abin30 2010-12-01 23:18
浏览 560
已采纳

Javascript 混淆后解码原理

在雅虎首页上上的脚本 http://cn.yimg.com/hp/201008/hp_20101021.min.js 是经过混淆的,源代码如下:
[code="java"]
// @author zhe.zhu
eval(function(p,a,c,k,e,r)
{
e=function(c)
{
return(c35?String.fromCharCode(c+29):c.toString(36))
};
if(!''.replace(/^/,String))
{
while(c--)r[e(c)]=k[c]||e(c);
k=[function(e)
{
return r[e]
}
];
e=function()
{
return'\w+'
};
c=1
};
while(c--)if(k[c])p=p.replace(new RegExp('\b'+e(c)+'\b','g'),k[c]);
return p
}
('$(o).34(5(){$.M=5(t,c){t.1d(5(){6 i=$(t).1k(7);t.y($(7).N("O")).K("O");c.y($(c[i]).I({V:0.8,2E:\'2p\'}).2m().1t({V:1},2Y,5(){$(7).I({V:1})})).E()})};$.M($(\'#25 R\'),$(\'#25 D.27\'));$.M($(\'#1Y R\'),$(\'#1Y D.30\'));$.M($(\'#1s R\'),$(\'#1s D.16\'));$.M($(\'#1z R\'),$(\'#1z D.16\'));$.M($(\'#1Q R\'),$(\'#1Q D.16\'));$.M($(\'#1Z R\'),$(\'#1Z D.16\'));6 a=$(\'#1T a\');6 b=$(\'#2q\');6 c=$(\'#35\');6 t=$(\'#1n\');6 f=$(\'#1n m\');6 g=-1;6 h=2l;5 1G(i){g=X.1g(g);g=X.1R(5(){c.w(\'m:17(\'+i+\')\').B(\'z\')},h)}$(\'#1T a,#1n m\').2h(5(){9(!$(7).1S(\'O\')){1G($(7).1k())}},5(){g=X.1g(g)});c.w(\'m>a>23\').1d(5(){g=X.1g(g)});b.J(5(e){9($(7).1S(\'U\')){t.B(\'1p\');c.w(\'m:17(0)\').B(\'z\')}x{t.B(\'U\');c.w(\'m:17(4)\').B(\'z\')}e.14()}).1d(5(e){$(7).J()});t.15(\'U\',5(){b.N(\'U\').T(\'1u\',\'点击查看上一组\').10(\'上一组\');t.w(\'m:1N(4)\').E();f.y(\':1N(4)\').z()}).15(\'1p\',5(){b.K(\'U\').T(\'1u\',\'点击查看下一组\').10(\'下一组\');t.w(\'m:1X(3)\').E();f.y(\':1X(3)\').z()});c.w(\'m\').15(\'z\',5(){6 i=$(7).1k();6 l=c.w(\'m:17(\'+i+\')\');a.y($(a[i]).N(\'O\')).K(\'O\');f.y($(f[i]).N(\'O\')).K(\'O\');c.w(\'m\').y(l.y(l.w(\'23\').I(\'V\',0.2i).1t({V:\'+=0.2\'},2X)).z()).E();9(i>3){t.B(\'U\')}x{t.B(\'1p\')}});6 j=$(\'#1l\');$(\'#1m\').15(\'1q\',5(e){9($(\'#S\').L()==\'\'){$(\'#S\').I(\'18\',\'19 1a #20\').21()}x{$(\'#S\').I(\'18\',\'19 1a #22\')}9($(\'#W\').L()==\'\'){$(\'#W\').I(\'18\',\'19 1a #20\').21()}x{$(\'#W\').I(\'18\',\'19 1a #22\')}9($(\'#W\').L()==\'\'||$(\'#S\').L()==\'\'){12 2v}x{$(7).2x=\'2D://2O.2U.u.r/2e/P\';12 28}});$(\'#1b\').J(5(e){$(\'#1m\').B(\'1q\')});$(\'#W\').1v(5(e){6 a=e.1w;9(a==13){$(\'#1m\').B(\'1q\')}});$(\'#S\').1v(5(e){6 a=e.1w;6 b=j.w(\'m.G\');9(a==2n){9(b.H==1&&b.1x().H==1){b.K(\'G\').1x().N(\'G\')}}x 9(a==2r){9(b.H==1&&b.1y().H==1){b.K(\'G\').1y().N(\'G\')}}x 9(a==13){e.14();$(7).L(b.10());j.E()}x{$(7).1h()}}).1h(5(e){6 a=$(7).L();9(a.2A(\'@\')!=2C||a.H\';2S(6 i=0;i"}x{d+=""}d+=a+"@"+c[i]+""}d+="1B>";d+="请选择您的邮箱地址";$(7).T(\'1A\',a);j.10(d).z(5(){$(\'#1l m\').1d(5(e){$(7).N(\'G\');$(\'#1l m\').y(7).K(\'G\')}).J(5(e){$(\'#S\').L($(7).10());j.E()})})}}).2W(5(){$(7).1h()});$(\'#1D\').J(5(e){1E{$(7).I(\'2Z\',\'1F(#31#32)\');7.33("v://q.u.r")}1H(29){2a("抱歉!您的浏览器不支持直接设为首页。您可通过浏览器 工具->选项->使用当前页->确定,完成设为首页。")}e.14()});$(\'#2b\').J(5(e){$(\'#1D\').J();e.14()});$(\'2c\').2d(5(){$(7).T(\'1I\',$(7).T(\'2f\'))});6 k=X.2g(5(){$(\'p.1J\').y($(\'p.1J:2j\').E()).z()},2k)});5 1K(a){6 s,e;s=o.11.1L(a+"=");9(s==-1)12"";s+=a.H+1;e=o.11.1L(\';\',s);9(e==-1)e=o.11.H;12 o.11.2o(s,e)}5 1M(n,t,a){6 b;6 c=1i 2s();c.2t(c.2u()+a*1O*1O*2w);b=n+"="+t+"; 1P="+o.1P+"; 2y="+c.2z();o.11=b}5 1j(a,b){9(o.2B){A="v://q.Z.u.r/Y/"+a+"/"+"1F="+2F(b)+"/"+"*"+"v://q.2G.r/2H/2I/2J.2K?2L="+2M.2N();1E{1R(5(){(1i 1U()).1I=A;1V("1i 1U 2P! "+A)},2Q)}1H(e){1V(e)}}}5 2R(a){1M("1W",a,2T);9(a=="1b"){o.C("1c").F="v://q.Z.u.r/Y/Q/P/1o/*"+"v://1f.q.u.r/";o.C("1e").F="24";1j("Q/P/1o","v://1f.q.u.r/")}x{o.C("1c").F="v://q.Z.u.r/Y/Q/P/1r/*"+"v://q.u.r/";o.C("1e").F="26";1j("Q/P/1r","v://q.u.r/")}}9(o.C("1b")){9(1K("1W")=="1b"){o.C("1c").F="v://q.Z.u.r/Y/Q/P/1o/*"+"v://1f.q.u.r/";o.C("1e").F="24"}x{o.C("1c").F="v://q.Z.u.r/Y/Q/P/1r/*"+"v://q.u.r/";o.C("1e").F="26"}}',62,192,'|||||function|var|this||if|||||||||||||li||document||cn|com|||yahoo|http|find|else|not|show||trigger|getElementById|div|hide|value|on|length|css|click|removeClass|val|tab|addClass|act|login|yhp0806|h2|emailinput|attr|pgup|opacity|pwdinput|window|home|rd|html|cookie|return||preventDefault|bind|tbtabcont|eq|border|1px|solid|to_intoemail|loginToUrl|mouseenter|loginCnrid|mail|clearTimeout|change|new|re_click|index|emailct|login_form|focustab|tomailpage|pgdown|submit|tostandby|tbtab|animate|title|keyup|keyCode|next|prev|tbtab2|last|ul|class|setashomepage|try|url|delay|catch|src|tbtop|GetCookie|indexOf|SetCookie|lt|60|domain|tbtab3|setTimeout|hasClass|fcspg|Image|logit|yahoo_hp_mailenterance|gt|hardnews|tbtab4|16387C|focus|9CB8C6|img|yhptomail_10009|tablogin|yhptoself_10000|logincont|true|_err|alert|setashomepage2|iframe|each|config|source|setInterval|hover|85|visible|10000|200|stop|40|substring|block|slider_btn|38|Date|setTime|getTime|false|1000|action|expires|toGMTString|match|images|null|https|display|encodeURIComponent|yimg|search|yisou|clk|gif|_rnd|Math|random|edit|created|500|onChoosePage|for|2400|bjs|footer|blur|400|300|behavior|hdcont|default|homepage|setHomePage|ready|focuscont'.split('|'),0,{}));
[/code]
在最前面已经自己带了一个解码函数, 但是不清楚它是怎么执行的,那位给分析一下,谢谢!
这段代码的未加密版本在这里 http://cn.yimg.com/hp/201008/hp_20101021.js
[code="java"]// @author zhe.zhu
$(document).ready(function(){
//tabs
$.tab = function(t,c){
t.mouseenter(function(){
var i = $(t).index(this);
t.not($(this).addClass("act")).removeClass("act");
c.not($(c[i]).css({opacity:0.8,display:'block'}).stop().animate({opacity:1},300,function(){$(this).css({opacity:1})})).hide();
});
};

$.tab($('#tablogin h2'),$('#tablogin div.logincont'));
$.tab($('#hardnews h2'),$('#hardnews div.hdcont'));
$.tab($('#tbtab h2'),$('#tbtab div.tbtabcont'));
$.tab($('#tbtab2 h2'),$('#tbtab2 div.tbtabcont'));
$.tab($('#tbtab3 h2'),$('#tbtab3 div.tbtabcont'));
$.tab($('#tbtab4 h2'),$('#tbtab4 div.tbtabcont'));

//focus
var a = $('#fcspg a');
var b = $('#slider_btn');
var c = $('#focuscont');
var t = $('#focustab');
var tl = $('#focustab li');

var delayTimeout = -1;
var delayTime = 200;
function delay(i){
    delayTimeout = window.clearTimeout(delayTimeout);
    delayTimeout = window.setTimeout(function(){
        c.find('li:eq('+i+')').trigger('show');
    },delayTime);
}

$('#fcspg a,#focustab li').hover(function(){
    if(!$(this).hasClass('act')){
        delay($(this).index());
    }
},function(){
    delayTimeout = window.clearTimeout(delayTimeout);
});

c.find('li>a>img').mouseenter(function(){
    delayTimeout = window.clearTimeout(delayTimeout);
});

b.click(function(e){
    if($(this).hasClass('pgup')){
        t.trigger('pgdown');
        c.find('li:eq(0)').trigger('show');
    }else{
        t.trigger('pgup');
        c.find('li:eq(4)').trigger('show');
    }
    e.preventDefault();
}).mouseenter(function(e){
    $(this).click();
});

t.bind('pgup',function(){
    b.addClass('pgup').attr('title','点击查看上一组').html('上一组');
    t.find('li:lt(4)').hide();
    tl.not(':lt(4)').show();
}).bind('pgdown',function(){
    b.removeClass('pgup').attr('title','点击查看下一组').html('下一组');
    t.find('li:gt(3)').hide();
    tl.not(':gt(3)').show();
});

c.find('li').bind('show',function(){
    var i = $(this).index();
    var l = c.find('li:eq('+i+')');
    a.not($(a[i]).addClass('act')).removeClass('act');
    tl.not($(tl[i]).addClass('act')).removeClass('act');
    c.find('li').not(
        l.not(
            l.find('img').css('opacity',0.85).animate({opacity:'+=0.2'},400)
        ).show()
    ).hide();
    if(i>3){
        t.trigger('pgup');
    }else{
        t.trigger('pgdown');
    }
});

//email
var tip = $('#emailct');

$('#login_form').bind('submit',function(e){
    if($('#emailinput').val() == ''){
        $('#emailinput').css('border','1px solid #16387C').focus();
    }else{
        $('#emailinput').css('border','1px solid #9CB8C6');
    }

    if($('#pwdinput').val() == ''){
        $('#pwdinput').css('border','1px solid #16387C').focus();
    }else{
        $('#pwdinput').css('border','1px solid #9CB8C6');
    }

    if($('#pwdinput').val() == ''||$('#emailinput').val() == ''){
        return false;
    }else{
        $(this).action = 'https://edit.bjs.yahoo.com/config/login';
        return true;
    }
});

$('#to_intoemail').click(function(e){
    $('#login_form').trigger('submit');
});

$('#pwdinput').keyup(function(e){
    var key = e.keyCode;
    if (key == 13) {
        $('#login_form').trigger('submit');
    }
});

$('#emailinput').keyup(function(e){
    var key = e.keyCode;
    var current = tip.find('li.on');
    if (key == 40) {//key down
        if(current.length == 1 && current.next().length == 1){
            current.removeClass('on').next().addClass('on');
        }
    } else if (key == 38) {//key up
        if(current.length == 1 && current.prev().length == 1){
            current.removeClass('on').prev().addClass('on');
        }
    } else if (key == 13) {//enter
        e.preventDefault();
        $(this).val(current.html());
        tip.hide();
    } else {
        $(this).change();
    }
}).change(function(e){
    var value = $(this).val();
    if(value.match('@')!=null || value.length < 1){
        tip.hide();
        return;
    }
    var last = $(this).attr('last');
    if(value != 0 && value != last){
        var arr_email = ['yahoo.com.cn', 'yahoo.cn'];
        var html = '<ul>';
        for (var i = 0; i < arr_email.length; i++) {
            if(i == 0){
                html += "<li class='on'>";
            }else{
                html += "<li>";
            }
            html += value + "@" + arr_email[i] + "</li>";
        }
        html += "</ul>";
        html += "<div class='footer'>请选择您的邮箱地址</div>";
        $(this).attr('last', value);
        tip.html(html).show(function(){
            $('#emailct li').mouseenter(function(e){
                $(this).addClass('on');
                $('#emailct li').not(this).removeClass('on');
            }).click(function(e){
                $('#emailinput').val($(this).html());
                tip.hide();
            })
        });
    }
}).blur(function(){
    $(this).change();
});

//sethomepage
 $('#setashomepage').click(function(e){
    try{
        $(this).css('behavior','url(#default#homepage)');
        this.setHomePage("http://cn.yahoo.com");
    }catch(_err){
        alert("抱歉!您的浏览器不支持直接设为首页。您可通过浏览器 工具->选项->使用当前页->确定,完成设为首页。");
    }
    e.preventDefault();
 });

 $('#setashomepage2').click(function(e){
    $('#setashomepage').click();
    e.preventDefault();
 });

 //iframe
 $('iframe').each(function(){
    $(this).attr('src',$(this).attr('source'));
 });

 //tbtop
 var tbtopInterval = window.setInterval(function(){
     $('p.tbtop').not($('p.tbtop:visible').hide()).show();
 },10000)

});

//email related
function GetCookie(name){
var s, e;
s = document.cookie.indexOf(name + "=");
if (s == -1)
return "";
s += name.length + 1;
e = document.cookie.indexOf(';', s);
if (e == -1)
e = document.cookie.length;
return document.cookie.substring(s, e);
}

function SetCookie(n, t, ex){
var cook;
var exp = new Date();
exp.setTime(exp.getTime() + ex * 60 * 60 * 1000);
cook = n + "=" + t + "; domain=" + document.domain + "; expires=" + exp.toGMTString();
document.cookie = cook;
}

function re_click(name, href){
if (document.images) {
A = "http://cn.rd.yahoo.com/home/" + name + "/" + "url=" + encodeURIComponent(href) + "/" + "*" + "http://cn.yimg.com/search/yisou/clk.gif?_rnd=" + Math.random();
try {
setTimeout(function(){
(new Image()).src = A;
logit("new Image created! " + A);
}, 500);
}
catch (e) {
logit(e);
}
}
}

function onChoosePage(sName){
SetCookie("yahoo_hp_mailenterance", sName, 2400);
if (sName == "to_intoemail") {
document.getElementById("loginToUrl").value = "http://cn.rd.yahoo.com/home/yhp0806/login/tomailpage/*" + "http://mail.cn.yahoo.com/";
document.getElementById("loginCnrid").value = "yhptomail_10009";
re_click("yhp0806/login/tomailpage", "http://mail.cn.yahoo.com/");
}
else {
document.getElementById("loginToUrl").value = "http://cn.rd.yahoo.com/home/yhp0806/login/tostandby/*" + "http://cn.yahoo.com/";
document.getElementById("loginCnrid").value = "yhptoself_10000";
re_click("yhp0806/login/tostandby", "http://cn.yahoo.com/");
}
}

if (document.getElementById("to_intoemail")) {
if (GetCookie("yahoo_hp_mailenterance") == "to_intoemail") {
document.getElementById("loginToUrl").value = "http://cn.rd.yahoo.com/home/yhp0806/login/tomailpage/*" + "http://mail.cn.yahoo.com/";
document.getElementById("loginCnrid").value = "yhptomail_10009";
}
else {
document.getElementById("loginToUrl").value = "http://cn.rd.yahoo.com/home/yhp0806/login/tostandby/*" + "http://cn.yahoo.com/";
document.getElementById("loginCnrid").value = "yhptoself_10000";
}
}[/code]

  • 写回答

3条回答 默认 最新

  • cyrilluce 2010-12-02 17:32
    关注

    a固定为62,是从外面通过参数传进来的。10个数字,26个字母,加上大小写,一共62个
    按\w+匹配的范围来看,这个数值应该是固定的(\w匹配数字字母外加下划线,共63个字符,也就是说不可能超过它)

    整理下格式:
    [code="js"]
    e=function(c){
    var high, low;
    if(c < 62){
    high = "";
    }else{
    high = e(parseInt(c / 62)); // 递归调用,将62进制下的高位(>1)传入转码
    }

    c = c % 62; // 取62进制下的个位数
    if(c <= 35){
    low = c.toString(36); // JS中调用数字的toString方法,可以传入2~36,分别代表2~36进制转换。各数值顺序:0~9a~z
    }else{
    //如果超过35,只能手工映射为大写字母
    low = String.fromCharCode(c+29); // A的ASCII码为65,62进制代表36,加上29进行转换
    }
    return high + low;
    }
    [/code]

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥15 vhdl+MODELSIM
  • ¥20 simulink中怎么使用solve函数?
  • ¥30 dspbuilder中使用signalcompiler时报错Error during compilation: Fitter failed,求解决办法
  • ¥15 gwas 分析-数据质控之过滤稀有突变中出现的问题
  • ¥15 没有注册类 (异常来自 HRESULT: 0x80040154 (REGDB_E_CLASSNOTREG))
  • ¥15 知识蒸馏实战博客问题
  • ¥15 用PLC设计纸袋糊底机送料系统
  • ¥15 simulink仿真中dtc控制永磁同步电机如何控制开关频率
  • ¥15 用C语言输入方程怎么
  • ¥15 网站显示不安全连接问题