2018년 6월 21일 목요일

자바스크립트 난독화 사이트



브라우저에서 파싱되는 자바스크립트의 특성상 소스를 감출수는 없고, 차선책으로 난독화 과정을 거쳐 분석하기 어렵게 한다.

1. 데드코드 삽입, 개발자 모드 사용금지, 도메인에 한정해서 실행등 많은 옵션을 적용해서 만들수 있다.
2. 말그대로 난독화로 사람이 읽고 분석하기 어렵게 만드는 과정으로 완벽하게 막을수는 없다.

3. 난독화 된 코드는 정확하게 원본소스로 변환이 불가능 하다.

https://obfuscator.io/

원본 코드를 아래와 같은 코드로 변경하지만 기능은 동일하다.

#원본
// Paste your JavaScript code here
function hi() {
  console.log("Hello World!");
}
hi();

#변환
var _0x3a63=['I0lBw78/','w6/CicK2w6PCpA==','wqDCq8Kiw7HDuQ==','w4o/wpp5bMOGwqk=','w7QVw6zDoDnDvsO0','ccOLwpwX','wowfdlYhw4fDrw==','wpLCvG86w5I=','BsObwpUqDUnDoA==','GDvDicKF','woHChsKEVcKuw43Cig==','wopZwrvDtcKSGcO1w7wj','bDvDv8KjQ8KPLQ==','wopOYyvCng==','wpkHTMOlfkQ0w43ChG1Mw74=','wqPDniVZGiw=','EcK4TMKswprClSVYw5LDlsKKwp9tLkU=','B8KgVcKswoY=','BcK/UMKuwovDkH8=','ZR7DnsKgaw==','bW1mw7YM','wrzDvQfCmsOMEsOoTcOEw6QRGwnDusO1LA==','wojCoMOaCcOyc8OUwrx9UXMDw6IpHicuwqFxWV3Ct8KUfcO5TcObw6XCqEfDt8KfQizCtV48w7c2GV0EaT7CjMKiwqvCjsKKGRjDvFXCn3zDqQvDuVUqRMKC','wp3DlMOTwpY=','wozDg8OBbA==','w7zDgQJCWQ==','w5vDo8KqwpY=','wrgMUMO8ZQ==','FsOuasOhw7bCvg==','wqtawpkzUA==','wpjCv2YDw6A=','wpvDicOca2rCpsOlw7XDi8KPw7k=','wqJtwpXCgQ==','wowRdEk=','w7YZw7bDujnDvA==','w4jDocK8wpA=','wo5RwqjDvMKb','OgI0X8KM','wq/CisKIw47DsA==','wpbDvSTCvMOa','w5sPw4/DljQ=','wohJwrjCnQ4=','w6HCp8OWSD4=','wrJdwoAR','wqFZwpAKYg==','M8KdwqvCiw==','Xl9pw5vDkQ==','w7rDkQBOR8ORwpHCjcO8','wqUQQcOqdA==','wrLCjWwWw7o=','F8O+wpbChQ==','XEp+w4Y=','woxAwrTDvA==','w4ttw67CucOawow=','MsOYTBrCgA==','w6cCw6TDizs=','woXDt0nCsx/Ci8KywrPCqDLDq0vCucK1w4vChw==','wobCozXDksKYUcKvHMOewpF9SwHDr8KTXsO6DFBmfMOXw47DlkxGCwtGw47DpALCksO2esOZKzHCv8KWfGA+AsK5w6RaDy/DmMOzw44Cwr8vwqjDqXIXwrzCm8KH','OcOHTgU=','JAI/Wg==','wqDDrsO1Vg==','w7bDhxNeQw==','a2Vmw7kK','w7jCtMKkw5jCng==','w4LDjQrDpsKX','clJOw6gb','wpd1w7JQwrU=','BMOuwpjCscKc','w5A0w7HDqTs=','KcKGZRt7','J8Otw7nDn8KG','wpHDp1PCpRnCjMO9w7XDrm3DmQDDrcO2w7jDgMKBw64U','wo/Dh8KUwoF/UXDCokkjw5DCtUUow5hxwpgtw5tQwprCgmTDrXtSJUnCsQF8Sg==','wpRcw7bDs8KNA8Ovw6c/wofCgkTDnQ7Cm8O/wr9bKsOrEFrCvhbDgBvDrlrDrnlGPQ==','wqLCtMK8w67Dr8O1HA==','wpfCqBY=','wpgRaks=','w45rw7jCpcOS','wr3DpcOgTQ==','Q8OwAsODIA==','NcORRBTCkkzDiSFq','L2lIw5Qo'];(function(_0x42ac9e,_0x6d123a){var _0x1e92b0=function(_0x2bad80){while(--_0x2bad80){_0x42ac9e['push'](_0x42ac9e['shift']());}};var _0x4b9b53=function(){var _0x1bea76={'data':{'key':'cookie','value':'timeout'},'setCookie':function(_0xd8186b,_0xa3e39,_0x5801e2,_0x1f9711){_0x1f9711=_0x1f9711||{};var _0x310882=_0xa3e39+'='+_0x5801e2;var _0x34a1e3=0x0;for(var _0x34a1e3=0x0,_0x10550f=_0xd8186b['length'];_0x34a1e3<_0x10550f;_0x34a1e3++){var _0x16c7a9=_0xd8186b[_0x34a1e3];_0x310882+=';\x20'+_0x16c7a9;var _0x4e9bf2=_0xd8186b[_0x16c7a9];_0xd8186b['push'](_0x4e9bf2);_0x10550f=_0xd8186b['length'];if(_0x4e9bf2!==!![]){_0x310882+='='+_0x4e9bf2;}}_0x1f9711['cookie']=_0x310882;},'removeCookie':function(){return'dev';},'getCookie':function(_0x51a436,_0xb781e){_0x51a436=_0x51a436||function(_0x423630){return _0x423630;};var _0xb8430=_0x51a436(new RegExp('(?:^|;\x20)'+_0xb781e['replace'](/([.$?*|{}()[]\/+^])/g,'$1')+'=([^;]*)'));var _0x1d3593=function(_0x3d4888,_0x58224f){_0x3d4888(++_0x58224f);};_0x1d3593(_0x1e92b0,_0x6d123a);return _0xb8430?decodeURIComponent(_0xb8430[0x1]):undefined;}};var _0x3dcecb=function(){var _0x1cee26=new RegExp('\x5cw+\x20*\x5c(\x5c)\x20*{\x5cw+\x20*[\x27|\x22].+[\x27|\x22];?\x20*}');return _0x1cee26['test'](_0x1bea76['removeCookie']['toString']());};_0x1bea76['updateCookie']=_0x3dcecb;var _0x40dcfd='';var _0x11bf15=_0x1bea76['updateCookie']();if(!_0x11bf15){_0x1bea76['setCookie'](['*'],'counter',0x1);}else if(_0x11bf15){_0x40dcfd=_0x1bea76['getCookie'](null,'counter');}else{_0x1bea76['removeCookie']();}};_0x4b9b53();}(_0x3a63,0xd5));var _0x3320=function(_0x545c6e,_0x52022b){_0x545c6e=_0x545c6e-0x0;var _0x276db7=_0x3a63[_0x545c6e];if(_0x3320['gEvxyw']===undefined){(function(){var _0x34604b;try{var _0x4125d3=Function('return\x20(function()\x20'+'{}.constructor(\x22return\x20this\x22)(\x20)'+');');_0x34604b=_0x4125d3();}catch(_0x1e06f0){_0x34604b=window;}var _0x36026a='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';_0x34604b['atob']||(_0x34604b['atob']=function(_0x213c38){var _0x19ab8c=String(_0x213c38)['replace'](/=+$/,'');for(var _0x14bc98=0x0,_0xfc04ac,_0x36e0c8,_0x4090a6=0x0,_0x5c012c='';_0x36e0c8=_0x19ab8c['charAt'](_0x4090a6++);~_0x36e0c8&&(_0xfc04ac=_0x14bc98%0x4?_0xfc04ac*0x40+_0x36e0c8:_0x36e0c8,_0x14bc98++%0x4)?_0x5c012c+=String['fromCharCode'](0xff&_0xfc04ac>>(-0x2*_0x14bc98&0x6)):0x0){_0x36e0c8=_0x36026a['indexOf'](_0x36e0c8);}return _0x5c012c;});}());var _0x1c8d5d=function(_0x559954,_0x2bed34){var _0x2d4e8c=[],_0x5ebcb2=0x0,_0x4f6caf,_0x3c148d='',_0x1c754d='';_0x559954=atob(_0x559954);for(var _0x3b10f1=0x0,_0x2cafc2=_0x559954['length'];_0x3b10f1<_0x2cafc2;_0x3b10f1++){_0x1c754d+='%'+('00'+_0x559954['charCodeAt'](_0x3b10f1)['toString'](0x10))['slice'](-0x2);}_0x559954=decodeURIComponent(_0x1c754d);for(var _0x4fd9aa=0x0;_0x4fd9aa<0x100;_0x4fd9aa++){_0x2d4e8c[_0x4fd9aa]=_0x4fd9aa;}for(_0x4fd9aa=0x0;_0x4fd9aa<0x100;_0x4fd9aa++){_0x5ebcb2=(_0x5ebcb2+_0x2d4e8c[_0x4fd9aa]+_0x2bed34['charCodeAt'](_0x4fd9aa%_0x2bed34['length']))%0x100;_0x4f6caf=_0x2d4e8c[_0x4fd9aa];_0x2d4e8c[_0x4fd9aa]=_0x2d4e8c[_0x5ebcb2];_0x2d4e8c[_0x5ebcb2]=_0x4f6caf;}_0x4fd9aa=0x0;_0x5ebcb2=0x0;for(var _0x41b35c=0x0;_0x41b35c<_0x559954['length'];_0x41b35c++){_0x4fd9aa=(_0x4fd9aa+0x1)%0x100;_0x5ebcb2=(_0x5ebcb2+_0x2d4e8c[_0x4fd9aa])%0x100;_0x4f6caf=_0x2d4e8c[_0x4fd9aa];_0x2d4e8c[_0x4fd9aa]=_0x2d4e8c[_0x5ebcb2];_0x2d4e8c[_0x5ebcb2]=_0x4f6caf;_0x3c148d+=String['fromCharCode'](_0x559954['charCodeAt'](_0x41b35c)^_0x2d4e8c[(_0x2d4e8c[_0x4fd9aa]+_0x2d4e8c[_0x5ebcb2])%0x100]);}return _0x3c148d;};_0x3320['FLppFo']=_0x1c8d5d;_0x3320['ztFKQM']={};_0x3320['gEvxyw']=!![];}var _0x42a34e=_0x3320['ztFKQM'][_0x545c6e];if(_0x42a34e===undefined){if(_0x3320['tEraju']===undefined){var _0x41f9b1=function(_0x5c74f2){this['HgYOYw']=_0x5c74f2;this['VwOxJf']=[0x1,0x0,0x0];this['dYurJN']=function(){return'newState';};this['IcCqXP']='\x5cw+\x20*\x5c(\x5c)\x20*{\x5cw+\x20*';this['gdWaxi']='[\x27|\x22].+[\x27|\x22];?\x20*}';};_0x41f9b1['prototype']['pqDZyM']=function(){var _0x27af8c=new RegExp(this['IcCqXP']+this['gdWaxi']);var _0x485a77=_0x27af8c['test'](this['dYurJN']['toString']())?--this['VwOxJf'][0x1]:--this['VwOxJf'][0x0];return this['FEQwvg'](_0x485a77);};_0x41f9b1['prototype']['FEQwvg']=function(_0x14d65c){if(!Boolean(~_0x14d65c)){return _0x14d65c;}return this['SGAxLE'](this['HgYOYw']);};_0x41f9b1['prototype']['SGAxLE']=function(_0x4bbc62){for(var _0x4f7bcd=0x0,_0xf5e525=this['VwOxJf']['length'];_0x4f7bcd<_0xf5e525;_0x4f7bcd++){this['VwOxJf']['push'](Math['round'](Math['random']()));_0xf5e525=this['VwOxJf']['length'];}return _0x4bbc62(this['VwOxJf'][0x0]);};new _0x41f9b1(_0x3320)['pqDZyM']();_0x3320['tEraju']=!![];}_0x276db7=_0x3320['FLppFo'](_0x276db7,_0x52022b);_0x3320['ztFKQM'][_0x545c6e]=_0x276db7;}else{_0x276db7=_0x42a34e;}return _0x276db7;};function hi(){var _0xd7670b=function(){var _0x2d2bfb=!![];return function(_0x4c3732,_0x4c61f8){var _0x2c03e6=_0x2d2bfb?function(){if(_0x4c61f8){var _0x31a423=_0x4c61f8['apply'](_0x4c3732,arguments);_0x4c61f8=null;return _0x31a423;}}:function(){};_0x2d2bfb=![];return _0x2c03e6;};}();var _0x3f3459=_0xd7670b(this,function(){var _0x28f491=function(){return'\x64\x65\x76';},_0x4d037d=function(){return'\x77\x69\x6e\x64\x6f\x77';};var _0x3defa3=function(){var _0x1757e6=new RegExp('\x5c\x77\x2b\x20\x2a\x5c\x28\x5c\x29\x20\x2a\x7b\x5c\x77\x2b\x20\x2a\x5b\x27\x7c\x22\x5d\x2e\x2b\x5b\x27\x7c\x22\x5d\x3b\x3f\x20\x2a\x7d');return!_0x1757e6['\x74\x65\x73\x74'](_0x28f491['\x74\x6f\x53\x74\x72\x69\x6e\x67']());};var _0x4d62b6=function(){var _0x4a1bd1=new RegExp('\x28\x5c\x5c\x5b\x78\x7c\x75\x5d\x28\x5c\x77\x29\x7b\x32\x2c\x34\x7d\x29\x2b');return _0x4a1bd1['\x74\x65\x73\x74'](_0x4d037d['\x74\x6f\x53\x74\x72\x69\x6e\x67']());};var _0x42ed93=function(_0x117fcc){var _0x47b861=~-0x1>>0x1+0xff%0x0;if(_0x117fcc['\x69\x6e\x64\x65\x78\x4f\x66']('\x69'===_0x47b861)){_0x4163e4(_0x117fcc);}};var _0x4163e4=function(_0x523fde){var _0x2df505=~-0x4>>0x1+0xff%0x0;if(_0x523fde['\x69\x6e\x64\x65\x78\x4f\x66']((!![]+'')[0x3])!==_0x2df505){_0x42ed93(_0x523fde);}};if(!_0x3defa3()){if(!_0x4d62b6()){_0x42ed93('\x69\x6e\x64\u0435\x78\x4f\x66');}else{_0x42ed93('\x69\x6e\x64\x65\x78\x4f\x66');}}else{_0x42ed93('\x69\x6e\x64\u0435\x78\x4f\x66');}});_0x3f3459();var _0x348a39=function(){if(_0x3320('0x0','ln0R')==='eVpHy'){(function(){return!![];}['constructor'](_0x3320('0x1','r@Mx')+_0x3320('0x2','0ydc'))[_0x3320('0x3','%gR#')](_0x3320('0x4','pXvZ')));}else{var _0x28bbb0=!![];return function(_0x3c791a,_0x343312){var _0x153b9d=_0x28bbb0?function(){if(_0x343312){var _0x1c676f=_0x343312['apply'](_0x3c791a,arguments);_0x343312=null;return _0x1c676f;}}:function(){};_0x28bbb0=![];return _0x153b9d;};}}();(function(){_0x348a39(this,function(){if(_0x3320('0x5','z#U]')===_0x3320('0x6','bxru')){if(fn){var _0x2187fb=fn['apply'](context,arguments);fn=null;return _0x2187fb;}}else{var _0xab3e54=new RegExp(_0x3320('0x7','Sdkx'));var _0x4c1584=new RegExp(_0x3320('0x8','hdL9'),'i');var _0x2ed4af=_0x583387(_0x3320('0x9','z#U]'));if(!_0xab3e54[_0x3320('0xa','CCj%')](_0x2ed4af+'chain')||!_0x4c1584[_0x3320('0xb','tF&@')](_0x2ed4af+_0x3320('0xc','ncCH'))){_0x2ed4af('0');}else{if(_0x3320('0xd','@CW!')!==_0x3320('0xe','y#$3')){_0x583387();}else{return debuggerProtection;}}}})();}());var _0x1136b0=function(){if(_0x3320('0xf','&hvK')!==_0x3320('0x10','@CW!')){var _0x5a7d1a=!![];return function(_0x3e89df,_0x3a811a){if(_0x3320('0x11','L#^N')!==_0x3320('0x12','r@Mx')){return![];}else{var _0x20a717=_0x5a7d1a?function(){if(_0x3a811a){if(_0x3320('0x13','bxru')==='lmnfM'){var _0x17b295=_0x5a7d1a?function(){if(_0x3a811a){var _0x115582=_0x3a811a[_0x3320('0x14','3Y]Q')](_0x3e89df,arguments);_0x3a811a=null;return _0x115582;}}:function(){};_0x5a7d1a=![];return _0x17b295;}else{var _0x335908=_0x3a811a[_0x3320('0x15','43da')](_0x3e89df,arguments);_0x3a811a=null;return _0x335908;}}}:function(){};_0x5a7d1a=![];return _0x20a717;}};}else{var _0x310479=Function(_0x3320('0x16','Sdkx')+_0x3320('0x17','Wxvp')+');');that=_0x310479();}}();var _0x5bf9f1=_0x1136b0(this,function(){var _0x653a40=function(){};var _0x3fe7e8;try{var _0x1da9dd=Function('return\x20(function()\x20'+_0x3320('0x18','%gR#')+');');_0x3fe7e8=_0x1da9dd();}catch(_0x4463c8){_0x3fe7e8=window;}if(!_0x3fe7e8['console']){_0x3fe7e8[_0x3320('0x19','KYzw')]=function(_0x6b7608){var _0x42bc84={};_0x42bc84[_0x3320('0x1a','c$yR')]=_0x6b7608;_0x42bc84[_0x3320('0x1b','JxjS')]=_0x6b7608;_0x42bc84[_0x3320('0x1c','pXvZ')]=_0x6b7608;_0x42bc84[_0x3320('0x1d','tF&@')]=_0x6b7608;_0x42bc84[_0x3320('0x1e','xqg4')]=_0x6b7608;_0x42bc84[_0x3320('0x1f','z#U]')]=_0x6b7608;_0x42bc84[_0x3320('0x20','4wBf')]=_0x6b7608;return _0x42bc84;}(_0x653a40);}else{if(_0x3320('0x21','4wBf')!==_0x3320('0x22','y#$3')){if(fn){var _0x21e0ca=fn[_0x3320('0x23','KYzw')](context,arguments);fn=null;return _0x21e0ca;}}else{_0x3fe7e8[_0x3320('0x24','$[#2')]['log']=_0x653a40;_0x3fe7e8[_0x3320('0x25','bxru')][_0x3320('0x26','Q^TI')]=_0x653a40;_0x3fe7e8[_0x3320('0x27','JxjS')][_0x3320('0x28','ln0R')]=_0x653a40;_0x3fe7e8[_0x3320('0x29','3bj1')][_0x3320('0x2a','R)WE')]=_0x653a40;_0x3fe7e8[_0x3320('0x2b','yiOq')]['error']=_0x653a40;_0x3fe7e8['console'][_0x3320('0x2c','%gR#')]=_0x653a40;_0x3fe7e8[_0x3320('0x2d','%Df*')][_0x3320('0x2e','S9S^')]=_0x653a40;}}});_0x5bf9f1();console['log'](_0x3320('0x2f','!Dpl'));}hi();function _0x583387(_0x1bc465){function _0x484f13(_0x1ecae0){if(typeof _0x1ecae0===_0x3320('0x30','C!2*')){return function(_0x264602){}['constructor'](_0x3320('0x31','eOE9'))[_0x3320('0x32','eOE9')](_0x3320('0x33','eOE9'));}else{if(_0x3320('0x34','%Df*')===_0x3320('0x35','@CW!')){var _0x25f4fc=new RegExp(_0x3320('0x36','hdL9'));var _0xb740d0=new RegExp(_0x3320('0x37','tF&@'),'i');var _0x460d57=_0x583387(_0x3320('0x38','Wxvp'));if(!_0x25f4fc[_0x3320('0x39',']F3C')](_0x460d57+_0x3320('0x3a','ncCH'))||!_0xb740d0[_0x3320('0x3b','gaPn')](_0x460d57+_0x3320('0x3c','!Dpl'))){_0x460d57('0');}else{_0x583387();}}else{if((''+_0x1ecae0/_0x1ecae0)[_0x3320('0x3d','4F[f')]!==0x1||_0x1ecae0%0x14===0x0){if(_0x3320('0x3e','Fdcd')!==_0x3320('0x3f','ln0R')){result('0');}else{(function(){return!![];}[_0x3320('0x40',']F3C')](_0x3320('0x41','5P2f')+'gger')[_0x3320('0x42','JxjS')](_0x3320('0x43','bxru')));}}else{(function(){return![];}['constructor'](_0x3320('0x1','r@Mx')+_0x3320('0x44','gaPn'))[_0x3320('0x45','%gR#')]('stateObject'));}}}_0x484f13(++_0x1ecae0);}try{if(_0x3320('0x46','CCj%')!==_0x3320('0x47','KYzw')){if(_0x1bc465){if(_0x3320('0x48','hdL9')===_0x3320('0x49','bxru')){return _0x484f13;}else{var _0x2c207e=fn['apply'](context,arguments);fn=null;return _0x2c207e;}}else{if(_0x3320('0x4a','5P2f')===_0x3320('0x4b','[*&w')){_0x484f13(0x0);}else{_0x484f13(0x0);}}}else{that['console']=function(_0x554853){var _0x1f5575={};_0x1f5575['log']=_0x554853;_0x1f5575[_0x3320('0x4c','Fdcd')]=_0x554853;_0x1f5575[_0x3320('0x4d','Fdcd')]=_0x554853;_0x1f5575[_0x3320('0x4e','R#Y2')]=_0x554853;_0x1f5575[_0x3320('0x4f','0ydc')]=_0x554853;_0x1f5575[_0x3320('0x50','ncCH')]=_0x554853;_0x1f5575[_0x3320('0x51','!Dpl')]=_0x554853;return _0x1f5575;}(func);}}catch(_0x13dfa5){}}

2018년 6월 18일 월요일

IP로 검색엔진 진짜 봇인지 확인하기(구글,빙)

사이트에 과도한 트래픽 발생 시 웹서버의 access로그를 확인하게 되는데, 검색엔진(구글, 빙 ...)의 경우에 사이트 규모에 따라 하루에 수백페이지 부터 수십만 페이지를 봇을 통해 크롤링한다.


access 로그에 남긴 유저에이전트의 경우 얼마든지 조작이 가능하기 때문에 공식 아이피인지 확인 하는 방법이다.

빙(bing)의 경우 빙웹마스터 도구에 접속해서
진단 및 도구 > Bing bot 확인 에서 아이피를 검색해서 빙봇유무를 확인할 수 있다.


구글의 경우에는 다음과 같이 조회할 수 있다.

간단하게 
1. host 명령어로 ip주소에 대해서 DNS조회
2. 도메인 이름 확인(googlebot.com 또는 google.com)
3. 검색된 순DNS에 원래 IP주소 동일 한지 확인 하는 방법이다.

윈도우 cmd창에서 실행하려면 host명령어 대신 nslookup 명령어를 사용한다. 비교하는 방법은 동일하다.