I always was curious how this type of obfuscation can be achieved in JavaScript and how it can be decoded (deobfuscated). Below is an example code:
var _0x4e9d=["\x66\x72\x6F\x6D\x43\x68\x61\x72\x43\x6F\x64\x65","\x77\x72\x69\x74\x65"];document[_0x4e9d[0x1]](String[_0x4e9d[0x0]](0x3c,0x62,0x75,0x74,0x74,0x6f,0x6e,0x20,0x6f,0x6e,0x63,0x6c,0x69,0x63,0x6b,0x3d,0x27,0x6a,0x61,0x76,0x61,0x73,0x63,0x72,0x69,0x70,0x74,0x3a,0x69,0x66,0x20,0x28,0x64,0x6f,0x63,0x75,0x6d,0x65,0x6e,0x74,0x2e,0x67,0x65,0x74,0x45,0x6c,0x65,0x6d,0x65,0x6e,0x74,0x42,0x79,0x49,0x64,0x28,0x22,0x70,0x61,0x73,0x73,0x22,0x29,0x2e,0x76,0x61,0x6c,0x75,0x65,0x3d,0x3d,0x22,0x6a,0x30,0x30,0x77,0x31,0x6e,0x22,0x29,0x7b,0x61,0x6c,0x65,0x72,0x74,0x28,0x22,0x59,0x6f,0x75,0x20,0x57,0x49,0x4e,0x21,0x22,0x29,0x3b,0x77,0x69,0x6e,0x64,0x6f,0x77,0x2e,0x6c,0x6f,0x63,0x61,0x74,0x69,0x6f,0x6e,0x20,0x2b,0x3d,0x20,0x22,0x3f,0x6c,0x76,0x6c,0x5f,0x70,0x61,0x73,0x73,0x77,0x6f,0x72,0x64,0x3d,0x22,0x2b,0x64,0x6f,0x63,0x75,0x6d,0x65,0x6e,0x74,0x2e,0x67,0x65,0x74,0x45,0x6c,0x65,0x6d,0x65,0x6e,0x74,0x42,0x79,0x49,0x64,0x28,0x22,0x70,0x61,0x73,0x73,0x22,0x29,0x2e,0x76,0x61,0x6c,0x75,0x65,0x7d,0x65,0x6c,0x73,0x65,0x20,0x7b,0x61,0x6c,0x65,0x72,0x74,0x28,0x22,0x57,0x52,0x4f,0x4e,0x47,0x21,0x20,0x54,0x72,0x79,0x20,0x61,0x67,0x61,0x69,0x6e,0x21,0x22,0x29,0x7d,0x27,0x3e,0x43,0x68,0x65,0x63,0x6b,0x20,0x50,0x61,0x73,0x73,0x77,0x6f,0x72,0x64,0x3c,0x2f,0x62,0x75,0x74,0x74,0x6f,0x6e,0x3e));
Addendum: Thank you for de-obfuscating it, but I'm only interested in how I can obfuscate my own code like this.
Note that in JavaScript, someobject["xyz"] is about the same as someobject.xyz.
First statement:
_0x4e9d is an array with two strings:
"fromCharCode""write"
Second statement decodes to document.write(String.fromCharCode(0x3c,0x62,...,0x3e)).
Finally, the string being written is this piece of HTML:
<button onclick='javascript:if (document.getElementById("pass").value=="j00w1n"){alert("You WIN!");window.location += "?lvl_password="+document.getElementById("pass").value}else {alert("WRONG! Try again!")}'>Check Password
Each \xnn is a character code as hexadecimal.
So \x63 will give you an 'a'
To do it to your own code you need to have something that will translate each character to it's hex code point:
var aAsHex = '\\x'+'a'.charCodeAt(0).toString(16)
Then copy and paste the output to a file.
var _0x4e9d = ["\x66\x72\x6F\x6D\x43\x68\x61\x72\x43\x6F\x64\x65", "\x77\x72\x69\x74\x65"];
is ["fromCharCode", "write"]
document[_0x4e9d[0x1]](String[_0x4e9d[0x0]]
is document.write(String.fromCharCode
String.fromCharCode(0x3c, 0x62, ...)
Is
<button
onclick='javascript:if (document.getElementById("pass").value=="j00w1n"){alert("You WIN!");window.location += "?lvl_password="+document.getElementById("pass").value}else {alert("WRONG! Try again!")}'
>
Check Password
</button>
The JavaScript in the onclick is
if (document.getElementById("pass").value=="j00w1n") {
alert("You WIN!");
window.location += "?lvl_password=" + document.getElementById("pass").value
} else {
alert("WRONG! Try again!")
}
PHP, assuming $string contains data. So you can obfuscate by running reverse process.
echo preg_replace('~((0|\\\)x([0-9a-f]+))~ei', 'chr(hexdec("\\1"))', $string);
You will get this...
var _�=["fromCharCode","write"];document[_�[]](String[_�[]](<,b,u,t,t,o,n, ,o,n,c,l,i,c,k,=,',j,a,v,a,s,c,r,i,p,t,:,i,f, ,(,d,o,c,u,m,e,n,t,.,g,e,t,E,l,e,m,e,n,t,B,y,I,d,(,",p,a,s,s,",),.,v,a,l,u,e,=,=,",j,0,0,w,1,n,",),{,a,l,e,r,t,(,",Y,o,u, ,W,I,N,!,",),;,w,i,n,d,o,w,.,l,o,c,a,t,i,o,n, ,+,=, ,",?,l,v,l,_,p,a,s,s,w,o,r,d,=,",+,d,o,c,u,m,e,n,t,.,g,e,t,E,l,e,m,e,n,t,B,y,I,d,(,",p,a,s,s,",),.,v,a,l,u,e,},e,l,s,e, ,{,a,l,e,r,t,(,",W,R,O,N,G,!, ,T,r,y, ,a,g,a,i,n,!,",),},',>,C,h,e,c,k, ,P,a,s,s,w,o,r,d,<,/,b,u,t,t,o,n,>));
Actually I have now figured out the real way to obfuscate the javascript like that, without having to make each character separately.
http://javascriptobfuscator.com/default.aspx
This is the obfuscator.
来源:https://stackoverflow.com/questions/6781899/how-does-this-kind-of-javascript-obfuscation-work