我想知道这个jQuery文件是如何编码的,我该如何解码呢?
var _0xc702 = ["\x66\x6C\x65\x78\x79\x6D\x65\x6E\x75", "\x66\x6E", "\x68\x6F\x72\x69\x7A\x6F\x6E\x74\x61\x6C", "\x6C\x65\x66\x74", "\x65\x78\x74\x65\x6E\x64", "\x69\x6E\x6E\x65\x72\x57\x69\x64\x74\x68", "\x74\x79\x70\x65", "\x76\x65\x72\x74\x69\x63\x61\x6C", "\x61\x64\x64\x43\x6C\x61\x73\x73", "\x61\x6C\x69\x67\x6E", "\x72\x69\x67\x68\x74", "\x69\x6E\x64\x69\x63\x61\x74\x6F\x72", "\x6C\x65\x6E\x67\x74\x68", "\x75\x6C", "\x63\x68\x69\x6C\x64\x72\x65\x6E", "\x3C\x73\x70\x61\x6E\x20\x63\x6C\x61\x73\x73\x3D\x27\x69\x6E\x64\x69\x63\x61\x74\x6F\x72\x27\x3E\x2B\x3C\x2F\x73\x70\x61\x6E\x3E", "\x61\x70\x70\x65\x6E\x64", "\x65\x61\x63\x68", "\x6C\x69", "\x66\x69\x6E\x64", "\x3C\x6C\x69\x20\x63\x6C\x61\x73\x73\x3D\x27\x73\x68\x6F\x77\x68\x69\x64\x65\x27\x3E\x3C\x73\x70\x61\x6E\x20\x63\x6C\x61\x73\x73\x3D\x27\x74\x69\x74\x6C\x65\x27\x3E\x4D\x45\x4E\x55\x3C\x2F\x73\x70\x61\x6E\x3E\x3C\x73\x70\x61\x6E\x20\x63\x6C\x61\x73\x73\x3D\x27\x69\x63\x6F\x6E\x27\x3E\x3C\x65\x6D\x3E\x3C\x2F\x65\x6D\x3E\x3C\x65\x6D\x3E\x3C\x2F\x65\x6D\x3E\x3C\x65\x6D\x3E\x3C\x2F\x65\x6D\x3E\x3C\x65\x6D\x3E\x3C\x2F\x65\x6D\x3E\x3C\x2F\x73\x70\x61\x6E\x3E\x3C\x2F\x6C\x69\x3E", "\x70\x72\x65\x70\x65\x6E\x64", "\x72\x65\x73\x69\x7A\x65", "\x6D\x61\x74\x63\x68", "\x75\x73\x65\x72\x41\x67\x65\x6E\x74", "\x6D\x73\x4D\x61\x78\x54\x6F\x75\x63\x68\x50\x6F\x69\x6E\x74\x73", "\x6E\x61\x76\x69\x67\x61\x74\x6F\x72", "\x63\x6C\x69\x63\x6B\x20\x74\x6F\x75\x63\x68\x73\x74\x61\x72\x74", "\x73\x74\x6F\x70\x50\x72\x6F\x70\x61\x67\x61\x74\x69\x6F\x6E", "\x70\x72\x65\x76\x65\x6E\x74\x44\x65\x66\x61\x75\x6C\x74", "\x68\x72\x65\x66", "\x6C\x6F\x63\x61\x74\x69\x6F\x6E", "\x61\x74\x74\x72", "\x73\x70\x65\x65\x64", "\x66\x61\x64\x65\x4F\x75\x74", "\x73\x74\x6F\x70", "\x73\x69\x62\x6C\x69\x6E\x67\x73", "\x70\x61\x72\x65\x6E\x74", "\x64\x69\x73\x70\x6C\x61\x79", "\x63\x73\x73", "\x6E\x6F\x6E\x65", "\x66\x61\x64\x65\x49\x6E", "\x6F\x6E", "\x61", "\x68\x69\x64\x65\x43\x6C\x69\x63\x6B\x4F\x75\x74", "\x63\x6C\x69\x63\x6B\x2E\x6D\x65\x6E\x75\x20\x74\x6F\x75\x63\x68\x73\x74\x61\x72\x74\x2E\x6D\x65\x6E\x75", "\x63\x6C\x6F\x73\x65\x73\x74", "\x74\x61\x72\x67\x65\x74", "\x62\x69\x6E\x64", "\x6D\x6F\x75\x73\x65\x6C\x65\x61\x76\x65", "\x6D\x6F\x75\x73\x65\x65\x6E\x74\x65\x72", "\x63\x6C\x69\x63\x6B", "\x73\x6C\x69\x64\x65\x44\x6F\x77\x6E", "\x73\x6C\x69\x64\x65\x55\x70", "\x6C\x69\x3A\x6E\x6F\x74\x28\x2E\x73\x68\x6F\x77\x68\x69\x64\x65\x29", "\x68\x69\x64\x65", "\x3A\x68\x69\x64\x64\x65\x6E", "\x69\x73", "\x73\x68\x6F\x77", "\x6C\x69\x2E\x73\x68\x6F\x77\x68\x69\x64\x65", "\x64\x65\x74\x61\x63\x68", "\x75\x6E\x62\x69\x6E\x64", "\x6C\x69\x2C\x20\x61"];
jQuery[_0xc702[1]][_0xc702[0]] = function (_0x99dfx1) {
var _0x99dfx2 = {
speed: 300,
type: _0xc702[2],
align: _0xc702[3],
indicator: false,
hideClickOut: true
};
$[_0xc702[4]](_0x99dfx2, _0x99dfx1);
var _0x99dfx3 = false;
var _0x99dfx4 = $(this);
var _0x99dfx5 = window[_0xc702[5]];
if (_0x99dfx2[_0xc702[6]] == _0xc702[7]) {
$(_0x99dfx4)[_0xc702[8]](_0xc702[7]);
if (_0x99dfx2[_0xc702[9]] == _0xc702[10]) {
$(_0x99dfx4)[_0xc702[8]](_0xc702[10]);
};
};
if (_0x99dfx2[_0xc702[11]] == true) {
$(_0x99dfx4)[_0xc702[19]](_0xc702[18])[_0xc702[17]](function () {
if ($(this)[_0xc702[14]](_0xc702[13])[_0xc702[12]] > 0) {
$(this)[_0xc702[16]](_0xc702[15]);
};
});
};
$(_0x99dfx4)[_0xc702[21]](_0xc702[20]);
_0x99dfx6();
$(window)[_0xc702[22]](function () {
if (_0x99dfx5 <= 768 && window[_0xc702[5]] > 768) {
_0x99dfx10();
_0x99dfxc();
_0x99dfx7();
if (_0x99dfx2[_0xc702[6]] == _0xc702[2] && _0x99dfx2[_0xc702[9]] == _0xc702[10] && _0x99dfx3 == false) {
_0x99dfxd();
_0x99dfx3 = true;
};
};
if (_0x99dfx5 > 768 && window[_0xc702[5]] <= 768) {
_0x99dfx10();
_0x99dfxb();
_0x99dfxa();
if (_0x99dfx3 == true) {
_0x99dfxd();
_0x99dfx3 = false;
};
};
_0x99dfx5 = window[_0xc702[5]];
});
function _0x99dfx6() {
if (window[_0xc702[5]] <= 768) {
_0x99dfxb();
_0x99dfxa();
if (_0x99dfx3 == true) {
_0x99dfxd();
_0x99dfx3 = false;
};
} else {
_0x99dfxc();
_0x99dfx7();
if (_0x99dfx2[_0xc702[6]] == _0xc702[2] && _0x99dfx2[_0xc702[9]] == _0xc702[10] && _0x99dfx3 == false) {
_0x99dfxd();
_0x99dfx3 = true;
};
};
};
function _0x99dfx7() {
if (navigator[_0xc702[24]][_0xc702[23]](/Mobi/i) || window[_0xc702[26]][_0xc702[25]] > 0) {
$(_0x99dfx4)[_0xc702[19]](_0xc702[43])[_0xc702[42]](_0xc702[27], function (_0x99dfx8) {
_0x99dfx8[_0xc702[28]]();
_0x99dfx8[_0xc702[29]]();
window[_0xc702[31]][_0xc702[30]] = $(this)[_0xc702[32]](_0xc702[30]);
$(this)[_0xc702[37]](_0xc702[18])[_0xc702[36]](_0xc702[18])[_0xc702[19]](_0xc702[13])[_0xc702[35]](true, true)[_0xc702[34]](_0x99dfx2[_0xc702[33]]);
if ($(this)[_0xc702[36]](_0xc702[13])[_0xc702[39]](_0xc702[38]) == _0xc702[40]) {
$(this)[_0xc702[36]](_0xc702[13])[_0xc702[35]](true, true)[_0xc702[41]](_0x99dfx2[_0xc702[33]]);
} else {
$(this)[_0xc702[36]](_0xc702[13])[_0xc702[35]](true, true)[_0xc702[34]](_0x99dfx2[_0xc702[33]]);
$(this)[_0xc702[36]](_0xc702[13])[_0xc702[19]](_0xc702[13])[_0xc702[35]](true, true)[_0xc702[34]](_0x99dfx2[_0xc702[33]]);
};
});
if (_0x99dfx2[_0xc702[44]] == true) {
$(document)[_0xc702[48]](_0xc702[45], function (_0x99dfx9) {
if ($(_0x99dfx9[_0xc702[47]])[_0xc702[46]](_0x99dfx4)[_0xc702[12]] == 0) {
$(_0x99dfx4)[_0xc702[19]](_0xc702[13])[_0xc702[34]](_0x99dfx2[_0xc702[33]]);
};
});
};
} else {
$(_0x99dfx4)[_0xc702[19]](_0xc702[18])[_0xc702[48]](_0xc702[50], function () {
$(this)[_0xc702[14]](_0xc702[13])[_0xc702[35]](true, true)[_0xc702[41]](_0x99dfx2[_0xc702[33]]);
})[_0xc702[48]](_0xc702[49], function () {
$(this)[_0xc702[14]](_0xc702[13])[_0xc702[35]](true, true)[_0xc702[34]](_0x99dfx2[_0xc702[33]]);
});
};
};
function _0x99dfxa() {
$(_0x99dfx4)[_0xc702[19]](_0xc702[54])[_0xc702[17]](function () {
if ($(this)[_0xc702[14]](_0xc702[13])[_0xc702[12]] > 0) {
$(this)[_0xc702[14]](_0xc702[43])[_0xc702[42]](_0xc702[51], function () {
if ($(this)[_0xc702[36]](_0xc702[13])[_0xc702[39]](_0xc702[38]) == _0xc702[40]) {
$(this)[_0xc702[36]](_0xc702[13])[_0xc702[52]](_0x99dfx2[_0xc702[33]]);
} else {
$(this)[_0xc702[36]](_0xc702[13])[_0xc702[53]](_0x99dfx2[_0xc702[33]]);
};
});
};
});
};
function _0x99dfxb() {
$(_0x99dfx4)[_0xc702[14]](_0xc702[54])[_0xc702[55]](0);
$(_0x99dfx4)[_0xc702[14]](_0xc702[59])[_0xc702[58]](0)[_0xc702[48]](_0xc702[51], function () {
if ($(_0x99dfx4)[_0xc702[14]](_0xc702[18])[_0xc702[57]](_0xc702[56])) {
$(_0x99dfx4)[_0xc702[14]](_0xc702[18])[_0xc702[52]](_0x99dfx2[_0xc702[33]]);
} else {
$(_0x99dfx4)[_0xc702[14]](_0xc702[54])[_0xc702[53]](_0x99dfx2[_0xc702[33]]);
$(_0x99dfx4)[_0xc702[14]](_0xc702[59])[_0xc702[58]](0);
};
});
};
function _0x99dfxc() {
$(_0x99dfx4)[_0xc702[14]](_0xc702[18])[_0xc702[58]](0);
$(_0x99dfx4)[_0xc702[14]](_0xc702[59])[_0xc702[55]](0);
};
function _0x99dfxd() {
$(_0x99dfx4)[_0xc702[14]](_0xc702[18])[_0xc702[8]](_0xc702[10]);
var _0x99dfxe = $(_0x99dfx4)[_0xc702[14]](_0xc702[18]);
$(_0x99dfx4)[_0xc702[14]](_0xc702[54])[_0xc702[60]]();
for (var _0x99dfxf = _0x99dfxe[_0xc702[12]]; _0x99dfxf >= 1; _0x99dfxf--) {
$(_0x99dfx4)[_0xc702[16]](_0x99dfxe[_0x99dfxf]);
};
};
function _0x99dfx10() {
$(_0x99dfx4)[_0xc702[19]](_0xc702[62])[_0xc702[61]]();
$(document)[_0xc702[61]](_0xc702[45]);
$(_0x99dfx4)[_0xc702[19]](_0xc702[13])[_0xc702[55]](0);
};
};
澄清问题:上面的代码用hex模糊,如何对这样的jQuery代码进行反混淆以使代码可读。
答案 0 :(得分:2)
转换hex - &gt; utf8然后用_0xc702中的所有匹配替换数组中的值。然后替换\["([a-zA-Z0-9]+)"\] - &gt; .$1。然后快速扫描并给出语义变量名称。
jQuery.fn.flexymenu = function(opts) {
var options = {
speed: 300,
type: "horizontal",
align: "left",
indicator: false,
hideClickOut: true
};
$.extend(options, opts);
var someBool = false;
var $this = $(this);
var innerWidth = window.innerWidth;
if (options.type == "vertical") {
$($this).addClass("vertical");
if (options.align == "right") {
$($this).addClass("right");
};
};
if (options.indicator == true) {
$($this).find("li").each(function() {
if ($(this).children("ul").length > 0) {
$(this).append("<span class='indicator'>+</span>");
};
});
};
$($this).prepend("<li class='showhide'><span class='title'>MENU</span><span class='icon'><em></em><em></em><em></em><em></em></span></li>");
_0x99dfx6();
$(window).resize(function() {
if (innerWidth <= 768 && window.innerWidth > 768) {
cleanup();
_0x99dfxc();
_0x99dfx7();
if (options.type == "horizontal" && options.align == "right" && someBool == false) {
_0x99dfxd();
someBool = true;
};
};
if (innerWidth > 768 && window.innerWidth <= 768) {
cleanup();
_0x99dfxb();
_0x99dfxa();
if (someBool == true) {
_0x99dfxd();
someBool = false;
};
};
innerWidth = window.innerWidth;
});
function _0x99dfx6() {
if (window.innerWidth <= 768) {
_0x99dfxb();
_0x99dfxa();
if (someBool == true) {
_0x99dfxd();
someBool = false;
};
} else {
_0x99dfxc();
_0x99dfx7();
if (options.type == "horizontal" && options.align == "right" && someBool == false) {
_0x99dfxd();
someBool = true;
};
};
};
function _0x99dfx7() {
if (navigator.userAgent.match(/Mobi/i) || window.navigator.msMaxTouchPoints > 0) {
$($this).find("a").on("click touchstart", function(event) {
event.stopPropagation();
event.preventDefault();
window.location.href = $(this).attr("href");
$(this).parent("li").siblings("li").find("ul").stop(true, true).fadeOut(options.speed);
if ($(this).siblings("ul").css("display") == "none") {
$(this).siblings("ul").stop(true, true).fadeIn(options.speed);
} else {
$(this).siblings("ul").stop(true, true).fadeOut(options.speed);
$(this).siblings("ul").find("ul").stop(true, true).fadeOut(options.speed);
};
});
if (options.hideClickOut == true) {
$(document).bind("click.menu touchstart.menu", function(event) {
if ($(event.target).closest($this).length == 0) {
$($this).find("ul").fadeOut(options.speed);
};
});
};
} else {
$($this).find("li").bind("mouseenter", function() {
$(this).children("ul").stop(true, true).fadeIn(options.speed);
}).bind("mouseleave", function() {
$(this).children("ul").stop(true, true).fadeOut(options.speed);
});
};
};
function _0x99dfxa() {
$($this).find("li:not(.showhide)").each(function() {
if ($(this).children("ul").length > 0) {
$(this).children("a").on("click", function() {
if ($(this).siblings("ul").css("display") == "none") {
$(this).siblings("ul").slideDown(options.speed);
} else {
$(this).siblings("ul").slideUp(options.speed);
};
});
};
});
};
function _0x99dfxb() {
$($this).children("li:not(.showhide)").hide(0);
$($this).children("li.showhide").show(0).bind("click", function() {
if ($($this).children("li").is(":hidden")) {
$($this).children("li").slideDown(options.speed);
} else {
$($this).children("li:not(.showhide)").slideUp(options.speed);
$($this).children("li.showhide").show(0);
};
});
};
function _0x99dfxc() {
$($this).children("li").show(0);
$($this).children("li.showhide").hide(0);
};
function _0x99dfxd() {
$($this).children("li").addClass("right");
var $lis = $($this).children("li");
$($this).children("li:not(.showhide)").detach();
for (var length = $lis.length; length >= 1; length--) {
$($this).append($lis[length]);
};
};
function cleanup() {
$($this).find("li, a").unbind();
$(document).unbind("click.menu touchstart.menu");
$($this).find("ul").hide(0);
};
};
以下是我用于反混淆的一些代码:
<强> main.js
var fs = require('fs');
var name = '_0xc702';
var vars;
// Use eval for quick hex -> utf8 strings
eval('vars=' + fs.readFileSync('vars.json', 'utf8'));
var input = fs.readFileSync('input.js', 'utf8');
vars.forEach(function(value, key) {
input = input.replace(new RegExp(name + '\\['+key+'\\]', 'g'), '"'+ value +'"');
});
input = input.replace(/\["([a-zA-Z0-9]+)"\]/g, '.$1');
console.log(input);
<强> vars.json
["\x66\x6C\x65\x78\x79\x6D\x65\x6E\x75", "\x66\x6E", "\x68\x6F\x72\x69\x7A\x6F\x6E\x74\x61\x6C", "\x6C\x65\x66\x74", "\x65\x78\x74\x65\x6E\x64", "\x69\x6E\x6E\x65\x72\x57\x69\x64\x74\x68", "\x74\x79\x70\x65", "\x76\x65\x72\x74\x69\x63\x61\x6C", "\x61\x64\x64\x43\x6C\x61\x73\x73", "\x61\x6C\x69\x67\x6E", "\x72\x69\x67\x68\x74", "\x69\x6E\x64\x69\x63\x61\x74\x6F\x72", "\x6C\x65\x6E\x67\x74\x68", "\x75\x6C", "\x63\x68\x69\x6C\x64\x72\x65\x6E", "\x3C\x73\x70\x61\x6E\x20\x63\x6C\x61\x73\x73\x3D\x27\x69\x6E\x64\x69\x63\x61\x74\x6F\x72\x27\x3E\x2B\x3C\x2F\x73\x70\x61\x6E\x3E", "\x61\x70\x70\x65\x6E\x64", "\x65\x61\x63\x68", "\x6C\x69", "\x66\x69\x6E\x64", "\x3C\x6C\x69\x20\x63\x6C\x61\x73\x73\x3D\x27\x73\x68\x6F\x77\x68\x69\x64\x65\x27\x3E\x3C\x73\x70\x61\x6E\x20\x63\x6C\x61\x73\x73\x3D\x27\x74\x69\x74\x6C\x65\x27\x3E\x4D\x45\x4E\x55\x3C\x2F\x73\x70\x61\x6E\x3E\x3C\x73\x70\x61\x6E\x20\x63\x6C\x61\x73\x73\x3D\x27\x69\x63\x6F\x6E\x27\x3E\x3C\x65\x6D\x3E\x3C\x2F\x65\x6D\x3E\x3C\x65\x6D\x3E\x3C\x2F\x65\x6D\x3E\x3C\x65\x6D\x3E\x3C\x2F\x65\x6D\x3E\x3C\x65\x6D\x3E\x3C\x2F\x65\x6D\x3E\x3C\x2F\x73\x70\x61\x6E\x3E\x3C\x2F\x6C\x69\x3E", "\x70\x72\x65\x70\x65\x6E\x64", "\x72\x65\x73\x69\x7A\x65", "\x6D\x61\x74\x63\x68", "\x75\x73\x65\x72\x41\x67\x65\x6E\x74", "\x6D\x73\x4D\x61\x78\x54\x6F\x75\x63\x68\x50\x6F\x69\x6E\x74\x73", "\x6E\x61\x76\x69\x67\x61\x74\x6F\x72", "\x63\x6C\x69\x63\x6B\x20\x74\x6F\x75\x63\x68\x73\x74\x61\x72\x74", "\x73\x74\x6F\x70\x50\x72\x6F\x70\x61\x67\x61\x74\x69\x6F\x6E", "\x70\x72\x65\x76\x65\x6E\x74\x44\x65\x66\x61\x75\x6C\x74", "\x68\x72\x65\x66", "\x6C\x6F\x63\x61\x74\x69\x6F\x6E", "\x61\x74\x74\x72", "\x73\x70\x65\x65\x64", "\x66\x61\x64\x65\x4F\x75\x74", "\x73\x74\x6F\x70", "\x73\x69\x62\x6C\x69\x6E\x67\x73", "\x70\x61\x72\x65\x6E\x74", "\x64\x69\x73\x70\x6C\x61\x79", "\x63\x73\x73", "\x6E\x6F\x6E\x65", "\x66\x61\x64\x65\x49\x6E", "\x6F\x6E", "\x61", "\x68\x69\x64\x65\x43\x6C\x69\x63\x6B\x4F\x75\x74", "\x63\x6C\x69\x63\x6B\x2E\x6D\x65\x6E\x75\x20\x74\x6F\x75\x63\x68\x73\x74\x61\x72\x74\x2E\x6D\x65\x6E\x75", "\x63\x6C\x6F\x73\x65\x73\x74", "\x74\x61\x72\x67\x65\x74", "\x62\x69\x6E\x64", "\x6D\x6F\x75\x73\x65\x6C\x65\x61\x76\x65", "\x6D\x6F\x75\x73\x65\x65\x6E\x74\x65\x72", "\x63\x6C\x69\x63\x6B", "\x73\x6C\x69\x64\x65\x44\x6F\x77\x6E", "\x73\x6C\x69\x64\x65\x55\x70", "\x6C\x69\x3A\x6E\x6F\x74\x28\x2E\x73\x68\x6F\x77\x68\x69\x64\x65\x29", "\x68\x69\x64\x65", "\x3A\x68\x69\x64\x64\x65\x6E", "\x69\x73", "\x73\x68\x6F\x77", "\x6C\x69\x2E\x73\x68\x6F\x77\x68\x69\x64\x65", "\x64\x65\x74\x61\x63\x68", "\x75\x6E\x62\x69\x6E\x64", "\x6C\x69\x2C\x20\x61"];
input.js 包含您发布的内容,但第一行除外。
然后从命令行运行node main.js > out.js