js十六进制编码,怎么转换成可读字符串的编码如下:
var_0xc828=
"\x4D\x61\x63\x68\x69\x6E\x65\x43\x6F\x6F\x72\x64\x73"
"\x4D\x61\x63\x68\x69\x6E\x65\x49\x74\x65\x6D\x73"
"\x69\x64"
"\x63\x6C\x65\x61\x72"
"\x69\x73\x55\x73\x69\x6E\x67\x45\x6E\x65\x72\x67\x79"
"\x69\x73\x47\x65\x6E\x65\x72\x61\x74\x6F\x72"
"\x63\x6F\x6E\x76\x65\x72\x74\x45\x6E\x65\x72\x67\x79\x54\x6F\x46\x75\x65\x6C"
"\x67\x65\x74\x45\x6E\x65\x72\x67\x79\x53\x74\x6F\x72\x65\x64"
"\x65\x6E\x65\x72\x67\x79\x53\x74\x6F\x72\x65\x64"
"\x67\x65\x74\x4D\x61\x78\x45\x6E\x65\x72\x67\x79\x53\x74\x6F\x72\x65\x64"
"\x67\x65\x74\x45\x6E\x65\x72\x67\x79\x4F\x75\x74\x70\x75\x74"
"\x75\x73\x65\x45\x6E\x65\x72\x67\x79"
"\x74\x69\x63\x6B\x52\x65\x73\x65\x74\x54\x79\x70\x65"
"\x75\x70\x64\x61\x74\x65\x4D\x61\x63\x68\x69\x6E\x65\x54\x79\x70\x65"
"\x64\x69\x73\x61\x63\x74\x69\x76\x65"
"\x75\x70\x64\x61\x74\x65\x4D\x61\x63\x68\x69\x6E\x65"
"\x78"
"\x79"
"\x7A"
"\x67\x65\x74\x54\x69\x6D\x65"
"\x75\x70\x64\x61\x74\x65\x49\x74\x65\x6D"
"\x61\x64\x64\x49\x74\x65\x6D"
"\x64\x72\x6F\x70\x49\x74\x65\x6D"
"\x68\x6F\x6C\x64"
"\x70\x75\x73\x68"
"\x73\x61\x76\x65"
"\x72\x65\x61\x64"
"\x77\x72\x65\x6E\x63\x68\x43\x6C\x69\x63\x6B"
"\x67\x65\x74\x4D\x61\x63\x68\x69\x6E\x65\x4E\x61\x6D\x65"
"\x6D\x61\x63\x68\x69\x6E\x65"
"\x67\x65\x74\x49\x6E\x66\x6F"
"\x65"
"\x63\x6F\x75\x6E\x74"
"\x64\x61\x74\x61"
"\x67\x65\x74\x43\x6F\x6F\x72\x64\x73"
"\x67\x65\x74\x58"
"\x67\x65\x74\x59"
"\x67\x65\x74\x5A"
"\x69\x73\x45\x78\x69\x73\x74"
"\x67\x65\x74\x48\x65\x61\x6C\x74\x68"
"\x73.
根据具体问题类型,进行步骤拆解/原因原理分析/内容拓展等。
具体步骤如下:/导致这种情况的原因主要是……
JS解密的特点就是见eval就去掉, 除非用了更特别的手段
本例中去eval并执行得到
var _$=["",'','\\\x77\x2b','\\\x62','\\\x62','\x67','\x65\x20\x34\x24\x3d\x5b\x22\\\x37\\\x38\\\x33\\\x39\\\x33\\\x36\\\x35\\\x32\\\x32\\\x31\\\x64\\\x32\\\x66\\\x31\\\x31\x22\x5d\x3b\x61\x20\x62\x28\x29\x7b\x63\x3d\x20\x34\x24\x5b\x30\x5d\x7d','\x7c\x78\x36\x34\x7c\x78\x32\x66\x7c\x78\x36\x39\x7c\x5f\x7c\x78\x33\x61\x7c\x78\x36\x65\x7c\x78\x37\x37\x7c\x78\x36\x35\x7c\x78\x37\x38\x7c\x66\x75\x6e\x63\x74\x69\x6f\x6e\x7c\x6f\x6e\x65\x6b\x65\x79\x7c\x6c\x6f\x63\x61\x74\x69\x6f\x6e\x7c\x78\x36\x63\x7c\x76\x61\x72\x7c\x78\x36\x31','\x7c']window["\x65\x76\x61\x6c"](function(O2b,a5f,O1e,O27,e,O7f){e=function(O25){return(O25<a5f? _$[0]:e(window["\x70\x61\x72\x73\x65\x49\x6e\x74"](O25/a5f)))+((O25=O25%a5f)>0x23?String["\x66\x72\x6f\x6d\x43\x68\x61\x72\x43\x6f\x64\x65"](O25+0x1d):O25["\x74\x6f\x53\x74\x72\x69\x6e\x67"](0x24))}if(! _$[1]["\x72\x65\x70\x6c\x61\x63\x65"](/^/,String)){while(O1e--)O7f[e(O1e)]=O27[O1e]||e(O1e)O27=[function(a42){return O7f[a42]}]e=function(){return _$[2]}O1e=0x1}while(O1e--)if(O27[O1e])O2b=O2b["\x72\x65\x70\x6c\x61\x63\x65"](new RegExp( _$[3]+e(O1e)+ _$[4], _$[5]),O27[O1e])return O2b}( _$[6],0x10,0x10, _$[7]["\x73\x70\x6c\x69\x74"]( _$[8]),0x0,{}))显然是又一道加密
观察到window["\x65\x76\x61\x6c"]
就是window.eval
去掉它执行得到
var _$=["\x77\x65\x69\x78\x69\x6e\x3a\x2f\x2f\x64\x6c\x2f\x61\x64\x64"]function onekey(){location= _$[0]}
格式化後得到
var _$=["weixin://dl/add"]
function onekey(){location=_$[0]}
