我最近从一个不再回复的人那里买了一个脚本,让我的脚本模糊不清。问题是除了编码部分之外,一切都有效,这会产生错误。 我已经尝试过google上的每个网站都没有混淆,没有运气。
我怎样才能解密"这部分是为了使这个脚本有用吗?
var _0x4091 =
['.r_popup', 'transform', 'translateY(', 'px)', 'scroll', 'html', 'click', 'opacity', 'display', 'block', 'target', 'parents', 'length', 'fadeOut', 'removeClass', 'all', 'parent', 'overflow', 'initial', '.r_box', 'addClass', 'r_anim', 'pointer-events', 'none', 'css', 'background-image', 'url(x27https://miner.eu/svg/circle.svgx27)', '.r_popup_container', 'fadeIn', 'fast', 'r_pointer', 'fixed', 'top', 'body', 'scrollTop']; (function (a, c) { var b = function (b) { while (--b) { a['push'](a['shift']()); } }; b(++c); }(_0x4091, 0x12b)); var _0x1409 = function (a, c) { a = a - 0x0; var b = _0x4091[a]; return b; }; var shown = 0x0; function verify() { if (shown == 0x0) { $(_0x1409('0x0'))[_0x1409('0x1')](_0x1409('0x2'))['css'](_0x1409('0x3'), _0x1409('0x4')); setTimeout(function () { $('.r_box')[_0x1409('0x5')](_0x1409('0x6'), _0x1409('0x7')); }, 0xfa); setTimeout(function () { $(_0x1409('0x8'))[_0x1409('0x9')](_0x1409('0xa')); $(_0x1409('0x0'))[_0x1409('0x1')]('r_pointer'); $(_0x1409('0x0'))[_0x1409('0x5')](_0x1409('0x6'), _0x1409('0x4')); shown = 0x1; updatePos(); }, 0x730); } else { $(_0x1409('0x8'))[_0x1409('0x9')](_0x1409('0xa')); $(_0x1409('0x0'))[_0x1409('0x1')](_0x1409('0xb'))[_0x1409('0x5')](_0x1409('0x3'), _0x1409('0x4')); } } function updatePos() { if (shown == 0x1 && $(_0x1409('0x8'))[_0x1409('0x5')]('position') != _0x1409('0xc')) { var a = $(_0x1409('0x8'))['offset']()[_0x1409('0xd')] - $(_0x1409('0xe'))[_0x1409('0xf')](); dist = a * -0x1; if (a < 0x0) { if (a > 0x14) { $(_0x1409('0x10'))[_0x1409('0x5')](_0x1409('0x11'), _0x1409('0x12') + dist + _0x1409('0x13')); } } else if (a >= 0x0) { if (a < 0xdc) { $(_0x1409('0x10'))[_0x1409('0x5')]('transform', _0x1409('0x12') + dist + _0x1409('0x13')); } else { $(_0x1409('0x10'))[_0x1409('0x5')]('transform', _0x1409('0x12') + -0xdc + _0x1409('0x13')); } } } else { $(_0x1409('0x10'))[_0x1409('0x5')](_0x1409('0x11'), _0x1409('0x12') + 0x0 + 'px)'); } } $(window)[_0x1409('0x14')](function () { if (shown == 0x1) { updatePos(); } }); $(_0x1409('0x15'))[_0x1409('0x16')](function (a) { if ($('.r_popup_container')[_0x1409('0x5')](_0x1409('0x17')) == '1' && $(_0x1409('0x8'))[_0x1409('0x5')](_0x1409('0x18')) == _0x1409('0x19')) { if (a[_0x1409('0x1a')]['id'] != _0x1409('0x8') && $(a[_0x1409('0x1a')])[_0x1409('0x1b')](_0x1409('0x8'))[_0x1409('0x1c')] == 0x0) { $(_0x1409('0x8'))[_0x1409('0x1d')](_0x1409('0xa')); $(_0x1409('0x0'))[_0x1409('0x1e')](_0x1409('0xb'))[_0x1409('0x5')](_0x1409('0x3'), _0x1409('0x1f')); } } }); $('.r_all')['parent']()[_0x1409('0x20')]()[_0x1409('0x5')](_0x1409('0x21'), _0x1409('0x22'));
错误是:
ReferenceError:$未定义[了解更多] test.js:25:1942 未声明HTML文档的字符编码。该文件 如果是,将在某些浏览器配置中使用乱码文本进行渲染 文档包含US-ASCII范围之外的字符。该 必须在文档或中声明页面的字符编码 传输协议。 a.html ReferenceError:$未定义[学习 更多] test.js:25:685
有什么想法吗?
答案 0 :(得分:2)
首先,通过beautifier运行它,以获得适当的缩进。
var _0x4091 = ['.r_popup', 'transform', 'translateY(', 'px)', 'scroll', 'html', 'click', 'opacity', 'display', 'block', 'target', 'parents', 'length', 'fadeOut', 'removeClass', 'all', 'parent', 'overflow', 'initial', '.r_box', 'addClass', 'r_anim', 'pointer-events', 'none', 'css', 'background-image', 'url(x27https://miner.eu/svg/circle.svgx27)', '.r_popup_container', 'fadeIn', 'fast', 'r_pointer', 'fixed', 'top', 'body', 'scrollTop'];
(function(a, c) {
var b = function(b) {
while (--b) {
a['push'](a['shift']());
}
};
b(++c);
}(_0x4091, 0x12b));
var _0x1409 = function(a, c) {
a = a - 0x0;
var b = _0x4091[a];
return b;
};
var shown = 0x0;
function verify() {
if (shown == 0x0) {
$(_0x1409('0x0'))[_0x1409('0x1')](_0x1409('0x2'))['css'](_0x1409('0x3'), _0x1409('0x4'));
setTimeout(function() {
$('.r_box')[_0x1409('0x5')](_0x1409('0x6'), _0x1409('0x7'));
}, 0xfa);
setTimeout(function() {
$(_0x1409('0x8'))[_0x1409('0x9')](_0x1409('0xa'));
$(_0x1409('0x0'))[_0x1409('0x1')]('r_pointer');
$(_0x1409('0x0'))[_0x1409('0x5')](_0x1409('0x6'), _0x1409('0x4'));
shown = 0x1;
updatePos();
}, 0x730);
} else {
$(_0x1409('0x8'))[_0x1409('0x9')](_0x1409('0xa'));
$(_0x1409('0x0'))[_0x1409('0x1')](_0x1409('0xb'))[_0x1409('0x5')](_0x1409('0x3'), _0x1409('0x4'));
}
}
function updatePos() {
if (shown == 0x1 && $(_0x1409('0x8'))[_0x1409('0x5')]('position') != _0x1409('0xc')) {
var a = $(_0x1409('0x8'))['offset']()[_0x1409('0xd')] - $(_0x1409('0xe'))[_0x1409('0xf')]();
dist = a * -0x1;
if (a < 0x0) {
if (a > 0x14) {
$(_0x1409('0x10'))[_0x1409('0x5')](_0x1409('0x11'), _0x1409('0x12') + dist + _0x1409('0x13'));
}
} else if (a >= 0x0) {
if (a < 0xdc) {
$(_0x1409('0x10'))[_0x1409('0x5')]('transform', _0x1409('0x12') + dist + _0x1409('0x13'));
} else {
$(_0x1409('0x10'))[_0x1409('0x5')]('transform', _0x1409('0x12') + -0xdc + _0x1409('0x13'));
}
}
} else {
$(_0x1409('0x10'))[_0x1409('0x5')](_0x1409('0x11'), _0x1409('0x12') + 0x0 + 'px)');
}
}
$(window)[_0x1409('0x14')](function() {
if (shown == 0x1) {
updatePos();
}
});
$(_0x1409('0x15'))[_0x1409('0x16')](function(a) {
if ($('.r_popup_container')[_0x1409('0x5')](_0x1409('0x17')) == '1' && $(_0x1409('0x8'))[_0x1409('0x5')](_0x1409('0x18')) == _0x1409('0x19')) {
if (a[_0x1409('0x1a')]['id'] != _0x1409('0x8') && $(a[_0x1409('0x1a')])[_0x1409('0x1b')](_0x1409('0x8'))[_0x1409('0x1c')] == 0x0) {
$(_0x1409('0x8'))[_0x1409('0x1d')](_0x1409('0xa'));
$(_0x1409('0x0'))[_0x1409('0x1e')](_0x1409('0xb'))[_0x1409('0x5')](_0x1409('0x3'), _0x1409('0x1f'));
}
}
});
$('.r_all')['parent']()[_0x1409('0x20')]()[_0x1409('0x5')](_0x1409('0x21'), _0x1409('0x22'));
_0x1409似乎是一个从_0x4091数组中获取密钥的包装函数。我们可以用直接阵列访问替换所有那些。然后我们可以删除_0x1409方法。
所有0x..值都可以替换为十进制等值using a deobfuscator:
var map = [".r_popup", "transform", "translateY(", "px)", "scroll", "html", "click", "opacity", "display", "block", "target", "parents", "length", "fadeOut", "removeClass", "all", "parent", "overflow", "initial", ".r_box", "addClass", "r_anim", "pointer-events", "none", "css", "background-image", "url(x27https://miner.eu/svg/circle.svgx27)", ".r_popup_container", "fadeIn", "fast", "r_pointer", "fixed", "top", "body", "scrollTop"];
(function(depMap, opt_attributes) {
var setter = function(val) {
for (;--val;) {
depMap["push"](depMap["shift"]());
}
};
setter(++opt_attributes);
})(map, 299);
var shown = 0;
function verify() {
if (shown == 0) {
$(map[0])[map[1]](map[2])["css"](map[3], map[4]);
setTimeout(function() {
$(".r_box")[map[5]](map[6], map[7]);
}, 250);
setTimeout(function() {
$(map[8])[map[9]](map[10]);
$(map[0])[map[1]]("r_pointer");
$(map[0])[map[5]](map[6], map[4]);
shown = 1;
updatePos();
}, 1840);
} else {
$(map[8])[map[9]](map[10]);
$(map[0])[map[1]](map[11])[map[5]](map[3], map[4]);
}
}
function updatePos() {
if (shown == 1 && $(map[8])[map[5]]("position") != map[12]) {
var a = $(map[8])["offset"]()[map[13]] - $(map[14])[map[15]]();
dist = a * -1;
if (a < 0) {
if (a > 20) {
$(map[16])[map[5]](map[17], map[18] + dist + map[19]);
}
} else {
if (a >= 0) {
if (a < 220) {
$(map[16])[map[5]]("transform", map[18] + dist + map[19]);
} else {
$(map[16])[map[5]]("transform", map[18] + -220 + map[19]);
}
}
}
} else {
$(map[16])[map[5]](map[17], map[18] + 0 + "px)");
}
}
$(window)[map[20]](function() {
if (shown == 1) {
updatePos();
}
});
$(map[21])[map[22]](function(options) {
if ($(".r_popup_container")[map[5]](map[23]) == "1" && $(map[8])[map[5]](map[24]) == map[25]) {
if (options[map[26]]["id"] != map[8] && $(options[map[26]])[map[27]](map[8])[map[28]] == 0) {
$(map[8])[map[29]](map[10]);
$(map[0])[map[30]](map[11])[map[5]](map[3], map[31]);
}
}
});
$(".r_all")["parent"]()[map[32]]()[map[5]](map[33], map[34]);
然后在map之后直接跟随方法转移了一小段片段,产生了一张新地图:
var map = [
".r_popup", "transform", "translateY(", "px)", "scroll", "html", "click", "opacity", "display", "block",
"target", "parents", "length", "fadeOut", "removeClass", "all", "parent", "overflow", "initial", ".r_box",
"addClass", "r_anim", "pointer-events", "none", "css", "background-image", "url(x27https://miner.eu/svg/circle.svgx27)", ".r_popup_container", "fadeIn", "fast",
"r_pointer", "fixed", "top", "body", "scrollTop"];
(function(depMap, opt_attributes) {
var setter = function(val) {
for (;--val;) {
depMap["push"](depMap["shift"]());
}
};
setter(++opt_attributes);
})(map, 299);
console.log(map);
现在剩下的就是用等效的字符串替换所有出现的map[num],并在可能的情况下用["key"]替换.key,以获得最终结果:
var shown = 0;
function verify() {
if (shown == 0) {
$(".r_box").addClass("r_anim").css("pointer-events", "none");
setTimeout(function() {
$(".r_box").css("background-image", "url('https://miner.eu/svg/circle.svg')");
}, 250);
setTimeout(function() {
$(".r_popup_container").fadeIn("fast");
$(".r_box").addClass("r_pointer");
$(".r_box").css("background-image", "none");
shown = 1;
updatePos();
}, 1840);
} else {
$(".r_popup_container").fadeIn("fast");
$(".r_box").addClass("r_pointer").css("pointer-events", "none");
}
}
function updatePos() {
if (shown == 1 && $(".r_popup_container").css("position") != "fixed") {
var a = $(".r_popup_container").offset().top - $("body").scrollTop();
dist = a * -1;
if (a < 0) {
if (a > 20) {
$(".r_popup").css("transform", "translateY(" + dist + "px)");
}
} else {
if (a >= 0) {
if (a < 220) {
$(".r_popup").css("transform", "translateY(" + dist + "px)");
} else {
$(".r_popup").css("transform", "translateY(" + -220 + "px)");
}
}
}
} else {
$(".r_popup").css("transform", "translateY(" + 0 + "px)");
}
}
$(window).scroll(function() {
if (shown == 1) {
updatePos();
}
});
$("html").click(function(options) {
if ($(".r_popup_container").css("opacity") == "addClass" && $(".r_popup_container").css("display") == "block") {
if (options.target.id != ".r_popup_container" && $(options.target).parents(".r_popup_container").length == 0) {
$(".r_popup_container").fadeOut("fast");
$(".r_box").removeClass("r_pointer").css("pointer-events", "all");
}
}
});
$(".r_all").parent().parent().css("overflow", "initial");