Learn python (seventeen) JS reverse project from scratch, and get started directly after reading it

foreword

Today I will talk about the last part of the Python framework source code topic, crawler cluster deployment, and updated fifteen series of articles about learning python from scratch, which are :

• Programming grammar/network programming/multi-thread/multi-process/coroutine/database
• Machine Learning/Full Stack Development/Data Analysis/Hadoop/Spark
• Crawler/automation and packet capture//scrapy/feapder/crawler cluster deployment

You can turn forward to my article to view

Python resources suitable for zero-based learning and advanced people :
① Tencent certified python complete project practical tutorial notes PDF
② More than a dozen major factories python interview topics PDF
③ Python full set of video tutorials (zero-based-advanced JS reverse)
④ Hundreds A project + source code + notes
⑤ programming grammar - machine learning - full stack development - data analysis - reptiles - APP reverse and other full set of projects + documents

This series will explain JavaScript reverse topics from nine aspects

1. Browser debugging

• js scope
• browser object properties
• browser console

2. National standard hash algorithm

• sha1 algorithm
• sha256 algorithm
• sha512 algorithm
• md5
• hmac algorithm
• Python and JavaScript implementation

3. National standard symmetric encryption

• DES algorithm
• AES algorithm
• The crypto-js module uses
• pycryptodome

4. National standard asymmetric encryption

• RAS algorithm principle
• asymmetric feature
• JavaScript Algorithm Restoration
• ras module
• jesencrypt

5. webpack module packaging

• Webpack packaging principle
• Webpack construction form
• Global export encryption function

6. JS obfuscation

• JavaScript compression obfuscation principle
• OB confusion feature
• Obfuscate JavaScript

7.cookie anti-climbing processing

• The principle of cookie encryption and decryption
• cookie and session mechanism
• cookie hook trick
• acw_sc_v2 debug

9.AST abstract syntax tree

• AST technology introduction
• String and Encoding Restoration
• evaluate method learning
• JavaScript combat obfuscation

10.JS security product attack and defense

• Swiss number
• acw_sc_v2

Chapter 1: Browser Debugging

JavaScript is a scripting language running in the browser, which can access and operate various properties and methods of the browser through the browser object. Understanding the properties and methods of the browser object is very important when reverse engineering JavaScript.

1. JS scope

In JavaScript, scope refers to the accessible scope of variables and functions. There are two kinds of scopes in JavaScript: global scope and local scope.

Global scope refers to variables and functions that can be accessed throughout a JavaScript program, while local scope refers to variables and functions that can only be accessed inside a function.

2. Browser Object Properties

In JavaScript, browser objects refer to some objects provided by the browser, through which various properties and methods of the browser can be accessed and manipulated. Here are some commonly used browser object properties:

• window: Indicates the current browser window or tab page.
• document: Indicates the current document object.
• location: Indicates the URL of the current document.
• navigator: Indicates the information of the current browser.
• history: Indicates the history of the current browser.

3. Browser Console

The browser console is an important part of the developer tools, which can be used to debug JavaScript code, view network requests, analyze page performance, etc. Here are some commonly used browser console commands:

• console.log(): Used to output log information.
• console.dir(): Used to output the properties and methods of the object.
• console.error(): Used to output error information.
• console.warn(): Used to output warning information.
• console.clear(): Used to clear the console.
  Sample code:

// 输出日志信息
console.log("Hello, world!");

// 输出对象的属性和方法
var obj = {name: "Tom", age: 18};
console.dir(obj);

// 输出错误信息
console.error("Something went wrong!");

// 输出警告信息
console.warn("This is a warning!");

// 清空控制台
console.clear();

The above is some basic knowledge introduced by browsers in the JavaScript reverse topic. For developers who perform JavaScript reverse analysis, it is very important to understand this knowledge.

Chapter 2: National Standard Hash Algorithm

The national standard hash algorithm is an algorithm that compresses messages of any length into a fixed-length digest, and is often used in data integrity verification, digital signatures and other fields. This article will introduce the national standard hash algorithm in detail from six directions: sha1 algorithm, sha256 algorithm, sha512 algorithm, md5 algorithm, hmac algorithm, and Python and JavaScript implementation.

1. sha1 algorithm

The sha1 algorithm is a highly secure hash algorithm that compresses a message of any length into a 160-bit digest. The following is a sample code for implementing the sha1 algorithm in Python:

import hashlib

def sha1(data):
    sha1 = hashlib.sha1()
    sha1.update(data.encode('utf-8'))
    return sha1.hexdigest()

The following is a sample code for implementing the sha1 algorithm in JavaScript:

function sha1(data) {
  const sha1 = crypto.createHash('sha1');
  sha1.update(data);
  return sha1.digest('hex');
}

2. sha256 algorithm

The sha256 algorithm is a more secure hash algorithm that compresses messages of any length into a 256-bit digest. The following is a sample code for implementing the sha256 algorithm in Python:

import hashlib

def sha256(data):
    sha256 = hashlib.sha256()
    sha256.update(data.encode('utf-8'))
    return sha256.hexdigest()

The following is a sample code for implementing the sha256 algorithm in JavaScript:

function sha256(data) {
  const sha256 = crypto.createHash('sha256');
  sha256.update(data);
  return sha256.digest('hex');
}

3. sha512 algorithm

The sha512 algorithm is a more secure hash algorithm that compresses messages of any length into a 512-bit digest. The following is a sample code for implementing the sha512 algorithm in Python:

import hashlib

def sha512(data):
    sha512 = hashlib.sha512()
    sha512.update(data.encode('utf-8'))
    return sha512.hexdigest()

The following is a sample code for implementing the sha512 algorithm in JavaScript:

function sha512(data) {
  const sha512 = crypto.createHash('sha512');
  sha512.update(data);
  return sha512.digest('hex');
}

4. md5 algorithm

The md5 algorithm is a more commonly used hash algorithm, which compresses a message of any length into a 128-bit digest. The following is a sample code for implementing the md5 algorithm in Python:

import hashlib

def md5(data):
    md5 = hashlib.md5()
    md5.update(data.encode('utf-8'))
    return md5.hexdigest()

The following is a sample code for implementing the md5 algorithm in JavaScript:

function md5(data) {
  const md5 = crypto.createHash('md5');
  md5.update(data);
  return md5.digest('hex');
}

5. hmac algorithm

The hmac algorithm is a message authentication code algorithm based on a hash function and a key, which is often used for data integrity check and digital signature. The following is a sample code for implementing the hmac algorithm in Python:

import hmac
import hashlib

def hmac_sha256(key, data):
    hmac_sha256 = hmac.new(key.encode('utf-8'), data.encode('utf-8'), hashlib.sha256)
    return hmac_sha256.hexdigest()

The following is a sample code for implementing the hmac algorithm in JavaScript:

function hmac_sha256(key, data) {
  const hmac_sha256 = crypto.createHmac('sha256', key);
  hmac_sha256.update(data);
  return hmac_sha256.digest('hex');
}

6. Python and JavaScript implementation

The following is a sample code for implementing the sha256 algorithm in Python and JavaScript:

Python：

import hashlib

def sha256(data):
    sha256 = hashlib.sha256()
    sha256.update(data.encode('utf-8'))
    return sha256.hexdigest()

JavaScript：

javascript
function sha256(data) {
  const sha256 = crypto.createHash('sha256');
  sha256.update(data);
  return sha256.digest('hex');
}

The above is the introduction of the national standard hash algorithm, including sha1 algorithm, sha256 algorithm, sha512 algorithm, md5 algorithm, hmac algorithm and Python and JavaScript implementation. In practical applications, it is necessary to select an appropriate hash algorithm according to specific requirements.

Chapter 3: National Standard Symmetric Encryption

The national standard symmetric encryption algorithm refers to the encryption algorithm standard issued by the State Cryptography Administration of China, including DES algorithm, AES algorithm, etc. In JavaScript reverse engineering, it is very important to understand the principles and usage of these algorithms.

1. DES algorithm

The DES algorithm is a symmetric encryption algorithm with a key length of 56 bits, which is divided into two processes: encryption and decryption. In JavaScript, you can use the crypto-js module for DES encryption and decryption operations.

Encrypted sample code :

var key = CryptoJS.enc.Utf8.parse("1234567890123456");
var iv = CryptoJS.enc.Utf8.parse("1234567890123456");
var encrypted = CryptoJS.DES.encrypt("Hello World", key, {
  iv: iv,
  mode: CryptoJS.mode.CBC,
  padding: CryptoJS.pad.Pkcs7
});
console.log(encrypted.toString());

Decryption sample code :

var key = CryptoJS.enc.Utf8.parse("1234567890123456");
var iv = CryptoJS.enc.Utf8.parse("1234567890123456");
var decrypted = CryptoJS.DES.decrypt(encrypted, key, {
  iv: iv,
  mode: CryptoJS.mode.CBC,
  padding: CryptoJS.pad.Pkcs7
});
console.log(decrypted.toString(CryptoJS.enc.Utf8));

2. AES algorithm

The AES algorithm is a symmetric encryption algorithm. The key length can be 128 bits, 192 bits or 256 bits. It is divided into two processes: encryption and decryption. In JavaScript, you can use the crypto-js module for AES encryption and decryption operations.

Encrypted sample code :

var key = CryptoJS.enc.Utf8.parse("12345678901234567890123456789012");
var iv = CryptoJS.enc.Utf8.parse("1234567890123456");
var encrypted = CryptoJS.AES.encrypt("Hello World", key, {
  iv: iv,
  mode: CryptoJS.mode.CBC,
  padding: CryptoJS.pad.Pkcs7
});
console.log(encrypted.toString());

Decryption sample code :

var key = CryptoJS.enc.Utf8.parse("12345678901234567890123456789012");
var iv = CryptoJS.enc.Utf8.parse("1234567890123456");
var decrypted = CryptoJS.AES.decrypt(encrypted, key, {
  iv: iv,
  mode: CryptoJS.mode.CBC,
  padding: CryptoJS.pad.Pkcs7
});
console.log(decrypted.toString(CryptoJS.enc.Utf8));

3. Use of crypto-js module

crypto-js is a JavaScript encryption library that supports multiple encryption algorithms, including DES, AES, SHA-1, SHA-256, etc. Before using it, you need to introduce the crypto-js library.

<script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js"></script>

4.pycryptodome

pycryptodome is a Python encryption library that supports multiple encryption algorithms, including DES, AES, SHA-1, SHA-256, etc. Before using it, the pycryptodome library needs to be installed.

pip install pycryptodome

Example usage:

from Crypto.Cipher import AES

key = b'1234567890123456'
iv = b'1234567890123456'
cipher = AES.new(key, AES.MODE_CBC, iv)
msg = b'Hello World'
encrypted = cipher.encrypt(msg)
print(encrypted)

cipher = AES.new(key, AES.MODE_CBC, iv)
decrypted = cipher.decrypt(encrypted)
print(decrypted)

Chapter 4: National Standard Asymmetric Encryption

1. RSA algorithm principle:

The RSA algorithm is an asymmetric encryption algorithm, and its security is based on the difficulty of decomposing large numbers. The core of the RSA algorithm is to select two large prime numbers p and q, calculate their product n=pq, and then select an integer e such that 1<e<φ(n) and e and φ(n) are relatively prime, where φ( n)=(p-1)(q-1). Then calculate d, so that d*e mod φ(n)=1, d is called the modulus inverse element of e. The public key is (n,e) and the private key is (n,d).

2. Asymmetric features:

An asymmetric encryption algorithm has two keys, one is a public key and the other is a private key. The public key can be made public, and anyone can use the public key to encrypt data, but only the holder of the private key can decrypt it. The security of asymmetric encryption algorithms is based on mathematical problems, such as large number decomposition, discrete logarithm, etc. These problems are very difficult in the computer field.

3. JavaScript algorithm restoration:

In JavaScript, you can use the BigInt type to handle large number operations. First, you need to implement a function to determine whether a number is prime:

function isPrime(n) {
  if (n <= 1) {
    return false;
  }
  for (let i = 2; i <= Math.sqrt(n); i++) {
    if (n % i === 0) {
      return false;
    }
  }
  return true;
}

Next, a function can be implemented to generate large prime numbers:

function generatePrime(bits) {
  let p;
  do {
    p = BigInt(Math.floor(Math.random() * 2 ** bits));
  } while (!isPrime(p));
  return p;
}

Then, a function can be implemented to calculate the greatest common divisor of two numbers:

function gcd(a, b) {
  if (b === 0) {
    return a;
  }
  return gcd(b, a % b);
}

Next, a function can be implemented to compute the modulo inverse elements of two numbers:

function modInverse(a, m) {
  let [x, y, u, v] = [0n, 1n, 1n, 0n];
  while (a !== 0n) {
    let q = m / a;
    let r = m % a;
    let m1 = x - u * q;
    let m2 = y - v * q;
    m = a;
    a = r;
    x = u;
    y = v;
    u = m1;
    v = m2;
  }
  return x < 0n ? x + m : x;
}

Finally, a function can be implemented to generate an RSA key pair:

function generateRSAKeyPair(bits) {
  let p = generatePrime(bits / 2);
  let q = generatePrime(bits / 2);
  let n = p * q;
  let phi = (p - 1n) * (q - 1n);
  let e = 65537n;
  let d = modInverse(e, phi);
  return {
    publicKey: [n, e],
    privateKey: [n, d],
  };
}

4. ras module

In Node.js, you can use the crypto module to implement RSA encryption and decryption. First, an RSA key pair needs to be generated:

const { generateKeyPairSync } = require('crypto');

const { publicKey, privateKey } = generateKeyPairSync('rsa', {
  modulusLength: 2048,
  publicKeyEncoding: {
    type: 'spki',
    format: 'pem',
  },
  privateKeyEncoding: {
    type: 'pkcs8',
    format: 'pem',
  },
});

Next, the data can be encrypted using the public key:

const crypto = require('crypto');

const data = 'hello world';
const encrypted = crypto.publicEncrypt(publicKey, Buffer.from(data));
console.log(encrypted.toString('base64'));

Decrypt the data using the private key:

const decrypted = crypto.privateDecrypt(privateKey, encrypted);
console.log(decrypted.toString());

5.jesencrypt

Jesencrypt is a JavaScript-based RSA encryption library that can be used in browsers. Its usage is similar to the crypto module in Node.js. First, an RSA key pair needs to be generated:

const { generateKeyPair } = require('jesencrypt');

generateKeyPair().then(({ publicKey, privateKey }) => {
  console.log(publicKey);
  console.log(privateKey);
});

Next, the data can be encrypted using the public key:

const { encrypt } = require('jesencrypt');

const data = 'hello world';
encrypt(data, publicKey).then((encrypted) => {
  console.log(encrypted);
});

Decrypt the data using the private key:

const { decrypt } = require('jesencrypt');

const encrypted = '...';
decrypt(encrypted, privateKey).then((decrypted) => {
  console.log(decrypted);
});

Chapter 5: Webpack module packaging

1. The principle of webpack packaging

Webpack is a module packaging tool that can package multiple modules into one file for easy use in the browser. The packaging principle of Webpack is to package all modules into one or more bundle files, which can be resource files such as JavaScript, CSS, and images.

The packaging process of Webpack is divided into three stages :

• Parsing modules : Webpack will start from the entry file and recursively parse all dependent modules to form a dependency tree.

• Compile modules : Webpack will compile each module into an executable block of JavaScript code.

• Output files : Webpack will combine all JavaScript code blocks into one or more bundle files for easy use in the browser.

2. Webpack construction form

There are two construction forms of Webpack :

1) Command line form : Enter the webpack command through the command line to package all modules into one or more bundle files.

2) Configuration file form : Through the configuration file webpack.config.js, Webpack can be configured in more detail, including entry files, output files, module parsing rules, plug-ins, etc.

3. Globally export encryption functions

In Webpack, you can protect the security of JavaScript code by exporting encryption functions globally. The principle of exporting the encryption function globally is to encrypt the JavaScript code through an encryption algorithm, and then use the encrypted code as the return value of a function. This function can be called globally to protect the JavaScript code.

The implementation steps of global export encryption function are as follows :

• 1) Encrypt the JavaScript code that needs to be encrypted through an encryption algorithm.

• 2) Use the encrypted code as the return value of a function.

• 3) Export this function module.exportsso that it can be called globally.

The sample code is as follows:

const encrypt = require('encrypt');

const code = 'console.log("Hello, World!");';

const encryptedCode = encrypt(code);

module.exports = function() {
  return eval(encryptedCode);
};

In the above code, the encrypt function is an encryption function, which encrypts the JavaScript code and returns the encrypted code. Then, export the encrypted code module.exportsso that it can be called globally. Finally, the encrypted code is executed through the eval function.

Chapter 6: JS obfuscation

JavaScript obfuscation is a technique for compressing and obfuscating JavaScript code, which aims to increase the complexity and difficulty of the code, making it difficult for reverse engineers or hackers to crack and tamper with the code. The following is a detailed introduction from the three directions of JavaScript compression obfuscation principle, OB obfuscation features and OB obfuscation JavaScript.

1.JavaScript compression obfuscation principle

The purpose of JavaScript compression obfuscation is to reduce the file size, improve the loading speed, and also increase the security of the code to prevent malicious tampering or misappropriation. The principle of JavaScript compression obfuscation is mainly to reduce the file size by deleting useless spaces, comments, line breaks, etc., and at the same time increase the difficulty of the code by renaming variables, function names, etc., making the code difficult to understand and modify.

2. OB confusion feature

OB obfuscation is a common JavaScript obfuscation method. It is characterized by randomly renaming variables and function names in JavaScript code, making it difficult to understand and modify the code. The main features of OB obfuscation include:

• Random renaming of variables and function names: OB confusion will randomly rename variables and function names in JavaScript code, making it difficult to understand and modify the code.

• String encryption: OB obfuscation will encrypt strings in JavaScript code, making it difficult to understand and modify the code.

• Code structure obfuscation: OB obfuscation will obfuscate the structure in the JavaScript code, making the code difficult to understand and modify.

3. Detailed explanation of three directions of OB confusing JavaScript

Randomly rename variables and function names

OB confusion will randomly rename variables and function names in JavaScript code, making it difficult to understand and modify the code. This process can be achieved through the following steps:

• Traverse the JavaScript code to get all variables, function names and other identifiers.

• Generate random identifier names and replace existing identifier names with random names.

• Update all references to the identifier in your code to replace it with the new random name.

string encryption

OB obfuscation encrypts strings in JavaScript code, making it difficult to understand and modify the code. This process can be achieved through the following steps:

• Traverse the JavaScript code to get all the strings.

• To encrypt the string, you can use common encryption algorithms, such as Base64, AES, etc.

• Update all references to the string in your code to replace it with the encrypted string.

code structure obfuscation

OB obfuscation will obfuscate the structure in the JavaScript code, making the code difficult to understand and modify. This process can be achieved through the following steps:

• Divide the JavaScript code into chunks, and randomly sort the code in each chunk.

• The code in each block is randomly combined to generate a new code structure.

• Update all references to the block in the code to replace it with the new code structure.

In short, OB obfuscation is a common JavaScript obfuscation method, which can effectively increase code security and prevent malicious tampering or misappropriation. However, OB confusion will also increase the complexity and maintenance cost of the code, so it needs to be weighed in practical applications.

Chapter 7: Cookie anti-climbing processing

In the field of reptiles, websites usually use cookies for anti-crawling processing to identify crawlers and limit their access. Therefore, it is very important for crawler developers to understand the principles and techniques of cookie anti-crawling processing.

1. The principle of cookie encryption and decryption

In the HTTP protocol, cookies are passed through the Set-Cookie and Cookie headers. Websites usually encrypt or encode cookies to prevent malicious tampering or theft. Common encryption methods include Base64, MD5, SHA1, etc.

2. cookie and session mechanism

Cookie and session are two commonly used mechanisms in web development. A cookie is a small text file stored on the client side to store the user's identity information, browsing history, etc. The session is a data structure stored on the server side, which is used to store the user's session information. Usually, the server will store the session ID in the cookie to identify the user in subsequent requests.

3. cookie hook skills

Cookie hook is a commonly used anti-crawling technique, which can bypass the website's anti-crawling mechanism by modifying the value of cookies. Common cookie hook techniques include:

• Modify cookie values ​​to bypass website restrictions.
• Delete cookies to avoid being identified as crawlers by websites.
• Fake cookies to mimic normal user behavior.

4. acw_sc_v2 debugging

When performing cookie anti-climbing processing, the parameter acw_sc_v2 is often encountered. This parameter is an anti-crawling mechanism of Alibaba Cloud CDN, which is used to detect whether the request comes from a normal browser. If the request does not have the correct acw_sc_v2 parameter, the CDN will return a 403 error.

In order to solve this problem, we need to understand how acw_sc_v2 is generated and debugged.

Generation method of acw_sc_v2
The generation method of acw_sc_v2 parameters is relatively complicated, and some encryption algorithms are required. In general, generating acw_sc_v2 parameters requires the following steps:

• Get the current timestamp in milliseconds.

• Convert the timestamp to a hexadecimal string, and add 0 in front to make it 13 bits long.

• Concatenate the 13-digit timestamp string with a random string to get a new string.

• Perform MD5 encryption on the new string to get a 32-bit string.

• Take out the first 6 digits and the last 6 digits of the 32-bit string to obtain two 6-digit strings.

• Concatenate two 6-digit strings to get a 12-digit string, which is the value of the acw_sc_v2 parameter.

Debugging method of acw_sc_v2
When performing cookie anti-climbing processing, we need to debug the generation process of the acw_sc_v2 parameter so that the parameter can be generated correctly. Here are several debugging methods:

• Use browser developer tools

Open the target website in a browser and press the F12 key to open the developer tools. Find a request in the Network tab and view the request header information of the request. Generally speaking, the acw_sc_v2 parameter will appear in the Cookie field of the request header. Copy the Cookie field, and then use the MD5 encryption algorithm to encrypt it to obtain a 32-bit string. Finally follow the steps above to convert the 32-bit string to the value of the acw_sc_v2 parameter.

• use python script

The acw_sc_v2 parameters can be automatically generated using a Python script. Here is an example Python script:

import time
import random
import hashlib

def generate_acw_sc_v2():
    timestamp = str(int(time.time() * 1000))
    random_str = ''.join(random.sample('abcdefghijklmnopqrstuvwxyz0123456789', 6))
    new_str = timestamp + random_str
    md5_str = hashlib.md5(new_str.encode('utf-8')).hexdigest()
    acw_sc_v2 = md5_str[:6] + md5_str[-6:]
    return acw_sc_v2

The script generates a random value for the acw_sc_v2 parameter.

• use online tools

Some online tools can be found on the Internet that can help us generate acw_sc_v2 parameters

Chapter 9: AST Abstract Syntax Tree

AST (Abstract Syntax Tree) abstract syntax tree is a data structure that converts code into a tree structure, which can help us better understand the structure and meaning of code. In JavaScript, AST can be used for code analysis, code optimization, code obfuscation, etc.

The following is a detailed introduction to the application of AST from several directions: AST technology introduction, string and encoding restoration, evaluate method learning, JavaScript actual combat de-obfuscation.

1. Introduction to AST technology

AST is a data structure that converts code into a tree structure, which can help us better understand the structure and meaning of code. In JavaScript, AST can be used for code analysis, code optimization, code obfuscation, etc.

The AST generation process is generally divided into three steps: lexical analysis, syntax analysis, and AST construction. Lexical analysis decomposes the code into individual lexical units, grammatical analysis combines lexical units into a syntax tree, and AST construction converts the syntax tree into AST.

2. String and encoding restoration

In JavaScript, after the code is compressed and obfuscated, variable names, function names, etc. are often replaced with meaningless strings or codes. At this time, we need to restore these strings and encodings to the original variable names, function names, etc.

String restoration can be achieved by regular expressions or string replacement. The encoding restoration principle needs to be decoded according to the specific encoding method. Common encoding methods include Unicode encoding and Base64 encoding.

AST string and encoding reduction refers to the process of converting AST to string form and restoring string to AST. This process is very important in JavaScript code obfuscation and deobfuscation.

Here's a simple example showing how to convert an AST to a string:

const esprima = require('esprima');

const code = 'function add(a, b) { return a + b; }';
const ast = esprima.parseScript(code);

const astString = JSON.stringify(ast, null, 2);
console.log(astString);

In this example, we used the esprima library to parse the code into an AST. We then use the JSON.stringify method to convert the AST to a string and print it to the console.

The output is as follows:

{
  "type": "Program",
  "body": [
    {
      "type": "FunctionDeclaration",
      "id": {
        "type": "Identifier",
        "name": "add"
      },
      "params": [
        {
          "type": "Identifier",
          "name": "a"
        },
        {
          "type": "Identifier",
          "name": "b"
        }
      ],
      "body": {
        "type": "BlockStatement",
        "body": [
          {
            "type": "ReturnStatement",
            "argument": {
              "type": "BinaryExpression",
              "operator": "+",
              "left": {
                "type": "Identifier",
                "name": "a"
              },
              "right": {
                "type": "Identifier",
                "name": "b"
              }
            }
          }
        ]
      }
    }
  ],
  "sourceType": "script"
}

We can see that the AST is converted into a JSON string, where each node has a type attribute to indicate the type of the node. For example, FunctionDeclaration represents a function declaration, Identifier represents an identifier, BinaryExpression represents a binary expression, and so on.

Next, we'll cover how to restore a string to an AST.

const esprima = require('esprima');

const astString = `{
  "type": "Program",
  "body": [
    {
      "type": "FunctionDeclaration",
      "id": {
        "type": "Identifier",
        "name": "add"
      },
      "params": [
        {
          "type": "Identifier",
          "name": "a"
        },
        {
          "type": "Identifier",
          "name": "b"
        }
      ],
      "body": {
        "type": "BlockStatement",
        "body": [
          {
            "type": "ReturnStatement",
            "argument": {
              "type": "BinaryExpression",
              "operator": "+",
              "left": {
                "type": "Identifier",
                "name": "a"
              },
              "right": {
                "type": "Identifier",
                "name": "b"
              }
            }
          }
        ]
      }
    }
  ],
  "sourceType": "script"
}`;

const ast = JSON.parse(astString);
console.log(ast);

In this example, we assign the AST string directly to a variable. We then use the JSON.parse method to convert the string to an AST object and print it to the console.

The output is the same as the previous example and will not be repeated here.

In general, AST string and encoding reduction is a very important part of JavaScript code obfuscation and deobfuscation. Mastering this technique can help us better understand and deal with obfuscated code.

3.evaluate method learning

The evaluate method is a built-in function in JavaScript that can execute a string as code. In AST, we can execute code in AST nodes through evaluate method.

The use of the evaluate method is very simple, you only need to convert the code in the AST node into a string, and then pass it into the evaluate method. It should be noted that since the evaluate method will execute arbitrary code, you need to be cautious when using it to avoid executing malicious code.

4.JavaScript deobfuscation

In actual development, we often encounter code confusion. Code obfuscation can be achieved by compressing code, replacing variable names, encoding strings, etc., making the code difficult to read and understand.

During the deobfuscation process, AST can help us better understand the structure and meaning of the code, making it easier to restore the original code. Common de-obfuscation methods include string and encoding restoration, variable name restoration, function restoration, etc.

In summary, AST is a very useful technology that can help us better understand and process JavaScript code. In actual development, we can use AST to implement functions such as code analysis, code optimization, and code obfuscation, thereby improving code quality and security.

Chapter 10: Attack and Defense of JS Security Products

1. Swiss number

2.acw_sc_v2

Python resources suitable for zero-based learning and advanced people :
① Tencent certified python complete project practical tutorial notes PDF
② More than a dozen major factories python interview topics PDF
③ Python full set of video tutorials (zero-based-advanced JS reverse)
④ Hundreds A project + source code + notes
⑤ programming grammar - machine learning - full stack development - data analysis - reptiles - APP reverse and other full set of projects + documents