javascriptのObfuscator混淆 OR AST

最近安装一个网站模版，官网说是无互联网连接，但是点击后台任意功能会有向官网的请求；查找到对应js文件，代码大致如下：

试了网上的一些混淆解密不行，搜索了下关键字：

Function('return\x20(function()\x20' + '{}.constructor(\x22return\x20this\x22)(\x20)' + ');')();

发现是Obfuscator混淆，有解密网站,

期间看到一篇文章：js逆向-ast混淆还原 

将文中代码拷贝至解密网站：

var _0x2075 = ['wrw3EMKc', 'BBdBHWk=', 'wplgd8O5dHbDtFfDucK9CsOS', 'f8KvAcKewoDClg==', 'XcKowo9uOyfChw==', 'XcKowpRzOzDCgMKuw5vCtH8=', 'HmQkw5vDt8OIBDbCpMKdw6Aaw7HDmcKb', 'wpxzdMO4', 'R8KHF1k1w5A=', 'w4LDgcOowrjDhg==', 'w6RKw6PCmVDDpw==', 'w6DDgsKrCsK5wqAwKsOMTkPDilwgB241RVBIw6rCvwpWw5fCo8OSw59pBcK7UlrCucOZHy7DgsO5wpx5J8K5wqbCtMOMwqvCsiUFw5s4JGfDmwQPw7Fawq3CgXlkJyE=', 'VcObYsOHKcKpwpI=', 'KkZfcE52w77ChsKgUQ==', 'CmQsw57DvA==', 'YV7CscOYZg==', 'w5jDt8OUwr46w5c6LsKEPsO0', 'F8OUMQhRw78Q', 'YMKzeTvCpMKzHcKKGSjCj2dJwq3Cj3/ChsKSFVpMw4sZwrg9H8OLw4/DqUlhYlpaa8KYJsO5AcK2wqnCmGhEwqkbdMKKLsO/wpBFMcKlC8OvKUkXZ8KpBsOxw4XDk8K5w4Y6w7VZO8K/wojCqcO2wqQow5Z+w6dew7I3TMObw6Ykw7I=', 'Mk8Bw6QawqU=', 'wo5zw4vCkxvDuSBqwoENw7rCrF3DksKewoPDqMKHNSzCgcK2fcKxPMKbGcKwCW5GZWRpw6fDmgHCjXrCnXE3w4zDqlt3w64lw7JiworDi8Knw5YoW1LDlUbDpkEtGQPDnw==', 'w6lvdMKW', 'w7JFdsOhwrBqwrlMYcKVJRjCuMKQwpLDtMONwprCsMORw4BtRV0oeEQPCgAmMgx2'];
(function(_0xf486e7, _0x2075d7) {
    var _0x5c3a18 = function(_0x5b65b1) {
        while (--_0x5b65b1) {
            _0xf486e7['push'](_0xf486e7['shift']());
        }
    };
    _0x5c3a18(++_0x2075d7);
}(_0x2075, 0xa4));
var _0x5c3a = function(_0xf486e7, _0x2075d7) {
    _0xf486e7 = _0xf486e7 - 0x0;
    var _0x5c3a18 = _0x2075[_0xf486e7];
    if (_0x5c3a['vEVEZj'] === undefined) {
        (function() {
            var _0x2e1ca4;
            try {
                var _0x28e173 = Function('return\x20(function()\x20' + '{}.constructor(\x22return\x20this\x22)(\x20)' + ');');
                _0x2e1ca4 = _0x28e173();
            } catch (_0x16acc9) {
                _0x2e1ca4 = window;
            }
            var _0x16f958 = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';
            _0x2e1ca4['atob'] || (_0x2e1ca4['atob'] = function(_0x5a7812) {
                var _0x3c7e74 = String(_0x5a7812)['replace'](/=+$/, '');
                var _0x5e030c = '';
                for (var _0x4eaee2 = 0x0, _0x5954ef, _0x29200e, _0x5a128b = 0x0; _0x29200e = _0x3c7e74['charAt'](_0x5a128b++); ~_0x29200e && (_0x5954ef = _0x4eaee2 % 0x4 ? _0x5954ef * 0x40 + _0x29200e : _0x29200e,
                _0x4eaee2++ % 0x4) ? _0x5e030c += String['fromCharCode'](0xff & _0x5954ef >> (-0x2 * _0x4eaee2 & 0x6)) : 0x0) {
                    _0x29200e = _0x16f958['indexOf'](_0x29200e);
                }
                return _0x5e030c;
            }
            );
        }());
        var _0x3acf89 = function(_0x593a19, _0xfee22e) {
            var _0x1b5349 = [], _0x4ddb21 = 0x0, _0x28ed27, _0x4b4996 = '', _0xbdd0c6 = '';
            _0x593a19 = atob(_0x593a19);
            for (var _0x1d6343 = 0x0, _0x3f947e = _0x593a19['length']; _0x1d6343 < _0x3f947e; _0x1d6343++) {
                _0xbdd0c6 += '%' + ('00' + _0x593a19['charCodeAt'](_0x1d6343)['toString'](0x10))['slice'](-0x2);
            }
            _0x593a19 = decodeURIComponent(_0xbdd0c6);
            var _0x1a120c;
            for (_0x1a120c = 0x0; _0x1a120c < 0x100; _0x1a120c++) {
                _0x1b5349[_0x1a120c] = _0x1a120c;
            }
            for (_0x1a120c = 0x0; _0x1a120c < 0x100; _0x1a120c++) {
                _0x4ddb21 = (_0x4ddb21 + _0x1b5349[_0x1a120c] + _0xfee22e['charCodeAt'](_0x1a120c % _0xfee22e['length'])) % 0x100;
                _0x28ed27 = _0x1b5349[_0x1a120c];
                _0x1b5349[_0x1a120c] = _0x1b5349[_0x4ddb21];
                _0x1b5349[_0x4ddb21] = _0x28ed27;
            }
            _0x1a120c = 0x0;
            _0x4ddb21 = 0x0;
            for (var _0x585b7f = 0x0; _0x585b7f < _0x593a19['length']; _0x585b7f++) {
                _0x1a120c = (_0x1a120c + 0x1) % 0x100;
                _0x4ddb21 = (_0x4ddb21 + _0x1b5349[_0x1a120c]) % 0x100;
                _0x28ed27 = _0x1b5349[_0x1a120c];
                _0x1b5349[_0x1a120c] = _0x1b5349[_0x4ddb21];
                _0x1b5349[_0x4ddb21] = _0x28ed27;
                _0x4b4996 += String['fromCharCode'](_0x593a19['charCodeAt'](_0x585b7f) ^ _0x1b5349[(_0x1b5349[_0x1a120c] + _0x1b5349[_0x4ddb21]) % 0x100]);
            }
            return _0x4b4996;
        };
        _0x5c3a['HKkhxp'] = _0x3acf89;
        _0x5c3a['eabUGz'] = {};
        _0x5c3a['vEVEZj'] = !![];
    }
    var _0x5b65b1 = _0x5c3a['eabUGz'][_0xf486e7];
    if (_0x5b65b1 === undefined) {
        if (_0x5c3a['vszZjY'] === undefined) {
            _0x5c3a['vszZjY'] = !![];
        }
        _0x5c3a18 = _0x5c3a['HKkhxp'](_0x5c3a18, _0x2075d7);
        _0x5c3a['eabUGz'][_0xf486e7] = _0x5c3a18;
    } else {
        _0x5c3a18 = _0x5b65b1;
    }
    return _0x5c3a18;
};
var _0x2e1ca4 = function() {
    var _0x564fd8 = !![];
    return function(_0x157886, _0x3f8543) {
        var _0x3aa335 = _0x564fd8 ? function() {
            if (_0x3f8543) {
                var _0x35f411 = _0x3f8543[_0x5c3a('0x15', 'qqhd')](_0x157886, arguments);
                _0x3f8543 = null;
                return _0x35f411;
            }
        }
        : function() {}
        ;
        _0x564fd8 = ![];
        return _0x3aa335;
    }
    ;
}();
setInterval(function() {
    _0x3acf89();
}, 0xfa0);
(function() {
    _0x2e1ca4(this, function() {
        var _0x13f533 = new RegExp('function\x20*\x5c(\x20*\x5c)');
        var _0x28f488 = new RegExp(_0x5c3a('0x13', 'l02m'),'i');
        var _0x5783e7 = _0x3acf89('init');
        if (!_0x13f533['test'](_0x5783e7 + _0x5c3a('0xb', 'mvpW')) || !_0x28f488['test'](_0x5783e7 + _0x5c3a('0x6', 'S&fJ'))) {
            _0x5783e7('0');
        } else {
            _0x3acf89();
        }
    })();
}());
window = {};
window['atob'] = function(_0x44004e) {
    e = _0x5c3a('0x8', 'CwZq');
    var _0x2761c0 = String(_0x44004e)[_0x5c3a('0x9', 'F%XZ')](/=+$/, '');
    if (_0x2761c0[_0x5c3a('0x7', 'KMc0')] % 0x4 == 0x1)
        throw new t('\x27atob\x27\x20failed:\x20The\x20string\x20to\x20be\x20decoded\x20is\x20not\x20correctly\x20encoded.');
    for (var _0x3568b6, _0x228da4, _0x1076e1 = 0x0, _0x242bbc = 0x0, _0x5766d9 = ''; _0x228da4 = _0x2761c0['charAt'](_0x242bbc++); ~_0x228da4 && (_0x3568b6 = _0x1076e1 % 0x4 ? 0x40 * _0x3568b6 + _0x228da4 : _0x228da4,
    _0x1076e1++ % 0x4) ? _0x5766d9 += String[_0x5c3a('0x16', '%Fh)')](0xff & _0x3568b6 >> (-0x2 * _0x1076e1 & 0x6)) : 0x0)
        _0x228da4 = e[_0x5c3a('0xe', 'ivHf')](_0x228da4);
    return _0x5766d9;
}
window['btoa'] = function(_0x140387) {
    e = _0x5c3a('0x11', '1t8u');
    for (var _0x5a7683, _0x5c4afc, _0x414c71 = String(_0x140387), _0x3a865d = 0x0, _0x388744 = e, _0x171f9b = ''; _0x414c71[_0x5c3a('0x10', 'G%UZ')](0x0 | _0x3a865d) || (_0x388744 = '=',
    _0x3a865d % 0x1); _0x171f9b += _0x388744[_0x5c3a('0x5', '#%vS')](0x3f & _0x5a7683 >> 0x8 - _0x3a865d % 0x1 * 0x8)) {
        if (_0x5c4afc = _0x414c71[_0x5c3a('0xa', '(eE#')](_0x3a865d += 0.75),
        _0x5c4afc > 0xff)
            throw new t(_0x5c3a('0xf', '!zyq'));
        _0x5a7683 = _0x5a7683 << 0x8 | _0x5c4afc;
    }
    return _0x171f9b;
}
function _0x3acf89(_0x1a61bd) {
    function _0x50b4d2(_0x5c1045) {
        if (typeof _0x5c1045 === 'string') {
            return function(_0xaf1ee8) {}
            ['constructor'](_0x5c3a('0x3', 'mvpW'))[_0x5c3a('0xc', 'dtRw')](_0x5c3a('0x1', 'g1Ep'));
        } else {
            if (('' + _0x5c1045 / _0x5c1045)['length'] !== 0x1 || _0x5c1045 % 0x14 === 0x0) {
                (function() {
                    return !![];
                }
                ['constructor']('debu' + 'gger')[_0x5c3a('0x4', '%Fh)')](_0x5c3a('0x0', 'zu[n')));
            } else {
                (function() {
                    return ![];
                }
                [_0x5c3a('0x2', 'g1Ep')](_0x5c3a('0x12', 'LPae') + _0x5c3a('0x14', 'N5*X'))['apply'](_0x5c3a('0xd', 'qOO9')));
            }
        }
        _0x50b4d2(++_0x5c1045);
    }
    try {
        if (_0x1a61bd) {
            return _0x50b4d2;
        } else {
            _0x50b4d2(0x0);
        }
    } catch (_0x524e63) {}
}
 

结果：

window = {};
window.atob = function (_0x44004e) {
    e = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
    var _0x2761c0 = String(_0x44004e).replace(/=+$/, "");
    if (_0x2761c0.length % 4 == 1)
        throw new t("'atob' failed: The string to be decoded is not correctly encoded.");
    for (var _0x3568b6, _0x228da4, _0x1076e1 = 0, _0x242bbc = 0, _0x5766d9 = ""; _0x228da4 = _0x2761c0.charAt(_0x242bbc++); ~_0x228da4 && (_0x3568b6 = _0x1076e1 % 4 ? 64 * _0x3568b6 + _0x228da4 : _0x228da4, _0x1076e1++ % 4) ? _0x5766d9 += String.fromCharCode(255 & _0x3568b6 >> (-2 * _0x1076e1 & 6)) : 0)
        _0x228da4 = e.indexOf(_0x228da4);
    return _0x5766d9;
};
window.btoa = function (_0x140387) {
    e = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
    for (var _0x5a7683, _0x5c4afc, _0x414c71 = String(_0x140387), _0x3a865d = 0, _0x171f9b = ""; _0x414c71.charAt(0 | _0x3a865d) || (e = "=", _0x3a865d % 1); _0x171f9b += e.charAt(63 & _0x5a7683 >> 8 - _0x3a865d % 1 * 8)) {
        if (_0x5c4afc = _0x414c71.charCodeAt(_0x3a865d += 0.75), _0x5c4afc > 255)
            throw new t("'btoa' failed: The string to be encoded contains characters outside of the Latin1 range.");
        _0x5a7683 = _0x5a7683 << 8 | _0x5c4afc;
    }
    return _0x171f9b;
};

该处提示（我遇到的js代码是解出来了）：

'atob' failed: The string to be decoded is not correctly encoded

'btoa' failed: The string to be encoded contains characters outside of the Latin1 range.

继续参考：

最新js解密方法

问题点
这个JS加密在NodeJs环境下运行会报错，window对象找不到，这个比较好解决，直接var window = global;就行了，随后又报错，atob方法找不到。

由此可以分析出，由于nodejs中没有window对象，只有global，而global中又没有atob方法。

解决方法
window内置的atob和btoa其实就是Base64的加密解密方法，我们自己用js写一个Base64就行了，之前的文章中也有写过，代码可以在往期文章中找。

obfuscator加密工具:https://www.obfuscator.io/: