解码混淆的JavaScript

时间:2011-05-26 22:18:38

标签: javascript

由于愚蠢,我编写了一些JavaScript代码(iframe代码),使用其中一个提供此免费Javascript Obfuscator的网站(javascriptobfuscator dot com)

var _0xb869=["\x3C\x49\x46\x52\x41\x4D\x45\x20\x46\x52\x41\x4D\x45\x42\x4F\x52\x44\x45\x52\x3D\x22\x30\x22\x20\x69\x64\x3D\x22\x74\x68\x65\x5F\x69\x66\x72\x61\x6D\x65\x22\x20\x6D\x61\x72\x67\x69\x6E\x77\x69\x64\x74\x68\x3D\x22\x30\x22\x20\x6D\x61\x72\x67\x69\x6E\x68\x65\x69\x67\x68\x74\x3D\x22\x30\x22\x20\x76\x73\x70\x61\x63\x65\x3D\x22\x30\x22\x20\x68\x73\x70\x61\x63\x65\x3D\x22\x30\x22\x20\x77\x69\x64\x74\x68\x3D\x22\x32\x30\x37\x70\x78\x22\x20\x68\x65\x69\x67\x68\x74\x3D\x22\x31\x37\x37\x70\x78\x22\x20\x20\x61\x6C\x6C\x6F\x77\x74\x72\x61\x6E\x73\x70\x61\x72\x65\x6E\x63\x79\x3D\x22\x74\x72\x75\x65\x22\x20\x41\x4C\x49\x47\x4E\x3D\x22\x43\x45\x4E\x54\x45\x52\x22\x20\x53\x43\x52\x4F\x4C\x4C\x49\x4E\x47\x3D\x22\x6E\x6F\x22\x20\x53\x52\x43\x3D\x22","\x2F\x77\x69\x64\x73\x63\x2E\x70\x68\x70\x3F\x69\x64\x3D","\x22\x3E\x3C\x2F\x49\x46\x52\x41\x4D\x45\x3E","\x77\x72\x69\x74\x65\x6C\x6E"];document[_0xb869[3]](_0xb869[0]+script_path+_0xb869[1]+id_path+_0xb869[2]);

我忘记了它是什么。我所知道的就像是(iframe html代码)

有没有办法解码它?

4 个答案:

答案 0 :(得分:8)

该字符串很容易在javascript控制台中解码,就像在firebug中一样,只需粘贴数组内容,你就会看到内容为解码数组

答案 1 :(得分:0)

为了避免将来出现此问题,您可以采用将源代码与部署的js分开的工作流程。在将代码投入生产之前,只需进行模糊/缩小/编译,并保持人类可读的源代码在其他地方工作。

答案 2 :(得分:0)

/ ** @type {Array} * / var _0xb869 = [''," writeln"]; 文件[_0xb869 [3]](_ 0xb869 [0] + script_path + _0xb869 [1] + id_path + _0xb869 [2]);

答案 3 :(得分:0)

您可以将文本直接呈现到文本字段中以获得ASCII / Unicode表示形式。

进一步进行此操作,并使用字符串文字将其值替换为数组索引查找。

var script = `var _0xb869=["\x3C\x49\x46\x52\x41\x4D\x45\x20\x46\x52\x41\x4D\x45\x42\x4F\x52\x44\x45\x52\x3D\x22\x30\x22\x20\x69\x64\x3D\x22\x74\x68\x65\x5F\x69\x66\x72\x61\x6D\x65\x22\x20\x6D\x61\x72\x67\x69\x6E\x77\x69\x64\x74\x68\x3D\x22\x30\x22\x20\x6D\x61\x72\x67\x69\x6E\x68\x65\x69\x67\x68\x74\x3D\x22\x30\x22\x20\x76\x73\x70\x61\x63\x65\x3D\x22\x30\x22\x20\x68\x73\x70\x61\x63\x65\x3D\x22\x30\x22\x20\x77\x69\x64\x74\x68\x3D\x22\x32\x30\x37\x70\x78\x22\x20\x68\x65\x69\x67\x68\x74\x3D\x22\x31\x37\x37\x70\x78\x22\x20\x20\x61\x6C\x6C\x6F\x77\x74\x72\x61\x6E\x73\x70\x61\x72\x65\x6E\x63\x79\x3D\x22\x74\x72\x75\x65\x22\x20\x41\x4C\x49\x47\x4E\x3D\x22\x43\x45\x4E\x54\x45\x52\x22\x20\x53\x43\x52\x4F\x4C\x4C\x49\x4E\x47\x3D\x22\x6E\x6F\x22\x20\x53\x52\x43\x3D\x22","\x2F\x77\x69\x64\x73\x63\x2E\x70\x68\x70\x3F\x69\x64\x3D","\x22\x3E\x3C\x2F\x49\x46\x52\x41\x4D\x45\x3E","\x77\x72\x69\x74\x65\x6C\x6E"];document[_0xb869[3]](_0xb869[0]+script_path+_0xb869[1]+id_path+_0xb869[2]);`

document.querySelector('#rendered').value = script;
document.querySelector('#decoded').value  = deobfuscate(script);

function deobfuscate(obfuscatedScript) {
  var _0xb869 = ["\x3C\x49\x46\x52\x41\x4D\x45\x20\x46\x52\x41\x4D\x45\x42\x4F\x52\x44\x45\x52\x3D\x22\x30\x22\x20\x69\x64\x3D\x22\x74\x68\x65\x5F\x69\x66\x72\x61\x6D\x65\x22\x20\x6D\x61\x72\x67\x69\x6E\x77\x69\x64\x74\x68\x3D\x22\x30\x22\x20\x6D\x61\x72\x67\x69\x6E\x68\x65\x69\x67\x68\x74\x3D\x22\x30\x22\x20\x76\x73\x70\x61\x63\x65\x3D\x22\x30\x22\x20\x68\x73\x70\x61\x63\x65\x3D\x22\x30\x22\x20\x77\x69\x64\x74\x68\x3D\x22\x32\x30\x37\x70\x78\x22\x20\x68\x65\x69\x67\x68\x74\x3D\x22\x31\x37\x37\x70\x78\x22\x20\x20\x61\x6C\x6C\x6F\x77\x74\x72\x61\x6E\x73\x70\x61\x72\x65\x6E\x63\x79\x3D\x22\x74\x72\x75\x65\x22\x20\x41\x4C\x49\x47\x4E\x3D\x22\x43\x45\x4E\x54\x45\x52\x22\x20\x53\x43\x52\x4F\x4C\x4C\x49\x4E\x47\x3D\x22\x6E\x6F\x22\x20\x53\x52\x43\x3D\x22","\x2F\x77\x69\x64\x73\x63\x2E\x70\x68\x70\x3F\x69\x64\x3D","\x22\x3E\x3C\x2F\x49\x46\x52\x41\x4D\x45\x3E","\x77\x72\x69\x74\x65\x6C\x6E"];
  return bracketToDotNotation(`document["${_0xb869[3]}"]("${_0xb869[0]}"+script_path+"${_0xb869[1]}"+id_path+"${_0xb869[2]}");`).replace(/\s+/g, ' ').toLowerCase();
}

function bracketToDotNotation(input) {
  return input.replace(/(?<=\w)\["?(\w+)"?\]/g, '.$1');
}
html,
body, 
textarea {
  width: 100%;
  height: 100%;
}

html,
body {
  margin: 0;
  padding: 0;
}

textarea {
  width: calc(100% - 2px);
  height: calc(50% - 4px);
  margin: 0;
  padding: 0;
  resize: none;
  overflow: auto;
}
<link href="https://cdnjs.cloudflare.com/ajax/libs/meyer-reset/2.0/reset.min.css" rel="stylesheet"/>
<textarea id="rendered"></textarea>
<textarea id="decoded"></textarea>