How does this kind of javascript obfuscation work?
I always was curious how this type of obfuscation can be achieved in JavaScript and how it can be decoded (deobfuscated). Below is an example code:
var _0x4e9d=["\x66\x72\x6F\x6D\x43\x68\x61\x72\x43\x6F\x64\x65","\x77\x72\x69\x74\x65"];document[_0x4e9d[0x1]](String[_0x4e9d[0x0]](0x3c,0x62,0x75,0x74,0x74,0x6f,0x6e,0x20,0x6f,0x6e,0x63,0x6c,0x69,0x63,0x6b,0x3d,0x27,0x6a,0x61,0x76,0x61,0x73,0x63,0x72,0x69,0x70,0x74,0x3a,0x69,0x66,0x20,0x28,0x64,0x6f,0x63,0x75,0x6d,0x65,0x6e,0x74,0x2e,0x67,0x65,0x74,0x45,0x6c,0x65,0x6d,0x65,0x6e,0x74,0x42,0x79,0x49,0x64,0x28,0x22,0x70,0x61,0x73,0x73,0x22,0x29,0x2e,0x76,0x61,0x6c,0x75,0x65,0x3d,0x3d,0x22,0x6a,0x30,0x30,0x77,0x31,0x6e,0x22,0x29,0x7b,0x61,0x6c,0x65,0x72,0x74,0x28,0x22,0x59,0x6f,0x75,0x20,0x57,0x49,0x4e,0x21,0x22,0x29,0x3b,0x77,0x69,0x6e,0x64,0x6f,0x77,0x2e,0x6c,0x6f,0x63,0x61,0x74,0x69,0x6f,0x6e,0x20,0x2b,0x3d,0x20,0x22,0x3f,0x6c,0x76,0x6c,0x5f,0x70,0x61,0x73,0x73,0x77,0x6f,0x72,0x64,0x3d,0x22,0x2b,0x64,0x6f开发者_如何学运维,0x63,0x75,0x6d,0x65,0x6e,0x74,0x2e,0x67,0x65,0x74,0x45,0x6c,0x65,0x6d,0x65,0x6e,0x74,0x42,0x79,0x49,0x64,0x28,0x22,0x70,0x61,0x73,0x73,0x22,0x29,0x2e,0x76,0x61,0x6c,0x75,0x65,0x7d,0x65,0x6c,0x73,0x65,0x20,0x7b,0x61,0x6c,0x65,0x72,0x74,0x28,0x22,0x57,0x52,0x4f,0x4e,0x47,0x21,0x20,0x54,0x72,0x79,0x20,0x61,0x67,0x61,0x69,0x6e,0x21,0x22,0x29,0x7d,0x27,0x3e,0x43,0x68,0x65,0x63,0x6b,0x20,0x50,0x61,0x73,0x73,0x77,0x6f,0x72,0x64,0x3c,0x2f,0x62,0x75,0x74,0x74,0x6f,0x6e,0x3e));
Addendum: Thank you for de-obfuscating it, but I'm only interested in how I can obfuscate my own code like this.
Note that in JavaScript, someobject["xyz"]
is about the same as someobject.xyz
.
First statement:
_0x4e9d
is an array with two strings:
"fromCharCode"
"write"
Second statement decodes to document.write(String.fromCharCode(0x3c,0x62,...,0x3e))
.
Finally, the string being written is this piece of HTML:
<button onclick='javascript:if (document.getElementById("pass").value=="j00w1n"){alert("You WIN!");window.location += "?lvl_password="+document.getElementById("pass").value}else {alert("WRONG! Try again!")}'>Check Password
Each \xnn
is a character code as hexadecimal.
So \x63
will give you an 'a'
To do it to your own code you need to have something that will translate each character to it's hex code point:
var aAsHex = '\\x'+'a'.charCodeAt(0).toString(16)
Then copy and paste the output to a file.
var _0x4e9d = ["\x66\x72\x6F\x6D\x43\x68\x61\x72\x43\x6F\x64\x65", "\x77\x72\x69\x74\x65"];
is ["fromCharCode", "write"]
document[_0x4e9d[0x1]](String[_0x4e9d[0x0]]
is document.write(String.fromCharCode
String.fromCharCode(0x3c, 0x62, ...)
Is
<button
onclick='javascript:if (document.getElementById("pass").value=="j00w1n"){alert("You WIN!");window.location += "?lvl_password="+document.getElementById("pass").value}else {alert("WRONG! Try again!")}'
>
Check Password
</button>
The JavaScript in the onclick
is
if (document.getElementById("pass").value=="j00w1n") {
alert("You WIN!");
window.location += "?lvl_password=" + document.getElementById("pass").value
} else {
alert("WRONG! Try again!")
}
PHP, assuming $string
contains data. So you can obfuscate by running reverse process.
echo preg_replace('~((0|\\\)x([0-9a-f]+))~ei', 'chr(hexdec("\\1"))', $string);
You will get this...
var _�=["fromCharCode","write"];document[_�[]](String[_�[]](<,b,u,t,t,o,n, ,o,n,c,l,i,c,k,=,',j,a,v,a,s,c,r,i,p,t,:,i,f, ,(,d,o,c,u,m,e,n,t,.,g,e,t,E,l,e,m,e,n,t,B,y,I,d,(,",p,a,s,s,",),.,v,a,l,u,e,=,=,",j,0,0,w,1,n,",),{,a,l,e,r,t,(,",Y,o,u, ,W,I,N,!,",),;,w,i,n,d,o,w,.,l,o,c,a,t,i,o,n, ,+,=, ,",?,l,v,l,_,p,a,s,s,w,o,r,d,=,",+,d,o,c,u,m,e,n,t,.,g,e,t,E,l,e,m,e,n,t,B,y,I,d,(,",p,a,s,s,",),.,v,a,l,u,e,},e,l,s,e, ,{,a,l,e,r,t,(,",W,R,O,N,G,!, ,T,r,y, ,a,g,a,i,n,!,",),},',>,C,h,e,c,k, ,P,a,s,s,w,o,r,d,<,/,b,u,t,t,o,n,>));
Actually I have now figured out the real way to obfuscate the javascript like that, without having to make each character separately.
http://javascriptobfuscator.com/default.aspx
This is the obfuscator.
精彩评论