Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

obfuscator: 未知变种 寻求来源后适配 #98

Closed
woshicaca opened this issue Jun 14, 2024 · 4 comments
Closed

obfuscator: 未知变种 寻求来源后适配 #98

woshicaca opened this issue Jun 14, 2024 · 4 comments

Comments

@woshicaca
Copy link

idasd.txt
这个无法解,麻烦看一下

@echo094
Copy link
Owner

echo094 commented Jun 14, 2024

  1. 这个和正版的obfuscator区别很大,基本不考虑通过修改现有插件的方式适配
  2. 最近也有其它人报告过,怀疑是出了一个新的混淆工具,方便的话可以提供一下样本的来源

@echo094 echo094 changed the title obfuscator:无法处理这个文件 unknown: 等待适配 Jun 14, 2024
@echo094
Copy link
Owner

echo094 commented Jun 15, 2024

进一步测试表明这个样本先进行了一次V7混淆,然后进行了一次自定义混淆

@woshicaca
Copy link
Author

进一步测试表明这个样本先进行了一次V7混淆,然后进行了一次自定义混淆

麻烦你了

@echo094 echo094 changed the title unknown: 等待适配 obfuscator: 未知变种 寻求来源后适配 Jun 16, 2024
@echo094
Copy link
Owner

echo094 commented Jun 16, 2024

链接 #96 具有同样的forStatement代替whileStatement特征

Index

NAME = "中国联通";
VALY = ["zgltck"];
VER = "1.1.9";
CK = "";
LOGS = 0;
usid = 0;
Notify = 1;
let 哇哈哈_0x4ed3fd = require("fs");
let 哇哈哈_0x193916 = require("uuid").v4;
DCFHOST = process.env.DCFHOST;
dcfkey = encodeURIComponent(process.env.dcfkey);
IP = "";
IPCITY = "";

@echo094 echo094 closed this as not planned Won't fix, can't repro, duplicate, stale Jul 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants