javascript
破解JS加密:url unicode加密而已
結果: http://%77%77%77%2E%62%61%69%64%75%2E%63%6F%6D/
替換:http://\x77\x77\x77\x2E\x62\x61\x69\x64\x75\x2E\x63\x6F\x6D/
查看:在地址欄輸入javascript:alert("\x68\x6C\x61\x64\x66\x28\x29\x3B\x66\x75\x6E\x63\x74\x69\x6F\x6E\x20");
window.location.href='http://\x77\x77\x77\x2E\x62\x61\x69\x64\x75\x2E\x63\x6F\x6D/';
<script language="JavaScript">
window.location.href='\x20\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x62\x61\x69\x64\x75\x2E\x63\x6F\x6D/';
</script>
加密后:%63%61%6F%62%75%67%2E%63%6F%6D
替換后:\x63\x61\x6F\x62\x75\x67\x2E\x63\x6F\x6D
朋友發來一套盜用過來的DISCUZ模板,但打開網站會彈出提示框:Sorry!xxx.com,然后自動跳轉到原開發者網站,通過搜索N次也沒有找到代碼寫在何處。沒辦法了,誰讓小明哥這樣樂于助人呢,瞧瞧吧^_^。
本地安裝DISCUZ,接著將模板文件架構好。輸入:http://localhost/portal.php,沒有任何提示,好小子估計沒判斷?localhost。好吧,換成:http://127.0.0.1/portal.php?試試,有了…
當我們單擊確定的時候,將自動跳到開發者網站,悲痛呀!不過這樣做就顯然給我們留下入口,JS有多少種提示框彈出方式?試試最簡單的Alert吧。于是搜索?alert,所有文件中,僥幸找到一個。
彈出源碼:alert(_0xb200[10]),好吧,改成:alert('test'),刷新網頁,哈哈~預期彈出:test,看來是找對地方了。
于是刪除他的條件判斷:
| 1 | ;if(obj[_0xb200[7]](_0xb200[8])==0||obj[_0xb200[7]](_0xb200[9])==0){}else{alert(_0xb200[10]);window[_0xb200[2]][_0xb200[0]]=_0xb200[11];}; |
在刷新網頁,發現沒任何彈窗和任何跳轉了,這樣就解決了問題,但如果也想像作者一樣保護自己的“版權”,可以這樣:
其中_0xb200[7]這樣的形式,很顯然是數組,看看開發者如何申明遍歷的吧,本文件中搜索:_0xb200,找到了:
| 1 | var?_0xb200=["\x6C\x6F\x63\x61\x74\x69\x6F\x6E","\x72\x65\x70\x6C\x61\x63\x65","\x74\x6F\x70","\x68\x72\x65\x66","\x74\x6F\x4C\x6F\x77\x65\x72\x43\x61\x73\x65","\x73\x75\x62\x73\x74\x72","\x77\x77\x77\x2E","\x69\x6E\x64\x65\x78\x4F\x66","\x6C\x6F\x63\x61\x6C\x68\x6F\x73\x74","\x35\x69\x32\x33\x2E\x63\x6F\x6D","\x53\x6F\x72\x72\x79\x21\x20\x53\x69\x6E\x67\x63\x65\x72\x65\x2E\x4E\x65\x74","\x20\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x73\x69\x6E\x67\x63\x65\x72\x65\x2E\x6E\x65\x74"]; |
我去,加密了!解密還是比較簡單,讓瀏覽器去做。于是小明哥在桌面新創建了?test.html?文件,寫道:
| 1 2 3 4 5 6 | <script type="text/javascript"> ????var?_0xb200=["\x6C\x6F\x63\x61\x74\x69\x6F\x6E","\x72\x65\x70\x6C\x61\x63\x65","\x74\x6F\x70","\x68\x72\x65\x66","\x74\x6F\x4C\x6F\x77\x65\x72\x43\x61\x73\x65","\x73\x75\x62\x73\x74\x72","\x77\x77\x77\x2E","\x69\x6E\x64\x65\x78\x4F\x66","\x6C\x6F\x63\x61\x6C\x68\x6F\x73\x74","\x35\x69\x32\x33\x2E\x63\x6F\x6D","\x53\x6F\x72\x72\x79\x21\x20\x53\x69\x6E\x67\x63\x65\x72\x65\x2E\x4E\x65\x74","\x20\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x73\x69\x6E\x67\x63\x65\x72\x65\x2E\x6E\x65\x74"]; ????for(var?i =0; i < _0xb200.length; i++){ ????????alert(i +': '+ _0xb200[i]); ????} </script> |
運行?test.html?試試吧,結果輸出:
0:?location
1:?replace
2:?top
3:?href
4:?toLowerCase
5:?substr
6:?www.
7:?indexOf
8:?localhost
9:5i23.com
10:Sorry!Singcere.Net
11:??http://www.singcere.net
好小子,首先獲得頁面?URL,然后用?indexOf?截取判斷,最后彈出消息和跳到指定網站!于是小明哥把數組下標為9的5i23.com修改為自己的網站URL,然后數組下標為11的目標網頁修改自己成網站,將計就計,哈哈!
好吧,先找個轉換工具把我們新的URL用十六進制加密,然后將百分號(%)替換成:\x
實戰:caobug.com(數組?9)
工具:http://www.55la.cn/UrlCrypt/
加密后:%63%61%6F%62%75%67%2E%63%6F%6D
替換后:\x63\x61\x6F\x62\x75\x67\x2E\x63\x6F\x6D
彈出信息也替換了(數組?10):
加密后:%53%6F%72%72%79%21%20%43%61%6F%62%75%67%2E%63%6F%6D
替換后:\x53\x6F\x72\x72\x79\x21\x20\x43\x61\x6F\x62\x75\x67\x2E\x63\x6F\x6D
侵權后跳轉到(數組?11):
加密后:%77%77%77%2E%63%61%6F%62%75%67%2E%63%6F%6D(www.caobug.com)
替換后:\x20\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x63\x61\x6F\x62\x75\x67\x2E\x63\x6F\x6D(http://www.caobug.com)
其中,\x20\x68\x74\x74\x70\x3A\x2F\x2F?表示:http://,有的工具無法轉換,我們就自己添加上。
最終結果:
| 1 | var?_0xb200=["\x6C\x6F\x63\x61\x74\x69\x6F\x6E","\x72\x65\x70\x6C\x61\x63\x65","\x74\x6F\x70","\x68\x72\x65\x66","\x74\x6F\x4C\x6F\x77\x65\x72\x43\x61\x73\x65","\x73\x75\x62\x73\x74\x72","\x77\x77\x77\x2E","\x69\x6E\x64\x65\x78\x4F\x66","\x6C\x6F\x63\x61\x6C\x68\x6F\x73\x74","\x63\x61\x6F\x62\x75\x67\x2E\x63\x6F\x6D","\x53\x6F\x72\x72\x79\x21\x20\x43\x61\x6F\x62\x75\x67\x2E\x63\x6F\x6D","\x20\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x63\x61\x6F\x62\x75\x67\x2E\x63\x6F\x6D"]; |
我們粘貼到?test.html,看下能否正常輸出我們加密的字符串。
| 1 2 3 4 5 6 | <scripttype="text/javascript"> ????var?_0xb200=["\x6C\x6F\x63\x61\x74\x69\x6F\x6E","\x72\x65\x70\x6C\x61\x63\x65","\x74\x6F\x70","\x68\x72\x65\x66","\x74\x6F\x4C\x6F\x77\x65\x72\x43\x61\x73\x65","\x73\x75\x62\x73\x74\x72","\x77\x77\x77\x2E","\x69\x6E\x64\x65\x78\x4F\x66","\x6C\x6F\x63\x61\x6C\x68\x6F\x73\x74","\x63\x61\x6F\x62\x75\x67\x2E\x63\x6F\x6D","\x53\x6F\x72\x72\x79\x21\x20\x43\x61\x6F\x62\x75\x67\x2E\x63\x6F\x6D","\x20\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x63\x61\x6F\x62\x75\x67\x2E\x63\x6F\x6D"]; ????for(var?i =0; i < _0xb200.length; i++){ ????????alert(i +': '+ _0xb200[i]); ????} </script> |
輸出結果:
0:?location
1:?replace
2:?top
3:?href
4:?toLowerCase
5:?substr
6:?www.
7:?indexOf
8:?localhost
9:?caobug.com
10:?Sorry!?Caobug.com
11:??http://www.caobug.com
哇塞,一次成功。我們到此就可以替換開發者提供的文件啦~
| 1 | var?_0xb200=["\x6C\x6F\x63\x61\x74\x69\x6F\x6E","\x72\x65\x70\x6C\x61\x63\x65","\x74\x6F\x70","\x68\x72\x65\x66","\x74\x6F\x4C\x6F\x77\x65\x72\x43\x61\x73\x65","\x73\x75\x62\x73\x74\x72","\x77\x77\x77\x2E","\x69\x6E\x64\x65\x78\x4F\x66","\x6C\x6F\x63\x61\x6C\x68\x6F\x73\x74","\x35\x69\x32\x33\x2E\x63\x6F\x6D","\x53\x6F\x72\x72\x79\x21\x20\x53\x69\x6E\x67\x63\x65\x72\x65\x2E\x4E\x65\x74","\x20\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x73\x69\x6E\x67\x63\x65\x72\x65\x2E\x6E\x65\x74"]; |
替換成:
| 1 | var?_0xb200=["\x6C\x6F\x63\x61\x74\x69\x6F\x6E","\x72\x65\x70\x6C\x61\x63\x65","\x74\x6F\x70","\x68\x72\x65\x66","\x74\x6F\x4C\x6F\x77\x65\x72\x43\x61\x73\x65","\x73\x75\x62\x73\x74\x72","\x77\x77\x77\x2E","\x69\x6E\x64\x65\x78\x4F\x66","\x6C\x6F\x63\x61\x6C\x68\x6F\x73\x74","\x63\x61\x6F\x62\x75\x67\x2E\x63\x6F\x6D","\x53\x6F\x72\x72\x79\x21\x20\x43\x61\x6F\x62\x75\x67\x2E\x63\x6F\x6D","\x20\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x63\x61\x6F\x62\x75\x67\x2E\x63\x6F\x6D"]; |
最后成功了,我們使用?127.0.0.1?等其它域名訪問都會彈出提示框,然后跳到?caobug.com?網站。
到這里,問題就解決了,也實現了我們的想法。假期結束了,還沒睡夠呢~
轉載于:https://www.cnblogs.com/alex-13/p/3441596.html
總結
以上是生活随笔為你收集整理的破解JS加密:url unicode加密而已的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 编码应该运筹帷幄之中,决胜千里之外
- 下一篇: 华为OD机试题 - 竖直四子棋(Java