某段\x16进制和unicode加密与混淆js代码的解密与反加密

某天,在鼓捣一个ems系统,想用来做成新闻资讯类网站。弄了好多天,各个框架和结构都差不多了,重新调整了结构,一个偶然的机会,发现搜索框点击的时候不能自动清空先前的内容,于是想添加一段js代码去修改,找了半天,没有看到一个类似main.js的网站通用js代码,倒是发现一个奇怪的js文件,并且是加密的,这肯定引起了我的兴趣哈。看看这段代码。

var _0xdf49=["\x75\x73\x65\x20\x73\x74\x72\x69\x63\x74","\x70\x72\x6F\x74\x6F\x74\x79\x70\x65","","\x3C\x69\x20\x63\x6C\x61\x73\x73\x3D\x22\x61\x75\x69\x2D\x69\x63\x6F\x6E\x66\x6F\x6E\x74\x20\x61\x75\x69\x2D\x69\x63\x6F\x6E\x2D\x63\x6F\x72\x72\x65\x63\x74\x22\x3E\x3C\x2F\x69\x3E","\x73\x75\x63\x63\x65\x73\x73","\x3C\x69\x20\x63\x6C\x61\x73\x73\x3D\x22\x61\x75\x69\x2D\x69\x63\x6F\x6E\x66\x6F\x6E\x74\x20\x61\x75\x69\x2D\x69\x63\x6F\x6E\x2D\x63\x6C\x6F\x73\x65\x22\x3E\x3C\x2F\x69\x3E","\x66\x61\x69\x6C","\x68\x74\x6D\x6C","\x63\x75\x73\x74\x6F\x6D","\x3C\x64\x69\x76\x20\x63\x6C\x61\x73\x73\x3D\x22\x61\x75\x69\x2D\x74\x6F\x61\x73\x74\x2D\x6C\x6F\x61\x64\x69\x6E\x67\x22\x3E\x3C\x2F\x64\x69\x76\x3E","\x6C\x6F\x61\x64\x69\x6E\x67","\x74\x79\x70\x65","\x74\x69\x74\x6C\x65","\x3C\x64\x69\x76\x20\x63\x6C\x61\x73\x73\x3D\x22\x61\x75\x69\x2D\x74\x6F\x61\x73\x74\x2D\x63\x6F\x6E\x74\x65\x6E\x74\x22\x3E","\x3C\x2F\x64\x69\x76\x3E","\x3C\x64\x69\x76\x20\x63\x6C\x61\x73\x73\x3D\x22\x61\x75\x69\x2D\x74\x6F\x61\x73\x74\x22\x3E","\x2E\x61\x75\x69\x2D\x74\x6F\x61\x73\x74","\x71\x75\x65\x72\x79\x53\x65\x6C\x65\x63\x74\x6F\x72","\x62\x65\x66\x6F\x72\x65\x65\x6E\x64","\x69\x6E\x73\x65\x72\x74\x41\x64\x6A\x61\x63\x65\x6E\x74\x48\x54\x4D\x4C","\x62\x6F\x64\x79","\x64\x75\x72\x61\x74\x69\x6F\x6E","\x32\x30\x30\x30","\x73\x68\x6F\x77","\x68\x69\x64\x65","\x64\x69\x73\x70\x6C\x61\x79","\x73\x74\x79\x6C\x65","\x62\x6C\x6F\x63\x6B","\x6D\x61\x72\x67\x69\x6E\x54\x6F\x70","\x2D","\x6F\x66\x66\x73\x65\x74\x48\x65\x69\x67\x68\x74","\x72\x6F\x75\x6E\x64","\x70\x78","\x72\x65\x6D\x6F\x76\x65\x43\x68\x69\x6C\x64","\x70\x61\x72\x65\x6E\x74\x4E\x6F\x64\x65","\x2E\x61\x75\x69\x2D\x64\x69\x61\x6C\x6F\x67","\x2E\x61\x75\x69\x2D\x6D\x61\x73\x6B","\x61\x75\x69\x2D\x6D\x61\x73\x6B\x2D\x6F\x75\x74","\x72\x65\x6D\x6F\x76\x65","\x63\x6C\x61\x73\x73\x4C\x69\x73\x74","\x63\x72\x65\x61\x74\x65","\x61\x75\x69\x54\x6F\x61\x73\x74"];(function(_0x16cdx1,_0x16cdx2){_0xdf49[0];var _0x16cdx3=function(){};var _0x16cdx4=false;_0x16cdx3[_0xdf49[1]]= {create:function(_0x16cdx5,_0x16cdx6){var _0x16cdx7=this;var _0x16cdx8=_0xdf49[2];switch(_0x16cdx5[_0xdf49[11]]){case _0xdf49[4]:var _0x16cdx9=_0xdf49[3];break;case _0xdf49[6]:var _0x16cdx9=_0xdf49[5];break;case _0xdf49[8]:var _0x16cdx9=_0x16cdx5[_0xdf49[7]];break;case _0xdf49[10]:var _0x16cdx9=_0xdf49[9];break};var _0x16cdxa=_0x16cdx5[_0xdf49[12]]?_0xdf49[13]+ _0x16cdx5[_0xdf49[12]]+ _0xdf49[14]:_0xdf49[2];_0x16cdx8= _0xdf49[15]+ _0x16cdx9+ _0x16cdxa+ _0xdf49[14];if(document[_0xdf49[17]](_0xdf49[16])){return};document[_0xdf49[20]][_0xdf49[19]](_0xdf49[18],_0x16cdx8);var _0x16cdxb=_0x16cdx5[_0xdf49[21]]?_0x16cdx5[_0xdf49[21]]:_0xdf49[22];_0x16cdx7[_0xdf49[23]]();if(_0x16cdx5[_0xdf49[11]]== _0xdf49[10]){if(_0x16cdx6){_0x16cdx6({status:_0xdf49[4]})}}else {setTimeout(function(){_0x16cdx7[_0xdf49[24]]()},_0x16cdxb)}},show:function(){var _0x16cdx7=this;document[_0xdf49[17]](_0xdf49[16])[_0xdf49[26]][_0xdf49[25]]= _0xdf49[27];document[_0xdf49[17]](_0xdf49[16])[_0xdf49[26]][_0xdf49[28]]= _0xdf49[29]+ Math[_0xdf49[31]](document[_0xdf49[17]](_0xdf49[16])[_0xdf49[30]]/ 2)+ _0xdf49[32];if(document[_0xdf49[17]](_0xdf49[16])){return}},hide:function(){var _0x16cdx7=this;if(document[_0xdf49[17]](_0xdf49[16])){document[_0xdf49[17]](_0xdf49[16])[_0xdf49[34]][_0xdf49[33]](document[_0xdf49[17]](_0xdf49[16]))}},remove:function(){if(document[_0xdf49[17]](_0xdf49[35])){document[_0xdf49[17]](_0xdf49[35])[_0xdf49[34]][_0xdf49[33]](document[_0xdf49[17]](_0xdf49[35]))};if(document[_0xdf49[17]](_0xdf49[36])){document[_0xdf49[17]](_0xdf49[36])[_0xdf49[39]][_0xdf49[38]](_0xdf49[37])};return true},success:function(_0x16cdx5,_0x16cdx6){var _0x16cdx7=this;_0x16cdx5[_0xdf49[11]]= _0xdf49[4];return _0x16cdx7[_0xdf49[40]](_0x16cdx5,_0x16cdx6)},fail:function(_0x16cdx5,_0x16cdx6){var _0x16cdx7=this;_0x16cdx5[_0xdf49[11]]= _0xdf49[6];return _0x16cdx7[_0xdf49[40]](_0x16cdx5,_0x16cdx6)},custom:function(_0x16cdx5,_0x16cdx6){var _0x16cdx7=this;_0x16cdx5[_0xdf49[11]]= _0xdf49[8];return _0x16cdx7[_0xdf49[40]](_0x16cdx5,_0x16cdx6)},loading:function(_0x16cdx5,_0x16cdx6){var _0x16cdx7=this;_0x16cdx5[_0xdf49[11]]= _0xdf49[10];return _0x16cdx7[_0xdf49[40]](_0x16cdx5,_0x16cdx6)}};_0x16cdx1[_0xdf49[41]]= _0x16cdx3})(window)

一个js代码的解密并不难,难得是搞明白这些乱七八糟的是什么加密,难的是对那些进行了代码混淆使得可读性极差的代码的整理与翻译!
很明显,上面这个代码进行了混淆!0xdf49这类变量名搞得像蓝屏代码错误号,吓死人,一般人没认真看还真搞不明白这是些什么东西。
首先我们搜索“_0xdf49”,可以发现存在很多个这种变量。
我们将其命名为strone,全部替换之。_0xdf49x2,_0xdf49x3,_0xdf49x4,_0xdf49x5,_0xdf49x6,_0xdf49x7全是这些变量,可以跟随个人喜欢,换成喜欢的变量名。下面的就是混淆,使得不容易阅读代码。
_0xdf49的值才是加密的重点。有经验的程序员应当一眼就可以看出,这是我标题里面所说的Javascript \x 16进制加密。这个解密非常简单,网上方法很多,直接用document.write就可以写出明文。代码如下。

var _0xc828=["\x63\x6C\x61\x73\x73\x4E\x61\x6D\x65","\x61\x63\x74\x69\x76\x65","\x69\x64","\x70\x61\x72\x65\x6E\x74\x4E\x6F\x64\x65","\x6C\x69","\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x73\x42\x79\x54\x61\x67\x4E\x61\x6D\x65","\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x42\x79\x49\x64","\x6C\x65\x6E\x67\x74\x68","\x64\x69\x73\x70\x6C\x61\x79","\x73\x74\x79\x6C\x65","\x43","\x62\x6C\x6F\x63\x6B","\x6E\x6F\x72\x6D\x61\x6C","\x6E\x6F\x6E\x65","\x68\x65\x69\x67\x68\x74","\x73\x63\x72\x6F\x6C\x6C\x54\x6F\x70","\x73\x68\x6F\x77","\x23\x67\x6F\x74\x6F\x70","\x68\x69\x64\x65","\x63\x6C\x69\x63\x6B","\x63\x6F\x64\x65\x5F\x68\x6F\x76\x65\x72","\x61\x74\x74\x72","\x23\x63\x6F\x64\x65\x5F\x69\x6D\x67","\x63\x6F\x64\x65","\x68\x6F\x76\x65\x72","\x23\x63\x6F\x64\x65","\x72\x65\x61\x64\x79","\x73\x63\x72\x6F\x6C\x6C","\x64\x6F\x6D\x61\x69\x6E","\x68\x6F\x68\x75\x61\x6E\x2E\x63\x6F\x6D","\x69\x6E\x64\x65\x78\x4F\x66","\x31\x32\x37\x2E\x30\x2E\x30\x2E\x31","\x6C\x6F\x63\x61\x6C\x68\x6F\x73\x74","\u8BE5\u6A21\u677F\u5C1A\u672A\u6388\u6743\u6B64\u7AD9\u4F7F\u7528\x2C\u8BF7\u8D2D\u4E70\u6388\u6743","\x68\x72\x65\x66","\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x78\x69\x75\x7A\x68\x61\x6E\x77\x61\x6E\x67\x2E\x63\x6F\x6D"]; 
for(i=0;i<_0xc828.length;i++){
document.write(i+"="+_0xc828[i]+""); 
}

把上面的代码放在html的之间运行就可以解密了,解密结果如下

0=className1=active2=id3=parentNode4=li5=getElementsByTagName6=getElementById7=length8=display9=style10=C11=block12=normal13=none14=height15=scrollTop16=show17=#gotop18=hide19=click20=code_hover21=attr22=#code_img23=code24=hover25=#code26=ready27=scroll28=domain29=hohuan.com30=indexOf31=127.0.0.132=localhost33=该模板尚未授权此站使用,请购买授权34=href

作为解密来说,http://tool.lu/js的功能非常强大。将所有的代码放到对话框,即可解密全文。
解密后明码如下

var _0xdf49 = ["use strict", "prototype", "", "<i class="aui-iconfont aui-icon-correct"></i>", "success", "<i class="aui-iconfont aui-icon-close"></i>", "fail", "html", "custom", "<div class="aui-toast-loading"></div>", "loading", "type", "title", "<div class="aui-toast-content">", "</div>", "<div class="aui-toast">", ".aui-toast", "querySelector", "beforeend", "insertAdjacentHTML", "body", "duration", "2000", "show", "hide", "display", "style", "block", "marginTop", "-", "offsetHeight", "round", "px", "removeChild", "parentNode", ".aui-dialog", ".aui-mask", "aui-mask-out", "remove", "classList", "create", "auiToast"];
(function(_0x16cdx1, _0x16cdx2) {
	_0xdf49[0];
	var _0x16cdx3 = function() {};
	var _0x16cdx4 = false;
	_0x16cdx3[_0xdf49[1]] = {
		create: function(_0x16cdx5, _0x16cdx6) {
			var _0x16cdx7 = this;
			var _0x16cdx8 = _0xdf49[2];
			switch (_0x16cdx5[_0xdf49[11]]) {
			case _0xdf49[4]:
				var _0x16cdx9 = _0xdf49[3];
				break;
			case _0xdf49[6]:
				var _0x16cdx9 = _0xdf49[5];
				break;
			case _0xdf49[8]:
				var _0x16cdx9 = _0x16cdx5[_0xdf49[7]];
				break;
			case _0xdf49[10]:
				var _0x16cdx9 = _0xdf49[9];
				break
			};
			var _0x16cdxa = _0x16cdx5[_0xdf49[12]] ? _0xdf49[13] + _0x16cdx5[_0xdf49[12]] + _0xdf49[14] : _0xdf49[2];
			_0x16cdx8 = _0xdf49[15] + _0x16cdx9 + _0x16cdxa + _0xdf49[14];
			if (document[_0xdf49[17]](_0xdf49[16])) {
				return
			};
			document[_0xdf49[20]][_0xdf49[19]](_0xdf49[18], _0x16cdx8);
			var _0x16cdxb = _0x16cdx5[_0xdf49[21]] ? _0x16cdx5[_0xdf49[21]] : _0xdf49[22];
			_0x16cdx7[_0xdf49[23]]();
			if (_0x16cdx5[_0xdf49[11]] == _0xdf49[10]) {
				if (_0x16cdx6) {
					_0x16cdx6({
						status: _0xdf49[4]
					})
				}
			} else {
				setTimeout(function() {
					_0x16cdx7[_0xdf49[24]]()
				}, _0x16cdxb)
			}
		},
		show: function() {
			var _0x16cdx7 = this;
			document[_0xdf49[17]](_0xdf49[16])[_0xdf49[26]][_0xdf49[25]] = _0xdf49[27];
			document[_0xdf49[17]](_0xdf49[16])[_0xdf49[26]][_0xdf49[28]] = _0xdf49[29] + Math[_0xdf49[31]](document[_0xdf49[17]](_0xdf49[16])[_0xdf49[30]] / 2) + _0xdf49[32];
			if (document[_0xdf49[17]](_0xdf49[16])) {
				return
			}
		},
		hide: function() {
			var _0x16cdx7 = this;
			if (document[_0xdf49[17]](_0xdf49[16])) {
				document[_0xdf49[17]](_0xdf49[16])[_0xdf49[34]][_0xdf49[33]](document[_0xdf49[17]](_0xdf49[16]))
			}
		},
		remove: function() {
			if (document[_0xdf49[17]](_0xdf49[35])) {
				document[_0xdf49[17]](_0xdf49[35])[_0xdf49[34]][_0xdf49[33]](document[_0xdf49[17]](_0xdf49[35]))
			};
			if (document[_0xdf49[17]](_0xdf49[36])) {
				document[_0xdf49[17]](_0xdf49[36])[_0xdf49[39]][_0xdf49[38]](_0xdf49[37])
			};
			return true
		},
		success: function(_0x16cdx5, _0x16cdx6) {
			var _0x16cdx7 = this;
			_0x16cdx5[_0xdf49[11]] = _0xdf49[4];
			return _0x16cdx7[_0xdf49[40]](_0x16cdx5, _0x16cdx6)
		},
		fail: function(_0x16cdx5, _0x16cdx6) {
			var _0x16cdx7 = this;
			_0x16cdx5[_0xdf49[11]] = _0xdf49[6];
			return _0x16cdx7[_0xdf49[40]](_0x16cdx5, _0x16cdx6)
		},
		custom: function(_0x16cdx5, _0x16cdx6) {
			var _0x16cdx7 = this;
			_0x16cdx5[_0xdf49[11]] = _0xdf49[8];
			return _0x16cdx7[_0xdf49[40]](_0x16cdx5, _0x16cdx6)
		},
		loading: function(_0x16cdx5, _0x16cdx6) {
			var _0x16cdx7 = this;
			_0x16cdx5[_0xdf49[11]] = _0xdf49[10];
			return _0x16cdx7[_0xdf49[40]](_0x16cdx5, _0x16cdx6)
		}
	};
	_0x16cdx1[_0xdf49[41]] = _0x16cdx3
})(window)

这个解密和上面的html解密一样。”你js真的很diaome?来试试,大气哦”,不同的是他将那些原来链接到一起,堆砌成一句话的js代码进行了结构整理,使得结构清晰,很容易看懂,但是如果使用您自己的代码混淆,你也看不出来吧?
可以看到解密出来的结果中有网址和提示,因为他涉及到一些网站需要的js切换代码,所以不能完全删除这个js文件,如果我们把这些内容替换成我们自己的内容,再加密放回去,会不会很爽?
就像前面说的,搞明白了是什么加密,就可以进行加密与反加密。
仔细查看_0x16cd变量,会发现他是由很多双引号括起来的多个值的一个字串,熟悉的知道这是\x 16进制加密,他的加解密代码如下

<script type="text/javascript">// <![CDATA[
function JavaDe(){
var monyer = new Array();
var s = document.getElementById('code').value.split("\\");
for (i = 1; i < s.length; i++){
        s[i] = s[i].replace('x', '');
        monyer += String.fromCharCode(parseInt(s[i], 16))
        }
document.getElementById('code').value = monyer;
}
function JavaEn(){
var txt=document.getElementById("code");
var hex=document.getElementById("true");
var monyer = new Array();var i,s;
for(i=0;i<txt.value.length;i++){ s=txt.value.charCodeAt(i).toString(16); if(hex.checked){ monyer+="\\x"+s; }else{ monyer+=new Array(5-String(s).length).join("0")+s; } } txt.value=monyer; }
// ]]></script><textarea id="code" cols="50" rows="10">\x65\x76\x61\x6c</textarea><input id="true" checked="checked" type="checkbox" />是否启用\x加密 <input type="button" value="16进制解密"\x"" /><input type="button" value="16进制加密" />

在线的可以到魔酷阁http://www.mokuge.com/tool/js_x16/这里来进行加解密。
这段代码猛看上去大部分都是\x 16进制加密,其实在里面明显还有一段代码他是不同的。

\u8BE5\u6A21\u677F\u5C1A\u672A\u6388\u6743\u6B64\u7AD9\u4F7F\u7528\x2C\u8BF7\u8D2D\u4E70\u6388\u6743

这个是unicode对中文的加密,在线的可以在站长助手http://tool.chinaz.com/tools/unicode.aspx
换成自己想要的东东,替换回去,就可以弄成我们想要的效果了。

给TA打赏
共{{data.count}}人
人已打赏
技术文档

批处理切割大文本数据

2017-8-5 0:35:33

技术文档

php中开启gzip压缩的2种方法代码

2017-10-29 12:32:07

0 条回复 A文章作者 M管理员
    暂无讨论,说说你的看法吧
个人中心
有新私信 私信列表
搜索