有 这个 和 这个,它们都生成完全不可读的代码,其中一个比另一个更可爱。
现在,我不是 Javascript 专家,但我不明白
゚ω゚ノ= /`m´)ノ ~┻━┻ //*´∇`*/ ['_']; o=(゚ー゚) =_=3; c=(゚Θ゚) =(゚ー゚)-(゚ー゚); (゚Д゚) =(゚Θ゚)= (o^_^o)/ (o^_^o);(゚Д゚)={゚Θ゚: '_' ,゚ω゚ノ : ((゚ω゚ノ==3) +'_') [゚Θ゚] ,゚ー゚ノ :(゚ω゚ノ+ '_')[o^_^o -(゚Θ゚)] ,゚Д゚ノ:((゚ー゚==3) +'_')[゚ー゚] }; (゚Д゚) [゚Θ゚] =((゚ω゚ノ==3) +'_') [c^_^o];(゚Д゚) ['c'] = ((゚Д゚)+'_') [ (゚ー゚)+(゚ー゚)-(゚Θ゚) ];(゚Д゚) ['o'] = ((゚Д゚)+'_') [゚Θ゚];(゚o゚)=(゚Д゚) ['c']+(゚Д゚) ['o']+(゚ω゚ノ +'_')[゚Θ゚]+ ((゚ω゚ノ==3) +'_') [゚ー゚] + ((゚Д゚) +'_') [(゚ー゚)+(゚ー゚)]+ ((゚ー゚==3) +'_') [゚Θ゚]+((゚ー゚==3) +'_') [(゚ー゚) - (゚Θ゚)]+(゚Д゚) ['c']+((゚Д゚)+'_') [(゚ー゚)+(゚ー゚)]+ (゚Д゚) ['o']+((゚ー゚==3) +'_') [゚Θ゚];(゚Д゚) ['_'] =(o^_^o) [゚o゚] [゚o゚];(゚ε゚)=((゚ー゚==3) +'_') [゚Θ゚]+ (゚Д゚) .゚Д゚ノ+((゚Д゚)+'_') [(゚ー゚) + (゚ー゚)]+((゚ー゚==3) +'_') [o^_^o -゚Θ゚]+((゚ー゚==3) +'_') [゚Θ゚]+ (゚ω゚ノ +'_') [゚Θ゚]; (゚ー゚)+=(゚Θ゚); (゚Д゚)[゚ε゚]='\\'; (゚Д゚).゚Θ゚ノ=(゚Д゚+ ゚ー゚)[o^_^o -(゚Θ゚)];(o゚ー゚o)=(゚ω゚ノ +'_')[c^_^o];(゚Д゚) [゚o゚]='\"';(゚Д゚) ['_'] ( (゚Д゚) ['_'] (゚ε゚+(゚Д゚)[゚o゚]+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ (゚ー゚)+ (゚Θ゚)+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ ((゚ー゚) + (゚Θ゚))+ (゚ー゚)+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ (゚ー゚)+ ((゚ー゚) + (゚Θ゚))+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ ((o^_^o) +(o^_^o))+ ((o^_^o) - (゚Θ゚))+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ ((o^_^o) +(o^_^o))+ (゚ー゚)+ (゚Д゚)[゚ε゚]+((゚ー゚) + (゚Θ゚))+ (c^_^o)+ (゚Д゚)[゚ε゚]+(゚ー゚)+ ((o^_^o) - (゚Θ゚))+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ ((o^_^o) - (゚Θ゚))+ (o^_^o)+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ ((o^_^o) +(o^_^o))+ (゚ー゚)+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ (゚ー゚)+ (゚Θ゚)+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ (゚ー゚)+ (o^_^o)+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ ((゚ー゚) + (゚Θ゚))+ (o^_^o)+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ (゚Θ゚)+ ((゚ー゚) + (o^_^o))+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ ((o^_^o) +(o^_^o))+ ((o^_^o) +(o^_^o))+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ (゚ー゚)+ ((゚ー゚) + (゚Θ゚))+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ ((o^_^o) +(o^_^o))+ ((o^_^o) - (゚Θ゚))+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ (゚ー゚)+ ((o^_^o) +(o^_^o))+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ ((゚ー゚) + (゚Θ゚))+ (゚ー゚)+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ ((゚ー゚) + (゚Θ゚))+ ((゚ー゚) + (o^_^o))+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ ((o^_^o) +(o^_^o))+ ((゚ー゚) + (o^_^o))+ (゚Д゚)[゚ε゚]+(゚ー゚)+ ((o^_^o) - (゚Θ゚))+ (゚Д゚)[゚ε゚]+((゚ー゚) + (゚Θ゚))+ (゚Θ゚)+ (゚Д゚)[゚o゚]) (゚Θ゚)) ('_');
并且
$=~[];$={___:++$,$$$$:(![]+"")[$],__$:++$,$_$_:(![]+"")[$],_$_:++$,$_$$:({}+"")[$],$$_$:($[$]+"")[$],_$$:++$,$$$_:(!""+"")[$],$__:++$,$_$:++$,$$__:({}+"")[$],$$_:++$,$$$:++$,$___:++$,$__$:++$};$.$_=($.$_=$+"")[$.$_$]+($._$=$.$_[$.__$])+($.$$=($.$+"")[$.__$])+((!$)+"")[$._$$]+($.__=$.$_[$.$$_])+($.$=(!""+"")[$.__$])+($._=(!""+"")[$._$_])+$.$_[$.$_$]+$.__+$._$+$.$;$.$$=$.$+(!""+"")[$._$$]+$.__+$._+$.$+$.$$;$.$=($.___)[$.$_][$.$_];$.$($.$($.$$+"\""+$.$_$_+(![]+"")[$._$_]+$.$$$_+"\\"+$.__$+$.$$_+$._$_+$.__+"(\\\"\\"+$.__$+$._$_+$._$$+$.__+$.$_$_+$.$$__+"\\"+$.__$+$.$_$+$._$$+"\\"+$.__$+$.__$+$.$$$+"\\"+$.__$+$.$$_+$.$$_+$.$$$_+"\\"+$.__$+$.$$_+$._$_+$.$$$$+(![]+"")[$._$_]+$._$+"\\"+$.__$+$.$$_+$.$$$+"\\\")"+"\"")())();
javascript 是如何按预期执行的, 是实际有效的。说真的,运行它们。它们都是alert("StackOverflow")。我可以理解混淆一些逻辑或字符串混淆,但没有可见的控制语句。这个混淆器是否以不得命名的语言的风格施展了一些魔法?我对我的代码看起来也很满意,但我完全不理解它背后的魔力。
我尝试过浏览这两个页面的源代码,它们对我来说和它们生成的代码一样令人困惑。
这是如何运作的?
There's this one and this one and they both generate completely unreadable code, one being more adorable than the other.
Now, I'm no expert in Javascript, but I fail to see how
゚ω゚ノ= /`m´)ノ ~┻━┻ //*´∇`*/ ['_']; o=(゚ー゚) =_=3; c=(゚Θ゚) =(゚ー゚)-(゚ー゚); (゚Д゚) =(゚Θ゚)= (o^_^o)/ (o^_^o);(゚Д゚)={゚Θ゚: '_' ,゚ω゚ノ : ((゚ω゚ノ==3) +'_') [゚Θ゚] ,゚ー゚ノ :(゚ω゚ノ+ '_')[o^_^o -(゚Θ゚)] ,゚Д゚ノ:((゚ー゚==3) +'_')[゚ー゚] }; (゚Д゚) [゚Θ゚] =((゚ω゚ノ==3) +'_') [c^_^o];(゚Д゚) ['c'] = ((゚Д゚)+'_') [ (゚ー゚)+(゚ー゚)-(゚Θ゚) ];(゚Д゚) ['o'] = ((゚Д゚)+'_') [゚Θ゚];(゚o゚)=(゚Д゚) ['c']+(゚Д゚) ['o']+(゚ω゚ノ +'_')[゚Θ゚]+ ((゚ω゚ノ==3) +'_') [゚ー゚] + ((゚Д゚) +'_') [(゚ー゚)+(゚ー゚)]+ ((゚ー゚==3) +'_') [゚Θ゚]+((゚ー゚==3) +'_') [(゚ー゚) - (゚Θ゚)]+(゚Д゚) ['c']+((゚Д゚)+'_') [(゚ー゚)+(゚ー゚)]+ (゚Д゚) ['o']+((゚ー゚==3) +'_') [゚Θ゚];(゚Д゚) ['_'] =(o^_^o) [゚o゚] [゚o゚];(゚ε゚)=((゚ー゚==3) +'_') [゚Θ゚]+ (゚Д゚) .゚Д゚ノ+((゚Д゚)+'_') [(゚ー゚) + (゚ー゚)]+((゚ー゚==3) +'_') [o^_^o -゚Θ゚]+((゚ー゚==3) +'_') [゚Θ゚]+ (゚ω゚ノ +'_') [゚Θ゚]; (゚ー゚)+=(゚Θ゚); (゚Д゚)[゚ε゚]='\\'; (゚Д゚).゚Θ゚ノ=(゚Д゚+ ゚ー゚)[o^_^o -(゚Θ゚)];(o゚ー゚o)=(゚ω゚ノ +'_')[c^_^o];(゚Д゚) [゚o゚]='\"';(゚Д゚) ['_'] ( (゚Д゚) ['_'] (゚ε゚+(゚Д゚)[゚o゚]+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ (゚ー゚)+ (゚Θ゚)+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ ((゚ー゚) + (゚Θ゚))+ (゚ー゚)+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ (゚ー゚)+ ((゚ー゚) + (゚Θ゚))+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ ((o^_^o) +(o^_^o))+ ((o^_^o) - (゚Θ゚))+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ ((o^_^o) +(o^_^o))+ (゚ー゚)+ (゚Д゚)[゚ε゚]+((゚ー゚) + (゚Θ゚))+ (c^_^o)+ (゚Д゚)[゚ε゚]+(゚ー゚)+ ((o^_^o) - (゚Θ゚))+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ ((o^_^o) - (゚Θ゚))+ (o^_^o)+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ ((o^_^o) +(o^_^o))+ (゚ー゚)+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ (゚ー゚)+ (゚Θ゚)+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ (゚ー゚)+ (o^_^o)+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ ((゚ー゚) + (゚Θ゚))+ (o^_^o)+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ (゚Θ゚)+ ((゚ー゚) + (o^_^o))+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ ((o^_^o) +(o^_^o))+ ((o^_^o) +(o^_^o))+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ (゚ー゚)+ ((゚ー゚) + (゚Θ゚))+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ ((o^_^o) +(o^_^o))+ ((o^_^o) - (゚Θ゚))+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ (゚ー゚)+ ((o^_^o) +(o^_^o))+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ ((゚ー゚) + (゚Θ゚))+ (゚ー゚)+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ ((゚ー゚) + (゚Θ゚))+ ((゚ー゚) + (o^_^o))+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ ((o^_^o) +(o^_^o))+ ((゚ー゚) + (o^_^o))+ (゚Д゚)[゚ε゚]+(゚ー゚)+ ((o^_^o) - (゚Θ゚))+ (゚Д゚)[゚ε゚]+((゚ー゚) + (゚Θ゚))+ (゚Θ゚)+ (゚Д゚)[゚o゚]) (゚Θ゚)) ('_');
and
$=~[];$={___:++$,$$:(![]+"")[$],__$:++$,$_$_:(![]+"")[$],_$_:++$,$_$:({}+"")[$],$_$:($[$]+"")[$],_$:++$,$$_:(!""+"")[$],$__:++$,$_$:++$,$__:({}+"")[$],$_:++$,$$:++$,$___:++$,$__$:++$};$.$_=($.$_=$+"")[$.$_$]+($._$=$.$_[$.__$])+($.$=($.$+"")[$.__$])+((!$)+"")[$._$]+($.__=$.$_[$.$_])+($.$=(!""+"")[$.__$])+($._=(!""+"")[$._$_])+$.$_[$.$_$]+$.__+$._$+$.$;$.$=$.$+(!""+"")[$._$]+$.__+$._+$.$+$.$;$.$=($.___)[$.$_][$.$_];$.$($.$($.$+"\""+$.$_$_+(![]+"")[$._$_]+$.$$_+"\\"+$.__$+$.$_+$._$_+$.__+"(\\\"\\"+$.__$+$._$_+$._$+$.__+$.$_$_+$.$__+"\\"+$.__$+$.$_$+$._$+"\\"+$.__$+$.__$+$.$$+"\\"+$.__$+$.$_+$.$_+$.$$_+"\\"+$.__$+$.$_+$._$_+$.$$+(![]+"")[$._$_]+$._$+"\\"+$.__$+$.$_+$.$$+"\\\")"+"\"")())();
are actual valid javascript that do as expected. Seriously, run them. They're both alert("StackOverflow"). I could understand obfuscating some logic or string obfuscation, but there's no visible control statements. Is this obfuscator pulling some magic in the style of The Language Which Shall Not Be Named? I'm happy with my code looking happy too, but I'm completely not understanding the magic behind it.
I've tried picking through the sourcecode of both pages, and they're as confusing for me as the code they generate.
How does this work?
发布评论
评论(4)
多有趣啊!这是我的尝试。基本上这里发生的事情是一堆数字和字符串被分配给变量。这些变量被连接起来形成一个编码字符串。该编码字符串被解码以形成 JavaScript 代码字符串。该代码被设置为函数体,然后执行。
让我们逐行来看:
第 1 行:
゚ω゚ノ- 全局变量/`m´)ノ ~┻⁄┻ /- 正则表达式/*´∇`*/- 多行注释['_']- 获取正则表达式的属性_。由于 RegExp 没有
_属性,因此变量゚ω゚ノ包含值undefined。第 2 行:
定义变量
o、゚ー゚和_,并将它们的每个值设置为<代码>3。第 3 行:
定义变量
c和゚θ゚并将其值设置为0。 (゚ー゚为3,因此(゚ー゚) - (゚ー゚)与゚ー゚ 相同- ゚ー゚与3 - 3相同,现在c和。゚θ゚都包含1;第4行:
定义变量
゚Д゚并重新定义变量>゚θ゚。^是 按位异或运算符和o和_都是3。o ^ _ ^ o与3 ^ 3 ^ 3相同。3 ^ 3为0,3 ^ 0为3。那么
3 / 3就是1。゚Д゚和゚Θ゚现在都包含1。第5行:
带有换行和缩进:
将
゚Д゚重新定义为对象文字,具有属性゚Θ゚、゚ω゚ノ、゚ー゚ノ和゚Д゚ノ。゚Д゚.゚θ゚是“_”。゚Д゚.゚ω゚ノ是((undefined == 3) + "_")[1],即"false_"[1]< /code> 是
“a”。゚Д゚.゚ー゚ノ是(undefined + "_")[3 ^ 3 ^ 3 - 1]也就是"undefined_"[2]是“d”。゚Д゚.゚Д゚ノ是((3 == 3) + "_")[3],即"true_"[3]< /code> 是“u”。第 6 行:
等同于:
等同于:
所以
゚Д゚.゚θ゚是"a"。第 7 - 16 行:
继续,将字符串和数字分配给变量和对象属性。直到最后一行:
第 17 行:
此时,我们有以下变量:
该行主要是一个大字符串连接。我们可以通过删除不必要的括号并添加换行符来使其稍微更具可读性:
该连接字符串的值为:
因此,用文字替换所有变量,我们最终得到以下 JavaScript在最后一行执行:
打破该行,在中间我们看到连接的字符串被传递给
Function构造函数,使该字符串成为函数体:因此,该字符串被评估为 JavaScript,并且这
Function构造函数返回此函数:该函数立即执行:
并返回字符串:
嘿,这看起来像 JavaScript!但现在还没有。它只是一个字符串。但是该字符串被传递给另一个
Function构造函数,为我们提供了一个将字符串作为 JavaScript 执行的函数:这与以下内容相同:
该函数立即执行:
最终调用我们未混淆的代码。
What fun! Here's my go at it. Basically what is happening here is a bunch of numbers and strings are being assigned to variables. Those variables are being concatenated to form an encoded string. That encoded string is decoded to form a string of JavaScript code. That code is set as the body of a function, which is then executed.
Let's take it line by line:
Line 1:
゚ω゚ノ- a global variable/`m´)ノ ~┻━┻ /- a regular expression/*´∇`*/- a multi-line comment['_']- get the property_of the regular expression.Since a RegExp does not have a
_property, the variable゚ω゚ノcontains the valueundefined.Line 2:
Define the variables
o,゚ー゚, and_, and set each of their values to3.Line 3:
Define the variables
cand゚Θ゚and set their values to0. (゚ー゚is3, so(゚ー゚) - (゚ー゚)is the same as゚ー゚ - ゚ー゚is the same as3 - 3. Nowcand゚Θ゚both contain1;Line 4:
Define the variable
゚Д゚and redefine the variable゚Θ゚.^is the bitwise XOR operator andoand_are both3.o ^ _ ^ ois the same as3 ^ 3 ^ 3.3 ^ 3is0,3 ^ 0is3.Then
3 / 3is1.゚Д゚and゚Θ゚both now contain1.Line 5:
With line breaks and indentation:
Redefine
゚Д゚as an object literal, with properties゚Θ゚,゚ω゚ノ,゚ー゚ノ, and゚Д゚ノ.゚Д゚.゚Θ゚is "_".゚Д゚.゚ω゚ノis((undefined == 3) + "_")[1]which is"false_"[1]which is"a".゚Д゚.゚ー゚ノis(undefined + "_")[3 ^ 3 ^ 3 - 1]which is"undefined_"[2]which is"d".゚Д゚.゚Д゚ノis((3 == 3) + "_")[3]which is"true_"[3]which is"u".Line 6:
Is the same as:
Which is the same as:
So
゚Д゚.゚Θ゚is"a".Lines 7 - 16:
And so it continues, assigning strings and numbers to variables and object properties. Until the last line:
Line 17:
By this time, we have the following variables:
That line is mostly one big string concatenation. We can make it slightly more readable by removing the unnecessary parentheses and adding line breaks:
The value of that concatenated string is:
So, replacing all the variables with literals, we end up with the following JavaScript which gets executed on that last line:
Breaking that line down, in the middle we see the concatenated string is passed to a
Functionconstructor, making the string the function body:So, that string is evaluated as JavaScript, and the
Functionconstructor returns this function:That function is immediately executed:
And returns the string:
Hey, that looks like JavaScript! But it's not yet. It's just a string. But that string is passed to another
Functionconstructor, giving us a function that executes the string as JavaScript:That is the same as:
That function is immediately executed:
And our unobfuscated code is finally called.
作为我今天的 javascript 练习,逐行分解。请注意,我用
alert("Hello")am not i am 生成了我的,它非常准确,它创建了一个字符串,然后调用它。
编辑 - 我没有时间解码其他版本,但我想象它会做类似的事情,但使用非拉丁字符。
As my javascript excerise of the day, a line by line break down. Note I generated mine with
alert("Hello")am not i am is pretty much spot on, it creates a string and then invokes it.
Edit – and I don't have time to decode the other version, but I imagine its doing something similar, but with non latin characters.
在控制台中键入
$(运行代码后),然后展开该对象。然后您可以更轻松地对其进行分析。他们使用偷偷摸摸的方式获取足够的单词/字符,并在 $ 对象中引用它们,然后使用他们构建程序并可能在
Function(...)()调用中进行eval。所以它应该归结为......
或类似的东西。
开始展开它,...
然后...
...呃,失去了兴趣。
Type
$into the console (after running the code), and expand the object. You can then more easily analyze it.They're grabbing enough words/characters using sneaky means, and referencing them in the $ object, then using them to build the program and
evaling likely in aFunction(...)()call.So it should boil down to...
...or something similar.
Beginning to unwind it, ...
Then...
...eh, lost interest.
由于所有其他答案都只是对您给出的代码的分析,因此我将扩展您如何自己生成这些代码(无需工具)。我相信这会让您更好地了解它的工作原理。
大多数混淆都是基于 JavaScript 的一些特性/原理。第一个是变量名可以使用Unicode字母(卢,Ll,Lt,Lm, Lo,Nl )和 Unicode 数字 (Nd )。在您给出的第一个示例中,字符可能看起来像符号,但它们是 Unicode 字母或 Unicode 数字。
第二个是在 JavaScript 中添加一个空字符串会将其转换为字符串。如果您还利用了 JavaScript 中字符串是类似数组的结构这一事实,您可以轻松地制作如下内容:
(false+"")[0],也可以写成( !1+"")[0]。从那时起,您可以逐个字母地编写自己的字符串。第三个是每个对象属性都可以使用
[]表示法访问。例如:window["alert"]("test")与window.alert("test")相同。如果你将它与上一段结合起来,我想你可以很容易地看到它的发展方向。我们唯一缺少的就是对
window或Function的引用。其他答案已经为您提供了一种访问Function的方法,可以像eval一样使用。为了让window变得强大,最简单的方法是通过Array.concat来泄漏它:一旦你有了
window,你可以使用 < code>window["eval"] 或直接调用window["alert"]。这就是如何实际进行此类混淆的基础。其余的只是前面几点的变体。如果您需要更多信息,我写了几篇关于此的博客文章,您可以在这里找到它们:http://holyvier.blogspot.com/2011/10/javascript-obfuscation-introduction.html
Since every other answer are only analyses of the code you have given, I will expand on how you can generate those by yourself (without tools). I believe this will give you a better overview of how it works.
Most of these obfuscation are based on few features/principles of JavaScript. The first one is that the variable name can use Unicode Letter (Lu, Ll, Lt, Lm, Lo, Nl) and Unicode Number (Nd). In the first example you have given, the character may look like symbols, but they are Unicode letter or Unicode number.
The second one is that adding an empty string to anything in JavaScript will cast it to a string. If you also use the fact that strings are an array-like structure in JavaScript, you can easily make stuff like :
(false+"")[0], which can also be written has(!1+"")[0]. From that point you can compose your own string letter by letter.The third one is that every object property can be accessed with the
[]notation. For example :window["alert"]("test")is the same aswindow.alert("test"). If you mix that with the previous paragraph, I think you can easily see where it can go.The only thing we are missing to get started is either a reference to
windoworFunction. The other answers, already provide you a way to accessFunctionwhich can be use likeeval. To getwindowtough, the easiest way is to leak it throughArray.concatthis way :Once you have
window, you can either usewindow["eval"]or call directlywindow["alert"].That's all for the basis of how you actually do these kind of obfuscation. The rest is just variation of the previous points. If you want additional information, I did a couple of blog post about this, you can find them here : http://holyvier.blogspot.com/2011/10/javascript-obfuscation-introduction.html