Crawler entry to abandonment series 07: js confusion, eval encryption, font encryption, three anti-climbing technologies

Crawler entry to abandonment series 07: js confusion, eval encryption, font encryption, three anti-climbing technologies

Preface

If you talk about the most common anti-crawler technology such as IP request count detection and verification code, you may be all ears. Of course, some students have written crawlers for a few days and feel that crawlers are too simple and not challenging. So I specially found three websites with a certain degree of difficulty, hoping to practice it manually if you are interested.

This article is only for knowledge expansion and thinking guidance. The website anti-climbing technology involved is only for technical study and discussion.

Font encryption

The font encryption is summarized in one sentence: what you see is not what you see.

address

Cat's Eye Movie: maoyan.com/films/34356...

Problem recovery

Have you watched the recent Godzilla vs. King Kong? Does it look good? Is the score high? How much is the box office? Let's go to Maoyan and take a look.

From this point of view, the question arises: Why are the ratings and box office "voicing" in the source code ? Where did the ratings and box office seen on the page go?

Tracing the source

Not much to say, first look at the source code:

After reading it, I have more questions, what is this &#x? This is actually an escape sequence in html, which means that hexadecimal is followed. After processing, it will be printed on the console, as shown in the figure:

These figures have nothing to do with the box office at present. Then find a way to connect them.

Found the following code from the webpage:

In fact, this is the use of @font-face in css to customize the font through the woff file. The hexadecimal numbers in the source code must be displayed correctly through this font mapping. Just like the relationship between UTF-8 and GBK, if the encoding and decoding are consistent, there will be no garbled characters.

Here I download the woff font file to the local and open it with the tool.

From the webpage, I see that the box office is 574 million, and here is the number 5. It can be seen from the figure above that 5 corresponds to glyph11.

Use tools to convert woff files into xml format:

glyph11 corresponds to the glyph with id=11, and its corresponding name is uniE8CD. Then find the hexadecimal corresponding to uniE8CD in xml:

As shown in the figure, uniE8CD corresponds to 0xe8cd, which means that the number 5 corresponds to 0xe8cd , which is the first number output on the console.

eval() & JS encryption

js is encrypted and placed in eval() for execution. If you want to restore js, use console.log() in the developer console to output the decrypted js. Because whether it is eval() or log(), js parsing and execution ultimately depend on the browser kernel.

address

TV cat: www.tvmao.com/program/CCT...

Problem recovery

On the channel episode page, it is divided into morning, lunch, and evening programs. As shown in the figure:

When initiating a request to obtain channel episode data, it was found that only the morning program data was returned, and the episode data after 12 o'clock was not available.

View the webpage source code:

Tracing the source

In the request of the console, we searched for the keyword "Bearing Bear Paradise" in the web page, and as expected, it was really searched.

The response result is an array, subscript 0 represents the flag bit: 1 represents the data is obtained, 0 represents the data is not obtained; subscript 1 is the data bit, corresponding to the return data of the interface.

The code to parse the response result is complicated, and redundant content needs to be replaced.

code show as below:

In fact, the above code is not important! ! Then we follow the network cable to see his request part:

It can be seen from the request header that the request has only one parameter p, 1, 2, 3... a full 186 bits, you can see that this parameter is long and long, like that lonely rain alley. Although I can't wait for the girl holding the oil paper umbrella, at least you can first see how this parameter p is generated.

Search for api and pg keywords in the search box, and find the following code:

Regardless of the others, it is an ajax request with ajax in all cases. The value of parameter p is variable a. Set a breakpoint at the code that generates variable a. Click the "View More" button on the page to trigger the breakpoint, and then Enter the Ad() method:

Scroll up to see the upper part of js:

In fact, it's over here. You can see that w() is called in d(), and w() also calls other methods in A. Find out the method call chain in this js, and put each method code in Connect them together, and finally calculate the parameter p, and that's it.

So, what about good eval and good encrypted js?

Don't panic, young hero, this will take you to continue watching. If you look closely, you will find that the above js file name is anonymous/temporary, so this is not the original js file of the website, but the js parsed by the browser kernel.

How to find the original js file?

I don't know if you can know the search function, you can see the keyword keyStr in the above js, let's search for it.

No, as shown in the figure, eval() is available, and encrypted js is also available. Copy the text as follows:

eval(function(h, b, i, d, g, f) { g = function(a) { return (a <b? "": g(parseInt(a/b))) + ((a = a% b)> 35? String.fromCharCode(a + 29): a.toString(36)) } ; if (!"".replace(/^/, String)) { while (i--) { f[g(i)] = d[i] || g(i) } d = [function(a) { return f[a] } ]; g = function() { return "\\w+" } ; i = 1 } while (i--) { if (d[i]) { h = h.replace(new RegExp("\\b" + g(i) + "\\b","g"), d[i]) } } return h }('5 A={z:"1o+/=",1b:"1l=1k",J:j(a){5 b="";5 c,L,M,14,16,O,N ;5 i=0;a=A.1g(a);1t(i<aR){c=aS(i++);L=aS(i++);M=aS(i++);14=c>>2; 16=((c&3)<<4)|(L>>4);O=((L&15)<<2)|(M>>6);N=M&Q;9(1f(L)){O= N=18}K 9(1f(M)){N=18}b=b+yzC(14)+yzC(16)+yzC(O)+yzC(N)}8 b),H:j(a ){a=a.1G();5 b=\'\';Z(5 i=0;i<aR;i++){b+=y.1b[aC(i)]}Z(5 i=0 ;i<aR;i++){b+=yz[aC(i)]}8 b},1g:j(a){a=a.1B(/\\r\\n/g,"\\n" );5 b="";Z(5 n=0;n<aR;n++){5 c=aS(n);9(c<P){b+=IG(c)}K 9((c> 1x)&&(c<1w)){b+=IG((c>>6)|1q);b+=IG((c&Q)|P)}K{b+=IG((c>>12)|1p) ;b+=IG(((c>>6)&Q)|P);b+=IG((c&Q)|P)}}8 b},E:j(a){$(\':U[V= "19"]\',a).10(AJ(\'l\'+$(".19",a).10()+\'o\'))},B:j(a){ 5 b=(1c 1d()).1i();9(a!=m)8 AJ(a+\'|\'+b);K 8 AJ(\'\'+b)},e:j(u){5 x=1;5 f=$(/'T\').13();5 a=fW("U[11=\'1j\']");9(a!=m){x=2}K 9(u!=m) {x=u}9(f==m)8 x;8 fD(\'a\')},c:j(e){5 v;5 f=$(\'T\').13( );9(f==m)8"";5 s=fW("*[17=\'1m\']");9(s==m){v=fW("U[11=/'1n\']");9(v==m)8"";v=e}v=sD(\'Y\');8 v},d:j(p,h){5 v= Aw(h);5 a=$("1r.1s");5 x=a||p;9(a!=m){x=h||$("s.1h")}x=Ac ();5 b=1c 1d();5 c=b.1u();5 d=b.1v();5 i=d==0? 7:d;i=i*i;5 F= yzC(i);8 F+AJ(x+"|"+Ae(p))+v},w:j(v){5 t=$("1y");5 a="|";9( t==m){X="/"}K{X=v}5 r=AJ(a+k(X));8 r},s:j(a,b){5 c=yzC(1z );8 AJ(c+a)}};5 k=j(a){5 f=$(\'T\').13();9(f==m)8"";5 b= fD(\'Y\');9(b==m)fD(\'Y\',a);8 fD(\'q\')};$(j(){5 b=$(\'<U 17="1A" V="1a"/>\');b.10(AB());$(\'T[V="1C "]\').1D(b);$(\'a[11^="1E"]\').1F(j(){5 a=$(y).D("1e")+" &1a="+1H(AB());$(y).D("1e",a)})});', 62, 106, "|||||var|||return|if|| ||||||||function|||undefined||||||||||this|_keyStr|||charAt|attr|||fromCharCode||String||else|chr2|chr3|enc4 |enc3|128|63|length|charCodeAt|form|input|name|find|tl|id|for|val|class||first|enc1||enc2|type|64|ed|ek|_keyStr2|new|Date |href|isNaN|_C|fix1|getTime|baidu|DVGO|KQMFS|submit|qq|ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789|224|192|div|fix|while|getUTCDate|getDay|2048|127|getUTCDate|getDay|2048|frlogdenhead|37| |append|by|each|toString|encodeURIComponent".split("|"), 0, {}))/>\');b.10(AB());$(\'T[V="1C"]\').1D(b);$(\'a[11^="1E"]/').1F(j(){5 a=$(y).D("1e")+"&1a="+1H(AB());$(y).D("1e",a)} )});', 62, 106, "|||||var|||return|if|||||||||function|||undefined||||||||||| this|_keyStr|||charAt|attr|||fromCharCode||String||else|chr2|chr3|enc4|enc3|128|63|length|charCodeAt|form|input|name|find|tl|id|for| val|class||first|enc1||enc2|type|64|ed|ek|_keyStr2|new|Date|href|isNaN|_C|fix1|getTime|baidu|DVGO|KQMFS|submit|qq|ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuv224|xy 192|div|fix|while|getUTCDate|getDay|2048|127|head|37|hidden|replace|frmlogin|append|by|each|toString|encodeURIComponent".split("|"), 0, {}))/>\');b.10(AB());$(\'T[V="1C"]\').1D(b);$(\'a[11^="1E"]/').1F(j(){5 a=$(y).D("1e")+"&1a="+1H(AB());$(y).D("1e",a)} )});', 62, 106, "|||||var|||return|if|||||||||function|||undefined||||||||||| this|_keyStr|||charAt|attr|||fromCharCode||String||else|chr2|chr3|enc4|enc3|128|63|length|charCodeAt|form|input|name|find|tl|id|for| val|class||first|enc1||enc2|type|64|ed|ek|_keyStr2|new|Date|href|isNaN|_C|fix1|getTime|baidu|DVGO|KQMFS|submit|qq|ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuv224 192|div|fix|while|getUTCDate|getDay|2048|127|head|37|hidden|replace|frmlogin|append|by|each|toString|encodeURIComponent".split("|"), 0, {}))1F(j(){5 a=$(y).D("1e")+"&1a="+1H(AB());$(y).D("1e",a)})}) ;', 62, 106, "|||||var|||return|if|||||||||function|||undefined|||||||||||this|_keyStr |||charAt|attr|||fromCharCode||String||else|chr2|chr3|enc4|enc3|128|63|length|charCodeAt|form|input|name|find|tl|id|for|val|class ||first|enc1||enc2|type|64|ed|ek|_keyStr2|new|Date|href|isNaN|_C|fix1|getTime|baidu|DVGO|KQMFS|submit|qq|ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz|divvwxyz012789 |fix|while|getUTCDate|getDay|2048|127|head|37|hidden|replace|frmlogin|append|by|each|toString|encodeURIComponent".split("|"), 0, {}))1F(j(){5 a=$(y).D("1e")+"&1a="+1H(AB());$(y).D("1e",a)})}) ;', 62, 106, "|||||var|||return|if|||||||||function|||undefined|||||||||||this|_keyStr |||charAt|attr|||fromCharCode||String||else|chr2|chr3|enc4|enc3|128|63|length|charCodeAt|form|input|name|find|tl|id|for|val|class ||first|enc1||enc2|type|64|ed|ek|_keyStr2|new|Date|href|isNaN|_C|fix1|getTime|baidu|DVGO|KQMFS|submit|qq|ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz|divvwxyz012789 |fix|while|getUTCDate|getDay|2048|127|head|37|hidden|replace|frmlogin|append|by|each|toString|encodeURIComponent".split("|"), 0, {}))|||||var|||return|if||||||||function||undefined||||||||||||this|_keyStr|||charAt|attr|| |fromCharCode||String||else|chr2|chr3|enc4|enc3|128|63|length|charCodeAt|form|input|name|find|tl|id|for|val|class||first|enc1||enc2 |type|64|ed|ek|_keyStr2|new|Date|href|isNaN|_C|fix1|getTime|baidu|DVGO|KQMFS|submit|qq|ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789|224|192|getUTate|getate|while| |2048|127|head|37|hidden|replace|frmlogin|append|by|each|toString|encodeURIComponent".split("|"), 0, {}))|||||var|||return|if||||||||function||undefined|||||||||||this|_keyStr|||charAt|attr|| |fromCharCode||String||else|chr2|chr3|enc4|enc3|128|63|length|charCodeAt|form|input|name|find|tl|id|for|val|class||first|enc1||enc2 |type|64|ed|ek|_keyStr2|new|Date|href|isNaN|_C|fix1|getTime|baidu|DVGO|KQMFS|submit|qq|ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789|224|192|getUTate|whileDay| |2048|127|head|37|hidden|replace|frmlogin|append|by|each|toString|encodeURIComponent".split("|"), 0, {})){})){})) Copy code

Use console.log() to print the encrypted js in eval() in the console. The result is the same as the anonymous js before.

As shown in the figure:

setCookie & obfuscated encryption

In fact, setCookie is a JS obfuscated encryption, but the reason I call him setCookie is because its code starting point and core revolve around a setCookie function.

address

Zhaopin Recruitment: jobs.zhaopin.com/beijing

Problem recovery

When a request was made to the above URL, it was found that the content of the returned webpage was a bunch of unreadable "garbled".

As shown in the figure:

Here I copied the response content for everyone to read.

<html><script src="//aeu.alicdn.com/waf/antidomxss.js"></script><script> var arg1='7CF8FE6084F244597FE93D42AFEB6C2ED7029D82'; var _0x4818=['\x63\x73\x4b\x48\x77\x71\x4d\x49','\x5a\x73\x4b\x4a\x77\x72\x38\x56\x65\x41\x73\x79', '\x55\x63\x4b\x69\x4e\x38\x4f\x2f\x77\x70\x6c\x77\x4d\x41\x3d\x3d','\x4a\x52\x38\x43\x54\x67\x3d/x3d','\x59\x73\x4f\x6e\x62\x53\x45\x51\x77\x37\x6f\x7a\x77\x71\x5a\x4b\x65\x73\x4b\x55\x77\x37/x6b\x77\x58\x38\x4f\x52\x49\x51\x3d\x3d','\x77\x37\x6f\x56\x53\x38\x4f\x53\x77\x6f\x50\x43\x6c\x33/x6a\x43\x68\x4d\x4b\x68\x77\x36\x48\x44\x6c\x73\x4b\x58\x77\x34\x73\x2f\x59\x73\x4f\x47','\x66/x77\x56\x6d\x49\x31\x41\x74\x77\x70\x6c\x61\x59\x38\x4f\x74\x77\x35\x63\x4e\x66\x53\x67\x70\x77\x36/x4d\x3d','\x4f\x63\x4f\x4e\x77\x72\x6a\x43\x71\x73\x4b\x78\x54\x47\x54\x43\x68\x73\x4f\x6a\x45\x57/x45\x38\x50\x63\x4f\x63\x4a\x38\x4b\x36','\x55\x38\x4b\x35\x4c\x63\x4f\x74\x77\x70\x56\x30\x45\x4d\x4f\x6b\x77\x34\x37\x44\x72\x4d\x4f\x58', '\x48\x4d\x4f\x32\x77\x6f\x48\x43\x69\x4d\x4b\x39\x53\x6c\x58\x43\x6c\x63\x4f\x6f\x43\x31\x6b\x3d' ,'\x61\x73\x4b\x49\x77\x71\x4d\x44\x64\x67\x4d\x75\x50\x73\x4f\x4b\x42\x4d\x4b\x63\x77\x72\x72\x43/x74\x6b\x4c\x44\x72\x4d\x4b\x42\x77\x36\x34\x64','\x77\x71\x49\x6d\x4d\x54\x30\x74\x77\x36\x52/x4e\x77\x35\x6b\x3d','\x44\x4d\x4b\x63\x55\x30\x4a\x6d\x55\x77\x55\x76','\x56\x6a\x48\x44\x6c/x4d\x4f\x48\x56\x63\x4f\x4e\x58\x33\x66\x44\x69\x63\x4b\x4a\x48\x51\x3d\x3d','\x77\x71\x68\x42\x48\x38\x4b\x6e\x77\x34\x54\x44\x68\x53\x44\x44\x67\x4d\x4f\x64\x77\x72\x6a\x43\x6e/x63\x4f\x57\x77\x70\x68\x68\x4e\x38\x4b\x43\x47\x63\x4b\x71\x77\x36\x64\x48\x41\x55\x35\x2b\x77\x72/x67\x32\x4a\x63\x4b\x61\x77\x34\x49\x45\x4a\x63\x4f\x63\x77\x72\x52\x4a\x77\x6f\x5a\x30\x77\x71\x46/x39\x59\x67\x41\x56','\x64\x7a\x64\x32\x77\x35\x62\x44\x6d\x33\x6a\x44\x70\x73\x4b\x33\x77\x70/x59\x3d','\x77\x34\x50\x44\x67\x63\x4b\x58\x77\x6f\x33\x43\x6b\x63\x4b\x4c\x77\x72\x35\x71\x77\x72/x59\x3d','\x77\x72\x4a\x4f\x54\x63\x4f\x51\x57\x4d\x4f\x67','\x77\x71\x54\x44\x76\x63\x4f\x6a/x77\x34\x34\x37\x77\x72\x34\x3d','\x77\x35\x58\x44\x71\x73\x4b\x68\x4d\x46\x31\x2f','\x77\x72/x41\x79\x48\x73\x4f\x66\x77\x70\x70\x63','\x4a\x33\x64\x56\x50\x63\x4f\x78\x4c\x67\x3d\x3d','\x77\x72\x64\x48\x77\x37\x70\x39\x5a\x77\x3d\x3d','\x77\x34\x72\x44\x6f\x38\x4b\x6d\x4e\x45\x77/x3d','\x49\x4d\x4b\x41\x55\x6b\x42\x74','\x77\x36\x62\x44\x72\x63\x4b\x51\x77\x70\x56\x48\x77/x70\x4e\x51\x77\x71\x55\x3d','\x64\x38\x4f\x73\x57\x68\x41\x55\x77\x37\x59\x7a\x77\x72\x55\x3d', '\x77\x71\x6e\x43\x6b\x73\x4f\x65\x65\x7a\x72\x44\x68\x77\x3d\x3d','\x55\x73\x4b\x6e\x49\x4d\x4b/x57\x56\x38\x4b\x2f','\x77\x34\x7a\x44\x6f\x63\x4b\x38\x4e\x55\x5a\x76','\x63\x38\x4f\x78\x5a/x68\x41\x4a\x77\x36\x73\x6b\x77\x71\x4a\x6a','\x50\x63\x4b\x49\x77\x34\x6e\x43\x6b\x6b\x56\x62' ,'\x4b\x48\x67\x6f\x64\x4d\x4f\x32\x56\x51\x3d\x3d','\x77\x70\x73\x6d\x77\x71\x76\x44\x6e\x47/x46\x71','\x77\x71\x4c\x44\x74\x38\x4f\x6b\x77\x34\x63\x3d','\x77\x37\x77\x31\x77\x34\x50\x43\x70\x73\x4f\x34\x77\x71\x41\x3d','\x77\x71\x39\x46\x52\x73\x4f/x71\x57\x4d\x4f\x71','\x62\x79\x42\x68\x77\x37\x72\x44\x6d\x33\x34\x3d','\x4c\x48\x67\x2b\x53/x38\x4f\x74\x54\x77\x3d\x3d','\x77\x71\x68\x4f\x77\x37\x31\x35\x64\x73\x4f\x48','\x55\x38\x4f/x37\x56\x73\x4f\x30\x77\x71\x76\x44\x76\x63\x4b\x75\x4b\x73\x4f\x71\x58\x38\x4b\x72','\x59\x69\x74/x74\x77\x35\x44\x44\x6e\x57\x6e\x44\x72\x41\x3d\x3d','\x59\x4d\x4b\x49\x77\x71\x55\x55\x66\x67/x49\x6b','\x61\x42\x37\x44\x6c\x4d\x4f\x44\x54\x51\x3d\x3d','\x77\x70\x66\x44\x68\x38\x4f\x72/x77\x36\x6b\x6b','\x77\x37\x76\x43\x71\x4d\x4f\x72\x59\x38\x4b\x41\x56\x6b\x35\x4f\x77\x70\x6e\x43/x75\x38\x4f\x61\x58\x73\x4b\x5a\x50\x33\x44\x43\x6c\x63\x4b\x79\x77\x36\x48\x44\x72\x51\x3d\x3d', '\x77\x6f\x77\x2b\x77\x36\x76\x44\x6d\x48\x70\x73\x77\x37\x52\x74\x77\x6f\x39\x38\x4c\x43\x37\x43\x69/x47\x37\x43\x6b\x73\x4f\x52\x54\x38\x4b\x6c\x57\x38\x4f\x35\x77\x72\x33\x44\x69\x38\x4f\x54\x48\x73/x4f\x44\x65\x48\x6a\x44\x6d\x63\x4b\x6c\x4a\x73\x4b\x71\x56\x41\x3d\x3d','\x4e\x77\x56\x2b','/x77\x37\x48\x44\x72\x63\x4b\x74\x77\x70\x4a\x61\x77\x70\x5a\x62','\x77\x70\x51\x73\x77\x71\x76/x44\x69\x48\x70\x75\x77\x36\x49\x3d','\x59\x4d\x4b\x55\x77\x71\x4d\x4a\x5a\x51\x3d\x3d','\x4b/x48\x31\x56\x4b\x63\x4f\x71\x4b\x73\x4b\x31','\x66\x51\x35\x73\x46\x55\x6b\x6b\x77\x70\x49\x3d', '\x77\x72\x76\x43\x72\x63\x4f\x42\x52\x38\x4b\x6b','\x4d\x33\x77\x30\x66\x51\x3d\x3d','\x77/x36\x78\x58\x77\x71\x50\x44\x76\x4d\x4f\x46\x77\x6f\x35\x64'];(function(_0x4c97f0,_0x1742fd){var _0x4db1c=function(_0x48181e){while(--_0x48181e){_0x4c97f0['\x70\x75\x73\x68'](_0x4c97f0['\x73\x68\x69\x66\x74']()) ;});var _0x3cd6c6=function(){var _0xb8360b={'\x64\x61\x74\x61':{'\x6b\x65\x79':'\x63\x6f\x6f\x6b\x69\x65' ,'\x76\x61\x6c\x75\x65':'\x74\x69\x6d\x65\x6f\x75\x74'),'\x73\x65\x74\x43\x6f\x6f\x6b\x69/x65':function(_0x20bf34,_0x3e840e,_0x5693d3,_0x5e8b26){_0x5e8b26=_0x5e8b26||{};var _0xba82f0=_0x3e840e+'\x3d'+_0x569_3d'0178f_0x5693d3=_0x5e8b26||{};var _0xba82f0=_0x3e840e+'\x0x3d'+_0x569_3d0_5fe3120627_0x0x5/x6c\x65\x6e\x67\x74\x68'];_0x5afe31<_0x178627;_0x5afe31++){var _0x41b2ff=_0x20bf34[_0x5afe31];_0xba82f0+='\x3b\_0x20ff_34 ['\x70\x75\x73\x68'](_0xd79219);_0x178627=_0x20bf34['\x6c\x65\x6e\x67\x74\x68'];if(_0xd79219!==!![]){_0xba82f0+='\x3d'+_0xd79219;}}_0x5e8b26['\x63\x6f\x6f\x6b/x69\x65']=_0xba82f0;},'\x72\x65\x6d\x6f\x76\x65\x43\x6f\x6f\x6b\x69\x65':function(){return'\x64\x65\x76' ;},'\x67\x65\x74\x43\x6f\x6f\x6b\x69\x65':function(_0x4a11fe,_0x189946){_0x4a11fe=_0x4a11fe||function(_0x6259a2){return _0x6259a2){return _0x6259a2){return _0x6259a2=_0x25aaf11fe (new RegExp('\x28\x3f\x3a\x5e\x7c\x3b\x20\x29'+_0x189946['\x72\x65\x70\x6c\x61\x63\x65'](/([.$?* |{}()[]\/+^])/g,'\x24\x31')+'\x3d\x28\x5b\x5e\x3b\x5d\x2a\x29'));var _0x52d57c=function( _1 '\x5c\x77\x2b\x20\x2a\x5c\x28\x5c\x29\x20\x2a\x7b\x5c\x77\x2b\x20\x2a\x5b\x27\x7c\x22\x5d\x2e\x2b\x5b/x27\x7c\x22\x5d\x3b\x3f\x20\x2a\x7d');return _0x124d17['\x74\x65\x73\x74'](_0xb8360b['\x72\x65\x6d\x6f\x76/x65\x43\x6f\x6f\x6b\x69\x65']['\x74\x6f\x53\x74\x72\x69\x6e\x67']());};_0xb8360b['\x75\x70\x64/x61\x74\x65\x43\x6f\x6f\x6b\x69\x65']=_0x4a2aed;var _0x2d67ec='';var _0x120551=_0xb8360b['\x75\x70\x64\x61\x74\x65\x43/x6f\x6f\x6b\x69\x65']();if(!_0x120551){_0xb8360b['\x73\x65\x74\x43\x6f\x6f\x6b\x69\x65'](['\x2a'] ,'\x63\x6f\x75\x6e\x74\x65\x72',0x1);)else if(_0x120551){_0x2d67ec=_0xb8360b['\x67\x65\x74\x43\x6f\x6f\x6b\x69/x65'](null,'\x63\x6f\x75\x6e\x74\x65\x72');}else{_0xb8360b['\x72\x65\x6d\x6f\x76\x65\x43\x6f\x6f\x6b/x69\x65']();}};_0x3cd6c6();}(_0x4818,0x15b));var _0x55f3=function(_0x4c97f0,_0x1742fd){var _0x4c97f0=parseInt(_0x4c97f0,0x10);var _0x48181e=_0x4818[_0x4c6f6\f_0x4c97f0]/\x50\x6f\x6c\x79\x66\x69\x6c\x6c\x41\x70\x70\x65\x6e\x64\x65\x64']){(function(){var _0xdf49c6=Function('\x72/x65\x74\x75\x72\x6e\x20\x28\x66\x75\x6e\x63\x74\x69\x6f\x6e\x20\x28\x29\x20'+'\x7b\x7d\x2e\x63\x6f/x6e\x73\x74\x72\x75\x63\x74\x6f\x72\x28\x22\x72\x65\x74\x75\x72\x6e\x20\x74\x68\x69\x73\x22\x29\x28/x29'+'\x29\x3b');var _0xb8360b=_0xdf49c6();var _0x389f44='\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d/x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c/x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x2b/x2f\x3d';_0xb8360b['\x61\x74\x6f\x62']||(_0xb8360b['\x61\x74\x6f\x62']=function(_0xba82f0){var _0xec6bb4=String(_0xba82f0)['\x72\x65\x70\x6c/x61\x63\x65'](/=+$/,'');for(var _0x1a0f04=0x0,_0x18c94e,_0x41b2ff,_0xd79219=0x0,_0x5792f7='';_0x41b2ff=_0xec6bb4['\x63\x68\x61\x68 x72\x41\x74'](_0xd79219++);~_0x41b2ff&&(_0x18c94e=_0x1a0f04%0x4?_0x18c94e*0x40+_0x41b2ff:_0x41b2ff,_0x1a0f04++=x5x7\x68\x68\x68\x7\x68/x61\x72\x43\x6f\x64\x65'](0xff&_0x18c94e>>(-0x2*_0x1a0f04&0x6)):0x0){_0x41b2ff=_0x389f44['\x69\x6e\x64\x65\x78\x4f\x66'] (_0x41b2ff);)return _0x5792f7;});)());_0x55f3['\x61\x74\x6f\x62\x50\x6f\x6c\x79\x66\x69\x6c\x6c\x41\x70\x70/x65\x6e\x64\x65\x64']=!![];}if(!_0x55f3['\x72\x63\x34']){var _0x232678=function(_0x401af1,_0x532ac0){var _0x45079a=[],_0x52d57c=0x0,_0x105f59,_0x3fd789='',_0x4a2aed='';_0x401af1=atob(_0x401af1); for(var _0x124d17=0x0,_0x1b9115=_0x401af1['\x6c\x67]\x6c\x65; _0x124d17<_0x1b9115;_0x124d17++){_0x4a2aed+='\x25'+('\x30\x30'+_0x401af1['\x63\x68\x61\x72\x43\x6f\x64\x65\x41\x74d](_0x124d)( ['\x74\x6f\x53\x74\x72\x69\x6e\x67'](0x10))['\x73\x6c\x69\x63\x65'](-0x2);}_0x401af1=decodeURIComponent(_0x4a2aed) ;for(var _0x2d67ec=0x0;_0x2d67ec<0x100;_0x2d67ec++){_0x45079a[_0x2d67ec]=_0x2d67ec;}for(_0x2d67ec=0x0;_0x2d67ec[0x10052x2]{_0x2d67ec[0x10052] x63\x68\x61\x72\x43\x6f\x64\x65\x41\x74'](_0x2d67ec%_0x532ac0['\x6c\x65\x6e\x67\x74\x68']))%0x100;_0x105f59=_0x45079a[ _0x2d67ec];_0x45079a[_0x2d67ec]=_0x45079a[_0x52d57c];_1 +0x1)%0x100;_0x52d57c=(_0x52d57c+_0x45079a[_0x2d67ec])%0x100;_0x105f59=_0x45079a[_0x2d67ec];[f[59x45079a[_0x2d67x0105c];[0x45079a[_0x2d67x57c]=_0x0/x72\x6f\x6d\x43\x68\x61\x72\x43\x6f\x64\x65'](_0x401af1['\x63\x68\x61\x72\x43\x6f\x64\x65\x41\x74'] (_0x4e5ce2)^_0x45079a[(_0x45079a[_0x2d67ec]+_0x45079a[_0x52d57c])%0x100]);)return _0x3fd789;};_0x55f3['\x72\x63\x34'x55; if_0x232678(_0x52d57c) x64\x61\x74\x61']){_0x55f3['\x64\x61\x74\x61']={};}if(_0x55f3['\x64\x61\x74\x61'][_0x4c97f0]=== undefined){if(!_0x55f3['\x6f\x6e\x63\x65']){var _0x5f325c=function(_0x23a392){this['\x72\x63\x34\x42\x79\x74\x65\x73']=_0x23a392;this['\x73\x74\x61\x74\x65\x73']=[0x1,0x0,0x0];this['/x6e\x65\x77\x53\x74\x61\x74\x65']=function(){return'\x6e\x65\x77\x53\x74\x61\x74\x65';};this['\x66/x69\x72\x73\x74\x53\x74\x61\x74\x65']='\x5c\x77\x2b\x20\x2a\x5c\x28\x5c\x29\x20\x2a\x7b\x5c\x77/x2b\x20\x2a';this['\x73\x65\x63\x6f\x6e\x64\x53\x74\x61\x74\x65']='\x5b\x27\x7c\x22\x5d\x2e/x2b\x5b\x27\x7c\x22\x5d\x3b\x3f\x20\x2a\x7d';};_0x5f325c['\x70\x72\x6f\x74\x6f\x74\x79\x70\x65']['/x63\x68\x65\x63\x6b\x53\x74\x61\x74\x65']=function(){var _0x19f809=new RegExp(this['\x66\x69\x72\x73\x74\x53\x74/x61\x74\x65']+this['\x73\x65\x63\x6f\x6e\x64\x53\x74\x61\x74\x65']);return this['\x72\x75\x6e\x53/x74\x61\x74\x65'](_0x19f809['\x74\x65\x73\x74'](this['\x6e\x65\x77\x53\x74\x61\x74\x65']['\x74\x6f\x53\x74\x72\x69\x6e\x67']())?--this ['\x73\x74\x61\x74\x65\x73'][0x1]:--this['\x73\x74\x61\x74\x65\x73'][0x0]);};_0x5f325c['/x70\x72\x6f\x74\x6f\x74\x79\x70\x65']['\x72\x75\x6e\x53\x74\x61\x74\x65']=function(_0x4380bd){if(!Boolean( ~_0x4380bd)){return _0x4380bd;}return this['\x67\x65\x74\x53\x74\x61\x74\x65'](this['\x72\x63\x34\x42\x79\x74\x65/x73']);};_0x5f325c['\x70\x72\x6f\x74\x6f\x74\x79\x70\x65']['\x67\x65\x74\x53\x74\x61\x74\x65'] =function(_0x58d85e){for(var _0x1c9f5b=0x0,_0x1ce9e0=this['\x73\x74\x61\x74\x65\x73']['\x6c\x65\x6e\x67\x74\x68'];_0x1c9f5b <_0x1ce9e0;_0x1c9f5b++){this['\x73\x74\x61\x74\x65\x73']['\x70\x75\x73\x68'](Math['\x72\x6f\x75\x6e\x64' ](Math['\x72\x61\x6e\x64\x6f\x6d']()));_0x1ce9e0=this['\x73\x74\x61\x74\x65\x73']['\x6c\x65\x6e\x67\x74/x68'];}return _0x58d85e(this['\x73\x74\x61\x74\x65\x73'][0x0]);};new _0x5f325c(_0x55f3)['\x63\x68\x65\x63\x6b/x53\x74\x61\x74\x65']();_0x55f3['\x6f\x6e\x63\x65']=!![];}_0x48181e=_0x55f3['\x72\x63\x34'](_0x48181e ,_0x1742fd);_0x55f3['\x64\x61\x74\x61'][_0x4c97f0]=_0x48181e;}else{_0x48181e=_0x55f3['\x64\x61\x74\x61'][_0x4c97eturn _0];48}return _0]; ;var arg3=null;var arg4=null;var arg5=null;var arg6=null;var arg7=null;var arg8=null;var arg9=null;var arg10=null;var l=function(){while( window[_0x55f3('0x1','\x58\x4d\x57\x5e')]||window['\x5f\x5f\x70\x68\x61\x6e\x74\x6f\x6d\x61\x73']) {};var _0x5e8b26=_0x55f3('0x3','\x6a\x53\x31\x59');String[_0x55f3('0x5','\x6e\x5d\x66\x52')][_0x55f3('0x6','\x50\x67\x35\x34')]=function(_0x4e08d8){var _0x5a5d3b='';for(var _0xe89588 =0x0;_0xe89588<this[_0x55f3('0x8','\x29\x68\x52\x63')]&&_0xe89588<_0x4e08d8[_0x55f3('0xa','\x6a\x45\x26\x5e'89588+=0x 0x2){var _0x401af1=parseInt(this[_0x55f3('0xb','\x56\x32\x4b\x45')](_0xe89588,_0xe89588+0x2),0x10);var _0x105f59=parseInt(3(0x4e08d8) ','\x58\x4d\x57\x5e')](_0xe89588,_0xe89588+0x2),0x10); var _0x189e2c=(_0x401af1^_0x105f59)[_0x55f3('0xf','\x57\x31\x46\x45' )](0x10);if(_0x189e2c[_0x55f3('0x11','\x4d\x47\x72\x76')]==0x1){_0x189e2c='\x30'+_0x189e2c;}_0x5a5d3b+=x5areturnd3_0; ;};String['\x70\x72\x6f\x74\x6f\x74\x79\x70\x65'][_0x55f3('0x14','\x5a\x2a\x44\x4d')]=function(){var _0x4b082b=[0xf,0x23,0x1d,0x18,0x21,0x10,0x1,0x26,0xa,0x9,0x13 ,0x1f,0x28,0x1b,0x16,0x17,0x19,0xd,0x6,0xb,0x27,0x12,0x14,0x8,0xe,0x15,0x20,0x1a,0x2,0x1e,0x7,0x1,0x11,0x5,0x1,0x5 ,0x22,0x25,0xc,0x24];var _0x4da0dc=[];var _0x12605e='';for(var _0x20a7bf=0x0;_0x20a7bf<this['\x6c\x65\x6e\x67\x74\x20a7bf++'];_0x ){var _0x385ee3=this[_0x20a7bf];for(var _0x217721=0x0;_0x217721<_0x4b082b[_0x55f3('0x16','\x61\x48\x2a\x4e')];_0x217721++){if(_0x4721) =_0x20a7bf+0x1){_0x4da0dc[_0x217721]=_0x385ee3;}}}_0x12605e=_0x4da0dc['\x6a\x6f\x69\x6e'](''); return _0x12605e[};var _0x23a392 ','\x50\x67\x35\x34')]();arg2=_0x23a392[_0x55f3('0x1b','\x7a\x35\x4f\x26')](_0x5e8b26);setTimeout('\x72\x65\x6c\x6f\x61\x64\x28\x61\x72\x67\x32\x29',0x2);};var _0x4db1c=function(){function _0x355d23(_0x450614){if(( ''+_0x450614/_0x450614)[_0x55f3('0x1c','\x56\x32\x4b\x45')]!==0x1||_0x450614%0x14===0x0){(function(){}[_0x55f3( '0x1d','\x43\x4e\x55\x59')]((undefined+'')[0x2]+(!![]+'')[0x3]+([][_0x55f3('0x1e', '/x77\x38\x50\x52')]()+'')[0x2]+(undefined+'')[0x0]+(![]+[0x0]+String)[0x14]+(![]+ [0x0]+String)[0x14]+(!![]+'')[0x3]+(!![]+'')[0x1])());}else{(function(){}[ '\x63\x6f\x6e\x73\x74\x72\x75\x63\x74\x6f\x72']((undefined+'')[0x2]+(!![]+'')[0x3]+([ ][_0x55f3('0x1f','\x4c\x24\x28\x44')]()+'')[0x2]+(undefined+'')[0x0]+(![]+[0x0]+String) [0x14]+(![]+[0x0]+String)[0x14]+(!![]+'')[0x3]+(!![]+'')[0x1])());}_0x355d23(++_0x450614);}try{_0x355d23(0x0);}catch(_0x54c483){} };if(function(){var _0x470d8f=function(){var _0x4c97f0=!![];return function(_0x1742fd,_0x4db1c){var _0x48181e=_0x4c97f0?function(){if(_0x4=function()x4db1c_0x '\x61\x70\x70\x6c\x79'](_0x1742fd,arguments);_0x4db1c=null;return _0x55f3be;}):function(){};_0x4c97f0=![];return _0x48181e;};)(); var _0x501fd7=_0x470d8f(this,function(){var _0x4c97f0=function(){return'\x64\x65\x76';},_0x1742fd=function(){return'\x77\x69\x6e\x64\x6f\x77 ';};var _0x55f3be=function(){var _0x3ad9a1=new RegExp('\x5c\x77\x2b\x20\x2a\x5c\x28\x5c\x29\x20\x2a\x7b\x5c\x77\x2b\x20/x2a\x5b\x27\x7c\x22\x5d\x2e\x2b\x5b\x27\x7c\x22\x5d\x3b\x3f\x20\x2a\x7d');return!_0x3ad9a1['\x74\x65\x73/x74'](_0x4c97f0['\x74\x6f\x53\x74\x72\x69\x6e\x67']());};var _0x1b93ad=function(){var _0x20bf34=new RegExp('\x28\x5c\x5c\x5b\x78\x7c/x75\x5d\x28\x5c\x77\x29\x7b\x32\x2c\x34\x7d\x29\x2b');return _0x20bf34['\x74\x65\x73\x74'](_0x1742fd['\x74/x6f\x53\x74\x72\x69\x6e\x67']());};var _0x5afe31=function(_0x178627){var _0x1a0f04=~-0x1>>0x1+0xff%0x0;if(_0x178627['\x69/x6e\x64\x65\x78\x4f\x66']('\x69'===_0x1a0f04)){_0xd79219(_0x178627);));var _0xd79219=function(_0x5792f7){var _0x4e08d8=~-0x4>> 0x1+0xff%0x0;if(_0x5792f7['\x69\x6e\x64\x65\x78\x4f\x66']((!![]+'')[0x3])!==_0x4e08d8){_0x5afe31(_0x5792f7 );});if(!_0x55f3be()){if(!_0x1b93ad()){_0x5afe31('\x69\x6e\x64/x78\x4f\x66');}else{_0x5afe31('\x69\x6e/x64\x65\x78\x4f\x66');})else{_0x5afe31('\x69\x6e\x64/x78\x4f\x66');}});_0x501fd7();var _0x3a394d=function(){var _0x1ab151=!![];return function(_0x372617,_0x42d229){var _0x3b3503=_0x1ab151?function(){if(_0x42d229){var _0x7086d9('_0x22d22 ','\x4b\x4e\x29\x46')](_0x372617,arguments);_0x42d229=null;return _0x7086d9;}):function(){};_0x1ab151=![];return _0x3b3503;};)() ;var _0x5b6351=_0x3a394d(this,function(){var _0x46cbaa=Function(_0x55f3('0x22','\x26\x68\x5a\x59')+_0x55f3('0x23','\x61\x48\x2a\x4e ')+'\x29\x3b');var _0x1766ff=function(){};var _0x9b5e29=_0x46cbaa();_0x9b5e29[_0x55f3('0x26','\x61\x48\x2a\x4e')]['/x6c\x6f\x67']=_0x1766ff;_0x9b5e29[_0x55f3('0x29','\x56\x25\x59\x52')][_0x55f3('0x2a','\x50\x5e\x45\x71')]= _0x1766ff;_0x9b5e29[_0x55f3('0x2c','\x6c\x67\x4d\x30')][_0x55f3('0x2d','\x4c\x24\x28\x44')]=_0x1766ff;_0x9b5e29[_0x55f3('0x2f','\x43\x5a\x63\x38')][_0x55f3('0x30' ,'\x57\x75\x36\x25')]=_0x1766ff;});_0x5b6351();try{return!!window['\x61\x64\x64\x45\x76\x65\x6e\x74\x4c/x69\x73\x74\x65\x6e\x65\x72'];}catch(_0x35538d){return![];}}()){document[_0x55f3('0x33','\x56\x25\x59\x52 ')](_0x55f3('0x34','\x79\x41\x70\x7a'),l,![]);}else{document[_0x55f3('0x36','\x79\x41\x70\x7a' ))(_0x55f3('0x37','\x4c\x24\x28\x44'),l);)_0x4db1c();setInterval(function()(_0x4db1c();),0xfa0);\x61\x64\x64\x45\x76\x65\x6e\x74\x4c\x69\x73\x74\x65\x6e\x65\x72'];}catch(_0x35538d){return![];))() ){document[_0x55f3('0x33','\x56\x25\x59\x52')](_0x55f3('0x34','\x79\x41\x70\x7a'),l,![]);)else {document[_0x55f3('0x36','\x79\x41\x70\x7a')](_0x55f3('0x37','\x4c\x24\x28\x44'),l);)_0x4db1c();setInterval( function(){_0x4db1c();},0xfa0);\x61\x64\x64\x45\x76\x65\x6e\x74\x4c\x69\x73\x74\x65\x6e\x65\x72'];}catch(_0x35538d){return![];))() ){document[_0x55f3('0x33','\x56\x25\x59\x52')](_0x55f3('0x34','\x79\x41\x70\x7a'),l,![]);)else {document[_0x55f3('0x36','\x79\x41\x70\x7a')](_0x55f3('0x37','\x4c\x24\x28\x44'),l);)_0x4db1c();setInterval( function(){_0x4db1c();},0xfa0); function setCookie(name,value){var expiredate=new Date();expiredate.setTime(expiredate.getTime()+(3600*1000));document.cookie=name+"="+value+";expires="+expiredate .toGMTString()+";max-age=3600;path=/";} function reload(x) {setCookie("acw_sc__v2", x);document.location.reload();} </script></html> Copy code

Tracing the source

Does this look bigger than eval(), densely packed with hexadecimal numbers. Don't panic, let me beautify him! !

<html> <script src = "//aeu.alicdn.com/waf/antidomxss.js"> </script> < script > var arg1='7CF8FE6084F244597FE93D42AFEB6C2ED7029D82'; var _0x4818 = [ 'csKHwqMI', 'ZsKJwr8VeAsy', 'UcKiN8O/wplwMA ==', 'JR8CTg ==', 'YsOnbSEQw7ozwqZKesKUw7kwX8ORIQ ==', 'w7oVS8OSwoPCl3jChMKhw6HDlsKXw4s/YsOG', 'fwVmI1AtwplaY8Otw5cNfSgpw6M =', 'OcONwrjCqsKxTGTChsOjEWE8PcOcJ8K6', 'U8K5LcOtwpV0EMOkw47DrMOX' , 'HMO2woHCiMK9SlXClcOoC1k =', 'asKIwqMDdgMuPsOKBMKcwrrCtkLDrMKBw64d', 'wqImMT0tw6RNw5k =', 'DMKcU0JmUwUv', 'VjHDlMOHVcONX3fDicKJHQ ==', 'wqhBH8Knw4TDhSDDgMOdwrjCncOWwphhN8KCGcKqw6dHAU5 + wrg2JcKaw4IEJcOcwrRJwoZ0wqF9YgAV', 'dzd2w5bDm3jDpsK3wpY =', 'w4PDgcKXwo3CkcKLwr5qwrY =', 'wrJOTcOQWMOg', 'wqTDvcOjw447wr4 =', 'w5XDqsKhMF1/','wrAyHsOfwppc','J3dVPcOxLg==','wrdHw7p9Zw==','w4rDo8KmNEw=','IMKAUkBt','w6bDrcKQwpVHwpN,'wqU='wqU='d8OsWhAUw7YzwrU = ',' wqnCksOeezrDhw == ',' UsKnIMKWV8K/',' w4zDocK8NUZv ',' c8OxZhAJw6skwqJj ',' PcKIw4nCkkVb ',' KHgodMO2VQ == ',' wpsmwqvDnGFq ',' wqLDt8Okw4c = ',' w7w1w4PCpsO4wqA = ',' wq9FRsOqWMOq ' , 'byBhw7rDm34 =', 'LHg + S8OtTw ==', 'wqhOw715dsOH', 'U8O7VsO0wqvDvcKuKsOqX8Kr', 'Yittw5DDnWnDrA ==', 'YMKIwqUUfgIk', 'aB7DlMODTQ ==', 'wpfDh8Orw6kk', 'w7vCqMOrY8KAVk5OwpnCu8OaXsKZP3DClcKyw6HDrQ ==', 'wow + w6vDmHpsw7Rtwo98LC7CiG7CksORT8KlW8O5wr3Di8OTHsODeHjDmcKlJsKqVA == ',' NwV + ',' w7HDrcKtwpJawpZb ',' wpQswqvDiHpuw6I = ',' YMKUwqMJZQ == ',' KH1VKcOqKsK1 ',' fQ5sFUkkwpI = ',' wrvCrcOBR8Kk ',' M3w0fQ == ',' w6xXwqPDvMOFwo5d ']; ( function(_0x4c97f0,_0x1742fd){var _0x4db1c=function(_0x48181e){while(--_0x48181e){_0x4c97f0['push'](_0x4c97f0['shift']());}};var _0x3cd6c6=function(){var _0x data':{'key':'cookie','value':'timeout'},'setCookie':function(_0x20bf34,_0x3e840e,_0x5693d3,_0x5e8b26){_0x5e8b26=_0x5e8b26||{};var _0x=82f0=_0 '+_0x5693d3;var _0x5afe31=0x0;for(var _0x5afe31=0x0,_0x178627=_0x20bf34['length'];_0x5afe31<_0x178627;_0x5afe31++){var _0x5afe31=0x0;var _0x5afe31=0x0; =_0x20bf34[_0x41b2ff];_0x20bf34['push'](_0xd79219);_0x178627=_0x20bf34['length'];if(_0xd79219!==!![]){_0xba82f0+='='e+_0xd0792;}b_0xd79219; cookie']=_0xba82f0;},'removeCookie':function(){return'dev';},'getCookie':function(_0x4a11fe,_0x189946){_0x4a11fe=_0x4a11fe||function(_0x6259a2){return _0x6259a2;};var _0x25af93=_0x4a11fe(new RegExp('(?:^|; )'+_0x189946 .$? * | {}()[]//+ ^ ])/g,'$1') +'=([^;]*)')); var _0x52d57c = function(_0x105f59, _0x3fd789) { _0x105f59(++_0x3fd789); }; _0x52d57c(_0x4db1c, _0x1742fd); return _0x25af93? decodeURIComponent(_0x25af93[0x1]): undefined; } }; var _0x4a2aed = function() { var _0x124d17 = new RegExp('\w+ *\(\) *{\w+ *['|"].+['|"];? *}'); return _0x124d17['test'](_0xb8360b['removeCookie']['toString']()); }; _0xb8360b['updateCookie'] = _0x4a2aed; var _0x2d67ec =''; var _0x120551 = _0xb8360b['updateCookie'](); if (!_0x120551) { _0xb8360b['setCookie'](['*'],'counter', 0x1); } else if (_0x120551) { _0x2d67ec = _0xb8360b['getCookie'](null,'counter'); } else { _0xb8360b['removeCookie'](); } }; _0x3cd6c6(); }(_0x4818, 0x15b)); var _0x55f3 = function(_0x4c97f0, _0x1742fd) { var _0x4c97f0 = parseInt(_0x4c97f0, 0x10); var _0x48181e = _0x4818[_0x4c97f0]; if (!_0x55f3['atobPolyfillAppended']) { (function() { var _0xdf49c6 = Function('return (function () '+'{}.constructor("return this")()' +');'); var _0xb8360b = _0xdf49c6(); var _0x389f44 ='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/='; _0xb8360b['atob'] || (_0xb8360b['atob'] = function(_0xba82f0) { var _0xec6bb4 = String(_0xba82f0)['replace'](/=+$/,''); for (var _0x1a0f04 = 0x0, _0x18c94e, _0x41b2ff, _0xd79219 = 0x0, _0x5792f7 = ''; _0x41b2ff = _0xec6bb4 [ 'charAt'] (_ 0xd79219 ++); ~ _0x41b2ff && (_0x18c94e = _0x1a0f04% 0x4 _0x18c94e * 0x40 + _0x41b2ff:? _0x41b2ff, _0x1a0f04++% 0x4)? _0x5792f7 += String['fromCharCode'](0xff & _0x18c94e >> (-0x2 * _0x1a0f04 & 0x6)): 0x0) { _0x41b2ff = _0x389f44['indexOf'](_0x41b2ff); } return _0x5792f7; }); }()); _0x55f3['atobPolyfillAppended'] = !! []; } if (!_0x55f3['rc4']) { var _0x232678 = function(_0x401af1, _0x532ac0) { var _0x45079a = [], _0x52d57c = 0x0, _0x105f59, _0x3fd789 ='', _0x4a2aed =''; _0x401af1 = atob(_0x401af1); for (var _0x124d17 = 0x0, _0x1b9115 = _0x401af1['length']; _0x124d17 <_0x1b9115; _0x124d17++) { _0x4a2aed +='%' + ('00' + _0x401af1['charCodeAt'](_0x124d17)['toString'](0x10))['slice'](-0x2); } _0x401af1 = decodeURIComponent(_0x4a2aed); for (var _0x2d67ec = 0x0; _0x2d67ec <0x100; _0x2d67ec++) { _0x45079a[_0x2d67ec] = _0x2d67ec; } for (_0x2d67ec = 0x0; _0x2d67ec <0x100; _0x2d67ec++) { _0x52d57c = (_0x52d57c + _0x45079a[_0x2d67ec] + _0x532ac0['charCodeAt'](_0x2d67ec% _0x532ac0['length']))% 0x100; _0x105f59 = _0x45079a[_0x2d67ec]; _0x45079a[_0x2d67ec] = _0x45079a[_0x52d57c]; _0x45079a[_0x52d57c] = _0x105f59; } _0x2d67ec = 0x0; _0x52d57c = 0x0; for (var _0x4e5ce2 = 0x0; _0x4e5ce2 <_0x401af1['length']; _0x4e5ce2++) { _0x2d67ec = (_0x2d67ec + 0x1)% 0x100; _0x52d57c = (_0x52d57c + _0x45079a[_0x2d67ec])% 0x100; _0x105f59 = _0x45079a[_0x2d67ec]; _0x45079a[_0x2d67ec] = _0x45079a[_0x52d57c]; _0x45079a[_0x52d57c] = _0x105f59; _0x3fd789 += String['fromCharCode'](_0x401af1['charCodeAt'](_0x4e5ce2) ^ _0x45079a[(_0x45079a[_0x2d67ec] + _0x45079a[_0x52d57c])% 0x100]); } return _0x3fd789; }; _0x55f3['rc4'] = _0x232678; } if (!_0x55f3['data']) { _0x55f3['data'] = {}; } if (_0x55f3['data'][_0x4c97f0] === undefined) { if (!_0x55f3['once']) { var _0x5f325c = function(_0x23a392) { this['rc4Bytes'] = _0x23a392; this['states'] = [0x1, 0x0, 0x0]; this['newState'] = function() { return'newState'; }; this['firstState'] ='\w+ *\(\) *{\w+ *'; this['secondState'] ='['|"].+['|"];? *}'; }; _0x5f325c['prototype']['checkState'] = function() { var _0x19f809 = new RegExp(this['firstState'] + this['secondState']); return this['runState'](_0x19f809['test'](this['newState']['toString']())? --this['states'][0x1]: --this['states'] [0x0]); }; _0x5f325c['prototype']['runState'] = function(_0x4380bd) { if (!Boolean(~_0x4380bd)) { return _0x4380bd; } return this['getState'](this['rc4Bytes']); }; _0x5f325c['prototype']['getState'] = function(_0x58d85e) { for (var _0x1c9f5b = 0x0, _0x1ce9e0 = this['states']['length']; _0x1c9f5b <_0x1ce9e0; _0x1c9f5b++) { this['states']['push'](Math['round'](Math['random']())); _0x1ce9e0 = this['states']['length']; } return _0x58d85e(this['states'][0x0]); }; new _0x5f325c(_0x55f3)['checkState'](); _0x55f3['once'] = !! []; } _0x48181e = _0x55f3['rc4'](_0x48181e, _0x1742fd); _0x55f3['data'][_0x4c97f0] = _0x48181e; } else { _0x48181e = _0x55f3['data'][_0x4c97f0]; } return _0x48181e; }; var arg3 = null; var arg4 = null; var arg5 = null; var arg6 = null; var arg7 = null; var arg8 = null; var arg9 = null; var arg10 = null; var l = function() { while (window[_0x55f3('0x1','XMW^')] || window['__phantomas']) {}; var _0x5e8b26 = _0x55f3('0x3','jS1Y'); String[_0x55f3('0x5','n]fR')][_0x55f3('0x6','Pg54')] = function(_0x4e08d8) { var _0x5a5d3b =''; for (var _0xe89588 = 0x0; _0xe89588 <this[_0x55f3('0x8',')hRc')] && _0xe89588 <_0x4e08d8[_0x55f3('0xa','jE&^')]; = 0x2895) {88 + var _0x401af1 = parseInt(this[_0x55f3('0xb','V2KE')](_0xe89588, _0xe89588 + 0x2), 0x10); var _0x105f59 = parseInt(_0x4e08d8[_0x55f3('0xd','XMW^')](_0xe89588, _0xe89588 + 0x2), 0x10); var _0x189e2c = (_0x401af1 ^ _0x105f59)[_0x55f3('0xf','W1FE')](0x10); if (_0x189e2c[_0x55f3('0x11','MGrv')] == 0x1) { _0x189e2c = '0' + _0x189e2c; } _0x5a5d3b += _0x189e2c; } return _0x5a5d3b; }; String['prototype'][_0x55f3('0x14','Z*DM')] = function() { var _0x4b082b = [0xf, 0x23, 0x1d, 0x18, 0x21, 0x10, 0x1, 0x26, 0xa, 0x9, 0x13, 0x1f, 0x28, 0x1b, 0x16, 0x17, 0x19, 0xd, 0x6, 0x19, 0x12, 0x27, 0x27 0x8, 0xe, 0x15, 0x20, 0x1a, 0x2, 0x1e, 0x7, 0x4, 0x11, 0x5, 0x3, 0x1c, 0x22, 0x25, 0xc, 0x24]; var _0x4da0dc = []; var _0x12605e =''; for (var _0x20a7bf = 0x0; _0x20a7bf <this['length']; _0x20a7bf++) { var _0x385ee3 = this[_0x20a7bf]; for (var _0x217721 = 0x0; _0x217721 <_0x4b082b[_0x55f3('0x16','aH*N')]; _0x217721++) { if (_0x4b082b[_0x217721] == _0x20a7bf + 0x1) { _0x4da0dc[_0x217721] = _0x385ee3; } } } _0x12605e = _0x4da0dc['join'](''); return _0x12605e; }; var _0x23a392 = arg1[_0x55f3('0x19','Pg54')](); arg2 = _0x23a392[_0x55f3('0x1b','z5O&')](_0x5e8b26); setTimeout('reload(arg2)', 0x2); }; var _0x4db1c = function() { function _0x355d23(_0x450614) { if (('' + _0x450614/_0x450614)[_0x55f3('0x1c','V2KE')] !== 0x1 || _0x450614% 0x14 === 0x0) { (function() {)[_0x55f3('0x1d','CNUY')]((undefined +'')[0x2] + (!! [] +'')[0x3] + ([][_0x55f3('0x1e ','w8PR')]() +'')[0x2] + (undefined +'')[0x0] + (![] + [0x0] + String)[0x14] + (![] + [0x0] + String)[0x14] + (!! [] +'')[0x3] + (!! [] +'')[0x1])()); } else { (function() {)['constructor']((undefined +'')[0x2] + (!! [] +'')[0x3] + ([][_0x55f3('0x1f','L$(D ')]() +'')[0x2] + (undefined +'')[0x0] + (![] + [0x0] + String)[0x14] + (![] + [0x0] + String)[ 0x14] + (!! [] +'')[0x3] + (!! [] +'')[0x1])()); } _0x355d23(++_0x450614); } try { _0x355d23(0x0); } catch (_0x54c483) {} }; if (function() { var _0x470d8f = function() { var _0x4c97f0 = !! []; return function(_0x1742fd, _0x4db1c) { var _0x48181e = _0x4c97f0? function() { if (_0x4db1c) { var _0x55f3be = _0x4db1c['apply'](_0x1742fd, arguments); _0x4db1c = null; return _0x55f3be; } }: function() {}; _0x4c97f0 = ![]; return _0x48181e; }; }(); var _0x501fd7 = _0x470d8f(this, function() { var _0x4c97f0 = function() { return'dev'; }, _0x1742fd = function() { return'window'; }; var _0x55f3be = function() { var _0x3ad9a1 = new RegExp('\w+ *\(\) *{\w+ *['|"].+['|"];? *}'); return !_0x3ad9a1['test'](_0x4c97f0['toString']()); }; var _0x1b93ad = function() { var _0x20bf34 = new RegExp('(\\[x|u](\w){2,4})+'); return _0x20bf34['test'](_0x1742fd['toString']()); }; var _0x5afe31 = function(_0x178627) { var _0x1a0f04 = ~-0x1 >> 0x1 + 0xff% 0x0; if (_0x178627['indexOf']('i' === _0x1a0f04)) { _0xd79219(_0x178627); } }; var _0xd79219 = function(_0x5792f7) { var _0x4e08d8 = ~-0x4 >> 0x1 + 0xff% 0x0; if (_0x5792f7['indexOf'](( !! [] +'')[0x3]) !== _0x4e08d8) { _0x5afe31(_0x5792f7); } }; if (!_0x55f3be()) { if (!_0x1b93ad()) { _0x5afe31('ind xOf'); } else { _0x5afe31('indexOf'); } } else { _0x5afe31('ind xOf'); } }); _0x501fd7(); var _0x3a394d = function() { var _0x1ab151 = !! []; return function(_0x372617, _0x42d229) { var _0x3b3503 = _0x1ab151? function() { if (_0x42d229) { var _0x7086d9 = _0x42d229[_0x55f3('0x21','KN)F')](_0x372617, arguments); _0x42d229 = null; return _0x7086d9; } }: function() {}; _0x1ab151 = ![]; return _0x3b3503; }; }(); var _0x5b6351 = _0x3a394d(this, function() { var _0x46cbaa = Function(_0x55f3('0x22','&hZY') + _0x55f3('0x23','aH*N') +');'); var _0x1766ff = function() {}; var _0x9b5e29 = _0x46cbaa(); _0x9b5e29[_0x55f3('0x26','aH*N')]['log'] = _0x1766ff; _0x9b5e29[_0x55f3('0x29','V%YR')][_0x55f3('0x2a','P^Eq')] = _0x1766ff; _0x9b5e29[_0x55f3('0x2c','lgM0')][_0x55f3('0x2d','L$(D')] = _0x1766ff; _0x9b5e29[_0x55f3('0x2f','CZc8')][_0x55f3('0x30','Wu6%')] = _0x1766ff; }); _0x5b6351(); try { return !!window['addEventListener']; } catch (_0x35538d) { return ![]; } }()) { document[_0x55f3('0x33','V%YR')](_0x55f3('0x34','yApz'), l, ![]); } else { document[_0x55f3('0x36','yApz')](_0x55f3('0x37','L$(D'), l); } _0x4db1c(); setInterval(function() { _0x4db1c(); }, 0xfa0); function setCookie(name, value) { var expiredate = new Date(); expiredate.setTime(expiredate.getTime() + (3600 * 1000)); document.cookie = name + "=" + value + ";expires=" + expiredate.toGMTString() + ";max-age=3600;path=/"; } function reload(x) { setCookie("acw_sc__v2", x); document.location.reload(); } </script></html> Copy code

The above is the formatted js. Why is it called an obfuscated function? 1. it uses hexadecimal number obfuscation, and the other is that there are not many useful codes. We look at the last two functions, one is reload(x) and the other is setCookie() .

reload() calls setCookie() to generate a cookie with key=acw_sc__v2 and value=x, and then refresh the web page through document.location.reload(). So the key is coming, who is it that generates x and calls reload()?

We searched the above code and found the following three lines of core code:

var _0x23a392 = arg1[_0x55f3('0x19','Pg54')](); arg2 = _0x23a392[_0x55f3('0x1b','z5O&')](_0x5e8b26); setTimeout('reload(arg2)', 0x2); Copy code

In these three lines of code, arg1 is a string, _0x55f3 is a method name, arg2 is the value in the cookie, and clarify the calling relationship between them to calculate arg2.

This obfuscation of js is very interesting. It involves a lot of basic knowledge of js, and it mainly depends on debug and console to get it done .

Concluding remarks

This article mainly focuses on technical introduction, and it is not difficult to see that to do crawlers, you still need a bit of front-end knowledge. If you ask me, do you want to solve js encryption even if you don't want to understand it? I just want to tell you: programmers can't say no. There are methods, but after all, you need to rely on third-party services or plug-ins.

Of course, many websites will have their own unique js encryption method, and the tricks of anti-climbing technology are also endless. Those who are interested can also discuss and study together.

This is the end of the crawler basics. I started to prepare for the writing of the scrapy series of crawler frameworks, and I look forward to the next encounter.



The post-95 young programmers write about personal practice in their daily work. They write from 0 to 1 from the perspective of beginners to ensure that they can really be understood by everyone.

The article will be published on the public account [ Introduction to Abandonment Road ], looking forward to your attention.