚ω゚ノ+ '_')[o^_^o -(゚Θ゚)] "+
",゚Д゚ノ:((゚ー゚==3) +'_')[゚ー゚] }; (゚Д゚) [゚Θ゚] =((゚ω゚ノ==3) +'_') [c^_^o];"+
"(゚Д゚) ['c'] = ((゚Д゚)+'_') [ (゚ー゚)+(゚ー゚)-(゚Θ゚) ];"+
"(゚Д゚) ['o'] = ((゚Д゚)+'_') [゚Θ゚];"+
"(゚o゚)=(゚Д゚) ['c']+(゚Д゚) ['o']+(゚ω゚ノ +'_')[゚Θ゚]+ ((゚ω゚ノ==3) +'_') [゚ー゚] + "+
"((゚Д゚) +'_') [(゚ー゚)+(゚ー゚)]+ ((゚ー゚==3) +'_') [゚Θ゚]+"+
"((゚ー゚==3) +'_') [(゚ー゚) - (゚Θ゚)]+(゚Д゚) ['c']+"+
"((゚Д゚)+'_') [(゚ー゚)+(゚ー゚)]+ (゚Д゚) ['o']+"+
"((゚ー゚==3) +'_') [゚Θ゚];(゚Д゚) ['_'] =(o^_^o) [゚o゚] [゚o゚];"+
"(゚ε゚)=((゚ー゚==3) +'_') [゚Θ゚]+ (゚Д゚) .゚Д゚ノ+"+
"((゚Д゚)+'_') [(゚ー゚) + (゚ー゚)]+((゚ー゚==3) +'_') [o^_^o -゚Θ゚]+"+
"((゚ー゚==3) +'_') [゚Θ゚]+ (゚ω゚ノ +'_') [゚Θ゚]; "+
"(゚ー゚)+=(゚Θ゚); (゚Д゚)[゚ε゚]='\\\\'; "+
"(゚Д゚).゚Θ゚ノ=(゚Д゚+ ゚ー゚)[o^_^o -(゚Θ゚)];"+
"(o゚ー゚o)=(゚ω゚ノ +'_')[c^_^o];"+//TODO
"(゚Д゚) [゚o゚]='\\\"';"+
"(゚Д゚) ['_'] ( (゚Д゚) ['_'] (゚ε゚+";
r += "(゚Д゚)[゚o゚]+ ";
for( var i = 0; i < text.length; i++ ){
n = text.charCodeAt( i );
t = "(゚Д゚)[゚ε゚]+";
if( n <= 127 ){
t += n.toString( 8 ).replace( /[0-7]/g, function(c){ return b[ c ] + "+ "; } );
}else{
var m = /[0-9a-f]{4}$/.exec( "000" + n.toString(16 ) )[0];
t += "(o゚ー゚o)+ " + m.replace( /[0-9a-f]/gi, function(c){ return b[ parseInt( c,16 ) ] + "+ "; } );
}
r += t;
}
r += "(゚Д゚)[゚o゚]) (゚Θ゚)) ('_');";
return r;
}
0x03 PHP加解密脚本
<?php
//实现两个PHP没有的JS常用函数,兼容中文。
function charCodeAt($str, $index)
{
$char = mb_substr($str, $index, 1, 'UTF-8');
if (mb_check_encoding($char, 'UTF-8'))
{
$ret = mb_convert_encoding($char, 'UTF-32BE', 'UTF-8');
return hexdec(bin2hex($ret));
}
else
{
return null;
}
}
function uchr ($codes) {
if (is_scalar($codes)) $codes= func_get_args();
$str= '';
foreach ($codes as $code){
$buf = html_entity_decode('&#'.$code.';',ENT_NOQUOTES,'UTF-8');
$buf == '&#'.$code.';' && ($buf = mb_convert_encoding('&#' . intval($code) . ';', 'UTF-8', 'HTML-ENTITIES'));
$str.= $buf;
}
return $str;
}
$b = [
"(c^_^o)",
"(゚Θ゚)",
"((o^_^o) - (゚Θ゚))",
"(o^_^o)",
"(゚ー゚)",
"((゚ー゚) + (゚Θ゚))",
"((o^_^o) +(o^_^o))",
"((゚ー゚) + (o^_^o))",
"((゚ー゚) + (゚ー゚))",
"((゚ー゚) + (゚ー゚) + (゚Θ゚))",
"(゚Д゚) .゚ω゚ノ",
"(゚Д゚) .゚Θ゚ノ",
"(゚Д゚) ['c']",
"(゚Д゚) .゚ー゚ノ",
"(゚Д゚) .゚Д゚ノ",
"(゚Д゚) [゚Θ゚]"
];
//编码的过程
function aaencode($text){
global $b;
$r = "゚ω゚ノ= /`m´)ノ ~┻━┻ //*´∇`*/ ['_']; o=(゚ー゚) =_=3; c=(゚Θ゚) =(゚ー゚)-(゚ー゚); ";
if(preg_match('/ひだまりスケッチ×(365|356)\s*来週も見てくださいね[!!]/', $text)){
$r .= "X=_=3; ";
$r .= "\r\n\r\n X / _ / X < \"来週も見てくださいね!\";\r\n\r\n";
}
$r .= "(゚Д゚) =(゚Θ゚)= (o^_^o)/ (o^_^o);".
"(゚Д゚)={゚Θ゚: '_' ,゚ω゚ノ : ((゚ω゚ノ==3) +'_') [゚Θ゚] ".
",゚ー゚ノ :(゚ω゚ノ+ '_')[o^_^o -(゚Θ゚)] ".
",゚Д゚ノ:((゚ー゚==3) +'_')[゚ー゚] }; (゚Д゚) [゚Θ゚] =((゚ω゚ノ==3) +'_') [c^_^o];".
"(゚Д゚) ['c'] = ((゚Д゚)+'_') [ (゚ー゚)+(゚ー゚)-(゚Θ゚) ];".
"(゚Д゚) ['o'] = ((゚Д゚)+'_') [゚Θ゚];".
"(゚o゚)=(゚Д゚) ['c']+(゚Д゚) ['o']+(゚ω゚ノ +'_')[゚Θ゚]+ ((゚ω゚ノ==3) +'_') [゚ー゚] + ".
"((゚Д゚) +'_') [(゚ー゚)+(゚ー゚)]+ ((゚ー゚==3) +'_') [゚Θ゚]+".
"((゚ー゚==3) +'_') [(゚ー゚) - (゚Θ゚)]+(゚Д゚) ['c']+".
"((゚Д゚)+'_') [(゚ー゚)+(゚ー゚)]+ (゚Д゚) ['o']+".
"((゚ー゚==3) +'_') [゚Θ゚];(゚Д゚) ['_'] =(o^_^o) [゚o゚] [゚o゚];".
"(゚ε゚)=((゚ー゚==3) +'_') [゚Θ゚]+ (゚Д゚) .゚Д゚ノ+".
"((゚Д゚)+'_') [(゚ー゚) + (゚ー゚)]+((゚ー゚==3) +'_') [o^_^o -゚Θ゚]+".
"((゚ー゚==3) +'_') [゚Θ゚]+ (゚ω゚ノ +'_') [゚Θ゚]; ".
"(゚ー゚)+=(゚Θ゚); (゚Д゚)[゚ε゚]='\\\\'; ".
"(゚Д゚).゚Θ゚ノ=(゚Д゚+ ゚ー゚)[o^_^o -(゚Θ゚)];".
"(o゚ー゚o)=(゚ω゚ノ +'_')[c^_^o];".
"(゚Д゚) [゚o゚]='\\\"';".
"(゚Д゚) ['_'] ( (゚Д゚) ['_'] (゚ε゚+";
$r .= "(゚Д゚)[゚o゚]+ ";
for( $i = 0; $i < mb_strlen($text); $i++ ){
$n = charCodeAt($text,$i);
$t = "(゚Д゚)[゚ε゚]+";
if( $n <= 127 ){
$t .= preg_replace_callback('/[0-7]/', function($c)use ($b){
return $b[$c[0]]."+ ";
}, ((string)decoct($n)));
}else{
if(preg_match('/[0-9a-f]{4}$/', '000'.((string)dechex($n)),$result)){
$m = $result[0];
}else{
$m = '';
}
$t .= "(o゚ー゚o)+ " . preg_replace_callback('/[0-9a-f]/i',function($c)use ($b){
return $b[ hexdec($c[0]) ] . "+ ";
},$m);
}
$r .= $t;
}
$r .= "(゚Д゚)[゚o゚]) (゚Θ゚)) ('_');";
return $r;
}
//解码的过程
function aadecode($text){
global $b;
$text = strtr($text, ["(゚Д゚)[゚o゚]) (゚Θ゚)) ('_');" => '']);
for($i=0;$i<count($b);$i++){
$buf = $b[$i];
if($i <=7){
//8进制逆向
$str = (($i));
$text = strtr($text, [$buf."+ "=>$str]);
}else{
//16进制逆向
$text = strtr($text, [$buf."+ " => dechex($i)]);
}
}
$text = preg_replace_callback('/\(゚Д゚\)\[゚ε゚\]\+(\d+)/', function($c){
return uchr(octdec($c[1]));
}, $text);
$text = preg_replace_callback('/\(゚Д゚\)\[゚ε゚\]\+\(o゚ー゚o\)\+\s+([0-9a-f]{4})/', function($c){
return uchr(hexdec($c[1]));
}, $text);
$pre = [
"゚ω゚ノ= /`m´)ノ ~┻━┻ //*´∇`*/ ['_']; o=(゚ー゚) =_=3; c=(゚Θ゚) =(゚ー゚)-(゚ー゚); ",
"X=_=3; ",
"\r\n\r\n X / _ / X < \"来週も見てくださいね!\";\r\n\r\n",
"(゚Д゚) =(゚Θ゚)= (o^_^o)/ (o^_^o);",
"(゚Д゚)={゚Θ゚: '_' ,゚ω゚ノ : ((゚ω゚ノ==3) +'_') [゚Θ゚] ",
",゚ー゚ノ :(゚ω゚ノ+ '_')[o^_^o -(゚Θ゚)] ",
",゚Д゚ノ:((゚ー゚==3) +'_')[゚ー゚] }; (゚Д゚) [゚Θ゚] =((゚ω゚ノ==3) +'_') [c^_^o];",
"(゚Д゚) ['c'] = ((゚Д゚)+'_') [ (゚ー゚)+(゚ー゚)-(゚Θ゚) ];",
"(゚Д゚) ['o'] = ((゚Д゚)+'_') [゚Θ゚];",
"(゚o゚)=(゚Д゚) ['c']+(゚Д゚) ['o']+(゚ω゚ノ +'_')[゚Θ゚]+ ((゚ω゚ノ==3) +'_') [゚ー゚] + ",
"((゚Д゚) +'_') [(゚ー゚)+(゚ー゚)]+ ((゚ー゚==3) +'_') [゚Θ゚]+",
"((゚ー゚==3) +'_') [(゚ー゚) - (゚Θ゚)]+(゚Д゚) ['c']+",
"((゚Д゚)+'_') [(゚ー゚)+(゚ー゚)]+ (゚Д゚) ['o']+",
"((゚ー゚==3) +'_') [゚Θ゚];(゚Д゚) ['_'] =(o^_^o) [゚o゚] [゚o゚];",
"(゚ε゚)=((゚ー゚==3) +'_') [゚Θ゚]+ (゚Д゚) .゚Д゚ノ+",
"((゚Д゚)+'_') [(゚ー゚) + (゚ー゚)]+((゚ー゚==3) +'_') [o^_^o -゚Θ゚]+",
"((゚ー゚==3) +'_') [゚Θ゚]+ (゚ω゚ノ +'_') [゚Θ゚]; ",
"(゚ー゚)+=(゚Θ゚); (゚Д゚)[゚ε゚]='\\\\'; ",
"(゚Д゚).゚Θ゚ノ=(゚Д゚+ ゚ー゚)[o^_^o -(゚Θ゚)];",
"(o゚ー゚o)=(゚ω゚ノ +'_')[c^_^o];",
"(゚Д゚) [゚o゚]='\\\"';",
"(゚Д゚) ['_'] ( (゚Д゚) ['_'] (゚ε゚+",
"(゚Д゚)[゚o゚]+ ",
];
$rA = [];
foreach($pre as $val){
$rA[$val] = '';
}
$text = strtr($text,$rA);
return $text;
}
//加密
$crytext = aaencode('console.log("唐宋元明清");');
echo $crytext;//゚ω゚ノ= /`m´)ノ ~┻━┻ //*´∇`*/ ['_']; o=(゚ー゚)......
//解密
echo aadecode($crytext);//console.log("唐宋元明清");
参考链接:https://my.oschina.net/u/2366984/blog/1621119