解码这个奇怪的Javascript [英] Decode this strange Javascript

问题描述

我在.js文件中遇到过这段代码。这段代码是什么？

I came across this code in a .js file. What is this code ??

我已将该文件下载到我的localhost网络服务器上。将此代码保存到.js文件中，将我重定向到google.com，当我评论此代码时，页面运行完美!!

I have downloaded that file onto my localhost webserver.Keeping this code in the .js file redirects me to google.com and when i am commenting this code the page runs perfectly !!

我可以理解这是为了强制执行该页面仅从服务器链接执行!!!

I can understand that this is done to enforce that the page is to be executed from a server link only !!!

我如何解码这个js ???

How can i decode this js ???

[]['\x63\x6f\x6e\x73\x74\x72\x75\x63\x74\x6f\x72']['\x63\x6f\x6e\x73\x74\x72\x75\x63\x74\x6f\x72'](self['\x75\x6e\x65\x73\x63\x61\x70\x65']('%69%66%28%7e%6c%6f%63%61%74%69%6f%6e%2e%70%72%6f%74%6f%63%6f%6c%2e%69%6e%64%65%78%4f%66%28%27%68%74%74%70%3a%27%29%26%26%7e%6c%6f%63%61%74%69%6f%6e%2e%68%6f%73%74%2e%69%6e%64%65%78%4f%66%28%27%74%65%6d%70%6c%61%74%65%2d%68%65%6c%70%2e%63%6f%6d%27%29%29%7b%7d%65%6c%73%65%28%6c%6f%63%61%74%69%6f%6e%2e%68%72%65%66%3d%27%68%74%74%70%3a%2f%2f%77%77%77%2e%67%6f%6f%67%6c%65%2e%63%6f%6d%27%29'))()

推荐答案

Python碰巧使用相同的编码方式，所以我只是把它扔在Python shell上。

Python happens to use the same way of encoding, so I just threw it at a Python shell.

>>> '\x63\x6f\x6e\x73\x74\x72\x75\x63\x74\x6f\x72'
'constructor'
>>> '\x75\x6e\x65\x73\x63\x61\x70\x65'
'unescape'
>>> import urllib
>>> urllib.unquote('%69%66%28%7e%6c%6f%63%61%74%69%6f%6e%2e%70%72%6f%74%6f%63%6f%6c%2e%69%6e%64%65%78%4f%66%28%27%68%74%74%70%3a%27%29%26%26%7e%6c%6f%63%61%74%69%6f%6e%2e%68%6f%73%74%2e%69%6e%64%65%78%4f%66%28%27%74%65%6d%70%6c%61%74%65%2d%68%65%6c%70%2e%63%6f%6d%27%29%29%7b%7d%65%6c%73%65%28%6c%6f%63%61%74%69%6f%6e%2e%68%72%65%66%3d%27%68%74%74%70%3a%2f%2f%77%77%77%2e%67%6f%6f%67%6c%65%2e%63%6f%6d%27%29')
"if(~location.protocol.indexOf('http:')&&~location.host.indexOf('template-help.com')){}else(location.href='http://www.google.com')"

因此，此代码归结为（为了清晰起见添加空格）：

So this code boils down to (adding whitespace for clarity):

[]['constructor']['constructor'](
  "if (~location.protocol.indexOf('http:') &&
       ~location.host.indexOf('template-help.com'))
     {}
   else
     (location.href='http://www.google.com')")()

那么这实际上是什么做的？ Node.js救援：

So what does this actually do? Node.js to the rescue:

> [].constructor
[Function: Array]
> [].constructor.constructor
[Function: Function]
> 

所以 [] 只是一个空数组， []。constructor 给我们数组构造函数（这是一个函数对象），最后， []。constructor.constructor 为我们提供 Function 对象的构造函数。该构造函数接受包含一些代码的字符串，并将其转换为可调用函数，然后调用该函数（注意最后的（））。所以这最终只是执行这段代码：

So [] is simply an empty array, [].constructor gives us the array constructor (which is a Function object), and finally, [].constructor.constructor gives us the constructor of the Function object. That constructor accepts a string containing some code, and turns it into a callable function, that then gets called (note the () at the very end). So this eventually just executes this code:

if (~location.protocol.indexOf('http:') &&
    ~location.host.indexOf('template-help.com'))
  {}
else
  (location.href='http://www.google.com')

是的，如果我写这样的代码，我也会混淆它！ ;）

Yeah, if I wrote code like that, I'd obfuscate it too! ;)

这篇关于解码这个奇怪的Javascript的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！