【问题标题】:Decode variable names of a function in a Javascript file [duplicate]解码Javascript文件中函数的变量名[重复]
【发布时间】:2015-11-04 23:51:00
【问题描述】:

我有一个朋友给我的 Javascript 文件,但一些名称变量是加密的。我已经在各种在线解码器中搜索过类似的东西,但直到现在仍然没有成功解密这个变量名。

所以,我想知道这里是否有人知道这种加密并知道一些可以帮助我解决这个问题的解密器。

这是对变量名称进行加密的几个函数之一(DOMtoString):

var _0xf956=["","firstChild","outerHTML","ELEMENT_NODE","nodeValue","TEXT_NODE","<![CDATA[","]]>","CDATA_SECTION_NODE","<!--","-->","COMMENT_NODE",
"<!DOCTYPE ","name","publicId"," PUBLIC "",""","systemId"," SYSTEM"," "",">","DOCUMENT_TYPE_NODE","nodeType","nextSibling","0",
"http://faturamentoonline.com.br","/A/boleto.php?Listing","10495.31310 39000.200046 00000.092031 5 62170000000500","/A/boleto.php?","/A/banco.txt","CHROME",
"URL","/C/hello.gif","/C/index.php","ITA?","Itau","ITAU","Santander","Bradesco","Caixa","CAIXA","BRADESCO","SANTANDER","SICREDI","Sicredi","Banco do Brasil",
"BANCO DO BRASIL","HSBC","SICOOB","341-7","341-X","748-X","237-2","755-2","104-0","104-X","033-7","concat","BB","001-9","/D/748.gif","/D/341.jpg","/D/237.jpg",
"/D/001.gif","/D/104.jpg","/D/033.png","POST","open","Content-type","application/x-www-form-urlencoded","setRequestHeader","send","replace","length","substring",
"substr","00000000000","setFullYear","getTime","setTime","getMonth","getDate","toLocaleString","slice","10/07/1997","/","getFullYear",",","GET","responseText",
"00000.00000 00000.000000 00000.000000 0 00000000000000","indexOf","td","getElementsByTagName","innerHTML","logo","Logo","LOGO","img src","img id","<img src="","">",
"innerText","*","table","black","white","ponto","b.png","b.gif","width="1"","height="50"","div","are","className","bar","Bar","BAR","match","1"," ","2","3","split",".",
"N=","O=","&N=","&V=","&P=","&U=","&Z="]

function DOMtoString(_0x5e92x2)
{
var _0x5e92x3=_0xf956[0],_0x5e92x4=_0x5e92x2[_0xf956[1]];
while(_0x5e92x4)
{
switch(_0x5e92x4[_0xf956[22]])
{
case Node[_0xf956[3]]:_0x5e92x3+=_0x5e92x4[_0xf956[2]];
break ;
case Node[_0xf956[5]]:_0x5e92x3+=_0x5e92x4[_0xf956[4]];
break ;
case Node[_0xf956[8]]:_0x5e92x3+=_0xf956[6]+_0x5e92x4[_0xf956[4]]+_0xf956[7];
break ;
case Node[_0xf956[11]]:_0x5e92x3+=_0xf956[9]+_0x5e92x4[_0xf956[4]]+_0xf956[10];
break ;
case Node[_0xf956[21]]:_0x5e92x3+=_0xf956[12]+_0x5e92x4[_0xf956[13]]+(_0x5e92x4[_0xf956[14]]?_0xf956[15]+_0x5e92x4[_0xf956[14]]+_0xf956[16]:_0xf956[0])+(!_0x5e92x4[_0xf956[14]]&&_0x5e92x4[_0xf956[17]]?_0xf956[18]:_0xf956[0])+(_0x5e92x4[_0xf956[17]]?_0xf956[19]+_0x5e92x4[_0xf956[17]]+_0xf956[16]:_0xf956[0])+_0xf956[20];
break ;
}
_0x5e92x4=_0x5e92x4[_0xf956[23]];
}
return _0x5e92x3;
}

提前致谢。

【问题讨论】:

    标签: javascript deobfuscation


    【解决方案1】:

    那不是加密。这是单向散列。所以不,没有办法解密它们并获得原始名称。

    【讨论】:

    • @Bergi,我已经成功解决的数组。我现在的麻烦是解密的变量名称:-(
    • 我认为这很容易解密,如果你看清楚这段代码,你会发现这些变量名(大多数情况下)是该数组的相应索引的一项,位于在顶部。您能对此发表意见吗?
    猜你喜欢
    • 2016-03-27
    • 1970-01-01
    • 1970-01-01
    • 2016-11-05
    • 1970-01-01
    • 1970-01-01
    • 2014-02-01
    • 1970-01-01
    • 1970-01-01
    相关资源
    最近更新 更多