我正在寻找一种在JavaScript中混淆和反混淆字符串的方法;也就是说,在安全不成问题的情况下进行加密和解密。最好是JS本地支持的(例如PHP中的
欢迎任何建议!
base64_encode()
和base64_decode()
),以“将一个字符串变成别的东西,然后再变回来”而无需编写函数。欢迎任何建议!
base64_encode()
和base64_decode()
),以“将一个字符串变成别的东西,然后再变回来”而无需编写函数。(![]+[])[+[]]+(![]+[])[+!+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]
可以在不看起来像字符串的情况下评估为字符串"fail"。真的,将它输入到Node中,你会感到惊讶。你可以通过疯狂地运用JavaScript来拼出任何东西。显然,我来晚了,但我正在为这个问题寻找另一个解决方案,而base64似乎太弱了。
它的工作原理如下:
"abc;123!".obfs(13) // => "nopH>?@."
"nopH>?@.".defs(13) // => "abc;123!"
代码:
/**
* Obfuscate a plaintext string with a simple rotation algorithm similar to
* the rot13 cipher.
* @param {[type]} key rotation index between 0 and n
* @param {Number} n maximum char that will be affected by the algorithm
* @return {[type]} obfuscated string
*/
String.prototype.obfs = function(key, n = 126) {
// return String itself if the given parameters are invalid
if (!(typeof(key) === 'number' && key % 1 === 0)
|| !(typeof(key) === 'number' && key % 1 === 0)) {
return this.toString();
}
var chars = this.toString().split('');
for (var i = 0; i < chars.length; i++) {
var c = chars[i].charCodeAt(0);
if (c <= n) {
chars[i] = String.fromCharCode((chars[i].charCodeAt(0) + key) % n);
}
}
return chars.join('');
};
/**
* De-obfuscate an obfuscated string with the method above.
* @param {[type]} key rotation index between 0 and n
* @param {Number} n same number that was used for obfuscation
* @return {[type]} plaintext string
*/
String.prototype.defs = function(key, n = 126) {
// return String itself if the given parameters are invalid
if (!(typeof(key) === 'number' && key % 1 === 0)
|| !(typeof(key) === 'number' && key % 1 === 0)) {
return this.toString();
}
return this.toString().obfs(n - key);
};
for...in
枚举,不要在生产环境中使用。 - Patrick Robertsfor ... in
时应该始终与 .hasOwnProperty()
捆绑使用。您还可以在不修改 String.prototype
的情况下定义 obfs
和 defs
。 - Gan Quan.hasOwnProperty()
的“良好实践”(/s) 是由于污染内置对象的频率而产生的,而不是因为语言设计本身需要它。由于库经常使用任意扩展来污染内置对象,所以我认为 for...in
已经很少被用来枚举任何东西,包括字符串。 - Patrick Roberts访问 http://www.jsfuck.com/,输入代码后在下面的文本框中查看结果。
在控制台中测试,将返回“hi”:
(+(+!+[]+[+[]]+[+!+[]]))[(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+([]+[])[([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]][([][[]]+[])[+!+[]]+(![]+[])[+!+[]]+((+[])[([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]+[])[+!+[]+[+!+[]]]+(!![]+[])[!+[]+!+[]+!+[]]]](!+[]+!+[]+[+!+[]])[+!+[]]+([![]]+[][[]])[+!+[]+[+[]]]
console.log("Original: hi")
console.log("Converted: " + (+(+!+[]+[+[]]+[+!+[]]))[(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+([]+[])[([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]][([][[]]+[])[+!+[]]+(![]+[])[+!+[]]+((+[])[([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]+[])[+!+[]+[+!+[]]]+(!![]+[])[!+[]+!+[]+!+[]]]](!+[]+!+[]+[+!+[]])[+!+[]]+([![]]+[][[]])[+!+[]+[+[]]])
它甚至看起来不像一个字符串!
atob
和 btoa
使用这种方法,只需使用 atob("string")
将字符串转换为 base64,然后使用 btoa("encoded")
解密字符串即可。
import readline from 'readline';
const rl = readline.createInterface({
input:process.stdin,
output:process.stdout
});
const randNum = (max:number=10000)=>Math.floor(Math.random() * max);
// finds an equation that will make the target number.
const findEquation = (target:number)=>{
let equation = "";
const rand = randNum();
const diff = target - rand;
const rand2 = randNum()
const product = diff * rand2;
equation = `${rand}+(${product} / ${rand2})`;
return equation;
}
const randCharSequence = (length:number)=>{
let str = "";
for(let i = 0; i < length; i++){
str += String.fromCharCode(randNum(256));
}
return str
}
const sep = randCharSequence(8)
rl.question("Enter the string to obfuscate:\n", (str)=>{
let obfuscated = "(''";
str.split("").forEach(char=>{
const code = findEquation(char.charCodeAt(0));
obfuscated += `+(String.fromCharCode(${code})+\"${sep}\")`
})
obfuscated += `).split(\"${sep}\").join('')`;
console.log("Obfuscated String:");
console.log(obfuscated);
rl.close();
});
console.log
语句,然后获取该字符串。请注意,这不是加密,只是使代码更难理解和阅读。