"Magic Zoom V3 image magnifier effect" script analysis

Recent want to try an image magnifier effect, on-line (domestic) reference may be called up to "Magic Zoom" of jQuery plugins. The plug is a commercial software, trial version to enlarge box at the bottom or top of the line prompt with the prompt to upgrade to full version (Please upgrade to full version of Magic Zoom). In fact, the demo function is complete, but much more prompt this line only.

Internet search, I have not found this component was more comprehensive analysis, only to find some way to remove the use of violence, the line message. Specifically, we can go to this address (http://www.5icool.org/a/201004/379.html) see, I saved Ctrl + C And Ctrl + V to operate.

This component has no one to analyze (or is not of them), it brought back my interest to see how strong the JS security in the end. So there will be a process and the analysis of this article.

First, download the components from the official website of the DEMO version, open magiczoom.js, search on "Please upgrade to full version of Magic Zoom" phrase in the key words, not found. This I expected, if the words do not look at Tibet, it is also what anti-theft ah.

Look at the script, sets out an eval, which in general, eval the middle of things are sure to have a normal after treatment JS script, so long as to keep the script Jinong out period, basic even if successful. According to this thinking, to eval temporarily removed, the remaining things, there is a large string, the piece of string or removed, what remains is not much, sort format, as follows:

function(p,a,c,k,e,d){
        e=function(c){
                return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36));
        };
        if(!''.replace(/^/,String)){
                while(c--){
                        d[e(c)]=k[c]||e(c);
                }
                k=[
                        function(e){
                                return d[e]
                        }
                ];
                e=function(){
                        return'\\w+';
                }
                c=1;
        };
        while(c--){
                if(k[c]){
                        p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);
                }
        }
        return p;
}( STR1, 62,639, STR2.split('|'),0,{});

Of which: STR1, STR2 is drawn to the location of the two long strings.

Analysis of this code, it is more clear, define an anonymous function, and then passed six parameters of the Executive, to get a result, the final look by the eval method to execute.

Next, I just write the code, this function returns the resulting output can, I write in EditPlus an HTML page, to the implementation of the above function, the resulting output to a textarea:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
 <head>
  <title> New Document </title>
  <meta name="Generator" content="EditPlus">
  <meta name="Author" content="">
  <meta name="Keywords" content="">
  <meta name="Description" content="">
<script language="JavaScript">
<!--

var s1 = < Omit  >;

var s2 = < Omit  >;

function decode(p,a,c,k,e,d){
        e=function(c){
                return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36));
        };
        if(!''.replace(/^/,String)){
                while(c--){
                        d[e(c)]=k[c]||e(c);
                }
                k=[
                        function(e){
                                return d[e];
                        }
                ];
                e=function(){
                        return'\\w+';
                };
                c=1;
        };
        while(c--){
                if(k[c]){
                        p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);
                }
        }
        return p;
}

window.onload=function(){
  var srcTxt = decode(s1,62,650, s2.split('|'),0,{});
        document.all.src.value = srcTxt;
}

//-->
</script>
 </head>

 <body>
<textarea name="src" rows="20" cols="100"></textarea>
 </body>
</html>

In EditPlus the Ctrl + B, will be the implementation of the results, sort out, is a clearer code, and now find them as long as the sentence precautionary statements, think about how to dispose of the schedule.

That string is not too much trouble to find things. Remember the Prompt text is bold red, I go directly to the output places in bold red, no fee what the work would find:

if (i.indexOf (MagicZoom.x7 ("coigmzaablav mac "))==- 1) (
a = ["^ bko) k. (~ i | ojk.za.h (bb.xk |) ga`. ah.Coigm.Taac (-6:6 <5 "," # ff0000 ", 10," bold "," center "," 100% "];
)

The author made an encrypted string, the specific algorithm can not be bothered to analyze, and direct this comment out three lines, then test, suggesting that there is no text.

=================================

Also want to say, the use of JavaScript Analyser2.0 Alpha www.xieda.org software can be decrypted directly on the script, told me almost out of hand analysis.

分类:Web 时间:2010-07-04 人气:279
分享到:
blog comments powered by Disqus

相关文章

  • Ann: On the Internet search engine, the so-called knowledge training! 2010-10-28

    The current Internet has gray often well developed, can not imagine life without the Internet. The rapid development of the Internet, the Internet-related training is also springing up constantly emerge, we set up some virtual sub-sub-network of trai

  • Ann: On the so-called Internet search engine knowledge and training! 2010-10-28

    The current Internet has gray often well developed, can not imagine life without the Internet. The rapid development of the Internet, the Internet-related training is also springing up constantly emerge, that we can set up a number of virtual sub-net

  • Similar image recognition internet search engine - the signature approach based on image 2010-11-29

    I. Introduction Multimedia information retrieval is difficult to identify the high and growing demand of a problem. The image, for example, according to the information retrieval distinction between the use of the image can be divided into two catego

  • ie version of firebug - Internet Explorer Developer Toolbar 2010-04-27

    ie version of Firebug, the name of: Internet Explorer Developer Toolbar Address is: http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=e59c3964-672d-4511-bb3e-2d5e1db91038 Click "download" button that can be downloaded a

  • The RemoteObject uses flex java communication with the back-end (demo version) 2010-10-09

    To the new company has a week, and today happens to be the seventh day, eleven have been written before the demo, to sum up today. New to flex, the adoption of pureMVC and BlazeDS framework, in a project which is about to start, I refer to PM write r

  • The five most advanced Internet search engine 2010-12-04

    Search engine on the Internet, encyclopedia, with which you can find and filter information you want. Any search engine, has some of their own skills to accurately find the information you want. You need to understand how the search engine is how it

  • PHP version of the core search engine technology 2010-03-10

    Analysis of programming ideas We can do it: simulating a query to a search engine sites search order issued by the appropriate format, and then returns search results, and the results of HTML code analysis, stripping the extra characters and code, th

  • Finally see a Java version of the Internet Shopping Mall 2010-06-27

    Internet Mall is a very common product, and saw many, many products and found that all PHP version, may be due to the high cost of the reasons Java development it has not seen the Java web mall, recently seen ISkyShop , download of a moment, feeling

  • Five of the most advanced Internet search engine 2010-12-04

    Search engine on the Internet encyclopedia, with which you can find and filter information you want. Any search engine has its own number of techniques to accurately find the information you want. You need to understand about how search engines work

iOS 开发

Android 开发

Python 开发

JAVA 开发

开发语言

PHP 开发

Ruby 开发

搜索

前端开发

数据库

开发工具

开放平台

Javascript 开发

.NET 开发

云计算

服务器

Copyright (C) codeweblog.com, All Rights Reserved.

CodeWeblog.com 版权所有 黔ICP备15002463号-1

processed in 0.505 (s). 13 q(s)