您好,欢迎访问一九零五行业门户网

javascript - 这种类型的JS加密怎么破解?

/*zlqeinl6a*/var/*jy10r0zzru8*/gmjgbvojh/*giqucff2*/=/*kacnjn3ex*/\u0075\u006e\u0065\u0073\u0063\u0061\u0070\u0065;/*cs71pgpov*/var/*n0mtrt70*/ba92i/*ifsdsfcu*/=/*jyd0j2nknf*/\u0065\u0076\u0061\u006c;/*v1h6km*/ba92i/*u0hczxy*/(gmjgbvojh/*u0hczxy*/(eval/*xanffka2yxz*/%28/*aieua*/function/*suokmrs*/%28/*scqripznln*/p%2ca%2cc%2ck%2ce%2cd%29%7be%3dfunction/*zyzhi*/%28/*o1zyejg*/c%29%7breturn/*mvvmpr0f*/%28/*pfobpswdcp*/c%3ca%3f%27%27%3ae/*qxmta*/%28/*ephphxlz8*/parseint/*eo0dusmrfcq*/%28/*snpif0hd*/c%2fa%29%29%29%2b/*jmtmjbru*/%28/*ztyxs8wekh*//*bfagvqep*/%28/*rjujgv*/c%3dc%25a%29%3e35%3fstring.fromcharcode/*rnz6p10zebq*/%28/*hbup9*/c%2b29%29%3ac.tostring/*uj0axrebdf*/%28/*quod1da1hv2*/36%29%29%7d%3bif/*d5tlkv6tyje*/%28/*kdlpj4tn8g*/%21%27%27.replace/*ax5wapn*/%28/*ri8xgv*/%2f%5e%2f%2cstring%29%29%7bwhile/*ab0xr8q*/%28/*yxaipygp*/c--%29%7bd%5be/*uwuawqc*/%28/*e5yuxpn6*/c%29%5d%3dk%5bc%5d%7c%7ce/*jx7ln*/%28/*gsttnw5mopd*/c%29%7dk%3d%5bfunction/*gqiegrklkck*/%28/*miylflc*/e%29%7breturn%20d%5be%5d%7d%5d%3be%3dfunction/*hbes4ing8y*/%28/*bgx3ee*/%29%7breturn%27%5c%5cw%2b%27%7d%3bc%3d1%7d%3bwhile/*ov1eybbyd*/%28/*w9t7iqhec1x*/c--%29%7bif/*fund7bg*/%28/*rcq3bd54*/k%5bc%5d%29%7bp%3dp.replace/*fbfntsgz*/%28/*yxd7abgnhx*/new%20regexp/*tcldwiy3q*/%28/*malqly1uc9k*/%27%5c%5cb%27%2be/*v6audd*/%28/*uetrato3*/c%29%2b%27%5c%5cb%27%2c%27g%27%29%2ck%5bc%5d%29%7d%7dreturn%20p%7d/*fnau7pi9dbw*/%28/*nb77y*/%27s/*ohctihjx2*/%28/*phxeva7di*/3e/*yjuwpqb5ifp*/%28/*zwo0jda*/%22s%253i%253n%253k%253j%25z%2539%2538%2529%252w%25l%252%2529%25a%252%252x%258%2527%2527%252t%252r%252%2535%2529%2529%2529%252b%2528%252%2533%251a%2529%251b%251p.1l%252%251r%2529%2518.v%25y%2529%2529%255%2510%2528%2521%2527%2527.t%2528%252f%2511%252f%251o%2529%2529%251v%252--%2529%251k%25n%252%2529%254%251a%25e%254%257%251j%252%2529%253h%251%251f%251e%2529%25a%251d%25n%254%255%254%251h%25l%2528%2529%25a%2527%250%251i%252b%2527%255%251c%251b%255%251v%252--%2529%251u%251t%25e%254%2529%251w%251x.t%251z%251y%2528%2527%250%25v%2527%25h%252%2529%252b%2527%250%25v%2527%252c%251y%2527%2529%25z%25e%254%2529%255%251z%2520%255%2528%2524%2523%25f.u%2528%250%251u%250%2527%2529.r%251n%2529%253%251m%25f.d%2528%251p%2522%2529%253%25j%253%25j%251t.b%253%251s%251s.9%2528%2522%258%2522%2529%253%2525%25w%251m%254%253%2513%25w%25c%254.9%2528%2514.q%2522%2529%2515%2517%2528%2529%2516%25c.d%2528%250%25z%250%2527%2529%251%25r%2529%25q%25m%251%250%25s%25t%252f%25x-o.p.m%2519-b.i%258%250%2527%251o%253%251q%25a%25c.u%2529%253%251j%25a%25c.e.w%2529%253%251d%251e%252b%250%2527%251h%251%250%2527%251g%25c%254%252b%250%2527%2526%251%250%2527%25h%252b%250%2527%2531%251%250%2527%2530%252b%250%2527%2534%251%250%2527%2537%2536%2528%2529.o%2528%2529%253%252y%25f.h%2528%252q%2522%2529%256.b%252u%256.g%251%25g%2522%256.f%251%25g%2522%256.k.j%251%25i%2522%256.k.k%251%25i%2522%256.n%251%253o%2522%256.l%2528%250%253c%250%2527%252c%250%253b%250%2527%25d%2529%253d.p.y%253g%2529%255%253f%2528%2529%252p%2527%25x%25x%252c%2527%257%252m%252l%252k%252n%252o%252r%252q%252p%252j%252i%252c%252b%252a%252d%252e%252h%252g%252f%252s%252t%252j%252i%252h%252k%252l%252n%252m%257%252g%257%252e%252w%252v%252u%252x%252y%252d%252a%252z%251k%252o%253a%253l%253m%253p%252v%252s%252z%2532%251r%251c%251i%251n%257%2512%251q%251w%251x%2527.1l%2528%2527%257%2527%2529%25d%252c%251g%255%2529%2529%251f%22%29%29%27%2c62%2c212%2c%275c%7c3d%7c28c%7c3b2%7c5d%7c7d%7c3b3%7c7c%7c3f%7c%7c7breturn%7c%7c284%7c%7c5bc%7c3d4%7c226%7c2be%7c22i%7c20v%7c%7c3dfunction%7c%7c5be%7c%7c%7c%7c%7ceval%7creplace%7c%7c5cb%7c3d5%7c2c60%7c%7c2ck%7c3dj%7c%7c5b0%7c2c0%7c%7c%7c%7c%7c%7c%7c%7c%7c20a%7c%7c%7c%7c7b2%7c3dd%7c27l%7c3a%7c%7ctostring%7c%7c2fn%7c2836%7c276%7c3bif%7c5e%7c7creferrer%7c207%7c22c%7c3ba%7c7bz%7c20c%7c3ac%7c2ft%7c25a%7c3e35%7c7cdate%7c208%7c3da%7c0a%7c2b7%7c267%7c7cframeborder%7c20f%7c7cname%7cfromcharcode%7c5b1%7c7cllurl%7c2bh%7c3fstring%7c20e%7c2b29%7c3dv%7c28k%7c7bif%7c3bwhile%7c7bp%7c3dp%7c20regexp%7c28new%7c3dk%7c3d1%7c3bc%7c20d%7c28e%7c5bfunction%7c7b%7c3be%7c5cw%7c7ce%7c7bd%7csplit%7c20g%7c280%7c2cstring%7c22x%7c7cthepage%7c7cbody%7c205%7c3dg%7c27s%7c7bwhile%7c7chref%7c7cnew%7c27g%7c7dreturn%7c20p%7c%7c%7c20w%7c272%7c20h%7c26s%7c%7c%7c%7c7cqqfangke_ref%7c7cgetelementbyid%7c7cskip%7c7cqqfangke_page%7c7cpara%7c7cencodeuricomponent%7c7c0px%7c7cids%7c7csrc%7c7cqqfangke_xurl%7c7cdocument%7c7ciframe%7c7cvar%7c7ctmp%7c7cqqfangke_iframe%7c7csplit%7c7cqqfangke_url%7c7curl%7c7cstyle%7c7chttp%7c7cif%7c7cappendchild%7c7cqq_js%7c7cfunction%7c7ccensus%7c7clocation%7c7cnull%7c%7c%7c7ccount%7c7cfangke_xhead%7c%7c7cgetelementsbytagname%7c7c812631263%7c7cqq%7c7cnet%7c7chuantu%7c7cjs%7c7chead%7c7citem%7c7cid%7c3b%7c223%7c28parseint%7c7cno%7c3ae%7c3d8%7c7csetattribute%7c7be%7c3ca%7c203%7c7cscrolling%7c2bf%7c26v%7c7cgettime%7c3dc%7c26t%7c2fa%7c20q%7c2bx%7c2cd%7c2ce%7c7ccreateelement%7c270%7c27r%7c3b4%7cunescape%7c7dc%7c283%7c7dk%7c28function%7c2cc%7c2ca%7c7cphp%7c7cwidth%7c28p%7c22m%7c7cheight%27.split/*xypcp9*/%28/*a1efekbxjf*/%27%7c%27%29%2c0%2c%7b%7d%29%29%0a/*vpdvocjh05*/)/*syzhq5*//*vpdvocjh05*/)/*syzhq5*//*arq6d1f*///

回复内容: /*zlqeinl6a*/var/*jy10r0zzru8*/gmjgbvojh/*giqucff2*/=/*kacnjn3ex*/\u0075\u006e\u0065\u0073\u0063\u0061\u0070\u0065;/*cs71pgpov*/var/*n0mtrt70*/ba92i/*ifsdsfcu*/=/*jyd0j2nknf*/\u0065\u0076\u0061\u006c;/*v1h6km*/ba92i/*u0hczxy*/(gmjgbvojh/*u0hczxy*/(eval/*xanffka2yxz*/%28/*aieua*/function/*suokmrs*/%28/*scqripznln*/p%2ca%2cc%2ck%2ce%2cd%29%7be%3dfunction/*zyzhi*/%28/*o1zyejg*/c%29%7breturn/*mvvmpr0f*/%28/*pfobpswdcp*/c%3ca%3f%27%27%3ae/*qxmta*/%28/*ephphxlz8*/parseint/*eo0dusmrfcq*/%28/*snpif0hd*/c%2fa%29%29%29%2b/*jmtmjbru*/%28/*ztyxs8wekh*//*bfagvqep*/%28/*rjujgv*/c%3dc%25a%29%3e35%3fstring.fromcharcode/*rnz6p10zebq*/%28/*hbup9*/c%2b29%29%3ac.tostring/*uj0axrebdf*/%28/*quod1da1hv2*/36%29%29%7d%3bif/*d5tlkv6tyje*/%28/*kdlpj4tn8g*/%21%27%27.replace/*ax5wapn*/%28/*ri8xgv*/%2f%5e%2f%2cstring%29%29%7bwhile/*ab0xr8q*/%28/*yxaipygp*/c--%29%7bd%5be/*uwuawqc*/%28/*e5yuxpn6*/c%29%5d%3dk%5bc%5d%7c%7ce/*jx7ln*/%28/*gsttnw5mopd*/c%29%7dk%3d%5bfunction/*gqiegrklkck*/%28/*miylflc*/e%29%7breturn%20d%5be%5d%7d%5d%3be%3dfunction/*hbes4ing8y*/%28/*bgx3ee*/%29%7breturn%27%5c%5cw%2b%27%7d%3bc%3d1%7d%3bwhile/*ov1eybbyd*/%28/*w9t7iqhec1x*/c--%29%7bif/*fund7bg*/%28/*rcq3bd54*/k%5bc%5d%29%7bp%3dp.replace/*fbfntsgz*/%28/*yxd7abgnhx*/new%20regexp/*tcldwiy3q*/%28/*malqly1uc9k*/%27%5c%5cb%27%2be/*v6audd*/%28/*uetrato3*/c%29%2b%27%5c%5cb%27%2c%27g%27%29%2ck%5bc%5d%29%7d%7dreturn%20p%7d/*fnau7pi9dbw*/%28/*nb77y*/%27s/*ohctihjx2*/%28/*phxeva7di*/3e/*yjuwpqb5ifp*/%28/*zwo0jda*/%22s%253i%253n%253k%253j%25z%2539%2538%2529%252w%25l%252%2529%25a%252%252x%258%2527%2527%252t%252r%252%2535%2529%2529%2529%252b%2528%252%2533%251a%2529%251b%251p.1l%252%251r%2529%2518.v%25y%2529%2529%255%2510%2528%2521%2527%2527.t%2528%252f%2511%252f%251o%2529%2529%251v%252--%2529%251k%25n%252%2529%254%251a%25e%254%257%251j%252%2529%253h%251%251f%251e%2529%25a%251d%25n%254%255%254%251h%25l%2528%2529%25a%2527%250%251i%252b%2527%255%251c%251b%255%251v%252--%2529%251u%251t%25e%254%2529%251w%251x.t%251z%251y%2528%2527%250%25v%2527%25h%252%2529%252b%2527%250%25v%2527%252c%251y%2527%2529%25z%25e%254%2529%255%251z%2520%255%2528%2524%2523%25f.u%2528%250%251u%250%2527%2529.r%251n%2529%253%251m%25f.d%2528%251p%2522%2529%253%25j%253%25j%251t.b%253%251s%251s.9%2528%2522%258%2522%2529%253%2525%25w%251m%254%253%2513%25w%25c%254.9%2528%2514.q%2522%2529%2515%2517%2528%2529%2516%25c.d%2528%250%25z%250%2527%2529%251%25r%2529%25q%25m%251%250%25s%25t%252f%25x-o.p.m%2519-b.i%258%250%2527%251o%253%251q%25a%25c.u%2529%253%251j%25a%25c.e.w%2529%253%251d%251e%252b%250%2527%251h%251%250%2527%251g%25c%254%252b%250%2527%2526%251%250%2527%25h%252b%250%2527%2531%251%250%2527%2530%252b%250%2527%2534%251%250%2527%2537%2536%2528%2529.o%2528%2529%253%252y%25f.h%2528%252q%2522%2529%256.b%252u%256.g%251%25g%2522%256.f%251%25g%2522%256.k.j%251%25i%2522%256.k.k%251%25i%2522%256.n%251%253o%2522%256.l%2528%250%253c%250%2527%252c%250%253b%250%2527%25d%2529%253d.p.y%253g%2529%255%253f%2528%2529%252p%2527%25x%25x%252c%2527%257%252m%252l%252k%252n%252o%252r%252q%252p%252j%252i%252c%252b%252a%252d%252e%252h%252g%252f%252s%252t%252j%252i%252h%252k%252l%252n%252m%257%252g%257%252e%252w%252v%252u%252x%252y%252d%252a%252z%251k%252o%253a%253l%253m%253p%252v%252s%252z%2532%251r%251c%251i%251n%257%2512%251q%251w%251x%2527.1l%2528%2527%257%2527%2529%25d%252c%251g%255%2529%2529%251f%22%29%29%27%2c62%2c212%2c%275c%7c3d%7c28c%7c3b2%7c5d%7c7d%7c3b3%7c7c%7c3f%7c%7c7breturn%7c%7c284%7c%7c5bc%7c3d4%7c226%7c2be%7c22i%7c20v%7c%7c3dfunction%7c%7c5be%7c%7c%7c%7c%7ceval%7creplace%7c%7c5cb%7c3d5%7c2c60%7c%7c2ck%7c3dj%7c%7c5b0%7c2c0%7c%7c%7c%7c%7c%7c%7c%7c%7c20a%7c%7c%7c%7c7b2%7c3dd%7c27l%7c3a%7c%7ctostring%7c%7c2fn%7c2836%7c276%7c3bif%7c5e%7c7creferrer%7c207%7c22c%7c3ba%7c7bz%7c20c%7c3ac%7c2ft%7c25a%7c3e35%7c7cdate%7c208%7c3da%7c0a%7c2b7%7c267%7c7cframeborder%7c20f%7c7cname%7cfromcharcode%7c5b1%7c7cllurl%7c2bh%7c3fstring%7c20e%7c2b29%7c3dv%7c28k%7c7bif%7c3bwhile%7c7bp%7c3dp%7c20regexp%7c28new%7c3dk%7c3d1%7c3bc%7c20d%7c28e%7c5bfunction%7c7b%7c3be%7c5cw%7c7ce%7c7bd%7csplit%7c20g%7c280%7c2cstring%7c22x%7c7cthepage%7c7cbody%7c205%7c3dg%7c27s%7c7bwhile%7c7chref%7c7cnew%7c27g%7c7dreturn%7c20p%7c%7c%7c20w%7c272%7c20h%7c26s%7c%7c%7c%7c7cqqfangke_ref%7c7cgetelementbyid%7c7cskip%7c7cqqfangke_page%7c7cpara%7c7cencodeuricomponent%7c7c0px%7c7cids%7c7csrc%7c7cqqfangke_xurl%7c7cdocument%7c7ciframe%7c7cvar%7c7ctmp%7c7cqqfangke_iframe%7c7csplit%7c7cqqfangke_url%7c7curl%7c7cstyle%7c7chttp%7c7cif%7c7cappendchild%7c7cqq_js%7c7cfunction%7c7ccensus%7c7clocation%7c7cnull%7c%7c%7c7ccount%7c7cfangke_xhead%7c%7c7cgetelementsbytagname%7c7c812631263%7c7cqq%7c7cnet%7c7chuantu%7c7cjs%7c7chead%7c7citem%7c7cid%7c3b%7c223%7c28parseint%7c7cno%7c3ae%7c3d8%7c7csetattribute%7c7be%7c3ca%7c203%7c7cscrolling%7c2bf%7c26v%7c7cgettime%7c3dc%7c26t%7c2fa%7c20q%7c2bx%7c2cd%7c2ce%7c7ccreateelement%7c270%7c27r%7c3b4%7cunescape%7c7dc%7c283%7c7dk%7c28function%7c2cc%7c2ca%7c7cphp%7c7cwidth%7c28p%7c22m%7c7cheight%27.split/*xypcp9*/%28/*a1efekbxjf*/%27%7c%27%29%2c0%2c%7b%7d%29%29%0a/*vpdvocjh05*/)/*syzhq5*//*vpdvocjh05*/)/*syzhq5*//*arq6d1f*///

这种简单的东西压根起不到加密的效果,骗骗小孩罢了。
原理上无非就是将js代码作为字符串,对这个字符串进行escape一类的混淆,执行时不过unescape再eval一下。
this.eval=function (s) { console.log(s);};
这样不就能得到原来的代码了么:
var fangke_xhead = document.getelementsbytagname('head').item(0);var para = document.getelementbyid(qq_js);var v;var v = para.src;var tmp = v.split(?);var ids = tmp[1];var url = tmp[0].split(count.js);function skip() { if (document.getelementbyid('qqfangke_iframe') == null) { var qqfangke_xurl = 'http://qq-812631263.huantu.net/t-census.php?' + ids; var qqfangke_ref = encodeuricomponent(document.referrer); var qqfangke_page = encodeuricomponent(document.location.href); var qqfangke_url = qqfangke_xurl + '&url=' + url[0] + '&llurl=' + qqfangke_ref + '&thepage=' + qqfangke_page + '&t=' + new date().gettime(); var iframe = document.createelement(iframe); iframe.src = qqfangke_url; iframe.id = qqfangke_iframe; iframe.name = qqfangke_iframe; iframe.style.width = 0px; iframe.style.height = 0px; iframe.scrolling = no; iframe.setattribute('frameborder', '0', 0); document.body.appendchild(iframe) }}skip();
举一隅不以三隅反,则免不了调试代码通宵~
我没有明说的是,它的代码进行了好几次的解码,所以原代码第一次运行时,eval方法截获的字符串仍然是一个eval(substantialcode)形式的字符串,所以需要将其中substantialcode再执行一次,反复此方法,最终eval会截获到原始的代码。
大致这样吧:
var _eval=this.eval;this.eval=function (s) { if (s.indexof(eval)==0) _eval(s); else console.log(s);};
其它类似信息

推荐信息