科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>encoding - decode eval function in javascript? - Stack Overflow

    encoding - decode eval function in javascript? - Stack Overflow

    programmeradmin1浏览0评论

    I got this a function eval in javascript - but i don't know how read it? how does this generate or decode the string? or simply how is this code?

    thanks for help!

    I got this a function eval in javascript - http://pastebin./E1PXQeKj but i don't know how read it? how does this generate or decode the string? or simply how is this code?

    thanks for help!

    • javascript
    • encoding
    • eval
    • decode
    Share Improve this question asked Jun 7, 2011 at 10:34 David BrooksDavid Brooks 171 gold badge1 silver badge4 bronze badges
    Add a ment  | 

    2 Answers 2

    Reset to default 5

    Paste it in http://jsbeautifier/ and it reveals:

    var secret = 'dDGSUW1QU01JaVZNTWFFN0pWcm2RZkE6MD';

    To do it manually, find the end of the eval function and replace eval by alert or whatever debugging function you use. Line 2 can be handled in that way.

    Line 3 formatted looks like: var _9581

    ;
var _8438 = '196E84D180D984E928C920F980E928D988C652F768E652F680B924F808E924A724E916A872C1000A720A848E872F868D980E864C796E940A724B912F724B732B724B924C876C956D836C912C864A804E1008E840C868A800A740A832E848B680D760F';
var _5668 = /[\x41\x42\x43\x44\x45\x46]/;
var _9413 = 2;
var _9565 = _8438.charAt(_8438.length - 1);
var _5032;
var _9978 = _8438.split(_5668);
var _4678 = [String.fromCharCode, isNaN, parseInt, String];
_9978[1] = _4678[_9413 + 1](_4678[_9413](_9978[1]) / 21);
var _6432 = (_9413 == 7) ? String : eval;
_5032 = '';
_11 = _4678[_9413](_9978[0]) / _4678[_9413](_9978[1]);
for (_9581 = 3; _9581 < _11; _9581++) _5032 += (_4678[_9413 - 2]((_4678[_9413](_9978[_9581]) + _4678[_9413](_9978[2]) + _4678[_9413](_9978[1])) / _4678[_9413](_9978[1]) - _4678[_9413](_9978[2]) + _4678[_9413](_9978[1]) - 1));
_6432(_5032);

    Now analyse it yourself. Care should be taken when something is executeable. Constructs like foo(bar).

    Decoding in progress:

    var _9581;
var _8438 = '196E84D180D984E928C920F980E928D988C652F768E652F680B924F808E924A724E916A872C1000A720A848E872F868D980E864C796E940A724B912F724B732B724B924C876C956D836C912C864A804E1008E840C868A800A740A832E848B680D760F';
var _5668 = /[ABCDEF]/;
var _9413 = 2;
var _9565 = "F";
var _5032;
var _9978 = [196, 84, 180, 984, 928, 920, 980, 928, 988, 652, 768, 652, 680, 924, 808, 924, 724, 916, 872, 1000, 720, 848, 872, 868, 980, 864, 796, 940, 724, 912, 724, 732, 724, 924, 876, 956, 836, 912, 864, 804, 1008, 840, 868, 800, 740, 832, 848, 680, 760, ];
var _4678 = [String.fromCharCode, isNaN, parseInt, String];
_9978[1] = "4"; //String(parseInt(84) / 21)
var _6432 = eval;
_5032 = '';
_11 = 49; //parseInt(196) / parseInt(4);
for (_9581 = 3; _9581 < _11; _9581++) {
    //_5032 += (String.fromCharCode((parseInt(_9978[_9581]) + parseInt(180) + parseInt(4)) / parseInt(4) - parseInt(180) + parseInt(4) - 1));
    _5032 += String.fromCharCode((parseInt(_9978[_9581]) + 184) / 4 - 177);
}
// so from here one, we can safely assume that the code is NOT executable
//_6432(_5032);
console.log(_5032);

    Yields:

    secret = 'dGd3bWw1QWVrUDh2a412dXl2aUFyOVE6MQ';

    Conclusion:

    • The first packer is to confuse people who manage to decode it.
    • The second code actually changes the secret variable

    Here is unpacker for code encoded in such a way http://www.strictly-software./unpacker. It seems the only thing this code do is:

    ver secret = 'dGd3bWw1QWVrUDh1a242dXlNaUFyOVE6MQ';

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论
    ok 不同模板 switch ($forum['model']) { /*case '0': include _include(APP_PATH . 'view/htm/read.htm'); break;*/ default: include _include(theme_load('read', $fid)); break; } } break; case '10': // 主题外链 / thread external link http_location(htmlspecialchars_decode(trim($thread['description']))); break; case '11': // 单页 / single page $attachlist = array(); $imagelist = array(); $thread['filelist'] = array(); $threadlist = NULL; $thread['files'] > 0 and list($attachlist, $imagelist, $thread['filelist']) = well_attach_find_by_tid($tid); $data = data_read_cache($tid); empty($data) and message(-1, lang('data_malformation')); $tidlist = $forum['threads'] ? page_find_by_fid($fid, $page, $pagesize) : NULL; if ($tidlist) { $tidarr = arrlist_values($tidlist, 'tid'); $threadlist = well_thread_find($tidarr, $pagesize); // 按之前tidlist排序 $threadlist = array2_sort_key($threadlist, $tidlist, 'tid'); } $allowpost = forum_access_user($fid, $gid, 'allowpost'); $allowupdate = forum_access_mod($fid, $gid, 'allowupdate'); $allowdelete = forum_access_mod($fid, $gid, 'allowdelete'); $access = array('allowpost' => $allowpost, 'allowupdate' => $allowupdate, 'allowdelete' => $allowdelete); $header['title'] = $thread['subject']; $header['mobile_link'] = $thread['url']; $header['keywords'] = $thread['keyword'] ? $thread['keyword'] : $thread['subject']; $header['description'] = $thread['description'] ? $thread['description'] : $thread['brief']; $_SESSION['fid'] = $fid; if ($ajax) { empty($conf['api_on']) and message(0, lang('closed')); $apilist['header'] = $header; $apilist['extra'] = $extra; $apilist['access'] = $access; $apilist['thread'] = well_thread_safe_info($thread); $apilist['thread_data'] = $data; $apilist['forum'] = $forum; $apilist['imagelist'] = $imagelist; $apilist['filelist'] = $thread['filelist']; $apilist['threadlist'] = $threadlist; message(0, $apilist); } else { include _include(theme_load('single_page', $fid)); } break; default: message(-1, lang('data_malformation')); break; } ?>