"Magic Zoom V3 image magnifier effect" script analysis

sponsored links
Recent want to try an image magnifier effect, on-line (domestic) reference may be called up to "Magic Zoom" of jQuery plugins. The plug is a commercial software, trial version to enlarge box at the bottom or top of the line prompt with the prompt to upgrade to full version (Please upgrade to full version of Magic Zoom). In fact, the demo function is complete, but much more prompt this line only.

Internet search, I have not found this component was more comprehensive analysis, only to find some way to remove the use of violence, the line message. Specifically, we can go to this address (http://www.5icool.org/a/201004/379.html) see, I saved Ctrl + C And Ctrl + V to operate.

This component has no one to analyze (or is not of them), it brought back my interest to see how strong the JS security in the end. So there will be a process and the analysis of this article.

First, download the components from the official website of the DEMO version, open magiczoom.js, search on "Please upgrade to full version of Magic Zoom" phrase in the key words, not found. This I expected, if the words do not look at Tibet, it is also what anti-theft ah.

Look at the script, sets out an eval, which in general, eval the middle of things are sure to have a normal after treatment JS script, so long as to keep the script Jinong out period, basic even if successful. According to this thinking, to eval temporarily removed, the remaining things, there is a large string, the piece of string or removed, what remains is not much, sort format, as follows:

function(p,a,c,k,e,d){
        e=function(c){
                return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36));
        };
        if(!''.replace(/^/,String)){
                while(c--){
                        d[e(c)]=k[c]||e(c);
                }
                k=[
                        function(e){
                                return d[e]
                        }
                ];
                e=function(){
                        return'\\w+';
                }
                c=1;
        };
        while(c--){
                if(k[c]){
                        p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);
                }
        }
        return p;
}( STR1, 62,639, STR2.split('|'),0,{});


Of which: STR1, STR2 is drawn to the location of the two long strings.

Analysis of this code, it is more clear, define an anonymous function, and then passed six parameters of the Executive, to get a result, the final look by the eval method to execute.

Next, I just write the code, this function returns the resulting output can, I write in EditPlus an HTML page, to the implementation of the above function, the resulting output to a textarea:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
 <head>
  <title> New Document </title>
  <meta name="Generator" content="EditPlus">
  <meta name="Author" content="">
  <meta name="Keywords" content="">
  <meta name="Description" content="">
<script language="JavaScript">
<!--

var s1 = < Omit  >;

var s2 = < Omit  >;


function decode(p,a,c,k,e,d){
        e=function(c){
                return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36));
        };
        if(!''.replace(/^/,String)){
                while(c--){
                        d[e(c)]=k[c]||e(c);
                }
                k=[
                        function(e){
                                return d[e];
                        }
                ];
                e=function(){
                        return'\\w+';
                };
                c=1;
        };
        while(c--){
                if(k[c]){
                        p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);
                }
        }
        return p;
}

window.onload=function(){
  var srcTxt = decode(s1,62,650, s2.split('|'),0,{});
        document.all.src.value = srcTxt;
}

//-->
</script>
 </head>

 <body>
<textarea name="src" rows="20" cols="100"></textarea>
 </body>
</html>

In EditPlus the Ctrl + B, will be the implementation of the results, sort out, is a clearer code, and now find them as long as the sentence precautionary statements, think about how to dispose of the schedule.

That string is not too much trouble to find things. Remember the Prompt text is bold red, I go directly to the output places in bold red, no fee what the work would find:

if (i.indexOf (MagicZoom.x7 ("coigmzaablav mac "))==- 1) (
a = ["^ bko) k. (~ i | ojk.za.h (bb.xk |) ga`. ah.Coigm.Taac (-6:6 <5 "," # ff0000 ", 10," bold "," center "," 100% "];
)

The author made an encrypted string, the specific algorithm can not be bothered to analyze, and direct this comment out three lines, then test, suggesting that there is no text.

=================================

Also want to say, the use of JavaScript Analyser2.0 Alpha www.xieda.org software can be decrypted directly on the script, told me almost out of hand analysis.
  • del.icio.us
  • StumbleUpon
  • Digg
  • TwitThis
  • Mixx
  • Technorati
  • Facebook
  • NewsVine
  • Reddit
  • Google
  • LinkedIn
  • YahooMyWeb

Related Posts of "Magic Zoom V3 image magnifier effect" script analysis

  • Hibernate primary key strategy-sequence

    Today, the use of hibernate in the company encountered a troublesome problem, the use of hibernate when the primary key generation strategy set sequence, but always reported in the implementation could not get next sequence value of the error, then o ...

  • hibernate call stored procedure

    hibernate call stored procedure

  • hibernate using c3p0 connection pooling

    Private http://www.lifevv.com/tenyo/doc/20070605102040991.html c3p0 for open source's JDBC connection pool, with the release hibernate. This article describes how to use the hibernate configuration in c3p0. c3p0 connection pool configuration is v ...

  • Hibernate configuration parameters hibernate.hbm2ddl.auto

    Hibernate in the configuration file: <properties> <property name="hibernate.hbm2ddl.auto" value="create" /> </ properties> Parameter Description: validate load hibernate, the authentication to create a database t ...

  • Build flex + spring + blazeds + hibernate application

    Build flex + spring + blazeds + hibernate application First, set up the project blazeds 1, will blazeds.war extract to a directory, such as: myflex /; 2, set up java works were such as: MyFlex, in the orientation of selection create project from exis ...

  • Hibernate connection pool configuration

    Hibernate connection pool configuration <! - Jdbc -> <property name="connection.driver_class"> oracle.jdbc.driver.OracleDriver </ property> <property name="connection.url"> jdbc: oracle: thin: @ 10.203.14.132:15

  • hibernate generic generic DAO

    package org.lzpeng.dao; import java.io.Serializable; import java.util.List; import org.hibernate.Criteria; import org.hibernate.Query; import org.hibernate.criterion.Criterion; import org.springside.modules.orm.hibernate.Page; /** * * @version 2009-1-10 *

  • Struts2 + hibernate + spring problem user log in

    dao layer services layer action jsp <tr> <td align="center"> <b> user name: </ b> </ td> <td> <s: textfield name = "czyNumber" cssClass = "textstyle" theme = "simple" size = &q

  • Hibernate secondary cache

    Hibernate cache: 2-bit cache, also known as process-level cache or SessionFactory level cache, secondary cache can be shared by all of the session Cache configuration and the use of: Will echcache.xml (the document code in hibernate package directory ...

  • Hibernate's lazy strategy

    hibernate Lazy strategy can be used in: <class> tag, it can be true / false Tags can <PROPERTY> values true / false type of necessary tools to enhance <set> <list> can tag values true / false / extra <many-to-one> <on ...

blog comments powered by Disqus
Recent
Recent Entries
Tag Cloud
Random Entries