番剧百科某天,在鼓捣一个ems系统,想用来做成新闻资讯类网站。弄了好多天,各个框架和结构都差不多了,重新调整了结构,一个偶然的机会,发现搜索框点击的时候不能自动清空先前的内容,于是想添加一段js代码去修改,找了半天,没有看到一个类似main.js的网站通用js代码,倒是发现一个奇怪的js文件,并且是加密的,这肯定引起了我的兴趣哈。看看这段代码。
var _0xdf49=["x75x73x65x20x73x74x72x69x63x74","x70x72x6Fx74x6Fx74x79x70x65","","x3Cx69x20x63x6Cx61x73x73x3Dx22x61x75x69x2Dx69x63x6Fx6Ex66x6Fx6Ex74x20x61x75x69x2Dx69x63x6Fx6Ex2Dx63x6Fx72x72x65x63x74x22x3Ex3Cx2Fx69x3E","x73x75x63x63x65x73x73","x3Cx69x20x63x6Cx61x73x73x3Dx22x61x75x69x2Dx69x63x6Fx6Ex66x6Fx6Ex74x20x61x75x69x2Dx69x63x6Fx6Ex2Dx63x6Cx6Fx73x65x22x3Ex3Cx2Fx69x3E","x66x61x69x6C","x68x74x6Dx6C","x63x75x73x74x6Fx6D","x3Cx64x69x76x20x63x6Cx61x73x73x3Dx22x61x75x69x2Dx74x6Fx61x73x74x2Dx6Cx6Fx61x64x69x6Ex67x22x3Ex3Cx2Fx64x69x76x3E","x6Cx6Fx61x64x69x6Ex67","x74x79x70x65","x74x69x74x6Cx65","x3Cx64x69x76x20x63x6Cx61x73x73x3Dx22x61x75x69x2Dx74x6Fx61x73x74x2Dx63x6Fx6Ex74x65x6Ex74x22x3E","x3Cx2Fx64x69x76x3E","x3Cx64x69x76x20x63x6Cx61x73x73x3Dx22x61x75x69x2Dx74x6Fx61x73x74x22x3E","x2Ex61x75x69x2Dx74x6Fx61x73x74","x71x75x65x72x79x53x65x6Cx65x63x74x6Fx72","x62x65x66x6Fx72x65x65x6Ex64","x69x6Ex73x65x72x74x41x64x6Ax61x63x65x6Ex74x48x54x4Dx4C","x62x6Fx64x79","x64x75x72x61x74x69x6Fx6E","x32x30x30x30","x73x68x6Fx77","x68x69x64x65","x64x69x73x70x6Cx61x79","x73x74x79x6Cx65","x62x6Cx6Fx63x6B","x6Dx61x72x67x69x6Ex54x6Fx70","x2D","x6Fx66x66x73x65x74x48x65x69x67x68x74","x72x6Fx75x6Ex64","x70x78","x72x65x6Dx6Fx76x65x43x68x69x6Cx64","x70x61x72x65x6Ex74x4Ex6Fx64x65","x2Ex61x75x69x2Dx64x69x61x6Cx6Fx67","x2Ex61x75x69x2Dx6Dx61x73x6B","x61x75x69x2Dx6Dx61x73x6Bx2Dx6Fx75x74","x72x65x6Dx6Fx76x65","x63x6Cx61x73x73x4Cx69x73x74","x63x72x65x61x74x65","x61x75x69x54x6Fx61x73x74"];(function(_0x16cdx1,_0x16cdx2){_0xdf49[0];var _0x16cdx3=function(){};var _0x16cdx4=false;_0x16cdx3[_0xdf49[1]]= {create:function(_0x16cdx5,_0x16cdx6){var _0x16cdx7=this;var _0x16cdx8=_0xdf49[2];switch(_0x16cdx5[_0xdf49[11]]){case _0xdf49[4]:var _0x16cdx9=_0xdf49[3];break;case _0xdf49[6]:var _0x16cdx9=_0xdf49[5];break;case _0xdf49[8]:var _0x16cdx9=_0x16cdx5[_0xdf49[7]];break;case _0xdf49[10]:var _0x16cdx9=_0xdf49[9];break};var _0x16cdxa=_0x16cdx5[_0xdf49[12]]?_0xdf49[13]+ _0x16cdx5[_0xdf49[12]]+ _0xdf49[14]:_0xdf49[2];_0x16cdx8= _0xdf49[15]+ _0x16cdx9+ _0x16cdxa+ _0xdf49[14];if(document[_0xdf49[17]](_0xdf49[16])){return};document[_0xdf49[20]][_0xdf49[19]](_0xdf49[18],_0x16cdx8);var _0x16cdxb=_0x16cdx5[_0xdf49[21]]?_0x16cdx5[_0xdf49[21]]:_0xdf49[22];_0x16cdx7[_0xdf49[23]]();if(_0x16cdx5[_0xdf49[11]]== _0xdf49[10]){if(_0x16cdx6){_0x16cdx6({status:_0xdf49[4]})}}else {setTimeout(function(){_0x16cdx7[_0xdf49[24]]()},_0x16cdxb)}},show:function(){var _0x16cdx7=this;document[_0xdf49[17]](_0xdf49[16])[_0xdf49[26]][_0xdf49[25]]= _0xdf49[27];document[_0xdf49[17]](_0xdf49[16])[_0xdf49[26]][_0xdf49[28]]= _0xdf49[29]+ Math[_0xdf49[31]](document[_0xdf49[17]](_0xdf49[16])[_0xdf49[30]]/ 2)+ _0xdf49[32];if(document[_0xdf49[17]](_0xdf49[16])){return}},hide:function(){var _0x16cdx7=this;if(document[_0xdf49[17]](_0xdf49[16])){document[_0xdf49[17]](_0xdf49[16])[_0xdf49[34]][_0xdf49[33]](document[_0xdf49[17]](_0xdf49[16]))}},remove:function(){if(document[_0xdf49[17]](_0xdf49[35])){document[_0xdf49[17]](_0xdf49[35])[_0xdf49[34]][_0xdf49[33]](document[_0xdf49[17]](_0xdf49[35]))};if(document[_0xdf49[17]](_0xdf49[36])){document[_0xdf49[17]](_0xdf49[36])[_0xdf49[39]][_0xdf49[38]](_0xdf49[37])};return true},success:function(_0x16cdx5,_0x16cdx6){var _0x16cdx7=this;_0x16cdx5[_0xdf49[11]]= _0xdf49[4];return _0x16cdx7[_0xdf49[40]](_0x16cdx5,_0x16cdx6)},fail:function(_0x16cdx5,_0x16cdx6){var _0x16cdx7=this;_0x16cdx5[_0xdf49[11]]= _0xdf49[6];return _0x16cdx7[_0xdf49[40]](_0x16cdx5,_0x16cdx6)},custom:function(_0x16cdx5,_0x16cdx6){var _0x16cdx7=this;_0x16cdx5[_0xdf49[11]]= _0xdf49[8];return _0x16cdx7[_0xdf49[40]](_0x16cdx5,_0x16cdx6)},loading:function(_0x16cdx5,_0x16cdx6){var _0x16cdx7=this;_0x16cdx5[_0xdf49[11]]= _0xdf49[10];return _0x16cdx7[_0xdf49[40]](_0x16cdx5,_0x16cdx6)}};_0x16cdx1[_0xdf49[41]]= _0x16cdx3})(window)
一个js代码的解密并不难,难得是搞明白这些乱七八糟的是什么加密,难的是对那些进行了代码混淆使得可读性极差的代码的整理与翻译!
很明显,上面这个代码进行了混淆!0xdf49这类变量名搞得像蓝屏代码错误号,吓死人,一般人没认真看还真搞不明白这是些什么东西。
首先我们搜索“_0xdf49”,可以发现存在很多个这种变量。
我们将其命名为strone,全部替换之。_0xdf49x2,_0xdf49x3,_0xdf49x4,_0xdf49x5,_0xdf49x6,_0xdf49x7全是这些变量,可以跟随个人喜欢,换成喜欢的变量名。下面的就是混淆,使得不容易阅读代码。
_0xdf49的值才是加密的重点。有经验的程序员应当一眼就可以看出,这是我标题里面所说的Javascript x 16进制加密。这个解密非常简单,网上方法很多,直接用document.write就可以写出明文。代码如下。
var _0xc828=["x63x6Cx61x73x73x4Ex61x6Dx65","x61x63x74x69x76x65","x69x64","x70x61x72x65x6Ex74x4Ex6Fx64x65","x6Cx69","x67x65x74x45x6Cx65x6Dx65x6Ex74x73x42x79x54x61x67x4Ex61x6Dx65","x67x65x74x45x6Cx65x6Dx65x6Ex74x42x79x49x64","x6Cx65x6Ex67x74x68","x64x69x73x70x6Cx61x79","x73x74x79x6Cx65","x43","x62x6Cx6Fx63x6B","x6Ex6Fx72x6Dx61x6C","x6Ex6Fx6Ex65","x68x65x69x67x68x74","x73x63x72x6Fx6Cx6Cx54x6Fx70","x73x68x6Fx77","x23x67x6Fx74x6Fx70","x68x69x64x65","x63x6Cx69x63x6B","x63x6Fx64x65x5Fx68x6Fx76x65x72","x61x74x74x72","x23x63x6Fx64x65x5Fx69x6Dx67","x63x6Fx64x65","x68x6Fx76x65x72","x23x63x6Fx64x65","x72x65x61x64x79","x73x63x72x6Fx6Cx6C","x64x6Fx6Dx61x69x6E","x68x6Fx68x75x61x6Ex2Ex63x6Fx6D","x69x6Ex64x65x78x4Fx66","x31x32x37x2Ex30x2Ex30x2Ex31","x6Cx6Fx63x61x6Cx68x6Fx73x74","u8BE5u6A21u677Fu5C1Au672Au6388u6743u6B64u7AD9u4F7Fu7528x2Cu8BF7u8D2Du4E70u6388u6743","x68x72x65x66","x68x74x74x70x3Ax2Fx2Fx77x77x77x2Ex78x69x75x7Ax68x61x6Ex77x61x6Ex67x2Ex63x6Fx6D"]; for(i=0;i<_0xc828.length;i++){ document.write(i+"="+_0xc828[i]+""); }
把上面的代码放在html的之间运行就可以解密了,解密结果如下
0=className1=active2=id3=parentNode4=li5=getElementsByTagName6=getElementById7=length8=display9=style10=C11=block12=normal13=none14=height15=scrollTop16=show17=#gotop18=hide19=click20=code_hover21=attr22=#code_img23=code24=hover25=#code26=ready27=scroll28=domain29=hohuan.com30=indexOf31=127.0.0.132=localhost33=该模板尚未授权此站使用,请购买授权34=href
作为解密来说,http://tool.lu/js的功能非常强大。将所有的代码放到对话框,即可解密全文。
解密后明码如下
var _0xdf49 = ["use strict", "prototype", "", "<i class="aui-iconfont aui-icon-correct"></i>", "success", "<i class="aui-iconfont aui-icon-close"></i>", "fail", "html", "custom", "<div class="aui-toast-loading"></div>", "loading", "type", "title", "<div class="aui-toast-content">", "</div>", "<div class="aui-toast">", ".aui-toast", "querySelector", "beforeend", "insertAdjacentHTML", "body", "duration", "2000", "show", "hide", "display", "style", "block", "marginTop", "-", "offsetHeight", "round", "px", "removeChild", "parentNode", ".aui-dialog", ".aui-mask", "aui-mask-out", "remove", "classList", "create", "auiToast"]; (function(_0x16cdx1, _0x16cdx2) { _0xdf49[0]; var _0x16cdx3 = function() {}; var _0x16cdx4 = false; _0x16cdx3[_0xdf49[1]] = { create: function(_0x16cdx5, _0x16cdx6) { var _0x16cdx7 = this; var _0x16cdx8 = _0xdf49[2]; switch (_0x16cdx5[_0xdf49[11]]) { case _0xdf49[4]: var _0x16cdx9 = _0xdf49[3]; break; case _0xdf49[6]: var _0x16cdx9 = _0xdf49[5]; break; case _0xdf49[8]: var _0x16cdx9 = _0x16cdx5[_0xdf49[7]]; break; case _0xdf49[10]: var _0x16cdx9 = _0xdf49[9]; break }; var _0x16cdxa = _0x16cdx5[_0xdf49[12]] ? _0xdf49[13] + _0x16cdx5[_0xdf49[12]] + _0xdf49[14] : _0xdf49[2]; _0x16cdx8 = _0xdf49[15] + _0x16cdx9 + _0x16cdxa + _0xdf49[14]; if (document[_0xdf49[17]](_0xdf49[16])) { return }; document[_0xdf49[20]][_0xdf49[19]](_0xdf49[18], _0x16cdx8); var _0x16cdxb = _0x16cdx5[_0xdf49[21]] ? _0x16cdx5[_0xdf49[21]] : _0xdf49[22]; _0x16cdx7[_0xdf49[23]](); if (_0x16cdx5[_0xdf49[11]] == _0xdf49[10]) { if (_0x16cdx6) { _0x16cdx6({ status: _0xdf49[4] }) } } else { setTimeout(function() { _0x16cdx7[_0xdf49[24]]() }, _0x16cdxb) } }, show: function() { var _0x16cdx7 = this; document[_0xdf49[17]](_0xdf49[16])[_0xdf49[26]][_0xdf49[25]] = _0xdf49[27]; document[_0xdf49[17]](_0xdf49[16])[_0xdf49[26]][_0xdf49[28]] = _0xdf49[29] + Math[_0xdf49[31]](document[_0xdf49[17]](_0xdf49[16])[_0xdf49[30]] / 2) + _0xdf49[32]; if (document[_0xdf49[17]](_0xdf49[16])) { return } }, hide: function() { var _0x16cdx7 = this; if (document[_0xdf49[17]](_0xdf49[16])) { document[_0xdf49[17]](_0xdf49[16])[_0xdf49[34]][_0xdf49[33]](document[_0xdf49[17]](_0xdf49[16])) } }, remove: function() { if (document[_0xdf49[17]](_0xdf49[35])) { document[_0xdf49[17]](_0xdf49[35])[_0xdf49[34]][_0xdf49[33]](document[_0xdf49[17]](_0xdf49[35])) }; if (document[_0xdf49[17]](_0xdf49[36])) { document[_0xdf49[17]](_0xdf49[36])[_0xdf49[39]][_0xdf49[38]](_0xdf49[37]) }; return true }, success: function(_0x16cdx5, _0x16cdx6) { var _0x16cdx7 = this; _0x16cdx5[_0xdf49[11]] = _0xdf49[4]; return _0x16cdx7[_0xdf49[40]](_0x16cdx5, _0x16cdx6) }, fail: function(_0x16cdx5, _0x16cdx6) { var _0x16cdx7 = this; _0x16cdx5[_0xdf49[11]] = _0xdf49[6]; return _0x16cdx7[_0xdf49[40]](_0x16cdx5, _0x16cdx6) }, custom: function(_0x16cdx5, _0x16cdx6) { var _0x16cdx7 = this; _0x16cdx5[_0xdf49[11]] = _0xdf49[8]; return _0x16cdx7[_0xdf49[40]](_0x16cdx5, _0x16cdx6) }, loading: function(_0x16cdx5, _0x16cdx6) { var _0x16cdx7 = this; _0x16cdx5[_0xdf49[11]] = _0xdf49[10]; return _0x16cdx7[_0xdf49[40]](_0x16cdx5, _0x16cdx6) } }; _0x16cdx1[_0xdf49[41]] = _0x16cdx3 })(window)
这个解密和上面的html解密一样。”你js真的很diaome?来试试,大气哦”,不同的是他将那些原来链接到一起,堆砌成一句话的js代码进行了结构整理,使得结构清晰,很容易看懂,但是如果使用您自己的代码混淆,你也看不出来吧?
可以看到解密出来的结果中有网址和提示,因为他涉及到一些网站需要的js切换代码,所以不能完全删除这个js文件,如果我们把这些内容替换成我们自己的内容,再加密放回去,会不会很爽?
就像前面说的,搞明白了是什么加密,就可以进行加密与反加密。
仔细查看_0x16cd变量,会发现他是由很多双引号括起来的多个值的一个字串,熟悉的知道这是x 16进制加密,他的加解密代码如下
<script type="text/javascript">// <![CDATA[ function JavaDe(){ var monyer = new Array(); var s = document.getElementById('code').value.split("\"); for (i = 1; i < s.length; i++){ s[i] = s[i].replace('x', ''); monyer += String.fromCharCode(parseInt(s[i], 16)) } document.getElementById('code').value = monyer; } function JavaEn(){ var txt=document.getElementById("code"); var hex=document.getElementById("true"); var monyer = new Array();var i,s; for(i=0;i<txt.value.length;i++){ s=txt.value.charCodeAt(i).toString(16); if(hex.checked){ monyer+="\x"+s; }else{ monyer+=new Array(5-String(s).length).join("0")+s; } } txt.value=monyer; } // ]]></script><textarea id="code" cols="50" rows="10">x65x76x61x6c</textarea><input id="true" checked="checked" type="checkbox" />是否启用x加密 <input type="button" value="16进制解密"x"" /><input type="button" value="16进制加密" />
在线的可以到魔酷阁http://www.mokuge.com/tool/js_x16/这里来进行加解密。
这段代码猛看上去大部分都是x 16进制加密,其实在里面明显还有一段代码他是不同的。
u8BE5u6A21u677Fu5C1Au672Au6388u6743u6B64u7AD9u4F7Fu7528x2Cu8BF7u8D2Du4E70u6388u6743
这个是unicode对中文的加密,在线的可以在站长助手http://tool.chinaz.com/tools/unicode.aspx
换成自己想要的东东,替换回去,就可以弄成我们想要的效果了。
评论前必须登录!
注册