如何“解码” HTML 中有些混淆的 JavaScript?
下面是一个例子:
eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('4.h={H:9(d){T 7.F(9(){g 1=7;1.3={8:4(d.8,7),i:4(d.i,7),m:4.z.J(7),5:d.5,t:d.t,j:d.j,K:d.K,b:d.b,A:d.A};4.h.s(1,0);4(S).v(\'W\',9(){1.3.m=4.z.J(1);4.h.s(1,0);4.h.E(1)});4.h.E(1);1.3.8.v(\'O\',9(){4(1.3.t,7).l(0).a.I=\'P\'}).v(\'R\',9(){4(1.3.t,7).l(0).a.I=\'11\'});4(Z).v(\'10\',9(e){g p=4.z.Y(e);g c=0;k(1.3.b&&1.3.b==\'L\')g r=p.x-1.3.m.x-(1.w-1.3.5*1.3.8.n())/2-1.3.5/2;u k(1.3.b&&1.3.b==\'N\')g r=p.x-1.3.m.x-1.w+1.3.5*1.3.8.n();u g r=p.x-1.3.m.x;g M=B.G(p.y-1.3.m.y-1.X/2,2);1.3.8.F(9(q){6=B.Q(B.G(r-q*1.3.5,2)+M);6-=1.3.5/2;6=6<0?0:6;6=6>1.3.j?1.3.j:6;6=1.3.j-6;C=1.3.A*6/1.3.j;7.a.D=1.3.5+C+\'f\';7.a.o=1.3.5*q+c+\'f\';c+=C});4.h.s(1,c)})})},s:9(1,c){k(1.3.b)k(1.3.b==\'L\')1.3.i.l(0).a.o=(1.w-1.3.5*1.3.8.n())/2-c/2+\'f\';u k(1.3.b==\'o\')1.3.i.l(0).a.o=-c/1.3.8.n()+\'f\';u k(1.3.b==\'N\')1.3.i.l(0).a.o=(1.w-1.3.5*1.3.8.n())-c/2+\'f\';1.3.i.l(0).a.D=1.3.5*1.3.8.n()+c+\'f\'},E:9(1){1.3.8.F(9(q){7.a.D=1.3.5+\'f\';7.a.o=1.3.5*q+\'f\'})}};4.V.U=4.h.H;',62,64,'|el||fisheyeCfg|jQuery|itemWidth|distance|this|items|function|style|halign|toAdd|options||px|var|iFisheye|container|proximity|if|get|pos|size|left|pointer|nr|posx|positionContainer|itemsText|else|bind|offsetWidth|||iUtil|maxWidth|Math|extraWidth|width|positionItems|each|pow|build|display|getPosition|valign|center|posy|right|mouseover|block|sqrt|mouseout|window|return|Fisheye|fn|resize|offsetHeight|getPointer|document|mousemove|none'.split('|'),0,{}))
显然,这段代码是故意编写的,目的是为了迷惑其他人。我如何理解它并用简单的代码重写它?
有一些工具可以完成这项工作吗?这在 HTML 中很常见。
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
这不是“加密”,只是混淆了。
是的,有可以提供帮助的工具,但它不是这不是一个完美的过程。所有原始变量名称和注释以及其他内容都消失了,因此工具无法真正将这些内容添加回来。您必须自己弄清楚详细信息,但工具可以使其变得更容易。
This is not "encrypted", it is just obfuscated.
Yes, there are tools available to help, but it isn't a perfect process. All of the original variable names and comments and what not are gone, so a tool can't really add that stuff back in. You have to figure out the details yourself, but a tool can make it easier.
我希望人们停止这样做。没有办法“加密”JavaScript。这是徒劳的练习(缩小是好的,但混淆是坏的且无用的)
话虽如此,请尝试使用 JSBeautifier。它给了我以下结果:
其他链接(从同一页面提升):
与 firebug、Safari 一起使用
I wish people would stop doing that. There's just no way to "encrypt" JavaScript. It's an exercise in futility (minification is good, but obfuscation is bad and useless)
That being said, try using JSBeautifier. It gives me the following result:
Other links (lifted from the very same page):
to be used together with the firebug,
使用此问题中提到的解包器之一:
您可以将打包的 javascript 解压为以下代码:
Using one of the unpackers mentioned on this question:
you can unpack the packed javascript to the following code:
在这种情况下,您可以在这里获取原始来源:http://interface.eyecon.ro/download 。它并不是真正的“混淆”,因为目标并不是真正的混淆;相反,目标是“压缩”(缩小),而实现这一目标的工具是压缩器/混淆器。
(当然,其他人提到的工具在这里是必不可少的。我使用jsbeautifier.org发现整个事情都是对
jQuery.iFisheye
的赋值,然后它告诉我要Google什么才能找到多于。)In this case, you can get the original source here: http://interface.eyecon.ro/download. It's not really "obfuscated", in that the goal wasn't really obfuscation; rather, the goal was "compression" (minification), and the tool for that was a compressor/obfuscator.
(Of course, the tools that everyone else mentions are indispensable here. I used jsbeautifier.org to find that the whole thing is an assignment to
jQuery.iFisheye
, which then told me what to Google to find the above.)