今天放出asp的反混淆的代码方案,asp混淆一般是用混天绫0.96进行混淆的,所以就是破解混天绫,如果需要饭混淆的,破解asp的可以直接保存以下代码,
<%
'破解函数,转化字符串。'
Function carr_pj(ByVal carr_chanshu)
Dim carr_m, carr_for_i, carr_n
'carr_m 中间变量'
'carr_i当前'
'carr_n 下一个'
carr_chanshu = Replace(carr_chanshu, Chr(37) & ChrW(-243) & Chr(62), Chr(37) & Chr(62))
For carr_for_i = 1 To Len(carr_chanshu)
If carr_for_i <> carr_n Then
carr_m = AscW(Mid(carr_chanshu, carr_for_i, 1))
If carr_m >= 33 And carr_m <= 79 Then
carr_pj = carr_pj & Chr(carr_m + 47)
ElseIf carr_m >= 80 And carr_m <= 126 Then
carr_pj = carr_pj & Chr(carr_m - 47)
Else
carr_n = carr_for_i + 1
If Mid(carr_chanshu, carr_n, 1) = Chr(64) Then
carr_pj = carr_pj & ChrW(carr_m + 5)
Else
carr_pj = carr_pj & Mid(carr_chanshu, carr_for_i, 1)
End If
End If
End If
Next
End Function
'获取解密函数的 名字'
'只要最后一个函数'
Function carr_pj_name(s)
set rx=new RegExp
rx.Global=true
rx.IgnoreCase=true
rx.Pattern="Function \S{1,10}\(ByVal "
'解码chr串'
set mc=rx.Execute(s)
for each m in mc
carr_pj_name = m.value
carr_pj_name = replace(carr_pj_name,"Function ","")
carr_pj_name = replace(carr_pj_name,"(ByVal ","")
next
response.write " " & carr_pj_name & ":Function<br />"
End Function
'
'获取常用组件名称
Function carr_pj_common_name(s,n)
set rx=new RegExp
'carr_pj_m_name=""'
rx.Global=true
rx.IgnoreCase=true
rx.Pattern="Set \S{1,10}\="+n
'解码chr串'
set mc=rx.Execute(s)
for each m in mc
carr_pj_common_name = m.value
carr_pj_common_name = replace(carr_pj_common_name,"Set ","")
carr_pj_common_name = replace(carr_pj_common_name,"="+n,"")
next
response.write " " & carr_pj_common_name & ":" &n & "<br />"
End Function
' 解密常用组件的 '
function carr_pj_comm_obj(s,n)
'解码chrw编码的内容'
carr_common_name = carr_pj_common_name(s,n)
if carr_common_name = "" then
exit function
end if
set rx=new RegExp
rx.Global=true
rx.IgnoreCase=true
rx.Pattern=" "&carr_common_name&"\."
set mc=rx.Execute(s)
for each m in mc
s=replace(s, m.value," "& n &".")
next
rx.Pattern=" "&carr_common_name & "\("
set mc=rx.Execute(s)
for each m in mc
s=replace(s, m.value," "& n &"(")
next
rx.Pattern="="&carr_common_name& "\("
set mc=rx.Execute(s)
for each m in mc
s=replace(s, m.value,"="& n &"(")
next
rx.Pattern="="&carr_common_name&"\."
set mc=rx.Execute(s)
for each m in mc
s=replace(s, m.value,"="& n &".")
next
rx.Pattern=Chr(13)&carr_common_name& "\("
set mc=rx.Execute(s)
for each m in mc
s=replace(s, m.value,Chr(13)& n &"(")
next
rx.Pattern=Chr(13)&carr_common_name&"\."
set mc=rx.Execute(s)
for each m in mc
s=replace(s, m.value,Chr(13)& n &".")
next
carr_pj_comm_obj = s
End Function
' 六个内置对象替换'
Function carr_decode_comm_obj(s)
'Set MNMMNN=Response:Set MNMNMM=Request:Set MNMMMN=Session:Set MNMNMN=Application:Set MNMMNM=Server'
s=carr_pj_comm_obj(s,"Response")
s=carr_pj_comm_obj(s,"Request")
s=carr_pj_comm_obj(s,"Session")
s=carr_pj_comm_obj(s,"Application")
s=carr_pj_comm_obj(s,"Server")
's=carr_pj_comm_obj(s,"Cookies")'
carr_decode_comm_obj = s
End Function
function readfile(fn)
'读取编码文件的内容'
if instr(fn,":")<=0 then
'这句话判断路径是否包含":",有:说名是完整路径,不需要自动补充路径了。 也就是这句话只能是windows 主机可以执行,linux不可以。'
fn= server.MapPath(fn)
end if
fn= server.MapPath(fn)
set fso=createobject("scripting.filesystemobject")
set ts=fso.OpenTextFile(fn,1,false,-2)
'注意这里的最后一个参数,如果你的是unicode编码,将-2(系统默认编码)修改为-1(unicode编码)。0为ascii'
readfile=ts.ReadAll
ts.close
set ts=nothing
set fso=nothing
end function
function writefile(fn,s)
'将解码内容写回文件'
fn=replace(fn,".","_decode.")
if instr(fn,":")<=0 then
'这句话判断路径是否包含":",有:说名是完整路径,不需要自动补充路径了。 也就是这句话只能是windows 主机可以执行,linux不可以。'
fn=replace(fn,".","_decode.")
fn= server.MapPath(fn)
else
fn=fn & ".decode"
end if
set fso=createobject("scripting.filesystemobject")
set ts=fso.OpenTextFile(fn,2,true,-2)
'写入解码后的内容到原来文件名替换为 _decode的文件里面,如fn为encode.txt,则解码后的文件为encode_decode.txt'
ts.write s
ts.close
set ts=nothing
set fso=nothing
end function
'-------------------------------------------------'
'函数名称:ReadTextFile'
'作用:利用AdoDb.Stream对象来读取UTF-8格式的文本文件'
'----------------------------------------------------'
Function ReadFromTextFile (FileUrl,CharSet)
if instr(FileUrl,":")<=0 then
'这句话判断路径是否包含":",有:说名是完整路径,不需要自动补充路径了。 也就是这句话只能是windows 主机可以执行,linux不可以。'
FileUrl=server.MapPath(FileUrl)
end if
dim str
set stm=server.CreateObject("adodb.stream")
stm.Type=2
'以本模式读取'
stm.mode=3
stm.charset=CharSet
stm.open
stm.loadfromfile FileUrl
str=stm.readtext
stm.Close
set stm=nothing
ReadFromTextFile=str
End Function
'-------------------------------------------------'
'函数名称:WriteToTextFile'
'作用:利用AdoDb.Stream对象来写入UTF-8格式的文本文件'
'----------------------------------------------------'
Sub WriteToTextFile (FileUrl,byval Str,CharSet)
response.write "1:"&FileUrl &"<br />"
if instr(FileUrl,":")<=0 then
'这句话判断路径是否包含":",有:说名是完整路径,不需要自动补充路径了。 也就是这句话只能是windows 主机可以执行,linux不可以。'
FileUrl=replace(FileUrl,".","_decode.")
FileUrl=server.MapPath(FileUrl)
else
FileUrl=FileUrl &".decode"
end if
response.write "3:"&FileUrl &"<br />"
set stm=server.CreateObject("adodb.stream")
stm.Type=2
'以本模式读取'
stm.mode=3
stm.charset=CharSet
stm.open
stm.WriteText str
stm.SaveToFile (FileUrl),2
stm.flush
stm.Close
set stm=nothing
End Sub
' 普通chrw ,chr的解密'
function decodechrw(s)
'解码chrw编码的内容'
set rx=new RegExp
rx.Global=true
rx.IgnoreCase=true
rx.Pattern="ChrW\s*\(\s*\d+\s*\)(\s*&\s*ChrW\s*\(\s*\d+\s*\))*"
'解码chrw串'
set mc=rx.Execute(s)
for each m in mc
s=replace(s, m.value,""""& eval(m.value) &"""")
next
rx.Pattern="Chr\s*\(\s*\d+\s*\)(\s*&\s*Chr\s*\(\s*\d+\s*\))*"
'解码chr串'
set mc=rx.Execute(s)
for each m in mc
s=replace(s, m.value,""""&eval(m.value)&"""")
next
decodechrw=s
end function
function decodechrw_0(s)
'解码chrw编码的内容'
set rx=new RegExp
rx.Global=true
rx.IgnoreCase=true
rx.Pattern="ChrW\s*\(\s*-{0,1}\d+\s*\)(\s*&\s*ChrW\s*\(\s*-{0,1}\d+\s*\))*"
'解码chrw串'
set mc=rx.Execute(s)
for each m in mc
s=replace(s, m.value,""""& eval(m.value) &"""")
next
rx.Pattern="Chr\s*\(\s*\d+\s*\)(\s*&\s*Chr\s*\(\s*\d+\s*\))*"
'解码chr串'
set mc=rx.Execute(s)
for each m in mc
s=replace(s, m.value,""""&eval(m.value)&"""")
next
decodechrw_0=s
end function
function decodechrw_1(s)
'解码chrw编码的内容'
set rx=new RegExp
rx.Global=true
rx.IgnoreCase=true
rx.Pattern="ChrW\s*\(\s*\d+\s*\)(\s*&\s*ChrW\s*\(\s*\d+\s*\))*"
'解码chrw串'
set mc=rx.Execute(s)
for each m in mc
'response.write m.value & " " & carr_pj( eval(m.value) ) & "<br />"'
' s=replace(s, m.value,""""&carr_pj( eval(m.value) ) &"""")'
s=replace(s, "MNMMNNN("&m.value&")" , """"&carr_pj( eval(m.value) ) &"""")
next
rx.Pattern="Chr\s*\(\s*\d+\s*\)(\s*&\s*Chr\s*\(\s*\d+\s*\))*"
'解码chr串'
set mc=rx.Execute(s)
for each m in mc
s=replace(s, m.value,""""&eval(m.value)&"""")
next
decodechrw_1=s
end function
'带负数的'
function decodechrw_2(s)
'解码chrw编码的内容'
set rx=new RegExp
rx.Global=true
rx.IgnoreCase=true
rx.Pattern="ChrW\s*\(\s*-{0,1}\d+\s*\)(\s*&\s*ChrW\s*\(\s*-{0,1}\d+\s*\))*"
'解码chrw串'
set mc=rx.Execute(s)
for each m in mc
response.write m.value & " " & "<br />"
' s=replace(s, m.value,""""&carr_pj( eval(m.value) ) &"""")'
s=replace(s, "MNMMNNN("&m.value&")" , """"&carr_pj( eval(m.value) ) &"""")
next
rx.Pattern="Chr\s*\(\s*\d+\s*\)(\s*&\s*Chr\s*\(\s*\d+\s*\))*"
'解码chr串'
set mc=rx.Execute(s)
for each m in mc
s=replace(s, m.value,""""&eval(m.value)&"""")
next
decodechrw_2=s
end function
'二次加密的解密函数'
function decodechrw_3(s)
'解码chrw编码的内容'
set rx=new RegExp
rx.Global=true
rx.IgnoreCase=true
rx.Pattern="ChrW\s*\(\s*-{0,1}\d+\s*\)(\s*&\s*ChrW\s*\(\s*-{0,1}\d+\s*\))*"
'解码chrw串'
set mc=rx.Execute(s)
carr_fun_name = carr_pj_name(s)
for each m in mc
'response.write m.value & " " & "<br />"'
' s=replace(s, m.value,""""&carr_pj( eval(m.value) ) &"""")'
'response.write carr_fun_name'
'carr_fun_name="MNMMNNN"'
'carr_fun_name= "MNMMMMN"'
s=replace(s, carr_fun_name&"("&m.value&")" , """"&carr_pj( eval(m.value) ) &"""")
next
rx.Pattern="Chr\s*\(\s*\d+\s*\)(\s*&\s*Chr\s*\(\s*\d+\s*\))*"
'解码chr串'
set mc=rx.Execute(s)
for each m in mc
s=replace(s, m.value,""""&eval(m.value)&"""")
next
decodechrw_3=s
end function
function carr_decode_asp_chrw_chr(fn)
'解码内容包含chrw编码的文件'
's=readfile(fn)'
s=ReadFromTextFile(fn,"UTF-8")
s=decodechrw_2(s)
s=carr_decode_comm_obj(s)
'这一句注释掉了,如果需要自行打卡,这里是恢复内置对象的,打开的话,如果文件很大,有可能会超时。'
call WriteToTextFile(fn,s,"UTF-8" )
'witrefile(fn)'
end function
function carr_decode_asp_huntianling(filename0)
'解码内容包含chrw编码的文件'
's=readfile(fn)'
filename1=filename0
s=ReadFromTextFile(filename0,"UTF-8")
s=decodechrw_3(s)
s=carr_decode_comm_obj(s)
'这一句注释掉了,如果需要自行打卡,这里是恢复内置对象的,打开的话,如果文件很大,有可能会超时。'
call WriteToTextFile(filename1,s,"UTF-8" )
'witrefile(fn)'
end function
'carr_decode_asp_chrw_chr("D:\crm-asp\pj\1.asp")'
'注意修改这里被chrw加密的文件名称及路径,如果是客户端提交的内容 '
carr_decode_asp_huntianling("2.asp")
'carr_decode_asp_huntianling("D:\crm-asp\pj\1.asp")'
%>
|
