我的网站中存在恶意 JavaScript 代码
我在我的网站源代码中找到了这段代码:
var _0xd28d=["\x5F\x30\x78\x33\x32\x6C\x73\x6A\x39","\x5F\x78\x6C\x74","\x5F\x78\x38\x66\x6B\x63\x33","\x66\x6C\x6F\x6F\x72","\x72\x61\x6E\x64\x6F\x6D","\x6C\x65\x6E\x67\x74\x68"];
var _0x9ae4=[_0xd28d[0],12,_0xd28d[1],_0xd28d[2],2,31,Math,_0xd28d[3]];
var _0xcd6e=[_0x9ae4[5],_0x9ae4[0],_0x9ae4[_0x9ae4[4]],_0x9ae4[3],4,_0xd28d[4]];
var _0xr6g0={};
_0xr6g0[_0xcd6e[2]]=0;
_0xr6g0[_0x9ae4[4]]=function (){
var _0x4c68x4={};
_0x4c68x4[_0xd28d[0]]=_0x9ae4[0];
do{
_0x4c68x4[_0x9ae4[0]]+=_0x4c68x4[_0xd28d[0]][_0x9ae4[6][_0x9ae4[7]](_0x9ae4[6][_0xcd6e[5]]()*_0x4c68x4[_0xd28d[0]][_0xd28d[5]])];
}while(_0x4c68x4[_0xd28d[0]][_0xd28d[5]]<_0xcd6e[0]);
_0x4c68x4[_0x4c68x4[_0x9ae4[0]]]=function (){
_0xr6g0[_0xcd6e[2]]++;
_0xr6g0[_0xcd6e[2]]%=_0x9ae4[1];
return _0x4c68x4[_0x4c68x4[_0x9ae4[0]]];
};
return _0x4c68x4[_0x4c68x4[_0xcd6e[1]]];
};
_0xr6g0[_0x9ae4[_0xcd6e[4]]]()()()()()()()()()()()()()()()();
我想知道,它是什么?它有什么作用?
I found this code in my website sourcecode:
var _0xd28d=["\x5F\x30\x78\x33\x32\x6C\x73\x6A\x39","\x5F\x78\x6C\x74","\x5F\x78\x38\x66\x6B\x63\x33","\x66\x6C\x6F\x6F\x72","\x72\x61\x6E\x64\x6F\x6D","\x6C\x65\x6E\x67\x74\x68"];
var _0x9ae4=[_0xd28d[0],12,_0xd28d[1],_0xd28d[2],2,31,Math,_0xd28d[3]];
var _0xcd6e=[_0x9ae4[5],_0x9ae4[0],_0x9ae4[_0x9ae4[4]],_0x9ae4[3],4,_0xd28d[4]];
var _0xr6g0={};
_0xr6g0[_0xcd6e[2]]=0;
_0xr6g0[_0x9ae4[4]]=function (){
var _0x4c68x4={};
_0x4c68x4[_0xd28d[0]]=_0x9ae4[0];
do{
_0x4c68x4[_0x9ae4[0]]+=_0x4c68x4[_0xd28d[0]][_0x9ae4[6][_0x9ae4[7]](_0x9ae4[6][_0xcd6e[5]]()*_0x4c68x4[_0xd28d[0]][_0xd28d[5]])];
}while(_0x4c68x4[_0xd28d[0]][_0xd28d[5]]<_0xcd6e[0]);
_0x4c68x4[_0x4c68x4[_0x9ae4[0]]]=function (){
_0xr6g0[_0xcd6e[2]]++;
_0xr6g0[_0xcd6e[2]]%=_0x9ae4[1];
return _0x4c68x4[_0x4c68x4[_0x9ae4[0]]];
};
return _0x4c68x4[_0x4c68x4[_0xcd6e[1]]];
};
_0xr6g0[_0x9ae4[_0xcd6e[4]]]()()()()()()()()()()()()()()()();
I was wondering, what is it? And What does it does?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
代码本身没有任何有用或危险的作用。
手动反混淆后:
看起来更像是让浏览器保持忙碌的无效尝试。但对于保持人们的好奇心非常有效。
更新:修复了反混淆。
By itself, the code does nothing useful nor dangerous.
After manually deobfuscating:
Looks like more an invalid attempt to keep the browser busy. But very valid to keep people curious.
UPDATE: fixed the deobfuscation.
前 5 行初始化变量。解密 \x 转义并索引到其他数组后,我们得到:
第 6-18 行创建一个函数(扩展数组索引后):
Javascript 允许 a['b'] 作为 ab 的替代语法,因此这相当于:
内部函数有一个随机生成的31个字符的名称,这并不重要,因此可以简化为:
最后一行调用
_0xr6g0[2]
16次,这是一种混淆方式写作的The first 5 lines initialize variables. After decrypting the \x escapes and indexing to other arrays, we get:
Lines 6-18 create a function (after expanding the array indexing):
Javascript allows a['b'] as an alternate syntax for a.b, so this is equivalent to:
The inner function has a randomly-generated 31-character name that doesn't matter, so it can be simplified to:
The last line calls
_0xr6g0[2]
16 times, and this is an obfuscated way of writing此代码中的十六进制正在创建一个包含文本“_0x32lsj9_xlt_x8fkc3floorrandomlength”的字符串,
其余部分正在解析该字符串以运行某种 JavaScript。
The hex in this code is creating a string with the text "_0x32lsj9_xlt_x8fkc3floorrandomlength"
The rest is parsing that to run some sort of javascript.