如何解码这个JavaScript？ [英] How to decode this javascript?

问题描述

我的问题是我如何解码这个JavaScript以及如何编码（使用哪个程序或在线工具）。

My question is how can I decode this JavaScript and how is encoded (with which program or online tool).

这是我要解码的JavaScript：
http://pastebin.com/hZvKySjj

Here is the JavaScript that I want to decode: http://pastebin.com/hZvKySjj

推荐答案

每个混淆的脚本都需要某种 eval 。在这里，行

Every obfuscated script needs some kind of eval. In here, the lines

_L = 'constr\x75\x63\x74\x6F\x72';
[][_L][_L](_Z[_h._t4](_F))();

正在这样做。 _L 是字符串构造函数，以及 []。constructor.constructor 是 Function 构造函数。它将使用已解码的脚本调用，并将调用生成的函数。我们可以用 alert 替换它，将脚本粘贴到控制台*中，然后等待结果 - 我们甚至不需要了解解码的工作原理。在您的情况下，结果是（是的，包括所有评论和换行符）：

are doing this. _L is the string "constructor", and [].constructor.constructor is the Function constructor. It will be called with the decoded script, and the resulting function will be called. We can substitute it with an alert, paste the script in the console*, and wait for the result - we don't even need to understand how the decoding works. In your case, the result is (yes, including all the comments and linebreaks):

var alarm ="0";
var content = document;

if ((content.getElementById("wrapper") != null))
{
    document.getElementById('wrapper').style.display = 'block';
}

function a ()
{
    if ((content.getElementById("links") != null))
    {
        var temp = content.getElementById("links").innerHTML;
        if ((temp.indexOf('nofollow')+1) > 0)  alarm = "1";
        else if ((temp.indexOf('noindex')+1) > 0)  alarm = "1";
    }
    else alarm = "1";
}

function b ()
{
    if ((content.getElementById("aa") != null) && (content.getElementById("ab") != null))
    {
        temp = document.getElementById("aa").href;
        if ("http://uc-portaller.ru/" != temp) alarm = "1";

        temp = document.getElementById("ab").innerHTML;
        if ("скрипты для ucoz" != temp) alarm = "1";
    }
    else alarm = "1";
}

function c ()
{
    if ((content.getElementById("ba") != null) && (content.getElementById("bb") != null))
    {

        temp = content.getElementById("ba").href;
        if ("http://austere.ru/" != temp) alarm = "1";

        temp = content.getElementById("bb").innerHTML;
        if ("доска объявлений" != temp) alarm = "1";
    }
    else alarm = "1";
}

function d ()
{
    if ((content.getElementById("ca") != null) && (content.getElementById("cb") != null))
    {

        temp = content.getElementById("ca").href;
        if ("http://www.for-creative.com/" != temp) alarm = "1";

        temp = content.getElementById("cb").innerHTML;
        if ("темы для ucoz" != temp) alarm = "1";
    }
    else alarm = "1";
}

a ();

if (alarm == "0") b ();
if (alarm == "0") c ();
if (alarm == "0") d ();

if (alarm == "1") prompt('Нарушены условия использования, по всем вопросам обращайтесь в ICQ:', '376880395');












$(document).ready(function(){

    //When you click on a link with class of poplight and the href starts with a # 
    $('a.poplight[href^=#]').click(function() {
        var popID = $(this).attr('rel'); //Get Popup Name
        var popURL = $(this).attr('href'); //Get Popup href to define size

        //Pull Query & Variables from href URL
        var query= popURL.split('?');
        var dim= query[1].split('&');
        var popWidth = dim[0].split('=')[1]; //Gets the first query string value

        //Fade in the Popup and add close button
        $('#' + popID).fadeIn().css({ 'width': Number( popWidth ) }).prepend('');

        //Define margin for center alignment (vertical + horizontal) - we add 80 to the height/width to accomodate for the padding + border width defined in the css
        var popMargTop = ($('#' + popID).height() + 80) / 2;
        var popMargLeft = ($('#' + popID).width() + 80) / 2;

        //Apply Margin to Popup
        $('#' + popID).css({ 
            'margin-top' : -popMargTop,
            'margin-left' : -popMargLeft
        });

        //Fade in Background
        $('body').append('<div id="fade"></div>'); //Add the fade layer to bottom of the body tag.
        $('#fade').css({'filter' : 'alpha(opacity=0)'}).fadeIn(); //Fade in the fade layer 

        return false;
    });


    //Close Popups and Fade Layer
    $('a.close, #fade').live('click', function() { //When clicking on the close or fade layer...
        $('#fade , .popup_block').fadeOut(function() {
            $('#fade, a.close').remove();  
    }); //fade them both out

        return false;
    });


});




        $.fn.tabs = function () {
            return this.each(function () {
               var $tabwrapper = $(this); 

               var $panels = $tabwrapper.find('> div');
               var $tabs = $tabwrapper.find('> ul a');

               $tabs.click(function () {  
                   $tabs.removeClass('selected');
                   $(this).addClass('selected');

                   $panels
                    .hide() // hide ALL the panels
                    .filter(this.hash) // filter down to 'this.hash'
                        .show(); // show only this one

                   return false;
               }).filter(window.location.hash ? '[hash=' + window.location.hash + ']' : ':first').click();
            });
        };

        $(document).ready(function () {
            // console.log(window.location.hash);

            $('div.tabs').tabs();
        });

_{*）当然，您需要确定自己在做什么。这是一个很小的风险，它是一个恶意脚本，你可能还没有找到所有 eval 。 @jfriend00逐行执行解码片段的提示是一种更安全的方式。}

_{*) Of course you need to be sure what you're doing. There's always a small risk that it's a malicious script, and you might have not found all evals. @jfriend00's tip on executing the decoding snippets line-by-line is a safer way.}

这篇关于如何解码这个JavaScript？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！