加密所在的地方:http://tool.chinaz.com/Tools/UrlCrypt.aspx?url=www.baidu.com
结果: http://%77%77%77%2E%62%61%69%64%75%2E%63%6F%6D/
替换:http://x77x77x77x2Ex62x61x69x64x75x2Ex63x6Fx6D/
查看:在地址栏输入javascript:alert("x68x6Cx61x64x66x28x29x3Bx66x75x6Ex63x74x69x6Fx6Ex20");
window.location.href='http://x77x77x77x2Ex62x61x69x64x75x2Ex63x6Fx6D/';
<script language="JavaScript">
window.location.href='x20x68x74x74x70x3Ax2Fx2Fx77x77x77x2Ex62x61x69x64x75x2Ex63x6Fx6D/';
</script>
加密后:%63%61%6F%62%75%67%2E%63%6F%6D
替换后:x63x61x6Fx62x75x67x2Ex63x6Fx6D
朋友发来一套盗用过来的DISCUZ模板,但打开网站会弹出提示框:Sorry!xxx.com,然后自动跳转到原开发者网站,通过搜索N次也没有找到代码写在何处。没办法了,谁让小明哥这样乐于助人呢,瞧瞧吧^_^。
本地安装DISCUZ,接着将模板文件架构好。输入:http://localhost/portal.php,没有任何提示,好小子估计没判断 localhost。好吧,换成:http://127.0.0.1/portal.php 试试,有了…
当我们单击确定的时候,将自动跳到开发者网站,悲痛呀!不过这样做就显然给我们留下入口,JS有多少种提示框弹出方式?试试最简单的Alert吧。于是搜索 alert,所有文件中,侥幸找到一个。
弹出源码:alert(_0xb200[10]),好吧,改成:alert('test'),刷新网页,哈哈~预期弹出:test,看来是找对地方了。
于是删除他的条件判断:
1
|
; if (obj[_0xb200[7]](_0xb200[8])==0||obj[_0xb200[7]](_0xb200[9])==0){} else {alert(_0xb200[10]);window[_0xb200[2]][_0xb200[0]]=_0xb200[11];}; |
在刷新网页,发现没任何弹窗和任何跳转了,这样就解决了问题,但如果也想像作者一样保护自己的“版权”,可以这样:
其中_0xb200[7]这样的形式,很显然是数组,看看开发者如何申明遍历的吧,本文件中搜索:_0xb200,找到了:
1
|
var _0xb200=[ "x6Cx6Fx63x61x74x69x6Fx6E" , "x72x65x70x6Cx61x63x65" , "x74x6Fx70" , "x68x72x65x66" , "x74x6Fx4Cx6Fx77x65x72x43x61x73x65" , "x73x75x62x73x74x72" , "x77x77x77x2E" , "x69x6Ex64x65x78x4Fx66" , "x6Cx6Fx63x61x6Cx68x6Fx73x74" , "x35x69x32x33x2Ex63x6Fx6D" , "x53x6Fx72x72x79x21x20x53x69x6Ex67x63x65x72x65x2Ex4Ex65x74" , "x20x68x74x74x70x3Ax2Fx2Fx77x77x77x2Ex73x69x6Ex67x63x65x72x65x2Ex6Ex65x74" ]; |
我去,加密了!解密还是比较简单,让浏览器去做。于是小明哥在桌面新创建了 test.html 文件,写道:
1
2
3
4
5
6
|
<script type= "text/javascript" > var _0xb200=[ "x6Cx6Fx63x61x74x69x6Fx6E" , "x72x65x70x6Cx61x63x65" , "x74x6Fx70" , "x68x72x65x66" , "x74x6Fx4Cx6Fx77x65x72x43x61x73x65" , "x73x75x62x73x74x72" , "x77x77x77x2E" , "x69x6Ex64x65x78x4Fx66" , "x6Cx6Fx63x61x6Cx68x6Fx73x74" , "x35x69x32x33x2Ex63x6Fx6D" , "x53x6Fx72x72x79x21x20x53x69x6Ex67x63x65x72x65x2Ex4Ex65x74" , "x20x68x74x74x70x3Ax2Fx2Fx77x77x77x2Ex73x69x6Ex67x63x65x72x65x2Ex6Ex65x74" ]; for ( var i =0; i < _0xb200.length; i++){ alert(i + ': ' + _0xb200[i]); } </script> |
运行 test.html 试试吧,结果输出:
0: location
1: replace
2: top
3: href
4: toLowerCase
5: substr
6: www.
7: indexOf
8: localhost
9:5i23.com
10:Sorry!Singcere.Net
11: http://www.singcere.net
好小子,首先获得页面 URL,然后用 indexOf 截取判断,最后弹出消息和跳到指定网站!于是小明哥把数组下标为9的5i23.com修改为自己的网站URL,然后数组下标为11的目标网页修改自己成网站,将计就计,哈哈!
好吧,先找个转换工具把我们新的URL用十六进制加密,然后将百分号(%)替换成:x
实战:caobug.com(数组 9)
工具:http://www.55la.cn/UrlCrypt/
加密后:%63%61%6F%62%75%67%2E%63%6F%6D
替换后:x63x61x6Fx62x75x67x2Ex63x6Fx6D
弹出信息也替换了(数组 10):
加密后:%53%6F%72%72%79%21%20%43%61%6F%62%75%67%2E%63%6F%6D
替换后:x53x6Fx72x72x79x21x20x43x61x6Fx62x75x67x2Ex63x6Fx6D
侵权后跳转到(数组 11):
加密后:%77%77%77%2E%63%61%6F%62%75%67%2E%63%6F%6D(www.caobug.com)
替换后:x20x68x74x74x70x3Ax2Fx2Fx77x77x77x2Ex63x61x6Fx62x75x67x2Ex63x6Fx6D(http://www.caobug.com)
其中,x20x68x74x74x70x3Ax2Fx2F 表示:http://,有的工具无法转换,我们就自己添加上。
最终结果:
1
|
var _0xb200=[ "x6Cx6Fx63x61x74x69x6Fx6E" , "x72x65x70x6Cx61x63x65" , "x74x6Fx70" , "x68x72x65x66" , "x74x6Fx4Cx6Fx77x65x72x43x61x73x65" , "x73x75x62x73x74x72" , "x77x77x77x2E" , "x69x6Ex64x65x78x4Fx66" , "x6Cx6Fx63x61x6Cx68x6Fx73x74" , "x63x61x6Fx62x75x67x2Ex63x6Fx6D" , "x53x6Fx72x72x79x21x20x43x61x6Fx62x75x67x2Ex63x6Fx6D" , "x20x68x74x74x70x3Ax2Fx2Fx77x77x77x2Ex63x61x6Fx62x75x67x2Ex63x6Fx6D" ]; |
我们粘贴到 test.html,看下能否正常输出我们加密的字符串。
1
2
3
4
5
6
|
<scripttype= "text/javascript" > var _0xb200=[ "x6Cx6Fx63x61x74x69x6Fx6E" , "x72x65x70x6Cx61x63x65" , "x74x6Fx70" , "x68x72x65x66" , "x74x6Fx4Cx6Fx77x65x72x43x61x73x65" , "x73x75x62x73x74x72" , "x77x77x77x2E" , "x69x6Ex64x65x78x4Fx66" , "x6Cx6Fx63x61x6Cx68x6Fx73x74" , "x63x61x6Fx62x75x67x2Ex63x6Fx6D" , "x53x6Fx72x72x79x21x20x43x61x6Fx62x75x67x2Ex63x6Fx6D" , "x20x68x74x74x70x3Ax2Fx2Fx77x77x77x2Ex63x61x6Fx62x75x67x2Ex63x6Fx6D" ]; for ( var i =0; i < _0xb200.length; i++){ alert(i + ': ' + _0xb200[i]); } </script> |
输出结果:
0: location
1: replace
2: top
3: href
4: toLowerCase
5: substr
6: www.
7: indexOf
8: localhost
9: caobug.com
10: Sorry! Caobug.com
11: http://www.caobug.com
哇塞,一次成功。我们到此就可以替换开发者提供的文件啦~
1
|
var _0xb200=[ "x6Cx6Fx63x61x74x69x6Fx6E" , "x72x65x70x6Cx61x63x65" , "x74x6Fx70" , "x68x72x65x66" , "x74x6Fx4Cx6Fx77x65x72x43x61x73x65" , "x73x75x62x73x74x72" , "x77x77x77x2E" , "x69x6Ex64x65x78x4Fx66" , "x6Cx6Fx63x61x6Cx68x6Fx73x74" , "x35x69x32x33x2Ex63x6Fx6D" , "x53x6Fx72x72x79x21x20x53x69x6Ex67x63x65x72x65x2Ex4Ex65x74" , "x20x68x74x74x70x3Ax2Fx2Fx77x77x77x2Ex73x69x6Ex67x63x65x72x65x2Ex6Ex65x74" ]; |
替换成:
1
|
var _0xb200=[ "x6Cx6Fx63x61x74x69x6Fx6E" , "x72x65x70x6Cx61x63x65" , "x74x6Fx70" , "x68x72x65x66" , "x74x6Fx4Cx6Fx77x65x72x43x61x73x65" , "x73x75x62x73x74x72" , "x77x77x77x2E" , "x69x6Ex64x65x78x4Fx66" , "x6Cx6Fx63x61x6Cx68x6Fx73x74" , "x63x61x6Fx62x75x67x2Ex63x6Fx6D" , "x53x6Fx72x72x79x21x20x43x61x6Fx62x75x67x2Ex63x6Fx6D" , "x20x68x74x74x70x3Ax2Fx2Fx77x77x77x2Ex63x61x6Fx62x75x67x2Ex63x6Fx6D" ]; |
最后成功了,我们使用 127.0.0.1 等其它域名访问都会弹出提示框,然后跳到 caobug.com 网站。
到这里,问题就解决了,也实现了我们的想法。假期结束了,还没睡够呢~