一段鬼畜风格的JavaScript解密
在CSDN上看到有人提问一段JS怎么解密,虽然已经是四年前的问题了,还是解一下。
原问题地址: 这段JS怎样解密? [问题点数:40分,结帖人seo2014]
这是楼主发出的原JS:
/*ZlQEInL6A*/var/*jY10R0zzRU8*/GmjGBvOJh/*giquCfF2*/=/*kACnJn3eX*/\u0075\u006e\u0065\u0073\u0063\u0061\u0070\u0065;/*CS71pgPOv*/var/*n0MtRt70*/bA92i/*ifSDSFcU*/=/*jyd0J2NKNf*/\u0065\u0076\u0061\u006c;/*v1h6km*/bA92i/*u0HCZxy*/(GmjGBvOJh/*u0HCZxy*/("eval/*Xanffka2Yxz*/%28/*AiEUa*/function/*SUOKMrs*/%28/*scqripznLN*/p%2Ca%2Cc%2Ck%2Ce%2Cd%29%7Be%3Dfunction/*ZYzhI*/%28/*o1zyEjG*/c%29%7Breturn/*MvvMpr0F*/%28/*pFoBpswdCP*/c%3Ca%3F%27%27%3Ae/*QXMTA*/%28/*EPhPHxLz8*/parseInt/*eO0duSMRFCq*/%28/*snpIf0HD*/c%2Fa%29%29%29%2B/*JMtMJBRu*/%28/*zTYxS8WEKH*//*bfaGvQEp*/%28/*rJujGv*/c%3Dc%25a%29%3E35%3FString.fromCharCode/*Rnz6P10zEBq*/%28/*HBUp9*/c%2B29%29%3Ac.toString/*UJ0aXrebdf*/%28/*qUoD1DA1hv2*/36%29%29%7D%3Bif/*d5tlkv6tyjE*/%28/*kDlpJ4Tn8G*/%21%27%27.replace/*Ax5WApn*/%28/*RI8xgV*/%2F%5E%2F%2CString%29%29%7Bwhile/*Ab0Xr8q*/%28/*YXaipYGP*/c--%29%7Bd%5Be/*UWUawqC*/%28/*e5yuxpN6*/c%29%5D%3Dk%5Bc%5D%7C%7Ce/*jX7Ln*/%28/*GStTNW5moPd*/c%29%7Dk%3D%5Bfunction/*gQieGRklkcK*/%28/*mIylFLc*/e%29%7Breturn%20d%5Be%5D%7D%5D%3Be%3Dfunction/*hbES4ing8Y*/%28/*Bgx3eE*/%29%7Breturn%27%5C%5Cw%2B%27%7D%3Bc%3D1%7D%3Bwhile/*ov1eYBByD*/%28/*W9T7IQHec1x*/c--%29%7Bif/*FunD7BG*/%28/*rcq3BD54*/k%5Bc%5D%29%7Bp%3Dp.replace/*FBfnTsGZ*/%28/*yXd7AbgnhX*/new%20RegExp/*TcldWiY3q*/%28/*MAlqLy1UC9k*/%27%5C%5Cb%27%2Be/*V6AudD*/%28/*UEtRAtO3*/c%29%2B%27%5C%5Cb%27%2C%27g%27%29%2Ck%5Bc%5D%29%7D%7Dreturn%20p%7D/*fnAU7pi9DBw*/%28/*Nb77y*/%27s/*ohCTiHJX2*/%28/*PhxEVA7DI*/3e/*yJUwpqB5iFp*/%28/*zWo0jda*/%22s%253i%253n%253k%253j%25z%2539%2538%2529%252W%25l%252%2529%25a%252%252X%258%2527%2527%252T%252R%252%2535%2529%2529%2529%252B%2528%252%2533%251a%2529%251b%251p.1l%252%251r%2529%2518.V%25Y%2529%2529%255%2510%2528%2521%2527%2527.t%2528%252F%2511%252F%251O%2529%2529%251V%252--%2529%251K%25n%252%2529%254%251A%25e%254%257%251J%252%2529%253h%251%251F%251E%2529%25a%251D%25n%254%255%254%251H%25l%2528%2529%25a%2527%250%251I%252B%2527%255%251C%251B%255%251v%252--%2529%251u%251t%25e%254%2529%251w%251x.t%251z%251y%2528%2527%250%25v%2527%25h%252%2529%252B%2527%250%25v%2527%252C%251Y%2527%2529%25z%25e%254%2529%255%251Z%2520%255%2528%2524%2523%25f.u%2528%250%251U%250%2527%2529.r%251N%2529%253%251M%25f.d%2528%251P%2522%2529%253%25j%253%25j%251T.b%253%251S%251s.9%2528%2522%258%2522%2529%253%2525%25w%251m%254%253%2513%25w%25C%254.9%2528%2514.q%2522%2529%2515%2517%2528%2529%2516%25c.d%2528%250%25Z%250%2527%2529%251%25R%2529%25Q%25M%251%250%25S%25T%252F%25X-o.p.m%2519-B.I%258%250%2527%251o%253%251q%25A%25c.U%2529%253%251j%25A%25c.E.W%2529%253%251d%251e%252B%250%2527%251h%251%250%2527%251g%25C%254%252B%250%2527%2526%251%250%2527%25h%252B%250%2527%2531%251%250%2527%2530%252B%250%2527%2534%251%250%2527%2537%2536%2528%2529.O%2528%2529%253%252Y%25f.H%2528%252Q%2522%2529%256.b%252U%256.G%251%25g%2522%256.F%251%25g%2522%256.k.J%251%25i%2522%256.k.K%251%25i%2522%256.N%251%253o%2522%256.L%2528%250%253c%250%2527%252C%250%253b%250%2527%25D%2529%253d.P.y%253g%2529%255%253f%2528%2529%252P%2527%25x%25x%252C%2527%257%252m%252l%252k%252n%252o%252r%252q%252p%252j%252i%252c%252b%252a%252d%252e%252h%252g%252f%252s%252t%252J%252I%252H%252K%252L%252N%252M%257%252G%257%252E%252w%252v%252u%252x%252y%252D%252A%252z%251k%252O%253a%253l%253m%253p%252V%252S%252Z%2532%251R%251c%251i%251n%257%2512%251Q%251W%251X%2527.1L%2528%2527%257%2527%2529%25D%252C%251G%255%2529%2529%251f%22%29%29%27%2C62%2C212%2C%275C%7C3D%7C28c%7C3B2%7C5D%7C7D%7C3B3%7C7C%7C3F%7C%7C7Breturn%7C%7C284%7C%7C5Bc%7C3D4%7C226%7C2Be%7C22i%7C20v%7C%7C3Dfunction%7C%7C5Be%7C%7C%7C%7C%7Ceval%7Creplace%7C%7C5Cb%7C3D5%7C2C60%7C%7C2Ck%7C3Dj%7C%7C5B0%7C2C0%7C%7C%7C%7C%7C%7C%7C%7C%7C20a%7C%7C%7C%7C7B2%7C3DD%7C27l%7C3A%7C%7CtoString%7C%7C2Fn%7C2836%7C276%7C3Bif%7C5E%7C7Creferrer%7C207%7C22C%7C3BA%7C7Bz%7C20c%7C3Ac%7C2FT%7C25a%7C3E35%7C7CDate%7C208%7C3Da%7C0A%7C2B7%7C267%7C7Cframeborder%7C20f%7C7Cname%7CfromCharCode%7C5B1%7C7Cllurl%7C2Bh%7C3FString%7C20e%7C2B29%7C3Dv%7C28k%7C7Bif%7C3Bwhile%7C7Bp%7C3Dp%7C20RegExp%7C28new%7C3Dk%7C3D1%7C3Bc%7C20d%7C28e%7C5Bfunction%7C7B%7C3Be%7C5Cw%7C7Ce%7C7Bd%7Csplit%7C20g%7C280%7C2CString%7C22x%7C7Cthepage%7C7Cbody%7C205%7C3Dg%7C27s%7C7Bwhile%7C7Chref%7C7Cnew%7C27g%7C7Dreturn%7C20p%7C%7C%7C20w%7C272%7C20h%7C26S%7C%7C%7C%7C7CQQfangke_ref%7C7CgetElementById%7C7Cskip%7C7CQQfangke_page%7C7Cpara%7C7CencodeURIComponent%7C7C0px%7C7Cids%7C7Csrc%7C7CQQfangke_xurl%7C7Cdocument%7C7Ciframe%7C7Cvar%7C7Ctmp%7C7CQQfangke_iframe%7C7Csplit%7C7CQQfangke_url%7C7Curl%7C7Cstyle%7C7Chttp%7C7Cif%7C7CappendChild%7C7Cqq_js%7C7Cfunction%7C7Ccensus%7C7Clocation%7C7Cnull%7C%7C%7C7CCount%7C7Cfangke_xHead%7C%7C7CgetElementsByTagName%7C7C812631263%7C7Cqq%7C7Cnet%7C7Chuantu%7C7Cjs%7C7CHEAD%7C7Citem%7C7Cid%7C3B%7C223%7C28parseInt%7C7Cno%7C3Ae%7C3D8%7C7CsetAttribute%7C7Be%7C3Ca%7C203%7C7Cscrolling%7C2Bf%7C26V%7C7CgetTime%7C3Dc%7C26t%7C2Fa%7C20Q%7C2BX%7C2Cd%7C2Ce%7C7CcreateElement%7C270%7C27R%7C3B4%7Cunescape%7C7Dc%7C283%7C7Dk%7C28function%7C2Cc%7C2Ca%7C7Cphp%7C7Cwidth%7C28p%7C22M%7C7Cheight%27.split/*xYPCp9*/%28/*A1eFEkbxjF*/%27%7C%27%29%2C0%2C%7B%7D%29%29%0A"/*VPDvoCjH05*/)/*syZhq5*//*VPDvoCjH05*/)/*syZhq5*//*ARQ6D1f*///
格式化一下:
/*ZlQEInL6A*/
var
/*jY10R0zzRU8*/
GmjGBvOJh
/*giquCfF2*/
=
/*kACnJn3eX*/
\u0075\u006e\u0065\u0073\u0063\u0061\u0070\u0065;
/*CS71pgPOv*/
var
/*n0MtRt70*/
bA92i
/*ifSDSFcU*/
=
/*jyd0J2NKNf*/
\u0065\u0076\u0061\u006c;
/*v1h6km*/
bA92i
/*u0HCZxy*/
(GmjGBvOJh
/*u0HCZxy*/
("eval/*Xanffka2Yxz*/%28/*AiEUa*/function/*SUOKMrs*/%28/*scqripznLN*/p%2Ca%2Cc%2Ck%2Ce%2Cd%29%7Be%3Dfunction/*ZYzhI*/%28/*o1zyEjG*/c%29%7Breturn/*MvvMpr0F*/%28/*pFoBpswdCP*/c%3Ca%3F%27%27%3Ae/*QXMTA*/%28/*EPhPHxLz8*/parseInt/*eO0duSMRFCq*/%28/*snpIf0HD*/c%2Fa%29%29%29%2B/*JMtMJBRu*/%28/*zTYxS8WEKH*//*bfaGvQEp*/%28/*rJujGv*/c%3Dc%25a%29%3E35%3FString.fromCharCode/*Rnz6P10zEBq*/%28/*HBUp9*/c%2B29%29%3Ac.toString/*UJ0aXrebdf*/%28/*qUoD1DA1hv2*/36%29%29%7D%3Bif/*d5tlkv6tyjE*/%28/*kDlpJ4Tn8G*/%21%27%27.replace/*Ax5WApn*/%28/*RI8xgV*/%2F%5E%2F%2CString%29%29%7Bwhile/*Ab0Xr8q*/%28/*YXaipYGP*/c--%29%7Bd%5Be/*UWUawqC*/%28/*e5yuxpN6*/c%29%5D%3Dk%5Bc%5D%7C%7Ce/*jX7Ln*/%28/*GStTNW5moPd*/c%29%7Dk%3D%5Bfunction/*gQieGRklkcK*/%28/*mIylFLc*/e%29%7Breturn%20d%5Be%5D%7D%5D%3Be%3Dfunction/*hbES4ing8Y*/%28/*Bgx3eE*/%29%7Breturn%27%5C%5Cw%2B%27%7D%3Bc%3D1%7D%3Bwhile/*ov1eYBByD*/%28/*W9T7IQHec1x*/c--%29%7Bif/*FunD7BG*/%28/*rcq3BD54*/k%5Bc%5D%29%7Bp%3Dp.replace/*FBfnTsGZ*/%28/*yXd7AbgnhX*/new%20RegExp/*TcldWiY3q*/%28/*MAlqLy1UC9k*/%27%5C%5Cb%27%2Be/*V6AudD*/%28/*UEtRAtO3*/c%29%2B%27%5C%5Cb%27%2C%27g%27%29%2Ck%5Bc%5D%29%7D%7Dreturn%20p%7D/*fnAU7pi9DBw*/%28/*Nb77y*/%27s/*ohCTiHJX2*/%28/*PhxEVA7DI*/3e/*yJUwpqB5iFp*/%28/*zWo0jda*/%22s%253i%253n%253k%253j%25z%2539%2538%2529%252W%25l%252%2529%25a%252%252X%258%2527%2527%252T%252R%252%2535%2529%2529%2529%252B%2528%252%2533%251a%2529%251b%251p.1l%252%251r%2529%2518.V%25Y%2529%2529%255%2510%2528%2521%2527%2527.t%2528%252F%2511%252F%251O%2529%2529%251V%252--%2529%251K%25n%252%2529%254%251A%25e%254%257%251J%252%2529%253h%251%251F%251E%2529%25a%251D%25n%254%255%254%251H%25l%2528%2529%25a%2527%250%251I%252B%2527%255%251C%251B%255%251v%252--%2529%251u%251t%25e%254%2529%251w%251x.t%251z%251y%2528%2527%250%25v%2527%25h%252%2529%252B%2527%250%25v%2527%252C%251Y%2527%2529%25z%25e%254%2529%255%251Z%2520%255%2528%2524%2523%25f.u%2528%250%251U%250%2527%2529.r%251N%2529%253%251M%25f.d%2528%251P%2522%2529%253%25j%253%25j%251T.b%253%251S%251s.9%2528%2522%258%2522%2529%253%2525%25w%251m%254%253%2513%25w%25C%254.9%2528%2514.q%2522%2529%2515%2517%2528%2529%2516%25c.d%2528%250%25Z%250%2527%2529%251%25R%2529%25Q%25M%251%250%25S%25T%252F%25X-o.p.m%2519-B.I%258%250%2527%251o%253%251q%25A%25c.U%2529%253%251j%25A%25c.E.W%2529%253%251d%251e%252B%250%2527%251h%251%250%2527%251g%25C%254%252B%250%2527%2526%251%250%2527%25h%252B%250%2527%2531%251%250%2527%2530%252B%250%2527%2534%251%250%2527%2537%2536%2528%2529.O%2528%2529%253%252Y%25f.H%2528%252Q%2522%2529%256.b%252U%256.G%251%25g%2522%256.F%251%25g%2522%256.k.J%251%25i%2522%256.k.K%251%25i%2522%256.N%251%253o%2522%256.L%2528%250%253c%250%2527%252C%250%253b%250%2527%25D%2529%253d.P.y%253g%2529%255%253f%2528%2529%252P%2527%25x%25x%252C%2527%257%252m%252l%252k%252n%252o%252r%252q%252p%252j%252i%252c%252b%252a%252d%252e%252h%252g%252f%252s%252t%252J%252I%252H%252K%252L%252N%252M%257%252G%257%252E%252w%252v%252u%252x%252y%252D%252A%252z%251k%252O%253a%253l%253m%253p%252V%252S%252Z%2532%251R%251c%251i%251n%257%2512%251Q%251W%251X%2527.1L%2528%2527%257%2527%2529%25D%252C%251G%255%2529%2529%251f%22%29%29%27%2C62%2C212%2C%275C%7C3D%7C28c%7C3B2%7C5D%7C7D%7C3B3%7C7C%7C3F%7C%7C7Breturn%7C%7C284%7C%7C5Bc%7C3D4%7C226%7C2Be%7C22i%7C20v%7C%7C3Dfunction%7C%7C5Be%7C%7C%7C%7C%7Ceval%7Creplace%7C%7C5Cb%7C3D5%7C2C60%7C%7C2Ck%7C3Dj%7C%7C5B0%7C2C0%7C%7C%7C%7C%7C%7C%7C%7C%7C20a%7C%7C%7C%7C7B2%7C3DD%7C27l%7C3A%7C%7CtoString%7C%7C2Fn%7C2836%7C276%7C3Bif%7C5E%7C7Creferrer%7C207%7C22C%7C3BA%7C7Bz%7C20c%7C3Ac%7C2FT%7C25a%7C3E35%7C7CDate%7C208%7C3Da%7C0A%7C2B7%7C267%7C7Cframeborder%7C20f%7C7Cname%7CfromCharCode%7C5B1%7C7Cllurl%7C2Bh%7C3FString%7C20e%7C2B29%7C3Dv%7C28k%7C7Bif%7C3Bwhile%7C7Bp%7C3Dp%7C20RegExp%7C28new%7C3Dk%7C3D1%7C3Bc%7C20d%7C28e%7C5Bfunction%7C7B%7C3Be%7C5Cw%7C7Ce%7C7Bd%7Csplit%7C20g%7C280%7C2CString%7C22x%7C7Cthepage%7C7Cbody%7C205%7C3Dg%7C27s%7C7Bwhile%7C7Chref%7C7Cnew%7C27g%7C7Dreturn%7C20p%7C%7C%7C20w%7C272%7C20h%7C26S%7C%7C%7C%7C7CQQfangke_ref%7C7CgetElementById%7C7Cskip%7C7CQQfangke_page%7C7Cpara%7C7CencodeURIComponent%7C7C0px%7C7Cids%7C7Csrc%7C7CQQfangke_xurl%7C7Cdocument%7C7Ciframe%7C7Cvar%7C7Ctmp%7C7CQQfangke_iframe%7C7Csplit%7C7CQQfangke_url%7C7Curl%7C7Cstyle%7C7Chttp%7C7Cif%7C7CappendChild%7C7Cqq_js%7C7Cfunction%7C7Ccensus%7C7Clocation%7C7Cnull%7C%7C%7C7CCount%7C7Cfangke_xHead%7C%7C7CgetElementsByTagName%7C7C812631263%7C7Cqq%7C7Cnet%7C7Chuantu%7C7Cjs%7C7CHEAD%7C7Citem%7C7Cid%7C3B%7C223%7C28parseInt%7C7Cno%7C3Ae%7C3D8%7C7CsetAttribute%7C7Be%7C3Ca%7C203%7C7Cscrolling%7C2Bf%7C26V%7C7CgetTime%7C3Dc%7C26t%7C2Fa%7C20Q%7C2BX%7C2Cd%7C2Ce%7C7CcreateElement%7C270%7C27R%7C3B4%7Cunescape%7C7Dc%7C283%7C7Dk%7C28function%7C2Cc%7C2Ca%7C7Cphp%7C7Cwidth%7C28p%7C22M%7C7Cheight%27.split/*xYPCp9*/%28/*A1eFEkbxjF*/%27%7C%27%29%2C0%2C%7B%7D%29%29%0A"
/*VPDvoCjH05*/
)
/*syZhq5*/
/*VPDvoCjH05*/
)
/*syZhq5*/
/*ARQ6D1f*/
//
看到有不少注释干扰,写个过滤JS注释的方法过滤一下(这一步非必要):
package cc11001100.js; import org.apache.commons.io.FileUtils; import java.io.File;
import java.io.IOException; import static java.nio.charset.StandardCharsets.UTF_8; /**
* 将JS中的注释过滤掉
* <p>
* 可以过滤掉的注释类型:
* 1. 单行注释
* 2. 多行注释
*
* @author CC11001100
*/
public class JsCommentFilter { // 原始JS的内容
private String script;
// 当前下标位置
private int pos;
// 上一个字符是否是转义字符
private boolean lastIsEscape = false;
// 当前下标是否在字符串内
private boolean inString = false;
// 进入字符串的引号类型,出字符串时要匹配入字符串字符
private char inStringQuote = '\0'; private StringBuilder outBuffer; public JsCommentFilter(String script) {
this.script = script;
this.outBuffer = new StringBuilder();
} public String get() {
if (outBuffer.length() == 0) {
filterComment();
}
return outBuffer.toString();
} private void filterComment() {
// 最后一个字符不参与计算,因为一个字符无法构成注释
while (pos < script.length() - 1) {
if (consumeComment()) {
continue;
}
freshFlag();
outBuffer.append(script.charAt(pos));
pos++;
}
if (pos < script.length()) {
outBuffer.append(script.charAt(pos));
}
} /**
* 略过注释
*
* @return boolean, true if consumed some comment else false.
*/
private boolean consumeComment() {
if (lastIsEscape || inString) {
return false;
} boolean isConsumed = false;
String nextTwoChar = script.substring(pos, pos + 2);
// 多行注释
if ("/*".equals(nextTwoChar)) {
pos += 2;
while (pos < script.length() - 1 && !"*/".equals(script.substring(pos, pos + 2))) {
pos++;
}
pos += 2;
isConsumed = true;
} else if ("//".equals(nextTwoChar)) {
// 单行注释
pos += 2;
while (pos < script.length() && script.charAt(pos) != '\n') {
pos++;
}
isConsumed = true;
}
return isConsumed;
} /**
* 刷新各种标志位,因为标志位可能要求有序,所以集中在一处调用
*/
private void freshFlag() {
inQuoteFlag();
escapeFlag();
} /**
* 处理字符串进出标志位
* NOTICE: MUST BEFORE {@link #escapeFlag()}
*/
private void inQuoteFlag() {
if (lastIsEscape) {
return;
}
char c = script.charAt(pos);
if (c != '\'' && c != '\"') {
return;
} if (inString && c == inStringQuote) {
inString = false;
} else if (!inString) {
inString = true;
inStringQuote = c;
}
} /**
* 处理转义标志位
* NOTICE: MUST AFTER {@link #inQuoteFlag()}
*/
private void escapeFlag() {
// 若上一个字符是转义符,则当前字符必然不是,比如\\
if (lastIsEscape) {
lastIsEscape = false;
} else {
lastIsEscape = script.charAt(pos) == '\\';
}
} public static void main(String[] args) throws IOException {
String jsFilePath = "data/foo.js";
String js = FileUtils.readFileToString(new File(jsFilePath), UTF_8);
System.out.println(new JsCommentFilter(js).get());
} }
使用上面的方法过滤JS的注释,然后再整理一下,得到:
var GmjGBvOJh = \u0075\u006e\u0065\u0073\u0063\u0061\u0070\u0065;
var bA92i = \u0065\u0076\u0061\u006c;
bA92i(GmjGBvOJh("eval/*Xanffka2Yxz*/%28/*AiEUa*/function/*SUOKMrs*/%28/*scqripznLN*/p%2Ca%2Cc%2Ck%2Ce%2Cd%29%7Be%3Dfunction/*ZYzhI*/%28/*o1zyEjG*/c%29%7Breturn/*MvvMpr0F*/%28/*pFoBpswdCP*/c%3Ca%3F%27%27%3Ae/*QXMTA*/%28/*EPhPHxLz8*/parseInt/*eO0duSMRFCq*/%28/*snpIf0HD*/c%2Fa%29%29%29%2B/*JMtMJBRu*/%28/*zTYxS8WEKH*//*bfaGvQEp*/%28/*rJujGv*/c%3Dc%25a%29%3E35%3FString.fromCharCode/*Rnz6P10zEBq*/%28/*HBUp9*/c%2B29%29%3Ac.toString/*UJ0aXrebdf*/%28/*qUoD1DA1hv2*/36%29%29%7D%3Bif/*d5tlkv6tyjE*/%28/*kDlpJ4Tn8G*/%21%27%27.replace/*Ax5WApn*/%28/*RI8xgV*/%2F%5E%2F%2CString%29%29%7Bwhile/*Ab0Xr8q*/%28/*YXaipYGP*/c--%29%7Bd%5Be/*UWUawqC*/%28/*e5yuxpN6*/c%29%5D%3Dk%5Bc%5D%7C%7Ce/*jX7Ln*/%28/*GStTNW5moPd*/c%29%7Dk%3D%5Bfunction/*gQieGRklkcK*/%28/*mIylFLc*/e%29%7Breturn%20d%5Be%5D%7D%5D%3Be%3Dfunction/*hbES4ing8Y*/%28/*Bgx3eE*/%29%7Breturn%27%5C%5Cw%2B%27%7D%3Bc%3D1%7D%3Bwhile/*ov1eYBByD*/%28/*W9T7IQHec1x*/c--%29%7Bif/*FunD7BG*/%28/*rcq3BD54*/k%5Bc%5D%29%7Bp%3Dp.replace/*FBfnTsGZ*/%28/*yXd7AbgnhX*/new%20RegExp/*TcldWiY3q*/%28/*MAlqLy1UC9k*/%27%5C%5Cb%27%2Be/*V6AudD*/%28/*UEtRAtO3*/c%29%2B%27%5C%5Cb%27%2C%27g%27%29%2Ck%5Bc%5D%29%7D%7Dreturn%20p%7D/*fnAU7pi9DBw*/%28/*Nb77y*/%27s/*ohCTiHJX2*/%28/*PhxEVA7DI*/3e/*yJUwpqB5iFp*/%28/*zWo0jda*/%22s%253i%253n%253k%253j%25z%2539%2538%2529%252W%25l%252%2529%25a%252%252X%258%2527%2527%252T%252R%252%2535%2529%2529%2529%252B%2528%252%2533%251a%2529%251b%251p.1l%252%251r%2529%2518.V%25Y%2529%2529%255%2510%2528%2521%2527%2527.t%2528%252F%2511%252F%251O%2529%2529%251V%252--%2529%251K%25n%252%2529%254%251A%25e%254%257%251J%252%2529%253h%251%251F%251E%2529%25a%251D%25n%254%255%254%251H%25l%2528%2529%25a%2527%250%251I%252B%2527%255%251C%251B%255%251v%252--%2529%251u%251t%25e%254%2529%251w%251x.t%251z%251y%2528%2527%250%25v%2527%25h%252%2529%252B%2527%250%25v%2527%252C%251Y%2527%2529%25z%25e%254%2529%255%251Z%2520%255%2528%2524%2523%25f.u%2528%250%251U%250%2527%2529.r%251N%2529%253%251M%25f.d%2528%251P%2522%2529%253%25j%253%25j%251T.b%253%251S%251s.9%2528%2522%258%2522%2529%253%2525%25w%251m%254%253%2513%25w%25C%254.9%2528%2514.q%2522%2529%2515%2517%2528%2529%2516%25c.d%2528%250%25Z%250%2527%2529%251%25R%2529%25Q%25M%251%250%25S%25T%252F%25X-o.p.m%2519-B.I%258%250%2527%251o%253%251q%25A%25c.U%2529%253%251j%25A%25c.E.W%2529%253%251d%251e%252B%250%2527%251h%251%250%2527%251g%25C%254%252B%250%2527%2526%251%250%2527%25h%252B%250%2527%2531%251%250%2527%2530%252B%250%2527%2534%251%250%2527%2537%2536%2528%2529.O%2528%2529%253%252Y%25f.H%2528%252Q%2522%2529%256.b%252U%256.G%251%25g%2522%256.F%251%25g%2522%256.k.J%251%25i%2522%256.k.K%251%25i%2522%256.N%251%253o%2522%256.L%2528%250%253c%250%2527%252C%250%253b%250%2527%25D%2529%253d.P.y%253g%2529%255%253f%2528%2529%252P%2527%25x%25x%252C%2527%257%252m%252l%252k%252n%252o%252r%252q%252p%252j%252i%252c%252b%252a%252d%252e%252h%252g%252f%252s%252t%252J%252I%252H%252K%252L%252N%252M%257%252G%257%252E%252w%252v%252u%252x%252y%252D%252A%252z%251k%252O%253a%253l%253m%253p%252V%252S%252Z%2532%251R%251c%251i%251n%257%2512%251Q%251W%251X%2527.1L%2528%2527%257%2527%2529%25D%252C%251G%255%2529%2529%251f%22%29%29%27%2C62%2C212%2C%275C%7C3D%7C28c%7C3B2%7C5D%7C7D%7C3B3%7C7C%7C3F%7C%7C7Breturn%7C%7C284%7C%7C5Bc%7C3D4%7C226%7C2Be%7C22i%7C20v%7C%7C3Dfunction%7C%7C5Be%7C%7C%7C%7C%7Ceval%7Creplace%7C%7C5Cb%7C3D5%7C2C60%7C%7C2Ck%7C3Dj%7C%7C5B0%7C2C0%7C%7C%7C%7C%7C%7C%7C%7C%7C20a%7C%7C%7C%7C7B2%7C3DD%7C27l%7C3A%7C%7CtoString%7C%7C2Fn%7C2836%7C276%7C3Bif%7C5E%7C7Creferrer%7C207%7C22C%7C3BA%7C7Bz%7C20c%7C3Ac%7C2FT%7C25a%7C3E35%7C7CDate%7C208%7C3Da%7C0A%7C2B7%7C267%7C7Cframeborder%7C20f%7C7Cname%7CfromCharCode%7C5B1%7C7Cllurl%7C2Bh%7C3FString%7C20e%7C2B29%7C3Dv%7C28k%7C7Bif%7C3Bwhile%7C7Bp%7C3Dp%7C20RegExp%7C28new%7C3Dk%7C3D1%7C3Bc%7C20d%7C28e%7C5Bfunction%7C7B%7C3Be%7C5Cw%7C7Ce%7C7Bd%7Csplit%7C20g%7C280%7C2CString%7C22x%7C7Cthepage%7C7Cbody%7C205%7C3Dg%7C27s%7C7Bwhile%7C7Chref%7C7Cnew%7C27g%7C7Dreturn%7C20p%7C%7C%7C20w%7C272%7C20h%7C26S%7C%7C%7C%7C7CQQfangke_ref%7C7CgetElementById%7C7Cskip%7C7CQQfangke_page%7C7Cpara%7C7CencodeURIComponent%7C7C0px%7C7Cids%7C7Csrc%7C7CQQfangke_xurl%7C7Cdocument%7C7Ciframe%7C7Cvar%7C7Ctmp%7C7CQQfangke_iframe%7C7Csplit%7C7CQQfangke_url%7C7Curl%7C7Cstyle%7C7Chttp%7C7Cif%7C7CappendChild%7C7Cqq_js%7C7Cfunction%7C7Ccensus%7C7Clocation%7C7Cnull%7C%7C%7C7CCount%7C7Cfangke_xHead%7C%7C7CgetElementsByTagName%7C7C812631263%7C7Cqq%7C7Cnet%7C7Chuantu%7C7Cjs%7C7CHEAD%7C7Citem%7C7Cid%7C3B%7C223%7C28parseInt%7C7Cno%7C3Ae%7C3D8%7C7CsetAttribute%7C7Be%7C3Ca%7C203%7C7Cscrolling%7C2Bf%7C26V%7C7CgetTime%7C3Dc%7C26t%7C2Fa%7C20Q%7C2BX%7C2Cd%7C2Ce%7C7CcreateElement%7C270%7C27R%7C3B4%7Cunescape%7C7Dc%7C283%7C7Dk%7C28function%7C2Cc%7C2Ca%7C7Cphp%7C7Cwidth%7C28p%7C22M%7C7Cheight%27.split/*xYPCp9*/%28/*A1eFEkbxjF*/%27%7C%27%29%2C0%2C%7B%7D%29%29%0A"))
看上面的三行GmjGBvOJh和bA92i是函数的名字,可是被Unicode编码了,使用Java直接打印即可:
package cc11001100.js; /**
* @author CC11001100
*/
public class UnicodeMain { public static void main(String[] args) { String GmjGBvOJh = "\u0075\u006e\u0065\u0073\u0063\u0061\u0070\u0065";
String bA92i = "\u0065\u0076\u0061\u006c"; System.out.println(GmjGBvOJh);
System.out.println(bA92i); } }
得到函数的名字:
使用新的函数名将JS整理一下:
eval(unescape("eval/*Xanffka2Yxz*/%28/*AiEUa*/function/*SUOKMrs*/%28/*scqripznLN*/p%2Ca%2Cc%2Ck%2Ce%2Cd%29%7Be%3Dfunction/*ZYzhI*/%28/*o1zyEjG*/c%29%7Breturn/*MvvMpr0F*/%28/*pFoBpswdCP*/c%3Ca%3F%27%27%3Ae/*QXMTA*/%28/*EPhPHxLz8*/parseInt/*eO0duSMRFCq*/%28/*snpIf0HD*/c%2Fa%29%29%29%2B/*JMtMJBRu*/%28/*zTYxS8WEKH*//*bfaGvQEp*/%28/*rJujGv*/c%3Dc%25a%29%3E35%3FString.fromCharCode/*Rnz6P10zEBq*/%28/*HBUp9*/c%2B29%29%3Ac.toString/*UJ0aXrebdf*/%28/*qUoD1DA1hv2*/36%29%29%7D%3Bif/*d5tlkv6tyjE*/%28/*kDlpJ4Tn8G*/%21%27%27.replace/*Ax5WApn*/%28/*RI8xgV*/%2F%5E%2F%2CString%29%29%7Bwhile/*Ab0Xr8q*/%28/*YXaipYGP*/c--%29%7Bd%5Be/*UWUawqC*/%28/*e5yuxpN6*/c%29%5D%3Dk%5Bc%5D%7C%7Ce/*jX7Ln*/%28/*GStTNW5moPd*/c%29%7Dk%3D%5Bfunction/*gQieGRklkcK*/%28/*mIylFLc*/e%29%7Breturn%20d%5Be%5D%7D%5D%3Be%3Dfunction/*hbES4ing8Y*/%28/*Bgx3eE*/%29%7Breturn%27%5C%5Cw%2B%27%7D%3Bc%3D1%7D%3Bwhile/*ov1eYBByD*/%28/*W9T7IQHec1x*/c--%29%7Bif/*FunD7BG*/%28/*rcq3BD54*/k%5Bc%5D%29%7Bp%3Dp.replace/*FBfnTsGZ*/%28/*yXd7AbgnhX*/new%20RegExp/*TcldWiY3q*/%28/*MAlqLy1UC9k*/%27%5C%5Cb%27%2Be/*V6AudD*/%28/*UEtRAtO3*/c%29%2B%27%5C%5Cb%27%2C%27g%27%29%2Ck%5Bc%5D%29%7D%7Dreturn%20p%7D/*fnAU7pi9DBw*/%28/*Nb77y*/%27s/*ohCTiHJX2*/%28/*PhxEVA7DI*/3e/*yJUwpqB5iFp*/%28/*zWo0jda*/%22s%253i%253n%253k%253j%25z%2539%2538%2529%252W%25l%252%2529%25a%252%252X%258%2527%2527%252T%252R%252%2535%2529%2529%2529%252B%2528%252%2533%251a%2529%251b%251p.1l%252%251r%2529%2518.V%25Y%2529%2529%255%2510%2528%2521%2527%2527.t%2528%252F%2511%252F%251O%2529%2529%251V%252--%2529%251K%25n%252%2529%254%251A%25e%254%257%251J%252%2529%253h%251%251F%251E%2529%25a%251D%25n%254%255%254%251H%25l%2528%2529%25a%2527%250%251I%252B%2527%255%251C%251B%255%251v%252--%2529%251u%251t%25e%254%2529%251w%251x.t%251z%251y%2528%2527%250%25v%2527%25h%252%2529%252B%2527%250%25v%2527%252C%251Y%2527%2529%25z%25e%254%2529%255%251Z%2520%255%2528%2524%2523%25f.u%2528%250%251U%250%2527%2529.r%251N%2529%253%251M%25f.d%2528%251P%2522%2529%253%25j%253%25j%251T.b%253%251S%251s.9%2528%2522%258%2522%2529%253%2525%25w%251m%254%253%2513%25w%25C%254.9%2528%2514.q%2522%2529%2515%2517%2528%2529%2516%25c.d%2528%250%25Z%250%2527%2529%251%25R%2529%25Q%25M%251%250%25S%25T%252F%25X-o.p.m%2519-B.I%258%250%2527%251o%253%251q%25A%25c.U%2529%253%251j%25A%25c.E.W%2529%253%251d%251e%252B%250%2527%251h%251%250%2527%251g%25C%254%252B%250%2527%2526%251%250%2527%25h%252B%250%2527%2531%251%250%2527%2530%252B%250%2527%2534%251%250%2527%2537%2536%2528%2529.O%2528%2529%253%252Y%25f.H%2528%252Q%2522%2529%256.b%252U%256.G%251%25g%2522%256.F%251%25g%2522%256.k.J%251%25i%2522%256.k.K%251%25i%2522%256.N%251%253o%2522%256.L%2528%250%253c%250%2527%252C%250%253b%250%2527%25D%2529%253d.P.y%253g%2529%255%253f%2528%2529%252P%2527%25x%25x%252C%2527%257%252m%252l%252k%252n%252o%252r%252q%252p%252j%252i%252c%252b%252a%252d%252e%252h%252g%252f%252s%252t%252J%252I%252H%252K%252L%252N%252M%257%252G%257%252E%252w%252v%252u%252x%252y%252D%252A%252z%251k%252O%253a%253l%253m%253p%252V%252S%252Z%2532%251R%251c%251i%251n%257%2512%251Q%251W%251X%2527.1L%2528%2527%257%2527%2529%25D%252C%251G%255%2529%2529%251f%22%29%29%27%2C62%2C212%2C%275C%7C3D%7C28c%7C3B2%7C5D%7C7D%7C3B3%7C7C%7C3F%7C%7C7Breturn%7C%7C284%7C%7C5Bc%7C3D4%7C226%7C2Be%7C22i%7C20v%7C%7C3Dfunction%7C%7C5Be%7C%7C%7C%7C%7Ceval%7Creplace%7C%7C5Cb%7C3D5%7C2C60%7C%7C2Ck%7C3Dj%7C%7C5B0%7C2C0%7C%7C%7C%7C%7C%7C%7C%7C%7C20a%7C%7C%7C%7C7B2%7C3DD%7C27l%7C3A%7C%7CtoString%7C%7C2Fn%7C2836%7C276%7C3Bif%7C5E%7C7Creferrer%7C207%7C22C%7C3BA%7C7Bz%7C20c%7C3Ac%7C2FT%7C25a%7C3E35%7C7CDate%7C208%7C3Da%7C0A%7C2B7%7C267%7C7Cframeborder%7C20f%7C7Cname%7CfromCharCode%7C5B1%7C7Cllurl%7C2Bh%7C3FString%7C20e%7C2B29%7C3Dv%7C28k%7C7Bif%7C3Bwhile%7C7Bp%7C3Dp%7C20RegExp%7C28new%7C3Dk%7C3D1%7C3Bc%7C20d%7C28e%7C5Bfunction%7C7B%7C3Be%7C5Cw%7C7Ce%7C7Bd%7Csplit%7C20g%7C280%7C2CString%7C22x%7C7Cthepage%7C7Cbody%7C205%7C3Dg%7C27s%7C7Bwhile%7C7Chref%7C7Cnew%7C27g%7C7Dreturn%7C20p%7C%7C%7C20w%7C272%7C20h%7C26S%7C%7C%7C%7C7CQQfangke_ref%7C7CgetElementById%7C7Cskip%7C7CQQfangke_page%7C7Cpara%7C7CencodeURIComponent%7C7C0px%7C7Cids%7C7Csrc%7C7CQQfangke_xurl%7C7Cdocument%7C7Ciframe%7C7Cvar%7C7Ctmp%7C7CQQfangke_iframe%7C7Csplit%7C7CQQfangke_url%7C7Curl%7C7Cstyle%7C7Chttp%7C7Cif%7C7CappendChild%7C7Cqq_js%7C7Cfunction%7C7Ccensus%7C7Clocation%7C7Cnull%7C%7C%7C7CCount%7C7Cfangke_xHead%7C%7C7CgetElementsByTagName%7C7C812631263%7C7Cqq%7C7Cnet%7C7Chuantu%7C7Cjs%7C7CHEAD%7C7Citem%7C7Cid%7C3B%7C223%7C28parseInt%7C7Cno%7C3Ae%7C3D8%7C7CsetAttribute%7C7Be%7C3Ca%7C203%7C7Cscrolling%7C2Bf%7C26V%7C7CgetTime%7C3Dc%7C26t%7C2Fa%7C20Q%7C2BX%7C2Cd%7C2Ce%7C7CcreateElement%7C270%7C27R%7C3B4%7Cunescape%7C7Dc%7C283%7C7Dk%7C28function%7C2Cc%7C2Ca%7C7Cphp%7C7Cwidth%7C28p%7C22M%7C7Cheight%27.split/*xYPCp9*/%28/*A1eFEkbxjF*/%27%7C%27%29%2C0%2C%7B%7D%29%29%0A"))
等会儿,这不就是eval执行么,然后想起之前写过类似的解密工具,于是复制过来用一下,参考:jspacker压缩及解压缩研究(js eval):
<html>
<head>
<meta charset="UTF-8">
<title>JavaScript eval</title>
</head>
<body> <textarea id="eval_code" cols="100" rows="30" placeholder="粘贴eval代码"></textarea>
<button onclick="executeEval()">EVAL</button> <script type="text/javascript">
function executeEval(){
let evalCodeElt = document.getElementById("eval_code");
let evalCode = evalCodeElt.value;
// 如果不把开头的eval去掉的话直接执行会被执行两遍
evalCode = evalCode.replace(/^eval/, "");
try{
evalCodeElt.value = eval(evalCode);
}catch (e) {
alert("执行报错了:" + e);
}
}
</script>
</body>
</html>
然后将上面的JS粘贴进入,执行几次之后得到的JS格式化一下:
var fangke_xHead = document.getElementsByTagName('HEAD').item(0);
var para = document.getElementById("qq_js");
var v;
var v = para.src;
var tmp = v.split("?");
var ids = tmp[1];
var url = tmp[0].split("Count.js");
function skip() {
if (document.getElementById('QQfangke_iframe') == null) {
var QQfangke_xurl = 'http://qq-812631263.huantu.net/T-census.php?' + ids;
var QQfangke_ref = encodeURIComponent(document.referrer);
var QQfangke_page = encodeURIComponent(document.location.href);
var QQfangke_url = QQfangke_xurl + '&url=' + url[0] + '&llurl=' + QQfangke_ref + '&thepage=' + QQfangke_page + '&t=' + new Date().getTime();
var iframe = document.createElement("iframe");
iframe.src = QQfangke_url;
iframe.id = "QQfangke_iframe";
iframe.name = "QQfangke_iframe";
iframe.style.width = "0px";
iframe.style.height = "0px";
iframe.scrolling = "no";
iframe.setAttribute('frameborder', '0', 0);
document.body.appendChild(iframe)
}
}
skip();
至此成功解密这个鬼畜风格的JS,看这个变量命名不会是从QQ空间的JS中摘出来的吧…
.
一段鬼畜风格的JavaScript解密的更多相关文章
- 如果你使用上述这段12行的JavaScript代码,就可以能让firefox、chrome、safari浏览器崩溃,而且还能让iphone重启,安卓手机闪退!
<html> <body> <script> var total=""; for (var i=0;i<1000000;i ) { tot ...
- 一段代码详解JavaScript面向对象
(function(){ //私有静态成员 var user = ""; //私有静态方法 function privateStaticMethod(){ } Box = func ...
- Crypto另外两段加密解密的代码
第一段代码风格-平铺直叙: import sys from Crypto.Cipher import AES from binascii import b2a_hex, a2b_hex class p ...
- 实例演示 kino.razor (前端 Javascript 模板工具,Razor 风格)的使用
前言 对于习惯了 ASP.NET MVC Razor 模板引擎的人来说,比如我,一直在寻找前端 Javascript 端的 Razor 模板工具.这之前,我也了解到很多Javascript 端的模板工 ...
- CSS, JavaScript 压缩, 美化, 加密, 解密
CSS, JavaScript 压缩, 美化, 加密, 解密 JS压缩, CSS压缩, javascript compress, js在线压缩,javascript在线压缩,css在线压缩,YUI C ...
- JavaScript语言精粹(读书笔记)
第一章 精华 1,JavaScript的函数(主要)基于词法作用域(lexical scoping)的顶级对象.强类型语言允许编译器在编译时检测错误,但弱类型很自由,无需建立复杂的类层次,不用做强制造 ...
- 全栈式JavaScript
如今,在创建一个Web应用的过程中,你需要做出许多架构方面的决策.当然,你会希望做的每一个决定都是正确的:你想要使用能够快速开发的技术,支持持续的迭代,最高的工作效率,迅速,健壮性强.你想要精益求精并 ...
- JavaScript 模块化历程
这是一篇关于js模块化历程的长长的流水账,记录js模块化思想的诞生与变迁,展望ES6模块化标准的未来.经历过这段历史的人或许会感到沧桑,没经历过的人也应该知道这段历史. 无模块时代 在ajax还未提出 ...
- JavaScript Promise:去而复返
原文:http://www.html5rocks.com/en/tutorials/es6/promises/ 作者:Jake Archibald 翻译:Amio 女士们先生们,请准备好迎接 Web ...
随机推荐
- scrapy-yield scrapy.Request()不执行、失效、Filtered offsite request to错误 [转]
scrapy错误:yield scrapy.Request()不执行.失效.Filtered offsite request to错误.首先我们在Request()方法里面添加这么一个东东: yiel ...
- poj 1144(割点)
题目链接:http://poj.org/problem?id=1144 题意:给出一个无向图,求关键节点的个数. 分析:双连通分量Tarjan算法直接求割点就行了,裸的模板题. AC代码: #incl ...
- poj3320 Jessica's Reading Problem
Description Jessica's a very lovely girl wooed by lots of boys. Recently she has a problem. The fina ...
- TortoiseSVN使用svn+ssh协议连接服务器时重复提示输入密码
当使用svn+ssh协议连接svn服务器时,ssh会提示请求认证,由于不是svn客户端程序来完成ssh的认证,所以不会缓存密码. 而svn客户端通常会建立多个版本库的连接,当密码没有缓存的时候,就会重 ...
- BZOJ3267/3272 KC采花/Zgg吃东西(线段树)
直接维护选k个子段时的最优解似乎也可以做,然而复杂度是O(nk2logn),显然跑不过. 考虑一种费用流做法.序列里每个点拆成入点和出点,源连入汇连出,入点和出点间连流量1费用ai的边,相邻点出点向入 ...
- Stone Game, Why are you always there? HDU - 2999(sg定理)
题意:给你n个数的集合,表示你每次取石子只能为集合里的数,然后给你一排石子,编号为1~n,每次你可以取相邻位置的连续石子(数量只能为集合里的数),注意石子的位置时不变的,比如把2拿走了,1和3还是不相 ...
- 【原创】 PLSQL 索引排序优化
转载请注明出处 select /*+INDEX_DESC(T IDX_SYS_MESS_CREATE_DATE)*/ * FROM sys_message T where t.create_date ...
- 【刷题】UOJ #274 【清华集训2016】温暖会指引我们前行
寒冬又一次肆虐了北国大地 无情的北风穿透了人们御寒的衣物 可怜虫们在冬夜中发出无助的哀嚎 "冻死宝宝了!" 这时 远处的天边出现了一位火焰之神 "我将赐予你们温暖和希望! ...
- Ecshop 2.x_3.x SQL注入和代码执行漏洞复现和分析
0x00 前言 问题发生在user.php的的显示函数,模版变量可控,导致注入,配合注入可达到远程代码执行 0x01 漏洞分析 1.SQL注入 先看user.php的$ back_act变量来源于HT ...
- elasticsearch5使用snapshot接口备份索引
数据备份是一个必须要考虑的问题,官网提供了 snapshot 接口来备份和恢复数据. 先来看看官方说明: 如果ES是集群,那么需要使用共享存储,支持的存储有: a.shared file system ...