当前位置:theitroad>解码混淆的 JavaScript

解码混淆的 JavaScript

声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow 原文地址: http://stackoverflow.com/questions/6145796/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me): StackOverFlow

提示:将鼠标放在中文语句上可以显示对应的英文。显示中英文
时间:2020-10-25 19:38:51  来源:igfitidea点击:

Decode obfuscated JavaScript

javascript

提问by Manal Nor

Due to stupidity I've encoded some JavaScript code (an iframe code) using one of the sites that gives this Free Javascript Obfuscator called ( javascriptobfuscator dot com )

由于愚蠢,我使用提供此免费 Javascript Obfuscator 的网站之一编码了一些 JavaScript 代码(iframe 代码)(javascriptobfuscator dot com)

var _0xb869=["\x3C\x49\x46\x52\x41\x4D\x45\x20\x46\x52\x41\x4D\x45\x42\x4F\x52\x44\x45\x52\x3D\x22\x30\x22\x20\x69\x64\x3D\x22\x74\x68\x65\x5F\x69\x66\x72\x61\x6D\x65\x22\x20\x6D\x61\x72\x67\x69\x6E\x77\x69\x64\x74\x68\x3D\x22\x30\x22\x20\x6D\x61\x72\x67\x69\x6E\x68\x65\x69\x67\x68\x74\x3D\x22\x30\x22\x20\x76\x73\x70\x61\x63\x65\x3D\x22\x30\x22\x20\x68\x73\x70\x61\x63\x65\x3D\x22\x30\x22\x20\x77\x69\x64\x74\x68\x3D\x22\x32\x30\x37\x70\x78\x22\x20\x68\x65\x69\x67\x68\x74\x3D\x22\x31\x37\x37\x70\x78\x22\x20\x20\x61\x6C\x6C\x6F\x77\x74\x72\x61\x6E\x73\x70\x61\x72\x65\x6E\x63\x79\x3D\x22\x74\x72\x75\x65\x22\x20\x41\x4C\x49\x47\x4E\x3D\x22\x43\x45\x4E\x54\x45\x52\x22\x20\x53\x43\x52\x4F\x4C\x4C\x49\x4E\x47\x3D\x22\x6E\x6F\x22\x20\x53\x52\x43\x3D\x22","\x2F\x77\x69\x64\x73\x63\x2E\x70\x68\x70\x3F\x69\x64\x3D","\x22\x3E\x3C\x2F\x49\x46\x52\x41\x4D\x45\x3E","\x77\x72\x69\x74\x65\x6C\x6E"];document[_0xb869[3]](_0xb869[0]+script_path+_0xb869[1]+id_path+_0xb869[2]);

I've forgotten what it was. All I know it was like (iframe html code)

我已经忘记那是什么了。我所知道的就像(iframe html 代码)

Is there any way to decode it back?

有什么办法可以解码回来吗?

回答by jontro

The string is easily decoded in a javascript console like the one in firebug, Just paste the Array contents and you will see the contents as a decoded array

该字符串在 javascript 控制台中很容易解码,就像 firebug 中的那个一样,只需粘贴数组内容,您就会看到内容作为解码的数组

回答by Tamzin Blake

To avoid this problem in the future, you can adopt a workflow where you separate your source code from the js you deploy. Just obfuscate / minify / compile before putting the code into production, and keep human-readable source to work from elsewhere.

为避免将来出现此问题,您可以采用将源代码与部署的 js 分开的工作流。在将代码投入生产之前,只需混淆/缩小/编译,并保持人类可读的源代码可以在其他地方工作。

回答by Nobrain

/** @type {Array} */ var _0xb869 = ['', "writeln"]; document[_0xb869[3]](_0xb869[0] + script_path + _0xb869[1] + id_path + _0xb869[2]);

/** @type {Array} */ var _0xb869 = ['', "writeln"]; 文档[_0xb869[3]](_0xb869[0] + script_path + _0xb869[1] + id_path + _0xb869[2]);

回答by Mr. Polywhirl

You can render the text directly into a text field to get the ASCII/Unicode representation.

您可以将文本直接渲染到文本字段中以获取 ASCII/Unicode 表示。

Take this a step further and use a string literal to replace the array index look-ups with their values.

更进一步,使用字符串文字将数组索引查找替换为它们的值。

var script = `var _0xb869=["\x3C\x49\x46\x52\x41\x4D\x45\x20\x46\x52\x41\x4D\x45\x42\x4F\x52\x44\x45\x52\x3D\x22\x30\x22\x20\x69\x64\x3D\x22\x74\x68\x65\x5F\x69\x66\x72\x61\x6D\x65\x22\x20\x6D\x61\x72\x67\x69\x6E\x77\x69\x64\x74\x68\x3D\x22\x30\x22\x20\x6D\x61\x72\x67\x69\x6E\x68\x65\x69\x67\x68\x74\x3D\x22\x30\x22\x20\x76\x73\x70\x61\x63\x65\x3D\x22\x30\x22\x20\x68\x73\x70\x61\x63\x65\x3D\x22\x30\x22\x20\x77\x69\x64\x74\x68\x3D\x22\x32\x30\x37\x70\x78\x22\x20\x68\x65\x69\x67\x68\x74\x3D\x22\x31\x37\x37\x70\x78\x22\x20\x20\x61\x6C\x6C\x6F\x77\x74\x72\x61\x6E\x73\x70\x61\x72\x65\x6E\x63\x79\x3D\x22\x74\x72\x75\x65\x22\x20\x41\x4C\x49\x47\x4E\x3D\x22\x43\x45\x4E\x54\x45\x52\x22\x20\x53\x43\x52\x4F\x4C\x4C\x49\x4E\x47\x3D\x22\x6E\x6F\x22\x20\x53\x52\x43\x3D\x22","\x2F\x77\x69\x64\x73\x63\x2E\x70\x68\x70\x3F\x69\x64\x3D","\x22\x3E\x3C\x2F\x49\x46\x52\x41\x4D\x45\x3E","\x77\x72\x69\x74\x65\x6C\x6E"];document[_0xb869[3]](_0xb869[0]+script_path+_0xb869[1]+id_path+_0xb869[2]);`

document.querySelector('#rendered').value = script;
document.querySelector('#decoded').value  = deobfuscate(script);

function deobfuscate(obfuscatedScript) {
  var _0xb869 = ["\x3C\x49\x46\x52\x41\x4D\x45\x20\x46\x52\x41\x4D\x45\x42\x4F\x52\x44\x45\x52\x3D\x22\x30\x22\x20\x69\x64\x3D\x22\x74\x68\x65\x5F\x69\x66\x72\x61\x6D\x65\x22\x20\x6D\x61\x72\x67\x69\x6E\x77\x69\x64\x74\x68\x3D\x22\x30\x22\x20\x6D\x61\x72\x67\x69\x6E\x68\x65\x69\x67\x68\x74\x3D\x22\x30\x22\x20\x76\x73\x70\x61\x63\x65\x3D\x22\x30\x22\x20\x68\x73\x70\x61\x63\x65\x3D\x22\x30\x22\x20\x77\x69\x64\x74\x68\x3D\x22\x32\x30\x37\x70\x78\x22\x20\x68\x65\x69\x67\x68\x74\x3D\x22\x31\x37\x37\x70\x78\x22\x20\x20\x61\x6C\x6C\x6F\x77\x74\x72\x61\x6E\x73\x70\x61\x72\x65\x6E\x63\x79\x3D\x22\x74\x72\x75\x65\x22\x20\x41\x4C\x49\x47\x4E\x3D\x22\x43\x45\x4E\x54\x45\x52\x22\x20\x53\x43\x52\x4F\x4C\x4C\x49\x4E\x47\x3D\x22\x6E\x6F\x22\x20\x53\x52\x43\x3D\x22","\x2F\x77\x69\x64\x73\x63\x2E\x70\x68\x70\x3F\x69\x64\x3D","\x22\x3E\x3C\x2F\x49\x46\x52\x41\x4D\x45\x3E","\x77\x72\x69\x74\x65\x6C\x6E"];
  return bracketToDotNotation(`document["${_0xb869[3]}"]("${_0xb869[0]}"+script_path+"${_0xb869[1]}"+id_path+"${_0xb869[2]}");`).replace(/\s+/g, ' ').toLowerCase();
}

function bracketToDotNotation(input) {
  return input.replace(/(?<=\w)\["?(\w+)"?\]/g, '.');
}
html,
body, 
textarea {
  width: 100%;
  height: 100%;
}

html,
body {
  margin: 0;
  padding: 0;
}

textarea {
  width: calc(100% - 2px);
  height: calc(50% - 4px);
  margin: 0;
  padding: 0;
  resize: none;
  overflow: auto;
}
<link href="https://cdnjs.cloudflare.com/ajax/libs/meyer-reset/2.0/reset.min.css" rel="stylesheet"/>
<textarea id="rendered"></textarea>
<textarea id="decoded"></textarea>

相关推荐

javascript 如何强制 jQuery Validate 检查数据库中的重复用户名?

javascript 如何强制 jQuery Validate 检查数据库中的重复用户名?

javascript JQuery ajax调用跨域webservice

javascript JQuery ajax调用跨域webservice

javascript jQuery replaceWith 查找新元素

javascript jQuery replaceWith 查找新元素

如何延迟某些 HTML 的显示,直到 javascript 加载后

如何延迟某些 HTML 的显示,直到 javascript 加载后

相关推荐
最近更新
标签