Javascript obfuscation encryption favorites _ javascript skills

Source: Internet
Author: User
Today, I am launching a piece of Obfuscated javascript code, because the source code is lost... I was planning to get the code at the js engine level and found that it was not necessary at all. Manual decryption is much simpler than imagined. It took less than half an hour to complete the decryption.
The most important part of JavaScript obfuscation:
L eval, document. write, vbs execute, execScript, and other functions that can run JavaScript
L unescape
There are several methods to obfuscation of js:
1. Convert the code into hex format through escape, which is hard to understand.
2. Perform simple reversible encryption on the code, then provide a decryption function to extract the Code through the decryption function, and send the code string to the js engine for running using calls such as eval.
3. filter out comments and spaces in the code, and modify the name of the internal function/internal variable in the js Code, it is hard to recognize a string that is hard to understand, such as a string with digits 0 and letters O.
The advanced method is to combine the above methods.
Therefore, the restoration method is
1. Extract the visible % XX string with unescape
2. Find eval or similar interpretation function entries.
3. Find the input eval parameter string
4. If these strings are in the hex format, use unescape to parse them.
5. loop through the 2-4 process until all the code is found.
6. at this time, it is very likely that some variables are used in the parsed functions, and these variables are some large strings. In this case, these strings should be the encrypted source code. Insert the code at the last proper position of their function to display the decrypted string. You can obtain the source code.
The most important thing to note here is to check the variable name. Many codes for decryption are composed of names such as 000O and 0O00, and the real names of these variables are clearly displayed.
Note that the declaration and definition order of functions and variables should be retained to avoid missing functions or variables due to moving positions.
In addition, the obfuscation tool will add a lot of junk code in the code, which can be deleted.
If the obfuscation tool is more powerful, you can also insert some useful code into the generated code similar to the spam code to provide some variables for the following garbled functions, for example, to decrypt the key, you must note that the order of the Code cannot be disrupted. If you cannot confirm whether the code is spam, leave it first.
It seems that method 3 is the simplest and most mentally retarded, but in fact this method has the greatest impact on us. I tried to read the code with no annotations, messy formats, and a bunch of messy identifiers, it is a nightmare for any normal person. However, it is estimated that the "internal" standard is not well judged, and some obfuscation tools do not provide such functions.
In addition, encryption of web pages
In the address bar or press Ctrl + O and enter:

The Code is as follows:


Javascript: s0000document.doc umentElement. outerHTML; document. write (''); Document. body. innerText = s;


The source code comes out. No matter how complicated the encryption is, the html code that can be parsed by the browser must be restored, and documentElement. outerHTML is the final result.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.