带有二进制值的混淆javascript代码？ [英] Obfuscated javascript code with binary values?

问题描述

此代码输出 D 。问题是如何？

This code outputs D. The question is HOW?

alert([][(![]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[!+[]+!+[]]]()[([][(![]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[!+[]+!+[]]]()+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(![]+[])[+!+[]]](+[]+[+[]])[+!+[]]);

我知道！[] 已被评估到 false 或 0 等等，但它是如何执行的？我怎样才能将此转换为人类可以理解的东西而不仅仅是Jon Skeet？

I understand that ![] is evaluated to false or 0 and so on, but how does it execute? And how can I convert this to something humans can understand and not only Jon Skeet?

有人可以破解这部分代码并解释我发生了什么吗？

Can someone break some piece of this code and explain me what's happening?

推荐答案

那么，评估部分中的表达式，最后它相当于：

Well, evaluating the expression in parts, at the end it is equivalent to:

[]['sort']['call']()["btoa"]("00")[1]; // "D"

可以简化为：

btoa("00")[1]; // "D"

如何解码？

只需检查所使用的运算符，例如，我们首先可以看到使用了数组文字，然后完成了几个<​​em>括号表示法属性访问，以及几个调用。

Simply examine the operators used, for example, we can see at first that an array literal is used, then several bracket notation property accesses are done, and a couple of invocations.

它是如何工作的？

诀窍是链接多种类型的转换，例如，获取 f 信：

The trick is to chain multiple type conversions, for example, to get the f letter:

(![]+[])[+[]]

如果我们检查第一部分，在括号中，！[ ] + [] ，我们看到一个布尔否定，它将返回 false ，因为数组对象总是真实的，然后是连接。

If we examine the first part, in parentheses, ![]+[], we see a boolean negation, which will return false because an array object is always truthy, and then a concatenation.

产生字符串false，然后，第二部分，我们看到了括号应用于该字符串，访问字符和表达式 + [] ，结果为 0 。

That produces the string "false", then, the second part, we see a brackets applied to that string, to access a character, and the expression +[], which results in 0.

+ [] 给出零，因为数组s toString 方法返回一个空字符串，对于一个像这样的空数组，空字符串在转换为数字时生成为零（一元 + 运算符。）

+[] gives zero because the Array's toString method returns an empty string, for an empty array like that one, and an empty string produces to zero when it is converted to number (the unary + operator in this example).

只有这样的技巧，产生字符串的东西，例如 true，false，null，undefined等...以及更多数字来获取数字。

There are just tricks like that, things that produce a string, such "true", "false", "null", "undefined", etc... and more tricks to get the numerically.

例如获取数字 - 访问角色 - ，他们再次使用神秘的类型转换：

For example to get a number -to access a character-, they use again cryptic type conversion:

+[];            // 0, equivalent to +""
+!+[];          // 1, equivalent to +true
!+[]+!+[];      // 2, equivalent to +true+true
!+[]+!+[]+!+[]; // 3, equivalent to +true+true+true

这篇关于带有二进制值的混淆javascript代码？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！