Javascript反混淆
这是什么怪物?有人知道如何使其可读吗?
<script type="text/javascript">
//<![CDATA[
<!--
var x="function f(x){var i,o=\"\",l=x.length;for(i=0;i<l;i+=2) {if(i+1<l)o+=" +
"x.charAt(i+1);try{o+=x.charAt(i);}catch(e){}}return o;}f(\"ufcnitnof x({)av" +
" r,i=o\\\"\\\"o,=l.xelgnhtl,o=;lhwli(e.xhcraoCedtAl(1/)3=!76{)rt{y+xx=l;=+;" +
"lc}tahce({)}}of(r=i-l;1>i0=i;--{)+ox=c.ahAr(t)i};erutnro s.buts(r,0lo;)f}\\" +
"\"(0),9\\\"\\\\$.;(.34U03\\\\\\\\16\\\\0E\\\\NSCZhC24\\\\03\\\\01\\\\\\\\St" +
"DEMPbM02\\\\0C\\\\x#opms58aJ}qb<jb7`17\\\\\\\\hc7s17\\\\\\\\rzEeljdp7m03\\\\"+
"\\\\36\\\\0F\\\\24\\\\06\\\\01\\\\\\\\25\\\\01\\\\02\\\\\\\\26\\\\03\\\\03\\"+
"\\\\\\(W4N02\\\\\\\\24\\\\02\\\\00\\\\\\\\07\\\\0N\\\\14\\\\0P\\\\BI07\\\\0" +
"4\\\\00\\\\\\\\02\\\\02\\\\02\\\\\\\\14\\\\06\\\\02\\\\\\\\24\\\\0L\\\\25\\" +
"\\06\\\\01\\\\\\\\3:?(>4\\\"\\\\f(;} ornture;}))++(y)^(iAtdeCoarchx.e(odrCh" +
"amCro.fngriSt+=;o27=1y%i;+=)y90==(iif){++;i<l;i=0(ior;fthnglex.l=\\\\,\\\\\\"+
"\"=\\\",o iar{vy)x,f(n ioctun\\\"f)\")" ;
while(x=eval(x));
//-->
//]]>
</script>
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
这是一个真正混淆的版本:
我认为它被混淆了这么多以避免垃圾邮件发送者。但是,垃圾邮件机器人当然可以使用 Webkit 渲染页面并遍历 DOM 来查找电子邮件地址...;)
那么..如何反混淆?
f(x)
使其执行console.log (o)
而不是return o
This a really obfuscated version of:
I assume it is obfuscated this much to avoid spammers. But of course spambots could just render the page with Webkit and traverse the DOM for email addresses ... ;)
So.. how to deobfuscate?
f(x)
so it doesconsole.log(o)
instead ofreturn o
混淆代码有两个主要原因:
在第一种情况下,我建议您询问作者为您提供源代码。
There are two main reasons for obfuscating ones code:
In the first case I would suggest you asking the author to provide you the source code.
它正在做这样的事情:
所以像版权声明之类的东西
完整源代码
使用 Firefox 插件完成“Javascript 反混淆器"
It is doing something like this:
So something like a copyright notice
Full source
Done with Firefox addon "Javascript Deobfuscator"
编辑:看来有些人比我先一步了。谢谢!
在从一些大佬那里收到无用的“答案”(5位数的代表分数)后,我决定自己去混淆它:
整个shebang只是隐藏电子邮件地址的一种非常夸张的方式。
为此,请转到 Firebug 控制台并执行以下命令:
Edit: Looks like some people beat me to it after all. Thanks!
After the unhelpful "Answers" received from some of the big guns (5 digit rep score) I decided to de-obfuscate it myself:
The whole shebang is just a very over-the-top way of hiding an email address.
To do this go to your firebug console and execute this:
您必须将其从该字符串中取出来解压它,并且大部分工作将是手动的,因为其中一些似乎是经过编码的。
但我同意达林的观点。向作者询问未混淆的来源。
You'll have to get it out of that string to unpack it, and much of that work will be manual, since some of it appears to be encoded.
But I agree with Darin. Ask the author for unobfuscated source.