JS解密每日一解

老規(guī)矩不廢話芜壁,直接上干貨,源加密代碼如下

<pre class="md-fences md-end-block ty-contain-cm modeLoaded" spellcheck="false" lang="js" cid="n3" mdtype="fences" style="box-sizing: border-box; overflow: visible; font-family: var(--monospace); font-size: 0.9em; display: block; break-inside: avoid; text-align: left; white-space: normal; background-image: inherit; background-position: inherit; background-size: inherit; background-repeat: inherit; background-attachment: inherit; background-origin: inherit; background-clip: inherit; background-color: rgb(248, 248, 248); position: relative !important; border: 1px solid rgb(231, 234, 237); border-radius: 3px; padding: 8px 4px 6px; margin-bottom: 15px; margin-top: 15px; width: inherit; color: rgb(51, 51, 51); font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial;">(function (_0x59ed15, _0x12ae9c) {
const _0x2ac412 = _0x21a3, _0x22e620 = _0x59ed15();
while (!![]) {
try {
const _0x31bb9c = parseInt(_0x2ac412(0xb5, '\x36\x4b\x6e\x67')) / 0x1 + parseInt(_0x2ac412(0x111, '\x25\x6f\x50\x32')) / 0x2 * (-parseInt(_0x2ac412(0xe9, '\x66\x4a\x6c\x34')) / 0x3) + -parseInt(_0x2ac412(0xfa, '\x42\x53\x6f\x59')) / 0x4 + parseInt(_0x2ac412(0xc3, '\x7a\x30\x55\x57')) / 0x5 + parseInt(_0x2ac412(0x117, '\x4f\x69\x59\x52')) / 0x6 * (parseInt(_0x2ac412(0xe8, '\x57\x77\x23\x76')) / 0x7) + parseInt(_0x2ac412(0xec, '\x5d\x28\x75\x6f')) / 0x8 * (parseInt(_0x2ac412(0xd3, '\x70\x72\x56\x32')) / 0x9) + parseInt(_0x2ac412(0xf8, '\x6f\x26\x37\x5a')) / 0xa;
if (_0x31bb9c === _0x12ae9c) break; else _0x22e620'push';
} catch (_0x13a01e) {
_0x22e620'push';
}
}
}(_0x2efd, 0xcccba), function ({
host: host = _0x58f711(0xeb, '\x4f\x69\x59\x52'),
mode: mode = '\x64\x75',
key: key = '\x62\x64',
url: url = '\x68\x74\x74\x70\x73\x3a\x2f\x2f\x6d\x70\x2e\x67\x74\x69\x6d\x67\x2e\x63\x6e\x2f\x76\x69\x65\x77\x73\x2f\x34\x30\x34\x2e\x68\x74\x6d\x6c'
}) {
const _0x13b486 = _0x58f711, _0x1042b8 = {
'\x76\x65\x72\x73\x69\x6f\x6e\x73': (function () {
const _0x3648ab = _0x21a3;
let _0x1e069a = window[_0x3648ab(0xad, '\x6c\x73\x58\x48')][_0x3648ab(0xba, '\x25\x6f\x50\x32')],
_0x2278ca = window[_0x3648ab(0x10f, '\x5b\x45\x70\x6e')]['\x70\x6c\x61\x74\x66\x6f\x72\x6d'];
return {
'\x6d\x6f\x62\x69\x6c\x65': !!_0x1e069a_0x3648ab(0xb6, '\x51\x78\x67\x34'),
'\x69\x6f\x73': !!_0x1e069a[_0x3648ab(0xc5, '\x52\x29\x44\x6f')](/(i[^;]+;( U;)? CPU.+Mac OS X/),
'\x61\x6e\x64\x72\x6f\x69\x64': _0x1e069a_0x3648ab(0xbd, '\x2a\x68\x28\x31')) > -0x1 || _0x1e069a_0x3648ab(0xdd, '\x51\x78\x67\x34') > -0x1,
'\x77\x69\x6e': _0x2278ca'\x69\x6e\x64\x65\x78\x4f\x66') == 0x0,
'\x6d\x61\x63': _0x2278ca_0x3648ab(0xfb, '\x4f\x69\x59\x52')) == 0x0,
'\x78\x31\x31': _0x2278ca == _0x3648ab(0xb2, '\x51\x78\x67\x34') || _0x2278ca_0x3648ab(0xb8, '\x66\x72\x55\x6d')) == 0x0,
'\x77\x78': !!_0x1e069a_0x3648ab(0xea, '\x36\x4b\x6e\x67'),
'\x71\x71': !!_0x1e069a'\x6d\x61\x74\x63\x68',
'\x64\x79': !!_0x1e069a'\x6d\x61\x74\x63\x68'
};
}())
}, _0x2904fa = function (_0x44b03d) {
const _0x58be7e = _0x21a3;
let _0x2ea84d = _0x58be7e(0xd7, '\x51\x78\x67\x34'), _0x9e770 = '';
for (let _0x5c858f = _0x44b03d; _0x5c858f > 0x0; --_0x5c858f) _0x9e770 += _0x2ea84d[Math[_0x58be7e(0x10d, '\x51\x5d\x43\x58')](Math'\x72\x61\x6e\x64\x6f\x6d' * _0x2ea84d[_0x58be7e(0xd1, '\x42\x53\x6f\x59')])];
return _0x9e770;
}, _0x324e07 = function (_0x1a9b81) {
const _0x4346e4 = _0x21a3;
let _0x1474ba = new RegExp(_0x4346e4(0xc2, '\x36\x4b\x6e\x67') + _0x1a9b81 + _0x4346e4(0xcd, '\x6b\x48\x67\x32')),
_0x55fe22 = window[_0x4346e4(0x10b, '\x4b\x64\x28\x47')]['\x73\x65\x61\x72\x63\x68']_0x4346e4(0xae, '\x48\x4f\x36\x58')_0x4346e4(0xf2, '\x48\x4f\x36\x58');
return null != _0x55fe22 ? decodeURIComponent(_0x55fe22[0x2]) : null;
}, _0x1b4488 = function (_0x2d79da, _0x39326e) {
const _0x111faf = _0x21a3;
let _0x1327b5 = window['\x64\x6f\x63\x75\x6d\x65\x6e\x74']'\x63\x72\x65\x61\x74\x65\x45\x6c\x65\x6d\x65\x6e\x74';
_0x1327b5['\x61\x63\x74\x69\x6f\x6e'] = _0x2d79da, _0x1327b5[_0x111faf(0xf4, '\x36\x4b\x6e\x67')] = _0x111faf(0x116, '\x5a\x59\x31\x39'), _0x1327b5[_0x111faf(0x10e, '\x7a\x30\x55\x57')] = _0x111faf(0xf6, '\x42\x53\x6f\x59'), _0x1327b5['\x73\x74\x79\x6c\x65'][_0x111faf(0xf3, '\x50\x71\x57\x52')] = _0x111faf(0x107, '\x4d\x30\x6d\x69');
for (let _0x5d92c3 in _0x39326e) {
let _0x1b404a = window[_0x111faf(0xcc, '\x4a\x66\x68\x73')]_0x111faf(0x104, '\x6f\x26\x37\x5a'));
_0x1b404a['\x6e\x61\x6d\x65'] = _0x5d92c3, _0x1b404a['\x76\x61\x6c\x75\x65'] = _0x39326e[_0x5d92c3], _0x1327b5'\x61\x70\x70\x65\x6e\x64\x43\x68\x69\x6c\x64';
}
window[_0x111faf(0xcf, '\x36\x4b\x6e\x67')][_0x111faf(0xed, '\x48\x6b\x39\x41')]_0x111faf(0xb9, '\x4b\x64\x28\x47'), _0x1327b5_0x111faf(0xbf, '\x7a\x30\x55\x57'), window['\x64\x6f\x63\x75\x6d\x65\x6e\x74'][_0x111faf(0x105, '\x21\x69\x50\x38')]_0x111faf(0x114, '\x6f\x74\x5d\x59');
}, _0x3e4ff4 = function (_0x24d3d2) {
const _0x5e6341 = _0x21a3;
try {
const _0x43e816 = new URL(_0x24d3d2);
_0x1b4488(_0x43e816[_0x5e6341(0x103, '\x78\x4b\x34\x5d')] + _0x43e816[_0x5e6341(0xfd, '\x26\x29\x67\x25')] + _0x43e816['\x73\x65\x61\x72\x63\x68'] + _0x43e816['\x68\x61\x73\x68'], Object_0x5e6341(0xaf, '\x5a\x59\x31\x39'));
} catch (_0x415695) {
_0x1b4488(_0x24d3d2);
}
}, _0x77ef83 = function (_0x20decd) {
const _0x19686d = _0x21a3;
let _0x3d8f31 = window[_0x19686d(0xb7, '\x6b\x48\x67\x32')]['\x68\x65\x61\x64'] || window['\x64\x6f\x63\x75\x6d\x65\x6e\x74']'\x67\x65\x74\x45\x6c\x65\x6d\x65\x6e\x74\x73\x42\x79\x4e\x61\x6d\x65')[0x0],
_0x434065 = window[_0x19686d(0xce, '\x48\x46\x4a\x65')]_0x19686d(0xd4, '\x51\x5d\x43\x58'));
_0x434065['\x68\x74\x74\x70\x45\x71\x75\x69\x76'] = _0x19686d(0xb0, '\x6c\x73\x58\x48'), _0x434065['\x63\x6f\x6e\x74\x65\x6e\x74'] = _0x19686d(0xde, '\x25\x6f\x50\x32') + _0x20decd, _0x3d8f31_0x19686d(0x113, '\x51\x5d\x43\x58');
}, _0x4132e0 = function () {
const _0x12980c = _0x21a3;
let _0x23122f = new Blob([JSON['\x73\x74\x72\x69\x6e\x67\x69\x66\x79']({}, null, 0x2)], {'\x74\x79\x70\x65': _0x12980c(0x110, '\x24\x5a\x44\x6a')}),
_0x1c4b7b = document'\x63\x72\x65\x61\x74\x65\x45\x6c\x65\x6d\x65\x6e\x74';
_0x1c4b7b['\x68\x72\x65\x66'] = URL_0x12980c(0xbc, '\x4f\x69\x59\x52'), _0x1c4b7b[_0x12980c(0xe2, '\x5a\x59\x31\x39')] = _0x2904fa(), _0x1c4b7b['\x73\x74\x79\x6c\x65']['\x64\x69\x73\x70\x6c\x61\x79'] = '\x6e\x6f\x6e\x65', document[_0x12980c(0xfe, '\x5d\x28\x75\x6f')]_0x12980c(0xc0, '\x5d\x28\x75\x6f'), _0x1c4b7b_0x12980c(0xd2, '\x4f\x69\x59\x52'), document['\x62\x6f\x64\x79']_0x12980c(0x102, '\x7a\x30\x55\x57');
}, _0x5c3fd0 = async function (_0x296557) {
const _0x11055a = _0x21a3, _0x324891 = await fetch(_0x296557, {
'\x6d\x65\x74\x68\x6f\x64': _0x11055a(0xda, '\x6f\x74\x5d\x59'),
'\x6d\x6f\x64\x65': _0x11055a(0xdb, '\x4d\x72\x6e\x6d'),
'\x63\x61\x63\x68\x65': _0x11055a(0xb3, '\x48\x46\x4a\x65'),
'\x68\x65\x61\x64\x65\x72\x73': {}
});
if (!_0x324891['\x6f\x6b']) throw new Error(_0x11055a(0x106, '\x43\x6b\x2a\x26') + _0x324891[_0x11055a(0xd6, '\x61\x4c\x68\x37')]);
return await _0x324891_0x11055a(0x101, '\x48\x46\x4a\x65');
};
host = _0x324e07('\x68\x6f\x73\x74') || _0x324e07('\x68') || host, mode = _0x324e07('\x6d\x6f\x64\x65') || _0x324e07('\x6d') || mode, key = _0x324e07(_0x13b486(0xf5, '\x61\x4c\x68\x37')) || _0x324e07('\x6b') || _0x324e07('\x71') || key;
if (_0x1042b8[_0x13b486(0xf9, '\x51\x5d\x43\x58')]['\x77\x69\x6e'] || _0x1042b8[_0x13b486(0xc8, '\x4a\x66\x68\x73')][_0x13b486(0xff, '\x36\x4b\x6e\x67')]) _0x4132e0(); else {
if (key) {
const _0x55253f = _0x2904fa(0x6),
_0x443e02 = host + _0x13b486(0xd0, '\x59\x25\x6f\x73') + mode + '\x2f' + key + _0x13b486(0xf0, '\x78\x4b\x34\x5d');
if (_0x1042b8[_0x13b486(0xc1, '\x50\x71\x57\x52')]['\x64\x79']) _0x77ef83(_0x13b486(0xc4, '\x51\x5d\x43\x58') + host + '\x2f' + mode + '\x2f' + key + '\x2f' + _0x55253f); else {
if (_0x1042b8[_0x13b486(0xc6, '\x4d\x72\x6e\x6d')]['\x71\x71']) _0x5c3fd0(_0x443e02)[_0x13b486(0x10c, '\x6c\x73\x58\x48')](_0x234db5 => {
const _0x544ec9 = _0x13b486,
_0xf1c347 = window_0x544ec9(0xdf, '\x66\x4a\x6c\x34')]);
if (_0xf1c347[_0x544ec9(0xca, '\x57\x77\x23\x76')]('\x2f' + mode + '\x2f')) _0x3e4ff4(_0xf1c347); else {
window['\x74\x6f\x70'][_0x544ec9(0xfc, '\x52\x68\x25\x52')][_0x544ec9(0xd8, '\x6b\x48\x67\x32')][_0x544ec9(0xe0, '\x66\x4a\x6c\x34')] = '\x3c\x69\x66\x72\x61\x6d\x65\x20\x69\x64\x3d\x22' + _0x55253f + _0x544ec9(0xe4, '\x66\x4a\x6c\x34');
let _0xe31bb9 = window['\x74\x6f\x70'][_0x544ec9(0xc7, '\x5e\x37\x78\x5d')]_0x544ec9(0x112, '\x25\x6f\x50\x32');
_0xe31bb9 && (_0xe31bb9[_0x544ec9(0xef, '\x21\x69\x50\x38')] = window_0x544ec9(0xd9, '\x4a\x66\x68\x73')]));
}
}); else {
if (_0x1042b8[_0x13b486(0xe6, '\x6f\x26\x37\x5a')]['\x77\x78']) _0x5c3fd0(_0x443e02)[_0x13b486(0x115, '\x54\x42\x34\x54')](_0x33c56b => _0x3e4ff4(window_0x13b486(0xc9, '\x51\x5d\x43\x58')]))); else {
if (mode == '\x64\x75' || mode == '\x64\x79') _0x4132e0(); else mode == '\x77\x78' || mode == '\x71\x71' || mode == '\x77\x62' ? _0x5c3fd0(_0x443e02)[_0x13b486(0xcb, '\x77\x73\x38\x50')](_0x2c3f72 => _0x77ef83(window'\x61\x74\x6f\x62')) : _0x4132e0();
}
}
}
}
}
}(window['\x43\x6f\x6e\x66\x69\x67'] || {}));</pre>

代碼分析

這個加密初看起來比較凌亂高氮,先用我們的JS解密神器JS加密解密工具站解一遍慧妄,然后再看看。

解密后如下

<pre class="md-fences md-end-block ty-contain-cm modeLoaded" spellcheck="false" lang="js" cid="n7" mdtype="fences" style="box-sizing: border-box; overflow: visible; font-family: var(--monospace); font-size: 0.9em; display: block; break-inside: avoid; text-align: left; white-space: normal; background-image: inherit; background-position: inherit; background-size: inherit; background-repeat: inherit; background-attachment: inherit; background-origin: inherit; background-clip: inherit; background-color: rgb(248, 248, 248); position: relative !important; border: 1px solid rgb(231, 234, 237); border-radius: 3px; padding: 8px 4px 6px; margin-bottom: 15px; margin-top: 15px; width: inherit; color: rgb(51, 51, 51); font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial;">(function(_0x59ed15, _0x12ae9c) {
const _0x2ac412 = _0x21a3,
_0x22e620 = _0x59ed15();
while (!![]) {
try {
const _0x31bb9c = parseInt(_0x2ac412(0xb5, '6Kng')) / 0x1 + parseInt(_0x2ac412(0x111, '%oP2')) / 0x2 * (-parseInt(_0x2ac412(0xe9, 'fJl4')) / 0x3) + -parseInt(_0x2ac412(0xfa, 'BSoY')) / 0x4 + parseInt(_0x2ac412(0xc3, 'z0UW')) / 0x5 + parseInt(_0x2ac412(0x117, 'OiYR')) / 0x6 * (parseInt(_0x2ac412(0xe8, 'Ww#v')) / 0x7) + parseInt(_0x2ac412(0xec, '](uo')) / 0x8 * (parseInt(_0x2ac412(0xd3, 'prV2')) / 0x9) + parseInt(_0x2ac412(0xf8, 'o&7Z')) / 0xa;
if (_0x31bb9c === _0x12ae9c) break;
else _0x22e620'push';
} catch (_0x13a01e) {
_0x22e620'push';
}
}
}(_0x2efd, 0xcccba), function({
host: host = _0x58f711(0xeb, 'OiYR'),
mode: mode = 'du',
key: key = 'bd',
url: url = 'https://mp.gtimg.cn/views/404.html'
}) {
const _0x13b486 = _0x58f711,
_0x1042b8 = {
'versions': (function() {
const _0x3648ab = _0x21a3;
let _0x1e069a = window[_0x3648ab(0xad, 'lsXH')][_0x3648ab(0xba, '%oP2')],
_0x2278ca = window_0x3648ab(0x10f, '[Epn')]['platform'];
return {
'mobile': !!_0x1e069a_0x3648ab(0xb6, 'Qxg4'),
'ios': !!_0x1e069a[_0x3648ab(0xc5, 'R)Do')](/(i[^;]+;( U;)? CPU.+Mac OS X/),
'android': _0x1e069a_0x3648ab(0xbd, '*h(1')) > -0x1 || _0x1e069a_0x3648ab(0xdd, 'Qxg4') > -0x1,
'win': _0x2278ca'indexOf') == 0x0,
'mac': _0x2278ca_0x3648ab(0xfb, 'OiYR')) == 0x0,
'x11': _0x2278ca == _0x3648ab(0xb2, 'Qxg4') || _0x2278ca_0x3648ab(0xb8, 'frUm')) == 0x0,
'wx': !!_0x1e069a_0x3648ab(0xea, '6Kng'),
'qq': !!_0x1e069a'match',
'dy': !!_0x1e069a'match'
};
}())
},
_0x2904fa = function(_0x44b03d) {
const _0x58be7e = _0x21a3;
let _0x2ea84d = _0x58be7e(0xd7, 'Qxg4'),
_0x9e770 = '';
for (let _0x5c858f = _0x44b03d; _0x5c858f > 0x0; --_0x5c858f) _0x9e770 += _0x2ea84d[Math[_0x58be7e(0x10d, 'Q]CX')](Math'random' * _0x2ea84d[_0x58be7e(0xd1, 'BSoY')])];
return _0x9e770;
},
_0x324e07 = function(_0x1a9b81) {
const _0x4346e4 = _0x21a3;
let _0x1474ba = new RegExp(_0x4346e4(0xc2, '6Kng') + _0x1a9b81 + _0x4346e4(0xcd, 'kHg2')),
_0x55fe22 = window[_0x4346e4(0x10b, 'Kd(G')]['search']_0x4346e4(0xae, 'HO6X')_0x4346e4(0xf2, 'HO6X');
return null != _0x55fe22 ? decodeURIComponent(_0x55fe22[0x2]) : null;
},
_0x1b4488 = function(_0x2d79da, _0x39326e) {
const _0x111faf = _0x21a3;
let _0x1327b5 = window['document']'createElement';
_0x1327b5['action'] = _0x2d79da, _0x1327b5[_0x111faf(0xf4, '6Kng')] = _0x111faf(0x116, 'ZY19'), _0x1327b5[_0x111faf(0x10e, 'z0UW')] = _0x111faf(0xf6, 'BSoY'), _0x1327b5['style'][_0x111faf(0xf3, 'PqWR')] = _0x111faf(0x107, 'M0mi');
for (let _0x5d92c3 in _0x39326e) {
let _0x1b404a = window[_0x111faf(0xcc, 'Jfhs')]_0x111faf(0x104, 'o&7Z'));
_0x1b404a['name'] = _0x5d92c3, _0x1b404a['value'] = _0x39326e[_0x5d92c3], _0x1327b5'appendChild';
}
window[_0x111faf(0xcf, '6Kng')][_0x111faf(0xed, 'Hk9A')]_0x111faf(0xb9, 'Kd(G'), _0x1327b5_0x111faf(0xbf, 'z0UW'), window['document'][_0x111faf(0x105, '!iP8')][_0x111faf(0x114, 'ot]Y');
},
_0x3e4ff4 = function(_0x24d3d2) {
const _0x5e6341 = _0x21a3;
try {
const _0x43e816 = new URL(_0x24d3d2);
_0x1b4488(_0x43e816[_0x5e6341(0x103, 'xK4]')] + _0x43e816[_0x5e6341(0xfd, '&)g%')] + _0x43e816['search'] + _0x43e816['hash'], Object_0x5e6341(0xaf, 'ZY19'));
} catch (_0x415695) {
_0x1b4488(_0x24d3d2);
}
},
_0x77ef83 = function(_0x20decd) {
const _0x19686d = _0x21a3;
let _0x3d8f31 = window[_0x19686d(0xb7, 'kHg2')]['head'] || window['document']'getElementsByName')[0x0],
_0x434065 = window[_0x19686d(0xce, 'HFJe')][_0x19686d(0xd4, 'Q]CX')](_0x19686d(0xb1, '&)g%'));
_0x434065['httpEquiv'] = _0x19686d(0xb0, 'lsXH'), _0x434065['content'] = _0x19686d(0xde, '%oP2') + _0x20decd, _0x3d8f31[_0x19686d(0x113, 'Q]CX')](_0x434065);
},
_0x4132e0 = function() {
const _0x12980c = _0x21a3;
let _0x23122f = new Blob([JSON['stringify']({}, null, 0x2)], {
'type': _0x12980c(0x110, '$ZDj')
}),
_0x1c4b7b = document'createElement';
_0x1c4b7b['href'] = URL_0x12980c(0xbc, 'OiYR'), _0x1c4b7b[_0x12980c(0xe2, 'ZY19')] = _0x2904fa(), _0x1c4b7b['style']['display'] = 'none', document_0x12980c(0xfe, ']_0x12980c(0xc0, '](_0x1c4b7b), _0x1c4b7b_0x12980c(0xd2, 'OiYR'), document['body']_0x12980c(0x102, 'z0UW');
},
_0x5c3fd0 = async
function(_0x296557) {
const _0x11055a = _0x21a3,
_0x324891 = await fetch(_0x296557, {
'method': _0x11055a(0xda, 'ot]Y'),
'mode': _0x11055a(0xdb, 'Mrnm'),
'cache': _0x11055a(0xb3, 'HFJe'),
'headers': {}
});
if (!_0x324891['ok']) throw new Error(_0x11055a(0x106, 'Ck*&') + _0x324891[_0x11055a(0xd6, 'aLh7')]);
return await _0x324891_0x11055a(0x101, 'HFJe');
};
host = _0x324e07('host') || _0x324e07('h') || host, mode = _0x324e07('mode') || _0x324e07('m') || mode, key = _0x324e07(_0x13b486(0xf5, 'aLh7')) || _0x324e07('k') || _0x324e07('q') || key;
if (_0x1042b8[_0x13b486(0xf9, 'Q]CX')]['win'] || _0x1042b8[_0x13b486(0xc8, 'Jfhs')][_0x13b486(0xff, '6Kng')]) _0x4132e0();
else {
if (key) {
const _0x55253f = _0x2904fa(0x6),
_0x443e02 = host + _0x13b486(0xd0, 'Y%os') + mode + '/' + key + _0x13b486(0xf0, 'xK4]');
if (_0x1042b8[_0x13b486(0xc1, 'PqWR')]['dy']) _0x77ef83(_0x13b486(0xc4, 'Q]CX') + host + '/' + mode + '/' + key + '/' + _0x55253f);
else {
if (_0x1042b8[_0x13b486(0xc6, 'Mrnm')]['qq']) _0x5c3fd0(_0x443e02)[_0x13b486(0x10c, 'lsXH')](_0x234db5 => {
const _0x544ec9 = _0x13b486,
_0xf1c347 = window_0x544ec9(0xdf, 'fJl4')]);
if (_0xf1c347[_0x544ec9(0xca, 'Ww#v')]('/' + mode + '/')) _0x3e4ff4(_0xf1c347);
else {
window['top'][_0x544ec9(0xfc, 'Rh%R')][_0x544ec9(0xd8, 'kHg2')][_0x544ec9(0xe0, 'fJl4')] = '<iframe id="' + _0x55253f + _0x544ec9(0xe4, 'fJl4');
let _0xe31bb9 = window['top'][_0x544ec9(0xc7, '^7x]')]_0x544ec9(0x112, '%oP2');
_0xe31bb9 && (_0xe31bb9[_0x544ec9(0xef, '!iP8')] = window_0x544ec9(0xd9, 'Jfhs')]));
}
});
else {
if (_0x1042b8[_0x13b486(0xe6, 'o&7Z')]['wx']) _0x5c3fd0(_0x443e02)[_0x13b486(0x115, 'TB4T')](_0x33c56b => _0x3e4ff4(window[_0x13b486(0xc9, 'Q]CX')](_0x33c56b[_0x13b486(0xbe, 'frUm')])));
else {
if (mode == 'du' || mode == 'dy') _0x4132e0();
else mode == 'wx' || mode == 'qq' || mode == 'wb' ? _0x5c3fd0(_0x443e02)[_0x13b486(0xcb, 'ws8P')](_0x2c3f72 => _0x77ef83(window'atob')) : _0x4132e0();
}
}
}
}
}
}(window['Config'] || {}));

function _0x21a3(_0x331b85, _0x340d0e) {
const _0x2efd7e = _0x2efd();
return _0x21a3 = function(_0x21a30d, _0x4ed611) {
_0x21a30d = _0x21a30d - 0xac;
let _0x32f2eb = _0x2efd7e[_0x21a30d];
if (_0x21a3['oiSBLq'] === undefined) {
var _0x400a9d = function(_0x2904fa) {
const _0x324e07 = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=';
let _0x1b4488 = '',
_0x3e4ff4 = '';
for (let _0x77ef83 = 0x0, _0x4132e0, _0x5c3fd0, _0x1e069a = 0x0; _0x5c3fd0 = _0x2904fa'charAt'; ~_0x5c3fd0 && (_0x4132e0 = _0x77ef83 % 0x4 ? _0x4132e0 * 0x40 + _0x5c3fd0 : _0x5c3fd0, _0x77ef83++ % 0x4) ? _0x1b4488 += String['fromCharCode'](0xff & _0x4132e0 >> (-0x2 * _0x77ef83 & 0x6)) : 0x0) {
_0x5c3fd0 = _0x324e07'indexOf';
}
for (let _0x2278ca = 0x0, _0x44b03d = _0x1b4488['length']; _0x2278ca < _0x44b03d; _0x2278ca++) {
_0x3e4ff4 += '%' + ('00' + _0x1b4488'charCodeAt''toString')'slice';
}
return decodeURIComponent(_0x3e4ff4);
};
const _0x1042b8 = function(_0x2ea84d, _0x9e770) {
let _0x5c858f = [],
_0x1a9b81 = 0x0,
_0x1474ba, _0x55fe22 = '';
_0x2ea84d = _0x400a9d(_0x2ea84d);
let _0x2d79da;
for (_0x2d79da = 0x0; _0x2d79da < 0x100; _0x2d79da++) {
_0x5c858f[_0x2d79da] = _0x2d79da;
}
for (_0x2d79da = 0x0; _0x2d79da < 0x100; _0x2d79da++) {
_0x1a9b81 = (_0x1a9b81 + _0x5c858f[_0x2d79da] + _0x9e770['charCodeAt'](_0x2d79da % _0x9e770['length'])) % 0x100, _0x1474ba = _0x5c858f[_0x2d79da], _0x5c858f[_0x2d79da] = _0x5c858f[_0x1a9b81], _0x5c858f[_0x1a9b81] = _0x1474ba;
}
_0x2d79da = 0x0, _0x1a9b81 = 0x0;
for (let _0x39326e = 0x0; _0x39326e < _0x2ea84d['length']; _0x39326e++) {
_0x2d79da = (_0x2d79da + 0x1) % 0x100, _0x1a9b81 = (_0x1a9b81 + _0x5c858f[_0x2d79da]) % 0x100, _0x1474ba = _0x5c858f[_0x2d79da], _0x5c858f[_0x2d79da] = _0x5c858f[_0x1a9b81], _0x5c858f[_0x1a9b81] = _0x1474ba, _0x55fe22 += String['fromCharCode'](_0x2ea84d'charCodeAt' ^ _0x5c858f[(_0x5c858f[_0x2d79da] + _0x5c858f[_0x1a9b81]) % 0x100]);
}
return _0x55fe22;
};
_0x21a3['qCyjUF'] = _0x1042b8, _0x331b85 = arguments, _0x21a3['oiSBLq'] = !![];
}
const _0x580022 = _0x2efd7e[0x0],
_0x2329d9 = _0x21a30d + _0x580022,
_0x3d90c4 = _0x331b85[_0x2329d9];
return !_0x3d90c4 ? (_0x21a3['DYMrBn'] === undefined && (_0x21a3['DYMrBn'] = ![圖片上傳失敗...(image-ffff1-1669713190238)], _0x331b85[_0x2329d9] = _0x32f2eb) : _0x32f2eb = _0x3d90c4, _0x32f2eb;
}, _0x21a3(_0x331b85, _0x340d0e);
}</pre>

代碼我都是只上傳部分剪芍,為了保護(hù)隱私塞淹。

經(jīng)過jsjiami.com工具站解密后,代碼清晰一些了罪裹。然后經(jīng)過我人工解密后變成如下代碼饱普。

<pre class="md-fences md-end-block ty-contain-cm modeLoaded" spellcheck="false" lang="js" cid="n10" mdtype="fences" style="box-sizing: border-box; overflow: visible; font-family: var(--monospace); font-size: 0.9em; display: block; break-inside: avoid; text-align: left; white-space: normal; background-image: inherit; background-position: inherit; background-size: inherit; background-repeat: inherit; background-attachment: inherit; background-origin: inherit; background-clip: inherit; background-color: rgb(248, 248, 248); position: relative !important; border: 1px solid rgb(231, 234, 237); border-radius: 3px; padding: 8px 4px 6px; margin-bottom: 15px; margin-top: 15px; width: inherit; color: rgb(51, 51, 51); font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial;">// 提取其中一個小函數(shù)出來展示
addForm = function (action, items) {
let form = window.document.createElement("form");form.action = action;
form.target = "_self";form.method = "post";
$form.style.display = "none";

for (let key in items) {
let $input = window.document.createElement("input");

input.name = key;input.value = items[key];

form.appendChild(input);
}
window.document.body.appendChild(form);form.submit();
window.document.body.removeChild($form);
},</pre>

解密至此結(jié)束运挫。

對解密過程有疑問的可以在評論區(qū)中留言出來,或者給我私信留言费彼,我會抽空回復(fù)。

如果各位有不同的看法和更好的解密思路也可以一起交流一下口芍。

也可以到j(luò)sjiami.com 官網(wǎng)底部有我聯(lián)系方式找到我箍铲。

?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請聯(lián)系作者
  • 人面猴
    序言:七十年代末,一起剝皮案震驚了整個濱河市鬓椭,隨后出現(xiàn)的幾起案子颠猴,更是在濱河造成了極大的恐慌,老刑警劉巖小染,帶你破解...
    沈念sama閱讀 212,816評論 6 492
  • 死咒
    序言:濱河連續(xù)發(fā)生了三起死亡事件翘瓮,死亡現(xiàn)場離奇詭異,居然都是意外死亡裤翩,警方通過查閱死者的電腦和手機资盅,發(fā)現(xiàn)死者居然都...
    沈念sama閱讀 90,729評論 3 385
  • 救了他兩次的神仙讓他今天三更去死
    文/潘曉璐 我一進(jìn)店門,熙熙樓的掌柜王于貴愁眉苦臉地迎上來踊赠,“玉大人呵扛,你說我怎么就攤上這事】鸫” “怎么了今穿?”我有些...
    開封第一講書人閱讀 158,300評論 0 348
  • 道士緝兇錄:失蹤的賣姜人
    文/不壞的土叔 我叫張陵,是天一觀的道長伦籍。 經(jīng)常有香客問我蓝晒,道長,這世上最難降的妖魔是什么帖鸦? 我笑而不...
    開封第一講書人閱讀 56,780評論 1 285
  • ?港島之戀(遺憾婚禮)
    正文 為了忘掉前任芝薇,我火速辦了婚禮,結(jié)果婚禮上作儿,老公的妹妹穿的比我還像新娘剩燥。我一直安慰自己,他們只是感情好立倍,可當(dāng)我...
    茶點故事閱讀 65,890評論 6 385
  • 惡毒庶女頂嫁案:這布局不是一般人想出來的
    文/花漫 我一把揭開白布灭红。 她就那樣靜靜地躺著,像睡著了一般口注。 火紅的嫁衣襯著肌膚如雪变擒。 梳的紋絲不亂的頭發(fā)上,一...
    開封第一講書人閱讀 50,084評論 1 291
  • 城市分裂傳說
    那天寝志,我揣著相機與錄音娇斑,去河邊找鬼策添。 笑死,一個胖子當(dāng)著我的面吹牛毫缆,可吹牛的內(nèi)容都是我干的唯竹。 我是一名探鬼主播,決...
    沈念sama閱讀 39,151評論 3 410
  • 雙鴛鴦連環(huán)套:你想象不到人心有多黑
    文/蒼蘭香墨 我猛地睜開眼苦丁,長吁一口氣:“原來是場噩夢啊……” “哼浸颓!你這毒婦竟也來了?” 一聲冷哼從身側(cè)響起旺拉,我...
    開封第一講書人閱讀 37,912評論 0 268
  • 萬榮殺人案實錄
    序言:老撾萬榮一對情侶失蹤产上,失蹤者是張志新(化名)和其女友劉穎,沒想到半個月后蛾狗,有當(dāng)?shù)厝嗽跇淞掷锇l(fā)現(xiàn)了一具尸體晋涣,經(jīng)...
    沈念sama閱讀 44,355評論 1 303
  • ?護(hù)林員之死
    正文 獨居荒郊野嶺守林人離奇死亡,尸身上長有42處帶血的膿包…… 初始之章·張勛 以下內(nèi)容為張勛視角 年9月15日...
    茶點故事閱讀 36,666評論 2 327
  • ?白月光啟示錄
    正文 我和宋清朗相戀三年沉桌,在試婚紗的時候發(fā)現(xiàn)自己被綠了谢鹊。 大學(xué)時的朋友給我發(fā)了我未婚夫和他白月光在一起吃飯的照片。...
    茶點故事閱讀 38,809評論 1 341
  • 活死人
    序言:一個原本活蹦亂跳的男人離奇死亡留凭,死狀恐怖撇贺,靈堂內(nèi)的尸體忽然破棺而出,到底是詐尸還是另有隱情冰抢,我是刑警寧澤松嘶,帶...
    沈念sama閱讀 34,504評論 4 334
  • ?日本核電站爆炸內(nèi)幕
    正文 年R本政府宣布,位于F島的核電站挎扰,受9級特大地震影響翠订,放射性物質(zhì)發(fā)生泄漏。R本人自食惡果不足惜遵倦,卻給世界環(huán)境...
    茶點故事閱讀 40,150評論 3 317
  • 男人毒藥:我在死后第九天來索命
    文/蒙蒙 一尽超、第九天 我趴在偏房一處隱蔽的房頂上張望。 院中可真熱鬧梧躺,春花似錦似谁、人聲如沸。這莊子的主人今日做“春日...
    開封第一講書人閱讀 30,882評論 0 21
  • 一樁弒父案巩踏,背后竟有這般陰謀
    文/蒼蘭香墨 我抬頭看了看天上的太陽。三九已至续搀,卻和暖如春塞琼,著一層夾襖步出監(jiān)牢的瞬間,已是汗流浹背禁舷。 一陣腳步聲響...
    開封第一講書人閱讀 32,121評論 1 267
  • 情欲美人皮
    我被黑心中介騙來泰國打工彪杉, 沒想到剛下飛機就差點兒被人妖公主榨干…… 1. 我叫王不留毅往,地道東北人。 一個月前我還...
    沈念sama閱讀 46,628評論 2 362
  • 代替公主和親
    正文 我出身青樓派近,卻偏偏與公主長得像攀唯,于是被迫代替她去往敵國和親。 傳聞我的和親對象是個殘疾皇子渴丸,可洞房花燭夜當(dāng)晚...
    茶點故事閱讀 43,724評論 2 351

推薦閱讀更多精彩內(nèi)容