爬蟲入門到放棄系列07:js混淆、eval加密、字體加密三大反爬技術

前言

如果再說IP請求次數檢測、驗證碼這種最常見的反爬蟲技術,可能大家聽得耳朵都出繭子了。當然,也有的同學寫了了幾天的爬蟲,覺得爬蟲太簡單、沒有啥挑戰性。所以特地找了三個有一定難度的網站,希望可以有興趣的手動實踐一下。

此篇文章只作知識擴展和思路引導,其中涉及的網站反爬技術,僅做技術學習探討。

字體加密

字體加密總結成一句話:你看到的不是你看到的。

地址

貓眼電影://maoyan.com/films/343568

問題還原

最近的哥斯拉大戰金剛看了沒啊,好看不,評分高不高,票房多少了?讓我們去貓眼看一看吧。

哥斯拉大戰金剛

這一看問題就來了:為什麼評分和票房在源碼里都是”口口”?在頁面中看到的評分和票房去哪兒了?

追根溯源

話不多說,先看源碼:

看完更疑問了,這個&#x又是啥?這個其實是html中的轉義序列,表示後面跟着的是十六進制,處理後在控制台打印一下,如圖:

這些數字和票房目前是一分錢關係都沒有。那就想辦法讓他們有所關聯。

從網頁中找到了以下代碼:

font-face

其實這就是在css中使用@font-face通過woff文件自定義了字體,源碼中的十六進制數字必須通過這個字體映射才能正確顯示。就像UTF-8和GBK的關係,編碼和解碼一致才不會出現亂碼。

這裡我將woff字體文件下載到本地並用工具打開。

字體內容

從網頁上看到票房是5.74億,這裡就主要關注數字5。從上圖可以看出5對應的是glyph11。

使用工具將woff文件轉換成xml格式:

glyph11對應的是id=11的glyph,其對應的name為uniE8CD。接着在xml中找到uniE8CD對應的十六進制:

十六進制對應

如圖,uniE8CD對應的是0xe8cd,也就是說數字5對應的是0xe8cd,正是在控制台輸出的第一個數字。

eval() & JS加密

js被加密後放在eval()中執行。如果想還原js,在開發者控制台使用console.log()輸出解密後的js。因為不論是eval()還是log(),js解析執行最終都依賴於瀏覽器內核。

地址

TV貓://www.tvmao.com/program/CCTV

問題還原

在頻道劇集頁,分為早間、午間、晚間節目。如圖:

網頁內容

在發起請求獲取頻道劇集數據的時候,發現返回內容只有早間節目數據,12點以後的劇集數據獲取不到。

查看網頁源碼:

劇集網頁源碼

追根溯源

我們在控制台的請求中,搜索網頁中的關鍵字”熊熊樂園”,害,果不其然,還真搜着了。

這個響應結果是一個數組,下標0代表標誌位:1代表獲取到了數據,0代表沒有獲取到數據;下標1是數據位,對應接口的返回數據。

解析此響應結果的代碼比較繁雜,需要對多餘內容進行替換。

代碼如下:

解析代碼

其實上面代碼它並不重要!!接着我們順着網線去看他的請求部分:

請求

從請求頭中可以看出,請求就一個參數p,1、2、3… 整整186位,你看這個參數它又長悠長,像那寂寥的雨巷。雖然等不來那撐着油紙傘的姑娘,但是至少可以先看看這個參數p是怎麼生成的。

在搜索框搜索api和pg關鍵字,找到下面代碼:

別管其他,帶有ajax字樣十有八九就是ajax請求了,參數p的值是變量a,在生成變量a的代碼處設置斷點,點擊頁面中的”查看更多”按鈕觸發斷點,接着進入A.d()方法:

往上翻,查看js上部分:

其實到這裡就已經可以結束了,你看在d()中又調用了w(),w()也調用了A中其他方法,將這個js中方法調用鏈搞清楚,將每個方法代碼都內聯起來,最後計算出參數p,就可以了。

那麼,說好的eval呢,說好的加密的js呢?

少俠莫慌,這就帶您繼續看下去。如果你仔細看,你就會發現上面的js的文件名是匿名/臨時的,所以說這不是網站原有的js文件,而是瀏覽器內核解析後的js。

那該怎麼找到原來的js文件?

不知少俠可知搜索功能,你看上面的js中有keyStr這個關鍵字,咱不妨搜索一波。

這不,如圖,eval()有了,加密js也有了,拷貝成文本如下:

eval(function(h, b, i, d, g, f) {
    g = function(a) {
        return (a < b ? "" : g(parseInt(a / b))) + ((a = a % b) > 35 ? String.fromCharCode(a + 29) : a.toString(36))
    }
    ;
    if (!"".replace(/^/, String)) {
        while (i--) {
            f[g(i)] = d[i] || g(i)
        }
        d = [function(a) {
            return f[a]
        }
        ];
        g = function() {
            return "\\w+"
        }
        ;
        i = 1
    }
    while (i--) {
        if (d[i]) {
            h = h.replace(new RegExp("\\b" + g(i) + "\\b","g"), d[i])
        }
    }
    return h
}('5 A={z:"1o+/=",1b:"1l=1k",J:j(a){5 b="";5 c,L,M,14,16,O,N;5 i=0;a=A.1g(a);1t(i<a.R){c=a.S(i++);L=a.S(i++);M=a.S(i++);14=c>>2;16=((c&3)<<4)|(L>>4);O=((L&15)<<2)|(M>>6);N=M&Q;9(1f(L)){O=N=18}K 9(1f(M)){N=18}b=b+y.z.C(14)+y.z.C(16)+y.z.C(O)+y.z.C(N)}8 b},H:j(a){a=a.1G();5 b=\'\';Z(5 i=0;i<a.R;i++){b+=y.1b[a.C(i)]}Z(5 i=0;i<a.R;i++){b+=y.z[a.C(i)]}8 b},1g:j(a){a=a.1B(/\\r\\n/g,"\\n");5 b="";Z(5 n=0;n<a.R;n++){5 c=a.S(n);9(c<P){b+=I.G(c)}K 9((c>1x)&&(c<1w)){b+=I.G((c>>6)|1q);b+=I.G((c&Q)|P)}K{b+=I.G((c>>12)|1p);b+=I.G(((c>>6)&Q)|P);b+=I.G((c&Q)|P)}}8 b},E:j(a){$(\':U[V="19"]\',a).10(A.J(\'l\'+$(".19",a).10()+\'o\'))},B:j(a){5 b=(1c 1d()).1i();9(a!=m)8 A.J(a+\'|\'+b);K 8 A.J(\'\'+b)},e:j(u){5 x=1;5 f=$(\'T\').13();5 a=f.W("U[11=\'1j\']");9(a!=m){x=2}K 9(u!=m){x=u}9(f==m)8 x;8 f.D(\'a\')},c:j(e){5 v;5 f=$(\'T\').13();9(f==m)8"";5 s=f.W("*[17=\'1m\']");9(s==m){v=f.W("U[11=\'1n\']");9(v==m)8"";v=e}v=s.D(\'Y\');8 v},d:j(p,h){5 v=A.w(h);5 a=$("1r.1s");5 x=a||p;9(a!=m){x=h||$("s.1h")}x=A.c();5 b=1c 1d();5 c=b.1u();5 d=b.1v();5 i=d==0?7:d;i=i*i;5 F=y.z.C(i);8 F+A.J(x+"|"+A.e(p))+v},w:j(v){5 t=$("1y");5 a="|";9(t==m){X="/"}K{X=v}5 r=A.J(a+k(X));8 r},s:j(a,b){5 c=y.z.C(1z);8 A.J(c+a)}};5 k=j(a){5 f=$(\'T\').13();9(f==m)8"";5 b=f.D(\'Y\');9(b==m)f.D(\'Y\',a);8 f.D(\'q\')};$(j(){5 b=$(\'<U 17="1A" V="1a"/>\');b.10(A.B());$(\'T[V="1C"]\').1D(b);$(\'a[11^="1E"]\').1F(j(){5 a=$(y).D("1e")+"&1a="+1H(A.B());$(y).D("1e",a)})});', 62, 106, "|||||var|||return|if||||||||||function|||undefined||||||||||||this|_keyStr|||charAt|attr|||fromCharCode||String||else|chr2|chr3|enc4|enc3|128|63|length|charCodeAt|form|input|name|find|tl|id|for|val|class||first|enc1||enc2|type|64|ed|ek|_keyStr2|new|Date|href|isNaN|_C|fix1|getTime|baidu|DVGO|KQMFS|submit|qq|ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789|224|192|div|fix|while|getUTCDate|getDay|2048|127|head|37|hidden|replace|frmlogin|append|by|each|toString|encodeURIComponent".split("|"), 0, {}))

在控制台中將eval()中的加密js使用console.log()打印出來,結果和之前的匿名js一樣。

如圖:

控制台

setCookie & 混淆加密

其實setCookie是一個js混淆加密,但是我之所以叫他setCookie,是因為它的代碼起點和核心圍繞着一個setCookie函數。

地址

智聯招聘://jobs.zhaopin.com/beijing

問題還原


當對上面網址發起請求,發現返回的網頁內容是一堆看不懂的”亂碼”。

如圖:

這裡我把響應內容複製了出來,供大家閱讀。

<html><script src="//aeu.alicdn.com/waf/antidomxss.js"></script><script>
var arg1='7CF8FE6084F244597FE93D42AFEB6C2ED7029D82';
var _0x4818=['\x63\x73\x4b\x48\x77\x71\x4d\x49','\x5a\x73\x4b\x4a\x77\x72\x38\x56\x65\x41\x73\x79','\x55\x63\x4b\x69\x4e\x38\x4f\x2f\x77\x70\x6c\x77\x4d\x41\x3d\x3d','\x4a\x52\x38\x43\x54\x67\x3d\x3d','\x59\x73\x4f\x6e\x62\x53\x45\x51\x77\x37\x6f\x7a\x77\x71\x5a\x4b\x65\x73\x4b\x55\x77\x37\x6b\x77\x58\x38\x4f\x52\x49\x51\x3d\x3d','\x77\x37\x6f\x56\x53\x38\x4f\x53\x77\x6f\x50\x43\x6c\x33\x6a\x43\x68\x4d\x4b\x68\x77\x36\x48\x44\x6c\x73\x4b\x58\x77\x34\x73\x2f\x59\x73\x4f\x47','\x66\x77\x56\x6d\x49\x31\x41\x74\x77\x70\x6c\x61\x59\x38\x4f\x74\x77\x35\x63\x4e\x66\x53\x67\x70\x77\x36\x4d\x3d','\x4f\x63\x4f\x4e\x77\x72\x6a\x43\x71\x73\x4b\x78\x54\x47\x54\x43\x68\x73\x4f\x6a\x45\x57\x45\x38\x50\x63\x4f\x63\x4a\x38\x4b\x36','\x55\x38\x4b\x35\x4c\x63\x4f\x74\x77\x70\x56\x30\x45\x4d\x4f\x6b\x77\x34\x37\x44\x72\x4d\x4f\x58','\x48\x4d\x4f\x32\x77\x6f\x48\x43\x69\x4d\x4b\x39\x53\x6c\x58\x43\x6c\x63\x4f\x6f\x43\x31\x6b\x3d','\x61\x73\x4b\x49\x77\x71\x4d\x44\x64\x67\x4d\x75\x50\x73\x4f\x4b\x42\x4d\x4b\x63\x77\x72\x72\x43\x74\x6b\x4c\x44\x72\x4d\x4b\x42\x77\x36\x34\x64','\x77\x71\x49\x6d\x4d\x54\x30\x74\x77\x36\x52\x4e\x77\x35\x6b\x3d','\x44\x4d\x4b\x63\x55\x30\x4a\x6d\x55\x77\x55\x76','\x56\x6a\x48\x44\x6c\x4d\x4f\x48\x56\x63\x4f\x4e\x58\x33\x66\x44\x69\x63\x4b\x4a\x48\x51\x3d\x3d','\x77\x71\x68\x42\x48\x38\x4b\x6e\x77\x34\x54\x44\x68\x53\x44\x44\x67\x4d\x4f\x64\x77\x72\x6a\x43\x6e\x63\x4f\x57\x77\x70\x68\x68\x4e\x38\x4b\x43\x47\x63\x4b\x71\x77\x36\x64\x48\x41\x55\x35\x2b\x77\x72\x67\x32\x4a\x63\x4b\x61\x77\x34\x49\x45\x4a\x63\x4f\x63\x77\x72\x52\x4a\x77\x6f\x5a\x30\x77\x71\x46\x39\x59\x67\x41\x56','\x64\x7a\x64\x32\x77\x35\x62\x44\x6d\x33\x6a\x44\x70\x73\x4b\x33\x77\x70\x59\x3d','\x77\x34\x50\x44\x67\x63\x4b\x58\x77\x6f\x33\x43\x6b\x63\x4b\x4c\x77\x72\x35\x71\x77\x72\x59\x3d','\x77\x72\x4a\x4f\x54\x63\x4f\x51\x57\x4d\x4f\x67','\x77\x71\x54\x44\x76\x63\x4f\x6a\x77\x34\x34\x37\x77\x72\x34\x3d','\x77\x35\x58\x44\x71\x73\x4b\x68\x4d\x46\x31\x2f','\x77\x72\x41\x79\x48\x73\x4f\x66\x77\x70\x70\x63','\x4a\x33\x64\x56\x50\x63\x4f\x78\x4c\x67\x3d\x3d','\x77\x72\x64\x48\x77\x37\x70\x39\x5a\x77\x3d\x3d','\x77\x34\x72\x44\x6f\x38\x4b\x6d\x4e\x45\x77\x3d','\x49\x4d\x4b\x41\x55\x6b\x42\x74','\x77\x36\x62\x44\x72\x63\x4b\x51\x77\x70\x56\x48\x77\x70\x4e\x51\x77\x71\x55\x3d','\x64\x38\x4f\x73\x57\x68\x41\x55\x77\x37\x59\x7a\x77\x72\x55\x3d','\x77\x71\x6e\x43\x6b\x73\x4f\x65\x65\x7a\x72\x44\x68\x77\x3d\x3d','\x55\x73\x4b\x6e\x49\x4d\x4b\x57\x56\x38\x4b\x2f','\x77\x34\x7a\x44\x6f\x63\x4b\x38\x4e\x55\x5a\x76','\x63\x38\x4f\x78\x5a\x68\x41\x4a\x77\x36\x73\x6b\x77\x71\x4a\x6a','\x50\x63\x4b\x49\x77\x34\x6e\x43\x6b\x6b\x56\x62','\x4b\x48\x67\x6f\x64\x4d\x4f\x32\x56\x51\x3d\x3d','\x77\x70\x73\x6d\x77\x71\x76\x44\x6e\x47\x46\x71','\x77\x71\x4c\x44\x74\x38\x4f\x6b\x77\x34\x63\x3d','\x77\x37\x77\x31\x77\x34\x50\x43\x70\x73\x4f\x34\x77\x71\x41\x3d','\x77\x71\x39\x46\x52\x73\x4f\x71\x57\x4d\x4f\x71','\x62\x79\x42\x68\x77\x37\x72\x44\x6d\x33\x34\x3d','\x4c\x48\x67\x2b\x53\x38\x4f\x74\x54\x77\x3d\x3d','\x77\x71\x68\x4f\x77\x37\x31\x35\x64\x73\x4f\x48','\x55\x38\x4f\x37\x56\x73\x4f\x30\x77\x71\x76\x44\x76\x63\x4b\x75\x4b\x73\x4f\x71\x58\x38\x4b\x72','\x59\x69\x74\x74\x77\x35\x44\x44\x6e\x57\x6e\x44\x72\x41\x3d\x3d','\x59\x4d\x4b\x49\x77\x71\x55\x55\x66\x67\x49\x6b','\x61\x42\x37\x44\x6c\x4d\x4f\x44\x54\x51\x3d\x3d','\x77\x70\x66\x44\x68\x38\x4f\x72\x77\x36\x6b\x6b','\x77\x37\x76\x43\x71\x4d\x4f\x72\x59\x38\x4b\x41\x56\x6b\x35\x4f\x77\x70\x6e\x43\x75\x38\x4f\x61\x58\x73\x4b\x5a\x50\x33\x44\x43\x6c\x63\x4b\x79\x77\x36\x48\x44\x72\x51\x3d\x3d','\x77\x6f\x77\x2b\x77\x36\x76\x44\x6d\x48\x70\x73\x77\x37\x52\x74\x77\x6f\x39\x38\x4c\x43\x37\x43\x69\x47\x37\x43\x6b\x73\x4f\x52\x54\x38\x4b\x6c\x57\x38\x4f\x35\x77\x72\x33\x44\x69\x38\x4f\x54\x48\x73\x4f\x44\x65\x48\x6a\x44\x6d\x63\x4b\x6c\x4a\x73\x4b\x71\x56\x41\x3d\x3d','\x4e\x77\x56\x2b','\x77\x37\x48\x44\x72\x63\x4b\x74\x77\x70\x4a\x61\x77\x70\x5a\x62','\x77\x70\x51\x73\x77\x71\x76\x44\x69\x48\x70\x75\x77\x36\x49\x3d','\x59\x4d\x4b\x55\x77\x71\x4d\x4a\x5a\x51\x3d\x3d','\x4b\x48\x31\x56\x4b\x63\x4f\x71\x4b\x73\x4b\x31','\x66\x51\x35\x73\x46\x55\x6b\x6b\x77\x70\x49\x3d','\x77\x72\x76\x43\x72\x63\x4f\x42\x52\x38\x4b\x6b','\x4d\x33\x77\x30\x66\x51\x3d\x3d','\x77\x36\x78\x58\x77\x71\x50\x44\x76\x4d\x4f\x46\x77\x6f\x35\x64'];(function(_0x4c97f0,_0x1742fd){var _0x4db1c=function(_0x48181e){while(--_0x48181e){_0x4c97f0['\x70\x75\x73\x68'](_0x4c97f0['\x73\x68\x69\x66\x74']());}};var _0x3cd6c6=function(){var _0xb8360b={'\x64\x61\x74\x61':{'\x6b\x65\x79':'\x63\x6f\x6f\x6b\x69\x65','\x76\x61\x6c\x75\x65':'\x74\x69\x6d\x65\x6f\x75\x74'},'\x73\x65\x74\x43\x6f\x6f\x6b\x69\x65':function(_0x20bf34,_0x3e840e,_0x5693d3,_0x5e8b26){_0x5e8b26=_0x5e8b26||{};var _0xba82f0=_0x3e840e+'\x3d'+_0x5693d3;var _0x5afe31=0x0;for(var _0x5afe31=0x0,_0x178627=_0x20bf34['\x6c\x65\x6e\x67\x74\x68'];_0x5afe31<_0x178627;_0x5afe31++){var _0x41b2ff=_0x20bf34[_0x5afe31];_0xba82f0+='\x3b\x20'+_0x41b2ff;var _0xd79219=_0x20bf34[_0x41b2ff];_0x20bf34['\x70\x75\x73\x68'](_0xd79219);_0x178627=_0x20bf34['\x6c\x65\x6e\x67\x74\x68'];if(_0xd79219!==!![]){_0xba82f0+='\x3d'+_0xd79219;}}_0x5e8b26['\x63\x6f\x6f\x6b\x69\x65']=_0xba82f0;},'\x72\x65\x6d\x6f\x76\x65\x43\x6f\x6f\x6b\x69\x65':function(){return'\x64\x65\x76';},'\x67\x65\x74\x43\x6f\x6f\x6b\x69\x65':function(_0x4a11fe,_0x189946){_0x4a11fe=_0x4a11fe||function(_0x6259a2){return _0x6259a2;};var _0x25af93=_0x4a11fe(new RegExp('\x28\x3f\x3a\x5e\x7c\x3b\x20\x29'+_0x189946['\x72\x65\x70\x6c\x61\x63\x65'](/([.$?*|{}()[]\/+^])/g,'\x24\x31')+'\x3d\x28\x5b\x5e\x3b\x5d\x2a\x29'));var _0x52d57c=function(_0x105f59,_0x3fd789){_0x105f59(++_0x3fd789);};_0x52d57c(_0x4db1c,_0x1742fd);return _0x25af93?decodeURIComponent(_0x25af93[0x1]):undefined;}};var _0x4a2aed=function(){var _0x124d17=new RegExp('\x5c\x77\x2b\x20\x2a\x5c\x28\x5c\x29\x20\x2a\x7b\x5c\x77\x2b\x20\x2a\x5b\x27\x7c\x22\x5d\x2e\x2b\x5b\x27\x7c\x22\x5d\x3b\x3f\x20\x2a\x7d');return _0x124d17['\x74\x65\x73\x74'](_0xb8360b['\x72\x65\x6d\x6f\x76\x65\x43\x6f\x6f\x6b\x69\x65']['\x74\x6f\x53\x74\x72\x69\x6e\x67']());};_0xb8360b['\x75\x70\x64\x61\x74\x65\x43\x6f\x6f\x6b\x69\x65']=_0x4a2aed;var _0x2d67ec='';var _0x120551=_0xb8360b['\x75\x70\x64\x61\x74\x65\x43\x6f\x6f\x6b\x69\x65']();if(!_0x120551){_0xb8360b['\x73\x65\x74\x43\x6f\x6f\x6b\x69\x65'](['\x2a'],'\x63\x6f\x75\x6e\x74\x65\x72',0x1);}else if(_0x120551){_0x2d67ec=_0xb8360b['\x67\x65\x74\x43\x6f\x6f\x6b\x69\x65'](null,'\x63\x6f\x75\x6e\x74\x65\x72');}else{_0xb8360b['\x72\x65\x6d\x6f\x76\x65\x43\x6f\x6f\x6b\x69\x65']();}};_0x3cd6c6();}(_0x4818,0x15b));var _0x55f3=function(_0x4c97f0,_0x1742fd){var _0x4c97f0=parseInt(_0x4c97f0,0x10);var _0x48181e=_0x4818[_0x4c97f0];if(!_0x55f3['\x61\x74\x6f\x62\x50\x6f\x6c\x79\x66\x69\x6c\x6c\x41\x70\x70\x65\x6e\x64\x65\x64']){(function(){var _0xdf49c6=Function('\x72\x65\x74\x75\x72\x6e\x20\x28\x66\x75\x6e\x63\x74\x69\x6f\x6e\x20\x28\x29\x20'+'\x7b\x7d\x2e\x63\x6f\x6e\x73\x74\x72\x75\x63\x74\x6f\x72\x28\x22\x72\x65\x74\x75\x72\x6e\x20\x74\x68\x69\x73\x22\x29\x28\x29'+'\x29\x3b');var _0xb8360b=_0xdf49c6();var _0x389f44='\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x2b\x2f\x3d';_0xb8360b['\x61\x74\x6f\x62']||(_0xb8360b['\x61\x74\x6f\x62']=function(_0xba82f0){var _0xec6bb4=String(_0xba82f0)['\x72\x65\x70\x6c\x61\x63\x65'](/=+$/,'');for(var _0x1a0f04=0x0,_0x18c94e,_0x41b2ff,_0xd79219=0x0,_0x5792f7='';_0x41b2ff=_0xec6bb4['\x63\x68\x61\x72\x41\x74'](_0xd79219++);~_0x41b2ff&&(_0x18c94e=_0x1a0f04%0x4?_0x18c94e*0x40+_0x41b2ff:_0x41b2ff,_0x1a0f04++%0x4)?_0x5792f7+=String['\x66\x72\x6f\x6d\x43\x68\x61\x72\x43\x6f\x64\x65'](0xff&_0x18c94e>>(-0x2*_0x1a0f04&0x6)):0x0){_0x41b2ff=_0x389f44['\x69\x6e\x64\x65\x78\x4f\x66'](_0x41b2ff);}return _0x5792f7;});}());_0x55f3['\x61\x74\x6f\x62\x50\x6f\x6c\x79\x66\x69\x6c\x6c\x41\x70\x70\x65\x6e\x64\x65\x64']=!![];}if(!_0x55f3['\x72\x63\x34']){var _0x232678=function(_0x401af1,_0x532ac0){var _0x45079a=[],_0x52d57c=0x0,_0x105f59,_0x3fd789='',_0x4a2aed='';_0x401af1=atob(_0x401af1);for(var _0x124d17=0x0,_0x1b9115=_0x401af1['\x6c\x65\x6e\x67\x74\x68'];_0x124d17<_0x1b9115;_0x124d17++){_0x4a2aed+='\x25'+('\x30\x30'+_0x401af1['\x63\x68\x61\x72\x43\x6f\x64\x65\x41\x74'](_0x124d17)['\x74\x6f\x53\x74\x72\x69\x6e\x67'](0x10))['\x73\x6c\x69\x63\x65'](-0x2);}_0x401af1=decodeURIComponent(_0x4a2aed);for(var _0x2d67ec=0x0;_0x2d67ec<0x100;_0x2d67ec++){_0x45079a[_0x2d67ec]=_0x2d67ec;}for(_0x2d67ec=0x0;_0x2d67ec<0x100;_0x2d67ec++){_0x52d57c=(_0x52d57c+_0x45079a[_0x2d67ec]+_0x532ac0['\x63\x68\x61\x72\x43\x6f\x64\x65\x41\x74'](_0x2d67ec%_0x532ac0['\x6c\x65\x6e\x67\x74\x68']))%0x100;_0x105f59=_0x45079a[_0x2d67ec];_0x45079a[_0x2d67ec]=_0x45079a[_0x52d57c];_0x45079a[_0x52d57c]=_0x105f59;}_0x2d67ec=0x0;_0x52d57c=0x0;for(var _0x4e5ce2=0x0;_0x4e5ce2<_0x401af1['\x6c\x65\x6e\x67\x74\x68'];_0x4e5ce2++){_0x2d67ec=(_0x2d67ec+0x1)%0x100;_0x52d57c=(_0x52d57c+_0x45079a[_0x2d67ec])%0x100;_0x105f59=_0x45079a[_0x2d67ec];_0x45079a[_0x2d67ec]=_0x45079a[_0x52d57c];_0x45079a[_0x52d57c]=_0x105f59;_0x3fd789+=String['\x66\x72\x6f\x6d\x43\x68\x61\x72\x43\x6f\x64\x65'](_0x401af1['\x63\x68\x61\x72\x43\x6f\x64\x65\x41\x74'](_0x4e5ce2)^_0x45079a[(_0x45079a[_0x2d67ec]+_0x45079a[_0x52d57c])%0x100]);}return _0x3fd789;};_0x55f3['\x72\x63\x34']=_0x232678;}if(!_0x55f3['\x64\x61\x74\x61']){_0x55f3['\x64\x61\x74\x61']={};}if(_0x55f3['\x64\x61\x74\x61'][_0x4c97f0]===undefined){if(!_0x55f3['\x6f\x6e\x63\x65']){var _0x5f325c=function(_0x23a392){this['\x72\x63\x34\x42\x79\x74\x65\x73']=_0x23a392;this['\x73\x74\x61\x74\x65\x73']=[0x1,0x0,0x0];this['\x6e\x65\x77\x53\x74\x61\x74\x65']=function(){return'\x6e\x65\x77\x53\x74\x61\x74\x65';};this['\x66\x69\x72\x73\x74\x53\x74\x61\x74\x65']='\x5c\x77\x2b\x20\x2a\x5c\x28\x5c\x29\x20\x2a\x7b\x5c\x77\x2b\x20\x2a';this['\x73\x65\x63\x6f\x6e\x64\x53\x74\x61\x74\x65']='\x5b\x27\x7c\x22\x5d\x2e\x2b\x5b\x27\x7c\x22\x5d\x3b\x3f\x20\x2a\x7d';};_0x5f325c['\x70\x72\x6f\x74\x6f\x74\x79\x70\x65']['\x63\x68\x65\x63\x6b\x53\x74\x61\x74\x65']=function(){var _0x19f809=new RegExp(this['\x66\x69\x72\x73\x74\x53\x74\x61\x74\x65']+this['\x73\x65\x63\x6f\x6e\x64\x53\x74\x61\x74\x65']);return this['\x72\x75\x6e\x53\x74\x61\x74\x65'](_0x19f809['\x74\x65\x73\x74'](this['\x6e\x65\x77\x53\x74\x61\x74\x65']['\x74\x6f\x53\x74\x72\x69\x6e\x67']())?--this['\x73\x74\x61\x74\x65\x73'][0x1]:--this['\x73\x74\x61\x74\x65\x73'][0x0]);};_0x5f325c['\x70\x72\x6f\x74\x6f\x74\x79\x70\x65']['\x72\x75\x6e\x53\x74\x61\x74\x65']=function(_0x4380bd){if(!Boolean(~_0x4380bd)){return _0x4380bd;}return this['\x67\x65\x74\x53\x74\x61\x74\x65'](this['\x72\x63\x34\x42\x79\x74\x65\x73']);};_0x5f325c['\x70\x72\x6f\x74\x6f\x74\x79\x70\x65']['\x67\x65\x74\x53\x74\x61\x74\x65']=function(_0x58d85e){for(var _0x1c9f5b=0x0,_0x1ce9e0=this['\x73\x74\x61\x74\x65\x73']['\x6c\x65\x6e\x67\x74\x68'];_0x1c9f5b<_0x1ce9e0;_0x1c9f5b++){this['\x73\x74\x61\x74\x65\x73']['\x70\x75\x73\x68'](Math['\x72\x6f\x75\x6e\x64'](Math['\x72\x61\x6e\x64\x6f\x6d']()));_0x1ce9e0=this['\x73\x74\x61\x74\x65\x73']['\x6c\x65\x6e\x67\x74\x68'];}return _0x58d85e(this['\x73\x74\x61\x74\x65\x73'][0x0]);};new _0x5f325c(_0x55f3)['\x63\x68\x65\x63\x6b\x53\x74\x61\x74\x65']();_0x55f3['\x6f\x6e\x63\x65']=!![];}_0x48181e=_0x55f3['\x72\x63\x34'](_0x48181e,_0x1742fd);_0x55f3['\x64\x61\x74\x61'][_0x4c97f0]=_0x48181e;}else{_0x48181e=_0x55f3['\x64\x61\x74\x61'][_0x4c97f0];}return _0x48181e;};var arg3=null;var arg4=null;var arg5=null;var arg6=null;var arg7=null;var arg8=null;var arg9=null;var arg10=null;var l=function(){while(window[_0x55f3('0x1', '\x58\x4d\x57\x5e')]||window['\x5f\x5f\x70\x68\x61\x6e\x74\x6f\x6d\x61\x73']){};var _0x5e8b26=_0x55f3('0x3', '\x6a\x53\x31\x59');String[_0x55f3('0x5', '\x6e\x5d\x66\x52')][_0x55f3('0x6', '\x50\x67\x35\x34')]=function(_0x4e08d8){var _0x5a5d3b='';for(var _0xe89588=0x0;_0xe89588<this[_0x55f3('0x8', '\x29\x68\x52\x63')]&&_0xe89588<_0x4e08d8[_0x55f3('0xa', '\x6a\x45\x26\x5e')];_0xe89588+=0x2){var _0x401af1=parseInt(this[_0x55f3('0xb', '\x56\x32\x4b\x45')](_0xe89588,_0xe89588+0x2),0x10);var _0x105f59=parseInt(_0x4e08d8[_0x55f3('0xd', '\x58\x4d\x57\x5e')](_0xe89588,_0xe89588+0x2),0x10);var _0x189e2c=(_0x401af1^_0x105f59)[_0x55f3('0xf', '\x57\x31\x46\x45')](0x10);if(_0x189e2c[_0x55f3('0x11', '\x4d\x47\x72\x76')]==0x1){_0x189e2c='\x30'+_0x189e2c;}_0x5a5d3b+=_0x189e2c;}return _0x5a5d3b;};String['\x70\x72\x6f\x74\x6f\x74\x79\x70\x65'][_0x55f3('0x14', '\x5a\x2a\x44\x4d')]=function(){var _0x4b082b=[0xf,0x23,0x1d,0x18,0x21,0x10,0x1,0x26,0xa,0x9,0x13,0x1f,0x28,0x1b,0x16,0x17,0x19,0xd,0x6,0xb,0x27,0x12,0x14,0x8,0xe,0x15,0x20,0x1a,0x2,0x1e,0x7,0x4,0x11,0x5,0x3,0x1c,0x22,0x25,0xc,0x24];var _0x4da0dc=[];var _0x12605e='';for(var _0x20a7bf=0x0;_0x20a7bf<this['\x6c\x65\x6e\x67\x74\x68'];_0x20a7bf++){var _0x385ee3=this[_0x20a7bf];for(var _0x217721=0x0;_0x217721<_0x4b082b[_0x55f3('0x16', '\x61\x48\x2a\x4e')];_0x217721++){if(_0x4b082b[_0x217721]==_0x20a7bf+0x1){_0x4da0dc[_0x217721]=_0x385ee3;}}}_0x12605e=_0x4da0dc['\x6a\x6f\x69\x6e']('');return _0x12605e;};var _0x23a392=arg1[_0x55f3('0x19', '\x50\x67\x35\x34')]();arg2=_0x23a392[_0x55f3('0x1b', '\x7a\x35\x4f\x26')](_0x5e8b26);setTimeout('\x72\x65\x6c\x6f\x61\x64\x28\x61\x72\x67\x32\x29',0x2);};var _0x4db1c=function(){function _0x355d23(_0x450614){if((''+_0x450614/_0x450614)[_0x55f3('0x1c', '\x56\x32\x4b\x45')]!==0x1||_0x450614%0x14===0x0){(function(){}[_0x55f3('0x1d', '\x43\x4e\x55\x59')]((undefined+'')[0x2]+(!![]+'')[0x3]+([][_0x55f3('0x1e', '\x77\x38\x50\x52')]()+'')[0x2]+(undefined+'')[0x0]+(![]+[0x0]+String)[0x14]+(![]+[0x0]+String)[0x14]+(!![]+'')[0x3]+(!![]+'')[0x1])());}else{(function(){}['\x63\x6f\x6e\x73\x74\x72\x75\x63\x74\x6f\x72']((undefined+'')[0x2]+(!![]+'')[0x3]+([][_0x55f3('0x1f', '\x4c\x24\x28\x44')]()+'')[0x2]+(undefined+'')[0x0]+(![]+[0x0]+String)[0x14]+(![]+[0x0]+String)[0x14]+(!![]+'')[0x3]+(!![]+'')[0x1])());}_0x355d23(++_0x450614);}try{_0x355d23(0x0);}catch(_0x54c483){}};if(function(){var _0x470d8f=function(){var _0x4c97f0=!![];return function(_0x1742fd,_0x4db1c){var _0x48181e=_0x4c97f0?function(){if(_0x4db1c){var _0x55f3be=_0x4db1c['\x61\x70\x70\x6c\x79'](_0x1742fd,arguments);_0x4db1c=null;return _0x55f3be;}}:function(){};_0x4c97f0=![];return _0x48181e;};}();var _0x501fd7=_0x470d8f(this,function(){var _0x4c97f0=function(){return'\x64\x65\x76';},_0x1742fd=function(){return'\x77\x69\x6e\x64\x6f\x77';};var _0x55f3be=function(){var _0x3ad9a1=new RegExp('\x5c\x77\x2b\x20\x2a\x5c\x28\x5c\x29\x20\x2a\x7b\x5c\x77\x2b\x20\x2a\x5b\x27\x7c\x22\x5d\x2e\x2b\x5b\x27\x7c\x22\x5d\x3b\x3f\x20\x2a\x7d');return!_0x3ad9a1['\x74\x65\x73\x74'](_0x4c97f0['\x74\x6f\x53\x74\x72\x69\x6e\x67']());};var _0x1b93ad=function(){var _0x20bf34=new RegExp('\x28\x5c\x5c\x5b\x78\x7c\x75\x5d\x28\x5c\x77\x29\x7b\x32\x2c\x34\x7d\x29\x2b');return _0x20bf34['\x74\x65\x73\x74'](_0x1742fd['\x74\x6f\x53\x74\x72\x69\x6e\x67']());};var _0x5afe31=function(_0x178627){var _0x1a0f04=~-0x1>>0x1+0xff%0x0;if(_0x178627['\x69\x6e\x64\x65\x78\x4f\x66']('\x69'===_0x1a0f04)){_0xd79219(_0x178627);}};var _0xd79219=function(_0x5792f7){var _0x4e08d8=~-0x4>>0x1+0xff%0x0;if(_0x5792f7['\x69\x6e\x64\x65\x78\x4f\x66']((!![]+'')[0x3])!==_0x4e08d8){_0x5afe31(_0x5792f7);}};if(!_0x55f3be()){if(!_0x1b93ad()){_0x5afe31('\x69\x6e\x64е\x78\x4f\x66');}else{_0x5afe31('\x69\x6e\x64\x65\x78\x4f\x66');}}else{_0x5afe31('\x69\x6e\x64е\x78\x4f\x66');}});_0x501fd7();var _0x3a394d=function(){var _0x1ab151=!![];return function(_0x372617,_0x42d229){var _0x3b3503=_0x1ab151?function(){if(_0x42d229){var _0x7086d9=_0x42d229[_0x55f3('0x21', '\x4b\x4e\x29\x46')](_0x372617,arguments);_0x42d229=null;return _0x7086d9;}}:function(){};_0x1ab151=![];return _0x3b3503;};}();var _0x5b6351=_0x3a394d(this,function(){var _0x46cbaa=Function(_0x55f3('0x22', '\x26\x68\x5a\x59')+_0x55f3('0x23', '\x61\x48\x2a\x4e')+'\x29\x3b');var _0x1766ff=function(){};var _0x9b5e29=_0x46cbaa();_0x9b5e29[_0x55f3('0x26', '\x61\x48\x2a\x4e')]['\x6c\x6f\x67']=_0x1766ff;_0x9b5e29[_0x55f3('0x29', '\x56\x25\x59\x52')][_0x55f3('0x2a', '\x50\x5e\x45\x71')]=_0x1766ff;_0x9b5e29[_0x55f3('0x2c', '\x6c\x67\x4d\x30')][_0x55f3('0x2d', '\x4c\x24\x28\x44')]=_0x1766ff;_0x9b5e29[_0x55f3('0x2f', '\x43\x5a\x63\x38')][_0x55f3('0x30', '\x57\x75\x36\x25')]=_0x1766ff;});_0x5b6351();try{return!!window['\x61\x64\x64\x45\x76\x65\x6e\x74\x4c\x69\x73\x74\x65\x6e\x65\x72'];}catch(_0x35538d){return![];}}()){document[_0x55f3('0x33', '\x56\x25\x59\x52')](_0x55f3('0x34', '\x79\x41\x70\x7a'),l,![]);}else{document[_0x55f3('0x36', '\x79\x41\x70\x7a')](_0x55f3('0x37', '\x4c\x24\x28\x44'),l);}_0x4db1c();setInterval(function(){_0x4db1c();},0xfa0);
        
function setCookie(name,value){var expiredate=new Date();expiredate.setTime(expiredate.getTime()+(3600*1000));document.cookie=name+"="+value+";expires="+expiredate.toGMTString()+";max-age=3600;path=/";}
function reload(x) {setCookie("acw_sc__v2", x);document.location.reload();}
</script></html>

追根溯源

這個是不是看起來比eval()還要頭大一些,密密麻麻的都是16進制數。別慌,讓我來給他美化一波!!

< html > < script src = "//aeu.alicdn.com/waf/antidomxss.js" > < /script><script>
var arg1='7CF8FE6084F244597FE93D42AFEB6C2ED7029D82';
var _0x4818=['csKHwqMI','ZsKJwr8VeAsy','UcKiN8O/wplwMA==','JR8CTg==','YsOnbSEQw7ozwqZKesKUw7kwX8ORIQ==','w7oVS8OSwoPCl3jChMKhw6HDlsKXw4s/YsOG','fwVmI1AtwplaY8Otw5cNfSgpw6M=','OcONwrjCqsKxTGTChsOjEWE8PcOcJ8K6','U8K5LcOtwpV0EMOkw47DrMOX','HMO2woHCiMK9SlXClcOoC1k=','asKIwqMDdgMuPsOKBMKcwrrCtkLDrMKBw64d','wqImMT0tw6RNw5k=','DMKcU0JmUwUv','VjHDlMOHVcONX3fDicKJHQ==','wqhBH8Knw4TDhSDDgMOdwrjCncOWwphhN8KCGcKqw6dHAU5+wrg2JcKaw4IEJcOcwrRJwoZ0wqF9YgAV','dzd2w5bDm3jDpsK3wpY=','w4PDgcKXwo3CkcKLwr5qwrY=','wrJOTcOQWMOg','wqTDvcOjw447wr4=','w5XDqsKhMF1/','wrAyHsOfwppc','J3dVPcOxLg==','wrdHw7p9Zw==','w4rDo8KmNEw=','IMKAUkBt','w6bDrcKQwpVHwpNQwqU=','d8OsWhAUw7YzwrU=','wqnCksOeezrDhw==','UsKnIMKWV8K/','w4zDocK8NUZv','c8OxZhAJw6skwqJj','PcKIw4nCkkVb','KHgodMO2VQ==','wpsmwqvDnGFq','wqLDt8Okw4c=','w7w1w4PCpsO4wqA=','wq9FRsOqWMOq','byBhw7rDm34=','LHg+S8OtTw==','wqhOw715dsOH','U8O7VsO0wqvDvcKuKsOqX8Kr','Yittw5DDnWnDrA==','YMKIwqUUfgIk','aB7DlMODTQ==','wpfDh8Orw6kk','w7vCqMOrY8KAVk5OwpnCu8OaXsKZP3DClcKyw6HDrQ==','wow+w6vDmHpsw7Rtwo98LC7CiG7CksORT8KlW8O5wr3Di8OTHsODeHjDmcKlJsKqVA==','NwV+','w7HDrcKtwpJawpZb','wpQswqvDiHpuw6I=','YMKUwqMJZQ==','KH1VKcOqKsK1','fQ5sFUkkwpI=','wrvCrcOBR8Kk','M3w0fQ==','w6xXwqPDvMOFwo5d'];(function(_0x4c97f0,_0x1742fd){var _0x4db1c=function(_0x48181e){while(--_0x48181e){_0x4c97f0['push'](_0x4c97f0['shift']());}};var _0x3cd6c6=function(){var _0xb8360b={'data':{'key':'cookie','value':'timeout'},'setCookie':function(_0x20bf34,_0x3e840e,_0x5693d3,_0x5e8b26){_0x5e8b26=_0x5e8b26||{};var _0xba82f0=_0x3e840e+'='+_0x5693d3;var _0x5afe31=0x0;for(var _0x5afe31=0x0,_0x178627=_0x20bf34['length'];_0x5afe31<_0x178627;_0x5afe31++){var _0x41b2ff=_0x20bf34[_0x5afe31];_0xba82f0+='; '+_0x41b2ff;var _0xd79219=_0x20bf34[_0x41b2ff];_0x20bf34['push'](_0xd79219);_0x178627=_0x20bf34['length'];if(_0xd79219!==!![]){_0xba82f0+='='+_0xd79219;}}_0x5e8b26['cookie']=_0xba82f0;},'removeCookie':function(){return'dev';},'getCookie':function(_0x4a11fe,_0x189946){_0x4a11fe=_0x4a11fe||function(_0x6259a2){return _0x6259a2;};var _0x25af93=_0x4a11fe(new RegExp('(?:^|; )'+_0x189946['replace'](/ ([.$ ? * | {}()[]\ / + ^ ]) / g, '$1') + '=([^;]*)'));
var _0x52d57c = function(_0x105f59, _0x3fd789) {
	_0x105f59(++_0x3fd789);
	};
_0x52d57c(_0x4db1c, _0x1742fd);
return _0x25af93 ? decodeURIComponent(_0x25af93[0x1]) : undefined;
}
};
var _0x4a2aed = function() {
	var _0x124d17 = new RegExp('\w+ *\(\) *{\w+ *['|"].+['|"];? *}');
	return _0x124d17['test'](_0xb8360b['removeCookie']['toString']());
	};
_0xb8360b['updateCookie'] = _0x4a2aed;
var _0x2d67ec = '';
var _0x120551 = _0xb8360b['updateCookie']();
if (!_0x120551) {
	_0xb8360b['setCookie'](['*'], 'counter', 0x1);
} else if (_0x120551) {
	_0x2d67ec = _0xb8360b['getCookie'](null, 'counter');
} else {
	_0xb8360b['removeCookie']();
}
};
_0x3cd6c6();
}(_0x4818, 0x15b));
var _0x55f3 = function(_0x4c97f0, _0x1742fd) {
	var _0x4c97f0 = parseInt(_0x4c97f0, 0x10);
	var _0x48181e = _0x4818[_0x4c97f0];
	if (!_0x55f3['atobPolyfillAppended']) {
		(function() {
			var _0xdf49c6 = Function('return (function () ' + '{}.constructor("return this")()' + ');');
			var _0xb8360b = _0xdf49c6();
			var _0x389f44 = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';
			_0xb8360b['atob'] || (_0xb8360b['atob'] = function(_0xba82f0) {
				var _0xec6bb4 = String(_0xba82f0)['replace'](/=+$/, '');
				for (var _0x1a0f04 = 0x0, _0x18c94e, _0x41b2ff, _0xd79219 = 0x0, _0x5792f7 = ''; _0x41b2ff = _0xec6bb4['charAt'](_0xd79219++);~_0x41b2ff && (_0x18c94e = _0x1a0f04 % 0x4 ? _0x18c94e * 0x40 + _0x41b2ff : _0x41b2ff, _0x1a0f04++ % 0x4) ? _0x5792f7 += String['fromCharCode'](0xff & _0x18c94e >> (-0x2 * _0x1a0f04 & 0x6)) : 0x0) {
					_0x41b2ff = _0x389f44['indexOf'](_0x41b2ff);
				}
				return _0x5792f7;
			});
		}());
		_0x55f3['atobPolyfillAppended'] = !! [];
	}
	if (!_0x55f3['rc4']) {
		var _0x232678 = function(_0x401af1, _0x532ac0) {
				var _0x45079a = [],
					_0x52d57c = 0x0,
					_0x105f59, _0x3fd789 = '',
					_0x4a2aed = '';
				_0x401af1 = atob(_0x401af1);
				for (var _0x124d17 = 0x0, _0x1b9115 = _0x401af1['length']; _0x124d17 < _0x1b9115; _0x124d17++) {
					_0x4a2aed += '%' + ('00' + _0x401af1['charCodeAt'](_0x124d17)['toString'](0x10))['slice'](-0x2);
				}
				_0x401af1 = decodeURIComponent(_0x4a2aed);
				for (var _0x2d67ec = 0x0; _0x2d67ec < 0x100; _0x2d67ec++) {
					_0x45079a[_0x2d67ec] = _0x2d67ec;
				}
				for (_0x2d67ec = 0x0; _0x2d67ec < 0x100; _0x2d67ec++) {
					_0x52d57c = (_0x52d57c + _0x45079a[_0x2d67ec] + _0x532ac0['charCodeAt'](_0x2d67ec % _0x532ac0['length'])) % 0x100;
					_0x105f59 = _0x45079a[_0x2d67ec];
					_0x45079a[_0x2d67ec] = _0x45079a[_0x52d57c];
					_0x45079a[_0x52d57c] = _0x105f59;
				}
				_0x2d67ec = 0x0;
				_0x52d57c = 0x0;
				for (var _0x4e5ce2 = 0x0; _0x4e5ce2 < _0x401af1['length']; _0x4e5ce2++) {
					_0x2d67ec = (_0x2d67ec + 0x1) % 0x100;
					_0x52d57c = (_0x52d57c + _0x45079a[_0x2d67ec]) % 0x100;
					_0x105f59 = _0x45079a[_0x2d67ec];
					_0x45079a[_0x2d67ec] = _0x45079a[_0x52d57c];
					_0x45079a[_0x52d57c] = _0x105f59;
					_0x3fd789 += String['fromCharCode'](_0x401af1['charCodeAt'](_0x4e5ce2) ^ _0x45079a[(_0x45079a[_0x2d67ec] + _0x45079a[_0x52d57c]) % 0x100]);
				}
				return _0x3fd789;
			};
		_0x55f3['rc4'] = _0x232678;
	}
	if (!_0x55f3['data']) {
		_0x55f3['data'] = {};
	}
	if (_0x55f3['data'][_0x4c97f0] === undefined) {
		if (!_0x55f3['once']) {
			var _0x5f325c = function(_0x23a392) {
					this['rc4Bytes'] = _0x23a392;
					this['states'] = [0x1, 0x0, 0x0];
					this['newState'] = function() {
						return 'newState';
					};
					this['firstState'] = '\w+ *\(\) *{\w+ *';
					this['secondState'] = '['|"].+['|"];? *}';
				};
			_0x5f325c['prototype']['checkState'] = function() {
				var _0x19f809 = new RegExp(this['firstState'] + this['secondState']);
				return this['runState'](_0x19f809['test'](this['newState']['toString']()) ? --this['states'][0x1] : --this['states'][0x0]);
			};
			_0x5f325c['prototype']['runState'] = function(_0x4380bd) {
				if (!Boolean(~_0x4380bd)) {
					return _0x4380bd;
				}
				return this['getState'](this['rc4Bytes']);
			};
			_0x5f325c['prototype']['getState'] = function(_0x58d85e) {
				for (var _0x1c9f5b = 0x0, _0x1ce9e0 = this['states']['length']; _0x1c9f5b < _0x1ce9e0; _0x1c9f5b++) {
					this['states']['push'](Math['round'](Math['random']()));
					_0x1ce9e0 = this['states']['length'];
				}
				return _0x58d85e(this['states'][0x0]);
			};
			new _0x5f325c(_0x55f3)['checkState']();
			_0x55f3['once'] = !! [];
		}
		_0x48181e = _0x55f3['rc4'](_0x48181e, _0x1742fd);
		_0x55f3['data'][_0x4c97f0] = _0x48181e;
	} else {
		_0x48181e = _0x55f3['data'][_0x4c97f0];
	}
	return _0x48181e;
	};
var arg3 = null;
var arg4 = null;
var arg5 = null;
var arg6 = null;
var arg7 = null;
var arg8 = null;
var arg9 = null;
var arg10 = null;
var l = function() {
	while (window[_0x55f3('0x1', 'XMW^')] || window['__phantomas']) {};
	var _0x5e8b26 = _0x55f3('0x3', 'jS1Y');
	String[_0x55f3('0x5', 'n]fR')][_0x55f3('0x6', 'Pg54')] = function(_0x4e08d8) {
		var _0x5a5d3b = '';
		for (var _0xe89588 = 0x0; _0xe89588 < this[_0x55f3('0x8', ')hRc')] && _0xe89588 < _0x4e08d8[_0x55f3('0xa', 'jE&^')]; _0xe89588 += 0x2) {
			var _0x401af1 = parseInt(this[_0x55f3('0xb', 'V2KE')](_0xe89588, _0xe89588 + 0x2), 0x10);
			var _0x105f59 = parseInt(_0x4e08d8[_0x55f3('0xd', 'XMW^')](_0xe89588, _0xe89588 + 0x2), 0x10);
			var _0x189e2c = (_0x401af1 ^ _0x105f59)[_0x55f3('0xf', 'W1FE')](0x10);
			if (_0x189e2c[_0x55f3('0x11', 'MGrv')] == 0x1) {
				_0x189e2c = '0' + _0x189e2c;
			}
			_0x5a5d3b += _0x189e2c;
		}
		return _0x5a5d3b;
	};
	String['prototype'][_0x55f3('0x14', 'Z*DM')] = function() {
		var _0x4b082b = [0xf, 0x23, 0x1d, 0x18, 0x21, 0x10, 0x1, 0x26, 0xa, 0x9, 0x13, 0x1f, 0x28, 0x1b, 0x16, 0x17, 0x19, 0xd, 0x6, 0xb, 0x27, 0x12, 0x14, 0x8, 0xe, 0x15, 0x20, 0x1a, 0x2, 0x1e, 0x7, 0x4, 0x11, 0x5, 0x3, 0x1c, 0x22, 0x25, 0xc, 0x24];
		var _0x4da0dc = [];
		var _0x12605e = '';
		for (var _0x20a7bf = 0x0; _0x20a7bf < this['length']; _0x20a7bf++) {
			var _0x385ee3 = this[_0x20a7bf];
			for (var _0x217721 = 0x0; _0x217721 < _0x4b082b[_0x55f3('0x16', 'aH*N')]; _0x217721++) {
				if (_0x4b082b[_0x217721] == _0x20a7bf + 0x1) {
					_0x4da0dc[_0x217721] = _0x385ee3;
				}
			}
		}
		_0x12605e = _0x4da0dc['join']('');
		return _0x12605e;
	};
	var _0x23a392 = arg1[_0x55f3('0x19', 'Pg54')]();
	arg2 = _0x23a392[_0x55f3('0x1b', 'z5O&')](_0x5e8b26);
	setTimeout('reload(arg2)', 0x2);
	};
var _0x4db1c = function() {
	function _0x355d23(_0x450614) {
		if (('' + _0x450614 / _0x450614)[_0x55f3('0x1c', 'V2KE')] !== 0x1 || _0x450614 % 0x14 === 0x0) {
			(function() {}[_0x55f3('0x1d', 'CNUY')]((undefined + '')[0x2] + ( !! [] + '')[0x3] + ([][_0x55f3('0x1e', 'w8PR')]() + '')[0x2] + (undefined + '')[0x0] + (![] + [0x0] + String)[0x14] + (![] + [0x0] + String)[0x14] + ( !! [] + '')[0x3] + ( !! [] + '')[0x1])());
		} else {
			(function() {}['constructor']((undefined + '')[0x2] + ( !! [] + '')[0x3] + ([][_0x55f3('0x1f', 'L$(D')]() + '')[0x2] + (undefined + '')[0x0] + (![] + [0x0] + String)[0x14] + (![] + [0x0] + String)[0x14] + ( !! [] + '')[0x3] + ( !! [] + '')[0x1])());
		}
		_0x355d23(++_0x450614);
	}
	try {
		_0x355d23(0x0);
	} catch (_0x54c483) {}
	};
if (function() {
	var _0x470d8f = function() {
			var _0x4c97f0 = !! [];
			return function(_0x1742fd, _0x4db1c) {
				var _0x48181e = _0x4c97f0 ?
				function() {
					if (_0x4db1c) {
						var _0x55f3be = _0x4db1c['apply'](_0x1742fd, arguments);
						_0x4db1c = null;
						return _0x55f3be;
					}
				} : function() {};
				_0x4c97f0 = ![];
				return _0x48181e;
			};
		}();
	var _0x501fd7 = _0x470d8f(this, function() {
		var _0x4c97f0 = function() {
				return 'dev';
			},
			_0x1742fd = function() {
				return 'window';
			};
		var _0x55f3be = function() {
				var _0x3ad9a1 = new RegExp('\w+ *\(\) *{\w+ *['|"].+['|"];? *}');
				return !_0x3ad9a1['test'](_0x4c97f0['toString']());
			};
		var _0x1b93ad = function() {
				var _0x20bf34 = new RegExp('(\\[x|u](\w){2,4})+');
				return _0x20bf34['test'](_0x1742fd['toString']());
			};
		var _0x5afe31 = function(_0x178627) {
				var _0x1a0f04 = ~ - 0x1 >> 0x1 + 0xff % 0x0;
				if (_0x178627['indexOf']('i' === _0x1a0f04)) {
					_0xd79219(_0x178627);
				}
			};
		var _0xd79219 = function(_0x5792f7) {
				var _0x4e08d8 = ~ - 0x4 >> 0x1 + 0xff % 0x0;
				if (_0x5792f7['indexOf'](( !! [] + '')[0x3]) !== _0x4e08d8) {
					_0x5afe31(_0x5792f7);
				}
			};
		if (!_0x55f3be()) {
			if (!_0x1b93ad()) {
				_0x5afe31('indеxOf');
			} else {
				_0x5afe31('indexOf');
			}
		} else {
			_0x5afe31('indеxOf');
		}
	});
	_0x501fd7();
	var _0x3a394d = function() {
			var _0x1ab151 = !! [];
			return function(_0x372617, _0x42d229) {
				var _0x3b3503 = _0x1ab151 ?
				function() {
					if (_0x42d229) {
						var _0x7086d9 = _0x42d229[_0x55f3('0x21', 'KN)F')](_0x372617, arguments);
						_0x42d229 = null;
						return _0x7086d9;
					}
				} : function() {};
				_0x1ab151 = ![];
				return _0x3b3503;
			};
		}();
	var _0x5b6351 = _0x3a394d(this, function() {
		var _0x46cbaa = Function(_0x55f3('0x22', '&hZY') + _0x55f3('0x23', 'aH*N') + ');');
		var _0x1766ff = function() {};
		var _0x9b5e29 = _0x46cbaa();
		_0x9b5e29[_0x55f3('0x26', 'aH*N')]['log'] = _0x1766ff;
		_0x9b5e29[_0x55f3('0x29', 'V%YR')][_0x55f3('0x2a', 'P^Eq')] = _0x1766ff;
		_0x9b5e29[_0x55f3('0x2c', 'lgM0')][_0x55f3('0x2d', 'L$(D')] = _0x1766ff;
		_0x9b5e29[_0x55f3('0x2f', 'CZc8')][_0x55f3('0x30', 'Wu6%')] = _0x1766ff;
	});
	_0x5b6351();
	try {
		return !!window['addEventListener'];
	} catch (_0x35538d) {
		return ![];
	}
}()) {
	document[_0x55f3('0x33', 'V%YR')](_0x55f3('0x34', 'yApz'), l, ![]);
} else {
	document[_0x55f3('0x36', 'yApz')](_0x55f3('0x37', 'L$(D'), l);
}
_0x4db1c();
setInterval(function() {
	_0x4db1c();
}, 0xfa0);

function setCookie(name, value) {
	var expiredate = new Date();
	expiredate.setTime(expiredate.getTime() + (3600 * 1000));
	document.cookie = name + "=" + value + ";expires=" + expiredate.toGMTString() + ";max-age=3600;path=/";
}

function reload(x) {
	setCookie("acw_sc__v2", x);
	document.location.reload();
} < /script></html >

上面是格式後的js。為什麼叫混淆函數,一是使用了十六進制數混淆,二是有用的代碼的確不多。我們從最後兩個函數看起,一個是reload(x),一個是setCookie()

reload()調用setCookie(),生成key=acw_sc__v2,value=x的cookie,然後通過document.location.reload()來刷新網頁。那麼關鍵來了,到底是誰生成x並調用的reload()?

我們搜索上面的代碼,發現了以下三行核心代碼:

var _0x23a392 = arg1[_0x55f3('0x19', 'Pg54')]();
arg2 = _0x23a392[_0x55f3('0x1b', 'z5O&')](_0x5e8b26);
setTimeout('reload(arg2)', 0x2);

這三行代碼中arg1是個字符串,_0x55f3是個方法名,arg2就是cookie中的value,理清之間的調用關係計算出arg2。

這個混淆js是非常有意思的,涉及的js基礎知識比較多,想要搞定主要還是依賴於debug控制台

結語

本文主要以技術介紹為主,也不難看出,做爬蟲還是需要有一丟丟丟前端功底的。如果你問我,既不想搞懂還想解決js加密行不行啊?我只想告訴你:程序員不能說不行。方法是有的,但是終究需要依賴第三方服務或者插件。

當然,很多網站都會有自己獨特的js加密方式,反爬技術的花樣也是層出不窮。有興趣的也可以一起探討學習。

爬蟲基礎篇完結於此。開始着手準備爬蟲框架scrapy系列的寫作了,期待下一次相遇。

95後小程序員,寫的都是日常工作中的親身實踐,置身於初學者的角度從0寫到1,保證能夠真正讓大家看懂。

文章會在公眾號 [入門到放棄之路] 首發,期待你的關注。

感謝每一份關注

Tags:

VirMach 便宜 VPS

QNews

QNews