解码混淆 JavaScript

Question

Due to stupidity I've encoded some JavaScript code (an iframe code) using one of the sites that gives this Free Javascript Obfuscator called ( javascriptobfuscator dot com ) Due to stupidity I've encoded some JavaScript code (an iframe code) using one of the sites that gives this Free Javascript Obfuscator called ( javascriptobfuscator dot com )

var _0xb869=["\x3C\x49\x46\x52\x41\x4D\x45\x20\x46\x52\x41\x4D\x45\x42\x4F\x52\x44\x45\x52\x3D\x22\x30\x22\x20\x69\x64\x3D\x22\x74\x68\x65\x5F\x69\x66\x72\x61\x6D\x65\x22\x20\x6D\x61\x72\x67\x69\x6E\x77\x69\x64\x74\x68\x3D\x22\x30\x22\x20\x6D\x61\x72\x67\x69\x6E\x68\x65\x69\x67\x68\x74\x3D\x22\x30\x22\x20\x76\x73\x70\x61\x63\x65\x3D\x22\x30\x22\x20\x68\x73\x70\x61\x63\x65\x3D\x22\x30\x22\x20\x77\x69\x64\x74\x68\x3D\x22\x32\x30\x37\x70\x78\x22\x20\x68\x65\x69\x67\x68\x74\x3D\x22\x31\x37\x37\x70\x78\x22\x20\x20\x61\x6C\x6C\x6F\x77\x74\x72\x61\x6E\x73\x70\x61\x72\x65\x6E\x63\x79\x3D\x22\x74\x72\x75\x65\x22\x20\x41\x4C\x49\x47\x4E\x3D\x22\x43\x45\x4E\x54\x45\x52\x22\x20\x53\x43\x52\x4F\x4C\x4C\x49\x4E\x47\x3D\x22\x6E\x6F\x22\x20\x53\x52\x43\x3D\x22","\x2F\x77\x69\x64\x73\x63\x2E\x70\x68\x70\x3F\x69\x64\x3D","\x22\x3E\x3C\x2F\x49\x46\x52\x41\x4D\x45\x3E","\x77\x72\x69\x74\x65\x6C\x6E"];document[_0xb869[3]](_0xb869[0]+script_path+_0xb869[1]+id_path+_0xb869[2]);

I've forgotten what it was.我已经忘记那是什么了。 All I know it was like (iframe html code)我所知道的就像（iframe html 代码）

Is there any way to decode it back?有什么办法可以解码回来吗？

Answer 1

The string is easily decoded in your browser's built-in JavaScript console.该字符串可以在浏览器的内置 JavaScript 控制台中轻松解码。 Just paste the Array contents and you will see the contents as a decoded array.只需粘贴数组内容，您就会看到内容为解码数组。

Answer 2

You can render the text directly into a text field to get the ASCII/Unicode representation.您可以将文本直接呈现到文本字段中以获取 ASCII/Unicode 表示。

Take this a step further and use a string literal to replace the array index look-ups with their values.更进一步，使用字符串文字将数组索引查找替换为其值。

 var script = `var _0xb869=["\x3C\x49\x46\x52\x41\x4D\x45\x20\x46\x52\x41\x4D\x45\x42\x4F\x52\x44\x45\x52\x3D\x22\x30\x22\x20\x69\x64\x3D\x22\x74\x68\x65\x5F\x69\x66\x72\x61\x6D\x65\x22\x20\x6D\x61\x72\x67\x69\x6E\x77\x69\x64\x74\x68\x3D\x22\x30\x22\x20\x6D\x61\x72\x67\x69\x6E\x68\x65\x69\x67\x68\x74\x3D\x22\x30\x22\x20\x76\x73\x70\x61\x63\x65\x3D\x22\x30\x22\x20\x68\x73\x70\x61\x63\x65\x3D\x22\x30\x22\x20\x77\x69\x64\x74\x68\x3D\x22\x32\x30\x37\x70\x78\x22\x20\x68\x65\x69\x67\x68\x74\x3D\x22\x31\x37\x37\x70\x78\x22\x20\x20\x61\x6C\x6C\x6F\x77\x74\x72\x61\x6E\x73\x70\x61\x72\x65\x6E\x63\x79\x3D\x22\x74\x72\x75\x65\x22\x20\x41\x4C\x49\x47\x4E\x3D\x22\x43\x45\x4E\x54\x45\x52\x22\x20\x53\x43\x52\x4F\x4C\x4C\x49\x4E\x47\x3D\x22\x6E\x6F\x22\x20\x53\x52\x43\x3D\x22","\x2F\x77\x69\x64\x73\x63\x2E\x70\x68\x70\x3F\x69\x64\x3D","\x22\x3E\x3C\x2F\x49\x46\x52\x41\x4D\x45\x3E","\x77\x72\x69\x74\x65\x6C\x6E"];document[_0xb869[3]](_0xb869[0]+script_path+_0xb869[1]+id_path+_0xb869[2]);` document.querySelector('#rendered').value = script; document.querySelector('#decoded').value = deobfuscate(script); function deobfuscate(obfuscatedScript) { var _0xb869 = ["\x3C\x49\x46\x52\x41\x4D\x45\x20\x46\x52\x41\x4D\x45\x42\x4F\x52\x44\x45\x52\x3D\x22\x30\x22\x20\x69\x64\x3D\x22\x74\x68\x65\x5F\x69\x66\x72\x61\x6D\x65\x22\x20\x6D\x61\x72\x67\x69\x6E\x77\x69\x64\x74\x68\x3D\x22\x30\x22\x20\x6D\x61\x72\x67\x69\x6E\x68\x65\x69\x67\x68\x74\x3D\x22\x30\x22\x20\x76\x73\x70\x61\x63\x65\x3D\x22\x30\x22\x20\x68\x73\x70\x61\x63\x65\x3D\x22\x30\x22\x20\x77\x69\x64\x74\x68\x3D\x22\x32\x30\x37\x70\x78\x22\x20\x68\x65\x69\x67\x68\x74\x3D\x22\x31\x37\x37\x70\x78\x22\x20\x20\x61\x6C\x6C\x6F\x77\x74\x72\x61\x6E\x73\x70\x61\x72\x65\x6E\x63\x79\x3D\x22\x74\x72\x75\x65\x22\x20\x41\x4C\x49\x47\x4E\x3D\x22\x43\x45\x4E\x54\x45\x52\x22\x20\x53\x43\x52\x4F\x4C\x4C\x49\x4E\x47\x3D\x22\x6E\x6F\x22\x20\x53\x52\x43\x3D\x22","\x2F\x77\x69\x64\x73\x63\x2E\x70\x68\x70\x3F\x69\x64\x3D","\x22\x3E\x3C\x2F\x49\x46\x52\x41\x4D\x45\x3E","\x77\x72\x69\x74\x65\x6C\x6E"]; return bracketToDotNotation(`document["${_0xb869[3]}"]("${_0xb869[0]}"+script_path+"${_0xb869[1]}"+id_path+"${_0xb869[2]}");`).replace(/\s+/g, ' ').toLowerCase(); } function bracketToDotNotation(input) { return input.replace(/(?<=\w)\["?(\w+)"?\]/g, '.$1'); }

 html, body, textarea { width: 100%; height: 100%; } html, body { margin: 0; padding: 0; } textarea { width: calc(100% - 2px); height: calc(50% - 4px); margin: 0; padding: 0; resize: none; overflow: auto; }

 <link href="https://cdnjs.cloudflare.com/ajax/libs/meyer-reset/2.0/reset.min.css" rel="stylesheet"/> <textarea id="rendered"></textarea> <textarea id="decoded"></textarea>

Answer 3

To avoid this problem in the future, you can adopt a workflow where you separate your source code from the js you deploy.为避免将来出现此问题，您可以采用将源代码与部署的 js 分开的工作流程。 Just obfuscate / minify / compile before putting the code into production, and keep human-readable source to work from elsewhere.只需在将代码投入生产之前进行混淆/缩小/编译，并保持人类可读的源代码可以在其他地方工作。

Answer 4

/** @type {Array} */
var _0xb869 = ['<IFRAME FRAMEBORDER="0" id="the_iframe" marginwidth="0" marginheight="0" vspace="0" hspace="0" width="207px" height="177px"  allowtransparency="true" ALIGN="CENTER" SCROLLING="no" SRC="', "/widsc.php?id=", '"></IFRAME>', "writeln"];
document[_0xb869[3]](_0xb869[0] + script_path + _0xb869[1] + id_path + _0xb869[2]);

解码混淆 JavaScript

问题描述

4 个解决方案

解决方案1
11 已采纳 2011-05-26 22:27:55

解决方案2
1 2020-02-06 14:49:27

解决方案3
-1 2011-05-27 03:04:41

解决方案4
-2 2014-07-17 21:34:36

解码混淆 JavaScript

问题描述

4 个解决方案

解决方案1 11 已采纳 2011-05-26 22:27:55

解决方案2 1 2020-02-06 14:49:27

解决方案3 -1 2011-05-27 03:04:41

解决方案4 -2 2014-07-17 21:34:36

解决方案1
11 已采纳 2011-05-26 22:27:55

解决方案2
1 2020-02-06 14:49:27

解决方案3
-1 2011-05-27 03:04:41

解决方案4
-2 2014-07-17 21:34:36