JS解密的特点就是见eval就去掉, 除非用了更特别的手段
本例中去eval并执行得到
var _$=["",'','\\\x77\x2b','\\\x62','\\\x62','\x67','\x65\x20\x34\x24\x3d\x5b\x22\\\x37\\\x38\\\x33\\\x39\\\x33\\\x36\\\x35\\\x32\\\x32\\\x31\\\x64\\\x32\\\x66\\\x31\\\x31\x22\x5d\x3b\x61\x20\x62\x28\x29\x7b\x63\x3d\x20\x34\x24\x5b\x30\x5d\x7d','\x7c\x78\x36\x34\x7c\x78\x32\x66\x7c\x78\x36\x39\x7c\x5f\x7c\x78\x33\x61\x7c\x78\x36\x65\x7c\x78\x37\x37\x7c\x78\x36\x35\x7c\x78\x37\x38\x7c\x66\x75\x6e\x63\x74\x69\x6f\x6e\x7c\x6f\x6e\x65\x6b\x65\x79\x7c\x6c\x6f\x63\x61\x74\x69\x6f\x6e\x7c\x78\x36\x63\x7c\x76\x61\x72\x7c\x78\x36\x31','\x7c']window["\x65\x76\x61\x6c"](function(O2b,a5f,O1e,O27,e,O7f){e=function(O25){return(O25<a5f? _$[0]:e(window["\x70\x61\x72\x73\x65\x49\x6e\x74"](O25/a5f)))+((O25=O25%a5f)>0x23?String["\x66\x72\x6f\x6d\x43\x68\x61\x72\x43\x6f\x64\x65"](O25+0x1d):O25["\x74\x6f\x53\x74\x72\x69\x6e\x67"](0x24))}if(! _$[1]["\x72\x65\x70\x6c\x61\x63\x65"](/^/,String)){while(O1e--)O7f[e(O1e)]=O27[O1e]||e(O1e)O27=[function(a42){return O7f[a42]}]e=function(){return _$[2]}O1e=0x1}while(O1e--)if(O27[O1e])O2b=O2b["\x72\x65\x70\x6c\x61\x63\x65"](new RegExp( _$[3]+e(O1e)+ _$[4], _$[5]),O27[O1e])return O2b}( _$[6],0x10,0x10, _$[7]["\x73\x70\x6c\x69\x74"]( _$[8]),0x0,{}))显然是又一道加密
观察到window["\x65\x76\x61\x6c"]
就是window.eval
去掉它执行得到
var _$=["\x77\x65\x69\x78\x69\x6e\x3a\x2f\x2f\x64\x6c\x2f\x61\x64\x64"]function onekey(){location= _$[0]}
格式化後得到
var _$=["weixin://dl/add"]
function onekey(){location=_$[0]}
首先你的加密后的代码有误,无法执行,应将return(c35?String.fromCharCode(c+29):
修改为return(c<a?"":e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):
c和35之间的部分你没复制出来
这种加密的算法的解密方法很简单
<html><body>
<div id="test"></div>
<script type="text/javascript">
document.getElementById('test').innerHTML = 将需要破解的代码全部复制过来,注意你原来的代码不对,请通过替换先将上面说的那个错误改正
</script>
</body>
</html>
将上面的代码保存成html文件,打开此文件即可看到加密前的内容,由于你的问题解密后是广告语,所以不在此处给出,自己试一下
var _$ = [ "GET", "js/i1i1i1i1i1l1l1l1l0.js", "", "json", "#tmpinfo", "#wait_text", "更新正常", "#tmpinfo", ",", "", "" ]$(function(mlkX8258fc) {
function mlkX8bc72b() {
mlkX8258fc.ajax({
type:_$[0],
url:_$[1],
data:_$[2],
dataType:_$[3],
cache:false,
success:function(mlkX8b038c) {
mlkX8258fc(_$[4]).html(mlkX8b038c.k)
mlkX8258fc(_$[5]).html(_$[6])
new_scores = mlkX8258fc(_$[7]).text().trim().split(_$[8])
if (new_scores.length >0) {
show_scores()
show_openNumsDateTime()
setShareInfo()
}
setTimeout(function() {
mlkX8bc72b()
}, mlkX8b038c.t)
},
error:function() {
setTimeout(function() {
mlkX8bc72b()
}, 1e3)
}
})
}
mlkX8bc72b()
})
if (!String.prototype.trim) {
String.prototype.trim = function() {
return this.replace(/^\s+|\s+$/g, _$[9]).replace(/[ ]/g, _$[10])
}
}