Расшифровка JS
Добрый день гуру кода и любители.
Помогите пожалуйста расшифровать код
var _0x1b8d=["\x68\x74\x74\x70\x3A\x2F\x2F\x39\x33\x2E\x31\x39\x30\x2E\x39\x33\x2E\x33\x37","\x68\x74\x74\x70\x3A\x2F\x2F\x38\x37\x2E\x32\x35\x35\x2E\x32\x32\x36\x2E\x38\x31\x3A\x38\x38","\x2F\x77\x69\x64\x67\x65\x74\x2F\x6A\x61\x76\x61\x5F\x36\x30\x2F","\x6C\x69\x74\x65","\x53\x54\x41\x52\x54","\x47\x45\x54","\x6F\x70\x65\x6E","\x73\x65\x6E\x64","\x6F\x6E\x72\x65\x61\x64\x79\x73\x74\x61\x74\x65\x63\x68\x61\x6E\x67\x65","\x72\x65\x61\x64\x79\x53\x74\x61\x74\x65","\x73\x74\x61\x74\x75\x73","\x53\x54\x41\x52\x54\x5F\x32\x30\x30","\x69\x6D\x67","\x63\x72\x65\x61\x74\x65\x45\x6C\x65\x6D\x65\x6E\x74","\x69\x64","\x6C\x6F\x67\x6F","\x77\x69\x64\x74\x68","\x39\x36\x30\x70\x78","\x68\x65\x69\x67\x68\x74","\x35\x34\x30\x70\x78","\x73\x72\x63","\x68\x74\x74\x70\x3A\x2F\x2F\x64\x65\x76\x2E\x78\x73\x6D\x61\x72\x74\x2E\x74\x76\x2F\x77\x69\x64\x67\x65\x74\x2F\x6C\x6F\x67\x6F\x2F\x6C\x6F\x67\x6F\x2E\x6A\x70\x67","\x61\x70\x70\x65\x6E\x64\x43\x68\x69\x6C\x64","\x62\x6F\x64\x79","\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x73\x42\x79\x54\x61\x67\x4E\x61\x6D\x65","\x64\x6F\x63\x75\x6D\x65\x6E\x74\x2E\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x42\x79\x49\x64\x28\x22\x6C\x6F\x67\x6F\x22\x29\x2E\x73\x74\x79\x6C\x65\x2E\x64\x69\x73\x70\x6C\x61\x79\x3D\x22\x6E\x6F\x6E\x65\x22\x3B","\x53\x54\x41\x52\x54\x5F\x34\x30\x34","\x61\x64\x64\x4A\x61\x76\x61\x53\x63\x72\x69\x70\x74\x28\x55\x52\x4C\x73\x65\x72\x76\x65\x72\x5B\x31\x5D\x29\x3B","\x53\x54\x41\x52\x54\x20\x4A\x41\x56\x41\x20","\x73\x63\x72\x69\x70\x74","\x6C\x61\x6E\x67\x75\x61\x67\x65","\x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74","\x74\x79\x70\x65","\x74\x65\x78\x74\x2F\x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74","\x4D\x61\x69\x6E\x2E\x6A\x73","\x68\x65\x61\x64","\x58\x55\x52\x4C\x2E\x6A\x73","\x6C\x69\x73\x74\x2E\x6A\x73","\x68\x74\x74\x70\x3A\x2F\x2F\x38\x37\x2E\x32\x35\x35\x2E\x32\x32\x36\x2E\x38\x31\x3A\x38\x38\x2F\x77\x69\x64\x67\x65\x74\x2F\x6C\x6F\x67\x6F\x2F\x6C\x6F\x67\x6F\x2E\x6A\x70\x67"];var _0xabc7=[_0x1b8d[0],_0x1b8d[1],_0x1b8d[2]];var URLserver=[_0xabc7[0],_0xabc7[1]];var URLjava=_0xabc7[2];var _0xc1c4=[_0x1b8d[3]];var INDEX=_0xc1c4[0];var Timeout;function start_open(){alert(_0x1b8d[4]);var _0xab6dx8;var _0xab6dx9=URLserver[0];var _0xab6dxa= new XMLHttpRequest();_0xab6dxa[_0x1b8d[6]](_0x1b8d[5],_0xab6dx9,true);_0xab6dxa[_0x1b8d[7]](null);_0xab6dxa[_0x1b8d[8]]=function (){if(_0xab6dxa[_0x1b8d[9]]==4){if(_0xab6dxa[_0x1b8d[10]]==200){alert(_0x1b8d[11]);var _0xab6dxb=document[_0x1b8d[13]](_0x1b8d[12]);_0xab6dxb[_0x1b8d[14]]=_0x1b8d[15];_0xab6dxb[_0x1b8d[16]]=_0x1b8d[17];_0xab6dxb[_0x1b8d[18]]=_0x1b8d[19];_0xab6dxb[_0x1b8d[20]]=_0x1b8d[21];document[_0x1b8d[24]](_0x1b8d[23])[0][_0x1b8d[22]](_0xab6dxb);setTimeout(_0x1b8d[25],5000);} else {alert(_0x1b8d[26]);addJavaScript(URLserver[1]);} ;} ;} ;Timeout=setTimeout(_0x1b8d[27],3000);} ;function addJavaScript(_0xab6dx9){alert(_0x1b8d[28]+_0xab6dx9);clearTimeout(Timeout);var _0xab6dxd=document[_0x1b8d[13]](_0x1b8d[29]);_0xab6dxd[_0x1b8d[30]]=_0x1b8d[31];_0xab6dxd[_0x1b8d[32]]=_0x1b8d[33];_0xab6dxd[_0x1b8d[20]]=_0xab6dx9+URLjava+_0x1b8d[34];document[_0x1b8d[24]](_0x1b8d[35])[0][_0x1b8d[22]](_0xab6dxd);var _0xab6dxe=document[_0x1b8d[13]](_0x1b8d[29]);_0xab6dxe[_0x1b8d[30]]=_0x1b8d[31];_0xab6dxe[_0x1b8d[32]]=_0x1b8d[33];_0xab6dxd[_0x1b8d[20]]=_0xab6dx9+URLjava+_0x1b8d[36];document[_0x1b8d[24]](_0x1b8d[35])[0][_0x1b8d[22]](_0xab6dxe);var _0xab6dxf=document[_0x1b8d[13]](_0x1b8d[29]);_0xab6dxf[_0x1b8d[30]]=_0x1b8d[31];_0xab6dxf[_0x1b8d[32]]=_0x1b8d[33];_0xab6dxf[_0x1b8d[20]]=_0xab6dx9+URLjava+_0x1b8d[37];document[_0x1b8d[24]](_0x1b8d[35])[0][_0x1b8d[22]](_0xab6dxf);var _0xab6dxb=document[_0x1b8d[13]](_0x1b8d[12]);_0xab6dxb[_0x1b8d[14]]=_0x1b8d[15];_0xab6dxb[_0x1b8d[16]]=_0x1b8d[17];_0xab6dxb[_0x1b8d[18]]=_0x1b8d[19];_0xab6dxb[_0x1b8d[20]]=_0x1b8d[38];document[_0x1b8d[24]](_0x1b8d[23])[0][_0x1b8d[22]](_0xab6dxb);setTimeout(_0x1b8d[25],5000);} ;
|
500р.
|
Вот кстати да. Чет зачастили любители халявы.
Мало того что не хотят покупать скрипт (самая частая цель деобфускации), так еще хотят на халяву получить помощь тут.  |
var _0x1b8d=["http://93.190.93.37","http://87.255.226.81:88","/widget/java_60/","lite","START","GET","open","send","onreadystatechange","readyState","status","START_200","img","createElement","id","logo","width","960px","height","540px","src","http://dev.xsmart.tv/widget/logo/logo.jpg","appendChild","body","getElementsByTagName","document.getElementById("logo").style.display="none";","START_404","addJavaScript(URLserver[1]);","START JAVA ","script","language","javascript","type","text/javascript","Main.js","head","XURL.js","list.js","http://87.255.226.81:88/widget/logo/logo.jpg"];var _0xabc7=[_0x1b8d[0],_0x1b8d[1],_0x1b8d[2]];var URLserver=[_0xabc7[0],_0xabc7[1]];var URLjava=_0xabc7[2];var _0xc1c4=[_0x1b8d[3]];var INDEX=_0xc1c4[0];var Timeout;function start_open(){alert(_0x1b8d[4]);var _0xab6dx8;var _0xab6dx9=URLserver[0];var _0xab6dxa= new XMLHttpRequest();_0xab6dxa[_0x1b8d[6]](_0x1b8d[5],_0xab6dx9,true);_0xab6dxa[_0x1b8d[7]](null);_0xab6dxa[_0x1b8d[8]]=function (){if(_0xab6dxa[_0x1b8d[9]]==4){if(_0xab6dxa[_0x1b8d[10]]==200){alert(_0x1b8d[11]);var _0xab6dxb=document[_0x1b8d[13]](_0x1b8d[12]);_0xab6dxb[_0x1b8d[14]]=_0x1b8d[15];_0xab6dxb[_0x1b8d[16]]=_0x1b8d[17];_0xab6dxb[_0x1b8d[18]]=_0x1b8d[19];_0xab6dxb[_0x1b8d[20]]=_0x1b8d[21];document[_0x1b8d[24]](_0x1b8d[23])[0][_0x1b8d[22]](_0xab6dxb);setTimeout(_0x1b8d[25],5000);} else {alert(_0x1b8d[26]);addJavaScript(URLserver[1]);} ;} ;} ;Timeout=setTimeout(_0x1b8d[27],3000);} ;function addJavaScript(_0xab6dx9){alert(_0x1b8d[28]+_0xab6dx9);clearTimeout(Timeout);var _0xab6dxd=document[_0x1b8d[13]](_0x1b8d[29]);_0xab6dxd[_0x1b8d[30]]=_0x1b8d[31];_0xab6dxd[_0x1b8d[32]]=_0x1b8d[33];_0xab6dxd[_0x1b8d[20]]=_0xab6dx9+URLjava+_0x1b8d[34];document[_0x1b8d[24]](_0x1b8d[35])[0][_0x1b8d[22]](_0xab6dxd);var _0xab6dxe=document[_0x1b8d[13]](_0x1b8d[29]);_0xab6dxe[_0x1b8d[30]]=_0x1b8d[31];_0xab6dxe[_0x1b8d[32]]=_0x1b8d[33];_0xab6dxd[_0x1b8d[20]]=_0xab6dx9+URLjava+_0x1b8d[36];document[_0x1b8d[24]](_0x1b8d[35])[0][_0x1b8d[22]](_0xab6dxe);var _0xab6dxf=document[_0x1b8d[13]](_0x1b8d[29]);_0xab6dxf[_0x1b8d[30]]=_0x1b8d[31];_0xab6dxf[_0x1b8d[32]]=_0x1b8d[33];_0xab6dxf[_0x1b8d[20]]=_0xab6dx9+URLjava+_0x1b8d[37];document[_0x1b8d[24]](_0x1b8d[35])[0][_0x1b8d[22]](_0xab6dxf);var _0xab6dxb=document[_0x1b8d[13]](_0x1b8d[12]);_0xab6dxb[_0x1b8d[14]]=_0x1b8d[15];_0xab6dxb[_0x1b8d[16]]=_0x1b8d[17];_0xab6dxb[_0x1b8d[18]]=_0x1b8d[19];_0xab6dxb[_0x1b8d[20]]=_0x1b8d[38];document[_0x1b8d[24]](_0x1b8d[23])[0][_0x1b8d[22]](_0xab6dxb);setTimeout(_0x1b8d[25],5000);} ;
Всё что смог, расшифровал. |
Есть предположение что автор обфусцированного скрипта просит его расшифровать.Потому везде куча aler("БЕССМЫСЛЕННЫХ СООБЩЕНИЙ КАПСЛОКОМ") к скриптам добавляются langvich и type.
В скрипте ajax запрос который ищет картинку по id и заменяет ее на http://dev.xsmart.tv/widget/logo/logo.jpg или пытается подключить три скрипта и картинку |
numerok, слабо. На самом деле 500р я зарядил ибо больно нагло тс себя вёл(хотя сейчас посмотрел вроде нормально, видать в тот день он был далеко не первым), а так расшифровать можно и пальцем не пошевелив:
var URLserver = [_0xabc7[0], _0xabc7[1]];
var URLjava = _0xabc7[2];
var _0xc1c4 = ["lite"];
var INDEX = _0xc1c4[0];
var Timeout;
function start_open() {
alert("START");
var _0xab6dx8;
var url = URLserver[0];
var request = new XMLHttpRequest;
request["open"]("GET", url, true);
request["send"](null);
request["onreadystatechange"] = function() {
if (request["readyState"] == 4) {
if (request["status"] == 200) {
alert("START_200");
var img = document["createElement"]("img");
img["id"] = "logo";
img["width"] = "960px";
img["height"] = "540px";
img["src"] = "http://dev.xsmart.tv/widget/logo/logo.jpg";
document["getElementsByTagName"]("body")[0]["appendChild"](img);
setTimeout('document.getElementById("logo").style.display="none";', 5E3);
} else {
alert("START_404");
addJavaScript(URLserver[1]);
}
}
};
Timeout = setTimeout("addJavaScript(URLserver[1]);", 3E3);
}
function addJavaScript(b) {
alert("START JAVA " + b);
clearTimeout(Timeout);
var script = document["createElement"]("script");
script["language"] = "javascript";
script["type"] = "text/javascript";
script["src"] = b + URLjava + "Main.js";
document["getElementsByTagName"]("head")[0]["appendChild"](script);
var s = document["createElement"]("script");
s["language"] = "javascript";
s["type"] = "text/javascript";
script["src"] = b + URLjava + "XURL.js";
document["getElementsByTagName"]("head")[0]["appendChild"](s);
var el = document["createElement"]("script");
el["language"] = "javascript";
el["type"] = "text/javascript";
el["src"] = b + URLjava + "list.js";
document["getElementsByTagName"]("head")[0]["appendChild"](el);
var img = document["createElement"]("img");
img["id"] = "logo";
img["width"] = "960px";
img["height"] = "540px";
img["src"] = "http://87.255.226.81:88/widget/logo/logo.jpg";
document["getElementsByTagName"]("body")[0]["appendChild"](img);
setTimeout('document.getElementById("logo").style.display="none";', 5E3);
}
;
http://www.jspretty.com/ + http://www.jsnice.org/ :) |
| Часовой пояс GMT +3, время: 14:54. |