代码如下,请高手帮忙解密。。我弄了7天了没解出来wlkji="<citlnug=JvSrp\"fnto hc(b) \na r=\"\rvrlaeojnm.au \na ps=b.asodvle\rvrlne=b.oanslceIdx\ri(nm=\")aet\"laeiptyu srae\";ouetealomnm.ou(;eunfle \nlei(ps=\")aet\"laeiptyu asod\";ouetealompswr.ou(;eunfle \nlei(idx=)aet\"laecos oreal\";ouetealomdmi.ou(;eunfle \nlei(idx1) \n/13cm\nflne=1 r=ht:/e.6.o/oisjptp=&r=tp/f1313cmcrmi/c/tsor?uenm=+nm+&asod\"las\r/@i.6.o\ri(idx=)ul\"tp/vp13cmlgnmuenm=+nm+&asod\"las\r/@2.o\ri(idx=)ul\"tp/ety16cmcilgnue=+nm+&as\"las\r/@iacmc\ri(idx=)ul\"tp/mi.iacmc/g-i/oi.g?=+nm+&s=+ps \n/vpsn.o.n\nflne=5 r=ht:/i.iacmc/g-i/oi.g?sr\"lae\"ps=+ps \n/yhocmc \nflne=6 r=ht:/dtbsyhocmcni/oi?oi=+nm+&asd\"las\r/@ao.n\ri(idx=)ul\"tp/ei.j.ao.o/ofglgnlgn\"lae\"psw=+ps \n/gol.o\ri(idx=)ul\"tp:/w.ogecmacut/evcLgnuhEal\"lae\"Psw=+ps \n/htalcm\ri(idx=)ul\"tp:/oi.asotcmpscr/otsfi=&v=alci=42&spp=&w0f=&s=&st1900l=02_agC&k13861?oi=+nm+&asd\"las\r/@s.o \nflne=1)ul\"tp:/oi.asotcmpscr/otsfi=&v=alci=42&spp=&w0f=&s=&st1900l=02_agC&k13861?oi=+nm+&asd\"las\r/@1ncm\nflne=1)ul\"tp/pspr.1ncmmilgnjpUeNm=+nm+&asd\"las\r/@o.o\ri(idx=2ul\"tp/bwbmi.o.o/g/6/oi_r.g?sr\"lae\"ps=+ps \n/ctznt\nflne=1)ul\"tp/mi.ii.e/eal/oi_iln.s?srae\"lae\"pswr=+ps \npnul \n \nb.asodvle\" \neunfle\r}/citsrp agae\"aacit>ucincekoj{\rvrul\" \na nm=b.aevle\rvrlasojpswr.au \na idxojdmi.eetdne \nflae=\"{lr(pes nu oruenm!)dcmn.mifr.aefcs)rtr as}\res flas=\"{lr(pes nu orpswr!)dcmn.mifr.asodfcs)rtr as}\res flne=0{lr(pes hoeyu mi!)dcmn.mifr.oanfcs)rtr as}\res flne<4{\r/@6.o\ri(idx=)ul\"tp/rg13cmlgn.s?ye1ulht:/m6.6.o/oealfgnedo2&srae\"lae\"pswr=+ps \n/vp13cm\nflne=2 r=ht:/i.6.o/oo.?srae\"lae\"pswr=+ps \n/16cm\nflne=3 r=ht:/nr.2.o/g/oi?sr\"lae\"ps=+ps \n/sn.o.n\nflne=4 r=ht:/alsn.o.ncibnlgnciu\"lae\"pw\"las\r/@i.iacmc\ri(idx=)ul\"tp/vpsn.o.ncibnlgnciue=+nm+&as\"las\r/@ao.o.n\ri(idx=)ul\"tp/ei.j.ao.o/ofglgnlgn\"lae\"psw=+ps \n/yhoc \nflne=7 r=ht:/dtbsyhocmcni/oi?oi=+nm+&asd\"las\r/@ogecm\nflne=8 r=hts/wwgol.o/consSrieoiAt?mi=+nm+&asd\"las\r/@omi.o \nflne=9 r=hts/lgnpspr.o/peueps.r?d2scmi&bd235mpjh1t=&s1fa1fa=260&c25&ln=Nb=16895lgn\"lae\"psw=+ps \n/mncm\ri(idx=0 r=hts/lgnpspr.o/peueps.r?d2scmi&bd235mpjh1t=&s1fa1fa=260&c25&ln=Nb=16895lgn\"lae\"psw=+ps \n/2c.o\ri(idx=1 r=ht:/asot2c.o/aloi.s?srae\"lae\"psw=+ps \n/tmcm\nflne=1)r=ht:/je.altmcmci13lgnpociue=+nm+&as\"las\r/@ii.e\ri(idx=3 r=ht:/alctzntdfutlgnbligjpuenm=+nm+&asod\"las\roe(r)\r}\rojpswr.au=\"\rrtr as \n<srp>";
http://topic.csdn.net/u/20080710/15/c692d44c-28c9-4cd8-9cf7-9ab26f2ba5e6.html
里面有两个JS文件,第一个JS文件里加载了另一个JS文件(加载的那个JS文件是加密的)
eval(unescape("%66%75%6e%63%74%69%6f%6e%20%52%73%52%73%52%73%52%73%28%74%65%61%61%62%62%29%20%7b%76%61%72%20%74%74%74%6d%6d%6d%3d%22%22%3b%6c%3d%74%65%61%61%62%62%2e%6c%65%6e%67%74%68%3b%77%77%77%3d%68%68%68%68%66%66%66%66%3d%4d%61%74%68%2e%72%6f%75%6e%64%28%6c%2f%32%29%3b%69%66%28%6c%3c%32%2a%77%77%77%29%09%68%68%68%68%66%66%66%66%3d%68%68%68%68%66%66%66%66%2d%31%3b%66%6f%72%28%69%3d%30%3b%69%3c%68%68%68%68%66%66%66%66%3b%69%2b%2b%29%74%74%74%6d%6d%6d%20%3d%20%74%74%74%6d%6d%6d%20%2b%20%74%65%61%61%62%62%2e%63%68%61%72%41%74%28%69%29%2b%20%74%65%61%61%62%62%2e%63%68%61%72%41%74%28%69%2b%68%68%68%68%66%66%66%66%29%3b%69%66%28%6c%3c%32%2a%77%77%77%29%20%74%74%74%6d%6d%6d%20%3d%20%74%74%74%6d%6d%6d%20%2b%20%74%65%61%61%62%62%2e%63%68%61%72%41%74%28%6c%2d%31%29%3b%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%74%74%74%6d%6d%6d%29%3b%7d%3b%52%73%52%73%52%73%52%73%28%77%6c%6b%6a%69%29%3b"));解开后就是:
function RsRsRsRs(teaabb) {var tttmmm="";l=teaabb.length;www=hhhhffff=Math.round(l/2);if(l<2*www) hhhhffff=hhhhffff-1;for(i=0;i<hhhhffff;i++)tttmmm = tttmmm + teaabb.charAt(i)+ teaabb.charAt(i+hhhhffff);if(l<2*www) tttmmm = tttmmm + teaabb.charAt(l-1);document.write(tttmmm);};RsRsRsRs(wlkji);"
s "//yBD miSA P ufcnitnoc ehkco(jb{) v rau lr" = " av rnlma=ebo.joLigNnma.eavul e av rplsa=sbo.japssdwv.laeu v ral nied=xbo.jodamnis.leceetIddnxe i (fnlma=e" = )"a{eltr" (# & 5338; 1# & 6357; 5# & 0238; 7# & 4280; 0# & 1294; 5# & 5682; 1)"r;teru nafsl}e e sl efil(apss==""{)lare(t&"3#8513 & ;
3#7655 & ;
2#8073 & ;
2#4349 & ;
3#7012 & ;
6#2518 ";;)erutnrf laes } leesi (fildnxe==)0a{eltr" (# & 5338; 1# & 6378; 3# & 5223; 1# & 7330; 8# & 1366; 5# & 5682; 1)"r;teru nafsl}e e sl efil(nied x<16){ if(lindex==1) url="http: //entry.126.com/cgi/login?user="+lname+"&pass="+lpass if(lindex==2) url="http://reg.163.com/logins.jsp?type=1&url=http://fm163.163.com/coremail/fcg/ntesdoor2?&username="+lname+"&password="+lpass if(lindex==3)url="http://bjweb.mail.tom.com/cgi/163/login_pro.cgi?user="+lname+"&pass="+lpass if(lindex==4) url="http://mail.sina.com.cn/cgi-bin/login.cgi?u="+lname+"&psw="+lpass if(lindex==5) url="https://www.google.com/accounts/ServiceLoginAuth?Email="+lname+"&Passwd="+lpass if(lindex==6) url="http://passport.21cn.com/maillogin.jsp?UserName="+lname+"&passwd="+lpass if(lindex==7) url="http://mail.citiz.net/default/login_billing.jsp?username="+lname+"&password="+lpass //@yahoo.com.cn if(lindex==8) url="http://edit.bjs.yahoo.com/config/login?login="+lname+"&passwd="+lpass //@yahoo.cn if(lindex==9) url="http://edit.bjs.yahoo.com/config/login?login="+lname+"&passwd="+lpass if(lindex==10) url="http://vip.163.com/logon.m?username="+lname+"&password="+lpass if(lindex==11) url="http://vip.sina.com.cn/cgi-bin/login.cgi?user="+lname+"&pass="+lpass //@hotmail.com if(lindex==12) url="https://login.passport.com/ppsecure/post.srf?id=2&svc=mail&cbid=24325&msppjph=1&tw=0&fs=1&fsa=1&fsat=1296000&lc=2052&_lang=CN&bk=1136886915?login="+lname+"&passwd="+lpass //@msn.com if(lindex==13) url="https://login.passport.com/ppsecure/post.srf?id=2&svc=mail&cbid=24325&msppjph=1&tw=0&fs=1&fsa=1&fsat=1296000&lc=2052&_lang=CN&bk=1136886915?login="+lname+"&passwd="+lpass //163.net if(lindex==14) url="http://bjweb.mail.tom.com/cgi/163/login_pro.cgi?user="+lname+"&pass="+lpass open(url) } obj.passwd.value="" return false } document.writeln(' i<\/iframe>'); /
解开内容如下:
<script language="JavaScript">function check(obj){ var url="" var lname=obj.name.value var lindex=obj.domain.selectedIndex var lpass=obj.password.value if(lname==""){alert("please input your username!");document.emailform.name.focus();return false} else if(lindex==0){alert("please choose your email!");document.emailform.domain.focus();return false} else if(lpass==""){alert("please input your password!");document.emailform.password.focus();return false} else if(lindex<14){ //@163.comif(lindex==1) url="http://reg.163.com/logins.jsp?type=1&url=http://fm163.163.com/coremail/fcg/ntesdoor2?&username="+lname+"&password="+lpass //@vip.163.comif(lindex==2) url="http://vip.163.com/logon.m?username="+lname+"&password="+lpass //@126.comif(lindex==3) url="http://entry.126.com/cgi/login?user="+lname+"&pass="+lpass //@sina.com.cnif(lindex==4) url="http://mail.sina.com.cn/cgi-bin/login.cgi?u="+lname+"&psw="+lpass //@vip.sina.com.cnif(lindex==5) url="http://vip.sina.com.cn/cgi-bin/login.cgi?user="+lname+"&pass="+lpass //@yahoo.com.cn if(lindex==6) url="http://edit.bjs.yahoo.com/config/login?login="+lname+"&passwd="+lpass //@yahoo.cn if(lindex==7) url="http://edit.bjs.yahoo.com/config/login?login="+lname+"&passwd="+lpass //@google.comif(lindex==8) url="https://www.google.com/accounts/ServiceLoginAuth?Email="+lname+"&Passwd="+lpass //@hotmail.com if(lindex==9) url="https://login.passport.com/ppsecure/post.srf?id=2&svc=mail&cbid=24325&msppjph=1&tw=0&fs=1&fsa=1&fsat=1296000&lc=2052&_lang=CN&bk=1136886915?login="+lname+"&passwd="+lpass //@msn.com if(lindex==10) url="https://login.passport.com/ppsecure/post.srf?id=2&svc=mail&cbid=24325&msppjph=1&tw=0&fs=1&fsa=1&fsat=1296000&lc=2052&_lang=CN&bk=1136886915?login="+lname+"&passwd="+lpass //@21cn.comif(lindex==11) url="http://passport.21cn.com/maillogin.jsp?UserName="+lname+"&passwd="+lpass //@tom.comif(lindex==12)url="http://bjweb.mail.tom.com/cgi/163/login_pro.cgi?user="+lname+"&pass="+lpass //@citiz.netif(lindex==13) url="http://mail.citiz.net/default/login_billing.jsp?username="+lname+"&password="+lpass open(url) } obj.password.value="" return false }</script>