论坛 › 网站技巧 › 混天绫ASP混淆加密工具破解反编译asp

admin 发表于 2020-8-10 18:07:28

混天绫ASP混淆加密工具破解反编译asp

今天放出asp的反混淆的代码方案，asp混淆一般是用混天绫0.96进行混淆的，所以就是破解混天绫，如果需要饭混淆的，破解asp的可以直接保存以下代码，


<%
'破解函数，转化字符串。'
Function carr_pj(ByVal carr_chanshu)

Dim carr_m, carr_for_i, carr_n
'carr_m 中间变量'
'carr_i当前'
'carr_n 下一个'
carr_chanshu = Replace(carr_chanshu, Chr(37) & ChrW(-243) & Chr(62), Chr(37) & Chr(62))
For carr_for_i = 1 To Len(carr_chanshu)
    If carr_for_i <> carr_n Then
      carr_m = AscW(Mid(carr_chanshu, carr_for_i, 1))
      If carr_m >= 33 And carr_m <= 79 Then
      carr_pj = carr_pj & Chr(carr_m + 47)
      ElseIf carr_m >= 80 And carr_m <= 126 Then
      carr_pj = carr_pj & Chr(carr_m - 47)
      Else
      carr_n = carr_for_i + 1
      If Mid(carr_chanshu, carr_n, 1) = Chr(64) Then
              carr_pj = carr_pj & ChrW(carr_m + 5)
      Else
              carr_pj = carr_pj & Mid(carr_chanshu, carr_for_i, 1)
      End If
      End If
    End If
Next
End Function

'获取解密函数的 名字'
'只要最后一个函数'
Function carr_pj_name(s)
set rx=new RegExp
rx.Global=true
rx.IgnoreCase=true
rx.Pattern="Function \S{1,10}\(ByVal "
    '解码chr串'
set mc=rx.Execute(s)
for each m in mc
    carr_pj_name = m.value
    carr_pj_name = replace(carr_pj_name,"Function ","")
    carr_pj_name = replace(carr_pj_name,"(ByVal ","")
next
response.write " " & carr_pj_name & ":Function<br />"
End Function


'
'获取常用组件名称
Function carr_pj_common_name(s,n)
set rx=new RegExp
   'carr_pj_m_name=""'
rx.Global=true
rx.IgnoreCase=true
rx.Pattern="Set \S{1,10}\="+n
    '解码chr串'
set mc=rx.Execute(s)
for each m in mc
    carr_pj_common_name = m.value
    carr_pj_common_name = replace(carr_pj_common_name,"Set ","")
    carr_pj_common_name = replace(carr_pj_common_name,"="+n,"")
next
response.write " " & carr_pj_common_name & ":"&n & "<br />"
End Function

' 解密常用组件的 '
function carr_pj_comm_obj(s,n)
    '解码chrw编码的内容'
carr_common_name = carr_pj_common_name(s,n)
if carr_common_name = "" then
        exit function
end if


set rx=new RegExp
rx.Global=true
rx.IgnoreCase=true

rx.Pattern=" "&carr_common_name&"\."
set mc=rx.Execute(s)
for each m in mc
    s=replace(s, m.value," "& n &".")
next
rx.Pattern=" "&carr_common_name & "\("
set mc=rx.Execute(s)
for each m in mc
    s=replace(s, m.value," "& n &"(")
next


rx.Pattern="="&carr_common_name& "\("
set mc=rx.Execute(s)
for each m in mc
    s=replace(s, m.value,"="& n &"(")
next
rx.Pattern="="&carr_common_name&"\."
set mc=rx.Execute(s)
for each m in mc
    s=replace(s, m.value,"="& n &".")
next


rx.Pattern=Chr(13)&carr_common_name& "\("
set mc=rx.Execute(s)
for each m in mc
    s=replace(s, m.value,Chr(13)& n &"(")
next
rx.Pattern=Chr(13)&carr_common_name&"\."
set mc=rx.Execute(s)
for each m in mc
    s=replace(s, m.value,Chr(13)& n &".")
next


carr_pj_comm_obj = s

End Function

' 六个内置对象替换'
Function carr_decode_comm_obj(s)
'Set MNMMNN=Response:Set MNMNMM=Request:Set MNMMMN=Session:Set MNMNMN=Application:Set MNMMNM=Server'
s=carr_pj_comm_obj(s,"Response")
s=carr_pj_comm_obj(s,"Request")
s=carr_pj_comm_obj(s,"Session")
s=carr_pj_comm_obj(s,"Application")
s=carr_pj_comm_obj(s,"Server")
's=carr_pj_comm_obj(s,"Cookies")'

carr_decode_comm_obj = s
End Function


function readfile(fn)
    '读取编码文件的内容'
if instr(fn,":")<=0 then
        '这句话判断路径是否包含":",有：说名是完整路径，不需要自动补充路径了。 也就是这句话只能是windows 主机可以执行，linux不可以。'
   fn= server.MapPath(fn)
end if
fn= server.MapPath(fn)
set fso=createobject("scripting.filesystemobject")
set ts=fso.OpenTextFile(fn,1,false,-2)
    '注意这里的最后一个参数，如果你的是unicode编码，将-2（系统默认编码）修改为-1（unicode编码）。0为ascii'
readfile=ts.ReadAll
ts.close
set ts=nothing
set fso=nothing
end function
function writefile(fn,s)
    '将解码内容写回文件'
fn=replace(fn,".","_decode.")
if instr(fn,":")<=0 then
        '这句话判断路径是否包含":",有：说名是完整路径，不需要自动补充路径了。 也就是这句话只能是windows 主机可以执行，linux不可以。'
       fn=replace(fn,".","_decode.")
   fn= server.MapPath(fn)
   else
          fn=fn & ".decode"
end if
set fso=createobject("scripting.filesystemobject")
set ts=fso.OpenTextFile(fn,2,true,-2)
'写入解码后的内容到原来文件名替换为 _decode的文件里面，如fn为encode.txt，则解码后的文件为encode_decode.txt'
ts.write s
ts.close
set ts=nothing
set fso=nothing
end function

'-------------------------------------------------'
'函数名称:ReadTextFile'
'作用:利用AdoDb.Stream对象来读取UTF-8格式的文本文件'
'----------------------------------------------------'
Function ReadFromTextFile (FileUrl,CharSet)
if instr(FileUrl,":")<=0 then
        '这句话判断路径是否包含":",有：说名是完整路径，不需要自动补充路径了。 也就是这句话只能是windows 主机可以执行，linux不可以。'
    FileUrl=server.MapPath(FileUrl)
end if
    dim str
    set stm=server.CreateObject("adodb.stream")
   stm.Type=2
   '以本模式读取'
   stm.mode=3
   stm.charset=CharSet
   stm.open
   stm.loadfromfile FileUrl
   str=stm.readtext
   stm.Close
    set stm=nothing
   ReadFromTextFile=str
End Function
'-------------------------------------------------'
'函数名称:WriteToTextFile'
'作用:利用AdoDb.Stream对象来写入UTF-8格式的文本文件'
'----------------------------------------------------'
Sub WriteToTextFile (FileUrl,byval Str,CharSet)
response.write "1:"&FileUrl &"<br />"
if instr(FileUrl,":")<=0 then
        '这句话判断路径是否包含":",有：说名是完整路径，不需要自动补充路径了。 也就是这句话只能是windows 主机可以执行，linux不可以。'
        FileUrl=replace(FileUrl,".","_decode.")
    FileUrl=server.MapPath(FileUrl)
else
        FileUrl=FileUrl &".decode"
end if
response.write "3:"&FileUrl &"<br />"
    set stm=server.CreateObject("adodb.stream")
   
   stm.Type=2
   '以本模式读取'
   stm.mode=3
   stm.charset=CharSet
   stm.open
   stm.WriteText str
   stm.SaveToFile (FileUrl),2
   stm.flush
   stm.Close
    set stm=nothing
End Sub






' 普通chrw ,chr的解密'
function decodechrw(s)
    '解码chrw编码的内容'
set rx=new RegExp
rx.Global=true
rx.IgnoreCase=true
rx.Pattern="ChrW\s*\(\s*\d+\s*\)(\s*&\s*ChrW\s*\(\s*\d+\s*\))*"
   '解码chrw串'
set mc=rx.Execute(s)
for each m in mc
    s=replace(s, m.value,""""& eval(m.value)&"""")
next
rx.Pattern="Chr\s*\(\s*\d+\s*\)(\s*&\s*Chr\s*\(\s*\d+\s*\))*"
    '解码chr串'
set mc=rx.Execute(s)
for each m in mc
    s=replace(s, m.value,""""&eval(m.value)&"""")
next
decodechrw=s
end function

function decodechrw_0(s)
    '解码chrw编码的内容'
set rx=new RegExp
rx.Global=true
rx.IgnoreCase=true
rx.Pattern="ChrW\s*\(\s*-{0,1}\d+\s*\)(\s*&\s*ChrW\s*\(\s*-{0,1}\d+\s*\))*"
   '解码chrw串'
set mc=rx.Execute(s)
for each m in mc
    s=replace(s, m.value,""""& eval(m.value) &"""")
next
rx.Pattern="Chr\s*\(\s*\d+\s*\)(\s*&\s*Chr\s*\(\s*\d+\s*\))*"
    '解码chr串'
set mc=rx.Execute(s)
for each m in mc
    s=replace(s, m.value,""""&eval(m.value)&"""")
next
decodechrw_0=s
end function

function decodechrw_1(s)
    '解码chrw编码的内容'
set rx=new RegExp
rx.Global=true
rx.IgnoreCase=true
rx.Pattern="ChrW\s*\(\s*\d+\s*\)(\s*&\s*ChrW\s*\(\s*\d+\s*\))*"
   '解码chrw串'
set mc=rx.Execute(s)
for each m in mc
'response.write m.value & " " & carr_pj( eval(m.value) ) & "<br />"'
   ' s=replace(s, m.value,""""&carr_pj( eval(m.value) ) &"""")'
   s=replace(s, "MNMMNNN("&m.value&")" , """"&carr_pj( eval(m.value) ) &"""")
   
next
rx.Pattern="Chr\s*\(\s*\d+\s*\)(\s*&\s*Chr\s*\(\s*\d+\s*\))*"
    '解码chr串'
set mc=rx.Execute(s)
for each m in mc
    s=replace(s, m.value,""""&eval(m.value)&"""")
next
decodechrw_1=s
end function

'带负数的'
function decodechrw_2(s)
    '解码chrw编码的内容'
set rx=new RegExp
rx.Global=true
rx.IgnoreCase=true
rx.Pattern="ChrW\s*\(\s*-{0,1}\d+\s*\)(\s*&\s*ChrW\s*\(\s*-{0,1}\d+\s*\))*"
   '解码chrw串'
set mc=rx.Execute(s)
for each m in mc
response.write m.value & " " & "<br />"
   ' s=replace(s, m.value,""""&carr_pj( eval(m.value) ) &"""")'
   s=replace(s, "MNMMNNN("&m.value&")" , """"&carr_pj( eval(m.value) ) &"""")
   
next
rx.Pattern="Chr\s*\(\s*\d+\s*\)(\s*&\s*Chr\s*\(\s*\d+\s*\))*"
    '解码chr串'
set mc=rx.Execute(s)
for each m in mc
    s=replace(s, m.value,""""&eval(m.value)&"""")
next
decodechrw_2=s
end function
'二次加密的解密函数'
function decodechrw_3(s)
    '解码chrw编码的内容'
set rx=new RegExp
rx.Global=true
rx.IgnoreCase=true
rx.Pattern="ChrW\s*\(\s*-{0,1}\d+\s*\)(\s*&\s*ChrW\s*\(\s*-{0,1}\d+\s*\))*"
   '解码chrw串'
set mc=rx.Execute(s)
carr_fun_name = carr_pj_name(s)
for each m in mc
    'response.write m.value & " " & "<br />"'
    ' s=replace(s, m.value,""""&carr_pj( eval(m.value) ) &"""")'
    'response.writecarr_fun_name'
    'carr_fun_name="MNMMNNN"'
    'carr_fun_name= "MNMMMMN"'
   s=replace(s, carr_fun_name&"("&m.value&")" , """"&carr_pj( eval(m.value) ) &"""")
next

rx.Pattern="Chr\s*\(\s*\d+\s*\)(\s*&\s*Chr\s*\(\s*\d+\s*\))*"
    '解码chr串'
set mc=rx.Execute(s)
for each m in mc
    s=replace(s, m.value,""""&eval(m.value)&"""")
next
decodechrw_3=s
end function

function carr_decode_asp_chrw_chr(fn)
'解码内容包含chrw编码的文件'
's=readfile(fn)'
s=ReadFromTextFile(fn,"UTF-8")
s=decodechrw_2(s)
s=carr_decode_comm_obj(s)
'这一句注释掉了，如果需要自行打卡,这里是恢复内置对象的，打开的话，如果文件很大，有可能会超时。'
   
   call WriteToTextFile(fn,s,"UTF-8" )
   'witrefile(fn)'

end function

function carr_decode_asp_huntianling(filename0)
'解码内容包含chrw编码的文件'
's=readfile(fn)'
filename1=filename0
s=ReadFromTextFile(filename0,"UTF-8")
s=decodechrw_3(s)
s=carr_decode_comm_obj(s)
'这一句注释掉了，如果需要自行打卡,这里是恢复内置对象的，打开的话，如果文件很大，有可能会超时。'
   
   call WriteToTextFile(filename1,s,"UTF-8" )
   'witrefile(fn)'

end function

'carr_decode_asp_chrw_chr("D:\crm-asp\pj\1.asp")'
'注意修改这里被chrw加密的文件名称及路径，如果是客户端提交的内容 '

carr_decode_asp_huntianling("2.asp")
'carr_decode_asp_huntianling("D:\crm-asp\pj\1.asp")'

%>

查看完整版本: 混天绫ASP混淆加密工具破解反编译asp